Security of a communication system

US 7,620,808 B2
Filed: 02/02/2004
Issued: 11/17/2009
Est. Priority Date: 06/19/2003
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

entering state information associated with a packet data protocol connection in a record maintained in a firewall, the packet data protocol connection being established between a user equipment and a node via a gateway node, and the firewall being configured to control transportation of packet data protocol data based on the record, and the gateway node being configured to, when deactivation of the packet data protocol connection for the user equipment is detected, send information to the firewall that the user equipment cannot be reached;

receiving in the firewall the information that the user equipment cannot be reached;

in response to receiving said information, deleting the state information from the record; and

dropping any remaining packet data protocol data associated with said address comprising freezing use of an address associated with the packet data protocol connection from use by other data transportation connections for a predetermined period of time after detecting that the packet data protocol connection is deactivated.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Communications systems and methods for controlling transportation of data. The methods commonly include entering state information associated with a data transportation connection in a state information record maintained in a data processing entity. The data transportation connection is normally established between user equipment and a node, commonly via a gateway node, and the data processing entity is typically configured to control transportation of data based on the state information table. The methods also usually include, detecting that the data transportation connection is deactivated for the user equipment, sending information from the gateway node that the user equipment cannot be reached, and, in response to the information, deleting the state information from the state information record. The systems generally allow for implementation of the methods.

19 Citations

View as Search Results

11 Claims

1. A method, comprising:
- entering state information associated with a packet data protocol connection in a record maintained in a firewall, the packet data protocol connection being established between a user equipment and a node via a gateway node, and the firewall being configured to control transportation of packet data protocol data based on the record, and the gateway node being configured to, when deactivation of the packet data protocol connection for the user equipment is detected, send information to the firewall that the user equipment cannot be reached;
  
  receiving in the firewall the information that the user equipment cannot be reached;
  
  in response to receiving said information, deleting the state information from the record; and
  
  dropping any remaining packet data protocol data associated with said address comprising freezing use of an address associated with the packet data protocol connection from use by other data transportation connections for a predetermined period of time after detecting that the packet data protocol connection is deactivated.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the user equipment is configured to communicate via a first packet switched network, the node is configured to communicate via a second packet switched network, the gateway node is located at the first packet switched network, and the firewall is located at an interface between the first and second packet switched networks.
  - 3. The method of claim 1, wherein the gateway node is further configured to send the information from the gateway node to the node.

4. A method, comprising:
- detecting, by a gateway node, that an address associated with a packet data protocol connection established between a user equipment and a node via the gateway node becomes available for use by other user equipment, wherein state information associated with a packet data protocol connection is entered in a record maintained in a firewall, said state information comprising said address, the firewall being configured to control transportation of packet data protocol data based on the record;
  
  sending information to the firewall that the user equipment cannot be reached; and
  
  abstaining from reassigning the address for another user equipment for a predefined period of time wherein any remaining packet data protocol data associated with said address are dropped.
- View Dependent Claims (5)
- - 5. The method of claim 4, wherein, the user equipment is configured to communicate via a first packet switched network, and the node is configured to communicate via a second packet switched network, and the gateway node is located at the first packet switched network.

6. A gateway node comprising a first processor configured to handle packet data protocol connections established between user equipment configured to communicate via an access system and nodes connected to a data network, the gateway node being configured to detect that a packet data protocol connection for a user equipment is deactivated and to send information to the firewall that the user equipment cannot be reached;
- anda data processing node comprising a second processor configured to maintain state information associated with respective packet data protocol connections established between the user equipment and the nodes via the gateway node and to control transportation of data based on the state information, the data processing node being configured to delete state information associated with a user equipment in response to information from the gateway node that the user equipment cannot be reached.

7. An apparatus, comprising:
- a processor; and
  
  a memory and the computer program code,the memory and the computer program code configured to, with the processor, cause the apparatus at least to;
  
  detect that an address associated with a packet data protocol connection established between a user equipment and a node via a gateway node becomes available for use by other user equipment, wherein state information associated with a packet data protocol connection is entered in a record maintained in a firewall, said state information comprising said address, the firewall being configured to control transportation of packet data protocol data based on the record,send information to the firewall that the user equipment cannot be reached, andabstain from reassigning the address for another user equipment for a predefined period of time following said detection that said address becomes available for use by said other user equipment, wherein any remaining packet data protocol data associated with said address are dropped.
- View Dependent Claims (8)
- - 8. The apparatus of claim 7, comprising an inactivity timer, expiry of the inactivity timer providing indication of an end of the predefined period.

9. An apparatus, comprising:
- a processor; and
  
  a memory including computer program code,the memory and the computer program code configured to, with the processor, cause the apparatus at least toenter state information associated with a packet data protocol connection in a record maintained in a firewall, the packet data protocol connection being established between a user equipment and a node via a gateway node, and the firewall being configured to control transportation of data based on the record;
  
  receive information from the gateway node that the user equipment cannot be reached when the packet data protocol connection is deactivated for the user equipment; and
  
  in response to said information, delete the state information from the record and to drop any remaining packet data protocol data associated with an address comprising freezing use of the address associated with the packet data protocol connection from use by other data transportation connections for a predetermined period of time after detecting that the packet data protocol connection is deactivated.

10. A computer-readable storage medium encoded with instructions configured to control a processor to perform a process, the process, comprising:
- entering state information associated with a packet data protocol connection in a record maintained in a firewall, the packet data protocol connection being established between a user equipment and a node via a gateway node, and the firewall being configured to control transportation of data based on the record, and the gateway node being configured to, when deactivation of the packet data protocol connection for the user equipment is detected, send information that the user equipment cannot be reached;
  
  receiving in the firewall the information that the user equipment cannot be reached; and
  
  in response to receiving said information, deleting the state information from the record, and dropping any remaining packet data protocol data associated with an address comprising freezing use of the address associated with the packet data protocol connection from use by other data transportation connections for a predetermined period of time after detecting that the packet data protocol connection is deactivated.

11. A computer-readable storage medium encoded with instructions configured to control a processor to perform a process, the process, comprising:
- detecting, by a gateway node, that an address associated with a packet data protocol connection established between a user equipment and a node via the gateway node becomes available for use by other user equipment, wherein state information associated with a packet data protocol connection is entered in a record maintained in a firewall, said state information comprising the address, the firewall being configured to control transportation of packet data protocol data based on the state information record;
  
  sending information that the user equipment cannot be reached; and
  
  abstaining from reassigning the address for another user equipment for a predefined period of time, wherein any remaining packet data protocol data associated with said address are dropped.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Faccin, Stefano, Le, Franck
Primary Examiner(s)
Vu; Kimyen
Assistant Examiner(s)
Debnath; Suman

Application Number

US10/768,075
Publication Number

US 20050021939A1
Time in Patent Office

2,115 Days
Field of Search

713/153, 370230-237, 370/360, 370/400, 370/412, 709/227
US Class Current

713/153
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/14   for detecting or protecting...

H04L 63/1458   Denial of Service

Security of a communication system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Security of a communication system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links