公开(公告)号：US20220201046A1

公开(公告)日：2022-06-23

申请号：US17689811

申请日：2022-03-08

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky ,  Jesse C. Shu ,  Lei Chang

IPC: H04L9/40 ,  H04W12/122

Abstract: Techniques for providing security for Cellular Internet of Things (CIoT) in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for enhanced security for CIoT in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session, in which the session is associated with a CIoT device; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier.

公开(公告)号：US11343285B2

公开(公告)日：2022-05-24

申请号：US16779253

申请日：2020-01-31

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky

IPC: H04L29/06 ,  H04W12/08 ,  H04W24/08 ,  H04W12/121

Abstract: Techniques for providing multi-access edge computing (MEC) services security in mobile networks (e.g., service provider networks for mobile subscribers, such as for 5G networks) by parsing Application Programming Interfaces (APIs) are disclosed. In some embodiments, a system/process/computer program product for MEC services security in mobile networks by parsing APIs in accordance with some embodiments includes monitoring network traffic on a mobile network at a security platform to identify an API message associated with a new session, wherein the mobile network includes a 5G network or a converged 5G network that includes a multi-access edge computing (MEC) service; extracting mobile network identifier information from the API message at the security platform; and determining a security policy to apply at the security platform to the new session based on the mobile network identifier information.

公开(公告)号：US11283766B2

公开(公告)日：2022-03-22

申请号：US16868428

申请日：2020-05-06

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky

IPC: H04L29/06 ,  G06F21/00 ,  H04W12/08

Abstract: Techniques for network layer signaling security with next generation firewall are disclosed. In some embodiments, a system/process/computer program product for network layer signaling security with next generation firewall includes monitoring a network layer signaling protocol traffic on a service provider network at a security platform; and filtering the network layer signaling protocol traffic at the security platform based on a security policy.

公开(公告)号：US11233829B2

公开(公告)日：2022-01-25

申请号：US16748629

申请日：2020-01-21

Applicant: Palo Alto Networks, Inc.

Inventor： Mitchell Rappard ,  Leonid Burakovsky

IPC: H04L29/06 ,  H04L29/12 ,  H04W24/08

Abstract: Techniques for dynamic per subscriber policy enablement for security platforms within service provider network environments are disclosed. In some embodiments, a system/process/computer program product for dynamic per subscriber policy enablement for security platforms within service provider network environments includes monitoring network traffic on a service provider network at a security platform to identify a subscriber with a new IP flow; associating the subscriber with the new IP flow at the security platform; and determining a security policy to apply at the security platform to the new IP flow based on the subscriber.

公开(公告)号：US11122435B2

公开(公告)日：2021-09-14

申请号：US16857121

申请日：2020-04-23

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky ,  Jesse C. Shu ,  I-Chun Chen

IPC: H04L29/06 ,  H04W24/08 ,  H04W12/08 ,  H04W12/12 ,  H04W12/088 ,  H04W12/128 ,  H04W84/04 ,  H04L29/08 ,  H04W76/10

Abstract: Techniques for radio access technology based security in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for radio access technology based security in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a Radio Access Technology (RAT) type for a new session; associating the RAT type with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the RAT type.

公开(公告)号：US10812972B2

公开(公告)日：2020-10-20

申请号：US16574859

申请日：2019-09-18

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky

IPC: H04M1/66 ,  H04M1/68 ,  H04M3/16 ,  H04W12/00 ,  H04W12/10 ,  H04L29/06 ,  H04W12/08 ,  H04W12/12 ,  H04W8/18

Abstract: Techniques for providing service-based security per user location in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for service-based security per user location in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network; extracting user location information for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the user location information.

公开(公告)号：US10812971B2

公开(公告)日：2020-10-20

申请号：US16566341

申请日：2019-09-10

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky

IPC: H04M1/66 ,  H04M1/68 ,  H04M3/16 ,  H04W12/00 ,  H04W12/12 ,  H04W12/08 ,  H04L29/06

Abstract: Techniques for providing service-based security per data network name in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for service-based security per data network name in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network; extracting network name information for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the network name information.

公开(公告)号：US20200314148A1

公开(公告)日：2020-10-01

申请号：US16900958

申请日：2020-06-14

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky ,  Jesse C. Shu ,  Lei Chang

IPC: H04L29/06 ,  H04W12/12

Abstract: Techniques for providing security for Cellular Internet of Things (CIoT) in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for enhanced security for CIoT in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session, in which the session is associated with a CIoT device; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier.

公开(公告)号：US20200259870A1

公开(公告)日：2020-08-13

申请号：US16857121

申请日：2020-04-23

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky ,  Jesse C. Shu ,  I-Chun Chen

IPC: H04L29/06 ,  H04W24/08 ,  H04W12/08 ,  H04W12/12

Abstract: Techniques for radio access technology based security in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for radio access technology based security in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a Radio Access Technology (RAT) type for a new session; associating the RAT type with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the RAT type.

公开(公告)号：US10708306B2

公开(公告)日：2020-07-07

申请号：US15624440

申请日：2017-06-15

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky ,  Jesse C. Shu ,  Lei Chang

IPC: H04L29/06 ,  H04W12/00

Abstract: Techniques for mobile user identity and/or SIM-based IoT identity and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for mobile user identity and/or SIM-based IOT identity and application identity based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier.