Permission-based scanning of a web site
First Claim
Patent Images
1. A method of scanning a target server in a computer network from a host having a scanning tool, comprising the steps of:
- posting a certificate at a given port of the target server, wherein the certificate, upon given processing, reveals a scan permission;
directing the host to obtain the certificate from the given port;
at the host, processing the certificate to reveal the scan permission; and
scanning the target server according to the scan permission.
1 Assignment
0 Petitions
Accused Products
Abstract
A scanning tool executing on a host computer may be used to scan a server only if the server (or a proxy) first exposes to the host a certificate that, upon processing by the host, indicates that the server may be scanned. The certificate preferably encrypts a scan permission and is made available from a given port on the server (or the proxy). Whenever the host desires to perform a scan of the server, the host searches the port for the certificate. The certificate is then decrypted to determine whether the scan permission exists. If so, the scan then proceeds, in accordance with any conditions set forth in the decrypted scan permission.
-
Citations
20 Claims
-
1. A method of scanning a target server in a computer network from a host having a scanning tool, comprising the steps of:
-
posting a certificate at a given port of the target server, wherein the certificate, upon given processing, reveals a scan permission;
directing the host to obtain the certificate from the given port;
at the host, processing the certificate to reveal the scan permission; and
scanning the target server according to the scan permission. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
applying the target server'"'"'s private key to the scan permission to generate a first string; and
applying the host'"'"'s private key to the first string.
-
-
4. The method as described in claim 3 wherein the step of processing the certificate to reveal the scan permission includes:
-
applying the host'"'"'s private key to the certificate to generate a third string; and
applying the target server'"'"'s public key to the third string.
-
-
5. The method as described in claim 1 wherein the scan permission includes access information that must be used by the host to carry out the scan.
-
6. The method as described in claim 1 wherein the scan is a security scan.
-
7. The method as described in claim 1 wherein the scan is a diagnostic scan.
-
8. The method as described in claim 1 wherein the computer network is the Internet and the target server includes a Web site.
-
9. A method of scanning a target server in a computer network from a host having a scanning tool, comprising the steps of:
-
generating a certificate that, upon processing, reveals a scan permission;
posting the certificate at a given location;
directing the host to obtain the certificate from the given location;
at the host, processing the certificate to reveal the scan permission; and
scanning the target server according to the scan permission. - View Dependent Claims (10, 11, 12, 13, 14)
applying the target server'"'"'s private key to the scan permission to generate a first string; and
applying the host'"'"'s private key to the first string.
-
-
14. The method as described in claim 13 wherein the step of processing the certificate to reveal the scan permission includes:
-
applying the host'"'"'s private key to the certificate to generate a third string; and
applying the target server'"'"'s public key to the third string.
-
-
15. A server, comprising:
-
a processor;
an output port;
means for generating a certificate that, upon given processing, reveals a scan permission;
means for posting the certificate on the output port; and
means responsive to receipt of the scan permission for authorizing a scan. - View Dependent Claims (16)
-
-
17. A host, comprising:
-
a processor;
means for processing a certificate retrieved from a given target server to reveal a scan permission;
means for issuing a scan request to the target server according to the scan permission; and
means for scanning the target server. - View Dependent Claims (18)
-
-
19. A computer program product in a computer-readable medium for use in a server connectable in a computer network, comprising:
-
means for generating a certificate that, upon given processing, reveals a scan permission;
means for posting the certificate on a given port of the server; and
means responsive to receipt of the scan permission for authorizing a scan.
-
-
20. A computer program product in a computer-readable medium for use in a host connectable to a target server in a computer network, comprising:
-
means for processing a certificate retrieved from the target server to reveal a scan permission;
means for issuing a scan request to the target server according to the scan permission; and
means for scanning the target server.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsSmith, William Meyer, Blair, Steven Cameron, Hassinger, Sebastian, Turek, John Joseph Edward
-
Primary Examiner(s)HUA, LY
-
Application NumberUS09/213,908Time in Patent Office1,538 DaysField of Search713/175, 713/200, 713/201, 713/168US Class Current713/186CPC Class CodesH04L 63/0823 using certificates cryptogr...H04L 63/104 Grouping of entitiesH04L 63/1433 Vulnerability analysisH04L 63/20 for managing network securi...
