Control of communication session attributes in network employing firewall protection

US 7,805,757 B2
Filed: 12/30/2005
Issued: 09/28/2010
Est. Priority Date: 12/30/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method for controlling an attribute associated with a communication session in a data communication network, comprising the steps of:

selecting at a first computing device one or more monitoring points and one or more firewall control points distributed in the data communication network, wherein the first computing device functionally serves as a centralized controller;

monitoring at the first computing device the attribute associated with the communication session, wherein the first computing device monitors the attribute via one or more messages received from the one or more selected monitoring points;

determining at the first computing device which computing devices in the data communication network are to be made aware of the monitored attribute, wherein at least one of the computing devices to be made aware of the monitored attribute comprises at least one of the one or more selected firewall control points; and

sending a message from the first computing device to each computing device identified in the determining step, wherein the first computing device controls the at least one of the one or more selected firewall control points via the sent message.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are disclosed for centralized control of one or more attributes associated with a communication session in a network containing firewalls. By way of example, a technique for controlling an attribute associated with a communication session in a data communication network includes the following steps. The attribute associated with the communication session is monitored at a first computing device, wherein the first computing device includes a functionally centralized controller. The first computing device determines which computing devices in the data communication network are to be made aware of the monitored attribute. At least one of the computing devices to be made aware of the monitored attribute includes a firewall. The first computing device sends a message to each computing device identified in the determining step.

14 Citations

View as Search Results

19 Claims

1. A method for controlling an attribute associated with a communication session in a data communication network, comprising the steps of:
- selecting at a first computing device one or more monitoring points and one or more firewall control points distributed in the data communication network, wherein the first computing device functionally serves as a centralized controller;
  
  monitoring at the first computing device the attribute associated with the communication session, wherein the first computing device monitors the attribute via one or more messages received from the one or more selected monitoring points;
  
  determining at the first computing device which computing devices in the data communication network are to be made aware of the monitored attribute, wherein at least one of the computing devices to be made aware of the monitored attribute comprises at least one of the one or more selected firewall control points; and
  
  sending a message from the first computing device to each computing device identified in the determining step, wherein the first computing device controls the at least one of the one or more selected firewall control points via the sent message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 18, 19)
- - 2. The method of claim 1, wherein the first computing device comprises a server.
  - 3. The method of claim 1, wherein the attribute comprises an occurrence of a communication session termination event.
  - 4. The method of claim 3, wherein the termination event represents a closure of a communication tunnel with which the communication session is associated.
  - 5. The method of claim 4, wherein the tunnel comprises at least one of the group consisting of a General Packet Radio Service tunnel and a Universal Mobile Telecommunications System tunnel.
  - 6. The method of claim 1, wherein one or more of the monitoring, determining, and sending steps are performed in accordance with a firewall that performs a network address translation operation such that the attribute is controlled in an original form and in an address translated form.
  - 7. The method of claim 1, further comprising the step of resending the message from the first computing device to a computing device identified in the determining step when the first computing device does not receive an acknowledgment of receipt of the message from the computing device.
  - 8. The method of claim 1, further comprising the step of using a user interface associated with the first computing device to select the one or more monitoring points and the one or more firewall control points in the data communication network.
  - 18. The method of claim 1, wherein the one or more monitoring points are distributed in a backbone portion of the data communication network and the one or more firewall control points are distributed in a portion of the data communication network external to the backbone portion.
  - 19. The method of claim 1, wherein at least one of the one or more firewall control points controls a zone of one or more other firewall control points.

9. Apparatus for controlling an attribute associated with a communication session in a data communication network, comprising:
- a memory; and
  
  at least one functionally centralized processor coupled to the memory and operative to;
  
  (i) select one or more monitoring points and one or more firewall control points distributed in the data communication network;
  
  (ii) monitor the attribute associated with the communication session via one or more messages received from the one or more selected monitoring points;
  
  (iii) determine which computing devices in the data communication network are to be made aware of the monitored attribute, wherein at least one of the computing devices to be made aware of the monitored attribute comprises at least one of the one or more selected firewall control points; and
  
  (iv) send a message to each computing device identified in the determining operation, so as to control the at least one of the one or more selected firewall control points via the sent message.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The apparatus of claim 9, wherein the attribute comprises an occurrence of a communication session termination event.
  - 11. The apparatus of claim 10, wherein the termination event represents a closure of a communication tunnel with which the communication session is associated.
  - 12. The apparatus of claim 11, wherein the tunnel comprises at least one of the group consisting of a General Packet Radio Service tunnel and a Universal Mobile Telecommunications System tunnel.
  - 13. The apparatus of claim 9, wherein one or more of the monitoring, determining, and sending operations are performed in accordance with a firewall that performs a network address translation operation such that the attribute is controlled in an original form and in an address translated form.
  - 14. The apparatus of claim 9, wherein the at least one processor is further operative to resend the message to a computing device identified in the determining operation when an acknowledgment of receipt of the message is not received from the computing device.
  - 15. The apparatus of claim 9, wherein the at least one processor is further operative to enable use of a user interface to select the one or more monitoring points and the one or more firewall control points in the data communication network.

16. Apparatus for controlling an attribute associated with a communication session in a data communication network, comprising:
- means for selecting at a first computing device one or more monitoring points and one or more firewall control points distributed in the data communication network, wherein the first computing device functionally serves as a centralized controller;
  
  means for monitoring at the first computing device the attribute associated with the communication session, wherein the first computing device monitors the attribute via one or more messages received from the one or more selected monitoring points;
  
  means for determining at the first computing device which computing devices in the data communication network are to be made aware of the monitored attribute, wherein at least one of the computing devices to be made aware of the monitored attribute comprises at least one of the one or more selected firewall control points; and
  
  means for sending a message from the first computing device to each computing device identified by the determining means, wherein the first computing device controls the at least one of the one or more selected firewall control points via the sent message.

17. Apparatus for controlling an attribute associated with a communication session in a data communication network, comprising:
- a functionally centralized server comprising a memory, the server being operative to;
  
  (i) select one or more monitoring points and one or more firewall control points distributed in the data communication network;
  
  (ii) monitor the attribute associated with the communication session via one or more messages received from the one or more selected monitoring points;
  
  (iii) determine which computing devices in the data communication network are to be made aware of the monitored attribute, wherein at least one of the computing devices to be made aware of the monitored attribute comprises at least one of the one or more selected firewall control points; and
  
  (iv) send a message to each computing device identified in the determining operation, so as to control the at least one of the one or more selected firewall control points via the sent message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Alcatel-Lucent USA, Inc. (Nokia Corporation)
Inventors
Menten, Lawrence Edwin
Primary Examiner(s)
Pyzocha, Michael
Assistant Examiner(s)
Fields, Courtney D

Application Number

US11/323,743
Publication Number

US 20070156911A1
Time in Patent Office

1,733 Days
Field of Search

726/12
US Class Current

726/12
CPC Class Codes

G06F 21/552 involving long-term monitor...

H04L 63/0218 Distributed architectures, ...

Control of communication session attributes in network employing firewall protection

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Control of communication session attributes in network employing firewall protection

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links