Dynamic network connection based on compliance

US 20070055752A1
Filed: 09/08/2005
Published: 03/08/2007
Est. Priority Date: 09/08/2005
Status: Abandoned Application

First Claim

Patent Images

1. A system for enabling compliance of a communication device with the policies of a destination network, comprising:

a communication device configured to connect to a compliance network;

said compliance network configured to check whether said communication device is sufficiently in compliance with at least one predetermined policy of a destination network and to not allow said communication device to connect with said destination network if said communication device is not sufficiently in compliance with said at least one predetermined policy; and

a connection including a first configuration to connect between said compliance network and said communication device, and a second configuration varying at least partially from said first configuration to connect between said communication device and said destination network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are systems and methods to dynamically connect a communication device to the appropriate computer network according to the compliance level of the communication device. In one embodiment, a communication device connected to a compliance network is checked for sufficient compliance with one or more policies of a destination network. If not in sufficient compliance, the communication device in this embodiment is not allowed while insufficiently compliant to connect to the destination network, and optionally receives any appropriate updates via the connection with the compliance network. If in sufficient compliance or when rendered in sufficient compliance, the communication device is allowed in this embodiment to connect to the destination network via a connection that is not identical to the connection previously established between the communication device and the compliance network. Disclosed herein in another aspect of the invention are systems and methods to transfer, within an authentication protocol conversation, data which is unrelated to the authentication protocol.

Citations

26 Claims

1. A system for enabling compliance of a communication device with the policies of a destination network, comprising:
- a communication device configured to connect to a compliance network;
  
  said compliance network configured to check whether said communication device is sufficiently in compliance with at least one predetermined policy of a destination network and to not allow said communication device to connect with said destination network if said communication device is not sufficiently in compliance with said at least one predetermined policy; and
  
  a connection including a first configuration to connect between said compliance network and said communication device, and a second configuration varying at least partially from said first configuration to connect between said communication device and said destination network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 12)
- - 2. The system of claim 1, wherein said compliance network is also configured to attempt to render said communication device sufficiently in compliance with said at least one predetermined policy, if necessary.
  - 3. The system of claim 1, wherein said compliance network is also configured to provide to said communication device a pass for accessing said destination network if said communication device is determined to be sufficiently in compliance with said at least one predetermined policy.
  - 4. The system of claim 1, wherein said first configuration includes a network device and an authorization, authentication and accounting (AAA) server.
  - 5. The system of claim 4, wherein data is transferred between said communication device and said compliance network in an authentication protocol conversation between said network device and said AAA server.
  - 6. The system of claim 5, wherein said data includes at least one update from said compliance network to said communication device.
  - 7. The system of claim 4 wherein said network device includes an 802.1x switch.
  - 8. The system of claim 1, wherein said first configuration includes a Virtual Private Network (VPN) server.
  - 9. The system of claim 8, wherein data is transferred between said communication device and said compliance network via a virtual private network, said virtual private network including said communication device, a network access server, the Internet, and said VPN server.
  - 10. The system of claim 9, wherein said data includes at least one update from said compliance network to said communication device.
  - 12. The communication device of claim 11, further comprising:
    - means for evaluating at least one predetermined condition, wherein said evaluated at least one predetermined condition is used by said means for selecting in selecting said connection for said communication device.

11. A communication device, comprising:
- means for selecting a connection between said communication device and a destination network or between said communication device and a compliance network exclusive of said destination network; and
  
  means for establishing said selected connection;
  
  wherein said means for selecting is configured to select said connection with said compliance network exclusive of said destination network when a likelihood that said communication device is not in sufficient compliance with at least one predetermined policy of said destination network exceeds a predetermined level.
- View Dependent Claims (13, 14)
- - 13. The communication device of claim 11, further comprising:
    - means for receiving updates from said compliance network; and
      
      means for applying said received updates to said communication device.
  - 14. The communication device of claim 11, further comprising:
    - means for receiving a pass from said compliance network which allows access of said communication device to said destination network, wherein said means for selecting a connection is configured to select a connection with said destination network when said communication device holds a valid pass received by said pass-receiving means.

15. A method of enabling compliance of a communication device with the policies of a destination network, comprising:
- operating a communication device intending to connect to a destination network via a connection between said communication device and said destination network, said communication device connecting instead to a compliance network via a connection between said communication device and said compliance network, wherein said connection between said communication device and said destination network is different than said connection between said communication device and said compliance network;
  
  checking, by said compliance network, said communication device for sufficient compliance with at least one predetermined policy of the destination network; and
  
  preventing, if said communication device is not in sufficient compliance with said at least one predetermined policy, said communication device from connecting to said destination network.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The method of claim 15, further comprising:
    - receiving by said communication device, if said communication device is not in sufficient compliance with said at least one predetermined policy, at least one appropriate update from said compliance network, and checking by said compliance network if said communication device is subsequently in sufficient compliance with said at least one predetermined policy.
  - 17. The method of claim 16, further comprising:
    - disconnecting said communication device from said compliance network and applying said received at least one appropriate update prior to connecting to said destination network.
  - 18. The method of claim 15, further comprising:
    - connecting, if said compliance network can not render said communication device in sufficient compliance with said at least one predetermined policy, said communication device to a quarantine network.
  - 19. The method of claim 15, further comprising:
    - providing, by said compliance network, said communication device with a pass to connect with said destination system if said compliance network determines that said communication device is in sufficient compliance with all of at least one predetermined policy of said destination network.
  - 20. The method of claim 19, further comprising:
    - monitoring, during said connection with said destination network, by said communication device of at least one predetermined condition, and attempting if a likelihood that said communication device is not in sufficient compliance with at least one predetermined policy exceeds a predetermined level, to remedy said non-compliance.
  - 21. The method of claim 20, wherein said attempting to remedy includes disconnecting said communication device from said destination network, and checking by said compliance network of said communication device for sufficient compliance and if necessary said communication device being rendered in sufficient compliance prior to being allowed to reconnect to said destination network.
  - 22. The method of claim 15, wherein said stage of said communication device connecting instead to said compliance network occurs when a likelihood that said communication device is not in sufficient compliance exceeds a predetermined level.

23. A method for transferring data between a communication device and a computer network, comprising:
- transferring data between the communication device and the computer network within an authentication protocol conversation between an AAA server and client thereof, wherein said data includes data unrelated to said authentication protocol.
- View Dependent Claims (24)
- - 24. The method of claim 23, wherein said computer network includes a compliance network and said data includes an update from said compliance network for said communication device.

25. A system for transferring data between a communication device and a computer network, comprising:
- a communication device and a computer network; and
  
  an AAA server and a client to said AAA server connected between said communication device and said computer network;
  
  wherein an authentication protocol conversation between said server and said client is used to transfer data between said communication device and said computer network, said data including data unrelated to said authentication protocol.
- View Dependent Claims (26)
- - 26. The system of claim 25, wherein said computer network includes a compliance network and said data includes an update from said compliance network for said communication device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fiberlink
Original Assignee
Fiberlink
Inventors
Sinz, Michael, Wiegand, Jim

Application Number

US11/221,567
Publication Number

US 20070055752A1
Time in Patent Office

Days
Field of Search
US Class Current

709/220
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/0892   by using authentication-aut...

H04L 63/102   Entity profiles

H04L 67/14   Session management for real...

Dynamic network connection based on compliance

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic network connection based on compliance

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links