Agent based application reputation system for operating systems

US 8,918,888 B2
Filed: 01/16/2014
Issued: 12/23/2014
Est. Priority Date: 01/21/2013
Status: Active Grant

First Claim

Patent Images

1. A method for implementing a security agent on behalf of a device, the method comprising:

obtaining, by a processor, a list of applications installed on the device from a repository remote from the security agent and device, wherein the repository is located on another device independent from the security agent and the device;

for each respective application on the list, comparing reputation attributes obtained from a reputation database against attributes of the application installed on the device; and

for any of the respective applications for which it is determined from the comparing that the application installed on the device is malicious, taking action to limit malicious activity by the respective application installed on the device;

wherein the security agent is not installed on the device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for implementing a security agent on behalf of a device, the method comprising: obtaining a list of applications installed on the device from a remote repository; for each respective application on the list, comparing reputation attributes obtained from a reputation database against attributes of the application installed on the device; and for any of the respective applications for which it is determined from the comparing that the application installed on the device is malicious, taking action to limit malicious activity by the respective application installed on the device.

6 Citations

16 Claims

1. A method for implementing a security agent on behalf of a device, the method comprising:
- obtaining, by a processor, a list of applications installed on the device from a repository remote from the security agent and device, wherein the repository is located on another device independent from the security agent and the device;
  
  for each respective application on the list, comparing reputation attributes obtained from a reputation database against attributes of the application installed on the device; and
  
  for any of the respective applications for which it is determined from the comparing that the application installed on the device is malicious, taking action to limit malicious activity by the respective application installed on the device;
  
  wherein the security agent is not installed on the device.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method according to claim 1, wherein the security agent obtains the list of applications installed on the device using security credentials provided by a user of the device.
  - 3. The method according to claim 2, wherein the security agent obtains the list of applications installed on the device from at least one of a virtual application store and a virtual social networking site from which the installed applications were downloaded to the device.
  - 4. The method according to claim 1, wherein the reputation attributes for each respective application on the list that are obtained from the reputation database comprise at least:
    - whether the respective application is malicious or safe;
      
      battery consumption due to execution of the respective application; and
      
      resources on the device that are accessed by the respective application.
  - 5. The method according to claim 4, wherein the reputation attributes are obtained from the reputation database by deriving a unique identifier for each respective application on the list and submitting each of the derived unique identifiers to the reputation database.

6. A non-transitory computer readable memory storing a set of executable instructions for implementing a security agent on behalf of a device, the set of executable instructions comprising:
- code for obtaining, by a processor, a list of applications installed on the device from a repository remote from the security agent and the device, wherein the repository is located on another device independent from the security agent and the device;
  
  code for comparing, for each respective application on the list, reputation attributes obtained from a reputation database against attributes of the application installed on the device; and
  
  for any of the respective applications for which it is determined from executing the code for comparing that the application installed on the device is malicious, code for taking action to limit malicious activity by the respective application installed on the device.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer readable memory according to claim 6, wherein the code for obtaining operates to obtain the list of applications installed on the device using security credentials provided by a user of the device.
  - 8. The computer readable memory according to claim 7, wherein the code for obtaining operates to obtain the list of applications installed on the device from at least one of a virtual application store and a virtual social networking site from which the installed applications were downloaded to the device.
  - 9. The computer readable memory according to claim 6, wherein the reputation attributes for each respective application on the list that are obtained from the reputation database comprise at least:
    - whether the respective application is malicious or safe;
      
      battery consumption due to execution of the respective application; and
      
      resources on the device that are accessed by the respective application.
  - 10. The computer readable memory according to claim 9, wherein the reputation attributes are obtained from the reputation database by deriving a unique identifier for each respective application on the list and submitting each of the derived unique identifiers to the reputation database.

11. At least one security server comprising at least one memory storing a set of computer executable instructions and at least one processor, wherein the memory with the set of computer executable instructions is configured with the at least one processor to cause the security server to at least:
- obtain, by the processor, a list of applications installed on a device from a repository remote from the security server and the device, wherein the repository is located on another device independent from the security server and the device;
  
  for each respective application on the list, compare reputation attributes obtained from a reputation database against attributes of the application installed on the device; and
  
  for any of the respective applications for which it is determined from the comparing that the application installed on the device is malicious, take action to limit malicious activity by the respective application installed on the device.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The at least one security server according to claim 11, wherein the security agent obtains the list of applications installed on the device using security credentials provided by a user of the device.
  - 13. The at least one security server according to claim 12, wherein the security agent obtains the list of applications installed on the device from at least one of a virtual application store and a virtual social networking site from which the installed applications were downloaded to the device.
  - 14. The at least one security server according to claim 11, wherein the reputation attributes for each respective application on the list that are obtained from the reputation database comprise at least:
    - whether the respective application is malicious or safe;
      
      battery consumption due to execution of the respective application; and
      
      resources on the device that are accessed by the respective application.
  - 15. The at least one security server according to claim 14, wherein the reputation attributes are obtained from the reputation database by deriving a unique identifier for each respective application on the list and submitting each of the derived unique identifiers to the reputation database.
  - 16. The security server according to claim 11, wherein the set of computer executable instructions operate in conjunction with a security agent client application resident on the device to implement a personal cloud security service on behalf of the device using security credentials provided by a user of the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Withsecure Corporation
Original Assignee
F-Secure Corporation (F-Secure Oyj)
Inventors
Palomaki, Pirkka
Primary Examiner(s)
Abrishamkar, Kaveh
Assistant Examiner(s)
NGUYEN, NGOC THACH D

Application Number

US14/156,887
Publication Number

US 20140208425A1
Time in Patent Office

341 Days
Field of Search

726/23, 726/25
US Class Current

726/25
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/565   by checking file integrity

G06F 21/567   using dedicated hardware

G06F 21/577   Assessing vulnerabilities a...

Agent based application reputation system for operating systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

6 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Agent based application reputation system for operating systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others