Systems and methods of controlling network access

US 8,677,450 B2
Filed: 06/14/2012
Issued: 03/18/2014
Est. Priority Date: 09/24/2003
Status: Active Grant

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method for applying a security policy to network devices, the method comprising:

performing an authentication of a device connected to an access point;

scanning the device to collect information regarding the device;

applying a security policy, the security policy including one or more requirements pertaining to the authentication and the information, the application of the security policy taking place in response to a gatekeeper, andconfiguring the access point in response to a result of applying the security policy.

View all claims

2 Assignments

Timeline View

Assignment View

Litigations

1 Petition

Accused Products

Abstract

A new approach to network security includes manipulating an access point such that an initial communication from an external device is passed to a restricted subset of a computing network including a gatekeeper. The gatekeeper is configured to enforce a security policy against the external device before granting access to a less-restricted subset of the computing network. If requirements of the security policy are satisfied, then the gatekeeper reconfigures the access point such that further communication from the external device may be received by elements of the less-restricted subset. Enforcement of the security policy optionally includes performing a security audit of the external device.

150 Citations

34 Claims

1. A method for applying a security policy to network devices, the method comprising:
- performing an authentication of a device connected to an access point;
  
  scanning the device to collect information regarding the device;
  
  applying a security policy, the security policy including one or more requirements pertaining to the authentication and the information, the application of the security policy taking place in response to a gatekeeper, andconfiguring the access point in response to a result of applying the security policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, further comprising facilitating updates to software on the device in response to applying the security policy, using the gatekeeper.
  - 3. The method of claim 1, wherein configuring the access point includes setting an access control list on the access point.
  - 4. The method of claim 1, wherein configuring the access point includes assigning a VLAN.
  - 5. The method of claim 1, wherein the authentication identifies the user of the device.
  - 6. The method of claim 1, wherein the authentication identifies the device.
  - 7. The method of claim 1, wherein the authentication includes using an EAP protocol.
  - 8. The method of claim 1, wherein the authentication includes using a RADIUS protocol.
  - 9. The method of claim 1, wherein one of the requirements pertains to a status of an application on the device.
  - 10. The method of claim 1, wherein one of the requirements pertains to a status of an operating system exon the device.
  - 11. The method of claim 1, wherein one of the requirements pertains to other devices coupled to the device.
  - 12. The method of claim 1, wherein one of the requirements pertains to a type of the device.
  - 13. The method of claim 1, wherein one of the requirements pertains to an IP address of the device.
  - 14. The method of claim 1, wherein the scanning is performed using an agent on the device.
  - 15. The method of claim 1, wherein one of the requirements pertains to a device coupled to the device, other than the access point or gatekeeper.

16. A method of providing access over a communication network, the method comprising:
- receiving at an access point a request for access to a less-restricted network, the request coming from an access device;
  
  applying a security policy to the access device in response to the request, application of the security policy including performing an audit of the access device;
  
  providing information to the access device to improve compliance of the access device to the security policy, in response to the audit;
  
  granting access to the less-restricted network based on satisfaction of the security policy by the updated access device; and
  
  authenticating a user of the access device, wherein granting access is further based on the authentication.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The method of claim 16, wherein the granting of access includes configuring the access point to allow the access.
  - 18. The method of claim 16, wherein the audit includes receiving third party data regarding the access device.
  - 19. The method of claim 16, wherein the information includes a software update.
  - 20. The method of claim 16, wherein the information includes virus data.
  - 21. The method of claim 16, wherein the information includes configuration data.

22. A method of providing access over a communication network, the method comprising:
- receiving at an access point a request for access via a less-restricted network, the request coming from an access device;
  
  applying a security policy to the access device in response to the request, application of the security policy including performing an audit of the access device;
  
  providing information to the access device to improve compliance of the access device to the security policy, in response to the audit; and
  
  granting access to the less-restricted network based on satisfaction of the security policy by the updated access device, the granting of access includes configuring the access point to allow the access.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 23. The method of claim 22, wherein performing the audit includes using an agent on the access device to collect information regarding the access device.
  - 24. The method of claim 22, wherein performing the audit includes receiving third party information regarding the access device.
  - 25. The method of claim 22, wherein performing the audit includes receiving operating system information from the access device.
  - 26. The method of claim 22, wherein the information includes software.
  - 27. The method of claim 22, wherein the information includes a software update of software on the access device.
  - 28. The method of claim 27, wherein the software update is an update for an anti-virus program.
  - 29. The method of claim 22, wherein the information includes anti-virus data.
  - 30. The method of claim 22, wherein the information includes configuration data.
  - 31. The method of claim 22, wherein the information includes a version of an operating system on the access device.
  - 32. The method of claim 22, wherein the information includes an identity of an operating system on the access device.
  - 33. The method of claim 22, wherein configuring the access point includes setting an access control list on the access point.

34. A method for applying a security policy to network devices, the method comprising:
- performing an authentication from a device connected to an access point;
  
  scanning the device;
  
  applying a security policy that includes requirements pertaining to the authentication and the active probe, the applying of the security policy taking place at a gatekeeper, andconfiguring the access point in response to the security policy.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
InfoExpress, Inc.
Original Assignee
InfoExpress, Inc.
Inventors
Lum, Stacey C., Lee, Yuhshiow Alice
Primary Examiner(s)
Song, Hosuk

Application Number

US13/523,858
Publication Number

US 20120254939A1
Time in Patent Office

642 Days
Field of Search

726 1- 4, 726 11- 12, 726/15, 713/150, 713/153, 713/155, 713/168, 380/270, 709220-221, 709223-225, 709227-228
US Class Current

726/1
CPC Class Codes

H04L 63/0876 based on the identity of th...

H04L 63/20 for managing network securi...

Systems and methods of controlling network access

First Claim

2 Assignments

Litigations

1 Petition

Accused Products

Abstract

150 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods of controlling network access

First Claim

2 Assignments

Subscription Required

Subscription Required

Litigations

1 Petition

Subscription Required

Accused Products

Subscription Required

Abstract

150 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links