USRE48669EActiveUtility

System and method for identifying and [assessing] remediating vulnerabilities on a mobile communications device

86
Assignee: LOOKOUT INCPriority: Nov 18, 2009Filed: Oct 31, 2019Granted: Aug 3, 2021
Est. expiryNov 18, 2029(~3.4 yrs left)· nominal 20-yr term from priority
H04W 12/12H04W 12/128G06F 21/577H04L 63/1433H04W 12/069H04L 12/4641H04L 63/0272H04W 84/045
86
PatentIndex Score
2
Cited by
304
References
48
Claims

Abstract

The invention is a system and method for identifying, assessing, and responding to vulnerabilities on a mobile communication device. Information about the mobile communication device, such as its operating system, firmware version, or software configuration, is transmitted to a server for assessment. The server accesses a data storage storing information about vulnerabilities. Based on the received information, the server may identify those vulnerabilities affecting the mobile communication device, and may transmit a notification to remediate those vulnerabilities. The server may also transmit result information about the vulnerabilities affecting the mobile communication device. The server may also store the received information about the device, so that in the event the server learns of new vulnerabilities, it may continue to assess whether the device is affected, and may accordingly notify or remediate the device. The server may provide an interface for an administrator to manage the system and respond to security issues.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method comprising:
 a) providing at least one server that accesses a data storage storing a plurality of sets of vulnerability information;   b) receiving, at the at least one server, a set of vulnerability identification information about a mobile communication device;   c) correlating, by the at least one server, the received set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a first set of result information; and,   d) transmitting, by the at least one server, the first set of result information.   
     
     
       2. The method of  claim 1 , wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communication device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communication device. 
     
     
       3. The method of  claim 1 , wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable. 
     
     
       4. The method of  claim 1 , further comprising the step of:
 e) transmitting, by the at least one server to the mobile communication device, a notification about the first set of result information.   
     
     
       5. The method of  claim 4 , wherein the notification includes an instruction related to the first set of result information. 
     
     
       6. The method of  claim 1 , further comprising the steps of:
 e) updating at least one of the plurality of sets of vulnerability information on the data storage to form a plurality of updated sets of vulnerability information;   f) after the step of transmitting, by the at least one server, the first set of result information, correlating, by the at least one server, the received set of vulnerability identification information to the plurality of updated sets of vulnerability information to generate a second set of result information; and,   g) transmitting, by the at least one server, the second set of result information.   
     
     
       7. The method of  claim 1 , further comprising the steps of:
 e) updating at least one of the plurality of sets of vulnerability information on the data storage to form a plurality of updated sets of vulnerability information;   f) after the step of transmitting, by the at least one server, the first set of result information, correlating, by the at least one server, the received set of vulnerability identification information to the plurality of updated sets of vulnerability information to generate a second set of result information; and,   g) transmitting, by the at least one server to the mobile communication device, a notification about the second set of result information.   
     
     
       8. The method of  claim 1 , further comprising the steps of:
 e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;   f) after the step of transmitting, by the at least one server, the first set of result information, correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,   g) transmitting, by the at least one server, the second set of result information.   
     
     
       9. The method of  claim 1 , further comprising the steps of:
 e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;   f) after the step of transmitting, by the at least one server, the first set of result information, correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,   g) transmitting, by the at least one server to the mobile communication device, a notification about the second set of result information.   
     
     
       10. A method comprising:
 a) transmitting, from a mobile communication device, a set of vulnerability identification information to at least one server that accesses a data storage storing a plurality of sets of vulnerability information; and,   b) receiving, at the mobile communication device from the at least one server, a first set of result information that correlates to the transmitted set of vulnerability identification information.   
     
     
       11. The method of  claim 10 , wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communication device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communication device. 
     
     
       12. The method of  claim 10 , wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable. 
     
     
       13. The method of  claim 10 , further comprising the step of:
 c) receiving, at the mobile communication device from the at least one server, a notification about the first set of result information.   
     
     
       14. The method of  claim 13 , wherein the notification includes an instruction related to the first set of result information. 
     
     
       15. The method of  claim 13 , further comprising the step of:
 d) displaying, on the mobile communication device, at least a portion of the received notification.   
     
     
       16. The method of  claim 10 , further comprising the step of:
 c) receiving, at the mobile communication device from the at least one server, a notification about a second set of result information.   
     
     
       17. A method comprising:
 a) providing at least one server that accesses a data storage storing a plurality of sets of vulnerability information;   b) receiving, at the at least one server, a first set of vulnerability identification information about a first mobile communication device;   c) correlating, by the at least one server, the first set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a first set of result information; and,   d) transmitting, by the at least one server, the first set of result information;   e) receiving, at the at least one server, a second set of vulnerability identification information about a second mobile communication device, wherein the second set of vulnerability identification information differs from the first set of vulnerability identification information;   f) correlating, by the at least one server, the second set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a second set of result information; and,   g) transmitting, by the at least one server, the second set of result information.   
     
     
       18. The method of  claim 17 , wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communication device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communication device. 
     
     
       19. The method of  claim 17 , wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable. 
     
     
       20. A system comprising:
 a data storage storing a plurality of sets of vulnerability information;   a server for accessing the data storage, for receiving one or more sets of vulnerability identification information about one or more mobile communication devices, for correlating the one or more sets of received vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate one or more sets of result information, for transmitting the one or more sets of result information, and for transmitting one or more notifications about the one or more sets of result information; and,   a network connecting the at least one server, data storage, and the plurality of mobile communication devices.   
     
     
       21. The system of  claim 20 , further comprising a user interface for monitoring the plurality of mobile communication devices to identify which of the plurality of mobile communication devices is vulnerable. 
     
     
       22. The system of  claim 20 , wherein vulnerability information is information selected from the group consisting of a name, a description, one or more remediation instructions, a severity rating, a security impact summary, and one or more criteria for being vulnerable. 
     
     
       23. A method comprising:
 a) providing at least one server that accesses a data storage storing a plurality of sets of vulnerability information;   b) receiving, at the at least one server, a set of vulnerability identification information about a mobile communication device;   c) correlating, by the at least one server, the received set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a first set of result information; and,   d) transmitting, by the at least one server to the mobile communication device, a notification about the first set of result information.   
     
     
       24. The method of  claim 23 , wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communication device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communication device. 
     
     
       25. The method of  claim 23 , wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable. 
     
     
       26. The method of  claim 23 , further comprising the steps of:
 e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;   f) correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,   g) transmitting, by the at least one server, the second set of result information.   
     
     
       27. The method of  claim 23 , further comprising the steps of:
 e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;   f) correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,   g) transmitting, by the at least one server to the mobile communication device, a notification about the second set of result information.   
     
     
       28. A method comprising:
 receiving, at a mobile communications device from a data storage, vulnerability information including descriptions of known vulnerabilities, an amount of information included in the vulnerability information being determined by a setting determined from an input from an administrator;   correlating, by the mobile communications device, the received vulnerability information to vulnerability identification information about the mobile communications device to determine whether at least some of the received vulnerability information is relevant to the mobile communications device;   generating, by the mobile communications device based on the determination from the correlating step, vulnerability result information including instructions for remediating at least one vulnerability of the mobile communications device; and   implementing, by the mobile communications device, the instructions to remediate the at least one vulnerability.   
     
     
       29. The method of claim 28, wherein implementing the instructions includes the mobile communications device initiating, without user intervention, a pre-defined security response process. 
     
     
       30. The method of claim 29, wherein the pre-defined security response process includes at least one of:
 a communication between the mobile communications device and a server, the communication including a request for new vulnerability information; or   an update of an application on the mobile communications device.   
     
     
       31. The method of claim 29, wherein the pre-defined security response process includes:
 notifying, by the mobile communications device, a user of a vulnerability in the mobile communications device;   providing the user with instructions to remediate the vulnerability; and   after a first threshold period of time has passed without receiving confirmation that the vulnerability has been remediated:
 reminding, by the mobile communications device, the user of the vulnerability, or 
 at least one of: automatically disabling the user's mobile communications device either partially or fully, or preventing the mobile communications device from making a connection. 
   
     
     
       32. The method of claim 28 further comprising:
 performing, by the mobile communications device, a first action directed by the instructions to remediate the at least one vulnerability;   waiting, by the mobile communications device, for a confirmation related to the first action;   when a first threshold value of time has passed without receiving the confirmation, performing, by the mobile communications device, a second action to remediate the at least one vulnerability.   
     
     
       33. The method of claim 32, wherein the first action or the second action includes one of:
 notifying an administrator of the mobile communications device;   notifying a user of the mobile communications device;   automatically disabling the mobile communications device; or   preventing the mobile communications device from making a connection.   
     
     
       34. The method of claim 32, wherein the first action or the second action includes one of:
 automatically disabling the mobile communications device either partially or fully, or   preventing the mobile communications device from making a connection, the method further comprising:   requiring, by the mobile communications device, a verification that the mobile communications device is secure before the mobile communications device is re-enabled or allowed to make the connection.   
     
     
       35. A system comprising:
 a data storage storing a plurality of sets of vulnerability information, the vulnerability information including descriptions of known vulnerabilities;   a mobile communications device in communication with the data storage, the mobile communications device configured to:
 receive, from the data storage, vulnerability information including descriptions of known vulnerabilities, an amount of information included in the vulnerability information being determined by a setting determined from an input from an administrator; 
 correlate the received vulnerability information to vulnerability identification information about the mobile communications device to determine whether at least some of the received vulnerability information is relevant to the mobile communications device; 
 generate, based on the determination from the correlating step, vulnerability result information including instructions for remediating at least one vulnerability of the mobile communications device; and 
 implement the instructions to remediate the at least one vulnerability. 
   
     
     
       36. The system of claim 35, wherein implementing the instructions includes the mobile communications device initiating, without user intervention, a pre-defined security response process. 
     
     
       37. The system of claim 36, wherein the pre-defined security response process includes at least one of:
 a communication between the mobile communications device and a server, the communication including a request for new vulnerability information; or   an update of an application on the mobile communications device.   
     
     
       38. The system of claim 36, wherein the pre-defined security response process includes:
 notifying a user of a vulnerability in the mobile communications device;   providing the user with instructions to remediate the vulnerability;   after a first threshold period of time has passed without receiving confirmation that the vulnerability has been remediated:
 reminding the user of the vulnerability; or 
 performing at least one of: automatically disabling the user's mobile communications device either partially or fully, or preventing the mobile communications device from making a connection. 
   
     
     
       39. The system of claim 35, wherein the mobile communications device is further configured to:
 perform a first action directed by the instructions to remediate the at least one vulnerability;   wait for a confirmation related to the first action;   when a first threshold value of time has passed without receiving the confirmation, perform second action to remediate the at least one vulnerability.   
     
     
       40. The system of claim 39, wherein the first action or the second action includes at least one of:
 notifying an administrator of the mobile communications device;   notifying a user of the mobile communications device;   automatically disabling the mobile communications device; or   preventing the mobile communications device from making a connection.   
     
     
       41. The system of claim 39, wherein the first action or the second action includes at least one of:
 automatically disabling the mobile communications device either partially or fully, or   preventing the mobile communications device from making a connection, the steps further comprising:   requiring, by the mobile communications device, a verification that the mobile communications device is secure before the mobile communications device is re-enabled or allowed to make the connection.   
     
     
       42. A non-transitory, computer-readable storage medium having stored thereon a plurality of instructions, which, when executed by a processor of a mobile communications device, cause the mobile communications device to perform the steps of:
 receiving, from the data storage, vulnerability information including descriptions of known vulnerabilities, an amount of information included in the vulnerability information being determined by a setting determined from an input from an administrator;   correlating the received vulnerability information to vulnerability identification information about the mobile communications device to determine whether at least some of the received vulnerability information is relevant to the mobile communications device;   generating, based on the determination from the correlating step, vulnerability result information including instructions for remediating at least one vulnerability of the mobile communications device; and   implementing the instructions to remediate the at least one vulnerability.   
     
     
       43. The computer-readable storage medium of claim 42, wherein implementing the instructions includes the mobile communications device initiating, without user intervention, a pre-defined security response process. 
     
     
       44. The computer-readable storage medium of claim 43, wherein the pre-defined security response process includes at least one of:
 a communication between the mobile communications device and a server, the communication including a request for new vulnerability information; or   an update of an application on the mobile communications device.   
     
     
       45. The computer-readable storage medium of claim 43, wherein the pre-defined security response process includes:
 notifying a user of a vulnerability in the mobile communications device;   providing the user with instructions to remediate the vulnerability; and   after a first threshold period of time has passed without receiving confirmation that the vulnerability has been remediated:
 reminding the user of the vulnerability; or 
 performing at least one of: automatically disabling the user's mobile communications device either partially or fully, or preventing the mobile communications device from making a connection. 
   
     
     
       46. The computer-readable storage medium of claim 42, the steps further comprising:
 performing a first action directed by the instructions to remediate the at least one vulnerability;   waiting for a confirmation related to the first action;   when a first threshold value of time has passed without receiving the confirmation, performing a second action to remediate the at least one vulnerability.   
     
     
       47. The computer-readable storage medium of claim 46, wherein the first action or the second action includes at least one of:
 notifying an administrator of the mobile communications device;   notifying a user of the mobile communications device;   automatically disabling the mobile communications device; or   preventing the mobile communications device from making a connection.   
     
     
       48. The computer-readable storage medium of claim 46, wherein the first action or the second action includes at least one of:
 automatically disabling the mobile communications device either partially or fully, or   preventing the mobile communications device from making a connection, the steps further comprising:   requiring a verification that the mobile communications device is secure before the mobile communications device is re-enabled or allowed to make the connection.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.