Permission-based scanning of a web site
First Claim
1. A method of scanning a target server in a computer network from a host having a scanning tool, comprising the steps of:
- posting a certificate at a given port of the target server, wherein the certificate, upon given processing, reveals a scan permission;
directing the host to obtain the certificate from the given port;
at the host, processing the certificate to reveal the scan permission; and
scanning the target server according to the scan permission.
1 Assignment
0 Petitions
Accused Products
Abstract
A scanning tool executing on a host computer may be used to scan a server only if the server (or a proxy) first exposes to the host a certificate that, upon processing by the host, indicates that the server may be scanned. The certificate preferably encrypts a scan permission and is made available from a given port on the server (or the proxy). Whenever the host desires to perform a scan of the server, the host searches the port for the certificate. The certificate is then decrypted to determine whether the scan permission exists. If so, the scan then proceeds, in accordance with any conditions set forth in the decrypted scan permission.
-
Citations
20 Claims
-
1. A method of scanning a target server in a computer network from a host having a scanning tool, comprising the steps of:
-
posting a certificate at a given port of the target server, wherein the certificate, upon given processing, reveals a scan permission;
directing the host to obtain the certificate from the given port;
at the host, processing the certificate to reveal the scan permission; and
scanning the target server according to the scan permission. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
applying the target server'"'"'s private key to the scan permission to generate a first string; and
applying the host'"'"'s private key to the first string.
-
-
4. The method as described in claim 3 wherein the step of processing the certificate to reveal the scan permission includes:
-
applying the host'"'"'s private key to the certificate to generate a third string; and
applying the target server'"'"'s public key to the third string.
-
-
5. The method as described in claim 1 wherein the scan permission includes access information that must be used by the host to carry out the scan.
-
6. The method as described in claim 1 wherein the scan is a security scan.
-
7. The method as described in claim 1 wherein the scan is a diagnostic scan.
-
8. The method as described in claim 1 wherein the computer network is the Internet and the target server includes a Web site.
-
9. A method of scanning a target server in a computer network from a host having a scanning tool, comprising the steps of:
-
generating a certificate that, upon processing, reveals a scan permission;
posting the certificate at a given location;
directing the host to obtain the certificate from the given location;
at the host, processing the certificate to reveal the scan permission; and
scanning the target server according to the scan permission. - View Dependent Claims (10, 11, 12, 13, 14)
applying the target server'"'"'s private key to the scan permission to generate a first string; and
applying the host'"'"'s private key to the first string.
-
-
14. The method as described in claim 13 wherein the step of processing the certificate to reveal the scan permission includes:
-
applying the host'"'"'s private key to the certificate to generate a third string; and
applying the target server'"'"'s public key to the third string.
-
-
15. A server, comprising:
-
a processor;
an output port;
means for generating a certificate that, upon given processing, reveals a scan permission;
means for posting the certificate on the output port; and
means responsive to receipt of the scan permission for authorizing a scan. - View Dependent Claims (16)
-
-
17. A host, comprising:
-
a processor;
means for processing a certificate retrieved from a given target server to reveal a scan permission;
means for issuing a scan request to the target server according to the scan permission; and
means for scanning the target server. - View Dependent Claims (18)
-
-
19. A computer program product in a computer-readable medium for use in a server connectable in a computer network, comprising:
-
means for generating a certificate that, upon given processing, reveals a scan permission;
means for posting the certificate on a given port of the server; and
means responsive to receipt of the scan permission for authorizing a scan.
-
-
20. A computer program product in a computer-readable medium for use in a host connectable to a target server in a computer network, comprising:
-
means for processing a certificate retrieved from the target server to reveal a scan permission;
means for issuing a scan request to the target server according to the scan permission; and
means for scanning the target server.
-
Specification