AUTOMATIC LINK SECURITY
First Claim
1. A computer-implemented method comprising:
- receiving, in a controller associated with a network, a signal indicating that an unauthenticated device is requesting access to the network;
establishing a connection between the unauthenticated device and the controller;
receiving, through the connection, device identification information;
determining, by the cloud controller using the device identification information, that the device is associated with the network;
negotiating, by the controller, security material for automatically authenticating the device with the network; and
causing the network to adopt a trusted policy for allowing the automatically-authenticated device to access the network.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods, and computer-readable storage media for automatic link security. A cloud controller can receive a signal indicating that an unauthenticated device is requesting private network resources, establish a connection between the unauthenticated device and the cloud controller, and determine that the unauthenticated device is associated with a private network. The cloud controller can facilitate the negotiation of security material between the device and the network and automatically establish a secure link between the device and the private network. The cloud controller can cause the security material to be sent to the device and can transmit a policy instruction that is effective to cause a switch port to automatically bypass a default access policy and automatically adopt a trusted policy for device to access the private network.
78 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
receiving, in a controller associated with a network, a signal indicating that an unauthenticated device is requesting access to the network; establishing a connection between the unauthenticated device and the controller; receiving, through the connection, device identification information; determining, by the cloud controller using the device identification information, that the device is associated with the network; negotiating, by the controller, security material for automatically authenticating the device with the network; and causing the network to adopt a trusted policy for allowing the automatically-authenticated device to access the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A cloud controller on a network, the cloud controller comprising:
-
a processor; and a computer-readable storage medium having stored therein instructions which, when executed by the processor, cause the processor to perform operations comprising; receiving a signal indicating that an unauthenticated access point is requesting access to the network; establishing a connection between the between the unauthenticated access point and the cloud controller; receiving, through the connection, access point identification information; determining, using the access point identification information, that the access point is associated with the network; negotiating security material for automatically authenticating the access point with the network; and causing the network to adopt a trusted policy for allowing the automatically-authenticated access point to access the network. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable storage medium having stored therein instructions which, when executed by a processor in a cloud controller associated with a network, cause the processor to perform operations comprising:
-
receiving a signal from a switch port controller associated with a switch port in the network, the signal indicating that an unauthenticated access point is requesting access to the network through the switch port; establishing a secure tunnel connection between the between the unauthenticated access point and the cloud controller; receiving, through the secure tunnel connection, access point identification information; determining, using the access point identification information, that the unauthenticated access point is associated with the network; negotiating security material for automatically authenticating the access point with the network; and sending, to the switch controller, a policy instruction that is effective to cause the switch port to automatically bypass a default port-based network access control (PNAC) policy and automatically adopt a trusted policy for the access point to access the network and to revert to the default PNAC policy when the access point is removed from the switch port. - View Dependent Claims (18, 19, 20)
-
Specification