System and method for implementing content and network security inside a chip

US 10,541,969 B2
Filed: 10/21/2014
Issued: 01/21/2020
Est. Priority Date: 12/13/2005
Status: Active Grant

First Claim

Patent Images

1. A security system configured to protect a mobile device from untrusted network data while the mobile device is roaming outside of a trusted network, the security system comprising:

a security device configured to be installed in or directly connected to an external port of a mobile device, the security device comprising;

a routing device configured to receive untrusted network data intercepted from an untrusted network, the untrusted network data being sent to be processed by the mobile device, the intercepting and receiving occurring before a mobile device processor of the mobile device processes the untrusted network data;

a security engine including security instructions operative to implement a security policy, the security instructions including a firewall for the mobile device, the firewall for providing in accordance with the security policy pre-runtime security protection from malicious code in the untrusted network data without forcing a connection to a remote gateway; and

a dedicated security system processor dedicated to security functions and configured to execute the security engine, thereby enabling the security engine to receive the untrusted network data from the routing device, to evaluate the untrusted network data for violations of the security policy to identify trusted network data from the untrusted network data in accordance with the security policy, and to provide the trusted network data to the routing device for transmission to the mobile device processor for processing.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for implementing content, streaming, and network security inside a chip or inside a computing device are disclosed. In exemplary embodiments, a system comprises a communication chip and a second processor. The communication chip comprises a router and security instructions. The router is configured to intercept untrusted data between a network, and a first router. The second processor is configured to receive the untrusted data from the router, process the untrusted data with the security instructions to produce trusted data, and provide the trusted data to the router.

187 Citations

19 Claims

1. A security system configured to protect a mobile device from untrusted network data while the mobile device is roaming outside of a trusted network, the security system comprising:
- a security device configured to be installed in or directly connected to an external port of a mobile device, the security device comprising;
  
  a routing device configured to receive untrusted network data intercepted from an untrusted network, the untrusted network data being sent to be processed by the mobile device, the intercepting and receiving occurring before a mobile device processor of the mobile device processes the untrusted network data;
  
  a security engine including security instructions operative to implement a security policy, the security instructions including a firewall for the mobile device, the firewall for providing in accordance with the security policy pre-runtime security protection from malicious code in the untrusted network data without forcing a connection to a remote gateway; and
  
  a dedicated security system processor dedicated to security functions and configured to execute the security engine, thereby enabling the security engine to receive the untrusted network data from the routing device, to evaluate the untrusted network data for violations of the security policy to identify trusted network data from the untrusted network data in accordance with the security policy, and to provide the trusted network data to the routing device for transmission to the mobile device processor for processing.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The security system of claim 1, further comprising a secure operating system on the security system.
  - 3. The security system of claim 1, wherein the security engine is stored in memory, and the memory is accessible only by the dedicated security system processor.
  - 4. The security system of claim 1, wherein the mobile device is a mobile phone.
  - 5. The security system of claim 1, wherein the mobile device is a laptop computer.
  - 6. The security system of claim 1, wherein the security engine and the dedicated security system processor are incorporated into a Universal Serial Bus (USB) device.
  - 7. The security system of claim 1, wherein the security engine and the dedicated security system processor are incorporated into a flash memory device.
  - 8. The security system of claim 1, wherein the security engine and the dedicated security system processor are incorporated in at least one chip coupled to an internal bus of the mobile device.
  - 9. The security system of claim 1, wherein the security engine and the dedicated security system processor are incorporated in a communication chip.
  - 10. The security system of claim 1, wherein the routing device is configured in the mobile device to redirect the untrusted network data to the dedicated security system processor.
  - 11. The security system of claim 1, wherein the security policy is configured to be updated by a remote administrator.

12. A method of protecting a mobile device from untrusted network data while the mobile device is roaming outside of a trusted network, the method comprising:
- executing a security system directly connected to a mobile device, the security system comprising a security engine including security instructions operative to implement a security policy, the security instructions including a firewall for the mobile device, the firewall for providing in accordance with the security policy pre-runtime security protection from malicious code in untrusted network data received from an untrusted source over an untrusted network without forcing a connection to a remote gateway;
  
  the security engine being executed by a dedicated security system processor on the security system, the dedicated security system processor being dedicated to security functions, the executing the security engine assisting in causing the security system to perform the following steps;
  
  receiving, by a routing device, particular untrusted network data intercepted from the untrusted network, the particular untrusted network data being sent to be processed by the mobile device, the intercepting and receiving occurring before a mobile device processor of the mobile device processes the untrusted network data;
  
  using the security instructions including the firewall to evaluate the particular untrusted network data for violations of the security policy to identify trusted network data from the untrusted network data in accordance with the security policy; and
  
  providing the trusted network data to the routing device for transmission to the mobile device processor for processing.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12, wherein the security engine and the dedicated security system processor are incorporated into a Universal Serial Bus (USB) device.
  - 14. The method of claim 12, wherein the security engine and the dedicated security system processor are incorporated into a flash memory device.
  - 15. The method of claim 12, wherein the security engine and the dedicated security system processor are incorporated in at least one chip coupled to an internal bus of the mobile device.
  - 16. The method of claim 12, wherein the security engine and the dedicated security system processor are incorporated into a communication chip.
  - 17. The method of claim 12, wherein the security system includes a secure operating system thereon.

18. A security system configured to protect a mobile device from untrusted network data while the mobile device is roaming outside of a trusted network, the security system comprising:
- a security device configured to be installed in or directly connected to an external port of a mobile device, the security device comprising;
  
  means for receiving untrusted network data intercepted from an untrusted network, the untrusted network data being sent to be processed by the mobile device, the intercepting and receiving occurring before a mobile device processor of the mobile device processes the untrusted network data;
  
  means for including security instructions operative to implement a security policy, the security instructions including a firewall for the mobile device, the firewall for providing in accordance with the security policy pre-runtime security protection from malicious code in the untrusted network data without forcing a connection to a remote gateway; and
  
  a dedicated security system processor dedicated to security functions and configured to receive the untrusted network data from the means for receiving, to evaluate the untrusted network data for violations of the security policy to identify trusted network data from the untrusted network data in accordance with the security policy, and to provide the trusted network data to the means for receiving for transmission to the mobile device processor for processing.

19. A security system configured to protect a mobile device from untrusted network data while the mobile device is roaming outside of a trusted network, the security system comprising:
- a security device configured to be installed in or directly connected to an external port of a mobile device, the mobile device including a mobile device processor, the security device comprising;
  
  a dedicated security system processor dedicated to security functions;
  
  a security engine including security instructions operative to implement a security policy when executed by the dedicated security system processor, the security instructions including a firewall for the mobile device, the firewall for providing in accordance with the security polity pre-runtime security protection from malicious code in untrusted network data and for identifying trusted network data from the untrusted network data in accordance with the security policy without forcing a connection to a remote gateway; and
  
  a routing device configured to receive particular untrusted network data intercepted from an untrusted network before the mobile device processor of the mobile device processes the particular untrusted network data, the particular untrusted network data being sent to be processed by the mobile device, the routing device further configured to forward the particular untrusted network data to the security engine, and the routing device further configured to forward trusted network data to the mobile device for processing by the mobile device processor;
  
  the dedicated security system processor configured to execute the security engine, thereby causing the security engine to;
  
  receive the particular untrusted network data from the routing device,evaluate the particular untrusted network data for violations of the security policy to identify particular trusted network data from the particular untrusted network data in accordance with the security policy, andprovide the particular trusted network data to the routing device for transmission to the mobile device for processing by the mobile device processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CUPP Computing AS
Original Assignee
CUPP Computing AS
Inventors
Touboul, Shlomo
Primary Examiner(s)
Kim, Jung W
Assistant Examiner(s)
Stoica, Adrian

Application Number

US14/520,314
Publication Number

US 20150215282A1
Time in Patent Office

1,918 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 2221/034   Test or assess a computer o...

H04L 63/0209   Architectural arrangements,...

H04L 63/0227   Filtering policies mail mes...

H04W 12/08   Access security

H04W 12/12   Detection or prevention of ...

H04W 12/128   Anti-malware arrangements, ...

System and method for implementing content and network security inside a chip

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

187 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for implementing content and network security inside a chip

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

187 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links