SYSTEM AND METHOD FOR SECURITY ANALYSIS BASED ON MULTIPLE PROTOCOLS

US 20130283376A1
Filed: 06/17/2013
Published: 10/24/2013
Est. Priority Date: 10/21/2008
Status: Active Grant

First Claim

Patent Images

1. A method of performing a security analysis of data received on a mobile communications device, the method comprising:

on a mobile communication device having multiple network interfaces for receiving data, in response to receipt of the data by the mobile communications device, gathering information about the data received by the mobile communications device through at least two of the multiple network interfaces, the data received at each of the at least two network interfaces having different protocols;

based upon the gathering step, assigning a first protocol to the data received from a first of the at least two network interfaces and assigning a second protocol to the data received from a second of the at least two network interfaces; and

performing a common security analysis on at least a part of the data received from each of the first and second network interfaces to determine whether the data received by the mobile communications device is safe or malicious.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security analysis of data received on a mobile communications device includes gathering information about the data through at least two of multiple network interfaces, each of the at least two network interfaces having different protocols. Based upon the gathering, a first protocol is assigned to the data received from a first of the at least two network interfaces. A second protocol is assigned to the data received from a second of the at least two network interfaces. A common security analysis is performed on at least a part of the data received from each of the first and second network interfaces to determine whether the data received by the mobile communications device is safe or malicious.

20 Citations

24 Claims

1. A method of performing a security analysis of data received on a mobile communications device, the method comprising:
- on a mobile communication device having multiple network interfaces for receiving data, in response to receipt of the data by the mobile communications device, gathering information about the data received by the mobile communications device through at least two of the multiple network interfaces, the data received at each of the at least two network interfaces having different protocols;
  
  based upon the gathering step, assigning a first protocol to the data received from a first of the at least two network interfaces and assigning a second protocol to the data received from a second of the at least two network interfaces; and
  
  performing a common security analysis on at least a part of the data received from each of the first and second network interfaces to determine whether the data received by the mobile communications device is safe or malicious.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the step of performing a common security analysis further comprises:
    - determining whether there is an additional protocol layer in the received data or in a subset of the received data; and
      
      if so, performing an additional security analysis on at least a part of the received data in the determined additional protocol.
  - 3. The method of claim 1, wherein if the step of gathering information fails to result in assigning a protocol to data received from at least one of the first and second network interfaces, the step of performing a common security analysis applies at least one deterministic analysis to at least a part of the received data.

4. A method of performing a security analysis of data to be transmitted by at least two of multiple network interfaces of a mobile communications device, the method comprising:
- in response to a request to transmit the data to be transmitted from the mobile communications device, gathering information about the data to be transmitted by the mobile communications device, the data to be transmitted in at least two of a plurality of protocols;
  
  identifying a first protocol of the data to be transmitted and a second protocol of the data to be transmitted; and
  
  performing a common security analysis on at least a part of the data to be transmitted by each of the at least two network interfaces to determine whether the data to be transmitted by the mobile communications device is safe or malicious.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4, wherein the step of performing a common security analysis further comprises:
    - determining whether there is an additional protocol layer in the data to be transmitted or in a subset of the data to be transmitted; and
      
      if so, performing an additional security analysis on at least a part of the data to be transmitted in the determined additional protocol.
  - 6. The method of claim 4, wherein if the step of identifying fails to identify a protocol of the data to be transmitted by at least one of the at least two network interfaces, the step of performing a common security analysis applies at least one deterministic analysis to at least part of the data to be transmitted.

7. A method of determining whether to allow or deny use of data received by at least two of multiple network interfaces of a mobile communications device, the method comprising:
- in response to a request for the mobile communications device to use the received data, identifying a first protocol of the data received from a first of the at least two network interfaces and identifying a second protocol of the data received from a second of the at least two network interfaces;
  
  performing a common security analysis on at least a part of the data received by each of the at least two network interfaces according to their respective identified protocols; and
  
  permitting further use of the received data based a determination of whether the data received by the mobile communications device is safe or malicious.
- View Dependent Claims (8, 9)
- - 8. The method of claim 7, wherein the step of performing a common security analysis further comprises:
    - determining whether there is an additional protocol layer in the received data or in a subset of the received data; and
      
      if so, performing an additional security analysis on at least a part of the received data in the additional protocol.
  - 9. The method of claim 7, wherein if the steps of identifying fail to identify a protocol of the received data, the step of performing a common security analysis applies at least one deterministic analysis to at least part of the received data.

10. A method of determining whether to allow or deny transmission of data by at least two of multiple network interfaces of a mobile communications device, the method comprising:
- in response to a request to transmit the data from the mobile communications device, identifying a first and a second protocol of the data to be transmitted;
  
  performing a common security analysis on at least a part of the data to be transmitted by each of the at least two network interfaces according to their respective identified protocols; and
  
  allowing or denying transmission of the data to be transmitted based upon a determination of whether the data to be transmitted by the mobile communications device is safe or malicious.
- View Dependent Claims (11, 12)
- - 11. The method of claim 10, wherein the step of performing a common security analysis further comprises:
    - determining whether there is an additional protocol layer in the data to be transmitted or in a subset of the data to be transmitted; and
      
      if so, performing an additional security analysis on at least a part of the data to be transmitted in the determined additional protocol.
  - 12. The method of claim 10, wherein if the step of identifying fails to identify a protocol of the data to be transmitted, the step of performing a common security analysis applies at least one deterministic analysis to at least a part of the data to be transmitted.

13. A method comprising:
- on a mobile device that employs multiple network interfaces and multiple network protocols for receiving and processing data by mobile device operating system sub-systems, at a mobile device security system, receiving data from at least two network interface sources and in at least two network protocols;
  
  in response to the interception or detection of the data received by the at least two network interface sources, at the mobile device security system, before the received data is allowed to reach a downstream destination, identifying at least two of its network protocols;
  
  at the mobile device security system, based at least in part upon the identified network protocols, performing a common security analysis on at least part of the received data of each of the at least two network protocols to determine if the received data should be allowed to reach the downstream destination based upon whether the data received by the mobile communications device is safe or malicious.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13, wherein the step of performing a common security analysis on at least a part of the received data further comprises:
    - determining whether there is an additional protocol layer in the received data or in a subset of the received data; and
      
      if so, performing an additional security analysis on at least a part of the received data in the determined additional protocol.
  - 15. The method of claim 13, wherein if the step of identifying the at least two protocols of the received data fails to identify a protocol of the received data, the step of performing a common security analysis applies at least one deterministic analysis to at least a part of the received data.

16. A method comprising:
- on a mobile device that employs multiple network protocols for processing data by mobile device operating system sub-systems, and that employs multiple network interfaces for sending data, at a mobile device security system, receiving data from the mobile device operating system sub-system for transmitting through at least two network interface nodes and in at least two network protocols on the mobile device to a downstream destination;
  
  in response to a request to transmit the data through the at least two network interface nodes, at the mobile device security system, before the data to be transmitted by the mobile device security system is transmitted to the downstream destination, identifying at least two of its network protocols;
  
  at the mobile device security system, performing a common security analysis on the data to be transmitted, based upon each of its identified network protocols, to determine if the data to be transmitted should be allowed to reach the downstream destination based upon whether the data received by the mobile communications device is safe or malicious.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, wherein the step of performing a common security analysis on at least a part of the data to be transmitted further comprises:
    - determining whether there is an additional protocol layer in the data to be transmitted or in a subset of the data to be transmitted; and
      
      if so, performing an additional security analysis on at least a part of the received data in the determined additional protocol.
  - 18. The method of claim 16, wherein if the step of identifying a first protocol of the received data fails to identify a protocol of the received data, the step of performing a common security analysis applies at least one deterministic analysis to at least a part of the data to be transmitted.

19. A method comprising:
- on a mobile device that employs multiple network protocols for processing data by mobile device operating system sub-systems, and that employs multiple network interfaces for receiving and sending data, at a mobile device security system, receiving data from a mobile device operating system sub-system, and in response to receiving_data from the mobile device operating system sub-system, identifying at least one network protocol for the data received from the mobile device operating system sub-system;
  
  in response to a request to transmit the data to a downstream destination, before the data to be transmitted is transmitted to the downstream destination, at the mobile device security system, identifying at least one network protocol for the data to be transmitted;
  
  based upon the identified protocol for the received data and the identified protocol for the data to be transmitted, respectively, performing a common security analysis of at least a part of the received data and of at least a part of the data to be transmitted to determine whether the data to be transmitted should be allowed to reach the downstream destination based upon whether the data to be transmitted by the mobile communications device is safe or malicious.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The method of claim 19, wherein the step of performing a common security analysis on at least a part of the received data further comprises:
    - determining whether there is an additional protocol in the received data or in a subset of the received data; and
      
      if so, performing an additional security analysis on at least a part of the received data in the determined additional protocol.
  - 21. The method of claim 19, wherein if the step of identifying a protocol of the received data fails to identify a protocol of the received data, the step of performing a common security analysis applies at least one deterministic analysis to at least a part of the received data.
  - 22. The method of claim 19, wherein the step of performing a common security analysis on at least a part of the data to be transmitted further comprises:
    - determining whether there is an additional protocol in the data to be transmitted or in a subset of the data to be transmitted; and
      
      if so, performing an additional security analysis on at least a part of the data to be transmitted in the determined additional protocol.
  - 23. The method of claim 19, wherein if the step of identifying a protocol of the data to be transmitted fails to identify a protocol of the data to be transmitted, the step of performing the common security analysis applies at least one deterministic analysis to at least a part of the data to be transmitted.

24. On a mobile communication device with an operating system and operating system subsystems, a method comprising:
- in response to the interception or detection of received data at at least two of multiple network interfaces on the mobile communication device, before the data is permitted to proceed to its target destination with an operating system subsystem, gathering the received data and identifying network protocols of the data received from each of the at least two multiple network interfaces;
  
  performing a common classification analysis on at least a part of the received data from each of the at least two multiple network interfaces according to the determined network protocol to determine a classification for the received data; and
  
  ,using the determined classification for the received data to determine whether the received data should either be allowed to proceed to its target destination, or be prevented from proceeding to its target destination.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Lookout Incorporated
Inventors
Mahaffey, Kevin

Granted Patent

US 9,065,846 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/1408   by monitoring network traff...

H04W 12/10   Integrity

H04W 12/128   Anti-malware arrangements, ...

H04W 88/06   adapted for operation in mu...

SYSTEM AND METHOD FOR SECURITY ANALYSIS BASED ON MULTIPLE PROTOCOLS

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

SYSTEM AND METHOD FOR SECURITY ANALYSIS BASED ON MULTIPLE PROTOCOLS

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others