PREVENTIVE INTRUSION DEVICE AND METHOD FOR MOBILE DEVICES

US 20140181972A1
Filed: 04/18/2013
Published: 06/26/2014
Est. Priority Date: 04/18/2012
Status: Active Grant

First Claim

Patent Images

1. A computerized system for preventing network attacks on a communication device which receive a plurality of network packets in a wireless communication network, said system comprising:

a) a computer readable firmware comprising;

i) a Pattern Detector module configured to inspect the received packets and mark the received packets as suspicious or normal packets according to filtering settings;

ii) a packet filter module configured to filter the packets at a kernel level and transmit the received packets to the Pattern Detector module; and

b) a computer readable kernel extension module configure to receive the packets from the firmware module at an application level, detect the pattern of the marked packets and if the packets are not marked further examine the packets at the next lower software layer.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing an intrusion prevention system to prevent hacking into files located on enterprise users'"'"' endpoint devices functioning as mobile computing platforms. The method includes filtering low-level network packets for each of a plurality of received network packets, offloading the received packets to an inspecting processing module and marking suspicious packets based on at least one of a header and pattern of each of said received packets. The method also includes taking preventive measures by the system to ensure protection of the device and network, taking active steps by the system to block suspicious traffic and disconnecting the current connection by the system, when it detects suspicious traffic.

49 Citations

View as Search Results

36 Claims

1. A computerized system for preventing network attacks on a communication device which receive a plurality of network packets in a wireless communication network, said system comprising:
- a) a computer readable firmware comprising;
  
  i) a Pattern Detector module configured to inspect the received packets and mark the received packets as suspicious or normal packets according to filtering settings;
  
  ii) a packet filter module configured to filter the packets at a kernel level and transmit the received packets to the Pattern Detector module; and
  
  b) a computer readable kernel extension module configure to receive the packets from the firmware module at an application level, detect the pattern of the marked packets and if the packets are not marked further examine the packets at the next lower software layer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, comprising a zCore Application Program Interface (API) configured to be used by 3rd party applications.
  - 3. The system of claim 2 wherein the 3^rdparty applications are external partner applications or developer applications.
  - 4. The system of claim 1, comprising a 3rd party firmware in communication with said packet filter configured to receive said packets.
  - 5. The system of claim 4 where the 3^rdparty firmware is a WiFi firmware.
  - 6. The system of claim 1 wherein the 3^rdparty applications are configured to supply security solution vendors the ability to integrate and receive notifications of intrusions or register new intrusions events.
  - 7. The system of claim 1 wherein the filtering settings are selected from the group consisting of:
    - Pattern Match handler, pattern Conditions, pattern Constrains.
  - 8. The system of claim 7 wherein the filtering settings are stored in a secure storage module.
  - 9. The system of claim 1 comprising a secure interface module configured to specify the deterministic and heuristic patterns of the received network packets
  - 10. The system of claim 1 wherein the firmware is configured to provide a Threat Response Matrix.
  - 11. The system of claim 10 wherein said matrix is configured to represent the communication device protocol state and the probability of having an anomaly packet in real-time.
  - 12. The system of claim 1 wherein the firmware is stored in said communication device.

13. A method for preventing network attacks on a communication device comprising:
- a. receiving a network packet at a computerized readable firmware module comprised in said communication device;
  
  b. filtering the received packet at said firmware module by a packet filter module;
  
  c. marking the received packets as ‘
  
  normal’
  
  or ‘
  
  suspicious’
  
  packet by a pattern detector according to filtering settings criteria;
  
  d. offloading the received packet to a computerized readable zCore kernel extension module at a next software layer;
  
  e. detecting the pattern of the marked packets by said zCore kernel module; and
  
  f. offloading the normal packets to the next software layer.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, comprising receiving said packets by a 3^rdParty firmware.
  - 15. The method of claim 14, wherein said 3^rdparty firmware is a WiFi firmware.
  - 16. The method of claim 13 comprising providing a Threat Response Matrix according the received packets pattern.

17. A communication device comprising:
- a computer readable intrusion prevention firmware configured to prevent hacking into said device computing platforms, said firmware comprising;
  
  ;
  
  a) a WiFi firmware module configured to receive a plurality of network packets;
  
  b) a packet filter module configured to filter said received packets;
  
  c) a pattern detector module configured to detect the pattern of said received packets according to filtering settings criteria; and
  
  d) a secure storage module configured to store said filtering settings criteria.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The device of claim 17, selected from the group consisting of mobile phones, smart phones, laptops and tablets.
  - 19. The device of claim 17, wherein the device is host-based and/or network-based.
  - 20. The device of claim 17, comprising providing an interface for intrusion detection offloading at said firmware level.
  - 21. The device of claim 17, comprising providing security elevating permission by a 3^rdparty applications.

22. A method for providing an intrusion prevention system to prevent threats or attacks on mobile computing platforms which transmit information in a communication network, the method comprising:
- filtering network packets for each of a plurality of received network packets;
  
  offloading the received packets to an inspecting processing module;
  
  marking suspicious packets based on at least one of;
  
  a header; and
  
  pattern of each of said received packets;
  
  taking preventive measures by the system to ensure protection of the mobile computing platforms.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 23. The method of claim 22, further comprising providing a framework for 3rd party applications to receive application level security by obtaining keys to be used for authentication.
  - 24. The method of claim 22, wherein the system runs with normal privileges on low end applications.
  - 25. The method of claim 22, wherein the system provides packet inspection firmware.
  - 26. The method of claim 22, wherein the mobile computing platforms comprise at least one of mobile device or phones, smart phone, laptops or tablet connected to a mobile network.
  - 27. The method of claim 22, wherein the system is host-based and/or network-based.
  - 28. The method of claim 22, wherein the threat manifests itself through an unexpected or unauthorized privilege escalation.
  - 29. The method of claim 28, wherein privilege escalations are identified as either expected behavior or unexpected behavior or unauthorized privilege escalations.
  - 30. The method of claim 22, further comprising providing process based on behavioral analysis of the attacks in order to prevent false positives, without increasing the number of false negatives.
  - 31. The method of claim 22, wherein the system needs to inspect only a small percentage of the network packets
  - 32. The method of claim 22, wherein the system comprises at least a packet filter, a WIFI software storage and a pattern recognizer.
  - 33. The method of claim 32, wherein the pattern recognizer is trained to recognize and record the attacks.
  - 34. The method of claim 22, further comprising taking active steps by the system to block suspicious traffic.
  - 35. The method of claim 34, further comprising disconnecting the current connection by the system, when it detects suspicious traffic.
  - 36. The method of claim 22, further comprising automatically creating a new logic base by creating serialized data which represents the attacks and the relationships with the data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zimperium, Inc., Zimperium Ltd. (Zimperium, Inc.)
Original Assignee
Zimperium, Inc.
Inventors
Karta, Yaniv, Avraham, Itzhak

Granted Patent

US 8,997,231 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

H04L 63/0245   Filtering by information in...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

PREVENTIVE INTRUSION DEVICE AND METHOD FOR MOBILE DEVICES

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

PREVENTIVE INTRUSION DEVICE AND METHOD FOR MOBILE DEVICES

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links