Network access control for cloud services

US 9,087,189 B1
Filed: 12/30/2011
Issued: 07/21/2015
Est. Priority Date: 05/03/2011
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, from a user device, a request to access a cloud service;

comparing, by a processor, a security status of the user device to a network access control policy for the cloud service, wherein the network access control policy defines a level of security specifying a set of security features for the user device based on a category of the user device, a category of information requested, and a category of the cloud service and specifies at least one condition, the condition comprising a presence of an updated version of a security agent on the user device;

determining that the user device does not include the updated version of the security agent as specified by the condition of the network access control policy;

determining an update to the security status of the user device that will cause the security status of the user device to satisfy the condition for future requests to access the cloud service;

redirecting the request to a security provider, the security provider to provide an updated version of the security agent to the user device in order to satisfy the condition of the network access control policy; and

upon determining that the security status of the user device satisfies the condition of the network access control policy granting the user device access to the cloud service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cloud service access and information gateway receives, from a user device, a request to access a cloud service. The cloud service access and information gateway compares a security status of the user device to a network access control policy for the cloud service. If the security status satisfies a condition of the network access control policy, the cloud service access and information gateway grants the user device access to the cloud service. If the security status does not satisfy the condition of the network access control policy, the cloud service access and information gateway requests an update to the security status of the user device to satisfy the condition.

91 Citations

View as Search Results

20 Claims

1. A method, comprising:
- receiving, from a user device, a request to access a cloud service;
  
  comparing, by a processor, a security status of the user device to a network access control policy for the cloud service, wherein the network access control policy defines a level of security specifying a set of security features for the user device based on a category of the user device, a category of information requested, and a category of the cloud service and specifies at least one condition, the condition comprising a presence of an updated version of a security agent on the user device;
  
  determining that the user device does not include the updated version of the security agent as specified by the condition of the network access control policy;
  
  determining an update to the security status of the user device that will cause the security status of the user device to satisfy the condition for future requests to access the cloud service;
  
  redirecting the request to a security provider, the security provider to provide an updated version of the security agent to the user device in order to satisfy the condition of the network access control policy; and
  
  upon determining that the security status of the user device satisfies the condition of the network access control policy granting the user device access to the cloud service.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the cloud service comprises at least one of a public cloud service or a private cloud service.
  - 3. The method of claim 1, wherein the network access control policy comprises one of a plurality of network access control policies.
  - 4. The method of claim 3, wherein the condition comprises at least one of a presence of security software, a security signature or an encryption capability.
  - 5. The method of claim 1, wherein a cloud service access and information gateway compares the security status of the user device to the network access control policy.
  - 6. The method of claim 5, wherein the cloud service access and information gateway is independent of the user device and the cloud service.
  - 7. The method of claim 1, wherein determining the update to the security status of the device comprises identifying at least one of security software, a security agent, a security signature or an encryption capability in real time before responding to the request.

8. A system, comprising:
- a memory; and
  
  a processor coupled with the memory to;
  
  receive, from a user device, a request to access a cloud service;
  
  compare a security status of the user device to a network access control policy for the cloud service, wherein the network access control policy defines a level of security specifying a set of security features for the user device based on a category of the user device, a category of information requested, and a category of the cloud service and specifies at least one condition, the condition comprising a presence of an updated version of a security agent on the user device;
  
  determine that the user device does not include the updated version of the security agent as specified by the condition of the network access control policy;
  
  determine an update to the security status of the user device that will cause the security status of the user device to satisfy the condition for future requests to access the cloud service;
  
  redirect the request to a security provider, the security provider to provide an updated version of the security agent to the user device in order to satisfy the condition of the network access control policy; and
  
  upon determining that the security status of the user device satisfies the condition of the network access control policy, grant the user device access to the cloud service.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the cloud service comprises at least one of a public cloud service or a private cloud service.
  - 10. The system of claim 8, wherein the network access control policy comprises one of a plurality of network access control policies.
  - 11. The system of claim 10, wherein the condition comprises at least one of a presence of security software, a security signature or an encryption capability.
  - 12. The system of claim 8, wherein a cloud service access and information gateway compares the security status of the user device to the network access control policy.
  - 13. The system of claim 12, wherein the cloud service access and information gateway is independent of the user device and the cloud service.
  - 14. The system of claim 8, wherein to determine the update to the security status of the device, the processor to identify at least one of security software, a security agent, a security signature or an encryption capability in real time before responding to the request.

15. A non-transitory computer readable storage medium including instructions that, when executed by a processor, cause the processor to perform operations comprising:
- receiving, from a user device, a request to access a cloud service;
  
  comparing, by a processor, a security status of the user device to a network access control policy for the cloud service, wherein the network access control policy defines a level of security specifying a set of security features for the user device based on a category of the user device, a category of information requested, and a category of the cloud service and specifies at least one condition, the condition comprising a presence of an updated version of a security agent on the user device;
  
  determining that the user device does not include the updated version of the security agent as specified by the condition of the network access control policy;
  
  determining an update to the security status of the user device that will cause the security status of the user device to satisfy the condition for future requests to access the cloud service;
  
  redirecting the request to a security provider, the security provider to provide an updated version of the security agent to the user device in order to satisfy the condition of the network access control policy; and
  
  upon determining that the security status of the user device satisfies the condition of the network access control policy, granting the user device access to the cloud service.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable storage medium of claim 15, wherein the cloud service comprises at least one of a public cloud service or a private cloud service.
  - 17. The non-transitory computer readable storage medium of claim 15, wherein the condition comprises at least one of a presence of security software, a security signature or an encryption capability.
  - 18. The non-transitory computer readable storage medium of claim 15, wherein a cloud service access and information gateway compares the security status of the user device to the network access control policy.
  - 19. The non-transitory computer readable storage medium of claim 18, wherein the cloud service access and information gateway is independent of the user device and the cloud service.
  - 20. The non-transitory computer readable storage medium of claim 15, wherein determining the update to the security status of the device comprises identifying at least one of security software, a security agent, a security signature or an encryption capability in real time before responding to the request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Koeten, Robert, Popp, Nicolas
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Zoubair, Noura

Application Number

US13/341,197
Time in Patent Office

1,299 Days
Field of Search

726/1, 726/3, 726/4, 726/11, 726/13, 726/22, 719/318, 703/21, 703/22
US Class Current

1/1
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06F 21/45   Structures or tools for the...

G06F 21/51   at application loading time...

G06F 21/54   by adding security routines...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2141   Access rights, e.g. capabil...

H04L 41/022   Multivendor or multi-standa...

H04L 41/0226   Mapping or translating mult...

H04L 41/0253   using browsers or web-pages...

H04L 41/22   comprising specially adapte...

H04L 41/28   Restricting access to netwo...

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

H04L 67/30   Profiles

Network access control for cloud services

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

91 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Network access control for cloud services

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links