Updating malware definition data for mobile data processing devices

US 7,210,168 B2
Filed: 10/15/2001
Issued: 04/24/2007
Est. Priority Date: 10/15/2001
Status: Active Grant

First Claim

Patent Images

1. A computer program product embodied on a computer readable medium for controlling a mobile data processing device to update malware definition data for a malware scanner of said mobile data processing decide, said computer program product comprising:

(i) link establish code operable to establish a wireless telephony link between said mobile data processing device and a public wireless telephony network;

(ii) update receiving code operable to receive malware definition updating data at said mobile data processing device via a data channel of said wireless telephony link; and

(iii) malware definition updating code operable to update malware definition data stored upon said mobile data processing device using said malware definition updating data;

wherein said mobile data processing device registers with a base station of said wireless telephony network when said link is established such that said base station and said wireless telephony network are notified of a telephone number of said mobile data processing device for use in sending said malware definition updating data to said mobile data processing device;

wherein when received data is received at said mobile data processing device, a type of said received data is identified to determine if said received data is said malware definition updating data, such that if said received data is said malware definition updating data, a digital signature associated with said malware definition updating data is verified;

wherein if said digital signature is not verified, said malware definition updating data is ignored;

wherein if said digital signature is verified, said malware definition updating data is utilized to update said malware definition data stored upon said mobile data processing device by appending said malware definition updating data to said malware definition data;

wherein said malware definition updating data is provided in a malware definition updating file, where said file is generated by one of automatically, semi-automatically, and manually upon an analysis of newly discovered malware and where said file includes a detection fingerprint, and at least one of a removal action and a disinfection action to be taken in response to a detection of said newly discovered malware;

wherein said mobile data processing device is identified by a database of subscribers to an update service associated with said malware scanner, where said database includes said telephone number of said mobile data processing device to which said malware definition updating data is to be sent and a type of said mobile data processing device such that only malware definition updating data that is appropriate to said type of said mobile data processing device is sent to said mobile data processing device.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The malware definition data of mobile data processing devices is updated via a data channel associated with a wireless telephony link to that mobile data processing device. The data channel may be the same channel wed for SMS messaging and the transfer of control information. The mobile data processing device is typically a mobile telephone. The update data may be digitally signed to increase security.

174 Citations

48 Claims

1. A computer program product embodied on a computer readable medium for controlling a mobile data processing device to update malware definition data for a malware scanner of said mobile data processing decide, said computer program product comprising:
- (i) link establish code operable to establish a wireless telephony link between said mobile data processing device and a public wireless telephony network;
  
  (ii) update receiving code operable to receive malware definition updating data at said mobile data processing device via a data channel of said wireless telephony link; and
  
  (iii) malware definition updating code operable to update malware definition data stored upon said mobile data processing device using said malware definition updating data;
  
  wherein said mobile data processing device registers with a base station of said wireless telephony network when said link is established such that said base station and said wireless telephony network are notified of a telephone number of said mobile data processing device for use in sending said malware definition updating data to said mobile data processing device;
  
  wherein when received data is received at said mobile data processing device, a type of said received data is identified to determine if said received data is said malware definition updating data, such that if said received data is said malware definition updating data, a digital signature associated with said malware definition updating data is verified;
  
  wherein if said digital signature is not verified, said malware definition updating data is ignored;
  
  wherein if said digital signature is verified, said malware definition updating data is utilized to update said malware definition data stored upon said mobile data processing device by appending said malware definition updating data to said malware definition data;
  
  wherein said malware definition updating data is provided in a malware definition updating file, where said file is generated by one of automatically, semi-automatically, and manually upon an analysis of newly discovered malware and where said file includes a detection fingerprint, and at least one of a removal action and a disinfection action to be taken in response to a detection of said newly discovered malware;
  
  wherein said mobile data processing device is identified by a database of subscribers to an update service associated with said malware scanner, where said database includes said telephone number of said mobile data processing device to which said malware definition updating data is to be sent and a type of said mobile data processing device such that only malware definition updating data that is appropriate to said type of said mobile data processing device is sent to said mobile data processing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A computer program product as claimed in claim 1, wherein said mobile data processing device is a mobile telephone.
  - 3. A computer program product as claimed in claim 1, wherein said mobile data processing device is a personal digital assistant having a connection to said wireless public telephony network.
  - 4. A computer program product as claimed in claim 1, wherein said public wireless telephone network is one of a CDMA network and a GSM network.
  - 5. A computer program product as claimed in claim 1, wherein said data channel is also used for passing text messages.
  - 6. A computer program product as claimed in claim 5, wherein said text messages are SMS messages.
  - 7. A computer program product as claimed in claim 1, wherein said step of receiving malware definition updating data is initiated from a source of said malware definition updating data.
  - 8. A computer program product as claimed in claim 1, wherein said data channel is open whenever said mobile data processing device is switched on and connected to said public wireless telephony network.

9. A computer program product embodied on a computer readable medium for controlling a computer to initiate updating of malware definition data for a malware scanner of a mobile data processing device, said computer program product comprising:
- (i) link establishing code operable to establish a wireless telephony link to said mobile data processing device via a public wireless telephony network; and
  
  (ii) update sending code operable to send malware definition updating data to said mobile data processing device via a data channel of said wireless telephony link.wherein said mobile data processing device registers with a base station of said wireless telephony network when said link is established such that said base station and said wireless telephony network are notified of a telephone number of said mobile data processing device for use in sending said malware definition updating data to said mobile data processing device;
  
  wherein when received data is received at said mobile data processing device, a type of said received data is identified to determine if said received data is said malware definition updating data, such that if said received data is said malware definition undating data, a digital signature associated with said malware definition undating data is verified;
  
  wherein if said digital signature is not verified, said malware definition updating data is ignored,wherein if said digital signature is verified, said malware definition updating data is utilized to update malware definition data stored upon said mobile data processing device by appending said malware definition updating data to said malware definition data;
  
  wherein said malware definition updating data is provided in a malware definition updating file, where said file is generated by one of automatically, semi-automatically, and manually upon an analysis of newly discovered malware and where said file includes a detection fingerprint, and at least one of a removal action and a disinfection action to be taken in response to a detection of said newly discovered malware;
  
  wherein said mobile data processing device is identified by a database of subscribers to an update service associated with said malware scanner, where said database includes said telephone number of said mobile data processing device to which said malware definition undating data is to be sent and a type of said mobile data processing device such that only malware definition updating data that is appropriate to said type of said mobile data processing device is sent to said mobile data processing device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. A computer program product as claimed in claim 9, wherein said mobile data processing device is a mobile telephone.
  - 11. A computer program product as claimed in claim 9, wherein said mobile data processing device is a personal digital assistant having a connection to said wireless public telephony network.
  - 12. A computer program product as claimed in claim 9, wherein said public wireless telephone network is one of a CDMA network and a GSM network.
  - 13. A computer program product as claimed in claim 9, wherein said data channel is also used for passing text messages.
  - 14. A computer program product as claimed in claim 13, wherein said text messages are SMS messages.
  - 15. A computer program product as claimed in claim 9, wherein transfer of malware definition updating data is initiated from a source of said malware definition updating data.
  - 16. A computer program product as claimed in claim 9, wherein said data channel is open whenever said mobile data processing device is switched on and connected to said public wireless telephony network.

17. A method of updating malware definition data for a malware scanner of a mobile data processing device, said method comprising the steps of:
- (i) establishing a wireless telephony link between said mobile data processing device and a public wireless telephony network;
  
  (ii) receiving malware definition updating data at said mobile data processing device via a data channel of said wireless telephony link; and
  
  (iii) updating malware definition data stored upon said mobile data processing device using said malware definition updating data;
  
  wherein said mobile data processing device registers with a base station of said wireless telephony network when said link is established such that said base station and said wireless telephony network are notified of a telephone number of said mobile data processing device for use in sending said malware definition updating data to said mobile data processing device;
  
  wherein when received data is received at said mobile data processing device, a type of said received data is identified to determine if said received data is said malware definition updating data, such that if said received data is said malware definition updating data, a digital signature associated with said malware definition updating data is verified;
  
  wherein if said digital signature is not verified, said malware definition updating data is ignored;
  
  wherein if said digital signature is verified, said malware definition undating data is utilized to update said malware definition data stored upon said mobile data processing device by appending said malware definition updating data to said malware definition data;
  
  wherein said malware definition updating data is provided in a malware definition updating file, where said file is generated by one of automatically, semi-automatically, and manually upon an analysis of newly discovered malware and where said file includes a detection fingerprint, and at least one of a removal action and a disinfection action to be taken in response to a detection of said newly discovered malware;
  
  wherein said mobile data processing device is identified by a database of subscribers to an update service associated with said malware scanner, where said database includes said telephone number of said mobile data processing device to which said malware definition updating data is to be sent and a type of said mobile data processing device such that only malware definition undating data that is appropriate to said type of said mobile data processing device is sent to said mobile data processing device.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. A method as claimed in claim 17, wherein said mobile data processing device is a mobile telephone.
  - 19. A method as claimed in claim 17, wherein said mobile data processing device is a personal digital assistant having a connection to said wireless public telephony network.
  - 20. A method as claimed in claim 17, wherein said public wireless telephone network is one of a CDMA network and a GSM network.
  - 21. A method as claimed in claim 17, wherein said data channel is also used for passing text messages.
  - 22. A method as claimed in claim 21, wherein said text messages are SMS messages.
  - 23. A method as claimed in claim 17, wherein transfer of said malware definition updating data is initiated from a source of said malware definition updating data.
  - 24. A method as claimed in claim 17, wherein said data channel is open whenever said mobile data processing device is switched on and connected to said public wireless telephony network.

25. A method of updating malware definition data for a malware scanner of a mobile data processing device, said method comprising the steps of;
- (i) establishing a wireless telephony link to said mobile data processing device via a public wireless telephony network; and
  
  (ii) sending malware definition updating data to said mobile data processing device via a data channel of said wireless telephony link;
  
  wherein said mobile data processing device registers with a base station of said wireless telephony network when said link is established such that said base station and said wireless telephony network are notified of a telephone number of said mobile data processing device for use in sending said malware definition updating data to said mobile data processing device;
  
  wherein when received data is received at said mobile data processing device, a type of said received data is identified to determine if said received data is said malware definition updating data, such that if said received data is said malware definition updating data, a digital signature associated with said malware definition updating data is verified;
  
  wherein if said digital signature is not verified, said malware definition updating data is ignored;
  
  wherein if said digital signature is verified, said malware definition updating data is utilized to update malware definition data stored upon said mobile data processing device by appending said malware definition updating data to said malware definition data;
  
  wherein said malware definition updating data is provided in a malware definition updating file, where said file is generated by one of automatically, semi-automatically, and manually upon an analysis of newly discovered malware and where said file includes a detection fingerprint, and at least one of a removal action and a disinfection action to be taken in response to a detection of said newly discovered malware;
  
  wherein said mobile data processing device is identified by a database of subscribers to an update service associated with said malware scanner, where said database includes said telephone number of said mobile data processing device to which said malware definition updating data is to be sent and a type of said mobile data processing device such that only malware definition updating data that is appropriate to said type of said mobile data processing device is sent to said mobile data processing device.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
- - 26. A method as claimed in claim 25, wherein said mobile data processing device is a mobile telephone.
  - 27. A method as claimed in claim 25, wherein said mobile data processing device is a personal digital assistant having a connection to said wireless public telephony network.
  - 28. A method as claimed in claim 25, wherein said public wireless telephone network is one of a CDMA network and a GSM network.
  - 29. A method as claimed in claim 25, wherein said data channel is also used for passing text messages.
  - 30. A method as claimed in claim 29, wherein said text messages are SMS messages.
  - 31. A method as claimed in claim 25, wherein transfer of said malware definition updating data is initiated from a source of said malware definition updating data.
  - 32. A method as claimed in claim 25, wherein said data channel is open whenever said mobile data processing device is switched on and connected to said public wireless telephony network.

33. Apparatus for controlling a mobile data processing device to update malware definition data for a malware scanner of said mobile data processing device, said apparatus comprising:
- (i) link establishing means for establishing a wireless telephony link between said mobile data processing device and a public wireless telephony network;
  
  (ii) update receiving means for receiving malware definition updating data at said mobile data processing device via a data channel of said wireless telephony link; and
  
  (iii) malware definition updating means for updating malware definition data stored upon said mobile data processing device using said malware definition updating data;
  
  wherein said mobile data processing device registers with a base station of said wireless telephony network when said link is established such that said base station and said wireless telephony network are notified of a telephone number of said mobile data processing device for use in sending said malware definition updating data to said mobile data processing device;
  
  wherein when received data is received at said mobile data processing device, a type of said received data is identified to determine if said received data is said malware definition updating data, such that if said received data is said malware definition. updating data, a digital signature associated with said malware definition updating data is verified;
  
  wherein if said digital signature is not verified, said malware definition updating data is ignored;
  
  wherein if said digital signature is verified, said malware definition updating data is utilized to update said malware definition data stored upon said mobile data processing device by appending said malware definition updating data to said malware definition data;
  
  wherein said malware definition updating data is provided in a malware definition updating file, where said file is generated by one of automatically, semi-automatically, and manually upon an analysis of newly discovered malware and where said file includes a detection fingerprint, and at least one of a removal action and a disinfection action to be taken in response to a detection of said newly discovered malware;
  
  wherein said mobile data processing device is identified by a database of subscribers to an update service associated with said malware scanner, where said database includes said telephone number of said mobile data processing device to which said malware definition updating data is to be sent and a type of said mobile data processing device such that only malware definition updating data that is appropriate to said type of said mobile data processing device is sent to said mobile data processing device.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
- - 34. Apparatus as claimed in claim 33, wherein said mobile data processing device is a mobile telephone.
  - 35. Apparatus as claimed in claim 33, wherein said mobile data processing device is a personal digital assistant having a connection to said wireless public telephony network.
  - 36. Apparatus as claimed in claim 33, wherein said public wireless telephone network is one of a CDMA network and a GSM network.
  - 37. Apparatus as claimed in claim 33, wherein said data channel is also used for passing text messages.
  - 38. Apparatus as claimed in claim 37, wherein said text messages are SMS messages.
  - 39. Apparatus as claimed in claim 33, wherein said step of transferring is initiated from a source of said malware definition updating data.
  - 40. Apparatus as claimed in claim 33, wherein said data channel is open whenever said mobile data processing device is switched on and connected to said public wireless telephony network.

41. Apparatus for controlling a computer to initiate updating of malware definition data for a malware scanner of a mobile data processing device, said apparatus comprising:
- (i) link establishing means for establishing a wireless telephony link to said mobile data processing device via a public wireless telephony network; and
  
  (ii) update sending means for sending malware definition updating data to said mobile data processing device via a data channel of said wireless telephony link;
  
  wherein said mobile data processing device registers with a base station of said wireless telephony network when said link is established such tat said base station and said wireless telephony network are notified of a telephone number of said mobile data processing device for use in sending said malware definition updating data to said mobile data processing device;
  
  wherein when received data is received at said mobile data processing device, a type of said received data is identified to determine if said received data is said malware definition updating data, such that if said received data is said malware definition updating data, a digital signature associated with said malware definition updating data is verified;
  
  wherein if said digital signature is not verified, said malware definition updating data is ignored;
  
  wherein if said digital signature is verified, said malware definition updating data is utilized to update malware definition data stored upon said mobile data processing device by appending said malware definition updating data to said malware definition data;
  
  wherein said malware definition updating data is provided in a malware definition updating file, where said file is generated by one of automatically, semi-automatically, and manually upon an analysis of newly discovered malware and where said file includes a detection fingerprint, and at least one of a removal action and a disinfection action to be taken in response to a detection of said newly discovered malware;
  
  wherein said mobile data processing device is identified by a database of subscribers to an update service associated with said malware scanner, where said database includes said telephone number of said mobile data processing device to which said malware definition undating data is to be sent and a type of said mobile data processing device such that only malware definition updating data that is appropriate to said type of said mobile data processing device is sent to said mobile data processing device.
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48)
- - 42. Apparatus as claimed in claim 41, wherein said mobile data processing device is a mobile telephone.
  - 43. Apparatus as claimed in claim 41, wherein said mobile data processing device is a personal digital assistant having a connection to said wireless public telephony network.
  - 44. Apparatus as claimed in claim 41, wherein said public wireless telephone network is one of a CDMA network and a GSM network.
  - 45. Apparatus as claimed in claim 41, wherein said data channel is also used for passing text messages.
  - 46. Apparatus as claimed in claim 45, wherein said text messages are SMS messages.
  - 47. Apparatus as claimed in claim 41, wherein transfer of malware definition updating data is initiated from a source of said malware definition updating data.
  - 48. Apparatus as claimed in claim 41, wherein said data channel is open whenever said mobile data processing device is switched on and connected to said public wireless telephony network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
McEwan, William Alexander, Hursey, Neil John
Primary Examiner(s)
Barron; Gilberto
Assistant Examiner(s)
COLIN, CARL G

Application Number

US09/976,009
Publication Number

US 20030074581A1
Time in Patent Office

2,017 Days
Field of Search

713/201, 713/200, 713/154, 395/183, 709/224
US Class Current

726/24
CPC Class Codes

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

H04L 67/125   involving control of end-de...

H04W 8/245   from a network towards a te...

Updating malware definition data for mobile data processing devices

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

174 Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

Updating malware definition data for mobile data processing devices

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

174 Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links