Analyzing data gathered through different protocols

US 9,065,846 B2
Filed: 06/17/2013
Issued: 06/23/2015
Est. Priority Date: 10/21/2008
Status: Active Grant

First Claim

Patent Images

1. A method of performing a security analysis of a set of data received on a mobile communications device, the method comprising:

on a mobile communications device having multiple network hardware interfaces for receiving data, in response to receipt of the set of data by the mobile communications device through a first type of network hardware interface and a second type of network hardware interface, gathering information about the set of data received by the mobile communications device, a first subset of the set of data received at the first type of network hardware interface and a second subset of the set of data received at the second type of network hardware interface having different protocols;

based upon the gathering step, assigning a first protocol to the first subset of data received from the first type of network hardware interface and assigning a second protocol to the second subset of data received from the second type of network hardware interface; and

performing a common security analysis on at least a part of the data received from each of the first and second types of network hardware interfaces to determine whether the set of data received by the mobile communications device is safe or malicious, the common security analysis including;

analyzing the first subset of data formatted according to the first protocol using a first protocol analysis component, andanalyzing the second subset of data formatted according to the second protocol using a second protocol analysis component.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security analysis of data received on a mobile communications device includes gathering information about the data through at least two of multiple network interfaces, each of the at least two network interfaces having different protocols. Based upon the gathering, a first protocol is assigned to the data received from a first of the at least two network interfaces. A second protocol is assigned to the data received from a second of the at least two network interfaces. A common security analysis is performed on at least a part of the data received from each of the first and second network interfaces to determine whether the data received by the mobile communications device is safe or malicious.

281 Citations

25 Claims

1. A method of performing a security analysis of a set of data received on a mobile communications device, the method comprising:
- on a mobile communications device having multiple network hardware interfaces for receiving data, in response to receipt of the set of data by the mobile communications device through a first type of network hardware interface and a second type of network hardware interface, gathering information about the set of data received by the mobile communications device, a first subset of the set of data received at the first type of network hardware interface and a second subset of the set of data received at the second type of network hardware interface having different protocols;
  
  based upon the gathering step, assigning a first protocol to the first subset of data received from the first type of network hardware interface and assigning a second protocol to the second subset of data received from the second type of network hardware interface; and
  
  performing a common security analysis on at least a part of the data received from each of the first and second types of network hardware interfaces to determine whether the set of data received by the mobile communications device is safe or malicious, the common security analysis including;
  
  analyzing the first subset of data formatted according to the first protocol using a first protocol analysis component, andanalyzing the second subset of data formatted according to the second protocol using a second protocol analysis component.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the step of performing a common security analysis further comprises:
    - determining whether there is an additional protocol layer in the received data or in a subset of the received data; and
      
      if so, performing an additional security analysis on at least a part of the received data in the determined additional protocol.
  - 3. The method of claim 1, wherein if the step of gathering information fails to result in assigning a protocol to data received from at least one of the first and second types of network hardware interfaces, the step of performing a common security analysis applies at least one deterministic analysis to at least a part of the received data.

4. A method of performing a security analysis of a set of data to be transmitted using two different types of network hardware interfaces of a mobile communications device, the method comprising:
- in response to a request to transmit the set of data to be transmitted from the mobile communications device, gathering information about the set of data to be transmitted by the mobile communications device, the set of data to include a first subset of data for a first type of network hardware interface and a second subset of data for a second type of network hardware interface;
  
  identifying a first protocol of the first subset of data to be transmitted and a second protocol of the second subset of data to be transmitted; and
  
  performing a common security analysis on at least a part of the data to be transmitted using each of the two types of network hardware interfaces to determine whether the set of data to be transmitted by the mobile communications device is safe or malicious, the common security analysis including;
  
  analyzing the first subset of data formatted according to the first protocol using a first protocol analysis component, andanalyzing the second subset of data formatted according to the second protocol using a second protocol analysis component.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4, wherein the step of performing a common security analysis further comprises:
    - determining whether there is an additional protocol layer in the data to be transmitted or in a subset of the data to be transmitted; and
      
      if so, performing an additional security analysis on at least a part of the data to be transmitted in the determined additional protocol.
  - 6. The method of claim 4, wherein if the step of identifying fails to identify a protocol of the data to be transmitted by at least one of the two types of network hardware interfaces, the step of performing a common security analysis applies at least one deterministic analysis to at least part of the data to be transmitted.

7. A method of determining whether to allow or deny use of a set of data received using two different types of network hardware interfaces of a mobile communications device, the method comprising:
- in response to a request for the mobile communications device to use the received data, identifying a first protocol of a first subset of the data received from a first of the two types of network hardware interfaces and identifying a second protocol of a second subset of the data received from a second of the two types of network hardware interfaces;
  
  performing a common security analysis on at least a part of the data received using each of the two network hardware interfaces according to their respective identified protocols, the common security analysis including;
  
  analyzing the first subset of data formatted according to the first protocol using a first protocol analysis component, andanalyzing the second subset of data formatted according to the second protocol using a second protocol analysis component; and
  
  permitting further use of the received set of data based a determination of whether the data received by the mobile communications device is safe or malicious.
- View Dependent Claims (8, 9)
- - 8. The method of claim 7, wherein the step of performing a common security analysis further comprises:
    - determining whether there is an additional protocol layer in the received data or in a subset of the received data; and
      
      if so, performing an additional security analysis on at least a part of the received data in the additional protocol.
  - 9. The method of claim 7, wherein if the steps of identifying fail to identify a protocol of the received data, the step of performing a common security analysis applies at least one deterministic analysis to at least part of the received data.

10. A method of determining whether to allow or deny transmission of a set of data using two different types of network hardware interfaces of a mobile communications device, the method comprising:
- in response to a request to transmit the set of data from the mobile communications device, identifying a first and a second protocol of the data to be transmitted, the first and second protocols corresponding to a first type and a second type of network hardware interface;
  
  performing a common security analysis on at least a part of the data to be transmitted using each of the two types of network interfaces according to their respective identified protocols, the common security analysis including;
  
  analyzing a first subset of data formatted according to the first protocol using a first protocol analysis component, andanalyzing a second subset of data formatted according to the second protocol using a second protocol analysis component; and
  
  allowing or denying transmission of the set of data to be transmitted based upon a determination of whether the data to be transmitted by the mobile communications device is safe or malicious.
- View Dependent Claims (11, 12)
- - 11. The method of claim 10, wherein the step of performing a common security analysis further comprises:
    - determining whether there is an additional protocol layer in the data to be transmitted or in a subset of the data to be transmitted; and
      
      if so, performing an additional security analysis on at least a part of the data to be transmitted in the determined additional protocol.
  - 12. The method of claim 10, wherein if the step of identifying fails to identify a protocol of the data to be transmitted, the step of performing a common security analysis applies at least one deterministic analysis to at least a part of the data to be transmitted.

13. A method comprising:
- on a mobile communications device that employs two different types of network hardware interfaces each type employing a different communications protocol, wherein a communications protocol is for receiving and processing data by mobile communications device operating system sub-systems, at a mobile communications device security system, receiving a set of data from the two network interface sources and in the two communications protocols;
  
  in response to the interception or detection of the set of data received using the two network hardware interface sources, at the mobile communications device security system, before the set of received data is allowed to reach a downstream destination, identifying at least the two communications protocols;
  
  at the mobile communications device security system, based at least in part upon the identified communications protocols, performing a common security analysis on at least part of the received data of each of the two network hardware interfaces to determine if the set of received data should be allowed to reach the downstream destination based upon whether the set of data received by the mobile communications device is safe or malicious, the common security analysis including;
  
  analyzing a first subset of the received data formatted according to a first identified communications protocol using a first protocol analysis component, andanalyzing a second subset of the received data formatted according to a second identified communications protocol using a second protocol analysis component.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13, wherein the step of performing a common security analysis on at least a part of the received data further comprises:
    - determining whether there is an additional protocol layer in the received data or in a subset of the received data; and
      
      if so, performing an additional security analysis on at least a part of the received data in the determined additional protocol.
  - 15. The method of claim 13, wherein if the step of identifying at least the two protocols of the received data fails to identify a protocol of the received data, the step of performing a common security analysis applies at least one deterministic analysis to at least a part of the received data.

16. A method comprising:
- on a mobile communications device that employs at least two different communications protocols for processing data by mobile communications device operating system sub-systems, and that employs at least two different types of network hardware interfaces for sending data, at a mobile communications device security system, receiving a set of data from the mobile communications device operating system sub-systems for transmitting using a first type and a second type of network hardware interface node and in first and second different communications protocols corresponding to the first and second types of network hardware interface nodes on the mobile communications device to a downstream destination;
  
  in response to a request to transmit the set of data through the first and second network hardware interface nodes, at the mobile communications device security system, before the data to be transmitted by the mobile communications device security system is transmitted to the downstream destination, identifying at least the first and second communications protocols;
  
  at the mobile communications device security system, performing a common security analysis on the set of data to be transmitted, based upon each of its identified communications protocols, to determine if the set of data to be transmitted should be allowed to reach the downstream destination based upon whether the set of data received by the mobile communications device is safe or malicious, the common security analysis including;
  
  analyzing a first subset of the set of data formatted according to the first identified communications protocol using a first protocol analysis component, andanalyzing a second subset of the set of data formatted according to the second identified communications protocol using a second protocol analysis component.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, wherein the step of performing a common security analysis on at least a part of the data to be transmitted further comprises:
    - determining whether there is an additional protocol layer in the data to be transmitted or in a subset of the data to be transmitted; and
      
      if so, performing an additional security analysis on at least a part of the received data in the determined additional protocol.
  - 18. The method of claim 16, wherein if the step of identifying at least the first and second protocol of the received data fails to identify a protocol of the received data, the step of performing a common security analysis applies at least one deterministic analysis to at least a part of the data to be transmitted.

19. A method comprising:
- on a mobile communications device that employs multiple communications protocols for processing data by mobile communications device operating system sub-systems, and that employs multiple network interfaces for receiving and sending data, at a mobile communications device security system, receiving a first subset of a set of data from a first mobile communications device operating system sub-system, and in response to receiving the first subset of data from the first mobile communications device operating system sub-system, identifying a first communications protocol for the first subset of data corresponding to the first mobile communications device operating system sub-system;
  
  in response to a request to transmit the set of data to a second mobile communications device operating system sub-system, the second sub-system being a type of sub-system different from the first, before the set of data to be transmitted is transmitted to the second mobile communications device operating system sub-system, at the mobile communications device security system, identifying a second communications protocol for a second subset of the set of data corresponding to the second mobile communications device operating system sub-system;
  
  based upon the identified first protocol for the first subset of data and the identified second protocol for the second subset of data, respectively, performing a common security analysis of at least a part of the received data and of at least a part of the data to be transmitted to determine whether the set of data to be transmitted should be allowed to reach the second mobile communications device operating system sub-system based upon whether the set of data to be transmitted by the mobile communications device is safe or malicious, the common security analysis including;
  
  analyzing the first subset of data formatted according to the first communications protocol using a first protocol analysis component, andanalyzing the second subset of data formatted according to the second communications protocol using a second protocol analysis component.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The method of claim 19, wherein the step of performing a common security analysis on at least a part of the received data further comprises:
    - determining whether there is an additional protocol in the received data or in a subset of the received data; and
      
      if so, performing an additional security analysis on at least a part of the received data in the determined additional protocol.
  - 21. The method of claim 19, wherein if the step of identifying a first communications protocol of the received data fails to identify a protocol of the received data, the step of performing a common security analysis applies at least one deterministic analysis to at least a part of the received data.
  - 22. The method of claim 19, wherein the step of performing a common security analysis on at least a part of the data to be transmitted further comprises:
    - determining whether there is an additional protocol in the data to be transmitted or in a subset of the data to be transmitted; and
      
      if so, performing an additional security analysis on at least a part of the data to be transmitted in the determined additional protocol.
  - 23. The method of claim 19, wherein if the step of identifying a second communications protocol of the data to be transmitted fails to identify a protocol of the data to be transmitted, the step of performing the common security analysis applies at least one deterministic analysis to at least a part of the data to be transmitted.

24. On a mobile communications device with an operating system and operating system subsystems, a method comprising:
- in response to the interception or detection of received data at two different types of network interfaces on the mobile communications device, before a set of the received data is permitted to proceed to its target destination with an operating system subsystem, gathering the received data and identifying a first communications protocol for a first subset of received data corresponding to a first type of network hardware interface and a second communications protocol for a second subset of received data corresponding to a second network hardware interface, the first and second types of protocols being different from each other;
  
  performing a common classification analysis on at least a part of the received data from each of the two network hardware interfaces according to the determined first communications protocol and second communications protocol to determine a classification for the set of received data, the common security analysis including;
  
  analyzing the first subset of received data formatted according to the first communications protocol using a first protocol analysis component, andanalyzing the second subset of received data formatted according to the second communications protocol using a second protocol analysis component; and
  
  ,using the determined classification for the set of received data to determine whether the set of received data should either be allowed to proceed to its target destination, or be prevented from proceeding to its target destination.

25. A method of performing a dynamic security analysis of a set of data being received on a mobile communications device, the method comprising:
- on a mobile communications device having multiple network hardware interfaces for receiving data, when receiving the set of data using a first type of network hardware interface and using a second type of network hardware interface, the data being received using the first network hardware interface having a different communications protocol from the data being received using the second network hardware interface, gathering information about the set of data being received by the mobile communications device;
  
  based upon the gathering step, assigning a first communications protocol to data being received using the first type of network hardware interface and assigning a second communications protocol to data being received using the second type of network hardware interface; and
  
  performing a common dynamic security analysis on a first subset of the set of data, the first subset assigned the first protocol, and on a second subset of the set of data, the second subset assigned the second protocol, to determine whether the set of data being received by the mobile communications device is safe or malicious, the common dynamic security analysis including;
  
  analyzing the first subset while formatted according to the first communications protocol and using a first protocol analysis component, andanalyzing the second subset while formatted according to the second communications protocol using a second protocol analysis component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Lookout Incorporated
Inventors
Mahaffey, Kevin
Primary Examiner(s)
Chen, Shin-Hon

Application Number

US13/919,901
Publication Number

US 20130283376A1
Time in Patent Office

736 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/1408   by monitoring network traff...

H04W 12/10   Integrity

H04W 12/128   Anti-malware arrangements, ...

H04W 88/06   adapted for operation in mu...

Analyzing data gathered through different protocols

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

281 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Analyzing data gathered through different protocols

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

281 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links