System, apparatuses, methods and computer-readable media for determining the security status of a computer before establishing a network connection
First Claim
Patent Images
1. A method comprising the steps of:
- (a) receiving from a first computer at a second computer via a network a request message from the first computer to establish a network connection;
(b) retrieving security state data at the second computer;
(c) incorporating the security state data into a response message at the second computer;
(d) transmitting the response message including the security state data from the second computer to the first computer via the network;
(e) receiving the response message including the security state data from the second computer at the first computer via the network;
(f) determining at the first computer if security activation data stored at the first computer indicates that the security state data is to be processed in order to determine if network connection to the second computer is to be permitted; and
if the determining in step (f) establishes that the security activation data indicates that the security state data is to be processed,(g) determining at the first computer if the network connection to the second computer is permitted based on security policy data stored in the first computer and the security state data received from the second computer;
(h) proceeding with establishing the network connection if the determining of step (g) establishes that connection to the second computer is permitted; and
(i) terminating further processing to establish the network connection if the determining of step (a) establishes that the connection to the second computer is not permitted.
3 Assignments
0 Petitions
Accused Products
Abstract
The disclosed system, apparatuses, methods, and computer-readable media can be used by a computer to establish the security status of another computer before establishing a network connection to it. Responsive to a request message, security state data indicating this status can be incorporated into a response message as one of the first few packets exchanged by computers to establish a network connection. This enables a computer to determine whether the other computer'"'"'s security status is compliant with its security policy before establishing the network connection, reducing risk of infection by a virus, worm, or the like.
-
Citations
16 Claims
-
1. A method comprising the steps of:
-
(a) receiving from a first computer at a second computer via a network a request message from the first computer to establish a network connection; (b) retrieving security state data at the second computer; (c) incorporating the security state data into a response message at the second computer; (d) transmitting the response message including the security state data from the second computer to the first computer via the network; (e) receiving the response message including the security state data from the second computer at the first computer via the network; (f) determining at the first computer if security activation data stored at the first computer indicates that the security state data is to be processed in order to determine if network connection to the second computer is to be permitted; and if the determining in step (f) establishes that the security activation data indicates that the security state data is to be processed, (g) determining at the first computer if the network connection to the second computer is permitted based on security policy data stored in the first computer and the security state data received from the second computer; (h) proceeding with establishing the network connection if the determining of step (g) establishes that connection to the second computer is permitted; and (i) terminating further processing to establish the network connection if the determining of step (a) establishes that the connection to the second computer is not permitted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
Specification