Trusted electronic communication through shared vulnerability

US 8,261,328 B2
Filed: 08/14/2008
Issued: 09/04/2012
Est. Priority Date: 08/14/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method of providing a client application with access to a requested service provided by a server application, comprising:

receiving, from the client application, a request for access to the service provided by the server application, wherein the client application executes on a client system having a vulnerability;

sending, to the client application, a request that the client application provide access to the vulnerability as a condition to granting the client application the access to the service provided by the server application;

receiving, from the client application, access to the vulnerability;

granting the client application with access to the requested service provided by the server application;

monitoring, by the server application, the client application accessing the requested service; and

upon determining the client system has performed an unwanted action, by the server application, exploiting the vulnerability to prevent the client system from further performing the unwanted action.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for using shared vulnerability to provide trusted communication services between systems is disclosed. For example, a server may deny access to a service which renders it vulnerable to an untrusted client unless access to a useful vulnerability is received from the client. That is, the server may trust the client because any misuse by the client may result in the server exploiting the shared vulnerability. A system may request access to a service on another system to perform some transaction. Upon receiving this request, the server may determine a vulnerability of the client useful in deterring or stopping unwanted actions. The server may request access to this vulnerability. Once this vulnerability has been granted to the server, the server may then grant access to the requested service to the client.

Citations

21 Claims

1. A computer-implemented method of providing a client application with access to a requested service provided by a server application, comprising:
- receiving, from the client application, a request for access to the service provided by the server application, wherein the client application executes on a client system having a vulnerability;
  
  sending, to the client application, a request that the client application provide access to the vulnerability as a condition to granting the client application the access to the service provided by the server application;
  
  receiving, from the client application, access to the vulnerability;
  
  granting the client application with access to the requested service provided by the server application;
  
  monitoring, by the server application, the client application accessing the requested service; and
  
  upon determining the client system has performed an unwanted action, by the server application, exploiting the vulnerability to prevent the client system from further performing the unwanted action.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the request for access to the service provided by the server application comprises:
    - information identifying the client system;
      
      information identifying an operating system running on the client system;
      
      information allowing the service provider to verify the operating system running on the client system; and
      
      information identifying at least one available vulnerability to which the server application can request the client application share access.
  - 3. The method of claim 1, further comprising:
    - initiating, by the server application, a transaction requested by the client application; and
      
      receiving a signal that the transaction is complete, wherein the client application is configured to close access to the vulnerability upon completion of the transaction.
  - 4. The method of claim 1, further comprising:
    - after granting the client application with access to the requested service, determining that the client application has closed access to the vulnerability; and
      
      terminating access to the requested service.
  - 5. The method of claim 1, wherein the request for access to the service includes information identifying a plurality of shared vulnerabilities which the server application can request the client application share access to, and further comprising:
    - selecting one of the plurality of vulnerabilities; and
      
      requesting access to the selected vulnerability.
  - 6. The method of claim 1, further comprising:
    - monitoring the client system accessing the requested service; and
      
      upon determining the client system has performed an unwanted action, exploiting the vulnerability to prevent the client system from further performing the unwanted action.
  - 7. The method of claim 1, further comprising, verifying that the client application has access to the vulnerability before granting the request for access to the service provided by the server application.

8. A computer program product for providing a client application with access to a requested service provided by a server application, comprising:
- a computer-readable storage device having computer-readable program code embodied therewith, the computer-readable program code comprising;
  
  computer-readable program code configured to receive, from the first client application, a request for access to the service provided by the server application, wherein the client application executes on a client system having a vulnerability;
  
  computer-readable program code configured to send, to the client application, a request that the client application provide access to the vulnerability as a condition to granting the client application the access to the service provided by the server application;
  
  computer-readable program code configured to receive, from the client application, access to the vulnerability;
  
  computer-readable program code configured to grant the client application access to the requested service provided by the server application;
  
  computer-readable program code configured to monitor the client system accessing the requested service, the monitoring is by the server application; and
  
  upon determining the client system has performed an unwanted action, computer-readable program code configured to exploit the vulnerability to prevent the client from further performing the unwanted action, the exploiting is by the server application.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product of claim 8, wherein the request for access to the service provided by the server application comprises:
    - information identifying the client system;
      
      information identifying an operating system running on the client system;
      
      information allowing the service provider to verify the operating system running on the client system; and
      
      information identifying at least one available vulnerability to which the server application can request the client application share access.
  - 10. The computer program product of claim 8, wherein the operation further comprises:
    - initiating, by the server application, a transaction requested by the client application; and
      
      receiving a signal that the transaction is complete, wherein the client application is configured to close access to the vulnerability upon completion of the transaction.
  - 11. The computer program product of claim 8, wherein the operation further comprises:
    - after granting the client application with access to the requested service, determining that the client application has closed access to the vulnerability; and
      
      terminating access to the requested service.
  - 12. The computer program product of claim 8, wherein the request for access to the service includes information identifying a plurality of shared vulnerabilities which the server application can request the client application share access to, and wherein the operation further comprises:
    - selecting one of the plurality of vulnerabilities; and
      
      requesting access to the selected vulnerability.
  - 13. The computer program product of claim 8, wherein the operation further comprises:
    - monitoring the client system accessing the requested service; and
      
      upon determining the client system has performed an unwanted action, exploiting the vulnerability to prevent the client system from further performing the unwanted action.
  - 14. The computer program product of claim 8, wherein the operation further comprises, verifying that the first client application has access to the vulnerability before granting the request for access to the service provided by the server application.

15. A system, comprising:
- a processor; and
  
  a memory containing a program, which, when executed by the processor, is configured to provide a client application with access to a requested service provided by a server application by performing the steps of;
  
  receiving, from the client application, a request for access to the service provided by the server application, wherein the client application executes on a client system having a vulnerability;
  
  sending, to the client application, a request that the client application provide access to the vulnerability as a condition to granting the client application the access to the service provided by the server application;
  
  receiving, from the client application, access to the vulnerability;
  
  granting the client application access to the requested service provided by the server application;
  
  monitoring, by the server application, the client system accessing the requested service; and
  
  upon determining the client system has performed an unwanted action, by the server application, exploiting the vulnerability to prevent the client system from further performing the unwanted action.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The system of claim 15, wherein the request for access to the service provided by the server application comprises:
    - information identifying the client system;
      
      information identifying an operating system running on the client system;
      
      information allowing the service provider to verify the operating system running on the client system; and
      
      information identifying at least one available vulnerability to which the server application can request the client application share access.
  - 17. The system of claim 15, wherein the steps further comprise:
    - initiating, by the server application, a transaction requested by the client application; and
      
      receiving a signal that the transaction is complete, wherein the client application is configured to close access to the vulnerability upon completion of the transaction.
  - 18. The system of claim 15, wherein the steps further comprise:
    - after granting the client application with access to the requested service, determining that the client application has closed access to the vulnerability; and
      
      terminating access to the requested service.
  - 19. The system of claim 15, wherein the request for access to the service includes information identifying a plurality of shared vulnerabilities which the server application can request the client application share access to, wherein the steps further comprise:
    - selecting one of the plurality of vulnerabilities; and
      
      requesting access to the selected vulnerability.
  - 20. The system of claim 15, wherein the steps further comprise:
    - monitoring the client system accessing the requested service; and
      
      upon determining the client system has performed an unwanted action, exploiting the vulnerability to prevent the client system from further performing the unwanted action.
  - 21. The system of claim 15, wherein the steps further comprise, verifying that the client application has access to the vulnerability before granting the request for access to the service provided by the server application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hinkemeyer, David Christopher, Ventura, Rainieri, Kolz, Daniel P, Schreck, Taylor L, Sullivan, Garry J
Primary Examiner(s)
Patel, Haresh N
Assistant Examiner(s)
LE, CHAU D

Application Number

US12/191,509
Publication Number

US 20100043059A1
Time in Patent Office

1,482 Days
Field of Search

726/3, 726/21, 726/22, 726/25, 726/4
US Class Current

726/4
CPC Class Codes

G06F 21/305 by remotely controlling dev...

Trusted electronic communication through shared vulnerability

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted electronic communication through shared vulnerability

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links