Method of Optimizing Policy Conformance Check for a Device with a Large Set of Posture Attribute Combinations

US 20090300707A1
Filed: 05/30/2008
Published: 12/03/2009
Est. Priority Date: 05/30/2008
Status: Active Grant

First Claim

Patent Images

1. A method for conforming integrity of a client device, comprising:

receiving a certificate of health from the client device;

extracting from the certificate of health a certificate timestamp and a policy tag associated with a subgroup of a group of policies;

accessing a tag timestamp associated with the policy tag;

executing a comparison of the certificate timestamp with the tag timestamp; and

granting access to a network based in part upon the comparison.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus, and electronic device for conforming integrity of a client device 106 are disclosed. A memory 1100 may store a policy tag 404 associated with a subgroup of a group of policies 1102 and having a tag timestamp. A network interface 1060 may receive the certificate of health 300 from the client device 106. A processor 1010 may extract from the certificate of health a certificate timestamp 302 and a policy tag 304. The processor 1010 may access the tag timestamp. The processor 1010 may execute a comparison of the certificate timestamp 302 with the tag timestamp. The network interface 1060 may grant access to a network 104 based in part upon the comparison.

106 Citations

View as Search Results

20 Claims

1. A method for conforming integrity of a client device, comprising:
- receiving a certificate of health from the client device;
  
  extracting from the certificate of health a certificate timestamp and a policy tag associated with a subgroup of a group of policies;
  
  accessing a tag timestamp associated with the policy tag;
  
  executing a comparison of the certificate timestamp with the tag timestamp; and
  
  granting access to a network based in part upon the comparison.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - granting access to a quarantine network if the certificate timestamp predates the tag timestamp and the tag timestamp is a critical timestamp.
  - 3. The method of claim 1, further comprising:
    - instructing the client device to perform a detailed remediation process if the certificate timestamp predates the tag timestamp.
  - 4. The method of claim 3, further comprising:
    - granting access to the network if the certificate timestamp predates the tag timestamp, the tag timestamp is a non-critical timestamp, and the certificate of health has no policy tags with a critical timestamp that postdates the certificate timestamp.
  - 5. The method of claim 1, further comprising:
    - accessing a threshold timestamp associated with the group of policies; and
      
      granting access to a quarantine network if the certificate timestamp predates the threshold timestamp.
  - 6. The method of claim 1, further comprising:
    - associating a policy timestamp with a policy of the group of policies.
  - 7. The method of claim 1, wherein the policy tag is a combo tag associated with a set of policy tags.

8. An access server for conforming integrity of a client device, comprising:
- a memory that stores a policy tag associated with a subgroup of a group of policies and a tag timestamp;
  
  a processor that extracts from a certificate of health a certificate timestamp and the policy tag, accesses the tag timestamp, and executes a comparison of the certificate timestamp with the tag timestamp; and
  
  a network interface that receives the certificate of health from the client device and grants access to a network based in part upon the comparison.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The access server of claim 8, wherein the network interface grants access to a quarantine network if the certificate timestamp predates the tag timestamp and the tag timestamp is a critical timestamp.
  - 10. The access server of claim 8, wherein the network interface instructs the client device to perform a detailed remediation process if the certificate timestamp predates the tag timestamp.
  - 11. The access server of claim 10, wherein the network interface grants access to the network if the certificate timestamp predates the tag timestamp, the tag timestamp is a non-critical timestamp, and the certificate of health has no policy tags with a critical timestamp that postdates the certificate timestamp.
  - 12. The access server of claim 8, wherein the processor accesses a threshold timestamp associated with the group of policies and grants access to a quarantine network if the certificate timestamp predates the threshold timestamp.
  - 13. The access server of claim 8, wherein the memory associates a policy timestamp with a policy of the group of policies.
  - 14. The access server of claim 8, wherein the policy tag is a combo tag associated with a set of policy tags.
  - 15. The access server of claim 8, wherein the memory stores multiple policy tags in a priority order.

16. A client device to securely access a network, comprising:
- a memory that stores a certificate of health containing a policy tag associated with a subgroup of a group of policies and a certificate timestamp; and
  
  a transceiver that transmits the certificate of health to the network and accesses the network based in part upon a comparison of a tag timestamp associated with the policy tag and the certificate timestamp.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The client device of claim 16, further comprising:
    - a processor that performs a detailed remediation process if the certificate timestamp predates the tag timestamp.
  - 18. The client device of claim 16, further comprising:
    - a processor that performs a detailed remediation process after the client device accesses a quarantine network if the certificate timestamp predates the tag timestamp and the tag timestamp is a critical timestamp.
  - 19. The client device of claim 16, wherein the transceiver accesses a quarantine network if a threshold timestamp associated with the group of policies predates the certificate timestamp.
  - 20. The client device of claim 16, wherein the policy tag is a combo tag associated with a set of policy tags.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Inventors
Chukkapalli, Venu M., Srinivasan, Babu, Bruner, John D., Garimella, Sandilya

Granted Patent

US 8,539,544 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/20   for managing network securi...

H04L 67/12   specially adapted for propr...

Method of Optimizing Policy Conformance Check for a Device with a Large Set of Posture Attribute Combinations

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

106 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method of Optimizing Policy Conformance Check for a Device with a Large Set of Posture Attribute Combinations

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

106 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links