Abstract: A novel compiler is described. The compiler is able to view source code of the application in its entirety and can do so from the inside. Unlike other tools which examine the forensic data from an application crash after the fact, from the outside, the compiler of the present invention can provide novel data on function call stacks and function profiles during runtime. The application may be stopped immediately during runtime to prevent further or potential damage, but the forensic data that is collected is focused and can be used to show where vulnerabilities exists in the application and how they were exploited. Hashes are taken of function call stacks and used as unique identifiers or thumbprints which can be used to reduce the volume of forensic data that needs to be analyzed after an attack.

Abstract: A novel compiler is described. The compiler is able to view source code of the application in its entirety and can do so from the inside. Unlike other tools which examine the forensic data from an application crash after the fact, from the outside, the compiler of the present invention can provide novel data on function call stacks and function profiles during runtime. The application may be stopped immediately during runtime to prevent further or potential damage, but the forensic data that is collected is focused and can be used to show where vulnerabilities exists in the application and how they were exploited. Hashes are taken of function call stacks and used as unique identifiers or thumbprints which can be used to reduce the volume of forensic data that needs to be analyzed after an attack.

Abstract: A novel compiler is described. The compiler is able to view source code of the application in its entirety and can do so from the inside. Unlike other tools which examine the forensic data from an application crash after the fact, from the outside, the compiler of the present invention can provide novel data on function call stacks and function profiles during runtime. The application may be stopped immediately during runtime to prevent further or potential damage, but the forensic data that is collected is focused and can be used to show where vulnerabilities exists in the application and how they were exploited. Hashes are taken of function call stacks and used as unique identifiers or thumbprints which can be used to reduce the volume of forensic data that needs to be analyzed after an attack.

Abstract: A novel compiler is described. The compiler is able to view source code of the application in its entirety and can do so from the inside. Unlike other tools which examine the forensic data from an application crash after the fact, from the outside, the compiler of the present invention can provide novel data on function call stacks and function profiles during runtime. The application may be stopped immediately during runtime to prevent further or potential damage, but the forensic data that is collected is focused and can be used to show where vulnerabilities exists in the application and how they were exploited. Hashes are taken of function call stacks and used as unique identifiers or thumbprints which can be used to reduce the volume of forensic data that needs to be analyzed after an attack.

Abstract: A network connection between an app on a mobile device and a remote server is either enabled or denied based on whether a security wrapped app can verify that the connection is with a known and trusted server. The wrapped app uses a socket interception layer injected into the app code along with a trust store, also part of the wrapped app to determine whether a network connection attempted by the app should be allowed. The layer buffers relevant function calls from the app by intercepting them before they reach the device operating system. If the layer determines that a network connection is attempted, then it snoops the negotiation phase data stream to discern when the server sends a certificate to the app. It obtains this certificate and compares it to data in the trust store and makes a determination of whether the server is known and trusted.

Abstract: Users can hide content normally displayed on a mobile device screen and read or view content by touching the screen and creating a path, for example, in the shape of a circle, in which a portion of the content can be viewed. The content is hidden by a particle layer. A “hole” into the particle layer and a ghost layer is used to view content normally shown in a table view. Embodiments of the present invention allow a user to view partial content in a table (message) view, such as part of a text message, through a pre-defined area, such as a circle, square or any other shape the designer chooses while covering the other content on the screen.

Abstract: A mobile device, such as a smartphone or a laptop, connects to a network based on the available bandwidth (throughput) of the network rather than on signal strength. The device may send a request containing the device's location to a service provider who has data on networks in the device's location and specifically on bandwidth or pipe performance. This data is used to determine which network in the area would be best to connect to. The network may be a network that does not necessarily have the highest signal strength (often shown as bars on a handset device). The service provider can cause the device to transition to the network having the higher bandwidth. It can also direct the user so that blackout areas are avoided using the network data maintained by the provider. The provider uses testers to obtain current bandwidth data of networks.

Abstract: Methods and systems for preventing an application which has been maliciously or inadvertently tampered with from causing harm to a computer system are described. Application code of the tampered application is inputted into a code analyzer. The code is analyzed and functions within the application code are identified and examined. A profile is created and may be a description of how a function is intended to operate, that is, the function's expected behavior. Calls between functions are examined and a called function is replaced with a replacement function, such that a call to an original function results in a call to the replacement function. The original function is unaware that it is not getting function calls or that such calls are being directed to a replacement function or stub. A replacement function contains code to ensure that the user space maintains its original appearance.

Abstract: An Internet-enabled device, such as a smartphone, tablet, PC, wearable sensor, or household appliance, executes an application (or “app”) has its own VPN connection with a VPN gateway device. The app does not use the device-level or system VPN to connect with the gateway. The app, which may be security wrapped, is made more secure by having its own VPN tunnel with the gateway, wherein the VPN tunnel is not used by other apps running on the device. The conventional (or device-level) VPN connection is not used by the app(s). The app has its own IP stack, an HTTP proxy layer, an IPsec module, and a virtual data link layer which it uses to build IP packets, encapsulate them, and transmit them to a transport module in the device operating system, for example, a UDP module.

Abstract: Devices are pre-deployed with an app security mechanism to ensure that apps that are downloaded onto the device do not cause data loss, data leakage, or other harm to the device. A user can start using the device and downloading apps in a conventional or typical manner and be assured that security measures are being taken to minimize potential harm for unsecured and secured apps. An app security enforcement layer or engine operates with, for example, a Type 2 hypervisor on the device, and ensures that any calls by the apps to the operating system of the device are generally safe. Measures such as enhancing or modifying the call, obfuscating the call, or terminating the app may be taken to protect the operating system. These actions are taken based on a policy that may be either interpreted or compiled by the enforcement engine with respect to app execution. The security measures are generally transparent to the user of the device.

Abstract: Given the volume of apps being developed and downloaded, performing operations to enable security for mobile devices, such as locating relevant classes and substituting different classes, can become very inefficient when done to a very high number of apps. In the invention, a device is enabled with an app security enforcement layer. The consumer can download unsecured apps and have the app execute on the phone in a secure manner, where potential data loss to the device, such as a smart phone or tablet, is minimized. To make the security wrapping process more efficient, an app template containing markers is created. This template is merged with data in an active user policy or is used to randomize or obfuscate the code to add more security. The process of security wrapping an app becomes more efficient.

Abstract: An app is secured on a mobile device by being deconstructed or unbundled into multiple modules, where a module is a segment of app code that performs a particular function. It is then determined which modules from the multiple modules perform some type of security function, for example, a function dealing with confidential or security-related data. These modules, forming a group of modules, are loaded into a trusted execution environment. The app is then re-bundled so that it has the first plurality of modules and the second plurality of modules. The app executes in a manner where the high security functions execute so that break points cannot be inserted into the app code. The re-bundling is done automatically in an app security wrapping process. Security constraints are added to the app.

Abstract: A low-assurance call on a mobile device to another device may be promoted to a high-assurance call using a user interface. The participants during the call do not need to hang up and start a new high-assurance call. A caller can swipe an icon up a slider, for example, and start a process of promoting the call. The initial low assurance call using SIP servers is terminated but this is transparent to the callers. Once the swipe is performed, a DTLS negotiation is performed between the devices. During this DTLS handshake, which is done directly between the device without involvement of the SIP servers, a key is exchanged. Only the calling devices are aware of this key which is used to encrypt media during the call. Screens on the calling devices show that the call is now high-assurance and security details of the call may also be displayed.

Abstract: A network connection between an app on a mobile device and a remote server is either enabled or denied based on whether a security wrapped app can verify that the connection is with a known and trusted server. The wrapped app uses a socket interception layer injected into the app code along with a trust store, also part of the wrapped app to determine whether a network connection attempted by the app should be allowed. The layer buffers relevant function calls from the app by intercepting them before they reach the device operating system. If the layer determines that a network connection is attempted, then it snoops the negotiation phase data stream to discern when the server sends a certificate to the app. It obtains this certificate and compares it to data in the trust store and makes a determination of whether the server is known and trusted.

Abstract: Apps are secured or security-wrapped either before they are downloaded onto a device, such as a smartphone or tablet device, or after they are downloaded but before they are allowed to access the device operating system and cause any potential damage to the device. An app provider, such as an employer or a cellphone provider, can secure its apps before consumers download an app from their app store or marketplace. The app is secured before it is allowed to access the operating system of the device, thereby preventing the app from malicious behavior. Core object code of the app is obtained and the digital signature is removed. App object code is substituted with security program object code, thereby creating a security-wrapped app. The security-wrapped app is prepared for execution on the device and is re-signed with a new key.

Abstract: An Internet-enabled device, such as a smartphone, tablet, PC, wearable sensor, or household appliance, executes an application (or “app”) has its own VPN connection with a VPN gateway device. The app does not use the device-level or system VPN to connect with the gateway. The app, which may be security wrapped, is made more secure by having its own VPN tunnel with the gateway, wherein the VPN tunnel is not used by other apps running on the device. The conventional (or device-level) VPN connection is not used by the app(s). The app has its own IP stack, an HTTP proxy layer, an IPsec module, and a virtual data link layer which it uses to build IP packets, encapsulate them, and transmit them to a transport module in the device operating system, for example, a UDP module.

Abstract: An app is secured on a mobile device by being deconstructed or unbundled into multiple modules, where a module is a segment of app code that performs a particular function. It is then determined which modules from the multiple modules perform some type of security function, for example, a function dealing with confidential or security-related data. These modules, forming a group of modules, are loaded into a trusted execution environment. The app is then re-bundled so that it has the first plurality of modules and the second plurality of modules. The app executes in a manner where the high security functions execute so that break points cannot be inserted into the app code. The re-bundling is done automatically in an app security wrapping process. Security constraints are added to the app.

Abstract: Given the volume of apps being developed and downloaded, performing operations to enable security for mobile devices, such as locating relevant classes and substituting different classes, can become very inefficient when done to a very high number of apps. In the invention, a device is enabled with an app security enforcement layer. The consumer can download unsecured apps and have the app execute on the phone in a secure manner, where potential data loss to the device, such as a smart phone or tablet, is minimized. To make the security wrapping process more efficient, an app template containing markers is created. This template is merged with data in an active user policy or is used to randomize or obfuscate the code to add more security. The process of security wrapping an app becomes more efficient.

Abstract: Devices are pre-deployed with an app security mechanism to ensure that apps that are downloaded onto the device do not cause data loss, data leakage, or other harm to the device. A user can start using the device and downloading apps in a conventional or typical manner and be assured that security measures are being taken to minimize potential harm for unsecured and secured apps. An app security enforcement layer or engine operates with, for example, a Type 2 hypervisor on the device, and ensures that any calls by the apps to the operating system of the device are generally safe. Measures such as enhancing or modifying the call, obfuscating the call, or terminating the app may be taken to protect the operating system. These actions are taken based on a policy that may be either interpreted or compiled by the enforcement engine with respect to app execution. The security measures are generally transparent to the user of the device.

Abstract: Apps are secured or security-wrapped either before they are downloaded onto a device, such as a smartphone or tablet device, or after they are downloaded but before they are allowed to access the device operating system and cause any potential damage to the device. An app provider, such as an employer or a cellphone provider, can secure its apps before consumers download an app from their app store or marketplace. The app is secured before it is allowed to access the operating system of the device, thereby preventing the app from malicious behavior. Core object code of the app is obtained and the digital signature is removed. App object code is substituted with security program object code, thereby creating a security-wrapped app. The security-wrapped app is prepared for execution on the device and is re-signed with a new key.