POLICY EVALUATION IN CONTROLLED ENVIRONMENT
11 Assignments
0 Petitions
Accused Products
Abstract
A module may include interface logic to receive information identifying a state related to a client device via logic related to a controlled environment, and to send a valid policy result to a host device, where the valid policy result is related to the state. The module may include processing logic to process policy content according to a resource policy, where the processing is based on the information, and to produce the valid policy result based on the processing using the resource policy, where the valid policy result is adapted for use by the host device when implementing the network policy with respect to a destination device when the client device attempts to communicate with the destination device.
-
Citations
51 Claims
-
1-31. -31. (canceled)
-
32. A method comprising:
-
receiving, by a first device and from a second device, first information relating to whether the second device complies with one or more policies, the first device being different than the second device, and the one or more policies relating to accessing a network; identifying, by the first device and based on the first information, second information that identifies the one or more policies; causing, by the first device, a determination, using the first information and the second information, to be made as to whether the second device complies with the one or more policies; determining, by the first device, whether a result of the determination corresponds to an authorized operation relating to the first device; sending, by the first device and to the second device, a message indicating that the second device is denied access to the network when the result does not correspond to the authorized operation; and sending, by the first device and to a third device, instructions relating to the second device accessing the network when the result corresponds to the authorized operation, the third device to determine whether to grant access to the network, to the second device, based on the instructions. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39)
-
-
40. A non-transitory computer-readable memory device storing instructions, the instructions comprising:
-
one or more instructions, which when executed by a first device, cause the first device to receive, from a second device, first information relating to whether the second device complies with one or more policies, the first device being different than the second device, and the one or more policies relating to accessing a network; one or more instructions, which when executed by the first device, cause the first device to identify, based on the first information, second information that identifies the one or more policies; one or more instructions, which when executed by the first device, cause the first device to cause a determination, using the first information and the second information, to be made as to whether the second device complies with the one or more policies; one or more instructions, which when executed by the first device, cause the first device to determine whether a result of the determination corresponds to an authorized operation relating to the first device; one or more instructions, which when executed by the first device, cause the first device to send, to the second device, a message indicating that the second device is denied access to the network when the result does not correspond to the authorized operation; and one or more instructions, which when executed by the first device, cause the first device to send, to a third device, third information relating to the second device accessing the network when the result corresponds to the authorized operation, the third device to determine whether to grant, to the second device, access to the network based on the third information. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47)
-
-
48. A device comprising:
-
a memory to store instructions; and a processor to execute one or more of the instructions to; obtain information that identifies one or more policies relating to accessing a network; send the information to one or more first devices to determine whether a second device complies with the one or more policies, the one or more first devices being different from the device and the second device; determine whether one or more results, of the one or more first devices determining whether the second device complies with the one or more policies, correspond to one or more authorized operations relating to the device; send, to the second device, a message indicating that the second device is denied access to the network when the one or more results do not correspond to the one or more authorized operations; and identify one or more resources, associated with the network, that the second device is allowed to access when the one or more results correspond to the one or more authorized operations. - View Dependent Claims (49, 50, 51)
-
Specification