Systems and methods of controlling network access

US 8,650,610 B2
Filed: 06/14/2012
Issued: 02/11/2014
Est. Priority Date: 09/24/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method for applying a security policy to a network devices, the method comprising:

performing an identification of a device connected to an access point;

collecting audit information pertaining to the device, by querying network equipment; and

applying a security policy that includes requirements pertaining to the identification and the audit information, the applying of the security policy taking place at a gatekeeper, wherein applying the security policy includes altering a data communication within the access point with respect to the device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A new approach to network security includes manipulating an access point such that an initial communication from an external device is passed to a restricted subset of a computing network including a gatekeeper. The gatekeeper is configured to enforce a security policy against the external device before granting access to a less-restricted subset of the computing network. If requirements of the security policy are satisfied, then the gatekeeper reconfigures the access point such that further communication from the external device may be received by elements of the less-restricted subset. Enforcement of the security policy optionally includes performing a security audit of the external device.

Citations

30 Claims

1. A method for applying a security policy to a network devices, the method comprising:
- performing an identification of a device connected to an access point;
  
  collecting audit information pertaining to the device, by querying network equipment; and
  
  applying a security policy that includes requirements pertaining to the identification and the audit information, the applying of the security policy taking place at a gatekeeper, wherein applying the security policy includes altering a data communication within the access point with respect to the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 2. The method of claim 1, wherein the applying of the security policy includes the gatekeeper granting, to the device, access to a subset of a protected network.
  - 3. The method of claim 2, wherein granting access includes assigning an access control list.
  - 4. The method of claim 2, wherein granting access includes assigning a VLAN.
  - 5. The method of claim 1, wherein performing the identification of the device includes identifying a user of the device.
  - 6. The method of claim 1, wherein performing the identification includes using an EAP protocol.
  - 7. The method of claim 1, wherein the security policy includes a requirement to have a required version of an application on the device.
  - 8. The method of claim 1, wherein the security policy includes a requirement pertaining to an operating system type on the device.
  - 9. The method of claim 1, wherein the security policy includes a limit on what other devices are coupled to the device.
  - 10. The method of claim 1, wherein the security policy includes a requirement pertaining to an operating system version on the device.
  - 11. The method of claim 1, wherein the security policy includes a requirement for a user of the device to enter a password.
  - 12. The method of claim 1, wherein the security policy includes a requirement for antivirus software running on the device.
  - 13. The method of claim 1, wherein the applying of the security policy includes the gatekeeper taking part in facilitating an update to a software application on the device.
  - 14. The method of claim 1, wherein the audit information includes information pertaining to an application on the device.
  - 15. The method of claim 1, wherein the audit information includes information pertaining to an operating system of the device.
  - 16. The method of claim 1, wherein the audit information includes information pertaining to security vulnerabilities on the device.
  - 17. The method of claim 1, wherein the audit information includes information pertaining to configuration of the device.
  - 18. The method of claim 1, wherein the audit information is obtained from network equipment to which the device is directly connected.
  - 19. The method of claim 1, wherein the audit information is obtained from network equipment to which the device is indirectly connected.
  - 20. The method of claim 1, wherein the audit information is obtained from a router to which the device is indirectly connected.
  - 21. The method of claim 1, further comprising collecting information by probing the device, the probing including sending a specific packet to the device and detecting the presence or absence of a response, the information collected by probing being used in applying the security policy.
  - 22. The method of claim 1, further comprising collecting information by probing the device, the probing including sending a specific packet to the device, receiving a response and examining contents of the response, the information collected by probing being used in applying the security policy.
  - 23. The method of claim 1, further comprising collecting information using an agent executing on the device, the information collected using the agent being used in applying the security policy.
  - 24. The method of claim 1, wherein the altering the data communication includes allowing access to a secure subset of a network from the device.
  - 25. The method of claim 1, wherein the audit information pertaining to the device includes audit data.
  - 26. The method of claim 1, wherein the audit information includes third party information.

27. A method for applying a security policy to a network device, the method comprising:
- performing an identification of a device connected to an access point;
  
  collecting information pertaining to the device from network equipment to which the device is directly or indirectly connected, by querying the network equipment;
  
  collecting information using an agent executing on the device;
  
  collecting information by probing the device, the probing including sending a specific packet to the device; and
  
  applying a security policy that includes requirements pertaining to the identification, the information collected using the agent, the information collected by probing and the audit information, the applying of the security policy taking place at a gatekeeper, wherein applying the security policy includes altering a data communication within the access point with respect to the device.
- View Dependent Claims (28, 29)
- - 28. The method of claim 27, wherein the probing further includes detecting the presence or absence of a response to the packet.
  - 29. The method of claim 27, wherein the probing further includes receiving a response to the packet and examining contents of the response.

30. A method for applying a security policy to a network device, the method comprising:
- performing an identification of a device connected to an access point;
  
  collecting audit information pertaining to the device from network equipment to which the device is directly or indirectly connected, by querying the network equipment; and
  
  applying a security policy that includes requirements pertaining to the identification and the audit information, the applying of the security policy taking place at a gatekeeper, wherein applying the security policy includes altering a data communication within the access point with respect to the device, wherein altering the data communication includes using a RADIUS protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
InfoExpress, Inc.
Original Assignee
InfoExpress, Inc.
Inventors
Lum, Stacey C., Lee, Yuhshiow Alice
Primary Examiner(s)
Song, Hosuk

Application Number

US13/523,856
Publication Number

US 20120254938A1
Time in Patent Office

607 Days
Field of Search

726 1- 4, 726 11- 12, 726/15, 713/150, 713/153, 713/155, 713/168, 380/270, 709220-221, 709223-225, 709227-228
US Class Current

726/1
CPC Class Codes

H04L 63/0876 based on the identity of th...

H04L 63/20 for managing network securi...

Systems and methods of controlling network access

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods of controlling network access

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links