Method and system for verifying and updating the configuration of an access device during authentication
First Claim
Patent Images
1. A method comprising:
- performing, in a first service access provider, operations including,receiving an access request from a client access device, the access request requesting access to a network, wherein a user associated with the client access device is a subscriber of a second service access provider, wherein the second service provider is physically distinguished from the first service provider;
establishing a communications link with the client access device to authenticate and authorize the user, including delivering an agent to the client access device, the agent operable to identify the client device configuration;
receiving client device configuration data from the agent over the communications link during an authentication and authorization exchange;
transmitting the client device configuration data destined for the second service access provider, wherein the second service access provider is operable to process the client device configuration data and selectively grant the client access device access to the network based upon the client device configuration data; and
receiving an indication about whether the client access device is granted access to the network, the indication originating from the second service access provider.
11 Assignments
0 Petitions
Accused Products
Abstract
A system and method is provided to verify configuration of a client access device requesting access to a network by establishing a communications link between a network access system and the client access device to authenticate and authorize the client access device and a user associated with the client access device. The network access system further receives client device configuration data from the client access device over the communications link during an authentication and authorization exchange and processes the client device configuration data to determine if the client access device will be granted access to the network.
-
Citations
34 Claims
-
1. A method comprising:
performing, in a first service access provider, operations including, receiving an access request from a client access device, the access request requesting access to a network, wherein a user associated with the client access device is a subscriber of a second service access provider, wherein the second service provider is physically distinguished from the first service provider; establishing a communications link with the client access device to authenticate and authorize the user, including delivering an agent to the client access device, the agent operable to identify the client device configuration; receiving client device configuration data from the agent over the communications link during an authentication and authorization exchange; transmitting the client device configuration data destined for the second service access provider, wherein the second service access provider is operable to process the client device configuration data and selectively grant the client access device access to the network based upon the client device configuration data; and receiving an indication about whether the client access device is granted access to the network, the indication originating from the second service access provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
15. A system to verify configuration data of a client access device requesting access to a packet-switched computer network, the system comprising:
-
a first service access provider, coupled to the packet-switched computer network, to establish a communications link to the client access device, including delivering an agent to the client access device, the agent operable to identify the client device configuration, via the packet switched computer network to receive, from the client access device, authentication information for a user associated with the client access device and to receive the configuration data from the client access device over the communications link during an authentication and authorization exchange; and a second service access provider to receive said authentication information and the said configuration data from the first service access provider, to process the configuration data, to selectively grant the client access device access to the network based upon the configuration data, and to originate an indication whether the client access device is granted access to the network; and wherein the second service provider is physically distinguished from the first service provider and the client access device is a subscriber of the second service access provider. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A machine readable storage medium storing a set of instructions that, when executed by a machine, cause the machine to:
perform, in a first service access provider, following operations; receiving an access request from a client access device, the access request requesting access to a network, wherein a user associated with the client access device is a subscriber of a second service access provider, wherein the second service provider is physically distinguished from the first service provider;
establishing a communications link with a client access device including delivering an agent to the client access device, the agent operable to identify the client device configuration to authenticate and authorize the user associated with the client access device;receiving client device configuration data from device over the communications link during an authentication and authorization exchange; transmitting the client device configuration data destined for the second service access provider, wherein the second service access provider is operable to process the client device configuration data and to selectively grant the client access device access to the network based upon the client device configuration data; and receiving an indication about whether the client access device is granted access to the network, the indication originating from the second service access provider. - View Dependent Claims (30)
-
31. A method to manage access to a network from a client access device, the method comprising:
-
requesting access to the network, the requesting involving a first service access provider and a second service access provider, authenticating a user associated with the client access device in an authentication and authorization exchange, at the first service provider, involving an agent delivered to the client access device, said delivered agent operable to identify the client device configuration data, wherein the user is a subscriber of the second service access provider; communicating client device configuration data to the second service access provider via said delivered agent, wherein the client device configuration data includes security setting status data received from executables operating on the client device; processing the configuration data, by the second service access provider; receive a verification response from the second service access provider via the first service access provider; and if the user is authenticated and the verification response from the second service access provider indicates acceptance of the client device configuration data, access the network via the first service provider. - View Dependent Claims (32)
-
-
33. A machine readable storage medium storing a set of instructions that, when executed by a machine, cause the machine to:
-
request, from a first service access provider, access to a network, the requesting involving a first service access provider and a second service access provider, wherein the second service provider is physically distinguished from the first service provider; authenticate and authorize a user associated with the request in an authentication and authorization exchange, at the first service provider, involving an agent delivered to the client access device, said delivered agent operable to identify the client device configuration data, wherein the user is a subscriber of the second service access provider; communicate client device configuration data to the second service access provider via the agent;
wherein the client device configuration data includes security setting status data received from executables operating on the client device;process the configuration data, by the second service access provider, receive a verification response from the second service access provider via the first service access provider; and if the user is authenticated and the verification response from the second service access provider indicates acceptance of the client device configuration data, access the network via the first service provider. - View Dependent Claims (34)
-
Specification