MOBILE WEB PROTECTION

US 20120324568A1
Filed: 06/14/2011
Published: 12/20/2012
Est. Priority Date: 06/14/2011
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

intercepting, by a first application program at a mobile device, a request including an action to be performed by a second application program on the mobile device, and an identifier associated with the action;

transmitting, by the first application program, the intercepted identifier from the mobile device to a server for evaluation;

receiving the server evaluation of the transmitted intercepted identifier at the mobile device; and

based on the server evaluation, blocking the action or permitting the action.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

On a mobile communications device, visiting a link from a messaging application or web browser may result in an undesired action, such as visiting a phishing site, downloading malware, causing unwanted charges, using too much battery, or the device being exploited. In an implementation, a mobile application intercepts a request including an identifier associated with an action to be performed by another application on the device and evaluates the identifier to determine when the request should be permitted, blocked, or conditionally permitted. The client may use local data or make a request to a server to evaluate the identifier. In an implementation, server communications are optimized to minimize latency by caching evaluation results on the device, proactively priming the device'"'"'s DNS cache, optimizing when DNS lookups are performed, and adapting evaluation policy based on factors such as the source of the request, and the currently active network connection.

286 Citations

43 Claims

1. A method comprising:
- intercepting, by a first application program at a mobile device, a request including an action to be performed by a second application program on the mobile device, and an identifier associated with the action;
  
  transmitting, by the first application program, the intercepted identifier from the mobile device to a server for evaluation;
  
  receiving the server evaluation of the transmitted intercepted identifier at the mobile device; and
  
  based on the server evaluation, blocking the action or permitting the action.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1 comprising based on the server evaluation, conditionally permitting the action.
  - 3. The method of claim 1 wherein the request originates from a second application program on the mobile device.
  - 4. The method of claim 1 wherein the second application program is a browser program and the request originates from the browser program.
  - 5. The method of claim 2 wherein the step of conditionally permitting the action includes displaying a warning message on the mobile device, the warning message including a first option for a user of the mobile device to continue the action, and a second option for the user to cancel the action.
  - 6. The method of claim 5 wherein the warning message includes text indicating that continuing with the action will consume a significant amount of the mobile device'"'"'s battery.
  - 7. The method of claim 5 wherein the warning message includes text indicating that continuing with the action will incur additional charges to the user'"'"'s mobile device service plan.
  - 8. The method of claim 1 wherein the second application program is a browser program, an SMS text message program, an e-mail program, or a phone dialer program.
  - 9. The method of claim 1 wherein the identifier is a URI, and the action includes a command for the second application program to load the URI.
  - 10. The method of claim 1 wherein the identifier is a phone number, and the action includes a command for the second application program to dial the phone number.
  - 11. The method of claim 1 wherein the identifier is an e-mail address and the action includes a command for the second application program to send an e-mail to the e-mail address.
  - 12. The method of claim 1 wherein the request is an Android intent.
  - 13. The method of claim 1 wherein the identifier includes a uniform resource identifier (URI) host name, and the method further comprises:
    - generating a domain name system (DNS) lookup request to resolve the URI host name.
  - 14. The method of claim 13 wherein the step of generating a DNS lookup request to resolve the URI host name takes place before the step of based on the server evaluation, blocking the action or permitting the action.

15. A method comprising:
- intercepting, by a first application program at a mobile device, a request including an action to be performed by a second application program on the mobile device, and an identifier associated with the action;
  
  transmitting, by the first application program, the intercepted identifier from the mobile device to a server for evaluation;
  
  after the transmitting the intercepted identifier, determining that a response from the server has not been received within a threshold time period; and
  
  based at least partly on the response not being received within the threshold time period, blocking the action or permitting the action.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method of claim 15 comprising based at least partly on the response not being received within the threshold time period, conditionally permitting the action.
  - 17. The method of claim 15 wherein a duration of the threshold time period is based on a reputation of the second application program.
  - 18. The method of claim 15 wherein the request originates from a third application program on the mobile device, and a duration of the threshold time period is based on a reputation of the third application program.
  - 19. The method of claim 15 comprising:
    - after the step of determining that the response has not been received within the threshold time period, permitting the action to be performed by the second application program; and
      
      after the threshold time period has elapsed, receiving the response from the server, and upon receiving the response, displaying a warning message.
  - 20. The method of claim 19 comprising upon receiving the response, terminating the second application program.
  - 21. The method of claim 15 wherein the step of permitting the action comprises adjusting a security setting of the second application program to a higher level.

22. A method comprising:
- storing on a mobile device a list of identifiers received from a server, each identifier being associated with at least one category;
  
  intercepting, by a first application program on the mobile device, a request including an action to be performed by a second application program on the mobile device, and an identifier associated with the action;
  
  comparing the intercepted identifier with the stored list of identifiers to determine the at least one category associated with the intercepted identifier; and
  
  based at least partly on the comparison, blocking the action or permitting the action.
- View Dependent Claims (23, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 23. The method of claim 22 further comprising based at least partly on the comparison, conditionally permitting the action.
  - 25. The method of claim 22 wherein the list of identifiers is a whitelist, and if the intercepted identifier is found in the whitelist during the step of comparing the intercepted identifier, the action is permitted.
  - 26. The method of claim 23 wherein the list of identifiers is a graylist, and if the intercepted identifier is found in the graylist during the step of comparing the intercepted identifier, the action is conditionally permitted.
  - 27. The method of claim 22 further comprising receiving at the mobile device, an updated list of identifiers from the server.
  - 28. The method of claim 27 comprising replacing the stored list of identifiers with the updated list of identifiers.
  - 29. The method of claim 27 comprising adding the updated list of identifiers to the stored list of identifiers.
  - 30. The method of claim 22 wherein the list of identifiers includes a whitelist and a blacklist, and if the intercepted identifier is not found in the whitelist and blacklist, the method further comprises:
    - transmitting, by the first application program, the intercepted identifier from the mobile device to the server for evaluation;
      
      receiving the server evaluation of the transmitted intercepted identifier at the mobile device; and
      
      based on the server evaluation, blocking the action, permitting the action, or conditionally permitting the action.
  - 31. The method of claim 23 comprising:
    - after the step of comparing the intercepted identifier to the list of identifiers to determine the at least one category associated with the intercepted identifier, identifying a policy associated with the determined at least one category; and
      
      evaluating the policy to determine whether the action should be blocked, permitted, or conditionally permitted, wherein the policy is stored on the mobile device.
  - 32. The method of claim 31 wherein the policy is configurable by a user of the mobile device.
  - 33. The method of claim 22 wherein the list of identifiers includes at least one of a list of URIs, a list of phone numbers, a list of e-mail addresses, or a list of domain names.
  - 34. The method of claim 23 wherein the step of conditionally permitting the action includes displaying a warning message on the mobile device, the warning message including a first option for a user of the mobile device to cancel the action, and a second option for the user to continue with the action.
  - 35. The method of claim 23 wherein each identifier in the list of identifiers includes an assessment, date and time of the assessment, and a validity period of the assessment, and the method further comprises:
    - determining if a time of the request is within the validity period as measured from the date and time of the assessment;
      
      if the time of the request is within the validity period, blocking the action, permitting the action, or conditionally permitting the action without transmitting the intercepted identifier to the server; and
      
      if the time of the request is after the validity period, transmitting the intercepted identifier to the server to determine whether the action should be blocked, permitted, or conditionally permitted.

24. The method of 22 wherein the list of identifiers is a blacklist, and if the intercepted identifier is found in the blacklist during the step of comparing the intercepted identifier, the action is blocked.

36. A method comprising:
- storing at a server a list of identifiers, each identifier being associated with at least one category;
  
  receiving at the server an intercepted identifier from a mobile device, the intercepted identifier being associated with an action to be performed by an application program on the mobile device;
  
  comparing the intercepted identifier to the stored list of identifiers to determine the at least one category associated with the intercepted identifier; and
  
  transmitting from the server a response to the mobile device, wherein based at least partly on the comparison, the response includes an indication that the action should be blocked or permitted.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43)
- - 37. The method of claim 36 further comprising based at least partly on the comparison, the response includes an indication that the action should be conditionally permitted.
  - 38. The method of claim 36 wherein the list of identifiers is a blacklist, and if the intercepted identifier is found in the blacklist during the step of comparing the intercepted identifier, the indication in the response is that the action should be blocked.
  - 39. The method of claim 36 wherein the list of identifiers is a whitelist, and if the intercepted identifier is found in the whitelist during the step of comparing the intercepted identifier, the indication in the response is that the action should be permitted.
  - 40. The method of claim 37 wherein the list of identifiers is a graylist, and if the intercepted identifier is found in the graylist during the step of comparing the intercepted identifier, the indication in the response is that the action should be conditionally permitted.
  - 41. The method of claim 37 comprising:
    - after the step of comparing the intercepted identifier to the stored list of identifiers to determine the at least one category associated with the intercepted identifier, identifying a policy associated with the determined at least one category; and
      
      evaluating the policy to determine whether the indication in the response should be to block the action, permit the action, or conditionally permit the action.
  - 42. The method of claim 36 wherein at least a subset of the list of identifiers is from an external system.
  - 43. The method of claim 36 wherein the mobile device is a first mobile device of a plurality of mobile devices and the method further comprises:
    - logging each intercepted identifier submitted by each of the mobile devices;
      
      ranking each intercepted identifier by frequency of submission;
      
      selecting a subset of the most-frequently submitted intercepted identifiers to transmit to the first mobile device; and
      
      transmitting from the server the subset of the most-frequently submitted intercepted identifiers to the first mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Lookout Incorporated
Inventors
Wyatt, Timothy Micheal, Richardson, David Luke, Grubb, Jonathan Pantera, Mahaffey, Kevin Patrick, Anbalagapandian, Anbu

Application Number

US13/160,382
Publication Number

US 20120324568A1
Time in Patent Office

Days
Field of Search
US Class Current

726/13
CPC Class Codes

G06F 21/51   at application loading time...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/101   Access control lists [ACL]

H04L 63/145   the attack involving the pr...

H04L 63/1483   service impersonation, e.g....

H04W 12/128   Anti-malware arrangements, ...

MOBILE WEB PROTECTION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

286 Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

MOBILE WEB PROTECTION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

286 Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links