Client computer self health check

US 20060047826A1
Filed: 08/25/2004
Published: 03/02/2006
Est. Priority Date: 08/25/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

coupling a server to a network;

defining a plurality of security requirements required to be implanted by a client computer before the client computer is authorized to log onto the network;

receiving at the server a request for a network address from the client computer, the network address enabling the client computer to log onto the network, the request for the network address including a security descriptor tag that describes a status of compliance, by the client computer, with the required security requirements;

comparing the security descriptor tag to a network security descriptor, the network security descriptor describing the status of compliance with the security requirements that is required for the client computer to log onto the network; and

providing the client computer the requested network address only if the security descriptor tag matches the network security descriptor.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for defining every operation required of a client PC before being authorized to obtain an IP address that will enable the client PC to join a network serviced by specified DHCP servers. Each successful operation generates a value that is stored on a pre-determined location on the client PC'"'"'s hard drive. A hash is created from all of the stored values, and after being encrypted, the hash is sent to the DHCP server when requesting an IP address. The DHCP server has a hash string indicative of the required status of operations that should be performed by any client PC requesting an IP address to join the network serviced by the DHCP server. If the DHCP'"'"'s has string does not match with the hash sent by the client PC, then the DHCP server will not provide the requisite IP address to the client PC.

42 Citations

View as Search Results

20 Claims

1. A method comprising:
- coupling a server to a network;
  
  defining a plurality of security requirements required to be implanted by a client computer before the client computer is authorized to log onto the network;
  
  receiving at the server a request for a network address from the client computer, the network address enabling the client computer to log onto the network, the request for the network address including a security descriptor tag that describes a status of compliance, by the client computer, with the required security requirements;
  
  comparing the security descriptor tag to a network security descriptor, the network security descriptor describing the status of compliance with the security requirements that is required for the client computer to log onto the network; and
  
  providing the client computer the requested network address only if the security descriptor tag matches the network security descriptor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the network address is an Internet Protocol (IP) address, and wherein the server is a Dynamic Host Configuration Protocol (DHCP) server.
  - 3. The method of claim 1, wherein the status of compliance, by the client computer, with the required security requirements is represented by a string of data stored in a predetermined location in a non-volatile memory in the client computer.
  - 4. The method of claim 3, further comprising:
    - hashing the string of data representing the status of compliance by the client computer, such that the security descriptor tag is a client security descriptor hash;
      
      hashing the network security descriptor to create an enterprise security descriptor hash;
      
      comparing the client security descriptor hash to the enterprise security descriptor hash; and
      
      providing the client computer with the requested IP address only if the client security descriptor hash matches the enterprise security descriptor hash.
  - 5. The method of claim 4, further comprising:
    - in response to hashed string of data from the client computer not matching the enterprise security descriptor hash, sending at least a portion of a detailed descriptor describing the status of compliance in the client computer.
  - 6. The method of claim 1, wherein the security descriptor tag is based on when the client computer last ran an anti-virus program.
  - 7. The method of claim 1, wherein the security descriptor tag is based on whether the client computer has adequate data access protection to prevent unauthorized data access of data on the client computer.
  - 8. The method of claim 7, wherein the adequate data access protection is compliant with the Health Insurance Portability and Accountability Act (HIPAA).
  - 9. The method of claim 1, wherein the security descriptor tag is based on whether the client computer has executed all Operating System (OS) patches required by the server.
  - 10. The method of claim 1, wherein the security descriptor tag is based on whether the client computer has a first encryption key that matches a second key in a key pair, the second key being stored in the server.
  - 11. The method of claim 1, wherein the security descriptor tag is based on whether the client computer has downloaded and executed all patches identified by the server as being required to communicate with the network.
  - 12. The method of claim 1, further comprising:
    - in response to the security descriptor tag not matching the network security descriptor, sending from the client computer to the server a non-hashed listing of software and security settings currently in the client computer, the software and security settings having been previously hashed by the client computer to create the client computer'"'"'s security descriptor tag; and
      
      in response to receiving the non-hashed listing at the server, sending from the server to the client computer any required corrective software that, when run, places the client computer in compliance with the network'"'"'s security requirements, thus resulting in a security descriptor tag that matches the network security descriptor.

13. A computer program product, residing on a computer usable medium, the computer program product comprising:
- program code for coupling a server to a network;
  
  program code for defining a plurality of security requirements required to be implanted by a client computer before the client computer is authorized to log onto the network;
  
  program code for receiving at the server a request for a network address from the client computer, the network address enabling the client computer to log onto the network, the request for the network address including a security descriptor tag that describes a status of compliance, by the client computer, with the required security requirements;
  
  program code for comparing the security descriptor tag to a network security descriptor, the network security descriptor describing the status of compliance with the security requirements that is required for the client computer to log onto the network; and
  
  program code for providing the client computer the requested network address only if the security descriptor tag matches the network security descriptor.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer program product of claim 13, wherein the network address is an Internet Protocol (IP) address, and wherein the server is a Dynamic Host Configuration Protocol (DHCP) server.
  - 15. The computer program product of claim 13, wherein the status of compliance, by the client computer, with the required security requirements is represented by a string of data stored in a predetermined location in a non-volatile memory in the client computer.
  - 16. The computer program product of claim 15, further comprising:
    - program code for hashing the string of data representing the status of compliance by the client computer, such that the security descriptor tag is a client security descriptor hash;
      
      program code for hashing the network security descriptor to create an enterprise security descriptor hash;
      
      program code for comparing the client security descriptor hash to the enterprise security descriptor hash; and
      
      program code for providing the client computer with the requested IP address only if the client security descriptor hash matches the enterprise security descriptor hash.
  - 17. The computer program product of claim 13, further comprising:
    - program code for, in response to the security descriptor tag not matching the network security descriptor, sending from the client computer to the server a non-hashed listing of software and security settings currently in the client computer, the software and security settings having been previously hashed by the client computer to create the client computer'"'"'s security descriptor tag; and
      
      program code for, in response to receiving the non-hashed listing at the server, sending from the server to the client computer any required corrective software that, when run, places the client computer in compliance with the network'"'"'s security requirements, thus resulting in a security descriptor tag that matches the network security descriptor.

18. A system comprising:
- a server coupled to a network;
  
  a network interface in the server for receiving at the server a request for a network address from a client computer, the network address enabling the client computer to log onto the network, the request for the network address including a security descriptor tag that describes a current security level of the client computer;
  
  a comparator in the server for comparing the security descriptor tag to a network security descriptor, the network security descriptor describing a current security level required by the network to allow the client computer to log onto the network; and
  
  an address provider in the server for providing the client computer the requested network address only if the security descriptor tag matches the network security descriptor.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the network address is an Internet Protocol (IP) address, and wherein the server is a Dynamic Host Configuration Protocol (DHCP) server, and wherein the security descriptor tag is a hash value representing a plurality of security properties of the client computer.
  - 20. The system of claim 19, wherein the security descriptor tag is a hashed string describing a pre-determined order of the plurality of security requirements required for the client computer to log onto the network, and wherein the network security descriptor is a hashed string describing the status of compliance with the security requirements that is required for the client computer to log onto the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo Singapore Pte Limited (Lenovo Group Ltd.)
Original Assignee
International Business Machines Corporation
Inventors
Cromer, Daryl Carvis, Locker, Howard Jeffrey, Springfield, Randall Scott, Davis, Mark Charles

Application Number

US10/926,365
Publication Number

US 20060047826A1
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

H04L 61/00 Network arrangements, proto...

H04L 61/5014 using dynamic host configur...

Client computer self health check

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Client computer self health check

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links