System and Methodology for Policy Enforcement
First Claim
1. A system for authentication of a client device for access to a network, the system comprising:
- a first authentication module that establishes a session with a client device requesting network access, said session for collecting information from the client device and determining whether to authenticate the client device for access to the network based, at least in part, upon the collected information; and
a second authentication module that participates in said session with the client device for supplemental authentication of the client device for access to the network, said supplemental authentication based, at least in part, upon the collected information and a policy required as a condition for network access.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and methodology for policy enforcement during authentication of a client device for access to a network is described. A first authentication module establishes a session with a client device requesting network access for collecting information from the client device and determining whether to authenticate the client device for access to the network based, at least in part, upon the collected information. A second authentication module participates in the session with the client device for supplemental authentication of the client device for access to the network. The supplemental authentication of the client device is based, at least in part, upon the collected information and a policy required as a condition for network access.
-
Citations
59 Claims
-
1. A system for authentication of a client device for access to a network, the system comprising:
-
a first authentication module that establishes a session with a client device requesting network access, said session for collecting information from the client device and determining whether to authenticate the client device for access to the network based, at least in part, upon the collected information; and
a second authentication module that participates in said session with the client device for supplemental authentication of the client device for access to the network, said supplemental authentication based, at least in part, upon the collected information and a policy required as a condition for network access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for enforcing compliance with security rules required as a condition for access, the method comprising:
-
specifying security rules required as a condition for access;
detecting a request for access from a client;
verifying authentication of the client requesting access, including collecting information from the client;
if the client is authenticated for access, providing access to the client in accordance with the security rules based at least in part on said information collected during authentication. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A method for enforcing compliance with a security policy required as a condition for access to at least one resource, the method comprising:
-
specifying a security policy required for access to at least one resource;
detecting a request for access from a particular computer;
attempting authentication of said particular computer, including determining the particular computer'"'"'s compliance with the security policy;
if the particular computer is authenticated and is in compliance with the security policy, providing access in accordance with the security policy; and
otherwise, denying access. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43)
-
-
44. An improved method for authenticating a device for access to a network including an improvement for determining compliance with a policy required as a condition for access, the improvement comprising:
-
specifying a policy required as a condition for network access;
determining whether the device is in compliance with the policy during attempted authentication of the device; and
if the device is authenticated, allowing network access based upon the determination made about the device'"'"'s compliance with the policy. - View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52)
-
-
53. A system for determining an access policy to be applied to a device requesting access to a network, the system comprising:
-
a network access module for receiving a request for network access from a device and regulating access to the network;
a primary authentication module which communicates with the device for determining whether the device is authorized to access the network; and
a secondary authentication module which participates in communications between the device and the primary authentication module for determining an access policy to be applied to the device based upon a security policy required as a condition of network access. - View Dependent Claims (54, 55, 56, 57, 58, 59)
-
Specification