Trusted electronic communication through shared vulnerability
First Claim
1. A computer-implemented method of providing a client application with access to a requested service provided by a server application, comprising:
- receiving, from the client application, a request for access to the service provided by the server application, wherein the client application executes on a client system having a vulnerability;
sending, to the client application, a request that the client application provide access to the vulnerability as a condition to granting the client application the access to the service provided by the server application;
receiving, from the client application, access to the vulnerability;
granting the client application with access to the requested service provided by the server application;
monitoring, by the server application, the client application accessing the requested service; and
upon determining the client system has performed an unwanted action, by the server application, exploiting the vulnerability to prevent the client system from further performing the unwanted action.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for using shared vulnerability to provide trusted communication services between systems is disclosed. For example, a server may deny access to a service which renders it vulnerable to an untrusted client unless access to a useful vulnerability is received from the client. That is, the server may trust the client because any misuse by the client may result in the server exploiting the shared vulnerability. A system may request access to a service on another system to perform some transaction. Upon receiving this request, the server may determine a vulnerability of the client useful in deterring or stopping unwanted actions. The server may request access to this vulnerability. Once this vulnerability has been granted to the server, the server may then grant access to the requested service to the client.
-
Citations
21 Claims
-
1. A computer-implemented method of providing a client application with access to a requested service provided by a server application, comprising:
-
receiving, from the client application, a request for access to the service provided by the server application, wherein the client application executes on a client system having a vulnerability; sending, to the client application, a request that the client application provide access to the vulnerability as a condition to granting the client application the access to the service provided by the server application; receiving, from the client application, access to the vulnerability; granting the client application with access to the requested service provided by the server application; monitoring, by the server application, the client application accessing the requested service; and upon determining the client system has performed an unwanted action, by the server application, exploiting the vulnerability to prevent the client system from further performing the unwanted action. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product for providing a client application with access to a requested service provided by a server application, comprising:
a computer-readable storage device having computer-readable program code embodied therewith, the computer-readable program code comprising; computer-readable program code configured to receive, from the first client application, a request for access to the service provided by the server application, wherein the client application executes on a client system having a vulnerability; computer-readable program code configured to send, to the client application, a request that the client application provide access to the vulnerability as a condition to granting the client application the access to the service provided by the server application; computer-readable program code configured to receive, from the client application, access to the vulnerability; computer-readable program code configured to grant the client application access to the requested service provided by the server application; computer-readable program code configured to monitor the client system accessing the requested service, the monitoring is by the server application; and upon determining the client system has performed an unwanted action, computer-readable program code configured to exploit the vulnerability to prevent the client from further performing the unwanted action, the exploiting is by the server application. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
15. A system, comprising:
-
a processor; and a memory containing a program, which, when executed by the processor, is configured to provide a client application with access to a requested service provided by a server application by performing the steps of; receiving, from the client application, a request for access to the service provided by the server application, wherein the client application executes on a client system having a vulnerability; sending, to the client application, a request that the client application provide access to the vulnerability as a condition to granting the client application the access to the service provided by the server application; receiving, from the client application, access to the vulnerability; granting the client application access to the requested service provided by the server application; monitoring, by the server application, the client system accessing the requested service; and upon determining the client system has performed an unwanted action, by the server application, exploiting the vulnerability to prevent the client system from further performing the unwanted action. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification