SYSTEMS AND METHODS FOR MOBILE APPLICATION SECURITY CLASSIFICATION AND ENFORCEMENT

US 20110167474A1
Filed: 03/18/2011
Published: 07/07/2011
Est. Priority Date: 07/24/2008
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

configuring a mobile device such that the mobile device communicates data to an external network via a cloud-based security system;

receiving data from the mobile device;

enforcing policy on the data from the mobile device; and

based on the policy, forwarding the data to the external network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure provides systems and methods for mobile application security classification and enforcement. In particular, the present invention includes a method, a mobile device, and a distributed security system (e.g., a “cloud”) that is utilized to enforce security on mobile devices communicatively coupled to external networks (i.e., the Internet). Advantageously, the present invention is platform independent allowing it to operate with any current or emerging mobile device. Specifically, preventing malicious applications from running on an end user'"'"'s mobile device is challenging with potentially millions of applications and billions of user devices; the only effective way to enforce application security is through the network that applications use to communicate.

304 Citations

20 Claims

1. A method, comprising:
- configuring a mobile device such that the mobile device communicates data to an external network via a cloud-based security system;
  
  receiving data from the mobile device;
  
  enforcing policy on the data from the mobile device; and
  
  based on the policy, forwarding the data to the external network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, further comprising:
    - receiving data from the external network;
      
      inspecting content of the data from the external network; and
      
      based on the inspecting content, forwarding the data to the mobile device.
  - 3. The method of claim 2, further comprising:
    - determining a plurality of attributes for each of a plurality of applications for the mobile device;
      
      storing the plurality of attributes for each of the plurality of applications in a database; and
      
      periodically updating the database.
  - 4. The method of claim 3, further comprising:
    - utilizing the database in the enforcing policy step.
  - 5. The method of claim 3, wherein the determining the plurality of attributes comprises:
    - determining a security score based on a plurality of factors related to security; and
      
      determining a privacy score based on a plurality of factors related to privacy.
  - 6. The method of claim 5, further comprising:
    - utilizing the database in the enforcing policy step to prevent the data from the mobile device from being forwarding if the data relates to an application which does not meet a minimum threshold related to the security score and the privacy score.
  - 7. The method of claim 5, further comprising:
    - for a particular application, updating the plurality of attributes based on feedback from the cloud-based security system.
  - 8. The method of claim 2, further comprising:
    - determining a web risk index based on either the data from the mobile device or the data from the external network; and
      
      based on the web risk index, forwarding the data from the mobile device to the external network or forwarding the data from the external network to the mobile device.
  - 9. The method of claim 1, further comprising:
    - pushing a configuration to the mobile device prior to the configuring step.
  - 10. The method of claim 1, wherein the configuring step comprises setting the mobile device such that data to and from the mobile device is interfaced through the cloud-based security system.
  - 11. The method of claim 10, wherein the mobile device is configured with a Hypertext Transfer Protocol proxy designating the cloud-based security system.
  - 12. The method of claim 10, wherein the mobile device is configured with a Virtual Private Network to the cloud-based security system.
  - 13. The method of claim 2, wherein the inspecting content step comprises analyzing the data from the external network for malicious content.
  - 14. The method of claim 13, wherein the malicious content comprises viruses, spyware, malware, Trojans, botnets, spam email, phishing content, inappropriate content with respect to policy, black listed content, and combinations thereof.

15. A network security system, comprising:
- a processing node communicatively coupled to a mobile device and to an external network, wherein the processing node comprises a data store storing security policy data for the mobile device, data inspection engines configured to perform threat detection classification on content to the mobile device from the external network, and a manager communicatively coupled to the data store and the data inspection engines;
  
  wherein the processing node is configured to enforce policy between the mobile device and the external network and inspect content from the external network to the mobile device.
- View Dependent Claims (16, 17, 18)
- - 16. The network security system of claim 15, further comprising:
    - an authority node communicatively coupled to the processing node, wherein the authority node comprises a data store storing security policy data for the processing node and a plurality of other processing nodes;
      
      wherein the authority node is configured to maintain a database of application ratings for a plurality of applications associated with the mobile device, and wherein the database is utilized by the processing node to enforce the policy and to inspect the content.
  - 17. The network security system of claim 15, wherein the mobile device is configured with a Hypertext Transfer Protocol proxy designating the processing node.
  - 18. The network security system of claim 15, wherein the mobile device is configured with a Virtual Private Network to the processing node.

19. A mobile device, comprising:
- a data store;
  
  a network interface communicatively coupled to a network;
  
  a processor, wherein the data store, the network interface, and the processor are communicatively coupled there between and configured to;
  
  transmit data to a cloud-based security system configured to enforce policy on the data from the mobile device; and
  
  receive data from the cloud-based security system configured to inspect content on the data to the mobile device for malicious content.
- View Dependent Claims (20)
- - 20. The mobile device of claim 19, wherein the mobile device is communicatively coupled to the cloud-based security system via one of a wireless service provider network, a wireless hot spot, or a wired network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zscaler Incorporated
Original Assignee
Zscaler Incorporated
Inventors
SUTTON, Michael Andrew William, SINHA, Amit, DEVARAJAN, Srikanth

Granted Patent

US 8,763,071 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/56   Computer malware detection ...

H04L 63/20   for managing network securi...

H04L 67/306   User profiles

H04W 12/08   Access security

H04W 12/128   Anti-malware arrangements, ...

H04W 4/60   Subscription-based services...

SYSTEMS AND METHODS FOR MOBILE APPLICATION SECURITY CLASSIFICATION AND ENFORCEMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

304 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR MOBILE APPLICATION SECURITY CLASSIFICATION AND ENFORCEMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

304 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links