System and method for providing security in a network environment

US 7,917,627 B1
Filed: 07/12/2004
Issued: 03/29/2011
Est. Priority Date: 07/12/2004
Status: Active Grant

First Claim

Patent Images

1. An apparatus for providing security in a network environment, comprising:

a network element operable to;

receive a flow that propagates through an access gateway, the flow associated with an end user and propagating through a network, the flow communicating an accounting START indicator and an accounting STOP indicator, the accounting START indicator indicating that accounting has started, the accounting STOP indicator indicating that accounting has stopped;

glean internet protocol (IP) address information from the flow, the IP address information comprising an IP address;

determine from the accounting START indicator that the end user is being connected to the network;

remove an outdated flow for the IP address from a table and insert the flow in place of the outdated flow in the table in response to the determination from the accounting START indicator;

determine from the accounting STOP indicator that the end user is being disconnected from the network; and

remove the flow from the table in response to the determination from the accounting STOP indicator such that the IP address information in the access gateway and the network element is synchronized independent of a connection request or a connection response, wherein the access gateway is a general packet radio gateway service (GPRS) support node (GGSN) and the network element is a firewall.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing security in a network environment is provided that includes receiving a flow that propagates through an access gateway, the flow being initiated by an end user associated with the flow and propagating through a network. Internet protocol (IP) address information may be gleaned from the flow at a network element. The method further includes recognizing a selected one of the end user being connected to the network and the end user being disconnected from the network such that the IP address information in the access gateway and the network element is substantially synchronized.

51 Citations

View as Search Results

21 Claims

1. An apparatus for providing security in a network environment, comprising:
- a network element operable to;
  
  receive a flow that propagates through an access gateway, the flow associated with an end user and propagating through a network, the flow communicating an accounting START indicator and an accounting STOP indicator, the accounting START indicator indicating that accounting has started, the accounting STOP indicator indicating that accounting has stopped;
  
  glean internet protocol (IP) address information from the flow, the IP address information comprising an IP address;
  
  determine from the accounting START indicator that the end user is being connected to the network;
  
  remove an outdated flow for the IP address from a table and insert the flow in place of the outdated flow in the table in response to the determination from the accounting START indicator;
  
  determine from the accounting STOP indicator that the end user is being disconnected from the network; and
  
  remove the flow from the table in response to the determination from the accounting STOP indicator such that the IP address information in the access gateway and the network element is synchronized independent of a connection request or a connection response, wherein the access gateway is a general packet radio gateway service (GPRS) support node (GGSN) and the network element is a firewall.
- View Dependent Claims (2, 3, 4, 5, 18)
- - 2. The apparatus of claim 1, wherein the table stores the IP address information associated with the end user.
  - 3. The apparatus of claim 1, wherein the network element identifies the accounting START indicator associated with the end user and responds by providing an entry in the table and by removing existing information in the table that is inconsistent with the accounting START indicator being provided for the end user.
  - 4. The apparatus of claim 1, wherein the network element identifies the accounting STOP indicator associated with the end user and responds by deleting an entry in the table and by removing existing information in the table that is inconsistent with the accounting STOP indicator being provided for the end user.
  - 5. The apparatus of claim 1, wherein the network element is operable to use a selected protocol to glean the IP information, the selected protocol being included in a group of protocols consisting of:
    - a) RADIUS;
      
      b) TACACS; and
      
      c) DIAMETER.
  - 18. The apparatus of claim 1, wherein the network element is further operable to manage the table, the table being associated with the network element, the table identifying a plurality of end users and an accounting indicator associated with each of the plurality of end users.

6. A method for providing security in a network environment, comprising:
- receiving a flow that propagates through an access gateway, the flow associated with an end user and propagating through a network, the flow communicating an accounting START indicator and an accounting STOP indicator, the accounting START indicator indicating that accounting has started, the accounting STOP indicator indicating that accounting has stopped;
  
  gleaning internet protocol (IP) address information from the flow at a network element, the IP address information comprising an IP address;
  
  determining from the accounting START indicator that the end user is being connected to the network;
  
  removing an outdated flow for the IP address from a table and inserting the flow in place of the outdated flow in the table in response to the determination from the accounting START indicator;
  
  determining from the accounting STOP indicator that the end user is being disconnected from the network; and
  
  removing the flow from the table in response to the determination from the accounting STOP indicator such that the IP address information in the access gateway and the network element is synchronized independent of a connection request or a connection response, wherein the access gateway is a general packet radio gateway service (GPRS) support node (GGSN) and the network element is a firewall.
- View Dependent Claims (7, 8, 9, 19)
- - 7. The method of claim 6, the table storing the IP address information associated with the end user.
  - 8. The method of claim 6, further comprising:
    - identifying the accounting START indicator associated with the end user; and
      
      responding to the accounting START indicator by providing an entry in the table and by removing existing information in the table that is inconsistent with the accounting START indicator being provided for the end user.
  - 9. The method of claim 6, further comprising:
    - identifying the accounting STOP indicator associated with the end user; and
      
      responding to the STOP indicator by deleting an entry in the table and by removing existing information in the table that is inconsistent with the accounting STOP indicator being provided for the end user.
  - 19. The method of claim 6, further comprising managing the table, the table being associated with the network element, the table identifying a plurality of end users and an accounting indicator associated with each of the plurality of end users.

10. A system for providing security in a network environment, comprising:
- means for receiving a flow that propagates through an access gateway, the flow associated with an end user and propagating through a network, the flow communicating an accounting START indicator and an accounting STOP indicator, the accounting START indicator indicating that accounting has started, the accounting STOP indicator indicating that accounting has stopped;
  
  means for gleaning interne protocol (IP) address information from the flow at a network element, the IP address information comprising an IP address;
  
  means for determining from the accounting START indicator that the end user is being connected to the network;
  
  means for removing an outdated flow for the IP address from a table and inserting the flow in place of the outdated flow in the table in response to the determination from the accounting START indicator;
  
  means for determining from the accounting STOP indicator that the end user is being disconnected from the network; and
  
  means for removing the flow from the table in response to the determination from the accounting STOP indicator such that the IP address information in the access gateway and the network element is synchronized independent of a connection request or a connection response, wherein the access gateway is a general packet radio gateway service (GPRS) support node (GGSN) and the network element is a firewall.
- View Dependent Claims (11, 12, 13, 20)
- - 11. The system of claim 10, the table storing the IP address information associated with the end user.
  - 12. The system of claim 10, further comprising:
    - means for identifying the accounting START indicator associated with the end user; and
      
      means for responding to the accounting START indicator by providing an entry in the table and by removing existing information in the table that is inconsistent with the accounting START indicator being provided for the end user.
  - 13. The system of claim 10, further comprising:
    - means for identifying the accounting STOP indicator associated with the end user; and
      
      means for responding to the STOP indicator by deleting an entry in the table and by removing existing information in the table that is inconsistent with the accounting STOP indicator being provided for the end user.
  - 20. The system of claim 10, further comprising means for managing the table, the table being associated with the network element, the table identifying a plurality of end users and an accounting indicator associated with each of the plurality of end users.

14. Software for providing security in a network environment, the software being embodied in a non-transitory computer readable medium and including computer code such that when executed is operable to:
- receive a flow that propagates through an access gateway, the flow associated with an end user and propagating through a network, the flow communicating an accounting START indicator and an accounting STOP indicator, the accounting START indicator indicating that accounting has started, the accounting STOP indicator indicating that accounting has stopped;
  
  glean internet protocol (IP) address information from the flow at a network element, the IP address information comprising an IP address;
  
  determine from the accounting START indicator that the end user is being connected to the network;
  
  remove an outdated flow for the IP address from a table and insert the flow in place of the outdated flow in the table in response to the determination from the accounting START indicator;
  
  determine from the accounting STOP indicator that the end user is being disconnected from the network; and
  
  remove the flow from the table in response to the determination from the accounting STOP indicator such that the IP address information in the access gateway and the network element is synchronized independent of a connection request or a connection response, wherein the access gateway is a general packet radio gateway service (GPRS) support node (GGSN) and the network element is a firewall.
- View Dependent Claims (15, 16, 17, 21)
- - 15. The medium of claim 14, the table storing the IP address information associated with the end user.
  - 16. The medium of claim 14, wherein the code is further operable to:
    - identify the accounting START indicator associated with the end user; and
      
      respond to the accounting START indicator by providing an entry in the table and by removing existing information in the table that is inconsistent with the accounting START indicator being provided for the end user.
  - 17. The medium of claim 14, wherein the code is further operable to:
    - identify the accounting STOP indicator associated with the end user; and
      
      respond to the STOP indicator by deleting an entry in the table and by removing existing information in the table that is inconsistent with the accounting STOP indicator being provided for the end user.
  - 21. The medium of claim 14, wherein the code is further operable to manage the table, the table being associated with the network element, the table identifying a plurality of end users and an accounting indicator associated with each of the plurality of end users.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Andriantsiferana, Laurent H., Iyer, Jayaraman R.
Primary Examiner(s)
Najjar; Saleh
Assistant Examiner(s)
HENRY, MARIEGEORGES A

Application Number

US10/890,450
Time in Patent Office

2,451 Days
Field of Search

709/201, 709/217, 709/218, 709/223, 709/225, 709/226, 709/227, 709/232, 709/248, 709/249, 726/2, 726/3, 726/11, 726/12, 726/13, 370/231, 370/395.52
US Class Current

709/227
CPC Class Codes

H04L 63/0209 Architectural arrangements,...

H04W 12/088 using filters or firewalls

System and method for providing security in a network environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

51 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing security in a network environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links