Service Orchestration Method and Apparatus in Software-Defined Networking, and Storage Medium
US-2017244611-A1 · Aug 24, 2017 · US
Software defined network (SDN) application integrity
US9967257B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9967257-B2 |
| Application number | US-201615071484-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 16, 2016 |
| Priority date | Mar 16, 2016 |
| Publication date | May 8, 2018 |
| Grant date | May 8, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A Software-Defined Network (SDN) authorizes Application Programming Interface (API) calls from user SDN applications to user SDN controllers. A user SDN application transfers an embedded code to an authorization SDN controller. The authorization SDN controller translates the embedded code into an SDN controller network address and an SDN application privilege data set. The authorization SDN controller transfers the SDN controller network address to the user SDN application. The authorization SDN controller transfers the SDN application privilege data set to the user SDN controller. The user SDN application transfers an SDN API call to the user SDN controller using the SDN controller network address. The user SDN controller determines if the SDN API call is authorized by the SDN application privilege data set. The user SDN controller services the API call if the SDN API call is authorized and inhibits an unauthorized API call.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of operating a Software-Defined Network (SDN) to authorize an SDN Application Programming Interface (API) call from a user SDN application to a user SDN controller, the method comprising: one or more microprocessors executing the user SDN application, the user SDN controller, and the authorization SDN controller; the user SDN application transferring an embedded code to an authorization SDN controller over an SDN northbound interface; the authorization SDN controller translating the embedded code into an SDN controller network address and an SDN application privilege data set; the authorization SDN controller transferring the SDN controller network address to the user SDN application over the SDN northbound interface and transferring the SDN application privilege data set to the user SDN controller; the user SDN application transferring the SDN API call to the user SDN controller using the SDN controller network address over the SDN northbound interface; and the user SDN controller receiving the SDN API call, determining if the SDN API call is authorized by the SDN application privilege data set, servicing the API call if the SDN API call is authorized, and inhibiting the API call if the SDN API call is not authorized. 2. The method of claim 1 wherein the authorization SDN controller translating the embedded code into the SDN controller network address comprises an SDN Domain Name Service (DNS) server translating an SDN controller name into the SDN controller network address. 3. The method of claim 1 wherein: the user SDN application transferring the embedded code comprises the user SDN application transferring an encrypted version of the embedded code to the authorization SDN controller over the SDN northbound interface; and the authorization SDN controller translating the embedded code into the SDN application privilege data set comprises decrypting the encrypted version of the embedded code into the embedded code and entering an authorization data structure with the embedded code to yield the SDN application privilege data set. 4. The method of claim 1 wherein the user SDN controller determining if the SDN API call is authorized by the SDN application privilege data set comprises determining if the user SDN application has API access to the user SDN controller. 5. The method of claim 1 wherein the user SDN controller determining if the SDN API call is authorized by the SDN application privilege data set comprises determining if the user SDN application has a write privilege to a user SDN data machine. 6. The method of claim 1 wherein the user SDN controller determining if the SDN API call is authorized by the SDN application privilege data set comprises isolating the user SDN application from another SDN controller. 7. The method of claim 1 wherein the user SDN controller determining if the SDN API call is authorized by the SDN application privilege data set comprises isolating the user SDN application from a user SDN data machine. 8. The method of claim 1 wherein: the user SDN controller and the user SDN application are executed in a Network Function Virtualization Infrastructure (NFVI); and the authorization SDN controller is executed by a Network Function Virtualization Management and Orchestration (NFV MANO) system. 9. The method of claim 1 wherein the user SDN application comprises a Network Function Virtualization Virtual Network Function (NFV VNF). 10. The method of claim 1 wherein the user SDN controller comprises a Network Function Virtualization Virtual Network Function (NFV VNF). 11. A Software-Defined Network (SDN) to authorize an SDN Application Programming Interface (API) call from a user SDN application to a user SDN controller, the SDN comprising: the user SDN application configured to transfer an embedded code to an authorization SDN controller over an SDN northbound interface; the authorization SDN controller configured to translate the embedded code into an SDN controller network address and an SDN application privilege data set, transfer the SDN controller network address to the user SDN application over the SDN northbound interface, and transfer the SDN application privilege data set to the user SDN controller; the user SDN application configured to transfer the SDN API call to the user SDN controller using the SDN controller network address over the SDN northbound interface; the user SDN controller configured to receive the SDN API call, determine if the SDN API call is authorized by the SDN application privilege data set, service the API call if the SDN API call is authorized, and inhibit the API call if the SDN API call is not authorized; and one or more microprocessors configured to execute the user SDN application, the user SDN controller, and the authorization SDN controller. 12. The SDN of claim 11 wherein the authorization SDN controller is configured to translate the embedded code into the SDN controller network address with an SDN Domain Name Service (DNS) server. 13. The SDN of claim 11 wherein: the user SDN application is configured to transfer an encrypted version of the embedded code to the authorization SDN controller over the SDN northbound interface; and the authorization SDN controller is configured to decrypt the encrypted version of the embedded code into the embedded code and enter an authorization data structure with the embedded code to yield the SDN application privilege data set. 14. The SDN of claim 11 wherein the user SDN controller is configured to determine if the user SDN application has API access to the user SDN controller. 15. The SDN of claim 11 wherein the user SDN controller is configured to determine if the user SDN application has a write privilege to a user SDN data machine. 16. The SDN method of claim 11 wherein the user SDN controller is configured to isolate the user SDN application from another SDN controller. 17. The SDN of claim 11 wherein the user SDN controller is configured to isolate the user SDN application from a user SDN data machine. 18. The SDN of claim 11 wherein: the computer system comprises a Network Function Virtualization Infrastructure (NFVI); the authorization SDN controller is executed by a Network Function Virtualization Management and Orchestration (NFV MANO) system. 19. The SDN of claim 11 wherein the user SDN application comprises a Network Function Virtualization Virtual Network Function (NFV VNF). 20. The SDN of claim 11 wherein the user SDN controller comprises a Network Function Virtualization Virtual Network Function (NFV VNF).
Assignees
Inventors
Classifications
Access control lists [ACL] · CPC title
Filtering by address, protocol, port number or service, e.g. IP-address or URL · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
- H04L63/10Primary
for controlling access to devices or network resources · CPC title
using virtualisation of network functions or resources, e.g. SDN or NFV entities · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9967257B2 cover?
- A Software-Defined Network (SDN) authorizes Application Programming Interface (API) calls from user SDN applications to user SDN controllers. A user SDN application transfers an embedded code to an authorization SDN controller. The authorization SDN controller translates the embedded code into an SDN controller network address and an SDN application privilege data set. The authorization SDN con…
- Who is the assignee on this patent?
- Sprint Communications Co Lp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/10. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 08 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 9 related publications on this page (citations in our corpus or others sharing the same primary CPC).