Methods and systems for enhancing network security in a telecommunications signaling network

US 7,043,000 B2
Filed: 09/04/2002
Issued: 05/09/2006
Est. Priority Date: 09/04/2002
Status: Active Grant

First Claim

Patent Images

1. A method for screening subsystem management messages in a telecommunications network, the method comprising:

(a) receiving, at a network node, a subsystem management message originating from a location in a telecommunications network;

(b) comparing a predetermined parameter in the subsystem management message with stored routing information to determine whether the predetermined parameter in the subsystem management message is not associated with the originating location; and

(c) in response to determining that the parameter is not associated with the(d) originating location, performing a network security action for the subsystem management message.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for providing enhanced network security for network management messages and subsystem management messages are disclosed. A network security function receives a network or subsystem management message from a first location in a network. The network security function determines whether one or more predetermined parameters in the network management message are not associated with the originating location. In response to determining that are not associated with the originating location, a network security action, such as discarding the message and/or notifying a network operator, is performed.

54 Citations

View as Search Results

35 Claims

1. A method for screening subsystem management messages in a telecommunications network, the method comprising:
- (a) receiving, at a network node, a subsystem management message originating from a location in a telecommunications network;
  
  (b) comparing a predetermined parameter in the subsystem management message with stored routing information to determine whether the predetermined parameter in the subsystem management message is not associated with the originating location; and
  
  (c) in response to determining that the parameter is not associated with the(d) originating location, performing a network security action for the subsystem management message.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein receiving a subsystem management message includes receiving an SCCP subsystem management message.
  - 3. The method of claim 2 wherein receiving an SCCP subsystem management message includes receiving a subsystem prohibited message or subsystem out of service request.
  - 4. The method of claim 1 wherein performing a network security action includes discarding the message.
  - 5. The method of claim 1 wherein performing a network security action includes alerting a network operator that the subsystem management message failed security screening.
  - 6. The method of claim 1 wherein steps (a)–
    - (c) are performed at a signal transfer point.

7. A method for screening subsystem management messages in a communications network, the method comprising:
- (a) receiving, at a network node, a subsystem management message originating from a location in a network;
  
  (b) determining whether a predetermined parameter in the subsystem management message is not associated with the originating location, wherein determining whether the parameter in the subsystem management message is not associated with the originating location includes extracting an OPC from the subsystem management message and determining whether a route to the OPC exists on a linkset from which the subsystem management message was received; and
  
  (c) in response to determining that the parameter is not associated with the originating location, performing a network security action for the subsystem management message.
- View Dependent Claims (8)
- - 8. The method of claim 7 wherein performing a network security action includes performing a network security action in response to determining that a route to the OPC does not exist on the linkset from which the subsystem management message was received.

9. A method for screening subsystem management messages in a communications network, the method comprising:
- (a) receiving, at a network node, a subsystem management message originating from a location in a network;
  
  (b) determining whether a predetermined parameter in the subsystem management message is not associated with the originating location, wherein determining whether the parameter in the subsystem management message is not associated with the originating location includes extracting an affected point code parameter from the message and determining whether a route to the affected point code parameter exists on a linkset from which the subsystem management message was received; and
  
  (c) in response to determining that the parameter is not associated with the originating location, performing a network security action for the subsystem management message.
- View Dependent Claims (10)
- - 10. The method of claim 9 wherein performing a network security action includes performing a network security action in response to determining that a route to the affected point code parameter does not exist for the linkset on which the subsystem management message was received.

11. A routing node having a screening function for protecting a network against malicious network management messages, the routing node comprising:
- (a) a link interface module for receiving network management messages from originating locations in a telecommunications network; and
  
  (b) a network security function operatively associated with the link interface module for comparing one or more predetermined parameters in each network management message with stored routing information and determining, based on the comparison, whether the one or more predetermined parameters in each network management message are not associated with the originating location for the message, and, in response to determining that one or more of the parameters are not associated with the originating location, for performing a network security action.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The routing node of claim 11 wherein the link interface module comprises an SS7 link interface module for sending and receiving SS7 network management messages over SS7 signaling links.
  - 13. The routing node of claim 11 wherein the link interface module comprises an IP interface module for sending and receiving IP-encapsulated SS7 network management messages over IP-based signaling links.
  - 14. The routing node of claim 11 wherein the network security function is adapted to discard a network management message containing one of the predetermined parameters not associated with the originating location.
  - 15. The routing node of claim 11 wherein the network security function is adapted to notify a network operator of a network management message containing one of the predetermined parameters not associated with the originating location.

16. A routing node having a screening function for protecting a network against malicious network management messages, the routing node comprising:
- (a) a link interface module for receiving network management messages from originating locations in a network; and
  
  (b) a network security function operatively associated with the link interface module for determining whether one or more predetermined parameters in each network management message are not associated with the originating location for the message, and, in response to determining that one or more of the parameters are not associated with the originating location, for performing a network security action, wherein the network security function is adapted to examine an OPC parameter in each received network management message to determine whether the OPC is associated with a node adjacent to the routing node, and, in response to determining that the OPC parameter is not associated with an adjacent node, for performing the network security action.

17. A routing node having a screening function for protecting a network against malicious network management messages, the routing node comprising:
- (a) a link interface module for receiving network management messages from originating locations in a network; and
  
  (b) a network security function operatively associated with the link interface module for determining whether one or more predetermined parameters in each network management message are not associated with the originating location for the message, and, in response to determining that one or more of the parameters are not associated with the originating location, for performing a network security action, wherein the network security function is adapted to examine an OPC parameter in each received network management message to determine whether a route to the OPC exists on a signaling linkset from which the network management message was received, and, in response to determining that a route does not exist on the linkset, for performing the network security action.

18. A routing node having a screening function for protecting a network against malicious network management messages, the routing node comprising:
- (a) a link interface module for receiving network management messages from originating locations in a network; and
  
  (b) a network security function operatively associated with the link interface module for determining whether one or more predetermined parameters in each network management message are not associated with the originating location for the message, and, in response to determining that one or more of the parameters are not associated with the originating location, for performing a network security action, wherein the network security function is adapted to examine a destination parameter in each received network management message to determine whether a route to the destination parameter exists on a signaling linkset from which the network management message was received, and, in response to determining that a route does not exist on the linkset, for performing the network security action.

19. A routing node having a screening function for protecting a network against malicious subsystem management messages, the routing node comprising:
- (a) a link interface module for receiving subsystem management messages from originating locations in a telecommunications network; and
  
  (b) a network security function operatively associated with the link interface module for comparing one or more predetermined parameters in each network management message with stored routing information and determining, based on the comparison, whether the one or more predetermined parameters in each subsystem management message are not associated with the originating location for the message, and, in response to determining that one or more of the parameters are not associated with the originating location, for performing a network security action.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The routing node of claim 19 wherein the link interface module comprises an SS7 link interface module for sending and receiving SS7 subsystem management messages over SS7 signaling links.
  - 21. The routing node of claim 19 wherein the link interface module comprises an IP interface module for sending and receiving IP-encapsulated SS7 subsystem management messages over IP-based signaling links.
  - 22. The routing node of claim 19 wherein the network security function is adapted to discard each subsystem management message containing at least one of the predetermined parameters not associated with the originating location.
  - 23. The routing node of claim 19 wherein the network security function is adapted to notify a network operator of each subsystem management message containing at least one of the predetermined parameters not associated with the originating location.

24. A routing node having a screening function for protecting a network against malicious subsystem management messages, the routing node comprising:
- (a) a link interface module for receiving subsystem management messages from originating locations in a network; and
  
  (b) a network security function operatively associated with the link interface module for determining whether one or more predetermined parameters in each subsystem management message are not associated with the originating location for the message, and, in response to determining that one or more of the parameters are not associated with the originating location, for performing a network security action, wherein the network security function is adapted to examine an OPC parameter in each received subsystem management message to determine whether a route to the OPC exists on a signaling linkset from which the subsystem management message was received, and, in response to determining that a route does not exist on the linkset, for performing the network security action.

25. A routing node having a screening function for protecting a network against malicious subsystem management messages, the routing node comprising:
- (a) a link interface module for receiving subsystem management messages from originating locations in a network; and
  
  (b) a network security function operatively associated with the link interface module for determining whether one or more predetermined parameters in each subsystem management message are not associated with the originating location for the message, and, in response to determining that one or more of the parameters are not associated with the originating location, for performing a network security action, wherein the network security function is adapted to examine an affected point code parameter in each received subsystem management message to determine whether a route to the affected point code exists on a signaling linkset from which the subsystem management message was received, and, in response to determining that a route does not exist on the linkset, for performing the network security action.

26. A method for screening network management messages in a telecommunications network, the method comprising:
- (a) receiving, at a network node, a network management message originating from a location in a telecommunications network;
  
  (b) determining, based on a predetermined parameter in the network management message, whether a route that corresponds to the predetermined parameter matches a linkset over which the network management message was received; and
  
  (c) in response to determining that the route that corresponds to the predetermined parameter does not match the linkset over which the network management message was received, performing a network security action for the network management message.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 27. The method of claim 26 wherein receiving a network management message includes receiving an MTP3 network management message.
  - 28. The method of claim 27 wherein receiving an MTP3 network management message includes receiving a transfer prohibited message.
  - 29. The method of claim 26 wherein determining whether a route that corresponds to the predetermined parameter matches a linkset over which the network management message was received includes extracting an OPC from the network management message and determining whether a route to the OPC matches the linkset.
  - 30. The method of claim 29 wherein performing a network security action includes performing a network security action in response to determining that a route to the OPC does not match the linkset.
  - 31. The method of claim 26 wherein determining whether a route that corresponds to the predetermined parameter matches a linkset over which the network management message was received includes extracting a destination parameter from the message and determining whether a route to the destination parameter matches the linkset.
  - 32. The method of claim 31 wherein performing a network security action includes performing a network security action in response to determining that a route to the destination parameter does not match the linkset.
  - 33. The method of claim 26 wherein performing a network security action includes discarding the message.
  - 34. The method of claim 26 wherein performing a network security action includes alerting a network operator that the network management message failed security screening.
  - 35. The method of claim 26 wherein steps (a)–
    - (c) are performed at a signal transfer point.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tekelec Global, Inc. (Oracle Corporation)
Original Assignee
Tekelec
Inventors
Delaney, Robert J., Hildebrand, John L., Young, James A.
Primary Examiner(s)
Tieu, Benny
Assistant Examiner(s)
Le, Karen

Application Number

US10/234,924
Publication Number

US 20040042609A1
Time in Patent Office

1,343 Days
Field of Search

379/221.08, 379/221.11, 713/201.01, 713/200
US Class Current

379/221.08
CPC Class Codes

H04Q 3/0025 Provisions for signalling

Methods and systems for enhancing network security in a telecommunications signaling network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

54 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for enhancing network security in a telecommunications signaling network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links