US 11,722,532 B2
Security for cellular internet of things in mobile networks based on subscriber identity and application identifier
Sachin Verma, Danville, CA (US); Leonid Burakovsky, Pleasanton, CA (US); Jesse C. Shu, Palo Alto, CA (US); and Lei Chang, San Jose, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on Mar. 8, 2022, as Appl. No. 17/689,811.
Application 17/689,811 is a continuation of application No. 16/900,958, filed on Jun. 14, 2020, granted, now 11,323,486.
Application 16/900,958 is a continuation of application No. 16/020,056, filed on Jun. 27, 2018, granted, now 10,812,532, issued on Oct. 20, 2020.
Application 16/020,056 is a continuation in part of application No. 15/624,437, filed on Jun. 15, 2017, granted, now 10,721,272, issued on Jul. 21, 2020.
Application 15/624,437 is a continuation in part of application No. 15/624,440, filed on Jun. 15, 2017, granted, now 10,708,306, issued on Jul. 7, 2020.
Prior Publication US 2022/0201046 A1, Jun. 23, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); H04W 12/122 (2021.01); H04W 8/22 (2009.01); H04W 8/18 (2009.01); H04L 67/12 (2022.01); H04W 12/088 (2021.01)
CPC H04L 63/205 (2013.01) [H04L 63/0227 (2013.01); H04L 63/0272 (2013.01); H04W 12/122 (2021.01); H04L 63/0876 (2013.01); H04L 67/12 (2013.01); H04W 8/18 (2013.01); H04W 8/22 (2013.01); H04W 12/088 (2021.01)] 20 Claims
OG exemplary drawing
 
1. A system, comprising:
a hardware processor configured to:
monitor network traffic on a service provider network at a security platform to identify a subscriber identity for a new session, wherein the new session is associated with a Cellular Internet of Things (CIoT) device, comprising:
extract a unique device identifier or a unique subscriber identifier from a message to associate with the subscriber identity, wherein the message is a create Packet Data Protocol (PDP) request message or a create session request message to create the new session, wherein the unique device identifier includes an International Mobile Equipment Identifier (IMEI), and wherein the unique subscriber identifier includes an International Mobile Subscriber Identity (IMSI);
determine an application identifier for user traffic associated with the new session at the security platform, comprising:
monitor, via deep packet inspection, tunneled user traffic to obtain the application identifier;
associate the application identifier with the unique device identifier or the unique subscriber identifier; and
apply a security policy at the security platform to the new session based on the application identifier and the associated unique device identifier or the unique subscriber identifier, wherein the security policy includes one or more security rules for threat detection, threat prevention, Uniform Resource Location (URL) filtering, Denial of Service (DoS) detection, and/or Denial of Service (DoS) prevention; and
a memory coupled to the hardware processor and configured to provide the hardware processor with instructions.