US 12,169,567 B2
Data communication service in a trusted execution environment (TEE) at the network edge
Lyle Walter Paczkowski, Mission Hills, KS (US); and Ronald R. Marquardt, Woodinville, WA (US)
Assigned to T-MOBILE INNOVATIONS LLC, Overland Park, KS (US)
Filed by T-MOBILE INNOVATIONS LLC, Overland Park, KS (US)
Filed on Jun. 9, 2022, as Appl. No. 17/836,690.
Application 17/836,690 is a continuation of application No. 16/672,049, filed on Nov. 1, 2019, granted, now 11,416,620.
Prior Publication US 2022/0300614 A1, Sep. 22, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/57 (2013.01); H04L 9/06 (2006.01); H04L 9/32 (2006.01); H04L 9/00 (2022.01)
CPC G06F 21/575 (2013.01) [H04L 9/0643 (2013.01); H04L 9/3236 (2013.01); H04L 9/3268 (2013.01); G06F 2221/034 (2013.01); H04L 9/50 (2022.05)] 20 Claims
OG exemplary drawing
 
1. A method of operating a data communication network to exchange user data across a provider edge and a customer edge based on hardware-trust, the method comprising:
provider edge circuitry hashing a provider edge hardware-trust code and transferring the provider edge hardware-trust code hash to a hardware-trust controller;
the hardware-trust controller receiving the provider edge hardware-trust code hash from the provider edge circuitry, verifying provider edge hardware-trust based on the provider edge hardware-trust code hash, and in response to the provider edge hardware-trust verification, transferring a trusted execution environment Identifier (ID), provider edge ID, provider edge hardware-trust certificate, and provider edge keys to the provider edge circuitry;
customer edge circuitry hashing a customer edge hardware-trust code and transferring the customer edge hardware-trust code hash to the hardware-trust controller;
the hardware-trust controller receiving the customer edge hardware-trust code hash from the customer edge circuitry, verifying customer edge hardware-trust based on the customer edge hardware-trust code hash, and in response to the customer edge hardware-trust verification, transferring the trusted execution environment ID, a customer edge ID, customer edge hardware-trust certificate, and customer edge keys to the customer edge circuitry;
the provider edge circuitry transferring the provider edge hardware-trust certificate to the customer edge circuitry, receiving the customer edge hardware-trust certificate from the customer edge circuitry, and verifying the customer edge hardware-trust based on the customer edge hardware-trust certificate and the provider edge keys;
the customer edge circuitry transferring the customer edge hardware-trust certificate to the provider edge circuitry, receiving the provider edge hardware-trust certificate from the provider edge circuitry, and verifying the provider edge hardware-trust based on the provider edge hardware-trust certificate and the customer edge keys;
in response to the customer edge hardware-trust verification, the provider edge circuitry encrypting and decrypting user data based on the provider edge keys and exchanging the trusted execution environment ID, the provider edge ID, and the encrypted user data with the customer edge circuitry; and
in response to the provider edge hardware-trust verification, the customer edge circuitry encrypting and decrypting the user data based on the customer edge keys and exchanging the trusted execution environment ID, the customer edge ID, and the encrypted user data with the provider edge circuitry.