System and method for adverse mobile application identification

US 8,984,628 B2
Filed: 02/23/2011
Issued: 03/17/2015
Est. Priority Date: 10/21/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

on a server in communication with a plurality of mobile communication devices, the plurality connected to a mobile communication device network, receiving, at the server, first behavioral data associated with monitoring a data object accessed by a first mobile communication device of the plurality of mobile communication devices;

receiving, at the server, second behavioral data associated with monitoring a copy of the data object accessed by a second mobile communication device, different from the first mobile communication device, of the plurality of mobile communication devices;

storing in a data store accessible by the server, the first behavioral data for the data object and the second behavioral data for the copy of the data object;

applying, at the server, a model to at least some of the stored first behavioral data to determine whether or not accessing the data object;

would have an adverse effect on at least one of the plurality of mobile communication devices, or would violate an application policy by exceeding a network resource limitation;

based on the application of the model to at least some of the first behavioral data, determining, at the server, that accessing the data object;

would not have an adverse effect on any of the plurality of mobile communication devices, and would not violate the application policy;

after the step of determining that accessing the data object would not have an adverse effect on any of the plurality of mobile communication device and would not violate the application policy, analyzing the second behavioral data to determine whether accessing the data object would;

have an adverse effect on any of the plurality of mobile communication devices, or violate the application policy;

based on the analysis of the second behavioral data, determining, at the server, that accessing the data object would not have an adverse effect on any of the plurality of mobile communication devices, and would violate the application policy by exceeding the network resource limitation;

creating disposition information including the determination that accessing the data object would violate the application policy;

aggregating disposition information, in a data store accessible by the server; and

,transmitting, from the server, a notification to a subscriber about aggregated disposition information that includes an overall assessment the data object violates the application policy.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method identifies mobile applications that can have an adverse effect on a mobile device or mobile network. In an implementation, a server monitors behavioral data relating to a mobile application and applies a model to determine if the application has an adverse effect or has the potential to cause an adverse effect on a mobile device or a network the mobile device may connect to. A mobile device may monitor behavioral data, apply a model to the data, and transmit a disposition to the server. The server may aggregate behavioral data or disposition information from multiple devices. The server may transmit or make available the disposition information to a subscriber through a web interface, API, email, or other mechanism. After identifying that an application may have an adverse effect, the server may enact corrective actions, such as generating device or network configuration data.

Citations

16 Claims

1. A method comprising:
- on a server in communication with a plurality of mobile communication devices, the plurality connected to a mobile communication device network, receiving, at the server, first behavioral data associated with monitoring a data object accessed by a first mobile communication device of the plurality of mobile communication devices;
  
  receiving, at the server, second behavioral data associated with monitoring a copy of the data object accessed by a second mobile communication device, different from the first mobile communication device, of the plurality of mobile communication devices;
  
  storing in a data store accessible by the server, the first behavioral data for the data object and the second behavioral data for the copy of the data object;
  
  applying, at the server, a model to at least some of the stored first behavioral data to determine whether or not accessing the data object;
  
  would have an adverse effect on at least one of the plurality of mobile communication devices, or would violate an application policy by exceeding a network resource limitation;
  
  based on the application of the model to at least some of the first behavioral data, determining, at the server, that accessing the data object;
  
  would not have an adverse effect on any of the plurality of mobile communication devices, and would not violate the application policy;
  
  after the step of determining that accessing the data object would not have an adverse effect on any of the plurality of mobile communication device and would not violate the application policy, analyzing the second behavioral data to determine whether accessing the data object would;
  
  have an adverse effect on any of the plurality of mobile communication devices, or violate the application policy;
  
  based on the analysis of the second behavioral data, determining, at the server, that accessing the data object would not have an adverse effect on any of the plurality of mobile communication devices, and would violate the application policy by exceeding the network resource limitation;
  
  creating disposition information including the determination that accessing the data object would violate the application policy;
  
  aggregating disposition information, in a data store accessible by the server; and
  
  ,transmitting, from the server, a notification to a subscriber about aggregated disposition information that includes an overall assessment the data object violates the application policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the stored behavioral data is correlated to mobile communication device data for at least one mobile communication device that accessed the data object.
  - 3. The method of claim 2, wherein the aggregated disposition information is accessible to the subscriber through a data feed.
  - 4. The method of claim 2, wherein the notification comprises an email message to the subscriber, the email message including the aggregated disposition information.
  - 5. The method of claim 2, wherein the notification comprises a text message to the subscriber, the text message including the disposition information.
  - 6. The method of claim 2, wherein the notification comprises a web interface for the subscriber to access the disposition information.
  - 7. The method of claim 1, further comprising:
    - when the disposition information includes a determination that accessing the data object would violate the application policy, preventing the first and second mobile communication devices from accessing the data object by generating device configuration information at the server and transmitting it to the mobile communication devices.
  - 8. The method of claim 1, further comprising:
    - when the disposition information includes a determination that accessing the data object would violate the application policy, preventing the data object from accessing the mobile communication device network by generating network configuration information at the server and transmitting it to the mobile communication device network.

9. A method comprising:
- on a server in communication with a plurality of mobile communication devices, the plurality connected to a mobile communication device network, receiving a first plurality of behavioral data associated with monitoring instances of a data object accessed by a first subset of mobile communication devices;
  
  storing in a data store accessible by the server the first plurality of behavioral data for the data object;
  
  analyzing, on the server, the first plurality of behavioral data, and a number of mobile communication devices in the first subset of mobile communication devices to determine whether accessing the data object would have an adverse effect on any device of the plurality of mobile communication devices, or whether accessing the data object by an accessing subset of mobile communication devices from the plurality of mobile communication devices would violate an application policy by exceeding a network resource limitation;
  
  based on the analysis of the first plurality of behavioral data, and the number of mobile communication devices in the first subset, determining that accessing the data object would not have an adverse effect on any device of the plurality of mobile communication devices and would not violate the application policy;
  
  after the step of determining no adverse effect on any device of the plurality and no violation of the application policy, receiving a second plurality of behavioral data associated with monitoring instances of the data object accessed by a second subset of mobile communication devices;
  
  storing in the data store the second plurality of behavioral data;
  
  analyzing, on the server, the second plurality of behavioral data, and a number of mobile communication devices in the second subset to determine whether accessing the data object by the accessing subset of mobile communication devices would violate the application policy by exceeding the network resource limitation, or have an adverse effect on any device of the plurality of mobile communication devices;
  
  based on the analysis of the second plurality of behavioral data, the number of mobile communication devices in the first subset, and the number of mobile communication devices in the second subset, determining that accessing the data object by the accessing subset of mobile communication devices would violate the application policy by exceeding the network resource limitation and would not have an adverse effect on any device of the plurality of mobile communication devices;
  
  creating disposition information including the determination that accessing the data object violates the application policy;
  
  storing in a data store accessible by the server, the disposition information; and
  
  on the server, notifying at least one subscriber of the disposition information that includes the determination that accessing the data object violates the application policy.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein the first plurality of behavioral data is correlated to mobile communication device data for at least one mobile communication device of the first subset of mobile communication devices that accessed the data object.
  - 11. The method of claim 10, wherein the disposition information is accessible to the at least one subscriber through a data feed.
  - 12. The method of claim 10, wherein notifying the at least one subscriber comprises transmitting an email message to the at least one subscriber, the email message including the disposition information.
  - 13. The method of claim 10, wherein notifying the at least one subscriber comprises transmitting a text message to the at least one subscriber, the text message including the disposition information.
  - 14. The method of claim 10, wherein notifying the at least one subscriber comprises generating a web interface for the at least one subscriber to access the disposition information.
  - 15. The method of claim 9, further comprising:
    - preventing at least one mobile communication device from accessing the data object by generating device configuration information at the server and transmitting it to the mobile communication device.
  - 16. The method of claim 9, further comprising:
    - preventing the data object from accessing the mobile communication device network by generating network configuration information at the server and transmitting it to the mobile communication device network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Lookout Incorporated
Inventors
Mahaffey, Kevin Patrick, Golombek, David, Richardson, David Luke, Wyatt, Timothy Micheal, Burgess, James David, Hering, John G.
Primary Examiner(s)
Jeudy, Josnel

Application Number

US13/033,025
Publication Number

US 20110145920A1
Time in Patent Office

1,483 Days
Field of Search

726 22- 25, 726 1- 4, 713187-188
US Class Current

726/22
CPC Class Codes

G06F 21/562   Static detection

G06F 21/564   by virus signature recognition

G06F 2221/034   Test or assess a computer o...

H04L 63/1416   Event detection, e.g. attac...

H04W 12/10   Integrity

H04W 12/12   Detection or prevention of ...

H04W 12/128   Anti-malware arrangements, ...

System and method for adverse mobile application identification

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for adverse mobile application identification

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links