公开(公告)号：US20250030673A1

公开(公告)日：2025-01-23

申请号：US18444217

申请日：2024-02-16

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky ,  Apoorva Jain

IPC: H04L9/40 ,  H04L43/02

Abstract: Techniques for selective intelligent offloading for mobile networks using a security platform are disclosed. In some embodiments, a system/process/computer program product for selective intelligent offloading for mobile networks using a security platform includes monitoring network traffic in a core mobile network using a security platform executed on a network element in the core mobile network to identify a new session that attached to the core mobile network for mobile network communications; extracting meta information associated with the new session over a Diameter protocol and/or a Radius protocol using the security platform executed on the network element in the core mobile network; applying apply selective intelligent offloading using the security platform if the extracted meta information associated with the new session matches a selective intelligent offload policy; and performing traffic inspection by the security platform if the extracted meta information associated with the new session does not match a selective intelligent offload policy.

公开(公告)号：US12010148B2

公开(公告)日：2024-06-11

申请号：US18064165

申请日：2022-12-09

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky

IPC: H04L9/40 ,  H04W12/088 ,  H04W12/73

CPC classification number: H04L63/20 ,  H04L63/0236 ,  H04L63/029 ,  H04L63/10 ,  H04W12/088 ,  H04L63/0254 ,  H04W12/73

Abstract: Techniques for access point name and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for access point name (e.g., APN) and application identity (e.g., application identifier) based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify an access point name for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the access point name and the application identifier.

公开(公告)号：US20240163315A1

公开(公告)日：2024-05-16

申请号：US18418082

申请日：2024-01-19

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky ,  Jesse C. Shu ,  Lei Chang

IPC: H04L9/40 ,  H04W12/48

CPC classification number: H04L63/20 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/029 ,  H04L63/1408 ,  H04L63/1433 ,  H04W12/48

Abstract: Techniques for mobile user identity and/or SIM-based IoT identity and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for mobile user identity and/or SIM-based IOT identity and application identity based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier.

公开(公告)号：US11950144B2

公开(公告)日：2024-04-02

申请号：US17681489

申请日：2022-02-25

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky

IPC: H04W36/00 ,  H04W12/00 ,  H04W12/102 ,  H04W12/60 ,  H04W24/08 ,  H04W80/10 ,  H04W80/12 ,  H04W84/04 ,  H04W88/16

CPC classification number: H04W36/0038 ,  H04W12/009 ,  H04W12/102 ,  H04W12/60 ,  H04W24/08 ,  H04W80/10 ,  H04W80/12 ,  H04W84/04 ,  H04W88/16

Abstract: Techniques for applying context-based security over interfaces in NG-RAN environments in mobile networks are disclosed. In some embodiments, a system/process/computer program product for applying context-based security over interfaces in NG-RAN environments in mobile networks includes monitoring network traffic on a mobile network at a security platform to identify a GTP-U tunnel session setup message associated with a new session; extracting a plurality of parameters from the GTP-U tunnel session setup message and from XnAP traffic to extract contextual information at the security platform; and enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to apply context-based security to the network traffic transported between NG-RAN nodes in an NG-RAN environment in the mobile network.

公开(公告)号：US11916967B2

公开(公告)日：2024-02-27

申请号：US17890054

申请日：2022-08-17

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky ,  Jesse C. Shu ,  Lei Chang

IPC: H04L9/40 ,  H04W12/48

CPC classification number: H04L63/20 ,  H04L63/029 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/1408 ,  H04L63/1433 ,  H04W12/48

Abstract: Techniques for mobile user identity and/or SIM-based IoT identity and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for mobile user identity and/or SIM-based IOT identity and application identity based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier.

公开(公告)号：US11799914B2

公开(公告)日：2023-10-24

申请号：US17505435

申请日：2021-10-19

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky

IPC: H04L9/40 ,  H04W8/18 ,  H04W12/088 ,  H04W12/122 ,  H04W12/125

CPC classification number: H04L63/20 ,  H04L63/0227 ,  H04W8/18 ,  H04W12/088 ,  H04W12/122 ,  H04W12/125

Abstract: Techniques for cellular Internet of Things (IoT) battery drain prevention in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for cellular IoT battery drain prevention in mobile networks includes monitoring network traffic on a service provider network at a security platform to identify a misbehaving application based on a security policy, wherein the service provider network includes a 4G network or a 5G network; extracting subscription identifier information for network traffic associated with the misbehaving application at the security platform; and enforcing the security policy at the security platform to rate limit paging messages sent to an endpoint device using the subscription identifier information and based on the security policy.

公开(公告)号：US11750662B2

公开(公告)日：2023-09-05

申请号：US17720213

申请日：2022-04-13

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky

IPC: H04L9/40 ,  H04W12/08 ,  H04W24/08 ,  H04W12/121

CPC classification number: H04L63/205 ,  H04L63/0236 ,  H04W12/08 ,  H04W12/121 ,  H04W24/08

Abstract: Techniques for providing multi-access edge computing (MEC) services security in mobile networks (e.g., service provider networks for mobile subscribers, such as for 5G networks) by parsing Application Programming Interfaces (APIs) are disclosed. In some embodiments, a system/process/computer program product for MEC services security in mobile networks by parsing APIs in accordance with some embodiments includes monitoring network traffic on a mobile network at a security platform to identify an API message associated with a new session, wherein the mobile network includes a 5G network or a converged 5G network that includes a multi-access edge computing (MEC) service; extracting mobile network identifier information from the API message at the security platform; and determining a security policy to apply at the security platform to the new session based on the mobile network identifier information.

公开(公告)号：US20220191252A1

公开(公告)日：2022-06-16

申请号：US17688675

申请日：2022-03-07

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky ,  Jesse C. Shu ,  Chang Li

IPC: H04L9/40 ,  H04W12/06 ,  H04W12/48 ,  H04W12/088

Abstract: Techniques for mobile equipment identity and/or IoT equipment identity and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for mobile equipment identity and/or IoT equipment identity and application identity based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a device identifier for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the device identifier and the application identifier.

公开(公告)号：US11265290B2

公开(公告)日：2022-03-01

申请号：US16863897

申请日：2020-04-30

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky

IPC: G06F21/00 ,  H04L29/06 ,  H04W12/08

Abstract: Techniques for transport layer signaling security with next generation firewall are disclosed. In some embodiments, a system/process/computer program product for transport layer signaling with next generation firewall includes monitoring transport layer signaling traffic on a service provider network at a security platform; and filtering the transport layer signaling traffic at the security platform based on a security policy.

公开(公告)号：US20210144183A1

公开(公告)日：2021-05-13

申请号：US17153721

申请日：2021-01-20

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky

IPC: H04L29/06 ,  H04W12/00 ,  H04W24/08 ,  H04W12/088 ,  H04W12/121

Abstract: Techniques for providing network slice-based security in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for network slice-based security in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network; extracting network slice information for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the network slice information.