Home arrow Blog arrow Cenzic arrow Patent Review - Claim 1

 
Home
Cenzic Invented Fault Injection?!
Month of Prior Art
Cenzic-vs-NTO
Blog
News/Blog Coverage
Patent Fighters
Advanced Search
Contact Us
FAQ
Patent Review - Claim 1 PDF Print E-mail
Patents - Cenzic
Written by Enrique A. Sanchez Montellano   
Feb 12, 2011 at 03:38 AM

The short of it is; Creating a program to which send a malformed request with intentionally bad content in order to generate a "malformed" or error response.

The Long of it can be read from the patent. The first claim is basically a method in which they variate patterns, in which they alter a character encoding, add a double delimiter (aka // and multiple / or \ or delimiters), provide no values to the expression, adding single quotes and double quotes, changing the value for a "buffer function" (aka a long line of characters, sounds like buffer overflows right?) using all that to form an expression to then attack a system and detect failures.

The full claim is as follows...

The first claim says:

1. A method of creating a fault-inducing transaction representation in a network, the method comprising: interjecting a pattern with fault-inducing sub-fields, where thepattern is an expression including a literal string and a wildcard character class, wherein interjecting the pattern comprises at least one of the following: providing alternative character encoding for a character in the expression, providing a doubledelimiter in the expression, providing all delimiters in the expression, providing no values in the expression, providing a single character and delimiter-value pair in the expression, providing an unbalanced pair in the expression, replacing a delimiterwith random ranges that cover the value of the delimiter, providing an alternative encoding to encode a transaction field with a character that is equal in nature and different in representation, providing a prefixed escape in the expression, providingghost character encoding in the expression, controlling a user identity which is a field indicating resource name or user identity, injecting unfiltered metacharacters to a secondary process, providing extraneous meta-characters for causingmisclassification, or parsing out a delimiter to obtain an intermediate representation of the expression, where a value in the expression is replaced by a buffer function; and using the expression to form a subsequent expression that can be used by atarget system to detect and trigger on the network at least one transaction that matches the expression.

 

User Comments

Please login or register to add comments

Mambo is Free Software released under the GNU/GPL License.