Location based process-monitoring

US 9,330,256 B2
Filed: 02/01/2013
Issued: 05/03/2016
Est. Priority Date: 02/01/2013
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

determining, by a mobile device, a location of the mobile device;

providing, by the mobile device, the determined location of the mobile device as location data representative of an identifiable geographic region where the mobile device is located;

determining, by the mobile device, a security type for an area corresponding to the identifiable geographic region where the mobile device is located;

controlling, by the mobile device, adjustable monitoring operations to monitor behavior of one or more user-initiated processes for activities performed by the mobile device, the activities initiated by a user of the mobile device and executing on the mobile device, based on the determined security type for the area, the adjustable monitoring operations configured to identify potential one or more security-risky processes from the one or more user-initiated processes and further configured to provide data, with a level of information that depends on the determined security type for the area, for the one or more user-initiated processes, wherein controlling the adjustable monitoring operations further comprises adjusting which processes and which features of the one or more user-initiated processes to monitor based on the determined security type for the area, and wherein at least one of the one or more user-initiated processes for the activities performed by the mobile device causes a potential security risk;

identifying, by the mobile device, the monitored behavior of at least one of the one or more user-initiated processes executing on the mobile device as potentially malicious behavior based on the data provided by the adjustable monitoring operations and the determined security type for the area; and

classifying, by the mobile device, the at least one of the one or more user-initiated processes as being a risky or non-risky activity based, at least in part, on whether the monitored behavior of the at least one of the one or more user-initiated processes is identified as potentially malicious behavior and based, at least in part, on the determined security type for the area.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are systems, apparatus, devices, methods, computer program products, and other implementations, including a method that includes determining location of a device, and controlling monitoring of behavior of one or more processes executing on the device based on the determined location of the device to identify potential one or more security-risky processes from the monitored one or more executing processes. In some embodiments, controlling the monitoring of the behavior of the one or more processes may include one or more of, for example, adjusting frequency of the monitoring of the one or more processes based on the determined location of the device, adjusting level of detail obtained for the monitored behavior of the one or more processes based on the determined location of the device, and/or adjusting features being observed for the monitored one or more processes based on the determined location of the device.

42 Citations

View as Search Results

46 Claims

1. A method comprising:
- determining, by a mobile device, a location of the mobile device;
  
  providing, by the mobile device, the determined location of the mobile device as location data representative of an identifiable geographic region where the mobile device is located;
  
  determining, by the mobile device, a security type for an area corresponding to the identifiable geographic region where the mobile device is located;
  
  controlling, by the mobile device, adjustable monitoring operations to monitor behavior of one or more user-initiated processes for activities performed by the mobile device, the activities initiated by a user of the mobile device and executing on the mobile device, based on the determined security type for the area, the adjustable monitoring operations configured to identify potential one or more security-risky processes from the one or more user-initiated processes and further configured to provide data, with a level of information that depends on the determined security type for the area, for the one or more user-initiated processes, wherein controlling the adjustable monitoring operations further comprises adjusting which processes and which features of the one or more user-initiated processes to monitor based on the determined security type for the area, and wherein at least one of the one or more user-initiated processes for the activities performed by the mobile device causes a potential security risk;
  
  identifying, by the mobile device, the monitored behavior of at least one of the one or more user-initiated processes executing on the mobile device as potentially malicious behavior based on the data provided by the adjustable monitoring operations and the determined security type for the area; and
  
  classifying, by the mobile device, the at least one of the one or more user-initiated processes as being a risky or non-risky activity based, at least in part, on whether the monitored behavior of the at least one of the one or more user-initiated processes is identified as potentially malicious behavior and based, at least in part, on the determined security type for the area.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the one or more security-risky processes comprise one or more of:
    - a malicious process of a third party, or a process initiated by a user of the mobile device that causes a potential security risk.
  - 3. The method of claim 1, wherein determining the location of the mobile device comprises:
    - determining one or more of;
      
      a global geographical position coordinates corresponding to the location of the mobile device, a location context identifier for the mobile device, or another identifier associated with the location of the mobile device.
  - 4. The method of claim 1, wherein determining the security type for the area corresponding to the identifiable geographic region where the mobile device is located comprises:
    - determining the security type for the area as being one of;
      
      a secure public location, a non-secure public location, a secure private location, or a non-secure private location.
  - 5. The method of claim 1, wherein controlling the adjustable monitoring operations to monitor the behavior of the one or more user-initiated processes executing on the mobile device based on the determined security type for the area comprises one or more of:
    - adjusting frequency of the monitoring operations to monitor the one or more user-initiated processes executing on the mobile device based on the determined security type for the area;
      
      oradjusting level of detail obtained for the monitored behavior of the one or more user-initiated processes executing on the mobile device based on the determined security type for the area.
  - 6. The method of claim 5, wherein adjusting the frequency of the monitoring operations to monitor the one or more user-initiated processes executing on the mobile device comprises:
    - increasing the frequency of observation of at least one of the one or more user-initiated processes executing on the mobile device in response to a determination that the device is located in a secure area.
  - 7. The method of claim 5, wherein adjusting the level of detail obtained for the monitored behavior of the one or more user-initiated processes executing on the mobile device comprises:
    - increasing the level of detail obtained for at least one of the one or more user-initiated processes executing on the mobile device in response to a determination that the device is located in a secure area.
  - 8. The method of claim 1, wherein controlling the adjustable monitoring operations to monitor the behavior of the one or more user-initiated processes executing on the mobile device based on the determined security type for the area comprises:
    - adjusting features being observed for the monitored one or more user-initiated processes executing on the mobile device based on the determined security type for the area.
  - 9. The method of claim 1, wherein identifying the monitored behavior of the at least one of the one or more user-initiated processes as potentially malicious behavior comprises:
    - identifying the monitored behavior of the at least one of the one or more user-initiated processes as potentially malicious behavior in response to a determination that number of uses of a particular feature exceeds a pre-determined threshold when the mobile device is determined to be in a secure area.
  - 10. The method of claim 9, wherein the particular feature comprises at least one of:
    - image capturing using a camera of the mobile device, or data transfer over a communication link between the mobile device and a remote device.
  - 11. The method of claim 1, wherein identifying the monitored behavior of the at least one of the one or more user-initiated processes as potentially malicious behavior comprises:
    - identifying the monitored behavior of the at least one of the one or more user-initiated processes as potentially malicious behavior using a machine-learning procedure.
  - 12. The method of claim 1, wherein identifying the monitored behavior of the at least one of the one or more user-initiated processes as potentially malicious behavior comprises:
    - identifying image capturing operations using a camera of the mobile device as being malicious behavior when the number of uses of the camera during a pre-determined time interval exceeds a pre-determined threshold and when the mobile device is determined to be in a secure area.
  - 13. The method of claim 1, wherein controlling the adjustable monitoring operations to monitor the behavior of the one or more user-initiated processes comprises:
    - determining, from a plurality of activities performable on the mobile device, the one or more user-initiated processes to monitor.

14. A mobile device comprising:
- one or more hardware-implemented processors; and
  
  storage media comprising computer instructions that, when executed on the one or more hardware-implemented processors, cause operations comprising;
  
  determining a location of the mobile device;
  
  providing the determined location of the mobile device as location data representative of an identifiable geographic region where the mobile device is located;
  
  determining a security type for an area corresponding to the identifiable geographic region where the mobile device is located;
  
  controlling adjustable monitoring operations to monitor behavior of one or more user-initiated processes for activities performed by the mobile device, the activities initiated by a user of the mobile device and executing on the mobile device, based on the determined security type for the area, the adjustable monitoring operations configured to identify potential one or more security-risky processes from the monitored one or more user-initiated processes and further configured to provide data, with a level of information that depends on the determined security type for the area, for the one or more user-initiated processes, wherein controlling the adjustable monitoring operations further comprises adjusting which processes and which features of the one or more user-initiated processes to monitor based on the determined security type for the area, and wherein at least one of the one or more user-initiated processes for the activities performed by the mobile device causes a potential security risk;
  
  identifying the monitored behavior of at least one of the one or more user-initiated processes executing on the mobile device as potentially malicious behavior based on the data provided by the adjustable monitoring operations and the determined security type for the area; and
  
  classifying the at least one of the one or more user-initiated processes as being a risky or non-risky activity based, at least in part, on whether the monitored behavior of the at least one of the one or more user-initiated processes is identified as potentially malicious behavior and based, at least in part, on the determined security type for the area.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 15. The mobile device of claim 14, wherein the one or more security-risky processes comprise one or more of:
    - a malicious process of a third party, or a process initiated by a user of the mobile device that causes a potential security risk.
  - 16. The mobile device of claim 14, wherein determining the location of the mobile device comprises:
    - determining one or more of;
      
      a global geographical position coordinates corresponding to the location of the mobile device, a location context identifier for the mobile device, or another identifier associated with the location of the mobile device.
  - 17. The mobile device of claim 14, wherein determining the security type for the area corresponding to the identifiable geographic region where the mobile device is located comprises:
    - determining the security type for the area as being one of;
      
      a secure public location, a non-secure public location, a secure private location, or a non-secure private location.
  - 18. The mobile device of claim 14, wherein controlling the adjustable monitoring operations to monitor the behavior of the one or more user-initiated processes executing on the mobile device based on the determined security type for the area comprises one or more of:
    - adjusting frequency of the monitoring operations to monitor the one or more user-initiated processes executing on the mobile device based on the determined security type for the area;
      
      oradjusting level of detail obtained for the monitored behavior of the one or more user-initiated processes executing on the mobile device based on the determined security type for the area.
  - 19. The mobile device of claim 18, wherein adjusting the frequency of the monitoring operations to monitor the one or more user-initiated processes executing on the mobile device comprises:
    - increasing the frequency of observation of at least one of the one or more user-initiated processes executing on the mobile device in response to a determination that the device is located in a secure area.
  - 20. The mobile device of claim 18, wherein adjusting the level of detail obtained for the monitored behavior of the one or more user-initiated processes executing on the mobile device comprises:
    - increasing the level of detail obtained for at least one of the one or more user-initiated processes executing on the mobile device in response to a determination that the device is located in a secure area.
  - 21. The mobile device of claim 14, wherein controlling the adjustable monitoring operations to monitor the behavior of the one or more user-initiated processes executing on the mobile device based on the determined security type for the area comprises:
    - adjusting features being observed for the monitored one or more user-initiated processes executing on the mobile device based on the determined security type for the area.
  - 22. The mobile device of claim 14, wherein identifying the monitored behavior of the at least one of the one or more user-initiated processes as potentially malicious behavior comprises:
    - identifying the monitored behavior of the at least one of the one or more user-initiated processes as potentially malicious behavior in response to a determination that number of uses of a particular feature exceeds a pre-determined threshold when the mobile device is determined to be in a secure area.
  - 23. The mobile device of claim 22, wherein the particular feature comprises at least one of:
    - image capturing using a camera of the mobile device, or data transfer over a communication link between the mobile device and a remote device.
  - 24. The mobile device of claim 14, wherein identifying the monitored behavior of the at least one of the one or more user-initiated processes as potentially malicious behavior comprises:
    - identifying the monitored behavior of the at least one of the one or more user-initiated processes as potentially malicious behavior using a machine-learning procedure.

25. An apparatus comprising:
- means for determining a location of a mobile device;
  
  means for providing the determined location of the mobile device as location data representative of an identifiable geographic region where the mobile device is located;
  
  means for determining a security type for an area corresponding to the identifiable geographic region where the mobile device is located;
  
  means for controlling adjustable monitoring operations to monitor behavior of one or more user-initiated processes for activities performed by the mobile device, the activities initiated by a user of the mobile device and executing on the mobile device, based on the determined security type for the area, the adjustable monitoring operations configured to identify potential one or more security-risky processes from the monitored one or more user-initiated processes and further configured to provide data, with a level of information that depends on the determined security type for the area, for the one or more user-initiated processes, wherein the means for controlling the adjustable monitoring operations further comprises means for adjusting which processes and which features of the one or more user-initiated processes to monitor based on the determined security type for the area, and wherein at least one of the one or more user-initiated processes for the activities performed by the mobile device causes a potential security risk;
  
  means for identifying the monitored behavior of at least one of the one or more user-initiated processes executing on the mobile device as potentially malicious behavior based on the data provided by the adjustable monitoring operations and the determined security type for the area; and
  
  means for classifying the at least one of the one or more user-initiated processes as being a risky or non-risky activity based, at least in part, on whether the monitored behavior of the at least one of the one or more user-initiated processes is identified as potentially malicious behavior and based, at least in part, on the determined security type for the area.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 26. The apparatus of claim 25, wherein the one or more security-risky processes comprise one or more of:
    - a malicious process of a third party, or a process initiated by a user of the mobile device that causes a potential security risk.
  - 27. The apparatus of claim 25, wherein the means for determining the location of the mobile device comprise:
    - means for determining one or more of;
      
      a global geographical position coordinates corresponding to the location of the mobile device, a location context identifier for the mobile device, or another identifier associated with the location of the mobile device.
  - 28. The apparatus of claim 25, wherein the means for determining the security type for the area corresponding to the identifiable geographic region where the mobile device is located comprise:
    - means for determining the security type for the area as being one of;
      
      a secure public location, a non-secure public location, a secure private location, or a non-secure private location.
  - 29. The apparatus of claim 25, wherein the means for controlling the adjustable monitoring operations to monitor the behavior of the one or more user-initiated processes executing on the mobile device based on the determined security type for the area comprise one or more of:
    - means for adjusting frequency of the monitoring operations to monitor the one or more user-initiated processes executing on the mobile device based on the determined security type for the area;
      
      ormeans for adjusting level of detail obtained for the monitored behavior of the one or more user-initiated processes executing on the mobile device based on the determined security type for the area.
  - 30. The apparatus of claim 29, wherein the means for adjusting the frequency of the monitoring operations to monitor the one or more user-initiated processes executing on the mobile device comprise:
    - means for increasing the frequency of observation of at least one of the one or more user-initiated processes executing on the mobile device in response to a determination that the device is located in a secure area.
  - 31. The apparatus of claim 29, wherein the means for adjusting the level of detail obtained for the monitored behavior of the one or more user-initiated processes executing on the mobile device comprise:
    - means for increasing the level of detail obtained for at least one of the one or more user-initiated processes executing on the mobile device in response to a determination that the device is located in a secure area.
  - 32. The apparatus of claim 25, wherein the means for controlling the adjustable monitoring operations to monitor the behavior of the one or more user-initiated processes executing on the mobile device based on the determined security type for the area comprise:
    - means for adjusting features being observed for the monitored one or more user-initiated processes executing on the mobile device based on the determined security type for the area.
  - 33. The apparatus of claim 25, wherein the means for identifying the monitored behavior of the at least one of the one or more user-initiated processes as potentially malicious behavior comprise:
    - means for identifying the monitored behavior of the at least one of the one or more user-initiated processes as potentially malicious behavior in response to a determination that number of uses of a particular feature exceeds a pre-determined threshold when the mobile device is determined to be in a secure area.
  - 34. The apparatus of claim 33, wherein the particular feature comprises at least one of:
    - image capturing using a camera of the mobile device, or data transfer over a communication link between the mobile device and a remote device.
  - 35. The apparatus of claim 25, wherein the means for identifying the monitored behavior of the at least one of the one or more user-initiated processes as potentially malicious behavior comprise:
    - means for identifying the monitored behavior of the at least one of the one or more user-initiated processes as potentially malicious behavior using a machine-learning procedure.

36. A non-transitory processor readable media programmed with a set of instructions executable on a processor that, when executed, cause operations comprising:
- determining a location of a mobile device;
  
  providing the determined location of the mobile device as location data representative of an identifiable geographic region where the mobile device is located;
  
  determining a security type for an area identifiable geographic region where the mobile device is located;
  
  controlling adjustable monitoring operations to monitor behavior of one or more user-initiated processes for activities performed by the mobile device, the activities initiated by a user of the mobile device and executing on the mobile device, based on the determined security type for the area, the adjustable monitoring operations configured to identify potential one or more security-risky processes from the monitored one or more user-initiated processes and further configured to provide data, with a level of information that depends on the determined security type for the area, for the one or more user-initiated processes, wherein controlling the adjustable monitoring operations further comprise adjusting which processes and which features of the one or more user-initiated processes to monitor based on the determined security type for the area, and wherein at least one of the one or more user-initiated processes for the activities performed by the mobile device causes a potential security risk;
  
  identifying the monitored behavior of at least one of the one or more user-initiated processes executing on the mobile device as potentially malicious behavior based on the data provided by the adjustable monitoring operations and the determined security type for the area; and
  
  classifying the at least one of the one or more user-initiated processes as being a risky or non-risky activity based, at least in part, on whether the monitored behavior of the at least one of the one or more user-initiated processes is identified as potentially malicious behavior and based, at least in part, on the determined security type for the area.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
- - 37. The processor readable media of claim 36, wherein the one or more security-risky processes comprise one or more of:
    - a malicious process of a third party, or a process initiated by a user of the mobile device that causes a potential security risk.
  - 38. The processor readable media of claim 36, wherein determining the location of the mobile device comprises:
    - determining one or more of;
      
      a global geographical position coordinates corresponding to the location of the mobile device, a location context identifier for the mobile device, or another identifier associated with the location of the mobile device.
  - 39. The processor readable media of claim 36, wherein determining the security type for the area corresponding to the identifiable geographic region where the mobile device is located comprises:
    - determining the security type for the area as being one of;
      
      a secure public location, a non-secure public location, a secure private location, or a non-secure private location.
  - 40. The processor readable media of claim 36, wherein controlling the adjustable monitoring operations to monitor the behavior of the one or more user-initiated processes executing on the mobile device based on the determined security type for the area comprises one or more of:
    - adjusting frequency of the monitoring operations to monitor the one or more user-initiated processes executing on the mobile device based on the determined security type for the area;
      
      oradjusting level of detail obtained for the monitored behavior of the one or more user-initiated processes executing on the mobile device based on the determined security type for the area.
  - 41. The processor readable media of claim 40, wherein adjusting the frequency of the monitoring operations to monitor the one or more user-initiated processes executing on the mobile device comprises:
    - increasing the frequency of observation of at least one of the one or more user-initiated processes executing on the mobile device in response to a determination that the device is located in a secure area.
  - 42. The processor readable media of claim 40, wherein adjusting the level of detail obtained for the monitored behavior of the one or more user-initiated processes executing on the mobile device comprises:
    - increasing the level of detail obtained for at least one of the one or more user-initiated processes executing on the mobile device in response to a determination that the device is located in a secure area.
  - 43. The processor readable media of claim 36, wherein controlling the adjustable monitoring operations to monitor the behavior of the one or more user-initiated processes executing on the mobile device based on the determined security type for the area comprises:
    - adjusting features being observed for the monitored one or more user-initiated processes executing on the mobile device based on the determined security type for the area.
  - 44. The processor readable media of claim 36, wherein identifying the monitored behavior of the at least one of the one or more user-initiated processes as potentially malicious behavior comprises:
    - identifying the monitored behavior of the at least one of the one or more user-initiated processes as potentially malicious behavior in response to a determination that number of uses of a particular feature exceeds a pre-determined threshold when the mobile device is determined to be in a secure area.
  - 45. The processor readable media of claim 44, wherein the particular feature comprises at least one of:
    - image capturing using a camera of the mobile device, or data transfer over a communication link between the mobile device and a remote device.
  - 46. The processor readable media of claim 36, wherein identifying the monitored behavior of the at least one of the one or more user-initiated processes as potentially malicious behavior comprises:
    - identifying the monitored behavior of the at least one of the one or more user-initiated processes as potentially malicious behavior using a machine-learning procedure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Gupta, Rajarshi, Das, Saumitra Mohan, Naguib, Ayman Fawzy
Primary Examiner(s)
LESNIEWSKI, VICTOR D

Application Number

US13/757,268
Publication Number

US 20140223553A1
Time in Patent Office

1,187 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

H04L 63/107   wherein the security polici...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04M 1/72457   according to geographic loc...

H04W 12/128   Anti-malware arrangements, ...

H04W 12/63   Location-dependent; Proximi...

H04W 12/67   Risk-dependent, e.g. select...

H04W 4/02   Services making use of loca...

H04W 4/029   Location-based management o...

Location based process-monitoring

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

Location based process-monitoring

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links