Providing application-specific threat metrics

US 9,888,022 B2
Filed: 12/01/2015
Issued: 02/06/2018
Est. Priority Date: 12/01/2015
Status: Active Grant

First Claim

Patent Images

1. A method for use with a first mobile device application (first app) suitable for running on devices of at least a first device type, the method comprising:

collecting first-device-type risk-relevant data associated with a first app from a first plurality of devices, with each device of the first plurality of devices being of the first device type;

analyzing the first-device-type risk-relevant data to generate first-device-type risk characteristic data corresponding to the first device type;

associating the first-device-type risk characteristic data as first risk metadata with the first app;

collecting, for each device type of a set of device type(s) corresponding to the app, device-type-specific risk-relevant risk data associated with the app and a respective device type;

analyzing, for each device type of the set of device type(s) corresponding to the app, a respectively corresponding device-type-specific risk-relevant data to generate respectively corresponding device-type-specific risk characteristic data associated with the app and the respective device type; and

associating, for each device type of the set of device type(s) corresponding to the app, the respectively corresponding device-type-specific risk characteristic data as device-type specific risk metadata with the app;

wherein;

the first app is one of a plurality of apps that is used by members of an enterprise; and

each app of the plurality of apps is suitable for running on a respectively corresponding set of device type(s).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Assessment of threat risks associated with a given mobile device application (app) on a device type specific basis, so that the threat assessment is specific to a particular device type that is suitable for running the given app. The assessed device-type-specific risk is represented as device-type-specific risk metadata, which is associated as metadata with the given app. For example, the metadata may be stored along with the given app in a common repository that includes many apps. In some embodiments, the device-type-specific risk metadata is generated and stored comprehensively for all apps and device types used in an enterprise. The device-type-specific risk assessment, and corresponding device-type-specific risk metadata, may be based upon run time behavior of the given app on a given device type.

18 Citations

View as Search Results

18 Claims

1. A method for use with a first mobile device application (first app) suitable for running on devices of at least a first device type, the method comprising:
- collecting first-device-type risk-relevant data associated with a first app from a first plurality of devices, with each device of the first plurality of devices being of the first device type;
  
  analyzing the first-device-type risk-relevant data to generate first-device-type risk characteristic data corresponding to the first device type;
  
  associating the first-device-type risk characteristic data as first risk metadata with the first app;
  
  collecting, for each device type of a set of device type(s) corresponding to the app, device-type-specific risk-relevant risk data associated with the app and a respective device type;
  
  analyzing, for each device type of the set of device type(s) corresponding to the app, a respectively corresponding device-type-specific risk-relevant data to generate respectively corresponding device-type-specific risk characteristic data associated with the app and the respective device type; and
  
  associating, for each device type of the set of device type(s) corresponding to the app, the respectively corresponding device-type-specific risk characteristic data as device-type specific risk metadata with the app;
  
  wherein;
  
  the first app is one of a plurality of apps that is used by members of an enterprise; and
  
  each app of the plurality of apps is suitable for running on a respectively corresponding set of device type(s).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising:
    - storing all apps of the plurality of apps and all device-type-specific risk metadata in a common repository.
  - 3. The method of claim 2 wherein the common repository has at least one of the following characteristics:
    - the common repository is a central repository for the enterprise and/or the common repository is an app store.
  - 4. The method of claim 1 wherein the collection of device-type-specific risk-relevant data includes a collection of external URLs (uniform resource locators) accessed.
  - 5. The method of claim 1 wherein the analysis of the respectively corresponding device-type-specific risk-relevant data includes:
    - correlating the respectively corresponding device-type-specific risk-relevant data against a set of enterprise threat intelligence source(s).
  - 6. The method of claim 1 wherein:
    - the analysis of the respectively corresponding device-type-specific risk-relevant data includes identifying threat categories; and
      
      the device-type-specific risk metadata includes identified threat categories.
  - 7. The method according to claim 1 further comprising:
    - presenting, in human understandable form to a human user, a device-type-specific risk metadata corresponding to at least one app and at least one device type of the set of device type(s) corresponding to the at least one app.
  - 8. The method of claim 1 wherein the device-type-specific risk-relevant data includes device-type-specific run time behavioral data.

9. A computer program product for use with a first mobile device application (first app) suitable for running on devices of at least a first device type, the computer program product comprising a non-transitory computer readable storage medium having stored thereon:
- first program instructions programmed to collect first-device-type risk-relevant data associated with the first app from a first plurality of devices, with each device of the first plurality of devices being of the first device type;
  
  second program instructions programmed to analyze the first-device-type risk-relevant data to generate first-device-type risk characteristic data corresponding to the first device type;
  
  third program instructions programmed to associate the first-device-type risk characteristic data as first risk metadata with the first app;
  
  fourth program instructions programmed to collect, for each device type of a set of device type(s) corresponding to the app, device-type-specific risk-relevant risk data associated with the app and a respective device type;
  
  fifth program instructions programmed to analyze, for each device type of the set of device type(s) corresponding to the app, a respectively corresponding device-type-specific risk-relevant data to generate respectively corresponding device-type-specific risk characteristic data associated with the app and a respective device type; and
  
  sixth program instructions programmed to associate, for each device type of the set of device type(s) corresponding to the app, a respectively corresponding device-type-specific risk characteristic data as device-type specific risk metadata with the app;
  
  wherein;
  
  the first app is one of a plurality of apps that is used by members of an enterprise; and
  
  each app of the plurality of apps is suitable for running on a respectively corresponding set of device type(s).
- View Dependent Claims (10, 11, 12, 13)
- - 10. The computer program product of claim 9 further comprising:
    - seventh program instructions programmed to store all apps of the plurality of apps and all device-type-specific risk metadata in a common repository.
  - 11. The computer program product of claim 10 wherein the common repository has at least one of the following characteristics:
    - the common repository is a central repository for the enterprise and/or the common repository is an app store.
  - 12. The computer program product of claim 9 wherein the collection of device-type-specific risk-relevant data includes a collection of external URLs (uniform resource locators) accessed.
  - 13. The computer program product of claim 9 wherein the analysis of the respectively corresponding device-type-specific risk-relevant data includes:
    - seventh program instructions programmed to correlate the respectively corresponding device-type-specific risk-relevant data against a set of enterprise threat intelligence source(s).

14. A computer system for use with a first mobile device application (first app) suitable for running on devices of at least a first device type, the non-transitory computer system comprising:
- a processor(s) set; and
  
  a computer readable storage medium;
  
  wherein;
  
  the processor(s) set is structured, located, connected and/or programmed to run program instructions stored on the computer readable storage medium; and
  
  the program instructions include;
  
  first program instructions programmed to collect first-device-type risk-relevant data associated with the first app from a first plurality of devices, with each device of the first plurality of devices being of the first device type,second program instructions programmed to analyze the first-device-type risk-relevant data to generate first-device-type risk characteristic data corresponding to the first device type,third program instructions programmed to associate the first-device-type risk characteristic data as first risk metadata with the first app,fourth program instructions programmed to collect, for each device type of a set of device type(s) corresponding to the app, device-type-specific risk-relevant risk data associated with the app and a respective device type,fifth program instructions programmed to analyze, for each device type of the set of device type(s) corresponding to the app, a respectively corresponding device-type-specific risk-relevant data to generate respectively corresponding device-type-specific risk characteristic data associated with the app and a respective device type, andsixth program instructions programmed to associate, for each device type of the set of device type(s) corresponding to the app, a respectively corresponding device-type-specific risk characteristic data as device-type specific risk metadata with the app;
  
  wherein;
  
  the first app is one of a plurality of apps that is used by members of an enterprise; and
  
  each app of the plurality of apps is suitable for running on a respectively corresponding set of device type(s).
- View Dependent Claims (15, 16, 17, 18)
- - 15. The computer system of claim 14 further comprising:
    - seventh program instructions programmed to store all apps of the plurality of apps and all device-type-specific risk metadata in a common repository.
  - 16. The computer system of claim 15 wherein the common repository has at least one of the following characteristics:
    - the common repository is a central repository for the enterprise; and
      
      /or the common repository is an app store.
  - 17. The computer system of claim 14 wherein the collection of device-type-specific risk-relevant data includes a collection of external URLs (uniform resource locators) accessed.
  - 18. The computer system of claim 14 wherein the analysis of the respectively corresponding device-type-specific risk-relevant data includes:
    - seventh program instructions programmed to correlate the respectively corresponding device-type-specific risk-relevant data against a set of enterprise threat intelligence source(s).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Desai, Vikas B., Hagemann, Carsten, Hockings, Christopher J., Johnston, Mark D.
Primary Examiner(s)
Song, Hosuk

Application Number

US14/955,546
Publication Number

US 20170155673A1
Time in Patent Office

798 Days
Field of Search

726 22- 26, 713188, 713194
US Class Current
CPC Class Codes

H04L 63/1425 Traffic logging, e.g. anoma...

Providing application-specific threat metrics

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Providing application-specific threat metrics

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links