Network Access Control with Compliance Policy Check
First Claim
1. A method comprising:
- receiving, by an authentication application from a user device, a request to access a software-as-a-service server;
retrieving, by the authentication application, a compliance check result generated by a network access control server based on
1) compliance data collected by a client application on the user device, and
2) a security policy for the software-as-a-service server;
granting, by the authentication application, access by the user device to the software-as-a-service server when the compliance check result is positive; and
denying, by the authentication application, access by the user device to the software-as-a-service server when the compliance check result is negative.
3 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present invention include methods involving an authentication application, a client application, or a combination of a network access control server with the authentication application and the client application. The client application collects compliance data regarding the user device and communicates the compliance data to the network access control server. The network access control server generates a compliance check result based on whether the compliance data indicates that the user device is compliant with a security policy for the software-as-a-service server. The authentication application grants access by the user device when the compliance check result is positive; and the authentication application denies access by the user device when the compliance check result is negative. In some embodiments, the compliance check result or a user device identifier is stored in a web browser cookie or a client certificate on the user device.
-
Citations
19 Claims
-
1. A method comprising:
-
receiving, by an authentication application from a user device, a request to access a software-as-a-service server; retrieving, by the authentication application, a compliance check result generated by a network access control server based on
1) compliance data collected by a client application on the user device, and
2) a security policy for the software-as-a-service server;granting, by the authentication application, access by the user device to the software-as-a-service server when the compliance check result is positive; and denying, by the authentication application, access by the user device to the software-as-a-service server when the compliance check result is negative. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
collecting, by a client application on a user device, compliance data on the user device; and sending, by the client application, the compliance data to a network access control server for the network access control server to generate a compliance check result based on the compliance data and a security policy for a software-as-a-service server, wherein the compliance check result is for use by an authentication application to grant access by the user device to the software-as-a-service server when the compliance check result is positive and to deny access by the user device to the software-as-a-service server when the compliance check result is negative. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method comprising:
-
collecting, by a client application, compliance data on a user device; sending, by the client application, the compliance data to a network access control server; generating, by the network access control server, a compliance check result based on the compliance data and a security policy for a software-as-a-service server; storing, by the network access control server, the compliance check result; storing, by the client application, a user device identifier in a client certificate on the user device; requesting, by an authentication application, the client certificate during a login procedure; reading, by the authentication application, the user device identifier from the client certificate; based on the user device identifier, requesting, by the authentication application, the compliance check result from the network access control server; granting, by the authentication application, access by the user device to the software-as-a-service server when the compliance check result is positive; and denying, by the authentication application, access by the user device to the software-as-a-service server when the compliance check result is negative. - View Dependent Claims (16, 17, 18, 19)
-
Specification