Methods and systems for blocking potentially harmful communications to improve the functioning of an electronic device

US 10,417,432 B2
Filed: 06/05/2018
Issued: 09/17/2019
Est. Priority Date: 10/21/2008
Status: Active Grant

First Claim

Patent Images

1. A method for blocking, by an electronic device, a communication from an application, the communication transmitted to the electronic device using a first network connection, the method comprising:

receiving, by a security component, a policy configured by an administrator, the policy pertaining to the processing of communications by the security component and based on answers of the administrator to a set of questions;

receiving over the first network connection or a second network connection, by the security component according to the policy and from a local device proxy on the electronic device after the communication is received by the local device proxy, information pertaining to the communication from the application;

comparing, by the security component according to the policy, the obtained information to information associated with potentially harmful applications;

determining, by the security component from the comparison according to the policy, that the communication is from a potentially harmful application; and

instructing, by the security component as a result of the determination that the communication is from a potentially harmful application according to the policy, the local device proxy on the electronic device to block the communication from proceeding past the local device proxy to the remainder of the electronic device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided for sharing information and improving the functioning of devices by blocking potentially harmful communications. In the methods and systems disclosed, a security component on an electronic device may receive a policy. The security component may also receive, from a local device proxy on the electronic device, information pertaining to a communication. The security component may compare the information pertaining to the communication to the policy. The comparison may result in a determination that the communication is potentially harmful. The security component may then instruct the local device proxy to block the communication from proceeding past the local device proxy.

312 Citations

36 Claims

1. A method for blocking, by an electronic device, a communication from an application, the communication transmitted to the electronic device using a first network connection, the method comprising:
- receiving, by a security component, a policy configured by an administrator, the policy pertaining to the processing of communications by the security component and based on answers of the administrator to a set of questions;
  
  receiving over the first network connection or a second network connection, by the security component according to the policy and from a local device proxy on the electronic device after the communication is received by the local device proxy, information pertaining to the communication from the application;
  
  comparing, by the security component according to the policy, the obtained information to information associated with potentially harmful applications;
  
  determining, by the security component from the comparison according to the policy, that the communication is from a potentially harmful application; and
  
  instructing, by the security component as a result of the determination that the communication is from a potentially harmful application according to the policy, the local device proxy on the electronic device to block the communication from proceeding past the local device proxy to the remainder of the electronic device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the electronic device includes a mobile communications device or an internet-of-things device.
  - 3. The method of claim 1, wherein the security component is a component of the local device proxy.
  - 4. The method of claim 1, wherein the security component uses an inter-process communication in instructing the local device proxy to block the communication from the first application.
  - 5. The method of claim 1, wherein:
    - the security component is executing on a server.
  - 6. The method of claim 1, wherein the policy configured by the administrator was created by:
    - the administrator receiving, from a software component executing on a server, the set of questions;
      
      the administrator providing, to the software component, the answers to the set of questions; and
      
      based on the answers received from the administrator, the software component configuring the policy.
  - 7. The method of claim 1,wherein the comparing the obtained information to information associated with potentially harmful applications comprises:
    - comparing the obtained information to information associated with a first potentially harmful application from a plurality of potentially harmful applications, the comparison producing a value corresponding to a degree the obtained information matches the information associated with the first potentially harmful application; and
      
      wherein the determining that the communication is from a potentially harmful application comprises;
      
      determining that the communication is from the first potentially harmful application when the comparison value exceeds a threshold value.
  - 8. The method of claim 1,wherein the comparing the obtained information to information associated with potentially harmful applications comprises:
    - comparing the obtained information to behavioral characteristics of potentially harmful applications, the behavioral characteristics specified by the policy, the comparison producing a value corresponding to a degree the obtained information matches the behavioral characteristics of potentially harmful applications; and
      
      wherein the determining that the communication is from a potentially harmful application comprises;
      
      determining that the communication is from a potentially harmful application when the comparison value exceeds a threshold value.

9. A method for blocking, by an electronic device, a communication from an application installed on the electronic device, the application attempting to transmit the communication using a first network connection, the method comprising:
- receiving, by a security component, a policy configured by an administrator, the policy pertaining to the processing of communications by the security component and based on answers of the administrator to a set of questions;
  
  receiving over the first network connection or a second network connection, by the security component according to the policy and from a local device proxy on the electronic device after the communication is received by the local device proxy, information pertaining to the communication from the application;
  
  comparing, by the security component according to the policy, the obtained information to information associated with potentially harmful applications;
  
  determining, by the security component from the comparison according to the policy, that the communication is from a potentially harmful application; and
  
  instructing, by the security component as a result of the determination that the communication is from a potentially harmful application according to the policy, the local device proxy on the electronic device to block the communication from proceeding past the local device proxy to the remainder of the electronic device.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, wherein the electronic device includes a mobile communications device or an internet-of-things device.
  - 11. The method of claim 9, wherein:
    - the security component is executing on a server.
  - 12. The method of claim 9, wherein the policy configured by the administrator was created by:
    - the administrator receiving, from a software component executing on a server, the set of questions;
      
      the administrator providing, to the software component, the answers to the set of questions; and
      
      based the answers received from the administrator, the software component configuring the policy.
  - 13. The method of claim 9,wherein the comparing the obtained information to information associated with potentially harmful applications comprises:
    - comparing the obtained information to information associated with a first potentially harmful application from a plurality of potentially harmful applications, the comparison producing a value corresponding to a degree the obtained information matches the information associated with the first potentially harmful application; and
      
      wherein the determining that the communication is from a potentially harmful application comprises;
      
      determining that the communication is from the first potentially harmful application when the comparison value exceeds a threshold value.
  - 14. The method of claim 9,wherein the comparing the obtained information to information associated with potentially harmful applications comprises:
    - comparing the obtained information to behavioral characteristics of potentially harmful applications, the behavioral characteristics specified by the policy, the comparison producing a value corresponding to a degree the obtained information matches the behavioral characteristics of potentially harmful applications; and
      
      wherein the determining that the communication is from a potentially harmful application comprises;
      
      determining that the communication is from a potentially harmful application when the comparison value exceeds a threshold value.

15. A method for blocking, by an electronic device, a communication from a first application installed on the electronic device to a second application installed on the electronic device, the method comprising:
- receiving, by a security component, a policy configured by an administrator, the policy pertaining to the processing of communications by the security component and based on answers of the administrator to a set of questions;
  
  receiving over the first network connection or a second network connection, by the security component according to the policy and from a local device proxy on the electronic device after the communication is received by the local device proxy, information pertaining to the communication;
  
  comparing, by the security component according to the policy, the obtained information to information associated with potentially harmful applications;
  
  determining, by the security component from the comparison, that the communication is from a potentially harmful application; and
  
  instructing, by the security component as a result of the determination that the communication is from a potentially harmful application, the local device proxy to block the communication from proceeding to the second application.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein the electronic device includes a mobile communications device or an internet-of-things device.
  - 17. The method of claim 15, wherein:
    - the security component is executing on a server.
  - 18. The method of claim 15, wherein the policy configured by the administrator was created by:
    - the administrator receiving, from a software component executing on a server, the set of questions;
      
      the administrator providing, to the software component, the answers to the set of questions; and
      
      based on the answers received from the administrator, the software component configuring the policy.
  - 19. The method of claim 15,wherein the comparing the obtained information to information associated with potentially harmful applications comprises:
    - comparing the obtained information to information associated with a first potentially harmful application from a plurality of potentially harmful applications, the comparison producing a value corresponding to a degree the obtained information matches the information associated with the first potentially harmful application; and
      
      wherein the determining that the communication is from a potentially harmful application comprises;
      
      determining that the communication is from the first potentially harmful application when the comparison value exceeds a threshold value.
  - 20. The method of claim 15,wherein the comparing the obtained information to information associated with potentially harmful applications comprises:
    - comparing the obtained information to behavioral characteristics of potentially harmful applications, the behavioral characteristics being specified by the policy, the comparison producing a value corresponding to a degree the obtained information matches the behavioral characteristics of potentially harmful applications; and
      
      wherein the determining that the communication is from a potentially harmful application comprises;
      
      determining that the communication is from a potentially harmful application when the comparison value exceeds a threshold value.

21. A non-transitory, computer-readable storage medium having stored thereon a plurality of instructions, which, when executed by a processor of an electronic device, cause the electronic device to perform actions for blocking a communication from an application, the communication transmitted to the electronic device using a first network connection, the actions comprising:
- receiving, by a security component, a policy configured by an administrator, the policy pertaining to the processing of communications by the security component and based on answers of the administrator to a set of questions;
  
  receiving, over the first network connection or a second network connection, by the security component according to the policy and from a local device proxy on the electronic device after the communication is received by the local device proxy, information pertaining to the communication from the application;
  
  comparing, by the security component according to the policy, the obtained information to information associated with potentially harmful applications;
  
  determining, by the security component from the comparison according to the policy, that the communication is from a potentially harmful application; and
  
  instructing, by the security component as a result of the determination that the communication is from a potentially harmful application according to the policy, the local device proxy on the electronic device to block the communication from proceeding past the local device proxy to the remainder of the electronic device.
- View Dependent Claims (22, 23)
- - 22. The computer-readable storage medium of claim 21, wherein the policy configured by the administrator was created by:
    - the administrator receiving, from a software component executing on a server, the set of questions;
      
      the administrator providing, to the software component, the answers to the set of questions; and
      
      based on the answers received from the administrator, the software component configuring the policy.
  - 23. The computer-readable storage medium of claim 21,wherein the comparing the obtained information to information associated with potentially harmful applications comprises:
    - comparing the obtained information to behavioral characteristics of potentially harmful applications, the behavioral characteristics specified by the policy, the comparison producing a value corresponding to a degree the obtained information matches the behavioral characteristics of potentially harmful applications; and
      
      wherein the determining that the communication is from a potentially harmful application comprises;
      
      determining that the communication is from a potentially harmful application when the comparison value exceeds a threshold value.

24. A non-transitory, computer-readable storage medium having stored thereon a plurality of instructions, which, when executed by a processor of an electronic device, cause the electronic device to perform actions for blocking a communication from an application installed on the electronic device, the application attempting to transmit the communication using a first network connection, the actions comprising:
- receiving, by a security component, a policy configured by an administrator, the policy pertaining to the processing of communications by the security component and based on answers of the administrator to a set of questions;
  
  receiving over the first network connection or a second network connection, by the security component according to the policy and from a local device proxy on the electronic device after the communication is received by the local device proxy, information pertaining to the communication from the application;
  
  comparing, by the security component according to the policy, the obtained information to information associated with potentially harmful applications;
  
  determining, by the security component from the comparison according to the policy, that the communication is from a potentially harmful application; and
  
  instructing, by the security component as a result of the determination that the communication is from a potentially harmful application according to the policy, the local device proxy on the electronic device to block the communication from proceeding past the local device proxy to the remainder of the electronic device.

25. A non-transitory, computer-readable storage medium having stored thereon a plurality of instructions, which, when executed by a processor of an electronic device, cause the electronic device to perform actions for blocking a communication from a first application installed on the electronic device to a second application installed on the electronic device, the actions comprising:
- receiving, by a security component, a policy configured by an administrator, the policy pertaining to the processing of communications by the security component and based on answers of the administrator to a set of questions;
  
  receiving over the first network connection or a second network connection, by the security component according to the policy and from a local device proxy on the electronic device after the communication is received by the local device proxy, information pertaining to the communication;
  
  comparing, by the security component according to the policy, the obtained information to information associated with potentially harmful applications;
  
  determining, by the security component from the comparison, that the communication is from a potentially harmful application; and
  
  instructing, by the security component as a result of the determination that the communication is from a potentially harmful application, the local device proxy to block the communication from proceeding to the second application.
- View Dependent Claims (26, 27, 28)
- - 26. The computer-readable storage medium of claim 25, wherein the policy configured by the administrator was created by:
    - the administrator receiving, from a software component executing on a server, the set of questions;
      
      the administrator providing, to the software component, the answers to the set of questions; and
      
      based on the answers received from the administrator, the software component configuring the policy.
  - 27. The computer-readable storage medium of claim 25,wherein the comparing the obtained information to information associated with potentially harmful applications comprises:
    - comparing the obtained information to information associated with a first potentially harmful application from a plurality of potentially harmful applications, the comparison producing a value corresponding to a degree the obtained information matches the information associated with the first potentially harmful application; and
      
      wherein the determining that the communication is from a potentially harmful application comprises;
      
      determining that the communication is from the first potentially harmful application when the comparison value exceeds a threshold value.
  - 28. The computer-readable storage medium of claim 25,wherein the comparing the obtained information to information associated with potentially harmful applications comprises:
    - comparing the obtained information to behavioral characteristics of potentially harmful applications, the behavioral characteristics being specified by the policy, the comparison producing a value corresponding to a degree the obtained information matches the behavioral characteristics of potentially harmful applications; and
      
      wherein the determining that the communication is from a potentially harmful application comprises;
      
      determining that the communication is from a potentially harmful application when the comparison value exceeds a threshold value.

29. A system, comprising an electronic device with at least one processor and memory and instructions that when executed by the at least one processor cause the electronic device to perform actions for blocking a communication from an application, the communication transmitted to the electronic device using a first network connection, the actions comprising:
- receiving, by a security component, a policy configured by an administrator, the policy pertaining to the processing of communications by the security component and based on answers of the administrator to a set of questions;
  
  receiving, over the first network connection or a second network connection, by the security component according to the policy and from a local device proxy on the electronic device after the communication is received by the local device proxy, information pertaining to the communication from the application;
  
  comparing, by the security component according to the policy, the obtained information to information associated with potentially harmful applications;
  
  determining, by the security component from the comparison according to the policy, that the communication is from a potentially harmful application; and
  
  instructing, by the security component as a result of the determination that the communication is from a potentially harmful application according to the policy, the local device proxy on the electronic device to block the communication from proceeding past the local device proxy to the remainder of the electronic device.
- View Dependent Claims (30, 31)
- - 30. The system of claim 29, wherein the policy configured by the administrator was created by:
    - the administrator receiving, from a software component executing on a server, the set of questions;
      
      the administrator providing, to the software component, the answers to the set of questions; and
      
      based on the answers received from the administrator, the software component configuring the policy.
  - 31. The system of claim 29,wherein the comparing the obtained information to information associated with potentially harmful applications comprises:
    - comparing the obtained information to behavioral characteristics of potentially harmful applications, the behavioral characteristics specified by the policy, the comparison producing a value corresponding to a degree the obtained information matches the behavioral characteristics of potentially harmful applications; and
      
      wherein the determining that the communication is from a potentially harmful application comprises;
      
      determining that the communication is from a potentially harmful application when the comparison value exceeds a threshold value.

32. A system, comprising an electronic device with at least one processor and memory and instructions that when executed by the at least one processor cause the electronic device to perform actions for blocking a communication from an application installed on the electronic device, the application attempting to transmit the communication using a first network connection, the actions comprising:
- receiving, by a security component, a policy configured by an administrator, the policy pertaining to the processing of communications by the security component and based on answers of the administrator to a set of questions;
  
  receiving over the first network connection or a second network connection, by the security component according to the policy and from a local device proxy on the electronic device after the communication is received by the local device proxy, information pertaining to the communication from the application;
  
  comparing, by the security component according to the policy, the obtained information to information associated with potentially harmful applications;
  
  determining, by the security component from the comparison according to the policy, that the communication is from a potentially harmful application; and
  
  instructing, by the security component as a result of the determination that the communication is from a potentially harmful application according to the policy, the local device proxy on the electronic device to block the communication from proceeding past the local device proxy to the remainder of the electronic device.

33. A system, comprising an electronic device with at least one processor and memory and instructions that when executed by the at least one processor cause the electronic device to perform actions for blocking a communication from a first application installed on the electronic device to a second application installed on the electronic device, the actions comprising:
- receiving, by a security component, a policy configured by an administrator, the policy pertaining to the processing of communications by the security component and based on answers of the administrator to a set of questions;
  
  receiving over the first network connection or a second network connection, by the security component according to the policy and from a local device proxy on the electronic device after the communication is received by the local device proxy, information pertaining to the communication;
  
  comparing, by the security component according to the policy, the obtained information to information associated with potentially harmful applications;
  
  determining, by the security component from the comparison, that the communication is from a potentially harmful application; and
  
  instructing, by the security component as a result of the determination that the communication is from a potentially harmful application, the local device proxy to block the communication from proceeding to the second application.
- View Dependent Claims (34, 35, 36)
- - 34. The system of claim 33, wherein the policy configured by the administrator was created by:
    - the administrator receiving, from a software component executing on a server, the set of questions;
      
      the administrator providing, to the software component, the answers to the set of questions; and
      
      based on the answers received from the administrator, the software component configuring the policy.
  - 35. The system of claim 33,wherein the comparing the obtained information to information associated with potentially harmful applications comprises:
    - comparing the obtained information to information associated with a first potentially harmful application from a plurality of potentially harmful applications, the comparison producing a value corresponding to a degree the obtained information matches the information associated with the first potentially harmful application; and
      
      wherein the determining that the communication is from a potentially harmful application comprises;
      
      determining that the communication is from the first potentially harmful application when the comparison value exceeds a threshold value.
  - 36. The system of claim 33,wherein the comparing the obtained information to information associated with potentially harmful applications comprises:
    - comparing the obtained information to behavioral characteristics of potentially harmful applications, the behavioral characteristics being specified by the policy, the comparison producing a value corresponding to a degree the obtained information matches the behavioral characteristics of potentially harmful applications; and
      
      wherein the determining that the communication is from a potentially harmful application comprises;
      
      determining that the communication is from a potentially harmful application when the comparison value exceeds a threshold value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Lookout Incorporated
Inventors
Mahaffey, Kevin Patrick, Buck, Brian James, Robinson, William, Hering, John G., Burgess, James David, Wyatt, Timothy Micheal, Golombek, David, Richardson, David Luke, Lineberry, Anthony McKay, Barton, Kyle, Evans, Daniel Lee, Salomon, Ariel, Grubb, Jonathan Pantera, Wootton, Bruce, Strazzere, Timothy, Swami, Yogesh
Primary Examiner(s)
Chen, Shin-Hon (Eric)

Application Number

US16/000,712
Publication Number

US 20180293389A1
Time in Patent Office

469 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/0227   Filtering policies mail mes...

H04L 63/123   received data contents, e.g...

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

H04L 63/166   at the transport layer

H04L 69/14   Multichannel or multilink p...

H04W 12/02   Protecting privacy or anony...

H04W 12/12   Detection or prevention of ...

H04W 12/67   Risk-dependent, e.g. select...

Methods and systems for blocking potentially harmful communications to improve the functioning of an electronic device

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

312 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for blocking potentially harmful communications to improve the functioning of an electronic device

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

312 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links