System and method for combined network-side and off-air monitoring of wireless networks
First Claim
1. A method for network monitoring, comprising:
- obtaining, by a monitoring system, first sets of authentication parameters exchanged between wireless communication terminals and a wireless network, by monitoring an air interface between the terminals and the wireless network using a radio network interface, wherein the first sets of authentication parameters comprise Temporary Mobile Station Identities (TMSIs) of the wireless communication terminals that are active at a given geographic area;
obtaining, by the monitoring system, second sets of authentication parameters exchanged between the terminals and the network, by monitoring at least one wired interface between network-side elements of the wireless network using a core network interface, wherein the radio network interface and the core network interface are geographically separate, wherein the second sets of authentication parameters comprise International Mobile Station Identities (IMSIs);
establishing, by the monitoring system, one or more correlations between the first sets and the second sets, wherein the one or more correlations comprise the TMSIs of the wireless communication terminals correspond with given ones of the IMSIs;
determining, by the monitoring system, a type of application associated with a wireless terminal of the wireless terminals based on the established one or more correlations between the first sets and the second sets; and
providing a quality of service to the wireless terminal of the wireless terminals according to the determined type of application.
3 Assignments
0 Petitions
Accused Products
Abstract
A monitoring system monitors authentication sessions both on the air interface between the terminals and the network, and on at least one wired network-side interface between network-side elements of the network. The monitoring system constructs a database of sets of network-side authentication parameters using network-side monitoring. Each set of network-side authentication parameters originates from a respective authentication session and is associated with the International Mobile Station Identity (IMSI) of the terminal involved in the session. In order to start decrypting the traffic of a given terminal, the system obtains the off-air authentication parameters of that terminal using off-air monitoring, and finds an entry in the database that matches the air-interface authentication parameters. From the combination of correlated network-side and off-air authentication parameters, the processor is able to extract the parameters needed for decryption.
-
Citations
15 Claims
-
1. A method for network monitoring, comprising:
-
obtaining, by a monitoring system, first sets of authentication parameters exchanged between wireless communication terminals and a wireless network, by monitoring an air interface between the terminals and the wireless network using a radio network interface, wherein the first sets of authentication parameters comprise Temporary Mobile Station Identities (TMSIs) of the wireless communication terminals that are active at a given geographic area; obtaining, by the monitoring system, second sets of authentication parameters exchanged between the terminals and the network, by monitoring at least one wired interface between network-side elements of the wireless network using a core network interface, wherein the radio network interface and the core network interface are geographically separate, wherein the second sets of authentication parameters comprise International Mobile Station Identities (IMSIs); establishing, by the monitoring system, one or more correlations between the first sets and the second sets, wherein the one or more correlations comprise the TMSIs of the wireless communication terminals correspond with given ones of the IMSIs; determining, by the monitoring system, a type of application associated with a wireless terminal of the wireless terminals based on the established one or more correlations between the first sets and the second sets; and providing a quality of service to the wireless terminal of the wireless terminals according to the determined type of application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for network monitoring, comprising:
-
a radio network interface, which is configured to monitor an air interface between wireless communication terminals and a wireless network; a core network interface, which is configured to monitor at least one wired interface between network-side elements of the wireless network, wherein the radio network interface and the core network interface are geographically separate; and a processor, which is configured to obtain using the first interface first sets of authentication parameters exchanged between the terminals and the network, the first sets of authentication parameters comprise Temporary Mobile Station Identities (TMSIs) of the wireless communication terminals that are active at a given geographic area, to obtain using the second interface second sets of authentication parameters exchanged between the terminals and the network, wherein the second sets of authentication parameters comprise International Mobile Station Identities (IMSIs), to establish one or more correlations between the first sets and the second sets, wherein the one or more correlations comprise the TMSIs of the wireless communication terminals correspond with given ones of the IMSIs, and to use the one or more correlations between the first sets and the second sets to recognize a type of application associated with a wireless terminal of the wireless terminals to provide a quality of service to the wireless terminal of the wireless terminals according to the type. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A system for network monitoring, comprising:
-
a radio network interface, which is configured to monitor an air interface between wireless communication terminals and a wireless network; a core network interface, which is configured to monitor at least one wired interface between network-side elements of the wireless network, wherein the radio network interface and the core network interface are geographically separate; and a processor, which is configured to obtain using the air interface first sets of authentication parameters exchanged between the terminals and the network, the first sets of authentication parameters comprise Temporary Mobile Station Identities (TMSIs) of the wireless communication terminals that are active at a given geographic area, to obtain using the at least one wired interface second sets of authentication parameters exchanged between the terminals and the network, wherein the second sets of authentication parameters comprise International Mobile Station Identities (IMSIs), to establish one or more correlations between the first sets and the second sets, wherein the one or more correlations comprise the TMSIs of the wireless communication terminals correspond with given ones of the IMSIs, to determine a type of application associated with a wireless terminal of the wireless terminals based on the established one or more correlations between the first sets and the second sets, and to provide a quality of service to the wireless terminal of the wireless terminals according to the determined type of application.
-
Specification