-
Patent Agency Ranking
公开(公告)号:WO2022005748A1
公开(公告)日:2022-01-06
申请号:PCT/US2021/037590
申请日:2021-06-16
Applicant: PALO ALTO NETWORKS, INC.
Inventor: BURAKOVSKY, Leonid , VERMA, Sachin , HU, Fengliang , CHEN, I-Chun , LIM, How Tung
IPC: H04L29/06 , H04L2463/141 , H04L61/2007 , H04L63/0236 , H04L63/0263 , H04L63/10 , H04L63/1458 , H04L63/1466 , H04L63/20 , H04W12/088 , H04W12/12 , H04W12/122 , H04W24/08 , H04W80/02 , H04W84/04
Abstract: Techniques for securing control and user plane separation in mobile networks (e.g., service provider networks for mobile subscribers, such as for 4G/5G networks) are disclosed. In some embodiments, a system/process/computer program product for securing control and user plane separation in mobile networks in accordance with some embodiments includes monitoring network traffic on a mobile network at a security platform to identify a Packet Forwarding Control Protocol (PFCP) message associated with a new session, in which the mobile network includes a 4G network or a 5G network; extracting a plurality of parameters from the PFCP message at the security platform; and enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to secure control and user plane separation in the mobile network.
-
公开(公告)号:WO2020198157A1
公开(公告)日:2020-10-01
申请号:PCT/US2020/024281
申请日:2020-03-23
Applicant: PALO ALTO NETWORKS, INC.
Inventor: VERMA, Sachin , BURAKOVSKY, Leonid
Abstract: Techniques for providing multi-access distributed edge security in mobile networks (e.g., service provider networks for mobile subscribers, such as for 5G networks) are disclosed. In some embodiments, a system/process/computer program product for multi- access distributed edge security in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network; extracting subscription and/or equipment identifier information for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the subscription and/or equipment identifier information.
-
公开(公告)号:WO2020068521A1
公开(公告)日:2020-04-02
申请号:PCT/US2019/051792
申请日:2019-09-18
Applicant: PALO ALTO NETWORKS, INC.
Inventor: VERMA, Sachin , BURAKOVSKY, Leonid
Abstract: Techniques for providing network slice-based security in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for network slice-based security in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network; extracting network slice information for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the network slice information.
-
公开(公告)号:WO2019160776A1
公开(公告)日:2019-08-22
申请号:PCT/US2019/017361
申请日:2019-02-08
Applicant: PALO ALTO NETWORKS, INC.
Inventor: VERMA, Sachin , BURAKOVSKY, Leonid , HUO, Mingxu , HU, Fengliang
Abstract: Techniques for transport layer signaling security with next generation firewall are disclosed. In some embodiments, a system/process/computer program product for transport layer signaling with next generation firewall includes monitoring transport layer signaling traffic on a service provider network at a security platform; and filtering the transport layer signaling traffic at the security platform based on a security policy. Techniques for application layer signaling security with next generation firewall are also disclosed. In some embodiments, a system/process/computer program product for application layer signaling security with next generation firewall includes monitoring application layer signaling traffic on a service provider network at a security platform; and filtering the application layer signaling traffic at the security platform based on a security policy. Techniques for network layer signaling security with next generation firewall are also disclosed. In some embodiments, a system/process/computer program product for network layer signaling security with next generation firewall includes monitoring a network layer signaling protocol traffic on a service provider network at a security platform; and filtering the network layer signaling protocol traffic at the security platform based on a security policy. Techniques for Diameter security with next generation firewall are also disclosed. In some embodiments, a system/process/computer program product for Diameter security with next generation firewall includes monitoring Diameter protocol traffic on a service provider network at a security platform; and filtering the Diameter protocol traffic at the security platform based on a security policy.
-
公开(公告)号:WO2018231855A1
公开(公告)日:2018-12-20
申请号:PCT/US2018/037142
申请日:2018-06-12
Applicant: PALO ALTO NETWORKS, INC.
Inventor: VERMA, Sachin , BURAKOVSKY, Leonid , SHU, Jesse , LI, Chang , CHANG, Lei , CHEN, I-Chun
Abstract: Techniques for location based security in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for location based security in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a location for a new session; associating the location with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the location.
-
-
-
-
Search Results
5
records
(took 0.015 seconds)
