System and method for identifying and [assessing] remediating vulnerabilities on a mobile communications device
The invention is a system and method for identifying, assessing, and responding to vulnerabilities on a mobile communication device. Information about the mobile communication device, such as its operating system, firmware version, or software configuration, is transmitted to a server for assessment. The server accesses a data storage storing information about vulnerabilities. Based on the received information, the server may identify those vulnerabilities affecting the mobile communication device, and may transmit a notification to remediate those vulnerabilities. The server may also transmit result information about the vulnerabilities affecting the mobile communication device. The server may also store the received information about the device, so that in the event the server learns of new vulnerabilities, it may continue to assess whether the device is affected, and may accordingly notify or remediate the device. The server may provide an interface for an administrator to manage the system and respond to security issues.
Latest Lookout, Inc. Patents:
- Determining a security state based on communication with an authenticity server
- USING FAKE PERSONAL DATA TO CREATE A POLICY TO PROTECT PERSONAL INFORMATION ON CLIENT COMPUTING DEVICES
- Calendar-based device security
- Configuring access to a network service based on a security state of a mobile device
- Computer systems and methods to protect user credential against phishing
This is an application for reissue of U.S. Pat. No. 8,397,301 B2, and is a continuation of application Ser. No. 15/898,124, which is also an application for reissue of U.S. Pat. No. 8,397,301 B2, and is a continuation of application Ser. No. 14/109,725, which is also an application for reissue of U.S. Pat. No. 8,397,301 B2.
FIELDThe invention relates generally to mobile security, and specifically, to assessing the vulnerability of a mobile communication device.
BACKGROUNDMobile communication devices or mobile devices, such as cellular telephones, smartphones, wireless-enabled personal data assistants, and the like, are becoming more popular as cellular and wireless network providers are able to expand coverage and increase bandwidth. Mobile devices have evolved beyond providing simple telephone functionality and are now highly complex multifunctional devices with capabilities rivaling those of desktop or laptop computers. In addition to voice communications, many mobile devices are capable of text messaging, e-mail communications, internet access, and the ability to run full-featured application software. Mobile devices can use these capabilities to perform online transactions such as banking, stock trading, payments, and other financial activities. Furthermore, a mobile device used by an individual, a business, or a government agency can often store confidential or private information in forms such as electronic documents, text messages, access codes, passwords, account numbers, e-mail addresses, personal communications, phone numbers, and financial information.
In turn, it is more important to protect those devices against malware, malicious attacks and other exploits. Specifically, it would be helpful to be able to identify vulnerabilities for a mobile communication device, so that the user of the mobile communication device can be alerted if his or her device suffers from any exploitable weaknesses. It is also important for an organization that relies on mobile devices to understand the state of their security and be able to respond to vulnerabilities on mobile devices in an efficient and effective manner.
Presently, current solutions for assessing the vulnerabilities of a computer on a network focus on a conventional desktop, laptop, server, or other computing devices that often enjoy more processing power and memory than a mobile communication device and generally have less restricted application environments than a mobile communication device. As such, these computing devices can often include local monitoring services that can run in the background without overly taxing valuable computing resources. In addition, conventional computing devices are often consistently tethered to a particular local network, such that devices can be remotely scanned over the local network for security weaknesses. Mobile communication devices, on the other hand, are often connected to public networks and switch between networks and network types, making remote, network-based security scans undesirable.
What is therefore needed is a way to provide similar protective services for mobile communication devices in a manner that does not overly tax resources on the mobile communication device, and that extends protective services even when the mobile communication device is not connected to a particular network or is not connected to any network.
There are many differences between mobile communication devices (e.g. operating systems, hardware capabilities, software configurations) that make it difficult to have a single system for accurately assessing the vulnerability of multiple types of devices. Additionally, many mobile communication devices are able to accept installation of various third-party software applications or “apps” that have been developed to extend the capabilities of the device. The installation of apps can alter the vulnerability state of a device, since each app may alter how and with which networks the mobile device communicates. What is therefore needed is a way to assess vulnerabilities of a mobile communication device that accounts for differences such as the operating system, the make, model, configuration, or any installed software on the mobile device. Also needed is a way for a user or administrator to view the security status of, remediate, and otherwise assess and manage the security of multiple different mobile communication devices.
The invention is illustrated by way of example and not limitation in the figures of the accompanying drawings, in which like references indicate similar elements, and in which:
The invention is a system and a method for identifying, assessing, and responding to vulnerabilities on or affecting a mobile communication device. As will be discussed further below, a mobile communication device may transmit certain information to a server, and the server may transmit certain result information to the device that contains an assessment or identifies known or potential vulnerabilities affecting the device. Additionally or alternatively, the server may transmit notifications about possible or actual vulnerabilities affecting a mobile communication device, which may include instructions for remediating any vulnerabilities identified as affecting the mobile communication device. Furthermore, the server may host a management console that allows an administrator to view the security status of multiple mobile communication devices and take action to secure them if necessary.
It should be appreciated that the invention can be implemented in numerous ways, including as a process, an apparatus, a system, a device, a method, a computer readable medium such as a computer readable storage medium containing computer readable instructions or computer program code, or as a computer program product comprising a computer usable medium having a computer readable program code embodied therein. One will appreciate that the mobile communication device described herein may include any computer or computing device running an operating system for use on handheld or mobile devices, such as smartphones, PDAs, mobile phones and the like. For example, a mobile communication device may include devices such as the Apple iPhone®, the Palm Pre™, or any device running the Android™ OS, Symbian OS®, Windows Mobile® OS, Palm OS® or Palm Web OS™.
In the context of this document, a computer usable medium or computer readable medium may be any medium that can contain or store the program for use by or in connection with the instruction execution system, apparatus or device. For example, the computer readable storage medium or computer usable medium may be, but is not limited to, a random access memory (RAM), read-only memory (ROM), or a persistent store, such as a mass storage device, hard drives, CDROM, DVDROM, tape, erasable programmable read-only memory (EPROM or flash memory), or any magnetic, electromagnetic, infrared, optical, or electrical system, apparatus or device for storing information. Alternatively or additionally, the computer readable storage medium or computer usable medium may be any combination of these devices or even paper or another suitable medium upon which the program code is printed, as the program code can be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted, or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
Applications, software programs or computer readable instructions may be referred to as components or modules. Applications may be hardwired or hard coded in hardware or take the form of software executing on a general purpose computer such that when the software is loaded into and/or executed by the computer, the computer becomes an apparatus for practicing the invention. Applications may also be downloaded in whole or in part through the use of a software development kit or toolkit that enables the creation and implementation of the invention. In this specification, these implementations, or any other form that the invention may take, may be referred to as techniques. In general, the order of the steps of disclosed processes may be altered within the scope of the invention.
One will appreciate that communication between mobile communication device 101 and server 151 may utilize a variety of networking protocols and security measures. In an embodiment, server 151 operates as an HTTP server and the device 101 operates as an HTTP client. To secure the data in transit, mobile communication device 101 and server 151 may use Transaction Layer Security (“TLS”). Additionally, to ensure that mobile communication device 101 has authority to access server 151, and/or to verify the identity of mobile communication device 101, device 101 may send one or more authentication credentials to server 151. For example, authentication credentials may include a username and password or any other data that identifies mobile communication device 101 to server 151. Authentication may allow server 151 to store specific information, such as vulnerability identification information, about mobile communication device 101, and may also provide a persistent view of the security status of mobile communication device 101.
As previously mentioned, data storage 111 may be used to store sets of information about mobile communication device vulnerabilities (“vulnerability information”), which may be transmitted in whole or in part to one or more mobile communication devices in the form of “result information.” As used herein, a vulnerability may include an exploitable weakness on a mobile communication device that may result from the device hardware or software. Vulnerabilities may arise due to weaknesses in the device's operating system, other software or hardware flaws in the device, protocol implementation or specification flaws, misconfiguration of the device, software applications installed or stored on the device, or services provided through, to or by the device. Vulnerabilities may arise form the features of the device, such as from the presence of Bluetooth, infrared or Internet capabilities on the device, or other communication interfaces and protocols available on the device. Vulnerabilities may arise from weaknesses in the device's interaction with, flaws in, or misconfiguration of other services and systems such as text messaging, voice mail, telephony, or other services and systems accessed through a mobile communication device. Information about a vulnerability, i.e., vulnerability information, may be stored in data storage 111 and accessed by server 151 or mobile communication device 101. Data storage 111 may store general information about mobile communication device vulnerabilities, or may store information about vulnerabilities specific to a mobile communication device. As will be discussed further below, sets of vulnerability information corresponding to vulnerabilities that could affect or actually affect the mobile communication device may be transmitted in the form of result information, notifications, or both.
One will appreciate that as used herein, vulnerability information may include the name, description, severity rating, security impact summary and remediation instructions for a vulnerability. Vulnerability information may be included in the result information server 151 transmits to mobile communication device 101 or may be stored in data storage 111. Result information may include a list of vulnerabilities that are known to affect mobile communication device 101, a list of potential vulnerabilities that may affect mobile communication device 101, and a list of vulnerabilities that are known not to affect mobile communication device 101. Each entry in a list of vulnerabilities may include some or all of the set of vulnerability information for a vulnerability. As will be discussed in more detail below, the result information may also include a binary assessment of mobile communication device 101 (e.g., good or bad, “okay” or “not okay”), a threat score, remediation instructions for known or potential vulnerabilities, or may instruct display of a graduated icon that changes depending upon state (a sad face for a vulnerable mobile communication device, to a happy face for a “safe” mobile communication device). Vulnerability information may include criteria for determining if a mobile communication device 101 is affected. In an embodiment, vulnerability information may include information about a vulnerability such as a title, a description, a security impact summary, human or computer readable remediation instructions or a severity rating for the vulnerability.
As used herein, “vulnerability identification information” or “identification information” includes data that server 151 may use to determine if mobile communication device 101 is susceptible to any vulnerabilities. Such vulnerability identification information may include the operating system and version for mobile communication device 101; the firmware version of the mobile communication device 101, the device model for mobile communication device 101; carrier information for mobile communication device 101; authentication information; and/or user information for the user of mobile communication device 101. Vulnerability identification information may also include a list of files, software components, libraries and/or a list of the applications or other software installed on mobile communication device 101, as well as other information related to these applications and software such as version and configuration information, configuration information about the mobile communication device 101, communications interfaces and protocols in use by mobile communication device 101 (e.g., WiFi, Bluetooth, IR, SMS, MMS), cellular network information, cellular carrier information, the make and model of mobile communication device 101, and the like.
In an embodiment, vulnerability information stored in data storage 111 may have associated information that includes a description, a title, an overview of the security impact, remediation instructions, and criteria for affected firmware versions. In an embodiment, mobile communication device 101 sends vulnerability identification information to server 151 that includes the device's firmware version. Server 151 may utilize data storage 111 to examine the vulnerability information stored therein and determine if the firmware version for mobile communication device 101 matches the firmware version criteria for any vulnerabilities. If any vulnerabilities match, server 151 may determine that mobile communication device 101 is vulnerable. Server 151 may then transmit result information to the mobile communication device 101, as described herein and shown in the Figures. In an embodiment, server 151 only transmits result information corresponding to vulnerabilities that affect mobile communication device 101. In an embodiment, server 151 transmits result information for all vulnerabilities that may affect device 101. In an embodiment, server 151 transmits result information which contains all vulnerabilities that may affect device 101 and which of those vulnerabilities actually do affect device 101. In an embodiment, the firmware version criteria for being affected by a vulnerability includes the version of the firmware in which the vulnerability was fixed. One will appreciate that some vulnerabilities may only affect certain firmware versions, and that once firmware has been updated to a new version, some vulnerabilities which affected previous versions may no longer be of issue. In order to account for variations in firmware, server 151 may detect and transmit information for vulnerabilities regardless of the firmware version on mobile communication device 101, thereby adding extra precautions. Alternatively, server 151 may only send result information for those vulnerabilities that affect the version of firmware installed on mobile communication device 101, thereby being more specific.
For example, a certain vulnerability may affect a mobile communication device having firmware version 1.0, but not a mobile communication device with firmware version 2.0. Server 151 may receive information about the firmware version of mobile communication device 101, and if the firmware version is earlier than version 2.0, then mobile communication device 101 is determined to be susceptible to the certain vulnerability. However, if the firmware version for mobile communication device 101 is 2.0 or higher, then mobile communication device 101 may not be susceptible to the certain vulnerability. One will appreciate that other variations are possible, and that the determination of whether to send more or less result information may be a setting specified by an administrator, or may involve the application of logic depending upon the severity of the vulnerability and the risks or benefits of transmitting an overabundance of result information to mobile communication device 101. One will also appreciate that the amount of result information to transmit to mobile communication device 101 may also depend upon the capabilities of mobile communication device 101 or the bandwidth of the network.
In an embodiment, data storage 111 stores vulnerability information for at least two types of mobile devices 101. The two mobile device types may have different operating systems, firmware versions, model numbers, carrier information, authentication information, user information, configuration information, states, software applications, and the like. As a result, the vulnerability identification information for each of the at least two mobile devices will differ in some aspect. As such, in an embodiment, data storage 111 may store vulnerability information for vulnerabilities that may affect both of the two device types, including vulnerabilities that may affect one device type but not the other. One will appreciate that data storage 111 may store vulnerability information for a variety of mobile communication devices, and will be able to provide information that will help identify, assess and remediate vulnerabilities for a variety of mobile communication devices.
When data storage 111 stores information about vulnerabilities that may affect multiple types of mobile communication devices, it is important that the transmitted result information not include information regarding vulnerabilities that a user may perceive as irrelevant to a particular device. As such it is important that the list of vulnerabilities that may affect a device not simply include all vulnerabilities stored by data storage 111. In an embodiment, a vulnerability may affect a device if the device's vulnerability identification information at least partially matches the vulnerability's criteria for affecting a device. Providing partially matching result information provides a conservative, or safer approach to detecting and identifying potential vulnerabilities, as it may provide a opportunity for further assessment and action (e.g. further analysis conducted by software on a device), rather than only providing full criteria matches.
In an embodiment, the partial match includes criteria related to a device that does not change, is unlikely to change, or is irrespective of particular software versions, firmware versions, updates, and configuration. Such criteria may include the device's operating system, model, carrier, software applications installed, hardware capabilities, and the like. For example, data storage 111 may store information about a vulnerability that affects a particular range of firmware versions of the Apple iPhone® OS. This vulnerability information may include criteria that it affects the Apple iPhone® OS and criteria that it affects specific firmware ranges of various device models. In an embodiment, the server 151 determines that the vulnerability does affect all devices running Apple iPhone® OS that match the vulnerability information's firmware version criteria, the vulnerability may affect devices running any firmware version containing Apple iPhone® OS, and the vulnerability may not affect any devices running Android™, Windows Mobile®, Symbian OS®, or other operating systems. One will appreciate that other methods of determining what vulnerabilities stored by data storage 111 may affect a device may be performed without departing from the scope of this disclosure.
In an embodiment, the scope or type of result information transmitted by server 151 may be general information, or may be specific information about vulnerabilities that may specifically affect mobile communication device 101. As such, the result information transmitted to device 101 may include all of the vulnerability information stored in data storage 111, or may include a subset of all of the vulnerability information stored in data storage 111. The option to transmit general or specific result information may be an option set by an administrator, may depend upon the hardware or software constraints of the mobile communication device, or may depend upon the bandwidth of the network connecting server 151 to mobile communication device 101.
In an embodiment, determining which vulnerabilities specifically affect mobile communication device 101 may involve correlating the vulnerability identification information provided by mobile communication device 101 to the vulnerability information available to server 151. As used herein, “correlating” vulnerability identification information to vulnerability information may involve determining whether the vulnerability described by the vulnerability information affects a device, whether it may affect a device, or whether it does not affect a device. Determinations may be made through a variety of methods, including matching vulnerability identification information with vulnerability information and determining whether identification information satisfies one or more criteria for vulnerability. Correlating may be performed by server 151 and/or data storage 111, and may include applying logic, comparing operating systems, comparing version identifiers, checking for the presence of specific software or other data on the mobile communication device, and the like. In an embodiment, correlating may utilize an identification of the hardware or specifications of the mobile communication device. In an embodiment, correlating may also be performed by mobile device 101.
In block 302 of
Server 151 may transmit a notification to mobile communication device 101 via a variety of mechanisms. A notification may be sent via email, text messaging, or through a client-server communication system as described in U.S. patent application Ser. No. 12/372,719, entitled, “SYSTEM AND METHOD FOR REMOTELY SECURING OR RECOVERING A MOBILE DEVICE,” and incorporated in full herein. A notification may provide information about a vulnerability, information about a potential vulnerability, the status of a mobile communication device, information about remediation instructions, or may request that the user of an affected mobile communication device perform some action to update the vulnerability information on the mobile communication device, or perform some action to remediate the mobile communication device.
In an embodiment, a notification may contain information or an instruction indicating that the mobile communication device 101 needs to connect to server 151 in order to receive new vulnerability information. The notification may be directed to software resident on the mobile communication device 101, may include software readable remediation instructions, and may be in the form of an SMS or may be sent via a push notification service, such as that provided by Apple Computer Inc. to its iPhone® devices. For example, mobile communication device 101 may receive a notification with instructions that the device should be updated to protect against a new security risk. A specific application on the device may require an update, in which case the notification may also cause mobile communication device 101 to update the specific application without user intervention. In an embodiment, a notification may be directed to the user of the mobile communication device. This may include a text message, push notification, or e-mail message containing human-readable information, or a voicemail or other verbal communication directed to the user of mobile communication device 101. Notifying a mobile communication device 101 allows for rapid response to new vulnerabilities, thereby greatly increasing the effectiveness of systems that would otherwise rely on a scheduled or manually-initiated check for security vulnerabilities.
In block 401 of
One will appreciate that the process illustrated in
One will appreciate that the process illustrated in
In block 901 of
If the time limit for receiving a remediation confirmation has been exceeded, then in block 904, an action may be taken. For example, server 151 may notify an administrator about the vulnerable mobile communication device and that the user has not taken action in the specified period of time. In this example, an administrator may take manual action such as sending a personal email or otherwise notifying the user to secure the device 101. In an embodiment, server 151 may automatically disable mobile communication device 101 in some fashion to prevent affecting other devices on the network 121 or to prevent further damage. For example, server 151 may prevent mobile communication device 101 from connecting to a specific network, email system, document repository, or other system. Alternatively, server 151 may disable mobile communication device 101 such that an administrator must verify that the device is safe before it is can be used again. Some mechanisms by which the disablement can take place are disclosed in U.S. patent application Ser. No. 12/372,719, entitled, “SYSTEM AND METHOD FOR REMOTELY SECURING OR RECOVERING A MOBILE DEVICE,” and U.S. patent application Ser. No. 12/255,632, entitled, “SECURE MOBILE PLATFORM SYSTEM,” both of which are incorporated in full herein. In an embodiment, the user of mobile communication device 101 may be notified by server 151 via email, text message or other means of communication that the mobile communication device is vulnerable and that corrective action was not taken within the prescribed time. The notification may serve as a reminder to help the user take action and secure the device. In this fashion, the invention goes beyond simply updating a mobile communication device to ensure security, or periodically scanning mobile communication devices on the network for potential vulnerabilities. As described herein, the invention may provide a customized vulnerability assessment based upon the unique state and configuration of each mobile communication device on the network, and may provide notifications and remediation instructions based upon this unique state and configuration.
One will appreciate that other actions may be performed in order to optimally secure a mobile device once it is known to be vulnerable. The embodiments described herein may be combined as part of a security response process. In an example, a user may receive a direct reminder after one day if his or her device is determined to be vulnerable and is not yet remediated. After two additional days, if the device is still vulnerable, an administrator may be notified and the device disallowed access to email and the organization's VPN service. Once the device is remediated, the administrator may be notified and access to email and VPN may be automatically restored. Other examples are also possible without departing from this disclosure or the scope of the invention.
If in block 903 of
In block 201 of
In an embodiment, the data transmitted by server 151 in block 1002 of
In an embodiment, the data transmitted by server 151 in block 1002 of
In an embodiment, server 151 may transmit reports based on security status information available at the server. The reports may show changes in security status over time or show a current summary. Some example reports include the number of vulnerable of devices with respect to time, the current number of vulnerable devices with each severity level, the current number of vulnerable devices broken down by operating system type, and a list of contact information for users with the most severely vulnerable devices.
In an embodiment, server 151 may transmit security related events that are generated both by clients and by server 151 due to automatic or administrative action. The events may be displayed, gathered, processed, or otherwise interacted with as disclosed in U.S. patent application Ser. No. 12/255,635, entitled, “SECURITY STATUS AND INFORMATION DISPLAY SYSTEM,” which is incorporated in full herein.
In an embodiment, server 151 allows an administrator to perform actions related to a device or group of devices. Actions that may be performed include notifying the user of the device via a push notification, text message, email, or another messaging system; disabling the device; disabling the device's access to a service, potentially using a mechanism disclosed in U.S. patent application Ser. No. 12/255,632, entitled, “SECURE MOBILE PLATFORM SYSTEM”; or those disclosed in U.S. patent application Ser. No. 12/372,719, entitled, “SYSTEM AND METHOD FOR REMOTELY SECURING OR RECOVERING A MOBILE DEVICE,” both of which are incorporated in full herein.
In an embodiment, server 151 allows an administrator to configure how the server operates. One such configuration may include custom triggers or alerts on certain events (e.g. devices not remediating in a period of time) that will result in logging and administrator notification via email, text message, or other messaging medium. Other examples of configuration options include: the time period the server waits before notifying an administrator of an un-remediated vulnerable device, the email address or addresses administrators should be notified at, how often to remind users of vulnerable devices that they need to take remediation actions, what method of contact server 151 should use to remind users (e.g. SMS, E-mail, push notification service), how the server interacts with e-mail or VPN services to disable access for a specific vulnerable device, and other ways of controlling the functionality disclosed herein.
In an embodiment, vulnerability identification information is stored by server 151 so that, in the case of a new vulnerability, server 151 can determine whether the device is vulnerable, not vulnerable, or potentially vulnerable based on the information is has. In an embodiment, the server stores vulnerability identification information on data storage 111. This allows an IT admin to get an instant picture of the security risk of their device deployment in the case of a new emerging vulnerability. Such rapid understanding is critical to prioritize response effort in the case of a rapidly spreading worm or severe vulnerability.
In the description above and throughout, numerous specific details are set forth in order to provide a thorough understanding of the invention. It will be evident, however, to one of ordinary skill in the art, that the invention may be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form to facilitate explanation. The description of the preferred embodiments is not intended to limit the scope of the claims appended hereto. Further, in the methods disclosed herein, various steps are disclosed illustrating some of the functions of the invention. One will appreciate that these steps are merely exemplary and are not meant to be limiting in any way. Other steps and functions may be contemplated without departing from this disclosure or the scope of the invention.
Claims
1. A method comprising:
- a) providing at least one server that accesses a data storage storing a plurality of sets of vulnerability information;
- b) receiving, at the at least one server, a set of vulnerability identification information about a mobile communication device;
- c) correlating, by the at least one server, the received set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a first set of result information; and,
- d) transmitting, by the at least one server, the first set of result information.
2. The method of claim 1, wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communication device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communication device.
3. The method of claim 1, wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable.
4. The method of claim 1, further comprising the step of:
- e) transmitting, by the at least one server to the mobile communication device, a notification about the first set of result information.
5. The method of claim 4, wherein the notification includes an instruction related to the first set of result information.
6. The method of claim 1, further comprising the steps of:
- e) updating at least one of the plurality of sets of vulnerability information on the data storage to form a plurality of updated sets of vulnerability information;
- f) after the step of transmitting, by the at least one server, the first set of result information, correlating, by the at least one server, the received set of vulnerability identification information to the plurality of updated sets of vulnerability information to generate a second set of result information; and,
- g) transmitting, by the at least one server, the second set of result information.
7. The method of claim 1, further comprising the steps of:
- e) updating at least one of the plurality of sets of vulnerability information on the data storage to form a plurality of updated sets of vulnerability information;
- f) after the step of transmitting, by the at least one server, the first set of result information, correlating, by the at least one server, the received set of vulnerability identification information to the plurality of updated sets of vulnerability information to generate a second set of result information; and,
- g) transmitting, by the at least one server to the mobile communication device, a notification about the second set of result information.
8. The method of claim 1, further comprising the steps of:
- e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;
- f) after the step of transmitting, by the at least one server, the first set of result information, correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,
- g) transmitting, by the at least one server, the second set of result information.
9. The method of claim 1, further comprising the steps of:
- e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;
- f) after the step of transmitting, by the at least one server, the first set of result information, correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,
- g) transmitting, by the at least one server to the mobile communication device, a notification about the second set of result information.
10. A method comprising:
- a) transmitting, from a mobile communication device, a set of vulnerability identification information to at least one server that accesses a data storage storing a plurality of sets of vulnerability information; and,
- b) receiving, at the mobile communication device from the at least one server, a first set of result information that correlates to the transmitted set of vulnerability identification information.
11. The method of claim 10, wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communication device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communication device.
12. The method of claim 10, wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable.
13. The method of claim 10, further comprising the step of:
- c) receiving, at the mobile communication device from the at least one server, a notification about the first set of result information.
14. The method of claim 13, wherein the notification includes an instruction related to the first set of result information.
15. The method of claim 13, further comprising the step of:
- d) displaying, on the mobile communication device, at least a portion of the received notification.
16. The method of claim 10, further comprising the step of:
- c) receiving, at the mobile communication device from the at least one server, a notification about a second set of result information.
17. A method comprising:
- a) providing at least one server that accesses a data storage storing a plurality of sets of vulnerability information;
- b) receiving, at the at least one server, a first set of vulnerability identification information about a first mobile communication device;
- c) correlating, by the at least one server, the first set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a first set of result information; and,
- d) transmitting, by the at least one server, the first set of result information;
- e) receiving, at the at least one server, a second set of vulnerability identification information about a second mobile communication device, wherein the second set of vulnerability identification information differs from the first set of vulnerability identification information;
- f) correlating, by the at least one server, the second set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a second set of result information; and,
- g) transmitting, by the at least one server, the second set of result information.
18. The method of claim 17, wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communication device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communication device.
19. The method of claim 17, wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable.
20. A system comprising:
- a data storage storing a plurality of sets of vulnerability information;
- a server for accessing the data storage, for receiving one or more sets of vulnerability identification information about one or more mobile communication devices, for correlating the one or more sets of received vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate one or more sets of result information, for transmitting the one or more sets of result information, and for transmitting one or more notifications about the one or more sets of result information; and,
- a network connecting the at least one server, data storage, and the plurality of mobile communication devices.
21. The system of claim 20, further comprising a user interface for monitoring the plurality of mobile communication devices to identify which of the plurality of mobile communication devices is vulnerable.
22. The system of claim 20, wherein vulnerability information is information selected from the group consisting of a name, a description, one or more remediation instructions, a severity rating, a security impact summary, and one or more criteria for being vulnerable.
23. A method comprising:
- a) providing at least one server that accesses a data storage storing a plurality of sets of vulnerability information;
- b) receiving, at the at least one server, a set of vulnerability identification information about a mobile communication device;
- c) correlating, by the at least one server, the received set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a first set of result information; and,
- d) transmitting, by the at least one server to the mobile communication device, a notification about the first set of result information.
24. The method of claim 23, wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communication device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communication device.
25. The method of claim 23, wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable.
26. The method of claim 23, further comprising the steps of:
- e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;
- f) correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,
- g) transmitting, by the at least one server, the second set of result information.
27. The method of claim 23, further comprising the steps of:
- e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;
- f) correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,
- g) transmitting, by the at least one server to the mobile communication device, a notification about the second set of result information.
28. A method comprising:
- receiving, at a mobile communications device from a data storage, vulnerability information including descriptions of known vulnerabilities, an amount of information included in the vulnerability information being determined by a setting determined from an input from an administrator;
- correlating, by the mobile communications device, the received vulnerability information to vulnerability identification information about the mobile communications device to determine whether at least some of the received vulnerability information is relevant to the mobile communications device;
- generating, by the mobile communications device based on the determination from the correlating step, vulnerability result information including instructions for remediating at least one vulnerability of the mobile communications device; and
- implementing, by the mobile communications device, the instructions to remediate the at least one vulnerability.
29. The method of claim 28, wherein implementing the instructions includes the mobile communications device initiating, without user intervention, a pre-defined security response process.
30. The method of claim 29, wherein the pre-defined security response process includes at least one of:
- a communication between the mobile communications device and a server, the communication including a request for new vulnerability information; or
- an update of an application on the mobile communications device.
31. The method of claim 29, wherein the pre-defined security response process includes:
- notifying, by the mobile communications device, a user of a vulnerability in the mobile communications device;
- providing the user with instructions to remediate the vulnerability; and
- after a first threshold period of time has passed without receiving confirmation that the vulnerability has been remediated: reminding, by the mobile communications device, the user of the vulnerability, or at least one of: automatically disabling the user's mobile communications device either partially or fully, or preventing the mobile communications device from making a connection.
32. The method of claim 28 further comprising:
- performing, by the mobile communications device, a first action directed by the instructions to remediate the at least one vulnerability;
- waiting, by the mobile communications device, for a confirmation related to the first action;
- when a first threshold value of time has passed without receiving the confirmation, performing, by the mobile communications device, a second action to remediate the at least one vulnerability.
33. The method of claim 32, wherein the first action or the second action includes one of:
- notifying an administrator of the mobile communications device;
- notifying a user of the mobile communications device;
- automatically disabling the mobile communications device; or
- preventing the mobile communications device from making a connection.
34. The method of claim 32, wherein the first action or the second action includes one of:
- automatically disabling the mobile communications device either partially or fully, or
- preventing the mobile communications device from making a connection, the method further comprising:
- requiring, by the mobile communications device, a verification that the mobile communications device is secure before the mobile communications device is re-enabled or allowed to make the connection.
35. A system comprising:
- a data storage storing a plurality of sets of vulnerability information, the vulnerability information including descriptions of known vulnerabilities;
- a mobile communications device in communication with the data storage, the mobile communications device configured to: receive, from the data storage, vulnerability information including descriptions of known vulnerabilities, an amount of information included in the vulnerability information being determined by a setting determined from an input from an administrator; correlate the received vulnerability information to vulnerability identification information about the mobile communications device to determine whether at least some of the received vulnerability information is relevant to the mobile communications device; generate, based on the determination from the correlating step, vulnerability result information including instructions for remediating at least one vulnerability of the mobile communications device; and implement the instructions to remediate the at least one vulnerability.
36. The system of claim 35, wherein implementing the instructions includes the mobile communications device initiating, without user intervention, a pre-defined security response process.
37. The system of claim 36, wherein the pre-defined security response process includes at least one of:
- a communication between the mobile communications device and a server, the communication including a request for new vulnerability information; or
- an update of an application on the mobile communications device.
38. The system of claim 36, wherein the pre-defined security response process includes:
- notifying a user of a vulnerability in the mobile communications device;
- providing the user with instructions to remediate the vulnerability;
- after a first threshold period of time has passed without receiving confirmation that the vulnerability has been remediated: reminding the user of the vulnerability; or performing at least one of: automatically disabling the user's mobile communications device either partially or fully, or preventing the mobile communications device from making a connection.
39. The system of claim 35, wherein the mobile communications device is further configured to:
- perform a first action directed by the instructions to remediate the at least one vulnerability;
- wait for a confirmation related to the first action;
- when a first threshold value of time has passed without receiving the confirmation, perform second action to remediate the at least one vulnerability.
40. The system of claim 39, wherein the first action or the second action includes at least one of:
- notifying an administrator of the mobile communications device;
- notifying a user of the mobile communications device;
- automatically disabling the mobile communications device; or
- preventing the mobile communications device from making a connection.
41. The system of claim 39, wherein the first action or the second action includes at least one of:
- automatically disabling the mobile communications device either partially or fully, or
- preventing the mobile communications device from making a connection, the steps further comprising:
- requiring, by the mobile communications device, a verification that the mobile communications device is secure before the mobile communications device is re-enabled or allowed to make the connection.
42. A non-transitory, computer-readable storage medium having stored thereon a plurality of instructions, which, when executed by a processor of a mobile communications device, cause the mobile communications device to perform the steps of:
- receiving, from the data storage, vulnerability information including descriptions of known vulnerabilities, an amount of information included in the vulnerability information being determined by a setting determined from an input from an administrator;
- correlating the received vulnerability information to vulnerability identification information about the mobile communications device to determine whether at least some of the received vulnerability information is relevant to the mobile communications device;
- generating, based on the determination from the correlating step, vulnerability result information including instructions for remediating at least one vulnerability of the mobile communications device; and
- implementing the instructions to remediate the at least one vulnerability.
43. The computer-readable storage medium of claim 42, wherein implementing the instructions includes the mobile communications device initiating, without user intervention, a pre-defined security response process.
44. The computer-readable storage medium of claim 43, wherein the pre-defined security response process includes at least one of:
- a communication between the mobile communications device and a server, the communication including a request for new vulnerability information; or
- an update of an application on the mobile communications device.
45. The computer-readable storage medium of claim 43, wherein the pre-defined security response process includes:
- notifying a user of a vulnerability in the mobile communications device;
- providing the user with instructions to remediate the vulnerability; and
- after a first threshold period of time has passed without receiving confirmation that the vulnerability has been remediated: reminding the user of the vulnerability; or performing at least one of: automatically disabling the user's mobile communications device either partially or fully, or preventing the mobile communications device from making a connection.
46. The computer-readable storage medium of claim 42, the steps further comprising:
- performing a first action directed by the instructions to remediate the at least one vulnerability;
- waiting for a confirmation related to the first action;
- when a first threshold value of time has passed without receiving the confirmation, performing a second action to remediate the at least one vulnerability.
47. The computer-readable storage medium of claim 46, wherein the first action or the second action includes at least one of:
- notifying an administrator of the mobile communications device;
- notifying a user of the mobile communications device;
- automatically disabling the mobile communications device; or
- preventing the mobile communications device from making a connection.
48. The computer-readable storage medium of claim 46, wherein the first action or the second action includes at least one of:
- automatically disabling the mobile communications device either partially or fully, or
- preventing the mobile communications device from making a connection, the steps further comprising:
- requiring a verification that the mobile communications device is secure before the mobile communications device is re-enabled or allowed to make the connection.
3416032 | December 1968 | Jahns et al. |
4553257 | November 12, 1985 | Mori et al. |
5319776 | June 7, 1994 | Hile et al. |
5574775 | November 12, 1996 | Miller, II et al. |
6185689 | February 6, 2001 | Todd et al. |
6269456 | July 31, 2001 | Hodges et al. |
6272353 | August 7, 2001 | Dicker et al. |
6301668 | October 9, 2001 | Gleichauf et al. |
6453345 | September 17, 2002 | Trcka et al. |
6529143 | March 4, 2003 | Mikkola et al. |
6792543 | September 14, 2004 | Pak et al. |
6907530 | June 14, 2005 | Wang |
6959184 | October 25, 2005 | Byers et al. |
7020895 | March 28, 2006 | Albrecht |
7023383 | April 4, 2006 | Stilp et al. |
7069589 | June 27, 2006 | Schmall et al. |
7096368 | August 22, 2006 | Kouznetsov |
7123933 | October 17, 2006 | Poor et al. |
7127455 | October 24, 2006 | Carson et al. |
7171690 | January 30, 2007 | Kouznetsov et al. |
7178166 | February 13, 2007 | Taylor et al. |
7210168 | April 24, 2007 | Hursey et al. |
7228566 | June 5, 2007 | Caceres et al. |
7236598 | June 26, 2007 | Sheymov et al. |
7237264 | June 26, 2007 | Graham et al. |
7266810 | September 4, 2007 | Karkare et al. |
7290276 | October 30, 2007 | Ogata |
7305245 | December 4, 2007 | Alizadeh-Shabdiz |
7308256 | December 11, 2007 | Morota et al. |
7308712 | December 11, 2007 | Banzhof |
7325249 | January 29, 2008 | Sutton et al. |
7356835 | April 8, 2008 | Gancarcik et al. |
7376969 | May 20, 2008 | Njemanze et al. |
7386297 | June 10, 2008 | An |
7392043 | June 24, 2008 | Kouznetsov et al. |
7392543 | June 24, 2008 | Szor |
7397424 | July 8, 2008 | Houri |
7397434 | July 8, 2008 | Mun et al. |
7401359 | July 15, 2008 | Gartside et al. |
7403762 | July 22, 2008 | Morgan et al. |
7414988 | August 19, 2008 | Jones et al. |
7415270 | August 19, 2008 | Wilhelmsson et al. |
7433694 | October 7, 2008 | Morgan et al. |
7467206 | December 16, 2008 | Moore et al. |
7471954 | December 30, 2008 | Brachet et al. |
7472422 | December 30, 2008 | Agbabian |
7474897 | January 6, 2009 | Morgan et al. |
7493127 | February 17, 2009 | Morgan et al. |
7502620 | March 10, 2009 | Morgan et al. |
7515578 | April 7, 2009 | Alizadeh-Shabdiz |
7525541 | April 28, 2009 | Chun et al. |
7551579 | June 23, 2009 | Alizadeh-Shabdiz |
7551929 | June 23, 2009 | Alizadeh-Shabdiz |
7634800 | December 15, 2009 | Ide et al. |
7685132 | March 23, 2010 | Hyman |
7696923 | April 13, 2010 | Houri |
7768963 | August 3, 2010 | Alizadeh-Shabdiz |
7768983 | August 3, 2010 | Alizadeh-Shabdiz |
7769396 | August 3, 2010 | Alizadeh-Shabdiz et al. |
7774637 | August 10, 2010 | Beddoe et al. |
7774837 | August 10, 2010 | Beddoe et al. |
7809353 | October 5, 2010 | Brown et al. |
7818017 | October 19, 2010 | Alizadeh-Shabdiz et al. |
7835754 | November 16, 2010 | Alizadeh-Shabdiz et al. |
7856234 | December 21, 2010 | Alizadeh-Shabdiz et al. |
7856373 | December 21, 2010 | Ullah |
7861303 | December 28, 2010 | Kouznetsov et al. |
7907966 | March 15, 2011 | Mammen |
7916661 | March 29, 2011 | Alizadeh-Shabdiz et al. |
7999742 | August 16, 2011 | Alizadeh-Shabdiz et al. |
8014788 | September 6, 2011 | Alizadeh-Shabdiz et al. |
8019357 | September 13, 2011 | Alizadeh-Shabdiz et al. |
8031657 | October 4, 2011 | Jones et al. |
8054219 | November 8, 2011 | Alizadeh-Shabdiz |
8089398 | January 3, 2012 | Alizadeh-Shabdiz |
8089399 | January 3, 2012 | Alizadeh-Shabdiz |
8090386 | January 3, 2012 | Alizadeh-Shabdiz |
8126456 | February 28, 2012 | Lotter et al. |
8127358 | February 28, 2012 | Lee |
8438643 | May 7, 2013 | Wiemer |
20010044339 | November 22, 2001 | Cordero et al. |
20020042886 | April 11, 2002 | Lahti et al. |
20020042888 | April 11, 2002 | Lahti et al. |
20020087483 | July 4, 2002 | Harif |
20020108058 | August 8, 2002 | Iwamura |
20020183060 | December 5, 2002 | Ko et al. |
20020183080 | December 5, 2002 | Ko et al. |
20020191018 | December 19, 2002 | Broussard |
20030028803 | February 6, 2003 | Bunker et al. |
20030046134 | March 6, 2003 | Frolick et al. |
20030079145 | April 24, 2003 | Kouznetsov et al. |
20030115485 | June 19, 2003 | Milliken |
20030120951 | June 26, 2003 | Gartside et al. |
20030126472 | July 3, 2003 | Banzhof |
20030131148 | July 10, 2003 | Kelley et al. |
20040022258 | February 5, 2004 | Tsukada et al. |
20040025042 | February 5, 2004 | Kouznetsov et al. |
20040133624 | July 8, 2004 | Park |
20040158741 | August 12, 2004 | Schneider |
20040185900 | September 23, 2004 | McElveen |
20040225887 | November 11, 2004 | O'Neil et al. |
20040259532 | December 23, 2004 | Isomaki et al. |
20050010821 | January 13, 2005 | Cooper et al. |
20050015443 | January 20, 2005 | Levine et al. |
20050074106 | April 7, 2005 | Orlamunder et al. |
20050076246 | April 7, 2005 | Singhal |
20050091308 | April 28, 2005 | Bookman et al. |
20050125779 | June 9, 2005 | Kelley et al. |
20050130627 | June 16, 2005 | Calmels et al. |
20050138395 | June 23, 2005 | Benco et al. |
20050138413 | June 23, 2005 | Lippmann et al. |
20050154796 | July 14, 2005 | Forsyth |
20050197009 | September 8, 2005 | Nehushtan |
20050197099 | September 8, 2005 | Nehushtan |
20050227669 | October 13, 2005 | Haparnas |
20050237970 | October 27, 2005 | Inoue |
20050254654 | November 17, 2005 | Rockwell et al. |
20050278777 | December 15, 2005 | Loza |
20050282533 | December 22, 2005 | Draluk et al. |
20060026283 | February 2, 2006 | Trueba |
20060073820 | April 6, 2006 | Craswell et al. |
20060075388 | April 6, 2006 | Kelley et al. |
20060080680 | April 13, 2006 | Anwar et al. |
20060095454 | May 4, 2006 | Shankar et al. |
20060095961 | May 4, 2006 | Govindarajan |
20060101518 | May 11, 2006 | Schumaker et al. |
20060130145 | June 15, 2006 | Choi et al. |
20060150238 | July 6, 2006 | D'Agostino |
20060150256 | July 6, 2006 | Fanton et al. |
20060179485 | August 10, 2006 | Longsine et al. |
20060218482 | September 28, 2006 | Ralston et al. |
20060224742 | October 5, 2006 | Shahbazi |
20060253205 | November 9, 2006 | Gardiner |
20060253584 | November 9, 2006 | Dixon et al. |
20060272011 | November 30, 2006 | Ide et al. |
20060277408 | December 7, 2006 | Bhat et al. |
20060294582 | December 28, 2006 | Linsley-Hood et al. |
20070005327 | January 4, 2007 | Ferris |
20070011319 | January 11, 2007 | McClure et al. |
20070015519 | January 18, 2007 | Casey |
20070016953 | January 18, 2007 | Morris et al. |
20070016955 | January 18, 2007 | Goldberg et al. |
20070028095 | February 1, 2007 | Allen et al. |
20070028303 | February 1, 2007 | Brennan |
20070028304 | February 1, 2007 | Brennan |
20070050471 | March 1, 2007 | Patel et al. |
20070086476 | April 19, 2007 | Iglesias et al. |
20070088948 | April 19, 2007 | Ji |
20070154014 | July 5, 2007 | Aissi et al. |
20070174472 | July 26, 2007 | Kulakowski |
20070186282 | August 9, 2007 | Jenkins |
20070214504 | September 13, 2007 | Milani Comparetti et al. |
20070220608 | September 20, 2007 | Lahti et al. |
20070240218 | October 11, 2007 | Tuvell et al. |
20070240221 | October 11, 2007 | Tuvell et al. |
20070240222 | October 11, 2007 | Tuvell et al. |
20070248047 | October 25, 2007 | Shorty et al. |
20070250627 | October 25, 2007 | May et al. |
20070293263 | December 20, 2007 | Eslambolchi et al. |
20070297610 | December 27, 2007 | Chen et al. |
20080028470 | January 31, 2008 | Remington et al. |
20080046557 | February 21, 2008 | Cheng |
20080047007 | February 21, 2008 | Satkunanathan et al. |
20080065507 | March 13, 2008 | Morrison et al. |
20080070495 | March 20, 2008 | Stricklen et al. |
20080072329 | March 20, 2008 | Herschaft |
20080086773 | April 10, 2008 | Tuvell et al. |
20080086776 | April 10, 2008 | Tuvell et al. |
20080109871 | May 8, 2008 | Jacobs |
20080127171 | May 29, 2008 | Tarassov |
20080127179 | May 29, 2008 | Moss et al. |
20080127334 | May 29, 2008 | Gassoway |
20080127336 | May 29, 2008 | Sun et al. |
20080014381 | January 17, 2008 | Aaron |
20080132218 | June 5, 2008 | Samson et al. |
20080134281 | June 5, 2008 | Shinde et al. |
20080140767 | June 12, 2008 | Rao et al. |
20080148381 | June 19, 2008 | Aaron |
20080172746 | July 17, 2008 | Lotter et al. |
20080178294 | July 24, 2008 | Hu et al. |
20080181116 | July 31, 2008 | Kavanaugh et al. |
20080196104 | August 14, 2008 | Tuvell et al. |
20080200160 | August 21, 2008 | Fitzpatrick et al. |
20080208950 | August 28, 2008 | Kim et al. |
20080209557 | August 28, 2008 | Herley et al. |
20080235801 | September 25, 2008 | Soderberg et al. |
20080276111 | November 6, 2008 | Jacoby et al. |
20080293396 | November 27, 2008 | Barnes et al. |
20080318562 | December 25, 2008 | Featherstone et al. |
20090199298 | August 6, 2009 | Miliefsky |
20090205047 | August 13, 2009 | Podjarny |
20090248623 | October 1, 2009 | Adelman et al. |
20090293125 | November 26, 2009 | Szor |
20100064341 | March 11, 2010 | Aldera |
20100100939 | April 22, 2010 | Mahaffey et al. |
20100100963 | April 22, 2010 | Mahaffey |
20100154032 | June 17, 2010 | Ollmann |
20100313270 | December 9, 2010 | Kim et al. |
20100332593 | December 30, 2010 | Barash et al. |
2430588 | March 2007 | GB |
2007081356 | July 2001 | WO |
WO2005101789 | October 2005 | WO |
2006110181 | October 2006 | WO |
2008007111 | January 2008 | WO |
2008057737 | May 2008 | WO |
- U.S. Appl. No. 12/255,635, Prosecution history available (including Office Action dated Mar. 24, 2011 and references cited.)
- U.S. Appl. No. 12/255,632. Prosecution history available (including Office Action dated Apr. 13, 2011 and references cited.)
- U.S. Appl. No. 12/255,626. Prosecution history available (including Office Action dated Feb. 1, 2011 and references cited.)
- U.S. Appl. No. 12/255,621, Prosecution history available (including Office Action dated Apr. 13, 2011 and references cited.)
- Teh, Joe, “Norton 360 Version 3.0 Review,” Mar. 9, 2009, available at <http://techielobang.com/blog/2009/03/09/norton-360-version-30-review/> retrieved Feb. 23, 2011, 12 pages.
- U.S. Appl. No. 12/255,614. Prosecution history available (Including Office Action dated Apr. 14, 2011 and references cited.)
- Real world Computing, Jun. 16, 2008 (PC Pro), pp. 1-2.
- Simone, “Playing with ActiveMQ,” Mostly Useless, Dec. 27, 2007, available at <http://www.mostly-useless.com/blog/2007/12/27/playing-with-activemq/>, retrieved Mar. 30, 2012, 6 pages.
- Trillian, available at <http://www.trillian.lm/>, retrieved Sep. 14, 2011, 24 pages.
- U.S. Appl. No. 13/033,025; Prosecution history available, filed Feb. 23, 2011.
- U.S. Appl. No. 13/212,055; Prosecution history available, filed Aug. 17, 2011.
- U.S. Appl. No. 12/255,632. Prosecution history available (including office action dated Apr. 13, 2011 and references cited), filed Oct. 21, 2008.
- U.S. Appl. No. 12/372,719. Prosecution history available, filed Feb. 17, 2009.
- U.S. Appl. No. 12/621,431. Prosecution history available, filed Nov. 18, 2009.
- U.S. Appl. No. 12/868,669. Prosecution history available, filed Aug. 25, 2010.
- U.S. Appl. No. 12/868,872. Prosecution history available, filed Aug. 25, 2010.
- U.S. Appl. No. 12/868,676. Prosecution history available, filed Aug. 25, 2010.
- U.S. Appl. No. 12/876,018. Prosecution history available, filed Sep. 3, 2010.
- U.S. Appl. No. 13/160,382. Prosecution history available, filed Jun. 14, 2011.
- U.S. Appl. No. 13/160,447. Prosecution history available, filed Jun. 14, 2011.
- U.S. Appl. No. 13/162,477. Prosecution history available, filed Jun. 16, 2011.
- U.S. Appl. No. 13/267,731. Prosecution history available, filed Oct. 6, 2011.
- Virus Total, VT Community, www.virustotal.com/index.html; Dated Dec. 16, 2011; 44 Pages.
- Fisher, Oliver “Malware? We Don't Need No Stinking Malware!,” Google, Oct. 24, 2008, available at <http://googlewebmastercentral.blogspot.com/2008/10/malware-we-dont-need-no-stinking.html>, retrieved Mar. 30, 2012, 11 pages.
- Fette, Ian “Understanding Phishing and Malware Protection in Google Chrome,” The Chromium Blog, Nov. 14, 2008, available at <http://blog.chromium.org/2008/11/understanding-phishing-and-malware.htm>, retrieved May 17, 2011, 6 pages.
- “Java Virtual Machine”, Wikipedia, Aug. 7, 2011, Available at <http://en.wikipedia.org/wiki/Java_Virtual_Machine> Retrieved Aug. 10, 2011, 7 pages.
- “Symantec Endpoint Protection”, Symantec, 2008, Available at <http://www.symantec.com/business/products/famlly.jsp?familyid=endpointsecurity>, 6 pages.
- “eSoft unveils SiteFilter 3.0 for OEMs,” Infosecurity, Mar. 23, 2010, available at <http://www.infosecurity-magazine.com/view/8273/esoft-unveils-sitefilter-30-for-oems/>, retrieved Mar. 30, 2012, 2 pages.
- “Get the Physical Location of Wireless Router From Its MAC Address (BSSID),” Coderrr, Sep. 10, 2008, available at <http://coderrr.wordpress.com/2008/09/10/get-the-physical-location-of-wireless-router-from-its-mac-address-bssid/>, retrieved Mar. 30, 2012, 13 pages.
- Pogue, David “Simplifying the Lives of Web Users,” The New York Times, Aug. 18, 2010, available at <http://www.nytimes.com/2010/08/19/technology/personaltech/19pogue.html>, retrieved May 17, 2011, 5 pages.
- “zVeloDB URL Database,” zVelo, available at <https://zvelo.com/technology/zvelodb-url-database>, retrieved Mar. 30, 2012, 2 pages.
- U.S. Appl. No. 11/397,521. Prosecution available, filed Apr. 6, 2006.
- U.S. Appl. No. 13/284,248. Prosecution available, filed Oct. 28, 2011.
- U.S. Appl. No. 13/313,937. Prosecution available, filed Dec. 7, 2011.
- U.S. Appl. No. 13/314,032. Prosecution available, filed Dec. 7, 2011.
- U.S. Appl. No. 13/333,654. Prosecution available, filed Dec. 21, 2011.
- U.S. Appl. No. 13/335,779, Prosecution available, filed Dec. 22, 2011.
- U.S. Appl. No. 13/410,979. Prosecution available, filed Mar. 2, 2012.
- Dolcourt, Jessica; Dashwire: Manage Your Cell Phone on the Web, News Blog, with Jessica Dolocourt, Oct. 29, 2007, 5:00am PDT <http://news.cnet.com/8301-10784_3-9805557-7.html> retrieved Jun. 15, 2009; pp. 1-3.
- MobileWipe web page, pp. 1-4, published on Dec. 5, 2007, retrieved on Dec. 5, 2007.
- PCT International Search Report and Written Opinion of the International Searching Authority for PCT/US2009/061370; dated Dec. 14, 2009; pp. 1-12.
- PCT International Search Report and Written Opinion of the International Searching Authority for PCT/US2009/081372; dated Mar. 24, 2010; pp. 1-16.
- PCT International Search Report and Written Opinion of the International Searching Authority for PCT/US2011/049182; dated Dec. 23, 2011; pp. 1-11.
- McAfee, Internet Archive, Way Back Machine, available at <http://web.archive.org/web/20080517102505/www.mcafeesecure.com/us/tec- hnology-intro.jsp>, retrieved Feb. 23, 2011, 2 pages.
- Qualys, “Executive Dashbard,” Internet Archive, Way Back Machine, available at <http://web.archive.org/web/20080507161417/www.qualys.com/products/screens/?screen=Executive + Dashboard>, retrieved Feb. 23, 2011, 1 page.
- Qualys, “Vulnerability Management,” Internet Archive, Way Back Machine, available at <http://web.archive.org/web/20080611095201/www.qualys.com/solutions/vulnerability_management> retrieved Feb. 24, 2011, 1 page.
- Ten, Joe, “Norton 360 Version 3.0 Review,” Mar. 9, 2009, available at <http://techielobang.com/blog/2009/03/09/norton-360-version-30-review/> retrieved Feb. 23, 2011, 12 pages.
- Windows Update, Internet Archive, Way Back Machine, available at <http://web.archive.org/web/20071022193017/http://en.wikipedia.org/wik- i/Windows_Update> retrieved Feb. 23, 2011, 3 pages.
- U.S. Appl. No. 12/255,614. Prosecution history available via USPTO (including Office Action dated Apr. 14, 2011).
- Richardson, Alexis “Introduction to RabbitMQ,” Google UK, Sep. 25, 2008, available at <http://www.rabbitmq.com/resources/google-tech-talk-final/alexis-google-rabbitmq-talk.pdf>, retrieved Mar. 30, 2012, 33 pages.
- Fisher, Oliver “Malware? We Don't Need No Stinking Malwarel,” Google, Oct. 24, 2008, available at <http://googlewebmastercentral.blogspot.com/2008/10/malware-we-dont-need-no-stinking.html>, retrieved Mar. 30, 2012, 11 pages.
- Reardon, Marguerite “Mobile Phones That Track Your Buddies,” Cnet, Nov. 14, 2006, available at <http://news.cnet.com/Mobile-phones-that-track-your-buddies/2100-1039_3-6135209.html>, retrieved Mar. 30, 2012, 4 pages.
- Fette, Ian “Understanding Phishing and Malware Protection in Google Chrome,” the Chromium Blog, Nov. 14, 2008, available at <http://blog_chrounium_org/2008/11/understanding-phishing-and-malware.htm>, retrieved May 17, 2011, 6 pages.
- Kincaid, Jason “Urban Airship Brings Easy Push Notifications to Android,” TechCrunch, Aug. 10, 2010, available at.<http://techcrunch.com/2010/08/10/urban-airship-brings-easy-push-notifications-to-android/>, retrieved Jun. 16, 2011, 5 pages.
- Keane, Justin K. “Using the Google Safe Browsing API from PHP,” Mad Irish, Aug. 7, 2009, available at <http://www.madirish.net/node/245>, retrieved Mar. 30, 2012, 5 pages.
- Jefferies, Charles P. “Webroot AntiVirus 2010 With Spy Sweeper Review,” Notebook Review, Jun. 22, 2010,.available at <http://http://www_notebookreview.com/default.asp?newsID=5700&review=Webroot+AntiVirus+2010+With+Spy+Sweeper+Review>, retrieved May 18, 2011, 3 pages.
- “Berry Locator”, 2007, Mobireport LLC, 1 page.
- “Firefox”, Wikipedia, Jul. 20, 2011, available at <http://en.wikipedia.org/wiki/firefox> Retrieved Aug. 10, 2011, 37 Pages.
- “F-Secure Mobile Security for S60 Users Guide”, F-Secure Corporation 2009, pp. 1-34.
- “Java Virtual Machine”, Wikipedia, Aug. 7, 2011, Available at <http://en.wikipedia.org/wikilJava_Virtual_Machine> Retrieved Aug. 10, 2011, 7 pages.
- “Kaspersky Mobile Security”, Kaspersky Lab 1997-2007, 1 page.
- “Kaspersky Mobile Security”, Kaspersky Lab 2008, available at <http://www.kaspersky.com/kaspersky_mobile_security> Retrieved Sep. 11, 2008, 2 Pages.
- “Norton Smartphone Security”, Symantec, 2007, Available at <http://www.symantec.com/norton/smartphone-security> Retrieved Oct. 21, 2008, 2 pages.
- “PhoneBak PDA Phone Anti-theft software for your PDA phone”, 2007, Bak2u Pte Ltd (Singapore) pp. 1-4.
- “PhoneBak: Mobile Phone Theft Recovery Software”, 2007, Westin Tech.
- “Symantec Endpoint Protection”, Symantec, 2008, Available at <http://www.symantec.com/business/products/family.jsp?familyid=endpointsecurity>, 6 pages.
- “Symantec Mobile Security Suite for Windows Mobile”, Symantec, 2008 Available at <http://www.symantec.com/business/products/sysreq.jsp?pcid=2241&pvid=mobile_security_suite_1>, 5 pages.
- “TippingPoint Security Management System (SMS)”, TippingPoint, Available at <http://www.tippingpoint.com/ products_sms.html>, 2 pages.
- Summerson, Cameron “5 Android Antivirus Apps Compared, Find Out Which Ones Are Worth Having!,” Android Headlines, Mar. 8, 2011, available at <http://androidheadlines.com/2011/03/5-android-antivirus-apps-comapred-findout-which-ones-are-worth-having.html>, retrieved Mar. 30, 2012, 9 pages.
- “Android Cloud to Device Messaging Framework,” Google Code Labs, available at <http://code.google.com/android/c2dm/>, retrieved Sep. 14, 2011, 9 pages.
- “BlackBerry Push Service Overview,” Dec. 16, 2009, available at <http://us.blackberry.com/developers/platform/.pushapi.jsp#tab_tab_resources>, retrieved Sep. 14, 2011, 21 pages.
- “eSoft unveils SiteFilter 3.0 for OEMs,” Infosecurity, Mar. 23, 2010, available at <http://www.infosecurity-magazine.com/view/82731esoft-unveils-sitefilter-30-for-oems/>.
- “Get the Physical Location of Wireless Router From its MAC Address (BSSID),” Coderrr, Sep. 10, 2008, available at<http://codermwordpress.com/2008/09/10/get-the-physical-location-of-wireless-router-from-its-mac-address-bssidt>, retrieved Mar. 30, 2012, 13 pages.
- “Hooking—Wikipedia, the Free Encyclopedia,” Internet Archive Wayback Machine, Apr. 13, 2010, available at <http://web.archive.org/web/20100415154752/http://en.wikipedia.org/wiki/Hooking>, retrieved Mar. 30, 2012, 6 pages.
- Mytton, David “How to Build an Apple Push Notification Provider Server (Tutorial),” Server Density, Jul. 10, 2009,.available at <http://blog.serverdensity.com/2009/07/10/how-to-build-an-apple-push-notification-provider-server-tutorial/ >, retrieved Apr. 2, 2012, 33 pages.
- “Pidgin the Universal Chat Client,” Pidign, available at <http://www.pidgin.im/>, retrieved Sep. 14, 2011, 14 pages.
- Pogue, David “Simplifying the Lives of Web Users,” the New York Times, Aug. 18, 2010, available at <http://www.nytimes.com/2010108/19/technology/personaltech119pogue.html>, retrieved May 17, 2011, 5 pages.
- “Twilio Cloud Communications Web Service Api for Building Voice and Sms Applications,” Twilio available at <http://.www.twilio.com>, retrieved Sep. 14, 2011, 12 pages.
- “Understanding Direct Push,” Microsoft, Feb. 18, 2009, available at <http://technet.microsoft.com/en-us/library/.aa997252(v=exchg.80).aspx>, retrieved Mar. 30, 2012, 3 pages.
- “Urban Airship: Powering Modern Mobile,” available at <http://urbanairship.com/products/>, retrieved Sep. 16, 2011, 14 pages.
- “zVeloDB URL Database,” zVelo, available at <https:/Izvelo.com/technology/zvelodb-url-database>, retrieved Mar. 30, 2012, 2 pages.
- U.S. Appl. No. 11/397,521.
- U.S. Appl. No. 13/284,248.
- U.S. Appl. No. 13/313,937.
- U.S. Appl. No. 13/314,032.
- U.S. Appl. No. 13/333,654.
- U.S. Appl. No. 13/335,779.
- U.S. Appl. No. 13/410,979.
- Amazon.com: Mining the Web Discovering Knowledge from Hypertext Data (9781558607545): Soumen Chakrabarti: Books, Amazon available at <http://www.amazon.com/exec/obidos/Asin/1558607544/>, retrieved Jun. 7, 2012, pp. 1-7.
- Clickatell, available at <http://www.clickatell.com>, retrieved Sep. 14, 2011, 11 pages.
- Dolcourt, Jessica; Dashwire: Manage Your Cell Phone on the Web, News Blog, with Jessica Dolocourt, Oct. 29, 2007, 5:00am PDT <http://news.cnet.com/8301-10784_3-9805657-7.html> retrieved Jun. 15, 2009; pp. 1-3.
- Diligenti, M., et al., Focused Crawling Using Context Graphs:, Proceedings of the 26th VLDB Conference, Cairo, Egypt, 2000, pp. 1-8.
- Grafio “Stay Secure”, Opera Software, Sep. 29, 2008, Available at <http://widgets.opera.com/widget/4495> Retrieved Oct. 21, 2008, 4 pages.
- MobileWipe web page, pp. 1-4.
- PagerDuty, available at <http://www.pagerduty.com>, retrieved Sep. 14, 2011, 23 pages.
- PCT International Search Report and Written Opinion of the International Searching Authority for PCT/US2009/061370; Mailed on Dec. 14, 2009; pp. 1-12.
- PCT International Search Report and Written Opinion of the International Searching Authority for PCT/US2009/061372; Mailed on Mar. 24, 2010; pp. 1-16.
- PCT International Search Report and Written Opinion of the International Searching Authority for PCT/US2011/049182; Mailed on Dec. 23, 2011; pp. 1-11.
- Prey, available at <http://preyproject.com/>, retrieved Jan. 10, 2012, 4 pages.
Type: Grant
Filed: Oct 31, 2019
Date of Patent: Aug 3, 2021
Assignee: Lookout, Inc. (San Francisco, CA)
Inventors: John G. Hering (San Francisco, CA), Kevin Mahaffey (San Francisco, CA), James Burgess (Alameda, CA)
Primary Examiner: Minh Dieu Nguyen
Application Number: 16/670,488
International Classification: H04L 29/06 (20060101); H04W 12/128 (20210101); G06F 21/57 (20130101);