NETWORK POLICY ASSIGNMENT BASED ON USER REPUTATION SCORE

US 20150281277A1
Filed: 03/27/2014
Published: 10/01/2015
Est. Priority Date: 03/27/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

retrieving, by a network controller, for a user, a reputation score associated with said user, wherein said reputation score is generated based on activities of said user within a network;

evaluating, by said network controller, said reputation score; and

assigning, by said network controller, said user to a policy based on evaluation of said reputation score, wherein the policy governs the manner in which said user interacts with the network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network controller device, systems, and methods thereof are described herein for enabling a mechanism of assigning network policies to one or more users based on their respective client reputation (CR) scores. CR scores indicate a measure of the level and kind of network activity that an internal resource does with external resources. Based on the evaluation of the CR score for a given user, system of the present invention can be configured to implement an appropriate policy on the user that controls the manner in which the user interacts within and outside the network. Proposed system includes multiple virtual local area networks (VLANs), wherein each VLAN is configured with a defined policy such that once the CR score for a given user has been evaluated, the user can be put on an appropriate VLAN based on the evaluation and the intended policy that the system wants the user to follow.

49 Citations

View as Search Results

20 Claims

1. A method comprising:
- retrieving, by a network controller, for a user, a reputation score associated with said user, wherein said reputation score is generated based on activities of said user within a network;
  
  evaluating, by said network controller, said reputation score; and
  
  assigning, by said network controller, said user to a policy based on evaluation of said reputation score, wherein the policy governs the manner in which said user interacts with the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the method further comprises the step of authenticating, by said network controller, said user prior to retrieving said reputation score.
  - 3. The method of claim 2, wherein said authentication is performed based on one or more of Remote Authentication Dial-In User Service (RADIUS) based on authentication, Lightweight Directory Access Protocol (LDAP) based authentication, Active Directory, Novell E-directory, Safeword, SecureID, Security Assertion Markup Language 2.0 (SAML2), Terminal Access Controller Access-Control System (TACACS+), and Local Authentication.
  - 4. The method of claim 1, wherein said evaluating comprises comparing said reputation score with one or more threshold values.
  - 5. The method of claim 4, wherein said assigning said policy comprises choosing said policy based on said comparison of said reputation score with said one or more threshold values.
  - 6. The method of claim 1, wherein said reputation score is generated based on a plurality of rules on the basis of which said activities of said user are assessed.
  - 7. The method of claim 1, wherein the network controller is operable within a gateway device.
  - 8. The method of claim 1, wherein said assigning comprises assigning said user to one of a group of virtual local area networks (VLANs), wherein each VLAN of the group of VLANs defines a different set of policies.
  - 9. The method of claim 1, wherein said reputation score is stored in a database that is operatively coupled with said network controller.
  - 10. The method of claim 1, wherein said policy comprises one or more of blocking said user, rate limiting access of said user, characterizing acceptable traffic to be sent by or received by said user, and implementing network access conditions on said user.
  - 11. The method of claim 1, wherein said assigning further comprises changing said policy for said user dynamically based on a change in said reputation score.

12. A network controller device comprising:
- one or more processors;
  
  a communication interface;
  
  one or more internal data storage devices operatively coupled to the one or more processors and storing;
  
  a reputation score retrieval module configured to retrieve, for a user, a reputation score associated with said user, wherein said reputation score is generated based on activities of said user within a network;
  
  a reputation score evaluation module configured to evaluate said reputation score; and
  
  a policy assignment module configured to assign a policy to said user based on the evaluation of said reputation score, wherein the policy governs the manner in which said user interacts with the network.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The network controller device of claim 12, further comprising an authentication module configured to authenticate said user prior to retrieving said reputation score.
  - 14. The network controller device of claim 13, wherein said authentication is performed based on one or more of Remote Authentication Dial-In User Service (RADIUS) based on authentication, Lightweight Directory Access Protocol (LDAP) based authentication, Active Directory, Novell E-directory, Safeword, SecureID, Security Assertion Markup Language 2.0 (SAML2), Terminal Access Controller Access-Control System (TACACS+), and Local Authentication.
  - 15. The network controller device of claim 12, wherein the reputation score evaluation module is further configured to compare said reputation score with one or more threshold values.
  - 16. The network controller device of claim 15, wherein the policy assignment module is further configured to choose said policy based on said comparison of said reputation score with said one or more threshold values.
  - 17. The network controller device of claim 12, wherein the network controller device is operable in a gateway device.
  - 18. The network controller device of claim 12, wherein the policy assignment module is further configured to assign said user to one of a group of virtual local area networks (VLANs), wherein each VLAN of the group of VLANs defines a different set of policies, and wherein said group of VLANs is operatively coupled with said network controller device.
  - 19. The network controller device of claim 12, wherein said reputation score is stored in a database that is operatively coupled with said network controller device.
  - 20. The network controller device of claim 12, wherein said policy comprises one or more of blocking said user, rate limiting access of said user, characterizing acceptable traffic to be sent and/or received by said user, and implementing network access conditions on said user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
May, Robert A., Pan, Yixin

Granted Patent

US 9,503,477 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

NETWORK POLICY ASSIGNMENT BASED ON USER REPUTATION SCORE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

49 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

NETWORK POLICY ASSIGNMENT BASED ON USER REPUTATION SCORE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links