Intercepting GPRS data

US 7,865,944 B1
Filed: 09/10/2004
Issued: 01/04/2011
Est. Priority Date: 09/10/2004
Status: Active Grant

First Claim

Patent Images

1. A method performed by a firewall for intercepting GPRS tunneling protocol (GTP) packets, the method comprising:

receiving, at a tunnel request engine of the firewall, a GTP tunnel request from a first GTP tunnel endpoint;

identifying, by the tunnel request engine, a user identifier associated with the GTP tunnel request;

identifying, by the tunnel request engine, a GTP tunnel over which GTP tunnel packets, that are to be intercepted, will travel based on the user identifier and a list of interception identifiers;

adding, by the tunnel request engine, a tunnel identifier for the GTP tunnel to a list of GTP tunnel identifiers recognized for interception;

forwarding, by the tunnel request engine, the GTP tunnel request to a second GTP tunnel endpoint;

after the adding the tunnel identifier to the list of GTP tunnel identifiers, receiving, at a tunnel packet engine of the firewall that is different than the tunnel request engine, GTP tunnel packets associated with the GTP tunnel, each of the GTP tunnel packets including tunnel identification information;

determining, by the tunnel packet engine, whether each of the GTP tunnel packets is to be intercepted based on a comparison of the tunnel identification information to the list of GTP tunnel identifiers, where the determining comprises comparing a user identifier in a header of one of the GTP tunnel packets with the list of interception identifiers, when the list of interception identifiers has been updated to include a new entry after the GTP tunnel over which the GTP tunnel packets that are to be intercepted has been created;

intercepting, by the tunnel packet engine, each of the GTP tunnel packets when there is a match between the tunnel identification information and the list of GTP tunnel identifiers;

intercepting, by the tunnel packet engine, the one of the GTP tunnel packets when there is a match between the user identifiers in the header of the one of the GTP tunnel packet and the list of interception identifiers; and

processing, by the tunnel packet engine, each of the intercepted GTP tunnel packets.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

GPRS Tunneling Protocol (“GTP”) packets are intercepted by receiving a GTP tunnel packet, determining whether the GTP tunnel packet is to be intercepted, intercepting GTP tunnel packets if it is determined that the GTP tunnel packet is to be intercepted, and processing the intercepted GTP tunnel packets. Multiple tunnels may be intercepted simultaneously and GTP tunnel packets from different tunnels may be processed differently. Implementations include both inline and offline interception of GTP traffic between SGSN and GGSN.

43 Citations

View as Search Results

30 Claims

1. A method performed by a firewall for intercepting GPRS tunneling protocol (GTP) packets, the method comprising:
- receiving, at a tunnel request engine of the firewall, a GTP tunnel request from a first GTP tunnel endpoint;
  
  identifying, by the tunnel request engine, a user identifier associated with the GTP tunnel request;
  
  identifying, by the tunnel request engine, a GTP tunnel over which GTP tunnel packets, that are to be intercepted, will travel based on the user identifier and a list of interception identifiers;
  
  adding, by the tunnel request engine, a tunnel identifier for the GTP tunnel to a list of GTP tunnel identifiers recognized for interception;
  
  forwarding, by the tunnel request engine, the GTP tunnel request to a second GTP tunnel endpoint;
  
  after the adding the tunnel identifier to the list of GTP tunnel identifiers, receiving, at a tunnel packet engine of the firewall that is different than the tunnel request engine, GTP tunnel packets associated with the GTP tunnel, each of the GTP tunnel packets including tunnel identification information;
  
  determining, by the tunnel packet engine, whether each of the GTP tunnel packets is to be intercepted based on a comparison of the tunnel identification information to the list of GTP tunnel identifiers, where the determining comprises comparing a user identifier in a header of one of the GTP tunnel packets with the list of interception identifiers, when the list of interception identifiers has been updated to include a new entry after the GTP tunnel over which the GTP tunnel packets that are to be intercepted has been created;
  
  intercepting, by the tunnel packet engine, each of the GTP tunnel packets when there is a match between the tunnel identification information and the list of GTP tunnel identifiers;
  
  intercepting, by the tunnel packet engine, the one of the GTP tunnel packets when there is a match between the user identifiers in the header of the one of the GTP tunnel packet and the list of interception identifiers; and
  
  processing, by the tunnel packet engine, each of the intercepted GTP tunnel packets.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, where receiving, at the tunnel request engine of the firewall, the GTP tunnel packets further comprises:
    - inline tapping GTP tunnel packets passing through a GPRS tunneling protocol portion of a packet switched communication network that receives the GTP tunnel packets.
  - 3. The method of claim 1, where receiving, at the tunnel request engine of the firewall, the GTP tunnel packets further comprises:
    - offline tapping GTP tunnel packets passing through a GPRS tunneling protocol portion of a packet switched communication network that receives the GTP tunnel packets.
  - 4. The method of claim 1, where determining, by the tunnel packet engine, whether each of the GTP tunnel packets is to be intercepted further comprises:
    - identifying a tunnel identifier associated with each of the GTP tunnel packets.
  - 5. The method of claim 1, where the user identifiers include a mobile subscriber identification number.
  - 6. The method of claim 1, further comprising:
    - intercepting, by the tunnel request engine, GTP tunnel packets from a plurality of GTP tunnels simultaneously.
  - 7. The method of claim 6, further comprising:
    - processing, by the tunnel request engine, intercepted GTP data packets differently for each of the plurality of GTP tunnels.
  - 8. The method of claim 1, where processing, by the tunnel packet engine, each of the intercepted GTP tunnel packets further comprises:
    - logging each of the GTP tunnel packets in a memory.
  - 9. The method of claim 1, where processing, by the tunnel packet engine, each of the intercepted GTP tunnel packets further comprises:
    - recording each of the GTP tunnel packets in a memory.
  - 10. The method of claim 1, where processing, by the tunnel request engine, each of the intercepted GTP tunnel packets further comprises:
    - transmitting each of the GTP tunnel packets to the second GTP tunnel endpoint.
  - 11. The method of claim 1, where processing, by the tunnel request engine, each of the intercepted GTP tunnel packets further comprises:
    - executing instructions in the list of interception identifiers to determine a manner of processing of each of the intercepted GTP tunnel packets.
  - 12. The method of claim 1, further comprising:
    - forwarding each of the GTP tunnel packets to a destination.
  - 13. The method of claim 1, where the user identifier includes one or more of an International Mobile Subscriber Identity number, a Mobile Station Integrated Services Digital Network number, an Internet Protocol (IP) address, a GTP tunnel endpoint identifier, a Routing Area Identity number, an Access Point Name, a Charging ID number, or a Charging Gateway Address, andwhere identifying the GTP tunnel further comprises:
    - comparing the user identifier to entries in the list of interception identifiers.
  - 14. The method of claim 1, where receiving, at the tunnel request engine of the firewall, the GTP tunnel request from the first GTP tunnel endpoint further comprises:
    - monitoring inline GTP packets.
  - 15. The method of claim 1, where receiving, at a tunnel request engine of the firewall, the GTP tunnel request from the first GTP tunnel endpoint further comprises:
    - offline tapping of GTP tunnel requests and GTP tunnel packets, where the GTP tunnel request is one of the GTP tunnel requests received based on the offline tapping.

16. A GPRS Tunneling Protocol (GTP) module, comprising:
- a tunnel request engine operable to process received GTP tunnel requests; and
  
  a tunnel packet engine operable to process received GTP tunnel packets associated with a GTP tunnel created based on one of the GTP tunnel requests,where the tunnel request engine includes a list of interception identifiers to determine if the GTP tunnel packets should be intercepted and generates a list of GTP tunnel identifiers recognized for interception based on the received GTP tunnel requests, andwhere the tunnel packet engine identifies GTP tunnel packets to intercept based on the list of GTP tunnel identifiers and, when the list of interception identifiers has been updated to include a new entry after the GTP tunnel over which the GTP tunnel packets that are to be intercepted has been created, compares a user identifier in a header of one of the GTP tunnel packets with the list of interception identifiers to identify the one of the GTP tunnel packets to intercept.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 17. The GTP module of claim 16, where the list of interception identifiers is updated in substantially real-time with respect to receipt, by the GTP module, of the received GTP tunnel requests.
  - 18. The GTP module of claim 16, where an entry in the list of interception identifiers includes one or more of an International Mobile Subscriber Identity number, a Mobile Station Integrated Services Digital Network number, an Internet Protocol (IP) address, a GTP tunnel endpoint identifier, a Routing Area Identity number, an Access Point Name, a Charging ID number, or a Charging Gateway Address.
  - 19. The GTP module of claim 16, where the tunnel packet engine is operable to intercept GTP tunnel packets based on the list of GTP tunnel identifiers received from the tunnel request engine.
  - 20. The GTP module of claim 16, where the tunnel packet engine is to further one or more oflog the GTP tunnel packets,record the GTP tunnel packets, orforward the GTP tunnel packets.
  - 21. The GTP module of claim 16, where the GTP module is positioned inline between a Gateway GPRS Support Node and a Serving GPRS Support Node.
  - 22. The GTP module of claim 16, where the GTP module is positioned offline.
  - 23. The GTP module of claim 16, further comprising:
    - a memory operable to store data from an intercepted GTP tunnel packet.
  - 24. The GTP module of claim 16, further comprising a tap coupling an offline GTP module to GTP tunnel requests and GTP tunnel packets.
  - 25. The GTP module of claim 16, where the tunnel packet engine is operable to process GTP tunnel packets from a plurality of GTP tunnels.

26. A method for intercepting GPRS tunneling protocol (GTP) packets, the method comprising:
- receiving, at a tunnel request engine of a firewall, a GTP tunnel request from a GTP tunnel endpoint;
  
  identifying, by the tunnel request engine, a user identifier associated with the GTP tunnel request;
  
  comparing, by the tunnel request engine, the user identifier with a list of interception identifiers;
  
  adding, by the tunnel request engine and when the user identifier matches an interception identifier in the list of interception identifiers, a tunnel identifier for a GTP tunnel, associated with the GTP tunnel request, to a list of GTP tunnel identifiers recognized for interception;
  
  receiving, at a tunnel packet engine, of the firewall, that is different than the tunnel request engine, GTP tunnel packets associated with the GTP tunnel, each of the GTP tunnel packets including tunnel identification information;
  
  intercepting, by the tunnel packet engine, the GTP tunnel packets when the tunnel identification information matches one of the GTP tunnel identifiers;
  
  allowing, by the tunnel packet engine, the GTP tunnel packets to pass through the firewall when the tunnel identification information does not match one of the GTP tunnel identifiers;
  
  determining, by the tunnel packet engine and after the allowing, that the list of interception identifiers has been updated to include a new interception identifier entry;
  
  intercepting, by the tunnel packet engine and after the determining, one of the GTP tunnel packets when a user identifier of the one of the GTP tunnel packets matches one of the interception identifier in the updated list of interception identifiers;
  
  associating the one of the GTP tunnel packets, that was intercepted, with a tunnel identifier; and
  
  intercepting, by the tunnel packet engine, a subsequent one of the GTP tunnel packets based on the tunnel identifier of the one of the GTP tunnel packets.
- View Dependent Claims (27, 28, 29, 30)
- - 27. The method of claim 26, further comprising:
    - intercepting, by the tunnel packet engine, GTP tunnel packets from a plurality of GTP tunnels simultaneously.
  - 28. The method of claim 26, further comprising:
    - processing, by the tunnel packet engine, each of the intercepted GTP tunnel packets.
  - 29. The method of claim 26, where receiving, at the tunnel request engine of the firewall, the GTP tunnel request from the GTP tunnel endpoint further comprises:
    - monitoring inline GTP packets.
  - 30. The method of claim 26, where receiving, at a tunnel request engine of the firewall, the GTP tunnel request from the GTP tunnel endpoint further comprises:
    - offline tapping of GTP tunnel requests and GTP tunnel packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Shu, Jesse C., Zhang, Chaohui
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Tabor; Amare

Application Number

US10/937,381
Time in Patent Office

2,307 Days
Field of Search

726/11, 726/13, 713/153, 713/201, 370/349, 370/392
US Class Current

726/11
CPC Class Codes

H04L 63/30   for supporting lawful inter...

H04W 12/80   Arrangements enabling lawfu...

H04W 76/22   Manipulation of transport t...

H04W 80/04   Network layer protocols, e....

Intercepting GPRS data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

43 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Intercepting GPRS data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links