Application reputation service

US 9,652,614 B2
Filed: 06/12/2014
Issued: 05/16/2017
Est. Priority Date: 04/16/2008
Status: Active Grant

First Claim

Patent Images

1. A method performed on at least one computing device, the method comprising:

receiving, by the computing device from a second computing device over a network, a set of identities that corresponds to an unverified application attempting to install or execute itself on the second computing device, where each identity in the set corresponds to the unverified application with a corresponding degree of specificity;

ranking, by the computing device, the identities in the received set by relevance, where the relevance of each identity is a function of its corresponding degree of specificity;

matching, by the computing device, each of at least some of the ranked identities in the set to any corresponding reputation in a knowledge base of established application reputations;

determining, by the computing device based on the ranked identities and the matching any corresponding reputations, a reputation of the unverified application based on the any corresponding reputations; and

communicating, by the computing device to the second computing device over the network, the determined reputation of the unverified application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technologies for an application reputation service to assist users with minimizing their computerized machines'"'"' exposure to and infection from malware, including an application reputation service that contains the reputations for elements (e.g., applications) that are known to be non-malicious as well as those known to be malicious. In one example, when a user attempts to install or execute a new application, the service is queried by the user'"'"'s machine with a set of identities for the element. The service determines the reputation of the application by referencing a knowledge base of known reputations and returns an indication (e.g., an overall rating, or a flag) of how safe that application would be to install and run on the user'"'"'s computer.

70 Citations

15 Claims

1. A method performed on at least one computing device, the method comprising:
- receiving, by the computing device from a second computing device over a network, a set of identities that corresponds to an unverified application attempting to install or execute itself on the second computing device, where each identity in the set corresponds to the unverified application with a corresponding degree of specificity;
  
  ranking, by the computing device, the identities in the received set by relevance, where the relevance of each identity is a function of its corresponding degree of specificity;
  
  matching, by the computing device, each of at least some of the ranked identities in the set to any corresponding reputation in a knowledge base of established application reputations;
  
  determining, by the computing device based on the ranked identities and the matching any corresponding reputations, a reputation of the unverified application based on the any corresponding reputations; and
  
  communicating, by the computing device to the second computing device over the network, the determined reputation of the unverified application.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 further comprising providing the determined reputation to the second computing device.
  - 3. The method of claim 1 further comprising resolving, in response to any conflicts among the any corresponding reputations, the any conflicts based on an identity with a highest of the rankings of the identities.
  - 4. The method of claim 1 where the determining is further based on an average or an aggregate of the corresponding reputations.
  - 5. The method of claim 1 where the determined reputation indicates a level of risk and a degree of certainty for the level of risk.

6. A system comprising at least one computing device and software that are together configured for performing actions comprising:
- receiving, by the computing device from a second computing device over a network, a set of identities that corresponds to an unverified application attempting to install or execute itself on the second computing device, where each identity in the set corresponds to the unverified application with a corresponding degree of specificity;
  
  ranking, by the computing device, the identities in the received set by relevance, where the relevance of each identity is a function of its corresponding degree of specificity;
  
  matching, by the computing device, each of at least some of the ranked identities in the set to any corresponding reputation in a knowledge base of established application reputations;
  
  determining, by the computing device based on the ranked identities and the matching any corresponding reputations, a reputation of the unverified application based on the any corresponding reputations; and
  
  communicating, by the computing device to the second computing device over the network, the determined reputation of the unverified application.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6, the actions further comprising providing the determined reputation to the second computing device.
  - 8. The system of claim 6, the actions further comprising resolving, in response to any conflicts among the any corresponding reputations, the any conflicts based on an identity with a highest of the rankings of the identities.
  - 9. The system of claim 6 where the determining is further based on an average or an aggregate of the corresponding reputations.
  - 10. The system of claim 6 where the determined reputation indicates a level of risk and a degree of certainty for the level of risk.

11. At least one computer memory comprising instructions that, when executed by at least one computing device, cause the at least one computing device to perform actions comprising:
- receiving, by the computing device from a second computing device over a network, a set of identities that corresponds to an unverified application attempting to install or execute itself on the second computing device, where each identity in the set corresponds to the unverified application with a corresponding degree of specificity;
  
  ranking, by the computing device, the identities in the received set by relevance, where the relevance of each identity is a function of its corresponding degree of specificity;
  
  matching, by the computing device, each of at least some of the ranked identities in the set to any corresponding reputation in a knowledge base of established application reputations;
  
  determining, by the computing device based on the ranked identities and the matching any corresponding reputations, a reputation of the unverified application based on the any corresponding reputations; and
  
  communicating, by the computing device to the second computing device over the network, the determined reputation of the unverified application.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The at least one computer memory of claim 11, the actions further comprising providing the determined reputation to the second computing device.
  - 13. The at least one computer memory of claim 11 where the determined reputation indicates a level of risk and a degree of certainty for the level of risk.
  - 14. The at least one computer memory of claim 11, the actions further comprising resolving, in response to any conflicts among the any corresponding reputations, the any conflicts based on an identity with a highest of the rankings of the identities.
  - 15. The at least one computer memory of claim 11 where the determining is further based on an average or an aggregate of the corresponding reputations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Meek, Christopher A., Rehfuss, Paul Steve, Newman, Andrew, Franczyk, Ron, Scarrow, John, Hulten, Geoff
Primary Examiner(s)
Colin, Carl
Assistant Examiner(s)
LAVELLE, GARY E

Application Number

US14/303,051
Publication Number

US 20140298465A1
Time in Patent Office

1,069 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/24578   using ranking

G06F 21/44   Program or device authentic...

G06F 21/51   at application loading time...

G06F 21/56   Computer malware detection ...

G06F 2221/033   Test or assess software

H04L 63/20   for managing network securi...

Application reputation service

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

70 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Application reputation service

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links