Privately performing application security analysis
First Claim
1. A method, comprising:
- generating a plurality of cryptographic representations for each of a plurality of types of application information for an application residing on a mobile device, the plurality of types of application information comprising an application name and a company identifier,each of the plurality of cryptographic representations being a composite hash of both the application name and the company identifier;
transmitting the plurality of cryptographic representations to an application risk control system; and
receiving a message from the application risk control system indicating whether the application is permitted or not permitted for a company associated with the company identifier, wherein the company is associated with a company specific whitelist and blacklist comprising composite hashes of application names and company identifiers.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for analyzing applications on a mobile device for risk so as to maintain the privacy of the application user are provided. In the example method, the process receives a request from a mobile device. The request includes a cryptographic representation of application information for an application residing on a mobile device. The method includes comparing the cryptographic representation to an application information database that includes cryptographic representations of applications. The method also includes automatically remediating, e.g., quarantining and retiring, the application if the application matches an application that is a known risk in the database. Exemplary embodiments provide companies with controls to prevent specific applications—which have specific behaviors and are present on mobile devices being used by employees—from being used by employees, without the company having any visibility into what particular applications are being used by the employees on the mobile device.
57 Citations
18 Claims
-
1. A method, comprising:
-
generating a plurality of cryptographic representations for each of a plurality of types of application information for an application residing on a mobile device, the plurality of types of application information comprising an application name and a company identifier, each of the plurality of cryptographic representations being a composite hash of both the application name and the company identifier; transmitting the plurality of cryptographic representations to an application risk control system; and receiving a message from the application risk control system indicating whether the application is permitted or not permitted for a company associated with the company identifier, wherein the company is associated with a company specific whitelist and blacklist comprising composite hashes of application names and company identifiers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system, comprising:
-
a processor; and a memory for storing executable instructions, the instructions being executed by the processor to; generate a cryptographic representation of application information for an application residing on a mobile device, the cryptographic representation being a composite hash of both an application name and a company identifier; transmit the cryptographic representation to an application risk control system on a dedicated channel such that device identifying information is not exposed; and receive a message from the application risk control system indicating whether the application is permitted or not permitted for a company associated with the company identifier, wherein the company is associated with a company specific whitelist and blacklist comprising composite hashes of application names and company identifiers. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A method, comprising:
-
generating a plurality of cryptographic representations for each of a plurality of types of application information for an application residing on a mobile device, the plurality of types of application information comprising an application name and a company identifier, each of the plurality of cryptographic representations being a composite hash of both the application name and the company identifier; transmitting the plurality of cryptographic representations to an application risk control system; and receiving a message from the application risk control system indicating whether the application is permitted or not permitted to access an enterprise network with enterprise services of a company associated with the company identifier, the indication based on a risk score calculated for the application, wherein the company is associated with a company specific whitelist and blacklist comprising composite hashes of application names and company identifiers.
-
Specification