Systems and methods of controlling network access

US 8,578,444 B2
Filed: 06/14/2012
Issued: 11/05/2013
Est. Priority Date: 09/24/2003
Status: Active Grant

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method for auditing a device, the method comprising:

performing an authentication using an EAP protocol from the device, the device being connected via a computer network to an access point configured to use an 802.1x protocol;

sending a request for audit data to an agent running on the device;

receiving the audit data at a gatekeeper configured to control access to a network, from the agent, the audit data pertaining to the device and having been obtained by the agent;

applying a security policy that includes at least one requirements pertaining to the audit data and at least one requirement pertaining to the authentication, the applying of the security policy taking place under control of the gatekeeper.

View all claims

2 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A new approach to network security includes manipulating an access point such that an initial communication from an external device is passed to a restricted subset of a computing network including a gatekeeper. The gatekeeper is configured to enforce a security policy against the external device before granting access to a less-restricted subset of the computing network. If requirements of the security policy are satisfied, then the gatekeeper reconfigures the access point such that further communication from the external device may be received by elements of the less-restricted subset. Enforcement of the security policy optionally includes performing a security audit of the external device.

Citations

22 Claims

1. A method for auditing a device, the method comprising:
- performing an authentication using an EAP protocol from the device, the device being connected via a computer network to an access point configured to use an 802.1x protocol;
  
  sending a request for audit data to an agent running on the device;
  
  receiving the audit data at a gatekeeper configured to control access to a network, from the agent, the audit data pertaining to the device and having been obtained by the agent;
  
  applying a security policy that includes at least one requirements pertaining to the audit data and at least one requirement pertaining to the authentication, the applying of the security policy taking place under control of the gatekeeper.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1, wherein applying the security policy includes configuring the access point.
  - 3. The method of claim 2, wherein configuring the access point includes assigning an access control list.
  - 4. The method of claim 2, wherein configuring the access point includes assigning a VLAN.
  - 5. The method of claim 2, further comprising receiving, from the agent, updated audit data pertaining to the device after configuring the access point.
  - 6. The method of claim 2, further comprising receiving, from the agent, updated audit data pertaining to the device while the device has access to a less-restricted subset of the network.
  - 7. The method of claim 2, further comprising continuing to receive at the gatekeeper, from the agent, audit data pertaining to the device after the configuring of the access point.
  - 8. The method of claim 1, wherein receiving the audit data includes the use of the EAP protocol.
  - 9. The method of claim 1, wherein sending the authentication includes obtaining a password from a user of the device.
  - 10. The method of claim 1, wherein the request includes a request for audit data pertaining to an application.
  - 11. The method of claim 1, wherein the received audit data includes audit data that pertains to an application on the device.
  - 12. The method of claim 1, wherein the received audit data includes information that concerns operating system of the device.
  - 13. The method of claim 1, wherein the received audit data includes information that concerns antivirus software on the device.
  - 14. The method of claim 1, wherein the received audit data includes information that concerns other devices coupled to the device.
  - 15. The method of claim 1, wherein the security policy includes at least one requirement based on information about the device obtained from a third party.
  - 16. The method of claim 1, wherein the security policy is based at least in part on information concerning the identity of a user of the device.
  - 17. The method of claim 1, wherein the gatekeeper is configured to take part in bringing a software on the device up to date in response to applying the security policy.
  - 18. The method of claim 1, wherein the gatekeeper is configured to take part in facilitating updates to a software the agent to the device.
  - 19. The method of claim 1, wherein the received audit data pertains to a logoff by a user of the device.
  - 20. The method of claim 1, wherein the audit data characterizes a current state of the device.
  - 21. The method of claim 1, wherein the authentication is of a user of the device.

22. A method for auditing a device, the method comprising:
- performing an authentication using an EPA protocol from the device, the device being connected to an access point configured to use an 802.1x protocol;
  
  sending a request for audit data to an agent running on the device;
  
  receiving the audit data at a gatekeeper configured to control access to a network, from the agent, the audit data pertaining to the device and having been obtained by the agent;
  
  applying a security policy that includes at least one requirements pertaining to the audit data and at least one requirement pertaining to the authentication, the applying of the security policy taking place under control of the gatekeeper, where applying the security policy includes configuring the access point;
  
  receiving, from the agent, updated audit pertaining to the device while the device has access to a less-restricted subset of the network; and
  
  re-auditing the device in accordance to the security policy using the received updated audit data.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
InfoExpress, Inc.
Original Assignee
InfoExpress, Inc.
Inventors
Lum, Stacey C., Lee, Yuhshiow Alice
Primary Examiner(s)
Song, Hosuk

Application Number

US13/523,854
Publication Number

US 20120254937A1
Time in Patent Office

509 Days
Field of Search

726 1- 4, 726 11- 12, 726/15, 713/150, 713/153, 713/155, 713/168, 380/270, 709220-221, 709223-225, 709227-228
US Class Current

726/1
CPC Class Codes

H04L 63/0876 based on the identity of th...

H04L 63/20 for managing network securi...

Systems and methods of controlling network access

First Claim

2 Assignments

Litigations

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods of controlling network access

First Claim

2 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links