Methods and apparatus to validate configuration of computerized devices
First Claim
1. A method, comprising:
- providing device configuration data to a device configuration certifier from a device that will seek access to a computer network, where the device configuration data describes a configuration of the device that will seek access to the computer network and a role to be taken by the device while accessing the computer network, and where the device configuration data does not include user identity information;
receiving a device configuration verification credential from the configuration certifier, where the device configuration verification credential confirms that the device configuration conforms with a device configuration policy associated with network security in light of the role to be taken by the device, and where the device configuration verification credential is unrelated to user identity and user authentication;
providing the device configuration verification credential to a network device in data communication with the computer network, where the network device controls access to the computer network based, at least in part, on the device configuration verification credential; and
selectively accessing the computer network upon the network device verifying the device configuration verification credential;
wherein the method is performed by one or more processors.
1 Assignment
0 Petitions
Accused Products
Abstract
A system verifies configuration of a device within a network via an exchange of verification credentials, which are requested, received and authenticated. The verification credentials indicate that a configuration of the device was acceptable at the time of creation of the verification credentials for that device. The verification credentials of the device are obtained through a certifying process. During the certifying process, the credential certifier receives a current device configuration of the device in the network, and evaluates the current device configuration of a device with respect to its role within a network. The verification credentials are issued to the requesting device and stored within a database. The device submits its verification credentials if being requested by the other peer it'"'"'s communicating with when it enters the network. It also monitors the current device configuration and if there are changes, it invalidates the existing certification credentials and requests new one.
-
Citations
18 Claims
-
1. A method, comprising:
-
providing device configuration data to a device configuration certifier from a device that will seek access to a computer network, where the device configuration data describes a configuration of the device that will seek access to the computer network and a role to be taken by the device while accessing the computer network, and where the device configuration data does not include user identity information; receiving a device configuration verification credential from the configuration certifier, where the device configuration verification credential confirms that the device configuration conforms with a device configuration policy associated with network security in light of the role to be taken by the device, and where the device configuration verification credential is unrelated to user identity and user authentication; providing the device configuration verification credential to a network device in data communication with the computer network, where the network device controls access to the computer network based, at least in part, on the device configuration verification credential; and selectively accessing the computer network upon the network device verifying the device configuration verification credential; wherein the method is performed by one or more processors. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus, comprising:
-
a memory; a processor; a communications interface; and an interconnection mechanism coupling the memory, the processor and the communications interface; where the memory is encoded with a verification application that when executed on the processor produces a verification process that causes a computerized device to perform a method, the method comprising; requesting a verification credential of a device in a network, where the verification credential was provided to the device at a previous time by a configuration certifier, and where the verification credential depends on a role to be played by the device in the network and by a configuration of the device; receiving the verification credential from the device; and authenticating that the verification credential received from the device indicates that the configuration of the device was acceptable at the time of creation of the verification credential. - View Dependent Claims (9, 10, 11)
-
-
12. A non-transitory computer-readable medium storing one or more sequences of instructions which, when executed by one or more processors, cause the one or more processors to perform:
-
providing device configuration data to a device configuration certifier from a device that will seek access to a computer network, where the device configuration data describes a configuration of the device that will seek access to the computer network and a role to be taken by the device while accessing the computer network, and where the device configuration data does not include user identity information; receiving a device configuration verification credential from the configuration certifier, where the device configuration verification credential confirms that the device configuration conforms with a device configuration policy associated with network security in light of the role to be taken by the device, and where the device configuration verification credential is unrelated to user identity and user authentication; providing the device configuration verification credential to a network device in data communication with the computer network, where the network device controls access to the computer network based, at least in part, on the device configuration verification credential; and selectively accessing the computer network upon the network device verifying the device configuration verification credential. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
Specification