Abstract: Systems and methods of configuring, managing and ensuring security compliance of Virtual Network Slices that transit through physical networks, virtual networks (SDN), cloud networks, radio access networks, service provider networks, and enterprise networks are identified. The methods include user side security validation methods while attempting to use a network slice for a specific service, and security validation of physical or virtual networks and the associated transit network elements. The methods disclose enriching the Security Certificates with policy parameters and the associated procedures that transit elements are required to assure for security compliance. Additionally, methods for incorporating a mobile native security platform in Wireless Mobile Network (4G/5G) that supports generating X.509 Certificates enhanced with policy requirements, validating allowed/disallowed list of transit network vendor devices, virtual network appliances are identified.

Abstract: Systems and methods of configuring, managing and ensuring security compliance of Virtual Network Slices that transit through physical networks, virtual networks (SDN), cloud networks, radio access networks, service provider networks, and enterprise networks are identified. The methods include user side security validation methods while attempting to use a network slice for a specific service, and security validation of physical or virtual networks and the associated transit network elements. The methods disclose enriching the Security Certificates with policy parameters and the associated procedures that transit elements are required to assure for security compliance. Additionally, methods for incorporating a mobile native security platform in Wireless Mobile Network (4G/5G) that supports generating X.509 Certificates enhanced with policy requirements, validating allowed/disallowed list of transit network vendor devices, virtual network appliances are identified.

Abstract: Methods of configuring path-aware point to point secure network private lines over multi-domain, multi-operator virtual and physical networks through network elements that are compliant with PKI Digital Certificates (eDC) with metadata enhancements are disclosed. Secure Network Slices (SNS) may then be constructed by interconnecting SVPLs through a network aggregation device such as switch/bridge/router which allows different network policies on different segments of the network. A Digital Trust Broker is disclosed that bridges between multiple Authentication/Authorization frameworks of an enterprise and the security frameworks of multiple operators and service providers that provide Secure Virtual Private lines and Secure Network Slices. Additionally, the methods that identify that any traffic exchange with internet or between differing levels of SNS or SVPLs go through enhanced security bridge that enforces policies of high security enterprise are also disclosed.

Abstract: Systems and methods of configuring, managing and ensuring security compliance of Virtual Network Slices that transit through physical networks, virtual networks (SDN), cloud networks, radio access networks, service provider networks, and enterprise networks are identified. The methods include user side security validation methods while attempting to use a network slice for a specific service, and security validation of physical or virtual networks and the associated transit network elements. The methods disclose enriching the Security Certificates with policy parameters and the associated procedures that transit elements are required to assure for security compliance. Additionally, methods for incorporating a mobile native security platform in Wireless Mobile Network (4G/5G) that supports generating X.509 Certificates enhanced with policy requirements, validating allowed/disallowed list of transit network vendor devices, virtual network appliances are identified.

Abstract: A public key infrastructure comprising a participant that issues digital certificates. Each digital certificate can be relied upon in at least two different trust domains. The public key infrastructure does not employ policy mapping between or among the trust domains. Furthermore, the public key infrastructure does not link any pair of trust domains via cross-certificates. Just one trust domain is bound to the digital certificate at any given moment. The current trust domain that is to be bound to the digital certificate is elected by a relying party at the time of reliance, based upon a specific certificate validation methodology selected by the relying party.

Abstract: A public key infrastructure comprising a participant that issues digital certificates. Each digital certificate can be relied upon in at least two different trust domains. The public key infrastructure does not employ policy mapping between or among the trust domains. Furthermore, the public key infrastructure does not link any pair of trust domains via cross-certificates. Just one trust domain is bound to the digital certificate at any given moment. The current trust domain that is to be bound to the digital certificate is elected by a relying party at the time of reliance, based upon a specific certificate validation methodology selected by the relying party.