Detecting malware on mobile devices

US 9,576,130 B1
Filed: 11/23/2015
Issued: 02/21/2017
Est. Priority Date: 06/21/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a security module operating on a network device, from an application source, data for an application including a first set of application permissions describing elements of the network device to which the application will have access upon installation of the application;

determining, by the network device, a type for the application;

storing, by the network device, the received data for the application in a region of a storage medium of the network device;

receiving, by the network device, from a management console, a second set of permissions including at least one of allowable permissions representing permissions allowed for the type for the application or disallowable permissions representing permissions that are not allowed for the type for the application;

based on a comparison of the first set of application permissions and the second set of permissions, by the network device, allowing the application to execute or preventing the application from executing.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one example, a mobile device includes a network interface configured to receive data for an application including a set of application permissions describing elements of the mobile device to which the application will have access upon installation of the application, and a processing unit configured to determine a type for the application and, based on an analysis of the set of application permissions and the type for the application, determine whether the application includes malware.

103 Citations

View as Search Results

17 Claims

1. A method comprising:
- receiving, by a security module operating on a network device, from an application source, data for an application including a first set of application permissions describing elements of the network device to which the application will have access upon installation of the application;
  
  determining, by the network device, a type for the application;
  
  storing, by the network device, the received data for the application in a region of a storage medium of the network device;
  
  receiving, by the network device, from a management console, a second set of permissions including at least one of allowable permissions representing permissions allowed for the type for the application or disallowable permissions representing permissions that are not allowed for the type for the application;
  
  based on a comparison of the first set of application permissions and the second set of permissions, by the network device, allowing the application to execute or preventing the application from executing.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the second set of permissions includes the allowable permissions, the method further comprising allowing the application to execute when each of the permissions in the first set of application permissions is included in the allowable permissions.
  - 3. The method of claim 1, wherein the second set of permissions includes the allowable permissions, the method further comprising preventing the application from executing when at least one of the permissions in the first set of application permissions is not included in the allowable permissions.
  - 4. The method of claim 1, wherein the second set of permissions includes the disallowable permissions, the method further comprising allowing the application to execute when none of the permissions in the first set of application permissions is included in the disallowable permissions.
  - 5. The method of claim 1, wherein the second set of permissions includes the disallowable permissions, the method further comprising preventing the application from executing when at least one of the permissions in the first set of application permissions is included in the disallowable permissions.
  - 6. The method of claim 1 wherein the network devices comprises one of:
    - a cellular based mobile device operable to access computer data services from a broadband network over a radio access network;
      
      orone or more endpoint computing devices operable to access computer data services from the broadband network over a network switch.

7. A network device comprising:
- a storage medium comprising a region for storing data for applications;
  
  a network interface configured to receive data for an application, from an application source, including a first set of application permissions describing elements of the network device to which the application will have access upon installation of the application and a second set of permissions, from a management console, including at least one of allowable permissions representing permissions allowed for the application or disallowable permissions representing permissions that are not allowed for the application; and
  
  a processing unit configured to store the received data for the application in the region of the storage medium, and, based on a comparison of the first set of application permissions and the second set of permissions, allow the application to execute or prevent the application from executing.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The network device of claim 7, wherein the second set of permissions includes the allowable permissions, and wherein the processing unit is configured to allow the application to execute when each of the permissions in the first set of application permissions is included in the allowable permissions.
  - 9. The network device of claim 7, wherein the second set of permissions includes the allowable permissions, and wherein the processing unit is configured to prevent the application from executing when at least one of the permissions in the first set of application permissions is not included in the allowable permissions.
  - 10. The network device of claim 7, wherein the second set of permissions includes the disallowable permissions, and wherein the processing unit is configured to allow the application to execute when none of the permissions in the first set of application permissions is included in the disallowable permissions.
  - 11. The network device of claim 7, wherein the second set of permissions includes the disallowable permissions, and wherein the processing unit is configured to prevent the application from executing when at least one of the permissions in the first set of application permissions is included in the disallowable permissions.
  - 12. The network device of claim 7 wherein the network device comprises one of:
    - a cellular based mobile device operable to access computer data services from a broadband network over a radio access network;
      
      oran endpoint computing device operable to access computer data services from the broadband network over a network switch.

13. An enterprise network threat management system comprising:
- a plurality of network devices configured to communicate via a broadband network, each of the network devices comprising a security management module, wherein each of the plurality of network devices is configured to receive, from an application source, data for an application including a set of application permissions describing elements of the network device to which the application will have access upon installation of the application on the network device, and wherein the network device is further configured to determine, from the application data, an application type; and
  
  a management console configured to communicate via the broadband network, the management console including data representing a set of normal application permissions for each of a plurality of different application types,wherein the security management modules of the network devices are configured to receive, from the management console, the set of normal application permissions for each of the plurality of different application types, and store the set of application permissions for each of the plurality of different application types on the corresponding network device, andwherein after receiving the data for the application from the application source, the security management module is configured to compare the normal application permissions for the application type stored on the network device with the set of application permissions included in the application data received from the application source and, based on the comparison, allow the application to execute or prevent the application from executing.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The system of claim 13 wherein the plurality of network devices includes:
    - one or more cellular based mobile devices operable to access computer data services from the broadband network over a radio access network; and
      
      one or more endpoint computing devices operable to access computer data services from the broadband network over a network switch.
  - 15. The system of claim 13 wherein the management console includes a set of unpermitted application types stored thereon, wherein the security management module is configured to receive, from the management console, the set of unpermitted application types, and wherein after receiving the data for the application from the application source, the security management module is configured to compare the application type determined from the application data with the set of unpermitted application types and, based on the comparison, allow the application to execute or prevent the application from executing.
  - 16. The system of claim 13 wherein the management console includes a set of concerning application permissions stored thereon, wherein the security management module is configured to receive, from the management console, the set of concerning application permissions, and wherein after receiving the data for the application and the set of application permissions describing elements of the network device to which the application will have access upon installation of the application on the network device, the security management module is configured to compare the application permissions associated with the application data received from the application source with the set of concerning application permissions and, based on the comparison, allow the application to execute or prevent the application from executing.
  - 17. The system of claim 13, wherein the management console comprises one or more processors configured to determine one or more policies for applications executable by the network devices, wherein each of the policies indicates whether the applications are allowed or not allowed based on types for the applications and permissions of the applications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pulse Secure, LLC (Ivanti Software, Inc.)
Original Assignee
Pulse Secure, LLC (Ivanti Software, Inc.)
Inventors
Book, Neil, Hoffman, Daniel V.
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US14/949,705
Time in Patent Office

456 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/56   Computer malware detection ...

G06F 21/562   Static detection

G06F 21/57   Certifying or maintaining t...

G06F 2221/033   Test or assess software

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

H04W 12/128   Anti-malware arrangements, ...

Detecting malware on mobile devices

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

103 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Detecting malware on mobile devices

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

103 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links