USRE47757EActiveUtility

System and method for identifying and assessing vulnerabilities on a mobile communications device

95
Assignee: LOOKOUT INCPriority: Nov 18, 2009Filed: Feb 15, 2018Granted: Dec 3, 2019
Est. expiryNov 18, 2029(~3.4 yrs left)· nominal 20-yr term from priority
G06F 21/577H04L 63/1433H04W 12/1208H04W 12/12H04W 12/128H04W 12/069H04L 12/4641H04L 63/0272H04W 84/045
95
PatentIndex Score
11
Cited by
280
References
59
Claims

Abstract

The invention is a system and method for identifying, assessing, and responding to vulnerabilities on a mobile communication device. Information about the mobile communication device, such as its operating system, firmware version, or software configuration, is transmitted to a server for assessment. The server accesses a data storage storing information about vulnerabilities. Based on the received information, the server may identify those vulnerabilities affecting the mobile communication device, and may transmit a notification to remediate those vulnerabilities. The server may also transmit result information about the vulnerabilities affecting the mobile communication device. The server may also store the received information about the device, so that in the event the server learns of new vulnerabilities, it may continue to assess whether the device is affected, and may accordingly notify or remediate the device. The server may provide an interface for an administrator to manage the system and respond to security issues.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method comprising:
 a) providing at least one server that accesses a data storage storing a plurality of sets of vulnerability information;   b) receiving, at the at least one server, a set of vulnerability identification information about a mobile communication device;   c) correlating, by the at least one server, the received set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a first set of result information; and,   d) transmitting, by the at least one server, the first set of result information.   
     
     
       2. The method of  claim 1 , wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communication device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communication device. 
     
     
       3. The method of  claim 1 , wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable. 
     
     
       4. The method of  claim 1 , further comprising the step of:
 e) transmitting, by the at least one server to the mobile communication device, a notification about the first set of result information.   
     
     
       5. The method of  claim 4 , wherein the notification includes an instruction related to the first set of result information. 
     
     
       6. The method of  claim 1 , further comprising the steps of:
 e) updating at least one of the plurality of sets of vulnerability information on the data storage to form a plurality of updated sets of vulnerability information;   f) after the step of transmitting, by the at least one server, the first set of result information, correlating, by the at least one server, the received set of vulnerability identification information to the plurality of updated sets of vulnerability information to generate a second set of result information; and,   g) transmitting, by the at least one server, the second set of result information.   
     
     
       7. The method of  claim 1 , further comprising the steps of:
 e) updating at least one of the plurality of sets of vulnerability information on the data storage to form a plurality of updated sets of vulnerability information;   f) after the step of transmitting, by the at least one server, the first set of result information, correlating, by the at least one server, the received set of vulnerability identification information to the plurality of updated sets of vulnerability information to generate a second set of result information; and,   g) transmitting, by the at least one server to the mobile communication device, a notification about the second set of result information.   
     
     
       8. The method of  claim 1 , further comprising the steps of:
 e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;   f) after the step of transmitting, by the at least one server, the first set of result information, correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,   g) transmitting, by the at least one server, the second set of result information.   
     
     
       9. The method of  claim 1 , further comprising the steps of:
 e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;   f) after the step of transmitting, by the at least one server, the first set of result information, correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,   g) transmitting, by the at least one server to the mobile communication device, a notification about the second set of result information.   
     
     
       10. A method comprising:
 a) transmitting, from a mobile communication device, a set of vulnerability identification information to at least one server that accesses a data storage storing a plurality of sets of vulnerability information; and,   b) receiving, at the mobile communication device from the at least one server, a first set of result information that correlates to the transmitted set of vulnerability identification information.   
     
     
       11. The method of  claim 10 , wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communication device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communication device. 
     
     
       12. The method of  claim 10 , wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable. 
     
     
       13. The method of  claim 10 , further comprising the step of:
 c) receiving, at the mobile communication device from the at least one server, a notification about the first set of result information.   
     
     
       14. The method of  claim 13 , wherein the notification includes an instruction related to the first set of result information. 
     
     
       15. The method of  claim 13 , further comprising the step of:
 d) displaying, on the mobile communication device, at least a portion of the received notification.   
     
     
       16. The method of  claim 10 , further comprising the step of:
 c) receiving, at the mobile communication device from the at least one server, a notification about a second set of result information.   
     
     
       17. A method comprising:
 a) providing at least one server that accesses a data storage storing a plurality of sets of vulnerability information;   b) receiving, at the at least one server, a first set of vulnerability identification information about a first mobile communication device;   c) correlating, by the at least one server, the first set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a first set of result information; and,   d) transmitting, by the at least one server, the first set of result information;   e) receiving, at the at least one server, a second set of vulnerability identification information about a second mobile communication device, wherein the second set of vulnerability identification information differs from the first set of vulnerability identification information;   f) correlating, by the at least one server, the second set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a second set of result information; and,   g) transmitting, by the at least one server, the second set of result information.   
     
     
       18. The method of  claim 17 , wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communication device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communication device. 
     
     
       19. The method of  claim 17 , wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable. 
     
     
       20. A system comprising:
 a data storage storing a plurality of sets of vulnerability information;   a server for accessing the data storage, for receiving one or more sets of vulnerability identification information about one or more mobile communication devices, for correlating the one or more sets of received vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate one or more sets of result information, for transmitting the one or more sets of result information, and for transmitting one or more notifications about the one or more sets of result information; and,   a network connecting the at least one server, data storage, and the plurality of mobile communication devices.   
     
     
       21. The system of  claim 20 , further comprising a user interface for monitoring the plurality of mobile communication devices to identify which of the plurality of mobile communication devices is vulnerable. 
     
     
       22. The system of  claim 20 , wherein vulnerability information is information selected from the group consisting of a name, a description, one or more remediation instructions, a severity rating, a security impact summary, and one or more criteria for being vulnerable. 
     
     
       23. A method comprising:
 a) providing at least one server that accesses a data storage storing a plurality of sets of vulnerability information;   b) receiving, at the at least one server, a set of vulnerability identification information about a mobile communication device;   c) correlating, by the at least one server, the received set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a first set of result information; and,   d) transmitting, by the at least one server to the mobile communication device, a notification about the first set of result information.   
     
     
       24. The method of  claim 23 , wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communication device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communication device. 
     
     
       25. The method of  claim 23 , wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable. 
     
     
       26. The method of  claim 23 , further comprising the steps of:
 e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;   f) correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,   g) transmitting, by the at least one server, the second set of result information.   
     
     
       27. The method of  claim 23 , further comprising the steps of:
 e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;   f) correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,   g) transmitting, by the at least one server to the mobile communication device, a notification about the second set of result information.   
     
     
       28. A method comprising:
 accessing, by a server, a data storage storing a plurality of sets of vulnerability information, the vulnerability information including descriptions of known vulnerabilities;   receiving, by the server, a plurality of sets of vulnerability identification information corresponding to a plurality of mobile communications devices;   correlating, by the server, the received plurality of sets of vulnerability identification information to the plurality of sets of vulnerability information accessed from the data storage to generate a set of result information;   transmitting, by the server, the set of result information for display to an administrator;   receiving, by the server from the administrator in response to the administrator's review of at least a subset of the set of result information, instructions to perform a first action to remediate a vulnerability of at least one of the plurality of mobile communications devices.   
     
     
       29. The method of claim 28, wherein the action to remediate includes instructing the at least one of the plurality of mobile communications devices to connect to the server. 
     
     
       30. The method of claim 29, wherein the action to remediate includes instructing the at least one of the plurality of mobile communications devices to connect to the server to receive new vulnerability information. 
     
     
       31. The method of claim 28 wherein the action to remediate initiates, without user intervention, an update of an application on the at least one of the plurality of mobile communications devices. 
     
     
       32. The method of claim 28 further comprising:
 performing, by the server, the first action to remediate a vulnerability of at least one of the plurality of mobile communications devices;   waiting, by the server, for a confirmation related to the performed first action from the at least one of the plurality of mobile communications devices;   when a first threshold value of time has passed without receiving the confirmation, performing, by the server, a second action to remediate a vulnerability of the at least one of the plurality of mobile communications devices.   
     
     
       33. The method of claim 32, wherein the first action or the second action includes one of:
 notifying an administrator of the at least one of the plurality of mobile communications devices;   notifying a user of the at least one of the plurality of mobile communications devices;   automatically disabling the at least one of the plurality of mobile communications devices; and   preventing the at least one of the plurality of mobile communications devices from making a connection.   
     
     
       34. The method of claim 32, wherein the first action or the second action includes one of:
 automatically disabling the at least one of the plurality of mobile communications devices either partially or fully and   preventing the at least one of the plurality of mobile communications devices from making a connection, the method further comprising:   requiring, by the server, a verification that the at least one of the plurality of mobile communications devices is secure before the mobile communications device is re-enabled or allowed to make the connection.   
     
     
       35. The method of claim 28, wherein the first action includes initiating a pre-defined security response process. 
     
     
       36. The method of claim 35, wherein the pre-defined security response process includes:
 notifying, by the server, a user of a vulnerability in the user's mobile communications device;   providing the user with instructions to remediate the vulnerability;   after a first threshold period of time has passed without receiving confirmation that the vulnerability has been remediated, reminding, by the server, the user of the vulnerability; and   after a second threshold period of time without receiving confirmation that the vulnerability has been remediated, performing, by the server, at least one of automatically disabling the user's mobile communications device either partially or fully and preventing the user's mobile communications device from making a connection.   
     
     
       37. The method of claim 28 further comprising:
 providing, by the server, a graphical user interface for displaying the subset of the set of result information and wherein the instructions received by the server from the administrator are received through the graphical user interface.   
     
     
       38. The method of claim 37, wherein the subset of the set of result information includes, for each of the plurality of mobile communications devices, at least one of:
 a device security status;   a software version;   a count of security events in a pre-determined time period; or   a time period since a last communication between the mobile communications device and the server.   
     
     
       39. The method of claim 37, wherein the subset of the set of result information includes aggregated information related to the plurality of mobile communications devices. 
     
     
       40. The method of claim 39, wherein the aggregated information includes at least one of:
 a percentage of devices in the plurality of mobile communications devices that are vulnerable, or   a number of devices in the plurality of mobile communications devices that are vulnerable.   
     
     
       41. The method of claim 39, wherein the subset of result information corresponds to a subset of the plurality of mobile communications devices, the subset of the plurality of mobile communications devices being chosen based on a commonality including at least one of:
 a characteristic of the mobile communications devices, or   a security status of the mobile communications devices.   
     
     
       42. A system comprising:
 a data storage storing a plurality of sets of vulnerability information, the vulnerability information including descriptions of known vulnerabilities;   a server for performing the steps of:
 accessing the data storage storing a plurality of sets of vulnerability information, 
 receiving a plurality of sets of vulnerability identification information corresponding to a plurality of mobile communications devices, 
 correlating the received plurality of sets of vulnerability identification information to the plurality of sets of vulnerability information accessed from the data storage to generate a set of result information, 
 transmitting the set of result information for display to an administrator, and 
 receiving, from the administrator in response to the administrator's review of at least a subset of the set of result information, instructions to perform a first action to remediate a vulnerability of at least one of the plurality of mobile communications devices; and 
   a network connecting the server, data storage, and the plurality of mobile communications devices.   
     
     
       43. The system of claim 42, wherein the server is further for performing the steps of:
 performing the first action to remediate a vulnerability of at least one of the plurality of mobile communications devices;   waiting for a confirmation related to the performed first action from the at least one of the plurality of mobile communications devices;   when a first threshold value of time has passed without receiving the confirmation, performing, by the server, a second action to remediate a vulnerability of the at least one of the plurality of mobile communications devices.   
     
     
       44. The system of claim 43, wherein the first action or the second action includes one of:
 notifying an administrator of the at least one of the plurality of mobile communications devices;   notifying a user of the at least one of the plurality of mobile communications devices;   automatically disabling the at least one of the plurality of mobile communications devices; and   preventing the at least one of the plurality of mobile communications devices from making a connection.   
     
     
       45. The system of claim 43, wherein the first action or the second action includes one of:
 automatically disabling the at least one of the plurality of mobile communications devices either partially or fully and   preventing the at least one of the plurality of mobile communications devices from making a connection, and wherein the server is further for performing the steps of:   requiring a verification that the at least one of the plurality of mobile communications devices is secure before the mobile communications device is re-enabled or allowed to make the connection.   
     
     
       46. The system of claim 42 wherein the server is further for performing the steps of:
 providing a graphical user interface for displaying the subset of the set of result information and wherein the instructions received by the server from the administrator are received through the graphical user interface.   
     
     
       47. The system of claim 46, wherein the subset of the set of result information includes, for each of the plurality of mobile communications devices, at least one of:
 a device security status;   a software version;   a count of security events in a pre-determined time period; or   a time period since a last communication between the mobile communications device and the server.   
     
     
       48. The system of claim 46, wherein the subset of the set of result information includes aggregated information related to the plurality of mobile communications devices. 
     
     
       49. The system of claim 48, wherein the aggregated information includes at least one of:
 a percentage of devices in the plurality of mobile communications devices that are vulnerable, or   a number of devices in the plurality of mobile communications devices that are vulnerable.   
     
     
       50. The system of claim 48, wherein the subset of result information corresponds to a subset of the plurality of mobile communications devices, the subset of the plurality of mobile communications devices being chosen based on a commonality including at least one of:
 a characteristic of the mobile communications devices, or   a security status of the mobile communications devices.   
     
     
       51. A non-transitory, computer-readable storage medium having stored thereon a plurality of instructions, which, when executed by a processor of a server, cause the server to perform the steps of:
 accessing a data storage storing a plurality of sets of vulnerability information, the vulnerability information including descriptions of known vulnerabilities;   receiving a plurality of sets of vulnerability identification information corresponding to a plurality of mobile communications devices;   correlating the received plurality of sets of vulnerability identification information to the plurality of sets of vulnerability information accessed from the data storage to generate a set of result information;   transmitting the set of result information for display to an administrator; and   receiving, from the administrator in response to the administrator's review of at least a subset of the set of result information, instructions to perform a first action to remediate a vulnerability of at least one of the plurality of mobile communications devices.   
     
     
       52. The computer-readable storage medium of claim 51, the instructions further causing the server to perform the steps of:
 performing the first action to remediate a vulnerability of at least one of the plurality of mobile communications devices;   waiting for a confirmation related to the performed first action from the at least one of the plurality of mobile communications devices; and   when a first threshold value of time has passed without receiving the confirmation, performing a second action to remediate a vulnerability of the at least one of the plurality of mobile communications devices.   
     
     
       53. The computer-readable storage medium of claim 52, wherein the first action or the second action includes one of:
 notifying an administrator of the at least one of the plurality of mobile communications devices;   notifying a user of the at least one of the plurality of mobile communications devices;   automatically disabling the at least one of the plurality of mobile communications devices; and   preventing the at least one of the plurality of mobile communications devices from making a connection.   
     
     
       54. The computer-readable storage medium of claim 52, wherein the first action or the second action includes one of:
 automatically disabling the at least one of the plurality of mobile communications devices either partially or fully and   preventing the at least one of the plurality of mobile communications devices from making a connection, and wherein the server is further for performing the steps of:   requiring a verification that the at least one of the plurality of mobile communications devices is secure before the mobile communications device is re-enabled or allowed to make the connection.   
     
     
       55. The computer-readable storage medium of claim 51, the instructions further causing the server to perform the steps of:
 providing a graphical user interface for displaying the subset of the set of result information and wherein the instructions received by the server from the administrator are received through the graphical user interface.   
     
     
       56. The computer-readable storage medium of claim 55, wherein the subset of the set of result information includes, for each of the plurality of mobile communications devices, at least one of:
 a device security status;   a software version;   a count of security events in a pre-determined time period; or   a time period since a last communication between the mobile communications device and the server.   
     
     
       57. The computer-readable storage medium of claim 55, wherein the subset of the set of result information includes aggregated information related to the plurality of mobile communications devices. 
     
     
       58. The computer-readable storage medium of claim 57, wherein the aggregated information includes at least one of:
 a percentage of devices in the plurality of mobile communications devices that are vulnerable, or   a number of devices in the plurality of mobile communications devices that are vulnerable.   
     
     
       59. The computer-readable storage medium of claim 57, wherein the subset of result information corresponds to a subset of the plurality of mobile communications devices, the subset of the plurality of mobile communications devices being chosen based on a commonality including at least one of:
 a characteristic of the mobile communications devices, or   a security status of the mobile communications devices.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.