System and method for providing network security to mobile devices

US 10,417,421 B2
Filed: 09/27/2018
Issued: 09/17/2019
Est. Priority Date: 12/13/2005
Status: Active Grant

- Alert
- Pin

First Claim

Patent Images

1. A system, comprising:

a mobile device including at least one mobile device processor, mobile device memory and a mobile device data port, the mobile device memory having data transfer code and a data transfer policy thereon,the data transfer code being configured to disable all data transfer via resident devices resident on the mobile device, when the mobile device is outside of any of one or more trusted networks and when a trusted security device is not coupled to the mobile device data port of the mobile device,the data transfer code being configured to determine whether the mobile device is on any of the one or more trusted networks by searching for a predetermined network device on the one or more trusted networks,the data transfer code being configured to enable data transfer via at least one of the resident devices, when the mobile device is outside of any of the one or more trusted networks and only if the trusted security device is coupled to the mobile device data port of the mobile device,the data transfer policy including information for identifying the one or more trusted networks, andthe mobile device including a redirector executable by the at least one mobile device processor to redirect particular incoming data from the mobile device to a particular trusted security device; and

the particular trusted security device including at least one security device processor, security device memory and a security device data port, the security device data port configured to couple to the mobile device data port, the at least one security device processor being different than the at least one mobile device processor, the security device memory including security code and a security policy thereon,the security code configured to receive the particular incoming data before the at least one mobile device processor processes the particular incoming data,the security code configured to evaluate the particular incoming data for malware to implement the security policy as it relates to the particular incoming data; and

the security code configured to prevent at least a portion of the particular incoming data from being processed by the at least one mobile device processor or configured to modify at least a portion of the particular incoming data before being processed by the at least one mobile device processor.

View all claims

2 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

189 Citations

14 Claims

1. A system, comprising:
- a mobile device including at least one mobile device processor, mobile device memory and a mobile device data port, the mobile device memory having data transfer code and a data transfer policy thereon,the data transfer code being configured to disable all data transfer via resident devices resident on the mobile device, when the mobile device is outside of any of one or more trusted networks and when a trusted security device is not coupled to the mobile device data port of the mobile device,the data transfer code being configured to determine whether the mobile device is on any of the one or more trusted networks by searching for a predetermined network device on the one or more trusted networks,the data transfer code being configured to enable data transfer via at least one of the resident devices, when the mobile device is outside of any of the one or more trusted networks and only if the trusted security device is coupled to the mobile device data port of the mobile device,the data transfer policy including information for identifying the one or more trusted networks, andthe mobile device including a redirector executable by the at least one mobile device processor to redirect particular incoming data from the mobile device to a particular trusted security device; and
  
  the particular trusted security device including at least one security device processor, security device memory and a security device data port, the security device data port configured to couple to the mobile device data port, the at least one security device processor being different than the at least one mobile device processor, the security device memory including security code and a security policy thereon,the security code configured to receive the particular incoming data before the at least one mobile device processor processes the particular incoming data,the security code configured to evaluate the particular incoming data for malware to implement the security policy as it relates to the particular incoming data; and
  
  the security code configured to prevent at least a portion of the particular incoming data from being processed by the at least one mobile device processor or configured to modify at least a portion of the particular incoming data before being processed by the at least one mobile device processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the security code is configured to perform gateway level security services including firewall services.
  - 3. The system of claim 1, wherein the security code includes at least one of antivirus software, antispyware software, a firewall, IPS/IDS software, content filtering software, a bytecode monitor, and a URL monitor.
  - 4. The system of claim 1, wherein the security device data port includes at least one of a USB connector, a PCMCIA connector, an Ethernet connector, or a wireless communication module to communicate with the mobile device.
  - 5. The system of claim 1, wherein the particular trusted security device includes an external data port configured to receive the particular incoming data directly.
  - 6. The system of claim 1, wherein the data transfer code is configured to install a device driver to the mobile device to enable the data transfer via the at least one of the resident devices.
  - 7. The system of claim 1, wherein at least a portion of the particular trusted security device is a part of the mobile device.

8. A security method, comprising:
- determining whether a mobile device is on any of one or more trusted networks by searching for a predetermined network device on the one or more trusted networks;
  
  disabling all data transfer via resident devices resident on the mobile device, when the mobile device is outside of any of the one or more trusted networks and when a trusted security device is not coupled to a mobile device data port of the mobile device, the mobile device including at least one mobile device processor, mobile device memory and the mobile device data port, the mobile device memory having data transfer code and a data transfer policy thereon, the data transfer policy including information for identifying the one or more trusted networks;
  
  enabling data transfer via at least one of the resident devices resident on the mobile device, when the mobile device is outside of any of the one or more trusted networks and only if the trusted security device is coupled to the mobile device data port of the mobile device;
  
  using the at least one mobile device processor to execute a redirector on the mobile device to redirect particular incoming data from the mobile device to a particular trusted security device;
  
  receiving the particular incoming data by the particular trusted security device before the at least one mobile device processor processes the particular incoming data, the particular trusted security device including at least one security device processor, security device memory and a security device data port, the security device data port configured to couple to the mobile device data port, the at least one security device processor being different than the at least one mobile device processor, the security device memory including security code and a security policy thereon;
  
  using the security code to evaluate the particular incoming data for malware to implement the security policy as it relates to the particular incoming data; and
  
  preventing at least a portion of the particular incoming data from being processed by the at least one mobile device processor, or modifying at least a portion of the particular incoming data before being processed by the at least one mobile device processor.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The security method of claim 8, wherein using the security code includes performing gateway level security services including firewall services.
  - 10. The security method of claim 8, wherein the security code includes at least one of antivirus software, antispyware software, a firewall, IPS/IDS software, content filtering software, a bytecode monitor, and a URL monitor.
  - 11. The security method of claim 8, wherein the security device data port includes at least one of a USB connector, a PCMCIA connector, an Ethernet connector, or a wireless communication module to communicate with the mobile device.
  - 12. The security method of claim 8, further comprising receiving the particular incoming data by the particular trusted security device via an external data port thereon.
  - 13. The security method of claim 8, further comprising installing a device driver to the mobile device to enable the data transfer via the at least one of the resident devices after the particular trusted security device is coupled to the mobile device.
  - 14. The security method of claim 8, wherein at least a portion of the particular trusted security device is a part of the mobile device.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
CUPP Computing AS
Original Assignee
CUPP Computing AS
Inventors
Touboul, Shlomo
Primary Examiner(s)
Okeke, Izunna

Application Number

US16/144,408
Publication Number

US 20190026463A1
Time in Patent Office

355 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/562   Static detection

H04L 63/02   for separating internal fro...

H04L 63/0263   Rule management

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

H04W 12/00   Security arrangements; Auth...

H04W 12/12   Detection or prevention of ...

H04W 12/128   Anti-malware arrangements, ...

System and method for providing network security to mobile devices

First Claim

2 Assignments

Litigations

0 Petitions

Accused Products

Abstract

189 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing network security to mobile devices

First Claim

2 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

189 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links