Techniques for authenticated posture reporting and associated enforcement of network access
First Claim
Patent Images
1. A method comprising:
- receiving posture information, at a remote device via a network interface, for an endpoint;
determining network access policies for the endpoint based on the posture information, the network access policies comprising at least one access control list that is cryptographically bound to a pre-selected configuration of the endpoint and/or a firmware agent resident on the endpoint; and
enforcing the network access policies.
0 Assignments
0 Petitions
Accused Products
Abstract
Architectures and techniques that allow a firmware agent to operate as a tamper-resistant agent on a host platform that may be used as a trusted policy enforcement point (PEP) on the host platform to enforce policies even when the host operating system is compromised. The PEP may be used to open access control and/or remediation channels on the host platform. The firmware agent may also act as a local policy decision point (PDP) on the host platform in accordance with an authorized enterprise PDP entity by providing policies if a host trust agent is non-responsive and may function as a passive agent when the host trust agent is functional.
32 Citations
28 Claims
-
1. A method comprising:
-
receiving posture information, at a remote device via a network interface, for an endpoint; determining network access policies for the endpoint based on the posture information, the network access policies comprising at least one access control list that is cryptographically bound to a pre-selected configuration of the endpoint and/or a firmware agent resident on the endpoint; and enforcing the network access policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An article comprising a computer-readable storage device having stored thereon instructions that, when executed, cause one or more processors to:
-
receive posture information, at a remote device via a network interface, for an endpoint; determine network access policies for the endpoint based on the posture information wherein at least one of the network access policies is cryptographically bound to a pre-selected configuration of the endpoint and/or a firmware agent resident on the endpoint; and enforce the network access policies. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. An apparatus comprising:
-
an endpoint coupled to a network interface to support one or more software agents and configured to establish a first host environment and a second host environment; a firmware agent coupled to the endpoint and the network interface and separately cryptographically bound to the first host environment and the second host environment to gather posture information from one or more security agents, to transmit a report including the posture information to a remote device via the network interface, and to configure the network interface according to network access control information received from the remote device via the network interface. - View Dependent Claims (24, 25, 26, 27, 28)
-
Specification