Controlling access to resources in a network

Assignee

• Cisco Technology, Inc. · US

Inventors

• Robert E. Gleichauf · San Antonio, US
• Susan E. Thomson · Summit, US
• Dany Jacques Rochefort · Norfolk, US
• Joseph Salowey · Seattle, US
• Hao Zhou · Evanston, US
• Fan Wu · Beijing, CN
• Venkateswara Rao Yarlagadda · Bengaluru, IN
• Russell E. Rice · Redwood City, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/20
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A computerized device transmits an access request to a data communications device of a network in an attempt to access network resources within the network. The data communications device, in response and in real-time, transmits a challenge request to the computerized device that directs the computerized device to retrieve configuration, or posture, credentials associated with the computerized device. A policy server receives the challenge response and, based upon a real-time analysis of the posture credentials of the computerized device, determines a security state of the computerized device and either provides some level or denies the computerized device access to the network resources based upon the analysis of posture. The data communications device detects the real-time security state of the computerized device prior to providing the computerized device with controlled access to the network resources, thereby limiting vulnerable computerized devices from accessing the network resources and minimizing the risk that the network resources receive or transmit malware.