Treatment of malicious devices in a mobile-communications network
Originating portfolio: ALU
Estimated expiration: 2031-Jun-29
Potentially relevant companies (8): AirWatch LLC, Aruba Networks, Inc., Barracuda Networks, Inc., Blackberry Limited, Cisco Systems, Inc., Dell Inc., McAfee Enterprises, Inc., Symantec Corporation
Products & technologies (1): Network:Security
A method of remotely treating malicious mobile terminals connected to a mobile communications network. In one embodiment, when a malicious mobile terminal is detected by the intrusion-detection services of the network, the network changes the subscriber profile associated with the mobile terminal to operate the latter in a quarantine mode. The packet-switched subsystem of the network then links the quarantined mobile terminal to a remediation manager. The remediation manager remotely treats the mobile terminal, e.g., to repair or reinstall any corrupted software, terminate any active malicious processes, delete or quarantine any malware, and restore the operating system, configuration, and/or memory of the mobile terminal to a clean operational state. After the treatment, the network reverts the subscriber profile back to the initial state and removes the mobile terminal from the quarantine.
1. A communication method, comprising:
(A) monitoring packet-based traffic in a mobile-communications network to identify, as a malicious wireless terminal, a wireless terminal that exhibits specified behavior;
(B) changing a subscriber profile maintained by the network for the wireless terminal to a quarantine state in response to the identification;
(C) allowing the wireless terminal to operate in the quarantine state under the changed subscriber profile; and
(D) treating the wireless terminal via a link with a remediation manager to disable a cause of the specified behavior, wherein step (D) comprises:
(D1) downloading remediation software from the remediation manager to the wireless terminal;
(D2) initiating a memory and/or system scan at the wireless terminal using the remediation software;
(D3) repairing or reinstalling any corrupted software detected by the scan;
(D4) terminating any active malicious processes detected by the scan;
(D5) deleting or quarantining any malware detected by the scan; and
(D6) restoring the system and/or the memory of the wireless terminal to a specified operational state.
Interested in licensing a slice of this patent? Contact us to take the next step, or read about our method to understand the logistics.