Security system and method for handheld computers

US 6,934,857 B1
Filed: 11/27/2000
Issued: 08/23/2005
Est. Priority Date: 11/27/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for detecting potentially harmful actions on a handheld computer, the method comprising:

monitoring calls to applications resident on the handheld computer;

identifying a code associated with a program initiating said call;

wherein identifying a code comprises identifying a creator code on a handheld computer operating system; and

at least temporarily preventing an action requested by said call from being executed if the identified creator code does not match a creator code associated with data said action is to be performed upon;

wherein the creator code is used to prevent malicious behavior;

wherein at least one of the applications is identified as a trusted application;

wherein the trusted application is not prevented from performing actions even if the creator code associated with the trusted application does not match the creator code associated with the data said action is to be performed upon;

wherein the creator code is a 4-byte value used to tie together a plurality of databases related to an application, at least one database is maintained on the handheld computer using a first creator code that is the same as a second creator code associated with a plurality of patches, the at least one database contains a list of a plurality of the creator codes resident on the handheld computer, and at least one creator code is used to prevent a program from modifying one of the databases with a different creator code.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for detecting possible harmful actions on a handheld computer before they are executed. The method includes monitoring calls to applications resident on the handheld computer and identifying a code associated with a program initiating the call. The action requested by the call is at least temporarily prevented from being performed if the identified code does not correspond to a code associated with data the action is to be performed upon.

84 Citations

View as Search Results

18 Claims

1. A method for detecting potentially harmful actions on a handheld computer, the method comprising:
- monitoring calls to applications resident on the handheld computer;
  
  identifying a code associated with a program initiating said call;
  
  wherein identifying a code comprises identifying a creator code on a handheld computer operating system; and
  
  at least temporarily preventing an action requested by said call from being executed if the identified creator code does not match a creator code associated with data said action is to be performed upon;
  
  wherein the creator code is used to prevent malicious behavior;
  
  wherein at least one of the applications is identified as a trusted application;
  
  wherein the trusted application is not prevented from performing actions even if the creator code associated with the trusted application does not match the creator code associated with the data said action is to be performed upon;
  
  wherein the creator code is a 4-byte value used to tie together a plurality of databases related to an application, at least one database is maintained on the handheld computer using a first creator code that is the same as a second creator code associated with a plurality of patches, the at least one database contains a list of a plurality of the creator codes resident on the handheld computer, and at least one creator code is used to prevent a program from modifying one of the databases with a different creator code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 15, 16, 17, 18)
- - 2. The method of claim 1 wherein monitoring calls to applications comprises installing a patch on the handheld computer, the patch being operable to intercept calls.
  - 3. The method of claim 2 wherein installing a patch comprises replacing an API address with a patch address.
  - 4. The method of claim 2 wherein installing a patch comprises utilizing get trap and set trap commands.
  - 5. The method of claim 1 further comprising receiving data on an infrared port of the handheld computer and installing said date in a temporary database.
  - 6. The method of claim 5 further comprising asking a user whether to accept said data before loading said data onto the handheld computer.
  - 7. The method of claim 1 wherein the action requested is a password manipulation.
  - 8. The method of claim 1 wherein the action requested is deletion of data.
  - 9. The method of claim 1 wherein the action requested is modification of data.
  - 10. The method of claim 1 wherein the action requested is manipulation of an operating system.
  - 15. The method of claim 1, wherein a user has an options of disabling the detection of potentially harmful actions, specifying whether a plurality of databases scanned by a virus scanner are considered trusted if the virus scanner returns a favorable result, requiring a password to turn the handheld computer on, checking data that has entered the handheld computer through an infra-red (IR) port, protecting passwords, and specifying the trusted application.
  - 16. The method of claim 1, wherein the temporary prevention of the action requested by said call involves notifying a user that the potentially harmful action has been requested and giving the user a plurality of options selected from the group consisting of:
    - allowing one of the applications to continue with the action, always allowing one of the applications to perform the action, and preventing one of the applications from performing the action.
  - 17. The method of claim 4, wherein the get trap and set trap commands identify a pointer to an original address and replace the original address with a new patch address.
  - 18. The method of claim 1, wherein an efficient detection of viruses is provided for the handheld computer without sacrificing limited memory of the handheld computer.

11. A method for detecting potentially harmful actions on a handheld computer, the method comprising:
- monitoring requests for action by applications on the handheld computer;
  
  evaluating said requests to determine if said requests may result in potentially harmful behavior to data stored on the handheld computer;
  
  preventing said action from being performed if one of said requests for action is identified as potentially harmful behavior; and
  
  notifying a user of the handheld computer of said potentially harmful behavior;
  
  wherein evaluating said requests comprises comparing a creator code associated with the application requesting said action with a creator code associated with data the action is to be performed upon;
  
  wherein the creator code is used to prevent malicious behavior;
  
  wherein at least one of the applications is identified as a trusted application;
  
  wherein the trusted application is not prevented from performing actions even if said one request is identified as potentially harmful, if requested by the trusted application;
  
  wherein the creator code is a 4-byte value used to tie together a plurality of databases related to an application, at least one database is maintained on the handheld computer using a first creator code that is the same as a second creator code associated with a plurality of patches, the at least one database contains a list of a plurality of the creator codes resident on the handheld computer, and at least one creator code is used to prevent a program from modifying one of the databases with a different creator code.
- View Dependent Claims (12)
- - 12. The method of claim 11 wherein monitoring the requests for action comprises monitoring API calls.

13. A computer program product for detecting possibly harmful actions on a handheld computer before the actions are executed, the product comprising:
- computer code that monitors calls to applications resident on the handheld computer;
  
  computer code that identifies a code associated with a program initiating said call;
  
  wherein a creator code on a handheld computer operating system is identified;
  
  computer code that at least temporarily prevents an action requested by said call from being performed if the identified creator code does not match a creator code associated with data said action is to be performed upon; and
  
  a computer readable medium that stores said computer codes;
  
  wherein the creator code is used to prevent malicious behavior;
  
  wherein at least one of the applications is identified as a trusted application;
  
  wherein the trusted application is not prevented from performing actions even if the creator code associated with the trusted application docs not match the creator code associated with the data said action is to be performed upon;
  
  wherein the creator code is a 4-byte value used to tie together a plurality of databases related to an application, at least one database is maintained on the handheld computer using a first creator code that is the same as a second creator code associated with a plurality of patches, the at least one database contains a list of a plurality of the creator codes resident on the handheld computer, and at least one creator code is used to prevent a program from modifying one of the databases with a different creator code.

14. A computer program product for detecting possibly harmful actions on a handheld computer before the actions are executed, the product comprising:
- computer code that monitors requests for action by applications on the handheld computer;
  
  computer code that evaluates said requests to determine if said requests may result in potentially harmful behavior to data stored on the handheld computer;
  
  computer code that prevents said action from being performed if one of said requests for action is identified as potentially harmful behavior;
  
  computer code that notifies a user of the handheld computer of said potentially harmful behavior; and
  
  a computer readable medium that stores said computer codes;
  
  wherein evaluating said requests comprises comparing a creator code associated with the application requesting said action with a creator code associated with data the action is to be performed upon;
  
  wherein the creator code is used to prevent malicious behavior;
  
  wherein at least one of the applications is identified as a trusted application;
  
  wherein the trusted application is not prevented from performing actions even if the creator code associated with the trusted application does not match the creator code associated with the data said action is to be performed upon;
  
  wherein the creator code is a 4-byte value used to tie together a plurality of databases related to an application, at least one database is maintained on the handheld computer using a first creator code that is the same as a second creator code associated with a plurality of patches, the at least one database contains a list of a plurality of the creator codes resident on the handheld computer, and at least one creator code is used to prevent a program from modifying one of the databases with a different creator code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
Networks Associates Technology, Inc. (McAfee, LLC)
Inventors
Bartleson, Todd, Haagensen, Brandt, Cox, Brian R.
Primary Examiner(s)
Vu, Kim
Assistant Examiner(s)
AKPATI, ODAICHE T

Application Number

US09/724,187
Time in Patent Office

1,730 Days
Field of Search

235/472, 235/106, 382/313, 358/473, 713/188, 713/193, 713/200, 713/201, 713/165, 713/187, 713/202, 705/405
US Class Current

726/5
CPC Class Codes

G06F 21/54 by adding security routines...

G06F 2221/2101 Auditing as a secondary aspect

Security system and method for handheld computers

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

84 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Security system and method for handheld computers

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

84 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links