System and method for providing network security to mobile devices

US 8,381,297 B2
Filed: 03/15/2006
Issued: 02/19/2013
Est. Priority Date: 12/13/2005
Status: Active Grant

First Claim

Patent Images

1. A mobile security system, comprising:

a runtime memory;

a preboot memory for storing at least a portion of an operating system, wherein the preboot memory is configured to copy and load the at least a portion of the operating system into the runtime memory when the mobile security system is rebooted;

a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device, the mobile device having a mobile device processor;

a network connection module for receiving content intended for the mobile device;

security policies defining unacceptable malicious content;

security engines for examining the content received by the network connection module for the unacceptable malicious content as defined by the security policies, the security engines operating at different layers of the OSI stack;

a mobile security system processor executing the security engines in the runtime memory using the operating system, the mobile security system processor being different than the mobile device processor; and

a backup module capable of storing at least a portion of the boot sector of the mobile device should the boot sector of the mobile device become compromised.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

171 Citations

49 Claims

1. A mobile security system, comprising:
- a runtime memory;
  
  a preboot memory for storing at least a portion of an operating system, wherein the preboot memory is configured to copy and load the at least a portion of the operating system into the runtime memory when the mobile security system is rebooted;
  
  a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device, the mobile device having a mobile device processor;
  
  a network connection module for receiving content intended for the mobile device;
  
  security policies defining unacceptable malicious content;
  
  security engines for examining the content received by the network connection module for the unacceptable malicious content as defined by the security policies, the security engines operating at different layers of the OSI stack;
  
  a mobile security system processor executing the security engines in the runtime memory using the operating system, the mobile security system processor being different than the mobile device processor; and
  
  a backup module capable of storing at least a portion of the boot sector of the mobile device should the boot sector of the mobile device become compromised.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 41, 43, 44, 45, 46, 47, 48)
- - 2. The mobile security system of claim 1, wherein the connection mechanism includes at least one of a USB connector, a PCMCIA connector, an Ethernet connector, and a wireless communication module.
  - 3. The mobile security system of claim 1, wherein the network connection module includes a wireless network interface card.
  - 4. The mobile security system of claim 1, wherein the security engines include at least one of an antivirus engine, an antispyware engine, a firewall engine, an IPS/IDS engine, a content filtering engine, a multilayered security monitor, a bytecode monitor, and a URL monitor.
  - 5. The mobile security system of claim 1, wherein the security engines perform weighted risk analysis.
  - 6. The mobile security system of claim 5, wherein the weighted risk analysis weighs risk based on content type.
  - 7. The mobile security system of claim 5, wherein the weighted risk analysis weighs risk based on content source.
  - 8. The mobile security system of claim 5, wherein the weighted risk analysis weighs risk based on content source category.
  - 9. The mobile security system of claim 5, wherein the weighted risk analysis weighs risk based on historical actions of the user.
  - 10. The mobile security system of claim 1, further comprising a remote management module capable of receiving security policy updates.
  - 11. The mobile security system of claim 1, further comprising a remote management module capable of receiving security engine updates.
  - 12. The mobile security system of claim 1, further comprising security data and a remote management module capable of receiving security data updates.
  - 13. The mobile security system of claim 1, wherein the security data includes malicious content signatures.
  - 14. The mobile security system of claim 1, further comprising a distribution module capable of forwarding updates to other mobile security systems.
  - 15. The mobile security system of claim 1, further comprising a remote configuration module capable of communicating with a wizard, the wizard being in communication with an enterprise network security system, the wizard capable of substantially automatic generation of policies and data based on the policies and data on the enterprise network security system, the remote configuration module capable of installing the policies and data generated by the wizard.
  - 18. The mobile security system of claim 1, wherein the security engines prevent at least a portion of the content from being executed by the mobile device in response to the examination.
  - 19. The mobile security system of claim 1, wherein the security engines modify at least a portion of the content in response to the examination before delivering the content for execution by the mobile device.
  - 20. The mobile security system of claim 1, wherein the network connection module connects to the network via a wired connection.
  - 21. The mobile security system of claim 1, wherein the mobile device includes a kernel-level redirector configured to redirect the content received from the network to the mobile security system, and the network connection module is configured to receive the content from the kernel-level redirector.
  - 22. The mobile security system of claim 1, wherein at least a portion of the mobile security system is a part of the mobile device.
  - 41. The mobile security system of claim 1, wherein the mobile security system includes network address translation.
  - 43. The mobile security system of claim 1, further comprising a file containing setup information for causing the mobile device to install a mobile security system driver, the mobile security system driver configured to direct network communication through the mobile security system.
  - 44. The mobile security system of claim 43, wherein the tile includes an INF tile.
  - 45. The mobile security system of claim 43, wherein at least part of the mobile security system driver is configured for installation in the data link layer.
  - 46. The mobile security system of claim 45, wherein at least part of the mobile security system driver includes an NDIS-level driver.
  - 47. The mobile security system of claim 43, wherein the file includes a Linux.inf file.
  - 48. The mobile security system of claim 1, wherein the preboot memory comprises a read only memory (ROM) or a flash memory.

16. In a mobile security system having a mobile security system processor, a method comprising:
- storing at least a portion of an operating system of the mobile security system in a preboot memory of the mobile security system;
  
  copying and loading the at least a portion of the operating system into a runtime memory of the mobile security system when the mobile security system is rebooted;
  
  receiving information intended for a mobile device from a network, the mobile device having a mobile device processor different than the mobile security system processor;
  
  examining by the mobile security system processor the information for unacceptable malicious content as defined by security policies involving different layers of the OSI stack, wherein the mobile security system processor uses the operating system to examine the information for the unacceptable malicious code; and
  
  storing at least a portion of the boot sector of the mobile device should the boot sector of the mobile device become compromised.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 42, 49)
- - 23. The method of claim 16, wherein the step of receiving the information includes receiving the information via a wireless network interface card.
  - 24. The method of claim 16, wherein the step of examining includes examining the information using at least one of an antivirus engine, an antispyware engine, a firewall engine, an IPS/IDS engine, a content filtering engine;
    - a multilayered security monitor, a bytecode monitor, and a URL monitor.
  - 25. The method of claim 16, wherein the step of examining includes performing weighted risk analysis.
  - 26. The method of claim 25, wherein the step of performing weighted risk analysis includes weighing risk based on content type.
  - 27. The method of claim 25, wherein the step of performing-weighted risk analysis includes weighing risk based on content source.
  - 28. The method of claim 25, wherein the step of performing weighted risk analysis includes weighing risk based on content source category.
  - 29. The method of claim 25, wherein the step of performing weighted risk analysis includes weighing risk based on historical actions of the user.
  - 30. The method of claim 16, further comprising receiving security policy updates.
  - 31. The method of claim 16, further comprising receiving security engine updates.
  - 32. The method of claim 16, further comprising receiving security data updates.
  - 33. The method of claim 32, wherein the security data includes malicious content signatures.
  - 34. The method of claim 16, further comprising forwarding updates to other mobile security systems.
  - 35. The method of claim 16, further comprisingcommunicating with a wizard in communication with an enterprise network security system, the wizard being capable of substantially automatic generation of policies and data based on the policies and data on the enterprise network security system;
    - andinstalling the policies and data generated by the wizard.
  - 36. The method of claim 16, further comprising preventing at least a portion of the content from being executed by the mobile device in response to the examination.
  - 37. The method of claim 16, further comprising modifying at least a portion of the content in response to the examination before delivering the content for execution by the mobile device.
  - 38. The method of claim 16, wherein the step of receiving the information includes connecting to the network via a wired connection.
  - 39. The method of claim 16, further comprising receiving the content from a kernel-level redirector that redirects the content received from the network to the mobile security system.
  - 40. The method of claim 16, wherein at least a portion of the mobile security system is apart of the mobile device.
  - 42. The method of claim 16, further comprising:
    - translating the IP address of the mobile device to the IP address of the mobile security system.
  - 49. The method of claim 16, wherein the preboot memory comprises a read only memory (ROM) or a flash memory.

17. A mobile security system comprising:
- preboot memory means for storing at least a portion of an operating system of the mobile security system;
  
  boot loader means for copying and loading the at least a portion of the operating system into a runtime memory of the mobile security system when the mobile security system is rebooted;
  
  means for receiving information intended for a mobile device from a network, the mobile device having a mobile device processor;
  
  a mobile security system processor, the mobile security system processor being different than the mobile device processor, the mobile security system processor for examining the information for unacceptable malicious content as defined by security policies involving different layers of the OSI stack, wherein the mobile security system processor uses the operating system to examine the information for the unacceptable malicious content; and
  
  means for storing at least a portion of the boot sector of the mobile device should the boot sector of the mobile device become compromised.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CUPP Computing AS
Original Assignee
Yoggie Security Systems, Ltd. (CUPP Computing AS)
Inventors
Touboul, Shlomo
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Okeke, Izunna

Application Number

US11/376,919
Publication Number

US 20070199060A1
Time in Patent Office

2,533 Days
Field of Search

713/152, 713/153, 713/154, 713/187, 713/188, 713/189, 713/164, 713/165, 713/167, 726/11, 726/12, 726/13, 726/14, 726/22, 726/23, 726/24, 726/25
US Class Current

726/24
CPC Class Codes

G06F 21/562   Static detection

H04L 63/02   for separating internal fro...

H04L 63/0263   Rule management

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

H04W 12/00   Security arrangements; Auth...

H04W 12/12   Detection or prevention of ...

H04W 12/128   Anti-malware arrangements, ...

System and method for providing network security to mobile devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

171 Citations

49 Claims

Specification

Use Cases

Quick Links

Others

System and method for providing network security to mobile devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

171 Citations

49 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others