Network access control
First Claim
1. An apparatus for controlling access to a network by a plurality of users, comprising:
- a criteria engine configured to generate a plurality of criteria to be monitored for at least one user from the plurality of users;
a checker configured to generate at least one check for each of the plurality of criteria;
a profiler configured to retrieve a profile for the at least one user, the profile including the plurality of criteria and the at least one check for each of the plurality of criteria;
a comparator configured to compare the retrieved profile to a summary of a profile received from the at least one user;
a communicator comprising a signal transmitter, the communicator being configured to communicate a message from the signal transmitter to the at least one user based on the comparison;
the comparator being further configured to assign an action type to each of a plurality of discrete levels of compliance for the at least one user; and
an interface configured to receive an instruction to one of modify, add and delete at least one of a profile, a policy, a criteria, and a check,wherein the action type includes at least one of a disconnect action, a quarantine action, and a non-action, and the discrete levels of compliance include at least two value ranges.
17 Assignments
0 Petitions
Accused Products
Abstract
An system for controlling access to a network by a user device. The system includes a criteria engine that generates a plurality of criteria to be monitored on the user device and a checker that generates at least one check for each of the plurality of criteria. The system further includes a profiler that retrieves a profile for the user device, the profile including the plurality of criteria and the at least one check for each of the plurality of criteria, a comparator that compares a summary of the retrieved profile to a summary of a profile received from the user device and a communicator that communicates a message to the user device based on the comparison.
28 Citations
21 Claims
-
1. An apparatus for controlling access to a network by a plurality of users, comprising:
-
a criteria engine configured to generate a plurality of criteria to be monitored for at least one user from the plurality of users; a checker configured to generate at least one check for each of the plurality of criteria; a profiler configured to retrieve a profile for the at least one user, the profile including the plurality of criteria and the at least one check for each of the plurality of criteria; a comparator configured to compare the retrieved profile to a summary of a profile received from the at least one user; a communicator comprising a signal transmitter, the communicator being configured to communicate a message from the signal transmitter to the at least one user based on the comparison; the comparator being further configured to assign an action type to each of a plurality of discrete levels of compliance for the at least one user; and an interface configured to receive an instruction to one of modify, add and delete at least one of a profile, a policy, a criteria, and a check, wherein the action type includes at least one of a disconnect action, a quarantine action, and a non-action, and the discrete levels of compliance include at least two value ranges. - View Dependent Claims (2, 3, 4, 5, 10)
-
-
6. A system comprising a first apparatus and a second apparatus,
the first apparatus being structured and arranged for controlling access to a network by a plurality of users and comprising: -
a criteria engine configured to generate a plurality of criteria to be monitored for at least one user from the plurality of users; a checker configured to generate at least one check for each of the plurality of criteria; a profiler configured to retrieve a profile for the at least one user, the profile including the plurality of criteria and the at least one check for each of the plurality of criteria; a comparator configured to compare the retrieved profile to a summary of a profile received from the at least one user; a communicator comprising a signal transmitter, the communicator being configured to communicate a message from the signal transmitter to the at least one user based on the comparison; the comparator being further configured to assign an action type to each of a plurality of discrete levels of compliance for the at least one user; and an interface configured to receive an instruction to one of modify, add and delete at least one of a profile, a policy, a criteria, and a check, wherein the action type includes at least one of a disconnect action, a quarantine action, and a non-action, and the discrete levels of compliance include at least two value ranges; and the second apparatus being structured and arranged for use with the first apparatus and comprising; a communicator configured to receive a profile; a storage configured to store the profile; and a profile engine configured to process the profile. - View Dependent Claims (7, 8, 9)
-
-
11. A method for controlling access to a network by a plurality of users, comprising:
-
receiving, via a signal receiver, a compliance level from a signal transmitted from a user; comparing the compliance level to a predetermined compliance value set; controlling access to the network by the user based on the comparison; and generating a policy for the user; and sending a message to the user, wherein the generating of the policy comprises; generating a plurality of criteria to be monitored; generating a check for each criteria of the plurality of criteria; generating an associated compliance level based on a status of the check for each criteria of the plurality of criteria; generating the predetermined compliance value set, including at least one compliance value range; and associating the at least one compliance value range with an action type, access to the network by the user being controlled based on the action type. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method for controlling access to a network by a user that has received a policy comprising a criteria, at least one check for the criteria and a compliance level associated with a status of the at least one check, the method comprising:
-
generating a summary of a policy currently being used by the user; sending via a signal transmitter the summary of the current policy to a host when a condition changes; receiving via a signal receiver a message from the host; receiving another policy from the host, the another policy being different from the policy currently being used by the user; selecting a criteria to be checked in accordance with the received another policy; checking a status of at least one check corresponding to the selected criteria; determining a compliance level based on the checked status of the at least one check; and sending the compliance level to the host, wherein the compliance level corresponds to an action type for controlling access to the network by the user.
-
-
17. A non-transitory computer readable medium comprising a plurality of program code sections, which when executed by a processor, cause access to a network by a user to be controlled, the tangible computer readable medium comprising:
-
a compliance level receiving code section that, when executed, causes receiving via a signal receiver a compliance level from a user; a comparing code section that, when executed, causes comparing the compliance level to a predetermined compliance value set; and an access control code section that, when executed, causes controlling access to the network by the user based on the comparison; a policy generating code section that, when executed, causes generating a policy for the user; and a messaging code section that, when executed, causes sending a message to the user, wherein, when executed, the policy generating code section further causes; generating a plurality of criteria to be monitored; generating a check for each criteria of the plurality of criteria; generating an associated compliance level based on a status of the check for each criteria of the plurality of criteria; generating the predetermined compliance value set, including at least one compliance value range; and associating the at least one compliance value range with an action type, access to the network by the user being controlled based on the action type. - View Dependent Claims (18, 19, 20, 21)
-
Specification