Systems and methods of controlling network access

US 8,347,350 B2
Filed: 02/10/2012
Issued: 01/01/2013
Est. Priority Date: 09/24/2003
Status: Active Grant

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method for network access control, the method comprising:

receiving audit data pertaining to a device that does not have access to a less-restricted subset of a network;

auditing the device in accordance with a security policy based at least in part on the audit data;

reconfiguring an access point to allow access to the less-restricted subset of the network in response to the security policy audit;

receiving updated audit data pertaining to the device subsequent to reconfiguring the access point; and

monitoring continued compliance of the device with the security policy using the updated audit data.

View all claims

1 Assignment

Timeline View

Assignment View

Litigations

1 Petition

Accused Products

Abstract

A new approach to network security includes manipulating an access point such that an initial communication from an external device is passed to a restricted subset of a computing network including a gatekeeper. The gatekeeper is configured to enforce a security policy against the external device before granting access to a less-restricted subset of the computing network. If requirements of the security policy are satisfied, then the gatekeeper reconfigures the access point such that further communication from the external device may be received by elements of the less-restricted subset. Enforcement of the security policy optionally includes performing a security audit of the external device.

95 Citations

View as Search Results

19 Claims

1. A method for network access control, the method comprising:
- receiving audit data pertaining to a device that does not have access to a less-restricted subset of a network;
  
  auditing the device in accordance with a security policy based at least in part on the audit data;
  
  reconfiguring an access point to allow access to the less-restricted subset of the network in response to the security policy audit;
  
  receiving updated audit data pertaining to the device subsequent to reconfiguring the access point; and
  
  monitoring continued compliance of the device with the security policy using the updated audit data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein monitoring of the device for continued compliance with the security policy includes continued communications with the device.
  - 3. The method of claim 2, wherein an interruption of continued communication indicates that the device is no longer compliant.
  - 4. The method of claim 1, wherein the access point is reconfigured to allow access to a different subset of the network in response to the device failing to comply with the security policy while being monitored.
  - 5. The method of claim 1, wherein the security policy includes authentication of the user of the device.
  - 6. The method of claim 4, wherein an agent running on the device collects the audit data.
  - 7. The method of claim 6, further comprising updating the device to comply with the security policy when the device fails to comply with the security policy.
  - 8. The method of claim 6, wherein the security policy audit is based at least in part on audit data collected by the agent concerning operating system of the device.
  - 9. The method of claim 6, wherein the security policy audit is based at least in part on audit data collected by the agent, and that concerns antivirus software on the device.
  - 10. The method of claim 6, wherein the security policy audit is based at least in part on audit data collected by the agent, and that concerns other devices coupled to the device.
  - 11. The method of claim 6, wherein the security policy audit is based at least in part on audit data collected by the agent, and that concerns registry information of the device.
  - 12. The method of claim 6, wherein the security policy audit is based at least in part on audit data collected by the agent, and that concerns a network adapter of the device.
  - 13. The method of claim 6, wherein the security policy audit is based at least in part on audit data collected by the agent, and that concerns applications executing on the device.
  - 14. The method of claim 1, wherein the security policy audit is based at least in part on information obtained from an active probe of the device.
  - 15. The method of claim 1, wherein the security policy audit is based at least in part on information obtained from a third party application or service.
  - 16. The method of claim 1, wherein the security policy audit is based at least in part on the information concerning an identity of a user of the device.
  - 17. The method of claim 1, wherein monitoring for continued compliance includes a user not logging off of the device.
  - 18. The method of claim 6, wherein updated audit data pertaining to the device continues to be received from the agent after reconfiguring the access point.
  - 19. The method of claim 6, wherein updated audit data pertaining to the device continues to be received from the agent while the device has access to the less-restricted subset of the network.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
InfoExpress, Inc.
Original Assignee
InfoExpress, Inc.
Inventors
Lum, Stacey C., Lee, Yuhshiow Alice
Primary Examiner(s)
Song, Hosuk

Application Number

US13/371,381
Publication Number

US 20120131637A1
Time in Patent Office

326 Days
Field of Search

726 1- 4, 726 11- 12, 726/15, 713/150, 713/153, 713/155, 713/168, 380/270, 709220-221, 709223-225, 709227-228
US Class Current

726/1
CPC Class Codes

H04L 63/0876 based on the identity of th...

H04L 63/20 for managing network securi...

Systems and methods of controlling network access

First Claim

1 Assignment

Litigations

1 Petition

Accused Products

Abstract

95 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods of controlling network access

First Claim

1 Assignment

Subscription Required

Subscription Required

Litigations

1 Petition

Subscription Required

Accused Products

Subscription Required

Abstract

95 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links