SYSTEM AND METHOD FOR SERVER-COUPLED MALWARE PREVENTION

US 20110047620A1
Filed: 08/25/2010
Published: 02/24/2011
Est. Priority Date: 10/21/2008
Status: Active Grant

First Claim

Patent Images

1. A method for assessing a data object by a server computer comprising:

receiving data at the server computer, the data identifying at least a portion of the data object accessible by a mobile communication device;

determining if definition information for a data object corresponds to the data, the definition information stored in a data store accessible by the server, the data store storing a corresponding assessment for the definition information;

if definition information corresponds to the data, then the server providing the assessment corresponding to the definition information.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure is directed to a system and method for preventing malware, spyware and other undesirable applications from affecting mobile communication devices (e.g., smartphones, netbooks, and tablets). A mobile communication device uses a server to assist in identifying and removing undesirable applications. When scanning an application, a device transmits information about the application to a server for analysis. The server receives the information, produces an assessment for the application, and transmits the assessment to the device. By performing analysis on a server, the invention allows a device to reduce the battery and performance cost of protecting against undesirable applications. The servers transmits notifications to devices that have installed applications that are discovered to be undesirable. The server receives data about applications from many devices, using the combined data to minimize false positives and provide comprehensive protection against known and unknown threats.

788 Citations

41 Claims

1. A method for assessing a data object by a server computer comprising:
- receiving data at the server computer, the data identifying at least a portion of the data object accessible by a mobile communication device;
  
  determining if definition information for a data object corresponds to the data, the definition information stored in a data store accessible by the server, the data store storing a corresponding assessment for the definition information;
  
  if definition information corresponds to the data, then the server providing the assessment corresponding to the definition information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, further comprising:
    - before receiving data at the server computer, determining if definition information stored in a local store at the mobile communication device corresponds to the data, the local store storing a corresponding assessment for the definition information; and
      
      ,if definition information in the local store does not correspond to the data, then receiving at least a portion of the data at the server from the mobile communication device.
  - 3. The method of claim 1, wherein the data is application data for the data object.
  - 4. The method of claim 1, wherein the data is behavioral data for the data object.
  - 5. The method of claim 1, wherein the data is metadata for the data object.
  - 6. The method of claim 1, wherein the data includes at least a portion of the data object.
  - 7. The method of claim 1, wherein the definition information includes a hash identifier for the a data object.
  - 8. The method of claim 1, wherein the definition information includes a package name for a data object.
  - 9. The method of claim 1, wherein the definition information includes at least a portion of a data object.
  - 10. The method of claim 1, wherein the definition information includes an identifier for a data object.
  - 11. The method of claim 1, further comprising:
    - if the data does not correspond to definition information stored in the data store, then analyzing, by the server, at least a portion of the data to determine an assessment; and
      
      ,storing the assessment in the data store.
  - 12. The method of claim 11, wherein analyzing at least a portion of the data comprises analyzing by a decision component accessible by the server.
  - 13. The method of claim 1, further comprising:
    - if the data does not correspond to definition information stored in the data store, then analyzing, by the server, at least a portion of the data to determine an assessment;
      
      requesting, by the server, additional data pertaining to the data object accessible by the mobile communication device;
      
      analyzing, by the server, at least a portion of the additional data to determine an assessment; and
      
      storing the assessment in the data store.
  - 14. The method of claim 1, further comprising preventing the mobile communication device from accessing the data object.
  - 15. The method of claim 1, further comprising transmitting a notification to the mobile communication device.
  - 16. The method of claim 15, wherein the notification is a warning.
  - 17. The method of claim 15, wherein the notification is an instruction to uninstall the data object.

18. A method for assessing data by a server computer comprising:
- receiving data by the server computer, the data identifying a data object accessible by a mobile communication device;
  
  analyzing the data by a known good component resident on the server computer; and
  
  ,if the analysis by the known good component results in a positive match, then allowing a mobile communication device to access the data.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 19. The method of claim 18, further comprising:
    - if the comparison by the known good component does not result in a positive match, then analyzing the data by a known bad component resident on the server computer; and
      
      if the analysis by the known bad component results in a positive match, then preventing the mobile communication device from accessing the data.
  - 20. The method of claim 18, wherein the data is application data for the data object.
  - 21. The method of claim 18, wherein the data is behavioral data for the data object.
  - 22. The method of claim 18, wherein the data is metadata for the data object.
  - 23. The method of claim 18, wherein the data includes at least a portion of the data object.
  - 24. The method of claim 18, further comprising:
    - prior to receiving data by the server computer, analyzing the data by a known good component resident on a mobile communication device; and
      
      ,if the analysis by the known good component does not result in a positive match, then transmitting metadata for the data to the server for analysis.
  - 25. The method of claim 18, further comprising:
    - prior to receiving data by the server computer, analyzing the data by a known bad component resident on a mobile communication device; and
      
      ,if the analysis by the known bad component does not result in a positive match, then transmitting metadata for the data to the server for analysis.
  - 26. The method of claim 18, further comprising:
    - prior to receiving data by the server computer, analyzing the data by a known good component resident on a mobile communication device;
      
      if the analysis by the known good component does not result in a positive match, then analyzing the data by a known bad component resident on the mobile communication device; and
      
      ,if the analysis by the known bad component does not result in a positive match, then transmitting at least a portion of the data to the server for analysis.
  - 27. The method of claim 18, further comprising:
    - prior to receiving data by the server computer, analyzing the data by a known bad component resident on a mobile communication device;
      
      if the analysis by the known bad component does not result in a positive match, then analyzing the data by a known good component resident on the mobile communication device; and
      
      ,if the analysis by the known good component does not result in a positive match, then transmitting at least a portion of the data to the server for analysis.
  - 28. The method of claim 18, further comprising:
    - if the comparison by the known good component does not result in a positive match, and if the analysis by the known bad component does not result in a positive match, thenanalyzing the data by the server to determine an assessment; and
      
      ,storing the assessment on a data store accessible by the server.

29. A method for assessing a data object comprising:
- determining, by a mobile communication device, if definition information in a local store corresponds to a data object accessible by the mobile communication device;
  
  if the definition information in the local store does not correspond to the data object, then receiving data pertaining to the data object at a server computer;
  
  determining, by the server computer, if definition information for a data object corresponds to the received data, the definition information stored in a data store accessible by the server, the data store storing a corresponding assessment for the definition information; and
  
  ,if definition information corresponds to the received data, then the server transmitting the assessment corresponding to the definition information.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 30. The method of claim 29, wherein the data is application data for the data object.
  - 31. The method of claim 29, wherein the data is behavioral data for the data object.
  - 32. The method of claim 29, wherein the data is metadata for the data object.
  - 33. The method of claim 29, wherein the data includes at least a portion of the data object.
  - 34. The method of claim 29, further comprising:
    - if the definition information does not correspond to the received data, then determining, by the server, an assessment for the data object using the received data.
  - 35. The method of claim 34, wherein determining an assessment comprises analyzing the data by a decision component accessible by the server.
  - 36. The method of claim 29, further comprising:
    - requesting, by the server, additional data pertaining to the data object accessible by the mobile communication device; and
      
      ,analyzing the additional data.
  - 37. The method of claim 29, further comprising preventing the mobile communication device from accessing the data object.
  - 38. The method of claim 29, further comprising transmitting a notification to the mobile communication device.
  - 39. The method of claim 29, wherein the notification is a warning.
  - 40. The method of claim 29, wherein the notification is an instruction to uninstall the data object.
  - 41. The method of claim 29, wherein the notification is an instruction preventing the mobile communication device from accessing the data object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Lookout Incorporated
Inventors
Barton, Kyle, Salomon, Ariel, Lineberry, Anthony McKay, Wyatt, Timothy Micheal, Evans, Daniel Lee, Burgess, James David, Golombek, David, Richardson, David Luke, Mahaffey, Kevin Patrick

Granted Patent

US 8,347,386 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/564   by virus signature recognition

G06F 21/57   Certifying or maintaining t...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

SYSTEM AND METHOD FOR SERVER-COUPLED MALWARE PREVENTION

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

788 Citations

41 Claims

Specification

Use Cases

Quick Links

Others

SYSTEM AND METHOD FOR SERVER-COUPLED MALWARE PREVENTION

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

788 Citations

41 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others