Security scanning system and method

US 20070226794A1
Filed: 03/21/2006
Published: 09/27/2007
Est. Priority Date: 03/21/2006
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium accessible to a processor for executing instructions contained in a computer program embedded in the computer readable medium, the computer program comprising:

instructions to run a first scanning program against a first application program relating to a control panel for use on customer device;

instructions to run a second scanning program against a second application program that provides Internet content to the customer device over a communications network to identify security vulnerabilities with the second application program;

instructions to run a third scanning program relating to a component management system for a customer premises equipment (CPE) against a third application program to identify security vulnerabilities with the third application program; and

instructions to correlate the identified security vulnerabilities with the first, second, third and fourth application programs.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure provides a computer-readable medium, method and system for determining security vulnerabilities for a plurality of application programs used to provide television services to a customer device over a communications network. The method includes running a first scanning program against a first application program relating to a control panel for the customer device; running a second scanning program against a second application program that provides Internet content to the customer device; running a third scanning program against a third application program that relates to a component management system of customer premises equipment; and correlating security vulnerabilities identified utilizing the first, second, and third scanning programs.

41 Citations

View as Search Results

20 Claims

1. A computer-readable medium accessible to a processor for executing instructions contained in a computer program embedded in the computer readable medium, the computer program comprising:
- instructions to run a first scanning program against a first application program relating to a control panel for use on customer device;
  
  instructions to run a second scanning program against a second application program that provides Internet content to the customer device over a communications network to identify security vulnerabilities with the second application program;
  
  instructions to run a third scanning program relating to a component management system for a customer premises equipment (CPE) against a third application program to identify security vulnerabilities with the third application program; and
  
  instructions to correlate the identified security vulnerabilities with the first, second, third and fourth application programs.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-readable medium of claim 1, wherein the first scanning program is a network scanner, the second scanning program is a web-based scanner, the third and fourth scanning programs each is one of the network scanner and the web-based scanner.
  - 3. The computer-readable medium of claim 1, wherein the customer device is a set-top-box for providing content to a television set.
  - 4. The computer-readable medium of claim 3, wherein the computer program further comprises instructions to run a fourth scanning program against an applications program that is used in the set-top-box.
  - 5. The computer-readable medium of claim 1, wherein the computer program further comprises instructions to run at least one of the first, second, and third scanning programs on a first server located in the communications network against at least one of the first, second and third application programs located at a second server at a remote location.
  - 6. The computer-readable medium of claim 5, wherein the computer program further comprises instructions to obtain access to the second server from the first server.
  - 7. The computer-readable medium of claim 1, wherein the computer program further comprises instructions to assign a risk level to each of the identified vulnerabilities and provide a report that indicates the risk level.

8. A method of determining security vulnerabilities for a plurality of application programs for use in providing television services to a set-top-box (STB) over a communications network, comprising:
- running a first scanning program against a first application program relating to a control panel for the STB provided over a communications network;
  
  running a second scanning program against a second application program that provides Internet content to the STB over the communications network;
  
  running a third scanning program against a third application program that relates to component management system of a CPE; and
  
  correlating security vulnerabilities identified utilizing the first, second, and third scanning programs.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the first scanning program is a network scanner, the second scanning program is a web-based scanner, and third scanning program is at least one of a network and web-based scanners.
  - 10. The method of claim 8 further comprising assigning a risk level to each of the identified security vulnerabilities and providing a consolidated report that identifies the assigned risk.
  - 11. The method of claim 8, wherein the third application program relates to a digital subscriber line (DSL) modem.
  - 12. The method of claim 8, wherein at least one of the first, second and third scanning programs is run remotely from a first server in the backbone network against a second server located at an application program provider via the Internet.
  - 13. The method of claim 9 further comprising running a network scanner and a web-based scanner against a fourth application program adapted for use in the STB in an environment that simulates a DSL network.
  - 14. The method of claim 8, wherein the second server has an associated firewall and the method further comprising obtaining access to the second server utilizing a selected identifier.

15. A system, comprising:
- a database that stores information relating to security vulnerabilities for a plurality of application programs associated with a customer device;
  
  a server having access to a computer program, the server utilizing the database and executing instructions contained in the computer program that includes;
  
  instructions to run a first scanning program against a first application program relating to a control panel for use on customer device that interfaces with a television set to identify security vulnerabilities with the first application program;
  
  instructions to run a second scanning program against a second application program that provides Internet content to the customer device over a communications network to identify security vulnerabilities with the second application program;
  
  instructions to run a third scanning program against a third application program that is a component management system for a CPE to identify security vulnerabilities with the third application program;
  
  instructions to run a fourth scanning program against a fourth application program that is used in the customer device to identify security vulnerabilities with the fourth application program; and
  
  instructions to correlate the identified security vulnerabilities with the first, second, third and fourth application programs.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the first scanning program is a network scanner, the second scanning program is a web-based scanner, the third and fourth scanning programs each is one of the network scanner and the web-based scanner.
  - 17. The system of claim 15, wherein the customer device is a set-top-box for providing content to a television set.
  - 18. The system of claim 15, wherein the computer program further comprises:
    - instructions to run at least one of the first, second, and third scanning programs on a first server located in the communications network against at least one of the first, second and third application programs located at a second server at a remote location.
  - 19. The system of claim 18, wherein the computer program further comprises:
    - instructions to assign a risk level to each of the identified vulnerabilities and provide a report that indicates the risk level.
  - 20. The system of claim 18, wherein the second server has a firewall associated therewith and the computer program further comprises:
    - instructions to obtain access to the second server over the Internet using a selected identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
Sbc Knowledge Ventures, L.P.
Inventors
Howcroft, Jerald, Del Carmine, Rocco, Markley, John

Granted Patent

US 8,387,138 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/14   for detecting or protecting...

H04L 63/1433   Vulnerability analysis

H04N 21/24   Monitoring of processes or ...

H04N 21/442   Monitoring of processes or ...

H04N 21/443   OS processes, e.g. booting ...

H04N 21/8166   involving executable data, ...

H04N 21/854   Content authoring

H04N 7/173   with two-way working, e.g. ...

Security scanning system and method

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Security scanning system and method

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others