Multi-factor authorization for IEEE 802.1x-enabled networks
First Claim
1. A non-transitory computer readable medium including instructions executable by a processor to cause the processor to:
- determine a device fingerprint of a client device, wherein the instructions to determine the device fingerprint include instructions to;
receive a Dynamic Host Configuration Protocol (DHCP) message from the client device;
determine a type of the client device based on content of the DHCP message; and
determine, based on the content of the DHCP message, that the client device has previously been authenticated;
authenticate the client device to obtain access to network resources in a network in response to the determination of the device fingerprint, wherein the instructions to authenticate the client device include instructions to;
receive a device certificate from the client device, wherein the device certificate was issued to the client device upon the prior successful authentication;
authenticate the client device based on validity of the device certificate;
detect a device quarantine trigger, wherein the device quarantine trigger indicates an increased level of suspicion that a current user of the client device is a non-authenticated user; and
in response to the device quarantine trigger, place the client device from an authenticated state to a quarantined state pending completion of a particular workflow by the current user, wherein the client device has limited access to the network resources while in the quarantined state regardless of a previous successful user and/or device authentication.
2 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure discloses a system and method for providing multi-factor authorization for IEEE 802.1x-enabled networks. Specifically, a network device authenticates a client device to obtain access to network resources in a network via a network authentication protocol. The network device then detects a device quarantine trigger indicating an increased level of suspicion that a current user of the client device is a non-authenticated user. In response to the device quarantine trigger, the network device temporarily places the client device from an authenticated state to a quarantined state pending completion of a particular workflow by the current user. The client device has limited access to the network resources while in the quarantined state regardless of a previous successful user and/or device authentication.
16 Citations
18 Claims
-
1. A non-transitory computer readable medium including instructions executable by a processor to cause the processor to:
-
determine a device fingerprint of a client device, wherein the instructions to determine the device fingerprint include instructions to; receive a Dynamic Host Configuration Protocol (DHCP) message from the client device; determine a type of the client device based on content of the DHCP message; and determine, based on the content of the DHCP message, that the client device has previously been authenticated; authenticate the client device to obtain access to network resources in a network in response to the determination of the device fingerprint, wherein the instructions to authenticate the client device include instructions to; receive a device certificate from the client device, wherein the device certificate was issued to the client device upon the prior successful authentication; authenticate the client device based on validity of the device certificate; detect a device quarantine trigger, wherein the device quarantine trigger indicates an increased level of suspicion that a current user of the client device is a non-authenticated user; and in response to the device quarantine trigger, place the client device from an authenticated state to a quarantined state pending completion of a particular workflow by the current user, wherein the client device has limited access to the network resources while in the quarantined state regardless of a previous successful user and/or device authentication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
a device including a hardware processor, the system being configured to perform operations comprising; determining a device fingerprint of a client device, wherein determining the device fingerprint includes; determining a Media Access Control (MAC) address of the client device; and comparing the MAC address of the client device to a plurality of MAC addresses corresponding to a plurality of previously authenticated client devices; authenticating the client device to obtain access to network resources in a network in response to a determination that the MAC address of the client devices matches a MAC address of the plurality of MAC addresses corresponding to the plurality of previously authenticated client devices, wherein authenticating the client device comprises; receiving a device certificate from the client device, wherein the device certificate was issued to the client device upon the prior successful authentication; and authenticating the client device based on validity of the device certificate; detecting a device quarantine trigger, wherein the device quarantine trigger indicates an increased level of suspicion that a current user of the client device is a non-authenticated user; and in response to the device quarantine trigger, placing the client device from an authenticated state to a quarantined state pending completion of a particular workflow by the current user, wherein the client device has limited access to the network resources while in the quarantined state regardless of a previous successful user and/or device authentication. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
Specification