US Patent Application No: 2004/0107,360
Number of patents in Portfolio can not be more than 2000
System and Methodology for Policy Enforcement
Stats
-
Jun 3, 2004
Publication date -
Mar 13, 2003
filing date -
10/249,073
serial no -
ABAN
status
Importance
Loading Importance Indicators...
Overall
|
US Family Size
|
International Coverage
|
Abstract
A system and methodology for policy enforcement during authentication of a client device for access to a network is described. A first authentication module establishes a session with a client device requesting network access for collecting information from the client device and determining whether to authenticate the client device for access to the network based, at least in part, upon the collected information. A second authentication module participates in the session with the client device for supplemental authentication of the client device for access to the network. The supplemental authentication of the client device is based, at least in part, upon the collected information and a policy required as a condition for network access.
Loading the Abstract Image...
First Claim
Related Publications
Loading Related Publications...
- 15 United States
- 10 France
- 8 Japan
- 7 China
- 5 Korea
- 2 Other
Patent Owner(s)
| Patent Owner | Address | Total Patents |
|---|---|---|
| CHECK POINT SOFTWARE TECHNOLOGIES, INC. | REDWOOD CITY, CA | 27 |
International Classification(s)
- [Classification Symbol]
- [Patents Count]
Inventor(s)
| Inventor Name | Address | # of filed Patents | Total Citations |
|---|---|---|---|
| Herrmann, Conrad K | Oakland, CA | 8 | 611 |
| Murari, Sinduja | Fremont, CA | 1 | 168 |
Patent Citation Ranking
Forward Cites
| Patent Info | (Count) | # Cites | Year |
|---|---|---|---|
|
|
|||
| 7,594,018 Methods and apparatus for providing access to persistent application sessions | 20 | 2003 | |
| 7,542,471 Method of determining path maximum transmission unit | 15 | 2003 | |
| 7,890,996 Using statistical analysis to generate exception rules that allow legitimate messages to pass through application proxies and gateways | 2 | 2004 | |
| 7,774,834 Rule generalization for web application entry point modeling | 0 | 2004 | |
| 7,900,240 Multilayer access control security system | 2 | 2004 | |
| 8,238,241 Automatic detection and window virtualization for flow control | 0 | 2004 | |
| 8,233,392 Transaction boundary detection for reduction in timeout penalties | 0 | 2004 | |
| 7,656,799 Flow control system architecture | 30 | 2004 | |
| 7,630,305 TCP selective acknowledgements for communicating delivered and missed data packets | 11 | 2004 | |
| 7,616,638 Wavefront detection and disambiguation of acknowledgments | 6 | 2004 | |
| 8,069,226 System and method for data synchronization over a network using a presentation level protocol | 0 | 2004 | |
| 7,748,032 Method and apparatus for associating tickets in a ticket hierarchy | 0 | 2004 | |
| 7,711,835 Method and apparatus for reducing disclosure of proprietary data in a networked environment | 7 | 2004 | |
| 7,870,294 Method and apparatus for providing policy-based document control | 2 | 2004 | |
| 7,865,603 Method and apparatus for assigning access control levels in providing access to networked content files | 3 | 2004 | |
| 8,042,165 Method and system for requesting and granting membership in a server farm | 0 | 2005 | |
| 7,757,074 System and method for establishing a virtual private network | 9 | 2005 | |
| 8,090,874 Systems and methods for maintaining a client's network connection thru a change in network identifier | 1 | 2005 | |
| 8,363,650 Method and systems for routing packets from a gateway to an endpoint | 0 | 2005 | |
| 8,291,119 Method and systems for securing remote access to private networks | 0 | 2005 | |
| 8,046,830 Systems and methods for network disruption shielding techniques | 0 | 2005 | |
| 7,978,714 Methods and systems for securing access to private networks using encryption and authentication technology built in to peripheral devices | 1 | 2005 | |
| 7,808,906 Systems and methods for communicating a lossy protocol via a lossless protocol using false acknowledgements | 3 | 2005 | |
| 7,724,657 Systems and methods for communicating a lossy protocol via a lossless protocol | 2 | 2005 | |
| 7,609,721 Systems and methods for adjusting the maximum transmission unit for encrypted communications | 19 | 2005 | |
| 7,606,902 Method and systems for routing packets from an endpoint to a gateway | 20 | 2005 | |
| 7,657,657 Method for maintaining transaction integrity across multiple remote access servers | 12 | 2005 | |
| 8,024,568 Method and system for verification of an endpoint security scan | 0 | 2005 | |
| 8,301,839 System and method for performing granular invalidation of cached dynamically generated objects in a data communication network | 0 | 2005 | |
| 8,255,456 System and method for performing flash caching of dynamically generated objects in a data communication network | 0 | 2005 | |
| 7,921,184 System and method for performing flash crowd caching of dynamically generated objects in a data communication network | 2 | 2005 | |
| 7,849,269 System and method for performing entity tag and cache control of a dynamically generated object not identified as cacheable in a network | 0 | 2005 | |
| 8,065,423 Method and system for assigning access control levels in providing access to networked content files | 4 | 2006 | |
| 8,004,973 Virtual inline configuration for a network device | 0 | 2006 | |
| 7,843,912 Systems and methods of fine grained interception of network communications on a virtual private network | 2 | 2006 | |
| 7,685,298 Systems and methods for providing authentication credentials across application environments | 3 | 2006 | |
| 8,437,284 Systems and methods for additional retransmissions of dropped packets | 0 | 2007 | |
| 8,432,800 Systems and methods for stochastic-based quality of service | 0 | 2007 | |
| 8,270,423 Systems and methods of using packet boundaries for reduction in timeout prevention | 0 | 2007 | |
| 7,870,277 Systems and methods for using object oriented expressions to configure application security policies | 3 | 2007 | |
| 7,865,589 Systems and methods for providing structured policy expressions to represent unstructured data in a network appliance | 3 | 2007 | |
| 7,853,678 Systems and methods for configuring flow control of policy expressions | 4 | 2007 | |
| 7,853,679 Systems and methods for configuring handling of undefined policy events | 3 | 2007 | |
| 8,286,082 Methods and systems for providing, by a remote machine, access to a desk band associated with a resource executing on a local machine | 0 | 2008 | |
| 7,890,570 Methods and systems for providing, by a remote machine, access to graphical data associated with a resource provided by a local machine | 2 | 2008 | |
| 8,149,431 Systems and methods for managing printer settings in a networked computing environment | 4 | 2008 | |
| 7,969,876 Method of determining path maximum transmission unit | 0 | 2009 | |
| 8,019,868 Method and systems for routing packets from an endpoint to a gateway | 4 | 2009 | |
| 8,014,421 Systems and methods for adjusting the maximum transmission unit by an intermediary device | 0 | 2009 | |
| 8,078,689 Methods and apparatus for providing access to persistent application sessions | 0 | 2009 | |
| 8,259,729 Wavefront detection and disambiguation of acknowledgements | 0 | 2009 | |
| 8,341,287 Systems and methods for configuring policy bank invocations | 0 | 2009 | |
| 8,411,560 TCP selection acknowledgements for communicating delivered and missing data packets | 0 | 2009 | |
| 8,310,928 Flow control system architecture | 0 | 2009 | |
| 8,261,340 Using statistical analysis to generate exception rules that allow legitimate messages to pass through application proxies and gateways | 0 | 2010 | |
| 8,190,676 System and method for event detection and re-direction over a network using a presentation level protocol | 0 | 2010 | |
| 8,286,230 Method and apparatus for associating tickets in a ticket hierarchy | 0 | 2010 | |
| 8,462,630 Early generation of acknowledgements for flow control | 0 | 2010 | |
| 8,261,057 System and method for establishing a virtual private network | 0 | 2010 | |
| 7,849,270 System and method for performing entity tag and cache control of a dynamically generated object not identified as cacheable in a network | 0 | 2010 | |
| 8,351,333 Systems and methods for communicating a lossy protocol via a lossless protocol using false acknowledgements | 0 | 2010 | |
| 8,296,352 Methods and systems for providing, by a remote machine, access to graphical data associated with a resource provided by a local machine | 0 | 2011 | |
| 8,312,261 Method and system for verification of an endpoint security scan | 0 | 2011 | |
| 8,341,208 Methods and systems for providing, by a remote machine, access to functionality associated with a resource executing on a local machine | 0 | 2011 | |
| 8,352,606 Method and system for assigning access control levels in providing access to networked content files | 0 | 2011 | |
|
|
|||
| 7,472,342 System and method for portal page layout | 12 | 2002 | |
| 7,451,477 System and method for rule-based entitlements | 6 | 2002 | |
| 7,653,930 Method for role and resource policy management optimization | 3 | 2003 | |
| 7,591,000 System and method for hierarchical role-based entitlements | 4 | 2003 | |
| 7,681,229 Proxy authentication | 1 | 2004 | |
| 7,644,432 Policy inheritance through nested groups | 23 | 2004 | |
| 7,603,547 Security control module | 10 | 2004 | |
| 7,603,548 Security provider development model | 10 | 2004 | |
| 7,594,112 Delegated administration for a distributed security system | 9 | 2004 | |
| 7,594,224 Distributed enterprise security system | 15 | 2004 | |
| 7,580,953 System and method for schema lifecycles in a virtual content repository that integrates a plurality of content repositories | 0 | 2005 | |
| 7,748,027 System and method for dynamic data redaction | 5 | 2005 | |
| 7,783,670 Client server conversion for representing hierarchical data structures | 0 | 2006 | |
| 8,086,615 Security data redaction | 2 | 2006 | |
| 7,953,734 System and method for providing SPI extensions for content management system | 0 | 2006 | |
| 7,917,537 System and method for providing link property types for content management | 0 | 2006 | |
| 7,818,344 System and method for providing nested types for content management | 1 | 2006 | |
| 7,752,205 Method and system for interacting with a virtual content repository | 4 | 2006 | |
| 7,483,893 System and method for lightweight loading for managing content | 0 | 2006 | |
| 8,463,852 Groupware portlets for integrating a portal with groupware systems | 0 | 2006 | |
| 7,992,189 System and method for hierarchical role-based entitlements | 0 | 2009 | |
|
|
|||
| 8,355,337 Network based service profile management with user preference, adaptive policy, network neutrality, and user privacy | 0 | 2009 | |
| 8,331,901 Device assisted ambient services | 0 | 2009 | |
| 8,326,958 Service activation tracking system | 0 | 2009 | |
| 8,321,526 Verifiable device assisted service usage billing with integrated accounting, mediation accounting, and multi-account | 2009 | ||
| 8,270,310 Verifiable device assisted service policy implementation | 0 | 2009 | |
| 8,270,952 Open development system for access service providers | 0 | 2009 | |
| 8,250,207 Network based ambient services | 0 | 2009 | |
| 8,406,748 Adaptive ambient services | 0 | 2010 | |
| 8,402,111 Device assisted services install | 0 | 2010 | |
| 8,391,834 Security techniques for device assisted services | 0 | 2010 | |
| 8,346,225 Quality of service for device assisted services | 0 | 2010 | |
| 8,275,830 Device assisted CDR creation, aggregation, mediation and billing | 8 | 2010 | |
| 8,340,634 Enhanced roaming services and converged carrier networks with device assisted services and a proxy | 0 | 2010 | |
| 8,351,898 Verifiable device assisted service usage billing with integrated accounting, mediation accounting, and multi-account | 0 | 2011 | |
| 8,437,271 Verifiable and accurate service usage monitoring for intermediate networking devices | 0 | 2012 | |
| 8,396,458 Automated device provisioning and activation | 0 | 2012 | |
| 8,385,916 Automated device provisioning and activation | 0 | 2012 | |
| 8,406,733 Automated device provisioning and activation | 0 | 2012 | |
| 8,441,989 Open transaction central billing system | 0 | 2012 | |
|
|
|||
| 7,673,326 System and method utilizing clean groups for security management | 1 | 2004 | |
| 7,549,048 Efficient and secure authentication of computing systems | 10 | 2004 | |
| 7,533,407 System and methods for providing network quarantine | 7 | 2004 | |
| 7,912,973 Message exchange protocol extension negotiation | 0 | 2004 | |
| 8,286,223 Extensible access control architecture | 0 | 2005 | |
| 7,526,677 Fragility handling | 3 | 2005 | |
| 7,827,545 Dynamic remediation of a client computer seeking access to a network with a quarantine enforcement policy | 5 | 2005 | |
| 7,685,633 Providing consistent application aware firewall traversal | 0 | 2006 | |
| 7,793,096 Network access protection | 1 | 2006 | |
| 7,958,368 Password-authenticated groups | 0 | 2006 | |
| 8,307,411 Generic framework for EAP | 0 | 2007 | |
| 8,185,740 Consumer computer health validation | 0 | 2007 | |
|
|
|||
| 7,512,970 Host credentials authorization protocol | 2 | 2004 | |
| 7,194,763 Method and apparatus for determining authentication capabilities | 21 | 2004 | |
| 7,720,031 Methods and devices to support mobility of a client across VLANs and subnets, while preserving the client's assigned IP address | 1 | 2004 | |
| 8,065,712 Methods and devices for qualifying a client machine to access a network | 5 | 2005 | |
| 8,312,530 System and method for providing security in a network environment using accounting information | 0 | 2006 | |
| 8,041,825 System and method for a policy enforcement point interface | 4 | 2006 | |
| 8,005,049 Methods and devices to support mobility of a client across VLANs and subnets, while preserving the client's assigned IP address | 2 | 2010 | |
|
|
|||
| 7,712,128 Wireless access system, method, signal, and computer program product | 1 | 2002 | |
| 8,200,773 Client-side network access policies and management applications | 5 | 2002 | |
| 7,395,341 System, method, apparatus and computer program product for facilitating digital communications | 4 | 2004 | |
| 7,725,589 System, method, apparatus, and computer program product for facilitating digital communications | 2 | 2008 | |
|
|
|||
| 7,774,824 Multifactor device authentication | 5 | 2004 | |
| 8,099,495 Method, apparatus and system for platform identity binding in a network node | 0 | 2005 | |
| 8,205,238 Platform posture and policy information exchange method and apparatus | 0 | 2006 | |
|
|
|||
| 8,001,610 Network defense system utilizing endpoint health indicators and user identity | 4 | 2005 | |
| 7,886,335 Reconciliation of multiple sets of network access control policies | 0 | 2007 | |
| 8,185,933 Local caching of endpoint security information | 0 | 2011 | |
|
|
|||
| 8,407,345 Enforcing application and access control policies in an information management system with two or more interactive enforcement points | 0 | 2007 | |
| 7,877,781 Enforcing universal access control in an information management system | 8 | 2007 | |
| 8,464,314 Enforcing universal access control in an information management system | 0 | 2011 | |
|
|
|||
| 8,341,702 Methods for authenticating and authorizing a mobile device using tunneled extensible authentication protocol | 0 | 2007 | |
| 8,321,670 Securing dynamic authorization messages | 2008 | ||
|
|
|||
| 7,496,097 System, apparatus and method for establishing a secured communications link to form a virtual private network at a network protocol layer other than at which packets are filtered | 15 | 2004 | |
| 7,978,716 Systems and methods for providing a VPN solution | 0 | 2008 | |
|
|
|||
| 7,591,001 System, apparatuses, methods and computer-readable media for determining the security status of a computer before establishing a network connection | 3 | 2005 | |
| 7,549,159 System, apparatuses, methods and computer-readable media for determining the security status of a computer before establishing connection thereto | 2 | 2005 | |
|
|
|||
| 7,823,194 System and methods for identification and tracking of user and/or source initiating communication in a computer network | 1 | 2003 | |
| 7,660,980 Establishing secure TCP/IP communications using embedded IDs | 0 | 2007 | |
|
|
|||
| 8,213,907 System and method for secured mobile communication | 1 | 2010 | |
| 8,438,394 Device-bound certificate authentication | 0 | 2011 | |
|
|
|||
| 7,885,636 Data pre-paid in simple IP data roaming | 1 | 2006 | |
| 8,290,472 Data pre-paid in simple IP roaming | 0 | 2010 | |
|
|
|||
| 8,332,925 System and method for distributed multi-processing security gateway | 0 | 2006 | |
|
|
|||
| 7,590,847 Mobile authentication for network access | 1 | 2005 | |
|
|
|||
| 8,407,462 Method, system and server for implementing security access control by enforcing security policies | 0 | 2011 | |
|
|
|||
| 8,161,523 Method and apparatus for network access control (NAC) in roaming services | 0 | 2009 | |
|
|
|||
| 8,364,827 Communication system | 0 | 2009 | |
|
|
|||
| 7,441,698 Method for increasing security of plaintext authentication in wireless local area network | 0 | 2006 | |
|
|
|||
| 8,359,464 Quarantine method and system | 0 | 2005 | |
|
|
|||
| 7,424,745 Anti-virus fix for intermittently connected client computers | 3 | 2005 | |
|
|
|||
| 7,673,146 Methods and systems of remote authentication for computer networks | 1 | 2004 | |
|
|
|||
| 8,452,960 System and method for content delivery | 0 | 2010 | |
|
|
|||
| 7,698,453 Early generation of acknowledgements for flow control | 7 | 2004 | |
|
|
|||
| 7,950,044 Centrally managed proxy-based security for legacy automation systems | 0 | 2004 | |
|
|
|||
| 7,743,405 Method of authentication via a secure wireless communication system | 0 | 2004 | |
|
|
|||
| 8,346,923 Methods for identifying an application and controlling its network utilization | 0 | 2008 | |
|
|
|||
| 7,496,956 Forward application compatible firewall | 5 | 2005 | |
|
|
|||
| 7,730,481 Method, apparatus and system of anti-virus software implementation | 0 | 2004 | |
|
|
|||
| 8,453,196 Policy management in an interoperability network | 0 | 2004 | |
|
|
|||
| 8,463,730 Rapid evaluation of numerically large complex rules governing network and application transactions | 0 | 2009 | |
|
|
|||
| 8,467,312 Verifiable and accurate service usage monitoring for intermediate networking devices | 0 | 2012 | |
Maintenance Fees
| Fee | Large entity fee | small entity fee | micro entity fee | due date |
|---|---|---|---|---|
| 11.5 Year Payment | $7400.00 | $3700.00 | $1850.00 | Dec 3, 2015 |
| Fee | Large entity fee | small entity fee | micro entity fee |
|---|---|---|---|
| Surcharge - 11.5 year - Late payment within 6 months | $160.00 | $80.00 | $40.00 |
| Surcharge after expiration - Late payment is unavoidable | $700.00 | $350.00 | $175.00 |
| Surcharge after expiration - Late payment is unintentional | $1,640.00 | $820.00 | $410.00 |