Determining source of side-loaded software using an administrator server

US 10,540,494 B2
Filed: 03/01/2018
Issued: 01/21/2020
Est. Priority Date: 05/01/2015
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

at least one processor; and

memory storing instructions configured to instruct the at least one processor to;

receive, from a first computing device, a first application identifier and a first source identifier, each for a first application;

determine whether the first source identifier matches at least one of a white list of source identifiers or a black list of source identifiers;

send the first application identifier and the first source identifier over a network to a second computing device;

receive, from the second computing device, a first state designation for the first application, the first state designation representing a trusted state or an untrusted state;

in response to receiving the first state designation, set a second state designation, wherein the second state designation is different than the state represented by the first state designation; and

send the second state designation to the first computing device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An action may be performed in response to a determination of a source of side-loaded software. In one case, the handling of an application on a mobile device may be based on whether the source of the application is trusted or untrusted. If a software application being newly-installed on a mobile device of a user is determined to be untrusted, installation or execution is blocked. In one approach, the determination of the source includes: receiving, from the mobile device, a first application identifier and a first source identifier, each for a first application; sending the first application identifier and the first source identifier over a network to an administrator server; receiving, from the administrator server, a first state designation for the first application; setting a second state designation based on the first state designation; and sending the second state designation to the mobile device.

396 Citations

20 Claims

1. A system, comprising:
- at least one processor; and
  
  memory storing instructions configured to instruct the at least one processor to;
  
  receive, from a first computing device, a first application identifier and a first source identifier, each for a first application;
  
  determine whether the first source identifier matches at least one of a white list of source identifiers or a black list of source identifiers;
  
  send the first application identifier and the first source identifier over a network to a second computing device;
  
  receive, from the second computing device, a first state designation for the first application, the first state designation representing a trusted state or an untrusted state;
  
  in response to receiving the first state designation, set a second state designation, wherein the second state designation is different than the state represented by the first state designation; and
  
  send the second state designation to the first computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the first computing device is configured to store an application state for the first application, the application state to vary between states comprising trusted and untrusted, and wherein sending the second state designation to the first computing device causes the first computing device to set the application state to untrusted.
  - 3. The system of claim 2, wherein the first computing device is further configured to, in response to setting the application state to untrusted, perform at least one of blocking installation of the first application, blocking execution of the first application, disabling execution of one or more components of the first application, denying the first application access to a corporate network, or uninstalling the first application.
  - 4. The system of claim 1, wherein the first computing device is configured to store an application state for the first application, the application state to vary between states comprising trusted and untrusted, wherein sending the second state designation to the first computing device causes the first computing device to set the application state to trusted, and wherein the first computing device is further configured to, in response to setting the application state to trusted, permit installation of the first application, allow the first application access to a corporate network, or allow execution of the first application.
  - 5. The system of claim 1, wherein the determining whether the first source identifier matches comprises determining that the first source identifier does not match the white list, and in response to the first source identifier not matching the white list, determining whether the first source identifier matches the black list.
  - 6. The system of claim 1, wherein the sending the first application identifier and the first source identifier to the second computing device is performed in response to the first source identifier not matching the black list.
  - 7. The system of claim 1, wherein the instructions are further configured to instruct the at least one processor to update the white list based on the first state designation.
  - 8. The system of claim 1, further comprising a database storing data for a plurality of applications associated with the first computing device, the data comprising a source identifier and a state designation for each of the applications, wherein each state designation can be set to values including trusted and untrusted.
  - 9. The system of claim 1, wherein the first source identifier is based on a signature of the first application.
  - 10. The system of claim 1, wherein the instructions are further configured to instruct the at least one processor to receive a trusted source identifier from the second computing device, and update the white list or black list based on the trusted source identifier.

11. A method, comprising:
- receiving, by a first computing device from at least one of plurality of computing devices, a first application identifier and a first source identifier, each for a first application;
  
  receiving, from a third computing device, a second state designation for the first application, the second state designation representing a trusted state or an untrusted state;
  
  in response to receiving the second state designation setting, by the first computing device, a first state designation for the first application, wherein the first state designation is to be used for setting a state on a second computing device, and wherein the first state designation is different than the state represented by the second state designation; and
  
  sending, by the first computing device, the first state designation to the second computing device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, further comprising accessing, by the first computing device, data for a plurality of applications associated with the plurality of computing devices, the data comprising a state designation for each of the applications.
  - 13. The method of claim 11, wherein the state to be set is a device state, or an application state for an application stored on the second computing device.
  - 14. The method of claim 11, further comprising:
    - prior to receiving the second state designation, sending, by the first computing device, over a network, the first application identifier and the first source identifier to the third computing device.
  - 15. The method of claim 11, wherein the setting the first state designation comprises:
    - determining whether the first source identifier matches a list of source identifiers.
  - 16. The method of claim 11, wherein the setting the first state designation comprises:
    - determining whether the first source identifier matches a first list of source identifiers; and
      
      in response to the first source identifier not matching the first list, determining whether the first source identifier matches a second list of source identifiers.
  - 17. The method of claim 11, wherein the setting the first state designation comprises, in response to determining that the first source identifier matches a black list, setting the first state designation to untrusted.
  - 18. The method of claim 11, further comprising, in response to determining that the first source identifier does not match a black list:
    - sending the first application identifier and the first source identifier to the third computing device.
  - 19. The method of claim 18, further comprising updating the black list based on the second state designation.

20. A non-transitory computer-readable storage medium storing computer-readable instructions, which when executed, cause a first computing device to:
- receive, from a second computing device, a first application identifier and a first source identifier, each for a first application;
  
  send the first application identifier and the first source identifier over a network to a third computing device;
  
  receive, from the third computing device, a first state designation for the first application, the first state designation representing a trusted state or an untrusted state;
  
  in response to receiving the first state designation, set a second state designation, wherein the second state designation is different than the state represented by the first state designation; and
  
  send the second state designation to the second computing device;
  
  wherein the second computing device is configured to store an application state for the first application, set the application state to untrusted in response to receiving the second state designation, and disallow the first application in response to setting the application state to untrusted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Lookout Incorporated
Inventors
Richardson, David, Farrakha, Ahmed Mohamed, Robinson, William Neil, Buck, Brian James
Primary Examiner(s)
Kim, Jung W
Assistant Examiner(s)
Stoica, Adrian

Application Number

US15/909,796
Publication Number

US 20180189478A1
Time in Patent Office

691 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/51   at application loading time...

G06F 21/56   Computer malware detection ...

G06F 2221/033   Test or assess software

H04L 63/145   the attack involving the pr...

H04W 12/122   Counter-measures against at...

H04W 12/128   Anti-malware arrangements, ...

H04W 12/37   Managing security policies ...

Determining source of side-loaded software using an administrator server

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

396 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Determining source of side-loaded software using an administrator server

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

396 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links