US 12,463,989 B2
Selective intelligent enforcement for mobile networks over diameter and/or radius protocols
Sachin Verma, Danville, CA (US); Leonid Burakovsky, Pleasanton, CA (US); and Apoorva Jain, San Jose, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on Feb. 16, 2024, as Appl. No. 18/444,203.
Application 18/444,203 is a continuation in part of application No. 18/225,026, filed on Jul. 21, 2023.
Application 18/444,203 is a continuation in part of application No. 18/225,022, filed on Jul. 21, 2023.
Application 18/444,203 is a continuation in part of application No. 18/225,016, filed on Jul. 21, 2023, granted, now 11,979,746.
Prior Publication US 2025/0030706 A1, Jan. 23, 2025
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/1416 (2013.01) 20 Claims
OG exemplary drawing
 
1. A system, comprising:
a processor configured to:
monitor network traffic in a core mobile network using a security platform executed on a network element in the core mobile network to identify a new session that attached to the core mobile network for mobile network communications;
extract meta information associated with the new session over a Diameter protocol and/or a Radius protocol using the security platform executed on the network element in the core mobile network, wherein the meta information associated with the new session is extracted by performing inspection of Diameter messages and/or Radius messages;
apply selective intelligent enforcement using the security platform if the extracted meta information associated with the new session matches a selective intelligent enforcement policy; and
offload the new session to bypass inspection by the security platform if the extracted meta information associated with the new session does not match the selective intelligent enforcement policy; and
a memory coupled to the processor and configured to provide the processor with instructions.