MOBILE USER IDENTITY AND/OR SIM-BASED IOT IDENTITY AND APPLICATION IDENTITY BASED SECURITY ENFORCEMENT IN SERVICE PROVIDER NETWORKS

US 20180367571A1
Filed: 06/15/2017
Published: 12/20/2018
Est. Priority Date: 06/15/2017
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a processor configured to;

monitor network traffic on a service provider network at a security platform to identify a subscriber identity for a new session;

determine an application identifier for user traffic associated with the new session at the security platform; and

determine a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier; and

a memory coupled to the processor and configured to provide the processor with instructions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for mobile user identity and/or SIM-based IoT identity and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for mobile user identity and/or SIM-based IOT identity and application identity based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier.

Citations

20 Claims

1. A system, comprising:
- a processor configured to;
  
  monitor network traffic on a service provider network at a security platform to identify a subscriber identity for a new session;
  
  determine an application identifier for user traffic associated with the new session at the security platform; and
  
  determine a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier; and
  
  a memory coupled to the processor and configured to provide the processor with instructions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system recited in claim 1, wherein the security platform is configured with a plurality of security policies based on the subscriber identity and the application identifier.
  - 3. The system recited in claim 1, wherein the security platform is configured to perform security policy enforcement based on the subscriber identity and the application identifier.
  - 4. The system recited in claim 1, wherein the security platform is configured to perform threat detection based on the subscriber identity and the application identifier.
  - 5. The system recited in claim 1, wherein the security platform is configured to perform threat prevention based on the subscriber identity and the application identifier.
  - 6. The system recited in claim 1, wherein the security platform is configured to perform Uniform Resource Link (URL) filtering based on the subscriber identity and the application identifier.
  - 7. The system recited in claim 1, wherein the security platform is configured with a plurality of security policies based on the subscriber identity and the application identifier, and wherein the subscriber identity includes an International Mobile Subscriber Identity (IMSI).
  - 8. The system recited in claim 1, wherein the security platform monitors wireless interfaces including a plurality of interfaces for a control protocol and user data traffic in a mobile core network for a 3G and/or 4G network.
  - 9. The system recited in claim 1, wherein the security platform monitors wireless interfaces including a plurality of interfaces for a GPRS Tunneling Protocol (GTP) in a mobile core network for a 3G and/or 4G network.
  - 10. The system recited in claim 1, wherein the processor is further configured to:
    - block the new session from accessing a resource based on the security policy.

11. A method, comprising:
- monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session;
  
  determining an application identifier for user traffic associated with the new session at the security platform; and
  
  determining a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein the security platform is configured with a plurality of security policies based on the subscriber identity and the application identifier.
  - 13. The method of claim 11, wherein the security platform is configured to perform security policy enforcement based on the subscriber identity and the application identifier.
  - 14. The method of claim 11, wherein the security platform is configured to perform threat detection and/or threat prevention based on the subscriber identity and the application identifier.
  - 15. The method of claim 11, wherein the security platform is configured to perform Uniform Resource Link (URL) filtering based on the subscriber identity and the application identifier.

16. A computer program product, the computer program product being embodied in a tangible computer readable storage medium and comprising computer instructions for:
- monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session;
  
  determining an application identifier for user traffic associated with the new session at the security platform; and
  
  determining a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product recited in claim 16, wherein the security platform is configured with a plurality of security policies based on the subscriber identity and the application identifier.
  - 18. The computer program product recited in claim 16, wherein the security platform is configured to perform security policy enforcement based on the subscriber identity and the application identifier.
  - 19. The computer program product recited in claim 16, wherein the security platform is configured to perform threat detection and/or threat prevention based on the subscriber identity and the application identifier.
  - 20. The computer program product recited in claim 16, wherein the security platform is configured to perform Uniform Resource Link (URL) filtering based on the subscriber identity and the application identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palo Alto Networks Incorporated
Original Assignee
Palo Alto Networks Incorporated
Inventors
Verma, Sachin, Burakovsky, Leonid, Shu, Jesse C., Chang, Lei

Granted Patent

US 10,708,306 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/0263   Rule management

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04W 12/48   using secure binding, e.g. ...

MOBILE USER IDENTITY AND/OR SIM-BASED IOT IDENTITY AND APPLICATION IDENTITY BASED SECURITY ENFORCEMENT IN SERVICE PROVIDER NETWORKS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MOBILE USER IDENTITY AND/OR SIM-BASED IOT IDENTITY AND APPLICATION IDENTITY BASED SECURITY ENFORCEMENT IN SERVICE PROVIDER NETWORKS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links