Method, apparatus, signals and medium for enforcing compliance with a policy on a client computer
First Claim
Patent Images
1. A method for enforcing compliance with a policy on a client device that communicate over a network, the method comprising:
- receiving a data transmission from the client device on the network, the data transmission including a request and status information representative of at least one property of the client device, the at least one property including a property of at least one program installed on the client computer;
identifying a policy applicable to the data transmission based on an identity of the client device;
permitting the data transmission to continue when the status information meets policy criterion of the identified policy as determined through a matching of the status information with desired values defined in the identified policy; and
permitting subsequently received data transmissions from the client device to continue without reading status information included in the subsequent data transmissions;
wherein;
permitting the data transmission to continue includes forwarding the data transmission for processing of the request;
when the identifying of a policy applicable to the data transmission does not identify a policy applicable to the data transmission;
determining whether a least some of the status information included in the data transmission meets at least one criterion in a table of criterion stored on a network device implementing the method; and
when the at least some of the status information included in the data transmission meets the at least one criterion in the table of criterion, generating a temporary policy for the client device and storing a representation of the temporary policy on the network device implementing the method.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for enforcing compliance with a policy on a client computer in communication with a network is disclosed. The method involves receiving a data transmission from the client computer on the network. The data transmission includes status information associated with the client computer. The data transmission is permitted to continue when the status information meets a criterion.
66 Citations
16 Claims
-
1. A method for enforcing compliance with a policy on a client device that communicate over a network, the method comprising:
-
receiving a data transmission from the client device on the network, the data transmission including a request and status information representative of at least one property of the client device, the at least one property including a property of at least one program installed on the client computer; identifying a policy applicable to the data transmission based on an identity of the client device; permitting the data transmission to continue when the status information meets policy criterion of the identified policy as determined through a matching of the status information with desired values defined in the identified policy; and permitting subsequently received data transmissions from the client device to continue without reading status information included in the subsequent data transmissions; wherein; permitting the data transmission to continue includes forwarding the data transmission for processing of the request; when the identifying of a policy applicable to the data transmission does not identify a policy applicable to the data transmission; determining whether a least some of the status information included in the data transmission meets at least one criterion in a table of criterion stored on a network device implementing the method; and when the at least some of the status information included in the data transmission meets the at least one criterion in the table of criterion, generating a temporary policy for the client device and storing a representation of the temporary policy on the network device implementing the method. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory device-readable medium, with instructions stored thereon, which when executed by at least one processor of a network device cause the device to:
-
receive a data transmission by the network device from a client device on a network, the data transmission including a request and status information representative of at least one property of the client device, the at least one property including a property of at least one program installed on the client computer; identify a policy applicable to the data transmission based on an identity of the client device, the policy stored on the network device; permitting the data transmission to continue from the network device on the network when the status information meets policy criterion of the identified policy as determined through a matching of the status information with desired values defined in the identified policy; and permit subsequently received data transmissions from the client device to continue from the network device without reading status information included in the subsequent data transmissions; wherein; permitting the data transmission to continue includes forwarding the data transmission from the network device as specified in the data transmission for processing of the request; and when the identifying of a policy applicable to the data transmission does not identify a policy applicable to the data transmission; determine whether a least some of the status information included in the data transmission meets at least one criterion in a table of criterion stored on the network device; and when the at least some of the status information included in the data transmission meets the at least one criterion in the table of criterion, generate a temporary policy for the client device and storing a representation of the temporary policy on the network device. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A network switching apparatus including functionality for enforcing a policy on a client device when the network switching apparatus and the client device are in communication via a first network, the network switching apparatus comprising:
-
a network interface device to receive a data transmission from the client device, the data transmission including a request and status information representative of at least one property of the client device, the at least one property including a property of at least one program installed on the client computer; a processor circuit; at least one non-transitory device readable medium with instructions stored thereon, the instructions executable by the processor circuit to; identify a policy applicable to the data transmission based on an identity of the client device, the policy stored on the network switching apparatus; permit the data transmission to continue from the network switching apparatus on the network when the status information meets policy criterion of the identified policy as determined through a matching of the status information with desired values defined in the identified policy; and permit subsequently received data transmissions from the client device to continue from the network switching apparatus without reading status information included in the subsequent data transmissions; wherein; permitting the data transmission to continue includes forwarding the data transmission from the network switching apparatus as specified in the data transmission for processing of the request; and when the identifying of a policy applicable to the data transmission does not identify a policy applicable to the data transmission; determine whether at least some of the status information included in the data transmission meets at least one criterion in a table of criterion stored on the network switching apparatus; and when the at least some of the status information included in the data transmission meets the at least one criterion in the table of criterion, generate a temporary policy for the client device and storing a representation of the temporary policy on the network switching apparatus. - View Dependent Claims (16)
-
Specification