Method and apparatus for real-time security verification of on-line services
First Claim
1. An apparatus for providing verification of a security status of an on-line service, comprising:
- a database that stores a profile of devices and services comprising the on-line service and a corresponding indication of their vulnerability; and
a verification engine that provides verification to visitors of the on-line service via a network by displaying an indication of the security status of the on-line service to the visitor in accordance with the stored profile.
1 Assignment
0 Petitions
Accused Products
Abstract
A unique combination of several functions achieves a system by which consumers can validate the actual security status of a website before they decide to trust it, and therefore transact with it. In one example implementation, a security system includes a scanning engine that periodically and thoroughly scans the network and connected components of an on-line service such as a website. The results are stored and perhaps reported back to the service via alerts and the like. The website includes a “bug” which visitors can click on. By clicking, the visitors are also displayed web pages showing the security status of the website. Based on their review of such web pages, visitors can then decide whether to trust the website for further transactions.
114 Citations
38 Claims
-
1. An apparatus for providing verification of a security status of an on-line service, comprising:
-
a database that stores a profile of devices and services comprising the on-line service and a corresponding indication of their vulnerability; and
a verification engine that provides verification to visitors of the on-line service via a network by displaying an indication of the security status of the on-line service to the visitor in accordance with the stored profile. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An apparatus for providing verification of a security status of one or more on-line services, comprising:
-
a database that stores respective profiles of devices and services comprising the on-line services and corresponding indications of their vulnerability; and
a security website that receives requests for verification from actual or potential visitors of a selected one of the on-line services via a network and provides a graphical indication of the security status of the selected on-line service to the visitor in accordance with the stored profile. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. An apparatus for providing verification of a security status of an on-line service, comprising:
-
a scanning engine that periodically detects devices and services comprising the on-line service and compares the detected devices and services against vulnerability fingerprints to obtain a corresponding indication of their vulnerability; and
an alert engine that provides an alert to the on-line service in accordance with the comparison performed by the scanning engine, wherein the apparatus is remote from the on-line service on the network. - View Dependent Claims (22, 23)
-
-
24. An apparatus for providing verification of a security status of an on-line service, comprising:
-
a scanning engine that periodically detects devices and services comprising the on-line service and compares the detected devices and services against vulnerability fingerprints to obtain a corresponding indication of their vulnerability; and
a reporting engine that displays scan results to the on-line service in accordance with the comparison performed by the scanning engine and allows the on-line service to identify an obtained vulnerability as a false positive, wherein the apparatus is remote from the on-line service on the network. - View Dependent Claims (25, 26)
-
-
27. An apparatus for providing verification of a security status of an on-line service, comprising:
-
means for detecting devices and services comprising the on-line service;
means for comparing the detected devices and services against vulnerability fingerprints;
means for receiving requests for verification from visitors of the on-line service via a network; and
means for providing an indication of the security status of the on-line service to the visitor in accordance with the comparison performed by the comparing means. - View Dependent Claims (28, 29, 30, 31, 32)
-
-
33. A method for providing verification of a security status of an on-line service, comprising:
-
detecting devices and services comprising the on-line service;
comparing the detected devices and services against vulnerability fingerprints;
receiving requests for verification from visitors of the on-line service via a network; and
providing an indication of the security status of the on-line service to the visitor in accordance with a result of the comparing step. - View Dependent Claims (34, 35, 36, 37, 38)
-
Specification