Service-based security per user location in mobile networks
First Claim
1. A system, comprising:
- a processor configured to;
monitor network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network, wherein the monitoring of the network traffic comprises to;
identify a create context request service operation or a create service operation in the network traffic;
extract user location information for user traffic associated with the new session at the security platform, comprising to;
extract EutraLocation or NRLocation from the create context request service operation or the create service operation of the network traffic, wherein the EutraLocation comprises Tracking Area Identity (TAI) and ECGI (EUTRA Cell Identity), wherein the NRLocation comprises Tracking Area Identity (TAI) and NR Cell Identity (NCGI); and
determine a security policy to apply at the security platform to the new session based on the user location information; and
a memory coupled to the processor and configured to provide the processor with instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for providing service-based security per user location in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for service-based security per user location in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network; extracting user location information for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the user location information.
29 Citations
16 Claims
-
1. A system, comprising:
-
a processor configured to; monitor network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network, wherein the monitoring of the network traffic comprises to; identify a create context request service operation or a create service operation in the network traffic; extract user location information for user traffic associated with the new session at the security platform, comprising to; extract EutraLocation or NRLocation from the create context request service operation or the create service operation of the network traffic, wherein the EutraLocation comprises Tracking Area Identity (TAI) and ECGI (EUTRA Cell Identity), wherein the NRLocation comprises Tracking Area Identity (TAI) and NR Cell Identity (NCGI); and determine a security policy to apply at the security platform to the new session based on the user location information; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method, comprising:
-
monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network, wherein the monitoring of the network traffic comprises; identifying a create context request service operation or a create service operation in the network traffic; extracting user location information for user traffic associated with the new session at the security platform, comprising; extracting EutraLocation or NRLocation from the create context request service operation or the create service operation of the network traffic, wherein the EutraLocation comprises Tracking Area Identity (TAI) and ECGI (EUTRA Cell Identity), wherein the NRLocation comprises Tracking Area Identity (TAI) and NR Cell Identity (NCGI); and determining a security policy to apply at the security platform to the new session based on the user location information. - View Dependent Claims (13, 14)
-
-
15. A computer program product, the computer program product being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for:
-
monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network, wherein the monitoring of the network traffic comprises; identifying a create context request service operation or a create service operation in the network traffic; extracting user location information for user traffic associated with the new session at the security platform, comprising; extracting EutraLocation or NRLocation from the create context request service operation or the create service operation of the network traffic, wherein the EutraLocation comprises Tracking Area Identity (TAI) and ECGI (EUTRA Cell Identity), wherein the NRLocation comprises Tracking Area Identity (TAI) and NR Cell Identity (NCGI); and determining a security policy to apply at the security platform to the new session based on the user location information. - View Dependent Claims (16)
-
Specification