Systems and methods for securing internet access on restricted mobile platforms

US 9,021,578 B1
Filed: 09/13/2011
Issued: 04/28/2015
Est. Priority Date: 09/13/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for securing Internet access on restricted mobile platforms, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

identifying an attempt, by a mobile device that uses a restricted mobile platform, to establish a virtual private network connection with a security server, wherein the restricted mobile platform prevents a user of the mobile device from installing, on the mobile device, a third-party application that is capable of filtering Internet communications of other applications installed on the mobile device;

in response to identifying the attempt;

assigning an Internet Protocol address to the mobile device;

identifying, at the security server, a content-based security filter customized to filter communications at the security server for an account associated with the mobile device based on the content of the communications;

receiving, at the security server from the mobile device via the virtual private network connection, a request for an Internet resource;

providing, via the security server via the virtual private network connection, a response to the request to the mobile device based at least in part on the content-based security filter customized to filter communications at the security server for the account associated with the mobile device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for securing Internet access on restricted mobile platforms may include identifying an attempt by a mobile computing system to establish a virtual private network connection with a security server and, in response to identifying the attempt, (1) assigning an Internet Protocol address to the mobile computing system and (2) identifying a security filter customized to filter communications for an account associated with the mobile computing system. The method may also include (1) receiving, via the virtual private network connection, a request for an Internet resource and (2) providing, via the virtual private network connection, a response to the request to the mobile computing system based at least in part on the security filter. Various other methods, systems, and computer-readable media are also disclosed.

Citations

20 Claims

1. A computer-implemented method for securing Internet access on restricted mobile platforms, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying an attempt, by a mobile device that uses a restricted mobile platform, to establish a virtual private network connection with a security server, wherein the restricted mobile platform prevents a user of the mobile device from installing, on the mobile device, a third-party application that is capable of filtering Internet communications of other applications installed on the mobile device;
  
  in response to identifying the attempt;
  
  assigning an Internet Protocol address to the mobile device;
  
  identifying, at the security server, a content-based security filter customized to filter communications at the security server for an account associated with the mobile device based on the content of the communications;
  
  receiving, at the security server from the mobile device via the virtual private network connection, a request for an Internet resource;
  
  providing, via the security server via the virtual private network connection, a response to the request to the mobile device based at least in part on the content-based security filter customized to filter communications at the security server for the account associated with the mobile device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1, further comprising:
    - identifying an additional attempt, by an additional mobile device that uses the restricted mobile platform, to establish an additional virtual private network connection with the security server, the additional mobile device being distinct from the mobile device;
      
      in response to identifying the additional attempt;
      
      assigning an additional Internet Protocol address to the additional mobile device, the additional Internet Protocol address being distinct from the Internet Protocol address;
      
      identifying, at the security server, an additional content-based security filter customized to filter communications at the security server for an additional account associated with the additional mobile device, the additional content-based security filter being distinct from the content-based security filter and the additional account being distinct from the account;
      
      receiving, at the security server via the additional virtual private network connection, an additional request for an additional Internet resource;
      
      providing, via the security server via the additional virtual private network connection, an additional response to the additional request to the additional mobile device based at least in part on the additional content-based security filter.
  - 3. The computer-implemented method of claim 1, wherein the security server comprises a virtual private server designated for use for filtering communications associated with the account.
  - 4. The computer-implemented method of claim 1, wherein providing the response based at least in part on the content-based security filter comprises:
    - determining, at the security server based on the content-based security filter, that access to the Internet resource is prohibited for the account;
      
      in response to determining that access to the Internet resource is prohibited for the account, returning, via the security server, a message to the mobile device indicating that the Internet resource is prohibited for the account.
  - 5. The computer-implemented method of claim 1, wherein providing the response based at least in part on the content-based security filter comprises:
    - retrieving, at the security server, the Internet resource based on the request;
      
      scanning, at the security server, the retrieved Internet resource for content prohibited for the account as indicated by the content-based security filter;
      
      in response to scanning the retrieved Internet resource, modifying, at the security server, the Internet resource to pass the content-based security filter;
      
      returning, via the security server, the modified Internet resource to the mobile device.
  - 6. The computer-implemented method of claim 1, wherein providing the response based at least in part on the content-based security filter comprises:
    - determining, at the security server based on the content-based security filter, that the Internet resource comprises untrustworthy content;
      
      in response to determining that the Internet resource comprises untrustworthy content, logging, at the security server, the request in association with the account.
  - 7. The computer-implemented method of claim 1, wherein:
    - the mobile device is configured to send and receive all Internet communications via the virtual private network connection;
      
      the security server is configured to apply the content-based security filter to all Internet communications sent to and received from the mobile device via the virtual private network connection.
  - 8. The computer-implemented method of claim 1, wherein:
    - the mobile device comprises a mobile phone;
      
      the content-based security filter comprises a phishing filter configured to filter communications related to a phishing attack that attempts to gather sensitive data from the mobile phone.

9. A system for securing Internet access on restricted mobile platforms, the system comprising:
- an identification module programmed to identify an attempt, by a mobile device that uses a restricted mobile platform, to establish a virtual private network connection with a security server, wherein the restricted mobile platform prevents a user of the mobile device from installing, on the mobile device, a third-party application that is capable of filtering Internet communications of other applications installed on the mobile device;
  
  an assignation module programmed to, in response to identifying the attempt;
  
  assign an Internet Protocol address to the mobile device;
  
  identify, at the security server, a content-based security filter customized to filter communications at the security server for an account associated with the mobile device based on the content of the communications;
  
  a receiving module programmed to receive, at the security server from the mobile device via the virtual private network connection, a request for an Internet resource;
  
  a filtering module programmed to provide, via the security server via the virtual private network connection, a response to the request to the mobile device based at least in part on the content-based security filter customized to filter communications at the security server for the account associated with the mobile device;
  
  at least one processor configured to execute the identification module, the assignation module, the receiving module, and the filtering module.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein:
    - the identification module is further programmed to identify an additional attempt, by an additional mobile device that uses the restricted mobile platform, to establish an additional virtual private network connection with the security server, the additional mobile device being distinct from the mobile device;
      
      the assignation module is further programmed to, in response to identifying the additional attempt;
      
      assign an additional Internet Protocol address to the additional mobile device, the additional Internet Protocol address being distinct from the Internet Protocol address;
      
      identify, at the security server, an additional content-based security filter customized to filter communications at the security server for an additional account associated with the additional mobile device, the additional content-based security filter being distinct from the content-based security filter and the additional account being distinct from the account;
      
      the receiving module is further programmed to receive, at the security server via the additional virtual private network connection, an additional request for an additional Internet resource;
      
      the filtering module is further programmed to provide, via the security server via the additional virtual private network connection, an additional response to the additional request to the additional mobile device based at least in part on the additional content-based security filter.
  - 11. The system of claim 9, wherein the security server comprises a virtual private server designated for use for filtering communications associated with the account.
  - 12. The system of claim 9, wherein the filtering module is programmed to provide the response based at least in part on the content-based security filter by:
    - determining, at the security server based on the content-based security filter, that access to the Internet resource is prohibited for the account;
      
      in response to determining that access to the Internet resource is prohibited for the account, returning, via the security server, a message to the mobile device indicating that the Internet resource is prohibited for the account.
  - 13. The system of claim 9, wherein the filtering module is programmed to provide the response based at least in part on the content-based security filter by:
    - retrieving, at the security server, the Internet resource based on the request;
      
      scanning, at the security server, the retrieved Internet resource for content prohibited for the account as indicated by the content-based security filter;
      
      in response to scanning the retrieved Internet resource, modifying, at the security server, the Internet resource to pass the content-based security filter;
      
      returning, via the security server, the modified Internet resource to the mobile device.
  - 14. The system of claim 9, wherein the filtering module is programmed to provide the response based at least in part on the content-based security filter by:
    - determining, at the security server based on the content-based security filter, that the Internet resource comprises untrustworthy content;
      
      in response to determining that the Internet resource comprises untrustworthy content, logging, at the security server, the request in association with the account.
  - 15. The system of claim 9, wherein:
    - the mobile device is configured to send and receive all Internet communications via the virtual private network connection;
      
      the filtering module is programmed to apply, at the security server, the content-based security filter to all Internet communications sent to and received from the mobile device via the virtual private network connection.
  - 16. The system of claim 9, wherein:
    - the mobile device comprises a mobile phone;
      
      the content-based security filter comprises a phishing filter configured to filter communications related to a phishing attack that attempts to gather sensitive data from the mobile phone.

17. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- identify an attempt by a mobile device that uses a restricted mobile platform, to establish a virtual private network connection with a security server, wherein the restricted mobile platform prevents a user of the mobile device from installing, on the mobile device, a third-party application that is capable of filtering Internet communications of other applications installed on the mobile device;
  
  in response to identifying the attempt;
  
  assign an Internet Protocol address to the mobile device;
  
  identify, at the security server, a content-based security filter customized to filter communications at the security server for an account associated with the mobile device based on the content of the communications;
  
  receive, at the security server from the mobile device via the virtual private network connection, a request for an Internet resource;
  
  provide, via the security server via the virtual private network connection, a response to the request to the mobile device based at least in part on the content-based security filter customized to filter communications at the security server for the account associated with the mobile device.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory computer-readable storage medium of claim 17, wherein the one or more computer-executable instructions further cause the computing device to:
    - identify an additional attempt, by an additional mobile device that uses the restricted mobile platform, to establish an additional virtual private network connection with the security server, the additional mobile device being distinct from the mobile device;
      
      in response to identifying the additional attempt;
      
      assign an additional Internet Protocol address to the additional mobile device, the additional Internet Protocol address being distinct from the Internet Protocol address;
      
      identify, at the security server, an additional content-based security filter customized to filter communications at the security server for an additional account associated with the additional mobile device, the additional content-based security filter being distinct from the content-based security filter and the additional account being distinct from the account;
      
      receive, at the security server via the additional virtual private network connection, an additional request for an additional Internet resource;
      
      provide, via the security server via the additional virtual private network connection, an additional response to the additional request to the additional mobile device based at least in part on the additional content-based security filter.
  - 19. The non-transitory computer-readable storage medium of claim 17, wherein the security server comprises a virtual private server designated for use for filtering communications associated with the account.
  - 20. The non-transitory computer-readable storage medium of claim 17, wherein the one or more computer-executable instructions cause the computing device to provide the response based at least in part on the content-based security filter by causing the computing device to:
    - determine, at the security server based on the content-based security filter, that access to the Internet resource is prohibited for the account;
      
      in response to determining that access to the Internet resource is prohibited for the account, return, via the security server, a message to the mobile device indicating that the Internet resource is prohibited for the account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Casaburi, Jim, Gilbert, Alan, McGann, Ryan
Primary Examiner(s)
Gergiso, Techane

Application Number

US13/231,919
Time in Patent Office

1,323 Days
Field of Search

726/15
US Class Current

726/15
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/14   for detecting or protecting...

H04L 63/1416   Event detection, e.g. attac...

Systems and methods for securing internet access on restricted mobile platforms

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for securing internet access on restricted mobile platforms

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links