Method and system for verifying and updating the configuration of an access device during authentication
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-009/00
G06F-011/30
G06F-007/04
G06F-007/02
G06F-017/30
출원번호
UP-0821313
(2004-04-08)
등록번호
US-7539862
(2009-07-01)
발명자
/ 주소
Edgett, Jeff Steven
Nelson, Barbara
Vollbrecht, John Robert
Albert, Roy David
Underwood, James Marion
Bullock, Blair Thomas
출원인 / 주소
iPass Inc.
인용정보
피인용 횟수 :
42인용 특허 :
75
초록▼
A system and method is provided to verify configuration of a client access device requesting access to a network by establishing a communications link between a network access system and the client access device to authenticate and authorize the client access device and a user associated with the cl
A system and method is provided to verify configuration of a client access device requesting access to a network by establishing a communications link between a network access system and the client access device to authenticate and authorize the client access device and a user associated with the client access device. The network access system further receives client device configuration data from the client access device over the communications link during an authentication and authorization exchange and processes the client device configuration data to determine if the client access device will be granted access to the network.
대표청구항▼
What is claimed is: 1. A method comprising: performing, in a first service access provider, operations including, receiving an access request from a client access device, the access request requesting access to a network, wherein a user associated with the client access device is a subscriber of a
What is claimed is: 1. A method comprising: performing, in a first service access provider, operations including, receiving an access request from a client access device, the access request requesting access to a network, wherein a user associated with the client access device is a subscriber of a second service access provider, wherein the second service provider is physically distinguished from the first service provider; establishing a communications link with the client access device to authenticate and authorize the user, including delivering an agent to the client access device, the agent operable to identify the client device configuration; receiving client device configuration data from the agent over the communications link during an authentication and authorization exchange; transmitting the client device configuration data destined for the second service access provider, wherein the second service access provider is operable to process the client device configuration data and selectively grant the client access device access to the network based upon the client device configuration data; and receiving an indication about whether the client access device is granted access to the network, the indication originating from the second service access provider. 2. The method of claim 1, wherein determining if the client device configuration data meets predetermined security requirements includes comparing the client device configuration data with reference configuration data. 3. The method of claim 1, wherein the second service access provider is further operable to update the client device configuration data if the client device configuration data fails to meet the predetermined security requirements. 4. The method of claim 3, wherein selectively granting the client access device access to the network includes, denying access to the network if the client device configuration data is not updated. 5. The method of claim 1, wherein the agent is further operable to communicate the client device configuration data to a server of the network. 6. The method of claim 5, which includes, if after the processing of the client device configuration data the client device configuration data requires an update, using the agent to update the client access device with updated configuration data. 7. The method of claim 6, which includes, after updating the client access device, receiving an update result indicator from the agent to confirm that the configuration of the client access device has been updated. 8. The method of claim 1, wherein the establishing of the communications link with the client access device includes communicating a command set, which includes at least one command, to the client access device, the command set operable to identifer the client device configuration data and to communicate the client device configuration data to a server of the network. 9. The method of claim 8, which includes, if after the processing of the client device configuration data the client device configuration data requires an update, using the command set to update the client access device with updated configuration data. 10. The method of claim 9, wherein the command set further includes a first command set to identify and communicate the client device configuration data to the server, and a second command set to update the client access device with the updated configuration data. 11. The method of claim 9, which includes, after updating the client access device, receiving an update result indicator from the client access device to confirm that the configuration of the client access device has been updated. 12. The method of claim 1, the operations further including, after establishing communications with the client access device, transmitting authentication information to the second service access provider, the second service access provider further operable to authenticate the user. 13. The method of claim 12, wherein authenticating the user includes verifying user login information associated with the user attempting access to the network. 14. The method of claim 1, wherein the client device configuration data includes at least one of virus definition data, firewall configuration data, and operating system configuration data. 15. A system to verify configuration data of a client access device requesting access to a packet-switched computer network, the system comprising: a first service access provider, coupled to the packet-switched computer network, to establish a communications link to the client access device, including delivering an agent to the client access device, the agent operable to identify the client device configuration, via the packet switched computer network to receive, from the client access device, authentication information for a user associated with the client access device and to receive the configuration data from the client access device over the communications link during an authentication and authorization exchange; and a second service access provider to receive said authentication information and the said configuration data from the first service access provider, to process the configuration data, to selectively grant the client access device access to the network based upon the configuration data, and to originate an indication whether the client access device is granted access to the network: and wherein the second service provider is physically distinguished from the first service provider and the client access device is a subscriber of the second service access provider. 16. The system of claim 15, wherein the second service access provider includes a configuration server to process the client device configuration data such that the configuration server determines if the client device configuration data meets predetermined security requirements. 17. The system of claim 16, wherein the configuration server compares the client device configuration data with reference configuration data to determine if the client device configuration data meets predetermined security requirements. 18. The system of claim 16, wherein the configuration server, after the client device configuration data is processed, updates the client device configuration data. 19. The system of claim 18, wherein the configuration server denies network access to the client access device if the client device configuration data is not updated. 20. The system of claim 16, wherein to establish the communications link with the client access device, the second service access provider communicates an agent to the client access device, the agent operable to identify the client device configuration data and to communicate the client device configuration data to at least one of the second service access provider and the configuration server. 21. The system of claim 20, wherein if after the processing of the client device configuration data the client device configuration data requires an update, the configuration server being configurable to use the agent to update client device configuration data with updated configuration data. 22. The system of claim 21, wherein after the agent updates the client access device, the configuration server receives an update result indicator from the agent to confirm that the configuration of the client device has been updated. 23. The system of claim 16, wherein to establish the communications link with the client access device, the first service access provider communicates a command set to the client access device, the command set operable to identify the client device configuration data and to communicate the client device configuration data to at least one of the first service access provider and the configuration server. 24. The system of claim 23, wherein if after the processing of the client device configuration data, the client device configuration data requires an update, the configuration server is operable to further use the command set to update client device configuration data with updated configuration data. 25. The system of claim 24, wherein after the configuration server updates the client access device, the configuration server receives an update result indicator from the client access device to confirm that the client configuration has been updated. 26. The system of claim 23, wherein the command set further includes a first command set to identify and communicate the client device configuration data to the server, and a second command set to update the client access device with the updated configuration data. 27. The system of claim 15, wherein the second service access provider includes an authentication server to authenticate and authorize a user associated with the client access device. 28. The system of claim 15, wherein the client device configuration data includes at least one of virus definition data, firewall configuration data, and operating system configuration data. 29. A machine readable storage medium storing a set of instructions that, when executed by a machine, cause the machine to: perform, in a first service access provider, following operations: receiving an access request from a client access device, the access request requesting access to a network, wherein a user associated with the client access device is a subscriber of a second service access provider, wherein the second service provider is physically distinguished from the first service provider; establishing a communications link with a client access device including delivering an agent to the client access device, the agent operable to identify the client device configuration to authenticate and authorize the user associated with the client access device; receiving client device configuration data from device over the communications link during an authentication and authorization exchange; transmitting the client device configuration data destined for the second service access provider, wherein the second service access provider is operable to process the client device configuration data and to selectively grant the client access device access to the network based upon the client device configuration data; and receiving an indication about whether the client access device is granted access to the network, the indication originating from the second service access provider. 30. The machine readable medium of claim 29, wherein after the processing of the client device configuration data, the client device configuration data is updated with updated configuration data. 31. A method to manage access to a network from a client access device, the method comprising: requesting access to the network, the requesting involving a first service access provider and a second service access provider, authenticating a user associated with the client access device in an authentication and authorization exchange, at the first service provider, involving an agent delivered to the client access device, said delivered agent operable to identify the client device configuration data, wherein the user is a subscriber of the second service access provider; communicating client device configuration data to the second service access provider via said delivered agent, wherein the client device configuration data includes security setting status data received from executables operating on the client device; processing the configuration data, by the second service access provider; receive a verification response from the second service access provider via the first service access provider; and if the user is authenticated and the verification response from the second service access provider indicates acceptance of the client device configuration data, access the network via the first service provider. 32. The method of claim 31, wherein prior to receiving the verification response, updated configuration data is received from the second service access provider via the first service access provider, the updated configuration data to replace the client device configuration data. 33. A machine readable storage medium storing a set of instructions that, when executed by a machine, cause the machine to: request, from a first service access provider, access to a network, the requesting involving a first service access provider and a second service access provider, wherein the second service provider is physically distinguished from the first service provider; authenticate and authorize a user associated with the request in an authentication and authorization exchange, at the first service provider, involving an agent delivered to the client access device, said delivered agent operable to identify the client device configuration data, wherein the user is a subscriber of the second service access provider; communicate client device configuration data to the second service access provider via the agent; wherein the client device configuration data includes security setting status data received from executables operating on the client device; process the configuration data, by the second service access provider, receive a verification response from the second service access provider via the first service access provider; and if the user is authenticated and the verification response from the second service access provider indicates acceptance of the client device configuration data, access the network via the first service provider. 34. The machine readable medium of claim 33, wherein prior to receiving a verification response, updated configuration data is received from the second service access provider to replace the client device configuration data.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (75)
Thakkar Dhanya,CAX ; Montcalm Jacques,CAX ; Langford Glenn C.,CAX, Access and storage of secure group communication cryptographic keys.
Creamer Thomas Edward ; Lozinski Zygmunt Anthony Boleslaw Gerard,GBX ; Mandalia Baiju Dhirajlal ; Mansey Pradeep Parsram, Access to extended telephone services via the internet.
Howard ; Jr. James L. ; Hess Pennington J. ; MacStravic James A., Apparatus and methods for managing key material in heterogeneous cryptographic assets.
Lloyd Brian ; McGregor Glenn, Centralized authentication, authorization and accounting server with support for multiple transport protocols and multiple client types.
Yoshida Kojun (Kawasaki JPX) Fujii Yasuo (Kawasaki JPX) Kaneshima Toshihito (Kawasaki JPX), Centralized supervisory system for supervising network equipments based on data indicating operation states thereof.
Holleran Patrick A. ; Evans John S. ; Cleron Michael A. ; Fisher Stephen ; Bruck Timo, Embedding internet browser/buttons within components of a network component system.
John J. DePaola ; John G. Nightingale, Jr. ; Lawrence T. Babbio, III ; James F. McHenry, Inetwork architecture for calling party pays wireless service.
Herzberg Amir (Ramat-gan ILX) Kutten Shay (Rockaway NJ) Yung Marcel M. (New York NY), Method and apparatus for authenticating users of a communication system to each other.
Kaufman Charles W. (Northboro MA) Gasser Morrie (Hopkinton MA) Lampson Butler W. (Cambridge MA) Tardo Joseph J. (Concord MA) Alagappan Kannan (Cambridge MA), Method and apparatus for protecting the confidentiality of passwords in a distributed data processing system.
Nielsen Jakob, Password helper using a client-side master password which automatically presents the appropriate server-side password in a particular remote server.
Paridaens, Olivier; De Schrijver, Peter Paul Camille; T'Joens, Yves Robert Fernand, Performing authentication over label distribution protocol (LDP) signaling channels.
Lee Warren S. ; Copp David W. ; Platteter Dale T. ; Carrier Neil P., Point of presence (POP) for digital facsimile network with virtual POPs used to communicate with other networks.
Kiser, Charles H.; Clinton, Cheryl L.; Couchot, John T.; Curtin, Anne M.; Donovan, Joseph M.; Dorfmeister, Steven C.; Fish, Brian L.; Flores, Lisa Q.; Gerton, William M.; Hall, James D.; Hicks, Jaye , Processing performance data describing a relationship between a provider and a client.
Jacobs Dwayne C. (Austin TX) Wangler James A. (Cedar Park TX), Remote password administration for a computer network among a plurality of nodes sending a password update message to al.
Huang Gang (Highlands NJ) Werner Jean-Jacques (Holmdel NJ), Synchronization scheme for digital communications systems transporting data at a customer-controlled rate.
Gallagher Michael D. ; Carlson Kirk D. ; Jeffery Stuart S. ; Lee Ming J. ; Grencions Vilnis G. ; Snyder Randall A., System and method for authenticating cellular telephonic communication.
Tennison, Lynden L.; Vaiskunas, Thomas J.; Conley, Todd M.; Edeid, Nader; Wilmes, Dave J., System and method for dynamically routing messages transmitted from mobile platforms.
MacFarlane Lloyd ; Driskell Dwight D. ; Henley Vivian C. ; Lane Nancy C. ; Greenspan Michael ; Nielsen Betty J., System and method for generating an invoice to rebill charges to the elements of an organization.
Hartmann, Richard G.; Krissell, Daniel L.; Murphy, Jr., Thomas E.; Orzel, Francine M.; Rieth, Paul F.; Stevens, Jeffrey S., System and method for managing denial of service attacks.
Holden James M. ; Levin Stephen E. ; Nickel James O. ; Wrench Edwin H., System and method for providing multi-level security in computer devices utilized with non-secure networks.
Teper Jeffrey A. ; Koneru Sudheer ; Mangione Gordon ; Balaz Rudolph ; Contorer Aaron M. ; Chao Lucy, System and method for providing trusted brokering services over a distributed network.
John E. Brezak, Jr. ; Richard B. Ward ; Michael M. Swift ; Paul J. Leach, System and method of user logon in combination with user authentication for network access.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Davis Mark Charles ; Kuehr-McLaren David Gerard ; Powers Calvin Stacy, Systems, methods and computer program products that use an encrypted session for additional password verification.
Lindholm, Fredrik; Castellanos, David; Walker, John Michael, Authentication in an IP multimedia subsystem network where an in-use line identifier (LID) does not match a registered LID.
Choe, Calvin Choon-Hwan; Pickford, Misty Louise, Dynamic remediation of a client computer seeking access to a network with a quarantine enforcement policy.
Raleigh, Gregory G.; Lavine, James; Green, Jeffrey, End user device that secures an association of application to service policy with an application certificate check.
Raleigh, Gregory G.; Tellado, Jose; Green, Jeffrey; Lavine, James; Carter, III, Russell Bertrand, Enhanced curfew and protection associated with a device group.
Raleigh, Gregory G.; Tellado, Jose; Green, Jeffrey; Lavine, James; Carter, III, Russell Bertrand; James, Justin; Nguyen, Laurent An Minh, Method for child wireless device activation to subscriber account of a master wireless device.
Junod, Forrest A.; Fly, Robert C.; Dapkus, Peter; Yancey, Scott W.; Lawrance, Steven S.; Fell, Simon Z., On-demand service security system and method for managing a risk of access as a condition of permitting access to the on-demand service.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.