METHOD AND SYSTEM FOR EVALUATING SECURITY FOR AN INTERACTIVE SERVICE OPERATION BY A MOBILE DEVICE

US 20140325586A1
Filed: 11/05/2013
Published: 10/30/2014
Est. Priority Date: 04/24/2013
Status: Active Grant

First Claim

Patent Images

1. A method for evaluating security during an interactive service operation by a mobile communications device, the method comprising:

identifying, by a mobile communications device, a launch of an interactive service configured to communicate with a server over a network during an interactive service operation;

generating, by the mobile communications device, a security evaluation based on a plurality of trust factors, wherein at least one of the plurality of trust factors is related to a current state of the mobile communications device, to a security feature of the interactive service, and/or to a security feature of the network; and

performing, by the mobile communications device, an action based on the security evaluation.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for evaluating security during an interactive service operation by a mobile communications device includes launching, by a mobile communications device, an interactive service configured to access a server over a network during an interactive service operation, and generating a security evaluation based on a plurality of trust factors related to a current state of the mobile communications device, to a security feature of the application, and/or to a security feature of the network. When the security evaluation is generated, an action is performed based on the security evaluation.

32 Citations

View as Search Results

28 Claims

1. A method for evaluating security during an interactive service operation by a mobile communications device, the method comprising:
- identifying, by a mobile communications device, a launch of an interactive service configured to communicate with a server over a network during an interactive service operation;
  
  generating, by the mobile communications device, a security evaluation based on a plurality of trust factors, wherein at least one of the plurality of trust factors is related to a current state of the mobile communications device, to a security feature of the interactive service, and/or to a security feature of the network; and
  
  performing, by the mobile communications device, an action based on the security evaluation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1 wherein the action performed includes displaying, by the mobile communications device, the security evaluation to a user of the mobile communications device while the user is using the interactive service.
  - 3. The method of claim 1 wherein the action performed includes preventing the interactive service operation when the security evaluation indicates that it is not safe to perform the interactive service operation.
  - 4. The method of claim 1 wherein the interactive service includes an application hosted by the mobile communications device and a web application operating in a web browser on the mobile communications device.
  - 5. The method of claim 1 wherein the interactive service is associated with an entity and is configured to transmit data to and receive data from a target website purportedly associated with the entity, the method further comprises verifying that the target website is an authentic website associated with the entity.
  - 6. The method of claim 5 wherein verifying the target website is authentic includes identifying a domain of the target website based on a uniform resource locator (URL) of the target website and determining that the domain of the target website is registered by the entity.
  - 7. The method of claim 5 wherein when the target website is not an authentic website associated with the entity, the method further comprises generating, by the mobile communications device, a security warning indicating that the interactive service is suspicious, and displaying the security warning to the user.
  - 8. The method of claim 5 wherein the entity is a financial institution, a payment service, or an e-commerce service.
  - 9. The method of claim 1 wherein the plurality of trust factors are associated with a plurality of security subscores and the method further includes determining a security score by accumulating the plurality of security subscores, wherein the security evaluation is based on the security subscore.
  - 10. The method of claim 9 wherein when the security score is greater than a threshold value, the security evaluation indicates that it is not recommended to perform the interactive service operation and when the security score is at most equal to the threshold value, the security evaluation indicates that it is safe to perform the interactive service operation.
  - 11. The method of claim 9 wherein when the security score is at most equal to a first threshold value, the security evaluation indicates that it is safe to perform the interactive service operation, when the security score is greater than the first threshold value and less than a second threshold value, the security evaluation indicates that it is not safe to perform the interactive service operation and to proceed with caution, and when the security score is at least equal to the second threshold value, the security evaluation indicates that it is not recommended to perform the interactive service operation.
  - 12. The method of claim 1 wherein the plurality of trust factors are associated with a plurality of security subscores and when a first trust factor is directed to whether malware exists on the mobile communications device, the method further includes setting a security subscore associated with the first trust factor to a value greater than zero when malware is detected, and setting the security subscore to zero when malware is not detected.
  - 13. The method of claim 1 wherein the plurality of trust factors are associated with a plurality of security subscores and when a first trust factor is related to a current state of the mobile communications device is directed to whether the mobile communications device is lost or stolen, the method includes setting the security subscore associated with the first trust factor to a value greater than zero when the device is reported lost or stolen.
  - 14. The method of claim 13 wherein when the security subscore is greater than zero, the method further includes locking the mobile communications device and wherein when the application is configured to access a target website, the method includes transmitting a notification message to the target website that the mobile communications device is lost or stolen.
  - 15. The method of claim 1 wherein the plurality of trust factors are associated with a plurality of security subscores and when a first trust factor related to a security feature of the interactive service is directed to whether the interactive service is downloaded from a trusted source, the method includes setting the security subscore associated with the first trust factor to a value greater than zero when the source is not a trusted source, and setting the security subscore to zero when the source is a trusted source.
  - 16. The method of claim 1 wherein the plurality of trust factors are associated with a plurality of security subscores and when a first trust factor related to a security feature of the interactive service is directed to whether the interactive service encrypts data transmitted to the website, the method includes setting the security subscore associated with the first trust factor to a value greater than zero when the data is not encrypted, and setting the security subscore to zero when the data is encrypted.
  - 17. The method of claim 1 wherein the plurality of trust factors are associated with a plurality of security subscores and when a first trust factor related to a security feature of the network is directed to whether the network over which data is transmitted and received is a secure network, the method includes setting the security subscore to a value greater than zero when the network is an insecure network, and setting the security subscore to zero when the network is secure.
  - 18. The method of claim 17 wherein when the security subscore is greater than zero, the method further includes detecting a second network that is a secure network, disconnecting from the insecure network, connecting to the second network, and setting the security subscore to zero.
  - 19. The method of claim 1 further comprising displaying, by the mobile communications device, a contextual information overlay associated with the security evaluation, wherein the contextual information overlay provides contextual information relating to the security evaluation.
  - 20. The method of claim 19 wherein the contextual information overlay comprises a checklist that includes information regarding a current security status of the mobile communications device, a security status of the interactive service, and/or to a security status of the network.
  - 21. The method of claim 1 further comprising authenticating, by the mobile communications device, the user of the mobile communications device based on information known to the device'"'"'s user, a geo-location of the mobile communications device, and/or sensor data collected by the mobile communications device.
  - 22. The method of claim 21 wherein authenticating the user includes determining, by the mobile communications device, that the mobile communications device is near another mobile communications device known to be associated with the user.

23. A method for evaluating security during an interactive service operation by a mobile communications device, the method comprising:
- identifying, by a mobile communications device, a launch of an interactive service configured to communicate with a server over a network during an interactive service operation;
  
  determining, by the mobile communications device, a security score based on a plurality of trust factors, wherein at least one of the plurality of trust factors is related to a current state of the mobile communications device, to a security feature of the interactive service, and/or to a security feature of the network;
  
  generating a security evaluation for the interactive service based on the security score; and
  
  displaying, by the mobile communications device, the security evaluation for the interactive service and/or a contextual information overlay associated with the interactive service comprising a checklist that includes information regarding a current security status of the mobile communications device, a security status of the interactive service, and/or to a security status of the network, wherein the security evaluation and/or the contextual information overlay is displayed while the user is using the interactive service.

24. A method for evaluating security during an interactive service operation by a mobile communications device, the method comprising:
- receiving, by a server, an indication from a mobile communications device that an interactive service on the mobile communications device is launched, wherein the interactive service is configured to communicate with another server over a network during an interactive service operation; and
  
  generating, by the server, a security evaluation based on a plurality of trust factors, wherein at least one of the plurality of trust factors is related to a current state of the mobile communications device, to a security feature of the interactive service, and/or to a security feature of the network.
- View Dependent Claims (25, 26, 27, 28)
- - 25. The method of claim 24 further comprising determining, by the server, an action based on the security evaluation, wherein the action is performed by the server and/or the mobile communications device.
  - 26. The method of claim 24 further comprising transmitting the security evaluation to the mobile communications device, wherein the mobile communications device is configured to perform an action based on the security evaluation.
  - 27. The method of claim 24 wherein a trust factor is related to a reputation of the launched interactive service and the method further includes determining, by the server, the interactive service'"'"'s reputation from at least one of a social media and social networking web site.
  - 28. The method of claim 24 wherein the server is one of a VPN server that is configured to tunnel data traffic between the mobile communications device and the other server and a proxy web server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Lookout Incorporated
Inventors
Mahaffey, Kevin, Halliday, Derek, Bergher, Bruno, Buck, Brian, Gupta, Abheek

Granted Patent

US 9,307,412 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/126   the source of the received ...

H04L 63/1433   Vulnerability analysis

H04L 63/1483   service impersonation, e.g....

H04W 12/12   Detection or prevention of ...

H04W 12/128   Anti-malware arrangements, ...

H04W 12/30   Security of mobile devices;...

H04W 12/63   Location-dependent; Proximi...

H04W 12/67   Risk-dependent, e.g. select...

METHOD AND SYSTEM FOR EVALUATING SECURITY FOR AN INTERACTIVE SERVICE OPERATION BY A MOBILE DEVICE

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR EVALUATING SECURITY FOR AN INTERACTIVE SERVICE OPERATION BY A MOBILE DEVICE

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links