System and method of network access security policy management for multimodal device

US 20080307487A1
Filed: 06/07/2007
Published: 12/11/2008
Est. Priority Date: 06/07/2007
Status: Active Grant

First Claim

Patent Images

1. A system for network access security policy management of multimodal access to a converged network, the system comprising:

an inter-technology change-off monitoring entity (ICME) for detecting an inter-technology change-off of a multimodal device from a first access technology to a second access technology, and for transmitting an inter-technology change-off message;

a policy database for storing a plurality of access technology policies; and

a policy manager for receiving said inter-technology change-off message from the ICME, for searching said policy database for an access technology policy corresponding to said second access technology, for determining appropriate policies to be enforced, and for distributing said appropriate policies to at least one policy enforcement point (PEF) for enforcing said appropriate policies in respect of access by the multimodal device to the converged network.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are provided for management of access security for access by a multimodal device to a converged fixed/mobile network. An inter-technology change-off monitoring entity (ICME) is provided to monitor an inter-technology change-off of the multimodal device and to notify a policy manager of the inter-technology change-off. The policy manager looks up in a policy database, security policies applicable to the user of the multimodal device and the particular technology being used by the multimodal device. The policy manager conveys to various policy enforcement points throughout the converged fixed/mobile network the applicable security policies which take into account the user'"'"'s identity and the access technology being used.

75 Citations

View as Search Results

18 Claims

1. A system for network access security policy management of multimodal access to a converged network, the system comprising:
- an inter-technology change-off monitoring entity (ICME) for detecting an inter-technology change-off of a multimodal device from a first access technology to a second access technology, and for transmitting an inter-technology change-off message;
  
  a policy database for storing a plurality of access technology policies; and
  
  a policy manager for receiving said inter-technology change-off message from the ICME, for searching said policy database for an access technology policy corresponding to said second access technology, for determining appropriate policies to be enforced, and for distributing said appropriate policies to at least one policy enforcement point (PEF) for enforcing said appropriate policies in respect of access by the multimodal device to the converged network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A system according to claim 1 wherein said inter-technology change-off message comprises a user ID identifying a subscriber, and at least one of a device ID, a second access technology indicator, and a first access technology indicator.
  - 3. A system according to claim 2 wherein said policy manager is further for looking up, in a subscriber database, subscriber security parameters of a subscriber identified in the inter-technology change-off message, and for searching said policy database for a user policy corresponding to said subscriber.
  - 4. A system according to claim 1 wherein said policy manager distributes said appropriate policies after a layer 2 portion of said inter-technology change-off has completed and before a layer 3 portion of said inter-technology change-off has completed.
  - 5. A system according to claim 1 wherein the ICME is one of a layer 2 monitoring entity and a higher than layer 2 monitoring entity.
  - 6. A system according to claim 5 wherein the ICME is a layer 2 monitoring entity and wherein the inter-technology change-off is between UMTS and WLAN and wherein a change-off is detected when an association occurs.
  - 7. A system according to claim 5 wherein the ICME is a layer 3 monitoring entity and wherein the inter-technology change-off is between UMTS and WLAN and wherein the change-off is detected on an occurrence of a change in an IP address allocated to the multimodal device, receipt of a message from the multimodal mobile device, receipt of a DHCP message, or any other mechanism from the network or device to initiate a layer 3 handoff or change-off.
  - 8. A system according to claim 1 wherein said appropriate policy is a combination of said user policy and said access technology policy, and wherein portions of said appropriate policy are distributed to each PEF of said at least one PEF.
  - 9. A system according to claim 8 wherein said combination of said user policy and said access technology policy is a sum of said user policy plus said access technology policy.

10. A method for network access security policy management of multimodal access to a converged network, the method comprising:
- detecting at an inter-technology change-off monitoring entity (ICME) occurrence of an inter-technology change-off of a multimodal device from a first access technology to a second access technology;
  
  transmitting an inter-technology change-off message from said inter-technology change-off monitoring entity (ICME) to a policy manager;
  
  searching a policy database by said policy manager for an access technology policy corresponding to said second access technology;
  
  determining at the policy manager appropriate policies to be enforced;
  
  distributing from said policy manager to at least one policy enforcement point (PEF) said appropriate policies; and
  
  enforcing said appropriate policies at said at least one PEF in respect of access by the multimodal device to the converged network.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. A method according to claim 10 wherein said inter-technology change-off message comprises a user ID identifying a subscriber, and at least one of a device ID, a second access technology indicator, and a first access technology indicator.
  - 12. A method according to claim 11 further comprising:
    - looking up, in a subscriber database, by the policy manager, subscriber security parameters of a subscriber identified in the inter-technology change-off message; and
      
      searching said policy database, by said policy manager, for a user policy corresponding to said subscriber.
  - 13. A method according to claim 10 wherein said step of distributing said appropriate policies is performed after a layer 2 portion of said inter-technology change-off has completed and before a layer 3 portion of said inter-technology change-off has completed.
  - 14. A method according to claim 10 wherein the step of detecting occurrence of an inter-technology change-off occurs at one of a layer 2 monitoring level and a higher than layer 2 monitoring level.
  - 15. A method according to claim 14 wherein detecting occurrence of an inter-technology change-off occurs at a layer 2 monitoring level, wherein the inter-technology change-off is between UMTS and WLAN, and wherein the inter-technology change-off is detected when an association occurs.
  - 16. A method according to claim 14 wherein detecting occurrence of an inter-technology change-off occurs at a layer 3 monitoring level, wherein the inter-technology change-off is between UMTS and WLAN, and wherein the change-off is detected on an occurrence of a change in an IP address allocated to the multimodal device, receipt of a message from the multimodal mobile device, receipt of a DHCP message, or any other mechanism from the network or device to initiate a layer 3 handoff or change-off.
  - 17. A method according to claim 10 wherein said appropriate policy is a combination of said user policy and said access technology policy, and wherein portions of said appropriate policies are distributed to each PEF of said at least one PEF.
  - 18. A method according to claim 17 wherein said combination of said user policy and said access technology policy is a sum of said user policy plus said access technology policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WSOU Investments, LLC (WSOU Holdings, LLC)
Original Assignee
Alcatel-Lucent SA (Nokia Corporation)
Inventors
Choyi, Vinod Kumar, Vinokurov, Dmitri

Granted Patent

US 8,191,106 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/20   for managing network securi...

H04L 69/16   Implementation or adaptatio...

H04W 12/088   using filters or firewalls

H04W 8/18   Processing of user or subsc...

H04W 80/04   Network layer protocols, e....

System and method of network access security policy management for multimodal device

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

75 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

System and method of network access security policy management for multimodal device

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others