System and method for securing communication and information of mobile devices through a controlled cellular communication network
First Claim
1. A system for providing security services, for securing the privacy of cellular network subscribers and the security of data stored on the said subscribers'"'"' User Cellular Devices (UCDs), said system comprising:
- at least one non-transitory computer readable storage device and one or more processors operatively coupled to the storage device on which are stored modules of instruction code which when executed by said one or more processors implements a Controlled Cellular Network (CCN), interfacing a cellular Public Land Mobile Network (PLMN), said PLMN hosting a plurality of cellular subscribers;
wherein said CCN provides said security services to “
serviced subscribers”
;
wherein said CCN encapsulates communication between UCD of said serviced subscribers and the hosting PLMN, said communication including at least part of;
control, signaling, SMS and data communications;
wherein said CCN is configured to monitor and analyze parameters and characteristics of said encapsulated communication in real time or in relation to historically acquired data, including at least one of;
time patterns, volumes, destination address, source address, content and context;
wherein said CCN is configured to identify statistic deviations exceeding predefined thresholds, based on said analysis of parameters and characteristics of said encapsulated communication;
wherein said CCN is configured to identify the occurrence of predefined suspicious events and scenarios, based on said analysis of said encapsulated communication;
wherein said CCN is configured to identify security threats to the privacy of said serviced subscribers and to the data stored on their UCD and determine said threats'"'"' category and probability, based on said analysis of encapsulated communication;
wherein the said CCN is configured to respond to said security threats in real time or in near-real time and take active measures to avert the said suspected threats;
wherein said active measures including at least one of;
blocking or diverting communication, alerting serviced subscribers and/or system administrators, responding to system queries with altered data, and logging of suspicious events and scenarios;
wherein application of said active measures depends on the category of identified security threat, the identified threat'"'"'s probability, and the serviced subscriber'"'"'s profile;
wherein said CCN comprises at least one of;
controlled module(s), configured to complement the functionality of respective elements of the hosting cellular PLMN;
a security center module, configured to perform at least one of instantiation, configuration, monitoring, analysis and management of the functionality of each of said controlled modules; and
an administrative module, configured to interface said security center module, and provide an administrator interface for at least one of;
instantiating controlled modules of one or more CCNs;
configuring said controlled modules of said one or more CCNs, to serve serviced subscribers of the hosting cellular PLMN;
presenting alerts regarding the functionality of the CCN and events within the hosting cellular PLMN;
extracting reports regarding the functionality of the CCN and events within the hosting cellular PLMN;
wherein the said security center module comprises at least one of the following modules;
a probe interface module, configured to probe each of the said controlled modules within the CCN, and accumulate data regarding transactions, events and scenarios occurring on the hosing PLMN and data regarding communication between elements of the CCN and the hosting PLMN;
a data analysis module, configured to perform at least one of;
obtaining the data accumulated by the said probe interface module;
analyzing parameters and characteristics of said encapsulated communication in real time or in near-real time, including at least one of;
time patterns, volumes, destination address, source address, content and context;
identifying statistic deviations exceeding predefined thresholds;
analyzing accumulated historical data, pertaining to parameters and characteristics of said encapsulated communication;
identifying the occurrence of predefined suspicious events and scenarios on the hosing PLMN based on said analysis;
identifying security threats to the privacy of serviced subscribers and data stored on their UCD based on said analysis;
emitting activity messages to other controlled modules of the CCN to avert the said identified security threats, and emitting alert messages to said administrative module and/or UCD to notify against said identified security threats;
maintaining an events'"'"' database;
a security action management module configured to perform at least one of;
receiving activity messages from the data analysis module;
obtaining parameters of served subscriber'"'"'s profile from a subscribers database;
interfacing and commanding controlled modules within the CCN to carry out security actions that are required to avert the said identified security threat, according to the category of identified threat, the identified threat'"'"'s probability, and the serviced subscriber'"'"'s profile; and
a threats management module, configured to manage and maintain a database of the security threats encountered during the activity of the CCN;
further comprising a UCD Lifeline Module (ULM) embedded within said serviced subscribers'"'"' UCD, on which are stored modules of instruction code, which when executed by the ULM, configure the UCD to initiate lifeline communication to the security action management module or respond to lifeline communication from the security action management module;
wherein;
the said security action management module is configured to initiate lifeline communication to the UCD or respond to lifeline communication from the UCD;
failure of reception of Lifeline communication on the security action management module side is reported to the data analysis module as real-time indication of an attempt to hijack the UCD from the hosting PLMN; and
failure of reception of Lifeline communication on the ULM invokes security actions on the UCD side, said actions including at least one of;
alerting the user regarding failure of lifeline reception and altering at least one of the UCD'"'"'s identity parameters.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention discloses a system and a method for securing the privacy of cellular network subscribers and the security of data stored on the said subscribers'"'"' User Cellular Devices (UCDs). The system comprises a Controlled Cellular Network (CCN), interfacing a cellular Public Land Mobile Network (PLMN), hosting a plurality of cellular subscribers. The said CCN system provides said security services to “serviced subscribers” of the hosting PLMN. The CCN encapsulates communication between UCDs of serviced subscribers and the hosting PLMN, including at least part of: control, signaling, SMS and data communications. The CCN is configured to identify security threats to the privacy of serviced subscribers and to the data stored on their UCDs, and determine said threats'"'"' category and probability, based on analysis of said encapsulated communication. CCN is configured to respond to said threats in real or near-real time, and take active measures to avert said suspected threats.
-
Citations
25 Claims
-
1. A system for providing security services, for securing the privacy of cellular network subscribers and the security of data stored on the said subscribers'"'"' User Cellular Devices (UCDs), said system comprising:
-
at least one non-transitory computer readable storage device and one or more processors operatively coupled to the storage device on which are stored modules of instruction code which when executed by said one or more processors implements a Controlled Cellular Network (CCN), interfacing a cellular Public Land Mobile Network (PLMN), said PLMN hosting a plurality of cellular subscribers; wherein said CCN provides said security services to “
serviced subscribers”
;wherein said CCN encapsulates communication between UCD of said serviced subscribers and the hosting PLMN, said communication including at least part of;
control, signaling, SMS and data communications;wherein said CCN is configured to monitor and analyze parameters and characteristics of said encapsulated communication in real time or in relation to historically acquired data, including at least one of;
time patterns, volumes, destination address, source address, content and context;wherein said CCN is configured to identify statistic deviations exceeding predefined thresholds, based on said analysis of parameters and characteristics of said encapsulated communication; wherein said CCN is configured to identify the occurrence of predefined suspicious events and scenarios, based on said analysis of said encapsulated communication; wherein said CCN is configured to identify security threats to the privacy of said serviced subscribers and to the data stored on their UCD and determine said threats'"'"' category and probability, based on said analysis of encapsulated communication; wherein the said CCN is configured to respond to said security threats in real time or in near-real time and take active measures to avert the said suspected threats; wherein said active measures including at least one of;
blocking or diverting communication, alerting serviced subscribers and/or system administrators, responding to system queries with altered data, and logging of suspicious events and scenarios;wherein application of said active measures depends on the category of identified security threat, the identified threat'"'"'s probability, and the serviced subscriber'"'"'s profile; wherein said CCN comprises at least one of; controlled module(s), configured to complement the functionality of respective elements of the hosting cellular PLMN; a security center module, configured to perform at least one of instantiation, configuration, monitoring, analysis and management of the functionality of each of said controlled modules; and an administrative module, configured to interface said security center module, and provide an administrator interface for at least one of; instantiating controlled modules of one or more CCNs; configuring said controlled modules of said one or more CCNs, to serve serviced subscribers of the hosting cellular PLMN; presenting alerts regarding the functionality of the CCN and events within the hosting cellular PLMN; extracting reports regarding the functionality of the CCN and events within the hosting cellular PLMN; wherein the said security center module comprises at least one of the following modules; a probe interface module, configured to probe each of the said controlled modules within the CCN, and accumulate data regarding transactions, events and scenarios occurring on the hosing PLMN and data regarding communication between elements of the CCN and the hosting PLMN; a data analysis module, configured to perform at least one of; obtaining the data accumulated by the said probe interface module; analyzing parameters and characteristics of said encapsulated communication in real time or in near-real time, including at least one of;
time patterns, volumes, destination address, source address, content and context;identifying statistic deviations exceeding predefined thresholds; analyzing accumulated historical data, pertaining to parameters and characteristics of said encapsulated communication; identifying the occurrence of predefined suspicious events and scenarios on the hosing PLMN based on said analysis; identifying security threats to the privacy of serviced subscribers and data stored on their UCD based on said analysis; emitting activity messages to other controlled modules of the CCN to avert the said identified security threats, and emitting alert messages to said administrative module and/or UCD to notify against said identified security threats; maintaining an events'"'"' database; a security action management module configured to perform at least one of; receiving activity messages from the data analysis module; obtaining parameters of served subscriber'"'"'s profile from a subscribers database; interfacing and commanding controlled modules within the CCN to carry out security actions that are required to avert the said identified security threat, according to the category of identified threat, the identified threat'"'"'s probability, and the serviced subscriber'"'"'s profile; and a threats management module, configured to manage and maintain a database of the security threats encountered during the activity of the CCN; further comprising a UCD Lifeline Module (ULM) embedded within said serviced subscribers'"'"' UCD, on which are stored modules of instruction code, which when executed by the ULM, configure the UCD to initiate lifeline communication to the security action management module or respond to lifeline communication from the security action management module; wherein; the said security action management module is configured to initiate lifeline communication to the UCD or respond to lifeline communication from the UCD; failure of reception of Lifeline communication on the security action management module side is reported to the data analysis module as real-time indication of an attempt to hijack the UCD from the hosting PLMN; and failure of reception of Lifeline communication on the ULM invokes security actions on the UCD side, said actions including at least one of;
alerting the user regarding failure of lifeline reception and altering at least one of the UCD'"'"'s identity parameters. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system-for providing security services, for securing the privacy of cellular network subscribers and the security of data stored on the said subscribers'"'"' User Cellular Devices (UCDs), said system comprising:
-
at least one non-transitory computer readable storage device and one or more processors operatively coupled to the storage device on which are stored modules of instruction code which when executed by said one or more processors implements a Controlled Cellular Network (CCN), interfacing a cellular Public Land Mobile Network (PLMN), said PLMN hosting a plurality of cellular subscribers; wherein said CCN provides said security services to “
serviced subscribers”
;wherein said CCN encapsulates communication between UCD of said serviced subscribers and the hosting PLMN, said communication including at least part of;
control, signaling, SMS and data communications;wherein said CCN is configured to monitor and analyze parameters and characteristics of said encapsulated communication in real time or in relation to historically acquired data, including at least one of;
time patterns, volumes, destination address, source address, content and context;wherein said CCN is configured to identify statistic deviations exceeding predefined thresholds, based on said analysis of parameters and characteristics of said encapsulated communication; wherein said CCN is configured to identify the occurrence of predefined suspicious events and scenarios, based on said analysis of said encapsulated communication; wherein said CCN is configured to identify security threats to the privacy of said serviced subscribers and to the data stored on their UCD and determine said threats'"'"' category and probability, based on said analysis of encapsulated communication; wherein the said CCN is configured to respond to said security threats in real time or in near-real time and take active measures to avert the said suspected threats; wherein said active measures including at least one of;
blocking or diverting communication, alerting serviced subscribers and/or system administrators, responding to system queries with altered data, and logging of suspicious events and scenarios;wherein application of said active measures depends on the category of identified security threat, the identified threat'"'"'s probability, and the serviced subscriber'"'"'s profile; wherein said CCN comprises at least one of; controlled module(s), configured to complement the functionality of respective elements of the hosting cellular PLMN; a security center module, configured to perform at least one of instantiation, configuration, monitoring, analysis and management of the functionality of each of said controlled modules; and an administrative module, configured to interface said security center module, and provide an administrator interface for at least one of; instantiating controlled modules of one or more CCNs; configuring said controlled modules of said one or more CCNs, to serve serviced subscribers of the hosting cellular PLMN; presenting alerts regarding the functionality of the CCN and events within the hosting cellular PLMN; extracting reports regarding the functionality of the CCN and events within the hosting cellular PLMN; wherein the said security center module comprises at least one of the following modules; a probe interface module, configured to probe each of the said controlled modules within the CCN, and accumulate data regarding transactions, events and scenarios occurring on the hosing PLMN and data regarding communication between elements of the CCN and the hosting PLMN; a data analysis module, configured to perform at least one of; obtaining the data accumulated by the said probe interface module; analyzing parameters and characteristics of said encapsulated communication in real time or in near-real time, including at least one of;
time patterns, volumes, destination address, source address, content and context;identifying statistic deviations exceeding predefined thresholds; analyzing accumulated historical data, pertaining to parameters and characteristics of said encapsulated communication; identifying the occurrence of predefined suspicious events and scenarios on the hosing PLMN based on said analysis; identifying security threats to the privacy of serviced subscribers and data stored on their UCD based on said analysis; emitting activity messages to other controlled modules of the CCN to avert the said identified security threats, and emitting alert messages to said administrative module and/or UCD to notify against said identified security threats; maintaining an events'"'"' database; a security action management module configured to perform at least one of; receiving activity messages from the data analysis module; obtaining parameters of served subscriber'"'"'s profile from a subscribers database; interfacing and commanding controlled modules within the CCN to carry out security actions that are required to avert the said identified security threat, according to the category of identified threat, the identified threat'"'"'s probability, and the serviced subscriber'"'"'s profile; a threats management module, configured to manage and maintain a database of the security threats encountered during the activity of the CCN; further comprising a UCD Lifeline Module (ULM) embedded within said serviced subscribers'"'"' UCD, on which are stored modules of instruction code, which when executed by the ULM, configure the UCD to initiate lifeline communication to the security action management module or respond to lifeline communication from the security action management module; wherein; said ULM is configured to send to the said security action management module real-time information regarding the status and whereabouts of the UCD through the Lifeline communication channel, said information including at least one of;
properties of the hosting PLMN, events of IRAT handover during voice calls, and events of BTS handover during voice calls;said real-time information is propagated from the security action management module to the data analysis module; and the data analysis module is configured to analyze said information, and identify at least one of following suspicious events and scenarios; illegitimate IRAT handover; illegitimate BTS handover; hijacking attempts of the UCD from its home PLMN or visited PLMN to other networks; and illegitimate altering of UCD communication encryption properties. - View Dependent Claims (11, 12)
-
-
10. A system for providing security services, for securing the privacy of cellular network subscribers and the security of data stored on the said subscribers'"'"' User Cellular Devices (UCDs), said system comprising:
-
at least one non-transitory computer readable storage device and one or more processors operatively coupled to the storage device on which are stored modules of instruction code which when executed by said one or more processors implements a Controlled Cellular Network (CCN), interfacing a cellular Public Land Mobile Network (PLMN), said PLMN hosting a plurality of cellular subscribers; wherein said CCN provides said security services to “
serviced subscribers”
;wherein said CCN encapsulates communication between UCD of said serviced subscribers and the hosting PLMN, said communication including at least part of;
control, signaling, SMS and data communications;wherein said CCN is configured to monitor and analyze parameters and characteristics of said encapsulated communication in real time or in relation to historically acquired data, including at least one of;
time patterns, volumes, destination address, source address, content and context;wherein said CCN is configured to identify statistic deviations exceeding predefined thresholds, based on said analysis of parameters and characteristics of said encapsulated communication; wherein said CCN is configured to identify the occurrence of predefined suspicious events and scenarios, based on said analysis of said encapsulated communication; wherein said CCN is configured to identify security threats to the privacy of said serviced subscribers and to the data stored on their UCD and determine said threats'"'"' category and probability, based on said analysis of encapsulated communication; wherein the said CCN is configured to respond to said security threats in real time or in near-real time and take active measures to avert the said suspected threats; wherein said active measures including at least one of;
blocking or diverting communication, alerting serviced subscribers and/or system administrators, responding to system queries with altered data, and logging of suspicious events and scenarios;wherein application of said active measures depends on the category of identified security threat, the identified threat'"'"'s probability, and the serviced subscriber'"'"'s profile; wherein said CCN comprises at least one of; controlled module(s), configured to complement the functionality of respective elements of the hosting cellular PLMN; a security center module, configured to perform at least one of instantiation, configuration, monitoring, analysis and management of the functionality of each of said controlled modules; and an administrative module, configured to interface said security center module, and provide an administrator interface for at least one of; instantiating controlled modules of one or more CCNs; configuring said controlled modules of said one or more CCNs, to serve serviced subscribers of the hosting cellular PLMN; presenting alerts regarding the functionality of the CCN and events within the hosting cellular PLMN; extracting reports regarding the functionality of the CCN and events within the hosting cellular PLMN; wherein the said security center module comprises at least one of the following modules; a probe interface module, configured to probe each of the said controlled modules within the CCN, and accumulate data regarding transactions, events and scenarios occurring on the hosing PLMN and data regarding communication between elements of the CCN and the hosting PLMN; a data analysis module, configured to perform at least one of; obtaining the data accumulated by the said probe interface module; analyzing parameters and characteristics of said encapsulated communication in real time or in near-real time, including at least one of;
time patterns, volumes, destination address, source address, content and context; andidentifying statistic deviations exceeding predefined thresholds; analyzing accumulated historical data, pertaining to parameters and characteristics of said encapsulated communication; identifying the occurrence of predefined suspicious events and scenarios on the hosing PLMN based on said analysis; identifying security threats to the privacy of serviced subscribers and data stored on their UCD based on said analysis; emitting activity messages to other controlled modules of the CCN to avert the said identified security threats, and emitting alert messages to said administrative module and/or UCD to notify against said identified security threats; maintaining an events'"'"' database; a security action management module configured to perform at least one of; receiving activity messages from the data analysis module; obtaining parameters of served subscriber'"'"'s profile from a subscribers database; interfacing and commanding controlled modules within the CCN to carry out security actions that are required to avert the said identified security threat, according to the category of identified threat, the identified threat'"'"'s probability, and the serviced subscriber'"'"'s profile; a threats management module, configured to manage and maintain a database of the security threats encountered during the activity of the CCN; further comprising a UCD Lifeline Mobdule (ULM) embedded within said serviced subscribers'"'"' UCD, on which are stored modules of instruction code, which when executed by the ULM, configure the UCD to initiate lifeline communication to the security action management module or respond to lifeline communication from the security action management module; wherein; said security center module further comprises an identity mediation module, configured to dynamically alter the value of one or more serviced subscribers'"'"' UCD identity parameters, said identity parameters including at least one of IMSI, IMEI, IMEISV, MSISDN, Ki, Kc, TMSI, PTMSI, TLLI, ESN; said identity mediation module communicates the said alteration of identity parameter values through said Lifeline communication channel to the ULM on the serviced subscribers'"'"' UCD; said ULM module is configured to receive said required alteration of identity parameter values through said lifeline communication channel; said ULM module is configured to propagate required alteration of values of identity parameters stored on the Subscriber Identity Storage Element (SISE), to said SISE, said parameters including at least one of IMSI, Ki and Kc; said SISE is configured to apply said required alteration of values to identity parameter stored on the SISE, said parameters including at least one of IMSI, Ki and Kc; said ULM module is configured to apply changes to values of UCD identity parameter stored on the UCD; and said identity mediation module is configured to dynamically mediate between said altered UCD identity parameter values and the original UCD identity parameters, thus facilitating the routing of the UCD communication with the hosting PLMN or visited network using the altered identity parameters.
-
-
13. A method for providing security services, for securing the privacy of cellular network subscribers and the security of data stored on the said subscribers'"'"' User Cellular Devices (UCDs), said method implemented by one or more processors operatively coupled to a non-transitory computer readable storage device, on which are stored modules of instruction code that when executed cause the one or more processors to perform:
-
interfacing a cellular Public Land Mobile Network (PLMN) hosting a plurality of cellular subscribers, with a Controlled Cellular Network (CCN); providing security services to “
serviced subscribers”
by said CCN;encapsulating communication between the UCDs of said serviced subscribers and hosting PLNM by said CCN, said communication including at least part of;
control, signaling, SMS and data communications;monitoring and analyzing parameters and characteristics of said encapsulated communication in real time or in relation to historically acquired data by the CCN, said parameters and characteristics including at least one of;
time patterns, volumes, destination address, source address, content and context;identifying by the CCN statistic deviations in said parameters and characteristics exceeding predefined thresholds, based on said analysis of said encapsulated communication-; identifying by the CCN occurrence of predefined suspicious events and scenarios, based on said analysis of said encapsulated communication; identifying by the CCN security threats to the privacy of said serviced subscribers, and to the data stored on their UCDs, and determining said threats'"'"' category and probability, based on said analysis of encapsulated communication; responding to said security threats in real time or in near-real time, and taking active measures to avert the said suspected threats, said active measures including at least one of;
blocking or diverting communication, alerting serviced subscribers and/or system administrators, responding to system queries with altered data, and logging of suspicious events and scenarios;wherein application of said active measures depends on the category of identified threat, the identified threat'"'"'s probability, and the serviced subscriber'"'"'s profile; instantiating at least one controlled module, within the CCN, configured t complement the functionality of respective elements of the hosting cellular PLMN; configuring said controlled modules by a security center module; monitoring, analyzing and managing of the functionality of each of said controlled modules comprising the CCN by the said security center module; providing an administrative interface, by means of an administrative module operatively coupled to said security center module, enabling an administrator to; instantiate controlled modules of one or more CCNs; configure the components of one or more CCNs to serve serviced subscribers of the hosting cellular PLMN; present alerts regarding the functionality of the CCN and its components; present alerts regarding the occurrence of events and scenarios within the hosting cellular PLMN; and extract reports regarding the functionality of the CCN and events within the hosting cellular PLMN; probing each of the said controlled modules within the CCN, and accumulating data regarding transactions, events and scenarios occurring on the hosing PLMN and data regarding communication between elements of the CCN and the hosting PLMN by a probe interface module; propagating the data accumulated by the said probe interface module to a data analysis module; analyzing by the said data analysis module parameters and characteristics of said encapsulated communication in real time or in near-real time, said parameters including at least one of;
time patterns, volumes, destination address, source address, content and context;analyzing statistic deviations in the values of said parameters and characteristics exceeding predefined thresholds by the said data analysis module; analyzing accumulated historical data, pertaining to said parameters and characteristics of said encapsulated communication by the said data analysis module; identifying the occurrence of predefined suspicious events and scenarios on the hosing PLMN based on said analysis by the data analysis module;
identifying security threats to the privacy of serviced subscribers and data stored on their UCD based on said analysis by the data analysis module;emitting activity messages from the data analysis module to other controlled modules of the CCN to avert the said identified security threats, and/or emitting alert messages to said administrative module and/or UCD to notify against said identified security threats; maintaining an events'"'"' database, withholding important events and scenarios that occurred within the CCN and/or hosting PLMN; receiving activity messages from said data analysis module to a security action management module; obtaining parameters of served subscriber'"'"'s profile from a subscribers database; commanding controlled modules by the security action management module, to carry out security actions as dictated by said activity messages from said data analysis module, and avert said identified security threats, said security actions depending on;
category of identified threat, the identified threat'"'"'s probability, and the serviced subscriber'"'"'s profile;maintaining a database of the security threats encountered during the activity of the CCN; initiating lifeline communication by said security action management module to the UCD, or responding to lifeline communication from the UCD by the security action management module; reporting failure of reception of lifeline communication on the security action management module side to the data analysis module as real-time indication of an attempt to hijack the UCD from the hosting PLMN; and invoking security actions by the UCD in response to failure of reception of lifeline communication on the ULM side, said actions including at least one of;
alerting the user regarding said failure of lifeline reception and altering at least one of the UCD'"'"'s identity parameters. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for providing security services, for securing the privacy of cellular network subscribers and the security of data stored on the said subscribers'"'"' User Cellular Devices (UCDs), said method implemented by one or more processors operatively coupled to a non-transitory computer readable storage device, on which are stored modules of instruction code that when executed cause the one or more processors to perform:
-
interfacing a cellular Public Land Mobile Network (PLMN) hosting a plurality of cellular subscribers, with a Controlled Cellular Network (CCN); providing security services to “
serviced subscribers”
by said CCN;encapsulating communication between the UCDs of said serviced subscribers and hosting PLMN by said CCN, said communication including at least part of;
control, signaling, SMS and data communications;monitoring and analyzing parameters and characteristics of said encapsulated communication in real time or in relation to historically acquired data by the CCN, said parameters and characteristics including at least one of;
time patterns, volumes, destination address, source address, content and context;identifying by the CCN statistic deviations in said parameters and characteristics exceeding predefined thresholds, based on said analysis of said encapsulated communication; identifying by the CCN occurrence of predefined suspicious events and scenarios, based on said analysis of said encapsulated communication; identifying by the CCN security threats to the privacy of said serviced subscribers, and to the data stored on their UCDs, and determining said threats'"'"' category and probability, based on said analysis of encapsulated communication; responding to said security threats in real time or in near-real time, and taking active measures to avert the said suspected threats, said active measures including at least one of;
blocking or diverting communication, alerting serviced subscribers and/or system administrators, responding to system queries with altered data, and logging of suspicious events and scenarios;wherein application of said active measures depends on the category of identified threat, the identified threats probability, and the serviced subscriber'"'"'s profile; instantiating at least one controlled module, within the CCN, configured to complement the functionality of respective elements of the hosting cellular PLMN; configuring said controlled modules by a security center module; monitoring, analyzing and managing of the functionality of each of said controlled modules comprising the CCN by the said security center module; providing an administrative interface, by means of an administrative module operatively coupled to said security center module, enabling an administrator to; instantiate controlled modules of one or more CCNs; configure the components of one or more CCNs to serve serviced subscribers of the hosting cellular PLMN; present alerts regarding the functionality of the CCN and its components;
present alerts regarding the occurrence of events and scenarios within the hosting cellular PLMN; andextract reports regarding the functionality of the CCN and events within the hosting cellular PLMN; probing each of the said controlled modules within the CCN, and accumulating data regarding transactions, events and scenarios occurring on the hosing PLMN and data regarding communication between elements of the CCN and the hosting PLMN by a probe interface module; propagating the data accumulated by the said probe interface module to a data analysis module; analyzing by the said data analysis module parameters and characteristics of said encapsulated communication in real time or in near-real time, said parameters including at least one of;
time patterns, volumes, destination address, source address, content and context;analyzing statistic deviations in the values of said parameters and characteristics exceeding predefined thresholds by the said data analysis module; analyzing accumulated historical data, pertaining to said parameters and characteristics of said encapsulated communication by the said data analysis module; identifying the occurrence of predefined suspicious events and scenarios on the hosing PLMN based on said analysis by the data analysis module; identifying security threats to the privacy of serviced subscribers and data stored on their UCD based on said analysis by the data analysis module; emitting activity messages from the data analysis module to other controlled modules of the CCN to avert the said identified security threats, and/or emitting alert messages to said administrative module and/or UCD to notify against said identified security threats; maintaining an events'"'"' database, withholding important events and scenarios that occurred within the CCN and/or hosting PLMN; receiving activity messages from said data analysis module to a security action management module; obtaining parameters of served subscriber'"'"'s profile from a subscribers database; commanding controlled modules by the security action management module, to carry out security actions as dictated by said activity messages from said data analysis module, and avert said identified security threats, said security actions depending on;
category of identified threat, the identified threat'"'"'s probability, and the serviced subscriber'"'"'s profile;maintaining a database of the security threats encountered during the activity of the CCN; sending to the said security action management module real-time information by the ULM, regarding the status and whereabouts of the UCD through the lifeline communication channel, said information including at least one of;
properties of the hosting PLMN, events of IRAT handover during voice calls, and events of BTS handover during voice calls;propagating said real-time information from the security action management module to the data analysis module; and analyzing said information by the data analysis module, and identifying at least one of following suspicious events and scenarios; illegitimate IRAT handover; illegitimate BTS handover; hijacking attempts of the UCD from its home PLMN or visited PLMN to other networks; and illegitimate altering of UCD communication encryption properties.
-
-
23. A method for providing security services, for securing the privacy of cellular network subscribers and the security of data stored on the said subscribers'"'"' User Cellular Devices (UCDs), said method implemented by one or more processors operatively coupled to a non-transitory computer readable storage device, on which are stored modules of instruction code that when executed cause the one or more processors to perform:
-
interfacing a cellular Public Land Mobile Network (PLMN) hosting a plurality of cellular subscribers, with a Controlled Cellular Network (CCN); providing security services to “
serviced subscribers”
by said CCN;encapsulating communication between the UCDs of said serviced subscribers and hosting PLMN by said CCN, said communication including at least part of;
control, signaling, SMS and data communications;monitoring and analyzing parameters and characteristics of said encapsulated communication in real time or in relation to historically acquired data by the CCN, said parameters and characteristics including at least one of;
time patterns, volumes, destination address, source address, content and context;identifying by the CCN statistic deviations in said parameters and characteristics exceeding predefined thresholds, based on said analysis of said encapsulated communication; identifying by the CCN occurrence of predefined suspicious events and scenarios, based on said analysis of said encapsulated communication; identifying by the CCN security threats to the privacy of said serviced subscribers, and to the data stored on their UCDs, and determining said threats'"'"' category and probability, based on said analysis of encapsulated communication; responding to said security threats in real time or in near-real time, and taking active measures to avert the said suspected threats, said active measures including at least one of;
blocking or diverting communication, alerting serviced subscribers and/or system administrators, responding to system queries with altered data, and logging of suspicious events and scenarios;wherein application of said active measures depends on the category of identified threat, the identified threat'"'"'s probability, and the serviced subscriber'"'"'s profile; instantiating at least one controlled module, within the CCN, configured to complement the functionality of respective elements of the hosting cellular PLMN; configuring said controlled modules by a security center module; monitoring, analyzing and managing of the functionality of each of said controlled modules comprising the CCN by the said security center module; providing an administrative interface, by means of an administrative module operatively coupled to said security center module, enabling an administrator to; instantiate controlled modules of one or more CCNs; configure the components of one or more CCNs to serve serviced subscribers of the hosting cellular PLMN; present alerts regarding the functionality of the CCN and its components; present alerts regarding the occurrence of events and scenarios within the hosting cellular PLMN; and extract reports regarding the functionality of the CCN and events within the hosting cellular PLMN; probing each of the said controlled modules within the CCN, and accumulating data regarding transactions, events and scenarios occurring on the hosing PLMN and data regarding communication between elements of the CCN and the hosting PLMN by a probe interface module; propagating the data accumulated by the said probe interface module to a data analysis module; analyzing by the said data analysis module parameters and characteristics of said encapsulated communication in real time or in near-real time, said parameters including at least one of;
time patterns, volumes, destination address, source address, content and context;analyzing statistic deviations in the values of said parameters and characteristics exceeding predefined thresholds by the said data analysis module; analyzing accumulated historical data, pertaining to said parameters and characteristics of said encapsulated communication by the said data analysis module; identifying the occurrence of predefined suspicious events and scenarios on the hosing PLMN based on said analysis by the data analysis module; identifying security threats to the privacy of serviced subscribers and data stored on their UCD based on said analysis by the data analysis module; emitting activity messages from the data analysis module to other controlled modules of the CCN to avert the said identified security threats, and/or emitting alert messages to said administrative module and/or UCD to notify against said identified security threats; maintaining an events'"'"' database, withholding important events and scenarios that occurred within the CCN and/or hosting PLMN; receiving activity messages from said data analysis module to a security action management module; obtaining parameters of served subscriber'"'"'s profile from a subscribers database; commanding controlled modules by the security action management module, to carry out security actions as dictated by said activity messages from said data analysis module, and avert said identified security threats, said security actions depending on;
category of identified threat, the identified threat'"'"'s probability, and the serviced subscriber'"'"'s profile;maintaining a database of the security threats encountered during the activity of the CCN; dynamically altering the value of one or more serviced subscribers'"'"' UCD identity parameters by an identity mediation module, said identity parameters including at least one of IMSI, IMEI, IMEISV, MSISDN, Ki, Kc, TMSI, PTMSI, TLLI, ESN; communicating said alteration of identity parameter values from the identity mediation module (1700) to the ULM on the serviced subscribers'"'"' UCD through said Lifeline communication channel; receiving said required alteration of identity parameter values by said ULM module through said lifeline communication channel; propagating the required alteration of values of identity parameters stored on the Subscriber Identity Storage Element (SISE), to said SISE, said parameters including at least one of IMSI, Ki and Kc; applying by said SISE the said required alteration of values of serviced subscribers'"'"' UCD identity parameters stored on the SISE, said parameters including at least one of IMSI, Ki and Kc; applying by said ULM required changes to values of UCD identity parameters stored on the UCD; and dynamically mediating between said altered UCD identity parameter values and the original UCD identity parameters by said identity mediation module, thus facilitating the routing of the UCD communication with the hosting PLMN or visited network using the altered identity parameters. - View Dependent Claims (24, 25)
-
Specification