Updating malware definition data for mobile data processing devices
First Claim
Patent Images
1. A computer program product embodied on a computer readable medium for controlling a mobile data processing device to update malware definition data for a malware scanner of said mobile data processing decide, said computer program product comprising:
- (i) link establish code operable to establish a wireless telephony link between said mobile data processing device and a public wireless telephony network;
(ii) update receiving code operable to receive malware definition updating data at said mobile data processing device via a data channel of said wireless telephony link; and
(iii) malware definition updating code operable to update malware definition data stored upon said mobile data processing device using said malware definition updating data;
wherein said mobile data processing device registers with a base station of said wireless telephony network when said link is established such that said base station and said wireless telephony network are notified of a telephone number of said mobile data processing device for use in sending said malware definition updating data to said mobile data processing device;
wherein when received data is received at said mobile data processing device, a type of said received data is identified to determine if said received data is said malware definition updating data, such that if said received data is said malware definition updating data, a digital signature associated with said malware definition updating data is verified;
wherein if said digital signature is not verified, said malware definition updating data is ignored;
wherein if said digital signature is verified, said malware definition updating data is utilized to update said malware definition data stored upon said mobile data processing device by appending said malware definition updating data to said malware definition data;
wherein said malware definition updating data is provided in a malware definition updating file, where said file is generated by one of automatically, semi-automatically, and manually upon an analysis of newly discovered malware and where said file includes a detection fingerprint, and at least one of a removal action and a disinfection action to be taken in response to a detection of said newly discovered malware;
wherein said mobile data processing device is identified by a database of subscribers to an update service associated with said malware scanner, where said database includes said telephone number of said mobile data processing device to which said malware definition updating data is to be sent and a type of said mobile data processing device such that only malware definition updating data that is appropriate to said type of said mobile data processing device is sent to said mobile data processing device.
11 Assignments
0 Petitions
Accused Products
Abstract
The malware definition data of mobile data processing devices is updated via a data channel associated with a wireless telephony link to that mobile data processing device. The data channel may be the same channel wed for SMS messaging and the transfer of control information. The mobile data processing device is typically a mobile telephone. The update data may be digitally signed to increase security.
174 Citations
48 Claims
-
1. A computer program product embodied on a computer readable medium for controlling a mobile data processing device to update malware definition data for a malware scanner of said mobile data processing decide, said computer program product comprising:
-
(i) link establish code operable to establish a wireless telephony link between said mobile data processing device and a public wireless telephony network; (ii) update receiving code operable to receive malware definition updating data at said mobile data processing device via a data channel of said wireless telephony link; and (iii) malware definition updating code operable to update malware definition data stored upon said mobile data processing device using said malware definition updating data; wherein said mobile data processing device registers with a base station of said wireless telephony network when said link is established such that said base station and said wireless telephony network are notified of a telephone number of said mobile data processing device for use in sending said malware definition updating data to said mobile data processing device; wherein when received data is received at said mobile data processing device, a type of said received data is identified to determine if said received data is said malware definition updating data, such that if said received data is said malware definition updating data, a digital signature associated with said malware definition updating data is verified; wherein if said digital signature is not verified, said malware definition updating data is ignored; wherein if said digital signature is verified, said malware definition updating data is utilized to update said malware definition data stored upon said mobile data processing device by appending said malware definition updating data to said malware definition data; wherein said malware definition updating data is provided in a malware definition updating file, where said file is generated by one of automatically, semi-automatically, and manually upon an analysis of newly discovered malware and where said file includes a detection fingerprint, and at least one of a removal action and a disinfection action to be taken in response to a detection of said newly discovered malware; wherein said mobile data processing device is identified by a database of subscribers to an update service associated with said malware scanner, where said database includes said telephone number of said mobile data processing device to which said malware definition updating data is to be sent and a type of said mobile data processing device such that only malware definition updating data that is appropriate to said type of said mobile data processing device is sent to said mobile data processing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer program product embodied on a computer readable medium for controlling a computer to initiate updating of malware definition data for a malware scanner of a mobile data processing device, said computer program product comprising:
-
(i) link establishing code operable to establish a wireless telephony link to said mobile data processing device via a public wireless telephony network; and (ii) update sending code operable to send malware definition updating data to said mobile data processing device via a data channel of said wireless telephony link. wherein said mobile data processing device registers with a base station of said wireless telephony network when said link is established such that said base station and said wireless telephony network are notified of a telephone number of said mobile data processing device for use in sending said malware definition updating data to said mobile data processing device; wherein when received data is received at said mobile data processing device, a type of said received data is identified to determine if said received data is said malware definition updating data, such that if said received data is said malware definition undating data, a digital signature associated with said malware definition undating data is verified; wherein if said digital signature is not verified, said malware definition updating data is ignored, wherein if said digital signature is verified, said malware definition updating data is utilized to update malware definition data stored upon said mobile data processing device by appending said malware definition updating data to said malware definition data; wherein said malware definition updating data is provided in a malware definition updating file, where said file is generated by one of automatically, semi-automatically, and manually upon an analysis of newly discovered malware and where said file includes a detection fingerprint, and at least one of a removal action and a disinfection action to be taken in response to a detection of said newly discovered malware; wherein said mobile data processing device is identified by a database of subscribers to an update service associated with said malware scanner, where said database includes said telephone number of said mobile data processing device to which said malware definition undating data is to be sent and a type of said mobile data processing device such that only malware definition updating data that is appropriate to said type of said mobile data processing device is sent to said mobile data processing device. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method of updating malware definition data for a malware scanner of a mobile data processing device, said method comprising the steps of:
-
(i) establishing a wireless telephony link between said mobile data processing device and a public wireless telephony network; (ii) receiving malware definition updating data at said mobile data processing device via a data channel of said wireless telephony link; and (iii) updating malware definition data stored upon said mobile data processing device using said malware definition updating data; wherein said mobile data processing device registers with a base station of said wireless telephony network when said link is established such that said base station and said wireless telephony network are notified of a telephone number of said mobile data processing device for use in sending said malware definition updating data to said mobile data processing device; wherein when received data is received at said mobile data processing device, a type of said received data is identified to determine if said received data is said malware definition updating data, such that if said received data is said malware definition updating data, a digital signature associated with said malware definition updating data is verified; wherein if said digital signature is not verified, said malware definition updating data is ignored; wherein if said digital signature is verified, said malware definition undating data is utilized to update said malware definition data stored upon said mobile data processing device by appending said malware definition updating data to said malware definition data; wherein said malware definition updating data is provided in a malware definition updating file, where said file is generated by one of automatically, semi-automatically, and manually upon an analysis of newly discovered malware and where said file includes a detection fingerprint, and at least one of a removal action and a disinfection action to be taken in response to a detection of said newly discovered malware; wherein said mobile data processing device is identified by a database of subscribers to an update service associated with said malware scanner, where said database includes said telephone number of said mobile data processing device to which said malware definition updating data is to be sent and a type of said mobile data processing device such that only malware definition undating data that is appropriate to said type of said mobile data processing device is sent to said mobile data processing device. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A method of updating malware definition data for a malware scanner of a mobile data processing device, said method comprising the steps of;
-
(i) establishing a wireless telephony link to said mobile data processing device via a public wireless telephony network; and (ii) sending malware definition updating data to said mobile data processing device via a data channel of said wireless telephony link; wherein said mobile data processing device registers with a base station of said wireless telephony network when said link is established such that said base station and said wireless telephony network are notified of a telephone number of said mobile data processing device for use in sending said malware definition updating data to said mobile data processing device; wherein when received data is received at said mobile data processing device, a type of said received data is identified to determine if said received data is said malware definition updating data, such that if said received data is said malware definition updating data, a digital signature associated with said malware definition updating data is verified; wherein if said digital signature is not verified, said malware definition updating data is ignored; wherein if said digital signature is verified, said malware definition updating data is utilized to update malware definition data stored upon said mobile data processing device by appending said malware definition updating data to said malware definition data; wherein said malware definition updating data is provided in a malware definition updating file, where said file is generated by one of automatically, semi-automatically, and manually upon an analysis of newly discovered malware and where said file includes a detection fingerprint, and at least one of a removal action and a disinfection action to be taken in response to a detection of said newly discovered malware; wherein said mobile data processing device is identified by a database of subscribers to an update service associated with said malware scanner, where said database includes said telephone number of said mobile data processing device to which said malware definition updating data is to be sent and a type of said mobile data processing device such that only malware definition updating data that is appropriate to said type of said mobile data processing device is sent to said mobile data processing device. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
-
-
33. Apparatus for controlling a mobile data processing device to update malware definition data for a malware scanner of said mobile data processing device, said apparatus comprising:
-
(i) link establishing means for establishing a wireless telephony link between said mobile data processing device and a public wireless telephony network; (ii) update receiving means for receiving malware definition updating data at said mobile data processing device via a data channel of said wireless telephony link; and (iii) malware definition updating means for updating malware definition data stored upon said mobile data processing device using said malware definition updating data; wherein said mobile data processing device registers with a base station of said wireless telephony network when said link is established such that said base station and said wireless telephony network are notified of a telephone number of said mobile data processing device for use in sending said malware definition updating data to said mobile data processing device; wherein when received data is received at said mobile data processing device, a type of said received data is identified to determine if said received data is said malware definition updating data, such that if said received data is said malware definition. updating data, a digital signature associated with said malware definition updating data is verified; wherein if said digital signature is not verified, said malware definition updating data is ignored; wherein if said digital signature is verified, said malware definition updating data is utilized to update said malware definition data stored upon said mobile data processing device by appending said malware definition updating data to said malware definition data; wherein said malware definition updating data is provided in a malware definition updating file, where said file is generated by one of automatically, semi-automatically, and manually upon an analysis of newly discovered malware and where said file includes a detection fingerprint, and at least one of a removal action and a disinfection action to be taken in response to a detection of said newly discovered malware; wherein said mobile data processing device is identified by a database of subscribers to an update service associated with said malware scanner, where said database includes said telephone number of said mobile data processing device to which said malware definition updating data is to be sent and a type of said mobile data processing device such that only malware definition updating data that is appropriate to said type of said mobile data processing device is sent to said mobile data processing device. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
-
-
41. Apparatus for controlling a computer to initiate updating of malware definition data for a malware scanner of a mobile data processing device, said apparatus comprising:
-
(i) link establishing means for establishing a wireless telephony link to said mobile data processing device via a public wireless telephony network; and (ii) update sending means for sending malware definition updating data to said mobile data processing device via a data channel of said wireless telephony link; wherein said mobile data processing device registers with a base station of said wireless telephony network when said link is established such tat said base station and said wireless telephony network are notified of a telephone number of said mobile data processing device for use in sending said malware definition updating data to said mobile data processing device; wherein when received data is received at said mobile data processing device, a type of said received data is identified to determine if said received data is said malware definition updating data, such that if said received data is said malware definition updating data, a digital signature associated with said malware definition updating data is verified; wherein if said digital signature is not verified, said malware definition updating data is ignored; wherein if said digital signature is verified, said malware definition updating data is utilized to update malware definition data stored upon said mobile data processing device by appending said malware definition updating data to said malware definition data; wherein said malware definition updating data is provided in a malware definition updating file, where said file is generated by one of automatically, semi-automatically, and manually upon an analysis of newly discovered malware and where said file includes a detection fingerprint, and at least one of a removal action and a disinfection action to be taken in response to a detection of said newly discovered malware; wherein said mobile data processing device is identified by a database of subscribers to an update service associated with said malware scanner, where said database includes said telephone number of said mobile data processing device to which said malware definition undating data is to be sent and a type of said mobile data processing device such that only malware definition updating data that is appropriate to said type of said mobile data processing device is sent to said mobile data processing device. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48)
-
Specification