Mobile user identity and/or SIM-based IoT identity and application identity based security enforcement in service provider networks
First Claim
1. A system, comprising:
- a processor; and
a memory coupled with the processor, wherein the memory is configured to provide the processor with instructions which when executed cause the processor to;
monitor, in real-time, network traffic on a service provider network at a security platform to identify a subscriber identity for a new session, comprising to;
identify, within the network traffic, a create session request message or a create PDP context request message to create the new session;
identify, within the network traffic, a Radio Access Technology (RAT) type;
extract the subscriber identity from the create session request message or the create PDP context request message, the subscriber identity including International Mobile Subscriber Identity (IMSI); and
extract location from the create session request message or the create PDP context request message, the location including three or more of the following;
CGI (Cell Global Identifier), SAI (Service Area Identifier), RAI (Routing Area Identifier), TAI (Tracking Area Identifier), ECGI (E-UTRAN Cell Global Identifier), and LAC (Location Area Identifier);
determine an application identifier for user traffic associated with the new session at the security platform, comprising to;
monitor, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the application identifier relates to web browsing using Hypertext Transfer Protocol (HTTP), a Domain Name System (DNS) request, a file transfer using File Transfer Protocol (FTP), Telnet, Dynamic Host Configuration Protocol (DHCP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Trivial File Transfer Protocol (TFTP), or any combination thereof, and wherein the tunneled user traffic includes GPRS Tunneling Protocol User Plane (GTP-U) traffic;
determine a security policy to apply at the security platform to the new session based on the subscriber identity, the RAT type, the location, and the application identifier, wherein the security policy includes allowing or passing the new session, blocking or dropping the new session, or restricting access of the new session; and
perform threat detection and threat prevention based on the subscriber identity, the RAT type, and the application identifier.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for mobile user identity and/or SIM-based IoT identity and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for mobile user identity and/or SIM-based IOT identity and application identity based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier.
77 Citations
28 Claims
-
1. A system, comprising:
-
a processor; and a memory coupled with the processor, wherein the memory is configured to provide the processor with instructions which when executed cause the processor to; monitor, in real-time, network traffic on a service provider network at a security platform to identify a subscriber identity for a new session, comprising to; identify, within the network traffic, a create session request message or a create PDP context request message to create the new session; identify, within the network traffic, a Radio Access Technology (RAT) type; extract the subscriber identity from the create session request message or the create PDP context request message, the subscriber identity including International Mobile Subscriber Identity (IMSI); and extract location from the create session request message or the create PDP context request message, the location including three or more of the following;
CGI (Cell Global Identifier), SAI (Service Area Identifier), RAI (Routing Area Identifier), TAI (Tracking Area Identifier), ECGI (E-UTRAN Cell Global Identifier), and LAC (Location Area Identifier);determine an application identifier for user traffic associated with the new session at the security platform, comprising to; monitor, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the application identifier relates to web browsing using Hypertext Transfer Protocol (HTTP), a Domain Name System (DNS) request, a file transfer using File Transfer Protocol (FTP), Telnet, Dynamic Host Configuration Protocol (DHCP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Trivial File Transfer Protocol (TFTP), or any combination thereof, and wherein the tunneled user traffic includes GPRS Tunneling Protocol User Plane (GTP-U) traffic; determine a security policy to apply at the security platform to the new session based on the subscriber identity, the RAT type, the location, and the application identifier, wherein the security policy includes allowing or passing the new session, blocking or dropping the new session, or restricting access of the new session; and perform threat detection and threat prevention based on the subscriber identity, the RAT type, and the application identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method, comprising:
-
monitoring, in real-time, network traffic on a service provider network at a security platform to identify a subscriber identity for a new session, comprising; identifying, within the network traffic, a create session request message or a create PDP context request message to create the new session; identifying, within the network traffic, a Radio Access Technology (RAT) type; extracting the subscriber identity from the create session request message or the create PDP context request message, the subscriber identity including International Mobile Subscriber Identity (IMSI); and extracting location from the create session request message or the create PDP context request message, the location including three or more of the following;
CGI (Cell Global Identifier), SAI (Service Area Identifier), RAI (Routing Area Identifier), TAI (Tracking Area Identifier), ECGI (E-UTRAN Cell Global Identifier), and LAC (Location Area Identifier);determining an application identifier for user traffic associated with the new session at the security platform, comprising; monitoring, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the application identifier relates to web browsing using HyperText Transfer Protocol (HTTP), a Domain Name System (DNS) request, a file transfer using File Transfer Protocol (FTP), Telnet, Dynamic Host Configuration Protocol (DHCP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Trivial File Transfer Protocol (TFTP), or any combination thereof, and wherein the tunneled user traffic includes GPRS Tunneling Protocol User Plane (GTP-U) traffic; determining a security policy to apply at the security platform to the new session based on the subscriber identity, the RAT type, the location, and the application identifier, wherein the security policy includes allowing or passing the new session, blocking or dropping the new session, or restricting access of the new session; and performing threat detection and threat prevention based on the subscriber identity, the RAT type, and the application identifier. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer program product, the computer program product being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for:
-
monitoring, in real-time, network traffic on a service provider network at a security platform to identify a subscriber identity for a new session, comprising; identifying, within the network traffic, a create session request message or a create PDP context request message to create the new session; identifying, within the network traffic, a Radio Access Technology (RAT) type; extracting the subscriber identity from the create session request message or the create PDP context request message, the subscriber identity including International Mobile Subscriber Identity (IMSI); and extracting location from the create session request message or the create PDP context request message, the location including three or more of the following;
CGI (Cell Global Identifier), SAI (Service Area Identifier), RAI (Routing Area Identifier), TAI (Tracking Area Identifier), ECGI (E-UTRAN Cell Global Identifier), and LAC (Location Area Identifier);determining an application identifier for user traffic associated with the new session at the security platform, comprising; monitoring, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the application identifier relates to web browsing using HyperText Transfer Protocol (HTTP), a Domain Name System (DNS) request, a file transfer using File Transfer Protocol (FTP), Telnet, Dynamic Host Configuration Protocol (DHCP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Trivial File Transfer Protocol (TFTP), or any combination thereof, and wherein the tunneled user traffic includes GPRS Tunneling Protocol User Plane (GTP-U) traffic; determining a security policy to apply at the security platform to the new session based on the subscriber identity, the RAT type, the location, and the application identifier, wherein the security policy includes allowing or passing the new session, blocking or dropping the new session, or restricting access of the new session; and performing threat detection and threat prevention based on the subscriber identity, the RAT type, and the application identifier. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
-
Specification