Systems and methods for mobile application security classification and enforcement
First Claim
1. A method, comprising:
- configuring a mobile device such that the mobile device communicates data to an external network via a cloud-based security system;
receiving data from the mobile device;
enforcing policy on the data from the mobile device;
based on the policy, forwarding the data to the external network;
receiving data from the external network;
inspecting content of the data from the external network;
based on the inspecting content, forwarding the data to the mobile device;
determining and storing, in a database, a plurality of attributes for each of a plurality of applications for the mobile device and periodically updating the database, wherein the determining the plurality of attributes comprises determining a security score based on a plurality of factors related to security, and determining a privacy score based on a plurality of factors related to privacy; and
utilizing the database in the enforcing policy step to prevent the data from the mobile device from being forwarding if the data relates to an application which does not meet a minimum threshold related to the security score and the privacy score.
1 Assignment
0 Petitions
Accused Products
Abstract
The present disclosure provides systems and methods for mobile application security classification and enforcement. In particular, the present invention includes a method, a mobile device, and a distributed security system (e.g., a “cloud”) that is utilized to enforce security on mobile devices communicatively coupled to external networks (i.e., the Internet). Advantageously, the present invention is platform independent allowing it to operate with any current or emerging mobile device. Specifically, preventing malicious applications from running on an end user'"'"'s mobile device is challenging with potentially millions of applications and billions of user devices; the only effective way to enforce application security is through the network that applications use to communicate.
330 Citations
15 Claims
-
1. A method, comprising:
-
configuring a mobile device such that the mobile device communicates data to an external network via a cloud-based security system; receiving data from the mobile device; enforcing policy on the data from the mobile device; based on the policy, forwarding the data to the external network; receiving data from the external network; inspecting content of the data from the external network; based on the inspecting content, forwarding the data to the mobile device; determining and storing, in a database, a plurality of attributes for each of a plurality of applications for the mobile device and periodically updating the database, wherein the determining the plurality of attributes comprises determining a security score based on a plurality of factors related to security, and determining a privacy score based on a plurality of factors related to privacy; and utilizing the database in the enforcing policy step to prevent the data from the mobile device from being forwarding if the data relates to an application which does not meet a minimum threshold related to the security score and the privacy score. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A network security system, comprising:
-
a processing node communicatively coupled to a mobile device and to an external network, wherein the processing node comprises a data store storing security policy data for the mobile device, data inspection engines configured to perform threat detection classification on content to the mobile device from the external network, and a manager communicatively coupled to the data store and the data inspection engines; wherein the processing node is configured to enforce policy between the mobile device and the external network and inspect content from the external network to the mobile device through the steps of; receiving data from the mobile device; enforcing policy on the data from the mobile device; based on the policy, forwarding the data to the external network; receiving data from the external network; inspecting content of the data from the external network; based on the inspecting content, forwarding the data to the mobile device; determining and storing, in the data store, a plurality of attributes for each of a plurality applications for the mobile device and periodically updating the data store, wherein the determining the plurality of attributes comprises determining a security score based on a plurality of factors related to security, and determining a privacy score based on a plurality of factors related to privacy; and utilizing the data store in the enforcing policy step to prevent the data from the mobile device from being forwarding if the data relates to an application which does not meet a minimum threshold related to the security score and the privacy score. - View Dependent Claims (12, 13, 14)
-
-
15. A server, comprising:
-
a data store; a network interface communicatively coupled to a network; a processor, wherein the data store, the network interface, and the processor are communicatively coupled there between and configured to; receive data from a mobile device; enforce policy on the data from the mobile device; based on the policy, forward the data to the external network; receive data from the external network; inspect content of the data from the external network; based on the inspected content, forward the data to the mobile device; determine and store, in the data store, a plurality of attributes for each of a plurality of applications for the mobile device and periodically update the data store, wherein to determine the plurality of attributes comprises determining a security score based on a plurality of factors related to security, and determining a privacy score based on a plurality of factors related to privacy; and utilize the data store in the enforce policy step to prevent the data from the mobile device from being forwarding if the data relates to an application which does not meet a minimum threshold related to the security score and the privacy score.
-
Specification