Methods and apparatus to configure virtual private mobile networks for security

US 10,069,799 B2
Filed: 06/27/2016
Issued: 09/04/2018
Est. Priority Date: 06/21/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

provisioning first and second virtual private mobile networks within a wireless network, the first virtual private mobile network to process communications associated with a first type of security event and the second virtual private mobile network to process communications associated with a second type of security event;

after provisioning the first and second virtual private mobile networks, determining whether a first communication from user equipment corresponds to the first type of security event or the second type of security even;

transmitting, via a first base transceiver station, an instruction to cause the user equipment to communicatively couple to the first virtual private mobile network when the first communication corresponds to the first type of security event, or to communicatively couple to the second virtual private mobile network when the first communication corresponds to the second type of security event;

instructing the user equipment to transmit a second communication through a second base transceiver station that is physically separate from the first base transceiver station, and through the first virtual private mobile network when the first communication corresponds to the first type of security event; and

instructing the user equipment to transmit the second communication through the second base transceiver station, and through the second virtual private mobile network when the first communication corresponds to the second type of security event, the first and second virtual private mobile networks being isolated in a wireless spectrum from other portions of the wireless network, wherein the first type of security event and the second type of security event are different types of security events and at least one of the first type of security event and the second type of security event is at least one of a virus, a network worm, a denial of service attack, an unsupported feature on the user equipment, a vulnerability on the user equipment, and a malicious application on the user equipment.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus to configure virtual private mobile networks are disclosed. Example methods include provisioning a virtual private mobile network within a wireless network, and, after provisioning the virtual private mobile network, determining whether a first communication from a user equipment matches a security event profile. When the first communication matches the profile, the example methods include transmitting, from the wireless network via a first base transceiver station, an instruction to cause the user equipment to be communicatively coupled to the virtual private mobile network. The example methods further include instructing the user equipment to transmit a second communication through a second base transceiver station that is physically separate from the first base transceiver station and through the virtual private mobile network. In the example methods, the virtual private mobile network is isolated in a wireless spectrum from other portions of the network.

Citations

17 Claims

1. A method comprising:
- provisioning first and second virtual private mobile networks within a wireless network, the first virtual private mobile network to process communications associated with a first type of security event and the second virtual private mobile network to process communications associated with a second type of security event;
  
  after provisioning the first and second virtual private mobile networks, determining whether a first communication from user equipment corresponds to the first type of security event or the second type of security even;
  
  transmitting, via a first base transceiver station, an instruction to cause the user equipment to communicatively couple to the first virtual private mobile network when the first communication corresponds to the first type of security event, or to communicatively couple to the second virtual private mobile network when the first communication corresponds to the second type of security event;
  
  instructing the user equipment to transmit a second communication through a second base transceiver station that is physically separate from the first base transceiver station, and through the first virtual private mobile network when the first communication corresponds to the first type of security event; and
  
  instructing the user equipment to transmit the second communication through the second base transceiver station, and through the second virtual private mobile network when the first communication corresponds to the second type of security event, the first and second virtual private mobile networks being isolated in a wireless spectrum from other portions of the wireless network, wherein the first type of security event and the second type of security event are different types of security events and at least one of the first type of security event and the second type of security event is at least one of a virus, a network worm, a denial of service attack, an unsupported feature on the user equipment, a vulnerability on the user equipment, and a malicious application on the user equipment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the provisioning of the first and second virtual private mobile networks includes causing the first and second virtual private mobile networks to implement first and second security policies, respectively, based on first and second security event profiles.
  - 3. The method of claim 1, wherein the provisioning of the first and second virtual private mobile networks includes:
    - identifying available network elements within the wireless network; and
      
      configuring a portion of a control plane and a portion of a data plane of the available network elements for the first virtual private mobile network.
  - 4. The method of claim 3, wherein the network elements include at least one of a wireless base transceiver station, a serving gateway, a packet data network gateway, a mobility management entity, a home subscriber server, an eNodeB, a Serving General Packet Radio Service Support Node, and a Gateway General Packet Radio Service Support Node.
  - 5. The method of claim 1, wherein first network elements in the first virtual private mobile network attempt to identify a potential threat to the wireless network, the potential threat associated with the first type of security event.
  - 6. The method of claim 1, wherein the instructing of the user equipment to communicatively couple to the first virtual private mobile network includes using over the air programming to provision a subscriber identity module card associated with the user equipment with an access point name corresponding to the first virtual private mobile network.
  - 7. The method of claim 1, wherein the first virtual private mobile network deploys a first defense strategy to handle security threats posed by communications associated with the first type of security event, and the second virtual private mobile network deploys a second defense strategy to handle security threats posed by communications associated with the second type of security event, at least one of the first and second defense strategies including at least one of blocking a third communication, filtering the third communication, and monitoring the third communication.
  - 8. The method of claim 1, wherein the user equipment is first user equipment, a first security event profile is associated with a first potential threat to the wireless mobile network caused by the first type of security event, and further including:
    - communicating the first security event profile associated with the first potential threat to other virtual private mobile networks associated with the wireless network;
      
      determining that a third communication matches the first security event profile in at least one of the other virtual private mobile networks; and
      
      provisioning second user equipment associated with the third communication to communicatively couple to the first virtual private mobile network.

9. An apparatus comprising:
- a processor; and
  
  memory including machine readable instructions that, when executed by the processor, cause the processor to perform operations including;
  
  provisioning first and second virtual private mobile networks within a wireless network, the first virtual private mobile network to process communications associated with a first type of security event and the second virtual private mobile network to process communications associated with a second type of security event, the first type of security event and the second type of security event being different types of security events, and at least one of the first type of security event and the second type of security event is at least one of a virus, a network worm, a denial of service attack, an unsupported feature on the user equipment, a vulnerability on the user equipment, and a malicious application on the user equipment;
  
  after provisioning the first and second virtual private mobile networks, determining whether a first communication from user equipment corresponds to the first type of security event or the second type of security event,transmitting, via a first base transceiver station, an instruction to cause the user equipment to communicatively couple to the first virtual private mobile network when the first communication corresponds to the first type of security event, or to communicatively couple to the second virtual private mobile network when the first communication corresponds to the second type of security event;
  
  instructing the user equipment to transmit a second communication through a second base transceiver station that is physically separate from the first base transceiver station, and through the first virtual private mobile network when the first communication corresponds to the first type of security event; and
  
  instructing the user equipment to transmit the second communication through the second base transceiver station, and through the second virtual private mobile network when the first communication corresponds to the second type of security event, the first and second virtual private mobile networks being isolated in a wireless spectrum from other portions of the wireless network.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The apparatus of claim 9, wherein the instructions are to cause the processor to provision the first virtual private mobile network by installing a first security protocol within the first virtual private mobile network, and to provision the second virtual private mobile network by installing a second security protocol within the second virtual private mobile network.
  - 11. The apparatus of claim 9, wherein the instructions are to cause the processor to communicatively couple the user equipment to the one of the first and second virtual private mobile networks by using over the air programming to provision a subscriber identity module card associated with the user equipment with an access point name corresponding to the one of the first and second virtual private mobile networks.
  - 12. The apparatus of claim 9, wherein the first communication is determined to be associated with the first type of security event, the first type of security event is associated with a first potential threat, and the first virtual private mobile network includes security algorithms to deploy a defense strategy, the defense strategy including at least one of blocking, filtering and monitoring communications transmitted via the first virtual private mobile network.
  - 13. The apparatus of claim 12, wherein the instructions are further to cause the processor to communicatively couple the user equipment to the wireless network after the potential threat is resolved.

14. A tangible computer readable medium including computer readable instructions that, when executed, cause a machine to perform operations comprising:
- provisioning first and second virtual private mobile networks for security within a wireless network, the first virtual private mobile network to process communications associated with a first type of security event and the second virtual private mobile network to process communications associated with a second type of security event, the first type of security event and the second type of security event being different types of security events, and at least one of the first type of security event and the second type of security event is at least one of a virus, a network worm, a denial of service attack, an unsupported feature on the user equipment, a vulnerability on the user equipment, and a malicious application on the user equipment;
  
  after the first and second virtual private mobile networks are provisioned, determining whether a first communication from user equipment corresponds to the first type of security event or the second type of security event;
  
  transmitting, via a first base transceiver station, an instruction to cause the user equipment to communicatively couple to the first virtual private mobile network when the first communication corresponds to the first type of security event, or to communicatively couple to the second virtual private mobile network when the first communication corresponds to the second type of security event;
  
  instructing the user equipment to transmit a second communication through a second base transceiver station that is physically separate from the first base transceiver station, and through the first virtual private mobile network when the first communication corresponds to the first type of security event; and
  
  instructing the user equipment to transmit the second communication through the second base transceiver station, and through the second virtual private mobile network when the first communication corresponds to the second type of security event, the first and second virtual private mobile networks being isolated in a wireless spectrum from other portions of the wireless network.
- View Dependent Claims (15, 16, 17)
- - 15. The tangible computer readable medium of claim 14, wherein the first communication is determined to correspond to the first type of security event, the first type of security event is associated with a security event profile is associated with a potential threat, and the instructions further cause the machine to perform operations including:
    - communicating the security event profile associated with the potential threat to other virtual private mobile networks associated with the wireless network;
      
      determining a third communication matches the security event profile in the other virtual private mobile networks; and
      
      communicatively coupling second user equipment associated with the third communication to the first virtual private mobile network.
  - 16. The tangible computer readable medium of claim 14, wherein the first communication is determined to correspond to the first type of security event, the first type of security event associated with a potential threat, and the instructions further cause the machine to perform operations including analyzing the first communication using security tools implemented within the first virtual private mobile network to determine a defense strategy, the defense strategy including at least one of blocking the first communication, filtering the first communication, and monitoring the first communication.
  - 17. The tangible computer readable medium of claim 14, wherein to provision the first and second virtual private mobile networks, the instructions cause the machine to perform operations including:
    - identifying available network elements within the wireless network; and
      
      configuring a portion of a control plane and a portion of a data plane of the available network elements for the first virtual private mobile network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Baliga, Arati, Chen, Xu, Coskun, Baris, de los Reyes, Gustavo, Lee, Seungjoon, Mathur, Suhas, Van der Merwe, Jacobus, Xu, Gang
Primary Examiner(s)
Khoshnoodi, Nadia

Application Number

US15/194,037
Publication Number

US 20160308837A1
Time in Patent Office

799 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

H04L 63/1458   Denial of Service

H04W 12/086   using security domains

Methods and apparatus to configure virtual private mobile networks for security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus to configure virtual private mobile networks for security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links