Methods, systems, and computer readable media for mobility management entity (MME) authentication for outbound roaming subscribers using diameter edge agent (DEA)

US 10,616,200 B2
Filed: 08/01/2017
Issued: 04/07/2020
Est. Priority Date: 08/01/2017
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a mobility management entity (MME) for outbound roaming subscribers, the method comprising:

maintaining a Diameter authentication information request/update location request (AIR/ULR) mapping database at a Diameter edge agent (DEA), wherein the AIR/VLR mapping database stores mappings between visited public land mobile network identifiers (VPLMN IDs) from Diameter AIR messages and international mobile subscriber identities (IMSIs) obtained from the AIR messages;

receiving, at the DEA, a first Diameter AIR message for a subscriber;

determining, by the DEA, that the first Diameter AIR message includes a first IMSI not of record in the AIR/ULR mapping database at the DEA;

recording, for the subscriber, a VPLMN ID extracted from the first Diameter AIR message in the Diameter AIR/ULR mapping database at the DEA, wherein recording the VPLMN ID extracted from the first Diameter AIR message in the Diameter AIR/ULR mapping database at the DEA includes creating a new record in the Diameter AIR/ULR mapping database at the DEA for the first IMSI and the VPLMN ID;

receiving, at the DEA, a first Diameter ULR message and reading a VPLMN ID in the first Diameter ULR message;

determining that the VPLMN ID read from the first Diameter ULR message does not match the VPLMN ID extracted from the first Diameter AIR message and recorded for the subscriber in the Diameter AIR/ULR mapping database at the DEA; and

in response to determining that the VPLMN ID read from the first Diameter ULR message does not match the VPLMN ID extracted from the first Diameter AIR message and recorded for the subscriber in the Diameter AIR/ULR mapping database at the DEA, rejecting the first Diameter ULR message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating a mobility management entity (MME) for outbound roaming subscribers includes maintaining a Diameter authentication information request (AIR)/update location request (ULR) mapping database at a Diameter edge agent (DEA). A Diameter AIR message is received at the DEA. The DEA determines that the AIR message includes a visited public land mobile network identifier (VPLMN ID) not of record in the database. The DEA records the VPLMN ID in the database. A Diameter ULR message is received at the DEA, and a VPLMN ID is read from the ULR message. The DEA determines that the VPLMN ID read from the ULR message does not match the VPLMN ID recorded for the subscriber in the database. In response to determining that the VPLMN ID does not match the VPLMN ID recorded for the subscriber in the database, the DEA rejects the ULR message.

Citations

18 Claims

1. A method for authenticating a mobility management entity (MME) for outbound roaming subscribers, the method comprising:
- maintaining a Diameter authentication information request/update location request (AIR/ULR) mapping database at a Diameter edge agent (DEA), wherein the AIR/VLR mapping database stores mappings between visited public land mobile network identifiers (VPLMN IDs) from Diameter AIR messages and international mobile subscriber identities (IMSIs) obtained from the AIR messages;
  
  receiving, at the DEA, a first Diameter AIR message for a subscriber;
  
  determining, by the DEA, that the first Diameter AIR message includes a first IMSI not of record in the AIR/ULR mapping database at the DEA;
  
  recording, for the subscriber, a VPLMN ID extracted from the first Diameter AIR message in the Diameter AIR/ULR mapping database at the DEA, wherein recording the VPLMN ID extracted from the first Diameter AIR message in the Diameter AIR/ULR mapping database at the DEA includes creating a new record in the Diameter AIR/ULR mapping database at the DEA for the first IMSI and the VPLMN ID;
  
  receiving, at the DEA, a first Diameter ULR message and reading a VPLMN ID in the first Diameter ULR message;
  
  determining that the VPLMN ID read from the first Diameter ULR message does not match the VPLMN ID extracted from the first Diameter AIR message and recorded for the subscriber in the Diameter AIR/ULR mapping database at the DEA; and
  
  in response to determining that the VPLMN ID read from the first Diameter ULR message does not match the VPLMN ID extracted from the first Diameter AIR message and recorded for the subscriber in the Diameter AIR/ULR mapping database at the DEA, rejecting the first Diameter ULR message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the DEA comprises a Diameter routing agent (DRA) for functioning at an edge of a home network for the subscriber.
  - 3. The method of claim 1 comprising receiving a second Diameter AIR message including a second IMSI that is of record in the Diameter AIR/ULR mapping database at the DEA and updating, in the Diameter AIR/ULR mapping database at the DEA, a record corresponding to the second IMSI by storing the VPLMN ID from the second Diameter AIR message in the record.
  - 4. The method of claim 1 comprising:
    - forwarding the first Diameter AIR message to a home subscriber server (HSS);
      
      receiving a Diameter authentication information answer (AIA) message with a successful result code from the HSS; and
      
      starting a record expiry timer in response to receiving the Diameter AIA message from the HSS.
  - 5. The method of claim 4 comprising, in response to the record expiry timer reaching an expiration value, deleting the record from the Diameter AIR/ULR mapping database at the DEA.
  - 6. The method of claim 1 comprising receiving a second Diameter ULR message including a VPLMN ID that matches the VPLMN ID recorded for the subscriber in the Diameter AIR/ULR mapping database.
  - 7. The method of claim 6 comprising forwarding the second Diameter ULR message to a home subscriber server (HSS).
  - 8. The method of claim 7 comprising updating the record in the Diameter AIR/ULR mapping database at the DEA to indicate receipt of the second Diameter ULR message and storing, in the record, an origin host parameter from the second Diameter ULR message as an MME identifier.
  - 9. The method of claim 1 comprising, in response to determining that the VPLMN ID in the first ULR message does not match the VPLMN ID recorded for the subscriber in the Diameter AIR/ULR mapping database, marking the first Diameter ULR message as suspicious.

10. A system for authenticating a mobility management entity (MME) for outbound roaming subscribers, the system comprising:
- a memory in connection with at least one processor, wherein the memory comprises;
  
  a Diameter edge agent (DEA);
  
  a Diameter authentication information request/update location request (AIR/ULR) mapping database local to the DEA for storing records for authenticating MMEs, wherein the AIR/VLR mapping database stores mappings between visited public land mobile network identifiers (VPLMN IDs) from Diameter AIR messages and international mobile subscriber identities (IMSIs) obtained from the AIR messages; and
  
  an MME authentication application local to the DEA and implemented using the at least one processor for receiving a first Diameter AIR message for a subscriber, determining that the first Diameter AIR message includes a first IMSI not of record in the AIR/ULR mapping database at the DEA, recording, for the subscriber, a VPLMN ID extracted from the first Diameter AIR message in the AIR/ULR mapping database at the DEA, wherein recording the VPLMN ID extracted from the first Diameter AIR message in the Diameter AIR/ULR mapping database at the DEA includes creating a new record in the Diameter AIR/ULR mapping database at the DEA for the first IMSI and the VPLMN ID, receiving a first Diameter ULR message and reading a VPLMN ID in the first Diameter ULR message, determining that the VPLMN ID read from the first Diameter ULR message does not match the VPLMN ID extracted from the first Diameter AIR message and recorded for the subscriber in the Diameter AIR/ULR mapping database at the DEA, and, in response to determining that the VPLMN ID read from the first ULR message does not match the VPLMN ID extracted from the first Diameter AIR message and recorded for the subscriber in the Diameter AIR/ULR mapping database at the DEA, rejecting the first Diameter ULR message.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The system of claim 10 wherein the DEA comprises a Diameter routing agent (DRA) for functioning at an edge of a home network for the subscriber.
  - 12. The system of claim 10 wherein the MME authentication application is configured to receive a second Diameter AIR message including a second IMSI that is of record in the Diameter AIR/ULR mapping database at the DEA and to update, in the Diameter AIR/ULR mapping database at the DEA, a record corresponding to the second IMSI by storing the VPLMN ID from the second Diameter AIR message in the record.
  - 13. The system of claim 10 wherein the MME authentication application is configured to:
    - forward the first Diameter AIR message to a home subscriber server (HSS);
      
      receive a Diameter authentication information answer (AIA) message with a successful result code from the HSS; and
      
      start a record expiry timer in response to receiving the Diameter AIA message from the HSS.
  - 14. The system of claim 13 wherein the MME authentication application is configured to, in response to the record expiry timer reaching an expiration value, delete the record from the Diameter AIR/ULR mapping database at the DEA.
  - 15. The system of claim 10 wherein the MME authentication application is configured to receive a second Diameter ULR message including a VPLMN ID that matches the VPLMN ID recorded for the subscriber and to forward the second Diameter ULR message to a home subscriber server (HSS).
  - 16. The system of claim 15 wherein the MME authentication application is configured to update the record in the AIR/ULR mapping database at the DEA to indicate receipt of the second Diameter ULR message and to store, in the record, an origin host parameter from the second Diameter ULR message as an MME identifier.
  - 17. The system of claim 10 wherein the MME authentication application is configured to, in response to determining that the VPLMN ID in the first Diameter ULR message does not match the VPLMN ID recorded for the subscriber in the Diameter AIR/ULR mapping database, mark the first Diameter ULR message as suspicious.

18. A non-transitory computer readable medium having stored thereon executable instructions that when executed by the processor of a computer controls the computer to perform steps comprising:
- maintaining a Diameter authentication information request/update location request (AIR/ULR) mapping database at a Diameter edge agent (DEA), wherein the AIR/VLR mapping database stores mappings between visited public land mobile network identifiers (VPLMN IDs) from Diameter AIR messages and international mobile subscriber identities (IMSIs) obtained from the AIR messages;
  
  receiving, at the DEA, a Diameter AIR message for a subscriber;
  
  determining, by the DEA, that the Diameter AIR message includes an IMSI not of record in the AIR/ULR mapping database at the DEA;
  
  recording, for the subscriber, a VPLMN ID extracted from the Diameter AIR message in the Diameter AIR/ULR mapping database at the DEA, wherein recording the VPLMN ID extracted from the Diameter AIR message in the Diameter AIR/ULR mapping database at the DEA includes creating a new record in the Diameter AIR/ULR mapping database at the DEA for the IMSI and the VPLMN ID;
  
  receiving, at the DEA, a first Diameter ULR message and reading a VPLMN ID in the first Diameter ULR message;
  
  determining that the VPLMN ID read from the first Diameter ULR message does not match the VPLMN ID extracted from the Diameter AIR message and recorded for the subscriber in the Diameter AIR/ULR mapping database at the DEA; and
  
  in response to determining that the VPLMN ID read from the first Diameter ULR message does not match the VPLMN ID extracted from the Diameter AIR message and recorded for the subscriber in the Diameter AIR/ULR mapping database at the DEA, rejecting the first Diameter ULR message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Kumar, Vipin, Mahalank, Shashikiran Bhalachandra
Primary Examiner(s)
Lagor, Alexander
Assistant Examiner(s)
Mahmoudi, Rodman Alexander

Application Number

US15/666,300
Publication Number

US 20190044932A1
Time in Patent Office

980 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/22   Indexing; Data structures t...

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

H04W 12/06   Authentication

H04W 12/12   Detection or prevention of ...

H04W 12/121   Wireless intrusion detectio...

H04W 8/02   Processing of mobility data...

H04W 8/12   between location registers ...

H04W 8/18   Processing of user or subsc...

H04W 84/042   Public Land Mobile systems,...

Methods, systems, and computer readable media for mobility management entity (MME) authentication for outbound roaming subscribers using diameter edge agent (DEA)

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, systems, and computer readable media for mobility management entity (MME) authentication for outbound roaming subscribers using diameter edge agent (DEA)

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links