Method and system for managing security of mobile terminal

US 8,671,438 B2
Filed: 04/04/2008
Issued: 03/11/2014
Est. Priority Date: 04/04/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising steps of:

(a) monitoring, by a mobile terminal having a communication link with a circuit switched network, activities performed at the mobile terminal according to a security policy which is enforced by execution of security agent software provided from the circuit switched network via the communication link between the mobile terminal and the circuit switched network, wherein the security policy resides in the mobile terminal and is enforced by the mobile terminal;

(b) communicating detection of a suspicious activity defined by the security policy from the mobile terminal to a policy manager server of the circuit switched network when the suspicious activity is detected;

(c) changing the security policy, for the mobile terminal in response to the detection of the suspicious activity communicated from the mobile terminal, to cure the suspicious activity detected at the mobile terminal by the policy manager server of the circuit switched network;

(d) sending the changed security policy to the mobile terminal via the communication link between the mobile terminal and the circuit switched network such that the mobile terminal is able to receive and use the changed security policy to cure the suspicious activity; and

(e) filtering out call traffic including SMS or MMS messages sent from/to be delivered to the mobile terminal relating to the suspicious activity, by an SMSC filter of the circuit switched network, according to the changed security policy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for enabling security on a mobile terminal having a communication link with a circuit switched network against suspicious activities is provided. Activities performed at the mobile terminal are performed according to a security policy provided from the circuit switched network. Detection of a suspicious activity is alerted to the circuit switched network when the suspicious activity is detected. A policy manager server of the circuit switched network changes the security policy to cure the suspicious activity on the mobile terminal. Call traffic delivered to/sent from the mobile terminal is filtered out, which causes the suspicious activity according to the security policy. The mobile terminal enforces a security measure on a suspicious activity according to the security policy.

34 Citations

View as Search Results

11 Claims

1. A method comprising steps of:
- (a) monitoring, by a mobile terminal having a communication link with a circuit switched network, activities performed at the mobile terminal according to a security policy which is enforced by execution of security agent software provided from the circuit switched network via the communication link between the mobile terminal and the circuit switched network, wherein the security policy resides in the mobile terminal and is enforced by the mobile terminal;
  
  (b) communicating detection of a suspicious activity defined by the security policy from the mobile terminal to a policy manager server of the circuit switched network when the suspicious activity is detected;
  
  (c) changing the security policy, for the mobile terminal in response to the detection of the suspicious activity communicated from the mobile terminal, to cure the suspicious activity detected at the mobile terminal by the policy manager server of the circuit switched network;
  
  (d) sending the changed security policy to the mobile terminal via the communication link between the mobile terminal and the circuit switched network such that the mobile terminal is able to receive and use the changed security policy to cure the suspicious activity; and
  
  (e) filtering out call traffic including SMS or MMS messages sent from/to be delivered to the mobile terminal relating to the suspicious activity, by an SMSC filter of the circuit switched network, according to the changed security policy.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the suspicious activity includes one or more of a PING attack, a UDP/TCP port scanning, a SYN flood, a malformed packet attack, an inverse network mapping, and a predatory remote access to the mobile terminal.
  - 3. The method of claim 1, further comprising:
    - enforcing, by the mobile terminal, a security measure on the detected suspicious activity according to the changed security policy.

4. A method comprising steps of:
- monitoring, by a mobile terminal having a communication link with a circuit switched network, activities performed at the mobile terminal according to a security policy enforced by execution of security agent software downloaded from the circuit switched network via the communication link with the circuit switched network;
  
  communicating detection of a suspicious activity including SMS or MMS messages defined by the security policy from the mobile terminal to a policy manager server of the circuit switched network when the suspicious activity is detected;
  
  changing the security policy, for the mobile terminal in response to the detection of the suspicious activity communicated from the mobile terminal, to cure the suspicious activity detected at the mobile terminal by the policy manager server of the circuit switched network; and
  
  enforcing, by the policy manager of the circuit switched network, via an SMSC filter, a security measure of filtering SMS or MMS messages sent from/to be delivered to the mobile terminal according to the security policy changed based on the detection of the suspicious activity communication from the mobile terminal.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4, wherein the security policy is updated to restrict delivery, from the circuit switched network to the mobile terminal, of data causing the suspicious activities.
  - 6. The method of claim 4, wherein the mobile terminal enforces a security measure according to the security policy which includes one or more of:
    - restricting bandwidth consumption, control of application program, restriction on time of access to resources on the mobile terminal, and restriction of delivery or reception of messages from specific phone numbers.

7. A mobile terminal comprising:
- a microprocessor; and
  
  a memory storing security agent software, provided from a circuit switched network via a communication link between the mobile terminal and the circuit switched network;
  
  wherein execution of the security agent software by the microprocessor causes the mobile terminal to perform functions to;
  
  monitor activities performed by the mobile terminal according to a security policy which is enforced by the execution of the stored security agent software;
  
  communicate detection of a suspicious activity defined by the security policy from the mobile terminal to a policy manager server of the circuit switched network when the suspicious activity is detected, wherein the security policy is changed for the mobile terminal in response to the detection of the suspicious activity communicated from the mobile terminal by the policy manager sever of the circuit switched network to cure the detected suspicious activity;
  
  receive, by the mobile terminal, the changed security policy via the communication link between the mobile terminal and the circuit switched network and enforcing, by the mobile terminal, a security measure on a suspicious activity according to the changed security policy to cure the suspicious activity; and
  
  filter out, by the security agent software, call traffic delivered to/to be sent from the mobile terminal, wherein the filtered out call traffic is call traffic including SMS or MMS messages causing the suspicious activity according to the changed security policy.

8. A system comprising:
- a non-transitory medium in a mobile terminal having a communication link with a circuit switched network, the non-transitory medium storing security agent software in the mobile terminal, wherein execution of the security agent software by the mobile terminal causes the mobile terminal to perform monitoring activities and to communicate a detection of a suspicious activity to the circuit switched network via the communication link with the circuit switched network when the suspicious activity is detected,wherein the security agent software is downloaded from the circuit switched network; and
  
  an SMSC filter for controlling delivery of SMS or MMS data for the mobile terminal according to a security policy,wherein the security policy is updated for the mobile terminal in response to the detection of the suspicious activity communicated from the mobile terminal, to filter out SMS or MMS data which relates to the suspicious activity and cure the suspicious activity at the mobile terminal, upon reception of the communicated detection of the suspicious activity from the mobile terminal, andwherein the updated security policy is sent to the mobile terminal such that the security agent software causes the mobile terminal to enforce a security measure on a suspicious activity according to the updated security policy to cure the suspicious activity.
- View Dependent Claims (9, 10, 11)
- - 9. The system of claim of claim 8, further comprising:
    - a policy manager server for updating the security agent software to reflect the updated security policy and for sending the updated security agent software to the mobile terminal.
  - 10. The system of claim 8, wherein the security agent is configured to detect suspicious activities including:
    - a PING attack, a UDT/TCP port scanning, a SYN flood, a malformed packet attack, an inverse network mapping, and a predatory remote access to the mobile terminal.
  - 11. The system of claim 9, wherein the policy manager server is a separate entity from the mobile terminal and communications with the mobile terminal via a wireless communication link.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cellco Partnership, Inc. (Verizon Communications Inc.)
Original Assignee
Cellco Partnership, Inc. (Verizon Communications Inc.)
Inventors
Parker, Benjamin, Rados, Steven R.
Primary Examiner(s)
Cervetti, David Garcia
Assistant Examiner(s)
ABEDIN, SHANTO

Application Number

US12/078,741
Publication Number

US 20090254969A1
Time in Patent Office

2,167 Days
Field of Search

713/100, 455/432.1, 455/436, 455/410, 455/411, 380/270, 726/1, 726/11, 726/12, 726 13- 14, 726 22- 25, 370/357
US Class Current

726/1
CPC Class Codes

G06F 21/554   involving event detection a...

H04L 63/102   Entity profiles

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1466   Active attacks involving in...

H04W 12/08   Access security

H04W 12/128   Anti-malware arrangements, ...

Method and system for managing security of mobile terminal

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for managing security of mobile terminal

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links