Enforcing compliance with a policy on a client

US 9,985,994 B2
Filed: 12/04/2015
Issued: 05/29/2018
Est. Priority Date: 04/21/2006
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method in a gateway node device for enforcement of client computer policy compliance on a communication network, the method comprising the steps of:

receiving, on the communication network, a data transmission from a client computer comprising status information, the status information associated with a configuration and operational status of the client computer and including hashed representations of the client computer configuration and operational status data of a license for at least one program installed on the client computer;

determining if a temporary policy for the client computer is active, the temporary policy generated for the data transmission;

responsive to a determination that the temporary policy for the client computer is active, permitting the data transmission to continue;

responsive to a determination that the temporary policy for the client computer is not active, determining whether the status information meets a criteria, the criteria determined through a matching of the hashed representations of the client computer configuration and operational status data of a license for at least one program installed on the client computer with desired hash values; and

responsive to a determination that the status information does not meet the criteria;

preventing the data transmission from continuing; and

sending, on the communication network, a message to the client computer indicating an invalid license for the at least one program installed on the client computer and providing information to network resources for remediation of the invalid license.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for enforcing compliance with a policy on a client computer in communication with a network is disclosed. The method involves receiving a data transmission from the client computer on the network. The data transmission includes status information associated with the client computer. The data transmission is permitted to continue when the status information meets a criterion.

Citations

17 Claims

1. A computer-implemented method in a gateway node device for enforcement of client computer policy compliance on a communication network, the method comprising the steps of:
- receiving, on the communication network, a data transmission from a client computer comprising status information, the status information associated with a configuration and operational status of the client computer and including hashed representations of the client computer configuration and operational status data of a license for at least one program installed on the client computer;
  
  determining if a temporary policy for the client computer is active, the temporary policy generated for the data transmission;
  
  responsive to a determination that the temporary policy for the client computer is active, permitting the data transmission to continue;
  
  responsive to a determination that the temporary policy for the client computer is not active, determining whether the status information meets a criteria, the criteria determined through a matching of the hashed representations of the client computer configuration and operational status data of a license for at least one program installed on the client computer with desired hash values; and
  
  responsive to a determination that the status information does not meet the criteria;
  
  preventing the data transmission from continuing; and
  
  sending, on the communication network, a message to the client computer indicating an invalid license for the at least one program installed on the client computer and providing information to network resources for remediation of the invalid license.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1, wherein a process on the client computer intercepts a data transmission, and adds the status information to the data transmission, prior to being sent to the gateway node device.
  - 3. The computer-implemented method of claim 2, wherein the status is added to header fields in at least one frame involved in the data transmission, prior to being sent to the gateway node device.
  - 4. The computer-implemented method of claim 1, wherein a first time stamp indicates when a temporary policy was initiated.
  - 5. The computer-implemented method of claim 1, wherein a second time stamp indicates when a last transmission was sent by the client computer.
  - 6. The computer-implemented method of claim 1, wherein the network resources compriseredirecting the client computer to a web page allowing remediation of the invalid license.
  - 7. The computer-implemented method of claim 1, further comprising the steps of:
    - determining if the invalid license has been remedied;
      
      in response to a determination that the invalid license has been remedied, allowing the data transmission to continue.
  - 8. The computer-implemented method of claim 7, wherein the determination of whether the invalid license has been remedied is determined through a matching of the hashed representations of the client computer configuration and operational status data of a license for at least one program installed on the client computer with the desired hash values.

9. A non-transitory computer-readable medium storing computer instructions that, when executed by a processor, perform a method in a gateway node device for enforcement of client computer policy compliance on a communication network, the method comprising the steps of:
- receiving, on the communication network, a data transmission from a client computer comprising status information, the status information associated with a configuration and operational status of the client computer and including hashed representations of the client computer configuration and operational status data of a license for at least one program installed on the client computer;
  
  determining if a temporary policy for the client computer is active;
  
  responsive to a determination that the temporary policy for the client computer is active, permitting the data transmission to continue;
  
  responsive to a determination that the temporary policy for the client computer is not active, determining whether the status information meets a criteria, the criteria determined through a matching of the hashed representations of the client computer configuration and operational status data of a license for at least one program installed on the client computer with desired hash values; and
  
  responsive to a determination that the status information does not meet the criteria;
  
  preventing the data transmission from continuing; and
  
  sending, on the communication network, a message to the client computer indicating an invalid license for the at least one program installed on the client computer and providing information to network resources for remediation of the invalid license.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer-readable medium of claim 9, wherein a process on the client computer intercepts a data transmission, and adds the status information to the data transmission, prior to being sent to the gateway node device.
  - 11. The computer-readable medium of claim 10, wherein the status is added to header fields in at least one frame involved in the data transmission, prior to being sent to the gateway node device.
  - 12. The computer-readable medium of claim 9, wherein a first time stamp indicates when a temporary policy was initiated.
  - 13. The computer-readable medium of claim 9, wherein a second time stamp indicates when a last transmission was sent by the client computer.
  - 14. The computer-readable medium of claim 9, wherein the network resources compriseredirecting the client computer to a web page allowing remediation of the invalid license.
  - 15. The computer-readable medium of claim 9, further comprising the steps of:
    - determining if the invalid license has been remedied;
      
      in response to a determination that the invalid license has been remedied, allowing the data transmission to continue.
  - 16. The computer-readable medium of claim 15, wherein the determination of whether the invalid license has been remedied is determined through a matching of the hashed representations of the client computer configuration and operational status data of a license for at least one program installed on the client computer with the desired hash values.

17. A gateway node device for enforcement of client computer policy compliance on a communication network, the gateway node device comprising:
- a processor; and
  
  a memory, the memory storing;
  
  a first module to receive, on the communication network, a data transmission from a client computer comprising status information, the status information associated with a configuration and operational status of the client computer and including hashed representations of the client computer configuration and operational status data of a license for at least one program installed on the client computer;
  
  a second module to, determine if a temporary policy for the client computer is active;
  
  a third module to, responsive to a determination that the temporary policy for the client computer is active, permit the data transmission to continue;
  
  a fourth module to, responsive to a determination that the temporary policy for the client computer is not active, determine whether the status information meets a criteria, the criteria determined through a matching of the hashed representations of the client computer configuration and operational status data of a license for at least one program installed on the client computer with desired hash values; and
  
  a fifth module to, responsive to a determination that the status information does not meet the criteria, prevent the data transmission to continue, and send, on the communication network, a message to the client computer indicating an invalid license for the at least one program installed on the client computer and providing information to network resources for remediation of the invalid license.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
May, Robert Alvin, Wang, Wei, Huang, Tao
Primary Examiner(s)
Pearson, David J

Application Number

US14/958,943
Publication Number

US 20160255116A1
Time in Patent Office

907 Days
Field of Search
US Class Current
CPC Class Codes

G06F 15/16   Combinations of two or more...

G06F 21/56   Computer malware detection ...

G06F 21/606   by securing the transmissio...

G06F 2212/502   using adaptive policy

H04L 12/66   Arrangements for connecting...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 63/0227   Filtering policies mail mes...

H04L 63/102   Entity profiles

H04L 63/108   when the policy decisions a...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

H04L 67/02   based on web technology, e....

H04L 9/40   Network security protocols

Enforcing compliance with a policy on a client

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Enforcing compliance with a policy on a client

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links