Radio access technology based security in service provider networks
First Claim
Patent Images
1. A system, comprising:
- a processor configured to;
monitor network traffic on a service provider network at a security platform to identify a Radio Access Technology (RAT) type for a new session wherein the security platform monitors wireless interfaces including a plurality of interfaces for a GPRS Tunneling Protocol (GTP) in a mobile core network for a 3G and/or 4G network, or a control protocol and user data traffic in a mobile core network for a 3G and/or 4G network, and wherein the monitoring of the network traffic comprises to;
identify a create session request message or a create PDP context request message from the network traffic; and
extract location from the create session request message or the create PDP context request message, the location including one or more of the following;
CGI (Cell Global Identifier), SAI (Service Area Identifier), RAI (Routing Area Identifier), TAI (Tracking Area Identifier), ECGI (E-UTRAN Cell Global Identifier), or LAC (Location Area Identifier);
associate the RAT type with the new session at the security platform, wherein the RAT type includes 3G, 4G, 5G, or any combination thereof;
determine an application identifier for user traffic associated with the new session at the security platform, comprising to;
monitor, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the application identifier relates to web browsing using HyperText Transfer Protocol (HTTP), a Domain Name System (DNS) request, a file transfer using File Transfer Protocol (FTP), Telnet, Dynamic Host Configuration Protocol (DHCP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Trivial File Transfer Protocol (TFTP), or any combination thereof, and wherein the tunneled user traffic includes GPRS Tunneling Protocol User Plane (GTP-U) traffic;
determine a security policy to apply at the security platform to the new session based on the application identifier, the location, and the RAT type, wherein the security policy includes allowing or passing the new session, blocking or dropping the new session, or restricting access of the new session; and
perform threat detection and/or threat prevention based on the security policy; and
a memory coupled to the processor and configured to provide the processor with instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for radio access technology based security in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for radio access technology based security in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a Radio Access Technology (RAT) type for a new session; associating the RAT type with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the RAT type.
73 Citations
14 Claims
-
1. A system, comprising:
-
a processor configured to; monitor network traffic on a service provider network at a security platform to identify a Radio Access Technology (RAT) type for a new session wherein the security platform monitors wireless interfaces including a plurality of interfaces for a GPRS Tunneling Protocol (GTP) in a mobile core network for a 3G and/or 4G network, or a control protocol and user data traffic in a mobile core network for a 3G and/or 4G network, and wherein the monitoring of the network traffic comprises to; identify a create session request message or a create PDP context request message from the network traffic; and extract location from the create session request message or the create PDP context request message, the location including one or more of the following;
CGI (Cell Global Identifier), SAI (Service Area Identifier), RAI (Routing Area Identifier), TAI (Tracking Area Identifier), ECGI (E-UTRAN Cell Global Identifier), or LAC (Location Area Identifier);associate the RAT type with the new session at the security platform, wherein the RAT type includes 3G, 4G, 5G, or any combination thereof; determine an application identifier for user traffic associated with the new session at the security platform, comprising to; monitor, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the application identifier relates to web browsing using HyperText Transfer Protocol (HTTP), a Domain Name System (DNS) request, a file transfer using File Transfer Protocol (FTP), Telnet, Dynamic Host Configuration Protocol (DHCP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Trivial File Transfer Protocol (TFTP), or any combination thereof, and wherein the tunneled user traffic includes GPRS Tunneling Protocol User Plane (GTP-U) traffic; determine a security policy to apply at the security platform to the new session based on the application identifier, the location, and the RAT type, wherein the security policy includes allowing or passing the new session, blocking or dropping the new session, or restricting access of the new session; and perform threat detection and/or threat prevention based on the security policy; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method, comprising:
-
monitoring network traffic on a service provider network at a security platform to identify a Radio Access Technology (RAT) type for a new session wherein the security platform monitors wireless interfaces including a plurality of interfaces for a GPRS Tunneling Protocol (GTP) in a mobile core network for a 3G and/or 4G network, or a control protocol and user data traffic in a mobile core network for a 3G and/or 4G network, and wherein the monitoring of the network traffic comprises; identifying a create session request message or a create PDP context request message from the network traffic; and extracting location from the create session request message or the create PDP context request message, the location including one or more of the following;
CGI (Cell Global Identifier), SAI (Service Area Identifier), RAI (Routing Area Identifier), TAI (Tracking Area Identifier), ECGI (E-UTRAN Cell Global Identifier), or LAC (Location Area Identifier);associating the RAT type with the new session at the security platform, wherein the RAT type includes 3G, 4G, 5G, or any combination thereof; determining an application identifier for user traffic associated with the new session at the security platform, comprising; monitoring, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the application identifier relates to web browsing using HyperText Transfer Protocol (HTTP), a Domain Name System (DNS) request, a file transfer using File Transfer Protocol (FTP), Telnet, Dynamic Host Configuration Protocol (DHCP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Trivial File Transfer Protocol (TFTP), or any combination thereof, and wherein the tunneled user traffic includes GPRS Tunneling Protocol User Plane (GTP-U) traffic; determining a security policy to apply at the security platform to the new session based on the application identifier, the location, and the RAT type, wherein the security policy includes allowing or passing the new session, blocking or dropping the new session, or restricting access of the new session; and performing threat detection and/or threat prevention based on the security policy. - View Dependent Claims (8, 9, 10)
-
-
11. A computer program product, the computer program product being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for:
-
monitoring network traffic on a service provider network at a security platform to identify a Radio Access Technology (RAT) type for a new session, wherein the security platform monitors wireless interfaces including a plurality of interfaces for a GPRS Tunneling Protocol (GTP) in a mobile core network for a 3G and/or 4G network, or a control protocol and user data traffic in a mobile core network for a 3G and/or 4G network, and wherein the monitoring of the network traffic comprises; identifying a create session request message or a create PDP context request message from the network traffic; and extracting location from the create session request message or the create PDP context request message, the location including one or more of the following;
CGI (Cell Global Identifier), SAI (Service Area Identifier), RAI (Routing Area Identifier), TAI (Tracking Area Identifier), ECGI (E-UTRAN Cell Global Identifier), or LAC (Location Area Identifier);associating the RAT type with the new session at the security platform, wherein the RAT type includes 3G, 4G, 5G, or any combination thereof; determining an application identifier for user traffic associated with the new session at the security platform, comprising; monitoring, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the application identifier relates to web browsing using HyperText Transfer Protocol (HTTP), a Domain Name System (DNS) request, a file transfer using File Transfer Protocol (FTP), Telnet, Dynamic Host Configuration Protocol (DHCP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Trivial File Transfer Protocol (TFTP), or any combination thereof, and wherein the tunneled user traffic includes GPRS Tunneling Protocol User Plane (GTP-U) traffic; determining a security policy to apply at the security platform to the new session based on the application identifier, the location, and the RAT type, wherein the security policy includes allowing or passing the new session, blocking or dropping the new session, or restricting access of the new session; and performing threat detection and/or threat prevention based on the security policy. - View Dependent Claims (12, 13, 14)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneePalo Alto Networks Incorporated
-
Original AssigneePalo Alto Networks Incorporated
-
InventorsVerma, Sachin, Burakovsky, Leonid, Shu, Jesse C., Chen, I-Chun
-
Primary Examiner(s)Abedin, Shanto
-
Application NumberUS15/624,442Publication NumberTime in Patent Office1,104 DaysField of SearchUS Class CurrentCPC Class CodesH04L 63/0236 Filtering by address, proto...H04L 63/10 for controlling access to d...H04L 63/1416 Event detection, e.g. attac...H04L 63/1425 Traffic logging, e.g. anoma...H04L 63/20 for managing network securi...H04L 63/205 involving negotiation or de...H04L 67/02 based on web technology, e....H04W 12/08 Access securityH04W 12/088 using filters or firewallsH04W 12/128 Anti-malware arrangements, ...H04W 24/08 Testing, supervising or mon...H04W 76/10 Connection setupH04W 76/12 Setup of transport tunnelsH04W 84/042 Public Land Mobile systems,...
