Provisioning layer two network access for mobile devices
First Claim
1. A method comprising:
- establishing, with a network device positioned in a public network, a session with a mobile device via a first interface of the mobile device;
requesting, with the network device, security state data identifying a security state of the mobile device via the established session;
receiving, with the network device, a mobile device identifier and the security state data from the mobile device via the session, wherein the mobile device identifier identifies a second interface of the mobile device that is used for communicating with a private network;
publishing the security state information to a database such that the security state information is associated with the mobile device identifier;
prior to establishing a layer three session with the private network, receiving, with an authentication device, an authentication request from a wireless access point in an attempt by the wireless access point to authenticate the mobile device to locally access a layer two of the private network wirelessly;
based on the authentication request, determining the mobile device identifier that identifies the mobile device with the authentication device;
retrieving the security state data associated with the determined mobile device identifier from the database;
determining, with the authentication device, a level of access to the layer two of the private network permitted to the mobile device based on the retrieved security state data; and
prior to establishing the layer three session with the private network, transmitting the level of access to the wireless access point so that the wireless access point enforces, with respect to communications sent to and received from the mobile device, the level of access determined by the authentication device.
12 Assignments
0 Petitions
Accused Products
Abstract
In general, techniques are described for provisioning layer two access in computer networks. A network device located in a public network comprising an interface and a control unit may implement the techniques. The interface establishes a session with a mobile device. The control unit requests security state data identifying a security state of the mobile device via the established session. The interface receives a mobile device identifier and the security state data from the mobile device via the session. The mobile device identifier identifies the mobile device. The control unit publishes the security state information to a database such that the security state information is associated with the mobile device identifier.
83 Citations
55 Claims
-
1. A method comprising:
-
establishing, with a network device positioned in a public network, a session with a mobile device via a first interface of the mobile device; requesting, with the network device, security state data identifying a security state of the mobile device via the established session; receiving, with the network device, a mobile device identifier and the security state data from the mobile device via the session, wherein the mobile device identifier identifies a second interface of the mobile device that is used for communicating with a private network; publishing the security state information to a database such that the security state information is associated with the mobile device identifier; prior to establishing a layer three session with the private network, receiving, with an authentication device, an authentication request from a wireless access point in an attempt by the wireless access point to authenticate the mobile device to locally access a layer two of the private network wirelessly; based on the authentication request, determining the mobile device identifier that identifies the mobile device with the authentication device; retrieving the security state data associated with the determined mobile device identifier from the database; determining, with the authentication device, a level of access to the layer two of the private network permitted to the mobile device based on the retrieved security state data; and prior to establishing the layer three session with the private network, transmitting the level of access to the wireless access point so that the wireless access point enforces, with respect to communications sent to and received from the mobile device, the level of access determined by the authentication device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A network device located in a public network, the network device comprising:
-
at least one interface that establishes a session with a mobile device via a first interface of the mobile device; and a control unit that requests security state data identifying a security state of the mobile device via the established session, wherein the at least one interface receives a mobile device identifier and the security state data from the mobile device via the session, wherein the mobile device identifier identifies a second interface of the mobile device that is used for communicating with a private network, and wherein the control unit publishes the security state information to a database such that the security state information is associated with the mobile device identifier and such that the security state information is accessible by an authentication device located in the private network so that the authentication device is able to, based on the security state information, authenticate the mobile device to access a layer two of the private network prior to the mobile device establishing a layer three session with the private network. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A network system comprising:
-
a mobile device; a database; a public network that includes a network device, and a private network that includes an authentication device and a wireless access point, wherein the network device comprises; at least one interface that establishes a session with a first interface of the mobile device; and a control unit that requests security state data identifying a security state of the mobile device via the established session, wherein the at least one interface of the network device receives a mobile device identifier and the security state data from the mobile device via the session, wherein the mobile device identifier identifies a second interface of the mobile device used for communicating with the private network, wherein the control unit of the network device publishes the security state information to a database such that the security state information is associated with the mobile device identifier, wherein the authentication device comprises; at least one interface that receives an authentication request from the wireless access point in an attempt by the wireless access point to, prior to the mobile device establishing a layer three session with the wireless access point, authenticate the mobile device to locally access a layer two of the private network wirelessly; and a control unit that, based on the authentication request, determines the mobile device identifier that identifies the mobile device with the authentication device, retrieves the security state data associated with the determined mobile device identifier from the database, determines a level of access to the layer two of the private network permitted to the mobile device based on the retrieved security state data, and wherein the at least one interface of the authentication device transmits the level of access to the wireless access point so that the wireless access point enforces, with respect to communications sent to and received from the mobile device, the level of access determined by the authentication device. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
-
46. A non-transitory computer-readable medium comprising instructions that, when executed, cause one or more processors to:
-
establish, with a network device positioned in a public network, a session with a mobile device via a first interface of the mobile device; request, with the network device, security state data identifying a security state of the mobile device via the established session; receive, with the network device, a mobile device identifier and the security state data from the mobile device via the session, wherein the mobile device identifier identifies a second interface of the mobile device that is used to communicate with a private network; and publish the security state information to a database such that the security state information is associated with the mobile device identifier and such that the security state information is accessible by an authentication device located in the private network so that the authentication device is able to, based on the security state information, authenticate the mobile device to access the private network prior to the mobile device establish a layer three session with the private network. - View Dependent Claims (47, 48, 49, 50, 51, 52, 53, 54, 55)
-
Specification