System for implementing security on telecommunications terminals

US 8,474,004 B2
Filed: 07/31/2006
Issued: 06/25/2013
Est. Priority Date: 07/31/2006
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

at least one telecommunications terminal comprising data processing capabilities, the telecommunications terminal being susceptible of having installed thereon software applications, wherein a plurality of software applications are monitored, and wherein each of the plurality of monitored software applications has associated therewith a respective numerical value indicating a level of security of the corresponding software application, said numerical value indicating the level of security being susceptible of varying in time;

a software agent executed by the at least one telecommunications terminal, said software agent capable of being adapted to conditionally allow the installation of software applications on the telecommunications terminal based on the respective level of security; and

a server in communications relationship with the software agent, said server being adapted to dynamically calculate the numerical value indicating the level of security of each of the monitored software applications, and to communicate to the software agent, the calculated numerical value indicating the level of security of the monitored software applications to be installed on said telecommunications terminal,wherein said server comprises;

a binary analyzer adapted to perform a static analysis of codes of the software applications; and

a vulnerability analyzer adapted to perform an analysis of vulnerabilities exhibited by the software applications,wherein said vulnerability analyzer comprises an adaptation to perform said analysis of vulnerabilities based on information obtained from one or more among a computer emergency response team, an open vulnerability and assessment language, common vulnerabilities and exposures bulletins of the software applications producers/vendors, and software certification authorities.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system includes at least one telecommunications terminal having data processing capabilities, the telecommunications terminal being susceptible of having installed thereon software applications, wherein each software application has associated therewith a respective indicator adapted to indicate a level of security of the software application, the level of security being susceptible of varying in time; a software agent executed by the at least one telecommunications terminal, the software agent being adapted to conditionally allow the installation of software applications on the telecommunications terminal based on the respective level of security; a server in communications relationship with the software agent, the server being adapted to dynamically calculate the level of security of the software applications, and to communicate to the software agent the calculated level of security of the software applications to be installed on the telecommunications terminal.

Citations

21 Claims

1. A system comprising:
- at least one telecommunications terminal comprising data processing capabilities, the telecommunications terminal being susceptible of having installed thereon software applications, wherein a plurality of software applications are monitored, and wherein each of the plurality of monitored software applications has associated therewith a respective numerical value indicating a level of security of the corresponding software application, said numerical value indicating the level of security being susceptible of varying in time;
  
  a software agent executed by the at least one telecommunications terminal, said software agent capable of being adapted to conditionally allow the installation of software applications on the telecommunications terminal based on the respective level of security; and
  
  a server in communications relationship with the software agent, said server being adapted to dynamically calculate the numerical value indicating the level of security of each of the monitored software applications, and to communicate to the software agent, the calculated numerical value indicating the level of security of the monitored software applications to be installed on said telecommunications terminal,wherein said server comprises;
  
  a binary analyzer adapted to perform a static analysis of codes of the software applications; and
  
  a vulnerability analyzer adapted to perform an analysis of vulnerabilities exhibited by the software applications,wherein said vulnerability analyzer comprises an adaptation to perform said analysis of vulnerabilities based on information obtained from one or more among a computer emergency response team, an open vulnerability and assessment language, common vulnerabilities and exposures bulletins of the software applications producers/vendors, and software certification authorities.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system of claim 1, wherein said software agent further comprises an adaptation to:
    - detect an incipient activity of installation of a software application on the telecommunications terminal; and
      
      request to the server an updated security level with respect to the software application to be installed.
  - 3. The system of claim 1, wherein the telecommunications terminal is further susceptible of executing software applications installed thereon, said software agent further comprising an adaptation to conditionally allow the software applications, when executed on the telecommunications terminal, to access telecommunications terminal resources based on the level of security of the software application being executed.
  - 4. The system of claim 3, wherein said telecommunications terminal resources comprise application program interfaces exposed by an operating system governing the operation of the telecommunications terminal.
  - 5. The system of claim 3, wherein the software agent further comprises an adaptation to:
    - detect the launching of a software application installed on the telecommunications terminal; and
      
      request from the server an updated security level with respect to the software application being launched.
  - 6. The system claim 5, wherein said software agent further comprises a local database adapted to store the security levels of the software applications installed on the telecommunications terminal.
  - 7. The system of claim 6, wherein said software agent further comprises an adaptation to request from the server the updated security level with respect to the software application being launched on condition that a security level stored in the local database for the software application is not up to date.
  - 8. The system of claim 1, wherein said binary analyzer comprises an adaptation to perform said static analysis by assessing a type of telecommunications terminal resources invoked by the software applications.
  - 9. The system of claim 1, wherein said binary analyzer comprises an adaptation to perform said static analysis by assessing a modality of installation of the software applications on the telecommunications terminal.
  - 10. The system of claim 1, wherein said binary analyzer comprises an adaptation to perform said static analysis by assessing a type of data accessed by the software applications.
  - 11. The system of claim 1, wherein said vulnerability analyzer comprises an adaptation to perform said analysis of vulnerabilities based on an indication of an overall number of known vulnerabilities detected for the software applications.
  - 12. The system of claim 1, wherein said vulnerability analyzer comprises an adaptation to perform said analysis of vulnerabilities based on a degree of criticality of the detected vulnerabilities.
  - 13. The system of claim 1, wherein the server comprises:
    - a first database adapted to store a list of software applications monitored by the server, and a respective level of security.
  - 14. The system of claim 13, wherein the server comprises:
    - a second database adapted to store a list of software applications installed on the at least one telecommunications terminal.
  - 15. The system of claim 1, further comprising at least a second telecommunications terminal, the software agent being adapted to receive from said second telecommunications terminal information related to the level of security of said software applications.
  - 16. The system of claim 1, wherein said software agent further comprises an adaptation to:
    - gather information from one or more anti-malware software applications or an intrusion detection system running on the telecommunications terminal; and
      
      communicate the gathered information to said server, said server further comprising an adaptation to;
      
      receive from the telecommunications terminal the gathered information; and
      
      use the received information for dynamically calculating the security levels of software applications.

17. A telecommunications terminal having data processing capabilities, the telecommunications terminal being susceptible of having installed thereon software applications or executing software applications installed thereon, wherein a plurality of software applications are monitored, and wherein each of the plurality of software applications has associated therewith a respective numerical value indicating a level of security of the corresponding software application, comprising:
- a software agent, adapted to be executed by the telecommunications terminal, said software agent comprising an adaptation to at least one among;
  
  conditionally allow the installation of software applications on the telecommunications terminal; and
  
  conditionally allow the software applications, when executed on the telecommunications terminal, to access telecommunications terminal resources based on the respective level of security, and to receive from a server updated numerical values indicating levels of security calculated by the server,wherein said server comprises;
  
  a binary analyzer adapted to perform a static analysis of codes of the software applications; and
  
  a vulnerability analyzer adapted to perform an analysis of vulnerabilities exhibited by the software applications,wherein said vulnerability analyzer comprises an adaptation to perform said analysis of vulnerabilities based on information obtained from one or more among a computer emergency response team, an open vulnerability and assessment language, common vulnerabilities and exposures bulletins of the software applications producers/vendors, and software certification authorities.
- View Dependent Claims (18, 19, 20)
- - 18. The telecommunications terminal of claim 17, wherein said software agent further comprises an adaptation to:
    - detect an incipient activity of installation of a software application on the telecommunications terminal or detect the launching of a software application installed on the telecommunications terminal; and
      
      request to the server an updated security level with respect to the software application to be installed or of the software application being launched.
  - 19. The telecommunications terminal according to claim 18, wherein said software agent further comprises a local database adapted to store the security levels of the software applications installed on the telecommunications terminal.
  - 20. The telecommunications terminal of claim 19, wherein said software agent, further comprises an adaptation to request from the server the updated security level with respect to the software application being launched on condition that a security level stored in the local database for the software application is not up to date.

21. A server including at least one hardware component, comprising:
- a communication interface to communicate with at least one telecommunications terminal having data processing capabilities,wherein the telecommunications terminal is capable of having installed or run thereon software applications, wherein a plurality of software applications are monitored, and wherein each of the plurality of monitored software applications has associated therewith a respective numerical value indicating a level of security of the corresponding software application, said numerical value indicating the level of security being capable of varying in time,said server comprising;
  
  a security level evaluator to dynamically calculate the numerical value indicating the level of security of each of the plurality of monitored software applications, and to communicate to a software agent the calculated numerical value indicating the level of security of each of the plurality of monitored software applications to be installed or run on said telecommunications terminal,a binary analyzer adapted to perform a static analysis of codes of the software applications; and
  
  a vulnerability analyzer adapted to perform an analysis of vulnerabilities exhibited by the software applications,wherein said vulnerability analyzer comprises an adaptation to perform said analysis of vulnerabilities based on information obtained from one or more among a computer emergency response team, an open vulnerability and assessment language, and common vulnerabilities and exposures bulletins of the software applications producers/vendors, and software certification authorities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telecom Italia S.p.A.
Original Assignee
Telecom Italia S.p.A.
Inventors
Leone, Manuel
Primary Examiner(s)
Mehedi, Morshed

Application Number

US12/309,810
Publication Number

US 20090254993A1
Time in Patent Office

2,521 Days
Field of Search

726/1, 726/25
US Class Current

726/1
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

H04W 4/60   Subscription-based services...

System for implementing security on telecommunications terminals

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System for implementing security on telecommunications terminals

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links