Method and system for dynamic security using authentication server
First Claim
Patent Images
1. A data network access security system for regulating access to resources on a data network, said system comprising:
- a network security and monitoring system (NSMS) for monitoring access of end systems to the network; and
an access policy module to receive authentication credentials from an access point through which a first client device is attempting to connect to network resources, said policy module further responds to the access point with determinations of network resource access permissions and restrictions for the first client device based on data retrieved;
(1) from an authentication database and (2) a Dynamic Security Data &
Policy Database (DSDPD), which DSDPD includes rules indicating network resource access provisions to be applied to a given client device based on;
(1) data received from the given client device indicating the compliance of the given client device with specific security policies and (2) security information said DSDPD retrieves from said NSMS;
wherein, said NSMS monitors a history of network resource access authorization requests, which history includes;
(a) identities of parties who requested authorizations; and
(b) results of the authorization requests.
4 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a method and system for network access control, including an authentication proxy that authenticates different access-points, retrieves data from security databases and from Network Monitoring Systems, processing said data according to a dynamic security policy and using said processing outcome to determine the access level which will be granted to an access point in the network.
-
Citations
21 Claims
-
1. A data network access security system for regulating access to resources on a data network, said system comprising:
-
a network security and monitoring system (NSMS) for monitoring access of end systems to the network; and an access policy module to receive authentication credentials from an access point through which a first client device is attempting to connect to network resources, said policy module further responds to the access point with determinations of network resource access permissions and restrictions for the first client device based on data retrieved;
(1) from an authentication database and (2) a Dynamic Security Data &
Policy Database (DSDPD), which DSDPD includes rules indicating network resource access provisions to be applied to a given client device based on;
(1) data received from the given client device indicating the compliance of the given client device with specific security policies and (2) security information said DSDPD retrieves from said NSMS;wherein, said NSMS monitors a history of network resource access authorization requests, which history includes; (a) identities of parties who requested authorizations; and (b) results of the authorization requests. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for regulating access to resources on a data network comprising:
-
receiving authentication credentials from an access point through which the client is attempting to connect to network resources; retrieving data from an authentication server; retrieving data from a Dynamic Security Data &
Policy Database (DSDPD), which DSDPD includes rules indicating network resource access provisions to be applied to a given client device based on;
(1) data received from the given client device indicating the compliance of the given client device with specific security policies and (2) security information said DSDPD retrieves from a network security and monitoring system (NSMS), wherein said NSMS monitors a history of network resource access authorization requests, which history includes;(a) identities of parties who requested authorizations; and (b) results of the authorization requests; processing the retrieved data from the authentication server and the DSDPD, wherein said processing is computed according to a dynamic security policy; and sending a response to the network access point based on the processing of the retrieved data. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for updating a network security and monitoring system comprising:
-
receiving an authorization request from an access point; receiving a response from an authentication server; and updating the network security and monitoring system by updating rules of a functionally associated Dynamic Security Data &
Policy Database (DSDPD), which DSDPD includes rules indicating network resource access provisions to be applied to a given client device based on;
(1) data received from the given client device indicating the compliance of the given client device with specific security policies; and
(2) security information said DSDPD retrieves from a network security and monitoring system (NSMS), wherein said NSMS monitors a history of network resource access authorization requests, which history includes;(a) identities of parties who requested authorizations; and (b) results of the authorization requests. - View Dependent Claims (20, 21)
-
Specification