System Providing Methodology for Access Control with Cooperative Enforcement
First Claim
1. A method for authorizing a client to access a service based on compliance with a policy required for access to the service, the method comprising:
- specifying a policy required for access to the service;
detecting a request for access to the service from a client;
attempting authentication of the client based on credentials presented by the client;
if the client is authenticated based on the credentials, determining whether the client is in compliance with said policy based, at least in part, on attributes of the client; and
if the client is determined to be in compliance with said policy, providing access to the service.
4 Assignments
0 Petitions
Accused Products
Abstract
A system providing methodology for access control with cooperative enforcement is described. In one embodiment, for example, a method is described for authorizing a client to access a service based on compliance with a policy required for access to the service, the method comprises steps of: specifying a policy required for access to the service; detecting a request for access to the service from a client; attempting authentication of the client based on credentials presented by the client; if the client is authenticated based on the credentials, determining whether the client is in compliance with the policy based, at least in part, on attributes of the client; and if the client is determined to be in compliance with the policy, providing access to the service.
430 Citations
68 Claims
-
1. A method for authorizing a client to access a service based on compliance with a policy required for access to the service, the method comprising:
-
specifying a policy required for access to the service;
detecting a request for access to the service from a client;
attempting authentication of the client based on credentials presented by the client;
if the client is authenticated based on the credentials, determining whether the client is in compliance with said policy based, at least in part, on attributes of the client; and
if the client is determined to be in compliance with said policy, providing access to the service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A system for authenticating and assigning access privileges to a client device for access to a service, the system comprising:
-
a policy specifying access privileges to be assigned to a client device based on attributes of the client device;
a primary authentication module for receiving a request from a client device for access to the service and determining whether to authenticate the client device for access to the service; and
a supplemental authentication module for examining attributes of a client device authenticated by said primary authentication module and assigning access privileges to the client device based on the policy. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A method for assigning privileges to a client to use a service based on an access policy, the method comprising:
-
specifying an access policy for assigning privileges to a client to use the service based on attributes of the client;
detecting a request for use of the service from a client;
attempting authentication of the client based on user identity information provided by the client;
if the client is authenticated based on user identity, collecting attribute information from the client; and
assigning privileges to the client to use the service based on the collected attribute information and the access policy. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
-
-
58. In a system comprising a client computer connecting to a service through a network, a method for regulating access to the service based on a specified access policy, the method comprising:
-
transmitting a challenge from the service to the client computer connecting to the service for determining whether the client computer is in compliance with said specified access policy, wherein said access policy includes attributes of the client device that are acceptable for permitting access to the service;
transmitting a response from the client computer back to the service, for responding to the challenge issued by the service; and
blocking access to the service by the client computer if the client computer does not respond appropriately to the challenge issued by the service. - View Dependent Claims (59, 60, 61, 62, 63, 64, 65, 66, 67, 68)
-
Specification