Techniques for Authenticated Posture Reporting and Associated Enforcement of Network Access
First Claim
Patent Images
1. A method comprising:
- receiving posture information, at a remote device via a network interface, for an endpoint;
determining network access policies for the endpoint based on the posture information; and
enforcing the network access policies.
0 Assignments
0 Petitions
Accused Products
Abstract
Architectures and techniques that allow a firmware agent to operate as a tamper-resistant agent on a host platform that may be used as a trusted policy enforcement point (PEP) on the host platform to enforce policies even when the host operating system is compromised. The PEP may be used to open access control and/or remediation channels on the host platform. The firmware agent may also act as a local policy decision point (PDP) on the host platform in accordance with an authorized enterprise PDP entity by providing policies if a host trust agent is non-responsive and may function as a passive agent when the host trust agent is functional.
39 Citations
30 Claims
-
1. A method comprising:
-
receiving posture information, at a remote device via a network interface, for an endpoint; determining network access policies for the endpoint based on the posture information; and enforcing the network access policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An article comprising a computer-readable medium having stored thereon instructions that, when executed, cause one or more processors to:
-
receive posture information, at a remote device via a network interface, for an endpoint; determine network access policies for the endpoint based on the posture information; and enforce the network access policies. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. An apparatus comprising:
-
an endpoint coupled to a network interface to support one or more software agents; a firmware agent coupled to the endpoint and the network interface to gather posture information from one or more security agents, to transmit a report including the posture information to a remote device via the network interface, and to configure the network interface according to network access control information received from the remote device via the network interface. - View Dependent Claims (26, 27, 28, 29, 30)
-
Specification