In-line filtering of insecure or unwanted mobile device software components or communications

US 10,482,260 B1
Filed: 09/20/2016
Issued: 11/19/2019
Est. Priority Date: 06/25/2012
Status: Active Grant

First Claim

Patent Images

1. A system for in-line filtering of applications for mobile devices, comprising:

a processor configured to;

intercept a request for downloading an application to a mobile device;

determine a response based on an application risk assessment for the application, wherein the application risk assessment is based at least in part on a behavior associated with the application, wherein the determining of the response comprises to;

perform the following;

decompile the application to generate a source code version of the application;

determine the application risk assessment based on a software code path, an application action tree or a combination thereof, the software code path, the application action tree or the combination thereof being determined based on the source code version;

execute the application on one or more emulators to monitor internal and external application programming interface (API) calls and downloading of new components during run-time in an emulated environment; and

determine the application risk assessment based on comparing the monitored internal and external API calls and downloaded new components during the run-time to the software code path, the application action tree or the combination thereof; and

modify the response to the request for downloading the application to the mobile device by blocking downloading of the application to the mobile device based on the application risk assessment indicating an application risk policy violation, wherein the response includes a notification that the application cannot be downloaded due to the application risk policy violation; and

a memory coupled to the processor and configured to provide the processor with instructions.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for in-line filtering of insecure or unwanted mobile components or communications (e.g., insecure or unwanted behaviors associated with applications for mobile devices (“apps”), updates for apps, communications to/from apps, operating system components/updates for mobile devices, etc.) for mobile devices are disclosed. In some embodiments, in-line filtering of apps for mobile devices includes intercepting a request for downloading an application to a mobile device; and modifying a response to the request for downloading the application to the mobile device. In some embodiments, the response includes a notification that the application cannot be downloaded due to an application risk policy violation.

25 Citations

View as Search Results

15 Claims

1. A system for in-line filtering of applications for mobile devices, comprising:
- a processor configured to;
  
  intercept a request for downloading an application to a mobile device;
  
  determine a response based on an application risk assessment for the application, wherein the application risk assessment is based at least in part on a behavior associated with the application, wherein the determining of the response comprises to;
  
  perform the following;
  
  decompile the application to generate a source code version of the application;
  
  determine the application risk assessment based on a software code path, an application action tree or a combination thereof, the software code path, the application action tree or the combination thereof being determined based on the source code version;
  
  execute the application on one or more emulators to monitor internal and external application programming interface (API) calls and downloading of new components during run-time in an emulated environment; and
  
  determine the application risk assessment based on comparing the monitored internal and external API calls and downloaded new components during the run-time to the software code path, the application action tree or the combination thereof; and
  
  modify the response to the request for downloading the application to the mobile device by blocking downloading of the application to the mobile device based on the application risk assessment indicating an application risk policy violation, wherein the response includes a notification that the application cannot be downloaded due to the application risk policy violation; and
  
  a memory coupled to the processor and configured to provide the processor with instructions.
- View Dependent Claims (2, 3, 4)
- - 2. The system recited in claim 1, wherein the processor is further configured to:
    - filter traffic in-line from the mobile device to the Internet;
      
      determine that the filtered traffic from the mobile device includes the request for downloading the application to the mobile device; and
      
      determine the response based on an application risk policy, wherein the application risk policy is configured for an enterprise, and wherein the mobile device is associated with the enterprise.
  - 3. The system recited in claim 1, wherein the processor is further configured to:
    - determine the application associated with the request violates an application risk policy based on an application analysis of the application.
  - 4. The system recited in claim 1, wherein the determining of the response further comprises to:
    - perform the following;
      
      extract information from a public market, a private market, or both associated with the application, the information relating to an IP address, a Uniform Resource Locator (URL) address, a Short Message Service (SMS) number, telephone number, an advertising network provider, another application, an application developer, an application store, or any combination thereof; and
      
      determine the application risk assessment of the application based on the extracted information.

5. A system for in-line filtering of applications for mobile devices, comprising:
- a processor configured to;
  
  perform in-line filtering of traffic from a mobile device to the Internet;
  
  identify an application request from the in-line filtering of traffic from the mobile device to the Internet, wherein the application request includes a request to download an application to the mobile device;
  
  determine a response based on an application risk assessment for the application, wherein the application risk assessment is based at least in part on a behavior associated with the application, wherein the determining of the response comprises to;
  
  perform the following;
  
  decompile the application to generate a source code version of the application;
  
  determine the application risk assessment based on a software code path, an application action tree or a combination thereof, the software code path, the application action tree or the combination thereof being determined based on the source code version;
  
  execute the application on one or more emulators to monitor internal and external application programming interface (API) calls and downloading of new components during run-time in an emulated environment; and
  
  determine the application risk assessment based on comparing the monitored internal and external API calls and downloaded new components during the run-time to the software code path, the application action tree or the combination thereof; and
  
  modify the response to the application request that is communicated to the mobile device by blocking downloading of the application to the mobile device based on the application risk assessment indicating an application risk policy violation, wherein the response includes a notification that the application cannot be downloaded due to the application risk policy violation; and
  
  a memory coupled to the processor and configured to provide the processor with instructions.
- View Dependent Claims (6, 7, 8, 9, 10)
- - 6. The system recited in claim 5, wherein the application requested for downloading to the mobile device is an encrypted version of the application.
  - 7. The system recited in claim 5, wherein the processor is further configured to:
    - determine the response based on an application risk policy.
  - 8. The system recited in claim 5, wherein the processor is further configured to:
    - determine the response based on an application risk policy, wherein the policy includes an application risk profile based on behavior associated with the application.
  - 9. The system recited in claim 5, wherein the processor is further configured to:
    - intercept application requests from a plurality of mobile devices.
  - 10. The system recited in claim 5, wherein the processor is further configured to:
    - extract information from a public market, a private market, or both associated with the application, the information relating to an IP address, a Uniform Resource Locator (URL) address, a Short Message Service (SMS) number, telephone number, an advertising network provider, another application, an application developer, an application store, or any combination thereof; and
      
      determine the application risk assessment of the application further based on the extracted information.

11. A method of in-line filtering of applications for mobile devices, comprising:
- performing in-line filtering of traffic from a mobile device to the Internet;
  
  identifying an application request from the in-line filtering of traffic from the mobile device to the Internet, wherein the application request includes a request to download an application to the mobile device;
  
  determining a response based on an application risk assessment for the application, wherein the application risk assessment is based at least in part on a behavior associated with the application, wherein the determining of the response comprises;
  
  performing the following;
  
  decompiling the application to generate a source code version of the application;
  
  determining the application risk assessment based on a software code path, an application action tree or a combination thereof, the software code path, the application action tree or the combination thereof being determined based on the source code version;
  
  executing the application on one or more emulators to monitor internal and external application programming interface (API) calls and downloading of new components during run-time in an emulated environment; and
  
  determining the application risk assessment based on comparing the monitored internal and external API calls and downloaded new components during the run-time to the software code path, the application action tree or the combination thereof; and
  
  modifying the response to the application request that is communicated to the mobile device by blocking downloading of the application to the mobile device based on the application risk assessment indicating an application risk policy violation, wherein the response includes a notification that the application cannot be downloaded due to the application risk policy violation.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein the application requested for downloading to the mobile device is an encrypted version of the application.
  - 13. The method of claim 11, further comprising:
    - determining the response based on an application risk policy.
  - 14. The method of claim 11, further comprising:
    - intercepting application requests from a plurality of mobile devices.
  - 15. The method of claim 11, further comprising:
    - extracting information from a public market, a private market, or both associated with the application, the information relating to an IP address, a Uniform Resource Locator (URL) address, a Short Message Service (SMS) number, telephone number, an advertising network provider, another application, an application developer, an application store, or any combination thereof; and
      
      determining the application risk assessment of the application further based on the extracted information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Bettini, Anthony John, Watkins, Kevin, Guerra, Domingo J., Price, Michael
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
Shirazi, Sayed Aresh Beheshti

Application Number

US15/270,733
Time in Patent Office

1,155 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

H04L 63/0227   Filtering policies mail mes...

H04L 63/0245   Filtering by information in...

H04L 63/105   Multiple levels of security

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 67/34   involving the movement of s...

In-line filtering of insecure or unwanted mobile device software components or communications

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

In-line filtering of insecure or unwanted mobile device software components or communications

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others