Systems and methods for testing online systems and content

US 9,521,166 B2
Filed: 02/08/2013
Issued: 12/13/2016
Est. Priority Date: 02/09/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

obtaining, using at least one processor, polling information indicative of an availability of a server to execute an operation on content associated with at least one web page, the operation corresponding to a functionality of the at least one web page;

determining, based on the polling data, whether the server is capable of executing the operation;

when the server is capable of executing the operation, generating, using the at least one processor, an instruction to transmit first configuration data to the server, the first configuration data instructing the server to execute the operation on the content associated with the at least one web page to simulate the functionality of the at least one web page in accordance with the configuration data and generate first output data characterizing at least one of a privacy policy or a security policy of the least one web page;

obtaining the first output data from the server, the first output data characterizing the at least one of privacy or security policy of the at least one web page; and

generating, using the at least one processor, information indicating whether the at least one privacy or security policy of the at least one web page complies with a corresponding privacy regulation or security regulation established by at least one of a governmental entity or a regulatory organization, the information being generated based on the obtained first output data.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for automatically monitoring a compliance of web pages and graphical user interfaces with governmental and self-regulatory privacy and security policies. In accordance with one implementation, a method is provided that comprises instructing the execution of an operation on content associated with at least one web page is generated. The operation may include at least one of (i) a scanning operation that generates forensic data corresponding to the web page or (ii) an analytical operation that analyzes at least a portion of the forensic data corresponding to the web page. The method further comprises obtaining output data associated with the executed operation, and generating information indicative of a compliance of the web page with at least one of a privacy regulation or a security regulation, the information being generated based on the output data.

Citations

27 Claims

1. A computer-implemented method, comprising:
- obtaining, using at least one processor, polling information indicative of an availability of a server to execute an operation on content associated with at least one web page, the operation corresponding to a functionality of the at least one web page;
  
  determining, based on the polling data, whether the server is capable of executing the operation;
  
  when the server is capable of executing the operation, generating, using the at least one processor, an instruction to transmit first configuration data to the server, the first configuration data instructing the server to execute the operation on the content associated with the at least one web page to simulate the functionality of the at least one web page in accordance with the configuration data and generate first output data characterizing at least one of a privacy policy or a security policy of the least one web page;
  
  obtaining the first output data from the server, the first output data characterizing the at least one of privacy or security policy of the at least one web page; and
  
  generating, using the at least one processor, information indicating whether the at least one privacy or security policy of the at least one web page complies with a corresponding privacy regulation or security regulation established by at least one of a governmental entity or a regulatory organization, the information being generated based on the obtained first output data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 25, 26)
- - 2. The method of claim 1, wherein the first configuration data identifies the operation and the at least one web page.
  - 3. The method of claim 2, wherein:
    - the method further comprises receiving a request to execute the operation from an input source;
      
      the obtaining comprises receiving the polling information from the server; and
      
      the determining comprises determining whether that the server is capable of executing the operation, based on the received request and the polling data.
  - 4. The method of claim 1, wherein:
    - the operation executed by the server generates forensic data corresponding to the simulated functionality of the at least one web page; and
      
      the forensic data comprises at least one of a cache file, a script file, information associated with a data stream, a locally-stored object, image data, information indicative of system failure, information indicative of unexpected access or changes to an integrity of a file system, or sensitive or personal information associated with one or more users.
  - 5. The method of claim 4, wherein:
    - the operation comprises a scanning operation; and
      
      the method further comprises generating an instruction to cause the server to store at least a portion of the forensic data in a repository.
  - 6. The method of claim 5, wherein:
    - the output data comprises confirmation of a completion of the scanning operation; and
      
      the method further comprises generating, in response to the confirmation, a report indicative of the completion of the scanning operation.
  - 7. The method of claim 5, further comprising:
    - determining, based on the polling data, whether the server is capable of executing an analytical operation that analyzes at least a portion of the forensic data, the analytical operation comprising at least one of an operation performed on a hyperlink within the forensic data, an operation performed on an image call within the forensic data, an operation applied to a locally-stored object within the forensic data, or an operation applied to an image of the web page within the forensic data;
      
      transmitting second configuration data to the server when the server is capable of executing the analytical operation; and
      
      obtaining second output data associated with the executed analytical operation that characterizes the at least one privacy or security policy of the at least one web page.
  - 8. The method of claim 1, further comprising generating a report based on at least a portion of the first output data, the report comprising the information indicative of the compliance of the at least one privacy or security policy of the at least one web page with the corresponding privacy regulation or security regulation.
  - 9. The method of claim 1, further comprising:
    - instructing the execution of the operation on content associated with a graphical user interface accessible to a user of a mobile device; and
      
      generating, based on the first output data, information indicative of a compliance of the graphical user interface with at least one of the privacy regulation or the security regulation.
  - 10. The method of claim 1, further comprising:
    - generating an instruction to transmit, to an opt-out system associated with the server, a request to test at least one of the opt-out system or an advertising system;
      
      receiving a data stream sent in response to the request; and
      
      determining an outcome of the test based on the data stream.
  - 11. The method of claim 10, wherein the test comprises at least one of a test to determine a functionality of a website of the opt-out system, a test to determine a functionality of a web page of the website, a test to determine whether the web page includes elements enabling a user to opt-out, or a test to determine whether the opt-out system responds appropriately based on a selection of one or more of the elements.
  - 12. The method of claim 10, further comprising receiving an opt-out cookie from the advertising system.
  - 13. The method of claim 12, wherein determining the outcome comprises determining at least one of whether a unique identifier of the opt-out cookie is equal to a dummy value, whether a tracking value is set to a predetermined opt-out tracking value, or whether a minimum lifespan of the opt-out cookie is equal to or greater than a predetermined minimum lifespan.
  - 14. The computer-implemented method of claim 12, further comprising generating an instruction to transmit, after receiving the opt-out cookie, an additional request to the opt-out system to test an indicator on a website of the opt-out system, wherein the indicator identifies a cookie associated with the advertising system.
  - 15. The computer-implemented method of claim 14, further comprising:
    - receiving, in response to the additional request, an additional data stream comprising an image of the indicator; and
      
      determining whether the indicator corresponds to the opt-out cookie based on a checksum or pattern match on the image.
  - 25. The method of claim 1, wherein the first configuration data further instructs the server to determine whether advertising identifiers associated with the at least one web page share at least one of a common storage space, a common domain space, or a common storage mechanism with personal information associated with at least one user.
  - 26. The method of claim 1, wherein the first configuration data further instructs the server to emulate a mobile communications device and to simulate the functionality of the at least one web page accessed by the emulated mobile communications device.

16. A computer-implemented method, comprising:
- obtaining, using at least one processor, polling information indicative of an availability of a server to perform a scanning operation on a web page that simulates at least one functionality of the web page;
  
  determining, based on the polling data, whether the server is capable of executing the scanning operation;
  
  when the server is capable of executing the scanning operation, transmitting, using the at least one processor, an instruction to the server to cause the server to perform the scanning operation on the web page to simulate the at least one functionality of the web page;
  
  obtaining forensic data from the server, the forensic data being generated by the server during execution of the scanning operation, and the forensic data being indicative of a compliance of at least one of a privacy or security policy of the web page with a corresponding privacy regulation or security regulation established by at least one of a governmental entity or a regulatory organization; and
  
  generating, with at least one processor, an instruction to store at least a portion of the forensic data in a repository.
- View Dependent Claims (17)
- - 17. The method of claim 16, wherein the forensic data comprises at least one of a cache file, a script file, information associated with a data stream, a locally-stored object, image data, information indicative of system failure, information indicative of unexpected changes to an integrity of a file system, or sensitive or personal information associated with one or more users.

18. An apparatus, comprising:
- a storage device; and
  
  at least one processor coupled to the storage device, wherein the storage device stores a program for controlling the at least one processor, and wherein the at least one processor, being operative with the program, is configured to;
  
  obtain polling information indicative of an availability of a server to execute an operation on content associated with at least one web page, the operation corresponding to a functionality of the at least one web page;
  
  determine, based on the polling data, whether the server is capable of executing the operation;
  
  transmit first configuration data to the server when the server is capable of executing the operation, the first configuration data instructing the server to execute the operation on the content associated with at least one web page to simulate the functionality of the at least one web page in accordance with the configuration data and generate first output data characterizing at least one of a privacy policy or a security policy of the at least one web page;
  
  obtain the first output data from the server, the first output data characterizing the at least one of privacy or security policy of the at least one web page; and
  
  generate information indicative of a compliance of the at least one privacy or security policy of the at least one web page with a corresponding privacy regulation or security regulation established by at least one of a governmental entity or a regulatory organization, the information being generated based on the first output data.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The apparatus of claim 18, wherein the first configuration data identifies the operation and the at least one web page.
  - 20. The apparatus of claim 19, wherein the at least one processor is further configured to:
    - receive a request to execute the operation from an input source;
      
      receive the polling information from the server; and
      
      determine whether the server is capable of executing the operation, based on the received request and the polling data.
  - 21. The apparatus of claim 18, wherein:
    - the operation executed by the server generates forensic data corresponding to the simulated functionality of the at least one web page; and
      
      the forensic data comprises at least one of a cache file, a script file, information associated with a data stream, a locally-stored object, image data, information indicative of system failure, information indicative of unexpected changes to an integrity of a file system, or sensitive or personal information associated with one or more users.
  - 22. The apparatus of claim 21, wherein the at least one processor is further configured to:
    - determine, based on the polling data, whether the server is capable of executing an analytical operation that analyzes at least a portion of the forensic data, the analytical operation comprising at least one of an operation performed on a hyperlink within the forensic data, an operation performed on an image call within the forensic data, an operation applied to a locally-stored object within the forensic data, or an operation applied to an image of the web page within the forensic data;
      
      transmit second configuration data to the server when the server is capable of executing the analytical operation; and
      
      obtain second output data associated with the executed analytical operation that characterizes the at least one privacy or security policy of the at least one web page.

23. A tangible, non-transitory computer-readable medium storing instructions that, when executed by at least one processor, perform a method comprising the steps of:
- obtaining polling information indicative of an availability of a server to execute an operation on content associated with at least one web page, the operation corresponding to a functionality of the at least one web page;
  
  determining, based on the polling data, whether the server is capable of executing the operation;
  
  when the server is capable of executing the operation, generating an instruction to transmit first configuration data to the server, the first configuration data instructing the server to execute the operation on the content associated with the at least one web page to simulate the functionality of the at least one web page in accordance with the configuration data and generate first output data characterizing at least one of a privacy policy or a security policy of the at least one web page;
  
  obtaining the first output data from the server, the first output data characterizing the at least one of privacy or security policy of the at least one web page; and
  
  generating information indicating whether the at least one privacy or security policy of the at least one web page complies with a corresponding privacy regulation or security regulation established by at least one of a governmental entity or a regulatory organization, the information being generated based on the obtained first output data.
- View Dependent Claims (24)
- - 24. The computer readable medium of claim 23, wherein the operation capable of being performed by the server comprises an analytical operation, the analytical operation including at least one of a first operation performed on a hyperlink within forensic data generated by the server, a second operation performed on an image call within the forensic data, a third operation applied to a locally-stored object within the forensic data, or a fourth operation applied to the image of the at least one web page.

27. A server, comprising:
- a storage device that stores instructions; and
  
  at least one processor coupled to the storage device to execute the instructions and configure the at least one processor to;
  
  obtain, from a requesting device, configuration data identifying a web page and at least one operation that, when executed by the server, simulates at least one functionality of the web page;
  
  executing the at least one operation on content associated with the web page to simulate the at least one functionality of the web page;
  
  based on the at least one simulated functionality, generate information indicative of a compliance of at least one privacy or security policy of the web page with a corresponding privacy or security regulation established by at least one of a governmental entity or a regulatory organization; and
  
  transmit output data associated with the at least one executed operation to the requesting device, the output data comprising the generated information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Yahoo Assets LLC
Original Assignee
AOL Inc. (Apollo Global Management, Inc.)
Inventors
Wilson, Jeffrey Todd
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Nipa, Wasika

Application Number

US13/763,343
Publication Number

US 20130212638A1
Time in Patent Office

1,404 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 11/3688   for test execution, e.g. sc...

G06F 21/645   using a third party

G06Q 10/10   Office automation; Time man...

G06Q 50/26   Government or public servic...

H04L 63/20   for managing network securi...

Systems and methods for testing online systems and content

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for testing online systems and content

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links