Host credentials authorization protocol
First Claim
Patent Images
1. A host credentials authorization protocol (HCAP) for exchanging information between an authentication, authorization and accounting (AAA) server and a posture validation server during a posture validation session comprising:
- at least one version negotiation request message;
at least one version negotiation response message;
at least one posture validation request message; and
at least one posture validation response message.
1 Assignment
0 Petitions
Accused Products
Abstract
A protocol, method, apparatus and computer program product for providing and utilizing a host credential authorization protocol (HCAP) is presented. The protocol is utilized by an AAA server and a posture validation server. The AAA server and the posture validation server are utilized to determine whether a host is allowed access to a device.
50 Citations
34 Claims
-
1. A host credentials authorization protocol (HCAP) for exchanging information between an authentication, authorization and accounting (AAA) server and a posture validation server during a posture validation session comprising:
-
at least one version negotiation request message;
at least one version negotiation response message;
at least one posture validation request message; and
at least one posture validation response message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A host credentials authorization protocol (HCAP) for exchanging information between an authentication, authorization and accounting (AAA) server and a posture validation server during a posture validation session comprising:
-
at least one version negotiation request message;
at least one version negotiation response message;
at least one posture validation request message; and
at least one posture validation response message, and wherein said version negotiation request message, said version negotiation response message, said validation request message, and said posture validation response message are in a format comprising a code field comprising an eight bit field indicating the message is one of a request message and a response message, a request ID field comprising a sixteen bit field indicating an identification number for a request, a length field comprising a sixteen bit field indicating a number of octets in the message, a type field comprising an eight bit field indicating a message type, a flags field comprising an eight bit field, a version field comprising an eight bit field indicating the version of said HCAP, and a data field comprising at least one Vendor AppType Frame-Type Length Value (VAF-TLV) including at least one Attribute Value Pair (AVP) and a Result-TLV.
-
-
13. A method for controlling access to a device, the method comprising:
-
receiving a request for access to the device from a host;
forwarding the request for access from said device to a first server;
initiating a posture validation session between an authentication, authorization and accounting (AAA) server and a posture validation server, said posture validation session utilizing a host credentials authorization protocol (HCAP);
determining whether to allow access by said host to said device by said first server based on a result from said posture validation session; and
when access is allowed then allowing access by said host to said device and when access is not allowed then disabling access by said host to said device. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method for controlling access to a device, the method comprising:
-
receiving a request for access to the device from a host;
forwarding the request for access from said device to an AAA server;
initiating a posture validation session between said AAA server and a posture validation server, said posture validation session utilizing a host credentials authorization protocol (HCAP), said HCAP including at least one of a version negotiation request message, a version negotiation response message, a posture validation request message, and a posture validation response message, wherein said version negotiation request message, said version negotiation response message, said posture validation request message, and said posture validation response message are in a format comprising a code field comprising an eight bit field indicating the message is one of a request message and a response message, a request ID field comprising a sixteen bit field indicating an identification number for a request, a length field comprising a sixteen bit field indicating a number of octets in the message, a type field comprising comprises an eight bit field indicating a message type, a flags field comprising an eight bit field, a version field comprising an eight bit field indicating the version of the HCAP and a data field comprising at least one Vendor AppType Frame-Type Length Value (VAF-TLV) including at least one Attribute Value Pair (AVP) and a Result-TLV;
determining whether to allow access by said host to said device by said AAA server based on a result from said posture validation session; and
when access is allowed then allowing access by said host to said device and when access is not allowed then disabling access by said host to said device.
-
-
26. A system comprising:
-
a host;
a device in communication with said host;
an authentication, authorization and accounting (AAA) server in communication with said device; and
a posture validation server (PVS) in communication with said AAA server, said PVS communicating with said AAA server using a host credentials authorization protocol (HCAP) and wherein said AAA server and said PVS determine whether said host is allowed access to said device. - View Dependent Claims (27, 28)
-
-
29. A system comprising:
-
a host;
a device in communication with said host;
a first server in communication with said device; and
a second server in communication with said first server, said second server communicating with said first server using a host credentials authorization protocol (HCAP) wherein said first server and second server determine whether said host is allowed access to said device and wherein said HCAP includes at least one of a version negotiation request message, a version negotiation response message, a posture validation request message, and a posture validation response message, wherein said version negotiation request message, said version negotiation response message, said posture validation request message, and said posture validation response message are in a format comprising a code field comprising an eight bit field indicating the message is one of a request message and a response message, a request ID field comprising a sixteen bit field indicating an identification number for a request, a length field comprising a sixteen bit field indicating a number of octets in the message, a type field comprising comprises an eight bit field indicating a message type, a flags field comprising an eight bit field, a version field comprising an eight bit field indicating the version of the HCAP and a data field comprising at least one Vendor AppType Frame-Type Length Value (VAF-TLV) including at least one Attribute Value Pair (AVP) and a Result-TLV.
-
-
30. A computer program medium having computer readable code thereon for providing a host credentials authorization protocol, the medium comprising:
-
instructions for receiving a request for access to the device from a host;
instructions for forwarding the request for access from said device to an authentication, authorization and accounting (AAA) server;
instructions for initiating a posture validation session between said AAA server and a posture validation server (PVS), said posture validation session utilizing a host credentials authorization protocol (HCAP);
instructions for determining whether to allow access by said host to said device by said AAA server based on a result from said posture validation session; and
instructions for allowing access by said host to said device when access is allowed and instructions for disabling access by said host to said device when access is not allowed. - View Dependent Claims (31, 32)
-
-
33. A computer program medium having computer readable code thereon for providing a host credentials authorization protocol, the medium comprising:
-
instructions for receiving a request for access to the device from a host;
instructions for forwarding the request for access from said device to a first server;
instructions for initiating a posture validation session between said first server and a second server, said posture validation session utilizing a host credentials authorization protocol (HCAP), wherein said HCAP includes at least one of a version negotiation request message, a version negotiation response message, a posture validation request message, and a posture validation response message, wherein said version negotiation request message, said version negotiation response message, said posture validation request message, and said posture validation response message are in a format comprising a code field comprising an eight bit field indicating the message is one of a request message and a response message, a request ID field comprising a sixteen bit field indicating an identification number for a request, a length field comprising a sixteen bit field indicating a number of octets in the message, a type field comprising comprises an eight bit field indicating a message type, a flags field comprising an eight bit field, a version field comprising an eight bit field indicating the version of the HCAP and a data field comprising at least one Vendor AppType Frame-Type Length Value (VAF-TLV) including at least one Attribute Value Pair (AVP) and a Result-TLV;
instructions for determining whether to allow access by said host to said device by said first server based on a result from said posture validation session; and
instructions for allowing access by said host to said device when access is allowed and instructions for disabling access by said host to said device when access is not allowed.
-
-
34. A system comprising:
-
means for receiving a request for access to a device from a host;
means for forwarding the request for access from said device to an authentication, authorization and accounting (AAA) server;
means for initiating a posture validation session between said AAA server and a posture validation server, said posture validation session utilizing a host credentials authorization protocol (HCAP);
means for determining whether to allow access by said host to said device by said AAA server based on a result from said posture validation session; and
when access is allowed then means for allowing access by said host to said device and when access is not allowed then means for disabling access by said host to said device.
-
Specification