Movatterモバイル変換

[0]ホーム
URL:

USRE49634E1 - System and method for determining the risk of vulnerabilities on a mobile communications device - Google Patents

System and method for determining the risk of vulnerabilities on a mobile communications deviceDownload PDF

Info

Publication number
USRE49634E1
USRE49634E1US17/391,995US202117391995AUSRE49634EUS RE49634 E1USRE49634 E1US RE49634E1US 202117391995 AUS202117391995 AUS 202117391995AUS RE49634 EUSRE49634 EUS RE49634E
Authority
US
United States
Prior art keywords
information
vulnerability
server
result information
sets
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US17/391,995
Inventor
John G. Hering
Kevin Mahaffey
James Burgess
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
LookOut Inc
Original Assignee
LookOut Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by LookOut IncfiledCriticalLookOut Inc
Priority to US17/391,995priorityCriticalpatent/USRE49634E1/en
Assigned to FLEXILIS, INC.reassignmentFLEXILIS, INC.ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS).Assignors: BURGESS, JAMES, HERING, JOHN G., MAHAFFEY, KEVIN
Assigned to Lookout, Inc.reassignmentLookout, Inc.CHANGE OF NAME (SEE DOCUMENT FOR DETAILS).Assignors: FLEXILIS, INC.
Application grantedgrantedCritical
Publication of USRE49634E1publicationCriticalpatent/USRE49634E1/en
Assigned to MIDCAP FINANCIAL TRUSTreassignmentMIDCAP FINANCIAL TRUSTSECURITY INTEREST (SEE DOCUMENT FOR DETAILS).Assignors: Lookout, Inc.
Activelegal-statusCriticalCurrent
Adjusted expirationlegal-statusCritical

Links

Images

Classifications

Definitions

Landscapes

Abstract

The invention is a system and method for identifying, assessing, and responding to vulnerabilities on a mobile communication device. Information about the mobile communication device, such as its operating system, firmware version, or software configuration, is transmitted to a server for assessment. The server accesses a data storage storing information about vulnerabilities. Based on the received information, the server may identify those vulnerabilities affecting the mobile communication device, and may transmit a notification to remediate those vulnerabilities. The server may also transmit result information about the vulnerabilities affecting the mobile communication device. The server may also store the received information about the device, so that in the event the server learns of new vulnerabilities, it may continue to assess whether the device is affected, and may accordingly notify or remediate the device. The server may provide an interface for an administrator to manage the system and respond to security issues.

Description

FIELD
NOTICE: More than one reissue application has been filed for the reissue of U.S. Pat. No. 8,397,301 B2. This is an application for reissue of U.S. Pat. No. 8,397,301 B2 and this application is a continuation of application Ser. No. 16/670,488, which is also an application for reissue of U.S. Pat. No. 8,397,301 B2 and a continuation of application Ser. No. 15/898,124, now U.S. Pat. No. RE47,757, which is also an application for reissue of U.S. Pat. No. 8,397,301 B2 and a continuation of application Ser. No. 14/109,725, now U.S. Pat. No. RE46,768, which is also an application for reissue of U.S. Pat. No. 8,397,301 B2.
The invention relates generally to mobile security, and specifically, to assessing the vulnerability of a mobile communication device.
BACKGROUND
Mobile communication devices or mobile devices, such as cellular telephones, smartphones, wireless-enabled personal data assistants, and the like, are becoming more popular as cellular and wireless network providers are able to expand coverage and increase bandwidth. Mobile devices have evolved beyond providing simple telephone functionality and are now highly complex multifunctional devices with capabilities rivaling those of desktop or laptop computers. In addition to voice communications, many mobile devices are capable of text messaging, e-mail communications, internet access, and the ability to run full-featured application software. Mobile devices can use these capabilities to perform online transactions such as banking, stock trading, payments, and other financial activities. Furthermore, a mobile device used by an individual, a business, or a government agency can often store confidential or private information in forms such as electronic documents, text messages, access codes, passwords, account numbers, e-mail addresses, personal communications, phone numbers, and financial information.
In turn, it is more important to protect those devices against malware, malicious attacks and other exploits. Specifically, it would be helpful to be able to identify vulnerabilities for a mobile communication device, so that the user of the mobile communication device can be alerted if his or her device suffers from any exploitable weaknesses. It is also important for an organization that relies on mobile devices to understand the state of their security and be able to respond to vulnerabilities on mobile devices in an efficient and effective manner.
Presently, current solutions for assessing the vulnerabilities of a computer on a network focus on a conventional desktop, laptop, server, or other computing devices that often enjoy more processing power and memory than a mobile communication device and generally have less restricted application environments than a mobile communication device. As such, these computing devices can often include local monitoring services that can run in the background without overly taxing valuable computing resources. In addition, conventional computing devices are often consistently tethered to a particular local network, such that devices can be remotely scanned over the local network for security weaknesses. Mobile communication devices, on the other hand, are often connected to public networks and switch between networks and network types, making remote, network-based security scans undesirable.
What is therefore needed is a way to provide similar protective services for mobile communication devices in a manner that does not overly tax resources on the mobile communication device, and that extends protective services even when the mobile communication device is not connected to a particular network or is not connected to any network.
There are many differences between mobile communication devices (e.g. operating systems, hardware capabilities, software configurations) that make it difficult to have a single system for accurately assessing the vulnerability of multiple types of devices. Additionally, many mobile communication devices are able to accept installation of various third-party software applications or “apps” that have been developed to extend the capabilities of the device. The installation of apps can alter the vulnerability state of a device, since each app may alter how and with which networks the mobile device communicates. What is therefore needed is a way to assess vulnerabilities of a mobile communication device that accounts for differences such as the operating system, the make, model, configuration, or any installed software on the mobile device. Also needed is a way for a user or administrator to view the security status of, remediate, and otherwise assess and manage the security of multiple different mobile communication devices.
BRIEF DESCRIPTION OF THE FIGURES
The invention is illustrated by way of example and not limitation in the figures of the accompanying drawings, in which like references indicate similar elements, and in which:
FIG.1 is an exemplary block diagram depicting an embodiment of the invention.
FIG.2 is an exemplary flow diagram illustrating the steps of an embodiment of the invention.
FIG.3 is an exemplary flow diagram illustrating the steps of an embodiment of the invention.
FIG.4 is an exemplary flow diagram illustrating the steps of an embodiment of the invention.
FIG.5 is an exemplary flow diagram illustrating the steps of an embodiment of the invention.
FIG.6 is an exemplary flow diagram illustrating the steps of an embodiment of the invention.
FIG.7 is an exemplary flow diagram illustrating the steps of an embodiment of the invention.
FIG.8 is an exemplary flow diagram illustrating the steps of an embodiment of the invention.
FIG.9 is an exemplary flow diagram illustrating the steps of an embodiment of the invention.
FIG.10 is an exemplary flow diagram illustrating the steps of an embodiment of the invention.
FIG.11 is an exemplary screenshot illustrating an embodiment of the invention.
DETAILED DESCRIPTION
The invention is a system and a method for identifying, assessing, and responding to vulnerabilities on or affecting a mobile communication device. As will be discussed further below, a mobile communication device may transmit certain information to a server, and the server may transmit certain result information to the device that contains an assessment or identifies known or potential vulnerabilities affecting the device. Additionally or alternatively, the server may transmit notifications about possible or actual vulnerabilities affecting a mobile communication device, which may include instructions for remediating any vulnerabilities identified as affecting the mobile communication device. Furthermore, the server may host a management console that allows an administrator to view the security status of multiple mobile communication devices and take action to secure them if necessary.
It should be appreciated that the invention can be implemented in numerous ways, including as a process, an apparatus, a system, a device, a method, a computer readable medium such as a computer readable storage medium containing computer readable instructions or computer program code, or as a computer program product comprising a computer usable medium having a computer readable program code embodied therein. One will appreciate that the mobile communication device described herein may include any computer or computing device running an operating system for use on handheld or mobile devices, such as smartphones, PDAs, mobile phones and the like. For example, a mobile communication device may include devices such as the Apple iPhone®, the Palm Pre™, or any device running the Android™ OS, Symbian OS®, Windows Mobile® OS, Palm OS® or Palm Web OS™.
In the context of this document, a computer usable medium or computer readable medium may be any medium that can contain or store the program for use by or in connection with the instruction execution system, apparatus or device. For example, the computer readable storage medium or computer usable medium may be, but is not limited to, a random access memory (RAM), read-only memory (ROM), or a persistent store, such as a mass storage device, hard drives, CDROM, DVDROM, tape, erasable programmable read-only memory (EPROM or flash memory), or any magnetic, electromagnetic, infrared, optical, or electrical system, apparatus or device for storing information. Alternatively or additionally, the computer readable storage medium or computer usable medium may be any combination of these devices or even paper or another suitable medium upon which the program code is printed, as the program code can be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted, or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
Applications, software programs or computer readable instructions may be referred to as components or modules. Applications may be hardwired or hard coded in hardware or take the form of software executing on a general purpose computer such that when the software is loaded into and/or executed by the computer, the computer becomes an apparatus for practicing the invention. Applications may also be downloaded in whole or in part through the use of a software development kit or toolkit that enables the creation and implementation of the invention. In this specification, these implementations, or any other form that the invention may take, may be referred to as techniques. In general, the order of the steps of disclosed processes may be altered within the scope of the invention.
FIG.1 is a block diagram illustrating an embodiment of a system for identifying and assessing vulnerabilities on a mobile communication device. In an embodiment, the system may include one or moremobile communication devices101 connected on a cellular, wireless Internet orother network121. One ormore servers151 may also have access tonetwork121. The one ormore servers151 may receive one or more sets of vulnerability identification information from the one or moremobile communication devices101, and/or may transmit one or more sets of result information to the one or moremobile communication devices101. In addition, the one ormore servers151 may have access to adata storage111 that stores information about mobile communication device vulnerabilities. One will appreciate thatdata storage111 may be a database, data table, file system or other memory store.Data storage111 may be hosted on any of the one ormore servers151, or may exist externally from the one ormore servers151, so long as the one ormore servers151 have access todata storage111. One will also appreciate that the configuration of the system illustrated inFIG.1 is merely exemplary, and that other configurations are possible without departing from this disclosure or the scope of the invention. For example,servers151 ordata storage111 may be singular or plural, or may be physical or virtualized.
One will appreciate that communication betweenmobile communication device101 andserver151 may utilize a variety of networking protocols and security measures. In an embodiment,server151 operates as an HTTP server and thedevice101 operates as an HTTP client. To secure the data in transit,mobile communication device101 andserver151 may use Transaction Layer Security (“TLS”). Additionally, to ensure thatmobile communication device101 has authority to accessserver151, and/or to verify the identity ofmobile communication device101,device101 may send one or more authentication credentials toserver151. For example, authentication credentials may include a username and password or any other data that identifiesmobile communication device101 toserver151. Authentication may allowserver151 to store specific information, such as vulnerability identification information, aboutmobile communication device101, and may also provide a persistent view of the security status ofmobile communication device101.
As previously mentioned,data storage111 may be used to store sets of information about mobile communication device vulnerabilities (“vulnerability information”), which may be transmitted in whole or in part to one or more mobile communication devices in the form of “result information.” As used herein, a vulnerability may include an exploitable weakness on a mobile communication device that may result from the device hardware or software. Vulnerabilities may arise due to weaknesses in the device's operating system, other software or hardware flaws in the device, protocol implementation or specification flaws, misconfiguration of the device, software applications installed or stored on the device, or services provided through, to or by the device. Vulnerabilities may arise form the features of the device, such as from the presence of Bluetooth, infrared or Internet capabilities on the device, or other communication interfaces and protocols available on the device. Vulnerabilities may arise from weaknesses in the device's interaction with, flaws in, or misconfiguration of other services and systems such as text messaging, voice mail, telephony, or other services and systems accessed through a mobile communication device. Information about a vulnerability, i.e., vulnerability information, may be stored indata storage111 and accessed byserver151 ormobile communication device101.Data storage111 may store general information about mobile communication device vulnerabilities, or may store information about vulnerabilities specific to a mobile communication device. As will be discussed further below, sets of vulnerability information corresponding to vulnerabilities that could affect or actually affect the mobile communication device may be transmitted in the form of result information, notifications, or both.
One will appreciate that as used herein, vulnerability information may include the name, description, severity rating, security impact summary and remediation instructions for a vulnerability. Vulnerability information may be included in theresult information server151 transmits tomobile communication device101 or may be stored indata storage111. Result information may include a list of vulnerabilities that are known to affectmobile communication device101, a list of potential vulnerabilities that may affectmobile communication device101, and a list of vulnerabilities that are known not to affectmobile communication device101. Each entry in a list of vulnerabilities may include some or all of the set of vulnerability information for a vulnerability. As will be discussed in more detail below, the result information may also include a binary assessment of mobile communication device101 (e.g., good or bad, “okay” or “not okay”), a threat score, remediation instructions for known or potential vulnerabilities, or may instruct display of a graduated icon that changes depending upon state (a sad face for a vulnerable mobile communication device, to a happy face for a “safe” mobile communication device). Vulnerability information may include criteria for determining if amobile communication device101 is affected. In an embodiment, vulnerability information may include information about a vulnerability such as a title, a description, a security impact summary, human or computer readable remediation instructions or a severity rating for the vulnerability.
As used herein, “vulnerability identification information” or “identification information” includes data thatserver151 may use to determine ifmobile communication device101 is susceptible to any vulnerabilities. Such vulnerability identification information may include the operating system and version formobile communication device101; the firmware version of themobile communication device101, the device model formobile communication device101; carrier information formobile communication device101; authentication information; and/or user information for the user ofmobile communication device101. Vulnerability identification information may also include a list of files, software components, libraries and/or a list of the applications or other software installed onmobile communication device101, as well as other information related to these applications and software such as version and configuration information, configuration information about themobile communication device101, communications interfaces and protocols in use by mobile communication device101 (e.g., WiFi, Bluetooth, IR, SMS, MMS), cellular network information, cellular carrier information, the make and model ofmobile communication device101, and the like.
In an embodiment, vulnerability information stored indata storage111 may have associated information that includes a description, a title, an overview of the security impact, remediation instructions, and criteria for affected firmware versions. In an embodiment,mobile communication device101 sends vulnerability identification information toserver151 that includes the device's firmware version.Server151 may utilizedata storage111 to examine the vulnerability information stored therein and determine if the firmware version formobile communication device101 matches the firmware version criteria for any vulnerabilities. If any vulnerabilities match,server151 may determine thatmobile communication device101 is vulnerable.Server151 may then transmit result information to themobile communication device101, as described herein and shown in the Figures. In an embodiment,server151 only transmits result information corresponding to vulnerabilities that affectmobile communication device101. In an embodiment,server151 transmits result information for all vulnerabilities that may affectdevice101. In an embodiment,server151 transmits result information which contains all vulnerabilities that may affectdevice101 and which of those vulnerabilities actually do affectdevice101. In an embodiment, the firmware version criteria for being affected by a vulnerability includes the version of the firmware in which the vulnerability was fixed. One will appreciate that some vulnerabilities may only affect certain firmware versions, and that once firmware has been updated to a new version, some vulnerabilities which affected previous versions may no longer be of issue. In order to account for variations in firmware,server151 may detect and transmit information for vulnerabilities regardless of the firmware version onmobile communication device101, thereby adding extra precautions. Alternatively,server151 may only send result information for those vulnerabilities that affect the version of firmware installed onmobile communication device101, thereby being more specific.
For example, a certain vulnerability may affect a mobile communication device having firmware version 1.0, but not a mobile communication device with firmware version 2.0.Server151 may receive information about the firmware version ofmobile communication device101, and if the firmware version is earlier than version 2.0, thenmobile communication device101 is determined to be susceptible to the certain vulnerability. However, if the firmware version formobile communication device101 is 2.0 or higher, thenmobile communication device101 may not be susceptible to the certain vulnerability. One will appreciate that other variations are possible, and that the determination of whether to send more or less result information may be a setting specified by an administrator, or may involve the application of logic depending upon the severity of the vulnerability and the risks or benefits of transmitting an overabundance of result information tomobile communication device101. One will also appreciate that the amount of result information to transmit tomobile communication device101 may also depend upon the capabilities ofmobile communication device101 or the bandwidth of the network.
In an embodiment,data storage111 stores vulnerability information for at least two types ofmobile devices101. The two mobile device types may have different operating systems, firmware versions, model numbers, carrier information, authentication information, user information, configuration information, states, software applications, and the like. As a result, the vulnerability identification information for each of the at least two mobile devices will differ in some aspect. As such, in an embodiment,data storage111 may store vulnerability information for vulnerabilities that may affect both of the two device types, including vulnerabilities that may affect one device type but not the other. One will appreciate thatdata storage111 may store vulnerability information for a variety of mobile communication devices, and will be able to provide information that will help identify, assess and remediate vulnerabilities for a variety of mobile communication devices.
Whendata storage111 stores information about vulnerabilities that may affect multiple types of mobile communication devices, it is important that the transmitted result information not include information regarding vulnerabilities that a user may perceive as irrelevant to a particular device. As such it is important that the list of vulnerabilities that may affect a device not simply include all vulnerabilities stored bydata storage111. In an embodiment, a vulnerability may affect a device if the device's vulnerability identification information at least partially matches the vulnerability's criteria for affecting a device. Providing partially matching result information provides a conservative, or safer approach to detecting and identifying potential vulnerabilities, as it may provide a opportunity for further assessment and action (e.g. further analysis conducted by software on a device), rather than only providing full criteria matches.
In an embodiment, the partial match includes criteria related to a device that does not change, is unlikely to change, or is irrespective of particular software versions, firmware versions, updates, and configuration. Such criteria may include the device's operating system, model, carrier, software applications installed, hardware capabilities, and the like. For example,data storage111 may store information about a vulnerability that affects a particular range of firmware versions of the Apple iPhone® OS. This vulnerability information may include criteria that it affects the Apple iPhone® OS and criteria that it affects specific firmware ranges of various device models. In an embodiment, theserver151 determines that the vulnerability does affect all devices running Apple iPhone® OS that match the vulnerability information's firmware version criteria, the vulnerability may affect devices running any firmware version containing Apple iPhone® OS, and the vulnerability may not affect any devices running Android™, Windows Mobile®, Symbian OS®, or other operating systems. One will appreciate that other methods of determining what vulnerabilities stored bydata storage111 may affect a device may be performed without departing from the scope of this disclosure.
FIGS.2-10 are exemplary flow diagrams depicting various process embodiments. One will appreciate that the following figures and processes are merely exemplary, and that the invention may perform other processes without departing from the scope of this disclosure. One will also appreciate that unless otherwise stated, the performance of the steps in the disclosed processes are not constrained by time. The time between two successive steps may differ from the time between two other successive steps. Additionally, the time to perform each step may differ each time a step is performed. One will also appreciate that the amount of information as described herein is referred to as a “set of information” or a plurality of sets of information. A set of information may include at least one quanta, data point or other quantifiable amount of information, but is not designed to limit or constrain the amount of information discussed herein. In an embodiment, a set of vulnerability information may include multiple pieces of information that relate to a given vulnerability, such as a title, a description, a threat rating, and criteria for the vulnerability to affect a device. In an embodiment, a set of result information may include a security status for a device, and a list of vulnerabilities that the device is vulnerable to, each entry in the list comprising a set of vulnerability information.
FIG.2 depicts and embodiment in which vulnerability information is transmitted tomobile communication device101. Inblock201,data storage111 stores a plurality of sets of vulnerability information related to one or moremobile communication devices101. Inblock202, vulnerability information is transmitted to at least onemobile communication device101 overnetwork121. One will appreciate that the transmission of vulnerability information to the at least onemobile communication device101 may be controlled byserver151 having access todata storage111. One will also appreciate that inblock202, the transmitted vulnerability information may also be termed result information.
FIG.3 depicts an embodiment in which result information is transmitted tomobile communication device101 afterserver151 receives vulnerability identification information frommobile communication device101. One will appreciate that the process illustrated inFIG.3 and described herein may be performed in addition to any of the processes disclosed herein, or may be performed separately from any of the processes disclosed herein. Inblock201,data storage111 stores a plurality of sets of vulnerability information related to one or moremobile communication devices101. Inblock301,server151 receives vulnerability identification information from at least onemobile communication device101. Inblock302,server151 correlates the received set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a set of result information which contains information about vulnerabilities that affect or may affect the at least onemobile communication device101. This may include accessingdata storage111 byserver151. Inblock202, result information is transmitted to at least onemobile communication device101 overnetwork121.
In an embodiment, the scope or type of result information transmitted byserver151 may be general information, or may be specific information about vulnerabilities that may specifically affectmobile communication device101. As such, the result information transmitted todevice101 may include all of the vulnerability information stored indata storage111, or may include a subset of all of the vulnerability information stored indata storage111. The option to transmit general or specific result information may be an option set by an administrator, may depend upon the hardware or software constraints of the mobile communication device, or may depend upon the bandwidth of thenetwork connecting server151 tomobile communication device101.
In an embodiment, determining which vulnerabilities specifically affectmobile communication device101 may involve correlating the vulnerability identification information provided bymobile communication device101 to the vulnerability information available toserver151. As used herein, “correlating” vulnerability identification information to vulnerability information may involve determining whether the vulnerability described by the vulnerability information affects a device, whether it may affect a device, or whether it does not affect a device. Determinations may be made through a variety of methods, including matching vulnerability identification information with vulnerability information and determining whether identification information satisfies one or more criteria for vulnerability. Correlating may be performed byserver151 and/ordata storage111, and may include applying logic, comparing operating systems, comparing version identifiers, checking for the presence of specific software or other data on the mobile communication device, and the like. In an embodiment, correlating may utilize an identification of the hardware or specifications of the mobile communication device. In an embodiment, correlating may also be performed bymobile device101.
FIG.4 is directed to a process in whichdata storage111 is updated with new vulnerability information that may be transmitted as a new or second set of result information to affectedmobile communication devices101. As will discussed in more detail below, this process may include the transmission of one or more notifications. One will appreciate that the process illustrated inFIG.4 and described herein may be performed in addition to any of the processes disclosed herein, or may be performed separately from any of the processes disclosed herein. Inblock201 ofFIG.4,data storage111 stores a plurality of sets of vulnerability information related to one or moremobile communication devices101. Inblock301 ofFIG.4,server151 receives identification information for one of the one or moremobile communication devices101. In an embodiment,server151 stores this identification information indata storage111. This stored information may be used in block402 (discussed below) to determine if a newly received vulnerability affectsdevices101. In an embodiment, the data is used to present a status or administrative interface for the device. One will appreciate that storing vulnerability identification received byserver151 may apply to the other processes as well. For example, anytime server151 receives vulnerability identification information, theserver151 may store the information for use in generating and transmitting user interfaces (e.g. web interfaces) or identifying whether a vulnerability affects adevice101 while thedevice101 is not connected toserver151.
Inblock302 ofFIG.4,server151 performs a correlating step to identify vulnerabilities that affect or may affect themobile communication device101, which may include accessingdata storage111 byserver151. As a result of correlating step inblock302,server151 may generate a set of result information. Inblock202 ofFIG.4, the set of result information is transmitted to the affectedmobile communication device101 overnetwork121. Inblock401,server151 ordata storage111 waits for and receives new vulnerability information. One will appreciate that there may not be a set time interval as to when block401 is performed. After new vulnerability information is received,server151 makes a determination whether the newly received vulnerability information affects any knownmobile communication device101 having access toserver151 or data storage111 (block402). In an embodiment, the determination inblock402 may use the same method for determining if a vulnerability affects adevice101 as in the correlatingblock302; however, instead of identifying which vulnerabilities affect a givendevice101, theserver151 may identify whichdevices101 are affected by the newly received vulnerability. In an embodiment, theserver151 determines which devices are vulnerable to the newly received vulnerability by correlating vulnerability identification information for each device stored indata storage111 to the vulnerability criteria for the newly received vulnerability. If the new vulnerability information does affect any of themobile communication devices101 having access toserver151 ordata storage111, then inblock403,server151 transmits a notification of the new vulnerability or transmits information about the new vulnerability to the affectedmobile communication devices101. If the new vulnerability information does not affect any of themobile communication devices101 having access toserver151 ordata storage111, thenserver151 ordata storage111 will wait until new relevant vulnerability information is received (block401).
Server151 may transmit a notification tomobile communication device101 via a variety of mechanisms. A notification may be sent via email, text messaging, or through a client-server communication system as described in U.S. patent application Ser. No. 12/372,719, entitled, “SYSTEM AND METHOD FOR REMOTELY SECURING OR RECOVERING A MOBILE DEVICE,” and incorporated in full herein. A notification may provide information about a vulnerability, information about a potential vulnerability, the status of a mobile communication device, information about remediation instructions, or may request that the user of an affected mobile communication device perform some action to update the vulnerability information on the mobile communication device, or perform some action to remediate the mobile communication device.
In an embodiment, a notification may contain information or an instruction indicating that themobile communication device101 needs to connect toserver151 in order to receive new vulnerability information. The notification may be directed to software resident on themobile communication device101, may include software readable remediation instructions, and may be in the form of an SMS or may be sent via a push notification service, such as that provided by Apple Computer Inc. to its iPhone® devices. For example,mobile communication device101 may receive a notification with instructions that the device should be updated to protect against a new security risk. A specific application on the device may require an update, in which case the notification may also causemobile communication device101 to update the specific application without user intervention. In an embodiment, a notification may be directed to the user of the mobile communication device. This may include a text message, push notification, or e-mail message containing human-readable information, or a voicemail or other verbal communication directed to the user ofmobile communication device101. Notifying amobile communication device101 allows for rapid response to new vulnerabilities, thereby greatly increasing the effectiveness of systems that would otherwise rely on a scheduled or manually-initiated check for security vulnerabilities.
FIG.5 illustrates an embodiment in whichserver151 may require additional information about amobile communication device101 in order to confirm whether a vulnerability affectsmobile communication device101. One will appreciate that the process illustrated inFIG.5 and described herein may build upon any of the processes discussed herein, or may be performed independently of any of the other processes discussed herein. Inblock201 ofFIG.5,data storage111 stores a plurality of sets of vulnerability information related to one or moremobile communication devices101. One will appreciate thatdata storage111 may be accessed byserver151. Inblock301 ofFIG.5,server151 receives identification information for amobile communication device101. Inblock302 ofFIG.5,server151 correlates the received identification information to the stored plurality of sets of vulnerability information to determine which vulnerabilities affect or may affect themobile communication device101, which may include accessingdata storage111 byserver151.Server151 generates a set of result information that inblock202 ofFIG.5 is transmitted to themobile communication device101 overnetwork121.
Inblock401 ofFIG.5,server151 ordata storage111 waits for and receives new vulnerability information. Inblock501,server151 assess whether there is enough information to determine which mobile communication devices may be affected by the newly received vulnerability information. If there is not enough information, then inblock502,server151 will request additional vulnerability identification information from one or moremobile communication devices101, and will then receive the additional information from the one or moremobile communication devices101 inblock503. One will appreciate that the request inblock502 may utilize notification mechanisms such as those described above or may be performed the next time themobile communication device101 connects to theserver151. Once the additional information is received,server151 may make a determination whether the newly received vulnerability information affects any of the one or moremobile communication devices101 having access toserver151 or data storage111 (block402). If the new vulnerability information does affect any of the one or moremobile communication devices101 having access toserver151 ordata storage111, then inblock403 ofFIG.5, theserver151 will transmit a notification of the new vulnerability to the affectedmobile communication devices101, or may transmit an updated, new or second set of result information regarding the new vulnerability. If the new vulnerability information does not affect any of themobile communication devices101 having access toserver151 ordata storage111, thenserver151 ordata storage111 may wait until new relevant vulnerability information is received (block401 ofFIG.5).
One will appreciate that the process illustrated inFIG.5 includes a situation in whichserver151 receives operating system information from amobile communication device101. In an embodiment, this information is stored byserver151 indata storage111 or other accessible storage. Later, after receiving new vulnerability information,server151 may determine that based on the stored operating system information formobile communication device101, the vulnerability could affectmobile communication device101. However,server151 may require additional identification information frommobile communication device101 in order to determine whether the device is actually affected.Server151 may request additional configuration information frommobile communication device101.Server151 will receive the requested identification information and then sends accurate vulnerability information to thedevice101.
FIG.6 is directed to a process in which amobile communication device101 having access toserver151 ordata storage111 requests vulnerability information fromserver151. Inblock601,mobile communication device101 transmits a request toserver151 for vulnerability information overnetwork121. Inblock602,mobile communication device101 receives vulnerability information fromserver151. One will appreciate thatserver151 may accessdata storage111 in order to gather and transmit the vulnerability information. Inblock603,mobile communication device101 correlates the received vulnerability information to its own identification information, and makes a determination whether any of the received vulnerability information is relevant to themobile communication device101. In this embodiment, vulnerability information processing may thereby be performed by themobile communication device101. In an embodiment, bothmobile communication device101 andserver151 perform processing on vulnerability information. For example, theserver151 may send vulnerability information tomobile communication device101 based on the operating system ofmobile communication device101. In an embodiment,server151 may use information sent by device101 (e.g. HTTP header information) in therequest601 or information stored indata storage111 to determine the operating system of thedevice101. The mobile communication device may then use additional information such as the applications installed on the device, configuration information, and the versions of software libraries to perform additional processing, correlating or analysis on the received vulnerability information. One will appreciate that a vulnerability may be rated as severe if the device's configuration makes the vulnerability exploitable by remote parties; however, the vulnerability may be rated as less severe if the device's configuration leaves the vulnerability as not remotely exploitable.
FIG.7 is any exemplary flowchart of a process in which amobile communication device101 transmits vulnerability identification information to server151 (block701), and in response, received result information on (block702). One will appreciate that this may require access todata storage111 byserver151. One will also appreciate that the process illustrated inFIG.7 and described herein may be performed as part of any of the other processes described or illustrated herein, or may be performed independently of the other processes described or illustrated herein.
FIG.8 is directed to a process in which amobile communication device101 transmits additional vulnerability identification information toserver151 in order to receive additional result information relevant to themobile communication device101. One will appreciate that the process illustrated inFIG.8 and disclosed herein may augment any of the other disclosed or illustrated processes. Inblock701 ofFIG.8,mobile communication device101 transmits vulnerability identification information toserver151. Inblock801,mobile communication device101 receives a request for additional identification information fromserver151. Inblock802,mobile communication device101 transmits additional vulnerability identification information toserver151. In response,mobile communication device101 receives correlated result information fromserver151 inblock702 ofFIG.8. One will appreciate thatserver151 may accessdata storage111 in order to provide the relevant result information for transmission tomobile communication device101.
One will appreciate that the process illustrated inFIG.8 contemplates a situation in which amobile communication device101 first transmits its operating system information to aserver151.Mobile communication device101 may then receive a request fromserver151 for version information pertaining to software libraries installed on thedevice101.Mobile communication device101 may then send the requested information toserver151 and may receive result information correlated to the device's vulnerability given its specific software library version information. If the software library versions installed onmobile communication device101 are not affected by a specific vulnerability, the result information received bymobile communication device101 may indicate that thedevice101 is not vulnerable to that vulnerability. If, however, the software library versions are affected by a specific vulnerability, then the result information received bymobile communication device101 may indicate thatmobile communication device101 is vulnerable and may contain instructions for how to remediate the issue.
FIG.9 illustrates a process in which vulnerabilities on amobile communication device101 are remediated. One will appreciate that the process illustrated inFIG.9 and described herein may be combined with any of the processes discussed herein, or may be performed independently of any of the other processes discussed herein. Inblock201 ofFIG.9,data storage111 stores a plurality of sets of vulnerability information related to one or moremobile communication devices101. Inblock301 ofFIG.9,server151 receives vulnerability identification information for amobile communication device101. Inblock302 ofFIG.9,server151 correlates the received vulnerability identification information to vulnerability information in order to generate a set of result information about vulnerabilities affecting themobile communication device101. This step may include accessingdata storage111 byserver151. Inblock202 ofFIG.9, result information is transmitted to themobile communication device101 overnetwork121. In an embodiment, the result information may include instructions for the user to remediate vulnerabilities that affect thedevice101.
Inblock901 ofFIG.9, a determination is made as to whethermobile communication device101 is vulnerable. This determination may be made using logic resident onmobile communication device101, orserver151 may perform the analysis. In an embodiment, a device is only vulnerable if it is affected by vulnerabilities that have a certain level of severity. For example, if a device is only susceptible to locally-exploitable vulnerabilities, it may not be considered vulnerable inblock901; however, if the device is vulnerable to remotely-exploitable vulnerabilities or has a virus installed, it may be considered vulnerable inblock901. Ifmobile communication device101 is vulnerable, then inblock902,server151 may be set to wait for confirmation that themobile communication device101 has been remediated.Server151 may be conditioned to wait for confirmation for a certain period of time (block903).
If the time limit for receiving a remediation confirmation has been exceeded, then inblock904, an action may be taken. For example,server151 may notify an administrator about the vulnerable mobile communication device and that the user has not taken action in the specified period of time. In this example, an administrator may take manual action such as sending a personal email or otherwise notifying the user to secure thedevice101. In an embodiment,server151 may automatically disablemobile communication device101 in some fashion to prevent affecting other devices on thenetwork121 or to prevent further damage. For example,server151 may preventmobile communication device101 from connecting to a specific network, email system, document repository, or other system. Alternatively,server151 may disablemobile communication device101 such that an administrator must verify that the device is safe before it is can be used again. Some mechanisms by which the disablement can take place are disclosed in U.S. patent application Ser. No. 12/372,719, entitled, “SYSTEM AND METHOD FOR REMOTELY SECURING OR RECOVERING A MOBILE DEVICE,” and U.S. patent application Ser. No. 12/255,632, entitled, “SECURE MOBILE PLATFORM SYSTEM,” both of which are incorporated in full herein. In an embodiment, the user ofmobile communication device101 may be notified byserver151 via email, text message or other means of communication that the mobile communication device is vulnerable and that corrective action was not taken within the prescribed time. The notification may serve as a reminder to help the user take action and secure the device. In this fashion, the invention goes beyond simply updating a mobile communication device to ensure security, or periodically scanning mobile communication devices on the network for potential vulnerabilities. As described herein, the invention may provide a customized vulnerability assessment based upon the unique state and configuration of each mobile communication device on the network, and may provide notifications and remediation instructions based upon this unique state and configuration.
One will appreciate that other actions may be performed in order to optimally secure a mobile device once it is known to be vulnerable. The embodiments described herein may be combined as part of a security response process. In an example, a user may receive a direct reminder after one day if his or her device is determined to be vulnerable and is not yet remediated. After two additional days, if the device is still vulnerable, an administrator may be notified and the device disallowed access to email and the organization's VPN service. Once the device is remediated, the administrator may be notified and access to email and VPN may be automatically restored. Other examples are also possible without departing from this disclosure or the scope of the invention.
If inblock903 ofFIG.9,server151 received confirmation that a vulnerability affectingmobile communication device101 has been remediated, or if inblock901,mobile communication device101 is not vulnerable, then inblock401 ofFIG.9,server151 may wait for receipt of new vulnerability information. Inblock501 ofFIG.9,server151 may assess whether there is enough information to determine ifmobile communication device101 is affected by the newly received vulnerability information. If there is not enough information, then inblock502 ofFIG.9,server151 will request additional vulnerability identification information frommobile communication device101, and will then receive the additional vulnerability identification information frommobile communication device101 inblock503 ofFIG.9. Once the additional vulnerability identification information is received,server151 may make a determination whether the newly received vulnerability information affects mobile communication device101 (block402 ofFIG.9), thereby generating a new, updated or second set of result information. If the new vulnerability information does affectmobile communication device101, then inblock403 ofFIG.9,server151 may send a notification of the new vulnerability information to the affectedmobile communication device101, or may send information relating to the new vulnerability tomobile communication device101. If the new vulnerability information does not affectmobile communication device101, thenserver151 ordata storage111 will wait until new relevant vulnerability information is received (block401 ofFIG.9). One will appreciate that the portions of the process for remediating vulnerabilities present on themobile communication device101 may be performed in conjunction with any of the other processes disclosed herein.
FIG.10 is directed to a process for generating data for display, e.g. on a web interface. In an embodiment, a user of themobile communication device101, administrator for a group ofmobile communication devices101, administrator forserver151, or other party may wish to check the security status ofmobile communication devices101 connected to thenetwork121. This may be helpful for identifying which mobile communication devices are vulnerable, identifying which need manual remediation or intervention from an administrator, determining the risk posed by a new vulnerability, and performing other actions relevant to securing a group of mobile communication devices. It may also be helpful to provide a single graphical user interface that displays information on mobile communication devices having access toserver151.
Inblock201 ofFIG.10,data storage111 stores a plurality of sets of vulnerability information that may be accessed byserver151. Inblock301 ofFIG.10,server151 receives vulnerability identification information for one or moremobile communication devices101 connected tonetwork121. Inblock1001,server151 receives a request for the status of vulnerabilities for the one or moremobile communication devices101. This request may originate from one of the one or moremobile communication devices101, or from a web interface. Inblock302 ofFIG.10,server151 correlates the received set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to identify vulnerabilities that affect or may affect any of the one or moremobile communication devices101 connected toserver151 onnetwork121. Inblock1002,server151 transmits the status of vulnerabilities for any of the one or moremobile communication devices101 for display on a web page or other interface. One will appreciate that the status may include whether any of the vulnerabilities have been remediated, and if not, whichmobile communication device101 still suffers from vulnerabilities that have not been remediated. The actions inblock302 may be performed beforeserver151 receives a request for vulnerability status. The result of the correlation may be stored by theserver151 so that when the server receives a request for vulnerability status, theserver151 recalls the previous results. The storage may be in a database, in-memory cache, or other method of storing and recalling data available toserver151.
In an embodiment, the data transmitted byserver151 inblock1002 ofFIG.10 may pertain to an individual mobile communication device, multiple devices, or a group of devices. The data may include information about specific individual devices or aggregated information relating to multiple devices. The information about an individual device may include the device's security status (e.g. vulnerable/not vulnerable, severity of vulnerability, number of unremediated vulnerabilities), software version information, phone number, count of security events in a time period, or last time communicating withserver151. Aggregated information relating to a group of devices may include the percentage of devices in the group that are vulnerable, the number of devices in the group that are vulnerable, the overall risk level of the group, or other information that can be combined between specific devices in the group.Server151 may automatically group devices using criteria such as common characteristics (e.g. operating system type, operating system version, having the presence of certain software, having a certain configuration, etc.), or common security statuses (e.g. being vulnerable, being not vulnerable, being affected by a specific vulnerability, being out of compliance, awaiting remediation, etc.).
In an embodiment, the data transmitted byserver151 inblock1002 ofFIG.10 may be selected by receiving searching or sorting information in therequest1001. The search or sort may reference any information stored by the server relating to specific devices. For example, a user may search for all devices with a specific piece of software installed or may sort devices based on highest severity. In an embodiment, the data transmitted byserver151 inblock1002 includes a prioritized list of current security issues. This list may also include recommended actions to remediate the issues and the ability to initiate such actions. For example, in a large mobile device deployment, the list of current issues may include iPhone® vulnerability that is severe and affects 1000 devices, an Android™ vulnerability that is of moderate severity and affects 1200 devices, a Windows Mobile vulnerability that is severe and affects 100 devices, and a Blackberry vulnerability that is of low severity and affects 3000 devices. The prioritization in this case takes into account both the severity of the vulnerability and the number of devices that are part of the deployment and affected by the vulnerability.
In an embodiment,server151 may transmit reports based on security status information available at the server. The reports may show changes in security status over time or show a current summary. Some example reports include the number of vulnerable of devices with respect to time, the current number of vulnerable devices with each severity level, the current number of vulnerable devices broken down by operating system type, and a list of contact information for users with the most severely vulnerable devices.
In an embodiment,server151 may transmit security related events that are generated both by clients and byserver151 due to automatic or administrative action. The events may be displayed, gathered, processed, or otherwise interacted with as disclosed in U.S. patent application Ser. No. 12/255,635, entitled, “SECURITY STATUS AND INFORMATION DISPLAY SYSTEM,” which is incorporated in full herein.
In an embodiment,server151 allows an administrator to perform actions related to a device or group of devices. Actions that may be performed include notifying the user of the device via a push notification, text message, email, or another messaging system; disabling the device; disabling the device's access to a service, potentially using a mechanism disclosed in U.S. patent application Ser. No. 12/255,632, entitled, “SECURE MOBILE PLATFORM SYSTEM”; or those disclosed in U.S. patent application Ser. No. 12/372,719, entitled, “SYSTEM AND METHOD FOR REMOTELY SECURING OR RECOVERING A MOBILE DEVICE,” both of which are incorporated in full herein.
In an embodiment,server151 allows an administrator to configure how the server operates. One such configuration may include custom triggers or alerts on certain events (e.g. devices not remediating in a period of time) that will result in logging and administrator notification via email, text message, or other messaging medium. Other examples of configuration options include: the time period the server waits before notifying an administrator of an un-remediated vulnerable device, the email address or addresses administrators should be notified at, how often to remind users of vulnerable devices that they need to take remediation actions, what method ofcontact server151 should use to remind users (e.g. SMS, E-mail, push notification service), how the server interacts with e-mail or VPN services to disable access for a specific vulnerable device, and other ways of controlling the functionality disclosed herein.
In an embodiment, vulnerability identification information is stored byserver151 so that, in the case of a new vulnerability,server151 can determine whether the device is vulnerable, not vulnerable, or potentially vulnerable based on the information is has. In an embodiment, the server stores vulnerability identification information ondata storage111. This allows an IT admin to get an instant picture of the security risk of their device deployment in the case of a new emerging vulnerability. Such rapid understanding is critical to prioritize response effort in the case of a rapidly spreading worm or severe vulnerability.
FIG.11 is an exemplary screenshot of result information being displayed on amobile communication device101. As shown, two vulnerabilities have been identified as affecting the mobile communication device. One will appreciate that these vulnerabilities may have been identified byserver151 after receipt of vulnerability identification information frommobile communication device101, as described above and illustrated in the Figures. As previously discussed, the identified vulnerabilities may specifically affectmobile communication device101 because of its particular operating system version, firmware version, or software, or may be a general vulnerability that affects all similar makes and models ofmobile communication device101. As shown, multiple vulnerabilities are shown to not affect themobile communication device101. In an embodiment, these vulnerabilities are vulnerabilities that may affect similar makes and models of mobile device but do not affect thespecific device101. In an embodiment, resultinformation display1101 may link to another screen or to a website with more information on a vulnerability, including instructions on how to remediate the vulnerability. In an embodiment, theresult information display1101 may occur due to the result of thedevice101 receiving result information sent by the server in response to a request from thedevice101. In an embodiment, theresult information display1101 may occur due to the device receiving a notification that thedevice101 is vulnerable. One will appreciate that other situations may prompt the display of result information ondevice101 without departing from this disclosure. One will appreciate that other screen layouts are possible, and that the screen depicted inFIG.11 is not meant to limit the invention in any fashion.
In the description above and throughout, numerous specific details are set forth in order to provide a thorough understanding of the invention. It will be evident, however, to one of ordinary skill in the art, that the invention may be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form to facilitate explanation. The description of the preferred embodiments is not intended to limit the scope of the claims appended hereto. Further, in the methods disclosed herein, various steps are disclosed illustrating some of the functions of the invention. One will appreciate that these steps are merely exemplary and are not meant to be limiting in any way. Other steps and functions may be contemplated without departing from this disclosure or the scope of the invention.

Claims (47)

What is claimed is:
1. A method comprising:
a) providing at least one server that accesses a data storage storing a plurality of sets of vulnerability information;
b) receiving, at the at least one server, a set of vulnerability identification information about a mobile communication device;
c) correlating, by the at least one server, the received set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a first set of result information; and,
d) transmitting, by the at least one server, the first set of result information.
2. The method ofclaim 1, wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communication device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communication device.
3. The method ofclaim 1, wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable.
4. The method ofclaim 1, further comprising the step of:
e) transmitting, by the at least one server to the mobile communication device, a notification about the first set of result information.
5. The method ofclaim 4, wherein the notification includes an instruction related to the first set of result information.
6. The method ofclaim 1, further comprising the steps of:
e) updating at least one of the plurality of sets of vulnerability information on the data storage to form a plurality of updated sets of vulnerability information;
f) after the step of transmitting, by the at least one server, the first set of result information, correlating, by the at least one server, the received set of vulnerability identification information to the plurality of updated sets of vulnerability information to generate a second set of result information; and,
g) transmitting, by the at least one server, the second set of result information.
7. The method ofclaim 1, further comprising the steps of:
e) updating at least one of the plurality of sets of vulnerability information on the data storage to form a plurality of updated sets of vulnerability information;
f) after the step of transmitting, by the at least one server, the first set of result information, correlating, by the at least one server, the received set of vulnerability identification information to the plurality of updated sets of vulnerability information to generate a second set of result information; and,
g) transmitting, by the at least one server to the mobile communication device, a notification about the second set of result information.
8. The method ofclaim 1, further comprising the steps of:
e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;
f) after the step of transmitting, by the at least one server, the first set of result information, correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,
g) transmitting, by the at least one server, the second set of result information.
9. The method ofclaim 1, further comprising the steps of:
e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;
f) after the step of transmitting, by the at least one server, the first set of result information, correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,
g) transmitting, by the at least one server to the mobile communication device, a notification about the second set of result information.
10. A method comprising:
a) transmitting, from a mobile communication device, a set of vulnerability identification information to at least one server that accesses a data storage storing a plurality of sets of vulnerability information; and,
b) receiving, at the mobile communication device from the at least one server, a first set of result information that correlates to the transmitted set of vulnerability identification information.
11. The method ofclaim 10, wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communication device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communication device.
12. The method ofclaim 10, wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable.
13. The method ofclaim 10, further comprising the step of:
c) receiving, at the mobile communication device from the at least one server, a notification about the first set of result information.
14. The method ofclaim 13, wherein the notification includes an instruction related to the first set of result information.
15. The method ofclaim 13, further comprising the step of:
d) displaying, on the mobile communication device, at least a portion of the received notification.
16. The method ofclaim 10, further comprising the step of:
c) receiving, at the mobile communication device from the at least one server, a notification about a second set of result information.
17. A method comprising:
a) providing at least one server that accesses a data storage storing a plurality of sets of vulnerability information;
b) receiving, at the at least one server, a first set of vulnerability identification information about a first mobile communication device;
c) correlating, by the at least one server, the first set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a first set of result information; and,
d) transmitting, by the at least one server, the first set of result information;
e) receiving, at the at least one server, a second set of vulnerability identification information about a second mobile communication device, wherein the second set of vulnerability identification information differs from the first set of vulnerability identification information;
f) correlating, by the at least one server, the second set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a second set of result information; and,
g) transmitting, by the at least one server, the second set of result information.
18. The method ofclaim 17, wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communication device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communication device.
19. The method ofclaim 17, wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable.
20. A system comprising:
a data storage storing a plurality of sets of vulnerability information;
a server for accessing the data storage, for receiving one or more sets of vulnerability identification information about one or more mobile communication devices, for correlating the one or more sets of received vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate one or more sets of result information, for transmitting the one or more sets of result information, and for transmitting one or more notifications about the one or more sets of result information; and,
a network connecting the at least one server, data storage, and the plurality of mobile communication devices.
21. The system ofclaim 20, further comprising a user interface for monitoring the plurality of mobile communication devices to identify which of the plurality of mobile communication devices is vulnerable.
22. The system ofclaim 20, wherein vulnerability information is information selected from the group consisting of a name, a description, one or more remediation instructions, a severity rating, a security impact summary, and one or more criteria for being vulnerable.
23. A method comprising:
a) providing at least one server that accesses a data storage storing a plurality of sets of vulnerability information;
b) receiving, at the at least one server, a set of vulnerability identification information about a mobile communication device;
c) correlating, by the at least one server, the received set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a first set of result information; and,
d) transmitting, by the at least one server to the mobile communication device, a notification about the first set of result information.
24. The method ofclaim 23, wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communication device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communication device.
25. The method ofclaim 23, wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable.
26. The method ofclaim 23, further comprising the steps of:
e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;
f) correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,
g) transmitting, by the at least one server, the second set of result information.
27. The method ofclaim 23, further comprising the steps of:
e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;
f) correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,
g) transmitting, by the at least one server to the mobile communication device, a notification about the second set of result information.
28. A method comprising:
a) storing a plurality of sets of vulnerability information on a data storage accessible by at least one server, the vulnerability information including descriptions of known vulnerabilities;
b) receiving, at the at least one server, a set of vulnerability identification information about a mobile communications device;
c) correlating, by the at least one server, the received set of vulnerability identification information to at least one of the plurality of sets of vulnerability information from the data storage to generate a first set of result information; and
d) initiating the transmitting, by the at least one server to the mobile communications device, of a first subset of the first set of result information, the first subset of result information being selected from the first set of result information based on a determined vulnerability risk of each item of the result information, and the first subset of result information including instructions for remediating at least one vulnerability of the mobile communications device.
29. The method of claim 28, wherein:
the vulnerability identification information is information selected from the group consisting of: an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communications device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communications device; and
the vulnerability information is information selected from the group consisting of: a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable.
30. The method of claim 28, further comprising the step of:
e) initiating the transmitting, by the at least one server to the mobile communications device, of a notification about the first set of result information, wherein the notification includes an instruction related to the first set of result information.
31. The method of claim 28, further comprising the steps of:
e) updating at least one of the plurality of sets of vulnerability information on the data storage to form an updated plurality of sets of vulnerability information;
f) after the step of initiating the transmitting, by the at least one server, of the first subset of result information, correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,
g) initiating the transmitting, by the at least one server to the mobile communications device, of a second subset of the second set of result information, an amount of the second set of result information included in the second subset of result information being determined by the setting provided to the server by the input from the administrator.
32. The method of claim 28, further comprising the steps of:
e) updating at least one of the plurality of sets of vulnerability information on the data storage to form an updated plurality of sets of vulnerability information;
f) after the step of initiating the transmitting, by the at least one server, of the first subset of result information, correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,
g) initiating the transmitting, by the at least one server to the mobile communications device, of a notification about the second set of result information.
33. The method of claim 28, further comprising the steps of:
e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;
f) after the step of initiating the transmitting, by the at least one server, of the first subset of result information, correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,
g) initiating the transmitting, by the at least one server, of the second set of result information.
34. The method of claim 28, further comprising the steps of:
e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;
f) after the step of initiating the transmitting, by the at least one server, of the first subset of result information, correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,
g) initiating the transmitting, by the at least one server to the mobile communications device, of a notification about the second set of result information.
35. A system comprising:
a mobile communications device;
a network-enabled data storage; and
at least one network-enabled server, the system performing steps comprising:
a) storing a plurality of sets of vulnerability information on the data storage, the vulnerability information including descriptions of known vulnerabilities;
b) receiving, at the at least one server, a set of vulnerability identification information about a mobile communications device;
c) correlating, by the at least one server, the received set of vulnerability identification information to at least one of the plurality of sets of vulnerability information from the data storage to generate a first set of result information; and
d) initiating the transmitting, by the at least one server to the mobile communications device, of a first subset of the first set of result information, the first subset of result information being selected from the first set of result information based on a determined vulnerability risk of each item of the result information, and the first subset of result information including instructions for remediating at least one vulnerability of the mobile communications device.
36. The system of claim 35, wherein:
the vulnerability identification information is information selected from the group consisting of: an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communications device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communications device; and
the vulnerability information is information selected from the group consisting of: a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable.
37. The system of claim 35, the steps further comprising:
e) initiating the transmitting, by the at least one server to the mobile communications device, of a notification about the first set of result information, wherein the notification includes an instruction related to the first set of result information.
38. The system of claim 35, the steps further comprising:
e) after the step of initiating the transmitting, by the at least one server, of the first subset of result information, correlating, by the at least one server, the received set of vulnerability identification information to an updated plurality of sets of vulnerability information to generate a second set of result information; and,
f) initiating the transmitting, by the at least one server to the mobile communications device, of a second subset of the second set of result information, an amount of the second set of result information included in the second subset of result information being determined by the setting provided to the server by the input from the administrator.
39. The system of claim 35, the steps further comprising:
e) after the step of initiating the transmitting, by the at least one server, of the first subset of result information, correlating, by the at least one server, the received set of vulnerability identification information to an updated plurality of sets of vulnerability information to generate a second set of result information; and,
f) initiating the transmitting, by the at least one server to the mobile communications device, of a notification about the second set of result information.
40. The system of claim 35, the steps further comprising:
e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;
f) after the step of initiating the transmitting, by the at least one server, of the first subset of result information, correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,
g) initiating the transmitting, by the at least one server, of the second set of result information.
41. The system of claim 35, the steps further comprising:
e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;
f) after the step of initiating the transmitting, by the at least one server, of the first subset of result information, correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,
g) initiating the transmitting, by the at least one server to the mobile communications device, of a notification about the second set of result information.
42. A non-transitory, computer-readable storage medium having stored thereon a plurality of instructions, which, when executed by a processor of a server, cause the server to perform steps comprising:
a) accessing a plurality of sets of vulnerability information stored on a data storage, the vulnerability information including descriptions of known vulnerabilities;
b) receiving a set of vulnerability identification information about a mobile communications device;
c) correlating the received set of vulnerability identification information to at least one of the plurality of sets of vulnerability information from the data storage to generate a first set of result information; and
d) initiating the transmitting, to the mobile communications device, of a first subset of the first set of result information, the first subset of result information being selected from the first set of result information based on a determined vulnerability risk of each item of the result information, and the first subset of result information including instructions for remediating at least one vulnerability of the mobile communications device.
43. The non-transitory, computer-readable storage medium of claim 42, the steps further comprising:
e) initiating the transmitting, to the mobile communications device, of a notification about the first set of result information, wherein the notification includes an instruction related to the first set of result information.
44. The non-transitory, computer-readable storage medium of claim 42, the steps further comprising:
e) after the step of initiating the transmitting, to the mobile communications device, of the first subset of result information, correlating the received set of vulnerability identification information to an updated plurality of sets of vulnerability information stored on the data storage to generate a second set of result information; and,
f) initiating the transmitting, to the mobile communications device, of a second subset of the second set of result information, an amount of the second set of result information included in the second subset of result information being determined by the setting provided to the server by the input from the administrator.
45. The non-transitory, computer-readable storage medium of claim 42, the steps further comprising:
e) after the step of initiating the transmitting, to the mobile communications device, of the first subset of result information, correlating the received set of vulnerability identification information to an updated plurality of sets of vulnerability information stored on the data storage to generate a second set of result information; and,
f) initiating the transmitting, to the mobile communications device, of a notification about the second set of result information.
46. The non-transitory, computer-readable storage medium of claim 42, the steps further comprising:
e) after the step of initiating the transmitting, to the mobile communications device, of the first subset of result information, correlating the received set of vulnerability identification information to an updated plurality of sets of vulnerability information to generate a second set of result information; and,
f) initiating the transmitting, to the mobile communications device, of the second set of result information.
47. The non-transitory, computer-readable storage medium of claim 42, the steps further comprising:
e) after the step of initiating the transmitting, to the mobile communications device, of the first subset of result information, correlating the received set of vulnerability identification information to an updated plurality of sets of vulnerability information to generate a second set of result information; and,
f) initiating the transmitting, to the mobile communications device, of a notification about the second set of result information.
US17/391,9952009-11-182021-08-02System and method for determining the risk of vulnerabilities on a mobile communications deviceActive2031-01-18USRE49634E1 (en)

Priority Applications (1)

Application NumberPriority DateFiling DateTitle
US17/391,995USRE49634E1 (en)2009-11-182021-08-02System and method for determining the risk of vulnerabilities on a mobile communications device

Applications Claiming Priority (5)

Application NumberPriority DateFiling DateTitle
US12/621,431US8397301B2 (en)2009-11-182009-11-18System and method for identifying and assessing vulnerabilities on a mobile communication device
US14/109,725USRE46768E1 (en)2009-11-182013-12-17System and method for identifying and assessing vulnerabilities on a mobile communications device
US15/898,124USRE47757E1 (en)2009-11-182018-02-15System and method for identifying and assessing vulnerabilities on a mobile communications device
US16/670,488USRE48669E1 (en)2009-11-182019-10-31System and method for identifying and [assessing] remediating vulnerabilities on a mobile communications device
US17/391,995USRE49634E1 (en)2009-11-182021-08-02System and method for determining the risk of vulnerabilities on a mobile communications device

Related Parent Applications (1)

Application NumberTitlePriority DateFiling Date
US12/621,431ReissueUS8397301B2 (en)2009-11-182009-11-18System and method for identifying and assessing vulnerabilities on a mobile communication device

Publications (1)

Publication NumberPublication Date
USRE49634E1true USRE49634E1 (en)2023-08-29

Family

ID=44012333

Family Applications (5)

Application NumberTitlePriority DateFiling Date
US12/621,431CeasedUS8397301B2 (en)2009-11-182009-11-18System and method for identifying and assessing vulnerabilities on a mobile communication device
US14/109,725Active2031-01-18USRE46768E1 (en)2009-11-182013-12-17System and method for identifying and assessing vulnerabilities on a mobile communications device
US15/898,124Active2031-01-18USRE47757E1 (en)2009-11-182018-02-15System and method for identifying and assessing vulnerabilities on a mobile communications device
US16/670,488Active2031-01-18USRE48669E1 (en)2009-11-182019-10-31System and method for identifying and [assessing] remediating vulnerabilities on a mobile communications device
US17/391,995Active2031-01-18USRE49634E1 (en)2009-11-182021-08-02System and method for determining the risk of vulnerabilities on a mobile communications device

Family Applications Before (4)

Application NumberTitlePriority DateFiling Date
US12/621,431CeasedUS8397301B2 (en)2009-11-182009-11-18System and method for identifying and assessing vulnerabilities on a mobile communication device
US14/109,725Active2031-01-18USRE46768E1 (en)2009-11-182013-12-17System and method for identifying and assessing vulnerabilities on a mobile communications device
US15/898,124Active2031-01-18USRE47757E1 (en)2009-11-182018-02-15System and method for identifying and assessing vulnerabilities on a mobile communications device
US16/670,488Active2031-01-18USRE48669E1 (en)2009-11-182019-10-31System and method for identifying and [assessing] remediating vulnerabilities on a mobile communications device

Country Status (1)

CountryLink
US (5)US8397301B2 (en)

Families Citing this family (135)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US7761920B2 (en)*2004-09-032010-07-20Fortinet, Inc.Data structure for policy-based remediation selection
US7665119B2 (en)2004-09-032010-02-16Secure Elements, Inc.Policy-based selection of remediation
US9990674B1 (en)2007-12-142018-06-05Consumerinfo.Com, Inc.Card registry systems and methods
US8312033B1 (en)2008-06-262012-11-13Experian Marketing Solutions, Inc.Systems and methods for providing an integrated identifier
US9367680B2 (en)2008-10-212016-06-14Lookout, Inc.System and method for mobile communication device application advisement
US8347386B2 (en)2008-10-212013-01-01Lookout, Inc.System and method for server-coupled malware prevention
US8051480B2 (en)2008-10-212011-11-01Lookout, Inc.System and method for monitoring and analyzing multiple interfaces and multiple protocols
US8984628B2 (en)2008-10-212015-03-17Lookout, Inc.System and method for adverse mobile application identification
US9235704B2 (en)2008-10-212016-01-12Lookout, Inc.System and method for a scanning API
US8087067B2 (en)2008-10-212011-12-27Lookout, Inc.Secure mobile platform system
US8108933B2 (en)2008-10-212012-01-31Lookout, Inc.System and method for attack and malware prevention
US9781148B2 (en)2008-10-212017-10-03Lookout, Inc.Methods and systems for sharing risk responses between collections of mobile communications devices
US8060936B2 (en)2008-10-212011-11-15Lookout, Inc.Security status and information display system
US9043919B2 (en)2008-10-212015-05-26Lookout, Inc.Crawling multiple markets and correlating
US8533844B2 (en)2008-10-212013-09-10Lookout, Inc.System and method for security data collection and analysis
US8855601B2 (en)2009-02-172014-10-07Lookout, Inc.System and method for remotely-initiated audio communication
US8467768B2 (en)2009-02-172013-06-18Lookout, Inc.System and method for remotely securing or recovering a mobile device
US9042876B2 (en)2009-02-172015-05-26Lookout, Inc.System and method for uploading location information based on device movement
US9955352B2 (en)2009-02-172018-04-24Lookout, Inc.Methods and systems for addressing mobile communications devices that are lost or stolen but not yet reported as such
US8538815B2 (en)2009-02-172013-09-17Lookout, Inc.System and method for mobile device replacement
US8495745B1 (en)*2009-11-302013-07-23Mcafee, Inc.Asset risk analysis
US9544143B2 (en)2010-03-032017-01-10Duo Security, Inc.System and method of notifying mobile devices to complete transactions
US9532222B2 (en)2010-03-032016-12-27Duo Security, Inc.System and method of notifying mobile devices to complete transactions after additional agent verification
US8495747B1 (en)2010-03-312013-07-23Mcafee, Inc.Prioritizing asset remediations
US8839433B2 (en)*2010-11-182014-09-16Comcast Cable Communications, LlcSecure notification on networked devices
US9282085B2 (en)2010-12-202016-03-08Duo Security, Inc.System and method for digital user authentication
US20120324568A1 (en)*2011-06-142012-12-20Lookout, Inc., A California CorporationMobile web protection
US8738765B2 (en)2011-06-142014-05-27Lookout, Inc.Mobile device DNS optimization
US8788881B2 (en)*2011-08-172014-07-22Lookout, Inc.System and method for mobile device push communications
US9467463B2 (en)*2011-09-022016-10-11Duo Security, Inc.System and method for assessing vulnerability of a mobile device
US9106691B1 (en)2011-09-162015-08-11Consumerinfo.Com, Inc.Systems and methods of identity protection and management
US9811667B2 (en)*2011-09-212017-11-07Mcafee, Inc.System and method for grouping computer vulnerabilities
US9524388B2 (en)2011-10-072016-12-20Duo Security, Inc.System and method for enforcing a policy for an authenticator device
US8763077B2 (en)2011-10-072014-06-24Duo Security, Inc.System and method for enforcing a policy for an authenticator device
US8738516B1 (en)2011-10-132014-05-27Consumerinfo.Com, Inc.Debt services candidate locator
US8789190B2 (en)*2011-12-232014-07-22Mcafee, Inc.System and method for scanning for computer vulnerabilities in a network environment
US10198581B2 (en)*2012-03-072019-02-05Rapid7, Inc.Controlling enterprise access by mobile devices
US9668137B2 (en)*2012-03-072017-05-30Rapid7, Inc.Controlling enterprise access by mobile devices
US9706410B2 (en)*2012-03-072017-07-11Rapid 7, Inc.Controlling enterprise access by mobile devices
US9853959B1 (en)2012-05-072017-12-26Consumerinfo.Com, Inc.Storage and maintenance of personal data
US9690635B2 (en)2012-05-142017-06-27Qualcomm IncorporatedCommunicating behavior information in a mobile computing device
US9609456B2 (en)2012-05-142017-03-28Qualcomm IncorporatedMethods, devices, and systems for communicating behavioral analysis information
US9202047B2 (en)2012-05-142015-12-01Qualcomm IncorporatedSystem, apparatus, and method for adaptive observation of mobile device behavior
US9324034B2 (en)2012-05-142016-04-26Qualcomm IncorporatedOn-device real-time behavior analyzer
US9298494B2 (en)2012-05-142016-03-29Qualcomm IncorporatedCollaborative learning for efficient behavioral analysis in networked mobile device
US9589129B2 (en)2012-06-052017-03-07Lookout, Inc.Determining source of side-loaded software
US9407443B2 (en)2012-06-052016-08-02Lookout, Inc.Component analysis of software applications on computing devices
US9178897B2 (en)*2012-07-032015-11-03The Boeing CompanyMethods and systems for use in identifying cyber-security threats in an aviation platform
US9747440B2 (en)2012-08-152017-08-29Qualcomm IncorporatedOn-line behavioral analysis engine in mobile device with multiple analyzer model providers
US9495537B2 (en)2012-08-152016-11-15Qualcomm IncorporatedAdaptive observation of behavioral features on a mobile device
US9330257B2 (en)2012-08-152016-05-03Qualcomm IncorporatedAdaptive observation of behavioral features on a mobile device
US9319897B2 (en)2012-08-152016-04-19Qualcomm IncorporatedSecure behavior analysis over trusted execution environment
USD720766S1 (en)*2012-09-102015-01-06Lookout, Inc.Mobile communication device display with graphical user interface comprising security and privacy advisor screens
US8655307B1 (en)2012-10-262014-02-18Lookout, Inc.System and method for developing, updating, and using user device behavioral context models to modify user, device, and application state, settings and behavior for enhanced user security
US9654541B1 (en)2012-11-122017-05-16Consumerinfo.Com, Inc.Aggregating user web browsing data
WO2014079039A1 (en)*2012-11-232014-05-30Telefonaktiebolaget L M Ericsson (Publ)Network offloading
US9916621B1 (en)2012-11-302018-03-13Consumerinfo.Com, Inc.Presentation of credit score factors
US9208215B2 (en)2012-12-272015-12-08Lookout, Inc.User classification based on data gathered from a computing device
US9374369B2 (en)2012-12-282016-06-21Lookout, Inc.Multi-factor authentication and comprehensive login system for client-server networks
US8855599B2 (en)2012-12-312014-10-07Lookout, Inc.Method and apparatus for auxiliary communications with mobile communications device
US9684870B2 (en)2013-01-022017-06-20Qualcomm IncorporatedMethods and systems of using boosted decision stumps and joint feature selection and culling algorithms for the efficient classification of mobile device behaviors
US9686023B2 (en)2013-01-022017-06-20Qualcomm IncorporatedMethods and systems of dynamically generating and using device-specific and device-state-specific classifier models for the efficient classification of mobile device behaviors
US10089582B2 (en)2013-01-022018-10-02Qualcomm IncorporatedUsing normalized confidence values for classifying mobile device behaviors
US9424409B2 (en)2013-01-102016-08-23Lookout, Inc.Method and system for protecting privacy and enhancing security on an electronic device
US9742559B2 (en)2013-01-222017-08-22Qualcomm IncorporatedInter-module authentication for securing application execution integrity within a computing device
US9491187B2 (en)2013-02-152016-11-08Qualcomm IncorporatedAPIs for obtaining device-specific behavior classifier models from the cloud
US10686819B2 (en)2013-02-192020-06-16Proofpoint, Inc.Hierarchical risk assessment and remediation of threats in mobile networking environment
US9443073B2 (en)2013-08-082016-09-13Duo Security, Inc.System and method for verifying status of an authentication device
US8893230B2 (en)2013-02-222014-11-18Duo Security, Inc.System and method for proxying federated authentication protocols
US9338156B2 (en)2013-02-222016-05-10Duo Security, Inc.System and method for integrating two-factor authentication in a device
US9607156B2 (en)2013-02-222017-03-28Duo Security, Inc.System and method for patching a device through exploitation
US10699273B2 (en)2013-03-142020-06-30Lookout, Inc.System and method for authorizing payment transaction based on device locations
US10102570B1 (en)*2013-03-142018-10-16Consumerinfo.Com, Inc.Account vulnerability alerts
US9852416B2 (en)2013-03-142017-12-26Lookout, Inc.System and method for authorizing a payment transaction
US9406085B1 (en)2013-03-142016-08-02Consumerinfo.Com, Inc.System and methods for credit dispute processing, resolution, and reporting
US9519788B2 (en)2013-04-102016-12-13International Business Machines CorporationIdentifying security vulnerabilities related to inter-process communications
US9307412B2 (en)2013-04-242016-04-05Lookout, Inc.Method and system for evaluating security for an interactive service operation by a mobile device
CA2910954C (en)*2013-05-062017-08-01Staples, Inc.It vulnerability management system
US9053310B2 (en)2013-08-082015-06-09Duo Security, Inc.System and method for verifying status of an authentication device through a biometric profile
US9092302B2 (en)2013-09-102015-07-28Duo Security, Inc.System and method for determining component version compatibility across a device ecosystem
US9608814B2 (en)2013-09-102017-03-28Duo Security, Inc.System and method for centralized key distribution
US9642008B2 (en)2013-10-252017-05-02Lookout, Inc.System and method for creating and assigning a policy for a mobile communications device based on personal data
US9774448B2 (en)2013-10-302017-09-26Duo Security, Inc.System and methods for opportunistic cryptographic key management on an electronic device
US9477737B1 (en)2013-11-202016-10-25Consumerinfo.Com, Inc.Systems and user interfaces for dynamic access of multiple remote databases and synchronization of data based on user rules
US9125060B2 (en)*2013-11-222015-09-01At&T Mobility Ii LlcMethods, systems, and computer program products for intercepting, in a carrier network, data destined for a mobile device to determine patterns in the data
US10122747B2 (en)2013-12-062018-11-06Lookout, Inc.Response generation after distributed monitoring and evaluation of multiple devices
US9753796B2 (en)2013-12-062017-09-05Lookout, Inc.Distributed monitoring, evaluation, and response for multiple devices
US9762590B2 (en)2014-04-172017-09-12Duo Security, Inc.System and method for an integrity focused authentication service
US9195809B1 (en)*2014-08-142015-11-24Synack, Inc.Automated vulnerability and error scanner for mobile applications
US9979719B2 (en)2015-01-062018-05-22Duo Security, Inc.System and method for converting one-time passcodes to app-based authentication
US9641341B2 (en)2015-03-312017-05-02Duo Security, Inc.Method for distributed trust authentication
US9710653B2 (en)2015-04-202017-07-18SafeBreach Ltd.System and method for verifying malicious actions by utilizing virtualized elements
US9473522B1 (en)2015-04-202016-10-18SafeBreach Ltd.System and method for securing a computer system against malicious actions by utilizing virtualized elements
CA2982463C (en)2015-05-012019-03-05Lookout, Inc.Determining source of side-loaded software
US9930060B2 (en)*2015-06-012018-03-27Duo Security, Inc.Method for enforcing endpoint health standards
US9774579B2 (en)2015-07-272017-09-26Duo Security, Inc.Method for key rotation
US11032306B2 (en)2015-12-302021-06-08International Business Machines CorporationSystem, method and apparatus for fully precise hybrid security verification of mobile applications
CN105740477B (en)*2016-03-182019-03-29中国科学院信息工程研究所For the Selecting Function System method and search engine of extensive embedded device firmware
JP6690346B2 (en)*2016-03-252020-04-28日本電気株式会社 Security risk management system, server, control method, program
US10440053B2 (en)2016-05-312019-10-08Lookout, Inc.Methods and systems for detecting and preventing network connection compromise
US10333965B2 (en)2016-09-122019-06-25Qualcomm IncorporatedMethods and systems for on-device real-time adaptive security based on external threat intelligence inputs
US11522901B2 (en)*2016-09-232022-12-06OPSWAT, Inc.Computer security vulnerability assessment
US9749349B1 (en)2016-09-232017-08-29OPSWAT, Inc.Computer security vulnerability assessment
GB201617620D0 (en)*2016-10-182016-11-30Cybernetica AsComposite digital signatures
CN106919844B (en)*2017-02-142019-08-02暨南大学A kind of android system vulnerability of application program detection method
US10581802B2 (en)2017-03-162020-03-03Keysight Technologies Singapore (Sales) Pte. Ltd.Methods, systems, and computer readable media for advertising network security capabilities
CN107194262A (en)*2017-05-192017-09-22北京匡恩网络科技有限责任公司Method and device for scanning leak and generation vulnerability information storehouse
US10218697B2 (en)2017-06-092019-02-26Lookout, Inc.Use of device risk evaluation to manage access to services
GB2563618B (en)*2017-06-202020-09-16Arm Ip LtdElectronic system vulnerability assessment
US10261777B2 (en)2017-07-252019-04-16Aurora Labs Ltd.Detecting anomalies online using histograms of ECU processing activity
US10412113B2 (en)2017-12-082019-09-10Duo Security, Inc.Systems and methods for intelligently configuring computer security
EP3776319A1 (en)*2018-03-252021-02-17British Telecommunications public limited companyAccess control
US10990683B2 (en)*2018-05-252021-04-27At&T Intellectual Property I, L.P.Virtual reality for security augmentation in home and office environments
WO2020026228A1 (en)*2018-08-012020-02-06Vdoo Connected Trust Ltd.Firmware verification
US11265324B2 (en)2018-09-052022-03-01Consumerinfo.Com, Inc.User permissions for access to secure data at third-party
US11030321B2 (en)*2018-10-022021-06-08International Business Machines CorporationProcessing and evaluating data based on associated device vulnerability
US11374958B2 (en)*2018-10-312022-06-28International Business Machines CorporationSecurity protection rule prediction and enforcement
US11315179B1 (en)2018-11-162022-04-26Consumerinfo.Com, Inc.Methods and apparatuses for customized card recommendations
US11658962B2 (en)2018-12-072023-05-23Cisco Technology, Inc.Systems and methods of push-based verification of a transaction
US11238656B1 (en)2019-02-222022-02-01Consumerinfo.Com, Inc.System and method for an augmented reality experience via an artificial intelligence bot
US11949711B2 (en)2019-07-082024-04-02Caci International, Inc.Systems and methods for securing information
US11729222B2 (en)*2019-07-122023-08-15Palo Alto Research Center IncorporatedSystem and method for extracting configuration-related information for reasoning about the security and functionality of a composed internet of things system
US11941065B1 (en)2019-09-132024-03-26Experian Information Solutions, Inc.Single identifier platform for storing entity data
US11533329B2 (en)2019-09-272022-12-20Keysight Technologies, Inc.Methods, systems and computer readable media for threat simulation and threat mitigation recommendations
US11610020B2 (en)*2020-04-072023-03-21Mcafee, LlcSecuring sensitive user data stored locally by an application
US11363041B2 (en)2020-05-152022-06-14International Business Machines CorporationProtecting computer assets from malicious attacks
US11163637B1 (en)2020-09-212021-11-02Dell Products L.P.Determining server issues related to software versions using artificial intelligence techniques
US20220159028A1 (en)*2020-11-172022-05-19Bank Of America CorporationGenerating Alerts Based on Continuous Monitoring of Third Party Systems
US12010517B1 (en)2021-05-102024-06-11Zimperium, Inc.Dynamic detection for mobile device security
US11930046B2 (en)2021-06-172024-03-12Xerox CorporationSystem and method for determining vulnerability metrics for graph-based configuration security
US11841940B2 (en)*2021-07-162023-12-12Dell Products L.P.Preemptive protection against malicious array access
US12284216B2 (en)2021-09-172025-04-22Xerox CorporationSystem and method for synthesizing role-based access control assignments per a policy
US12223074B2 (en)2021-09-172025-02-11Xerox CorporationSystem and method for securing windows discretionary access control
CN114143110B (en)*2021-12-082024-04-26湖北天融信网络安全技术有限公司Vulnerability processing method, device and system of mimicry equipment
US12238132B2 (en)2022-04-222025-02-25Xerox CorporationMethod and system for facilitating a ranking score using attack volume to find optimal configurations

Citations (175)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US3416032A (en)1966-03-231968-12-10Motorola IncLamp dimming circuit
US4553257A (en)1982-04-281985-11-12Pioneer Electronic Corp.Automatic sound volume control device
US5319776A (en)1990-04-191994-06-07Hilgraeve CorporationIn transit detection of computer virus with safeguard
US5574775A (en)1993-08-041996-11-12Lucent Technologies, Inc.Universal wireless radiotelephone system
US6185689B1 (en)1998-06-242001-02-06Richard S. Carson & Assoc., Inc.Method for network self security assessment
US6269456B1 (en)1997-12-312001-07-31Network Associates, Inc.Method and system for providing automated updating and upgrading of antivirus applications using a computer network
US6272353B1 (en)1999-08-202001-08-07Siemens Information And Communication Mobile Llc.Method and system for mobile communications
US6301668B1 (en)1998-12-292001-10-09Cisco Technology, Inc.Method and system for adaptive network security using network vulnerability assessment
US20010044339A1 (en)2000-02-172001-11-22Angel CorderoMulti-player computer game, system and method
US20020042886A1 (en)2000-08-312002-04-11Pasi LahtiSoftware virus protection
US20020087483A1 (en)2000-12-292002-07-04Shlomi HarifSystem, method and program for creating and distributing processes in a heterogeneous network
US20020108058A1 (en)2001-02-082002-08-08Sony Corporation And Sony Electronics Inc.Anti-theft system for computers and other electronic devices
US6453345B2 (en)1996-11-062002-09-17Datadirect Networks, Inc.Network security and surveillance system
US20020183060A1 (en)2001-05-072002-12-05Lg Electronics Inc.Map message processing system and method for interworking between heterogeneous networks
US20020191018A1 (en)2001-05-312002-12-19International Business Machines CorporationSystem and method for implementing a graphical user interface across dissimilar platforms yet retaining similar look and feel
US20030028803A1 (en)2001-05-182003-02-06Bunker Nelson WaldoNetwork vulnerability assessment system and method
US6529143B2 (en)1998-10-232003-03-04Nokia Mobile Phones Ltd.Information retrieval system
US20030046134A1 (en)2001-08-282003-03-06Frolick Harry A.Web-based project management system
US20030079145A1 (en)2001-08-012003-04-24Networks Associates Technology, Inc.Platform abstraction layer for a wireless malware scanning engine
US20030115485A1 (en)2001-12-142003-06-19Milliken Walter ClarkHash-based systems and methods for detecting, preventing, and tracing network worms and viruses
US20030120951A1 (en)2001-12-212003-06-26Gartside Paul NicholasGenerating malware definition data for mobile computing devices
US20030131148A1 (en)2002-01-102003-07-10David KelleyCross-platform software development with a software development peripheral
US20040022258A1 (en)2002-07-302004-02-05Docomo Communications Laboratories Usa, Inc.System for providing access control platform service for private networks
US20040133624A1 (en)2003-01-062004-07-08Seung-Joon ParkMethod and apparatus for performing common call processing management using common software platform
US20040158741A1 (en)2003-02-072004-08-12Peter SchneiderSystem and method for remote virus scanning in wireless networks
US6792543B2 (en)2001-08-012004-09-14Networks Associates Technology, Inc.Virus scanning on thin client devices using programmable assembly language
US20040185900A1 (en)2003-03-202004-09-23Mcelveen WilliamCell phone with digital camera and smart buttons and methods for using the phones for security monitoring
US20040225887A1 (en)2003-05-082004-11-11O'neil Douglas R.Centralized authentication system
US20040259532A1 (en)2001-10-312004-12-23Markus IsomakiMethod for handling of messages between a terminal and a data network
US20050010821A1 (en)2003-04-292005-01-13Geoffrey CooperPolicy-based vulnerability assessment
US20050015443A1 (en)2000-10-102005-01-20Alex LevinePersonal message delivery system
US20050074106A1 (en)2002-11-142005-04-07AlcatelCall establishment method
US20050076246A1 (en)2003-10-012005-04-07Singhal Tara ChandMethod and apparatus for network security using a router based authentication system
US20050091308A1 (en)2003-09-292005-04-28Peter BookmanMobility device
US6907530B2 (en)2001-01-192005-06-14V-One CorporationSecure internet applications with mobile code
US20050130627A1 (en)2003-11-262005-06-16Benoit CalmelsAuthentication between a cellular phone and an access point of a short-range network
US20050138395A1 (en)2003-12-182005-06-23Benco David S.Network support for mobile handset anti-virus protection
US20050138413A1 (en)2003-12-112005-06-23Richard LippmannNetwork security planning architecture
US20050154796A1 (en)2002-03-062005-07-14Forsyth John M.Method of enabling a wireless information device to access data services
US20050197099A1 (en)2004-03-082005-09-08Lan-Ver Technologies Solutions Ltd.Cellular device security apparatus and method
US20050227669A1 (en)2004-04-082005-10-13Ixi Mobile (R&D) Ltd.Security key management system and method in a mobile communication network
US6959184B1 (en)1999-06-302005-10-25Lucent Technologies Inc.Method for determining the security status of transmissions in a telecommunications network
WO2005101789A1 (en)2004-04-142005-10-27Gurunath Samir KalekarA system for real-time network based vulnerability assessment of a host/device
US20050237970A1 (en)2000-09-142005-10-27Kabushiki Kaisha ToshibaPacket transfer scheme using mobile terminal and router for preventing attacks using global address
US20050254654A1 (en)2004-04-192005-11-17The Boeing CompanySecurity state vector for mobile network platform
US20050278777A1 (en)2004-06-142005-12-15Hackerproof Security, Inc.Method and system for enforcing secure network connection
US20050282533A1 (en)2004-03-222005-12-22Vadim DralukMethod and apparatus for dynamic extension of device management tree data model on a mobile
US20060026283A1 (en)2004-07-302006-02-02Trueba Luis Ruben ZSystem and method for updating software on a computer
US7020895B2 (en)1999-12-242006-03-28F-Secure OyjRemote computer virus scanning
US7023383B2 (en)1999-01-082006-04-04Trueposition, Inc.Multiple pass location processor
US20060073820A1 (en)2002-10-102006-04-06Craswell Ronald JMethod and apparatus for remote control and updating of wireless mobile devices
US20060080680A1 (en)2004-10-122006-04-13Majid AnwarPlatform independent dynamic linking
US20060095454A1 (en)2004-10-292006-05-04Texas Instruments IncorporatedSystem and method for secure collaborative terminal identity authentication between a wireless communication device and a wireless operator
US20060101518A1 (en)*2004-11-052006-05-11Schumaker Troy TMethod to generate a quantitative measurement of computer security vulnerabilities
US20060130145A1 (en)2004-11-202006-06-15Choi Byeong CSystem and method for analyzing malicious code protocol and generating harmful traffic
US7069589B2 (en)2000-07-142006-06-27Computer Associates Think, Inc..Detection of a class of viral code
US20060150256A1 (en)2004-12-032006-07-06Whitecell Software Inc. A Delaware CorporationSecure system for allowing the execution of authorized computer program code
US20060150238A1 (en)2005-01-042006-07-06Symbol Technologies, Inc.Method and apparatus of adaptive network policy management for wireless mobile computers
US20060179485A1 (en)2005-02-092006-08-10Gary LongsineIntrusion handling system and method for a packet network with dynamic network address utilization
US20060218482A1 (en)2002-04-192006-09-28Droplet Technology, Inc.Mobile imaging application, device architecture, service platform architecture and services
US20060224742A1 (en)2005-02-282006-10-05Trust DigitalMobile data security system and methods
US7123933B2 (en)2001-05-312006-10-17Orative CorporationSystem and method for remote application management of a wireless device
WO2006110181A2 (en)2004-10-292006-10-19Skyhook Wireless, Inc.Location beacon database and server, method of building location beacon database, and location based service using same
US7127455B2 (en)2002-11-122006-10-24Hewlett-Packard Development Company, L.P.Taxonomy for mobile e-services
US20060253205A1 (en)2005-05-092006-11-09Michael GardinerMethod and apparatus for tabular process control
US20060253584A1 (en)2005-05-032006-11-09Dixon Christopher JReputation of an entity associated with a content item
US20060272011A1 (en)2000-06-302006-11-30Internet Security Systems, Inc.Method and apparatus for network assessment and authentication
US20060277408A1 (en)2005-06-032006-12-07Bhat Sathyanarayana PSystem and method for monitoring and maintaining a wireless device
US20060294582A1 (en)2005-06-282006-12-28Symbol Technologies, Inc.Mobility policy manager for mobile computing devices
US20070005327A1 (en)2000-01-242007-01-04Radioscape LimitedDigital wireless basestation
US20070011319A1 (en)2002-01-152007-01-11Mcclure Stuart CSystem and method for network vulnerability detection and reporting
US20070016955A1 (en)2004-09-242007-01-18Ygor GoldbergPractical threat analysis
US20070015519A1 (en)2005-07-122007-01-18Qwest Communications International Inc.User defined location based notification for a mobile communications device systems and methods
US20070016953A1 (en)2005-06-302007-01-18Prevx LimitedMethods and apparatus for dealing with malware
US20070028303A1 (en)2005-07-292007-02-01Bit 9, Inc.Content tracking in a network security system
US20070028095A1 (en)2005-07-282007-02-01Allen David LSecurity certificate management
US20070028304A1 (en)2005-07-292007-02-01Bit 9, Inc.Centralized timed analysis in a network security system
US7178166B1 (en)2000-09-192007-02-13Internet Security Systems, Inc.Vulnerability assessment and authentication of a computer by a local scanner
US20070050471A1 (en)2005-08-312007-03-01Microsoft CorporationPortable Remoting Component With A Scaleable Feature Set
US20070067847A1 (en)*2005-09-222007-03-22AlcatelInformation system service-level security risk analysis
GB2430588A (en)2005-09-202007-03-28Alireza Mousavi KhalkhaliMultiple protocol platform for mobile applications
US20070086476A1 (en)2001-07-202007-04-19Smartmatic, Corp.Method for smart device network application infrastructure (SDNA)
US20070088948A1 (en)*2005-10-152007-04-19Huawei Technologies Co., LtdMethod for implementing security update of mobile station and a correlative reacting system
US7210168B2 (en)2001-10-152007-04-24Mcafee, Inc.Updating malware definition data for mobile data processing devices
US7228566B2 (en)2001-07-102007-06-05Core Sdi, IncorporatedAutomated computer system security compromise
US7237264B1 (en)2001-06-042007-06-26Internet Security Systems, Inc.System and method for preventing network misuse
US7236598B2 (en)2000-05-232007-06-26Invicta Networks, Inc.Systems and methods for communication protection
US20070154014A1 (en)2005-12-302007-07-05Selim AissiUsing a trusted-platform-based shared-secret derivation and WWAN infrastructure-based enrollment to establish a secure local channel
WO2007081356A2 (en)2005-02-222007-07-19Skyhook Wireless, Inc.Continuous data optimization in positioning system
US20070174472A1 (en)2006-01-202007-07-26Verimatrix, Inc.Network security system and method
US20070186282A1 (en)2006-02-062007-08-09Microsoft CorporationTechniques for identifying and managing potentially harmful web traffic
US7266810B2 (en)2002-04-092007-09-04Hewlett-Packard Development Company, Lp.Runtime profiling of platform-independent software applications
US20070214504A1 (en)2004-03-302007-09-13Paolo Milani ComparettiMethod And System For Network Intrusion Detection, Related Network And Computer Program Product
US20070240218A1 (en)2006-04-062007-10-11George TuvellMalware Detection System and Method for Mobile Platforms
US20070250627A1 (en)2006-04-212007-10-25May Robert AMethod, apparatus, signals and medium for enforcing compliance with a policy on a client computer
US20070248047A1 (en)2006-01-312007-10-25Peter ShortyHome electrical device control within a wireless mesh network
US7290276B2 (en)2003-02-062007-10-30Lenovo Singapore Pte. Ltd.Information processing apparatus for secure information recovery
US7308712B2 (en)2001-12-312007-12-11Mcafee, Inc.Automated computer vulnerability resolution system
US7308256B2 (en)2002-02-282007-12-11Ntt Docomo, Inc.Mobile communication terminal, information processing apparatus, relay server apparatus, information processing system, and information processing method
US20070293263A1 (en)2006-06-142007-12-20Hossein EslambolchiMethod and apparatus for providing multi-system cellular communications
US20070297610A1 (en)2006-06-232007-12-27Microsoft CorporationData protection for a mobile device
WO2008007111A1 (en)2006-07-142008-01-17Vodaphone Group PlcTelecommunications device security
US7325249B2 (en)2001-04-302008-01-29Aol LlcIdentifying unwanted electronic messages
US20080028470A1 (en)2006-07-252008-01-31Mark RemingtonSystems and Methods for Vulnerability Detection and Scoring with Threat Assessment
US20080046557A1 (en)2005-03-232008-02-21Cheng Joseph CMethod and system for designing, implementing, and managing client applications on mobile devices
US20080047007A1 (en)2006-08-182008-02-21Microsoft CorporationNetwork security page
US20080065507A1 (en)2006-09-122008-03-13James MorrisonInteractive digital media services
US20080072329A1 (en)2006-09-142008-03-20Interdigital Technology CorporationMethod and system for enhancing flow of behavior metrics and evaluation of security of a node
US20080070495A1 (en)2006-08-182008-03-20Michael StricklenMobile device management
US7356835B2 (en)2003-08-262008-04-08Mitel Networks CorporationSecurity monitor for PDA attached telephone
US20080086776A1 (en)2006-10-062008-04-10George TuvellSystem and method of malware sample collection on mobile networks
US20080086773A1 (en)2006-10-062008-04-10George TuvellSystem and method of reporting and visualizing malware on mobile networks
US20080092237A1 (en)*2006-10-132008-04-17Jun YoonSystem and method for network vulnerability analysis using multiple heterogeneous vulnerability scanners
US20080109871A1 (en)2006-09-132008-05-08Richard JacobsPolicy management
WO2008057737A2 (en)2006-11-072008-05-15Skyhook Wireless, Inc.System and method for estimating positioning error within a wlan-based positioning system
US7376969B1 (en)2002-12-022008-05-20Arcsight, Inc.Real time monitoring and analysis of events from multiple network security devices
US20080127336A1 (en)2006-09-192008-05-29Microsoft CorporationAutomated malware signature generation
US20080127179A1 (en)2006-09-252008-05-29Barrie Jon MossSystem and apparatus for deployment of application and content to different platforms
US20080127334A1 (en)2006-09-142008-05-29Computer Associates Think, Inc.System and method for using rules to protect against malware
US20080127171A1 (en)2006-09-152008-05-29Altiris, Inc.Method and System for Creating and Executing Generic Software Packages
US20080134281A1 (en)2006-11-302008-06-05Mcafee, Inc.Method and system for enhanced wireless network security
US20080132218A1 (en)2006-11-302008-06-05Yuval SamsonMethod and Apparatus for Starting Applications
US7386297B2 (en)2002-12-282008-06-10Curitel Communications, Inc.Mobile communication system and mobile terminal having function of inactivating mobile communication viruses, and method thereof
US20080140767A1 (en)2006-06-142008-06-12Prasad RaoDivitas description protocol and methods therefor
US20080148381A1 (en)2006-10-302008-06-19Jeffrey AaronMethods, systems, and computer program products for automatically configuring firewalls
US7392043B2 (en)2003-04-172008-06-24Ntt Docomo, Inc.API system, method and computer program product for accessing content/security analysis functionality in a mobile communication framework
US7392543B2 (en)2003-06-302008-06-24Symantec CorporationSignature extraction system and method
US7397424B2 (en)2005-02-032008-07-08Mexens Intellectual Property Holding, LlcSystem and method for enabling continuous geographic location estimation for wireless computing devices
US7397434B2 (en)2005-09-162008-07-08Samsung Electro-Mechanics Co., Ltd.Built-in antenna module of wireless communication terminal
US20080172746A1 (en)2007-01-172008-07-17Lotter Robert AMobile communication device monitoring systems and methods
US20080178294A1 (en)2006-11-272008-07-24Guoning HuWireless intrusion prevention system and method
US20080181116A1 (en)2007-01-172008-07-31Richard Thomas KavanaughQuality of service application programming interface over socket
US20080196104A1 (en)2007-02-092008-08-14George TuvellOff-line mms malware scanning system and method
US7415270B2 (en)2002-02-152008-08-19Telefonaktiebolaget L M Ericsson (Publ)Middleware services layer for platform system for mobile terminals
US20080200160A1 (en)2006-09-282008-08-21Dudley FitzpatrickApparatuses, Methods and Systems for Ambiguous Code-Triggered Information Querying and Serving on Mobile Devices
US20080209567A1 (en)*2007-02-162008-08-28Lockhart Malcolm WAssessment and analysis of software security flaws
US20080209557A1 (en)2007-02-282008-08-28Microsoft CorporationSpyware detection mechanism
US20080208950A1 (en)2004-08-192008-08-28Sk Telecom Co., Ltd.Method and Apparatus for Integrating and Managing Information of Mobile Terminal
US20080235801A1 (en)2007-03-202008-09-25Microsoft CorporationCombining assessment models and client targeting to identify network security vulnerabilities
US20080276111A1 (en)2004-09-032008-11-06Jacoby Grant ADetecting Software Attacks By Monitoring Electric Power Consumption Patterns
US20080293396A1 (en)2007-05-232008-11-27Robert John BarnesIntegrating Mobile Device Based Communication Session Recordings
US7467206B2 (en)2002-12-232008-12-16Microsoft CorporationReputation system for web services
US20080318562A1 (en)2007-03-022008-12-25Aegis Mobility, Inc.System and methods for monitoring the context associated with a mobile communication device
US7471954B2 (en)2006-02-242008-12-30Skyhook Wireless, Inc.Methods and systems for estimating a user position in a WLAN positioning system based on user assigned access point locations
US7472422B1 (en)2003-09-102008-12-30Symantec CorporationSecurity management system including feedback and control
US7502620B2 (en)2005-03-042009-03-10Shyhook Wireless, Inc.Encoding and compression of a location beacon database
US7515578B2 (en)2006-05-082009-04-07Skyhook Wireless, Inc.Estimation of position using WLAN access point radio propagation characteristics in a WLAN positioning system
US7525541B2 (en)2004-04-052009-04-28Actuality Systems, Inc.Data processing for three-dimensional displays
US7551579B2 (en)2006-05-082009-06-23Skyhook Wireless, Inc.Calculation of quality of wlan access point characterization for use in a wlan positioning system
US7551929B2 (en)2006-05-082009-06-23Skyhook Wireless, Inc.Estimation of speed and direction of travel in a WLAN positioning system using multiple position estimations
US20090199298A1 (en)2007-06-262009-08-06Miliefsky Gary SEnterprise security management for network equipment
US20090205047A1 (en)*2008-02-082009-08-13Guy PodjarnyMethod and Apparatus for Security Assessment of a Computing Platform
US20090248623A1 (en)2007-05-092009-10-01The Go Daddy Group, Inc.Accessing digital identity related reputation data
US20090293125A1 (en)2008-05-212009-11-26Symantec CorporationCentralized Scanner Database With Qptimal Definition Distribution Using Network Queries
US20100064341A1 (en)2006-03-272010-03-11Carlo AlderaSystem for Enforcing Security Policies on Mobile Communications Devices
US7685132B2 (en)2006-03-152010-03-23Mog, IncAutomatic meta-data sharing of existing media through social networking
US7696923B2 (en)2005-02-032010-04-13Mexens Intellectual Property Holding LlcSystem and method for determining geographic location of wireless computing devices
US20100100939A1 (en)2008-10-212010-04-22Flexilis, Inc.Secure mobile platform system
US20100100963A1 (en)2008-10-212010-04-22Flexilis, Inc.System and method for attack and malware prevention
US20100154032A1 (en)2008-12-122010-06-17International Business Machines CorporationSystem and Method for Classification of Unwanted or Malicious Software Through the Identification of Encrypted Data Communication
US7768963B2 (en)2006-07-072010-08-03Skyhook Wireless, Inc.System and method of improving sampling of WLAN packet information to improve estimates of Doppler frequency of a WLAN positioning device
US7774637B1 (en)2007-09-052010-08-10Mu Dynamics, Inc.Meta-instrumentation for security analysis
US20100242114A1 (en)*2009-03-202010-09-23Achilles Guard, Inc. D/B/A Critical WatchSystem and method for selecting and applying filters for intrusion protection system within a vulnerability management system
US7809353B2 (en)2006-05-182010-10-05Research In Motion LimitedAutomatic security action invocation for mobile communications device
US20100281248A1 (en)*2007-02-162010-11-04Lockhart Malcolm WAssessment and analysis of software security flaws
US7835754B2 (en)2006-05-082010-11-16Skyhook Wireless, Inc.Estimation of speed and direction of travel in a WLAN positioning system
US20100313270A1 (en)2009-06-052010-12-09The Regents Of The University Of MichiganSystem and method for detecting energy consumption anomalies and mobile malware variants
US7856373B2 (en)2006-09-142010-12-21Shah UllahTargeting content to network-enabled devices based upon stored profiles
US20100332593A1 (en)2009-06-292010-12-30Igor BarashSystems and methods for operating an anti-malware network on a cloud computing platform
US7907966B1 (en)2005-07-192011-03-15Aol Inc.System and method for cross-platform applications on a wireless phone
US20110093786A1 (en)*2004-08-122011-04-21Verizon Corporate Services Group Inc.Geographical vulnerability mitgation response mapping system
US7999742B2 (en)2008-06-062011-08-16Skyhook Wireless, Inc.System and method for using a satellite positioning system to filter WLAN access points in a hybrid positioning system
US8014788B2 (en)2006-05-082011-09-06Skyhook Wireless, Inc.Estimation of speed of travel using the dynamic signal strength variation of multiple WLAN access points
US8127358B1 (en)2007-05-302012-02-28Trend Micro IncorporatedThin client for computer security applications
US8126456B2 (en)2007-01-172012-02-28Eagency, Inc.Mobile communication device monitoring systems and methods

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US6938174B2 (en)2000-10-062005-08-30International Business Machines CorporationMethod and system with adaptive data transfer policy based on a power state of a computing device
DE10121549A1 (en)*2001-05-032002-11-14Infineon Technologies Ag Device on GaAs and manufacturing process
US7143441B2 (en)*2001-05-082006-11-28Aramira CorporationWireless device mobile application security system
US7325252B2 (en)*2001-05-182008-01-29Achilles Guard Inc.Network security testing
US7020457B2 (en)2001-05-312006-03-28Orative CorporationSystem and method for proxy-enabling a wireless device to an existing IP-based service
US7096006B2 (en)2003-03-242006-08-22Inventec Appliances Corp.Method of playing instant game on wireless network terminal device
US7386883B2 (en)*2003-07-222008-06-10International Business Machines CorporationSystems, methods and computer program products for administration of computer security threat countermeasures to a computer system
US7346922B2 (en)*2003-07-252008-03-18Netclarity, Inc.Proactive network security system to protect against hackers
US7370345B2 (en)*2004-03-022008-05-06Lenovo Singapore Pte. LtdDomain controlling systems, methods and computer program products for administration of computer security threat countermeasures to a domain of target computer systems
JP4268074B2 (en)2004-03-052009-05-27株式会社東海理化電機製作所 connector
US8458793B2 (en)*2004-07-132013-06-04International Business Machines CorporationMethods, computer program products and data structures for intrusion detection, intrusion response and vulnerability remediation across target computer systems
US20060101517A1 (en)*2004-10-282006-05-11Banzhof Carl EInventory management-based computer vulnerability resolution system
US20060095961A1 (en)*2004-10-292006-05-04Priya GovindarajanAuto-triage of potentially vulnerable network machines
EP1932385B1 (en)2005-10-042013-05-01Telefonaktiebolaget L M Ericsson (publ)Access control in radio access network having pico base stations
US7774837B2 (en)2006-06-142010-08-10Cipheroptics, Inc.Securing network traffic by distributing policies in a hierarchy over secure tunnels
CN100464992C (en)2006-07-112009-03-04黄建新Stamp material and production method thereof
US20120137369A1 (en)*2010-11-292012-05-31Infosec Co., Ltd.Mobile terminal with security functionality and method of implementing the same

Patent Citations (202)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US3416032A (en)1966-03-231968-12-10Motorola IncLamp dimming circuit
US4553257A (en)1982-04-281985-11-12Pioneer Electronic Corp.Automatic sound volume control device
US5319776A (en)1990-04-191994-06-07Hilgraeve CorporationIn transit detection of computer virus with safeguard
US5574775A (en)1993-08-041996-11-12Lucent Technologies, Inc.Universal wireless radiotelephone system
US6453345B2 (en)1996-11-062002-09-17Datadirect Networks, Inc.Network security and surveillance system
US6269456B1 (en)1997-12-312001-07-31Network Associates, Inc.Method and system for providing automated updating and upgrading of antivirus applications using a computer network
US6185689B1 (en)1998-06-242001-02-06Richard S. Carson & Assoc., Inc.Method for network self security assessment
US6529143B2 (en)1998-10-232003-03-04Nokia Mobile Phones Ltd.Information retrieval system
US6301668B1 (en)1998-12-292001-10-09Cisco Technology, Inc.Method and system for adaptive network security using network vulnerability assessment
US7023383B2 (en)1999-01-082006-04-04Trueposition, Inc.Multiple pass location processor
US6959184B1 (en)1999-06-302005-10-25Lucent Technologies Inc.Method for determining the security status of transmissions in a telecommunications network
US6272353B1 (en)1999-08-202001-08-07Siemens Information And Communication Mobile Llc.Method and system for mobile communications
US7020895B2 (en)1999-12-242006-03-28F-Secure OyjRemote computer virus scanning
US20070005327A1 (en)2000-01-242007-01-04Radioscape LimitedDigital wireless basestation
US20010044339A1 (en)2000-02-172001-11-22Angel CorderoMulti-player computer game, system and method
US7236598B2 (en)2000-05-232007-06-26Invicta Networks, Inc.Systems and methods for communication protection
US20060272011A1 (en)2000-06-302006-11-30Internet Security Systems, Inc.Method and apparatus for network assessment and authentication
US7634800B2 (en)2000-06-302009-12-15International Business Machines CorporationMethod and apparatus for network assessment and authentication
US7069589B2 (en)2000-07-142006-06-27Computer Associates Think, Inc..Detection of a class of viral code
US20070220608A1 (en)2000-08-312007-09-20F-Secure OyjSoftware virus protection
US20020042886A1 (en)2000-08-312002-04-11Pasi LahtiSoftware virus protection
US20050237970A1 (en)2000-09-142005-10-27Kabushiki Kaisha ToshibaPacket transfer scheme using mobile terminal and router for preventing attacks using global address
US7178166B1 (en)2000-09-192007-02-13Internet Security Systems, Inc.Vulnerability assessment and authentication of a computer by a local scanner
US20050015443A1 (en)2000-10-102005-01-20Alex LevinePersonal message delivery system
US20020087483A1 (en)2000-12-292002-07-04Shlomi HarifSystem, method and program for creating and distributing processes in a heterogeneous network
US6907530B2 (en)2001-01-192005-06-14V-One CorporationSecure internet applications with mobile code
US20020108058A1 (en)2001-02-082002-08-08Sony Corporation And Sony Electronics Inc.Anti-theft system for computers and other electronic devices
US7325249B2 (en)2001-04-302008-01-29Aol LlcIdentifying unwanted electronic messages
US20020183060A1 (en)2001-05-072002-12-05Lg Electronics Inc.Map message processing system and method for interworking between heterogeneous networks
US20030028803A1 (en)2001-05-182003-02-06Bunker Nelson WaldoNetwork vulnerability assessment system and method
US7123933B2 (en)2001-05-312006-10-17Orative CorporationSystem and method for remote application management of a wireless device
US20020191018A1 (en)2001-05-312002-12-19International Business Machines CorporationSystem and method for implementing a graphical user interface across dissimilar platforms yet retaining similar look and feel
US7237264B1 (en)2001-06-042007-06-26Internet Security Systems, Inc.System and method for preventing network misuse
US7228566B2 (en)2001-07-102007-06-05Core Sdi, IncorporatedAutomated computer system security compromise
US20070086476A1 (en)2001-07-202007-04-19Smartmatic, Corp.Method for smart device network application infrastructure (SDNA)
US7861303B2 (en)2001-08-012010-12-28Mcafee, Inc.Malware scanning wireless service agent system and method
US7096368B2 (en)2001-08-012006-08-22Mcafee, Inc.Platform abstraction layer for a wireless malware scanning engine
US6792543B2 (en)2001-08-012004-09-14Networks Associates Technology, Inc.Virus scanning on thin client devices using programmable assembly language
US7171690B2 (en)2001-08-012007-01-30Mcafee, Inc.Wireless malware scanning back-end system and method
US20030079145A1 (en)2001-08-012003-04-24Networks Associates Technology, Inc.Platform abstraction layer for a wireless malware scanning engine
US20040025042A1 (en)2001-08-012004-02-05Networks Associates Technology, Inc.Malware scanning user interface for wireless devices
US20030046134A1 (en)2001-08-282003-03-06Frolick Harry A.Web-based project management system
US7210168B2 (en)2001-10-152007-04-24Mcafee, Inc.Updating malware definition data for mobile data processing devices
US20040259532A1 (en)2001-10-312004-12-23Markus IsomakiMethod for handling of messages between a terminal and a data network
US20030115485A1 (en)2001-12-142003-06-19Milliken Walter ClarkHash-based systems and methods for detecting, preventing, and tracing network worms and viruses
US20030120951A1 (en)2001-12-212003-06-26Gartside Paul NicholasGenerating malware definition data for mobile computing devices
US7401359B2 (en)2001-12-212008-07-15Mcafee, Inc.Generating malware definition data for mobile computing devices
US7308712B2 (en)2001-12-312007-12-11Mcafee, Inc.Automated computer vulnerability resolution system
US20030131148A1 (en)2002-01-102003-07-10David KelleyCross-platform software development with a software development peripheral
US20060075388A1 (en)2002-01-102006-04-06Microsoft CorporationCross-platform software development with and software development peripheral
US20050125779A1 (en)2002-01-102005-06-09Microsoft CorporationCross-platform software development with a software development peripheral
US20070011319A1 (en)2002-01-152007-01-11Mcclure Stuart CSystem and method for network vulnerability detection and reporting
US7415270B2 (en)2002-02-152008-08-19Telefonaktiebolaget L M Ericsson (Publ)Middleware services layer for platform system for mobile terminals
US7308256B2 (en)2002-02-282007-12-11Ntt Docomo, Inc.Mobile communication terminal, information processing apparatus, relay server apparatus, information processing system, and information processing method
US20050154796A1 (en)2002-03-062005-07-14Forsyth John M.Method of enabling a wireless information device to access data services
US7266810B2 (en)2002-04-092007-09-04Hewlett-Packard Development Company, Lp.Runtime profiling of platform-independent software applications
US20060218482A1 (en)2002-04-192006-09-28Droplet Technology, Inc.Mobile imaging application, device architecture, service platform architecture and services
US20040022258A1 (en)2002-07-302004-02-05Docomo Communications Laboratories Usa, Inc.System for providing access control platform service for private networks
US20060073820A1 (en)2002-10-102006-04-06Craswell Ronald JMethod and apparatus for remote control and updating of wireless mobile devices
US7127455B2 (en)2002-11-122006-10-24Hewlett-Packard Development Company, L.P.Taxonomy for mobile e-services
US20050074106A1 (en)2002-11-142005-04-07AlcatelCall establishment method
US7376969B1 (en)2002-12-022008-05-20Arcsight, Inc.Real time monitoring and analysis of events from multiple network security devices
US7467206B2 (en)2002-12-232008-12-16Microsoft CorporationReputation system for web services
US7386297B2 (en)2002-12-282008-06-10Curitel Communications, Inc.Mobile communication system and mobile terminal having function of inactivating mobile communication viruses, and method thereof
US20040133624A1 (en)2003-01-062004-07-08Seung-Joon ParkMethod and apparatus for performing common call processing management using common software platform
US7290276B2 (en)2003-02-062007-10-30Lenovo Singapore Pte. Ltd.Information processing apparatus for secure information recovery
US20040158741A1 (en)2003-02-072004-08-12Peter SchneiderSystem and method for remote virus scanning in wireless networks
US20040185900A1 (en)2003-03-202004-09-23Mcelveen WilliamCell phone with digital camera and smart buttons and methods for using the phones for security monitoring
US7392043B2 (en)2003-04-172008-06-24Ntt Docomo, Inc.API system, method and computer program product for accessing content/security analysis functionality in a mobile communication framework
US20050010821A1 (en)2003-04-292005-01-13Geoffrey CooperPolicy-based vulnerability assessment
US20040225887A1 (en)2003-05-082004-11-11O'neil Douglas R.Centralized authentication system
US7392543B2 (en)2003-06-302008-06-24Symantec CorporationSignature extraction system and method
US7356835B2 (en)2003-08-262008-04-08Mitel Networks CorporationSecurity monitor for PDA attached telephone
US7472422B1 (en)2003-09-102008-12-30Symantec CorporationSecurity management system including feedback and control
US20050091308A1 (en)2003-09-292005-04-28Peter BookmanMobility device
US20050076246A1 (en)2003-10-012005-04-07Singhal Tara ChandMethod and apparatus for network security using a router based authentication system
US20050130627A1 (en)2003-11-262005-06-16Benoit CalmelsAuthentication between a cellular phone and an access point of a short-range network
US20050138413A1 (en)2003-12-112005-06-23Richard LippmannNetwork security planning architecture
US20050138395A1 (en)2003-12-182005-06-23Benco David S.Network support for mobile handset anti-virus protection
US20050197099A1 (en)2004-03-082005-09-08Lan-Ver Technologies Solutions Ltd.Cellular device security apparatus and method
US20050282533A1 (en)2004-03-222005-12-22Vadim DralukMethod and apparatus for dynamic extension of device management tree data model on a mobile
US20070214504A1 (en)2004-03-302007-09-13Paolo Milani ComparettiMethod And System For Network Intrusion Detection, Related Network And Computer Program Product
US7525541B2 (en)2004-04-052009-04-28Actuality Systems, Inc.Data processing for three-dimensional displays
US20050227669A1 (en)2004-04-082005-10-13Ixi Mobile (R&D) Ltd.Security key management system and method in a mobile communication network
WO2005101789A1 (en)2004-04-142005-10-27Gurunath Samir KalekarA system for real-time network based vulnerability assessment of a host/device
US20050254654A1 (en)2004-04-192005-11-17The Boeing CompanySecurity state vector for mobile network platform
US20050278777A1 (en)2004-06-142005-12-15Hackerproof Security, Inc.Method and system for enforcing secure network connection
US20060026283A1 (en)2004-07-302006-02-02Trueba Luis Ruben ZSystem and method for updating software on a computer
US20110093786A1 (en)*2004-08-122011-04-21Verizon Corporate Services Group Inc.Geographical vulnerability mitgation response mapping system
US20080208950A1 (en)2004-08-192008-08-28Sk Telecom Co., Ltd.Method and Apparatus for Integrating and Managing Information of Mobile Terminal
US20080276111A1 (en)2004-09-032008-11-06Jacoby Grant ADetecting Software Attacks By Monitoring Electric Power Consumption Patterns
US20070016955A1 (en)2004-09-242007-01-18Ygor GoldbergPractical threat analysis
US20060080680A1 (en)2004-10-122006-04-13Majid AnwarPlatform independent dynamic linking
US7433694B2 (en)2004-10-292008-10-07Skyhook Wireless, Inc.Location beacon database
US7414988B2 (en)2004-10-292008-08-19Skyhook Wireless, Inc.Server for updating location beacon database
US7818017B2 (en)2004-10-292010-10-19Skyhook Wireless, Inc.Location-based services that choose location algorithms based on number of detected wireless signal stations within range of user device
US7403762B2 (en)2004-10-292008-07-22Skyhook Wireless, Inc.Method and system for building a location beacon database
US7769396B2 (en)2004-10-292010-08-03Skyhook Wireless, Inc.Location-based services that choose location algorithms based on number of detected access points within range of user device
US7305245B2 (en)2004-10-292007-12-04Skyhook Wireless, Inc.Location-based services that choose location algorithms based on number of detected access points within range of user device
WO2006110181A2 (en)2004-10-292006-10-19Skyhook Wireless, Inc.Location beacon database and server, method of building location beacon database, and location based service using same
US8031657B2 (en)2004-10-292011-10-04Skyhook Wireless, Inc.Server for updating location beacon database
US20060095454A1 (en)2004-10-292006-05-04Texas Instruments IncorporatedSystem and method for secure collaborative terminal identity authentication between a wireless communication device and a wireless operator
US20060101518A1 (en)*2004-11-052006-05-11Schumaker Troy TMethod to generate a quantitative measurement of computer security vulnerabilities
US20060130145A1 (en)2004-11-202006-06-15Choi Byeong CSystem and method for analyzing malicious code protocol and generating harmful traffic
US20060150256A1 (en)2004-12-032006-07-06Whitecell Software Inc. A Delaware CorporationSecure system for allowing the execution of authorized computer program code
US20060150238A1 (en)2005-01-042006-07-06Symbol Technologies, Inc.Method and apparatus of adaptive network policy management for wireless mobile computers
US7696923B2 (en)2005-02-032010-04-13Mexens Intellectual Property Holding LlcSystem and method for determining geographic location of wireless computing devices
US7397424B2 (en)2005-02-032008-07-08Mexens Intellectual Property Holding, LlcSystem and method for enabling continuous geographic location estimation for wireless computing devices
US20060179485A1 (en)2005-02-092006-08-10Gary LongsineIntrusion handling system and method for a packet network with dynamic network address utilization
US7474897B2 (en)2005-02-222009-01-06Skyhook Wireless, Inc.Continuous data optimization by filtering and positioning systems
US7493127B2 (en)2005-02-222009-02-17Skyhook Wireless, Inc.Continuous data optimization of new access points in positioning systems
WO2007081356A2 (en)2005-02-222007-07-19Skyhook Wireless, Inc.Continuous data optimization in positioning system
US20060224742A1 (en)2005-02-282006-10-05Trust DigitalMobile data security system and methods
US7502620B2 (en)2005-03-042009-03-10Shyhook Wireless, Inc.Encoding and compression of a location beacon database
US20080046557A1 (en)2005-03-232008-02-21Cheng Joseph CMethod and system for designing, implementing, and managing client applications on mobile devices
US20060253584A1 (en)2005-05-032006-11-09Dixon Christopher JReputation of an entity associated with a content item
US20060253205A1 (en)2005-05-092006-11-09Michael GardinerMethod and apparatus for tabular process control
US20060277408A1 (en)2005-06-032006-12-07Bhat Sathyanarayana PSystem and method for monitoring and maintaining a wireless device
US20060294582A1 (en)2005-06-282006-12-28Symbol Technologies, Inc.Mobility policy manager for mobile computing devices
US20070016953A1 (en)2005-06-302007-01-18Prevx LimitedMethods and apparatus for dealing with malware
US20070015519A1 (en)2005-07-122007-01-18Qwest Communications International Inc.User defined location based notification for a mobile communications device systems and methods
US7907966B1 (en)2005-07-192011-03-15Aol Inc.System and method for cross-platform applications on a wireless phone
US20070028095A1 (en)2005-07-282007-02-01Allen David LSecurity certificate management
US20070028303A1 (en)2005-07-292007-02-01Bit 9, Inc.Content tracking in a network security system
US20070028304A1 (en)2005-07-292007-02-01Bit 9, Inc.Centralized timed analysis in a network security system
US20070050471A1 (en)2005-08-312007-03-01Microsoft CorporationPortable Remoting Component With A Scaleable Feature Set
US7397434B2 (en)2005-09-162008-07-08Samsung Electro-Mechanics Co., Ltd.Built-in antenna module of wireless communication terminal
GB2430588A (en)2005-09-202007-03-28Alireza Mousavi KhalkhaliMultiple protocol platform for mobile applications
US20070067847A1 (en)*2005-09-222007-03-22AlcatelInformation system service-level security risk analysis
US20070088948A1 (en)*2005-10-152007-04-19Huawei Technologies Co., LtdMethod for implementing security update of mobile station and a correlative reacting system
US20070154014A1 (en)2005-12-302007-07-05Selim AissiUsing a trusted-platform-based shared-secret derivation and WWAN infrastructure-based enrollment to establish a secure local channel
US20070174472A1 (en)2006-01-202007-07-26Verimatrix, Inc.Network security system and method
US20070248047A1 (en)2006-01-312007-10-25Peter ShortyHome electrical device control within a wireless mesh network
US20070186282A1 (en)2006-02-062007-08-09Microsoft CorporationTechniques for identifying and managing potentially harmful web traffic
US7471954B2 (en)2006-02-242008-12-30Skyhook Wireless, Inc.Methods and systems for estimating a user position in a WLAN positioning system based on user assigned access point locations
US7685132B2 (en)2006-03-152010-03-23Mog, IncAutomatic meta-data sharing of existing media through social networking
US20100064341A1 (en)2006-03-272010-03-11Carlo AlderaSystem for Enforcing Security Policies on Mobile Communications Devices
US20070240221A1 (en)2006-04-062007-10-11George TuvellNon-Signature Malware Detection System and Method for Mobile Platforms
US20070240222A1 (en)2006-04-062007-10-11George TuvellSystem and Method for Managing Malware Protection on Mobile Devices
US20070240218A1 (en)2006-04-062007-10-11George TuvellMalware Detection System and Method for Mobile Platforms
US20070250627A1 (en)2006-04-212007-10-25May Robert AMethod, apparatus, signals and medium for enforcing compliance with a policy on a client computer
US8014788B2 (en)2006-05-082011-09-06Skyhook Wireless, Inc.Estimation of speed of travel using the dynamic signal strength variation of multiple WLAN access points
US7515578B2 (en)2006-05-082009-04-07Skyhook Wireless, Inc.Estimation of position using WLAN access point radio propagation characteristics in a WLAN positioning system
US7551579B2 (en)2006-05-082009-06-23Skyhook Wireless, Inc.Calculation of quality of wlan access point characterization for use in a wlan positioning system
US7551929B2 (en)2006-05-082009-06-23Skyhook Wireless, Inc.Estimation of speed and direction of travel in a WLAN positioning system using multiple position estimations
US8090386B2 (en)2006-05-082012-01-03Skyhook Wireless, Inc.Estimation of speed and direction of travel in a WLAN positioning system
US7916661B2 (en)2006-05-082011-03-29Skyhook Wireless, Inc.Estimation of position using WLAN access point radio propagation characteristics in a WLAN positioning system
US7835754B2 (en)2006-05-082010-11-16Skyhook Wireless, Inc.Estimation of speed and direction of travel in a WLAN positioning system
US7809353B2 (en)2006-05-182010-10-05Research In Motion LimitedAutomatic security action invocation for mobile communications device
US20080140767A1 (en)2006-06-142008-06-12Prasad RaoDivitas description protocol and methods therefor
US20070293263A1 (en)2006-06-142007-12-20Hossein EslambolchiMethod and apparatus for providing multi-system cellular communications
US20070297610A1 (en)2006-06-232007-12-27Microsoft CorporationData protection for a mobile device
US7768963B2 (en)2006-07-072010-08-03Skyhook Wireless, Inc.System and method of improving sampling of WLAN packet information to improve estimates of Doppler frequency of a WLAN positioning device
WO2008007111A1 (en)2006-07-142008-01-17Vodaphone Group PlcTelecommunications device security
US20080028470A1 (en)2006-07-252008-01-31Mark RemingtonSystems and Methods for Vulnerability Detection and Scoring with Threat Assessment
US20080070495A1 (en)2006-08-182008-03-20Michael StricklenMobile device management
US20080047007A1 (en)2006-08-182008-02-21Microsoft CorporationNetwork security page
US20080065507A1 (en)2006-09-122008-03-13James MorrisonInteractive digital media services
US20080109871A1 (en)2006-09-132008-05-08Richard JacobsPolicy management
US20080127334A1 (en)2006-09-142008-05-29Computer Associates Think, Inc.System and method for using rules to protect against malware
US20080072329A1 (en)2006-09-142008-03-20Interdigital Technology CorporationMethod and system for enhancing flow of behavior metrics and evaluation of security of a node
US7856373B2 (en)2006-09-142010-12-21Shah UllahTargeting content to network-enabled devices based upon stored profiles
US20080127171A1 (en)2006-09-152008-05-29Altiris, Inc.Method and System for Creating and Executing Generic Software Packages
US20080127336A1 (en)2006-09-192008-05-29Microsoft CorporationAutomated malware signature generation
US20080127179A1 (en)2006-09-252008-05-29Barrie Jon MossSystem and apparatus for deployment of application and content to different platforms
US20080200160A1 (en)2006-09-282008-08-21Dudley FitzpatrickApparatuses, Methods and Systems for Ambiguous Code-Triggered Information Querying and Serving on Mobile Devices
US20080086776A1 (en)2006-10-062008-04-10George TuvellSystem and method of malware sample collection on mobile networks
US20080086773A1 (en)2006-10-062008-04-10George TuvellSystem and method of reporting and visualizing malware on mobile networks
US20080092237A1 (en)*2006-10-132008-04-17Jun YoonSystem and method for network vulnerability analysis using multiple heterogeneous vulnerability scanners
US20080148381A1 (en)2006-10-302008-06-19Jeffrey AaronMethods, systems, and computer program products for automatically configuring firewalls
US7856234B2 (en)2006-11-072010-12-21Skyhook Wireless, Inc.System and method for estimating positioning error within a WLAN-based positioning system
US8019357B2 (en)2006-11-072011-09-13Skyhook Wireless, Inc.System and method for estimating positioning error within a WLAN-based positioning system
WO2008057737A2 (en)2006-11-072008-05-15Skyhook Wireless, Inc.System and method for estimating positioning error within a wlan-based positioning system
US20080178294A1 (en)2006-11-272008-07-24Guoning HuWireless intrusion prevention system and method
US20080134281A1 (en)2006-11-302008-06-05Mcafee, Inc.Method and system for enhanced wireless network security
US20080132218A1 (en)2006-11-302008-06-05Yuval SamsonMethod and Apparatus for Starting Applications
US8126456B2 (en)2007-01-172012-02-28Eagency, Inc.Mobile communication device monitoring systems and methods
US20080172746A1 (en)2007-01-172008-07-17Lotter Robert AMobile communication device monitoring systems and methods
US20080181116A1 (en)2007-01-172008-07-31Richard Thomas KavanaughQuality of service application programming interface over socket
US20080196104A1 (en)2007-02-092008-08-14George TuvellOff-line mms malware scanning system and method
US20080209567A1 (en)*2007-02-162008-08-28Lockhart Malcolm WAssessment and analysis of software security flaws
US20100281248A1 (en)*2007-02-162010-11-04Lockhart Malcolm WAssessment and analysis of software security flaws
US20080209557A1 (en)2007-02-282008-08-28Microsoft CorporationSpyware detection mechanism
US20080318562A1 (en)2007-03-022008-12-25Aegis Mobility, Inc.System and methods for monitoring the context associated with a mobile communication device
US20080235801A1 (en)2007-03-202008-09-25Microsoft CorporationCombining assessment models and client targeting to identify network security vulnerabilities
US20090248623A1 (en)2007-05-092009-10-01The Go Daddy Group, Inc.Accessing digital identity related reputation data
US20080293396A1 (en)2007-05-232008-11-27Robert John BarnesIntegrating Mobile Device Based Communication Session Recordings
US8127358B1 (en)2007-05-302012-02-28Trend Micro IncorporatedThin client for computer security applications
US20090199298A1 (en)2007-06-262009-08-06Miliefsky Gary SEnterprise security management for network equipment
US7774637B1 (en)2007-09-052010-08-10Mu Dynamics, Inc.Meta-instrumentation for security analysis
US20090205047A1 (en)*2008-02-082009-08-13Guy PodjarnyMethod and Apparatus for Security Assessment of a Computing Platform
US20090293125A1 (en)2008-05-212009-11-26Symantec CorporationCentralized Scanner Database With Qptimal Definition Distribution Using Network Queries
US8054219B2 (en)2008-06-062011-11-08Skyhook Wireless, Inc.Systems and methods for determining position using a WLAN-PS estimated position as an initial position in a hybrid positioning system
US7999742B2 (en)2008-06-062011-08-16Skyhook Wireless, Inc.System and method for using a satellite positioning system to filter WLAN access points in a hybrid positioning system
US8089399B2 (en)2008-06-062012-01-03Skyhook Wireless, Inc.System and method for refining a WLAN-PS estimated location using satellite measurements in a hybrid positioning system
US8089398B2 (en)2008-06-062012-01-03Skyhook Wireless, Inc.Methods and systems for stationary user detection in a hybrid positioning system
US20100100939A1 (en)2008-10-212010-04-22Flexilis, Inc.Secure mobile platform system
US20100100963A1 (en)2008-10-212010-04-22Flexilis, Inc.System and method for attack and malware prevention
US20100154032A1 (en)2008-12-122010-06-17International Business Machines CorporationSystem and Method for Classification of Unwanted or Malicious Software Through the Identification of Encrypted Data Communication
US20100242114A1 (en)*2009-03-202010-09-23Achilles Guard, Inc. D/B/A Critical WatchSystem and method for selecting and applying filters for intrusion protection system within a vulnerability management system
US20100313270A1 (en)2009-06-052010-12-09The Regents Of The University Of MichiganSystem and method for detecting energy consumption anomalies and mobile malware variants
US20100332593A1 (en)2009-06-292010-12-30Igor BarashSystems and methods for operating an anti-malware network on a cloud computing platform

Non-Patent Citations (60)

* Cited by examiner, † Cited by third party
Title
"Android Cloud to Device Messaging Framework," Google Code Labs, available at <http://code.google.com/android/c2dm/>, retrieved Sep. 14, 2011, 9 pages.
"Berry Locaior", 2007, Mobireport LLC, 1 page.
"BlackBerry Push Service Overview," Dec. 16, 2009, available at <http://us.blackberry.com/developers/platform/.pushapi.jsp#tab_tab_resources>, retrieved Sep. 14, 2011, 21 pages.
"eSoft unveils SiteFiller 3.0 for OEMs," Infosecurity, Mar. 23, 2010, available at <http://www.infosecurity-magazine.com/view/82731esoft-unveils-sitefilter-30-for-oems/>.
"Firefox", Wikipedia, Jul. 20, 2011, available at <http://cn.wikidpedia.org/wiki/firefox> Retrieved Aug. 10, 2011, 37 Pages.
"F-Secure Mobile Security for S60 Users Guide", F-Secure Corporation 2009, pp. 1-34.
"Get the Physical Location of Wireless Router From its MAC Address (BSSID)," Coderrr, Sep. 10, 2008, available at<http://codermwordpress.com/2008/09/10/get-the-physical-location-of-wireless-router-from-its-mac-address-bssidt>, retrieved Mar. 30, 2012, 13 pages.
"Hooking—Wikipedia, the Free Encyclopedia," Internet Archive Wayback Machine, Apr. 13, 2010, available at <http://web.archive.org/web/20100415154752/http://en.wikipedia.org/wiki/Hooking>, retrieved Mar. 30, 2012, 6 pages.
"Java Vxrtual Machine", Wikipedia, Aug. 7, 2011, Available at <http://en.wikipedia.org/wikilJava_Virtual_Machine> Retrieved Aug. 10, 2011, 7 pages.
"Kaspersky Mobile Security", Kaspersky Lab 1997-2007, 1 page.
"Kaspersky Mobile Security", Kaspersky Lab 2008, available at <http://www.kaspersky.com/ kaspersky_mobile_security> Retrieved Sep. 11, 2008, 2 Pages.
"Norton Smartphone Security", Symantec, 2007, Available at <http://www.symantec.com/norton/smartphone-security> Retrieved Oct. 21, 2008, 2 pages.
"PhoncBak PDA Phone Anti-theft software for your PDA phone", 2007, Bak2u Pte Ltd (Singapore) pp. 1-4.
"PhoneBak: Mobile Phone Theft Recovery Software", 2007, Westin Tech.
"Pidgin the Universal Chat Client," Pidign, available at <http://www.pidgin.im/>, retrieved Sep. 14, 2011, 14 pages.
"Symantec Endpoint Protection", Symantec, 2008, Available at <http://www.symantec.com/business/products/family.jsp?familyid=endpointsecurity>, 6 pages.
"Symantec Mobile Security Suite for Windows Mobile", Symantec, 2008 Available at <http://www.symantec.com/ business/products/sysreq.jsp?pcid=2241&pvid=mobile_security_suite_1>, 5 pages.
"TippingPoint Security Management System (SMS)", TippingPoint, Available at <http://www.tippingpoint.com/ products__sms.html>, 2 pages.
"Twilio Cloud Communications Web Service Api for Building Voice and Sms Applications," Twilio available at <http://.www.twilio.com>, retrieved Sep. 14, 2011, 12 pages.
"Understanding Direct Push," Microsoft, Feb. 18, 2009, available at <http://technet.microsoft.com/en-us/library/.aa997252(v=exchg.80).aspx>, retrieved Mar. 30, 2012, 3 pages.
"Urban Airship: Powering Modern Mobile." available at <http://urbanairship.com/products/>, retrieved Sep. 16, 2011, 14 pages.
"zVeloDB URL Database," zVelo, available at <https:/Izvelo.com/technology/zvelodb-url-database>, retrieved Mar. 30, 2012, 2 pages.
Amazon.com: Mining the Web Discovering Knowledge from Hypertext Data (9781558607545): Soumen Chakrabarti: Books, Amazon available at <http://www.amazon.com/exec/obidos/Asin/1558607544/>, retrieved Jun. 7, 2012, pp. 1-7.
Clickatell, available at <http://www.clickatell.com>, retrieved Sep. 14, 2011, 11 pages.
Diligenti, M., et al., Focused Crawling Using Context Graphs:, Proceedings of the 26th VLDB Conference, Cairo, Egypt, 2000, pp. 1-8.
Dolcourt. Jessica; Dashwire: Manage Your Cell Phone on the Web, News Blog, with Jessica Dolocourt, Oct. 29, 2007, 5:00am PDT <http://news.cnet.com/8301-10784_3-9805657-7.html> retrieved Jun. 15, 2009; pp. 1-3.
Fette, Ian "Understanding Phishing and Malware Protection in Google Chrome," the Chromium Blog, Nov. 14, 2008, available at <http://blog_chrounium_org/2008/11/understanding-phishing-and-malware.htm>, retrieved May 17, 2011, 6 pages.
Fisher, Oliver "Malware? We Don't Need No Stinking Malwarel," Google, Oct. 24, 2008, available at <http://googlewebmastercentral.blogspot.com/2008/10/malware-we-dont-need-no-stinking.html>, retrieved Mar. 30, 2012, 11 pages.
Grafio "Stay Secure", Opera Software, Sep. 29, 2008, Available at <http://widgets.opera.com/widget/4495> Retrieved Oct. 21, 2008, 4 pages.
Jefferies, Charles P. "Webroot AntiVirus 2010 With Spy Sweeper Review," Notebook Review, Jun. 22, 2010,.available at <http://http://www_notebookreview.com/default.asp?newsID=5700&review=Webroot+AntiVirus+2010+With+Spy+Sweeper+Review>, retrieved May 18, 2011, 3 pages.
Keane, Justin K. "Using the Google Safe Browsing API from PHP," Mad Irish, Aug. 7, 2009, available at <http://www.madirish.net/node/245>, retrieved Mar. 30, 2012, 5 pages.
Kincaid, Jason "Urban Airship Brings Easy Push Notifications to Android," TechCrunch, Aug. 10, 2010, available at.<http://techcrunch.com/2010/08/10/urban-airship-brings-easy-push-notifications-to-android/>, retrieved Jun. 16, 2011, 5 pages.
McAfee, Internet Archive, Way Back Machine, available at <http://web.archive.org/web/20080517102505/www.mcafeesecure.com/us/technology-intro.jsp<, retrieved Feb. 23, 2011, 2 pages.
MobileWipe web page, pp. 1-4.
Mytton, David "How to Build an Apple Push Notification Provider Server (Tutorial)," Server Density, Jul. 10, 2009,.available at <http://blog.serverdensity.com/2009/07/10/how-to-build-an-apple-push-notification-provider-server-tutorial/ >, retrieved Apr. 2, 2012, 33 pages.
PagerDuty, available at <http://www.pagerduty.com>, retrieved Sep. 14, 2011, 23 pages.
PCT International Search Report and Written Opinion of the International Searching Authority for PCT/US2009/061370; Mailed on Dec. 14, 2009; pp. 1-12.
PCT International Search Report and Written Opinion of the International Searching Authority for PCT/US2009/061372; Mailed on Mar. 24, 2010; pp. 1-16.
PCT International Search Report and Written Opinion of the International Searching Authority for PCT/US2011/049182; Mailed on Dec. 23, 2011; pp. 1-11.
Pogue, David "Simplifying the Lives of Web Users," the New York Times, Aug. 18, 2010, available at <http://www.nytimes.com/2010108/19/technology/personaltech119pogue.html>, retrieved May 17, 2011, 5 pages.
Prey, available at <http://preyproject.com/>, retrieved Jan. 10, 2012, 4 pages.
Qualys, "Executive Dashbard," Internet Archive, Way Back Machine, available at <http://web.archive.org/web/20080507161417/ www.qualys.com/products/screens/?screen=Executive + Dashboard>, retrieved Feb. 23, 2011, 1 page.
Qualys, "Vulnerability Management," Internet Archive, Way Back Machine, available at <http://web.archive.org/web/20080611095201/www.qualys.com/solutions/vulnerability_management> retrieved Feb. 24, 2011, 1 page.
Reardon, Marguerite "Mobile Phones That Track Your Buddies," Cnet, Nov. 14, 2006, available at <http://news.cnet.com/Mobile-phones-that-track-your-buddies/2100-1039_3-6l35209.html>, retrieved Mar. 30, 2012, 4 pages.
Richardson, Alexis "Introduction to RabbitMQ," Google UK, Sep. 25, 2008, available at <http://www.rabbitmq.com/resources/google-tech-talk-final/alexis-google-rabbitmq-talk.pdf>, retrieved Mar. 30, 2012, 33 pages.
Surmmerson, Cameron "5 Android Antivirus Apps Compared, Find Out Which Ones Are Worth Having!," Android Headlines, Mar. 8, 2011, available at <http://androidheadlines.com/2011/03/5-android-antivirus-apps-comapred-findout-which-ones-are-worth-having.html>, retrieved Mar. 30, 2012, 9 pages.
Ten, Joe, "Norton 360 Version 3.0 Review," Mar. 9, 2009, available at <http://techielobang.com/blog/2009/03/09/norton-360-version-30-review/> retrieved Feb. 23, 2011, 12 pages.
U.S. Appl. No. 11/397,521.
U.S. Appl. No. 12/255,514. Prosecution history available via USPTO (including Office Action dated Apr. 14, 2011).
U.S. Appl. No. 12/255,621. Prosecution history available via USPTO (including Office Action dated Apr. 13, 2011).
U.S. Appl. No. 12/255,626. Prosecution history available via USPTO (including Office Action dated Feb. 1, 2011).
U.S. Appl. No. 12/255,632. Prosecution history available via USPTO (including Office Action dated Apr. 13, 2011).
U.S. Appl. No. 12/255,635. Prosecution history available Via USPTO (including Office Action dated Mar. 24, 2011).
U.S. Appl. No. 13/284,248.
U.S. Appl. No. 13/313,937.
U.S. Appl. No. 13/314,032.
U.S. Appl. No. 13/333,654.
U.S. Appl. No. 13/335,779.
U.S. Appl. No. 13/410,979.
Windows Update, Internet Archive, Way Back Machine, available at <http://web.archive.org/web/20071022193017/http://en.wikipedia.org/wiki/Windows_Update> retrieved Feb. 23, 2011, 3 pages.

Also Published As

Publication numberPublication date
US20110119765A1 (en)2011-05-19
USRE48669E1 (en)2021-08-03
USRE47757E1 (en)2019-12-03
USRE46768E1 (en)2018-03-27
US8397301B2 (en)2013-03-12

Similar Documents

PublicationPublication DateTitle
USRE49634E1 (en)System and method for determining the risk of vulnerabilities on a mobile communications device
US9055090B2 (en)Network based device security and controls
US9407640B2 (en)Assessing a security state of a mobile communications device to determine access to specific tasks
US9307412B2 (en)Method and system for evaluating security for an interactive service operation by a mobile device
US8984628B2 (en)System and method for adverse mobile application identification
US20140380478A1 (en)User centric fraud detection
WO2018140271A1 (en)Security via adaptive threat modeling
US9973513B2 (en)Method and apparatus for communication number update
WO2015007231A1 (en)Method and device for identification of malicious url
US12341778B2 (en)Di chip, smartphone, system, and operating method
EP2661852A1 (en)Limiting virulence of malicious messages using a proxy server
US12008105B2 (en)Protected QR code scanner using operational system override
US10089477B2 (en)Text message management
WO2020000753A1 (en)Device security monitoring method and apparatus
US12346436B2 (en)DI chip, communication device, system, and operating method
US11438339B2 (en)Method and system for synchronously generated security waiver interface
US20240104200A1 (en)Systems and methods for identity and access risk reduction informed by risk signaling and device posture
WO2025048898A1 (en)Method for filtering unauthenticated uri&#39;s in electronic messages
BhuiyanYet Another Symbian Vulnerability Update
HK1097673B (en)Method and system for detecting malicious wireless applications

Legal Events

DateCodeTitleDescription
FEPPFee payment procedure

Free format text:ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

ASAssignment

Owner name:LOOKOUT, INC., CALIFORNIA

Free format text:CHANGE OF NAME;ASSIGNOR:FLEXILIS, INC.;REEL/FRAME:057177/0668

Effective date:20100111

Owner name:FLEXILIS, INC., CALIFORNIA

Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:HERING, JOHN G.;MAHAFFEY, KEVIN;BURGESS, JAMES;REEL/FRAME:057177/0711

Effective date:20091118

FEPPFee payment procedure

Free format text:ENTITY STATUS SET TO SMALL (ORIGINAL EVENT CODE: SMAL); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

ASAssignment

Owner name:MIDCAP FINANCIAL TRUST, MARYLAND

Free format text:SECURITY INTEREST;ASSIGNOR:LOOKOUT, INC.;REEL/FRAME:068538/0177

Effective date:20240612

MAFPMaintenance fee payment

Free format text:PAYMENT OF MAINTENANCE FEE, 12TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2553); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

Year of fee payment:12
[8]ページ先頭
©2009-2025 Movatter.jp