System and method for assessing vulnerability of a mobile device

US 9,467,463 B2
Filed: 08/31/2012
Issued: 10/11/2016
Est. Priority Date: 09/02/2011
Status: Active Grant

First Claim

Patent Images

1. A method for assessing vulnerability of a mobile device comprising:

at a vulnerability assessment component (VAC) operable on the mobile device and prior to receiving a vulnerability assessment request at a remote analysis cloud service, compiling at least one object identifier for the vulnerability assessment request, wherein compiling the at least one object identifier includes compiling and sending at least one additional superfluous object identifier;

communicating the vulnerability assessment request to the remote analysis cloud service;

at the remote analysis cloud service, receiving the at least one vulnerability assessment request that includes the object identifier for an operative object of the mobile computing device, wherein the vulnerability assessment request originates from the mobile computing device;

identifying a vulnerability assessment associated with the identifier of the operative object; and

communicating the identified vulnerability assessment to the mobile computing device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for assessing vulnerability of a mobile device including at a remote analysis cloud service, receiving at least one vulnerability assessment request that includes an object identifier for an operative object of a mobile computing device, wherein the vulnerability assessment request originates from the mobile computing device; identifying a vulnerability assessment associated with the identifier of the operative object; and communicating the identified vulnerability assessment to the mobile computing device.

Citations

16 Claims

1. A method for assessing vulnerability of a mobile device comprising:
- at a vulnerability assessment component (VAC) operable on the mobile device and prior to receiving a vulnerability assessment request at a remote analysis cloud service, compiling at least one object identifier for the vulnerability assessment request, wherein compiling the at least one object identifier includes compiling and sending at least one additional superfluous object identifier;
  
  communicating the vulnerability assessment request to the remote analysis cloud service;
  
  at the remote analysis cloud service, receiving the at least one vulnerability assessment request that includes the object identifier for an operative object of the mobile computing device, wherein the vulnerability assessment request originates from the mobile computing device;
  
  identifying a vulnerability assessment associated with the identifier of the operative object; and
  
  communicating the identified vulnerability assessment to the mobile computing device.
- View Dependent Claims (2, 3, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the object identifier includes at least a portion of executable code, and wherein identifying a vulnerability assessment includes disassembling the executable code into native machine code and detecting unpatched vulnerabilities.
  - 3. The method of claim 2, wherein detecting unpatched vulnerabilities includes detecting privilege escalation vulnerabilities.
  - 5. The method of claim 1, wherein communicating the vulnerability assessment request includes multiplexing a plurality of vulnerability assessment requests into a single communication to the remote analysis cloud service;
    - and wherein receiving at least one vulnerability assessment request at the analysis cloud service includes demultiplexing a vulnerability assessment request into a plurality of vulnerability assessment requests.
  - 6. The method of claim 1, further comprising at the VAC, receiving an executable probe;
    - and performing at least a partial vulnerability assessment according to the executable probe prior to communicating the vulnerability assessment request to the cloud service.
  - 7. The method of claim 6, wherein performing at least a partial vulnerability assessment includes checking a cache of vulnerability assessments.
  - 8. The method of claim 1, further comprising the VAC initiating installation of a vulnerability patch to relevant vulnerabilities identified in the vulnerability assessment results.
  - 9. The method of claim 1, wherein the VAC is a standalone application controlled by a user.
  - 10. The method of claim 1, wherein the VAC is a component integrated into an application of the device;
    - and further comprising communicating the identified vulnerability assessment from the VAC to the application of the device.

4. The method of 1, wherein the at least one compiled object identifier is a plurality of object identifiers that includes an executable code segment, a device identifier, and component version identifier.

11. A method for assessing vulnerability of a mobile device comprising:
- at a vulnerability assessment component (VAC) operable on the mobile device and prior to receiving a plurality of vulnerability assessment requests at a remote analysis cloud service, compiling at least one object identifier for the plurality of vulnerability assessment requests, wherein compiling the at least one object identifier includes compiling and sending at least one additional superfluous object identifier;
  
  communicating the plurality of vulnerability assessment requests to the remote analysis cloud service;
  
  at the remote analysis cloud service, receiving the plurality of vulnerability assessment requests, wherein the vulnerability assessment request includes the at least one object identifier for an operative object of the mobile computing device, and wherein the vulnerability assessment request originates from the mobile computing device;
  
  for each vulnerability assessment request, identifying a vulnerability assessment associated with the identifier of the operative object; and
  
  communicating the identified vulnerability assessment to the associated mobile computing device.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11, further comprising in a cloud based storage system, storing identified vulnerability assessments according to the associated object identifier.
  - 13. The method of claim 12, wherein storing identified vulnerability assessments are stored according to a hash of the associated object identifier.
  - 14. The method of claim 13, further comprising at a vulnerability assessment component (VAC) operable on a mobile computing device and prior to receiving a vulnerability assessment request at the remote analysis cloud service, compiling a hash of at least one object identifier for the vulnerability assessment request;
    - and communicating a first vulnerability assessment request including the hash to the analysis cloud service; and
      
      wherein identifying vulnerability assessment includes querying the cloud based storage system for an identified vulnerability assessment associated with the hash.
  - 15. The method of claim 12, further comprising at a platform control interface, compiling a mapping of identified vulnerability and associated object identifiers stored in the cloud based storage system and generating collective vulnerability data for the plurality of mobile computing devices.
  - 16. The method of claim 15, further comprising at the platform control interface, pushing a vulnerability fix to the at least one mobile device in response to generated collective vulnerability data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Duo Security Incorporated (Cisco Systems, Inc.)
Inventors
Oberheide, Jon, Song, Dug, Goodman, Adam
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US13/601,409
Publication Number

US 20150304351A1
Time in Patent Office

1,502 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 63/1433 Vulnerability analysis

H04W 12/128 Anti-malware arrangements, ...

System and method for assessing vulnerability of a mobile device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for assessing vulnerability of a mobile device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links