Method and system for application security evaluation

US 9,661,038 B2
Filed: 11/21/2012
Issued: 05/23/2017
Est. Priority Date: 11/21/2011
Status: Active Grant

First Claim

Patent Images

1. A method of evaluating user feedback of mobile communication device applications, the method comprising:

receiving by a first server system, a plurality of user feedback messages from a plurality of mobile communication devices, wherein;

the plurality of user feedback messages comprises information associated with one or more applications operable on the plurality of mobile communication devices; and

the plurality of user feedback messages associated with the one or more applications operable on the plurality of mobile communication devices comprises a problem type and at least one of a version identifier, a certificate identifier, an installation date and/or time, or a usage date and/or time associated with the one or more operable applications;

selecting, based on the plurality of user feedback messages, one of the one or more operable applications;

determining a classification parameter of the selected operable application based on evaluating one or more operating characteristics of the selected operable application;

communicating the classification parameter to one or more of the plurality of mobile communication devices;

communicating the classification parameter to an application evaluation database on a second server system;

selecting the one of the one or more operable applications based on at least the problem type; and

selecting the one of the one or more operable applications based on computing a most likely application to cause the problem type from the one or more operable applications, wherein the computing is based on the user feedback messages associated with the one or more operable applications.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method may be used in generating security profiles for mobile device applications. An application may be installed and executed in a controlled execution environment. Physical, functional, data and/or communications parameters of the executing application may be monitored and/or analyzed. In this regard, the analysis may comprise evaluation based on comparison against benchmark data for the specific type of application being executed and for the specific execution environment. A security profile may be generated based on the monitoring and/or analysis. In this regard, the security profile may include security classification information for the application. The security profile may be made available to servers and/or to user mobile devices.

Citations

19 Claims

1. A method of evaluating user feedback of mobile communication device applications, the method comprising:
- receiving by a first server system, a plurality of user feedback messages from a plurality of mobile communication devices, wherein;
  
  the plurality of user feedback messages comprises information associated with one or more applications operable on the plurality of mobile communication devices; and
  
  the plurality of user feedback messages associated with the one or more applications operable on the plurality of mobile communication devices comprises a problem type and at least one of a version identifier, a certificate identifier, an installation date and/or time, or a usage date and/or time associated with the one or more operable applications;
  
  selecting, based on the plurality of user feedback messages, one of the one or more operable applications;
  
  determining a classification parameter of the selected operable application based on evaluating one or more operating characteristics of the selected operable application;
  
  communicating the classification parameter to one or more of the plurality of mobile communication devices;
  
  communicating the classification parameter to an application evaluation database on a second server system;
  
  selecting the one of the one or more operable applications based on at least the problem type; and
  
  selecting the one of the one or more operable applications based on computing a most likely application to cause the problem type from the one or more operable applications, wherein the computing is based on the user feedback messages associated with the one or more operable applications.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the problem type is one of spam, phishing, suspicious user data request, inappropriate content, or phone functionality problem.
  - 3. The method of claim 1, comprising computing the most likely application to cause the problem type by forming a weighted average of the at least one of a version identifier, a certificate identifier, an installation date and/or time, or a usage date and/or time associated with the one or more operable applications.
  - 4. The method of claim 1, comprising operating the selected application on the first server system to obtain the one or more operating characteristics of the selected operable application.
  - 5. The method of claim 4, comprising operating the selected application using a script.
  - 6. The method of claim 5, wherein the script comprises code to operate selected functionalities of the selected application.
  - 7. The method of claim 5, wherein the script comprises code to operate every functionality of the selected application.
  - 8. The method of claim 5, comprising generating the script automatically from a functionality tree associated with the selected application.
  - 9. The method of claim 1, comprising determining usage parameters of at least one resource used in operating the selected application, the at least one resource comprising at least one of data received, data transmitted, camera usage, battery usage, network usage, telephone functionality usage or Short-message Service usage.
  - 10. The method of claim 1, comprising determining a type of data accessed, generated, transmitted or otherwise used in operating the selected application.

11. A system for evaluating user feedback of mobile communication device applications, the system comprising:
- a first server configured for receiving a plurality of user feedback messages from a plurality of mobile communications devices, wherein;
  
  the plurality of user feedback messages comprises application information of one or more applications operable on the plurality of mobile communications devices; and
  
  the plurality of user feedback messages associated with the one or more applications operable on the plurality of mobile communication devices comprises a problem type and at least one of a version identifier, a certificate identifier, an installation date and/or time, or a usage date and/or time associated with the one or more operable applications; and
  
  circuitry that;
  
  selects, based on the user feedback messages, one of the one or more operable applications, wherein;
  
  the selecting is based on at least the problem type; and
  
  the selecting is based on computing a most likely application to cause the problem type from the one or more operable applications, where the computing is based on the user feedback messages associated with the one or more operable applications;
  
  evaluates one or more operating characteristics of the selected operable application;
  
  determines a classification parameter of the selected application based on the operating characteristics;
  
  communicates the classification parameter to the one or more mobile communications devices; and
  
  communicates the classification parameter to an application evaluation database on a second server.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, wherein the problem type is one of spam, phishing, suspicious user data request, inappropriate content, or a phone functionality problem.
  - 13. The system of claim 11, wherein the most likely application to cause the problem type is computed by forming a weighted average of the at least one of a version identifier, a certificate identifier, an installation date and/or time, or a usage date and/or time associated with the one or more operable applications.
  - 14. The system of claim 11, wherein the circuitry runs or operates the selected application on the first server system to obtain the one or more operating characteristics of the selected operable application.
  - 15. The system of claim 14, wherein the operating of the selected application is performed using a script.
  - 16. The system of claim 15, wherein the script comprises code to operate selected functionalities of the selected application.
  - 17. The system of claim 15, wherein the script comprises code to operate every functionality of the selected application.
  - 18. The system of claim 15, wherein the script is generated automatically from a functionality tree associated with the selected application.
  - 19. The system of claim 11, wherein the circuitry determines usage parameters of at least one resource used in the operating of the selected application, the at least one resource comprising at least one of data received, data transmitted, camera usage, battery usage, network usage, telephone functionality usage or Short-message Service (SMS) usage.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
InterDigital CE Patent Holdings SAS (InterDigital, Inc.)
Original Assignee
Swisscom AG (Government of Switzerland)
Inventors
Cetin, Feride, Ruhl, Torben
Primary Examiner(s)
Eskandarnia, Arvin

Application Number

US13/683,065
Publication Number

US 20130132565A1
Time in Patent Office

1,644 Days
Field of Search

709224
US Class Current
CPC Class Codes

G06F 11/36   Preventing errors by testin...

G06F 21/552   involving long-term monitor...

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/145   the attack involving the pr...

H04L 65/40   Support for services or app...

H04W 12/12   Detection or prevention of ...

H04W 12/128   Anti-malware arrangements, ...

H04W 12/37   Managing security policies ...

H04W 4/50   Service provisioning or rec...

Method and system for application security evaluation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for application security evaluation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links