Method of security management for wireless mobile device and apparatus for security management using the method

US 20070232265A1
Filed: 08/22/2006
Published: 10/04/2007
Est. Priority Date: 04/03/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method of security management of a wireless mobile device, the method comprising:

respectively managing a traffic map by each service-level, wherein wireless mobile devices frequently communicating with other wireless mobile devices are grouped and stored as a group, among wireless mobile devices on a network;

detecting a wireless mobile device determined to be associated with at least one of a security attack and a malicious code by analyzing data traffic received from a network switching center (NSC); and

isolating up to all wireless mobile devices within the group in which the detected wireless mobile device is included, from the network by referring to the traffic map.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of security management of a wireless mobile device interoperating with a network switching center (NSC) is provided, and an apparatus using the method. The method includes respectively managing a traffic map by each service-level, wherein wireless mobile devices frequently communicating with other wireless mobile devices are grouped and stored as a group, among wireless mobile devices on a network, detecting a wireless mobile device determined to be associated with at least any one of a security attack and a malicious code by analyzing data traffic received from a network switching center, and isolating up to all wireless mobile devices within the group in which the detected wireless mobile device is included, from the network by referring to the traffic map.

110 Citations

View as Search Results

22 Claims

1. A method of security management of a wireless mobile device, the method comprising:
- respectively managing a traffic map by each service-level, wherein wireless mobile devices frequently communicating with other wireless mobile devices are grouped and stored as a group, among wireless mobile devices on a network;
  
  detecting a wireless mobile device determined to be associated with at least one of a security attack and a malicious code by analyzing data traffic received from a network switching center (NSC); and
  
  isolating up to all wireless mobile devices within the group in which the detected wireless mobile device is included, from the network by referring to the traffic map.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - detecting a wireless mobile device infected by at least one of the security attack and the malicious code by checking the isolated mobile devices; and
      
      recovering the infected wireless mobile device.
  - 3. The method of claim 2, wherein the step of detecting the infected wireless mobile device extracts the infected wireless mobile device by checking whether an infection occurred in the wireless mobile device that received a check request from the NSC among the isolated mobile devices, and the step of recovering the detected wireless mobile device performs the recovery in the wireless mobile device that received a recovery request from the NSC.
  - 4. The method of claim 2, wherein the step of recovering the infected wireless mobile device performs the recovery by partially patching or entirely resetting programs of the infected wireless mobile device to default settings.
  - 5. The method of claim 1, further comprising:
    - receiving a report for a wireless mobile device, determined to be associated with at least one of the detected security attack and the malicious code, from the wireless mobile device which detected the security attack and the malicious code by analyzing peripheral data traffic,wherein the step of isolating the device from the network is accomplished by referring to the traffic map to isolate up to all wireless mobile devices within a group corresponding to the received report.
  - 6. The method of claim 1, wherein the step of detecting the wireless mobile device, determined to be associated with at least one of the security attack and the malicious code, stores a normal communication pattern in a database and determines that a communication which is not substantially identical to the normal communication pattern stored in the database, among the data traffic, comprises at least one of the security attack and the malicious code.
  - 7. The method of claim 1, wherein the step of detecting the wireless mobile device, determined to be associated with at least one of the security attack or the malicious code, stores signatures of the security attack and the malicious code, and determines that data traffic corresponding to the signatures stored in the database, among the data traffic, comprises at least one of the security attack and the malicious code.

8. A computer-readable program storage medium storing a program for implementing a method of security management of a wireless mobile device, comprising:
- a first set of instructions for respectively managing a traffic map by each service-level, wherein wireless mobile devices frequently communicating with other wireless mobile devices are grouped and stored as a group, among wireless mobile devices on a network;
  
  a second set of instructions for detecting a wireless mobile device determined to be associated with at least one of a security attack and a malicious code by analyzing data traffic received from a network switching center (NSC); and
  
  a third set of instructions for isolating up to all wireless mobile devices within the group in which the detected wireless mobile device is included, from the network by referring to the traffic map.

9. An apparatus for security management of a wireless mobile device within a network switching center (NSC), the device comprising:
- a detection database for storing data used for detecting at least one of a security attack and a malicious code;
  
  a detection unit for checking input data traffic and detecting a wireless mobile device, determined to be associated with at least one of the security attack and the malicious code, by using the detection database;
  
  a traffic map database for grouping and storing wireless mobile devices that frequently communicate with other wireless mobile devices as a group by each service-level, among wireless mobile devices on a network; and
  
  an isolation unit for isolating up to all wireless mobile devices within the group in which the detected wireless mobile device is included, from the network by referring to the traffic map database.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The apparatus of claim 9, further comprising:
    - a traffic map management unit for managing the traffic map database by each service-level; and
      
      a remote control unit for communicating with the isolated wireless mobile devices from the network to control the isolated wireless mobile devices being checked and recovered.
  - 11. The apparatus of claim 10, wherein the remote control unit is configured to transfer a check request to the isolated wireless mobile devices that are isolated from the network, receive a checked result and determine whether recovery is required according to the checked result, to transfer the determined result.
  - 12. The apparatus of claim 11, wherein the remote control unit is configured to control the recovery by partially patching or entirely resetting programs of the infected mobile device to default settings.
  - 13. The apparatus of claim 9, wherein the isolation unit is configured to isolate, from the network, up to all wireless mobile devices within the group where the wireless mobile devices correspond to a report regarding a wireless mobile device, determined to be associated with at least one of the detected security attack and the malicious code, and the report is received from the wireless mobile device detecting at least one of the security attack and the malicious code.
  - 14. The apparatus of claim 9, wherein the detection database is configured to store a normal communication pattern, andthe detection unit is configured to determine that the security attack or the malicious code is included, when data that is not substantially identical to the normal communication pattern stored in the detection database is included in the data traffic.
  - 15. The apparatus of claim 9, wherein the detection database is configured to store signatures of the security attack and the malicious code, and the detection unit is configured to determine that the security attack or the malicious code is included when data corresponding to the signature stored in the detection database is included in the data traffic.

16. An apparatus for security management of a wireless mobile device, the device, comprising:
- a detection database for storing data used for detecting a security attack and a malicious code;
  
  a detection unit for checking data traffic received from peripheral wireless mobile devices and detecting a wireless mobile device, which is determined to be associated with at least one of the security attack and the malicious code, included in the data traffic by using the detection database;
  
  a check/recovery unit for checking whether the wireless mobile device is infected or not and performing a recovery operation when infected; and
  
  a remote control unit for communicating with a network switching center (NSC) to control an operation of the check/recovery unit.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The apparatus of claim 16, wherein the detection unit is configured to analyze the data traffic received from at least one of wireless mobile devices geographically proximate to each other, or wireless mobile devices that are service-level connected.
  - 18. The apparatus of claim 16, wherein the check/recovery unit is configured to operate according to a three-way handshake protocol for checking whether the wireless mobile device is infected or not when receiving a check request from the NSC, transferring a check result to the NSC, and performing the recovering by receiving, from the NSC, an instruction on whether to perform the recovery or not.
  - 19. The apparatus of claim 16, wherein the check/recovery unit is configured to perform the recovery by partially patching or entirely resetting programs of the wireless mobile device to default settings.
  - 20. The apparatus of claim 16, wherein the check/recovery unit is mounted in a tamper-resistant module.
  - 21. The apparatus of claim 16, wherein the detection database is configured to store a normal communication pattern, and the detection unit is configured to determine that the security attack or the malicious code is included, when data that is not substantially identical to the normal communication pattern stored in the detection database is included in the data traffic.
  - 22. The apparatus of claim 16, wherein the detection database is configured to store signatures of the security attack and the malicious code, and the detection unit is configured to determine that the security attack or the malicious code is included, when data corresponding to the signature stored in the detection database is included in the data traffic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Park, Tae Joon, Jung, Tae-Chul

Application Number

US11/507,586
Publication Number

US 20070232265A1
Time in Patent Office

Days
Field of Search
US Class Current

455/410
CPC Class Codes

H04L 63/104   Grouping of entities

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04W 12/08   Access security

H04W 12/128   Anti-malware arrangements, ...

H04W 4/06   Selective distribution of b...

Method of security management for wireless mobile device and apparatus for security management using the method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

110 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

Method of security management for wireless mobile device and apparatus for security management using the method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

110 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others