Methods and systems for enhancing network security in a telecommunications signaling network

US 20040042609A1
Filed: 09/04/2002
Published: 03/04/2004
Est. Priority Date: 09/04/2002
Status: Active Grant

First Claim

Patent Images

1. A method for screening network management messages in a communications network, the method comprising:

(a) receiving, at a network node, a network management message originating from a location in a network;

(b) determining whether a predetermined parameter in the network management message is not associated with the originating location; and

(c) in response to determining that the parameter is not associated with the originating location, performing a network security action for the network management message.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for providing enhanced network security for network management messages and subsystem management messages are disclosed. A network security function receives a network or subsystem management message from a first location in a network. The network security function determines whether one or more predetermined parameters in the network management message are not associated with the originating location. In response to determining that are not associated with the originating location, a network security action, such as discarding the message and/or notifying a network operator, is performed.

20 Citations

View as Search Results

37 Claims

1. A method for screening network management messages in a communications network, the method comprising:
- (a) receiving, at a network node, a network management message originating from a location in a network;
  
  (b) determining whether a predetermined parameter in the network management message is not associated with the originating location; and
  
  (c) in response to determining that the parameter is not associated with the originating location, performing a network security action for the network management message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 wherein receiving a network management message includes receiving an MTP3 network management message.
  - 3. The method of claim 2 wherein receiving an MTP3 network management message includes receiving a transfer prohibited message.
  - 4. The method of claim 1 wherein determining whether a parameter in the network management message is not associated with the originating location includes examining an OPC in the network management message to determine whether the OPC is associated with a node adjacent to the network node.
  - 5. The method of claim 4 wherein performing a network security action includes performing a security action in response to determining that the OPC is not associated with an adjacent node.
  - 6. The method of claim 1 wherein determining whether a parameter in the network management message is not associated with the originating location includes extracting an OPC from the network management message and determining whether a route to the OPC exists on a linkset from which the network management message was received.
  - 7. The method of claim 6 wherein performing a network security action includes performing a network security action in response to determining that a route to the OPC does not exist on the linkset from which the network management message was received.
  - 8. The method of claim 1 wherein determining whether a parameter in the network management message is not associated with the originating location includes extracting a destination parameter from the message and determining whether a route to the destination parameter exists on a linkset from which the network management message was received.
  - 9. The method of claim 8 wherein performing a network security action includes performing a network security action in response to determining that a route to the destination parameter does not exist for the linkset on which the network management message was received.
  - 10. The method of claim 1 wherein performing a network security action includes discarding the message.
  - 11. The method of claim 1 wherein performing a network security action includes alerting a network operator that the network management message failed security screening.
  - 12. The method of claim 1 wherein steps (a)-(c) are performed at a signal transfer point.

13. A method for screening subsystem management messages in a communications network, the method comprising:
- (a) receiving, at a network node, a subsystem management message originating from a location in a network;
  
  (b) determining whether a predetermined parameter in the subsystem management message is not associated with the originating location; and
  
  (c) in response to determining that the parameter is not associated with the originating location, performing a network security action for the subsystem management message.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. The method of claim 13 wherein receiving a subsystem management message includes receiving an SCCP subsystem management message.
  - 15. The method of claim 14 wherein receiving an SCCP subsystem management message includes receiving a subsystem prohibited message or subsystem out of service request.
  - 16. The method of claim 13 wherein determining whether a parameter in the subsystem management message is not associated with the originating location includes extracting an OPC from the subsystem management message and determining whether a route to the OPC exists on a linkset from which the subsystem management message was received.
  - 17. The method of claim 16 wherein performing a network security action includes performing a network security action in response to determining that a route to the OPC does not exist on the linkset from which the subsystem management message was received.
  - 18. The method of claim 13 wherein determining whether a parameter in the subsystem management message is not associated with the originating location includes extracting an affected point code parameter from the message and determining whether a route to the affected point code parameter exists on a linkset from which the subsystem management message was received.
  - 19. The method of claim 18 wherein performing a network security action includes performing a network security action in response to determining that a route to the affected point code parameter does not exist for the linkset on which the subsystem management message was received.
  - 20. The method of claim 13 wherein performing a network security action includes discarding the message.
  - 21. The method of claim 13 wherein performing a network security action includes alerting a network operator that the subsystem management message failed security screening.
  - 22. The method of claim 13 wherein steps (a)-(c) are performed at a signal transfer point.

23. A routing node having a screening function for protecting a network against malicious network management messages, the routing node comprising:
- (a) a link interface module for receiving network management messages from originating locations in a network; and
  
  (b) a network security function operatively associated with the link interface module for determining whether one or more predetermined parameters in each network management message are not associated with the originating location for the message, and, in response to determining that one or more of the parameters are not associated with the originating location, for performing a network security action.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
- - 24. The routing node of claim 23 wherein the link interface module comprises an SS7 link interface module for sending and receiving SS7 network management messages over SS7 signaling links.
  - 25. The routing node of claim 23 wherein the link interface module comprises an IP interface module for sending and receiving IP-encapsulated SS7 network management messages over IP-based signaling links.
  - 26. The routing node of claim 23 wherein the network security function is adapted to examine an OPC parameter in each received network management message to determine whether the OPC is associated with a node adjacent to the routing node, and, in response to determining that the OPC parameter is not associated with an adjacent node, for performing the network security action.
  - 27. The routing node of claim 23 wherein the network security function is adapted to examine an OPC parameter in each received network management message to determine whether a route to the OPC exists on a signaling linkset from which the network management message was received, and, in response to determining that a route does not exist on the linkset, for performing the network security action.
  - 28. The routing node of claim 23 wherein the network security function is adapted to examine a destination parameter in each received network management message to determine whether a route to the destination parameter exists on a signaling linkset from which the network management message was received, and, in response to determining that a route does not exist on the linkset, for performing the network security action.
  - 29. The routing node of claim 23 wherein the network security function is adapted to discard a network management message containing one of the predetermined parameters not associated with the originating location.
  - 30. The routing node of claim 23 wherein the network security function is adapted to notify a network operator of a network management message containing one of the predetermined parameters not associated with the originating location.

31. A routing node having a screening function for protecting a network against malicious subsystem management messages, the routing node comprising:
- (a) a link interface module for receiving subsystem management messages from originating locations in a network; and
  
  (b) a network security function operatively associated with the link interface module for determining whether one or more predetermined parameters in each subsystem management message are not associated with the originating location for the message, and, in response to determining that one or more of the parameters are not associated with the originating location, for performing a network security action.
- View Dependent Claims (32, 33, 34, 35, 36, 37)
- - 32. The routing node of claim 31 wherein the link interface module comprises an SS7 link interface module for sending and receiving SS7 subsystem management messages over SS7 signaling links.
  - 33. The routing node of claim 31 wherein the link interface module comprises an IP interface module for sending and receiving IP-encapsulated SS7 subsystem management messages over IP-based signaling links.
  - 34. The routing node of claim 31 wherein the network security function is adapted to examine an OPC parameter in each received subsystem management message to determine whether a route to the OPC exists on a signaling linkset from which the subsystem management message was received, and, in response to determining that a route does not exist on the linkset, for performing the network security action.
  - 35. The routing node of claim 31 wherein the network security function is adapted to examine an affected point code parameter in each received subsystem management message to determine whether a route to the affected point code exists on a signaling linkset from which the subsystem management message was received, and, in response to determining that a route does not exist on the linkset, for performing the network security action.
  - 36. The routing node of claim 31 wherein the network security function is adapted to discard each subsystem management message containing at least one of the predetermined parameters not associated with the originating location.
  - 37. The routing node of claim 31 wherein the network security function is adapted to notify a network operator of each subsystem management message containing at least one of the predetermined parameters not associated with the originating location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tekelec Global, Inc. (Oracle Corporation)
Original Assignee
Tekelec
Inventors
Young, James A., Delaney, Robert J., Hildebrand, John L.

Granted Patent

US 7,043,000 B2
Time in Patent Office

Days
Field of Search
US Class Current

379/229
CPC Class Codes

H04Q 3/0025 Provisions for signalling

Methods and systems for enhancing network security in a telecommunications signaling network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for enhancing network security in a telecommunications signaling network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links