Dynamic threat protection in mobile networks

US 8,726,338 B2
Filed: 03/29/2012
Issued: 05/13/2014
Est. Priority Date: 02/02/2012
Status: Active Grant

First Claim

Patent Images

1. A network system comprising:

a mobile network that couples to a public network;

a plurality of mobile devices that access the mobile network;

at least one network security device positioned upstream from the mobile devices at the edge of the mobile network and between the mobile network and the public network; and

a management system that includes;

a network server comprising a shared database; and

a mobile device manager (MDM) device that manages the plurality of mobile devices,wherein the MDM device includes;

at least one interface that receives a report message from one of the plurality of mobile devices, wherein the report message specifies a threat to the mobile network originating from the public network; and

a control unit that publishes the threat to the shared database; and

a network management system (NMS) that manages the at least one network security device,wherein the NMS includes;

at least one interface that receives data from the shared database of the network server identifying the threat to the mobile network originating from the public network; and

a control unit that generates a security policy that specifies one or more actions to address the threat specified by the received data and installs the security policy in the at least one network security device so that the network security device performs the actions of the security policy to address the threat specified in the received message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, techniques are described for dynamic threat protection in mobile networks. A network system comprising a network security device and a management system may implement the techniques. The management system includes a network server having a shared database. A mobile device manager (MDM) of the management system receives a report message from a mobile device, specifying a threat to a mobile network. The MDM publishes the threat to the shared database. A network management system (NMS) of the management system receives data from the shared database identifying the threat and generates a security policy that specifies actions to address the threat. The NMS then installs the security policy in the network security device so that the network security device performs the actions of the security policy to address the threat.

166 Citations

26 Claims

1. A network system comprising:
- a mobile network that couples to a public network;
  
  a plurality of mobile devices that access the mobile network;
  
  at least one network security device positioned upstream from the mobile devices at the edge of the mobile network and between the mobile network and the public network; and
  
  a management system that includes;
  
  a network server comprising a shared database; and
  
  a mobile device manager (MDM) device that manages the plurality of mobile devices,wherein the MDM device includes;
  
  at least one interface that receives a report message from one of the plurality of mobile devices, wherein the report message specifies a threat to the mobile network originating from the public network; and
  
  a control unit that publishes the threat to the shared database; and
  
  a network management system (NMS) that manages the at least one network security device,wherein the NMS includes;
  
  at least one interface that receives data from the shared database of the network server identifying the threat to the mobile network originating from the public network; and
  
  a control unit that generates a security policy that specifies one or more actions to address the threat specified by the received data and installs the security policy in the at least one network security device so that the network security device performs the actions of the security policy to address the threat specified in the received message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The network system of claim 1,wherein the network server comprises an interface for metadata access points (IF-MAP) server that provides access to the shared database in accordance with an IF-MAP standard,wherein the control unit of the MDM device publishes the threat to the shared database in accordance with the IF-MAP standard, andwherein the at least one interface of the NMS receives the data from the shared database in accordance with the IF-MAP standard.
  - 3. The network system of claim 1,wherein the MDM device is one of a plurality of MDM devices,wherein the plurality of MDM devices each receive report messages that specify threats to the mobile network originating from the public network from mobile devices managed by each of the plurality of MDM devices and publish the threats to the shared database,wherein the NMS is one of a plurality of NMS devices,wherein each of the plurality of NMS devices manages at least one network security device;
    - wherein each of the plurality of NMS devices receives data from the shared database of the network server identifying the threats to the mobile network originating from the public network, generate security policies that specify one or more actions to address the threats specified by the received data and installs the security policies in the respective ones of the network security devices so that the network security devices perform the actions of the security policy to address the threat specified in the received message.
  - 4. The network system of claim 1,wherein the report message specifies the threat to the mobile network in terms of a ranking that indicates a severity of the threat to the mobile network,wherein the control unit of the MDM device publishes the ranking to the shared database,wherein the data received from the shared database by the at least one interface of the NMS includes the ranking, andwherein the control unit of the NMS further determines the one or more actions specified in the security policy based on the ranking.
  - 5. The network system of claim 1, wherein the one or more actions comprise redirecting a session identified as involved in the threat to a captive portal hosted by the mobile network to offer one or more services to one of the plurality of mobile devices participating in the session.
  - 6. The network system of claim 5,wherein redirecting the session identified as involved in the threat to the captive portal comprises redirecting the session identified as involved in the threat to the captive portal to offer a security service to the one of the plurality of mobile device participating in the session, andwherein the security service includes a reporting agent that generates report messages similar to the report message specifying the threat to the mobile network.
  - 7. The network system of claim 1, wherein the one or more actions comprise one or more of reset a connection identified as being involved in the threat and dropping a packet identified as being involved in the threat.
  - 8. The network system of claim 1, further comprising a server that stores service subscription data,wherein the at least one interface of the NMS receives a request from the at least one network security device for services to which one of the plurality of mobile devices subscribes, wherein the request specifies an address assigned to the one of the plurality of mobile devices,wherein the control unit of the NMS accesses the server that stores the service subscription data using the address assigned to the one of the plurality of mobile devices to determine services to which the one of the plurality of mobile devices subscribes, andwherein the at least one interface of the NMS transmits the determined services to which the one of the plurality of mobile devices subscribes to the at least one network security device so that the at least one network security device is able to determine whether to redirect a session to which the one of the plurality of mobile devices is participating to a captive portal that offers a security service,wherein the security service includes a reporting agent that generates report messages similar to the report message specifying the threat to the mobile network.

9. A method comprising:
- receiving, with a mobile device manager (MDM) of a management system that manages a plurality of mobile devices that access a mobile network, a report message from one of the plurality of mobile devices, wherein the report message specifies a threat to the mobile network originating from a public network to which the mobile network connects; and
  
  publishing, with the MDM, the threat to a shared database in accordance with an interface for metadata access points (IF-MAP) standard such that a network management system (NMS) of the management system that manages at least one network security device of the mobile network is able to generate a security policy that specifies one or more actions to address the threat specified in the report message and install the security policy in the at least one network security device so that the network security device performs the actions of the security policy to address the threat specified in the report message.
- View Dependent Claims (10)
- - 10. The method of claim 9,wherein the report message specifies the threat to the mobile network in terms of a ranking that indicates a severity of the threat to the mobile network, andwherein the method further comprises publishing the ranking in addition to the threat to the shared database.

11. A mobile device manager (MDM) device of a management system that manages a plurality of mobile devices that access a mobile network, the MDM device comprising:
- at least one interface that receives a report message from one of the plurality of mobile devices, wherein the report message specifies a threat to the mobile network originating from a public network to which the mobile network connects; and
  
  at least one control unit that publishes the threat to a shared database in accordance with an interface for metadata access points (IF-MAP) standard such that a network management system (NMS) of the management system that manages at least one network security device of the mobile network is able to generate a security policy that specifies one or more actions to address the threat specified in the report message and install the security policy in the at least one network security device so that the network security device performs the actions of the security policy to address the threat specified in the report, the at least one network security device positioned upstream from the mobile devices at the edge of the mobile network and between the mobile network and the public network.
- View Dependent Claims (12)
- - 12. The MDM device of claim 11,wherein the report message specifies the threat to the mobile network in terms of a ranking that indicates a severity of the threat to the mobile network, andwherein the control unit publishes the ranking in addition to the threat to the shared database.

13. A non-transitory computer-readable medium comprising instructions that, when executed, cause one or more processors of a mobile device manager (MDM) device included within a management system to:
- receive a report message from one of a plurality of mobile devices managed by the MDM device, wherein the report message specifies a threat to a mobile network originating from a public network to which the mobile network connects; and
  
  publish the threat to a shared database in accordance with an interface for metadata access points (IF-MAP) standard such that a network management system (NMS) of the management system that manages at least one network security device of the mobile network is able to generate a security policy that specifies one or more actions to address the threat specified in the report message and install the security policy in the at least one network security device so that the network security device performs the actions of the security policy to address the threat specified in the report message, the at least one network security device positioned upstream from the mobile devices at the edge of the mobile network and between the mobile network and the public network.

14. A method comprising:
- receiving, with a network management system (NMS) of a management system that manages at least one network security device positioned upstream from a plurality of mobile devices that access a mobile network and between the mobile network and a public network, data from a shared database in accordance with an interface for metadata access points (IF-MAP) standard, wherein the data identifies a threat to the mobile network originating from the public network to which the mobile network connects, and wherein the shared database is shared by a mobile device manager (MDM) of the management system and the NMS;
  
  generating, with the NMS, a security policy that specifies one or more actions to address the threat specified by the received data; and
  
  installing, with the NMS, the security policy in the at least one network security device so that the network security device performs the actions of the security policy to address the threat specified in the received message.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14,wherein the received data specifies the threat to the mobile network in terms of a ranking that indicates a severity of the threat to the mobile network, andwherein the method further comprises determining the one or more actions specified in the security policy based on the ranking.
  - 16. The method of claim 14, wherein the one or more actions comprise redirecting a session identified as involved in the threat to a captive portal hosted by the mobile network to offer one or more services to one of the plurality of mobile devices participating in the session.
  - 17. The method of claim 16,wherein redirecting the session identified as involved in the threat to the captive portal comprises redirecting the session identified as involved in the threat to the captive portal to offer a security service to the one of the plurality of mobile device participating in the session, andwherein the security service includes a reporting agent that generates report messages similar to the report message specifying the threat to the mobile network.
  - 18. The method of claim 14, wherein the one or more actions comprise dropping a packet identified as being involved in the threat.
  - 19. The method of claim 14, further comprising:
    - receiving a request from the at least one network security device for services to which one of the plurality of mobile devices subscribes, wherein the request specifies an address assigned to the one of the plurality of mobile devices;
      
      accessing a server that stores service subscription data using the address assigned to the one of the plurality of mobile devices to determine the services to which the one of the plurality of mobile devices subscribes; and
      
      transmitting the determined services to which the one of the plurality of mobile devices subscribes to the at least one network security device so that the at least one network security device is able to determine whether to redirect a session to which the one of the plurality of mobile devices is participating to a captive portal that offers a security service,wherein the security service includes a reporting agent that generates report messages similar to the report message specifying the threat to the mobile network.

20. A network management system (NMS) of a management system that manages at least one network security device positioned between a mobile network and a public network, the NMS comprising:
- at least one interface that receives data from a shared database in accordance with an interface for metadata access points (IF-MAP) standard, wherein the data identifies a threat to the mobile network originating from the public network to which the mobile network connects, and wherein the shared database is shared by a mobile device manager (MDM) of the management system and the NMS; and
  
  a control unit that generates a security policy that specifies one or more actions to address the threat specified by the received data and installs the security policy in the at least one network security device so that the network security device performs the actions of the security policy to address the threat specified in the received message, the at least one network security device positioned upstream from the mobile devices at the edge of the mobile network and between the mobile network and the public network.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The NMS of claim 20,wherein the received data specifies the threat to the mobile network in terms of a ranking that indicates a severity of the threat to the mobile network, andwherein the method further comprises determining the one or more actions specified in the security policy based on the ranking.
  - 22. The NMS of claim 20, wherein the one or more actions comprise redirecting a session identified as involved in the threat to a captive portal hosted by the mobile network to offer one or more services to one of the plurality of mobile devices participating in the session.
  - 23. The NMS of claim 22,wherein redirecting the session identified as involved in the threat to the captive portal comprises redirecting the session identified as involved in the threat to the captive portal to offer a security service to the one of the plurality of mobile device participating in the session, andwherein the security service includes a reporting agent that generates report messages similar to the report message specifying the threat to the mobile network.
  - 24. The NMS of claim 20, wherein the one or more actions comprise dropping a packet identified as being involved in the threat.
  - 25. The NMS of claim 20,wherein the at least one interface further receives a request from the at least one network security device for services to which one of the plurality of mobile devices subscribes, wherein the request specifies an address assigned to the one of the plurality of mobile devices,wherein the control unit further accesses a server that stores service subscription data using the address assigned to the one of the plurality of mobile devices to determine the services to which the one of the plurality of mobile devices subscribes,wherein the at least one interface further transmits the determined services to which the one of the plurality of mobile devices subscribes to the at least one network security device so that the at least one network security device is able to determine whether to redirect a session to which the one of the plurality of mobile devices is participating to a captive portal that offers a security service, andwherein the security service includes a reporting agent that generates report messages similar to the report message specifying the threat to the mobile network.

26. A non-transitory computer-readable medium comprising instructions that, when executed, cause one or more processors of a network management system (NMS) to:
- receive data from a shared database in accordance with an interface for metadata access points (IF-MAP) standard, wherein the data identifies a threat to a mobile network originating from a public network to which the mobile network connects, and wherein the shared database is shared by a mobile device manager (MDM) and the NMS;
  
  generate a security policy that specifies one or more actions to address the threat specified by the received data; and
  
  install the security policy in at least one network security device positioned upstream from a plurality of mobile devices that access the mobile network and between the mobile network and the public network so that the network security device performs the actions of the security policy to address the threat specified in the received message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Narayanaswamy, Krishna, Iyer, Subramanian
Primary Examiner(s)
CHEN, SHIN HON

Application Number

US13/434,153
Publication Number

US 20130205361A1
Time in Patent Office

775 Days
Field of Search

None
US Class Current

726/1
CPC Class Codes

H04L 63/0263   Rule management

H04L 63/1408   by monitoring network traff...

H04L 63/20   for managing network securi...

H04W 12/128   Anti-malware arrangements, ...

Dynamic threat protection in mobile networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

166 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic threat protection in mobile networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

166 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links