System and method for monitoring and analyzing multiple interfaces and multiple protocols
First Claim
1. A method comprising:
- on a mobile communications device capable of receiving data in the form of one or more protocols, the mobile communications device having a data gathering component for gathering data received by the mobile communications device and sending the gathered data to a protocol tracking component, a protocol tracking component for receiving data from the data gathering component, and at least one protocol analysis component for analyzing the data gathered by the data gathering component, receiving data on the mobile communications device;
identifying, by the data gathering component, a first protocol for the received data;
sending the received data to the protocol tracking component for selecting one of the at least one protocol analysis components based upon the identified first protocol for the received data;
sending the received data to the selected protocol analysis component corresponding to the identified first protocol for determining whether the data received by the mobile communications device is safe or malicious.
8 Assignments
0 Petitions
Accused Products
Abstract
The present invention is a system and method for providing security for a mobile device by analyzing data being transmitted or received by multiple types of networks. The invention can provide security for many types of network interfaces on a mobile device, including: Bluetooth, WiFi, cellular networks, USB, SMS, infrared, and near-field communication. Data is gathered at multiple points in a given processing pathway and linked by a protocol tracking component in order to analyze each protocol present in the data after an appropriate amount of processing by the mobile device. Protocol analysis components are utilized dynamically to analyze data and are re-used between multiple data pathways so as to be able to support an arbitrary number of network data pathways on a mobile device without requiring substantial overhead.
54 Citations
13 Claims
-
1. A method comprising:
-
on a mobile communications device capable of receiving data in the form of one or more protocols, the mobile communications device having a data gathering component for gathering data received by the mobile communications device and sending the gathered data to a protocol tracking component, a protocol tracking component for receiving data from the data gathering component, and at least one protocol analysis component for analyzing the data gathered by the data gathering component, receiving data on the mobile communications device; identifying, by the data gathering component, a first protocol for the received data; sending the received data to the protocol tracking component for selecting one of the at least one protocol analysis components based upon the identified first protocol for the received data; sending the received data to the selected protocol analysis component corresponding to the identified first protocol for determining whether the data received by the mobile communications device is safe or malicious. - View Dependent Claims (2)
-
-
3. A method comprising:
-
on a mobile communications device capable of transmitting data in the form of one or more protocols, the mobile communications device having a data gathering component for gathering data for transmitting from the mobile communications device and sending the gathered data to a protocol tracking component, a protocol tracking component for receiving data from the data gathering component, and at least one protocol analysis component for analyzing the data gathered by the data gathering component, providing data for transmitting from the mobile communications device; identifying, by the data gathering component, a first protocol for the transmitting data; sending the transmitting data to the protocol tracking component for selecting one of the at least one protocol analysis components based upon the identified first protocol for the transmitting data; sending the transmitting data to the selected protocol analysis component corresponding to the identified first protocol for determining whether the transmitting data is safe or malicious. - View Dependent Claims (4)
-
-
5. A method comprising:
-
on a mobile communications device capable of receiving or transmitting data in the form of one or more communications protocols, the mobile communications device having a plurality of data gathering components for gathering data received or transmitted by the mobile communications device, and a plurality of protocol analysis components for analyzing the data gathered by at least one of the plurality of data gathering components, wherein each of the plurality of protocol analysis components corresponds to at least one communication protocol providing data received by or for transmitting from the mobile communications device, selecting, by one of the plurality of data gathering components, a first protocol for the received or transmitting data; sending the received or transmitting data to one of the plurality of a protocol tracking components; selecting, by one of the plurality of protocol tracking components, one of the plurality of protocol analysis components corresponding to the identified first protocol for the received or transmitting data; sending, by one of the plurality of the protocol tracking components, the received or transmitting data to one of the plurality of protocol analysis components corresponding to the selected first protocol; identifying by one of the plurality of protocol analysis components to determine if there is a second protocol for the received or transmitting data; if there is a second protocol for the received or transmitting data, selecting, by one of the plurality of protocol tracking components, one of the plurality of protocol analysis components corresponding to the identified second protocol; sending the received or transmitting data to the one of the plurality of protocol analysis components corresponding to the identified second protocol; analyzing, by one of the plurality of protocol analysis components corresponding to the identified first protocol, the received or transmitting data to determine whether it is safe or malicious; and if there is a second protocol for the received or transmitting data, analyzing, by one of the plurality of protocol analysis components corresponding to the identified second protocol, the received or transmitting data to determine whether it is safe or malicious.
-
-
6. A system comprising:
-
a mobile communications device capable of receiving or transmitting data in the form of one or more communications protocols; at least one data gathering component resident on the mobile communications device for gathering data received or transmitting by the mobile communications device, for identifying a first communications protocol for the gathered data, and for sending the gathered data and identified first communications protocol to a protocol tracking component; at least one protocol tracking component resident on the mobile communications device for identifying at least one protocol analysis component, wherein the at least one protocol analysis component corresponds to one of the one or more communications protocol; and at least one protocol analysis component for analyzing gathered data, wherein the at least one protocol analysis component corresponds to one of the one or more communications protocols, and the at least one protocol analysis component determines whether the received or transmitting data is safe or malicious.
-
-
7. A system comprising:
-
a mobile communications device capable of receiving data in the form of one or more communications protocols; at least one data gathering component resident on the mobile communications device for gathering data received by the mobile communications device, for identifying a first communications protocol for the gathered data, and for sending the gathered data and identified first communications protocol to a protocol tracking component; at least one protocol tracking component resident on the mobile communications device for identifying at least one protocol analysis component, wherein the at least one protocol analysis component corresponds to one of the one or more communications protocol; and at least one protocol analysis component for analyzing gathered data, wherein the at least one protocol analysis component corresponds to one of the one or more communications protocols, and the at least one protocol analysis component determines whether the received data is safe or malicious.
-
-
8. A system comprising:
-
a mobile communications device capable of transmitting data in the form of one or more communications protocols; at least one data gathering component resident on the mobile communications device for gathering data for transmitting by the mobile communications device, for identifying a first communications protocol for the gathered data, and for sending the gathered data and identified first communications protocol to a protocol tracking component; at least one protocol tracking component resident on the mobile communications device for identifying at least one protocol analysis component, wherein the at least one protocol analysis component corresponds to one of the one or more communications protocol; and at least one protocol analysis component for analyzing gathered data, wherein the at least one protocol analysis component corresponds to one of the one or more communications protocols, and the at least one protocol analysis component determines whether the transmitting data is safe or malicious.
-
-
9. A non-transitory computer-readable storage medium having stored thereon a plurality of instructions which, when executed by a processor, cause the processor to perform the steps of a method comprising:
-
on a mobile communications device capable of receiving data in the form of one or more protocols, the mobile communications device having a data gathering component for gathering data received by the mobile communications device and sending the gathered data to a protocol tracking component, a protocol tracking component for receiving data from the data gathering component, and at least one protocol analysis component for analyzing the data gathered by the data gathering component, receiving data on the mobile communications device; identifying, by the data gathering component, a first protocol for the received data; sending the received data to the protocol tracking component for selecting one of the at least one protocol analysis components based upon the identified first protocol for the received data; sending the received data to the selected protocol analysis component corresponding to the identified first protocol for determining whether the data received by the mobile communications device is safe or malicious. - View Dependent Claims (10)
-
-
11. A non-transitory computer-readable storage medium having stored thereon a plurality of instructions which, when executed by a processor, cause the processor to perform the steps of a method comprising:
-
on a mobile communications device capable of transmitting data in the form of one or more protocols, the mobile communications device having a data gathering component for gathering data for transmitting from the mobile communications device and sending the gathered data to a protocol tracking component, a protocol tracking component for receiving data from the data gathering component, and at least one protocol analysis component for analyzing the data gathered by the data gathering component, providing data for transmitting from the mobile communications device; identifying, by the data gathering component, a first protocol for the transmitting data; sending the transmitting data to the protocol tracking component for selecting one of the at least one protocol analysis components based upon the identified first protocol for the transmitting data; sending the transmitting data to the selected protocol analysis component corresponding to the identified first protocol for determining whether the transmitting data is safe or malicious. - View Dependent Claims (12)
-
-
13. A non-transitory computer-readable storage medium having stored thereon a plurality of instructions which, when executed by a processor, cause the processor to perform the steps of a method comprising:
-
on a mobile communications device capable of receiving or transmitting data in the form of one or more communications protocols, the mobile communications device having a plurality of data gathering components for gathering data received or transmitted by the mobile communications device, and a plurality of protocol analysis components for analyzing the data gathered by at least one of the plurality of data gathering components, wherein each of the plurality of protocol analysis components corresponds to at least one communication protocol providing data received by or for transmitting from the mobile communications device, selecting, by one of the plurality of data gathering components, a first protocol for the received or transmitting data; sending the received or transmitting data to one of the plurality of a protocol tracking components; selecting, by one of the plurality of protocol tracking components, one of the plurality of protocol analysis components corresponding to the identified first protocol for the received or transmitting data; sending, by one of the plurality of the protocol tracking components, the received or transmitting data to one of the plurality of protocol analysis components corresponding to the selected first protocol; identifying by one of the plurality of protocol analysis components to determine if there is a second protocol for the received or transmitting data; if there is a second protocol for the received or transmitting data, selecting, by one of the plurality of protocol tracking components, one of the plurality of protocol analysis components corresponding to the identified second protocol; sending the received or transmitting data to the one of the plurality of protocol analysis components corresponding to the identified second protocol; analyzing, by one of the plurality of protocol analysis components corresponding to the identified first protocol, the received or transmitting data to determine whether it is safe or malicious; and if there is a second protocol for the received or transmitting data, analyzing, by one of the plurality of protocol analysis components corresponding to the identified second protocol, the received or transmitting data to determine whether it is safe or malicious.
-
Specification