Verification that particular information is transferred by an application

US 10,437,715 B2
Filed: 03/29/2017
Issued: 10/08/2019
Est. Priority Date: 09/06/2013
Status: Active Grant

First Claim

Patent Images

1. A method to test an application, the method comprising:

providing substitute information, temporarily replacing information received in a request from the application, as the information to the application using a shim;

receiving a request from the application to output application information to an external computing device;

inspecting the application information before encryption using another shim during execution of the application to determine whether the substitute information is included in the application information;

obtaining an indication of consent of a user to transfer the application information to the external computing device; and

after replacing the substitute information, outputting the application information to the external computing device after testing indicates that the application intends to transfer the application information, wherein the application information includes a video signal.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The technology includes a method to test what information an application transfers to an external computing device. A user'"'"'s consent is explicitly obtained before the application transfers certain types of information, such as sensitive information. When a determination is made that an application is transferring sensitive information, a prompt for consent from a user may be provided that is accurate and detailed. In pre-production environments, technology can be used to detect whether this sensitive information is being transferred, and to validate whether a prompt for consent is necessary or unnecessary. To determine this, shimming is used to intercept application calls to APIs that return sensitive information. Requested sensitive information may be substituted with recorded or forged information from those APIs to produce a sentinel or canary. Similarly, network traffic of the application may be analyzed by another shim to determine when the substitute information is present.

23 Citations

17 Claims

1. A method to test an application, the method comprising:
- providing substitute information, temporarily replacing information received in a request from the application, as the information to the application using a shim;
  
  receiving a request from the application to output application information to an external computing device;
  
  inspecting the application information before encryption using another shim during execution of the application to determine whether the substitute information is included in the application information;
  
  obtaining an indication of consent of a user to transfer the application information to the external computing device; and
  
  after replacing the substitute information, outputting the application information to the external computing device after testing indicates that the application intends to transfer the application information, wherein the application information includes a video signal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the method is performed at least partially by at least one processor executing an operating system and the application stored on a memory in a computing device.
  - 3. The method of claim 2, wherein the information is sensitive information.
  - 4. The method of claim 3, wherein the method is performed during a certification or verification process of the application.
  - 5. The method of claim 1, wherein the receiving the request from the application for the information includes the application calling a first application programming interface and receiving the request from the application to output includes the application calling a second application programming interface.
  - 6. The method of claim 5, wherein the inspecting includes searching a buffer storing the application information to be outputted to the external computing device for the substitute information in the application information.
  - 7. The method of claim 6, wherein the substitute information is selected from one of forged information and recorded information.
  - 8. The method of claim 7, wherein receiving and determining is at least partially performed by an operating system,wherein the application includes an electronic interactive game.
  - 9. The method of claim 8, further comprising outputting the application information, after replacing the substitute information, to the external computing device after testing indicates that the application intends to transfer the application information.

10. An apparatus comprising:
- at least one camera to obtain a video signal;
  
  at least one processor; and
  
  at least one processor readable memory to store an application having processor readable instructions and an authorization list comprising one or more authorized network addresses that the application can communicate with when executing, and the at least one processor readable memory to store an operating system that may allow the application to transfer at least a portion of the video signal to a computing device at one of the one or more authorized network addresses,wherein the at least one processor executes the processor readable instructions of the operating system and the application to;
  
  receive, by the operating system, a request from the application for the video signal obtained by the at least one camera,provide a substitute video signal comprising at least one of false recorded and forged information, by the operating system, to the application,receive, by the operating system, a request from the application to output application information to an external computing device, andbefore obtaining a user consent during execution of the application, determine whether the application outputs the application information by identifying the application as a trusted or non-trusted application based on the authorization list read from the application, wherein the request from the application for the video signal includes a call to an application programming interface to retrieve the video signal and the request from the application to output application information to the external computing device includes a call to an application programming interface to output the application information to a network address of the computing device.
- View Dependent Claims (11, 12, 13)
- - 11. The apparatus of claim 10, wherein the apparatus further includes a traffic buffer to store the application information and the operating system inspects the application information stored in the traffic buffer to determine whether the substitute video signal is stored in the application information.
  - 12. The apparatus of claim 11, wherein in response to identifying the application as non-trusted:
    - inspect, by the operating system, the application information to determine whether the substitute video signal is included in the application information, andoutput, by the operating system, the application information to the external computing device when an indication of consent is obtained by a user.
  - 13. The apparatus of claim 10, wherein the at least one processor executes the processor readable instructions of the operating system and the application such that an indication of consent occurs before the application is transferred to the external computing device.

14. One or more processor readable memories having instructions encoded thereon which when executed cause one or more processors to perform a method, the method comprising:
- receiving a request for sensitive information from an application by calling a first application programming interface that returns the sensitive information;
  
  replacing the sensitive information with substitute information by intercepting the calls to the first application programming interface using a shim;
  
  providing the substitute information as the sensitive information to the application;
  
  receiving a request from the application to output application information to an external computing device at a network address by calling a second application programming interface;
  
  searching the application information, prior to encryption, to determine whether the substitute information is included in the application information using another shim to intercept the call to the second application programming interface;
  
  after replacing the substitute information, outputting the application information to the external computing device after testing indicates that the application intends to transfer the application information; and
  
  receiving the sensitive information, wherein the sensitive information includes at least a frame of a video signal and the substitute information is a frame of another video signal.
- View Dependent Claims (15, 16, 17)
- - 15. The one or more processor readable memories of claim 14, wherein receiving a request for the sensitive information from an application includes the first application programming interface to retrieve the sensitive information, and receiving a request from the application to output application information to the external computing device at the network address includes the second application programming interface to output the application information to the external computing device at the network address.
  - 16. The one or more processor readable memories of claim 15, wherein the method further comprises receiving consent of a user before transferring the application information.
  - 17. The one or more processor readable memories of claim 16, further comprising outputting the application information in an encrypted format to the external computing device at the network address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Christiansen, Dave, Cantrell, Bethan Tetrault, Bruno, Michelle R.
Primary Examiner(s)
Nguyen, Duy Khuong T

Application Number

US15/473,245
Publication Number

US 20170206156A1
Time in Patent Office

923 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/3688   for test execution, e.g. sc...

G06F 21/57   Certifying or maintaining t...

G06F 21/6245   Protecting personal data, e...

G06F 2221/031   Protect user input by softw...

G06F 9/54   Interprogram communication

Verification that particular information is transferred by an application

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Verification that particular information is transferred by an application

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links