Browse Prior Art Database

A Method and System for Predicting Security Risks based on Operating Environment of a Mobile Application

IP.com Disclosure Number: IPCOM000234764D
Publication Date: 2014-Feb-03
Document File: 1 page(s) / 28K

Publishing Venue

The IP.com Prior Art Database

Related People

Jean-Baptiste Queru: INVENTOR

Abstract

A method and system is disclosed for detecting a level of security/risk on devices on which a user’s accounts credentials are used. Based on the level of security/risk associated, the devices are flagged as being at a higher risk of being compromised.

This text was extracted from a Microsoft Word document.
This is the abbreviated version, containing approximately 82% of the total text.

A Method and System for Predicting Security Risks based on Operating Environment of a Mobile Application

Abstract

A method and system is disclosed for detecting a level of security/risk on devices on which a user’s accounts credentials are used.  Based on the level of security/risk associated, the devices are flagged as being at a higher risk of being compromised.

Description

Currently, there are certain mobile devices, which are highly secure, and present a malicious attacker difficulty in extracting user credentials.  However, there are other mobile devices which are far less secure, and offer an attacker easier access for a full file system dump without significant effort.

Disclosed is a method and system for detecting a level of security/risk on devices on which a user’s accounts credentials are used.  Based on the level of security/risk associated, the devices are flagged as being at a higher risk of being compromised. 

In accordance with the method and system disclosed herein, a user is allowed to install or use an application. While the user is using the application, the method detects vulnerabilities in a host environment.  For example, vulnerabilities can be detected by comparing a fingerprint of an operating system, or checksums of installed apps, or by directly probing for known vulnerabilities.  When such vulnerabilities are detected, a risk level is computed based on the actual vulnerability.  Subsequently, the associated accounts are marked at a high...