System and Method for Providing Access Control
First Claim
1. A method for network access control, comprising:
- at a control device, receiving a first network communication from a first application running on a client device communicatively connected to the control device, the network communication being destined for a network communicatively connected to the control device;
determining whether the client device is authorized to access the network based on at least one interface specific rule;
if the client device is not authorized to access the network, applying a first global rule;
if the client device is authorized to access the network, applying a second global rule;
receiving a second network communication from the first application or a second application running on the client device;
processing the second network communication according to a plurality of stages, including a client discrimination stage and a user specific rule stage;
at the client discrimination stage;
extracting information associated with the client device from the second network communication; and
associating the second network communication with user specific traffic control rules and user specific firewall rules; and
at the user specific rule stage;
accessing the user specific traffic control rules and the user specific firewall rules based on the extracted information associated with the client device; and
applying the user specific traffic control rules and the user specific firewall rules to the second network communication as governed by user specific provisioning rules.
13 Assignments
0 Petitions
Accused Products
Abstract
A control device may be configured to monitor a network connection. An application running on a client device may send a first network communication destined for a network communicatively connected to the control device. Depending upon whether the client device is authorized to access the network, different global rules may be applied. The first application or a second application running on the client device may send a second network communication. The control device may process the second network communication according to a plurality of stages. Specifically, the control device may extract information associated with the client device from the second network communication and associate user specific rules at a client discrimination stage. The control device may, at a user specific rule stage, access these rules and apply accordingly to the second network communication as governed by user specific provisioning rules.
-
Citations
31 Claims
-
1. A method for network access control, comprising:
-
at a control device, receiving a first network communication from a first application running on a client device communicatively connected to the control device, the network communication being destined for a network communicatively connected to the control device; determining whether the client device is authorized to access the network based on at least one interface specific rule; if the client device is not authorized to access the network, applying a first global rule; if the client device is authorized to access the network, applying a second global rule; receiving a second network communication from the first application or a second application running on the client device; processing the second network communication according to a plurality of stages, including a client discrimination stage and a user specific rule stage; at the client discrimination stage; extracting information associated with the client device from the second network communication; and associating the second network communication with user specific traffic control rules and user specific firewall rules; and at the user specific rule stage; accessing the user specific traffic control rules and the user specific firewall rules based on the extracted information associated with the client device; and applying the user specific traffic control rules and the user specific firewall rules to the second network communication as governed by user specific provisioning rules. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer program product comprising at least one non-transitory computer readable storage medium storing instructions translatable by a control device to perform:
-
in response to receiving a first network communication from a first application running on a client device communicatively connected to the control device, the network communication being destined for a network communicatively connected to the control device, determining whether the client device is authorized to access the network based on at least one interface specific rule; if the client device is not authorized to access the network, applying a first global rule; if the client device is authorized to access the network, applying a second global rule; in response to receiving a second network communication from the first application or a second application running on the client device, processing the second network communication according to a plurality of stages, including a client discrimination stage and a user specific rule stage, wherein, at the client discrimination stage; information associated with the client device is extracted from the second network communication; and the second network communication is associated with user specific traffic control rules and user specific firewall rules; and at the user specific rule stage; the user specific traffic control rules and the user specific firewall rules are accessed based on the extracted information associated with the client device; and the user specific traffic control rules and the user specific firewall rules are applied to the second network communication as governed by user specific provisioning rules. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. An apparatus, comprising:
-
at least one processor; and at least one non-transitory computer readable storage medium storing instructions translatable by the at least one processor to perform; in response to receiving a first network communication from a first application running on a client device communicatively connected to the apparatus, the network communication being destined for a network communicatively connected to the apparatus, determining whether the client device is authorized to access the network based on at least one interface specific rule; if the client device is not authorized to access the network, applying a first global rule; if the client device is authorized to access the network, applying a second global rule; in response to receiving a second network communication from the first application or a second application running on the client device, processing the second network communication according to a plurality of stages, including a client discrimination stage and a user specific rule stage, wherein, at the client discrimination stage; information associated with the client device is extracted from the second network communication; and the second network communication is associated with user specific traffic control rules and user specific firewall rules; and at the user specific rule stage; the user specific traffic control rules and the user specific firewall rules are accessed based on the extracted information associated with the client device; and the user specific traffic control rules and the user specific firewall rules are applied to the second network communication as governed by user specific provisioning rules. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
-
Specification