Mobile equipment identity and/or IOT equipment identity and application identity based security enforcement in service provider networks

US 10,721,272 B2
Filed: 06/15/2017
Issued: 07/21/2020
Est. Priority Date: 06/15/2017
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a hardware processor configured to;

monitor network traffic on a service provider network at a security platform to identify a device identifier for a new session, comprising to;

identify, within the network traffic, a create Packet Data Protocol (PDP) request message or a create session request message to create the new session; and

extract the device identifier from the create PDP request message or the create session request message, wherein the device identifier is a mobile device identifier, and wherein the mobile device identifier includes an Internet of Things (IoT) equipment identity that includes extracted International Mobil Equipment Identity (IMEI) Software Version (IMEISV) information;

determine an application identifier for user traffic associated with the new session at the security platform, comprising to;

monitor, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the tunneled user traffic includes General Packet Radio Service (GPRS) Tunneling Protocol User Plane (GTP-U) traffic; and

determine a security policy to apply at the security platform to the new session based on the device identifier and the application identifier; and

a memory coupled to the hardware processor and configured to provide the hardware processor with instructions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for mobile equipment identity and/or IoT equipment identity and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for mobile equipment identity and/or IoT equipment identity and application identity based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a device identifier for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the device identifier and the application identifier.

3 Citations

20 Claims

1. A system, comprising:
- a hardware processor configured to;
  
  monitor network traffic on a service provider network at a security platform to identify a device identifier for a new session, comprising to;
  
  identify, within the network traffic, a create Packet Data Protocol (PDP) request message or a create session request message to create the new session; and
  
  extract the device identifier from the create PDP request message or the create session request message, wherein the device identifier is a mobile device identifier, and wherein the mobile device identifier includes an Internet of Things (IoT) equipment identity that includes extracted International Mobil Equipment Identity (IMEI) Software Version (IMEISV) information;
  
  determine an application identifier for user traffic associated with the new session at the security platform, comprising to;
  
  monitor, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the tunneled user traffic includes General Packet Radio Service (GPRS) Tunneling Protocol User Plane (GTP-U) traffic; and
  
  determine a security policy to apply at the security platform to the new session based on the device identifier and the application identifier; and
  
  a memory coupled to the hardware processor and configured to provide the hardware processor with instructions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system recited in claim 1, wherein the security platform is configured with a plurality of security policies based on the device identifier and the application identifier.
  - 3. The system recited in claim 1, wherein the hardware processor is further configured to:
    - perform security policy enforcement based on the device identifier and the application identifier.
  - 4. The system recited in claim 1, wherein the hardware processor is further configured to:
    - perform threat detection based on the device identifier and the application identifier.
  - 5. The system recited in claim 1, wherein the hardware processor is further configured to:
    - perform threat prevention based on the device identifier and the application identifier.
  - 6. The system recited in claim 1, wherein the hardware processor is further configured to:
    - perform Uniform Resource Link (URL) filtering based on the device identifier and the application identifier.
  - 7. The system recited in claim 1, wherein the hardware processor is further configured to:
    - implement a plurality of security policies based on the device identifier and the application identifier, wherein the device identifier includes an International Mobile Equipment Identifier (IMEI).
  - 8. The system recited in claim 1, wherein the hardware processor is further configured to:
    - monitors wireless interfaces including a plurality of interfaces for a control protocol and user data traffic in a mobile core network for a 3G and/or 4G network.
  - 9. The system recited in claim 1, wherein the hardware processor is further configured to:
    - monitors wireless interfaces including a plurality of interfaces for a GPRS Tunneling Protocol (GTP) in a mobile core network for a 3G and/or 4G network.
  - 10. The system recited in claim 1, wherein the hardware processor is further configured to:
    - block the new session from accessing a resource based on the security policy.

11. A method, comprising:
- monitoring network traffic on a service provider network at a security platform to identify a device identifier for a new session, comprising to;
  
  identifying, within the network traffic, a create Packet Data Protocol (PDP) request message or a create session request message to create the new session; and
  
  extracting the device identifier from the create PDP request message or the create session request message, wherein the device identifier is a mobile device identifier, and wherein the mobile device identifier includes an Internet of Things (IoT) equipment identity that includes extracted International Mobile Equipment Identity (IMEI) Software Version (IMEISV) information;
  
  determining an application identifier for user traffic associated with the new session at the security platform, comprising to;
  
  monitoring, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the tunneled user traffic includes General Packet Radio Service (GPRS) Tunneling Protocol User Plane (GTP-U) traffic; and
  
  determining a security policy to apply at the security platform to the new session based on the device identifier and the application identifier.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, further comprising:
    - implementing a plurality of security policies based on the device identifier and the application identifier.
  - 13. The method of claim 11, further comprising:
    - performing security policy enforcement based on the device identifier and the application identifier.
  - 14. The method of claim 11, further comprising:
    - performing threat detection and/or threat prevention based on the device identifier and the application identifier.
  - 15. The method of claim 11, further comprising:
    - performing Uniform Resource Link (URL) filtering based on the device identifier and the application identifier.

16. A compute program product, the computer program product being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for:
- monitoring network traffic on a service provider network at a security platform to identify a device identifier for a new session, comprising to;
  
  identifying, within the network traffic, a create Packet Data Protocol (PDP) request message or a create session request message to create the new session; and
  
  extracting the device identifier from the create PDP request message or the create session request message, wherein the device identifier is a mobile device identifier, and wherein the mobile device identifier includes an Internet of Things (IoT) equipment identity that includes extracted Intentional Mobile Equipment Identity (IMEI) Software Version (IMEISV) information;
  
  determining an application identifier for user traffic associated with the new session at the security platform, comprising to;
  
  monitoring, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the tunneled user traffic includes General Packet Radio Service (GPRS) Tunneling Protocol User Plane (GTP-U) traffic; and
  
  determining a security policy to apply at the security platform to the new session based on the device identifier and the application identifier.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product recited in claim 16, further comprising computer instructions for:
    - implementing a plurality of security policies based on the device identifier and the application identifier.
  - 18. The computer program product recited in claim 16, further comprising computer instructions for:
    - performing security policy enforcement based on the device identifier and the application identifier.
  - 19. The computer program product recited in claim 16, further comprising computer instructions for:
    - performing threat detection and/or threat prevention based on the device identifier and the application identifier.
  - 20. The computer program product recited in claim 16, further comprising computer instructions for:
    - performing Uniform Resource Link (URL) filtering based on the device identifier and the application identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palo Alto Networks Incorporated
Original Assignee
Palo Alto Networks Incorporated
Inventors
Verma, Sachin, Burakovsky, Leonid, Shu, Jesse C., Li, Chang
Primary Examiner(s)
Wright, Bryan F

Application Number

US15/624,437
Publication Number

US 20180367570A1
Time in Patent Office

1,132 Days
Field of Search

726 1
US Class Current
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/0263   Rule management

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0876   based on the identity of th...

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

H04L 67/12   specially adapted for propr...

H04W 12/06   Authentication

H04W 12/088   using filters or firewalls

H04W 12/48   using secure binding, e.g. ...

H04W 84/042   Public Land Mobile systems,...

Mobile equipment identity and/or IOT equipment identity and application identity based security enforcement in service provider networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

3 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile equipment identity and/or IOT equipment identity and application identity based security enforcement in service provider networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

3 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links