Layered mobile application security system

US 7,991,159 B2
Filed: 12/09/2005
Issued: 08/02/2011
Est. Priority Date: 12/09/2005
Status: Active Grant

First Claim

Patent Images

1. A method of communicating, comprising:

protecting an integrity of a wireless network using a combination of at least two of(A) obfuscating software code of a mobile application for use in the wireless network;

(B) providing a mobile application with a plurality of code signatures for generating a corresponding plurality of unique values and periodically, randomly using one of the plurality of code signatures for a selected period of time;

(C) limiting a useful lifetime of a mobile application to a selected duration; and

(D) determining that a control value of a first mobile application corresponds to a control value of a second mobile application before allowing an interaction between the first and second mobile applications.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A wireless communication network (20) including mobile applications (56-62) includes a security approach that uses a combination of at least two techniques (42, 50, 54, 72). One disclosed example includes a combination of all four techniques. The combined, layered approach greatly reduces the probability that an unauthorized individual will be able to masquerade as a valid application within the network so that network security is improved. Disclosed techniques include obfuscating software code of a mobile application, providing a mobile application with a plurality of code signatures for generating a corresponding plurality of unique control values, limiting the useful lifetime of a mobile application and determining that a control value of a mobile application corresponds to the control value of another application before the two applications are allowed to interact in a manner that could compromise either application or the network.

Citations

18 Claims

1. A method of communicating, comprising:
- protecting an integrity of a wireless network using a combination of at least two of(A) obfuscating software code of a mobile application for use in the wireless network;
  
  (B) providing a mobile application with a plurality of code signatures for generating a corresponding plurality of unique values and periodically, randomly using one of the plurality of code signatures for a selected period of time;
  
  (C) limiting a useful lifetime of a mobile application to a selected duration; and
  
  (D) determining that a control value of a first mobile application corresponds to a control value of a second mobile application before allowing an interaction between the first and second mobile applications.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the step (A) comprises at least one ofscrambling identifiers of the mobile application;
    - changing how data associated with the mobile application is stored in memory;
      
      orincluding code within the mobile application that is not used for running the mobile application.
  - 3. The method of claim 1, wherein the step (B) comprisesarranging code statements within the mobile application to provide a first signature;
    - determining a dependency between at least two code statements within the mobile application having the first signature;
      
      rearranging the at least two code statements within the mobile application to thereby provide a second, different signature while maintaining the determined dependency.
  - 4. The method of claim 1, wherein the step (C) comprisesusing the mobile application for the selected duration;
    - rendering the mobile application useless after the selected duration; and
      
      replacing the mobile application with a second, corresponding mobile application.
  - 5. The method of claim 4, comprisingusing an application generator to generate the second, corresponding mobile application, the application generator having no contact with the second, corresponding mobile application once the second, corresponding mobile application replaces the useless mobile application.
  - 6. The method of claim 4, comprisingperforming steps (A) and (B) on the second, corresponding mobile application before the second, corresponding mobile application replaces the useless mobile application.
  - 7. The method of claim 4, comprisingproviding the second, corresponding mobile application with a different authentication value than an authentication value of the useless mobile application.
  - 8. The method of claim 1, comprisingperforming the step (C) on a plurality of mobile applications such that each of the plurality of mobile applications has a duration that is equal to all of the others of the plurality of mobile applications and the lifetime of all of the plurality of mobile applications expires at about the same time.
  - 9. The method of claim 8, wherein the lifetime of all of the plurality of mobile applications expires simultaneously.
  - 10. The method of claim 1, wherein the step (D) comprisesdetermining a hash value of the first mobile application;
    - determining a hash value of the second mobile application; and
      
      determining whether the determined hash values correspond to each other within selected criteria.
  - 11. The method of claim 10, comprisingdetermining whether the determined hash values are equal.
  - 12. The method of claim 10, wherein the first application determines the hash value of the second mobile application and the second mobile application determines the hash value of the first mobile application.
  - 13. The method of claim 10, comprisingdetermining that the determined hash values do not correspond to each other within the selected criteria;
    - communicating the determined hash values of the first and second mobile applications, respectively, to at least one other mobile application;
      
      using the at least one other mobile application to determine the hash value of each of the first and second mobile applications; and
      
      using the at least one other mobile application to determine which of the first or the second mobile application has an incorrect hash value.
  - 14. The method of claim 13, comprisingdetermining if there is consensus among a plurality of mobile applications regarding the determination of which of the first or second mobile applications has the incorrect value;
    - andterminating any communication associated with the first or second mobile application that has the incorrect hash value.
  - 15. The method of claim 1, wherein the step (D) comprisesproviding a resident monitor application for each host in the wireless network;
    - providing the resident monitor application with an authorization key; and
      
      using each of the resident monitor applications to prevent any application without the authorization key from operating on the corresponding host.
  - 16. The method of claim 15, comprisingusing at least one mobile application to generate a hash value of the resident monitor application on a corresponding host from at least a portion of code of the resident monitor application and at least a portion of code of the at least one mobile application;
    - reporting the generated hash value to all other hosts within the wireless network; and
      
      using resident monitor applications of each of the other hosts to determine whether the generated hash value is valid to thereby control whether further communications from the host associated with the generated hash value will be accepted within the wireless network.
  - 17. The method of claim 1, wherein the control value of the step (D) comprises an encryption key and comprisingusing the encryption key to decipher a message received at the first mobile application from the second mobile application;
    - determining whether the message was successfully deciphered;
      
      if the message was not successfully deciphered, discarding the message and determining a hash of the second mobile application for determining whether the second mobile application is valid.
  - 18. The method of claim 1, wherein the step (D) comprisesgenerating a helper agent application from the first mobile application;
    - communicating the helper agent application from a first host of the first mobile application to a second host of the second mobile application;
      
      using the communicated helper agent application to determine the control value of the second mobile application at the second host; and
      
      communicating the helper agent application back to the first host with the determined control value of the second mobile application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Beijing Xiaomi Mobile Software Co., Ltd. (Xiaomi Corp.)
Original Assignee
Alcatel-Lucent USA, Inc. (Nokia Corporation)
Inventors
Floyd, David G.
Primary Examiner(s)
Lanier; Benjamin E
Assistant Examiner(s)
ARMOUCHE, HADI S

Application Number

US11/299,027
Publication Number

US 20070135111A1
Time in Patent Office

2,062 Days
Field of Search

713/161, 713/165, 713/194, 709/223, 709/224, 709/227, 709/232, 726/2, 726/3, 455/418, 380/270
US Class Current

380/270
CPC Class Codes

H04L 63/12   Applying verification of th...

H04L 63/14   for detecting or protecting...

H04W 12/102   Route integrity, e.g. using...

Layered mobile application security system

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Layered mobile application security system

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links