Integration of policy compliance enforcement and device authentication
First Claim
Patent Images
1. A method for controlling network access, comprising:
- receiving an access assignment at a device in an authentication sequence;
determining compliance of the device to an access policy; and
restricting network access of the device on the received assigned access with an enforcement agent on the device, based at least in part on the compliance determination.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatuses for integration of authentication and policy compliance enforcement. An enforcement agent may reside on a device. If an access assignment is provided to the device in conjunction with authentication, authorization to use the access granted may be restricted by the enforcement agent. In one embodiment a reduced-access assignment is made by an authenticator.
179 Citations
40 Claims
-
1. A method for controlling network access, comprising:
-
receiving an access assignment at a device in an authentication sequence;
determining compliance of the device to an access policy; and
restricting network access of the device on the received assigned access with an enforcement agent on the device, based at least in part on the compliance determination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An article of manufacture comprising a machine accessible medium having content to provide instructions to cause a machine to perform operations including:
-
determining compliance of a device authenticated for network access to a network policy; and
restricting network access of the device with an enforcement agent on the device based at least in part on the compliance determination. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. An apparatus to enforce a network policy, comprising:
-
a compliance module to be embedded on a device to determine an observance of the device of a security policy; and
an enforcement module to be embedded on the device to control network access of the device based at least in part on the observance determination of the compliance module and an authentication of the device. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method for controlling network access of a device, comprising:
-
authenticating a device in response to receiving attestation credentials from the device, the credentials including an indicator of a level of compliance of the device with a network access policy; and
assigning an access resource to enable full access to the device if the device is fully compliant, or a remediation access resource based at least in part on the level of compliance of the device if the device is not fully compliant. - View Dependent Claims (25, 26)
-
-
27. An article of manufacture comprising a machine accessible medium having content to provide instructions to cause a machine to perform operations including:
-
authenticating a device in response to receiving attestation credentials from the device, the credentials including an indicator of a level of compliance of the device with a network access policy; and
assigning an access resource to enable full access to the device if the device is fully compliant, or a remediation access resource based at least in part on the level of compliance of the device if the device is not fully compliant. - View Dependent Claims (28, 29)
-
-
30. A network node to perform authentication, comprising:
-
a processor to authenticate credentials for a device and determine from the credentials a compliance of the device to a security policy; and
an access server to make a full-access assignment if the device is determined to be completely compliant to the security policy, and otherwise to make a restricted-access assignment. - View Dependent Claims (31, 32)
-
-
33. A system comprising:
-
a supplicant to negotiate an access assignment with an authenticator; and
an embedded policy compliance enforcement agent coupled with the supplicant to enforce rules for reducing access on the assignment negotiated by the supplicant based at least in part on a level of compliance of a device to a network security policy. - View Dependent Claims (34, 35, 36, 37)
-
-
38. A system comprising:
-
an embedded circuit on a device having a policy application module to apply an access restriction for network access by the device, if the device is less than completely compliant with an access policy; and
a persistent storage device coupled with the embedded circuit to store an access rule, the access rule to include a restriction to correspond to the compliance of the device with the access policy. - View Dependent Claims (39, 40)
-
Specification