公开(公告)号：US20160255050A1

公开(公告)日：2016-09-01

申请号：US15044957

申请日：2016-02-16

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Mark Grayson ,  Gangadharan Byju Pularikkal ,  Mickael James Graham ,  Santosh Ramrao Patil ,  Peter Gaspar

IPC: H04L29/06 ,  H04W76/02

CPC classification number: H04L63/029 ,  H04L63/0272 ,  H04L63/0823 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/164 ,  H04L63/20 ,  H04L65/1069 ,  H04W12/1208 ,  H04W76/12 ,  H04W84/12 ,  H04W88/16

Abstract: Embodiments include receiving one or more packets of a Wi-Fi calling session via a secure tunnel from a user device, where the user device is connected to a source network via a Wi-Fi access point. Embodiments also include determining whether the Wi-Fi calling session is a threat based, at least in part, on identifying an anomaly of at least one packet of the one or more packets. An action can be taken if the Wi-Fi calling communication is determined to be a threat. More specific embodiments include determining the at least one packet is associated with the Wi-Fi calling session by correlating information in the packet with control plane data of the Wi-Fi calling session. Further embodiments can include intercepting the one or more packets in a second secure tunnel established between an evolved packet data gateway and a service provider network associated with the user device.

Abstract translation: 实施例包括经由来自用户设备的安全隧道接收Wi-Fi呼叫会话的一个或多个分组，其中用户设备经由Wi-Fi接入点连接到源网络。 实施例还包括至少部分地基于识别一个或多个分组中的至少一个分组的异常来确定Wi-Fi呼叫会话是否是基于威胁的。 如果Wi-Fi呼叫通信被确定为威胁，则可采取措施。 更具体的实施例包括通过将分组中的信息与Wi-Fi呼叫会话的控制平面数据相关联来确定至少一个分组与Wi-Fi呼叫会话相关联。 另外的实施例可以包括拦截建立在演进的分组数据网关与与用户设备相关联的服务提供商网络之间的第二安全隧道中的一个或多个分组。

公开(公告)号：US10341300B2

公开(公告)日：2019-07-02

申请号：US15044957

申请日：2016-02-16

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Mark Grayson ,  Gangadharan Byju Pularikkal ,  Mickael James Graham ,  Santosh Ramrao Patil ,  Peter Gaspar

IPC: H04L29/06 ,  H04W76/12 ,  H04W12/12 ,  H04W84/12 ,  H04W88/16

Abstract: Embodiments include receiving one or more packets of a Wi-Fi calling session via a secure tunnel from a user device, where the user device is connected to a source network via a Wi-Fi access point. Embodiments also include determining whether the Wi-Fi calling session is a threat based, at least in part, on identifying an anomaly of at least one packet of the one or more packets. An action can be taken if the Wi-Fi calling communication is determined to be a threat. More specific embodiments include determining the at least one packet is associated with the Wi-Fi calling session by correlating information in the packet with control plane data of the Wi-Fi calling session. Further embodiments can include intercepting the one or more packets in a second secure tunnel established between an evolved packet data gateway and a service provider network associated with the user device.

公开(公告)号：US20150058938A1

公开(公告)日：2015-02-26

申请号：US13974179

申请日：2013-08-23

Applicant: Cisco Technology, Inc.

Inventor： Peter Gaspar

IPC: H04W12/06

CPC classification number: H04W12/06 ,  H04L9/3271 ,  H04L63/0892 ,  H04W76/12 ,  H04W84/12

Abstract: A gateway is preconfigured to establish an Internet Protocol (IP) tunnel with a default local mobility anchor on behalf of a mobile node. The gateway receives from the mobile node an Internet access request including a mobile identifier and authorization and authentication protocol information, and sends to the default local mobility anchor an IP tunnel request to establish an IP tunnel. The gateway receives from the default local mobility anchor a tunnel redirect message to redirect the IP tunnel from the default local mobility anchor to a serving local mobility anchor and, responsive to the tunnel redirect message, authenticates the mobile node and establishes an IP tunnel with the serving local mobility anchor through which the mobile node communicates.

Abstract translation: 网关被预先配置以建立与代表移动节点的默认本地移动性锚点的因特网协议（IP）隧道。 网关从移动节点接收包括移动标识符和授权和认证协议信息的因特网接入请求，并向默认本地移动锚点发送建立IP隧道的IP隧道请求。 网关从默认本地移动锚点接收隧道重定向消息，以将IP隧道从默认本地移动锚重定向到服务本地移动锚点，并且响应于隧道重定向消息，认证移动节点并建立与 服务于移动节点通过其传播的本地移动锚点。

公开(公告)号：US09226153B2

公开(公告)日：2015-12-29

申请号：US13974179

申请日：2013-08-23

Applicant: Cisco Technology, Inc.

Inventor： Peter Gaspar

IPC: H04L29/06 ,  H04W12/06 ,  H04L9/32

CPC classification number: H04W12/06 ,  H04L9/3271 ,  H04L63/0892 ,  H04W76/12 ,  H04W84/12

Abstract: A gateway is preconfigured to establish an Internet Protocol (IP) tunnel with a default local mobility anchor on behalf of a mobile node. The gateway receives from the mobile node an Internet access request including a mobile identifier and authorization and authentication protocol information, and sends to the default local mobility anchor an IP tunnel request to establish an IP tunnel. The gateway receives from the default local mobility anchor a tunnel redirect message to redirect the IP tunnel from the default local mobility anchor to a serving local mobility anchor and, responsive to the tunnel redirect message, authenticates the mobile node and establishes an IP tunnel with the serving local mobility anchor through which the mobile node communicates.

Abstract translation: 网关被预先配置以建立与代表移动节点的默认本地移动性锚点的因特网协议（IP）隧道。 网关从移动节点接收包括移动标识符和授权和认证协议信息的因特网接入请求，并向默认本地移动锚点发送建立IP隧道的IP隧道请求。 网关从默认本地移动锚点接收隧道重定向消息，以将IP隧道从默认本地移动锚重定向到服务本地移动锚点，并且响应于隧道重定向消息，认证移动节点并建立与 服务于移动节点通过其传播的本地移动锚点。