Network policy evaluation

US 7,982,595 B2
Filed: 08/14/2009
Issued: 07/19/2011
Est. Priority Date: 06/05/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A device, comprising:

a processor to;

identify a plurality of network policies related to a network client device,receive, from the network client device, parameter measurements related to the plurality of network policies,determine, based on the parameter measurements, compliance results, where the compliance results identify one or more deficiencies with regard to a compliance, by the network client device, with the plurality of network policies,forward, to a host device, the compliance results, where the compliance results are used by the host device to implement one or more of the plurality of network policies with respect to a network destination device when the network client device attempts to communicate, via the host device, to the network destination device, andforward, to the network client device, remediation instructions, where the remediation instructions are based on the compliance results and include one or more instructions to improve the compliance, of the network client device, with at least one of the plurality of network policies.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device may include an interface to send policy information to an evaluation module, where the policy information is related to a group of policies, and receive a group of results from the evaluation module, where the group of results indicates whether the status of a source device complies with the croup of policies. The interface may send an instruction to a destination device configured to implement at least a subset of the policies with respect to the source device based on the instruction.

70 Citations

View as Search Results

20 Claims

1. A device, comprising:
- a processor to;
  
  identify a plurality of network policies related to a network client device,receive, from the network client device, parameter measurements related to the plurality of network policies,determine, based on the parameter measurements, compliance results, where the compliance results identify one or more deficiencies with regard to a compliance, by the network client device, with the plurality of network policies,forward, to a host device, the compliance results, where the compliance results are used by the host device to implement one or more of the plurality of network policies with respect to a network destination device when the network client device attempts to communicate, via the host device, to the network destination device, andforward, to the network client device, remediation instructions, where the remediation instructions are based on the compliance results and include one or more instructions to improve the compliance, of the network client device, with at least one of the plurality of network policies.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The device of claim 1, where the processor, when identifying the plurality of network policies, is further to implement an application program interface.
  - 3. The device of claim 1, where the processor, when determining the compliance results, processes the plurality of network policies in parallel.
  - 4. The device of claim 1, where the processor is further to:
    - produce second compliance results based on other information, where the second compliance results relate to another network device.
  - 5. The device of claim 1, where the processor is further to store data associated with each of the plurality of network policies.
  - 6. The device of claim 1, where the processor is further to:
    - wait for a particular time period to expire,after the particular time period expires, receive, from the network client device, additional parameter measurements related to the plurality of network policies,determine, based on the additional parameter measurements, updated compliance results, andforward, to a host device, the updated compliance results.

7. A method, comprising:
- receiving, by a service device and from a network client device, parameter measurements related to the plurality of network policies,determining, by the service device and based on the parameter measurements, compliance results, where the compliance results identify one or more deficiencies with regard to compliance, by the network client device, with the plurality of network policies,forwarding, by the service device and to a host device, the compliance results, where the compliance results are used by the host device to implement one or more of the plurality of network policies with respect to a network destination device when the client device attempts to communicate, via the host device, to the network destination device, andforwarding, by the service device and to the network client device, remediation instructions, where the remediation instructions are based on the compliance results and include one or more instructions related to the one or more deficiencies.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 8. The method of claim 7, where determining the compliance results includes processing the plurality of network policies in parallel.
  - 9. The method of claim 7, further comprising:
    - producing second compliance results based on other information from another device, where the second compliance policy results relate to the other network device.
  - 10. The method of claim 7, further comprising accessing stored data associated with each of the plurality of network policies.
  - 11. The method of claim 7, further comprising:
    - waiting for a particular time period to expire,after the particular time period expires, receiving, from the network client device, additional parameter measurements related to the plurality of network policies,determining, based on the additional parameter measurements, updated compliance results, andforwarding, to a host device, the updated compliance results.
  - 12. The method of claim 7, further comprising:
    - receiving network access information about a network device operating on a first network; and
      
      generating the enforcement instruction for use with the network device and a second network.
  - 13. The method of claim 7, where forwarding the compliance results includes sending network communication policy information to the host device, where the network communication policy information includes at least one of policy identifiers, policy contents, policy names, or links to policy-related information.
  - 14. The method of claim 7, where determining the compliance results includes receiving network policy results from one of a plug-in module or a remote module.
  - 15. The method of claim 7, further comprising:
    - sending, to the network client device, the compliance results.
  - 16. The method of claim 7, where sending the compliance results to the network client device includes sending an authorization mechanism to enable the network client device to access the network destination device.
  - 17. The method of claim 7, where forwarding the compliance results to a host device, includes sending enforcement instruction that defines access, by the network client device, to the network destination device.

18. A computer readable memory device that stores instructions executable by a processing device, the computer readable memory device comprising:
- instructions to receive network communication policy information;
  
  instructions to retrieve a plurality of network policies based on the network communication policy information;
  
  instructions to determine whether a network device complies with the plurality of network policies;
  
  instructions to produce policy results based on determining whether the network device complies with the plurality of network policies; and
  
  instructions to forward remediation instructions to the network device, where the remediation instructions are based on the policy results and identify one or more actions to improve compliance, by the network device, with one or more of the plurality of network policies.
- View Dependent Claims (19, 20)
- - 19. The computer readable memory device of claim 18 further comprising:
    - instructions to send the policy results to a policy decision point that is to implement at least a subset of the network policies on behalf of a destination.
  - 20. The computer readable memory device of claim 19 further comprising:
    - Instruction to send an authorization mechanism to the network device, where the authorization mechanism enables the network device to access, via the policy decision point, data stored at the destination.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pulse Secure, LLC (Ivanti Software, Inc.)
Original Assignee
Juniper Networks Incorporated
Inventors
Hanna, Stephen R., Chickering, Roger Allen
Primary Examiner(s)
La; Anh V

Application Number

US12/541,775
Publication Number

US 20090313373A1
Time in Patent Office

704 Days
Field of Search

340/506, 340/286.02, 434/236, 434/238, 434/235, 128/920, 128/923, 709/225, 709/200, 709/223, 709/229
US Class Current

340/506
CPC Class Codes

H04L 63/0227 Filtering policies mail mes...

H04L 63/20 for managing network securi...

Network policy evaluation

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

70 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Network policy evaluation

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links