System and method for implementing content and network security inside a chip
First Claim
1. A security system configured to protect a mobile device from untrusted network data while the mobile device is roaming outside of a trusted network, the security system comprising:
- a security device configured to be installed in or directly connected to an external port of a mobile device, the security device comprising;
a routing device configured to receive untrusted network data intercepted from an untrusted network, the untrusted network data being sent to be processed by the mobile device, the intercepting and receiving occurring before a mobile device processor of the mobile device processes the untrusted network data;
a security engine including security instructions operative to implement a security policy, the security instructions including a firewall for the mobile device, the firewall for providing in accordance with the security policy pre-runtime security protection from malicious code in the untrusted network data without forcing a connection to a remote gateway; and
a dedicated security system processor dedicated to security functions and configured to execute the security engine, thereby enabling the security engine to receive the untrusted network data from the routing device, to evaluate the untrusted network data for violations of the security policy to identify trusted network data from the untrusted network data in accordance with the security policy, and to provide the trusted network data to the routing device for transmission to the mobile device processor for processing.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for implementing content, streaming, and network security inside a chip or inside a computing device are disclosed. In exemplary embodiments, a system comprises a communication chip and a second processor. The communication chip comprises a router and security instructions. The router is configured to intercept untrusted data between a network, and a first router. The second processor is configured to receive the untrusted data from the router, process the untrusted data with the security instructions to produce trusted data, and provide the trusted data to the router.
187 Citations
19 Claims
-
1. A security system configured to protect a mobile device from untrusted network data while the mobile device is roaming outside of a trusted network, the security system comprising:
a security device configured to be installed in or directly connected to an external port of a mobile device, the security device comprising; a routing device configured to receive untrusted network data intercepted from an untrusted network, the untrusted network data being sent to be processed by the mobile device, the intercepting and receiving occurring before a mobile device processor of the mobile device processes the untrusted network data; a security engine including security instructions operative to implement a security policy, the security instructions including a firewall for the mobile device, the firewall for providing in accordance with the security policy pre-runtime security protection from malicious code in the untrusted network data without forcing a connection to a remote gateway; and a dedicated security system processor dedicated to security functions and configured to execute the security engine, thereby enabling the security engine to receive the untrusted network data from the routing device, to evaluate the untrusted network data for violations of the security policy to identify trusted network data from the untrusted network data in accordance with the security policy, and to provide the trusted network data to the routing device for transmission to the mobile device processor for processing. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
12. A method of protecting a mobile device from untrusted network data while the mobile device is roaming outside of a trusted network, the method comprising:
-
executing a security system directly connected to a mobile device, the security system comprising a security engine including security instructions operative to implement a security policy, the security instructions including a firewall for the mobile device, the firewall for providing in accordance with the security policy pre-runtime security protection from malicious code in untrusted network data received from an untrusted source over an untrusted network without forcing a connection to a remote gateway; the security engine being executed by a dedicated security system processor on the security system, the dedicated security system processor being dedicated to security functions, the executing the security engine assisting in causing the security system to perform the following steps; receiving, by a routing device, particular untrusted network data intercepted from the untrusted network, the particular untrusted network data being sent to be processed by the mobile device, the intercepting and receiving occurring before a mobile device processor of the mobile device processes the untrusted network data; using the security instructions including the firewall to evaluate the particular untrusted network data for violations of the security policy to identify trusted network data from the untrusted network data in accordance with the security policy; and providing the trusted network data to the routing device for transmission to the mobile device processor for processing. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A security system configured to protect a mobile device from untrusted network data while the mobile device is roaming outside of a trusted network, the security system comprising:
a security device configured to be installed in or directly connected to an external port of a mobile device, the security device comprising; means for receiving untrusted network data intercepted from an untrusted network, the untrusted network data being sent to be processed by the mobile device, the intercepting and receiving occurring before a mobile device processor of the mobile device processes the untrusted network data; means for including security instructions operative to implement a security policy, the security instructions including a firewall for the mobile device, the firewall for providing in accordance with the security policy pre-runtime security protection from malicious code in the untrusted network data without forcing a connection to a remote gateway; and a dedicated security system processor dedicated to security functions and configured to receive the untrusted network data from the means for receiving, to evaluate the untrusted network data for violations of the security policy to identify trusted network data from the untrusted network data in accordance with the security policy, and to provide the trusted network data to the means for receiving for transmission to the mobile device processor for processing.
-
19. A security system configured to protect a mobile device from untrusted network data while the mobile device is roaming outside of a trusted network, the security system comprising:
a security device configured to be installed in or directly connected to an external port of a mobile device, the mobile device including a mobile device processor, the security device comprising; a dedicated security system processor dedicated to security functions; a security engine including security instructions operative to implement a security policy when executed by the dedicated security system processor, the security instructions including a firewall for the mobile device, the firewall for providing in accordance with the security polity pre-runtime security protection from malicious code in untrusted network data and for identifying trusted network data from the untrusted network data in accordance with the security policy without forcing a connection to a remote gateway; and a routing device configured to receive particular untrusted network data intercepted from an untrusted network before the mobile device processor of the mobile device processes the particular untrusted network data, the particular untrusted network data being sent to be processed by the mobile device, the routing device further configured to forward the particular untrusted network data to the security engine, and the routing device further configured to forward trusted network data to the mobile device for processing by the mobile device processor; the dedicated security system processor configured to execute the security engine, thereby causing the security engine to; receive the particular untrusted network data from the routing device, evaluate the particular untrusted network data for violations of the security policy to identify particular trusted network data from the particular untrusted network data in accordance with the security policy, and provide the particular trusted network data to the routing device for transmission to the mobile device for processing by the mobile device processor.
Specification