WO2003107599A1 - Content- und security proxy in einem mobilkommunikationssystem - Google Patents
Content- und security proxy in einem mobilkommunikationssystem Download PDFInfo
- Publication number
- WO2003107599A1 WO2003107599A1 PCT/DE2003/001998 DE0301998W WO03107599A1 WO 2003107599 A1 WO2003107599 A1 WO 2003107599A1 DE 0301998 W DE0301998 W DE 0301998W WO 03107599 A1 WO03107599 A1 WO 03107599A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- subscriber
- data
- network
- security
- filter
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/084—Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/088—Access security using filters or firewalls
Definitions
- the invention relates to a method and a device for providing security functions in the transmission of data from and to a subscriber terminal of a mobile communication network.
- the object of the invention is to provide a method and a device for providing security functions in the transmission of data from and to a subscriber terminal of a mobile communication network in order to effectively protect the subscriber terminal and connected or combined devices.
- the essence of the invention is to offer a personalized security service in a mobile radio network individually for each mobile radio connection and subscriber.
- the participant can adapt his security settings interactively and dynamically
- the protective function is offered by a network-specific device in the form of a safety and filter device.
- the general protection function can also be coupled with a storage function, i.e. the data traffic Parts of it are temporarily stored in the facility and can be called up by the participant.
- the security and filter device can also take over the function of a so-called proxy.
- 'Proxy' means something like 'proxy service'.
- Proxies take requests from a client, e.g. a terminal device and give it, if modified, to the original destination, e.g. an internet provider, further.
- Proxies can store the data passed through locally and deliver it the next time they are accessed. This also increases performance since certain content can be buffered.
- IP / TCP Filtering of data traffic based on IP / TCP in the form of a so-called firewall function. Furthermore, the filtering / blocking of data packets of certain origin (IP address) or data packets from and to certain services (TCP ports).
- An analysis of the data content for malicious or security-critical content The entire content of a data connection is analyzed and according to certain patterns examined. Signatures of viruses etc. are tracked down and rendered harmless before they reach the subscriber's end device.
- An analysis of the data content for unwanted content e.g. in the form of spam, advertising, or offensive content.
- unwanted content e.g. in the form of spam, advertising, or offensive content.
- the entire content of the connection is analyzed and unwanted content specified by the subscriber is filtered out, e.g. to protect children and adolescents.
- the network operator himself can use the mechanisms of the system to specifically switch off certain data traffic for certain participants, e.g. Services subject to a charge if the subscriber has not subscribed to the service.
- the filter function for the data content can be meaningfully and technically enriched with the same mechanisms with the following additional functions.
- budget compliance can be checked with a component for calculating the charges.
- the participant or the operator can set a certain upper limit for the communication costs. If the specified budget is exceeded, the participant will be notified and data traffic prevented. This enables effective cost control and cost transparency.
- the subscriber can still administer whether all of his traffic is routed through the system or only selectively, i.e. at certain times, after corresponding incidents or when suspected of abuse.
- a distributed implementation of the filter functions can be provided, i.e. the safety and filter device is not provided centrally in a network node of the mobile communication system, but rather distributed or individually in several network nodes. This reduces the load on the individual node.
- (b) be functional, e.g. special filter components for certain data content, e.g. Email filters, virus filters, etc., or
- (c) be architectural or software related, e.g. a use of special hardware and system software for certain functions.
- FIG. 1 shows schematically the technical design of the system.
- the system is part of a mobile communication network 10, which allows a large number of subscriber terminals 13 to communicate with other public networks, for example the Internet 11.
- other public networks for example the Internet 11.
- Combined devices 14 connected to the mobile radio terminal 13, such as e.g. PC, PDA, smartphone, etc. can be provided, which enable convenient mobile Internet use.
- the security and filter device 1 preferably within a corresponding network node, e.g. a switching center MSC, the security and filter device 1 according to the invention is arranged, which according to the invention can consist of the following functional parts.
- the general filter component 2 is the general filter component 2
- This component has a variable that can be defined by the subscriber / network operator
- Subscriber traffic 12 in both directions passes through this filter 2 and is analyzed there.
- the subscriber To use the security and filter device 1, the subscriber must authenticate himself to the system. This ensures that unauthorized access to e.g. the participant's personal settings are made. In the simplest case, authentication can take place via the subscriber's number MSISDN. The participant is protected more securely and better with an additional PIN or password.
- a cryptographic authentication method can be used, e.g. Certificates of the participant.
- Administration component 4 This component forms the interface between the system and the participant. Here the participant can manage his personal settings. This can be done directly via the mobile radio system, the Internet or the landline-based customer interfaces of the network operator.
- the database 5 The database 5:
- the database 5 describes which data are to be filtered out or processed by the filter component 2. This database 5 can advantageously be divided into four databases.
- the first database 6 contains the individual filters and
- the second database 7 contains the filters and
- the third database 8 contains the network operator-specific settings and filters, and the fourth database 9 contains the general settings and filters.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/518,116 US7779246B2 (en) | 2002-06-14 | 2003-06-13 | Content and security proxy in a mobile communications system |
JP2004514277A JP2005530400A (ja) | 2002-06-14 | 2003-06-13 | モバイル通信システムにおけるコンテンツ−セキュリティ・プロキシ |
AU2003250750A AU2003250750A1 (en) | 2002-06-14 | 2003-06-13 | Content and security proxy in a mobile communications system |
HK06103606A HK1083576A1 (en) | 2002-06-14 | 2006-03-22 | Content and security proxy in a mobile communications system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE10226744.8 | 2002-06-14 | ||
DE10226744A DE10226744B4 (de) | 2002-06-14 | 2002-06-14 | Content- und Security Proxy in einem Mobilkommunikationssystem |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2003107599A1 true WO2003107599A1 (de) | 2003-12-24 |
Family
ID=29723186
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/DE2003/001998 WO2003107599A1 (de) | 2002-06-14 | 2003-06-13 | Content- und security proxy in einem mobilkommunikationssystem |
Country Status (9)
Country | Link |
---|---|
US (1) | US7779246B2 (de) |
JP (1) | JP2005530400A (de) |
CN (1) | CN100388722C (de) |
AU (1) | AU2003250750A1 (de) |
DE (1) | DE10226744B4 (de) |
HK (1) | HK1083576A1 (de) |
PL (1) | PL372445A1 (de) |
RU (1) | RU2373656C2 (de) |
WO (1) | WO2003107599A1 (de) |
Families Citing this family (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070050846A1 (en) * | 2005-08-30 | 2007-03-01 | Fortinet, Inc. | Logging method, system, and device with analytical capabilities for the network traffic |
DE102005055148B4 (de) * | 2005-11-18 | 2008-04-10 | Siemens Ag | Verfahren, Detektionseinrichtung und Servereinrichtung zur Auswertung einer eingehenden Kommunikation an einer Kommunikationseinrichtung |
US9215581B2 (en) | 2006-04-14 | 2015-12-15 | Qualcomm Incorported | Distance-based presence management |
US8886125B2 (en) | 2006-04-14 | 2014-11-11 | Qualcomm Incorporated | Distance-based association |
US8552903B2 (en) | 2006-04-18 | 2013-10-08 | Qualcomm Incorporated | Verified distance ranging |
US8837724B2 (en) | 2007-03-27 | 2014-09-16 | Qualcomm Incorporated | Synchronization test for device authentication |
US9141961B2 (en) | 2007-06-20 | 2015-09-22 | Qualcomm Incorporated | Management of dynamic mobile coupons |
US9524502B2 (en) | 2007-06-20 | 2016-12-20 | Qualcomm Incorporated | Management of dynamic electronic coupons |
US9483769B2 (en) | 2007-06-20 | 2016-11-01 | Qualcomm Incorporated | Dynamic electronic coupon for a mobile environment |
DE102007045909A1 (de) | 2007-09-26 | 2009-08-06 | T-Mobile Internationale Ag | Verfahren zum Schutz vor Viren/Spam in Mobilfunknetzen |
US10542372B2 (en) | 2011-03-15 | 2020-01-21 | Qualcomm Incorporated | User identification within a physical merchant location through the use of a wireless network |
EP4080918B1 (de) * | 2018-09-27 | 2024-08-14 | Palo Alto Networks, Inc. | Auf netzwerk-slice basierende sicherheit in mobilen netzwerken |
US10944796B2 (en) | 2018-09-27 | 2021-03-09 | Palo Alto Networks, Inc. | Network slice-based security in mobile networks |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1997049252A2 (en) * | 1996-06-21 | 1997-12-24 | Integrated Computing Engines, Inc. | Network based programmable media manipulator |
WO2000036793A1 (en) * | 1998-12-15 | 2000-06-22 | Telia Ab (Publ) | Filtering of ip-packet traffic in gprs |
WO2001033889A1 (en) * | 1999-11-01 | 2001-05-10 | White. Cell, Inc. | Cellular data system security method and apparatus |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5991407A (en) * | 1995-10-17 | 1999-11-23 | Nokia Telecommunications Oy | Subscriber authentication in a mobile communications system |
US6122514A (en) * | 1997-01-03 | 2000-09-19 | Cellport Systems, Inc. | Communications channel selection |
US6580906B2 (en) * | 1997-12-10 | 2003-06-17 | Intel Corporation | Authentication and security in wireless communication system |
GB9923197D0 (en) * | 1999-10-01 | 1999-12-01 | Wilson Gordon M | Apparatus for internet access |
GB2366692B (en) * | 2000-08-31 | 2002-08-14 | F Secure Oyj | Virus protection in an internet environment |
US6968453B2 (en) * | 2001-01-17 | 2005-11-22 | International Business Machines Corporation | Secure integrated device with secure, dynamically-selectable capabilities |
US20030016655A1 (en) * | 2001-01-29 | 2003-01-23 | Docomo Communications Laboratories Usa, Inc. | Fast dynamic route establishment in wireless, mobile access digital networks using mobility prediction |
US20020174335A1 (en) * | 2001-03-30 | 2002-11-21 | Junbiao Zhang | IP-based AAA scheme for wireless LAN virtual operators |
JP2003099400A (ja) * | 2001-09-26 | 2003-04-04 | Fujitsu Ltd | セキュリティ管理装置及びセキュリティ管理方法並びにセキュリティ管理用プログラム |
-
2002
- 2002-06-14 DE DE10226744A patent/DE10226744B4/de not_active Expired - Lifetime
-
2003
- 2003-06-13 JP JP2004514277A patent/JP2005530400A/ja active Pending
- 2003-06-13 AU AU2003250750A patent/AU2003250750A1/en not_active Abandoned
- 2003-06-13 WO PCT/DE2003/001998 patent/WO2003107599A1/de active Application Filing
- 2003-06-13 PL PL03372445A patent/PL372445A1/xx not_active Application Discontinuation
- 2003-06-13 US US10/518,116 patent/US7779246B2/en active Active
- 2003-06-13 CN CNB038135965A patent/CN100388722C/zh not_active Expired - Fee Related
- 2003-06-13 RU RU2005100782/09A patent/RU2373656C2/ru active
-
2006
- 2006-03-22 HK HK06103606A patent/HK1083576A1/xx not_active IP Right Cessation
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1997049252A2 (en) * | 1996-06-21 | 1997-12-24 | Integrated Computing Engines, Inc. | Network based programmable media manipulator |
WO2000036793A1 (en) * | 1998-12-15 | 2000-06-22 | Telia Ab (Publ) | Filtering of ip-packet traffic in gprs |
WO2001033889A1 (en) * | 1999-11-01 | 2001-05-10 | White. Cell, Inc. | Cellular data system security method and apparatus |
Also Published As
Publication number | Publication date |
---|---|
PL372445A1 (en) | 2005-07-25 |
RU2005100782A (ru) | 2006-02-10 |
US20050204152A1 (en) | 2005-09-15 |
CN1689280A (zh) | 2005-10-26 |
DE10226744B4 (de) | 2005-05-04 |
CN100388722C (zh) | 2008-05-14 |
JP2005530400A (ja) | 2005-10-06 |
DE10226744A1 (de) | 2004-01-15 |
HK1083576A1 (en) | 2006-07-07 |
RU2373656C2 (ru) | 2009-11-20 |
US7779246B2 (en) | 2010-08-17 |
AU2003250750A1 (en) | 2003-12-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE19740547B4 (de) | Vorrichtung und Verfahren zum Sicherstellen sicherer Kommunikation zwischen einer anfordernden Entität und einer bedienenden Entität | |
DE602004003518T2 (de) | Verfahren und System zum legalen Abfangen von Paketvermittlungsnetzwerkdiensten | |
DE69825801T2 (de) | Vorrichtung und Verfahren zur Ermöglichung gleichranginger Zugangskontrolle in einem Netz | |
DE69837040T2 (de) | Vorrichtung zur verbesserung der sicherheit in einem benutzermobilität-unterstützenden kommunikationsssystem | |
DE69934451T2 (de) | Internetteilnehmerprofil | |
DE10226744B4 (de) | Content- und Security Proxy in einem Mobilkommunikationssystem | |
EP1250789B1 (de) | Verfahren, system zur übermittlung von daten von einem sender zu einem empfänger und sender bzw. empfänger hierzu | |
DE69925482T2 (de) | Verfahren, einrichtung und gerät zur authentifizierung | |
EP1417820A2 (de) | Verfahren und computersystem zur sicherung der kommunikation in netzwerken | |
WO2002037745A1 (de) | Verfahren zur sicheren datenübertragung zwischen zwei endgeräten und vorrichtung zur durchführung dieses verfahrens | |
EP1034670B1 (de) | Verfahren zur verwaltung von informationen auf identifikationskarten | |
DE602004010625T2 (de) | Erzwungene verschlüsselung für drahtlose lokale netzwerke | |
EP1407577B1 (de) | Verfahren zur verifizierung von fernsprechrückrufinformation für über das internet eingeleitete rückrufe | |
EP1358736B1 (de) | Verfahren zur durchführung von überwachungsmassnahmen in paketorientierten telekommunikations- und datennentzen | |
EP1430685B1 (de) | Verfahren zur übertragung von daten in einem paketorientierten datennetz | |
WO2004021663A1 (de) | Verfahren sowie vorrichtung zur datenquellenspezifischen kennzeichnung von push-nutzdaten | |
EP1393499B1 (de) | Verfahren und anordnung zur standortunabhängigen überwachung von sprach- und/oder datennetzverbindungen durch bedarfsträger | |
EP1323279A2 (de) | Verfahren zur kopplung von online- und internetdiensten | |
EP1832132B1 (de) | System und verfahren zur vermittlung von daten zwischen einem datenanbieter und einem mobilfunkendgerät | |
DE102009060904B4 (de) | Verfahren zum Steuern eines Verbindungsaufbaus sowie Netzwerksystem | |
DE10154546B4 (de) | Verfahren zum Zugänglichmachen von Diensten in Telekommunikationsnetzen, zum Beispiel im Internet | |
EP2193644A2 (de) | Verfahren zum schutz vor viren/spam in mobilfunknetzen | |
DE102010020621A1 (de) | Verfahren zur automatisierten Verarbeitung von unerwünschter elektronischer Post | |
WO2005071918A1 (de) | Verfahren zur autorisationskontrolle einer datenübertragung in einem daten-mobilfunknetz | |
DE10359683A1 (de) | Computersytem mit einem ersten Datenträger und zumindest einem zweiten Datenträger |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 03813596.5 Country of ref document: CN |
|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 372445 Country of ref document: PL |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2004514277 Country of ref document: JP |
|
ENP | Entry into the national phase |
Ref document number: 2005100782 Country of ref document: RU Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10518116 Country of ref document: US |
|
122 | Ep: pct application non-entry in european phase |