| 发明名称 |
Method, apparatus, signals and medium for enforcing compliance with a policy on a client computer |
| 摘要 |
A method and system for enforcing compliance with a policy on a client computer in communication with a network is disclosed. The method involves receiving a data transmission from the client computer on the network. The data transmission includes status information associated with the client computer. The data transmission is permitted to continue when the status information meets a criterion. |
| 申请公布号 |
US9306976(B2) |
申请公布日期 |
2016.04.05 |
| 申请号 |
US201213731474 |
申请日期 |
2012.12.31 |
| 申请人 |
Fortinet, Inc. |
发明人 |
May Robert Alvin;Wang Wei;Huang Tao |
| 分类号 |
H04L29/06;G06F21/56;G06F21/60;H04L12/24;H04L29/08;G06F15/16 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for client computer policy compliance enforcement, the method comprising:
receiving a data transmission from a client computer on a network, said data transmission received by a gateway node and including status information associated with a configuration and operational status of the client computer, the status information including hashed representations of client computer configuration and operational status data of at least one program installed on the client computer; preventing, by the gateway node, said data transmission from continuing when said data transmission does not include status information or fails to meet a criterion; applying, by the gateway node, a temporary policy for the client computer that permits said data transmission to continue when said status information meets a criterion as determined through a matching of the hashed representations of the client computer configuration and operational status data with desired hash values stored in a memory of the gateway node, said temporary policy including information identifying the client computer and wherein subsequent data transmissions from the client computer are permitted to continue without reading status information associated with the configuration and operational status of the client computer included in said subsequent data transmissions, while said temporary policy exists; and wherein:
the gateway node is a network device that enforces at least one policy with regard to client computers communicating over the network;the data transmission includes a request;permitting the data transmission to continue includes the gateway node forwarding the data transmission for processing of the request; andthe temporary policy expires when either a first period expires or the client computer has not initiated any subsequent data transmissions within a second period. |
| 地址 |
Sunnyvale CA US |
