公开(公告)号：US09436820B1

公开(公告)日：2016-09-06

申请号：US10909755

申请日：2004-08-02

申请人： Robert E. Gleichauf ,  Susan E. Thomson ,  Dany J. Rochefort ,  Joseph A. Salowey ,  Hao Zhou ,  Fan Wu ,  Venkateswara Rao Yarlagadda ,  Russell E. Rice

发明人： Robert E. Gleichauf ,  Susan E. Thomson ,  Dany J. Rochefort ,  Joseph A. Salowey ,  Hao Zhou ,  Fan Wu ,  Venkateswara Rao Yarlagadda ,  Russell E. Rice

IPC分类号： G06F15/16 ,  G06F21/50 ,  H04L29/06

CPC分类号： G06F21/50 ,  G06F21/577 ,  H04L63/02 ,  H04L63/08 ,  H04L63/20

摘要： A computerized device transmits an access request to a data communications device of a network in an attempt to access network resources within the network. The data communications device, in response and in real-time, transmits a challenge request to the computerized device that directs the computerized device to retrieve configuration, or posture, credentials associated with the computerized device. A policy server receives the challenge response and, based upon a real-time analysis of the posture credentials of the computerized device, determines a security state of the computerized device and either provides some level or denies the computerized device access to the network resources based upon the analysis of posture. The data communications device detects the real-time security state of the computerized device prior to providing the computerized device with controlled access to the network resources, thereby limiting vulnerable computerized devices from accessing the network resources and minimizing the risk that the network resources receive or transmit malware.

摘要翻译： 计算机化设备向网络的数据通信设备发送访问请求，以试图访问网络内的网络资源。 数据通信设备作为响应并且实时地向计算机化设备发送质询请求，该计算机化设备指导计算机化设备检索与计算机化设备相关联的配置或姿势凭据。 策略服务器接收挑战响应，并且基于对计算机化设备的姿态凭证的实时分析来确定计算机化设备的安全状态，并且基于以下方式提供一些级别或拒绝计算机化设备对网络资源的访问 姿势分析。 在向计算机化设备提供对网络资源的受控访问之前，数据通信设备检测计算机化设备的实时安全状态，从而限制易受攻击的计算机化设备访问网络资源并最小化网络资源接收或传输的风险 恶意软件