WO2007109711A3 - Security scanning system and method - Google Patents

Security scanning system and method Download PDF

Info

Publication number
WO2007109711A3
WO2007109711A3 PCT/US2007/064495 US2007064495W WO2007109711A3 WO 2007109711 A3 WO2007109711 A3 WO 2007109711A3 US 2007064495 W US2007064495 W US 2007064495W WO 2007109711 A3 WO2007109711 A3 WO 2007109711A3
Authority
WO
WIPO (PCT)
Prior art keywords
scanning
running
customer device
application program
program
Prior art date
Application number
PCT/US2007/064495
Other languages
French (fr)
Other versions
WO2007109711A2 (en
Inventor
Jerald Robert Howcroft
John J Markley
Carmine Rocco A Del
Original Assignee
At & T Knowledge Ventures Lp
Jerald Robert Howcroft
John J Markley
Carmine Rocco A Del
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by At & T Knowledge Ventures Lp, Jerald Robert Howcroft, John J Markley, Carmine Rocco A Del filed Critical At & T Knowledge Ventures Lp
Publication of WO2007109711A2 publication Critical patent/WO2007109711A2/en
Publication of WO2007109711A3 publication Critical patent/WO2007109711A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/24Monitoring of processes or resources, e.g. monitoring of server load, available bandwidth, upstream requests
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/442Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/443OS processes, e.g. booting an STB, implementing a Java virtual machine in an STB or power management in an STB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/81Monomedia components thereof
    • H04N21/8166Monomedia components thereof involving executable data, e.g. software
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/85Assembly of content; Generation of multimedia applications
    • H04N21/854Content authoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/173Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal

Abstract

The present disclosure provides a computer-readable medium, method and system for determining security vulnerabilities for a plurality of application programs (120, 130, 140 and 150) u sed to provide television services to a customer device (132) over a communications network (100). The method includes running a first scanning program against a first application program relating to a control panel for the customer device; running a second scanning program against a second application program that provides Internet content to the customer device; running a third scanning program against a third application program that relates to a component management system of customer premises equipment; and correlating security vulnerabilities identified utilizing the first, second, and third scanning programs.
PCT/US2007/064495 2006-03-21 2007-03-21 Security scanning system and method WO2007109711A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/385,609 2006-03-21
US11/385,609 US8387138B2 (en) 2006-03-21 2006-03-21 Security scanning system and method

Publications (2)

Publication Number Publication Date
WO2007109711A2 WO2007109711A2 (en) 2007-09-27
WO2007109711A3 true WO2007109711A3 (en) 2008-10-30

Family

ID=38523278

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/064495 WO2007109711A2 (en) 2006-03-21 2007-03-21 Security scanning system and method

Country Status (2)

Country Link
US (4) US8387138B2 (en)
WO (1) WO2007109711A2 (en)

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110075047A1 (en) * 2009-09-29 2011-03-31 Sony Corporation Firewall port selection using atsc tuner signals
US8925039B2 (en) * 2009-12-14 2014-12-30 At&T Intellectual Property I, L.P. System and method of selectively applying security measures to data services
US9747187B2 (en) * 2010-10-27 2017-08-29 International Business Machines Corporation Simulating black box test results using information from white box testing
US9830142B2 (en) 2013-09-13 2017-11-28 Microsoft Technology Licensing, Llc Automatic installation of selected updates in multiple environments
US9626176B2 (en) * 2013-09-13 2017-04-18 Microsoft Technology Licensing, Llc Update installer with technical impact analysis
EP3100192B1 (en) * 2014-01-27 2018-10-31 Cronus Cyber Technologies Ltd. Automated penetration testing device, method and system
US9742792B2 (en) * 2014-10-01 2017-08-22 Whitehat Security, Inc. Site security monitor
US9407656B1 (en) * 2015-01-09 2016-08-02 International Business Machines Corporation Determining a risk level for server health check processing
US10075475B2 (en) 2015-02-06 2018-09-11 Honeywell International Inc. Apparatus and method for dynamic customization of cyber-security risk item rules
US10021125B2 (en) 2015-02-06 2018-07-10 Honeywell International Inc. Infrastructure monitoring tool for collecting industrial process control and automation system risk data
US10021119B2 (en) 2015-02-06 2018-07-10 Honeywell International Inc. Apparatus and method for automatic handling of cyber-security risk events
US10075474B2 (en) 2015-02-06 2018-09-11 Honeywell International Inc. Notification subsystem for generating consolidated, filtered, and relevant security risk-based notifications
US10298608B2 (en) 2015-02-11 2019-05-21 Honeywell International Inc. Apparatus and method for tying cyber-security risk analysis to common risk methodologies and risk levels
US20160234242A1 (en) * 2015-02-11 2016-08-11 Honeywell International Inc. Apparatus and method for providing possible causes, recommended actions, and potential impacts related to identified cyber-security risk items
US9800604B2 (en) 2015-05-06 2017-10-24 Honeywell International Inc. Apparatus and method for assigning cyber-security risk consequences in industrial process control environments
US10489746B2 (en) * 2015-07-30 2019-11-26 Espresa, Inc. Cloud based platform for vehicle related services
US10243957B1 (en) * 2015-08-27 2019-03-26 Amazon Technologies, Inc. Preventing leakage of cookie data
US11522901B2 (en) * 2016-09-23 2022-12-06 OPSWAT, Inc. Computer security vulnerability assessment
US9749349B1 (en) * 2016-09-23 2017-08-29 OPSWAT, Inc. Computer security vulnerability assessment
US10298605B2 (en) * 2016-11-16 2019-05-21 Red Hat, Inc. Multi-tenant cloud security threat detection
CN107231381A (en) * 2017-08-02 2017-10-03 中电长城网际系统应用有限公司 Safety detection method, service interface module, safety detection device and network system
US20220150273A1 (en) * 2019-09-04 2022-05-12 Haiku, Inc. System and method for cyber training
CN114866327B (en) * 2022-05-16 2024-02-13 中国联合网络通信集团有限公司 Host security scanning method, device, electronic equipment and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6976163B1 (en) * 2000-07-12 2005-12-13 International Business Machines Corporation Methods, systems and computer program products for rule based firmware updates utilizing certificate extensions and certificates for use therein
US20060085852A1 (en) * 2004-10-20 2006-04-20 Caleb Sima Enterprise assessment management

Family Cites Families (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4654852A (en) 1984-05-15 1987-03-31 International Business Machines Corporation On-line problem-determination procedure for diagnosis of faults in a data-processing system
US4817080A (en) 1987-02-24 1989-03-28 Digital Equipment Corporation Distributed local-area-network monitoring system
US5123017A (en) 1989-09-29 1992-06-16 The United States Of America As Represented By The Administrator Of The National Aeronautics And Space Administration Remote maintenance monitoring system
US5159685A (en) 1989-12-06 1992-10-27 Racal Data Communications Inc. Expert system for communications network
US5319776A (en) 1990-04-19 1994-06-07 Hilgraeve Corporation In transit detection of computer virus with safeguard
US5072370A (en) 1990-05-08 1991-12-10 International Business Machines Corporation System and method for monitoring electronic data processing equipment
US5475625A (en) 1991-01-16 1995-12-12 Siemens Nixdorf Informationssysteme Aktiengesellschaft Method and arrangement for monitoring computer manipulations
AU660661B2 (en) 1991-02-05 1995-07-06 Storage Technology Corporation Knowledge based machine initiated maintenance system
EP0570513B1 (en) 1991-02-05 1999-04-21 Storage Technology Corporation Maintenance apparatus and method initiated by a hierarchical distributed knowledge based machine
DE69225822T2 (en) 1991-03-12 1998-10-08 Hewlett Packard Co Diagnostic method of data communication networks based on hypotheses and conclusions
US5544308A (en) 1994-08-02 1996-08-06 Giordano Automation Corp. Method for automating the development and execution of diagnostic reasoning software in products and processes
US5491791A (en) 1995-01-13 1996-02-13 International Business Machines Corporation System and method for remote workstation monitoring within a distributed computing environment
US5958008A (en) 1996-10-15 1999-09-28 Mercury Interactive Corporation Software system and associated methods for scanning and mapping dynamically-generated web documents
IT1288763B1 (en) 1996-10-17 1998-09-24 Umberto Sardo APPARATUS WITH RETRACING OPTICAL CIRCUIT FOR THE MEASUREMENT OF PHYSICAL QUANTITIES INSENSIBLE TO ENVIRONMENTAL DISTURBANCES
US5960170A (en) 1997-03-18 1999-09-28 Trend Micro, Inc. Event triggered iterative virus detection
US6530022B1 (en) 1998-12-17 2003-03-04 International Business Machines Corporation Permission-based scanning of a web site
US6535227B1 (en) * 2000-02-08 2003-03-18 Harris Corporation System and method for assessing the security posture of a network and having a graphical user interface
US6868292B2 (en) * 2000-09-14 2005-03-15 The Directv Group, Inc. Device control via digitally stored program content
EP1407356B1 (en) * 2001-07-03 2016-09-07 Accenture Global Services Limited Broadband communications
US7243148B2 (en) * 2002-01-15 2007-07-10 Mcafee, Inc. System and method for network vulnerability detection and reporting
US7257630B2 (en) * 2002-01-15 2007-08-14 Mcafee, Inc. System and method for network vulnerability detection and reporting
US20040163126A1 (en) * 2003-01-31 2004-08-19 Qwest Communications International Inc. Methods and apparatus for delivering a computer data stream to a video appliance with a network interface device
US20040197082A1 (en) * 2003-04-04 2004-10-07 Lg Electronics Inc. Broadcasting program reservation recording system using PDA and method thereof
US7409719B2 (en) * 2004-12-21 2008-08-05 Microsoft Corporation Computer security management, such as in a virtual machine or hardened operating system
US20070198718A1 (en) * 2006-01-27 2007-08-23 Sbc Knowledge Ventures, L.P. System and method for providing virtual access, storage and management services for IP devices via digital subscriber lines

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6976163B1 (en) * 2000-07-12 2005-12-13 International Business Machines Corporation Methods, systems and computer program products for rule based firmware updates utilizing certificate extensions and certificates for use therein
US20060085852A1 (en) * 2004-10-20 2006-04-20 Caleb Sima Enterprise assessment management

Also Published As

Publication number Publication date
US20070226794A1 (en) 2007-09-27
US20160080409A1 (en) 2016-03-17
US20130239218A1 (en) 2013-09-12
US8387138B2 (en) 2013-02-26
US10044743B2 (en) 2018-08-07
WO2007109711A2 (en) 2007-09-27
US9197659B2 (en) 2015-11-24
US8601582B2 (en) 2013-12-03
US20140109229A1 (en) 2014-04-17

Similar Documents

Publication Publication Date Title
WO2007109711A3 (en) Security scanning system and method
WO2008073618A3 (en) Instant on platform
WO2007092881A3 (en) System and method for controlling provision of content over a television network
WO2008024501A3 (en) System and method for mobile device application management
WO2006044135A3 (en) Enterprise assessment management
WO2009040673A3 (en) System and method for providing real time targeted rating to enable content placement for video audiences
WO2008008863A3 (en) System, method and apparatus for troubleshooting an ip network
WO2005094270A3 (en) Methods and systems for a/v input device to diplay networking
WO2008019193A3 (en) Method and apparatus for monitoring and synchronizing user interface events with network data
WO2005094168A3 (en) Method and system for device group management using virtual device domains
WO2007103449A3 (en) System and method for generating a unified accounting record for a communication session
WO2006078729A3 (en) Network appliance for vulnerability assessment auditing over multiple networks
WO2008138747A3 (en) Method and device for data processing and communication system comprising such device
WO2008043109A3 (en) System and method of reporting and visualizing malware on mobile networks
WO2007123882A3 (en) System and method for controlling content and delivery of internet protocol television (ptv) services
WO2007111697A3 (en) Channel changes between services with differing bandwidth in a switched digital video system
WO2007050590A3 (en) Media content delivery audit and verification services
WO2006022917A3 (en) A system, method, service method, and program product for managing entitlement with identity and privacy applications for electronic commerce
EP1550310A4 (en) Method and system for emulating an http server through a broadcast carousel
WO2008045370A3 (en) Method, system and apparatus for a dual mode mobile device
WO2002084489A3 (en) An apparatus and method for accessing a mass storage device in a fault-tolerant server
WO2004010258A3 (en) System and method for validating security access across a network layer and a local file layer
WO2008022339A3 (en) Method of data collection in a distributed network
WO2008039741A3 (en) System and method for project process and workflow optimization
WO2004051505A3 (en) Web service agent

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07758991

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07758991

Country of ref document: EP

Kind code of ref document: A2