Mobile equipment identity and/or IOT equipment identity and application identity based security enforcement in service provider networks
First Claim
1. A system, comprising:
- a hardware processor configured to;
monitor network traffic on a service provider network at a security platform to identify a device identifier for a new session, comprising to;
identify, within the network traffic, a create Packet Data Protocol (PDP) request message or a create session request message to create the new session; and
extract the device identifier from the create PDP request message or the create session request message, wherein the device identifier is a mobile device identifier, and wherein the mobile device identifier includes an Internet of Things (IoT) equipment identity that includes extracted International Mobil Equipment Identity (IMEI) Software Version (IMEISV) information;
determine an application identifier for user traffic associated with the new session at the security platform, comprising to;
monitor, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the tunneled user traffic includes General Packet Radio Service (GPRS) Tunneling Protocol User Plane (GTP-U) traffic; and
determine a security policy to apply at the security platform to the new session based on the device identifier and the application identifier; and
a memory coupled to the hardware processor and configured to provide the hardware processor with instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for mobile equipment identity and/or IoT equipment identity and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for mobile equipment identity and/or IoT equipment identity and application identity based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a device identifier for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the device identifier and the application identifier.
3 Citations
20 Claims
-
1. A system, comprising:
-
a hardware processor configured to; monitor network traffic on a service provider network at a security platform to identify a device identifier for a new session, comprising to; identify, within the network traffic, a create Packet Data Protocol (PDP) request message or a create session request message to create the new session; and extract the device identifier from the create PDP request message or the create session request message, wherein the device identifier is a mobile device identifier, and wherein the mobile device identifier includes an Internet of Things (IoT) equipment identity that includes extracted International Mobil Equipment Identity (IMEI) Software Version (IMEISV) information; determine an application identifier for user traffic associated with the new session at the security platform, comprising to; monitor, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the tunneled user traffic includes General Packet Radio Service (GPRS) Tunneling Protocol User Plane (GTP-U) traffic; and determine a security policy to apply at the security platform to the new session based on the device identifier and the application identifier; and a memory coupled to the hardware processor and configured to provide the hardware processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method, comprising:
-
monitoring network traffic on a service provider network at a security platform to identify a device identifier for a new session, comprising to; identifying, within the network traffic, a create Packet Data Protocol (PDP) request message or a create session request message to create the new session; and extracting the device identifier from the create PDP request message or the create session request message, wherein the device identifier is a mobile device identifier, and wherein the mobile device identifier includes an Internet of Things (IoT) equipment identity that includes extracted International Mobile Equipment Identity (IMEI) Software Version (IMEISV) information; determining an application identifier for user traffic associated with the new session at the security platform, comprising to; monitoring, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the tunneled user traffic includes General Packet Radio Service (GPRS) Tunneling Protocol User Plane (GTP-U) traffic; and determining a security policy to apply at the security platform to the new session based on the device identifier and the application identifier. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A compute program product, the computer program product being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for:
-
monitoring network traffic on a service provider network at a security platform to identify a device identifier for a new session, comprising to; identifying, within the network traffic, a create Packet Data Protocol (PDP) request message or a create session request message to create the new session; and extracting the device identifier from the create PDP request message or the create session request message, wherein the device identifier is a mobile device identifier, and wherein the mobile device identifier includes an Internet of Things (IoT) equipment identity that includes extracted Intentional Mobile Equipment Identity (IMEI) Software Version (IMEISV) information; determining an application identifier for user traffic associated with the new session at the security platform, comprising to; monitoring, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the tunneled user traffic includes General Packet Radio Service (GPRS) Tunneling Protocol User Plane (GTP-U) traffic; and determining a security policy to apply at the security platform to the new session based on the device identifier and the application identifier. - View Dependent Claims (17, 18, 19, 20)
-
Specification