System and method for providing security in a network environment using accounting information

US 8,312,530 B2
Filed: 05/24/2006
Issued: 11/13/2012
Est. Priority Date: 07/12/2004
Status: Active Grant

First Claim

Patent Images

1. An apparatus for providing security in a network environment, comprising:

a network element providing security for a network, the network element inspecting incoming communications that are entering the network to determine validity prior to forwarding the incoming communications to the network, wherein the validity of the incoming communications is determined based on a shared secret received from an end user associated with the incoming communications, the network element further operable to;

receive a communication flow that propagates through an access gateway, the communication flow being initiated by the end user associated with the communication flow and propagating through the network;

receive from the access gateway accounting information, the accounting information generated by accounting software, the accounting information indicating the communication flow associated with the end user has terminated, the accounting information further indicating an IP address assigned to the end user prior to disconnecting from or logging off the network;

determine from the accounting information the IP address assigned to the end user prior to disconnecting from or logging off the network;

determine that an entry associated with the determined IP address of the end user prior to disconnecting from or logging off the network exists in a database;

in response, removing the entry associated with the determined IP address of the end user from the database; and

wherein the network element is operable to determine from the accounting information that the communication flow associated with the end user has terminated even though the network element does not maintain a direct connection with the end user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment of the present invention, there is provided a method for providing security in a network environment that includes receiving a flow that propagates through an access gateway. The flow is initiated by an end user associated with the flow and propagates through a network. The method also includes receiving accounting information indicative of the termination of the flow. In response, tearing down of the communication associated with the flow is initiated.

46 Citations

View as Search Results

34 Claims

1. An apparatus for providing security in a network environment, comprising:
- a network element providing security for a network, the network element inspecting incoming communications that are entering the network to determine validity prior to forwarding the incoming communications to the network, wherein the validity of the incoming communications is determined based on a shared secret received from an end user associated with the incoming communications, the network element further operable to;
  
  receive a communication flow that propagates through an access gateway, the communication flow being initiated by the end user associated with the communication flow and propagating through the network;
  
  receive from the access gateway accounting information, the accounting information generated by accounting software, the accounting information indicating the communication flow associated with the end user has terminated, the accounting information further indicating an IP address assigned to the end user prior to disconnecting from or logging off the network;
  
  determine from the accounting information the IP address assigned to the end user prior to disconnecting from or logging off the network;
  
  determine that an entry associated with the determined IP address of the end user prior to disconnecting from or logging off the network exists in a database;
  
  in response, removing the entry associated with the determined IP address of the end user from the database; and
  
  wherein the network element is operable to determine from the accounting information that the communication flow associated with the end user has terminated even though the network element does not maintain a direct connection with the end user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The apparatus of claim 1, wherein the network element that does not maintain the direct connection with the end user and through which the communications flow is propagated includes a table operable to store the IP address.
  - 3. The apparatus of claim 1, wherein the accounting information comprises a RADIUS STOP indicator.
  - 4. The apparatus of claim 1, wherein the accounting information comprises a RADIUS START message.
  - 5. The apparatus of claim 1, wherein the network element is a selected one of a group of network elements, the group consisting of:
    - a) a firewall;
      
      b) a switch;
      
      c) a loadbalancer;
      
      d) a gateway;
      
      e) a bridge;
      
      f) a router; and
      
      g) a processor.
  - 6. The apparatus of claim 1, wherein the network element is operable to use a selected protocol to glean the IP information, the selected protocol being included in a group of protocols consisting of:
    - a) RADIUS;
      
      b) TACACS; and
      
      c) DIAMETER.
  - 7. The apparatus of claim 1, wherein the access gateway is a general packet radio gateway service (GPRS) support node (GGSN).
  - 8. The method of claim 1, the network element further operable to:
    - determine that the access gateway has not been configured to provide accounting information indicating the communication flow associated with the end user has terminated; and
      
      drop the received accounting information in response to the determination that the access gateway has not been configured to provide accounting information indicating the communication flow associated with the end user has terminated.
  - 9. The apparatus of claim 1, the network element further operable to:
    - in response to receiving the accounting information indicating that the communication flow associated with the end user has terminated, tear down a connection between the network element and a network server, the connection assigned to the communication flow associated with the end user, the connection used for propagating the communication flow through the network element to the network server.
  - 10. The method of claim 1, further comprising:
    - detecting, by the network element, an event occurring at the access gateway; and
      
      synchronizing the accounting information when the event is detected.
  - 11. The method of claim 1, further comprising:
    - using the network element to monitor communications between the access gateway and a radius server;
      
      determining from the communications between the access gateway and the radius server that a stop accounting event has occurred; and
      
      synchronizing the accounting information maintained at the network element to reflect the stop accounting event.

12. A method for providing security in a network environment, comprising:
- using a network element to provide security for a network, the network element inspecting incoming communications that are entering the network to determine validity prior to forwarding the incoming communications to the network, wherein the validity of the incoming communications is determined based on a shared secret received from an end user associated with the incoming communications;
  
  receiving, by the network element, a communication flow that propagates through an access gateway, the communications flow being initiated by an end the end user associated with the communication flow and propagating through the network;
  
  receiving, by the access gateway, a message indicating the end user has disconnected from or logged off the network;
  
  generating, by the access gateway using accounting software, an accounting message indicating the termination of the communication flow associated with the end user, the accounting message further indicating an IP address assigned to the end user prior to disconnecting from or logging off the network;
  
  receiving, by the network element from the access gateway, the accounting message indicative of the termination of the communication flow associated with the end user;
  
  determining from the accounting message, by the network element, the IP address assigned to the first end user;
  
  determining, by the network element, that the determined IP address of the first end user exists in an entry in a database, the entry in the database indicating the communication flow associated with the end user;
  
  in response, removing the entry indicating the communication flow associated with the end user from the database; and
  
  wherein the network element is operable to determine from the accounting message that the communication flow associated with the end user has terminated even though the network element does not maintain a direct connection with the end user.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12, further comprising:
    - providing a table on the network element that does not maintain the direct connection with the end user and through which the communication flow is propagated, wherein the table stores the IP address information associated with the end user.
  - 14. The method of claim 12, wherein the accounting information comprises a RADIUS STOP indicator.
  - 15. The method of claim 12, wherein the accounting information comprises a RADIUS START message.
  - 16. The method of claim 12, wherein the accounting information comprises an IP address associated with the end user.
  - 17. The method of claim 12, wherein the network element is further operable to:
    - in response to receiving the accounting information indicating that the communication flow associated with the end user has terminated, tear down a connection between the network element and a network server, the connection assigned to the communication flow associated with the end user, the connection used for propagating the communication flow through the network element to the network server.
  - 18. The method of claim 12, further comprising:
    - detecting, by the network element, an event occurring at the access gateway; and
      
      synchronizing the accounting information when the event is detected.
  - 19. The method of claim 12, further comprising:
    - using the network element to monitor communications between the access gateway and a radius server;
      
      determining from the communications between the access gateway and the radius server that a stop accounting event has occurred; and
      
      synchronizing the accounting information maintained at the network element to reflect the stop accounting event.

20. A system for providing security in a network environment, comprising:
- means for using a network element to provide security for a network, the network element inspecting incoming communications that are entering the network to determine validity prior to forwarding the incoming communications to the network, wherein the validity of the incoming communications is determined based on a shared secret received from an end user associated with the incoming communications;
  
  means for receiving, by the network element, a communication flow that propagates through an access gateway, the communication flow being initiated by the end user associated with the communication flow and propagating through a network;
  
  means for receiving from the access gateway accounting information, the accounting information generated by accounting software, the accounting information indicating the communication flow associated with the end user has terminated, the accounting information further indicating an IP address assigned to the end user prior to disconnecting from or logging off the network;
  
  means for determining from the accounting information the IP address assigned to the first end user prior to disconnecting from or logging off the network;
  
  means for determining that an entry associated with the determined IP address of the first end user prior to disconnecting from or logging off the network exists in a database;
  
  a processor, in response to receiving the accounting information, for removing the entry associated with the determined IP address of the first end user from the database; and
  
  wherein the network element is operable to determine from the accounting information that the communication flow associated with the end user has terminated even though the network element does not maintain a direct connection with the end user.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 29)
- - 21. The system of claim 20, further comprising:
    - means for providing a table on the network element that does not maintain the direct connection with the end user and through which the communication flow is propagated, wherein the table stores IP address associated with the end user.
  - 22. The system of claim 20, wherein the accounting information comprises a RADIUS STOP indicator.
  - 23. The system of claim 20, wherein the accounting information comprises a RADIUS START message.
  - 24. The system of claim 20, wherein the network element is a selected one of a group of network elements, the group consisting of:
    - a) a firewall;
      
      b) a switch;
      
      c) a loadbalancer;
      
      d) a gateway;
      
      e) a bridge;
      
      f) a router; and
      
      g) a processor.
  - 25. The system of claim 20, further comprising:
    - in response to receiving the accounting information indicating that the communication flow associated with the end user has terminated, means for tearing down a connection between the network element and a network server, the connection assigned to the communication flow associated with the end user, the connection used for propagating the communication flow through the network element to the network server.
  - 26. The system of claim 20, further comprising:
    - means for detecting, at the network element, an event occurring at the access gateway; and
      
      means for synchronizing the accounting information when the event is detected.
  - 27. The system of claim 20, further comprising:
    - means for monitoring, at the network element, communications between the access gateway and a radius server;
      
      means for determining from the communications between the access gateway and the radius server that a stop accounting event has occurred; and
      
      means for synchronizing the accounting information maintained at the network element to reflect the stop accounting event.
  - 29. The system of claim 20, further comprising:
    - means for providing a table on the network element that does not maintain the direct connection with the end user and through which the communication flow is propagated, wherein the table stores IP address associated with the end user.

28. Software for providing security in a network environment, the software being embodied in a tangible, non-transitory computer readable medium and including computer code such that when executed is operable to:
- using a network element to provide security for a network, the network element inspecting incoming communications that are entering the network to determine validity prior to forwarding the incoming communications to the network, wherein the validity of the incoming communications is determined based on a shared secret received from an end user associated with the incoming communications;
  
  receive at the network element a communication flow that propagates through an access gateway, the communication flow being initiated by the end user associated with the communication flow and propagating through the network;
  
  receive from the access gateway accounting information, the accounting information generated by accounting software, the accounting information indicating the communication flow associated with the end user has terminated, the accounting information further indicating an IP address assigned to the end user prior to disconnecting from or logging off the network;
  
  determine from the accounting information the IP address assigned to the first end user prior to disconnecting from or logging off the network;
  
  determine that an entry associated with the determined IP address of the first end user prior to disconnecting from or logging off the network exists in a database;
  
  in response, removing the entry associated with the determined IP address of the first end user from the database; and
  
  wherein the network element is operable to determine from the accounting information that the communication flow associated with the end user has terminated even though the network element does not maintain a direct connection with the end user.
- View Dependent Claims (30, 31, 32, 33, 34)
- - 30. The medium of claim 28, wherein the accounting information is a RADIUS STOP indicator.
  - 31. The medium of claim 28, wherein the accounting information is a RADIUS START message.
  - 32. The software of claim 28, wherein the code is further operable to:
    - in response to receiving the accounting information indicating that the communication flow associated with the end user has terminated, tear down a connection between the network element and a network server, the connection assigned to the communication flow associated with the end user, the connection used for propagating the communication flow through the network element to the network server.
  - 33. The software of claim 28, wherein the code is further operable to:
    - detect, at the network element, an event occurring at the access gateway; and
      
      synchronize the accounting information when the event is detected.
  - 34. The software of claim 28, wherein the code is further operable to:
    - monitor, at the network element, communications between the access gateway and a radius server;
      
      determine from the communications between the access gateway and the radius server that a stop accounting event has occurred; and
      
      means for synchronizing the accounting information maintained at the network element to reflect the stop accounting event.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Andriantsiferana, Laurent, Hamel, Eric, Iyer, Jayaraman R., Thai, Hien T., Shatzkamer, Kevin D., Gasson, Andrew G.
Primary Examiner(s)
THIAW, CATHERINE B

Application Number

US11/420,186
Publication Number

US 20070192846A1
Time in Patent Office

2,365 Days
Field of Search

726/1, 726/2, 726/3, 726/12, 726/16, 726/6, 709228-229
US Class Current

726/12
CPC Class Codes

H04L 63/0209 Architectural arrangements,...

H04W 12/088 using filters or firewalls

System and method for providing security in a network environment using accounting information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

46 Citations

34 Claims

Specification

Use Cases

Quick Links

Others

System and method for providing security in a network environment using accounting information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

34 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others