Out of band end user notification systems and methods for security events related to non-browser mobile applications

US 9,621,574 B2
Filed: 08/18/2014
Issued: 04/11/2017
Est. Priority Date: 04/13/2012
Status: Active Grant

First Claim

Patent Images

1. A cloud based security method, comprising:

authenticating a mobile device through a cloud based security system via a secure agent on the mobile device;

associating the mobile device with a user of the cloud based security system based on the authenticating;

monitoring user requests from the mobile device by the cloud based security system, wherein the user requests are for non-browser mobile applications executed on the mobile device;

detecting security threats in the non-browser mobile applications based on the monitoring; and

sending an out of band end user notification to the mobile device responsive to detecting a security threat, wherein the out of band end user notification comprises information for the user related to the security threat, wherein the out of band end user notification is sent to the mobile device separate from the non-browser mobile application to notify the user of the security threats through steps of;

sending a notification to a delegate server from the cloud based security system with associated data for a push notification to the mobile device;

determining the user for the push notification from a first mapping of the user to the cloud based security system and determining the mobile device from a second mapping of the user to the mobile device using the secure agent;

instructing a mobile Operation System platform associated with the mobile device to send the push notification to the mobile device based on the notification and the second mapping, wherein the push notification is sent to the mobile device by the mobile Operation System platform based on the instructing and the push notification is out-of-band from the cloud based security system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cloud based security method includes authenticating a mobile device through a cloud based security system; associating the mobile device with a user of the cloud based security system based on the authenticating; monitoring user requests from the mobile device by the cloud based security system; detecting security threats based on the monitoring; and sending an out of band end user notification to the mobile device responsive to detecting a security threat, wherein the out of band end user notification comprises information for the user related to the security threat.

Citations

12 Claims

1. A cloud based security method, comprising:
- authenticating a mobile device through a cloud based security system via a secure agent on the mobile device;
  
  associating the mobile device with a user of the cloud based security system based on the authenticating;
  
  monitoring user requests from the mobile device by the cloud based security system, wherein the user requests are for non-browser mobile applications executed on the mobile device;
  
  detecting security threats in the non-browser mobile applications based on the monitoring; and
  
  sending an out of band end user notification to the mobile device responsive to detecting a security threat, wherein the out of band end user notification comprises information for the user related to the security threat, wherein the out of band end user notification is sent to the mobile device separate from the non-browser mobile application to notify the user of the security threats through steps of;
  
  sending a notification to a delegate server from the cloud based security system with associated data for a push notification to the mobile device;
  
  determining the user for the push notification from a first mapping of the user to the cloud based security system and determining the mobile device from a second mapping of the user to the mobile device using the secure agent;
  
  instructing a mobile Operation System platform associated with the mobile device to send the push notification to the mobile device based on the notification and the second mapping, wherein the push notification is sent to the mobile device by the mobile Operation System platform based on the instructing and the push notification is out-of-band from the cloud based security system.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The cloud based security method of claim 1, further comprising:
    - detecting the security threats comprising any of malware, spyware, viruses, trojans, botnets, email spam, data leakage, and policy violations.
  - 3. The cloud based security method of claim 1, wherein the non-browser mobile device applications are unable to display Hypertext Transfer Protocol (HTTP) responses for an end user notification.
  - 4. The cloud based security method of claim 1, further comprising:
    - providing the secure agent to the mobile device.
  - 5. The cloud based security method of claim 4, further comprising:
    - authenticating the mobile device through a cloud based security system; and
      
      utilizing the secure agent operating on the mobile device to map information associated with the mobile device and user to the cloud based security system.
  - 6. The cloud based security method of claim 5, further comprising:
    - maintaining database information for the mobile device and the user by the cloud based security system through communication with the secure agent.

7. A cloud based security system, comprising:
- a central authority (CA) server, a cloud node (CN), and a delegate server communicatively coupled to a mobile operating system notification system, wherein each of the one or more CA servers, the one or more cloud nodes, and the delegate server are communicatively coupled to one another and each comprise at least one computer processor and memory;
  
  wherein the cloud node, using software executed by the at least one computer processor, is configured to;
  
  authenticate a mobile device, wherein the CA server is configured to associate a user of the mobile device based on authentication for a first mapping of the user to the cloud node and a second mapping of the user to the mobile device;
  
  monitor user requests from the mobile device, the user requests are for non-browser mobile applications executed on the mobile device, andupon detection of a security threat, provide a request to the delegate server;
  
  wherein the delegate server is configured to;
  
  receive the request from the cloud node with associated data for a push notification to the mobile device,determine the user for the push notification from the first mapping and the mobile device from the second mapping;
  
  instruct a mobile Operation System platform associated with the mobile device to send the push notification to the mobile device based on the notification and the second mapping, wherein the push notification is sent to the mobile device by the mobile Operation System platform based thereon and the push notification is out-of-band from the cloud based security system, wherein the push notification is sent to the mobile device separate from the non-browser mobile application to notify the user of the security threats,wherein the cloud node utilizes the secure agent to authenticate the mobile device and the CA server uses the secure agent to map information associated with the mobile device and user.
- View Dependent Claims (8, 9, 10)
- - 8. The cloud based security system of claim 7, wherein the cloud node is configured to detect the security threats comprising any of malware, spyware, viruses, trojans, botnets, email spam, data leakage, and policy violations.
  - 9. The cloud based security system of claim 7, wherein the non-browser mobile device applications are unable to display Hypertext Transfer Protocol (HTTP) responses for an end user notification.
  - 10. The cloud based security system of claim 7, wherein the mobile device comprises a secure agent operating thereon.

11. A mobile device, comprising:
- a network interface communicatively coupled to a user and an external network;
  
  a computer processor; and
  
  memory storing computer executable instructions, and in response to execution by the processor, the computer executable instructions cause the computer processor to perform steps of;
  
  operate a secure agent associated with a cloud based security system;
  
  operate a non-browser mobile device application unable to display Hypertext Transfer Protocol (HTTP) responses for an end user notification;
  
  authenticate with the cloud based security system via the secure agent, wherein the cloud based security system performs a first mapping of the user to the cloud based security system and a second mapping of the user to the mobile device using the secure agent;
  
  receive the end user notification out of band from a mobile operating system notification system responsive to the cloud based security system detecting a security threat with the non-browser mobile device application, wherein the out of band end user notification is sent to the mobile device separate from the non-browser mobile applications as a push notification to notify the user of the security threats; and
  
  display the end user notification separate from the non-browser mobile device application,wherein the cloud based security system sends the end user notification to a delegate server which uses the first mapping and the second mapping to instruct a mobile Operation System platform to send the push notification based on the notification and the push notification is out-of-band from the cloud based security system.
- View Dependent Claims (12)
- - 12. The mobile device of claim 11, wherein the security threats comprise any of malware, spyware, viruses, trojans, botnets, email spam, data leakage, and policy violations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zscaler Incorporated
Original Assignee
Zscaler Incorporated
Inventors
Desai, Purvi, Bansal, Abhinav, Mahajan, Vikas
Primary Examiner(s)
Mehrmanesh, Amir

Application Number

US14/461,790
Publication Number

US 20160050227A1
Time in Patent Office

967 Days
Field of Search
US Class Current
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 63/045   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 63/104   Grouping of entities

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

H04L 63/308   retaining data, e.g. retain...

H04W 12/06   Authentication

H04W 12/069   using certificates or pre-s...

Out of band end user notification systems and methods for security events related to non-browser mobile applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Out of band end user notification systems and methods for security events related to non-browser mobile applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links