Method, apparatus, signals and medium for enforcing compliance with a policy on a client computer
First Claim
Patent Images
1. A method for client computer policy compliance enforcement, the method comprising:
- receiving a data transmission from a client computer on a network, said data transmission received by a gateway node and including status information associated with a configuration and operational status of the client computer, the status information including hashed representations of client computer configuration and operational status data of at least one program installed on the client computer;
preventing, by the gateway node, said data transmission from continuing when said data transmission does not include status information or fails to meet a criterion;
applying, by the gateway node, a temporary policy for the client computer that permits said data transmission to continue when said status information meets a criterion as determined through a matching of the hashed representations of the client computer configuration and operational status data with desired hash values stored in a memory of the gateway node, said temporary policy including information identifying the client computer and wherein subsequent data transmissions from the client computer are permitted to continue without reading status information associated with the configuration and operational status of the client computer included in said subsequent data transmissions, while said temporary policy exists; and
wherein;
the gateway node is a network device that enforces at least one policy with regard to client computers communicating over the network;
the data transmission includes a request;
permitting the data transmission to continue includes the gateway node forwarding the data transmission for processing of the request; and
the temporary policy expires when either a first period expires or the client computer has not initiated any subsequent data transmissions within a second period.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for enforcing compliance with a policy on a client computer in communication with a network is disclosed. The method involves receiving a data transmission from the client computer on the network. The data transmission includes status information associated with the client computer. The data transmission is permitted to continue when the status information meets a criterion.
81 Citations
20 Claims
-
1. A method for client computer policy compliance enforcement, the method comprising:
-
receiving a data transmission from a client computer on a network, said data transmission received by a gateway node and including status information associated with a configuration and operational status of the client computer, the status information including hashed representations of client computer configuration and operational status data of at least one program installed on the client computer; preventing, by the gateway node, said data transmission from continuing when said data transmission does not include status information or fails to meet a criterion; applying, by the gateway node, a temporary policy for the client computer that permits said data transmission to continue when said status information meets a criterion as determined through a matching of the hashed representations of the client computer configuration and operational status data with desired hash values stored in a memory of the gateway node, said temporary policy including information identifying the client computer and wherein subsequent data transmissions from the client computer are permitted to continue without reading status information associated with the configuration and operational status of the client computer included in said subsequent data transmissions, while said temporary policy exists; and wherein; the gateway node is a network device that enforces at least one policy with regard to client computers communicating over the network; the data transmission includes a request; permitting the data transmission to continue includes the gateway node forwarding the data transmission for processing of the request; and the temporary policy expires when either a first period expires or the client computer has not initiated any subsequent data transmissions within a second period. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A gateway node apparatus for enforcing a policy on a client computer, the gateway node apparatus and the client computer being in communication with a first network, the gateway node apparatus comprising:
-
an interface operable to receive a data transmission from the client computer, said data transmission including status information associated with a configuration and operational status of the client computer, the status information including hashed representations of client computer configuration and operational status data of at least one program installed on the client computer; a processor circuit; at least one computer readable medium with codes stored thereon, the codes for directing said processor circuit to apply a temporary policy for the client computer that permits said data transmission to continue when said status information meets a criterion as determined through a matching of the hashed representations of the client computer configuration and operational status data with desired hash values, said temporary policy including information identifying the client computer and wherein subsequent data transmissions from the client computer are permitted to continue without reading status information associated with the configuration and operational status of the client computer included in said subsequent data transmissions, while said temporary policy exists; and wherein; the data transmission includes a request for a data resource from a server computer; permitting the data transmission to continue includes forwarding the data transmission for processing of the request; and the temporary policy expires when either a first period expires or the client computer has not initiated any subsequent data transmissions within a second period. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification