System and method for monitoring and analyzing multiple interfaces and multiple protocols
First Claim
1. A method of performing a security analysis of data received on a mobile communications device, the method comprising:
- on a mobile communication device having multiple network interfaces for receiving data, in response to receipt of the data by the mobile communications device, gathering information about the data received by the mobile communications device through at least one of the multiple network interfaces, the data received in at least one of a plurality of protocols;
based upon the gathering step, assigning a first protocol to the received data;
performing a security analysis on at least a part of the received data according to its respective assigned protocol;
determining whether there is an additional protocol layer in the received data or in a subset of the received data and, if so, performing a second security analysis on at least a part of the received data in the determined additional protocol layer; and
,if the step of gathering information fails to result in assigning the first protocol to the received data, applying at least one deterministic analysis to at least a part of the received data to determine whether the data received by the mobile communications device is safe or malicious.
9 Assignments
0 Petitions
Accused Products
Abstract
The present invention is a system and method for providing security for a mobile device by analyzing data being transmitted or received by multiple types of networks. The invention can provide security for many types of network interfaces on a mobile device, including: Bluetooth, WiFi, cellular networks, USB, SMS, infrared, and near-field communication. Data is gathered at multiple points in a given processing pathway and linked by a protocol tracking component in order to analyze each protocol present in the data after an appropriate amount of processing by the mobile device. Protocol analysis components are utilized dynamically to analyze data and are re-used between multiple data pathways so as to be able to support an arbitrary number of network data pathways on a mobile device without requiring substantial overhead.
270 Citations
11 Claims
-
1. A method of performing a security analysis of data received on a mobile communications device, the method comprising:
-
on a mobile communication device having multiple network interfaces for receiving data, in response to receipt of the data by the mobile communications device, gathering information about the data received by the mobile communications device through at least one of the multiple network interfaces, the data received in at least one of a plurality of protocols; based upon the gathering step, assigning a first protocol to the received data; performing a security analysis on at least a part of the received data according to its respective assigned protocol; determining whether there is an additional protocol layer in the received data or in a subset of the received data and, if so, performing a second security analysis on at least a part of the received data in the determined additional protocol layer; and
,if the step of gathering information fails to result in assigning the first protocol to the received data, applying at least one deterministic analysis to at least a part of the received data to determine whether the data received by the mobile communications device is safe or malicious.
-
-
2. A method of performing a security analysis of data to be transmitted by at least one of multiple network interfaces of a mobile communications device, the method comprising:
-
in response to a request to transmit the data to be transmitted from the mobile communications device, gathering information about the data to be transmitted by the mobile communications device, the data to be transmitted in at least one of a plurality of protocols; identifying a first protocol of the data to be transmitted; performing a security analysis on at least a part of the data to be transmitted according to its respective identified protocol; determining whether there is an additional protocol layer in the data to be transmitted or in a subset of the data to be transmitted and, if so, performing a second security analysis on at least a part of the data to be transmitted in the determined additional protocol layer; and
,if the step of identifying fails to identify a first protocol of the data to be transmitted, applying at least one deterministic analysis to at least part of the data to be transmitted to determine whether the data to be transmitted by the mobile communications device is safe or malicious.
-
-
3. A method of determining whether to allow or deny use of data received by at least one of multiple network interfaces of a mobile communications device, the method comprising:
-
in response to a request for the mobile communications device to use the received data, identifying a first protocol of the received data; performing a security analysis on at least a part of the received data according to its respective identified protocol; determining whether there is an additional protocol layer in the received data or in a subset of the received data and, if so, performing a second security analysis on at least a part of the received data in the additional protocol layer; if the step of identifying fails to identify the first protocol of the received data, applying at least one deterministic analysis to at least part of the received data to determine whether the data received by the mobile communications device is safe or malicious; and permitting further use of the received data based upon the composite security analysis of the received data.
-
-
4. A method of determining whether to allow or deny transmission of data by at least one of multiple network interfaces of a mobile communications device, the method comprising:
-
in response to a request to transmit the data from the mobile communications device, identifying a first protocol of the data to be transmitted; performing a security analysis of at least a part of the data to be transmitted according to its respective identified protocol; determining whether there is an additional protocol layer in the data to be transmitted or in a subset of the data to be transmitted and, if so, performing a second security analysis on at least a part of the data to be transmitted in the determined additional protocol layer; if the step of identifying fails to identify a first protocol of the data to be transmitted, applying at least one deterministic analysis to at least a part of the data to be transmitted to determine whether the data to be transmitted by the mobile communications device is safe or malicious; and allowing or denying transmission of the data to be transmitted based upon the results of the composite security analysis of the data to be transmitted.
-
-
5. A method of determining whether to allow or deny transmission of data by at least one of multiple network interfaces of a mobile communications device, the method comprising:
-
identifying a first protocol of the received data; in response to a request to transmit the received data from the mobile communications device, performing a first security analysis of at least a part of the received data according to its respective identified protocol; identifying the data to be transmitted in response to the received data; performing a second security analysis of at least a part of the data to be transmitted according to its respective identified protocol; determining whether there is an additional protocol layer in the received data or in a subset of the received data and, if so, performing a third security analysis on at least a part of the received data in the determined additional protocol layer; if the step of identifying a first protocol of the received data fails to identify an initial protocol of the received data, applying at least one deterministic analysis to at least a part of the received data to determine whether the data received by the mobile communications device is safe or malicious; and
,determining whether to allow or deny transmission of the data to be transmitted based upon the first security analysis or at least one deterministic analysis and the third security analysis performed on the received data and based upon the second security analysis performed on the data to be transmitted.
-
-
6. A method comprising:
-
on a mobile device that employs multiple network interfaces and multiple network protocols for receiving and processing data by mobile device operating system sub-systems, at a mobile device security system, receiving data from at least one network interface source and in at least one network protocol; in response to the interception or detection of the data received by the at least one network interface source, at the mobile device security system, before the received data is allowed to reach a downstream destination, identifying at least one of its network protocols; at the mobile device security system, performing a security analysis on at least part of the received data, based upon its identified network protocol, to determine whether the received data should be allowed to reach the downstream destination; determining whether there is an additional protocol layer in the received data or in a subset of the received data and, if so, performing a second security analysis on at least a part of the received data in the determined additional protocol layer; and
,if the step of identifying the at least one protocol of the received data fails to identify an initial protocol of the received data, applying at least one deterministic analysis to at least a part of the received data to determine whether the data received by the mobile communications device is safe or malicious and should be allowed to reach the downstream destination.
-
-
7. A method comprising:
-
on a mobile device that employs multiple network protocols for processing data by mobile device operating system sub-systems, and that employs multiple network interfaces for sending data, at a mobile device security system, receiving data from the mobile device operating system sub-system for transmitting through at least one network interface node and in at least one network protocol on the mobile device to a downstream destination; in response to a request to transmit the data through the at least one network interface node, at the mobile device security system, before the data to be transmitted by the mobile device security system is transmitted to the downstream destination, identifying at least one of its network protocols; at the mobile device security system, performing a security analysis on the data to be transmitted, based upon its identified network protocol, to determine whether the data to be transmitted should be allowed to reach the downstream destination; determining whether there is an additional protocol layer in the data to be transmitted or in a subset of the data to be transmitted and, if so, performing a second security analysis on at least a part of the received data in the determined additional protocol layer; and
,if the step of identifying a first protocol of the received data fails to identify an initial protocol of the received data, applying at least one deterministic analysis to at least a part of the received data to determine whether the data received by the mobile communications device is safe or malicious and should be allowed to reach the downstream destination.
-
-
8. A method comprising:
-
on a mobile device that employs multiple network protocols for processing data by mobile device operating system sub-systems, and that employs multiple network interfaces for receiving and sending data, at a mobile device security system, receiving data from a mobile device operating system sub-system, and in response to receiving data from the mobile device operating system sub-system, identifying at least one network protocol for the data received from the mobile device operating system sub-system; in response to a request to transmit the data to a downstream destination, before the data to be transmitted is transmitted to the downstream destination, at the mobile device security system, identifying at least one network protocol for the received data and identifying at least one protocol for the data to be transmitted; based upon the identified protocol for the received data and the identified protocol for the data to be transmitted, respectively, performing a first security analysis of at least a part of the received data; determining whether there is an additional protocol in the received data or in a subset of the received data and, if so, performing a third security analysis on at least a part of the received data in at least one of the determined additional protocols; and
,if the step of identifying a first protocol of the received data fails to identify an initial protocol of the received data, applying at least one deterministic analysis to at least a part of the received data to determine whether the data received by the mobile communications device is safe or malicious, and, performing a second security analysis on at least a part of the data to be transmitted to determine whether the data to be transmitted should be allowed to reach the downstream destination. - View Dependent Claims (9, 10)
-
-
11. On a mobile communication device with an operating system and operating system subsystems, a method comprising:
-
in response to the interception or detection of received data at at least one of multiple network interfaces on the mobile communication device, before the data is permitted to proceed to its target destination with an operating system subsystem, gathering the received data and identifying the network protocol for the received data; performing a classification analysis on at least a part of the received data according to the determined network protocol to determine a classification for the received data; and
,using the determined classification for the received data to determine whether the received data should either be allowed to proceed to its target destination, or be prevented from proceeding to its target destination determining whether there is an additional network protocol for the received data or in a subset of the received data and, if so, performing a security analysis on at least a part of the received data in the additional network protocol; and
,if the step of gathering the received data fails to identify the network protocol for the received data, applying at least one deterministic analysis to at least part of the received data to determine whether the received data is allowed to proceed or be prevented from proceeding.
-
Specification