Abstract: Computer systems and methods to protect user credential against phishing with security measures applied based on determination of phishing risks of locations being visited, phishing susceptibility of users, roles of users, verification of senders of messages, and/or the timing of stages in accessing and interacting with the locations. For example, when a site is unclassified at the onset of being accessed by a user device, security measures can be selectively applied to allow the site to be initially viewed on the user device, but disallow some user interactions to reduce phishing risk. For example, a response to a domain name system (DNS) request can be customized based on a user risk level. For example, a message can be displayed without a profile picture of a contact of a user when the sender of the message appears to be the contact but cannot be verified to be the contact.
Abstract: A mobile communications device is provided with a tagging module that tags outgoing communications. Upon receiving the tagged communication, a communications provider requests from a registered owner service identified in the tag whether the mobile communications device identified in the tag is registered with the registered owner service. Upon receiving confirmation from the registered owner service that the mobile communications device is registered with the service, the communications provider provides information regarding the location of the mobile communications device to the registered owner service.
Abstract: Based on context received regarding a computing device and a security policy, a computing device evaluates a request by an application program to determine whether or not to allow the establishment of an application connection.
Type:
Application
Filed:
May 6, 2022
Publication date:
August 18, 2022
Applicant:
LOOKOUT, INC.
Inventors:
Kevin Patrick Mahaffey, Timothy Strazzere, Brian James Buck
Abstract: Techniques for DNS prefetching based on application or contextual triggers to increase security in prefetching. The techniques can include storing historical DNS information from sources of DNS information. The historical DNS information can include historical DNS requests and triggering events correlated to the historical DNS requests. The techniques can also include identifying, by a processor or one or more sensors, an occurrence of a triggering event. The techniques can also include, in response to identifying the occurrence of the triggering event, resolving one or more answers to one or more DNS requests correlated with the triggering event based on the stored historical DNS information. The techniques can also include storing the one or more answers for later use by requesters.
Abstract: Methods and systems provide for receiving an assessment of a full uniform resource locator (URL) in a browser session in advance of the browser accessing the URL, maintaining client privacy in the process using a proxy between the client device and an assessment component on a server. The proxy receives the client identity and a URL. After substituting an arbitrary query identifier for the client identity in the assessment request, the proxy forwards the anonymized assessment request to the assessment component. In return the proxy receives classification data regarding the URL associated with the arbitrary query identifier, which the proxy associates with the client identity and subsequently forwards the classification data to the client.
Type:
Application
Filed:
March 14, 2022
Publication date:
June 30, 2022
Applicant:
Lookout, Inc.
Inventors:
Brian James Buck, Stephen Lind, Brian Sullivan
Abstract: Techniques for deployment of policies to computing devices are described herein. The techniques can include a server deploying a passive policy to the computing devices. After deploying the passive policy, data is collected from each of the computing devices regarding operation of the computing device. The server monitors, based on comparing the passive policy to the collected data, compliance of each computing device with the passive policy. The server determines, based on the monitoring, a set of the computing devices that exhibit a policy violation associated with the passive policy. The server deploys an active policy to the set of computing devices. The active policy corresponds to the passive policy, and deploying the active policy causes one or more actions that correspond to the policy violation to be performed on each of the set of computing devices.
Type:
Grant
Filed:
November 9, 2020
Date of Patent:
June 21, 2022
Assignee:
Lookout, Inc.
Inventors:
Brian James Buck, David Richardson, Alex Richard Gladd
Abstract: Techniques for phishing protection using cloning detection are described herein. The techniques described herein can include a server which hosts a website detecting that a fetcher is a cloning toolkit or an entity known for using a cloning toolkit. The techniques can also include a server which hosts a downloadable application (such as a mobile application) detecting that a fetcher for the application is a cloning toolkit or an entity known for using a cloning toolkit. The detection can be done in several ways, such as by analyzing data logs for patterns associated with cloning toolkits or entities known for using cloning toolkits. The techniques described herein can also include a part of an end user device (such as a part of a mobile device) detecting a clone (such as a clone website or application) that was cloned by a cloning toolkit. Then, upon detection, security actions can be taken.
Abstract: Based on context received regarding a mobile communications device a server determines whether an existing network connection employed by the mobile communications device offers a level of security that is appropriate. When the server determines that the level of security is appropriate, the mobile communications device is allowed to continue using the network connection. Otherwise, the server directs the mobile communications device to terminate the network connection.
Type:
Grant
Filed:
January 17, 2019
Date of Patent:
May 31, 2022
Assignee:
LOOKOUT, INC.
Inventors:
Kevin Patrick Mahaffey, Timothy Strazzere, Brian James Buck
Abstract: Software applications to be installed on user devices are monitored. Authenticity of the applications is evaluated using trust factors. In some cases, the trust factors relate to security associated with a network being accessed by a user device. In response to the evaluation, an action is performed such as configuring or disabling execution of one or more components of an application.
Type:
Grant
Filed:
August 5, 2019
Date of Patent:
May 17, 2022
Assignee:
Lookout, Inc.
Inventors:
Kevin Patrick Mahaffey, Timothy Micheal Wyatt, Daniel Lee Evans, Emil Barker Ong, Timothy Strazzere, Matthew John Joseph LaMantia, Brian James Buck
Abstract: A device includes a secure execution context that is segregated from an operating system of the device. A security application executing in the operating system interfaces with the secure execution context to obtain verified data. The secure execution context may verify that operating system files are free of malware, obtain sensor readings that may be cryptographically signed, verify functioning of a baseband processor, and verify other aspects of the function and security of the device. The verified data may be used for various purposes such as verifying location of the device, training a machine learning model, and the like.
Type:
Grant
Filed:
March 5, 2020
Date of Patent:
May 17, 2022
Assignee:
LOOKOUT, INC.
Inventors:
Brian James Buck, Karina Levitian, Francis Kelly, Sebastian Krawczuk, Michael Murray
Abstract: A method includes: after installation of software on a first mobile device, receiving new data from a second mobile device; analyzing, using a data repository, the new data to provide a security assessment; determining, based on the security assessment, a new security threat associated with the software; and in response to determining the new security threat, causing the first mobile device to implement a quarantine of the software.
Type:
Grant
Filed:
March 7, 2019
Date of Patent:
April 12, 2022
Assignee:
Lookout, Inc.
Inventors:
Timothy Micheal Wyatt, William Neil Robinson, Brian James Buck, Alex Richard Gladd
Abstract: Methods and systems provide for resolving domain names by employing a proxy server between the client device and the resolving server. The methods and systems may maintain user privacy by the proxy receiving the client identity and an encrypted domain name. After substituting an arbitrary query identifier for the client identity in the resolution request, the proxy forwards the anonymized resolution request to the resolving server. In return the proxy receives an encrypted internet protocol (IP) address with the arbitrary query identifier, which the proxy associates with the client identity and forwards the encrypted IP address to the client for decrypting. Methods and systems provide for receiving an assessment of a full uniform resource locator (URL) in a browser session in advance of the browser accessing the URL. Methods and systems further prevent the re-use of passwords.
Type:
Grant
Filed:
June 5, 2020
Date of Patent:
March 15, 2022
Assignee:
LOOKOUT, INC.
Inventors:
Brian James Buck, Stephen Lind, Brian Sullivan
Abstract: For increased security, a source is determined for software to be installed on a computing device. In one approach, an application identifier is received from the computing device for an application to be installed. A source identifier of the application is determined. The application identifier and the source identifier are sent over a network to a server. A first state designation for the first application is received from the server. The first state designation represents a trusted state or an untrusted state. In response to receiving the first state designation, a second state designation is set. The second state designation is sent to the computing device.
Type:
Grant
Filed:
November 21, 2019
Date of Patent:
February 22, 2022
Assignee:
Lookout, Inc.
Inventors:
David Richardson, Ahmed Mohamed Farrakha, William Neil Robinson, Brian James Buck
Abstract: A security code module is provided that a developer may include in an application. The application, when downloaded onto a mobile communications device, includes the security code module. The security code module then initiates a request to a server to determine the status of the mobile communications device. When the status indicates that the mobile communications device is not in the possession of the registered owner, a security component on the server performs an action in response.
Abstract: Techniques for providing domain name and URL visual verifications to increase security of operations on a device. The techniques include a visual indicator and/or warning to a user on the user's computing device that a domain or URL requested by the user and the device is unpopular, new, unknown, inauthentic, associated with malware or phishing, or in some other way, risky. The techniques include identifying a domain name in a communication received by a computing device and then determining a popularity ranking and/or an age of the domain name. The device can render, for display on a screen of the device, a visual indicator having the popularity ranking and/or the age of the domain name. Also, the techniques can include identifying a URL in a communication received by a computing device and then rendering, for display on a screen of the device, a visual indicator having the entire URL.
Abstract: Systems and methods for coordinating components can include: determining, by a first application executing on a client device, a need to perform a sharable functional task; identifying a first software component installed on the client device and capable of performing a first variation of the sharable functional task; identifying a second software component installed on the client device and capable of performing a second variation of the sharable functional task, wherein the second variation of the sharable functional task is functionally overlapping with and not identical to the first variation; identifying a set of characteristics of both the first software component and the second software component; selecting the second software component for performing the sharable functional task based on the set of characteristics, where the set of characteristics includes at least a version number; and delegating performance of the sharable functional task to the second software component.
Type:
Grant
Filed:
September 16, 2019
Date of Patent:
February 1, 2022
Assignee:
LOOKOUT, INC.
Inventors:
Matthew John Joseph LaMantia, Brian James Buck, Stephen J. Edwards, William Neil Robinson
Abstract: A method is provided for evaluating the usage of a mobile communications device that itself provides access to a resource. In the method, a detected usage of the mobile communications device is compared to a stored usage pattern of an authorized user. When a measure associated with the difference between the detected usage and the stored usage pattern exceeds a threshold, it is concluded that the mobile communications device is being used by an unauthorized user. In response to this conclusion, a restriction is placed on an ability of the mobile communications device to access the resource.
Type:
Application
Filed:
September 10, 2021
Publication date:
December 30, 2021
Applicant:
LOOKOUT, INC.
Inventors:
Kevin Patrick Mahaffey, John G. Hering, James David Burgess, Vance Grkov, David Luke Richardson, Ayan Mandal, Cherry Mangat, Brian James Buck, William Robinson
Abstract: Methods and systems are provided for providing a mobile communications device with access to a provider with a plurality of security levels. The security state of the device varies according to severity levels of device security events. The mobile communications device generates data regarding security events and provides the data to the provider, which compares that security state to a policy associated with the provider. The mobile communications device is allowed to access to a provider service where the device's current security state meets or exceeds the security state required for the provider service.
Type:
Application
Filed:
July 13, 2021
Publication date:
November 4, 2021
Applicant:
LOOKOUT, INC.
Inventors:
Kevin Patrick Mahaffey, John G. Hering, James David Burgess, Brian James Buck, William Robinson
Abstract: Systems and methods enhance the security of an electronic device by causing an application on the device to intercept and analyze a communication. When the communication meets certain conditions an audio transmission is initiated. In the absence of the conditions the communication is passed to a different application.
Type:
Grant
Filed:
March 24, 2020
Date of Patent:
September 14, 2021
Assignee:
LOOKOUT, INC.
Inventors:
Kevin Patrick Mahaffey, David Luke Richardson, Ayan Mandal, Cherry Mangat, Vance Grkov
Abstract: The method disclosed herein provides for performing user authentication and maintaining user authentication and access to a first device based on the user maintaining control of the first device. The continued control may be based on determining the user's continued possession of the first device, or determining an acceptable proximity of the user to the first device. The proximity of the user may be determined using a second device associated with the user, or sensors associated with the first device.
Type:
Application
Filed:
May 24, 2021
Publication date:
September 9, 2021
Applicant:
LOOKOUT, INC.
Inventors:
William Robinson, Kevin Patrick Mahaffey, Brian James Buck