System and method for identifying and assessing vulnerabilities on a mobile communications device
First Claim
1. A method comprising:
- a) providing at least one server that accesses a data storage storing a plurality of sets of vulnerability information;
b) receiving, at the at least one server, a set of vulnerability identification information about a mobile communication device;
c) correlating, by the at least one server, the received set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a first set of result information; and
,d) transmitting, by the at least one server, the first set of result information.
9 Assignments
0 Petitions
Accused Products
Abstract
The invention is a system and method for identifying, assessing, and responding to vulnerabilities on a mobile communication device. Information about the mobile communication device, such as its operating system, firmware version, or software configuration, is transmitted to a server for assessment. The server accesses a data storage storing information about vulnerabilities. Based on the received information, the server may identify those vulnerabilities affecting the mobile communication device, and may transmit a notification to remediate those vulnerabilities. The server may also transmit result information about the vulnerabilities affecting the mobile communication device. The server may also store the received information about the device, so that in the event the server learns of new vulnerabilities, it may continue to assess whether the device is affected, and may accordingly notify or remediate the device. The server may provide an interface for an administrator to manage the system and respond to security issues.
-
Citations
59 Claims
-
1. A method comprising:
-
a) providing at least one server that accesses a data storage storing a plurality of sets of vulnerability information; b) receiving, at the at least one server, a set of vulnerability identification information about a mobile communication device; c) correlating, by the at least one server, the received set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a first set of result information; and
,d) transmitting, by the at least one server, the first set of result information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
a) transmitting, from a mobile communication device, a set of vulnerability identification information to at least one server that accesses a data storage storing a plurality of sets of vulnerability information; and
,b) receiving, at the mobile communication device from the at least one server, a first set of result information that correlates to the transmitted set of vulnerability identification information. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A method comprising:
-
a) providing at least one server that accesses a data storage storing a plurality of sets of vulnerability information; b) receiving, at the at least one server, a first set of vulnerability identification information about a first mobile communication device; c) correlating, by the at least one server, the first set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a first set of result information; and
,d) transmitting, by the at least one server, the first set of result information; e) receiving, at the at least one server, a second set of vulnerability identification information about a second mobile communication device, wherein the second set of vulnerability identification information differs from the first set of vulnerability identification information; f) correlating, by the at least one server, the second set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a second set of result information; and
,g) transmitting, by the at least one server, the second set of result information. - View Dependent Claims (18, 19)
-
-
20. A system comprising:
-
a data storage storing a plurality of sets of vulnerability information; a server for accessing the data storage, for receiving one or more sets of vulnerability identification information about one or more mobile communication devices, for correlating the one or more sets of received vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate one or more sets of result information, for transmitting the one or more sets of result information, and for transmitting one or more notifications about the one or more sets of result information; and
,a network connecting the at least one server, data storage, and the plurality of mobile communication devices. - View Dependent Claims (21, 22)
-
-
23. A method comprising:
-
a) providing at least one server that accesses a data storage storing a plurality of sets of vulnerability information; b) receiving, at the at least one server, a set of vulnerability identification information about a mobile communication device; c) correlating, by the at least one server, the received set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a first set of result information; and
,d) transmitting, by the at least one server to the mobile communication device, a notification about the first set of result information. - View Dependent Claims (24, 25, 26, 27)
-
-
28. A method comprising:
-
accessing, by a server, a data storage storing a plurality of sets of vulnerability information, the vulnerability information including descriptions of known vulnerabilities; receiving, by the server, a plurality of sets of vulnerability identification information corresponding to a plurality of mobile communications devices; correlating, by the server, the received plurality of sets of vulnerability identification information to the plurality of sets of vulnerability information accessed from the data storage to generate a set of result information; transmitting, by the server, the set of result information for display to an administrator; receiving, by the server from the administrator in response to the administrator'"'"'s review of at least a subset of the set of result information, instructions to perform a first action to remediate a vulnerability of at least one of the plurality of mobile communications devices. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A system comprising:
-
a data storage storing a plurality of sets of vulnerability information, the vulnerability information including descriptions of known vulnerabilities; a server for performing the steps of; accessing the data storage storing a plurality of sets of vulnerability information, receiving a plurality of sets of vulnerability identification information corresponding to a plurality of mobile communications devices, correlating the received plurality of sets of vulnerability identification information to the plurality of sets of vulnerability information accessed from the data storage to generate a set of result information, transmitting the set of result information for display to an administrator, and receiving, from the administrator in response to the administrator'"'"'s review of at least a subset of the set of result information, instructions to perform a first action to remediate a vulnerability of at least one of the plurality of mobile communications devices; and a network connecting the server, data storage, and the plurality of mobile communications devices. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50)
-
-
51. A non-transitory, computer-readable storage medium having stored thereon a plurality of instructions, which, when executed by a processor of a server, cause the server to perform the steps of:
-
accessing a data storage storing a plurality of sets of vulnerability information, the vulnerability information including descriptions of known vulnerabilities; receiving a plurality of sets of vulnerability identification information corresponding to a plurality of mobile communications devices; correlating the received plurality of sets of vulnerability identification information to the plurality of sets of vulnerability information accessed from the data storage to generate a set of result information; transmitting the set of result information for display to an administrator; and receiving, from the administrator in response to the administrator'"'"'s review of at least a subset of the set of result information, instructions to perform a first action to remediate a vulnerability of at least one of the plurality of mobile communications devices. - View Dependent Claims (52, 53, 54, 55, 56, 57, 58, 59)
-
Specification