NETWORK ACCESS CONTROL

US 20090083835A1
Filed: 09/21/2007
Published: 03/26/2009
Est. Priority Date: 09/21/2007
Status: Active Grant

First Claim

Patent Images

1. An apparatus for controlling access to a network by a plurality of users, comprising:

a criteria engine configured to generate a plurality of criteria to be monitored for at least one user from the plurality of users;

a checker configured to generate at least one check for each of the plurality of criteria;

a profiler configured to retrieve a profile for the at least one user, the profile including the plurality of criteria and the at least one check for each of the plurality of criteria;

a comparator configured to compare the retrieved profile to a summary of a profile received from the at least one user; and

a communicator configured to communicate a message to the at least one user based on the comparison,the comparator being further configured to assign an action type to each of a plurality of discrete levels of compliance for the at least one user.

View all claims

17 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An system for controlling access to a network by a user device. The system includes a criteria engine that generates a plurality of criteria to be monitored on the user device and a checker that generates at least one check for each of the plurality of criteria. The system further includes a profiler that retrieves a profile for the user device, the profile including the plurality of criteria and the at least one check for each of the plurality of criteria, a comparator that compares a summary of the retrieved profile to a summary of a profile received from the user device and a communicator that communicates a message to the user device based on the comparison.

41 Citations

View as Search Results

25 Claims

1. An apparatus for controlling access to a network by a plurality of users, comprising:
- a criteria engine configured to generate a plurality of criteria to be monitored for at least one user from the plurality of users;
  
  a checker configured to generate at least one check for each of the plurality of criteria;
  
  a profiler configured to retrieve a profile for the at least one user, the profile including the plurality of criteria and the at least one check for each of the plurality of criteria;
  
  a comparator configured to compare the retrieved profile to a summary of a profile received from the at least one user; and
  
  a communicator configured to communicate a message to the at least one user based on the comparison,the comparator being further configured to assign an action type to each of a plurality of discrete levels of compliance for the at least one user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The apparatus according to claim 1, wherein:
    - the plurality of criteria comprise a security object and a timestamp of the security object; and
      
      the check comprises at least one of determining;
      
      whether the security object is a particular security object;
      
      whether the security object was updated;
      
      when the security object was updated;
      
      the priority level of the security object; and
      
      a version of the security object.
  - 3. The apparatus according to claim 2, wherein the security object includes at least one of an antivirus application, a firewall application, an antispyware application, an operating system status update, a registry key, an operating system version number, and an external condition.
  - 4. The apparatus according to claim 1, wherein the action type includes at least one of a disconnect action, a quarantine action, and a non-action, and the discrete levels of compliance include at least two value ranges.
  - 5. The apparatus according to claim 1, further comprising:
    - an interface configured to receive an instruction to one of modify, add and delete at least one of a profile, a policy, a criteria, and a check.
  - 6. The apparatus according to claim 5, the profile engine being further configured to modify the retrieved profile in accordance with the received instruction.
  - 7. The apparatus according to claim 1, wherein the message is one of an affirmative message and the retrieved profile.
  - 8. A second apparatus for use with the apparatus according to claim 1, the second apparatus comprising:
    - a communicator configured to receive a profile;
      
      a storage configured to store the profile; and
      
      a profile engine configured to process the profile.
  - 9. The second apparatus according to claim 8, the profile engine being further configured to determine a status of a plurality of portions of the second apparatus corresponding to the plurality of criteria, the determination being based upon the checks for each of the criteria.
  - 10. The second apparatus according to claim 9, the profile engine being further configured to generate a compliance level based on the determined status of the plurality of portions of the second apparatus.
  - 11. The second apparatus according to claim 10, the communicator being further configured to send the compliance level to said apparatus for controlling access to the network.

12. A method for controlling access to a network by a plurality of users, comprising:
- receiving a compliance level from a user;
  
  comparing the compliance level to a predetermined compliance value set; and
  
  controlling access to the network by the user based on the comparison.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method according to claim 12, wherein the compliance value set comprises at least two value ranges of compliance values, and wherein controlling access to the network comprises at least one of disconnecting the user from the network, quarantining the user, and logging the user as healthy.
  - 14. The method according to claim 12, further comprising:
    - generating a policy for the user; and
      
      sending a message to the user.
  - 15. The method according to claim 14, wherein generating a policy comprises:
    - generating a plurality of criteria to be monitored;
      
      generating a check for each criteria of the plurality of criteria;
      
      generating an associated compliance level based on a status of the check for each criteria of the plurality of criteria;
      
      generating the predetermined compliance value set, including at least one compliance value range; and
      
      associating the at least one compliance value range with an action type, access to the network by the user being controlled based on the action type.
  - 16. The method according to claim 15, wherein the action type comprises one of disconnecting the user, quarantining the user, and logging the user as healthy.
  - 17. The method according to claim 14, wherein the message comprises one of an affirmative message and the generated policy.
  - 18. The method according to claim 15, wherein the plurality of criteria comprise at least one of:
    - a spyware portion;
      
      a malware portion;
      
      an antivirus portion;
      
      a specific file type portion;
      
      an operating system status portion;
      
      a user defined trigger;
      
      an update status portion; and
      
      a registry key portion.

19. A method for controlling access to a network by a user that has received a policy comprising a criteria, at least one check for the criteria and a compliance level associated with a status of the at least one check, the method comprising:
- generating a summary of a policy currently being used by the user;
  
  sending the summary of the current policy to a host when a condition changes; and
  
  receiving a message from the host.
- View Dependent Claims (20)
- - 20. The method according to claim 19, further comprising:
    - receiving another policy from the host, the another policy being different from the policy currently being used by the user;
      
      selecting a criteria to be checked in accordance with the received another policy;
      
      checking a status of at least one check corresponding to the selected criteria;
      
      determining a compliance level based on the checked status of the at least one check; and
      
      sending the compliance level to the host, wherein the compliance level corresponds to an action type for controlling access to the network by the user.

21. A computer readable medium comprising a plurality of program code sections, which when executed, cause access to a network by a user to be controlled, the computer readable medium comprising:
- a compliance level receiving code section that, when executed, causes receiving a compliance level from a user;
  
  a comparing code section that, when executed, causes comparing the compliance level to a predetermined compliance value set; and
  
  an access control code section that, when executed, causes controlling access to the network by the user based on the comparison.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The computer readable medium according to claim 21, wherein the predetermined compliance value set comprises at least two ranges of compliance values, and wherein controlling access to the network comprises at least one of disconnecting the user from the network, quarantining the user, and logging the user as healthy.
  - 23. The computer readable medium according to claim 21, further comprising:
    - a policy generating code section that, when executed, causes generating a policy for the user; and
      
      a message sending code section that, when executed, causes sending a message to the user.
  - 24. The computer readable medium according to claim 23, wherein the policy generating code section comprises:
    - a criteria generating code section that, when executed, causes generating a criteria;
      
      a check generating code section that, when executed, causes generating at least one check for the criteria; and
      
      an associating code section that, when executed, causes associating at least one compliance value range with an action type, access to the network by the user being controlled based on the action type check for the criteria.
  - 25. The computer readable medium according to claim 23, wherein the message is the generated policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Netmotion Wireless Holdings, Inc. (NetMotion Software, Inc.)
Original Assignee
Padcom Incorporated (NetMotion Software, Inc.)
Inventors
OLSON, Erik

Granted Patent

US 8,438,619 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/1416 Event detection, e.g. attac...

NETWORK ACCESS CONTROL

First Claim

17 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

NETWORK ACCESS CONTROL

First Claim

17 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others