US2006069683A1PendingUtilityA1

Method and apparatus for assigning access control levels in providing access to networked content files

49
Assignee: BRADDY RICKY GPriority: Sep 30, 2004Filed: Nov 14, 2005Published: Mar 30, 2006
Est. expirySep 30, 2024(expired)· nominal 20-yr term from priority
G06F 21/6218G06F 21/10G06Q 30/0601H04L 63/0823H04L 63/083H04L 63/0861H04L 63/105H04L 63/20H04W 4/18G06F 16/88G06F 16/9535
49
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method and apparatus for assigning access control levels when providing access to networked content files includes a client node, a policy sensor, a collection agent, and a policy engine. The client node requests access to a resource. The policy sensor detects the request for access to the resource. The collection agent gathers information about the client node. The policy engine receives an identification of the client node from the policy sensor and receives the gathered information and assigns one of a plurality of levels of access responsive to application of a policy to the received information.

Claims

exact text as granted — not AI-modified
1 . A system of granting access to resources comprising: 
 a client node requesting access to a resource;    a policy sensor detecting the request for access to the resource; a collection agent gathering information about the client node; and    a policy engine receiving an identification of the client node from the policy sensor, receiving the gathered information and assigning one of a plurality of levels of access responsive to application of a policy to the received information.    
     
     
         2 . The system of  claim 1  wherein the policy engine further comprises a database storing configurable policies.  
     
     
         3 . The system of  claim 1  wherein a system administrator configures policies in the policy engine to provide a level of access control rights to the client node.  
     
     
         4 . The system of  claim 1  wherein the policy engine transmits instructions to the collection agent determining the type of information the collection agent gathers.  
     
     
         5 . The system of  claim 1  wherein the policy engine further comprises a logon agent.  
     
     
         6 . The logon agent of  claim 5  wherein the logon agent receives the gathered information from the collection agent.  
     
     
         7 . The logon agent of  claim 5  wherein the logon agent identifies for the policy engine authentication information received from the collection agent.  
     
     
         8 . The system of  claim 1  wherein the policy engine further comprises a plurality of logon agents.  
     
     
         9 . The system of  claim 8  wherein at least one of the plurality of logon agents resides on each network domain from which a client node may transmit a resource request.  
     
     
         10 . The system of  claim 9  where the client node transmits the resource request to a particular logon agent.  
     
     
         11 . The system of  claim 10  where the logon agent identifies for the policy engine the network domain from which the client node transmits the resource request.  
     
     
         12 . The system of  claim 1  wherein the policy sensor comprises a logon agent.  
     
     
         13 . The system of  claim 1  wherein the collection agent executes on the client node.  
     
     
         14 . The system of  claim 1  wherein the policy engine transmits the collection agent to the client node.  
     
     
         15 . The system of  claim 1  wherein the collection agent comprises at least one script.  
     
     
         16 . The system of  claim 1  wherein the collection agent comprises bytecode.  
     
     
         17 . The system of  claim 1  wherein the collection agent gathers the information by running at least one script on the client node.  
     
     
         18 . The system of  claim 17  wherein the collection agent gathers information comprising HTTP headers.  
     
     
         19 . The system of  claim 17  wherein the collection agent gathers information comprising the network zone of the client node.  
     
     
         20 . The system of  claim 17  wherein the collection agent gathers information comprising the method of authentication used by the client node.  
     
     
         21 . The system of  claim 1  wherein the collection agent gathers information comprising operating system type.  
     
     
         22 . The system of  claim 1  wherein the collection agent gathers information comprising existence of a patch to an operating system.  
     
     
         23 . The system of  claim 1  wherein the collection agent gathers information comprising a watermark on the client device.  
     
     
         24 . The system of  claim 1  wherein the collection agent gathers information comprising existence of a virus scanner.  
     
     
         25 . The system of  claim 1  wherein the collection agent gathers information comprising existence of a firewall.  
     
     
         26 . The system of  claim 1  wherein the collection agent gathers information comprising a host intrusion prevention system.  
     
     
         27 . A method of granting access to resources, the method comprising: 
 (a) requesting, by a client node, access to a resource;    (b) detecting, by a policy sensor, the request for access to the resource;    (c) gathering, by a collection agent, information about the client node;    (d) receiving, by the policy engine, an identification of the client node from the policy sensor and the gathered information; and    (e) making an access control decision based on the received information.    
     
     
         28 . The method of  claim 27  wherein step (a) further comprises requesting the resource over a network connection.  
     
     
         29 . The method of  claim 27  wherein step (c) further comprises gathering the information over a network connection.  
     
     
         30 . The method of  claim 27  wherein step (c) further comprises gathering information by executing at least one script on the client node.  
     
     
         31 . The method of  claim 27  wherein step (d) further comprises determining if the received information satisfies a condition.  
     
     
         32 . The method of  claim 31  further comprising determining if the received information satisfies a condition by comparing the received information to at least one condition.  
     
     
         33 . The method of  claim 32  wherein step (e) further comprises making an access control decision by applying a policy to the condition.  
     
     
         34 . A policy engine comprising: 
 a first component receiving information about a client node, and    generating a data set from the information;    a second component receiving the data set, and providing to the first component a policy applicable to the client based on the data set.    
     
     
         35 . The policy engine of  claim 34  wherein the first component receives the information from a collection agent.  
     
     
         36 . The policy engine of  claim 34  wherein the second component further comprises a database.  
     
     
         37 . The policy engine of  claim 36  wherein the database stores at least one policy.  
     
     
         38 . The policy engine of  claim 34  wherein the policy engine further comprises a logon agent.  
     
     
         39 . The logon agent of  claim 38  wherein the logon agent receives the gathered information from the collection agent.  
     
     
         40 . The logon agent of  claim 39  wherein the logon agent identifies for the policy engine the authentication information received from the collection agent.  
     
     
         41 . The policy engine of  claim 34  wherein the policy engine further comprises a plurality of logon agents.  
     
     
         42 . The policy engine of  claim 41  wherein at least one of the plurality of logon agents resides on each network domain from which a client node may transmit a resource request.  
     
     
         43 . The policy engine of  claim 42  where the client node transmits the resource request to a particular logon agent.  
     
     
         44 . A method of granting access with a policy engine, the method comprising: 
 (a) receiving, by a first component, information about a client node;    (b) generating, by the first component, a data set from the information; and    (c) providing, by a second component, a policy applicable to the client.    
     
     
         45 . The method of  claim 44 , wherein step (c) further comprises providing, by the second component, a set of configuration requirements to be identified on the client.  
     
     
         46 . The method of  claim 44 , wherein step (c) further comprises providing, by the second component, a plurality of modifications to be made on the client by a collection agent.  
     
     
         47 . The method of  claim 44  wherein step (c) further comprises applying, by the second component, a policy to the received information to determine the policy applicable to the client node.  
     
     
         48 . The method of  claim 44  wherein step (c) further comprises receiving, by the first component, the policy applicable to the client.  
     
     
         49 . The method of  claim 44  wherein step (c) further comprises providing, by the first component, the policy to the client node.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.