Method and devices for protection of control plane functionality
First Claim
1. A method for protection of control plane functionality of a network node of a communications network providing wireless communication to a mobile terminal, the network node being configured to support control plane signaling with the mobile terminal, the method comprising:
- maintaining a communication context for the mobile terminal, the communication context being associated with a control plane signaling message exchange between the mobile terminal and the network node,establishing, for a received control plane signaling message, a communication context which is associated with the mobile terminal,decrypting and integrity-checking the received control plane signaling message,responsive to the decrypting and integrity-checking the received control signaling message, determining the decrypted and integrity-checked control plane signaling message one of conforms to a protection rule or violates the protection rule of a protection policy based on information in the established communication context,in response to determining the decrypted and integrity-checked control plane signaling message conforms to the protection rule, accepting and/or forwarding the message in the communication network, andin response to determining the decrypted and integrity-checked control plane signaling message violates the protection rule, modifying content of the received control plane signaling message according to a specified rule of the protection policy to maintain a correct state of the control plane signaling message exchange between the mobile terminal and the network node.
1 Assignment
0 Petitions
Accused Products
Abstract
This disclosure relates to methods and apparatuses for protection of control plane functionality of a network node of a communications network providing wireless communication to a mobile terminal. The network node is configured to support control plane signaling with the mobile terminal. A communication context for the mobile terminal is maintained, wherein the communication context is associated with a control signaling message exchange between the mobile terminal and the network node. One method includes establishing, for a received message, a communication context to which it belongs; determining, in relation to information in the established communication context, the received message to be a message conforming to a protection rule or a message violating a protection rule; and handling the message in accordance with rules of a protection policy. Related network nodes, computer programs, and computer program products are disclosed.
-
Citations
20 Claims
-
1. A method for protection of control plane functionality of a network node of a communications network providing wireless communication to a mobile terminal, the network node being configured to support control plane signaling with the mobile terminal, the method comprising:
-
maintaining a communication context for the mobile terminal, the communication context being associated with a control plane signaling message exchange between the mobile terminal and the network node, establishing, for a received control plane signaling message, a communication context which is associated with the mobile terminal, decrypting and integrity-checking the received control plane signaling message, responsive to the decrypting and integrity-checking the received control signaling message, determining the decrypted and integrity-checked control plane signaling message one of conforms to a protection rule or violates the protection rule of a protection policy based on information in the established communication context, in response to determining the decrypted and integrity-checked control plane signaling message conforms to the protection rule, accepting and/or forwarding the message in the communication network, and in response to determining the decrypted and integrity-checked control plane signaling message violates the protection rule, modifying content of the received control plane signaling message according to a specified rule of the protection policy to maintain a correct state of the control plane signaling message exchange between the mobile terminal and the network node. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
2. A first network node of a communications network providing wireless communication to a mobile terminal, the communications network comprising a second network node configured to support control plane signaling with the mobile terminal, the first network node comprising a processor and memory, the memory containing instructions executable by the processor, whereby the first network node is configured to:
-
maintain a communication context for the mobile terminal, the communication context being associated with a control plane signaling message exchange between the mobile terminal and the network node, establish, for a received control plane signaling message, a communication context which is associated with the mobile terminal, decrypt and integrity-check the received control plane signaling message, determine the decrypted and integrity-checked control plane signaling message one of conforms to a protection rule or violates the protection rule of a protection policy based on information in the established communication context in response to the decryption and the integrity-check of the received control signaling message, accept and/or forward the message in the communication network in response to the determination that the decrypted and integrity-checked control plane signaling message conforms to the protection rule, and modify content of the received control plane signaling message according to a specified rule of the protection policy to maintain a correct state of the control plane signaling message exchange between the mobile terminal and the network node in response to the determination that the decrypted and integrity-checked control plane signaling message violates the protection rule. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14, 15)
-
-
11. A computer program product for a first network node for protection of control plane functionality of a second network node of a communications network providing wireless communication to a mobile terminal, the second network node being configured to support control plane signaling with the mobile terminal, the computer program product comprising a non-transitory computer readable storage medium storing computer program code, which, when run on the first network node causes the first network node to:
-
maintain a communication context for the mobile terminal, the first communication context being associated with a control plane signaling message exchange between the mobile terminal and the network node, establish, for a received control plane signaling message, a communication context which is associated with the mobile terminal, decrypt and integrity-check the received control plane signaling message, determine the decrypted and integrity-checked control plane signaling message one of conforms to a protection rule or violates the protection rule of a protection policy based on information in the established communication context in response to the decryption and the integrity-check of the received control signaling message, accept and/or forward the message in the communication network in response to the determination that the decrypted and integrity-checked control plane signaling message conforms to the protection rule, and modify content of the received control plane signaling message according to a specified rule of the protection policy to maintain a correct state of the control plane signaling message exchange between the mobile terminal and the network node in response to the determination that the decrypted and integrity-checked control plane signaling message violates the protection rule.
-
Specification