Destination learning and mobility detection in transit network device in LTE and UMTS radio access networks
First Claim
1. A method of associating two unidirectional tunnels corresponding to a wireless device, using a transit network device placed in a wireless mobile network to intercept traffic, where said traffic is carried in encapsulated unidirectional tunnels, said method comprising:
- using said transit network device to monitor upstream traffic to a mobile core network and downstream traffic from said mobile core network;
identifying upstream messages in said upstream traffic which are from said mobile device;
identifying downstream messages in said downstream traffic which are destined for said mobile device; and
associating transport layer information and tunnel identity information in said identified upstream message with transport layer information and tunnel identity information in said identified downstream message, thereby associating two unidirectional tunnels.
4 Assignments
0 Petitions
Accused Products
Abstract
A method of learning and identifying two unidirectional GTP-U tunnels corresponding to a user equipment (UE) in a device placed in a LTE network, where the device acts as a transparent proxy intercepting user plane and control plane protocols on the S1 interface, is disclosed. Methods of pairing the two unidirectional tunnels that belong to same UE, when there is no control plane information or when there is Control Plane information, but the NAS portions of the S1 Control that contain bearer IP addresses are encrypted, are disclosed. Control plane and user plane methods for associating GTP-U tunnels and the corresponding bearer plane IP addresses are identified. Additionally, methods for detecting mobility of a UE, as it moves from the coverage area of one E-NodeB to another, are disclosed. Methods for constructing an eNodeB topology map are also disclosed.
137 Citations
11 Claims
-
1. A method of associating two unidirectional tunnels corresponding to a wireless device, using a transit network device placed in a wireless mobile network to intercept traffic, where said traffic is carried in encapsulated unidirectional tunnels, said method comprising:
-
using said transit network device to monitor upstream traffic to a mobile core network and downstream traffic from said mobile core network; identifying upstream messages in said upstream traffic which are from said mobile device; identifying downstream messages in said downstream traffic which are destined for said mobile device; and associating transport layer information and tunnel identity information in said identified upstream message with transport layer information and tunnel identity information in said identified downstream message, thereby associating two unidirectional tunnels. - View Dependent Claims (2)
-
-
3. A method of providing cached data and overcoming DOS and spoofing attacks occurring in a wireless mobile network, comprising:
-
associating a transport layer address (TLA) and tunnel endpoint identifier (TEID) for upstream messages from a user device with a TLA and TEID for downstream messages; storing said TLA and TEID association in a storage element; identifying a message from said user device; comparing a TLA in said message with said stored TLA and TEID information; and determining whether to transmitted said cached data to said user device based on said comparison. - View Dependent Claims (4, 5, 6, 7)
-
-
8. A method of associating two unidirectional tunnels corresponding to a wireless device, using a transit network device placed in a wireless mobile network to intercept traffic, where said traffic is carried in encapsulated unidirectional tunnels, in which NAS payloads are encrypted, said method comprising:
-
using said transit network device to monitor upstream traffic to a mobile core network and downstream traffic from said mobile core network; identifying an upstream message in said upstream traffic which is from said mobile device; identifying a downstream message in said downstream traffic which is in response to said upstream message, destined for said mobile device; associating a transport layer address (TLA) and tunnel endpoint identifier (TEID) in said identified upstream message with a TLA and TEID in said identified downstream message, thereby associating two unidirectional tunnels; and receiving a subsequent message from said mobile device containing said TLA, said TEID, and a bearer IP address, thereby associating an IP address for said mobile device with said two unidirectional tunnels.
-
-
9. A method of identifying mobility of a mobile device in a wireless mobile network, comprising:
-
using said transit network device to monitor upstream traffic to a mobile core network and downstream traffic from said mobile core network; associating a transport layer address (TLA) and tunnel endpoint identifier (TEID) in an identified upstream message with a TLA and TEID in an identified downstream message, thereby associating two unidirectional tunnels associated with said mobile device; associating a IP address for said mobile device with said two unidirectional tunnels; detecting two sets of network devices exchanging control plane information, said exchanging indicative of movement of said mobile device from a source eNodeB to a target eNodeB; and determining a new TLA and TEID to be used by said mobile device for upstream messages transmitted through said target eNodeB. - View Dependent Claims (10, 11)
-
Specification