Risk profiling of smart mobile phone users based on in-line packet inspection and policy control
Publication Date: 2016-Jan-06
The IP.com Prior Art Database
The article describes the method for Risk profiling of smartphone users based on in-line traffic inspection along with a security indicator on the phone to draw the attention of the user when the mobilephone is compromised due to a malicious app factoring in the applicability and relevance to the user.
Page 01 of 3
Risk profiling of smart mobile phone users based on in -line packet inspection and policy control
Mobile traffic Inspection is a new topic and does not have many solutions in the industry. Even the small number of solutions available today have following drawbacks:
i) Inspection happens on mobile gateway and,
ii) Since inspection is off-loaded to mobile gateways, app-to-app traffic cannot be monitored in real-time, leading to "holes" enabling Malware penetration.
iii) Saavy smart Mobile users aren't aware of risk as no apps provide them with risk profile based on internet and app usage on the personal mobile phone.
Providing security via real-time packet interception "on-device" is a challenge on mobile phones. Rooting or jail braking is required to use any mobile platform features to achieve this. However that keeps the methods off-limits to normal mobile population. Once packet interception is achieved, it becomes easy to leverage other web services which offer IP reputation, URL and Malware inspection. User Risk Profile is built based on the internet access patterns informing the user of risks.
The article addresses the above concerns along with a security indicator drawing users attention when the mobile is compromised.
There are lot of innovations in mobile space that has led to advanced memory capabilities and VPN service availability within mobile phones/devices. This article leverages those advancements for better on device and per-App (App-defined), cross-App traffic inspection for building risk profile of mobile users.
Following are key functions to achieve the above :
1. A system having traffic inspection (on-device storage) implementation which can perform real-time in-line deep packet inspection per App using Wifi or provider data connection.
2. The system includes, 2.1. A method to generate metadata/ application signature for application identification and policy control. 2.1.1 The system wherein application signature used for application identification comes from mobile app-specific metadata including but not limited to location last used, protocol signature, app target.
2.2.2 The system wherein relevant policy control including but not limited to bandwidth/HTTP rate limiting, etc. The policy controls comes down from MDM server and usually involves protection by taking relevant action.
3. Detects file download and computes MD5 for checking against Malware tracking databases.
4. Builds a user risk profile based on the internet access and app usage patterns. Only applicable risks are factored in when assessing user specific risk.
5. The metada...