CONTEXT-BASED NETWORK SECURITY

US 20090228963A1
Filed: 11/25/2008
Published: 09/10/2009
Est. Priority Date: 11/26/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method of implementing context-based security on a computer network, the method comprising:

receiving, at a network application server, a request from a client application executing on a client computer system to access a network resource;

transmitting, from the network application server to a network context server, a request for network context information about the client computer system;

acquiring, by the network context server from a network context database, network context information about the client computer system; and

transmitting, from the network context server to the network application server, network context information acquired by the network context server;

the network application server controlling access to the network resource by the client computer system based at least in part on the acquired network context information.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Context-based network security is provided for streamlined access control over a computer network and components on the computer network. More particularly, methods, instructions on computer-readable media and systems are provided for collecting network context information about a client computer system connecting to the computer network, making the network context information available to various components on the computer network, and using the network context information to control the client computer system'"'"'s (or a client application executing thereon) access to one or more network resources.

100 Citations

View as Search Results

39 Claims

1. A method of implementing context-based security on a computer network, the method comprising:
- receiving, at a network application server, a request from a client application executing on a client computer system to access a network resource;
  
  transmitting, from the network application server to a network context server, a request for network context information about the client computer system;
  
  acquiring, by the network context server from a network context database, network context information about the client computer system; and
  
  transmitting, from the network context server to the network application server, network context information acquired by the network context server;
  
  the network application server controlling access to the network resource by the client computer system based at least in part on the acquired network context information.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the network context information includes health of the client computer system.
  - 3. The method of claim 2, wherein the health of the client computer system includes information about at least one of anti-virus software installed on the client computer system and a level of firewall protection configured in relation to the client computer system.
  - 4. The method of claim 1, wherein the network context information includes information about a network connection of the client computer system.
  - 5. The method of claim 1, wherein the network context information includes authorization status of the client computer system.
  - 6. The method of claim 1, further comprising:
    - receiving, by a network access controller, a request to access the computer network from the client computer system;
      
      receiving, by the network access controller, network-level credentials from the client computer system;
      
      receiving, by the network access controller, network context information about the client computer system;
      
      transmitting, from the network access controller to an Authentication, Authorization and Accounting (AAA) computer system, the network level credentials and network context information;
      
      storing, by the AAA computer system into the network context database, the network context information.
  - 7. The method of claim 6, further comprising:
    - authenticating the network-level credentials against a credential database;
      
      generating, by the AAA computer system, an authentication response from a result of the authentication against the credential database; and
      
      transmitting, by the AAA computer system, the authentication response to the network access controller.generating, by the AAA computer system, an authorization response adapted to be used by a network access controller to control access to the computer network by the client computer system, the authorization response being based at least partially on the network context information; and
      
      transmitting, by the AAA computer system, the authorization response to the network access controller.

8. A computer system for controlling access to a computer network, the computer system being configured to:
- receive network-level credentials from a network access controller, the network-level credentials being associated with a client computer system attempting to gain access to the computer network;
  
  receive network contest information from the network access controller, the network context information including information about the client computer system;
  
  store the network context information in a network context database;
  
  authenticate the network-level credentials against a credential database;
  
  generate an authentication response from a result of the authentication against the credential database;
  
  generate an authorization response adapted to be used by a network access controller to control the client computer system'"'"'s access to the computer network, the authorization response being based at least in part on the network context information; and
  
  transmit the authentication and authorization responses to the network access controller.
- View Dependent Claims (9, 10, 11, 12, 13, 15)
- - 9. The computer system of claim 8, wherein the network context information includes information about the network connection of the client computer system.
  - 10. The computer system of claim 8, wherein the network context information includes health of the client computer system.
  - 11. The computer system of claim 10, wherein the health of the client computer system includes information about at least one of anti-virus software installed on the client computer system and a level of firewall protection configured in relation to the client computer system.
  - 12. The computer system of claim 8, further configured to:
    - acquire additional network context information, the additional network context information including information about the network access controller;
      
      store the additional network context information in the network context database; and
      
      generate the authorization response further based at least in part on the additional network context information.
  - 13. The computer system of claim 8, further configured to:
    - acquire additional network context information from the credential database, the additional network context information including information about a user of the client computer system; and
      
      store the additional network context information received from the credential database in the network context database; and
      
      generate the authorization response further based at least in part on the additional network context information.
  - 15. The computer system of claim 8, further configured to store additional network context information, including authorization status of the client computer system in the network context database.

16. A computer system for providing network context information to one or more network applications, the computer system being configured to:
- receive a request for network context information from a network application, the network context information relating to a client computer system executing a client application that is communicating with the network application;
  
  acquire the requested network context information from a network context database; and
  
  transmit the acquired network context information to the network application.
- View Dependent Claims (14, 17, 18, 19, 20, 21)
- - 14. The computer system of claim 18, further configured to:
    - receive a request for network context information about the client computer system from a network application;
      
      acquire the requested network context information from the network context database; and
      
      transmit the acquired network context information to the network application.
  - 17. The computer system of claim 16, wherein the request for network context information is received in a Service Oriented Architecture Protocol (“
    - SOAP”
      
      ) packet, and the acquired network context information is transmitted to the network application in a SOAP packet.
  - 18. The computer system of claim 16, wherein the network context information includes information about a network connection of the client computer system.
  - 19. The computer system of claim 16, wherein the network context information includes health of the client computer system.
  - 20. The computer system of claim 19, wherein the health of the client computer system includes information about at least one of anti-virus software installed on the client computer system and a level of firewall protection configured in relation to the client computer system.
  - 21. The computer system of claim 16, wherein the network context information includes authorization status of the client computer system.

22. A storage medium, readable by a first processor of a first computer system, having embodied therein a first computer program of commands executable by the first processor, the program being adapted to be executed to:
- receive over a computer network a request for access to a network resource from a client application executing on a client computer system;
  
  transmit over the computer network a request for network context information about the client computer system to a second computer system executing a network context service;
  
  receive from the second computer system network context information about the client computer system;
  
  grant the client application access to the network resource based on the network context information.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The storage medium of claim 22, wherein the network context information includes health of the client computer system.
  - 24. The storage medium of claim 23, wherein the health of the client computer system includes information about at least one of anti-virus software installed on the client computer system and a level of firewall protection configured in relation to the client computer system.
  - 25. The storage medium of claim 22, wherein the network context information includes information about a network connection of the client computer system.
  - 26. The storage medium of claim 22 wherein the network context information includes authorization status of the client computer system.
  - 27. The storage medium of claim 22, wherein the request for network context information is transmitted over the computer network to the second computer system in a Service Oriented Architecture Protocol (“
    - SOAP”
      
      ) packet, and the requested network context information is received over the computer network from the second computer system in a SOAP packet.

28. A storage medium, readable by a processor of a client computer system, having embodied therein a first computer program of commands executable by the processor, the program being adapted to be executed to:
- transmit a request for access to a computer network to a network access controller residing on the computer network;
  
  receive a request for network-level credentials from the network access controller;
  
  acquire network-level credentials;
  
  transmit the network-level credentials to the network access controller;
  
  acquire network context information about the client computer system;
  
  transmit the network context information to the network access controller; and
  
  thereafter, receive permission to access the computer network from the network access controller.
- View Dependent Claims (29, 30, 31)
- - 29. the storage medium of claim 28, wherein the network context information includes information about a network connection of the client computer system.
  - 30. The storage medium of claim 28, wherein the network context information includes health of the client computer system.
  - 31. The storage medium of claim 30 wherein the health of the client computer system includes information about at least one of anti-virus software installed on the client computer system and a level of firewall protection configured in relation to the client computer system.

32. A system for implementing context-based security on a computer network, the system comprising:
- at least one network application server;
  
  a network context server; and
  
  a network context database;
  
  wherein the at least one network application server is configured to;
  
  receive, from a client application executing on a client computer system, a request to access a network resource;
  
  transmit, to the network context server, a request for network context information about the client computer system;
  
  receive, from the network context server, network context information about the client computer system;
  
  control the client application'"'"'s access to the network resource based on the network context information;
  
  and wherein the network context server is configured to;
  
  receive, from the at least one network application server, a request for network context information about the client computer system;
  
  acquire, from the network context database, network context information about the client computer system; and
  
  transmit, to the network application server, the acquired network context information.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39)
- - 33. The system of claim 32, wherein the network context information includes health of the client computer system.
  - 34. The system of claim 33, wherein the health of the client computer system includes information about at least one of anti-virus software installed on the client computer system and a level of firewall protection configured in relation to the client computer system.
  - 35. The system of claim 32, wherein the network context information includes information about a network connection of the client computer system.
  - 36. The system of claim 32, wherein the network context information includes authorization status of the client computer system.
  - 37. The system of claim 32, further comprising:
    - a network access controller; and
      
      an authentication, authorization and accounting (AAA) computer system;
      
      wherein the network access controller is configured toreceive a request to access the computer network from the client computer system;
      
      transmit to the client computer system a request for network-level credentials;
      
      receive network-level credentials from the client computer system;
      
      receive network context information about the client computer system;
      
      transmit to the AAA computer system the network level credentials and network context information;
      
      and wherein the AAA computer system is configured to;
      
      authenticate the network-level credentials against a credential database;
      
      generate an authentication response from a result of the authentication against the credential database;
      
      transmit the authentication response to the network access controller; and
      
      store the network context information in the network context database.
  - 38. The system of claim 37, wherein the AAA computer system is further configured to:
    - generate an authorization response adapted to be used by a network access controller to control the client computer system'"'"'s access to the computer network, the authorization response being based at least partially on the network context information; and
      
      transmitting the authorization response to the network access controller.
  - 39. The system of claim 37, wherein the AAA computer system is further configured to acquire and store additional network context information from the credential database, the additional network context information including information about a user of the client computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Clearinghouse LLC (RPX Corporation)
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Rai, Shirish, Radkowski, John Christopher Evans, Convery, Sean Joseph, Pearce, Andrew K., Chua, Roy L.

Application Number

US12/323,002
Publication Number

US 20090228963A1
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06F 21/31 User authentication

H04L 63/0815 providing single-sign-on or...

CONTEXT-BASED NETWORK SECURITY

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

100 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

CONTEXT-BASED NETWORK SECURITY

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

100 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links