Methods and systems for rating privacy risk of applications for smart phones and other mobile platforms

US 9,215,548 B2
Filed: 09/09/2011
Issued: 12/15/2015
Est. Priority Date: 09/22/2010
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by a computing system, a copy of a mobile platform application designed for execution on a mobile platform, the copy including a stated purpose for the mobile platform application, the mobile platform having one or more files including personal information stored thereon;

determining, by the computing system, (i) an intended purpose of the mobile platform application, wherein determining the intended purpose of the mobile platform application includes determining what the mobile platform application does when executing on the mobile platform and evaluating the results against what the mobile platform application should be doing in order to fulfill the stated purpose, (ii) one or more files stored on or included in the mobile platform or functionalities afforded by the mobile platform that are accessed by the mobile platform application during its operation on the mobile platform, (iii) whether said accesses include accesses to the personal information and, if so, whether said accesses are consistent with the intended purpose and the stated purpose of the mobile platform application, and (iv) an overall score for the mobile platform application based upon said determinations, wherein determining whether said accesses are consistent with the intended purpose and the stated purpose of the mobile platform application involves determining one or more discrepancies between the intended purpose of the mobile platform application and the stated purpose of the mobile platform application;

determining a user configurable weighted rating for each of the discrepancies according to its impact on a user'"'"'s privacy and based on the user'"'"'s preferences;

calculating a weighted average based upon the weighted rating assigned to each of the discrepancies; and

calibrating the weighted average to determine the overall score; and

presenting the overall score to a potential user of the mobile platform application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for evaluating and rating privacy risks posed by applications intended for deployment on mobile platforms. Validating the “intent” of a mobile platform application vis-à-vis its impact on user privacy, as viewed from an end-user'"'"'s perspective allows those end-users to make better-informed decisions concerning the downloading, installation and/or operation of mobile platform applications. In making such assessments user preferences can be taken into account. Privacy scores are provided through sales channels for the applications, thereby affording potential users the opportunity to assess whether they wish to incur the associated privacy risk, before purchasing a subject application.

Citations

8 Claims

1. A method, comprising:
- receiving, by a computing system, a copy of a mobile platform application designed for execution on a mobile platform, the copy including a stated purpose for the mobile platform application, the mobile platform having one or more files including personal information stored thereon;
  
  determining, by the computing system, (i) an intended purpose of the mobile platform application, wherein determining the intended purpose of the mobile platform application includes determining what the mobile platform application does when executing on the mobile platform and evaluating the results against what the mobile platform application should be doing in order to fulfill the stated purpose, (ii) one or more files stored on or included in the mobile platform or functionalities afforded by the mobile platform that are accessed by the mobile platform application during its operation on the mobile platform, (iii) whether said accesses include accesses to the personal information and, if so, whether said accesses are consistent with the intended purpose and the stated purpose of the mobile platform application, and (iv) an overall score for the mobile platform application based upon said determinations, wherein determining whether said accesses are consistent with the intended purpose and the stated purpose of the mobile platform application involves determining one or more discrepancies between the intended purpose of the mobile platform application and the stated purpose of the mobile platform application;
  
  determining a user configurable weighted rating for each of the discrepancies according to its impact on a user'"'"'s privacy and based on the user'"'"'s preferences;
  
  calculating a weighted average based upon the weighted rating assigned to each of the discrepancies; and
  
  calibrating the weighted average to determine the overall score; and
  
  presenting the overall score to a potential user of the mobile platform application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the intended purpose is further determined from information regarding said intended purpose of the mobile platform application received in conjunction with the copy of the mobile platform application.
  - 3. The method of claim 1, wherein the determination of the weighted rating for a subject discrepancy is based upon at least one of a privacy criterion and a technical criterion.
  - 4. The method of claim 1, wherein determining the weighted rating for a subject discrepancy includes at least one of:
    - determining a probability that the subject discrepancy poses a risk to the potential user'"'"'s privacy;
      
      determining a type of risk the subject discrepancy poses to the potential user'"'"'s privacy; and
      
      determining a degree of severity for a risk the subject discrepancy poses to the potential user'"'"'s privacy.
  - 5. The method of claim 1, wherein at least one of the determinations are user configurable.
  - 6. The method of claim 1, wherein the mobile platform application is received by the computing system from the mobile platform.
  - 7. The method of claim 6, wherein the mobile platform application is received by the computing system from the mobile platform as part of an installation or execution process for the mobile platform application on the mobile platform.
  - 8. The method of claim 1, further comprising:
    - evaluating the copy of the mobile platform application according to a criterion; and
      
      determining the overall score responsively to the evaluation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NCC Group Security Services, Inc. (NCC Group Plc)
Original Assignee
NCC Group Security Services, Inc. (NCC Group Plc)
Inventors
Belani, Rohyt, Higbee, Aaron
Primary Examiner(s)
Nalven, Andrew
Assistant Examiner(s)
PHAM, QUY C

Application Number

US13/229,512
Publication Number

US 20120072991A1
Time in Patent Office

1,558 Days
Field of Search

726/22, 726/23, 726/26
US Class Current

1/1
CPC Class Codes

H04L 67/34   involving the movement of s...

H04W 12/02   Protecting privacy or anony...

H04W 12/08   Access security

H04W 4/50   Service provisioning or rec...

H04W 4/60   Subscription-based services...

Methods and systems for rating privacy risk of applications for smart phones and other mobile platforms

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for rating privacy risk of applications for smart phones and other mobile platforms

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links