System and method for a scanning API

US 9,235,704 B2
Filed: 12/22/2011
Issued: 01/12/2016
Est. Priority Date: 10/21/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by an Application Programming Interface (API) operating on a server, a request for an analysis of an application;

downloading the application to be analyzed from an application source accessible to the server into a data store accessible to the server;

analyzing, at the server, the application;

returning, to a client device, a first result based on the analysis including a first assessment of an attribute associated with the analyzed application;

after the returning a first result, determining, at the server, whether the analyzed application should be reanalyzed, the determining being based on at least one of a change in or an addition of policies stored on one or more databases accessible to the server;

reanalyzing, at the server, the analyzed application upon determining that the analyzed application should be reanalyzed;

based on the reanalysis, returning, to the client device, a second result including a second assessment of the attribute and at least one of a plurality of remediation instructions to be performed at the client device, wherein the second assessment is different from the first assessment; and

receiving, at the server, confirmation from the client device that the at least one of a plurality of remediation instructions was performed and an indication whether remediation was successful or not.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Application programs for mobile communication devices are stored in a data store. The applications may be collected from any number of different sources such as through an application programming interface (API), from web crawling, from users, or combinations of these. The applications are analyzed and the analysis results reported. The applications may be “continuously” analyzed so that any changes in assessments can be reported. If an application for which an analysis is sought is not in the data store, information about a different, but related application may be provided.

330 Citations

20 Claims

1. A method comprising:
- receiving, by an Application Programming Interface (API) operating on a server, a request for an analysis of an application;
  
  downloading the application to be analyzed from an application source accessible to the server into a data store accessible to the server;
  
  analyzing, at the server, the application;
  
  returning, to a client device, a first result based on the analysis including a first assessment of an attribute associated with the analyzed application;
  
  after the returning a first result, determining, at the server, whether the analyzed application should be reanalyzed, the determining being based on at least one of a change in or an addition of policies stored on one or more databases accessible to the server;
  
  reanalyzing, at the server, the analyzed application upon determining that the analyzed application should be reanalyzed;
  
  based on the reanalysis, returning, to the client device, a second result including a second assessment of the attribute and at least one of a plurality of remediation instructions to be performed at the client device, wherein the second assessment is different from the first assessment; and
  
  receiving, at the server, confirmation from the client device that the at least one of a plurality of remediation instructions was performed and an indication whether remediation was successful or not.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1 wherein the determination that the application should be reanalyzed is determined without having received at the API a request to reanalyze the analyzed application.
  - 3. The method of claim 1 wherein the analyzing the application is performed before the receiving, by an Application Programming Interface (API), a request for an analysis of an application.
  - 4. The method of claim 1 wherein the analyzing the application is performed after the receiving, by an Application Programming Interface (API), a request for an analysis of an application.
  - 5. The method of claim 1 wherein the step of based on the reanalysis, returning a second result includes:
    - sending, from the server, a notification to an address specified in the request.
  - 6. The method of claim 5 wherein the address comprises an email address.
  - 7. The method of claim 5 wherein the address comprises a Uniform Resource Locator (URL).
  - 8. The method of claim 1 wherein the request for the analysis of the application includes the application.
  - 9. The method of claim 1 wherein the request for the analysis of the application does not include the application.
  - 10. The method of claim 1wherein downloading the application to be analyzed from the application source accessible to the server comprises downloading the application to be analyzed from the client device, the method further comprising storing the received application in the data store accessible to the server.
  - 11. The method of claim 1 wherein downloading the application to be analyzed from the application source accessible to the server comprises crawling, at the server, a website to download the application to be analyzed into a data store accessible to the server.
  - 12. The method of claim 1 wherein the first result includes an indication that the analyzed application should be associated with a first category.
  - 13. The method of claim 1 wherein the first result includes an identification of an ad network used by the analyzed application.
  - 14. The method of claim 1 wherein the first result includes an identification of an analytics system used by the analyzed application.
  - 15. The method of claim 1 wherein the change in policies stored on the one or more databases includes a modification to at least one of the policies existing on the one or more databases accessible to the server.
  - 16. The method of claim 1 wherein the determining whether the analyzed application should be reanalyzed is further based on at least one of a change in or an addition of malware signatures stored on the one or more databases accessible to the server.
  - 17. The method of claim 16 wherein the malware signatures residing on the one or more databases accessible to the server are hashes.

18. A method comprising:
- receiving, by an Application Programming Interface (API) operating on a server, a request for an analysis of an application;
  
  analyzing, at the server, the application;
  
  returning, to a client device, a first result based on the analysis including a first assessment of an attribute associated with the analyzed application;
  
  after the returning a first result, polling, at the server, one or more databases for additions or changes to policies and malware signatures residing on the one or more databases accessible to the server;
  
  when at least one of an addition or a change to the policies is detected by the polling, reanalyzing, at the server, the analyzed application;
  
  based on the reanalysis, returning, to the client device, a second result including a second assessment of the attribute and at least one of a plurality of remediation instructions to be performed at the client device, wherein the second assessment is different from the first assessment; and
  
  receiving, at the server, confirmation from the client device that the at least one of a plurality of remediation instructions was performed and an indication whether remediation was successful or not.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18 wherein the change to the policies and the malware signatures residing on the one or more databases accessible to the server includes a modification to at least one of the policies or the malware signatures existing on the one or more databases accessible to the server.
  - 20. The method of claim 18 wherein the malware signatures residing on the one or more databases accessible to the server are hashes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Lookout Incorporated
Inventors
Wootton, Bruce, Mahaffey, Kevin Patrick, Wyatt, Timothy Micheal
Primary Examiner(s)
CHANG, KENNETH W

Application Number

US13/335,779
Publication Number

US 20120110174A1
Time in Patent Office

1,482 Days
Field of Search

726/30
US Class Current

1/1
CPC Class Codes

G06F 11/3409   for performance assessment

G06F 21/564   by virus signature recognition

G06F 2213/0038   System on Chip

H04L 63/1416   Event detection, e.g. attac...

H04W 4/00   Services specially adapted ...

System and method for a scanning API

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

330 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and method for a scanning API

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

330 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others