| CPC H04W 12/37 (2021.01) [H04W 12/121 (2021.01); H04W 24/10 (2013.01)] | 22 Claims |
|
1. A system, comprising:
a processor configured to:
monitor network traffic on a mobile network at a security platform to identify a new session;
extract a plurality of 5G LAN related parameters using an application programming interface (API) at the security platform, wherein the plurality of 5G LAN related parameters includes 5GLANparameters and ServiceParameterData, wherein the 5GLANparameters includes three or more of the following: “exterGroupId”, “gpsis”, “dnn”, “snssai”, “sessionType”, “appDesps”, “osid”, “appids”, “aaaipv4addr”, “aaaipv6addr”, “aaUsgs”, “mtcProviderid”, and/or “sessionTypes”, wherein the ServiceParameterData includes one of the following: a combination of “dnn” and “snssai”, “afServiceId”, or “appId”, and three or more of the following: “exterGroupId”, “gpsis”, “ueipv4”, “ueipv6”, “ueMac”, “self”, and/or “anyUeInd”, and wherein the extracting of the plurality of 5G LAN related parameters comprises to:
read the plurality of 5G LAN related parameters for an application function of the API and a subscription identifier, comprising to:
determine that AfGuideURSP is supported; and
in response to a determination that the AfGuideURSP is supported, determining that the ServiceParameterData includes “afServiceId”; and
enforce a security policy on the new session at the security platform based on one or more of the plurality of 5G LAN related parameters to apply 5G LAN security in the mobile network, comprising to:
determine that AfGuideURSP is supported; and
in response to a determination that the AfGuideURSP is supported, determine that the ServiceParameterData includes only “afServiceId” for User Equipment Routing Selection Policy (URSP) determination; and
a memory coupled to the processor and configured to provide the processor with instructions.
|