COLLABORATIVE MALWARE DETECTION AND PREVENTION ON MOBILE DEVICES

US 20110161452A1
Filed: 12/24/2009
Published: 06/30/2011
Est. Priority Date: 12/24/2009
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus comprising:

secure memory configured to host a collaborator database comprising data corresponding to at least one collaborating device; and

secure circuitry configured to monitor the operation of a security threat detection application, wherein if an abnormality in the operation of the security threat detection application is detected by the secure circuitry, the secure circuitry is further configured to cause a security threat notification to be transmitted to the at least one collaborating device based on the data in the collaborator database.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure describes a method and apparatus for collaborative threat detection on mobile devices. A mobile device may comprise a processor, secure memory, and secure circuitry. The processor may be coupled to host memory and may be configured to execute a security threat detection application to detect a malicious program attacking the mobile device. The secure memory may be configured to host a collaborator database comprising data corresponding to at least one collaborating device. The secure circuitry may be configured to determine if the security threat detection application running on the processor is properly operating. If an abnormality in the operation of the security threat detection application is detected, the secure circuitry may be further configured to cause a security threat notification to be transmitted to the collaborating device based on the data in the collaborator database.

78 Citations

View as Search Results

24 Claims

1. An apparatus comprising:
- secure memory configured to host a collaborator database comprising data corresponding to at least one collaborating device; and
  
  secure circuitry configured to monitor the operation of a security threat detection application, wherein if an abnormality in the operation of the security threat detection application is detected by the secure circuitry, the secure circuitry is further configured to cause a security threat notification to be transmitted to the at least one collaborating device based on the data in the collaborator database.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The apparatus of claim 1, wherein the collaborator database further comprises communication link data associated with each collaborating device, the communication link data comprising at least one of a communication protocol identifier, a channel identifier or an encryption protocol identifier, wherein the secure circuitry is further configured to establish a secure communication link with the at least one collaborating device and to transmit the security threat notification to the at least one collaborating device across the secure communication link.
  - 3. The apparatus of claim 1, wherein the security threat detection application is executing on at least one of a host processor or the secure circuitry.
  - 4. The apparatus of claim 1, wherein the secure circuitry is further configured to identify a security threat causing the abnormality in the security threat detection application and wherein the security threat notification comprises information representing the identified security threat.
  - 5. The apparatus of claim 1, wherein the secure circuitry is further configured to scan for potential collaborating mobile devices and to determine if the potential collaborating mobile devices comprises a compatible security threat detection application.
  - 6. The apparatus of claim 5, wherein upon identification of a potential collaborating device having the compatible security threat detection application, the secure circuitry is further configured to add data to the collaborator database representing the potential collaborating device.
  - 7. The apparatus of claim 1, wherein the secure circuitry is further configured to receive a security threat notification from a compromised mobile device and to perform corrective action, wherein the compromised mobile device corresponds to a mobile device listed in the collaborator database, and wherein the corrective action comprises at least one of disconnecting a communication link between the mobile device and the compromised mobile device, disconnecting a communication link between the mobile device and a network or performing a scan of the mobile device to determine if the security threat detection application is properly operating.

8. A system comprising a mobile device, the mobile device comprising:
- a transceiver configured to wirelessly communicate with at least one collaborating device;
  
  host memory comprising an operating system;
  
  a processor coupled to the host memory, the processor configured to execute the operating system;
  
  secure memory configured to host a collaborator database comprising data corresponding to at least one collaborating device; and
  
  secure circuitry configured to monitor a security threat detection application executing on the mobile device, wherein if an abnormality is detected by the secure circuitry, the secure circuitry is further configured to cause a security threat notification to be transmitted to the at least one collaborating device based on the data in the collaborator database.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The system of claim 8, wherein the security threat detection application comprises an anti-virus application.
  - 10. The system of claim 8, wherein the collaborator database further comprises communication link data associated with each collaborating device, the communication link data comprising at least one of a communication protocol identifier, a channel identifier or an encryption protocol identifier, wherein the secure circuitry is further configured to establish a secure communication link with the at least one collaborating device and to transmit the security threat notification to the at least one collaborating device across the secure communication link.
  - 11. The system of claim 8, wherein the security threat detection application is executing on at least one of a host processor or the secure circuitry.
  - 12. The system of claim 8, wherein the secure circuitry is further configured to identify a security threat causing the abnormality and wherein the security threat notification comprises information representing the identified security threat.
  - 13. The system of claim 8, wherein the secure circuitry is further configured to scan for potential collaborating mobile devices and to determine if the potential collaborating mobile devices comprises a compatible security threat detection application.
  - 14. The system of claim 13, wherein upon identification of a potential collaborating device having the compatible security threat detection application, the secure circuitry is further configured to add data to the collaborator database representing the potential collaborating device.
  - 15. The system of claim 8, wherein the secure circuitry is further configured to receive a security threat notification from compromised mobile device and to perform corrective action, wherein the compromised mobile device corresponds to a mobile device listed in the collaborator database.
  - 16. The system of claim 15, wherein the corrective action comprises disconnecting a communication link between the mobile device and the compromised mobile device.

17. A method for collaborative threat detection on mobile devices, the method comprising:
- monitoring, via secure circuitry on a mobile device, for local and remote security threats;
  
  upon identification of a local or remote security threat, performing, via the secure circuitry, corrective action to address the security threat; and
  
  upon identification of a local security threat, identifying, via the secure circuitry, at least one collaborating mobile device stored within a collaborator database hosted in secure memory on the mobile device and notifying the at least one collaborating mobile device of the security threat.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein the method further comprises:
    - scanning for potential collaborating mobile devices; and
      
      determining if the potential collaborating mobile devices comprises a compatible security threat detection application.
  - 19. The method of claim 18, wherein upon identification of a potential collaborating device having the compatible security threat detection application, the method further comprising adding data to the collaborator database representing the potential collaborating device.
  - 20. The method of claim 17, wherein the corrective action comprises at least one of disconnecting a communication link between the mobile device and the compromised mobile device or disconnecting a communication link between the mobile device and a network.

21. A system comprising one or more storage mediums having stored thereon, individually or in combination, instructions that when executed by one or more processors results in the following operations:
- monitoring, via secure circuitry on a mobile device, for local and remote security threats;
  
  upon identification of a local or remote security threat, performing, via the secure circuitry, corrective action to address the security threat; and
  
  upon identification of a local security threat, identifying, via the secure circuitry, at least one collaborating mobile device stored within a collaborator database hosted in secure memory on the mobile device and notifying the at least one collaborating mobile device of the security threat.
- View Dependent Claims (22, 23, 24)
- - 22. The system of claim 21, wherein the instructions that when executed by one or more processors results in the following additional operations comprising:
    - scanning for potential collaborating mobile devices; and
      
      determining if the potential collaborating mobile devices comprises a compatible security threat detection application.
  - 23. The system of claim 22, wherein upon identification of a potential collaborating device having compatible security threat detection application, the instructions that when executed by one or more processors results in the following additional operations comprising:
    - adding data to the collaborator database representing the potential collaborating device.
  - 24. The system of claim 21, wherein the instructions that when executed by one or more processors results in performing corrective action further comprises at least one of the following additional operation:
    - disconnecting a communication link between the mobile device and the compromised mobile device or disconnecting a communication link between the mobile device and a network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Poornachandran, Rajesh, Aissi, Selim

Application Number

US12/647,037
Publication Number

US 20110161452A1
Time in Patent Office

Days
Field of Search
US Class Current

709/207
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/56   Computer malware detection ...

G06F 21/566   Dynamic detection, i.e. det...

G06F 2221/2115   Third party

H04W 12/128   Anti-malware arrangements, ...

COLLABORATIVE MALWARE DETECTION AND PREVENTION ON MOBILE DEVICES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

78 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

COLLABORATIVE MALWARE DETECTION AND PREVENTION ON MOBILE DEVICES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others