Creating, managing and deploying deceptions on mobile devices

US 10,432,665 B1
Filed: 09/03/2018
Issued: 10/01/2019
Est. Priority Date: 09/03/2018
Status: Active Grant

First Claim

Patent Images

1. A system for managing attacker incidents on a mobile device, comprising:

a mobile device manager (MDM) receiving instructions to deploy deceptions on a mobile device used by an employee of an organization in conjunction with a network of the organization and, in response to the instructions, running a dedicated agent on the mobile device, wherein the dedicated agent is configured to register the mobile device and its current deceptions state, receive a list of deceptions to install in the mobile device, and install the deceptions in the received list in the mobile device;

a trap server triggering an incident in response to an attacker attempting to use deceptive data that was installed in the mobile device by the dedicated agent, and sending a notification that an incident has occurred; and

a deception management server sending instructions to said MDM to deploy deceptions on the mobile device, sending the list of deceptions to said MDM, registering the mobile device and its deceptions state, receiving the notification from said trap server that an incident has occurred, in response thereto instructing said MDM to run forensics on the mobile device, and receiving the forensics from the dedicated agent.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for managing attacker incidents, including a mobile device manager (MDM) receiving instructions to deploy deceptions on a mobile device used by an employee of an organization in conjunction with a network of the organization and, in response to the instructions, running a dedicated agent on the mobile device, wherein the dedicated agent is configured to register the mobile device and its current deceptions state, and install deceptions in the mobile device, a trap server triggering an incident in response to an attacker attempting to use deceptive data that was installed in the mobile device, and a deception management server sending instructions to the MDM to deploy deceptions on the mobile device, registering the mobile device and its deceptions state, receiving the notification from the trap server that an incident has occurred, and in response thereto instructing the MDM to run forensics on the mobile device.

136 Citations

7 Claims

1. A system for managing attacker incidents on a mobile device, comprising:
- a mobile device manager (MDM) receiving instructions to deploy deceptions on a mobile device used by an employee of an organization in conjunction with a network of the organization and, in response to the instructions, running a dedicated agent on the mobile device, wherein the dedicated agent is configured to register the mobile device and its current deceptions state, receive a list of deceptions to install in the mobile device, and install the deceptions in the received list in the mobile device;
  
  a trap server triggering an incident in response to an attacker attempting to use deceptive data that was installed in the mobile device by the dedicated agent, and sending a notification that an incident has occurred; and
  
  a deception management server sending instructions to said MDM to deploy deceptions on the mobile device, sending the list of deceptions to said MDM, registering the mobile device and its deceptions state, receiving the notification from said trap server that an incident has occurred, in response thereto instructing said MDM to run forensics on the mobile device, and receiving the forensics from the dedicated agent.
- View Dependent Claims (2, 3)
- - 2. The system of claim 1 wherein the deceptions installed by said MDM in the mobile device are planted in one or more of:
    - applications installed in the mobile device, a local browser, e-mail and local files.
  - 3. The system of claim 1 wherein the deceptions installed by said MDM in the mobile device include one or more of deceptive network devices and deceptive users and user credentials.

4. A method for managing attacker incidents on a mobile device, comprising:
- instructing, by a deception management server, a mobile device manager (MDM) to deploy deceptions on a mobile device used by an employee of an organization in conjunction with a network of the organization;
  
  in response to said instructing running, by the MDM, a dedicated agent on the mobile device;
  
  registering, by the dedicated agent, the mobile device and its current deceptions state with the deception management server;
  
  receiving, by the dedicated agent from the deception management server, a list of deceptions to install in the mobile device;
  
  installing, by the dedicated agent, the deceptions in the received list in the mobile device, wherein the received deceptions include data leading to a trap server;
  
  attempting, by an attacker, to use deceptive data installed in the mobile phone, to connect to a service;
  
  in response to said attempting, triggering an incident in the trap server;
  
  notifying, by the trap server, the deception management server, that an incident has occurred;
  
  further instructing the MDM, by the deception management server, to run forensics on the mobile device;
  
  in response to said further instructing, running by the MDM, forensics on the mobile device; and
  
  transmitting forensic data, by a forensics collector in the dedicated agent, to the deception management server.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4 wherein the deceptions installed by said MDM in the mobile device are planted in one or more of:
    - applications installed in the mobile device, a local browser, e-mail and local files.
  - 6. The method of claim 4 wherein the deceptions installed by said MDM in the mobile device include one or more of deceptive network devices and deceptive users and user credentials.

7. A method for managing attacker incidents on a mobile device, comprising:
- downloading, by a mobile device, a dedicated application;
  
  running by the mobile device, the dedicated application with parameters provided by a deception management server;
  
  registering, by the dedicated application, the mobile device and its current deceptions state with the deception management server;
  
  receiving, by the dedicated application from the deception management server, a list of deceptions to install in the mobile device;
  
  installing, by the dedicated agent, the deceptions in the received list in the mobile device;
  
  attempting, by an attacker, to use deceptive data in the mobile phone, to connect to a service;
  
  in response to said attempting, triggering an incident in a trap server;
  
  notifying, by the trap server, the dedicate application, that an incident has occurred;
  
  running by the dedicated application, forensics on the mobile device; and
  
  transmitting forensic data, by a forensics collector in the dedicated application, to the deception management server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
illusive networks LTD.
Original Assignee
illusive networks LTD.
Inventors
Yohai, Tal, Lauber, Ofir, Epelman, Yoav
Primary Examiner(s)
Traore, Fatoumata

Application Number

US16/120,345
Time in Patent Office

393 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/145   the attack involving the pr...

H04L 63/1491   using deception as counterm...

H04W 12/128   Anti-malware arrangements, ...

Creating, managing and deploying deceptions on mobile devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

136 Citations

7 Claims

Specification

Use Cases

Quick Links

Others

Creating, managing and deploying deceptions on mobile devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

136 Citations

7 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others