End point control
First Claim
1. A method of determining a computing environment of a client computer, comprising:
- establishing a secure communication method with the client computer in response to receipt of a network connection request from the client computer;
installing an interrogator agent onto a client computer using the secure communication method; and
receiving interrogation results produced by the interrogator agent that describe one or more elements of the computing environment of the client computer.
18 Assignments
0 Petitions
Accused Products
Abstract
Systems and techniques are provided for controlling requests for resources from remote computers. A remote computer'"'"'s ability to access a resource is determined based upon the computer'"'"'s operating environment. The computer or computers responsible for controlling access to a resource will interrogate the remote computer to ascertain its operating environment. The computer or computers responsible for controlling access to a resource may, for example, download one or more interrogator agents onto the remote computer to determine its operating environment. Based upon the interrogation results, the computer or computers responsible for controlling access to a resource will control the remote computer'"'"'s access to the requested resource.
123 Citations
45 Claims
-
1. A method of determining a computing environment of a client computer, comprising:
-
establishing a secure communication method with the client computer in response to receipt of a network connection request from the client computer;
installing an interrogator agent onto a client computer using the secure communication method; and
receiving interrogation results produced by the interrogator agent that describe one or more elements of the computing environment of the client computer. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of controlling a computer'"'"'s access to a resource, comprising:
-
receiving a request for a client computer for a set of resources from a network;
analyzing the computing environment of said client computer;
determining if the computing environment of said client computer complies with a zone of trust associated with the requested set of resources, and satisfies an access control rule; and
assigning access rights to the client computer if the client computer complies with the zone of trust associated with the requested set of resources, and satisfies the access control rule. - View Dependent Claims (9)
-
-
10. A method of obtaining access to resources on a network server, comprising:
-
requesting a resource on a network from an access server;
executing an interrogator agent that analyzes a client computing environment;
transmitting results obtained from the execution of the interrogator agent to a control module; and
in response to transmitting the obtained results, obtaining access to the resource. - View Dependent Claims (11, 12)
-
-
13. A method of controlling a client computer'"'"'s access to a resource on a network, comprising:
-
receiving a request for a resource from a client computer;
in response to receiving the request, installing a first interrogator agent onto the client computer;
receiving first interrogation results produced by the first interrogator agent;
identifying one or more security process objects corresponding to the first interrogation results;
installing the identified security process objects onto the client computer;
authenticating an identity of a user of the client computer using results obtained from execution of the identified security process objects on the client computer;
installing a second interrogator agent onto the client computer;
receiving second interrogation results produced by the second interrogator agent; and
based upon the first interrogation results and the second interrogation results, assigning the client computer a zone of trust. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A method of provisioning resources to a client computer, comprising:
-
receiving a request for a resource from a client computer;
creating at least one rule identifying a set of elements of a secure computing environment for a client computer;
interrogating the client computer to determine if the client computer contains the set of elements required by the rule; and
provisioning the identified process objects to the client computer to match the required set of elements of a secure computing environment. - View Dependent Claims (20, 21)
-
-
22. A method of provisioning resources to a client computer, comprising:
creating at least one rule identifying a client computer computing environment, a resource, and an action to be taken when the rule is applied in response to a request from the client computer for a resource. - View Dependent Claims (23, 24, 25, 26)
-
27. A method of provisioning a client computer, comprising:
-
receiving a communication from a client computer;
installing at least one interrogator agent onto the client computer in response to said communication;
receiving interrogation results produced by the at least one interrogator agent;
based upon the interrogation results, identifying one or more process objects in the computing environment of the client computer; and
installing the one or more process objects onto the client computer. - View Dependent Claims (28, 29, 30)
-
-
31. A method of receiving process objects from a network server to a client computer, comprising:
-
transmitting a communication to a network server;
receiving an interrogator agent;
executing the interrogator agent to analyze a client computing environment;
transmitting results obtained from the execution of the interrogator agent to the network server; and
in response to transmitting the obtained results, receiving at least one process object; and
installing the at least one process object on the client computer for execution. - View Dependent Claims (32)
-
-
33. A method of a network server performing an action based upon an operating environment of a client computer, comprising:
-
installing an interrogator agent onto the client computer; and
receiving interrogation results produced by the interrogator agent;
assigning a zone of trust to the client computer based upon the interrogation results sent by the interrogator; and
performing an action associated with the zone of trust. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
-
-
41. A network device, comprising:
-
an access module that establishes communication with a client computer;
a provisioning module that installs at least one interrogator agent onto a client computer communicating with the access module;
an end point control module that analyzes interrogation results provided by the at least one interrogator agent, and assigns a zone of trust to the client computer based upon the interrogation results provided by the at least one interrogator agent. - View Dependent Claims (42, 43, 44, 45)
-
Specification