Verification that particular information is transferred by an application
US9645860B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 6, 2013 |
| Grant date | May 9, 2017 |
| Priority date | — |
| Expiry date | Mar 20, 2034 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/031
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
The technology includes a method to test what information an application transfers to an external computing device. A user's consent is explicitly obtained before the application transfers certain types of information, such as sensitive information. When a determination is made that an application is transferring sensitive information, a prompt for consent from a user may be provided that is accurate and detailed. In pre-production environments, technology can be used to detect whether this sensitive information is being transferred, and to validate whether a prompt for consent is necessary or unnecessary. To determine this, shimming is used to intercept application calls to APIs that return sensitive information. Requested sensitive information may be substituted with recorded or forged information from those APIs to produce a sentinel or canary. Similarly, network traffic of the application may be analyzed by another shim to determine when the substitute information is present.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.