System and method for providing security in a network environment using accounting information
First Claim
Patent Images
1. An apparatus for providing security in a network environment, comprising:
- a network element providing security for a network, the network element inspecting incoming communications that are entering the network to determine validity prior to forwarding the incoming communications to the network, wherein the validity of the incoming communications is determined based on a shared secret received from an end user associated with the incoming communications, the network element further operable to;
receive a communication flow that propagates through an access gateway, the communication flow being initiated by the end user associated with the communication flow and propagating through the network;
receive from the access gateway accounting information, the accounting information generated by accounting software, the accounting information indicating the communication flow associated with the end user has terminated, the accounting information further indicating an IP address assigned to the end user prior to disconnecting from or logging off the network;
determine from the accounting information the IP address assigned to the end user prior to disconnecting from or logging off the network;
determine that an entry associated with the determined IP address of the end user prior to disconnecting from or logging off the network exists in a database;
in response, removing the entry associated with the determined IP address of the end user from the database; and
wherein the network element is operable to determine from the accounting information that the communication flow associated with the end user has terminated even though the network element does not maintain a direct connection with the end user.
1 Assignment
0 Petitions
Accused Products
Abstract
According to one embodiment of the present invention, there is provided a method for providing security in a network environment that includes receiving a flow that propagates through an access gateway. The flow is initiated by an end user associated with the flow and propagates through a network. The method also includes receiving accounting information indicative of the termination of the flow. In response, tearing down of the communication associated with the flow is initiated.
46 Citations
34 Claims
-
1. An apparatus for providing security in a network environment, comprising:
-
a network element providing security for a network, the network element inspecting incoming communications that are entering the network to determine validity prior to forwarding the incoming communications to the network, wherein the validity of the incoming communications is determined based on a shared secret received from an end user associated with the incoming communications, the network element further operable to; receive a communication flow that propagates through an access gateway, the communication flow being initiated by the end user associated with the communication flow and propagating through the network; receive from the access gateway accounting information, the accounting information generated by accounting software, the accounting information indicating the communication flow associated with the end user has terminated, the accounting information further indicating an IP address assigned to the end user prior to disconnecting from or logging off the network; determine from the accounting information the IP address assigned to the end user prior to disconnecting from or logging off the network; determine that an entry associated with the determined IP address of the end user prior to disconnecting from or logging off the network exists in a database; in response, removing the entry associated with the determined IP address of the end user from the database; and wherein the network element is operable to determine from the accounting information that the communication flow associated with the end user has terminated even though the network element does not maintain a direct connection with the end user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for providing security in a network environment, comprising:
-
using a network element to provide security for a network, the network element inspecting incoming communications that are entering the network to determine validity prior to forwarding the incoming communications to the network, wherein the validity of the incoming communications is determined based on a shared secret received from an end user associated with the incoming communications; receiving, by the network element, a communication flow that propagates through an access gateway, the communications flow being initiated by an end the end user associated with the communication flow and propagating through the network; receiving, by the access gateway, a message indicating the end user has disconnected from or logged off the network; generating, by the access gateway using accounting software, an accounting message indicating the termination of the communication flow associated with the end user, the accounting message further indicating an IP address assigned to the end user prior to disconnecting from or logging off the network; receiving, by the network element from the access gateway, the accounting message indicative of the termination of the communication flow associated with the end user;
determining from the accounting message, by the network element, the IP address assigned to the first end user;determining, by the network element, that the determined IP address of the first end user exists in an entry in a database, the entry in the database indicating the communication flow associated with the end user; in response, removing the entry indicating the communication flow associated with the end user from the database; and wherein the network element is operable to determine from the accounting message that the communication flow associated with the end user has terminated even though the network element does not maintain a direct connection with the end user. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A system for providing security in a network environment, comprising:
-
means for using a network element to provide security for a network, the network element inspecting incoming communications that are entering the network to determine validity prior to forwarding the incoming communications to the network, wherein the validity of the incoming communications is determined based on a shared secret received from an end user associated with the incoming communications; means for receiving, by the network element, a communication flow that propagates through an access gateway, the communication flow being initiated by the end user associated with the communication flow and propagating through a network; means for receiving from the access gateway accounting information, the accounting information generated by accounting software, the accounting information indicating the communication flow associated with the end user has terminated, the accounting information further indicating an IP address assigned to the end user prior to disconnecting from or logging off the network; means for determining from the accounting information the IP address assigned to the first end user prior to disconnecting from or logging off the network; means for determining that an entry associated with the determined IP address of the first end user prior to disconnecting from or logging off the network exists in a database; a processor, in response to receiving the accounting information, for removing the entry associated with the determined IP address of the first end user from the database; and wherein the network element is operable to determine from the accounting information that the communication flow associated with the end user has terminated even though the network element does not maintain a direct connection with the end user. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 29)
-
-
28. Software for providing security in a network environment, the software being embodied in a tangible, non-transitory computer readable medium and including computer code such that when executed is operable to:
-
using a network element to provide security for a network, the network element inspecting incoming communications that are entering the network to determine validity prior to forwarding the incoming communications to the network, wherein the validity of the incoming communications is determined based on a shared secret received from an end user associated with the incoming communications; receive at the network element a communication flow that propagates through an access gateway, the communication flow being initiated by the end user associated with the communication flow and propagating through the network; receive from the access gateway accounting information, the accounting information generated by accounting software, the accounting information indicating the communication flow associated with the end user has terminated, the accounting information further indicating an IP address assigned to the end user prior to disconnecting from or logging off the network; determine from the accounting information the IP address assigned to the first end user prior to disconnecting from or logging off the network; determine that an entry associated with the determined IP address of the first end user prior to disconnecting from or logging off the network exists in a database; in response, removing the entry associated with the determined IP address of the first end user from the database; and wherein the network element is operable to determine from the accounting information that the communication flow associated with the end user has terminated even though the network element does not maintain a direct connection with the end user. - View Dependent Claims (30, 31, 32, 33, 34)
-
Specification