DYNAMIC NETWORK ACCESS CONTROL METHOD AND APPARATUS

US 20120117622A1
Filed: 01/17/2012
Published: 05/10/2012
Est. Priority Date: 02/05/2007
Status: Active Grant

First Claim

Patent Images

1-6. -6. (canceled)

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of network access control identifies, in response to a request by an end node to access a network, attributes of the end node and of a device receiving the request. Based on the attributes, a network access control implementation is selected from a plurality of network access control implementations to apply to the request.

101 Citations

View as Search Results

26 Claims

1-6. -6. (canceled)

7. An apparatus for network access control, said device comprising:
- a memory storing machine readable instructions to;
  
  identify attributes of an end node that requests access to a network and of a device receiving the request; and
  
  select, based on the attributes of both the end node and the device receiving the request, a network access control implementation from a plurality of network access control implementations to apply to the end node, wherein the plurality of network access control implementations include different combinations of authentication and posture checking implementations, wherein the posture checking implementations comprise a plurality of implementations to determine if the end node has stored thereon software that is potentially harmful to other devices on the network, and wherein the attributes of the end node and the device receiving the request comprise at least one of user identity, manufacturer, model, firmware, time of access request, and locations of the end node and the device receiving the request; and
  
  a processor to implement the machine readable instructions.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 8. The apparatus according to claim 7, wherein the memory further comprises machine readable instructions to grant a network access level to the end node based on a result of application of the selected network access control implementation.
  - 9. The apparatus according to claim 8, wherein the network access level granted to the end node is no network access.
  - 10. The apparatus according to claim 8, wherein the network access level granted to the end node is limited network access.
  - 11. The apparatus according to claim 8, wherein the access level granted to the end node is full network access.
  - 12. The apparatus according to claim 7, wherein the memory further comprises machine readable instructions to select devices in the network to perform the selected network access control implementation.
  - 13. The apparatus according to claim 7, wherein the memory further comprises machine readable instructions to scan the devices in the network to determine a list of network devices and end node devices connected to the network, and to identify attributes of the network devices and end node devices connected to the network.
  - 14. The apparatus according to claim 7, wherein the posture checking implementations comprise a plurality of different software to be executed on the end node to determine if the end node has stored thereon software that is potentially harmful to other devices on the network.
  - 15. The apparatus according to claim 14, wherein the memory further comprises machine readable instructions to determine whether the end node comprises a posture checking software.
  - 16. The apparatus according to claim 15, wherein the memory further comprises machine readable instructions to request that the end node provide a status of a posture check performed by the posture checking software in response to a determination that the end node comprises the posture checking software.
  - 17. The apparatus according to claim 15, wherein the memory further comprises machine readable instructions to supply a posture checking software to the end node in response to a determination that the end node does not comprise a posture checking software and to request that the end node provide a status of a posture check performed by the posture checking software.

18. An apparatus for network access control, said device comprising:
- a memory storing machine readable instructions to;
  
  identify attributes of devices in a network, wherein the devices comprise an end node device and a device to receive a request from the end node; and
  
  select, based on the attributes of the devices, a network access control implementation from a plurality of network access control implementations to apply to a request by the end node device to access the network, wherein the plurality of network access control implementations include different combinations of authentication and posture checking implementations, wherein the posture checking implementations comprise a plurality of implementations to determine if the end node device has been compromised with stored thereon software that is potentially harmful to other devices on the network, and wherein the attributes of the network devices comprise at least one of user identity, manufacturer, model, firmware, time of access request, and locations of the network devices; and
  
  a processor to implement the machine readable instructions.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The apparatus according to claim 18, wherein the memory further comprises machine readable instructions to scan the devices in the network to determine a list of network devices and end node devices connected to the network and to identify attributes of the network devices and end node devices connected to the network.
  - 20. The apparatus according to claim 18, wherein the memory further comprises machine readable instructions to implement the selected network access control implementation through use of a handler process.
  - 21. The apparatus according to claim 18, wherein the posture checking implementations comprise a plurality of different software to be executed on the end node device to determine if the end node device has stored thereon software that is potentially harmful to other devices on the network.
  - 22. The apparatus according to claim 21, wherein the memory further comprises machine readable instructions to determine whether the end node comprises a posture checking software.
  - 23. The apparatus according to claim 22, wherein the memory further comprises machine readable instructions to request that the end node provide a status of a posture check performed by the posture checking software in response to a determination that the end node comprises the posture checking software.
  - 24. The apparatus according to claim 22, wherein the memory further comprises machine readable instructions to supply a posture checking software to the end node in response to a determination that the end node does not comprise a posture checking software and to request that the end node provide a status of a posture check performed by the posture checking software.

25. A non-transitory computer readable storage medium on which is embedded a set of machine readable instructions that when executed by a processor, implement a method for controlling network access, said machine readable instructions comprising code to:
- identify, in response to a request by an end node to access a network, attributes of the end node and of a device receiving the request;
  
  select, based on the attributes of both the end node and the device receiving the request, a network access control implementation from a plurality of network access control implementations to apply to the end node, wherein the plurality of network access control implementations include different combinations of authentication and posture checking implementations, wherein the posture checking implementations comprise a plurality of implementations to determine if the end node has stored thereon software that is potentially harmful to other devices on the network, and wherein the attributes of the end node and the device receiving the request comprise at least one of user identity, manufacturer, model, firmware, time of access request, and locations of the end node and the device receiving the request.
- View Dependent Claims (26)
- - 26. The non-transitory computer readable storage medium according to claim 25, wherein the machine readable instructions further comprise code to:
    - grant a network access level to the end node based on a result of applying the selected network access control implementation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
Ian S. Nelson, Kaj Gronholm, Michael H. Jamison, Roger Lynn Jr. Haney, Seth Goldhammer, William A. Lamkin
Inventors
Gronholm, Kaj, Jamison, Michael H., Lamkin, William A., Nelson, Ian S., Haney, Roger Lynn Jr., Goldhammer, Seth

Granted Patent

US 8,510,803 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

H04L 12/4641 Virtual LANs, VLANs, e.g. v...

H04L 63/105 Multiple levels of security

DYNAMIC NETWORK ACCESS CONTROL METHOD AND APPARATUS

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

101 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

DYNAMIC NETWORK ACCESS CONTROL METHOD AND APPARATUS

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

101 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others