| 发明名称 | Method, apparatus, signals and medium for enforcing compliance with a policy on a client computer | ||
| 摘要 | A method and system for enforcing compliance with a policy on a client computer in communication with a network is disclosed. The method involves receiving a data transmission from the client computer on the network. The data transmission includes status information associated with the client computer. The data transmission is permitted to continue when the status information meets a criterion. | ||
| 申请公布号 | US8935416(B2) | 申请公布日期 | 2015.01.13 |
| 申请号 | US200611409401 | 申请日期 | 2006.04.21 |
| 申请人 | Fortinet, Inc. | 发明人 | May Robert Alvin;Wang Wei;Huang Tao |
| 分类号 | G06F15/16;G06F21/60;G06F21/56;H04L29/06 | 主分类号 | G06F15/16 |
| 代理机构 | Schwegman Lundberg & Woessner, P.A. | 代理人 | Schwegman Lundberg & Woessner, P.A. |
| 主权项 | 1. A method for enforcing compliance with a policy on a client computer in communication with a network, the method comprising: receiving a data transmission from the client computer on the network, said data transmission including status information associated with a configuration and operational status of the client computer, the status information including hashed representations of client computer configuration and operational status data, the status information including a plurality of information comprising: an indication of whether a client security program is running on the client computer;version information associated with the client security program installed on the client computer;configuration information associated with the client security information installed on the client computer; andversion information associated with an intrusion protection system (IPS) signature database stored on the client computer; determining a temporary policy for the client computer is active, permitting said data transmission to continue; when a temporary policy for the client computer does not exist, generating a new temporary policy for the client computer and permitting said data transmission to continue when said status information meets a criterion as determined through a matching of the hashed representations of the client computer configuration and operational status data with desired hash values, said new temporary policy including information identifying the client computer and wherein subsequent data transmissions from the client computer are permitted to continue without reading status information included in said subsequent data transmissions, while said new temporary policy exists; and wherein: the data transmission includes a request; andpermitting the data transmission to continue includes forwarding the data transmission for processing of the request. | ||
| 地址 | Sunnyvale CA US | ||