SYSTEM AND METHOD FOR ATTACK AND MALWARE PREVENTION
First Claim
1. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:
- when the mobile communications device receives data, creates a hash identifier for the data, compares the data hash identifier against a database of known good data stored on the mobile communications device and does not obtain a positive match, receiving the data hash identifier at the server;
at the server, using a known bad component, comparing the received data hash identifier against a database stored in memory associated with the server containing hash identifiers of known bad data; and
,if the data hash identifier comparison by the known bad component results in a positive match, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.
9 Assignments
0 Petitions
Accused Products
Abstract
The present invention is a system and method for detecting and preventing attacks and malware on mobile devices such as a cell phones, smartphones or PDAs, which are significantly limited in power consumption, computational power, and memory. The invention enables mobile devices to analyze network data, executable data files, and non-executable data files in order to detect and prevent both known and unknown attacks and malware over vectors that are not typically protected by desktop and server security systems. Security analysis is performed by a combination of “known good,” “known bad,” and decision components. The invention identifies known good executables and/or known characteristics of network data or data files that must be present in order for the data to be considered good. Furthermore, known good and known bad identifier databases may be stored on a server which may be queried by a mobile device.
-
Citations
10 Claims
-
1. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:
-
when the mobile communications device receives data, creates a hash identifier for the data, compares the data hash identifier against a database of known good data stored on the mobile communications device and does not obtain a positive match, receiving the data hash identifier at the server; at the server, using a known bad component, comparing the received data hash identifier against a database stored in memory associated with the server containing hash identifiers of known bad data; and
,if the data hash identifier comparison by the known bad component results in a positive match, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device. - View Dependent Claims (2)
-
-
3. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:
-
after the mobile communications device receives data, and creates a hash identifier for the data, receiving the data hash identifier at the server; then, at the server, using a known bad component, comparing the received data hash identifier against a database stored in memory associated with the server containing hash identifiers of known bad data; if the data hash identifier comparison by the known bad component results in a positive match, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device; if the data hash identifier comparison at the server by the known bad component does not result in a positive match, then at the server, using a known good component, comparing the received data hash identifier against a database of identifiers of known good data stored in a memory associated with the server; at the server, if the comparison by the known good component results in a positive match, then sending an instruction by the server to the mobile communications device to allow the data to be processed by the mobile communication device; if the comparison by the known good component does not result in a positive match, then, at the server, using a decision component, performing an analysis on the data to determine if the data is safe or malicious; if the analysis by the decision component at the server determines that the data is safe, then sending an instruction from the server to the mobile communications device to allow the data to be processed by the mobile communications device; and
,if the analysis by the decision component at the server determines that the data is malicious, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.
-
-
4. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:
-
after the mobile communications device receives data, creates a hash identifier for the data, using a known bad component, compares the received data hash identifier against a database stored in the mobile communications device memory containing hash identifiers of known bad data, receiving the data hash identifier at the server; then, if the data hash identifier comparison at the mobile communications device by the known bad component does not result in a positive match, then at the server, using a known good component, comparing the received data hash identifier against a database of identifiers of known good data stored in a memory associated with the server; at the server, if the comparison by the known good component results in a positive match, then sending an instruction by the server to the mobile communications device to allow the data to be processed by the mobile communication device; if the comparison by the known good component does not result in a positive match, then, at the server, using a decision component, performing an analysis on the data to determine if the data is safe or malicious; if the analysis by the decision component at the server determines that the data is safe, then sending an instruction from the server to the mobile communications device to allow the data to be processed by the mobile communications device; and if the analysis by the decision component at the server determines that the data is malicious, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.
-
-
5. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:
-
when the mobile communications device receives data, applies by a known good component logic on the data to determine if the data is safe and does not obtain a positive match, receiving the data from the mobile communication device at the server; at the server, applying by a known bad component, logic on the received data to determine if the data is safe and or recognizably malicious; and
,if the known bad component logic determines that the received data is recognizably malicious, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device. - View Dependent Claims (6)
-
-
7. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:
-
after the mobile communications device receives data, receiving the data at the server; at the server, applying by a known good component, logic on the data to determine if the data is safe; at the server, if the determination by the known good component logic results in a positive match, then sending an instruction by the server to the mobile communications device to allow the data to be processed by the mobile communication device; if the determination by the known good component logic does not result in a positive match, then, at the server, using a decision component, performing an analysis on the received data to determine if the data is safe or malicious; if the analysis by the decision component at the server determines that the received data is safe, then sending an instruction from the server to the mobile communications device to allow the data to be processed by the mobile communications device; and if the analysis by the decision component at the server determines that the data is malicious, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.
-
-
8. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:
-
after the mobile communications device receives data, receiving the data at the server; at the server, applying by a known good component, logic on the data to determine if the data is safe; at the server, if the determination by the known good component logic results in a positive match, then sending an instruction by the server to the mobile communications device to allow the data to be processed by the mobile communication device; if the determination by the known good component logic does not result in a positive match, then, at the server, applying by a known bad component logic to determine if the data is safe or recognizably malicious; and
,if the determination by the known bad component logic determines that the data is recognizably malicious, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.
-
-
9. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:
-
after the mobile communications device receives data, receiving the data at the server; then, at the server, applying by a known bad component logic to the data to determine if the data is recognizably malicious; if the determination by the known bad component results in a positive match, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device; if the determination at the server by the known bad component does not result in a positive match, then at the server, applying by a known good component, logic to the data to determine if the data is safe; at the server, if the determination by the known good component results in a positive match, then sending an instruction by the server to the mobile communications device to allow the data to be processed by the mobile communication device; if the determination by the known good component does not result in a positive match, then, at the server, applying by a decision component logic to the data for performing an analysis on the data to determine if the data is safe or malicious; if the determination by the decision component at the server determines that the data is safe, then sending an instruction from the server to the mobile communications device to allow the data to be processed by the mobile communications device; and
,if the determination by the decision component at the server determines that the data is malicious, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.
-
-
10. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:
-
after the mobile communications device receives data, and applying by a known had component logic to the data to determine whether the data is recognizably malicious, receiving the data at the server; then, if the determination at the mobile communications device by the known bad component does not result in a positive match, then at the server, applying by a known good component logic to determine whether the data is safe; at the server, if the determination by the known good component results in a positive match, then sending an instruction by the server to the mobile communications device to allow the data to be processed by the mobile communication device; if the determination by the known good component does not result in a positive match, then, at the server, applying by a decision component logic to the data for performing an analysis on the data to determine if the data is safe or malicious; if the determination by the decision component at the server determines that the data is safe, then sending an instruction from the server to the mobile communications device to allow the data to be processed by the mobile communications device; and if the determination by the decision component at the server determines that the data is malicious, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.
-
Specification