IN-LINE FILTERING OF INSECURE OR UNWANTED MOBILE DEVICE SOFTWARE COMPONENTS OR COMMUNICATIONS

US 20140331281A1
Filed: 07/14/2014
Published: 11/06/2014
Est. Priority Date: 06/25/2012
Status: Active Grant

First Claim

Patent Images

1. A system for in-line filtering of applications for mobile devices, comprising:

a hardware processor of an inline filtering device configured to;

intercept a request for downloading an application to a mobile device;

throttle the request for downloading the application to the mobile device pending determination of a result of a risk analysis of the application based on an application risk policy, wherein the application is blocked from completing a transfer to the mobile device while it is throttled at the inline filtering device; and

modify a response to the request for downloading the application to the mobile device; and

a memory coupled to the hardware processor and configured to provide the hardware processor with instructions.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for in-line filtering of insecure or unwanted mobile components or communications (e.g., insecure or unwanted behaviors associated with applications for mobile devices (“apps”), updates for apps, communications to/from apps, operating system components/updates for mobile devices, etc.) for mobile devices are disclosed. In some embodiments, in-line filtering of apps for mobile devices includes intercepting a request for downloading an application to a mobile device; and modifying a response to the request for downloading the application to the mobile device. In some embodiments, the response includes a notification that the application cannot be downloaded due to an application risk policy violation.

Citations

20 Claims

1. A system for in-line filtering of applications for mobile devices, comprising:
- a hardware processor of an inline filtering device configured to;
  
  intercept a request for downloading an application to a mobile device;
  
  throttle the request for downloading the application to the mobile device pending determination of a result of a risk analysis of the application based on an application risk policy, wherein the application is blocked from completing a transfer to the mobile device while it is throttled at the inline filtering device; and
  
  modify a response to the request for downloading the application to the mobile device; and
  
  a memory coupled to the hardware processor and configured to provide the hardware processor with instructions.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system recited in claim 1, wherein the response includes a notification that the application cannot be downloaded due to a violation of the application risk policy.
  - 3. The system recited in claim 1, wherein the hardware processor is further configured to:
    - filter traffic in-line from the mobile device to the Internet;
      
      determine that the filtered traffic from the mobile device includes the request for downloading the application to the mobile device; and
      
      determine the response to the application request based on the application risk policy, wherein the application risk policy is configured for an enterprise, and wherein the mobile device is associated with the enterprise.
  - 4. The system recited in claim 1, wherein the hardware processor is further configured to:
    - determine the response based on an application risk assessment for the application, wherein the application risk assessment is based at least in part on a behavior associated with the application.
  - 5. The system recited in claim 1, wherein the hardware processor is further configured to:
    - determine the application associated with the request violates the application risk policy based on an application analysis of the application.

6. A system for in-line filtering of applications for mobile devices, comprising:
- a hardware processor of an inline filtering device configured to;
  
  perform in-line filtering of traffic from a mobile device to the Internet;
  
  identify an application request from the in-line filtering of traffic from the mobile device to the Internet, wherein the application request includes a request to download an application to the mobile device;
  
  throttle the request for downloading the application to the mobile device pending determination of a result of a risk analysis of the application based on an application risk policy, wherein the application is blocked from completing a transfer to the mobile device while it is throttled at the inline filtering device; and
  
  modify a response to the application request that is communicated to the mobile device; and
  
  a memory coupled to the hardware processor and configured to provide the hardware processor with instructions.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system recited in claim 6, wherein the modified response includes a notification that the application cannot be downloaded due to a violation of the application risk policy.
  - 8. The system recited in claim 6, wherein the hardware processor is further configured to:
    - determine the response to the application request based on the application risk policy.
  - 9. The system recited in claim 6, wherein the hardware processor is further configured to:
    - determine the response to the application request based on the application risk policy, wherein the application risk policy includes an application risk profile based on behavior associated with the application.
  - 10. The system recited in claim 6, wherein the hardware processor is further configured to:
    - intercept application requests from a plurality of mobile devices.

11. A method of in-line filtering of applications for mobile devices, comprising:
- performing in-line filtering of traffic from a mobile device to the Internet using a hardware processor of an inline filtering device;
  
  identifying an application request from the in-line filtering of traffic from the mobile device to the Internet, wherein the application request includes a request to download an application to the mobile device;
  
  throttling the request for downloading the application to the mobile device pending determination of a result of a risk analysis of the application based on an application risk policy, wherein the application is blocked from completing a transfer to the mobile device while it is throttled at the inline filtering device; and
  
  modifying a response to the application request that is communicated to the mobile device.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein the modified response includes a notification that the application cannot be downloaded due to a violation of the application risk policy.
  - 13. The method of claim 11, further comprising:
    - determining the response to the application request based on the application risk policy.
  - 14. The method of claim 11, further comprising:
    - determining the response to the application request based on the application risk policy, wherein the application risk policy includes an application risk profile based on behavior associated with the application.
  - 15. The method of claim 11, further comprising:
    - intercepting application requests from a plurality of mobile devices.

16. A system for in-line filtering of insecure or unwanted mobile device communications for mobile devices, comprising:
- a hardware processor of an inline filtering device configured to;
  
  intercept a communication from a mobile device at the in-line filtering device;
  
  determine whether the communication from the mobile device includes an insecure or unwanted mobile device communication; and
  
  throttle the communication at the inline filtering device pending determination of a result of a risk analysis of the application based on a traffic policy for mobile device communications associated with the mobile device, wherein the traffic policy for mobile device communications associated with the mobile device includes at least one rule based at least in part on an application search request, and wherein the communication is blocked from completing a transfer of a response to the communication to the mobile device while it is throttled at the inline filtering device; and
  
  a memory coupled to the hardware processor and configured to provide the hardware processor with instructions.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system recited in claim 16, wherein the determination that the communication from the mobile device includes an insecure or unwanted mobile device communication is based on the traffic policy associated with the mobile device.
  - 18. The system recited in claim 16, wherein the hardware processor is further configured to:
    - block the communication from the mobile device if it is determined that the communication from the mobile device is an insecure or unwanted mobile device communication based on the traffic policy for mobile device communications.
  - 19. The system recited in claim 16, wherein the communication from the mobile device includes an application search request from the mobile device to a public application market.
  - 20. The system recited in claim 16, wherein the communication from the mobile device includes an application search request from the mobile device to a public application market notification, and wherein the processor is further configured to:
    - modify a response to the application search request to filter applications listed in the response based on an application risk policy, wherein the modified response includes a is notification that one or more applications responsive to the application search request were removed from the response.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Appthority Incorporated (Gen Digital Inc.)
Inventors
Bettini, Anthony John, Watkins, Kevin, Guerra, Domingo J., Price, Michael

Granted Patent

US 9,178,852 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

H04L 63/0227   Filtering policies mail mes...

H04L 63/0245   Filtering by information in...

H04L 63/105   Multiple levels of security

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 67/34   involving the movement of s...

IN-LINE FILTERING OF INSECURE OR UNWANTED MOBILE DEVICE SOFTWARE COMPONENTS OR COMMUNICATIONS

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

IN-LINE FILTERING OF INSECURE OR UNWANTED MOBILE DEVICE SOFTWARE COMPONENTS OR COMMUNICATIONS

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links