Extensible access control architecture

摘要

Software for managing access control functions in a network. The software includes a host that receives access control commands or information and calls one or more methods. The methods perform access control functions and communicate access control results or messages to be transmitted. The host may be installed in a network peer seeking access to the network or in a server controlling access to the network. When installed in a peer, the host receives commands and exchanges information with a supplicant. When installed in an access control server, the host receives commands and exchanges information with an authenticator. The host has a flexible architecture that enables multiple features, such as allowing the same methods to be used for authentication by multiple supplicants, providing ready integration of third party access control software, simplifying network maintenance by facilitating upgrades of authenticator software and enabling access control functions other than peer authentication.

主权项

1. A method performed on a server computing device, the method comprising:
receiving, by an extensible authentication protocol (“EAP”) host of the server computing device via a network from any of a plurality of supplicants operating within a client computing device via an EAP host of the client computing device, a first message that is part of an access control exchange, where each of the plurality of supplicants operating within the client computing device implements access control functions by calling the EAP host of the client computing device, and where the server computing device controls access to resources of the network; and requesting, by the EAP host of the server computing device from a quarantine enforcement client (“QEC”) of the client computing device in response to the receiving, health information about the client device.