[go: up one dir, main page]

WO2013059870A1 - System and method for maintaining network compliance - Google Patents

System and method for maintaining network compliance Download PDF

Info

Publication number
WO2013059870A1
WO2013059870A1 PCT/AU2012/001303 AU2012001303W WO2013059870A1 WO 2013059870 A1 WO2013059870 A1 WO 2013059870A1 AU 2012001303 W AU2012001303 W AU 2012001303W WO 2013059870 A1 WO2013059870 A1 WO 2013059870A1
Authority
WO
WIPO (PCT)
Prior art keywords
computing device
compliance
compliance agent
agent
network access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/AU2012/001303
Other languages
French (fr)
Inventor
Trent Hugh Craig DAVIS
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agent Smith Pty Ltd
Original Assignee
Agent Smith Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2011904414A external-priority patent/AU2011904414A0/en
Application filed by Agent Smith Pty Ltd filed Critical Agent Smith Pty Ltd
Publication of WO2013059870A1 publication Critical patent/WO2013059870A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Definitions

  • This invention relates generally to a system and method for maintaining network compliance.
  • the invention ensures that use of a network or a computing device complies with policies set by an owner of the network or the computing device.
  • a Wi-Fi hotspot or internet access point allows a user of a computing device to connect to the Internet using a third party network.
  • Hotspots and internet access points may be provided by a variety of organisations including companies, government, local councils, schools and universities, as a service, to allow users to connect to the Internet.
  • the user may be free to view inappropriate material or perform other undesirable activities.
  • the organisation's network may be vulnerable to viruses that may be present on the user's computing device.
  • NAC Network Access Controls
  • the policies may include measures such as an anti-virus protection level, system update level and a configuration. If the computing device does not comply with the policy, the user is prompted to install the necessary software in order to comply with the policy. Furthermore, NAC can perform web filtering to prevent access to inappropriate material and illegal activities.
  • a disadvantage of NAC is that the installation of additional software takes time and often requires the computing device to be reset. Furthermore, the additional software is left on the computing device, taking up valuable storage space. In order to free up some of the storage space, the user of the computing device must manually uninstall the software. There is therefore a need for an improved system and method for network compliance.
  • the invention resides in a system for maintaining network compliance, the system including a computing device, the computing device including: a memory coupled to a processor, wherein the memory includes computer readable program code components configured to cause:
  • the invention resides in a system for maintaining network compliance, the system including a network access device, the network access device including:
  • a memory coupled to a processor, wherein the memory includes computer readable program code components configured to:
  • the computer readable program code components in the network access device are further configured to:
  • the invention resides in a system for maintaining network compliance, the system including a compliance server, the compliance server including:
  • a memory coupled to a processor, wherein the memory includes computer readable program code components configured to:
  • the computer readable program code components in the compliance server are further configured to:
  • the network access device permits the computing device to access the local server. If the user is invalid, the network access device prevents the computing device from accessing the local server.
  • the compliance agent is configured to uninstall from the computing device when the computing device disconnects from the network access device.
  • the compliance agent includes one or more policies.
  • the compliance server or local server may apply the policies to network traffic from the computing device.
  • the one or more policies define a content of data transferred to and from the network device.
  • the one or more policies define a time when the network device or the computing device may access the Internet.
  • the one or more policies define social media content.
  • the one or more policies may define an application and/or service that is allowed or prevented from being executed on the computing device.
  • the one or more policies control applications that may run on the computing device.
  • the one or more policies define a status of software installed on the network and/or computing device.
  • the status of the software installed on the computing device includes a patch and a service pack level of the operating system.
  • the software installed on the computing device is one or more of anti-virus software, anti-spyware software, anti-spam software and other security software, services and products, or any other appropriate software.
  • FIG. 1 is a block diagram illustrating a system for maintaining network compliance according to an embodiment of the present invention
  • FIG 2 is a timeline illustrating a method of network compliance according to an embodiment of the present invention.
  • FIG 3 is a block diagram illustrating a system for maintaining network compliance according to a second embodiment of the present invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
  • adjectives such as first and second, left and right, front and back, top and bottom, etc., are used solely to define one element from another element without necessarily requiring a specific relative position or sequence that is described by the adjectives.
  • Words such as “comprises” or “includes” are not used to define an exclusive set of elements or method steps. Rather, such words merely define a minimum set of elements or method steps included in a particular embodiment of the present invention. It will be appreciated that the invention may be implemented in a variety of ways, and that this description is given by way of example only.
  • the present invention prevents unauthorised data transfer between a computing device and a network access device, and/or the internet by other means, such as using a cellular modem, by installing a compliance agent on the computing device.
  • the compliance agent includes one or more policies and checks that the data transfer between the computing device and the network conforms to the policies. If the data transferred between the computing device and the network access device does not conform to the policies, the data is blocked by the compliance agent and an indication displayed to a user of the computing device.
  • the indication may be one or more of an audible or a visual indication.
  • FIG. 1 is a block diagram showing a system 100 for maintaining network compliance, according to some embodiments of the present invention.
  • the system 100 is typical of a home or office network and includes a number of computing devices 110a, 110b ... 1 0n connected to a Network Access Device such as a router 120.
  • the Network Access Device may also include other network devices such as an access point and may be a wireless or a wired connection.
  • the router 120 is connected to the Internet 130 and the computing devices 1 0a, 110b ... 110n can connect to the Internet 130 via the router 120 as is known in the art.
  • the computing devices 0 may connect to other devices on the network.
  • the router 120 includes a modem in order to connect to the Internet.
  • system 100 may be any suitable configuration to allow computing devices 110 to access the Internet 130.
  • the system 100 may include a separate router 120 and modem or a cellular modem.
  • the system 00 may further include an access point installed between the computing devices 110 and the router 120.
  • each of the computing devices 110, router 120 and compliance server 140 include a memory coupled to a processor.
  • the memory includes computer readable program code components configured to cause a method of the present invention.
  • the computing devices 110 may be one or more of a laptop, a tablet computer, a mobile computing device such as a smartphone, a desktop or any other applicable computing device. Each computing device 110 may connect to the router 120 with a wired or a wireless connection in order to access the Internet 130 and a network. Furthermore, the computing device 110 may connect directly to the Internet 130 using a mobile connection as is known in the art.
  • the router 120 is configured to install the compliance agent on a computing device 110, when the computing device 10 connects to the router 120.
  • the router 120 may be configured at the time of manufacture, or the router 120 may be configured using software installed on a DVD or a USB flash drive or downloaded from the Internet 130. Alternatively, the router 120 may be configured via a compliance server 1 0 connected to the Internet 130.
  • the access point may be configured with a compliance agent that is downloaded from the access point to a computing device 110.
  • the compliance agent may be installed and downloaded from any suitable network device or the Internet 130 for installing on the computing device 110.
  • the computing device 10 In order to access the router 120, the computing device 10 must have a compliance agent installed. Once the compliance agent is installed on the computing device 110, the computing device 110 may access a network or the Internet via the router 120.
  • FIG 2 is a timeline illustrating a method of network compliance according to an embodiment of the present invention.
  • the router 120 receives an access request from the computing device 110 to connect to the router 120.
  • the router 120 sends a compliance agent request to the computing device 110 to determine whether the compliance agent is installed on the computing device 110.
  • the router 120 receives a response from the computing device 110 to the compliance agent request that the compliance agent is not installed on the computing device 110.
  • the router 120 sends the compliance agent to the computing device 120, and the computing device 110 installs the compliance agent.
  • the compliance agent may not be stored in the router 120 and is downloaded directly to the computing device 1 0 from the compliance server 140 via the router 120.
  • the router 120 sends a request to the compliance server 140 to send the compliance agent and at step 215B, the router receives the compliance agent from compliance server 140.
  • the inventors envisage that the compliance agent is not a large file, being about 20MB in size thus will not take long to download and install.
  • the computing device 110 disconnects from the router 120, the compliance agent is deleted from the computing device 110.
  • the compliance agent checks that data transferred between the computing device 110 and the network access device 120 conforms to the policies. If the data does not conform to the policies, the compliance agent blocks the data and a notification may be displayed to the user of the computing device 110. Furthermore, the compliance agent may periodically check that the compliance agent is the latest version. If required an updated compliance agent may be installed on the network device and/or the computing device.
  • the policies may define, but is not limited to, access to social media, web filtering, application control and time of day management.
  • the compliance agent may check that the computing device 110 has applications installed, enabled and up to date such as anti-virus and spyware applications
  • the policies may define a type of content of the data transferred between the computing device 110 and the router 120.
  • a type of content that may be blocked includes, but is not limited to, bad language, nudity, pornography, betting websites, gambling, illegal drugs, weapons, proxy avoidance, realestate and social media such as YouTube®, Twitter® and Facebook®.
  • the policies used by the compliance agent may be configured by a network owner using a web browser connected to the Internet to connect to the compliance server 140.
  • the one or more policies may define an application and/or a service that is allowed or prevented from being executed on the computing device.
  • the data may be verified at the computing device by the compliance agent.
  • the data may be verified by the compliance agent installed on the compliance server 140, through a proxy.
  • the compliance agent may also check a status of whether anti-virus, anti-spyware and/or anti- malware software has been installed on the computing device 110 as well as a system update level and a configuration.
  • the system update level may include a type of operating system, and a version, service pack level and a patch level of the operating system, as well as any other software.
  • the compliance agent when the computing device 110 disconnects from the router 120 or the intemet, the compliance agent is removed from the computing device without leaving any trace on the computing device 110 including a registry or other configuration files and databases of a computing device 110.
  • FIG 3 shows a block diagram illustrating a system 300 for maintaining network compliance according to a second embodiment of the present invention.
  • the system 300 includes a number of computing devices 310a, 310b ... 310n connected to a Network Access Device such as a wired switch or a wireless access point 320.
  • the system 300 also includes a local server 350 connected to the wireless access point 320.
  • the local server 350 may be a Windows® based sever running Active Directory for example.
  • the wireless access point 320 is configured in an authentication mode such as a RADIUS authentication mode.
  • the authentication mode is an 802.1x authentication mode to authenticate a computing device 310a, 310b ... 31 On with an upstream compliance server 340 (rather than the usual use of a local server 350).
  • the computing device 310a, 310b ... 31 On may access a local area network, the local server 350 and/or the internet 330.
  • the compliance server 340 is then configured to use the local server 350.
  • an access request is received from a computing device 310a, 310b ...
  • the wireless access point 320 communicates with the compliance server 340 in order to determine if a compliance agent is installed on the computing device 310a, 310b ... 31 On.
  • the access request is then forwarded from the compliance server 340 to the local server 350 to ensure a user of the computing device 310a, 310b ... 31 On is valid. If the user is valid, the access point 320 allows the computing device 310a, 310b ... 31 On to access the local server 350. If the user is invalid, the access point 320 prevents the computing device 310a, 310b ... 31 On from accessing the local server 350.
  • the compliance server 340 is configured to modify the access request to instruct the wireless access point 320 to send the compliance agent to the computing device 310a, 310b ... 31 On.
  • the compliance server 340 is configured to modify the access request to instruct the wireless access point 320 to only allow the computing device 310a, 310b ... 310n access to an isolated Virtual Local Area Network (VLAN).
  • the VLAN may then direct a user of the computing device 3 0a, 310b ... 31 On to the compliance server 340, or a local server which allows the user to download and install the compliance agent.
  • the compliance server 340 or local server 350 may apply the policies to network traffic from the computing device 310a, 310b ... 31 On. This scenario may apply if the compliance agent is not available for Android devices for example.
  • An advantage of the present invention is that costly hardware does not need to be installed.
  • a further advantage is that policies may still be enforced whilst the computing device is being used from any location to access the internet. Additionally, changes to the policies can be made centrally without the need to update firmware or install additional software.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

A computing device, the computing device including a memory coupled to a processor, wherein the memory includes computer readable program code components configured to cause: sending an access request to a network access device; receiving a compliance agent request from the network access device to determine whether a compliance agent is installed on the computing device; sending a response to the compliance agent request to the network access device that a compliance agent is not installed on the computing device; receiving the compliance agent; installing the compliance agent on the computing device; and removing the compliance agent from the computing device when the computing device disconnects from the network access device.

Description

TITLE
SYSTEM AND METHOD FOR MAINTAINING NETWORK COMPLIANCE
FIELD OF THE INVENTION
This invention relates generally to a system and method for maintaining network compliance. In particular the invention ensures that use of a network or a computing device complies with policies set by an owner of the network or the computing device. BACKGROUND OF THE INVENTION
A Wi-Fi hotspot or internet access point allows a user of a computing device to connect to the Internet using a third party network. Hotspots and internet access points may be provided by a variety of organisations including companies, government, local councils, schools and universities, as a service, to allow users to connect to the Internet. However by providing this facility, the user may be free to view inappropriate material or perform other undesirable activities. Furthermore, the organisation's network may be vulnerable to viruses that may be present on the user's computing device.
In order to minimise the introduction of viruses and prevent undesirable activities, Network Access Controls (NAC) are often incorporated into the network. NAC prevent a computing device from accessing the network unless it complies with defined policies. The policies may include measures such as an anti-virus protection level, system update level and a configuration. If the computing device does not comply with the policy, the user is prompted to install the necessary software in order to comply with the policy. Furthermore, NAC can perform web filtering to prevent access to inappropriate material and illegal activities. A disadvantage of NAC is that the installation of additional software takes time and often requires the computing device to be reset. Furthermore, the additional software is left on the computing device, taking up valuable storage space. In order to free up some of the storage space, the user of the computing device must manually uninstall the software. There is therefore a need for an improved system and method for network compliance.
The reference to any prior art in this specification is not, and should not be taken as, an acknowledgement or any form of suggestion that the prior art forms part of the common general knowledge in Australia or elsewhere.
OBJECT OF THE INVENTION
It is an object of the present invention to provide consumers with improvements and advantages over the above described prior art, and/or overcome and alleviate one or more of the above described disadvantages of the prior art, and/or provide a useful commercial choice.
SUMMARY OF THE INVENTION
In one form, although not necessarily the only or broadest form, the invention resides in a system for maintaining network compliance, the system including a computing device, the computing device including: a memory coupled to a processor, wherein the memory includes computer readable program code components configured to cause:
sending an access request to a network access device;
receiving a compliance agent request from the network access device to determine whether a compliance agent is installed on the computing device;
sending a response to the compliance agent request to the network access device that a compliance agent is not installed on the computing device;
receiving the compliance agent;
installing the compliance agent on the computing device; and removing the compliance agent from the computing device when the computing device disconnects from the network access device.
In another form, the invention resides in a system for maintaining network compliance, the system including a network access device, the network access device including:
a memory coupled to a processor, wherein the memory includes computer readable program code components configured to:
receive an access request from a computing device to connect to the network access device;
send a compliance agent request to the computing device to determine whether a compliance agent is installed on the computing device; receive a response to the compliance agent request from the computing device wherein the response to the compliance agent request indicates that a compliance agent is not installed on the computing device; and
send the compliance agent to the computing device for installation on the computing device.
Preferably, the computer readable program code components in the network access device are further configured to:
request the compliance agent from a compliance server;
receive the compliance agent from the compliance server; and send the compliance agent to the computing device.
In yet another form, the invention resides in a system for maintaining network compliance, the system including a compliance server, the compliance server including:
a memory coupled to a processor, wherein the memory includes computer readable program code components configured to:
receive a request for a compliance agent from a network access device; and
send the compliance agent to the network access device.
Preferably, the computer readable program code components in the compliance server are further configured to:
authenticate a user of a computing device connected to the network access device with a local server.
If the user is valid, the network access device permits the computing device to access the local server. If the user is invalid, the network access device prevents the computing device from accessing the local server.
Preferably, the compliance agent is configured to uninstall from the computing device when the computing device disconnects from the network access device.
Preferably, the compliance agent includes one or more policies.
If a compliance agent is unavailable for a type of computing device, the compliance server or local server may apply the policies to network traffic from the computing device.
Preferably, the one or more policies define a content of data transferred to and from the network device.
Preferably, the one or more policies define a time when the network device or the computing device may access the Internet.
Preferably, the one or more policies define social media content. In addition, the one or more policies may define an application and/or service that is allowed or prevented from being executed on the computing device.
Preferably, the one or more policies control applications that may run on the computing device.
Preferably, the one or more policies define a status of software installed on the network and/or computing device.
Preferably, the status of the software installed on the computing device includes a patch and a service pack level of the operating system.
Preferably, the software installed on the computing device is one or more of anti-virus software, anti-spyware software, anti-spam software and other security software, services and products, or any other appropriate software.
BRIEF DESCRIPTION OF THE DRAWINGS
An embodiment of the invention will be described with reference to the accompanying drawings in which:
FIG. 1 is a block diagram illustrating a system for maintaining network compliance according to an embodiment of the present invention;
FIG 2 is a timeline illustrating a method of network compliance according to an embodiment of the present invention; and
FIG 3 is a block diagram illustrating a system for maintaining network compliance according to a second embodiment of the present invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
Elements of the invention are illustrated in concise outline form in the drawings, showing only those specific details that are necessary to understanding the embodiments of the present invention, but so as not to clutter the disclosure with excessive detail that will be obvious to those of ordinary skill in the art in light of the present description.
In this patent specification, adjectives such as first and second, left and right, front and back, top and bottom, etc., are used solely to define one element from another element without necessarily requiring a specific relative position or sequence that is described by the adjectives. Words such as "comprises" or "includes" are not used to define an exclusive set of elements or method steps. Rather, such words merely define a minimum set of elements or method steps included in a particular embodiment of the present invention. It will be appreciated that the invention may be implemented in a variety of ways, and that this description is given by way of example only.
The present invention prevents unauthorised data transfer between a computing device and a network access device, and/or the internet by other means, such as using a cellular modem, by installing a compliance agent on the computing device. The compliance agent includes one or more policies and checks that the data transfer between the computing device and the network conforms to the policies. If the data transferred between the computing device and the network access device does not conform to the policies, the data is blocked by the compliance agent and an indication displayed to a user of the computing device. The indication may be one or more of an audible or a visual indication.
FIG. 1 is a block diagram showing a system 100 for maintaining network compliance, according to some embodiments of the present invention. The system 100 is typical of a home or office network and includes a number of computing devices 110a, 110b ... 1 0n connected to a Network Access Device such as a router 120. It should be appreciated that the Network Access Device may also include other network devices such as an access point and may be a wireless or a wired connection. The router 120 is connected to the Internet 130 and the computing devices 1 0a, 110b ... 110n can connect to the Internet 130 via the router 120 as is known in the art. Furthermore, the computing devices 0 may connect to other devices on the network. In one embodiment, the router 120 includes a modem in order to connect to the Internet. However a person skilled in the art will appreciate that the system 100 may be any suitable configuration to allow computing devices 110 to access the Internet 130. For example the system 100 may include a separate router 120 and modem or a cellular modem. In another embodiment, the system 00 may further include an access point installed between the computing devices 110 and the router 120.
As is known in the art, each of the computing devices 110, router 120 and compliance server 140 include a memory coupled to a processor. The memory includes computer readable program code components configured to cause a method of the present invention.
The computing devices 110 may be one or more of a laptop, a tablet computer, a mobile computing device such as a smartphone, a desktop or any other applicable computing device. Each computing device 110 may connect to the router 120 with a wired or a wireless connection in order to access the Internet 130 and a network. Furthermore, the computing device 110 may connect directly to the Internet 130 using a mobile connection as is known in the art.
In one embodiment, the router 120 is configured to install the compliance agent on a computing device 110, when the computing device 10 connects to the router 120. The router 120 may be configured at the time of manufacture, or the router 120 may be configured using software installed on a DVD or a USB flash drive or downloaded from the Internet 130. Alternatively, the router 120 may be configured via a compliance server 1 0 connected to the Internet 130.
In the embodiment where an access point is installed between the computing device 110 and the router 120, the access point may be configured with a compliance agent that is downloaded from the access point to a computing device 110. Furthermore, it should be appreciated that the compliance agent may be installed and downloaded from any suitable network device or the Internet 130 for installing on the computing device 110.
In order to access the router 120, the computing device 10 must have a compliance agent installed. Once the compliance agent is installed on the computing device 110, the computing device 110 may access a network or the Internet via the router 120.
FIG 2 is a timeline illustrating a method of network compliance according to an embodiment of the present invention. Referring to FIG 2, at step 205, the router 120 receives an access request from the computing device 110 to connect to the router 120.
At step 210, the router 120 sends a compliance agent request to the computing device 110 to determine whether the compliance agent is installed on the computing device 110.
At step 215, the router 120 receives a response from the computing device 110 to the compliance agent request that the compliance agent is not installed on the computing device 110.
At step 220, the router 120 sends the compliance agent to the computing device 120, and the computing device 110 installs the compliance agent.
In an alternative embodiment, the compliance agent may not be stored in the router 120 and is downloaded directly to the computing device 1 0 from the compliance server 140 via the router 120. In this embodiment, at step 215A, the router 120 sends a request to the compliance server 140 to send the compliance agent and at step 215B, the router receives the compliance agent from compliance server 140. The inventors envisage that the compliance agent is not a large file, being about 20MB in size thus will not take long to download and install. When the computing device 110 disconnects from the router 120, the compliance agent is deleted from the computing device 110.
Once the compliance agent has been installed on the network device or the computing device 110, the compliance agent checks that data transferred between the computing device 110 and the network access device 120 conforms to the policies. If the data does not conform to the policies, the compliance agent blocks the data and a notification may be displayed to the user of the computing device 110. Furthermore, the compliance agent may periodically check that the compliance agent is the latest version. If required an updated compliance agent may be installed on the network device and/or the computing device.
The policies may define, but is not limited to, access to social media, web filtering, application control and time of day management. In addition, the compliance agent may check that the computing device 110 has applications installed, enabled and up to date such as anti-virus and spyware applications
In particular, the policies may define a type of content of the data transferred between the computing device 110 and the router 120. For example, a type of content that may be blocked includes, but is not limited to, bad language, nudity, pornography, betting websites, gambling, illegal drugs, weapons, proxy avoidance, realestate and social media such as YouTube®, Twitter® and Facebook®. The policies used by the compliance agent may be configured by a network owner using a web browser connected to the Internet to connect to the compliance server 140. In addition, the one or more policies may define an application and/or a service that is allowed or prevented from being executed on the computing device.
The data may be verified at the computing device by the compliance agent. Alternatively, the data may be verified by the compliance agent installed on the compliance server 140, through a proxy.
In one embodiment, if defined by the policy, the compliance agent may also check a status of whether anti-virus, anti-spyware and/or anti- malware software has been installed on the computing device 110 as well as a system update level and a configuration. The system update level may include a type of operating system, and a version, service pack level and a patch level of the operating system, as well as any other software.
In a preferred embodiment, when the computing device 110 disconnects from the router 120 or the intemet, the compliance agent is removed from the computing device without leaving any trace on the computing device 110 including a registry or other configuration files and databases of a computing device 110.
FIG 3 shows a block diagram illustrating a system 300 for maintaining network compliance according to a second embodiment of the present invention. Similar to the system 100 of FIG 1 , the system 300 includes a number of computing devices 310a, 310b ... 310n connected to a Network Access Device such as a wired switch or a wireless access point 320. However, in this embodiment the system 300 also includes a local server 350 connected to the wireless access point 320. The local server 350 may be a Windows® based sever running Active Directory for example.
In this embodiment, the wireless access point 320 is configured in an authentication mode such as a RADIUS authentication mode. In one embodiment the authentication mode is an 802.1x authentication mode to authenticate a computing device 310a, 310b ... 31 On with an upstream compliance server 340 (rather than the usual use of a local server 350). Once authenticated, the computing device 310a, 310b ... 31 On may access a local area network, the local server 350 and/or the internet 330. The compliance server 340 is then configured to use the local server 350. When an access request is received from a computing device 310a, 310b ... 31 On by the wireless access point 320, the wireless access point 320 communicates with the compliance server 340 in order to determine if a compliance agent is installed on the computing device 310a, 310b ... 31 On. The access request is then forwarded from the compliance server 340 to the local server 350 to ensure a user of the computing device 310a, 310b ... 31 On is valid. If the user is valid, the access point 320 allows the computing device 310a, 310b ... 31 On to access the local server 350. If the user is invalid, the access point 320 prevents the computing device 310a, 310b ... 31 On from accessing the local server 350.
If the compliance agent is not installed on the computing device 3 0a, 310b ... 31 On, the compliance server 340 is configured to modify the access request to instruct the wireless access point 320 to send the compliance agent to the computing device 310a, 310b ... 31 On. Alternatively, if the compliance agent is not installed on the computing device 310a, 310b ... 31 On, the compliance server 340 is configured to modify the access request to instruct the wireless access point 320 to only allow the computing device 310a, 310b ... 310n access to an isolated Virtual Local Area Network (VLAN). The VLAN may then direct a user of the computing device 3 0a, 310b ... 31 On to the compliance server 340, or a local server which allows the user to download and install the compliance agent. Alternatively, if a compliance agent is unavailable for a particular type of computing device 310a, 310b ... 31 On, or the compliance agent cannot be installed, the compliance server 340 or local server 350 may apply the policies to network traffic from the computing device 310a, 310b ... 31 On. This scenario may apply if the compliance agent is not available for Android devices for example.
An advantage of the present invention is that costly hardware does not need to be installed. A further advantage is that policies may still be enforced whilst the computing device is being used from any location to access the internet. Additionally, changes to the policies can be made centrally without the need to update firmware or install additional software.
The above description of various embodiments of the present invention is provided for purposes of description to one of ordinary skill in the related art. It is not intended to be exhaustive or to limit the invention to a single disclosed embodiment. As mentioned above, numerous alternatives and variations to the present invention will be apparent to those skilled in the art of the above teaching. Accordingly, while some alternative embodiments have been discussed specifically, other embodiments will be apparent or relatively easily developed by those of ordinary skill in the art. Accordingly, this patent specification is intended to embrace all alternatives, modifications and variations of the present invention that have been discussed herein, and other embodiments that fall within the spirit and scope of the above described invention.

Claims

1. A system for maintaining network compliance, the system including a computing device, the computing device including:
a memory coupled to a processor, wherein the memory includes computer readable program code components configured to cause:
sending an access request to a network access device;
receiving a compliance agent request from the network access device to determine whether a compliance agent is installed on the computing device;
sending a response to the compliance agent request to the network access device that a compliance agent is not installed on the computing device;
receiving the compliance agent;
installing the compliance agent on the computing device; and removing the compliance agent from the computing device when the computing device disconnects from the network access device.
2. The system of claim wherein 1 the compliance agent includes one or more policies.
3. The system of claim 2 wherein the one or more policies define a content of data transferred to and from the network device. 4. The system of claim 2 wherein the one or more policies define a time when the network device may access the Internet.
5. The system of claim 2 wherein the one or more policies define a time when the computing device may access the Internet.
6. The system of claim 2 wherein the one or more policies define social media content.
7. The system of claim 2 wherein the one or more policies control applications that may run on the computing device.
8. The system of claim 2 wherein the one or more policies define a status of software installed on a network
9. The system of claim 2 wherein the one or more policies define a status of software on the computing device. 10. The system of claim 9 wherein the status of the software installed on the computing device includes a patch and a service pack level of the operating system.
11. The system of claim 9 wherein the software installed on the computing device is anti-virus software. 2. The system of claim 9 wherein the software installed on the computing device is anti-spyware software. 13. The system of claim 9 wherein the software installed on the computing device is anti-spam software, or any other appropriate software.
14. A system for maintaining network compliance, the system including a network access device, the network access device including:
a memory coupled to a processor, wherein the memory includes computer readable program code components configured to:
receive an access request from a computing device to connect to the network access device;
send a compliance agent request to the computing device to determine whether a compliance agent is Installed on the computing device; receive a response to the compliance agent request from the computing device wherein the response to the compliance agent request indicates that a compliance agent is not installed on the computing device; and
send the compliance agent to the computing device for installation on the computing device.
15. The system of claim 14 wherein the compliance agent is configured to uninstall from the computing device when the computing device disconnects from the network access device. 16. The system of claim 14 wherein the computer readable program code components in the network access device are further configured to:
request the compliance agent from a compliance server;
- receive the compliance agent from the compliance server; and
send the compliance agent to the computing device.
17. A system for maintaining network compliance, the system including a compliance server, the compliance server including:
a memory coupled to a processor, wherein the memory includes computer readable program code components configured to:
receive a request for a compliance agent from a network access device; and
send the compliance agent to the network access device.
18. The system of claim 17 wherein the compliance agent is configured to uninstall from a computing device when the computing device disconnects from the network access device.
19. The system of claim 17 wherein, the computer readable program code components in the compliance server are further configured to:
authenticate a user of a computing device connected to the network access device with a local server.
20. The system of claim 19 wherein if the user is valid, the network access device permits the computing device to access the local server, and wherein if the user is invalid, the network access device prevents the computing device from accessing the local server.
PCT/AU2012/001303 2011-10-25 2012-10-25 System and method for maintaining network compliance Ceased WO2013059870A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2011904414 2011-10-25
AU2011904414A AU2011904414A0 (en) 2011-10-25 System and method for maintaining network compliance

Publications (1)

Publication Number Publication Date
WO2013059870A1 true WO2013059870A1 (en) 2013-05-02

Family

ID=48166943

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2012/001303 Ceased WO2013059870A1 (en) 2011-10-25 2012-10-25 System and method for maintaining network compliance

Country Status (1)

Country Link
WO (1) WO2013059870A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3646220A4 (en) * 2017-06-29 2021-01-27 Hewlett-Packard Development Company, L.P. COMPUTER DEVICE MONITORING VIA AGENT APPLICATIONS

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100063855A1 (en) * 2008-09-10 2010-03-11 Microsoft Corporation Flexible system health and remediation agent

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100063855A1 (en) * 2008-09-10 2010-03-11 Microsoft Corporation Flexible system health and remediation agent

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3646220A4 (en) * 2017-06-29 2021-01-27 Hewlett-Packard Development Company, L.P. COMPUTER DEVICE MONITORING VIA AGENT APPLICATIONS
US11074056B2 (en) 2017-06-29 2021-07-27 Hewlett-Packard Development Company, L.P. Computing device monitorings via agent applications

Similar Documents

Publication Publication Date Title
US11824859B2 (en) Certificate based profile confirmation
US11489878B2 (en) Mobile device security, device management, and policy enforcement in a cloud-based system
US11283803B2 (en) Incremental compliance remediation
US9609460B2 (en) Cloud based mobile device security and policy enforcement
US8898459B2 (en) Policy configuration for mobile device applications
US7805752B2 (en) Dynamic endpoint compliance policy configuration
EP3404948B1 (en) Centralized selective application approval for mobile devices
US10229283B2 (en) Managing applications in non-cooperative environments
US10073966B2 (en) Operating system-independent integrity verification
US8566571B2 (en) Pre-boot securing of operating system (OS) for endpoint evaluation
CN104462961B (en) Mobile terminal and its privacy authority optimization method
US9065800B2 (en) Dynamic user identification and policy enforcement in cloud-based secure web gateways
US20170230397A1 (en) System and method for assessing data objects on mobile communications devices
US20130086682A1 (en) System and method for preventing malware on a mobile communication device
EP2609538A1 (en) System and method for server-coupled malware prevention
CN103713904A (en) Method, related device and system for installing applications in working area of mobile terminal
Husted et al. Smartphone security limitations: conflicting traditions
US8881291B2 (en) System and method for inhibiting the processing of new code modules by an outdated runtime environment
WO2013059870A1 (en) System and method for maintaining network compliance
CA2498317C (en) Method and system for automatically configuring access control
WO2025173154A1 (en) System and authentication method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12843113

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12843113

Country of ref document: EP

Kind code of ref document: A1