Security system and method for handheld computers
First Claim
Patent Images
1. A method for detecting potentially harmful actions on a handheld computer, the method comprising:
- monitoring calls to applications resident on the handheld computer;
identifying a code associated with a program initiating said call;
wherein identifying a code comprises identifying a creator code on a handheld computer operating system; and
at least temporarily preventing an action requested by said call from being executed if the identified creator code does not match a creator code associated with data said action is to be performed upon;
wherein the creator code is used to prevent malicious behavior;
wherein at least one of the applications is identified as a trusted application;
wherein the trusted application is not prevented from performing actions even if the creator code associated with the trusted application does not match the creator code associated with the data said action is to be performed upon;
wherein the creator code is a 4-byte value used to tie together a plurality of databases related to an application, at least one database is maintained on the handheld computer using a first creator code that is the same as a second creator code associated with a plurality of patches, the at least one database contains a list of a plurality of the creator codes resident on the handheld computer, and at least one creator code is used to prevent a program from modifying one of the databases with a different creator code.
13 Assignments
0 Petitions
Accused Products
Abstract
A method for detecting possible harmful actions on a handheld computer before they are executed. The method includes monitoring calls to applications resident on the handheld computer and identifying a code associated with a program initiating the call. The action requested by the call is at least temporarily prevented from being performed if the identified code does not correspond to a code associated with data the action is to be performed upon.
84 Citations
18 Claims
-
1. A method for detecting potentially harmful actions on a handheld computer, the method comprising:
-
monitoring calls to applications resident on the handheld computer; identifying a code associated with a program initiating said call; wherein identifying a code comprises identifying a creator code on a handheld computer operating system; and at least temporarily preventing an action requested by said call from being executed if the identified creator code does not match a creator code associated with data said action is to be performed upon; wherein the creator code is used to prevent malicious behavior; wherein at least one of the applications is identified as a trusted application; wherein the trusted application is not prevented from performing actions even if the creator code associated with the trusted application does not match the creator code associated with the data said action is to be performed upon; wherein the creator code is a 4-byte value used to tie together a plurality of databases related to an application, at least one database is maintained on the handheld computer using a first creator code that is the same as a second creator code associated with a plurality of patches, the at least one database contains a list of a plurality of the creator codes resident on the handheld computer, and at least one creator code is used to prevent a program from modifying one of the databases with a different creator code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 15, 16, 17, 18)
-
-
11. A method for detecting potentially harmful actions on a handheld computer, the method comprising:
-
monitoring requests for action by applications on the handheld computer; evaluating said requests to determine if said requests may result in potentially harmful behavior to data stored on the handheld computer; preventing said action from being performed if one of said requests for action is identified as potentially harmful behavior; and notifying a user of the handheld computer of said potentially harmful behavior; wherein evaluating said requests comprises comparing a creator code associated with the application requesting said action with a creator code associated with data the action is to be performed upon; wherein the creator code is used to prevent malicious behavior; wherein at least one of the applications is identified as a trusted application; wherein the trusted application is not prevented from performing actions even if said one request is identified as potentially harmful, if requested by the trusted application; wherein the creator code is a 4-byte value used to tie together a plurality of databases related to an application, at least one database is maintained on the handheld computer using a first creator code that is the same as a second creator code associated with a plurality of patches, the at least one database contains a list of a plurality of the creator codes resident on the handheld computer, and at least one creator code is used to prevent a program from modifying one of the databases with a different creator code. - View Dependent Claims (12)
-
-
13. A computer program product for detecting possibly harmful actions on a handheld computer before the actions are executed, the product comprising:
-
computer code that monitors calls to applications resident on the handheld computer; computer code that identifies a code associated with a program initiating said call; wherein a creator code on a handheld computer operating system is identified; computer code that at least temporarily prevents an action requested by said call from being performed if the identified creator code does not match a creator code associated with data said action is to be performed upon; and a computer readable medium that stores said computer codes; wherein the creator code is used to prevent malicious behavior; wherein at least one of the applications is identified as a trusted application; wherein the trusted application is not prevented from performing actions even if the creator code associated with the trusted application docs not match the creator code associated with the data said action is to be performed upon; wherein the creator code is a 4-byte value used to tie together a plurality of databases related to an application, at least one database is maintained on the handheld computer using a first creator code that is the same as a second creator code associated with a plurality of patches, the at least one database contains a list of a plurality of the creator codes resident on the handheld computer, and at least one creator code is used to prevent a program from modifying one of the databases with a different creator code.
-
-
14. A computer program product for detecting possibly harmful actions on a handheld computer before the actions are executed, the product comprising:
-
computer code that monitors requests for action by applications on the handheld computer; computer code that evaluates said requests to determine if said requests may result in potentially harmful behavior to data stored on the handheld computer; computer code that prevents said action from being performed if one of said requests for action is identified as potentially harmful behavior; computer code that notifies a user of the handheld computer of said potentially harmful behavior; and a computer readable medium that stores said computer codes; wherein evaluating said requests comprises comparing a creator code associated with the application requesting said action with a creator code associated with data the action is to be performed upon; wherein the creator code is used to prevent malicious behavior; wherein at least one of the applications is identified as a trusted application; wherein the trusted application is not prevented from performing actions even if the creator code associated with the trusted application does not match the creator code associated with the data said action is to be performed upon; wherein the creator code is a 4-byte value used to tie together a plurality of databases related to an application, at least one database is maintained on the handheld computer using a first creator code that is the same as a second creator code associated with a plurality of patches, the at least one database contains a list of a plurality of the creator codes resident on the handheld computer, and at least one creator code is used to prevent a program from modifying one of the databases with a different creator code.
-
Specification