What technology area does this patent fall under?

Primary CPC classification H04L63/0245. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Dec 08 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Methods, systems, and computer readable media for multiple transaction capabilities application part (TCAP) operation code (opcode) screening

US10862866B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10862866-B2
Application number	US-201816019454-A
Country	US
Kind code	B2
Filing date	Jun 26, 2018
Priority date	Jun 26, 2018
Publication date	Dec 8, 2020
Grant date	Dec 8, 2020

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A method for multiple transaction capabilities application part (TCAP) operation code (opcode) screening includes receiving a first SS7 signaling message including multiple TCAP opcodes. The method further includes determining that the first SS7 signaling message requires further processing. The method further includes, in response to determining that the first SS7 signaling message requires further processing, decoding, from the first SS7 signaling message, N TCAP opcodes, where N is an integer of at least two. The method further includes, for each of the N TCAP opcodes, applying a filter and determining that one of the filters indicates that the opcode, alone or in combination with other parameters in the first SS7 signaling message, is not allowed. The method further includes, in response to determining that the one filter indicates that the opcode, alone or in combination with the other parameters is not allowed, performing an SS7 firewall action.

First claim

Opening claim text (preview).

What is claimed is: 1. A method for multiple transaction capabilities application part (TCAP) operation code (opcode) screening, the method comprising: receiving a first signaling system number 7 (SS7) signaling message including multiple TCAP opcodes; determining that the first SS7 signaling message requires further processing; in response to determining that the first SS7 signaling message requires further processing, decoding, from the first SS7 signaling message, N TCAP opcodes, where N is an integer of at least two; for each of the N TCAP opcodes, applying a filter and determining that one of the filters indicates that the opcode, alone or in combination with other parameters in the first SS7 signaling message, is not allowed; and in response to determining that the one filter indicates that the opcode alone or in combination with the other parameters is not allowed, performing an SS7 firewall action, wherein the first SS7 signaling message includes a first TCAP opcode that is indicated as allowed based on the applying of a filter to the first TCAP opcode and a second TCAP opcode that is indicated as blocked based on the applying of the one filter to the second TCAP opcode. 2. The method of claim 1 , wherein the receiving, determining, decoding, applying, and performing are performed at an SS7 signal transfer (STP). 3. The method of claim 1 , wherein determining that the first SS7 signaling message requires further processing includes determining that the first SS7 signaling message requires global title translation (GTT) processing. 4. The method of claim 3 , comprising providing a GTT set including a plurality of filters indexed by different TCAP opcodes and wherein applying the filters includes performing lookups in the GTT set for each of the N TCAP opcodes decoded from the first SS7 signaling message. 5. The method of claim 4 , wherein applying the filters includes determining, for each of the N opcodes, whether the filter implemented in the GTT set for the opcode indicates that the opcode should be allowed or blocked. 6. The method of claim 1 , comprising receiving a second SS7 signaling message including a plurality of TCAP opcodes, determining that the second SS7 signaling message requires further processing, decoding N opcodes from the second SS7 signaling message, applying a filter to each of the N TCAP opcodes decoded from the second SS7 signaling message, determining that all of the TCAP opcodes in the second SS7 signaling message should be allowed, and routing the second SS7 signaling message to a destination. 7. The method of claim 6 , wherein routing the second SS7 signaling message to a destination includes selecting a destination point code (DPC) for the second SS7 signaling message based on one of the opcodes in the second SS7 signaling message, inserting the DPC in the second SS7 signaling message and routing the second SS7 signaling message based on the DPC. 8. The method of claim 7 , wherein selecting the DPC includes assigning priorities to the opcodes in the second SS7 signaling message and selecting the DPC corresponding the opcode in the second SS7 signaling message having the highest assigned priority. 9. The method of claim 1 , wherein performing an SS7 firewall action includes at least one of: copying the message to a monitoring platform, generating a call detail record (CDR), incrementing a peg counter and generating an alarm. 10. A system for multiple transaction capabilities application part (TCAP) operation code (opcode) screening, the system comprising: an SS7 signal transfer point (STP) including a plurality of message processors including: a first message processor for receiving a first signaling system number 7 (SS7) signaling message including multiple TCAP opcodes and determining that the first SS7 signaling message requires further processing; and a second message processor for, in response to a determination that the first SS7 signaling message requires further processing, decoding, from the first SS7 signaling message, N TCAP opcodes, where N is an integer of at least two, for each of the N TCAP opcodes, applying a filter and determining that one of the filters indicates that the opcode, alone or in combination with other parameters in the first SS7 signaling message, is not allowed, and in response to determining that the one filter indicates that the opcode, alone or in combination with the other parameters, is not allowed, performing an SS7 firewall action, wherein the first SS7 signaling message includes a first TCAP opcode that is indicated as allowed based on the applying of a filter to the first TCAP opcode and a second TCAP opcode that is indicated as blocked based on the applying of the one filter to the second TCAP opcode. 11. The system of claim 10 , wherein determining that the first SS7 signaling message requires further processing includes determining that the first SS7 signaling message requires global title translation (GTT) processing. 12. The system of claim 11 1 comprising providing a GTT set in the STP and including a plurality of filters indexed by different TCAP opcodes and wherein applying the filters includes performing lookups in the GTT set for each of the N TCAP opcodes decoded from the first SS7 signaling message. 13. The system of claim 12 , wherein applying the filters includes determining, for each of the N opcodes, whether the filter implemented in the GTT set for the opcode indicates that the opcode should be allowed or blocked. 14. The system of claim 10 , comprising receiving a second SS7 signaling message including a plurality of TCAP opcodes, determining that the second SS7 signaling message requires further processing, decoding N opcodes from the second SS7 signaling message, applying a filter to each of the N TCAP opcodes decoded from the second SS7 signaling message, determining that all of the TCAP opcodes in the second SS7 signaling message should be allowed, and routing the second SS7 signaling message to a destination. 15. The system of claim 14 , wherein routing the second SS7 signaling message to a destination includes selecting a destination point code (DPC) for the second SS7 signaling message based on one of the opcodes in the second SS7 signaling message, inserting the DPC in the second SS7 signaling message and routing the second SS7 signaling message based on the DPC. 16. The system of claim 15 , wherein selecting the DPC includes assigning priorities to the opcodes in the second SS7 signaling message and selecting the DPC corresponding the opcode in the second SS7 signaling message having the highest assigned priority. 17. The system of claim 10 , wherein performing an SS7 firewall action includes at least one of: copying the message to a monitoring platform, generating a call detail record (CDR), incrementing a peg counter and generating an alarm. 18. A non-transitory computer readable medium having stored thereon executable instructions that when executed by a processor of a computer control the computer to perform steps comprising: receiving a first signaling system number 7 (SS7) signaling message including multiple transaction capabilities application part (TCAP) operation codes (opcodes); determining that the first SS7 signaling message requires further processing; in response to determining that the first SS7 signaling message requires further processing, decoding, from the first SS7 signaling message, N TCAP opcodes, where N is an integer of at least two; for each of the N TCAP opcodes, applying a filter and determining that one of the filters indicates

Assignees

Oracle Int Corp

Inventors

Classifications

H04L63/0245Primary
Filtering by information in the payload · CPC title
H04W12/00
Security arrangements; Authentication; Protecting privacy or anonymity · CPC title
H04L63/20
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
H04L63/02
for separating internal from external traffic, e.g. firewalls · CPC title
H04L63/1441
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title

Patent family

Related publications grouped by family.

View patent family 66810841

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10862866B2 cover?: A method for multiple transaction capabilities application part (TCAP) operation code (opcode) screening includes receiving a first SS7 signaling message including multiple TCAP opcodes. The method further includes determining that the first SS7 signaling message requires further processing. The method further includes, in response to determining that the first SS7 signaling message requires fu…
Who is the assignee on this patent?: Oracle Int Corp
What technology area does this patent fall under?: Primary CPC classification H04L63/0245. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Dec 08 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).