METHOD FOR AUTOMATICALLY APPLYING ACCESS CONTROL POLICIES BASED ON DEVICE TYPES OF NETWORKED COMPUTING DEVICES
First Claim
1. A system for managing access control policies, comprising:
- a management server, residing on server hardware communicatively coupled to a plurality of network access devices over a wide area network (WAN), the management server including;
a Web interface to allow an administrator to login and configure access control policies based on device types of network client devices,an access control policy (ACP) database to store ACPs received from the Web interface,an access control rule (ACR) database to store ACRs mapping device types to one or more ACPs stored in the ACP database, anda first access control module (ACM) to transmit over the Internet the ACPs and the ACRs to the plurality of network access devices to allow the network access devices to apply the ACPs based on the ACRs of their respective network client devices, to receive update information of a first network client device from a first of the network access devices, and to broadcast the update information to a remainder of the network access devices; and
the plurality of network access devices, each including;
a second access control module to download the ACRs and the ACPs from the management server over the Internet, anda device type detector, in response to a request from a network client device to enter a network, to detect a device type of the network client device using one or more device type detection methods, wherein the second access control module is to determine an ACP identifier based on an ACR of the network client device and to apply an ACP selected from the ACPs based on the ACP identifier, and wherein the second access control module is to report at least the selected ACP to the management server to allow the management server to distribute the same to other network access devices.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques for managing access control policies are described herein. According to one embodiment, access control policies (ACPs) and access control rules (ACRs) are downloaded from a management server to a network access device (NAD) over the Internet, where the network access device is one of a plurality of network access devices managed by the management server over the Internet. In response to a request from a network client device for entering a network, a device type of the network client device is detected and an ACP identifier is determined based on the device type using the ACRs An ACP is selected from the ACPs based on the ACP identifier and enforced against the network client device. At least the selected ACP is reported to the management server to distribute the selected ACP to other network access devices.
-
Citations
18 Claims
-
1. A system for managing access control policies, comprising:
-
a management server, residing on server hardware communicatively coupled to a plurality of network access devices over a wide area network (WAN), the management server including; a Web interface to allow an administrator to login and configure access control policies based on device types of network client devices, an access control policy (ACP) database to store ACPs received from the Web interface, an access control rule (ACR) database to store ACRs mapping device types to one or more ACPs stored in the ACP database, and a first access control module (ACM) to transmit over the Internet the ACPs and the ACRs to the plurality of network access devices to allow the network access devices to apply the ACPs based on the ACRs of their respective network client devices, to receive update information of a first network client device from a first of the network access devices, and to broadcast the update information to a remainder of the network access devices; and the plurality of network access devices, each including; a second access control module to download the ACRs and the ACPs from the management server over the Internet, and a device type detector, in response to a request from a network client device to enter a network, to detect a device type of the network client device using one or more device type detection methods, wherein the second access control module is to determine an ACP identifier based on an ACR of the network client device and to apply an ACP selected from the ACPs based on the ACP identifier, and wherein the second access control module is to report at least the selected ACP to the management server to allow the management server to distribute the same to other network access devices. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method performed by a network access device, comprising:
-
downloading access control policies (ACPs) and access control rules (ACRs) from a management server over the Internet, wherein the network access device is one of a plurality of network access devices managed by the management server over the Internet; in response to a request from a network client device for entering a network, detecting a device type of the network client device; determining an ACP identifier based on the device type in view of the ACRs; selecting an ACP from the ACPs based on the ACP identifier; enforcing the selected ACP against the network client device; and reporting the selected ACP and the device type and a media access control (MAC) address of the network client device to the management server, wherein the management server is to distribute the selected ACP and the device type of the network client device to other network access devices. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method performed by a network access device, comprising:
-
receiving, at the network access device, a request from a client device for entering a network; redirecting the request from the network access device to a remote device type detection server to allow the remote device type detection server to detect a device type of the client device; receiving the device type of the network client device from the remote device type detection server; transmitting the device type to a management server over the Internet, wherein the network access device is one of a plurality of network access devices managed by the management server; receiving an access control policy (ACP) from the management server, wherein the ACP is generated by the management server based on the device type; and enforcing within the network access device the received access control policy against the network client device. - View Dependent Claims (12, 13, 14)
-
-
15. A method performed by a network access device, comprising:
-
receiving, at the network access device, a request from a client device for entering a local area network (LAN) associated with the network access device; redirecting the request from the network access device to a remote device type detection server to allow the remote device type detection server to detect a device type of the client device, wherein the remote device type detection server is to detect the device type of the network client device and to transmit the device type of the network client device to a management server, wherein the network access device is one of a plurality of network access devices managed by the management server; receiving at the network access device an access control policy (ACP) from the management server without receiving the device type of the network client device, wherein the management server generates the ACP for the network client device based on the device type of the network client device received from the remote device type detection server; and enforcing at the network access device the received access control policy against the network client device. - View Dependent Claims (16, 17, 18)
-
Specification