System and method for server-coupled application re-analysis to obtain trust, distribution and ratings assessment

US 8,752,176 B2
Filed: 05/02/2012
Issued: 06/10/2014
Est. Priority Date: 10/21/2008
Status: Active Grant

First Claim

Patent Images

1. A method for re-assessing a data object by a server computer comprising:

a) at the server computer, receiving data about a data object residing on a mobile communication device, and storing the data in a data store accessible to the server computer;

b) at the server computer, analyzing the data about the data object to produce a trust assessment, and storing the trust assessment in the data store accessible to the server computer;

c) at the server computer, based upon a trigger selected from the group consisting of receipt of more data about the data object, receipt of more data about mobile communication devices, and an update to the server computer analyzing capability, re-analyzing the data about the data object;

d) at the server computer, based upon the re-analyzing, producing an updated trust assessment; and

,e) at the server computer, sending a remediation instruction to the mobile communication device based upon the updated trust assessment.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for preventing malware, spyware and other undesirable applications from affecting mobile communication devices uses a server to assist in identifying and removing undesirable applications. When scanning an application, a device transmits information about the application to a server for analysis. The server receives the information, produces a characterization assessment and can also provide a characterization re-assessment for the application, or data object, and transmits the assessment to the device. By performing analysis on a server, the invention allows a device to reduce the battery and performance cost of protecting against undesirable applications. The server transmits notifications to devices that have installed applications that are discovered to be undesirable. The server can accumulate this data and then perform a characterization re-assessment of a data object it has previously assessed to provide an assessment based upon one of trust, distribution and ratings information.

300 Citations

54 Claims

1. A method for re-assessing a data object by a server computer comprising:
- a) at the server computer, receiving data about a data object residing on a mobile communication device, and storing the data in a data store accessible to the server computer;
  
  b) at the server computer, analyzing the data about the data object to produce a trust assessment, and storing the trust assessment in the data store accessible to the server computer;
  
  c) at the server computer, based upon a trigger selected from the group consisting of receipt of more data about the data object, receipt of more data about mobile communication devices, and an update to the server computer analyzing capability, re-analyzing the data about the data object;
  
  d) at the server computer, based upon the re-analyzing, producing an updated trust assessment; and
  
  ,e) at the server computer, sending a remediation instruction to the mobile communication device based upon the updated trust assessment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1 wherein the data received in step (a) is binary data from the data object.
  - 3. The method of claim 1 wherein the data received in step (a) is metadata about the data object.
  - 4. The method of claim 1 wherein the data received in step (a) is behavioral data about the data object.
  - 5. The method of claim 1 wherein the analyzing in step (b) uses API analysis.
  - 6. The method of claim 1 wherein the analyzing in step (b) uses static analysis.
  - 7. The method of claim 1 wherein the analyzing in step (b) uses dynamic analysis.
  - 8. The method of claim 1 wherein the analyzing in step (b) uses behavioral analysis.
  - 9. The method of claim 1 wherein the analyzing in step (b) uses code path analysis.
  - 10. The method of claim 1 wherein the re-analyzing in step (c) uses API analysis.
  - 11. The method of claim 1 wherein the re-analyzing in step (c) uses static analysis.
  - 12. The method of claim 1 wherein the re-analyzing in step (c) uses dynamic analysis.
  - 13. The method of claim 1 wherein the re-analyzing in step (c) uses behavioral analysis.
  - 14. The method of claim 1 wherein the re-analyzing in step (c) uses code path analysis.
  - 15. The method of claim 1 wherein the sending a remediation instruction in step (e) includes an action of instructing a software application on the mobile communication device.
  - 16. The method of claim 1 wherein the sending a remediation instruction in step (e) includes sending a message to a user via a messaging system.
  - 17. The method of claim 1 wherein the remediation instruction in step (e) is sent to the mobile communication device only if the data object is determined to be present on the mobile communication device.
  - 18. The method of claim 1 wherein the remediation instruction in step (e) is an instruction to uninstall the data object.

19. A method for re-assessing a data object by a server computer comprising:
- a) at the server computer, receiving data about a data object residing on a mobile communication device, and storing the data in a data store accessible to the server computer;
  
  b) at the server computer, analyzing the data about the data object to produce a distribution assessment, and storing the distribution assessment in the data store accessible to the server computer;
  
  c) at the server computer, based upon a trigger selected from the group consisting of receipt of more data about the data object, receipt of more data about mobile communication devices, and an update to the server computer analyzing capability, re-analyzing the data about the data object;
  
  d) at the server computer, based upon the re-analyzing, producing an updated distribution assessment; and
  
  ,e) at the server computer, sending a remediation instruction to the mobile communication device based upon the updated distribution assessment.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 20. The method of claim 19 wherein the data received in step (a) is binary data from the data object.
  - 21. The method of claim 19 wherein the data received in step (a) is metadata about the data object.
  - 22. The method of claim 19 wherein the data received in step (a) is behavioral data about the data object.
  - 23. The method of claim 19 wherein the analyzing in step (b) uses API analysis.
  - 24. The method of claim 19 wherein the analyzing in step (b) uses static analysis.
  - 25. The method of claim 19 wherein the analyzing in step (b) uses dynamic analysis.
  - 26. The method of claim 19 wherein the analyzing in step (b) uses behavioral analysis.
  - 27. The method of claim 19 wherein the analyzing step in (b) uses code path analysis.
  - 28. The method of claim 19 wherein the re-analyzing in step (c) uses API analysis.
  - 29. The method of claim 19 wherein the re-analyzing in step (c) uses static analysis.
  - 30. The method of claim 19 wherein the re-analyzing in step (c) uses dynamic analysis.
  - 31. The method of claim 19 wherein the re-analyzing in step (c) uses behavioral analysis.
  - 32. The method of claim 19 wherein the re-analyzing in step (c) uses code path analysis.
  - 33. The method of claim 19 wherein the sending a remediation instruction in step (e) includes an action of instructing a software application on the mobile communication device.
  - 34. The method of claim 19 wherein the sending a remediation instruction in step (e) includes sending a message to a user via a messaging system.
  - 35. The method of claim 19 wherein the remediation instruction in step (e) is sent to the mobile communication device only if the data object is determined to be present on the mobile communication device.
  - 36. The method of claim 19 wherein the remediation instruction in step (e) is an instruction to uninstall the data object.

37. A method for re-assessing a data object by a server computer comprising:
- a) at the server computer, receiving data about a data object residing on a mobile communication device, and storing the data in a data store accessible to the server computer;
  
  b) at the server computer, analyzing the data about the data object to produce a ratings assessment, and storing the ratings assessment in the data store accessible to the server computer;
  
  c) at the server computer, based upon a trigger selected from the group consisting of receipt of more data about the data object, receipt of more data about mobile communication devices, and an update to the server computer analyzing capability, re-analyzing the data about the data object;
  
  d) at the server computer, based upon the re-analyzing, producing an updated ratings assessment; and
  
  ,e) at the server computer, sending a remediation instruction to the mobile communication device based upon the updated ratings assessment.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
- - 38. The method of claim 37 wherein the data received in step (a) is binary data from the data object.
  - 39. The method of claim 37 wherein the data received in step (a) is metadata about the data object.
  - 40. The method of claim 37 wherein the data received in step (a) is behavioral data about the data object.
  - 41. The method of claim 37 wherein the analyzing in step (b) uses API analysis.
  - 42. The method of claim 37 wherein the analyzing in step (b) uses static analysis.
  - 43. The method of claim 37 wherein the analyzing in step (b) uses dynamic analysis.
  - 44. The method of claim 37 wherein the analyzing in step (b) uses behavioral analysis.
  - 45. The method of claim 37 wherein the analyzing in step (b) uses code path analysis.
  - 46. The method of claim 37 wherein the re-analyzing in step (c) uses API analysis.
  - 47. The method of claim 37 wherein the re-analyzing in step (c) uses static analysis.
  - 48. The method of claim 37 wherein the re-analyzing in step (c) uses dynamic analysis.
  - 49. The method of claim 37 wherein the re-analyzing in step (c) uses behavioral analysis.
  - 50. The method of claim 37 wherein the re-analyzing in step (c) uses code path analysis.
  - 51. The method of claim 37 wherein the sending a remediation instruction in step (e) includes an action of instructing a software application on the mobile communication device.
  - 52. The method of claim 37 wherein the sending a remediation instruction in step (e) includes an action of sending a message to a user via a messaging system.
  - 53. The method of claim 37 wherein the remediation instruction in step (e) is sent to the mobile communication device only if the data object is determined to be present on the mobile communication device.
  - 54. The method of claim 37 wherein the remediation instruction in step (e) is an instruction to uninstall the data object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Lookout Incorporated
Inventors
Mahaffey, Kevin Patrick, Burgess, James David, Golombek, David, Wyatt, Timothy Micheal, Lineberry, Anthony McKay, Barton, Kyle, Evans, Daniel Lee, Richardson, David Luke, Salomon, Ariel
Primary Examiner(s)
CHEN, SHIN HON

Application Number

US13/461,984
Publication Number

US 20120233695A1
Time in Patent Office

769 Days
Field of Search

None
US Class Current

726/23
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/564   by virus signature recognition

G06F 21/57   Certifying or maintaining t...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

System and method for server-coupled application re-analysis to obtain trust, distribution and ratings assessment

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

300 Citations

54 Claims

Specification

Use Cases

Quick Links

Others

System and method for server-coupled application re-analysis to obtain trust, distribution and ratings assessment

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

300 Citations

54 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others