System and method for secure network connectivity
First Claim
1. A method of allowing a remote computer access to an internal network, comprising:
- receiving an access request from the remote computer;
requesting and receiving configuration information representing a configuration state of the remote computer, the requested configuration information based at least on the access request received from the remote computer;
determining remote computer compliance with a security policy based at least on the information received from the remote computer;
requesting and receiving additional configuration information representing a configuration state of the remote computer if the remote computer is not in compliance with the security policy, the additional configuration information request based at least on the received configuration information and the security policy; and
allowing the remote computer access to the internal network if the remote computer is in compliance with the security policy.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method to ensure that a remote computer making a VPN connection complies with network security policies. Server-driven security checks may be configured to verify compliance with each access level before access is granted at that level. The security checks may be selected based at least according to the information received from the remote computer. After the server determines that the remote computer complies with the security policy for the requested access level, the server may pass a token to the remote computer, or may grant VPN access to the remote computer. If the remote computer does not comply with the security policy associated with the requested access level but is in compliance with a security policy corresponding to a lower access level, the server may grant the remote computer access to the lower access level.
-
Citations
48 Claims
-
1. A method of allowing a remote computer access to an internal network, comprising:
-
receiving an access request from the remote computer; requesting and receiving configuration information representing a configuration state of the remote computer, the requested configuration information based at least on the access request received from the remote computer; determining remote computer compliance with a security policy based at least on the information received from the remote computer; requesting and receiving additional configuration information representing a configuration state of the remote computer if the remote computer is not in compliance with the security policy, the additional configuration information request based at least on the received configuration information and the security policy; and allowing the remote computer access to the internal network if the remote computer is in compliance with the security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of accessing an internal network from a remote computer, comprising:
-
(a) transmitting an access request to a token server, wherein the token server is not connected to the internal network; (b) receiving from the token server a request for configuration information representing a configuration state of the remote computer; (c) transmitting the configuration information of the remote computer to the token server; (d) receiving from the token server a request for additional configuration information representing a configuration state of the remote computer; (e) repeating steps (b)-(d) until an access token is received from the token server; and (f) transmitting the access token to a bridge server connected to the internal network to access the internal network. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method for providing access to a server on an internal network, comprising:
-
receiving a validation token request from a remote computer, the validation token request including configuration information representing a configuration state of the remote computer; evaluating the validation token request for compliance with a security policy, the security policy based, in part, on a configuration of the remote computer; if the validation token request does not comply with the security policy, transmitting a request for additional configuration information representing a configuration state of the remote computer, receiving the additional configuration information of the remote computer, and evaluating the received additional configuration information of the remote computer for compliance with the security policy; repeating the transmitting, receiving, and evaluating steps until a level of compliance with the security policy is determined; transmitting an access token specifying an access level based on the determined level of compliance; and processing a server login request, the server login request including the access token. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A method of accessing a server on an internal network from a remote computer, comprising:
-
transmitting a validation token request to a token server, the validation token request including configuration information representing a configuration state of the remote computer, wherein the token server is not connected to the internal network; if the validation token request does not comply with a security policy, receiving from the token server a request for additional configuration information representing a configuration state of the remote computer and transmitting to the token server the additional configuration information of the remote computer; repeating the receiving and transmitting steps until a level of compliance with the security policy is determined; receiving from the token server an access token specifying an access level based on the determined level of compliance; and transmitting the access token to a bridge server connected to the internal network to access the internal network. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44)
-
-
45. A computer program product including a computer readable medium having stored thereon computer executable instructions that, when executed on a computer, configure a computer to perform a method of allowing access to an internal network by a remote computer comprising the steps of:
-
receiving an access request from the remote computer; requesting and receiving configuration information representing a configuration state of the remote computer, the requested configuration information based at least on the access request received from the remote computer; determining remote computer compliance with a security policy based at least on the information received from the remote computer; requesting and receiving additional configuration information representing a configuration state of the remote computer if the remote computer is not in compliance with the security policy, the additional configuration information request based at least on the received configuration information and the security policy; and allowing the remote computer access to the internal network if the remote computer is in compliance with the security policy.
-
-
46. A computer program product including a computer readable medium having stored thereon computer executable instructions that, when executed on a computer, configure a remote computer to perform a method of accessing an internal network comprising the steps of:
-
(a) transmitting an access request to a token server, wherein the token server is not connected to the internal network; (b) receiving from the token server a request for configuration information representing a configuration state of the remote computer; (c) transmitting the configuration information of the remote computer to the token server; (d) receiving from the token server a request for additional configuration information representing a configuration state of the remote computer; (e) repeating steps (b)-(d) until an access token is received from the token server; and (f) transmitting the access token to a bridge server connected to the internal network to access the internal network.
-
-
47. A computer program product including a computer readable medium having stored thereon computer executable instructions that, when executed on a computer, configure a computer to perform a method of providing access to a server on an internal network comprising the steps of:
-
receiving a validation token request from a remote computer, the validation token request including configuration information representing a configuration state of the remote computer; evaluating the validation token request for compliance with a security policy, the security policy based, in part, on a configuration of the remote computer; if the validation token request does not comply with the security policy, transmitting a request for additional configuration information representing a configuration state of the remote computer, receiving the additional configuration information of the remote computer, and evaluating the received additional configuration information of the remote computer for compliance with the security policy; repeating the transmitting, receiving, and evaluating steps until a level of compliance with the security policy is determined; transmitting an access token specifying an access level based on the determined level of compliance; and processing a server login request, the server login request including the access token.
-
-
48. A computer program product including a computer readable medium having stored thereon computer executable instructions that, when executed on a computer, configure a remote computer to perform a method of accessing a server on an internal network comprising the steps of:
-
transmitting a validation token request to a token server, the validation token request including configuration information representing a configuration state of the remote computer, wherein the token server is not connected to the internal network;
,if the validation token request does not comply with a security policy, receiving from the token server a request for additional configuration information representing a configuration state of the remote computer and transmitting to the token server the additional configuration information of the remote computer; repeating the receiving and transmitting steps until a level of compliance with the security policy is determined; receiving from the token server an access token specifying an access level based on the determined level of compliance; and transmitting the access token to a bridge server connected to the internal network to access the internal network.
-
Specification