METHOD FOR AUTHENTICATION AND ASSURING COMPLIANCE OF DEVICES ACCESSING EXTERNAL SERVICES
First Claim
1. A system for providing a compliance-based identity for determining whether an electronic computing device complies with the security policy for an electronic communications and data network of electronic computer devices, such determination including the context of said electronic computing device, comprising:
- an identity provider, said identity provider configured to;
receive an electronic request signal from said electronic computing device and establish a virtual private network (VPN) connection with said electronic computing device and a VPN concentrator, said electronic request signal including an electronically encoded request to allow an electronically encoded process operating on an electronic processor of said electronic computer device to establish electronic communication with a specific target electronic device or service operating on said electronic communications and data network;
receive from said electronic computing device electronically encoded information about the identity of said electronically encoded process, said electronic computing device, or the user of said electronic computing device;
receive from a policy store electronically encoded policy elements for defined by said security policy;
receive from a compliance server electronically encoded information about the compliance of said electronic computing device with respect to said security policy;
receive from said VPN concentrator electronically encoded information related to the identity of the principal of said electronic computing device; and
determine at said identity provider whether said electronic computing device complies with said security policy using said request, said identity, said compliace, and said principal identity information, and said policy elements.
5 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described for determining whether an electronic computing device complies with the security policy for a network. The invention includes receiving an electronic request signal including an electronically encoded request to allow an electronically encoded process operating on an electronic processor of the electronic computer device to establish electronic communication with a specific target electronic device or service operating on the electronic communications and data network; receiving electronically encoded information about the identity of the electronically encoded process, the electronic computing device, or the use of the electronic computing device; receiving electronically encoded policy elements for the security policy; receiving electronically encoded information about the compliance of the electronic computing device; receiving electronically encoded information related to the identity of the principal of the electronic computing device; and determining whether the electronic computing device complies with the security policy.
101 Citations
24 Claims
-
1. A system for providing a compliance-based identity for determining whether an electronic computing device complies with the security policy for an electronic communications and data network of electronic computer devices, such determination including the context of said electronic computing device, comprising:
- an identity provider, said identity provider configured to;
receive an electronic request signal from said electronic computing device and establish a virtual private network (VPN) connection with said electronic computing device and a VPN concentrator, said electronic request signal including an electronically encoded request to allow an electronically encoded process operating on an electronic processor of said electronic computer device to establish electronic communication with a specific target electronic device or service operating on said electronic communications and data network; receive from said electronic computing device electronically encoded information about the identity of said electronically encoded process, said electronic computing device, or the user of said electronic computing device; receive from a policy store electronically encoded policy elements for defined by said security policy; receive from a compliance server electronically encoded information about the compliance of said electronic computing device with respect to said security policy; receive from said VPN concentrator electronically encoded information related to the identity of the principal of said electronic computing device; and determine at said identity provider whether said electronic computing device complies with said security policy using said request, said identity, said compliace, and said principal identity information, and said policy elements. - View Dependent Claims (3, 4, 5, 6, 7, 8)
- an identity provider, said identity provider configured to;
-
2. (canceled)
-
9. A method for determining whether an electronic computing device complies with the security policy for an electronic communications and data network of electronic computer devices, such determination including the context of said electronic computing device, said method comprising:
-
establishing a virtual private network (VPN) connection with said electronic computing device, an identity provider, and a VPN concentrator; receiving over from said electronic computing device said VPN connection an electronic request signal, said electronic request signal including an electronically encoded request to allow an electronically encoded process operating on an electronic processor of said electronic computer device to establish electronic communication with a specific target electronic device or service operating on said electronic communications and data network; receiving from said electronic computing device electronically encoded information about the identity of said electronically encoded process, said electronic computing device, or the user of said electronic computing device; receiving from a policy store electronically encoded policy elements for said security policy; receiving from a compliance server electronically encoded information about the compliance of said electronic computing device with respect to said security policy; receiving from said VPN connection electronically encoded information related to the identity of the principal of said electronic computing device; and determining at said identity provider whether said electronic computing device complies with said security policy using said request, said identity, said compliace, and said principal identity information, and said policy elements. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
10. (canceled)
-
17. A non-transitory computer-readable medium, containing electronically encoded computer readable program control devices thereon, said electronically encoded computer readable program control devices being configured to enable an electronic computer to perform electronic computer operations comprising:
-
establishing a virtual private network (VPN) connection with said electronic computing device, an identity provider, and a VPN concentrator; receiving over from said electronic computing device said VPN connection an electronic request signal, said electronic request signal including an electronically encoded request to allow an electronically encoded process operating on an electronic processor of said electronic computer device to establish electronic communication with a specific target electronic device or service operating on said electronic communications and data network; receiving from said electronic computing device electronically encoded information about the identity of said electronically encoded process, said electronic computing device, or the user of said electronic computing device; receiving from a policy store electronically encoded policy elements for said security policy; receiving from a compliance server electronically encoded information about the compliance of said electronic computing device with respect to said security policy; receiving from said VPN connection electronically encoded information related to the identity of the principal of said electronic computing device; and determining at said identity provider whether said electronic computing device complies with said security policy using said request, said identity, said compliace, and said principal identity information, and said policy elements. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
-
18. (canceled)
Specification