Carrier network security interface for fielded devices

摘要

The disclosed subject matter provides carrier-side security services for fielded devices. In contrast to conventional authentication systems for fielded devices, wherein an end-to-end communications pathway is typically established for authentication of a fielded device by a back-end service provider, authentication and security services can be moved into the carrier network. A security service monitor component can be at the carrier network and can authenticate field components without establishing a communications pathway to the back-end service provider. Further, security service monitor component can provide security services for communications with an authenticated field component. In an aspect, this can allow for centralization of security elements from the periphery of back-end service providers into the carrier network. In a further aspect, security service monitor component can host a security services platform for back-end service providers.

主权项

1. A network device, comprising:
a processor; and a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising:
receiving service information that facilitates communication between a field device and a service device via a communication link at a second security level associated with a second security service, wherein the service device is not associated with a network operator identity associated with the network device;receiving field device information associated with the field device for use in connection with operating the communication link using the network device;determining identification information associated with the field device from the field device information;selecting a first security service based on the identification information to facilitate communication with the field device via the communication link at a first security level associated with the first security service;in response to selecting the first security service associated with permissive use of the network device for the communication link with the field device, receiving security information related to the field device accessing the second security service via the network device based on the service information without authentication of the field device via the service device;adapting the communication link to convey data at the second security level after the communication link is determined to be successfully established at the first security level, wherein the adapting comprises encrypting the data to be unreadable by network devices associated with the network operator identity; andconveying the data at the second security level between the field device and the service device, as endpoint devices of the communication link, via the network device for decryption at one of the endpoint devices.