AUTHENTICATION IN A NETWORK USING CLIENT HEALTH ENFORCEMENT FRAMEWORK
First Claim
1. A method of operating a client computer configured to provide a statement of health to a server that selectively authorizes network access based on the health of the client computer, the method comprising:
- obtaining authentication information indicating that the client computer is authenticated to access the network;
formatting a statement of health to include the authentication information; and
providing the statement of health to the server in connection with a request for network access.
2 Assignments
0 Petitions
Accused Products
Abstract
A network with authentication implemented using a client health enforcement framework. The framework is adapted to receive plug-ins on clients that generate health information. Corresponding plug-ins on a server validate that health information. Based on the results of validation, the server may instruct the client to remediate or may authorize an underlying access enforcement mechanism to allow access. A client plug-in that generates authentication information formatted as a statement of health may be incorporated into such a framework. Similarly, on the server, a validator to determine, based on the authentication information, whether the client should be granted network access can be incorporated into the framework. Authentication can be simply applied or modified by changing the plug-ins, while relying on the framework to interface with an enforcement mechanism. Functions of the health enforcement framework can be leveraged to provide authentication-based functionality, such as revoking authorized access after a period of user inactivity or in response to a user command.
95 Citations
20 Claims
-
1. A method of operating a client computer configured to provide a statement of health to a server that selectively authorizes network access based on the health of the client computer, the method comprising:
-
obtaining authentication information indicating that the client computer is authenticated to access the network; formatting a statement of health to include the authentication information; and providing the statement of health to the server in connection with a request for network access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A client computer configured with a client health enforcement framework comprising a client health access agent adapted to obtain information from one or more statement of health agents through an interface and send a statement of health to a health policy server adapted to validate the statement of health and, when the statement of health is validated, to authorize access to a network, the client computer further comprising:
-
an authentication agent comprising computer-executable instructions stored on a computer storage media for authenticating the client computer for access to the network and for providing information indicating authentication status of the client computer to the client health access agent through the interface, whereby the client health access agent sends a statement of health including authentication information to the health policy server. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method of operating a network comprising a client computer and a health policy server, the client comprising a client health access agent being adapted to obtain health information from one or more statement of health agents executing on the client and to provide, based on the obtained health information, a statement of health to the health policy server, and the health policy server being adapted to provide a portion of the statement of health to each of one or more component health validators and to selectively authorize network access based on results of processing of respective portions of the statement of health by the one or more component health validators, the method comprising:
-
in an authentication agent on the client computer, generating authentication information indicating whether the client computer is authorized for network access and providing the authentication information to the client health access agent; in the client health access agent, generating a statement of health for the client computer including the authentication information and the health information from the one or more statement of health agents; and in the health policy server, providing a portion of the statement of health corresponding to the authentication information to an authentication validator and selectively authorizing network access based in part on processing of the authentication information within the authentication validator. - View Dependent Claims (17, 18, 19, 20)
-
Specification