Method of Optimizing Policy Conformance Check for a Device with a Large Set of Posture Attribute Combinations
First Claim
1. A method for conforming integrity of a client device, comprising:
- receiving a certificate of health from the client device;
extracting from the certificate of health a certificate timestamp and a policy tag associated with a subgroup of a group of policies;
accessing a tag timestamp associated with the policy tag;
executing a comparison of the certificate timestamp with the tag timestamp; and
granting access to a network based in part upon the comparison.
4 Assignments
0 Petitions
Accused Products
Abstract
A method, apparatus, and electronic device for conforming integrity of a client device 106 are disclosed. A memory 1100 may store a policy tag 404 associated with a subgroup of a group of policies 1102 and having a tag timestamp. A network interface 1060 may receive the certificate of health 300 from the client device 106. A processor 1010 may extract from the certificate of health a certificate timestamp 302 and a policy tag 304. The processor 1010 may access the tag timestamp. The processor 1010 may execute a comparison of the certificate timestamp 302 with the tag timestamp. The network interface 1060 may grant access to a network 104 based in part upon the comparison.
106 Citations
20 Claims
-
1. A method for conforming integrity of a client device, comprising:
-
receiving a certificate of health from the client device; extracting from the certificate of health a certificate timestamp and a policy tag associated with a subgroup of a group of policies; accessing a tag timestamp associated with the policy tag; executing a comparison of the certificate timestamp with the tag timestamp; and granting access to a network based in part upon the comparison. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An access server for conforming integrity of a client device, comprising:
-
a memory that stores a policy tag associated with a subgroup of a group of policies and a tag timestamp; a processor that extracts from a certificate of health a certificate timestamp and the policy tag, accesses the tag timestamp, and executes a comparison of the certificate timestamp with the tag timestamp; and a network interface that receives the certificate of health from the client device and grants access to a network based in part upon the comparison. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A client device to securely access a network, comprising:
-
a memory that stores a certificate of health containing a policy tag associated with a subgroup of a group of policies and a certificate timestamp; and a transceiver that transmits the certificate of health to the network and accesses the network based in part upon a comparison of a tag timestamp associated with the policy tag and the certificate timestamp. - View Dependent Claims (17, 18, 19, 20)
-
Specification