Server-assisted analysis of data for a mobile device

US 8,683,593 B2
Filed: 01/15/2013
Issued: 03/25/2014
Est. Priority Date: 10/21/2008
Status: Active Grant

First Claim

Patent Images

1. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:

when the mobile communications device receives data, creates a hash identifier for the data, compares the data hash identifier against a database of known good data, the database being received from the server and stored on the mobile communications device and does not obtain a positive match, receiving the data hash identifier at the server, wherein receipt of the data hash identifier is a signal from the mobile communications device that an analysis of the data by a mobile communications device security component has not been able to characterize the data as recognizably safe or malicious;

at the server, using a known bad component, comparing the received data hash identifier against a database stored in memory associated with the server containing hash identifiers of known bad data; and

,if the data hash identifier comparison by the known bad component results in a positive match, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile device compares a receipt of data against data stored in a database. If no positive match is obtained, the data is provided to a server for the server to compare. Based on the comparison by the server, the mobile device may or may not be allowed to process the data.

304 Citations

10 Claims

1. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:
- when the mobile communications device receives data, creates a hash identifier for the data, compares the data hash identifier against a database of known good data, the database being received from the server and stored on the mobile communications device and does not obtain a positive match, receiving the data hash identifier at the server, wherein receipt of the data hash identifier is a signal from the mobile communications device that an analysis of the data by a mobile communications device security component has not been able to characterize the data as recognizably safe or malicious;
  
  at the server, using a known bad component, comparing the received data hash identifier against a database stored in memory associated with the server containing hash identifiers of known bad data; and
  
  ,if the data hash identifier comparison by the known bad component results in a positive match, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.
- View Dependent Claims (2)
- - 2. The method of claim 1 further comprising:
    - if the data hash identifier comparison at the server by the known bad component does not result in a positive match, then at the server, using a decision component, performing an analysis on the data hash identifier to determine if the data is safe or malicious;
      
      if the analysis by the decision component at the server determines that the data is safe, then sending an instruction from the server to the mobile communications device to allow the data to be processed by the mobile communications device; and
      
      if the analysis by the decision component at the server determines that the data is malicious, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.

3. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:
- after the mobile communications device receives data, and creates a hash identifier for the data, receiving the data hash identifier at the server, wherein receipt of the data hash identifier is a signal from the mobile communications device that an analysis of the data by a mobile communications device security component has not been able to characterize the data as recognizably safe or malicious;
  
  then, at the server, using a known bad component, comparing the received data hash identifier against a database stored in memory associated with the server containing hash identifiers of known bad data;
  
  if the data hash identifier comparison by the known bad component results in a positive match, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device;
  
  if the data hash identifier comparison at the server by the known bad component does not result in a positive match, then at the server, using a known good component, comparing the received data hash identifier against a database of identifiers of known good data stored in a memory associated with the server;
  
  at the server, if the comparison by the known good component results in a positive match, then sending an instruction by the server to the mobile communications device to allow the data to be processed by the mobile communication device;
  
  if the comparison by the known good component does not result in a positive match, then, at the server, using a decision component, performing an analysis on the data to determine if the data is safe or malicious;
  
  if the analysis by the decision component at the server determines that the data is safe, then sending an instruction from the server to the mobile communications device to allow the data to be processed by the mobile communications device; and
  
  ,if the analysis by the decision component at the server determines that the data is malicious, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.

4. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:
- after the mobile communications device receives data, creates a hash identifier for the data, using a known bad component, compares the received data hash identifier against a database stored in the mobile communications device memory containing hash identifiers of known bad data, receiving the data hash identifier at the server, wherein receipt of the data hash identifier is a signal from the mobile communications device that an analysis of the data by a mobile communications device security component has not been able to characterize the data as recognizably safe or malicious;
  
  then, if the data hash identifier comparison at the mobile communications device by the known bad component does not result in a positive match, then at the server, using a known good component, comparing the received data hash identifier against a database of identifiers of known good data stored in a memory associated with the server;
  
  at the server, if the comparison by the known good component results in a positive match, then sending an instruction by the server to the mobile communications device to allow the data to be processed by the mobile communication device;
  
  if the comparison by the known good component does not result in a positive match, then, at the server, using a decision component, performing an analysis on the data to determine if the data is safe or malicious;
  
  if the analysis by the decision component at the server determines that the data is safe, then sending an instruction from the server to the mobile communications device to allow the data to be processed by the mobile communications device; and
  
  if the analysis by the decision component at the server determines that the data is malicious, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.

5. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:
- when the mobile communications device receives data, applies by a known good component logic on the data to compare characteristics of the data to a database of known good data, the database being received from the server to determine if the data is safe and does not obtain a positive match, receiving the data from the mobile communication device at the server, wherein receipt of the data is a signal from the mobile communications device that an analysis of the data by a mobile communications device security component has not been able to characterize the data as recognizably safe or malicious;
  
  at the server, applying by a known bad component, logic on the received data to compare characteristics of the data to a database of known bad data to determine if the data is safe and or recognizably malicious; and
  
  ,if the known bad component logic determines that the received data is recognizably malicious, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.
- View Dependent Claims (6)
- - 6. The method of claim 5 further comprising:
    - if the known bad component logic does not determine that the received data is recognizably malicious, then at the server, using a decision component, performing an analysis on the received data to determine if the data is safe or malicious;
      
      if the analysis by the decision component at the server determines that the data is safe, then sending an instruction from the server to the mobile communications device to allow the data to be processed by the mobile communications device; and
      
      if the analysis by the decision component at the server determines that the data is malicious, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.

7. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:
- after the mobile communications device receives data, receiving the data at the server, wherein receipt of the data is a signal from the mobile communications device that an analysis of the data by a mobile communications device security component has not been able to characterize the data as recognizably safe or malicious;
  
  at the server, applying by a known good component, logic on the data to determine if the data is safe;
  
  at the server, if the determination by the known good component logic results in a positive match, then sending an instruction by the server to the mobile communications device to allow the data to be processed by the mobile communication device;
  
  if the determination by the known good component logic does not result in a positive match, then, at the server, using a decision component, performing an analysis on the received data to determine if the data is safe or malicious;
  
  if the analysis by the decision component at the server determines that the received data is safe, then sending an instruction from the server to the mobile communications device to allow the data to be processed by the mobile communications device; and
  
  if the analysis by the decision component at the server determines that the data is malicious, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.

8. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:
- after the mobile communications device receives data, receiving the data at the server, wherein receipt of the data is a signal from the mobile communications device that an analysis of the data by a mobile communications device security component has not been able to characterize the data as recognizably safe or malicious;
  
  at the server, applying by a known good component, logic on the data to determine if the data is safe;
  
  at the server, if the determination by the known good component logic results in a positive match, then sending an instruction by the server to the mobile communications device to allow the data to be processed by the mobile communication device;
  
  if the determination by the known good component logic does not result in a positive match, then, at the server, applying by a known bad component logic to determine if the data is safe or recognizably malicious; and
  
  ,if the determination by the known bad component logic determines that the data is recognizably malicious, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.

9. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:
- after the mobile communications device receives data, receiving the data at the server, wherein receipt of the data is a signal from the mobile communications device that an analysis of the data by a mobile communications device security component has not been able to characterize the data as recognizably safe or malicious;
  
  then, at the server, applying by a known bad component logic to the data to determine if the data is recognizably malicious;
  
  if the determination by the known bad component results in a positive match, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device;
  
  if the determination at the server by the known bad component does not result in a positive match, then at the server, applying by a known good component, logic to the data to determine if the data is safe;
  
  at the server, if the determination by the known good component results in a positive match, then sending an instruction by the server to the mobile communications device to allow the data to be processed by the mobile communication device;
  
  if the determination by the known good component does not result in a positive match, then, at the server, applying by a decision component logic to the data for performing an analysis on the data to determine if the data is safe or malicious;
  
  if the determination by the decision component at the server determines that the data is safe, then sending an instruction from the server to the mobile communications device to allow the data to be processed by the mobile communications device; and
  
  ,if the determination by the decision component at the server determines that the data is malicious, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.

10. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:
- after the mobile communications device receives data, and applying by a known bad component logic to the data to determine whether the data is recognizably malicious, receiving the data at the server, wherein receipt of the data is a signal from the mobile communications device that an analysis of the data by a mobile communications device security component has not been able to characterize the data as recognizably safe or malicious;
  
  then, if the determination at the mobile communications device by the known bad component does not result in a positive match, then at the server, applying by a known good component logic to determine whether the data is safe;
  
  at the server, if the determination by the known good component results in a positive match, then sending an instruction by the server to the mobile communications device to allow the data to be processed by the mobile communication device;
  
  if the determination by the known good component does not result in a positive match, then, at the server, applying by a decision component logic to the data for performing an analysis on the data to determine if the data is safe or malicious;
  
  if the determination by the decision component at the server determines that the data is safe, then sending an instruction from the server to the mobile communications device to allow the data to be processed by the mobile communications device; and
  
  if the determination by the decision component at the server determines that the data is malicious, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Lookout Incorporated
Inventors
Mahaffey, Kevin Patrick
Primary Examiner(s)
Chen, Shin-Hon

Application Number

US13/742,173
Publication Number

US 20130133071A1
Time in Patent Office

434 Days
Field of Search

None
US Class Current

726/23
CPC Class Codes

G06F 21/562   Static detection

G06F 21/564   by virus signature recognition

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

H04W 12/08   Access security

Server-assisted analysis of data for a mobile device

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

304 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Server-assisted analysis of data for a mobile device

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

304 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links