System and methods for providing network quarantine

US 20050267954A1
Filed: 10/27/2004
Published: 12/01/2005
Est. Priority Date: 04/27/2004
Status: Abandoned Application

First Claim

Patent Images

1. A network quarantine client for interacting with a server enforcing a quarantine policy, comprising:

at least one enforcement client for communicating with the server through a network protocol; and

a coordinating client for acquiring at least one statements of health from at least one policy client, wherein the coordinating client exposes an interface through which the at least one policy client communicates with the coordinating client, and wherein the coordinating client assembles the at least one statements of heath into statement of health list and provides the at least one enforcement client with the statement of health list.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for ensuring that machines having invalid or corrupt states are restricted from accessing network resources are provided. A quarantine coordination client (QCC) located on a client machine acquires statements of health from a plurality of quarantine policy clients. The QCC packages the statements and provides the package to a quarantine enforcement client (QEC). The QEC sends the package to a quarantine enforcement server (QES) with a request for network access. The QES passes the package to a quarantine coordination server (QCS) that disassembles the package and passes the individual statements of health to corresponding quarantine policy servers (QPS). The QPSs validate the statements of health and inform the QCS of the result. If the client provided valid statements of health, the QES grants the client access to the network.

167 Citations

View as Search Results

20 Claims

1. A network quarantine client for interacting with a server enforcing a quarantine policy, comprising:
- at least one enforcement client for communicating with the server through a network protocol; and
  
  a coordinating client for acquiring at least one statements of health from at least one policy client, wherein the coordinating client exposes an interface through which the at least one policy client communicates with the coordinating client, and wherein the coordinating client assembles the at least one statements of heath into statement of health list and provides the at least one enforcement client with the statement of health list.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The network quarantine client of claim 1, wherein the at least one enforcement client uses the statement of health list to gain access to network resources from the server.
  - 3. The network quarantine client of claim 1, wherein the at least one enforcement client is one of a Dynamic Host Control Protocol client, a Virtual Private Network client, and an IPsec client.
  - 4. The network quarantine client of claim 1, wherein the coordinating client communicates with the at least one policy client through an interface provided by the at least one policy client.
  - 5. The network quarantine client of claim 1, wherein the coordinating client and enforcement client are comprised in an operating system of a computer.
  - 6. The network quarantine client of claim 1, wherein the at least one policy client acquires a network policy from at least one policy server, and generates a statement of health indicating that a host computer is in compliance with the network policy.
  - 7. A computer-readable medium including computer-readable instructions for executing the method of claim 1.

8. A method for a client to comply with a network quarantine policy, comprising:
- acquiring a policy from one or more policy servers;
  
  executing a system diagnostic to determine if the client is in compliance with an acquired policy;
  
  if the client fails to comply with an acquired policy, correcting a security state of the client;
  
  generating a list of statements of health, each statement of health indicating the client is in compliance with a corresponding policy; and
  
  transmitting the list of statements of health to a quarantine server for validation.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, wherein correcting a security state of the client includes downloading a software patch from a fix-up server.
  - 10. The method of claim 8, wherein each statement of health is generated by a policy client responsible for determining whether the client is in compliance with a specified policy.
  - 11. The method of claim 8, further comprising receiving a bill of health from the quarantine server if the list of statements of health is validated, wherein the bill of health indicates to the quarantine server and other computers on a network that the client is in compliance with a security policy for the network.
  - 12. The method of claim 8, wherein the list of statements of health is transmitted to the quarantine server by a protocol enforcement client, wherein the protocol enforced by the protocol enforcement client is one of a Dynamic Host Control Protocol, a Virtual Private Network protocol, an IPsec protocol, and an IEEE 802.1X protocol.
  - 13. A computer-readable medium including computer-readable instructions for executing the method of claim 8.

14. A network quarantine server for enforcing a network quarantine policy, comprising:
- at least one enforcement server for communicating with at least one client through a network protocol; and
  
  a coordinating server for receiving a list of statements of health, including at least one statement of health, from the enforcement server and querying at least one policy server to verify the at least one statement of health.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The network quarantine server of claim 14, wherein, if each statement of health is verified, the coordinating server instructs the at least one enforcement server to grant the at least one client access to network resources.
  - 16. The network quarantine server of claim 14, wherein, if each statement of health is not verified, the coordinating server instructs the at least one enforcement server to enforce a quarantine policy acquired from the at least one policy server.
  - 17. The network quarantine server of claim 14, wherein the coordinating server exposes an interface through which the at least one policy server communicates with coordinating server.
  - 18. The network quarantine server of claim 14, wherein the coordinating server communicates with the at least one policy server through an interface provided by the at least one policy server.

19. A method for network quarantine management, comprising:
- receiving from a remotely located Dynamic Host Control Protocol (DHCP) server a bill of health acquired from a client requesting a network resource, the bill of health reflecting the system state of the client;
  
  validating the bill of health;
  
  if the statement of health is valid, instructing the DHCP server to grant the request; and
  
  if the statement of health is invalid, instructing the DHCP server not grant the request and to place the client in quarantine.
- View Dependent Claims (20)
- - 20. A computer-readable medium including computer-readable instructions for executing the method of claim 19.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Bradic, Ljubomir, Moore, Timothy M., Palekar, Ashwin, Choe, Calvin Choon-Hwan, Gidwani, Narendra C., Kamath, Vivek P., Berk, Hakan, Lewis, Elliot D.

Application Number

US10/973,970
Publication Number

US 20050267954A1
Time in Patent Office

Days
Field of Search
US Class Current

709/221
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/104   Grouping of entities

H04L 63/164   at the network layer

System and methods for providing network quarantine

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

167 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and methods for providing network quarantine

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

167 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others