Evaluating whether data is safe or malicious
First Claim
1. In a mobile communications device having a network interface for receiving and sending data, a memory and a microprocessor, and further having software components for processing, analyzing and storing data, including at least a known good component for identifying data that is recognizably safe, a known bad component for identifying data that is recognizably malicious, and a decision component for evaluating whether data is safe or malicious, a method comprising:
- providing data on the mobile communications device;
applying a hash function to the data to create a hash identifier for the data; and
comparing by the known good component, the data hash identifier against a database of identifiers of known good data stored in the mobile communications device memory;
if the comparison by the known good component results in a positive match, then allowing the data to be processed by the mobile communications device;
if the comparison by the known good component does not result in a positive match, then comparing by the known bad component, the data hash identifier against a database of identifiers of known bad data stored in the mobile communications device memory; and
if the comparison by the known bad component does not result in a positive match, then transmitting a signal from the mobile communications device to a server to indicate that an analysis of the data by a mobile communications device security component has not been able to characterize the data as recognizably safe or malicious.
8 Assignments
0 Petitions
Accused Products
Abstract
“Known bad” data, “known good” data, or both can be stored in a database. A technique for evaluating data compares the data to the “known bad” data, “known good” data, or both. Based on the comparison, the data may or may not be allowed to be processed by a mobile device.
319 Citations
20 Claims
-
1. In a mobile communications device having a network interface for receiving and sending data, a memory and a microprocessor, and further having software components for processing, analyzing and storing data, including at least a known good component for identifying data that is recognizably safe, a known bad component for identifying data that is recognizably malicious, and a decision component for evaluating whether data is safe or malicious, a method comprising:
-
providing data on the mobile communications device; applying a hash function to the data to create a hash identifier for the data; and comparing by the known good component, the data hash identifier against a database of identifiers of known good data stored in the mobile communications device memory; if the comparison by the known good component results in a positive match, then allowing the data to be processed by the mobile communications device; if the comparison by the known good component does not result in a positive match, then comparing by the known bad component, the data hash identifier against a database of identifiers of known bad data stored in the mobile communications device memory; and if the comparison by the known bad component does not result in a positive match, then transmitting a signal from the mobile communications device to a server to indicate that an analysis of the data by a mobile communications device security component has not been able to characterize the data as recognizably safe or malicious. - View Dependent Claims (2, 3)
-
-
4. In a mobile communications device having a network interface for receiving and sending data, a memory and a microprocessor, and further having software components for processing, analyzing and storing data, including at least a known good component for identifying data that is recognizably safe, a known bad component for identifying data that is recognizably malicious, and a decision component for evaluating whether data is safe or malicious, a method comprising:
-
providing data on the mobile communications device; applying by the known good component, logic on the data to determine if the data is safe; if the known good component logic determines that the data is safe, then allowing the data to be processed by the mobile communications device; if the known good component does not determine that the data is safe, then applying by the known bad component, logic on the data to determine if the data is malicious; if the known bad component logic determines that the data is malicious, then rejecting the data from being processed by the mobile communications device; and if the known bad component logic does not determine that the data is malicious, then transmitting a signal from the mobile communications device to a server to indicate that an analysis of the data by a mobile communications device security component has not been able to characterize the data as recognizably safe or malicious. - View Dependent Claims (5)
-
-
6. In a mobile communications device having a network interface for receiving and sending data, a memory and a microprocessor, and further having software components for processing, analyzing and storing data, including at least a known good component for identifying data that is recognizably safe, a known bad component for identifying data that is recognizably malicious, and a decision component for evaluating whether data is safe or malicious, a method comprising:
-
providing data on the mobile communications device; applying by the known good component, logic on the data to determine if the data is safe; if the known good component logic determines that the data is safe, then allowing the data to be processed by the mobile communications device; if the known good component logic does not determine that the data is safe, then applying, by the known bad component, logic on the data to determine if the data is malicious; if the known bad component logic determines that the data is malicious, then rejecting the data from being processed by the mobile communications device; and if the known bad component logic does not determine that the data is malicious, then transmitting a signal from the mobile communications device to a server to indicate that an analysis of the data by a mobile communications device security component has not been able to characterize the data as recognizably safe or malicious. - View Dependent Claims (7)
-
-
8. In a mobile communications device having a network interface for receiving and sending data, a memory and a microprocessor, and further having software components for processing, analyzing and storing data, including at least a known good component for identifying data that is recognizably safe, a known bad component for identifying data that is recognizably malicious, and a decision component for evaluating whether data is safe or malicious, a method comprising:
-
providing data on the mobile communications device; comparing by the known good component, the data against a database of characteristics for known good data stored in the mobile communications device; and if the comparison by the known good component does not result in a positive match, then rejecting the data from being processed by the mobile communications device; if the comparison by the known good component does result in a positive match, then comparing by the known bad component, the data against a database of characteristics for known bad data stored in the mobile communications device; and if the comparison by the known bad component does not result in a positive match, then transmitting a signal from the mobile communications device to a server to indicate that an analysis of the data by a mobile communications device security component has not been able to characterize the data as recognizably safe or malicious. - View Dependent Claims (9, 10)
-
-
11. In a mobile communications device having a network interface for receiving and sending data, a memory and a microprocessor, and further having software components for processing, analyzing and storing data, including at least a known good component for identifying data that is recognizably safe, a known bad component for identifying data that is recognizably malicious, and a decision component for evaluating whether data is safe or malicious, a method comprising:
-
providing data on the mobile communications device; applying a hash function to the data to create a hash identifier for the data; and comparing by the known good component, the data hash identifier against a database of identifiers of known good data stored in the mobile communications device memory; if the comparison by the known good component does not result in a positive match, then rejecting the data from being processed by the mobile communications device; if the comparison by the known good component does result in a positive match, then comparing by the known bad component, the data hash identifier against a database of identifiers for known bad data stored in the mobile communications device memory; and if the comparison by the known bad component does not result in a positive match, then transmitting a signal from the mobile communications device to a server to indicate that an analysis of the data by a mobile communications device security component has not been able to characterize the data as recognizably safe or malicious. - View Dependent Claims (12, 13)
-
-
14. In a mobile communications device having a network interface for receiving and sending data, a memory and a microprocessor, and further having software components for processing, analyzing and storing data, including at least a known good component for identifying data that is recognizably safe, a known bad component for identifying data that is recognizably malicious, and a decision component for evaluating whether data is safe or malicious, a method comprising:
-
providing data on the mobile communications device; applying by the known good component, logic on the data to determine if the data is not safe; if the known good component logic determines that the data is not safe, then rejecting the data from being processed by the mobile communications device; if the known good component logic does not determine that the data is not safe, then applying by the known bad component, logic on the data to determine if the data is malicious; and if the known bad component does not determine that the data is malicious, then transmitting a signal from the mobile communications device to a server to indicate that an analysis of the data by a mobile communications device security component has not been able to characterize the data as recognizably safe or malicious. - View Dependent Claims (15, 16)
-
-
17. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:
-
when the mobile communications device receives data, creates a hash identifier for the data, compares the data hash identifier against a database of known good data stored on the mobile communications device, does not obtain a positive match, compares the data hash identifier against a database stored on the mobile communications device containing hash identifiers of known bad data, and does not obtain a positive match, receiving the data at the server, wherein the data is a signal from the mobile communications device that an analysis of the data by a mobile communications device security component has not been able to characterize the data as recognizably safe or malicious; at the server, using a decision component, performing an analysis on the data to determine if the data is safe or malicious; if the analysis by the decision component at the server determines that the data is safe, then sending an instruction from the server to the mobile communications device to allow the data to be processed by the mobile communications device; and if the analysis by the decision component at the server determines that the data is malicious, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.
-
-
18. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:
-
after the mobile communications device receives data, creates a hash identifier for the data, using a known bad component, compares the received data hash identifier against a database stored in the mobile communications device memory containing hash identifiers of known bad data, does not obtain a positive match, then compares the data hash identifier against a database of known good data stored on the mobile communications device and does not obtain a positive match, receiving the data at the server, wherein the data is a signal from the mobile communications device that an analysis of the data by the mobile communications device security component has not been able to characterize the data as recognizably safe or malicious; at the server, using a decision component, performing an analysis on the data to determine if the data is safe or malicious; if the analysis by the decision component at the server determines that the data is safe, then sending an instruction from the server to the mobile communications device to allow the data to be processed by the mobile communications device; and if the analysis by the decision component at the server determines that the data is malicious, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.
-
-
19. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:
-
when the mobile communications device receives data, applies by a known good component logic on the data to determine if the data is safe, does not obtain a positive match, applies by a known bad component logic on the data to determine if the data is recognizably malicious, and does not obtain a positive match, receiving the data from the mobile communications device at the server, wherein the data is a signal from the mobile communications device that an analysis of the data by a mobile communications device security component has not been able to characterize the data as recognizably safe or malicious; at the server, using a decision component, performing an analysis on the received data to determine if the data is safe or malicious; if the analysis by the decision component at the server determines that the data is safe, then sending an instruction from the server to the mobile communications device to allow the data to be processed by the mobile communications device; and if the analysis by the decision component at the server determines that the data is malicious, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.
-
-
20. On a server having a network interface for receiving from and sending data to a mobile communications device having software components for processing and analyzing data, a method comprising:
-
after the mobile communications device receives data, applying by a known bad component logic to the data to determine whether the data is recognizably malicious, does not obtain a positive match, then applying by known good component logic to the data to determine whether the data is safe and does not obtain a positive match, receiving the data at the server, wherein the data is a signal from the mobile communications device that an analysis of the data by a mobile communications device security component has not been able to characterize the data as recognizably safe or malicious; at the server, applying by a decision component logic to the data for performing an analysis on the data to determine if the data is safe or malicious; if the determination by the decision component at the server determines that the data is safe, then sending an instruction from the server to the mobile communications device to allow the data to be processed by the mobile communications device; and if the determination by the decision component at the server determines that the data is malicious, then sending an instruction from the server to the mobile communications device to reject the data from being processed by the mobile communications device.
-
Specification