Install runtime agent for security test
US-2017103211-A1 · Apr 13, 2017 · US
Security verification by message interception and modification
US10574686B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10574686-B2 |
| Application number | US-201816230901-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 21, 2018 |
| Priority date | Sep 18, 2014 |
| Publication date | Feb 25, 2020 |
| Grant date | Feb 25, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A first computer is selected for testing. Information sent from a second computer system to the first computer is intercepted. The information is modified to be noncompliant with a communication protocol, thereby producing noncompliant information. A determination is made whether the first computer device has failed to provide a particular response to receipt of the noncompliant information, and an operation is performed based at least in part on the determination.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer implemented method, comprising: intercepting information sent from a second computer system to a first computer system; testing the first computer system by: modifying, to be noncompliant with a secure communication protocol, the information to produce modified information that is out of compliance with the secure communications protocol; and making a determination that the first computer system has failed to provide a particular response to the modified information according to the secure communications protocol; and performing an operation based at least in part on the determination. 2. The computer implemented method of claim 1 , wherein the secure communications protocol is a transport layer security protocol. 3. The computer implemented method of claim 1 , wherein the operation prevents communication over a session negotiated according to the secure communications protocol. 4. The computer implemented method of claim 1 , wherein the operation includes preventing information from being transmitted to the first computer system. 5. The computer implemented method of claim 1 , wherein the information is a message in a handshake according to the secure communications protocol. 6. The computer implemented method of claim 5 , wherein the message is invalid according to the secure communications protocol. 7. The computer implemented method of claim 1 , wherein the operation removes permissions that the first computer system is able to exercise. 8. A system, comprising: one or more processors; and memory storing instructions executable by the one or more processors to cause the system to: receive information sent from a second computer system to a first computer system; test the first computer system by: modifying, to be noncompliant with a secure communications protocol, the information to produce modified information that fails to comply with the secure communications protocol; transmitting the modified information to the first computer system; and making a determination whether to perform an operation based on behavior of the first computer system in response to the modified information; and perform the operation according to the determination. 9. The system of claim 8 , wherein the secure communications protocol is for encrypted communications. 10. The system of claim 8 , wherein receiving the information comprises intercepting the information on route between the second computer system and first computer system. 11. The system of claim 8 , wherein the modified information fails to comply with a handshake of the secure communications protocol. 12. The system of claim 8 , wherein the modified information comprises an invalid digital certificate. 13. The system of claim 8 , wherein the operation comprises transmitting executable code to the first computer system. 14. The system of claim 8 , wherein the operation comprises annotating a communication from the first computer system. 15. A non-transitory computer readable storage medium that stores executable instructions which, as a result of being executed by one or more processors of a computer system, cause the computer system to at least: select, for testing, a first computing device of a distributed computing system; and test the first computing device by causing the computer system to: modify, to be noncompliant with a communication protocol, information transmitted from a second computer system to a first computer system to produce information out of compliance with a secure communications protocol; and perform an operation selected based at least in part on a response to the modified information by the first computer system. 16. The non-transitory computer readable storage medium of claim 15 , wherein the executable instructions further cause the computer system to: determine a proper response to receipt of the modified information; and determine whether the first computing device responds in accordance with the proper response. 17. The non-transitory computer readable storage medium of claim 15 , wherein the computer system operates a firewall. 18. The non-transitory computer readable storage medium of claim 15 , wherein modifying the information comprises replacing a result of a cryptographic calculation with an erroneous result of a cryptographic calculation. 19. The non-transitory computer readable storage medium of claim 15 , wherein the information is in a handshake message of the secure communications protocol. 20. The non-transitory computer readable storage medium of claim 16 , wherein the secure communications protocol enables encrypted communications.
Assignees
Inventors
Classifications
service impersonation, e.g. phishing, pharming or web spoofing (detection of rogue wireless access points H04W12/12) · CPC title
Access control lists [ACL] · CPC title
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Financial cryptography, e.g. electronic payment or e-cash · CPC title
Single bridge functionality, e.g. connection of two networks over a single bridge · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10574686B2 cover?
- A first computer is selected for testing. Information sent from a second computer system to the first computer is intercepted. The information is modified to be noncompliant with a communication protocol, thereby producing noncompliant information. A determination is made whether the first computer device has failed to provide a particular response to receipt of the noncompliant information, an…
- Who is the assignee on this patent?
- Amazon Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1433. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 25 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).