WO2005048555A1 - Procede pour effectuer un controle de securite des flux de donnees echangees entre un module et un reseau de communication, et module de communication - Google Patents
Procede pour effectuer un controle de securite des flux de donnees echangees entre un module et un reseau de communication, et module de communication Download PDFInfo
- Publication number
- WO2005048555A1 WO2005048555A1 PCT/EP2004/012532 EP2004012532W WO2005048555A1 WO 2005048555 A1 WO2005048555 A1 WO 2005048555A1 EP 2004012532 W EP2004012532 W EP 2004012532W WO 2005048555 A1 WO2005048555 A1 WO 2005048555A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data flows
- context
- exchanged
- communication session
- session
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
Definitions
- the present invention relates to communication systems, and in particular to communication modules.
- the invention finds application in the field of communication systems in which a data exchange service is provided. It also applies particularly well to radiocommunication systems which offer a data exchange service such as GPRS ("General Packet Radio Service") or UMTS ("Universal Mobile Telecommunication System”), and preferably in the radiocommunication terminals of these systems.
- IP Internet Protocol
- X.25 networks are examples of packet exchange networks, commonly known as PDN (packet data network) networks.
- PDN packet data network
- Each network element of a packet network is usually equipped with a controller for transmitting and receiving packets exchanged in accordance with a given packet data protocol (PDP, or “packet data protocol”).
- PDP packet data protocol
- firewall a system known as a barrier-guard, or firewall, whose function is to protect the network element by means of a control over the packet flows transmitted or received by the network element.
- the firewall system filters packets on reception, and also controls the transmission of packets in transmission. This system is frequently implemented in a software module which cooperates with the packet transmission and reception controller.
- the article "Network Firewalls”, published in September 1994 by SM Bellovin and WR Cheswick in the magazine "IEEE Communications Magazine” provides a detailed description of firewalls and related technologies.
- the classic structure of a firewall is illustrated in FIG. 1. Two filters 1, 2 surround one or more gateways 3.
- Each filter 1, 2 has the function of analyzing and controlling in a unidirectional or bidirectional packet flows exchanged on links 4 and 5. A filter is thus led to reject a packet, let it pass or ignore it, and this on the basis of filtering criteria.
- the function of the gateway or group of gateways 3 is to exercise application control over the data flows which the filter placed upstream allows to pass.
- the control rules and filtering criteria are defined and configurable by means of a configuration module 6 connected to each of the components 1, 2, 3 of the firewall.
- the filtering criteria can for example, in a manner known per se, be defined on the basis of the source or destination address, or else of the source or destination service of the packets to be filtered.
- a firewall operating on TCP / IP or UDP / IP packets it can be the source or destination IP address of a datagram, or the source UDP or TCP port or destination of a UDP or TCP packet.
- a filter 1, 2 can be configured so as to let pass only the TCP packets bound for a given port number, corresponding to a determined service.
- the gateway or group of gateways 3 performs a check with respect to one or more criteria relating to a given application.
- a typical example consists, in the case of an e-mail exchange application, in an application filtering of the e-mails exchanged on the basis, for example, of information which is identified in the header or the body of a message. of mail.
- the filter 1 is bidirectional and configured so as to protect the downstream equipment, among which are the gateways 3, the filter 2 and the equipment connected to the link 5, and acts on the data flows exchanged on the link 4
- Filter 2 also bidirectional, provides an additional bulwark to protect the equipment connected to link 5.
- network nodes such as gateways, routers, or bridges are provided with a firewall. This makes it possible in particular to isolate a private network (for example a corporate network, or an intranet) from a public network (typically the Internet network) to which it is connected.
- Firewalls are thus widely used in the context of interconnected networks. They are also used for personal computers equipped with software and hardware to connect to the Internet, directly or through an Internet service provider (in English ISP, for "Internet Service Provider").
- a user can thus equip his personal computer with firewall software in order to protect it during connections to the Internet.
- it can be envisaged to equip any system capable of exchanging data with a data communication network with a firewall such as that described in FIG. 1.
- WO 03/017705 which discloses the integration of a plurality of software applications within a radiocommunication terminal, including a firewall application which cooperates with a packet filtering unit.
- Application EP 1 094 682 also discloses a mobile telephone or a mobile access unit for communicating with a packet exchange network which includes a security function, provided for example by a security gateway.
- firewalls in the context of radiocommunication networks was also the subject of an article, entitled “Firewalls for Security in Wireless Networks” (Murthy et al., Proceedings of the Thirty-First Hawaii International ConfInterlea Networks, 1998, Volume: 7, 6-9 Jan. 1998) in which the authors describe a system in which a firewall is implemented within the infrastructure of a radiocommunication network.
- the major drawback of the solutions proposed is that they do not allow the implementation of a security function within a mobile station adapted to the diversity of the communication networks with which a mobile station is today capable of '' exchange data. They only offer security functions which act without distinction on all the data flows exchanged by a mobile station.
- the object of the present invention is to propose a new optimal architecture for the security function within communication equipment which does not have the drawbacks set out above.
- the invention thus proposes a communication module comprising means for exchanging data flows with a communication network within the framework of communication sessions established and organized according to communication session contexts, and security means for controlling the flows of data exchanged.
- the security means for controlling the exchanged data flows are arranged to operate with respect to at least one parameter attached to the communication session context of the corresponding session.
- the security means for controlling the data flows exchanged according to the invention fulfill a security function, arranged within a communication module, which acts within the framework of a communication session, and this through the context. associated communication session.
- This solution allows the implementation of a security function in a more specific context than that of simple data exchange.
- the security means for controlling the data flows exchanged can be arranged to operate relative to an identifier of the communication session context of the corresponding session, and / or to a parameter constituting said context. Examples of parameters that can be used in the context of the invention are an address which can be that of the module according to the invention or of an item of equipment in which it is incorporated, the quality of service associated with the exchange of data flows , or the identifier of a target network.
- the means for exchanging data flows comprise means for exchanging data flows in packets, and the security means for controlling the data flows are arranged to operate on data in packets.
- the security means for controlling the data flows exchanged can be structured on the basis of the conventional structure of a firewall described above. They can thus include a filter for operating by filtering the data flows relative to at least one parameter attached to the communication session context of the corresponding session.
- the security means for controlling the data flows exchanged can alternatively include first and second filters to operate by filtering the data flows exchanged, and one or more gateways to control the data flows exchanged with respect to one or more criteria relating to a given application, at least one of the first and second filters then being arranged to operate with respect to at least one parameter attached to the communication session context of the corresponding session.
- the invention finds a particularly advantageous application in the field of radiocommunications. It is thus planned to integrate the module according to the invention in a radiocommunication module, or radiocommunication infrastructure equipment. Typically, the radio module will be incorporated into a mobile station.
- the invention further provides a method for carrying out security control of the data flows exchanged between a communication module and a communication network in communication sessions organized according to communication session contexts, in which a communication session is established. communication with a remote correspondent, according to an active communication session context, and the data flows exchanged are controlled according to the activated communication session context, relative to at least one parameter attached to said context.
- this process will be applied to packet data streams.
- the control of the exchanged data flows can operate relative to an identifier of the communication session context of the corresponding session, and / or to a parameter constituting said context.
- controlling the data flows exchanged according to the context of the active communication session in accordance with the method according to the invention by filtering said data flows by means of a filter which operates with respect to at least one parameter attached to the context of communication session of the corresponding session.
- the step of controlling the data flows exchanged according to the context of the active communication session may be implemented by filtering said data flows by means of a first and a second filter to filter the data flows.
- the invention finally proposes a computer program loadable in a memory associated with a processor, and comprising instructions for the implementation of a method as defined above during the execution of said program by the processor, thus a computer medium on which the said program is recorded.
- - Figure 1 is a block diagram of the conventional structure of a barrier - fire
- - Figure 2 is a diagram illustrating a communication system comprising a mobile station incorporating a module according to the invention
- - Figure 3 illustrates an example of architecture of the module according to the invention.
- the invention will hereinafter be described in the nonlimiting framework of radiocommunication systems which provide a particularly relevant example of its implementation.
- FIG. 1 is a block diagram of the conventional structure of a barrier - fire
- - Figure 2 is a diagram illustrating a communication system comprising a mobile station incorporating a module according to the invention
- - Figure 3 illustrates an example of architecture of the module according to the invention.
- the invention will hereinafter be described in the nonlimiting framework of radiocommunication systems which provide
- FIG. 2 illustrates the implementation of the invention within a mobile station 21 in communication with two networks 24, 25, one of which is a public network and the other is a private network.
- Communications in particular data exchanges, are carried out via a radiocommunication network, for example a cellular network with extended coverage (PLMN) ("Public Land Mobile Network").
- PLMN cellular network with extended coverage
- This PLMN is conventionally divided into a core network 23, comprising interconnected switches, and a radio access network (RAN) 22 providing the radio links with the mobile stations 21.
- RAN radio access network
- the PLMN is second generation and GSM type. In this case, it incorporates a GPRS (“General Packet Radio Service”) packet transmission service.
- GPRS General Packet Radio Service
- the access network 22 In GSM, the access network 22, called BSS ("Base Station Sub-system"), consists of base stations (BTS) distributed over the network coverage area to communicate by radio (Um interface) with the mobile stations 21, and base station controllers (BSC) connected to the core network 23 and supervising each of the base stations through interfaces called Abis.
- BSS Base Station Sub-system
- the protocols used in the PLMN GPRS are described in the technical specifications GSM 23.060 (version 5.6.0, Release 5, July 2003), 03.64 (version 8.9.0, Release 1999, November 2002), 08.16 (version 8.0.1, Release 1999, July 2002) and 29.061 (version 5.7.0, Release 5, October 2003) published by the 3GPP.
- the invention is applicable to other types of PLMN, in particular to third generation networks of UMTS type ("Universal Mobile Telecommunications System") or CDMA 2000.
- the core network in the UMTS standard comprises two distinct fields corresponding to a division between circuit switched services (CS, for “Circuit Switched”) and packet switched services (“PS, for“ Packet Switched ”).
- CS circuit switched services
- PS Packet Switched Domain
- CS Circuit Switched Domain
- CS Circuit Switched Domain
- the core network 23 is connected to the radio access network 22 by means of an interface, called interface A, Gb for GSM, and read, for UMTS.
- the core network 23 is further connected to fixed networks comprising one or more packet data networks using respective protocols (PDP) such as X.25 or IP.
- PDP packet data networks
- the core network 23 includes for packet mode switches called GSN ("GPRS Support Node"), which communicate with each other through an interface called Gn.
- GSN GPRS Support Node
- the packet switches connected to the BSCs of the access network 22 are called SGSN (“Serving GSN”), while other packet switches, called GGSN (“Gateway GSN”), serve as a gateway with the packet networks, in particular the Internet network 25 and the Intranet network 24. These gateways are connected to the SGSNs to allow the mobile stations 21 to access the networks 24, 25.
- the call establishment procedure in the PS domain of UMTS or in the GPRS packet switching network uses the notion of PDP context.
- a PDP context is a particular example of a communication session, which can be defined as a set of information relating to a communication session. The concept of PDP context is described in paragraph 7.2.1 of the reference work by P.
- the PDP context groups together all the information allowing the transmission of user data between the mobile, the UMTS network and the external packet switching network (for example the Internet).
- the mobile station 21 Before initiating any data transfer, the mobile station 21 must necessarily request the core network 23 for the activation of a PDP context, which must verify the conformity of the attributes of the context requested with respect to the characteristics of the subscription subscribed by the user.
- PDP contexts can be active simultaneously for a given user. The user may indeed want to activate several sessions in parallel, for example to simultaneously pick up two electronic mailboxes owned by two different service providers. In this case, the mobile must activate as many PDP contexts as sessions.
- a user can in theory both surf the Internet using the WAP protocol ("Wireless Application Protocol") on his GPRS mobile phone and consult a website on his computer connected to his mobile phone, via the activation of two PDP contexts.
- Two communication session contexts 26, 27 have been activated within the mobile station 21.
- Each PDP context relates to the network with which it is desired to initiate a communication session, and the mobile station 21 has an active communication session with the intranet network 24, and two active communication sessions with the public Internet network 25.
- the procedure for activation of a PDP context by a mobile station is described in detail in section 9.2.2.1 of the 3GPP TS 23.060 specification.
- the mobile station sends a message Activate PDP CONTEXT REQUEST activation at SGSN.
- This message indicates the values of the various parameters of the PDP context for which establishment is required, the main ones of which are: - the PDP address of the mobile station 21. In the case of an external Internet network, this is an IP v4 or IP v6 address.
- the mobile station is therefore assigned a temporary IP address; the quality of service associated with the communication, which is represented by the attributes of the radio link allocated by the access network 22; - the APN (“Access Point Name”), which corresponds to the identifier of the fixed network 24, 25 to which the mobile wishes to access.
- APN Access Point Name
- each PDP context - can be active simultaneously, so that a mobile station can simultaneously have several separate PDP addresses - typically several source IP addresses -.
- the invention then allows for example the implementation of a security function which operates independently on each of the flows exchanged with these multiple source IP addresses.
- the activation of each communication session context 26, 27 - in the example illustrated each PDP context - gives rise to the creation of a security software task 28, 29 which provides the functions of a firewall as previously described, and operates within the framework of the exchanges carried out according to the context 26, 27 with which it is associated.
- Each security software task 28, 29 is in fact capable of performing an operation on the data flows exchanged as part of a communication session defined in the corresponding context 26, 27.
- filtering parameters as a function of the IP addresses and / or the TCP or UDP ports of the datagrams received or sent will differ depending on whether it is the context 26 of communication with the intranet 24, or the context 27 of communication with the Internet network 25.
- a company will be able to tolerate that its employees globally "browse" on the public Internet network via their mobile phones and therefore authorize incoming and outgoing transactions on port 80 traditionally reserved for exchanges according to the HTTP protocol (" HyperText Transfer protocol ”). It may explicitly prohibit access to certain unethical sites via security rules if it so wishes. It may also, by controlling port 25 dedicated to the SMTP protocol (“Simple Mail Transfer Protocol”) for the two communications sessions, authorize the sending and receiving of emails to or from the Intranet and refuse the sending and / or receiving emails to or from the internet.
- SMTP protocol Simple Mail Transfer Protocol
- Each security software task 28, 29 is therefore capable of controlling and in particular limiting the data flows exchanged by the mobile station 21 relative to any of the parameters attached to the context 26, 27 with which it is associated, and in particular one of the parameters constituting said context 26, 27, such as for the case of a PDP context represented in FIG. 2, the address (PDP) of the mobile station 21, the quality of service associated with the communication, or the APN .
- the control of flows can also be carried out on a more global scale of the context 26, 27 itself, for example by means of a context identifier 26, 27.
- FIG. 3 illustrates an example of architecture of a module according to the invention.
- the security module 28 comprises a configuration module 6 connected to a memory 47 for storing the security parameters associated with different PDP contexts.
- the module 28 provides a security function activated by means of the instantiation of a software task offering the filtering functions 1, 2 and control 3 previously described under the control of a member 48, typically constituted by a processor.
- the controller 48 also controls a set 46 of PDP contexts.
- the assembly 46 consists for example of a memory in which the different parameters of each PDP context specific to the user using the module according to the invention are kept.
- the controller 48 also controls the module 28 in order to create an instance of security software task operating according to the parameters associated with the context for which activation has been requested. The values of these parameters are configured beforehand and stored in memory 47. The security software task thus created is deleted when the PDP context whose activation gave rise to its creation is closed.
- GUI graphical interface
- a set of parameters available in configuration for the security software task is meant the possibility for the user to select the parameter or parameters which he wishes to configure, and to assign the desired values to the chosen parameters.
- a graphical interface will allow it to easily create, modify or delete security profiles associated with communication session contexts.
- the invention is implemented within infrastructure equipment of a radiocommunication network. The invention then makes it possible, for example, to perform a filtering of the flows exchanged by communication session context relative to the attributes of the subscription user. This translates, for an operator, into the possibility of implementing, for example, an unsolicited commercial email filter (in English "spam") or a virus filter for its privileged users, without necessarily offering this service to other users. .
- the communication session contexts are PDP contexts.
- the radio network infrastructure includes the network of radio access 22 and the core network 23.
- the implementation of the invention within a GGSN switch of the core network proves to be particularly advantageous.
- a GGSN like an SGSN
- PDP context table used in particular in billing management.
- GGSN serving as a gateway at the edge of the core network
- the GGSN serving as a gateway at the edge of the core network
- the PLMN is an anchor point for communications seen from the PLMN.
- the module according to the invention in its various embodiments, can be implemented in different ways, such as for example on an electronic card intended to be embedded in a radiocommunication terminal equipment or a radiocommunication infrastructure equipment , or on a semiconductor product, such as an ASIC (“Application Specifies Circuit Integration”), without removing the generality of the invention.
- ASIC Application Specifies Circuit Integration
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/579,575 US20100011109A1 (en) | 2003-11-17 | 2004-11-05 | Method for Safety Control of Data Exchange Flows Between a Communications Module and a Communications Network and Said Communications Module |
EP04797645A EP1685690A1 (fr) | 2003-11-17 | 2004-11-05 | Procede pour effectuer un controle de securite des flux de donnees echangees entre un module et un reseau de communication, et module de communication |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0313417A FR2862474B1 (fr) | 2003-11-17 | 2003-11-17 | Procede pour effectuer un controle de securite des flux de donnees echangees entre un module et un reseau de communication, et module de communication |
FR0313417 | 2003-11-17 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005048555A1 true WO2005048555A1 (fr) | 2005-05-26 |
Family
ID=34508512
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2004/012532 WO2005048555A1 (fr) | 2003-11-17 | 2004-11-05 | Procede pour effectuer un controle de securite des flux de donnees echangees entre un module et un reseau de communication, et module de communication |
Country Status (4)
Country | Link |
---|---|
US (1) | US20100011109A1 (fr) |
EP (1) | EP1685690A1 (fr) |
FR (1) | FR2862474B1 (fr) |
WO (1) | WO2005048555A1 (fr) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101279213B1 (ko) * | 2010-07-21 | 2013-06-26 | 삼성에스디에스 주식회사 | 시스템 온 칩 기반의 안티-멀웨어 서비스를 제공할 수 있는 디바이스 및 그 방법과 인터페이스 방법 |
WO2021083930A1 (fr) * | 2019-10-31 | 2021-05-06 | Telefonaktiebolaget Lm Ericsson (Publ) | Signalement d'un changement de capacité d'interface de programmation d'application (api) basé sur un filtre api |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2000036793A1 (fr) * | 1998-12-15 | 2000-06-22 | Telia Ab (Publ) | Filtrage d'un trafic de paquets-ip dans un systeme gprs |
WO2001033889A1 (fr) * | 1999-11-01 | 2001-05-10 | White. Cell, Inc. | Procede et dispositif de securite pour systeme de donnees celullaires |
WO2002023831A1 (fr) * | 2000-09-15 | 2002-03-21 | Telefonaktiebolaget L M Ericsson (Publ) | Procede et dispositif destines a filtrer une communication de donnees |
US20030081607A1 (en) * | 2001-10-30 | 2003-05-01 | Alan Kavanagh | General packet radio service tunneling protocol (GTP) packet filter |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2809691B2 (ja) * | 1989-04-28 | 1998-10-15 | 株式会社東芝 | 半導体レーザ |
US5838029A (en) * | 1994-08-22 | 1998-11-17 | Rohm Co., Ltd. | GaN-type light emitting device formed on a silicon substrate |
CN1292458C (zh) * | 1997-04-11 | 2006-12-27 | 日亚化学工业株式会社 | 氮化物半导体的生长方法、氮化物半导体衬底及器件 |
US7346677B1 (en) * | 1999-07-02 | 2008-03-18 | Cisco Technology, Inc. | Method and apparatus for creating policies for policy-based management of quality of service treatments of network data traffic flows |
US6812053B1 (en) * | 1999-10-14 | 2004-11-02 | Cree, Inc. | Single step pendeo- and lateral epitaxial overgrowth of Group III-nitride epitaxial layers with Group III-nitride buffer layer and resulting structures |
DE60042084D1 (de) * | 2000-05-31 | 2009-06-04 | Nokia Corp | Verfahren und vorrichtung zur erzeugung von einer verbindung-identifikation |
WO2002064864A1 (fr) * | 2001-02-14 | 2002-08-22 | Toyoda Gosei Co., Ltd. | Procede de production de cristal semi-conducteur et element lumineux semi-conducteur |
US20030110252A1 (en) * | 2001-12-07 | 2003-06-12 | Siew-Hong Yang-Huffman | Enhanced system and method for network usage monitoring |
JP4830315B2 (ja) * | 2004-03-05 | 2011-12-07 | 日亜化学工業株式会社 | 半導体レーザ素子 |
-
2003
- 2003-11-17 FR FR0313417A patent/FR2862474B1/fr not_active Expired - Fee Related
-
2004
- 2004-11-05 EP EP04797645A patent/EP1685690A1/fr not_active Ceased
- 2004-11-05 US US10/579,575 patent/US20100011109A1/en not_active Abandoned
- 2004-11-05 WO PCT/EP2004/012532 patent/WO2005048555A1/fr active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2000036793A1 (fr) * | 1998-12-15 | 2000-06-22 | Telia Ab (Publ) | Filtrage d'un trafic de paquets-ip dans un systeme gprs |
WO2001033889A1 (fr) * | 1999-11-01 | 2001-05-10 | White. Cell, Inc. | Procede et dispositif de securite pour systeme de donnees celullaires |
WO2002023831A1 (fr) * | 2000-09-15 | 2002-03-21 | Telefonaktiebolaget L M Ericsson (Publ) | Procede et dispositif destines a filtrer une communication de donnees |
US20030081607A1 (en) * | 2001-10-30 | 2003-05-01 | Alan Kavanagh | General packet radio service tunneling protocol (GTP) packet filter |
Also Published As
Publication number | Publication date |
---|---|
US20100011109A1 (en) | 2010-01-14 |
FR2862474A1 (fr) | 2005-05-20 |
FR2862474B1 (fr) | 2006-03-03 |
EP1685690A1 (fr) | 2006-08-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1767033B1 (fr) | Procede de gestion des ressources radio dans un reseau d'acces radio de type utran | |
US8230493B2 (en) | Allowing differential processing of encrypted tunnels | |
US7684363B2 (en) | Apparatus and method of controlling unsolicited traffic destined to a wireless communication device | |
EP2060085B1 (fr) | Envoi de messages de maintien de connexion au nom d'un autre dispositif par un proxy de maintien de connexion | |
EP1665661B1 (fr) | Procede de differenciation de la qualite de service dans les reseaux de communication mobile en mode paquets | |
US7295532B2 (en) | System, device and computer readable medium for providing networking services on a mobile device | |
EP1287717B1 (fr) | Procede pour le suivi de communications dans un systeme de radiocommunication cellulaire, et coeur de reseau mettant en oeuvre ce procede | |
EP1898580A1 (fr) | Procédé, dispositif et système de prise en charge d'un mandataire transparent dans une passerelle d'accès sans fil | |
US20040008653A1 (en) | Device, system, method and computer readable medium for fast recovery of IP address change | |
EP1652395A2 (fr) | Procede et systeme d'activation de services de courrier electronique pour services mobiles | |
US20040125762A1 (en) | Device, system, method and computer readable medium for attaching to a device identifited by an access point name in a wide area network providing particular services | |
Lin et al. | General Packet Radio Service (GPRS): architecture, interfaces, and deployment | |
JP2005530400A (ja) | モバイル通信システムにおけるコンテンツ−セキュリティ・プロキシ | |
US20020194506A1 (en) | Internet service provider method and apparatus | |
WO2010028576A1 (fr) | Procédé, dispositif et système de filtrage de contenus | |
EP1685690A1 (fr) | Procede pour effectuer un controle de securite des flux de donnees echangees entre un module et un reseau de communication, et module de communication | |
WO2005041475A1 (fr) | Ensembles et procedes relatifs a la securite dans des reseaux assurant la communication de paquets de donnees | |
EP1496712A1 (fr) | Système et procédé de commande de commutation par paquets | |
FR2832585A1 (fr) | Procede de controle de congestion dans un reseau de telecommunication mobile du type gsm ou umts | |
Basu et al. | Challenge of universal mobility and wireless internet | |
FR2850225A1 (fr) | Procede perfectionne de generation d'une requete d'activation de contexte entre un equipement de communication et un reseau de communications | |
WO2011080446A1 (fr) | Gestion d'itinerance en mode paquet dans un reseau de radiocommunication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2004797645 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
WWP | Wipo information: published in national office |
Ref document number: 2004797645 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10579575 Country of ref document: US |