System and method for providing network security to mobile devices

US 8,627,452 B2
Filed: 01/07/2013
Issued: 01/07/2014
Est. Priority Date: 12/13/2005
Status: Active Grant

First Claim

Patent Images

1. A mobile security system, comprising:

a mobile security system processor;

a preboot memory for storing at least a portion of an operating system;

a runtime memory for receiving a copy of the at least a portion of the operating system from the preboot memory when the mobile security system is rebooted;

a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device, the mobile device having a mobile device processor different than the mobile security system processor;

a network connection module for acting as a gateway to a network;

a security policy for protecting the mobile device from malicious content;

a security engine for executing the security policy in the runtime memory; and

a backup module capable of storing at least a portion of the boot sector of the mobile device should the boot sector of the mobile device become compromised.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

57 Citations

19 Claims

1. A mobile security system, comprising:
- a mobile security system processor;
  
  a preboot memory for storing at least a portion of an operating system;
  
  a runtime memory for receiving a copy of the at least a portion of the operating system from the preboot memory when the mobile security system is rebooted;
  
  a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device, the mobile device having a mobile device processor different than the mobile security system processor;
  
  a network connection module for acting as a gateway to a network;
  
  a security policy for protecting the mobile device from malicious content;
  
  a security engine for executing the security policy in the runtime memory; and
  
  a backup module capable of storing at least a portion of the boot sector of the mobile device should the boot sector of the mobile device become compromised.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The mobile security system of claim 1, wherein the connection mechanism includes at least one of a USB connector, a PCMCIA connector, an Ethernet connector, and a wireless communication module.
  - 3. The mobile security system of claim 1, wherein the network connection module includes a wireless network interface card.
  - 4. The mobile security system of claim 1, wherein the security engine includes at least one of an antivirus engine, an antispyware engine, a firewall engine, an IPS/IDS engine, a content filtering engine, a multilayered security monitor, a bytecode monitor, and a URL monitor.
  - 5. The mobile security system of claim 1, wherein the security policy performs weighted risk analysis.
  - 6. The mobile security system of claim 5, wherein the weighted risk analysis weighs risk based on content type.
  - 7. The mobile security system of claim 5, wherein the weighted risk analysis weighs risk based on content source.
  - 8. The mobile security system of claim 5, wherein the weighted risk analysis weighs risk based on content source category.
  - 9. The mobile security system of claim 5, wherein the weighted risk analysis weighs risk based on historical actions of the user.
  - 10. The mobile security system of claim 1, further comprising a remote management module capable of receiving security policy updates.
  - 11. The mobile security system of claim 1, further comprising a remote management module capable of receiving security engine updates.
  - 12. The mobile security system of claim 1, further comprising security data and a remote management module capable of receiving security data updates.
  - 13. The mobile security system of claim 1, wherein the security data includes malicious content signatures.
  - 14. The mobile security system of claim 1, further comprising a distribution module capable of forwarding updates to other mobile security systems.
  - 15. The mobile security system of claim 1, further comprising a remote configuration module capable of communicating with a wizard, the wizard being in communication with an enterprise network security system, the wizard capable of substantially automatic generation of policies and data based on the policies and data on the enterprise network security system, the remote configuration module capable of installing the policies and data generated by the wizard.
  - 16. The mobile security system of claim 1, further comprising a preboot memory that is not accessible during runtime, the preboot memory storing a copy of at least a portion of the operating system of the mobile security system, the mobile security system being configured to load the operating system portion every time the mobile security system is rebooted.

17. A method comprising:
- storing at least a portion of an operating system in a preboot memory of a mobile security system having a mobile security system processor;
  
  receiving a copy of the at least a portion of the operating system from the preboot memory when the mobile security system is rebooted;
  
  receiving, via a network connection mechanism, a network connection request from a mobile device when the mobile device is outside of a trusted network, the mobile device having a mobile device processor different than the mobile security system processor;
  
  acting as a gateway to a network on behalf of the mobile device;
  
  receiving information intended for the mobile device from the network;
  
  protecting, based on a security policy, the mobile device from malicious content in accordance with a security policy;
  
  executing the security policy in the runtime memory; and
  
  storing at least a portion of the boot sector of the mobile device should the boot sector of the mobile device become compromised.
- View Dependent Claims (19)
- - 19. The method of claim 17, wherein the connection mechanism includes at least one of a USB connector, a PCMCIA connector, an Ethernet connector, and a wireless communication module.

18. A system comprising:
- means for storing at least a portion of an operating system in a preboot memory of a mobile security system having a mobile security system processor;
  
  means for receiving a copy of the at least a portion of the operating system from the preboot memory when the mobile security system is rebooted;
  
  means for acting as a gateway to a network on behalf of a mobile device when the mobile device is outside of a trusted network, the mobile device having a mobile device processor different than the mobile security system processor;
  
  means for receiving information intended for the mobile device from the network;
  
  means for protecting, based on a security policy, the mobile device from malicious content in accordance with a security policy;
  
  means for executing the security policy in the runtime memory; and
  
  means for storing at least a portion of the boot sector of the mobile device should the boot sector of the mobile device become compromised.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CUPP Computing AS
Original Assignee
CUPP Computing AS
Inventors
Touboul, Shlomo
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Okeke, Izunna

Application Number

US13/735,836
Publication Number

US 20130219457A1
Time in Patent Office

365 Days
Field of Search

None
US Class Current

726/16
CPC Class Codes

G06F 21/562   Static detection

H04L 63/02   for separating internal fro...

H04L 63/0263   Rule management

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

H04W 12/00   Security arrangements; Auth...

H04W 12/12   Detection or prevention of ...

H04W 12/128   Anti-malware arrangements, ...

System and method for providing network security to mobile devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

57 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing network security to mobile devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links