Abstract: Software for managing access control functions in a network. The software includes a host that receives access control commands or information and calls one or more methods. The methods perform access control functions and communicate access control results or messages to be transmitted. The host may be installed in a network peer seeking access to the network or in a server controlling access to the network. When installed in a peer, the host receives commands and exchanges information with a supplicant. When installed in an access control server, the host receives commands and exchanges information with an authenticator. The host has a flexible architecture that enables multiple features, such as allowing the same methods to be used for authentication by multiple supplicants, providing ready integration of third party access control software, simplifying network maintenance by facilitating upgrades of authenticator software and enabling access control functions other than peer authentication.

Abstract: Disclosed is a mechanism for securely provisioning a client by authenticating that client during a dynamic configuration process. Rather than relying on post-configuration authentication schemes, the present invention combines security and dynamic configuration into a unified scheme. Any client device attempting to access a network may request configuration information from a configuration server associated with that network, but the server does not comply with the request until the client has successfully authenticated itself as a device authorized to receive configuration information for the network. The configuration server may provide the client with temporary configuration information that allows the client to proceed with the authentication process but that denies the client full access to the network.

Abstract: A system and method for ensuring that machines having invalid or corrupt states are restricted from accessing network resources are provided. A quarantine coordination client (QCC) located on a client machine acquires statements of health from a plurality of quarantine policy clients. The QCC packages the statements and provides the package to a quarantine enforcement client (QEC). The QEC sends the package to a quarantine enforcement server (QES) with a request for network access. The QES passes the package to a quarantine coordination server (QCS) that disassembles the package and passes the individual statements of health to corresponding quarantine policy servers (QPS). The QPSs validate the statements of health and inform the QCS of the result. If the client provided valid statements of health, the QES grants the client access to the network.

Abstract: A method and system for transparently combining remote and local storage to provide an extended file system such as a virtual local drive for a computer system client/user, e.g., a user of a pocket sized personal computer or a cable set-top box. A client device may load file system object data, storing the directories and files remotely, and retrieving the files only when required. Via its local storage, the extended file system handles unreliable connections and delays. When a connection to an extended file system server is present, the extended file system provides automatic downloading of information that is not locally cached, and automatically uploading of information that has been modified on the client. Extended file system attributes are employed to determine the actual location of file system data, and a lightweight protocol is defined to download or upload remote data by low-level components that make the remote source transparent from the perspective of the application.