US 12,355,819 B2
Mobile user identity and/or sim-based IoT identity and application identity based security enforcement in service provider networks
Sachin Verma, Danville, CA (US); Leonid Burakovsky, Pleasanton, CA (US); Jesse C. Shu, Palo Alto, CA (US); and Lei Chang, San Jose, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on Jan. 19, 2024, as Appl. No. 18/418,082.
Application 18/418,082 is a continuation of application No. 17/890,054, filed on Aug. 17, 2022, granted, now 11,916,967.
Application 17/890,054 is a continuation of application No. 16/875,860, filed on May 15, 2020, granted, now 11,457,044, issued on Sep. 27, 2022.
Application 16/875,860 is a continuation of application No. 15/624,440, filed on Jun. 15, 2017, granted, now 10,708,306, issued on Jul. 7, 2020.
Prior Publication US 2024/0163315 A1, May 16, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); H04W 12/48 (2021.01)
CPC H04L 63/20 (2013.01) [H04L 63/0236 (2013.01); H04L 63/0263 (2013.01); H04L 63/029 (2013.01); H04L 63/1408 (2013.01); H04L 63/1433 (2013.01); H04W 12/48 (2021.01)] 19 Claims
OG exemplary drawing
 
1. A system, comprising:
a processor configured to:
monitor network traffic on a service provider network at a security platform to identify a location, a radio access technology (RAT) type, a hardware identifier and an application identifier for a new session, comprising to:
extract the location from an Update PDP Request or an Update PDP Response in the monitored network traffic for the new session, wherein the location includes three or more of the following: CGI (Cell Global Identifier), SAI (Service Area Identifier), RAI (Routing Area Identifier), TAI (Tracking Area Identifier), ECGI (E-UTRAN Cell Global Identifier), and/or LAC (Location Area Identifier);
extract the RAT type from the Update PDP Request or the Update PDP Response in the monitored network traffic, wherein the RAT Type includes one or more of the following: UTRAN, GERAN, WLAN, GAN, HSPA Evolution, EUTRAN, WB-E-UTRAN, Virtual, and/or EUTRAN-NB-IoT;
extract the hardware identifier from the Update PDP Request or the Update PDP Response in the monitored network traffic, wherein the hardware identifier includes one or more of the following: Mobile Equipment Identity/IMEI, IoT Equipment identity, and/or IMEISV; and
extract the application identifier from the Update PDP Request or the Update PDP Response in the monitored network traffic, wherein the application identifier includes one or more of the following: HyperText Transfer Protocol (HTTP), a Domain Name System (DNS) request, a file transfer using File Transfer Protocol (FTP), Telnet, DHCP, TCP, UDP, and/or TFTP;
associate the location, the RAT type, the hardware identifier, and the application identifier with the new session at the security platform; and
determine a security policy to apply at the security platform to the new session based on the location, the RAT type, the hardware identifier, and the application identifier; and
a memory coupled to the processor and configured to provide the processor with instructions.