Security scanning system and method

US 10,044,743 B2
Filed: 11/10/2015
Issued: 08/07/2018
Est. Priority Date: 03/21/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A non-transitory computer-readable storage medium including processor executable instructions that, when executed by a processor, cause the processor to perform operations comprising:

scanning, with a website scanning program, a control panel application for enabling a user to access a set-top-box remotely to navigate and select content, wherein the website scanning program is configured to access the set-top-box via a broadband connection to a modem locally coupled to the set-top-box, wherein scanning the control panel application includes;

receiving a uniform resource locator (URL) associated with a web server level of the control panel application, wherein the URL is indicative of a particular website; and

automatically navigating the particular website as a simulated user to discover links and record responses;

scanning, with an operating system level scanning program, the control panel application and an operating system in which the control panel application is executing;

scanning, with the website scanning program, a second application, wherein the second application provides Internet content to the set-top-box;

scanning, by the operating system level scanning program, the second application;

scanning, with a third scanning program, a component management application for managing and auto-configuring the set-top-box with a third scanning program; and

correlating security vulnerabilities identified by the website scanning program, the operating system level scanning program, and the third scanning program.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure provides a computer-readable medium, method and system for determining security vulnerabilities for a plurality of application programs used to provide television services to a customer device over a communications network. The method includes running a first scanning program against a first application program relating to a control panel for the customer device; running a second scanning program against a second application program that provides Internet content to the customer device; running a third scanning program against a third application program that relates to a component management system of customer premises equipment; and correlating security vulnerabilities identified utilizing the first, second, and third scanning programs.

26 Citations

20 Claims

1. A non-transitory computer-readable storage medium including processor executable instructions that, when executed by a processor, cause the processor to perform operations comprising:
- scanning, with a website scanning program, a control panel application for enabling a user to access a set-top-box remotely to navigate and select content, wherein the website scanning program is configured to access the set-top-box via a broadband connection to a modem locally coupled to the set-top-box, wherein scanning the control panel application includes;
  
  receiving a uniform resource locator (URL) associated with a web server level of the control panel application, wherein the URL is indicative of a particular website; and
  
  automatically navigating the particular website as a simulated user to discover links and record responses;
  
  scanning, with an operating system level scanning program, the control panel application and an operating system in which the control panel application is executing;
  
  scanning, with the website scanning program, a second application, wherein the second application provides Internet content to the set-top-box;
  
  scanning, by the operating system level scanning program, the second application;
  
  scanning, with a third scanning program, a component management application for managing and auto-configuring the set-top-box with a third scanning program; and
  
  correlating security vulnerabilities identified by the website scanning program, the operating system level scanning program, and the third scanning program.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-readable storage medium of claim 1, wherein scanning the second application with the website scanning program comprises testing a web server level of the second application.
  - 3. The computer-readable storage medium of claim 2, wherein testing the web server level of the second application includes:
    - receiving a uniform resource locator (URL) associated with the web server level of the second application, wherein the URL is indicative of a particular website; and
      
      automatically navigating the particular website as a simulated user to discover links and record responses.
  - 4. The computer-readable storage medium of claim 1, wherein the broadband connection includes a cable connection.
  - 5. The computer-readable storage medium of claim 1, wherein the broadband connection includes a satellite connection.
  - 6. The computer-readable storage medium of claim 1, wherein the operations include:
    - assigning risk levels to security vulnerabilities identified by the website scanning program and the operating system level scanning program; and
      
      providing a report indicative of the risk levels.
  - 7. The computer-readable storage medium of claim 1, wherein the website scanning program accesses the set-top-box using a pass through connection to the modem.

8. A method of determining security vulnerabilities associated with providing television services to a set-top-box over a communications network, the method comprising:
- scanning, with a website scanning program, a control panel application for enabling a user to access a set-top-box remotely to navigate and select content, wherein the website scanning program is configured to access the set-top-box via a broadband connection to a modem locally coupled to the set-top-box, wherein scanning the control panel application includes;
  
  receiving a uniform resource locator (URL) associated with a web server level of the control panel application, wherein the URL is indicative of a particular website; and
  
  automatically navigating the particular website as a simulated user to discover links and record responses;
  
  scanning, with an operating system level scanning program, the control panel application and an operating system executing associated with the control panel application;
  
  scanning, with the website scanning program, a second application, wherein the second application provides Internet content to the set-top-box;
  
  scanning, by the operating system level scanning program, the second application;
  
  scanning, with a third scanning program, a component management application for managing and auto-configuring the set-top-box with a third scanning program; and
  
  correlating security vulnerabilities identified by the website scanning program, the operating system level scanning program, and the third scanning program.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein scanning the second application with the website scanning program comprises testing a web server level of the second application.
  - 10. The method of claim 9, wherein testing the web server level of the second application includes:
    - receiving a uniform resource locator (URL) associated with the web server level of the second application, wherein the URL is indicative of a particular website; and
      
      automatically navigating the particular website as a simulated user to discover links and record responses.
  - 11. The method of claim 8, wherein the broadband connection includes a cable connection.
  - 12. The method of claim 8, wherein the broadband connection includes a satellite connection.
  - 13. The method of claim 8, wherein the method further comprises:
    - assigning risk levels to security vulnerabilities identified by the website scanning program and the operating system level scanning program; and
      
      providing a report indicative of the risk levels.
  - 14. The method of claim 8, wherein the website scanning program accesses the set-top-box using a pass through connection to the modem.

15. A server, comprising:
- a processor; and
  
  a storage medium including a database to store information relating to security vulnerabilities for a plurality of applications associated with a customer device and processor executable program instructions that, when executed by the processor, cause the processor to perform operations comprising;
  
  scanning, with a website scanning program, a control panel application for enabling a user to access a set-top-box remotely to navigate and select content, wherein the website scanning program is configured to access the set-top-box via a broadband connection to a modem locally coupled to the set-top-box, wherein scanning the control panel application includes;
  
  receiving a uniform resource locator (URL) associated with a web server level of the control panel application, wherein the URL is indicative of a particular website; and
  
  automatically navigating the particular website as a simulated user to discover links and record responses;
  
  scanning, with an operating system level scanning program, the control panel application and an operating system associated with the control panel application;
  
  scanning, with the website scanning program, a second application, wherein the second application provides Internet content to the set-top-box;
  
  scanning, by the operating system level scanning program, the second application;
  
  scanning, with a third scanning program, a component management application for managing and auto-configuring the set-top-box with a third scanning program; and
  
  correlating security vulnerabilities identified by the website scanning program, the operating system level scanning program, and the third scanning program.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The server of claim 15, wherein:
    - scanning the second application with the website scanning program comprises testing a web server level of the second application.
  - 17. The server of claim 16, wherein:
    - testing the web server level of the second application includes;
      
      receiving a uniform resource locator (URL) indicative of a second particular web site; and
      
      automatically navigating the second particular website as a simulated user to discover links and record responses.
  - 18. The server of claim 15, wherein automatically navigating comprises invoking a web crawler configured to automatically navigate.
  - 19. The server of claim 15, wherein the broadband connection includes at least one of:
    - a cable connection and a satellite connection.
  - 20. The server of claim 15, wherein the operations include:
    - assigning risk levels to security vulnerabilities identified by the website scanning program and the operating system level scanning program; and
      
      providing a report indicative of the risk levels.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Howcroft, Jerald Robert, Markley, John J., Del Carmine, Rocco A.
Primary Examiner(s)
CHIANG, JASON

Application Number

US14/937,665
Publication Number

US 20160080409A1
Time in Patent Office

1,001 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/14   for detecting or protecting...

H04L 63/1433   Vulnerability analysis

H04N 21/24   Monitoring of processes or ...

H04N 21/442   Monitoring of processes or ...

H04N 21/443   OS processes, e.g. booting ...

H04N 21/8166   involving executable data, ...

H04N 21/854   Content authoring

H04N 7/173   with two-way working, e.g. ...

Security scanning system and method

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Security scanning system and method

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others