Method and apparatus for network assessment and authentication
First Claim
1. A computer-implemented process for authenticating a workstation requesting a network service from a network server via a computer network, comprising the steps:
- completing a vulnerability assessment of the workstation to identify security vulnerabilities that would compromise the secure operation of the workstation on the computer network;
generating workstation security credentials based on the vulnerability assessment, the workstation security credentials comprising one of integrity information describing whether the workstation has been compromised, and security posture information describing the workstation'"'"'s potential for compromise, wherein the step of generating the workstation security credentials comprises completing the vulnerability assessment of the workstation by a local workstation assessment service maintained on the workstation, the local workstation assessment service operative to generate the workstation security credentials;
comparing the workstation security credentials to a workstation security policy to determine whether the workstation should be granted access to the network service; and
authorizing access to the network service by the workstation if the workstation security credentials satisfy the workstation security policy, otherwise denying access to the network service by the workstation.
2 Assignments
0 Petitions
Accused Products
Abstract
Providing a user with assurance that a networked computer is secure, typically before completion of the log-in operation. This can be accomplished by extending the local log-in process to perform a host assessment of the workstation prior to requesting the user'"'"'s credentials. If the assessment finds a vulnerability, the log-in process can inform the user that the machine is or may be compromised, or repair the vulnerability, prior to completion of the log-in operation. By performing vulnerability assessment at the level of the workstation, a network server is able to determine whether the workstation is a “trusted” platform from which to accept authentication requests. If the vulnerability assessment shows that the workstation is compromised, or if the possibility of remote compromise is high, the network server can elect to fail the authentication on the grounds that the workstation cannot be trusted. Optionally, a vulnerability assessment tool may be able to repair the vulnerability of the workstation, and then allow the authentication to proceed.
-
Citations
16 Claims
-
1. A computer-implemented process for authenticating a workstation requesting a network service from a network server via a computer network, comprising the steps:
-
completing a vulnerability assessment of the workstation to identify security vulnerabilities that would compromise the secure operation of the workstation on the computer network; generating workstation security credentials based on the vulnerability assessment, the workstation security credentials comprising one of integrity information describing whether the workstation has been compromised, and security posture information describing the workstation'"'"'s potential for compromise, wherein the step of generating the workstation security credentials comprises completing the vulnerability assessment of the workstation by a local workstation assessment service maintained on the workstation, the local workstation assessment service operative to generate the workstation security credentials; comparing the workstation security credentials to a workstation security policy to determine whether the workstation should be granted access to the network service; and authorizing access to the network service by the workstation if the workstation security credentials satisfy the workstation security policy, otherwise denying access to the network service by the workstation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer-implemented process for authenticating a workstation requesting a network service from a network server via a computer network, comprising the steps:
-
completing a vulnerability assessment of the workstation to identify security vulnerabilities that would compromise the secure operation of the workstation on the computer network; generating workstation security credentials based on the vulnerability assessment, the workstation security credentials comprising one of integrity information describing whether the workstation has been compromised, and security posture information describing the workstation'"'"'s potential for compromise, wherein the step of generating the workstation security credentials comprises completing the vulnerability assessment of the workstation by a network workstation assessment service maintained on the network server, the network workstation assessment service operative to generate the workstation security credentials, wherein the workstation security policy is maintained on the workstation, providing the workstation security credentials from the network workstation assessment service to the workstation security policy on the workstation via the computer network; comparing the workstation security credentials to a workstation security policy to determine whether the workstation should be granted access to the network service; and authorizing access to the network service by the workstation if the workstation security credentials satisfy the workstation security policy, otherwise denying access to the network service by the workstation. - View Dependent Claims (16)
-
Specification