Search

US-12619709-B2 - Blockchain-based method and system for securing a network of virtual wireless base stations

US12619709B2US 12619709 B2US12619709 B2US 12619709B2US-12619709-B2

Abstract

Disclosed is a system for securing a wireless telecommunications network that is capable of distributing licensed capacity (in the form of connection licenses) to respond to localized fluctuations in demand. The system includes a master license server and a plurality of local license servers. The local license servers are coupled to a plurality of virtual wireless base stations over a bus. Each of the local license servers has a blockchain implementation that secures the virtual wireless base stations. For example, the blockchain implementation logs each transaction in which connection licenses change ownership among the virtual wireless base stations.

Inventors

  • Jeffrey Courington
  • Francesco Foresta
  • Vishal Agrawal

Assignees

  • John Mezzalingua Associates, LLC

Dates

Publication Date
20260505
Application Date
20200828

Claims (20)

  1. 1 . A system for protecting a network of virtual wireless base stations, comprising: a plurality of license servers, each of the license servers having a blockchain implementation; and a plurality of virtual wireless base stations, wherein each of the plurality of license servers receives, respectively, an allocation of at least one connection license from amongst a plurality of connection licenses; wherein each of the plurality of license servers is in communication with each of the plurality of virtual wireless base stations, wherein the blockchain implementation of the license servers secures the network of virtual wireless base stations by maintaining connection license allocation information distributed across the blockchain implementation of the plurality of license servers, wherein each of the plurality of license servers allocates a connection license to a designated virtual wireless base station among the plurality of virtual wireless base stations in accordance with the blockchain implementation of the plurality of license servers, and wherein a given one of the allocated connection licenses is assigned to a wireless device connecting to the designated virtual wireless base station.
  2. 2 . The system of claim 1 , wherein the plurality of license servers are local license servers, the system further comprising: a master license server; and a plurality of agent modules, wherein each of the plurality of agent modules is associated with a corresponding one of the plurality of local license servers, wherein the master license server is in communication with each of the plurality of local license servers, and wherein the plurality of local license servers allocate connection licenses to the plurality of agent modules associated with the plurality of virtual wireless base stations in accordance with the blockchain implementation.
  3. 3 . The system of claim 2 , wherein the master license server is configured to: obtain a plurality of connection licenses; allocate the plurality of connection licenses to the plurality of local license servers; and transmit the allocated plurality of connection licenses to each of the plurality of local license servers.
  4. 4 . The system of claim 3 , wherein the master license server is configured to allocate the plurality of connection licenses by generating a master license allocation table.
  5. 5 . The system of claim 4 , wherein the master license server is configured to transmit the master license allocation table to each of the plurality of local license servers.
  6. 6 . The system of claim 5 , wherein each of the plurality of local license servers is configured to receive the master license allocation table and assign it as a genesis block of its corresponding blockchain implementation.
  7. 7 . The system of claim 6 , wherein at least one of the local license servers is configured to distribute an allocated portion of the plurality of connection licenses to a corresponding set of the plurality of agent modules.
  8. 8 . The system of claim 7 , wherein each agent module of the corresponding set of the plurality of agent modules is configured to broadcast transaction information corresponding to the allocated portion of the plurality of connection licenses.
  9. 9 . The system of claim 8 , wherein each of the plurality of local license servers is configured to append its blockchain implementation with the transaction information.
  10. 10 . The system of claim 9 , wherein each of the plurality of local license servers is configured to append its blockchain implementation, wherein each new block in its blockchain implementation corresponds to an ownership transfer of a single connection license.
  11. 11 . The system of claim 9 , wherein each of the plurality of local license servers is configured to append its blockchain implementation, wherein each new block in its blockchain implementation corresponds to an ownership transfer of the connection licenses of a given agent module's allocated portion of the plurality of connection licenses.
  12. 12 . The system of claim 9 , wherein each of the plurality of local license servers is configured to append its blockchain implementation with an updated copy of the master license allocation table, wherein the updated copy of the master license allocation table comprises updated information corresponding to a transfer of ownership of each of the connection licenses.
  13. 13 . The system of claim 7 , wherein each of the plurality of agent modules is configured to assign each of a subset of the allocation portion of the plurality of connection licenses to an active UE (User Equipment) connection.
  14. 14 . The system of claim 7 , wherein the allocation portion of the plurality of connection licenses comprises a feature license corresponding to a licensed virtual wireless base station feature.
  15. 15 . The system of claim 14 , wherein the feature license corresponds to a MIMO (Multiple-Input and Multiple-Output) capability.
  16. 16 . The system of claim 1 , wherein the license allocation information includes information representing a corresponding connection between a wireless device and virtual wireless base station.
  17. 17 . A method for initializing a secure wireless telecommunications network, comprising: instantiating a plurality of local license servers; exchanging a first PM (Public Key Infrastructure) data between each of the plurality of local license servers and a master license server; registering each of the plurality of local license servers by exchanging a second PKI data between each of the plurality of local license servers; instantiating a plurality of virtual wireless base stations; registering each of the virtual wireless base stations by exchanging a third PKI data between each of the plurality of virtual wireless base stations and storing an IP address corresponding to each of the virtual wireless base stations; obtaining a plurality of connection licenses at the master license server; allocating the plurality of connection licenses amongst the plurality of local license servers, wherein each of the local license servers has a blockchain implementation; transmitting information relating to the plurality of allocated connection licenses, from the master license server, to each of the plurality of local license servers; and distributing the plurality of allocated connection licenses to the plurality of virtual wireless base stations, wherein the distributing includes generating a plurality of transactions in accordance with the blockchain implementation of the plurality of local license servers, wherein the blockchain implementation of each of the local license servers secures the plurality of virtual wireless base stations by appending an indication of each of the plurality of transactions to each blockchain implementation, and wherein at least one of the allocated connection licenses distributed to a designated one of the plurality of virtual wireless base stations is assigned to a wireless device connecting to the designated virtual wireless base station.
  18. 18 . The method of claim 17 , wherein registering each of the plurality of local license servers comprises: exchanging the second PKI data between each of the plurality of local license servers and a master bus.
  19. 19 . The method of claim 18 , wherein registering each of the virtual wireless base stations comprises: exchanging the third PKI data between each of the plurality of virtual wireless base stations and the master bus.
  20. 20 . The method of claim 17 , wherein instantiating the plurality of virtual wireless base stations comprises instantiating a plurality of agent modules, each of the plurality of agent modules corresponding to one of the plurality of virtual wireless base stations.

Description

RELATED APPLICATION This application is the National Stage filing under 35 U.S.C. 371 of International Application No. PCT/US2020/048575 filed on Aug. 28, 2020, which claims the benefit of U.S. Provisional Application No. 62/893,410 filed on Aug. 29, 2019, the contents of which are all hereby incorporated by reference herein in their entirety. BACKGROUND OF THE DISCLOSURE Field of the Disclosure The present disclosure relates to wireless communications, and more particularly, to a method and system for securing networks of virtual wireless base stations. Related Art The advent of pure software virtual wireless base stations holds the promise of vast flexibility and efficiencies, given that the virtual wireless base stations can be hosted on general-purpose server hardware, and that individual virtual wireless base stations can be instantiated and de-instantiated as network traffic demand increases and decreases. However, networks of virtual wireless base stations may incur certain vulnerabilities. Potential vulnerabilities include the following: first, an intruder may instantiate a rogue wireless base station into the network and begin to demand resources, leading to a denial of service attack; second, an intruder may take control of an existing trusted wireless base station and attempt to alter parameters within it with the intent of harming the network; and third, an intruder may instantiate a copy of an existing trusted wireless base station, including its public/private key, and use this to harm the network. A denial of service attack may be an expected form of attempted harm, in which a fake, compromised, or copied wireless base station may attempt to obtain resources, such as authorization for connections, thereby draining the resources of the other (proper) wireless base stations in the network. Accordingly, what is needed is a system and method for preventing these and other potential forms of threats to a network of virtual wireless base stations. SUMMARY OF THE DISCLOSURE According to an aspect of the present disclosure, there is provided a system for protecting a network of virtual wireless base stations, comprising: a plurality of license servers, each of the license servers having a blockchain implementation; and a plurality of virtual wireless base stations, wherein each of the plurality of license servers is in communication with each of the plurality of virtual wireless basestations, and wherein the blockchain implementation of the license servers secures the network of virtual wireless base stations. According to another aspect of the present disclosure, there is provided a method for initializing a secure wireless telecommunications network, comprising: instantiating a plurality of local license servers; exchanging a first PKI (Public Key Infrastructure) data between each of the plurality of local license servers and a master license server; registering each of the plurality of local license servers by exchanging a second PKI data between each of the plurality of local license servers; instantiating a plurality of virtual wireless base stations; registering each of the virtual wireless base stations by exchanging a third PKI data between each of the plurality of virtual wireless base stations and storing an IP address corresponding to each of the virtual wireless base stations; obtaining a plurality of connection licenses at the master license server; allocating the plurality of connection licenses amongst the plurality of local license servers, wherein each of the local license servers has a blockchain implementation; transmitting information relating to the plurality of allocated connection licenses to each of the plurality of local license servers; distributing the plurality of allocated connection licenses to the plurality of virtual wireless base stations, wherein the distributing includes generating a plurality of transactions; and appending an indication of each of the plurality of transactions to each blockchain implementation. According to another aspect of the present disclosure, there is provided a method for securely distributing excess capacity within a wireless communications network, comprising: identifying an excess of capacity within a first virtual wireless base station; broadcasting a first message to a plurality of license servers indicating the excess of capacity, wherein each of the license servers has a blockchain implementation; verifying that the first virtual wireless base station has proper possession of the excess capacity; transmitting information relating to the excess capacity from the first virtual wireless base station; broadcasting a second message to the license servers indicating a change of ownership of the excess capacity; and appending the blockchain implementation corresponding to each of the plurality of license servers with a first new block indicating the change of ownership of the excess capacity. According to another aspect of the present disclo