PRIVATELY PERFORMING APPLICATION SECURITY ANALYSIS

US 20180077158A1
Filed: 11/21/2017
Published: 03/15/2018
Est. Priority Date: 10/31/2014
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

generating a cryptographic representation of application information for an application residing on a mobile device;

transmitting the cryptographic representation to an application risk control system; and

receiving a message from the application risk control system indicating whether the application is permitted or not permitted.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for analyzing applications on a mobile device for risk so as to maintain the privacy of the application user are provided. In the example method, the process receives a request from a mobile device. The request includes a cryptographic representation of application information for an application residing on a mobile device. The method includes comparing the cryptographic representation to an application information database that includes cryptographic representations of applications. The method also includes automatically remediating, e.g., quarantining and retiring, the application if the application matches an application that is a known risk in the database. Exemplary embodiments provide companies with controls to prevent specific applications—which have specific behaviors and are present on mobile devices being used by employees—from being used by employees, without the company having any visibility into what particular applications are being used by the employees on the mobile device.

Citations

20 Claims

1. A method, comprising:
- generating a cryptographic representation of application information for an application residing on a mobile device;
  
  transmitting the cryptographic representation to an application risk control system; and
  
  receiving a message from the application risk control system indicating whether the application is permitted or not permitted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the application information further comprises company information.
  - 3. The method of claim 1, further comprising transmitting to the application risk control system one or more application behaviors for the application without transmitting an identity of the application and without transmitting identifying information of the mobile device.
  - 4. The method of claim 1, further comprising associating an application version with the cryptographic representation.
  - 5. The method of claim 1, wherein the application information comprises executable code of the application.
  - 6. The method of claim 1, wherein the application information comprises at least one of an application name and a version number of the application.
  - 7. The method of claim 1, wherein the cryptographic representation further comprises a company identifier.
  - 8. The method of claim 1, wherein the cryptographic representation includes a hash value of executable code of the application, a name of the application, as well as a version number for the application and a company name.
  - 9. The method of claim 1, wherein the application is one of a plurality of applications on the mobile device, the generating the cryptographic representation, the transmitting the cryptographic representation, and the receiving the message from the application risk control system being performed for each of the plurality of applications.
  - 10. The method of claim 1, wherein the application risk control system is configured to:
    - receive the cryptographic representation of the application information for the application residing on the mobile device;
      
      compare the cryptographic representation to an application information database and an application cryptographic table, the application information database comprising the application information for a plurality of applications, the application information comprising at least one of application behaviors, application names, cryptographic representations of applications, and risk scores of applications, and the application cryptographic table comprising the cryptographic representations of applications associated with at least one of a whitelist or a blacklist; and
      
      automatically remediate the mobile device if the application matches an application that is a known risk as determined from the comparison with the application information database and the application cryptographic table, wherein the remediating comprises at least one of quarantining the application and retiring the mobile device.

11. A system, comprising:
- a processor; and
  
  a memory for storing executable instructions, the instructions being executed by the processor to perform a method, the method comprising;
  
  generating a cryptographic representation of application information for an application residing on a mobile device;
  
  transmitting the cryptographic representation to an application risk control system; and
  
  receiving a message from the application risk control system indicating whether the application is permitted or not permitted.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, wherein the application information further comprises company information including a company identifier.
  - 13. The system of claim 11, the instructions being executed by the processor to further perform transmitting to the application risk control system one or more application behaviors for the application without transmitting an identity of the application and without transmitting identifying information of the mobile device.
  - 14. The system of claim 11, the instructions being executed by the processor to further perform associating an application version with the cryptographic representation.
  - 15. The system of claim 11, wherein the application information comprises executable code of the application.
  - 16. The system of claim 11, wherein the application information comprises at least one of an application name and a version number of the application.
  - 17. The system of claim 11, wherein the cryptographic representation includes a hash value of executable code of the application, a name of the application, as well as a version number for the application and a company name.
  - 18. The system of claim 11, wherein the application is one of a plurality of applications on the mobile device, the instructions being executed by the processor to perform the method for each of the plurality of applications.
  - 19. The system of claim 11, wherein the application risk control system is configured to:
    - receive the cryptographic representation of the application information for the application residing on the mobile device;
      
      compare the cryptographic representation to an application information database and an application cryptographic table, the application information database comprising the application information for a plurality of applications, the application information comprising at least one of application behaviors, application names, cryptographic representations of applications, and risk scores of applications, and the application cryptographic table comprising the cryptographic representations of applications associated with at least one of a whitelist or a blacklist; and
      
      automatically remediate the mobile device if the application matches an application that is a known risk as determined from the comparison with the application information database and the application cryptographic table, wherein the remediating comprises at least one of quarantining the application and retiring the mobile device.

20. A method, comprising:
- generating a cryptographic representation of application information for an application residing on a mobile device;
  
  transmitting the cryptographic representation to an application risk control system; and
  
  receiving a message from the application risk control system indicating whether the application is permitted or not permitted to access an enterprise network with enterprise services, the indication based on a risk score calculated for the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Proofpoint Incorporated
Original Assignee
Proofpoint Incorporated
Inventors
Jevans, David Alexander

Granted Patent

US 10,270,769 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/51   at application loading time...

G06F 21/54   by adding security routines...

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/64   Protecting data integrity, ...

G06F 2221/033   Test or assess software

H03K 19/17728   Reconfigurable logic blocks...

H03K 19/17768   for security

H04L 63/0876   based on the identity of th...

H04L 63/123   received data contents, e.g...

H04L 63/1433   Vulnerability analysis

H04L 63/168   above the transport layer

H04L 9/3236   using cryptographic hash fu...

H04W 12/10   Integrity

PRIVATELY PERFORMING APPLICATION SECURITY ANALYSIS

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PRIVATELY PERFORMING APPLICATION SECURITY ANALYSIS

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links