Method, apparatus, signals and medium for enforcing compliance with a policy on a client computer
First Claim
Patent Images
1. A method for enforcing compliance with a policy on a client computer in communication with a network, the method comprising:
- receiving a data transmission from the client computer on the network, said data transmission including status information associated with a configuration and operational status of the client computer, the status information including hashed representations of client computer configuration and operational status data, the status information including a plurality of information comprising;
an indication of whether a client security program is running on the client computer;
version information associated with the client security program installed on the client computer;
configuration information associated with the client security information installed on the client computer; and
version information associated with an intrusion protection system (IPS) signature database stored on the client computer;
determining a temporary policy for the client computer is active, permitting said data transmission to continue;
when a temporary policy for the client computer does not exist, generating a new temporary policy for the client computer and permitting said data transmission to continue when said status information meets a criterion as determined through a matching of the hashed representations of the client computer configuration and operational status data with desired hash values, said new temporary policy including information identifying the client computer and wherein subsequent data transmissions from the client computer are permitted to continue without reading status information included in said subsequent data transmissions, while said new temporary policy exists; and
wherein;
the data transmission includes a request; and
permitting the data transmission to continue includes forwarding the data transmission for processing of the request.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for enforcing compliance with a policy on a client computer in communication with a network is disclosed. The method involves receiving a data transmission from the client computer on the network. The data transmission includes status information associated with the client computer. The data transmission is permitted to continue when the status information meets a criterion.
-
Citations
42 Claims
-
1. A method for enforcing compliance with a policy on a client computer in communication with a network, the method comprising:
-
receiving a data transmission from the client computer on the network, said data transmission including status information associated with a configuration and operational status of the client computer, the status information including hashed representations of client computer configuration and operational status data, the status information including a plurality of information comprising; an indication of whether a client security program is running on the client computer; version information associated with the client security program installed on the client computer; configuration information associated with the client security information installed on the client computer; and version information associated with an intrusion protection system (IPS) signature database stored on the client computer; determining a temporary policy for the client computer is active, permitting said data transmission to continue; when a temporary policy for the client computer does not exist, generating a new temporary policy for the client computer and permitting said data transmission to continue when said status information meets a criterion as determined through a matching of the hashed representations of the client computer configuration and operational status data with desired hash values, said new temporary policy including information identifying the client computer and wherein subsequent data transmissions from the client computer are permitted to continue without reading status information included in said subsequent data transmissions, while said new temporary policy exists; and wherein; the data transmission includes a request; and permitting the data transmission to continue includes forwarding the data transmission for processing of the request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A non-transitory computer readable medium encoded with codes for directing a processor circuit to:
-
receive a data transmission from the client computer on the network, said data transmission including status information associated with a configuration and operational status of said client computer, the status information including hashed representations of client computer configuration and operational status data, the status information including a plurality of information comprising; an indication of whether a client security program is running on the client computer; version information associated with the client security program installed on the client computer; configuration information associated with the client security information installed on the client computer; and version information associated with an intrusion protection system (IPS) signature database stored on the client computer; determine a temporary policy for the client computer is active, permitting said data transmission to continue; when a temporary policy for the client computer does not exist, generating a new temporary policy for the client computer and permit said data transmission to continue when said status information meets a criterion as determined through a matching of the hashed representations of the client computer configuration and operational status data with desired hash values, said new temporary policy including information identifying the client computer and wherein subsequent data transmissions from the client computer are permitted to continue without reading status information included in said subsequent data transmissions, while said new temporary policy exists; and wherein; the data transmission includes a request; and permitting the data transmission to continue includes forwarding the data transmission for processing of the request. - View Dependent Claims (22)
-
-
23. A gateway node apparatus for enforcing a policy on a client computer, the gateway node apparatus and the client computer being in communication with a first network, the gateway node apparatus comprising:
-
an interface operable to receive a data transmission from the client computer, said data transmission including status information associated with a configuration and operational status of the client computer, the status information including hashed representations of client computer configuration and operational status data, the status information including a plurality of information comprising; an indication of whether a client security program is running on the client computer; version information associated with the client security program installed on the client computer; configuration information associated with the client security information installed on the client computer; and version information associated with an intrusion protection system (IPS) signature database stored on the client computer; a processor circuit; at least one computer readable medium with codes stored thereon, the codes for directing said processor circuit to; determine a temporary policy for the client computer is active and permit said data transmission to continue; determine a temporary policy for the client computer does not exist and generate a new temporary policy for the client computer and permit said data transmission to continue when said status information meets a criterion as determined through a matching of the hashed representations of the client computer configuration and operational status data with desired hash values, said new temporary policy including information identifying the client computer and wherein subsequent data transmissions from the client computer are permitted to continue without reading status information included in said subsequent data transmissions, while said new temporary policy exists; and wherein; the data transmission includes a request; and permitting the data transmission to continue includes forwarding the data transmission for processing of the request. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
Specification