APPLICATION REPUTATION SERVICE

US 20100005291A1
Filed: 04/16/2008
Published: 01/07/2010
Est. Priority Date: 04/16/2008
Status: Active Grant

First Claim

Patent Images

1. A method for determining the reputation of an application, the method comprising:

obtaining information from the application, the information comprising a set of identities,querying a reputation service provider with the set of identities for the application; and

determining a reputation of the application based on the reputations of the queried set of identities.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The claimed subject matter is directed to the use of an application reputation service to assist users with minimizing their computerized machines'"'"' exposure to and infection from malware. Specifically, the claimed subject matter provides a method and system of an application reputation service that contains the reputations for elements that are known to be non-malicious as well as those known to be malicious.

One embodiment of the claimed subject matter is implemented as a method to determine the reputation of an element (e.g., an application). When a user attempts to install or execute a new application, the Application Reputation Service is queried by the user'"'"'s machine with a set of identities for the element. The Application Reputation Service determines the reputation of the application by referencing a knowledge base of known reputations and returns an indication (e.g., an overall rating, or a flag) of how safe that application would be to install and run on the user'"'"'s computer.

164 Citations

20 Claims

1. A method for determining the reputation of an application, the method comprising:
- obtaining information from the application, the information comprising a set of identities,querying a reputation service provider with the set of identities for the application; and
  
  determining a reputation of the application based on the reputations of the queried set of identities.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the set of identities for the application includes:
    - a hash of the application;
      
      a signature of a digitally signed application;
      
      a domain on which the application was hosted;
      
      a URL from which the application was downloaded;
      
      or a public key used to digitally sign the application.
  - 3. The method of claim 2, wherein determining the reputation of the application further comprises referencing a reputation knowledge base for a reputation corresponding to one or more members of the set of identities for the application.
  - 4. The method of claim 3, wherein the reputation of the application is determined based upon the most relevant reputation from the set of identities for the application.
  - 5. The method of claim 3, wherein the reputation corresponding to one or more identities is stored in a database.

6. A method of mitigating the risk to a user of a computer system from an application attempting the performance of an operation, the method comprising:
- determining a reputation of the application by querying a reputation service provider with a set of identities for the application, determining the reputation of the application based on the reputations of the queried set of identities, and receiving an indication of the reputation of the application;
  
  communicating to the user an indication of the reputation of the application; and
  
  raising security measures in the system of the user if the reputation of the application is unknown or determined to be malicious.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 7. The method of claim 6, wherein communicating to the user an indication of the reputation of the application further comprises:
    - receiving a flag indicating if the application is known; and
      
      receiving a flag indicating if the application is unknown.
  - 8. The method of claim 6, wherein communicating to the user an indication of the reputation of the application further comprises receiving a calculated numerical value indicating the overall safety of the application.
  - 9. The method of claim 8, wherein whether the application is known or unknown is included in the calculation of the numerical value indicating the overall safety of the application.
  - 10. The method of claim 6, wherein the operation is performed without communicating to the user the reputation of the application if the reputation of the application is known to be non-malicious.
  - 11. The method of claim 6, wherein the user is given a warning if the reputation of the application is unknown.
  - 12. The method of claim 6, the method further comprising:
    - querying the user for permission to allow execution of an application with an unknown or confirmed malicious reputation; and
      
      receiving the user'"'"'s response to the query for permission to allow execution of an application with an unknown or confirmed malicious reputation.
  - 13. The method of claim 12, wherein the operation is executed within a protected environment if the user grants permission to allow execution of an application with an unknown or confirmed malicious reputation.
  - 14. The method of claim 13, wherein the protected environment comprises:
    - a sandbox;
      
      a virtual machine;
      
      orthe user'"'"'s computer system with raised security measures.
  - 15. The method of claim 6, wherein the reputation service provider presents relevant reputation information to the user when the system is unable to conclusively determine if the application is malicious.

16. A system for providing an application reputation service, the system comprising:
- a computer system having a processor coupled to a memory, the memory having computer readable code, which when executed by the processor causes the computer system to implement;
  
  a reputation service provider capable of determining the reputation of an application,wherein, the reputation service provider determines the reputation of an application by referencing one or more identities of the application from a set of identities corresponding to the application with a reputation knowledge database.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system according to claim 16, wherein the identities of the application are received by the reputation service provider from a remote computing device.
  - 18. The system according to claim 17, wherein the remote computing device is a computer system.
  - 19. The system according to claim 18, wherein the remote computing device is a hand-held computing device.
  - 20. The system according to claim 17, wherein the identities are sent from the remote computing device to the reputation service provider via the Internet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Hulten, Geoff, Newman, Andrew, Scarrow, John, Franczyk, Ron, Rehfuss, Steve, Meek, Christopher A.

Granted Patent

US 8,769,702 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

G06F 16/24578   using ranking

G06F 21/44   Program or device authentic...

G06F 21/51   at application loading time...

G06F 21/56   Computer malware detection ...

G06F 2221/033   Test or assess software

H04L 63/20   for managing network securi...

APPLICATION REPUTATION SERVICE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

164 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

APPLICATION REPUTATION SERVICE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

164 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links