Transport agnostic network access control

US 8,886,802 B1
Filed: 03/23/2009
Issued: 11/11/2014
Est. Priority Date: 03/23/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

assigning, at a server-side network-access-control computing system, a transport-agnostic identifier to a client-side computing device, the transport-agnostic identifier being configured to uniquely identify the client-side computing device regardless of the media-transport technologies used by the client-side computing device to access a first network;

associating the transport-agnostic identifier with access-control information stored at the server-side network-access-control computing system that is indicative of whether the client-side computing device is compliant with an access-control policy;

identifying, at the server-side network-access-control computing system, a first attempt by the client-side computing device to access the first network, the first attempt being made via a first media-transport technology that identifies the client-side computing device with a first transport-specific identifier;

receiving, at the server-side network-access-control computing system, the transport-agnostic identifier from the client-side computing device;

using, at the server-side network-access-control computing system, the transport-agnostic identifier, instead of the first transport-specific identifier, to determine whether to allow the client-side computing device to access the first network, wherein;

determining whether to allow the client-side computing device to access the first network comprises;

using the transport-agnostic identifier to retrieve the access-control information stored at the server-side network-access-control computing system;

determining, based on the access-control information, whether the client-side computing device is compliant with the access-control policy;

identifying, at the server-side network-access-control computing system, a second attempt by the client-side computing device to access the first network, the second attempt being made via a second media-transport technology that identifies the client-side computing device with a second transport-specific identifier that is different than the first transport-specific identifier;

re-receiving, at the server-side network-access-control computing system, the transport-agnostic identifier from the client-side computing device;

using, at the server-side network-access-control computing system, the transport-agnostic identifier, instead of the second transport-specific identifier, to determine whether to allow the client-side computing device to access the first network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method may include assigning a transport-agnostic identifier to a computing device. The computer-implemented method may include identifying a first attempt by the computing device to access a first network. The first attempt may be made via a first media-transport technology that identifies the computing device with a first transport-specific identifier. The computer-implemented method may also include receiving the transport-agnostic identifier from the computing device. The computer-implemented method may further include using the transport-agnostic identifier, instead of the first transport-specific identifier, to determine whether to allow the computing device to access the first network. Various other methods, systems, and computer-readable media are also disclosed.

8 Citations

20 Claims

1. A computer-implemented method comprising:
- assigning, at a server-side network-access-control computing system, a transport-agnostic identifier to a client-side computing device, the transport-agnostic identifier being configured to uniquely identify the client-side computing device regardless of the media-transport technologies used by the client-side computing device to access a first network;
  
  associating the transport-agnostic identifier with access-control information stored at the server-side network-access-control computing system that is indicative of whether the client-side computing device is compliant with an access-control policy;
  
  identifying, at the server-side network-access-control computing system, a first attempt by the client-side computing device to access the first network, the first attempt being made via a first media-transport technology that identifies the client-side computing device with a first transport-specific identifier;
  
  receiving, at the server-side network-access-control computing system, the transport-agnostic identifier from the client-side computing device;
  
  using, at the server-side network-access-control computing system, the transport-agnostic identifier, instead of the first transport-specific identifier, to determine whether to allow the client-side computing device to access the first network, wherein;
  
  determining whether to allow the client-side computing device to access the first network comprises;
  
  using the transport-agnostic identifier to retrieve the access-control information stored at the server-side network-access-control computing system;
  
  determining, based on the access-control information, whether the client-side computing device is compliant with the access-control policy;
  
  identifying, at the server-side network-access-control computing system, a second attempt by the client-side computing device to access the first network, the second attempt being made via a second media-transport technology that identifies the client-side computing device with a second transport-specific identifier that is different than the first transport-specific identifier;
  
  re-receiving, at the server-side network-access-control computing system, the transport-agnostic identifier from the client-side computing device;
  
  using, at the server-side network-access-control computing system, the transport-agnostic identifier, instead of the second transport-specific identifier, to determine whether to allow the client-side computing device to access the first network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1,wherein the transport-agnostic identifier is configured to identify the computing device when the first transport-specific identifier and the second transport-specific identifier are different.
  - 3. The computer-implemented method of claim 1, wherein the first media-transport technology and the second media-transport technology are different.
  - 4. The computer-implemented method of claim 1, further comprising:
    - receiving the access-control information associated with the transport-agnostic identifier from the first network;
      
      distributing the access-control information to a second network, wherein the receiving the access-control information and the distributing are performed by the server-side network-access-control computing system.
  - 5. The computer-implemented method of claim 1, further comprising sending the transport-agnostic identifier to the client-side computing device, wherein the transport-agnostic identifier is assigned and sent to the client-side computing device during an initiation process that is performed prior to allowing the client-side computing device to access the first network, wherein the sending is performed by the server-side network-access-control computing system.
  - 6. The computer-implemented method of claim 1, wherein the transport-agnostic identifier comprises a globally unique identifier.
  - 7. The computer-implemented method of claim 1, wherein the first transport-specific identifier is not available to the server-side network-access-control computing system when the client-side computing device attempts to access the first network via the second media-transport technology.
  - 8. The computer-implemented method of claim 1, further comprising:
    - monitoring, while the client-side computing device is accessing the first network, whether the client-side computing device is compliant with the access-control policy;
      
      determining, while monitoring whether the client-side computing device is compliant with the access-control policy, that the client-side computing device is no longer compliant with the access-control policy;
      
      updating, in response to determining that the client-side computing device is no longer compliant with the access-control policy, the access-control information associated with the transport-agnostic identifier to indicate that the client-side computing device is no longer compliant with the access-control policy;
      
      receiving the updated access-control information associated with the transport-agnostic identifier from the first network;
      
      distributing the updated access-control information to a second network, wherein the receiving the updated access-control information and the distributing are performed by the server-side network-access-control computing system.

9. A system comprising:
- a control module programmed to;
  
  assign, at a server-side network-access-control computing system, a transport-agnostic identifier to a client-side computing device, the transport-agnostic identifier being configured to uniquely identify the client-side computing device regardless of the media-transport technologies used by the client-side computing device to access a first network;
  
  associate the transport-agnostic identifier with access-control information stored at the server-side network-access-control computing system that is indicative of whether the client-side computing device is compliant with an access-control policy;
  
  identify, at the server-side network-access-control computing system, a first attempt by the client-side computing device to access the first network, the first attempt being made via a first media-transport technology that identifies the client-side computing device with a first transport-specific identifier;
  
  receive, at the server-side network-access-control computing system, the transport-agnostic identifier from the client-side computing device;
  
  use, at the server-side network-access-control computing system, the transport-agnostic identifier, rather than the first transport-specific identifier, to determine whether to allow the client-side computing device to access the first network, wherein determining whether to allow the client-side computing device to access the first network comprises;
  
  using the transport-agnostic identifier to retrieve the access-control information stored at the server-side network-access-control computing system;
  
  determining, based on the access-control information, whether the client-side computing device is compliant with the access-control policy;
  
  identify, at the server-side network-access-control computing system, a second attempt by the client-side computing device to access the first network, the second attempt being made via a second media-transport technology that identifies the client-side computing device with a second transport-specific identifier that is different than the first transport-specific identifier;
  
  re-receive, at the server-side network-access-control computing system, the transport-agnostic identifier from the client-side computing device;
  
  use, at the server-side network-access-control computing system, the transport-agnostic identifier, rather than the second transport-specific identifier, to determine whether to allow the client-side computing device to access the first network;
  
  one or more hardware processors configured to execute the control module;
  
  one or more databases configured to store the access-control information and the transport-agnostic identifier.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The system of claim 9, whereinthe transport-agnostic identifier is configured to identify the computing device when the first transport-specific identifier and the second transport-specific identifier are different.
  - 11. The system of claim 9, wherein the first media-transport technology and the second media-transport technology are different.
  - 12. The system of claim 9, wherein the control module is further programmed to:
    - receive the access-control information associated with the transport-agnostic identifier from the first network;
      
      distribute the access-control information to a second network.
  - 13. The system of claim 9, wherein:
    - the control module is further programmed to send the transport-agnostic identifier to the client-side computing device;
      
      the transport-agnostic identifier is assigned and sent to the client-side computing device during an initiation process that is performed prior to allowing the client-side computing device to access the first network.
  - 14. The system of claim 9, wherein the transport-agnostic identifier comprises a globally unique identifier.
  - 15. The system of claim 9, wherein the first transport-specific identifier is not available when the client-side computing device attempts to access the first network via the second media-transport technology.
  - 16. The system of claim 9, wherein the control module is further programmed to:
    - monitor, while the client-side computing device is accessing the first network, whether the client-side computing device is compliant with the access-control policy;
      
      determine, while monitoring whether the client-side computing device is compliant with the access-control policy, that the client-side computing device is no longer compliant with the access-control policy;
      
      update, in response to determining that the client-side computing device is no longer compliant with the access-control policy, the access-control information associated with the transport-agnostic identifier to indicate that the client-side computing device is no longer compliant with the access-control policy;
      
      receive the updated access-control information associated with the transport-agnostic identifier from the first network;
      
      distribute the updated access-control information to a second network.
  - 17. The system of claim 9, further comprising a submission module located on the client-side computing device and programmed to submit the transport-agnostic identifier to the control module during the first attempt to access the first network and the second attempt to access the first network.

18. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by a client-side computing device, cause the client-side computing device to:
- assign, at a server-side network-access-control computing system, a transport-agnostic identifier to a remote client-side computing device, the transport-agnostic identifier being configured to uniquely identify the remote client-side computing device regardless of the media-transport technologies used by the remote client-side computing device to access a first network;
  
  associate the transport-agnostic identifier with access-control information stored at the server-side network-access-control computing system that is indicative of whether the remote client-side computing device is compliant with an access-control policy;
  
  identify, at the server-side network-access-control computing system, a first attempt by the remote client-side computing device to access the first network, the first attempt being made via a first media-transport technology that identifies the remote client-side computing device with a first transport-specific identifier;
  
  receive, at the server-side network-access-control computing system, the transport-agnostic identifier from the remote client-side computing device;
  
  use, at the server-side network-access-control computing system, the transport-agnostic identifier, instead of the first transport-specific identifier, to determine whether to allow the remote client-side computing device to access the first network, wherein determining whether to allow the remote client-side computing device to access the first network comprises;
  
  using the transport-agnostic identifier to retrieve the access-control information stored at the server-side network-access-control computing system;
  
  determining, based on the access-control information, whether the remote client-side computing device is compliant with the access-control policy;
  
  identify, at the server-side network-access-control computing system, a second attempt by the remote client-side computing device to access the first network, the second attempt being made via a second media-transport technology that identifies the remote client-side computing device with a second transport-specific identifier that is different than the first transport-specific identifier;
  
  re-receive, at the server-side network-access-control computing system, the transport-agnostic identifier from the remote client-side computing device;
  
  use, at the server-side network-access-control computing system, the transport-agnostic identifier, instead of the second transport-specific identifier, to determine whether to allow the remote client-side computing device to access the first network.
- View Dependent Claims (19, 20)
- - 19. The non-transitory computer-readable-storage medium of claim 18, whereinthe transport-agnostic identifier is configured to identify the remote computing device when the first transport-specific identifier and the second transport-specific identifier are different.
  - 20. The non-transitory computer-readable-storage medium of claim 18, wherein the first media-transport technology and the second media-transport technology are different.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Hernacki, Brian, Jonkman, Roelof
Primary Examiner(s)
NGUYEN, MINH CHAU

Application Number

US12/409,134
Time in Patent Office

2,059 Days
Field of Search

709225-230
US Class Current

709/225
CPC Class Codes

H04L 63/0876 based on the identity of th...

H04L 63/10 for controlling access to d...

Transport agnostic network access control

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

8 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Transport agnostic network access control

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links