Methods and systems for sharing risk responses to improve the functioning of mobile communications devices

US 9,779,253 B2
Filed: 12/28/2016
Issued: 10/03/2017
Est. Priority Date: 10/21/2008
Status: Active Grant

First Claim

Patent Images

1. A method for sharing security risk responses between a plurality of collections to improve the functioning of mobile communications devices associated with at least one collection based on the shared security risk responses, the method comprising:

accessing, by a server security component, a security database including a plurality of security risk responses, each security risk response associated with at least one of the plurality of collections;

identifying, by the server security component, a first security risk response in the security database, wherein the first security risk response was implemented by at least one of the plurality of collections;

determining, by the server security component from the security database, a first collection associated with the first security risk response;

accessing, by the server security component, a relationship database, the relationship database including collection profiles related to the sharing of information between the plurality of collections, the collection profiles including collection attributes;

identifying, by the server security component from information related to the first security risk response in the security database, a set of response attributes of the first security risk response;

identifying, for a second collection, a set of collection attributes that are similar to response attributes in set of response attributes;

receiving, by the server security component, a response attribute value for each response attribute in the set of response attributes;

assigning, by the server security component, a collection attribute value to each of the attributes in the set of collection attributes, wherein the collection attribute values are assigned to a collection attribute based on the response attribute value of the similar corresponding response attribute in the set of response attributes;

summing, by the server security component, the assigned collection attribute values; and

,providing, by the server security component, the first security risk response to the second collection;

(i) when a first collection profile indicates that the first collection permits information related to the first security risk response to be provided to the second collection; and

(ii) when the sum of the assigned collection attribute values equals or exceeds a threshold value.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided for sharing security risk information between collections of computing devices, such as mobile communications devices, to improve the functioning of devices associated with the collections. The methods and systems disclosed may share security risk information by identifying a security risk response by a first collection and then providing the security risk response to a second collection when a relationship database profile for the first collection indicates the security response may be shared with the second collection. Methods and systems are also provided for determining whether to allow a request from an originating device where the request may have been initiated by a remote device.

357 Citations

20 Claims

1. A method for sharing security risk responses between a plurality of collections to improve the functioning of mobile communications devices associated with at least one collection based on the shared security risk responses, the method comprising:
- accessing, by a server security component, a security database including a plurality of security risk responses, each security risk response associated with at least one of the plurality of collections;
  
  identifying, by the server security component, a first security risk response in the security database, wherein the first security risk response was implemented by at least one of the plurality of collections;
  
  determining, by the server security component from the security database, a first collection associated with the first security risk response;
  
  accessing, by the server security component, a relationship database, the relationship database including collection profiles related to the sharing of information between the plurality of collections, the collection profiles including collection attributes;
  
  identifying, by the server security component from information related to the first security risk response in the security database, a set of response attributes of the first security risk response;
  
  identifying, for a second collection, a set of collection attributes that are similar to response attributes in set of response attributes;
  
  receiving, by the server security component, a response attribute value for each response attribute in the set of response attributes;
  
  assigning, by the server security component, a collection attribute value to each of the attributes in the set of collection attributes, wherein the collection attribute values are assigned to a collection attribute based on the response attribute value of the similar corresponding response attribute in the set of response attributes;
  
  summing, by the server security component, the assigned collection attribute values; and
  
  ,providing, by the server security component, the first security risk response to the second collection;
  
  (i) when a first collection profile indicates that the first collection permits information related to the first security risk response to be provided to the second collection; and
  
  (ii) when the sum of the assigned collection attribute values equals or exceeds a threshold value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the first security response was initiated from a first administrator device associated with a first administrator of the first collection and wherein the providing the first security risk response to the second collection includes providing the first security risk response to a second administrator device associated with a second administrator of the second collection.
  - 3. The method of claim 1, wherein the first security risk response was implemented in response to a first security risk type and wherein information related to the first security risk response includes information related to the first security risk type, the method further including:
    - determining, by the server security component from the security database information, a third collection, the third collection having implemented a second security risk response in response to the first security risk type;
      
      accessing, by the server security component, the relationship database; and
      
      ,providing, by the server security component, the second security risk response to the second collection when a third collection profile indicates that the third collection permits information related to the second security risk response to be provided to the second collection.
  - 4. The method of claim 3, further including providing, by the server security component, information related to the first security risk type to the second collection, the information related to the first security risk type including statistical information relating to the prevalence or propagation of the risk type, the statistical information derived from the security database.
  - 5. The method of claim 1, wherein the security database includes risk information acquired in part from device security components on mobile communications devices, wherein the mobile communications devices are associated with at least one collection of the plurality of collections, wherein the device security components send risk information related to security risk responses to the server security component, and wherein the server security component is associated with a platform, the platform associated with an entity separate from any of the plurality of collections.
  - 6. The method of claim 1 further comprising:
    - determining, for the set of collection attributes, the number of collection attributes in the set collection attributes,wherein the providing, by the server security component, the first security risk response to the second collection includes providing, by the server security component, the first security risk response to the second collection;
      
      (i) when the first collection profile indicates that the first collection permits information related to the first security risk response to be provided to the second collection;
      
      (ii) when the sum of the assigned collection attribute values equals or exceeds a threshold value; and
      
      (iii) when the determined number of collection attributes in the set of collection attributes equals or exceeds a threshold number.
  - 7. The method of claim 6, wherein the response attributes include attributes related to at least one of a risk, a mobile communications device, a collection, or a software, and wherein the collection attributes include attributes related to at least one of a collection of the plurality, the mobile communications devices of a collection, or a software of the collection.
  - 8. The method of claim 1,wherein the relationship database further includes relationship information related to the sharing of levels of information between the plurality of collections,wherein the first security risk response includes information of a first level and information of a second level, andwherein providing, by the server security component, the first security risk response to the second collection includes:
    - providing, by the server security component, the first level information to the second collection and not providing the second level information to the second collection;
      
      (i) when the first collection profile indicates that the first collection permits information related to the first security risk response to be provided to the second collection;
      
      (ii) when the sum of the assigned collection attribute values equals or exceeds a threshold value; and
      
      (iii) when the first collection profile indicates that the first collection permits the first level information to be provided to the second collection and does not permit the second level information to be provide to the second collection.
  - 9. The method of claim 1, wherein the identified first security risk response includes a response to a detected security risk event, and wherein the detected security risk event was detected by a device security component on a mobile communications device associated with the first collection.
  - 10. The method of claim 1, wherein the identified first security risk response includes a response to a detected security risk event, and wherein the detected security risk event was detected by the server security component based on an analysis of the security database information.
  - 11. The method of claim 1, wherein the second collection automatically implements the first security risk response.

12. A method for sharing security risk responses between a plurality of collections to improve the functioning of computing devices associated with at least one collection based on the shared security risk responses, the method comprising:
- accessing, by a server security component, a security database including information useful for detecting security risk events associated with mobile communications devices;
  
  detecting, by the server security component based on the security database information, a security risk event associated with at least one mobile communications device, wherein the at least one mobile communications device is associated with a first collection;
  
  notifying, by the server security component, the first collection of the detected security risk event;
  
  determining, by the server security component, a first security risk response of the first collection to the detected security risk event;
  
  accessing, by the server security component, a relationship database, the relationship database including collection profiles related to the sharing of information between the plurality of collections, the collection profiles include collection attributes;
  
  identifying, by the server security component from information related to the first security risk response in the security database, a set of response attributes of the first security risk response;
  
  identifying, for a second collection, a set of collection attributes that are similar to response attributes in the set of response attributes;
  
  receiving, by the server security component, a response attribute value for each response attribute in the set of response attributes;
  
  assigning, by the server security component, a collection attribute value to each of the attributes in the set of collection attributes, wherein the collection attribute values are assigned to a collection attribute based on the response attribute value of the similar corresponding response attribute in the set of response attributes;
  
  summing, by the server security component, the assigned collection attribute values; and
  
  ,providing, by the server security component, the first security risk response to the second collection;
  
  (i) when a first collection profile indicates that the first collection permits information related to the first security risk response to be provided to the second collection; and
  
  (ii) when the sum of the assigned collection attribute values equals or exceeds a threshold value.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, wherein the notifying step includes the server security component providing a notification to a first administrator device associated with a first administrator of the first collection, and wherein the first security risk response was initiated by the first administrator, and wherein the providing step includes the server security component providing the first security risk response to a second administrator device associated with a second administrator of the second collection.
  - 14. The method of claim 12, wherein the step of determining a first security risk response includes determining, by the server security component, the first security risk response of the first collection to the detected security risk event based on the server security component receiving a notice of the first security risk response.
  - 15. The method of claim 12, wherein the step of determining a first security risk response includes determining, by the server security component, the first security risk response of the first collection to the detected security risk event based on an analysis of information in the security database.

16. A method for sharing security risk responses between a plurality of collections to improve the functioning of mobile communications devices associated with at least one collection based on the shared security risk responses, the method comprising:
- accessing, by a server security component, a security database including information useful for detecting security risk events associated with mobile communications devices;
  
  determining, by the server security component from the security database information, a security risk event detected by a device security component on a first mobile communications device;
  
  determining, by the server security component from the security database information, a first collection associated with the first mobile communications device;
  
  accessing, by the server security component, a relationship database, the relationship database including collection profiles related to the sharing of information between the plurality of collections, the collection profiles including collection attributes;
  
  determining, by the server security component from a first collection profile, that the first collection permits information related to the detected security risk event to be provided to a first set of at least one collection of the plurality;
  
  providing, by the server security component, information related to the detected security risk event to the first set of at least one collection;
  
  determining, by the server security component, a first security risk response to the detected security risk event from a second collection of the first set of at least one collection;
  
  accessing, by the server security component, the relationship database;
  
  identifying, by the server security component from information related to the first security risk response in the security database, a set of response attributes of the first security risk response;
  
  identifying, for a second set of at least one collection, a set of collection attributes that are similar to response attributes in set of response attributes;
  
  receiving, by the server security component, a response attribute value for each response attribute in the set of response attributes;
  
  assigning, by the server security component, a collection attribute value to each of the attributes in the set of collection attributes, wherein the collection attribute values are assigned to a collection attribute based on the response attribute value of the similar corresponding response attribute in the set of response attributes;
  
  summing, by the server security component, the assigned collection attribute values; and
  
  providing, by the server security component, information related to the first security risk response to the second set of at least one collection;
  
  (i) when the server security component determines from the second collection profile that the second collection permits information related to the first security risk response to be provided to the second set of at least one collection; and
  
  (ii) when the sum of the assigned collection attribute values equals or exceeds a threshold value.
- View Dependent Claims (17, 18, 19)
- - 17. The method of claim 16, wherein providing information related to the detected security risk event to the first set includes providing, for each collection of the first set, information related to the detected security risk event to a computing device associated with an administrator of the collection, and wherein providing information related to the first security risk response to a second set includes providing, for each collection of the second set, information related to the first security risk response to an administrator of the collection.
  - 18. The method of claim 16, wherein the step of determining a first security risk response to the detected security risk event includes determining, by the server security component, the first security risk response of the second collection to the detected security risk event based on an analysis of information in the security database.
  - 19. The method of claim 16, wherein the determined first security risk response was provided from the second collection to a set of available risk responses, the set of available risk responses being stored in the security database, and wherein the step of determining a first security risk response includes accessing the set of available risk responses.

20. A method for sharing security risk responses between a plurality of collections to improve the functioning of mobile communications devices associated with at least one collection based on the shared security risk responses, the method comprising:
- accessing, by a server security component, a security database including a plurality of security risk responses, each security risk response associated with at least one of the plurality of collections;
  
  identifying, by the server security component, a first security risk response in the security database, wherein the first security risk response was implemented by at least one of the plurality of collections;
  
  determining, by the server security component from the security database, a first collection associated with the first security risk response;
  
  accessing, by the server security component, a relationship database, the relationship database including collection profiles related to the sharing of information between the plurality of collections, the collection profiles including collection attributes;
  
  identifying, by the server security component from information related to the first security risk response in the security database, a set of response attributes of the first security risk response;
  
  identifying, for a second collection, a set of collection attributes that are similar to response attributes in set of response attributes;
  
  receiving, by the server security component, a response attribute value for each response attribute in the set of response attributes;
  
  assigning, by the server security component, a collection attribute value to each of the attributes in the set of collection attributes, wherein the collection attribute values are assigned to a collection attribute based on the response attribute value of the similar corresponding response attribute in the set of response attributes;
  
  evaluating, by the server security component, the assigned collection attribute values to determine whether the first security risk response is relevant to the second collection; and
  
  ,providing, by the server security component, the first security risk response to the second collection;
  
  (i) when a first collection profile indicates that the first collection permits information related to the first security risk response to be provided to the second collection; and
  
  (ii) when the evaluation of the assigned collection attribute values indicates the first security risk response is relevant to the second collection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Lookout Incorporated
Inventors
Mahaffey, Kevin Patrick, Buck, Brian James, Robinson, William, Hering, John G., Burgess, James David, Wyatt, Timothy Micheal, Golombek, David, Richardson, David Luke, Lineberry, Anthony McKay, Barton, Kyle, Evans, Daniel Lee, Salomon, Ariel, Grubb, Jonathan Pantera, Wootton, Bruce, Strazzere, Timothy, Swami, Yogesh
Primary Examiner(s)
Chen, Eric

Application Number

US15/393,089
Publication Number

US 20170103215A1
Time in Patent Office

279 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/0227   Filtering policies mail mes...

H04L 63/123   received data contents, e.g...

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

H04L 63/166   at the transport layer

H04L 69/14   Multichannel or multilink p...

H04W 12/02   Protecting privacy or anony...

H04W 12/12   Detection or prevention of ...

H04W 12/67   Risk-dependent, e.g. select...

Methods and systems for sharing risk responses to improve the functioning of mobile communications devices

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

357 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for sharing risk responses to improve the functioning of mobile communications devices

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

357 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links