Systems and methods for security analysis of applications on user mobile devices while maintaining user application privacy

US 10,505,933 B2
Filed: 02/14/2019
Issued: 12/10/2019
Est. Priority Date: 10/31/2014
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

generating at least one cryptographic representation for a company identifier and at least one type of application information for an application residing on a mobile device, the at least one type of application information comprising an application name, the at least one cryptographic representation being a composite hash of both the application name and the company identifier;

transmitting the at least one cryptographic representation for determination of whether the application is permitted for a company identified by the company identifier; and

receiving the determination indicating whether the application is permitted for the company, the company being associated with a company specific permitted list or not permitted list comprising composite hashes of application names and company identifiers.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for analyzing applications (“apps”) on a mobile device for security risks for a company while maintaining the mobile device owner'"'"'s privacy and confidentiality concerning the applications. The mobile device may be a user'"'"'s personal device (a “bring your own device”). In an example method, a process generates one or more cryptographic representations of application information for each application on the mobile device. The cryptographic representations may comprise a hash or composite hash. The cryptographic representations may be transmit outside the mobile device to a system which makes a determination and provides an indication whether the application is permitted or not permitted for use at the company. The company can be associated with a hashed permitted or not permitted list. The application information can include application name, executable code, and a version number. The method may include automatically remediating the application if it matches a known risk.

61 Citations

View as Search Results

20 Claims

1. A method, comprising:
- generating at least one cryptographic representation for a company identifier and at least one type of application information for an application residing on a mobile device, the at least one type of application information comprising an application name, the at least one cryptographic representation being a composite hash of both the application name and the company identifier;
  
  transmitting the at least one cryptographic representation for determination of whether the application is permitted for a company identified by the company identifier; and
  
  receiving the determination indicating whether the application is permitted for the company, the company being associated with a company specific permitted list or not permitted list comprising composite hashes of application names and company identifiers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising, in response to a request to install another application on the mobile device, generating at least one other cryptographic representation of at least one type of application information for the other application, the at least one other cryptographic representation being a composite hash of both a name of the other application and the company identifier, transmitting the at least one other cryptographic representation for determination of whether the other application is permitted for the company, and receiving the determination indicating whether the other application is permitted or not permitted for the company associated with the company identifier.
  - 3. The method of claim 1, further comprising transmitting one or more application behaviors for the application without transmitting an identity of the application and without transmitting identifying information of the mobile device.
  - 4. The method of claim 1, further comprising associating an application version with the at least one cryptographic representation.
  - 5. The method of claim 1, wherein the at least one type of application information further comprises executable code of the application.
  - 6. The method of claim 1, wherein the at least one type of application information further comprises a version number of the application.
  - 7. The method of claim 1, wherein the at least one cryptographic representation further includes a composite hash value of the company identifier, the application name, executable code of the application and a version number for the application.
  - 8. The method of claim 1, wherein the application is one of a plurality of applications on the mobile device, the generation of the at least one cryptographic representation, the transmission of the at least one cryptographic representation, and the receipt of the determination being performed for each of the plurality of applications.
  - 9. The method of claim 1, wherein the determination is performed using an application information database.
  - 10. The method of claim 1, wherein the determination is determined automatically by a processor configured to:
    - receive the at least one cryptographic representation of the at least one type of application information for the application residing on the mobile device;
      
      compare the at least one cryptographic representation to an application information database and an application cryptographic table, the application information database comprising application information for a plurality of applications, the application information comprising at least one of application behaviors, application names, cryptographic representations of applications, and risk scores of applications, and the application cryptographic table comprising the cryptographic representations of applications associated with at least one of the permitted list or the not permitted list; and
      
      automatically remediate the mobile device if the application matches an application that is a known risk as determined from the comparison with the application information database and the application cryptographic table, wherein the remediating comprises at least one of quarantining the application and retiring the mobile device.
  - 11. The method of claim 1, further comprising detecting the application residing on the mobile device in response to a request by the mobile device to access network resources of the company.

12. A system, comprising:
- a processor; and
  
  a memory for storing executable instructions, the instructions being executed by the processor for;
  
  generating at least one cryptographic representation for a company identifier and at least one type of application information for an application residing on a mobile device, the at least one type of application information comprising an application name, the at least one cryptographic representation being a composite hash of both the application name and the company identifier;
  
  transmitting the at least one cryptographic representation for determination of whether the application is permitted for a company identified by the company identifier; and
  
  receiving the determination indicating whether the application is permitted for the company, the company being associated with a company specific permitted list or not permitted list comprising composite hashes of application names and company identifiers.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, the instructions being executed by the processor to further transmit one or more application behaviors for the application without transmitting an identity of the application and without transmitting the device identifying information of the mobile device.
  - 14. The system of claim 12, the instructions being executed by the processor to further associate an application version with the cryptographic representation.
  - 15. The system of claim 12, wherein the at least one type of application information comprises executable code of the application.
  - 16. The system of claim 12, wherein the at least one type of application information comprises a version number of the application.
  - 17. The system of claim 12, wherein the at least one cryptographic representation further includes a composite hash value of the company identifier, the application name, executable code of the application and a version number for the application.
  - 18. The system of claim 12, wherein the application is one of a plurality of applications on the mobile device, the instructions being executed by the processor to evaluate each of the plurality of applications.
  - 19. The system of claim 12, wherein the determination is performed using an application risk control system configured to:
    - receive the at least one cryptographic representation of the at least one type of application information for the application residing on the mobile device;
      
      compare the at least one cryptographic representation to an application information database and an application cryptographic table, the application information database comprising application information for a plurality of applications, the application information comprising at least one of application behaviors, application names, cryptographic representations of applications, and risk scores of applications, and the application cryptographic table comprising the cryptographic representations of applications associated with at least one of the permitted list or the not permitted list; and
      
      automatically remediate the mobile device if the application matches an application that is a known risk as determined from the comparison with the application information database and the application cryptographic table, wherein the remediating comprises at least one of quarantining the application and retiring the mobile device.

20. A method, comprising:
- generating at least one cryptographic representation for a company identifier and at least one type of application information for an application residing on a mobile device, the at least one type of application information comprising an application name, the at least one cryptographic representation being a composite hash of both the application name and the company identifier;
  
  transmitting the at least one cryptographic representation for determination of whether the application is permitted to access an enterprise network with enterprise services of a company associated with the company identifier; and
  
  receiving the determination in the form of a message from an application risk control system indicating whether the application is permitted or not permitted to access the enterprise network with the enterprise services of the company associated with the company identifier, the indication based on a risk score calculated for the application, wherein the company is associated with a company specific permitted list and not permitted list each comprising composite hashes of application names and company identifiers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Proofpoint Incorporated
Original Assignee
Proofpoint Incorporated
Inventors
Jevans, David Alexander
Primary Examiner(s)
Vaughan, Michael R

Application Number

US16/276,590
Publication Number

US 20190182247A1
Time in Patent Office

299 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/51   at application loading time...

G06F 21/54   by adding security routines...

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/64   Protecting data integrity, ...

G06F 2221/033   Test or assess software

H03K 19/17728   Reconfigurable logic blocks...

H03K 19/17768   for security

H04L 63/0876   based on the identity of th...

H04L 63/123   received data contents, e.g...

H04L 63/1433   Vulnerability analysis

H04L 63/168   above the transport layer

H04L 9/3236   using cryptographic hash fu...

H04W 12/10   Integrity

Systems and methods for security analysis of applications on user mobile devices while maintaining user application privacy

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

61 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for security analysis of applications on user mobile devices while maintaining user application privacy

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others