DHCP-based security policy enforcement system
US8312270B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 17, 2007 |
| Grant date | Nov 13, 2012 |
| Priority date | — |
| Expiry date | Nov 3, 2030 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/145
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A plug-in module of a DHCP server enforces a security policy of a computer network. The module receives a request to provide an IP address for an end-user computer. A blacklist database is consulted to determine if the computer is not in compliance with the policy. If not compliant, the module returns to the computer a special IP address, a special default gateway and a lease time; the special IP address places the computer in a restricted network segment of the network where it cannot send network packets to other computers. If compliant, the computer receives an IP address and a lease time. The first time an IP address is requested a probe is triggered to determine if the computer is compliant using software not present on the computer. A cleanup service located in the restricted segment remove malware and updates software. Lease times increase after each successful request of an IP address.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.