System, apparatuses, methods and computer-readable media for determining the security status of a computer before establishing connection thereto
First Claim
1. A method comprising the steps of:
- (a) retrieving security state data at a first computer;
(b) incorporating the security state data into a request message to request a connection with a second computer via a network;
(c) transmitting the request message including the security state data to the second computer via the network;
(d) receiving the request message including the security state data from the first computer at the second computer;
(e) determining at the second computer whether the security state data in the request message is to be processed based on security activation data stored in the second computer; and
if the determining in step (e) establishes that the security activation data indicates that the security state data is to be processed,(f) determining at the second computer whether the network connection to the first computer poses an impermissible security risk based on security policy data stored in the second computer and the security state data received from the first computer;
(g) proceeding with establishing the network connection if the determining of step (f) establishes that connection to the second computer is permitted; and
(h) terminating further processing to establish the network connection with the second computer if the determining of step (f) establishes that the connection to the second computer is not permitted.
3 Assignments
0 Petitions
Accused Products
Abstract
A system of the invention comprises first and second computers. The first computer retrieves and incorporates its security state data in a message requesting a network connection with the second computer. The second computer receives the message and determines whether its security policy data permits connection with the first computer given the security state of the first computer as indicated by its security state data. The security state data can comprise data indicating whether an anti-virus application, firewall application, or operating system are running on the first computer, and are up-to-date. If so, the second computer permits the network connection to proceed. If not, then the second computer either drops the connection request or terminates the connection request by transmitting a disconnection message to the first computer. The invention also comprises related apparatuses, methods, and computer-readable media.
73 Citations
26 Claims
-
1. A method comprising the steps of:
-
(a) retrieving security state data at a first computer; (b) incorporating the security state data into a request message to request a connection with a second computer via a network; (c) transmitting the request message including the security state data to the second computer via the network; (d) receiving the request message including the security state data from the first computer at the second computer; (e) determining at the second computer whether the security state data in the request message is to be processed based on security activation data stored in the second computer; and if the determining in step (e) establishes that the security activation data indicates that the security state data is to be processed, (f) determining at the second computer whether the network connection to the first computer poses an impermissible security risk based on security policy data stored in the second computer and the security state data received from the first computer; (g) proceeding with establishing the network connection if the determining of step (f) establishes that connection to the second computer is permitted; and (h) terminating further processing to establish the network connection with the second computer if the determining of step (f) establishes that the connection to the second computer is not permitted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-readable medium storing computer code that when executed by a first computer attempting to open a network connection with a second computer via a network, the first computer performs the following steps:
-
(a) retrieving security state data at a first computer; (b) incorporating the security state data into a request message to request a connection with a second computer via a network; (c) transmitting the request message including the security state data to the second computer via the network; (d) receiving the request message including the security state data from the first computer at the second computer; (e) determining at the second computer whether the security state data in the request message is to be processed based on security activation data stored in the second computer; and if the determining in step (e) establishes that the security activation data indicates that the security state data is to be processed; (f) determining at the second computer whether the network connection to the first computer poses an impermissible security risk based on security policy data stored in the second computer and the security state data received from the first computer; (g) proceeding with establishing the network connection if the determining of step (f) establishes that connection to the second computer is permitted; and (h) terminating further processing to establish the network connection if the determining of step (f) establishes that the connection to the second computer is not permitted. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification