METHOD, SYSTEM AND DEVICE FOR IMPLEMENTING SECURITY CONTROL

US 20090307746A1
Filed: 08/19/2009
Published: 12/10/2009
Est. Priority Date: 04/30/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method of implementing security control, comprising:

receiving, by a Policy and Charging Enforcement Function (PCEF) entity, security control policy information from a Policy Control and Charging Rules Function (PCRF) entity; and

executing, by the PCEF entity, user security control according to the security control policy information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and device for implementing security control are provided. The method for implementing security control includes: receiving, by the Policy and Charging Enforcement Function (PCEF) entity, security control policy information from the Policy Control and Charging Rules Function (PCRF) entity; and executing, by the PCEF entity, user security control according to the security control policy information. The provided method, system, and device may provide security control for the user session in the Policy Charging Control (PCC) architecture.

250 Citations

19 Claims

1. A method of implementing security control, comprising:
- receiving, by a Policy and Charging Enforcement Function (PCEF) entity, security control policy information from a Policy Control and Charging Rules Function (PCRF) entity; and
  
  executing, by the PCEF entity, user security control according to the security control policy information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the security control policy information comprises at least one of an Access Control List (ACL) and firewall mode information.
  - 3. The method of claim 2, wherein the executing user security control comprises:
    - executing access control for user service data flows according to the ACL information; and
      
      /orselecting a firewall of the corresponding mode for the user service data flow according to the firewall mode information, and executing the firewall function.
  - 4. The method of claim 3, wherein the executing user security control comprises:
    - executing admission access control for the user service data flow according to at least one or any combination of;
      
      Internet Protocol (IP) address, port number, protocol type, and application type allowed for accessing in the ACL specified in the ACL information; and
      
      /orselecting a firewall using at least one of;
      
      packet filtering mode, deep detection mode, spam filtering function, and virus filtering function according to the firewall mode specified in the firewall mode information, and executing the firewall function for the user service data flow.
  - 5. The method of claim 1, wherein the receiving security control policy information comprises:
    - receiving, by the PCEF entity, the security control policy information sent by the PCRF entity through a Credit Control Request (CCR) message or a Re-Authentication Request (RAR) message.
  - 6. The method of claim 5, wherein the PCEF entity receives the security control policy information of the ACL information and/or the firewall mode information sent through the CCR message or the RAR message, and wherein:
    - the ACL information is represented by adding an Access Control List Number Attribute Value Pair (ACL-Number AVP) in the Diameter protocol of a Gx interface; and
      
      the firewall mode information is represented by adding a Firewall-Mode-Number AVP in the Diameter protocol of the Gx interface.
  - 7. The method of claim 1, wherein the receiving security control policy information from the PCRF entity comprises:
    - receiving, by the PCRF entity, the security control policy information generated by the PCRF entity upon making a judgment according to the policy condition information of the user.
  - 8. The method of claim 7, wherein the security control policy information generated by the PCRF entity upon making a judgment according to the policy condition information of the user comprises:
    - security control policy information generated by the PCRF entity upon making a judgment according to the policy condition of a user, wherein the policy condition information of the user is one or any combination of;
      
      software version of a User Equipment (UE), version of an operating system, patches of the operating system, information about whether antivirus software is installed and version of the antivirus software, and is obtained from one or any combination of the PCEF entity, a Network Management System (NMS), and a device management system; and
      
      /orfirewall mode information generated by the PCRF entity upon making a judgment according to the policy condition information of a user, wherein the policy condition information of the user is one or any combination of subscription profile, user access network type, and user roaming state.

9. A system for executing security control, comprising a Policy Control and Charging Enforcement Function (PCEF) entity, a Policy Control and Charging Rules Function (PCRF) entity wherein the system comprises:
- a receiving module connected with the PCEF entity and configured to receive security control policy information from the PCRF entity; and
  
  an executing module connected with the PCEF entity and configured to execute user security control according to the security control policy information.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The system of claim 9, wherein the security control policy information comprises Access Control List (ACL) information and firewall mode information;
    - wherein the executing module comprises;
      
      an access control unit configured to execute access control for the user service data flow according to the ACL information; and
      
      /ora firewall unit configured to select a firewall of the corresponding mode for the user service data flow according to the firewall mode information, and execute the firewall function.
  - 11. The system of claim 10, wherein:
    - the access control unit is further configured to execute admission access control for the user service data flow according to one or any combination of;
      
      IP address, port number, protocol type, and application type allowed for accessing in an ACL specified in the ACL information; and
      
      the firewall unit is further configured to select a firewall of one or any combination of;
      
      packet filtering mode, deep detection mode, spam filtering function, and virus filtering function according to the firewall mode specified in the firewall mode information, and execute the firewall function for the user service data flow.
  - 12. The system of claim 9, wherein the receiving module is further configured to receive the security control policy information sent by the PCRF entity through a Credit Control Request (CCR) message or a Re-Authentication Request (RAR) message;
    - wherein the security control policy information is the ACL information and/or the firewall mode information.
  - 13. The system of claim 12, wherein:
    - the ACL information is represented by adding an Access Control List Number Attribute Value Pair (ACL-Number AVP) in the Diameter protocol of a Gx interface; and
      
      the firewall mode information is represented by adding a Firewall-Mode-Number AVP in the Diameter protocol of the Gx interface.
  - 14. The system of claim 9, further comprising:
    - a sending module configured to send the security control policy information to the PCEF entity after making a judgment according to the policy condition information of the user and generating security control policy information; and
      
      a first obtaining module configured to obtain policy condition information from one or any combination of;
      
      the PCEF entity, a Network Management System (NMS), and a device management system, the policy condition information is one or any combination of;
      
      software version of a User Equipment (UE) version of the operating system, patches of the operating system, information about whether antivirus software is installed and version of the antivirus software, wherein the PCRF entity makes a judgment according to the policy condition information and generates Access Control List (ACL) information; and
      
      /ora second obtaining module configured to obtain the policy condition information which is one or any combination of;
      
      subscription profile, access network type of the user, and roaming state of the user, wherein the PCRF entity makes a judgment according to the policy condition information of the user and generates firewall mode information.

15. A Policy and Charging Enforcement Function (PCEF) entity, for executing security control, comprising:
- a receiving module configured to receive security control policy information from a Policy Control and Charging Rules Function (PCRF) entity; and
  
  an executing module configured to execute user security control according to the security control policy information.
- View Dependent Claims (16, 17)
- - 16. The PCEF entity of claim 15, wherein the executing module comprises an access control unit, and/or a firewall unit, wherein:
    - the access control unit is configured to execute access control for the user service data flow according to Access Control List (ACL) information;
      
      the firewall unit is configured to select a firewall of the corresponding mode for the user service data flow according to the firewall mode information, and executes the firewall function.
  - 17. The PCEF entity of claim 15, wherein the receiving module is further configured to receive the security control policy information sent by the PCRF entity through a Credit Control Request (CCR) message or a Re-Authentication Request (RAR) message.

18. A Policy Control and Charging Rules Function (PCRF) entity for executing security control, comprising:
- a sending module configured to send the security control policy information to a Policy Control and Charging Enforcement Function (PCEF) entity after making a judgment according to the policy condition information of the user and generating security control policy information.
- View Dependent Claims (19)
- - 19. The PCRF entity of claim 18, further comprising:
    - a first policy generating module, anda first obtaining module; and
      
      /ora second policy generating module, anda second obtaining module, wherein;
      
      the first obtaining module is configured to obtain policy condition information from one or any combination of;
      
      a PCEF entity, a Network Management System (NMS), and a device management system, wherein the policy condition information is one or any combination of;
      
      software version of a User Equipment (UE) version of the operating system, patches of the operating system, information about whether antivirus software is installed and version of the antivirus software;
      
      the first policy generating module is configured to make a judgment according to the policy condition information, and generate Access Control List (ACL) information of security control policy information;
      
      the second obtaining module is configured to obtain the policy condition information which is one or any combination of;
      
      subscription profile, user access network type, and roaming state of the user;
      
      the second policy generating module is configured to make a judgment according to the policy condition information of the user and generate firewall mode information of security control policy information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
CHEN, Feng, HOU, Zhipeng, DI, Jinwen, HUANG, Shibi, TAN, Shiyong

Application Number

US12/543,971
Publication Number

US 20090307746A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04W 12/088   using filters or firewalls

METHOD, SYSTEM AND DEVICE FOR IMPLEMENTING SECURITY CONTROL

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

250 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD, SYSTEM AND DEVICE FOR IMPLEMENTING SECURITY CONTROL

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

250 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links