Nonce generation
First Claim
Patent Images
1. A method for an authentication protocol, the method performed by data processing apparatus and comprising:
- identifying a host device attempting to connect to a network;
transmitting one or more of a plurality of probes to the host device in a host information collection phase, wherein the plurality of probes includes an agent probe, the agent probe including a query of one or more agents installed on the host device, and the one or more agents are configured to determine a health level of the host device;
generating, by the data processing apparatus, a source value;
hashing, by the data processing apparatus, the source value to generate a nonce;
providing, by the data processing apparatus, the nonce with the query of the one or more agents on the host device;
receiving, in response to the query, reply data and an authentication code, wherein the reply data includes a unique agent identifier of at least one agent installed on the host device, the authentication code comprises a hash of the reply data and the nonce, and the host device is identifiable from the unique agent identifier;
determining that the host device is a managed host device based on the receipt of the unique agent identifier;
ending the host information collection phase prior to receiving a reply to at least one of the plurality of probes of the host device based on determining that the host device is a managed host device;
hashing a combination of at least a portion of the reply data and the nonce to generate a digest;
determining the reply is authentic based at least in part on a determination that the digest matches the authentication code;
receiving, during a user detection preadmission state, a user identifier corresponding to the host device; and
transitioning from the user detection preadmission state to a host detection preadmission state based on identifying that the user identifier is mapped to a user role and identifying that network access control for the role is enabled;
wherein determining that a host device is an unmanaged host device causes the host information collection phase to persist at least until a reply is received or a timeout determined for each of the one or more of the plurality of probes.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for generating a nonce. In one aspect, a method includes generating, by a data processing apparatus, a source value, and hashing, by the data processing apparatus, the source value to generate the nonce.
101 Citations
19 Claims
-
1. A method for an authentication protocol, the method performed by data processing apparatus and comprising:
-
identifying a host device attempting to connect to a network; transmitting one or more of a plurality of probes to the host device in a host information collection phase, wherein the plurality of probes includes an agent probe, the agent probe including a query of one or more agents installed on the host device, and the one or more agents are configured to determine a health level of the host device; generating, by the data processing apparatus, a source value; hashing, by the data processing apparatus, the source value to generate a nonce; providing, by the data processing apparatus, the nonce with the query of the one or more agents on the host device; receiving, in response to the query, reply data and an authentication code, wherein the reply data includes a unique agent identifier of at least one agent installed on the host device, the authentication code comprises a hash of the reply data and the nonce, and the host device is identifiable from the unique agent identifier; determining that the host device is a managed host device based on the receipt of the unique agent identifier; ending the host information collection phase prior to receiving a reply to at least one of the plurality of probes of the host device based on determining that the host device is a managed host device; hashing a combination of at least a portion of the reply data and the nonce to generate a digest; determining the reply is authentic based at least in part on a determination that the digest matches the authentication code; receiving, during a user detection preadmission state, a user identifier corresponding to the host device; and transitioning from the user detection preadmission state to a host detection preadmission state based on identifying that the user identifier is mapped to a user role and identifying that network access control for the role is enabled; wherein determining that a host device is an unmanaged host device causes the host information collection phase to persist at least until a reply is received or a timeout determined for each of the one or more of the plurality of probes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for an authentication protocol, the method performed by data processing apparatus and comprising:
-
identifying a host device attempting to connect to a network; generating, by the data processing apparatus, a plurality of source values; hashing, by the data processing apparatus, each of the plurality of source values to generate hash values; generating, by the data processing apparatus, a nonce from the hash values; transmitting one or more of a plurality of probes to the host device in a host information collection phase, wherein the plurality of probes includes an agent probe, the agent probe including the nonce and a query of whether agents configured to determine a health level of the host device are installed on the host device; receiving, in response to the query, reply data and an authentication code, wherein the reply data includes a unique agent identifier of at least one agent installed on the host device, the authentication code comprises a hash of the reply data and the nonce, and the host device is identifiable from the unique agent identifier; determining that the host device is a managed host device based on the receipt of the unique agent identifier; ending the host information collection phase prior to receiving a reply to at least one of the plurality of probes of the host device based on determining that the host device is a managed host device; hashing, by the data processing apparatus, a combination of at least a portion of the reply data and the nonce to generate a digest; determining, by the data processing apparatus, the reply is authentic based at least in part on a determination that the digest matches the authentication code; receiving, during a user detection preadmission state, a user identifier corresponding to the host device; and transitioning from the user detection preadmission state to a host detection preadmission state based on identifying that the user identifier is mapped to a user role and identifying that network access control for the role is enabled; wherein determining that a host device is an unmanaged host device causes the host information collection phase to persist at least until a reply is received or a timeout determined for each of the one or more of the plurality of probes. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A non-transitory, computer storage medium encoded with a computer program, the program comprising instructions that when executed by data processing apparatus cause the data processing apparatus to perform operations comprising:
-
identifying a host device attempting to connect to a network; transmitting a plurality of probes to the host device in host information collection phase, wherein the plurality of probes includes an agent probe, the agent probe including a query of one or more agents installed on the host device configured to determine a health level of the host device; generating a plurality of source values; hashing each of the plurality of source values to generate hash values; generating a nonce from the hash values; transmitting an agent probe to the host device, the agent probe including the nonce and a query of one or more agents installed on the host device configured to determine a health level of the host device; receiving reply data and an authentication code, wherein the reply data includes a unique agent identifier of at least one agent installed on the host device, the authentication code comprises a hash of the reply data and the nonce, and the host device is identifiable from the unique agent identifier; determining that the host device is a managed host device based on the receipt of the unique agent identifier; ending the host information collection phase prior to receiving a reply to at least one of the plurality of probes of the host device based on determining that the host device is a managed host device; hashing a combination of at least a portion of the reply data and the nonce to generate a digest; determining the reply is authentic based at least in part on a determination that the digest matches the authentication code; receiving, during a user detection preadmission state, a user identifier corresponding to the host device; and transitioning from the user detection preadmission state to a host detection preadmission state based on identifying that the user identifier is mapped to a user role and identifying that network access control for the role is enabled; wherein determining that a host device is an unmanaged host device causes the host information collection phase to persist at least until a reply is received or a timeout determined for each of the one or more of the plurality of probes. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A non-transitory, computer storage medium encoded with a computer program, the program comprising instructions that when executed by data processing apparatus cause the data processing apparatus to perform operations comprising:
-
identifying a host device attempting to connect to a network; generating, by the data processing apparatus, a plurality of source values; hashing, by the data processing apparatus, each of the plurality of source values to generate hash values; generating, by the data processing apparatus, a nonce from the hash values; transmitting one or more of a plurality of probes to the host device in a host information collection phase, wherein the plurality of probes includes an agent probe, the agent probe including the nonce and a query of whether agents configured to determine a health level of the host device are installed on the host device; receiving, in response to the query, reply data and an authentication code, wherein the reply data includes a unique agent identifier of at least one agent installed on the host device, the authentication code comprises a hash of the reply data and the nonce, and the host device is identifiable from the unique agent identifier; determining that the host device is a managed host device based on the receipt of the unique agent identifier; ending the host information collection phase prior to receiving a reply to at least one of the plurality of probes of the host device based on determining that the host device is a managed host device; hashing, by the data processing apparatus, a combination of at least a portion of the reply data and the nonce to generate a digest; determining, by the data processing apparatus, the reply is authentic based at least in part on a determination that the digest matches the authentication code; receiving, during a user detection preadmission state, a user identifier corresponding to the host device; and transitioning from the user detection preadmission state to a host detection preadmission state based on identifying that the user identifier is mapped to a user role and identifying that network access control for the role is enabled; wherein determining that a host device is an unmanaged host device causes the host information collection phase to persist at least until a reply is received or a timeout determined for each of the one or more of the plurality of probes.
-
Specification