公开(公告)号：US20150101048A1

公开(公告)日：2015-04-09

申请号：US14044956

申请日：2013-10-03

Applicant: QUALCOMM Incorporated

Inventor： Vinay Sridhara ,  Satyajit Prabhakar Patne ,  Rajarshi Gupta

IPC: G06F21/55

CPC classification number: G06F21/55 ,  G06F9/30145 ,  G06F9/3861 ,  G06F11/3612 ,  G06F21/125 ,  G06F21/52 ,  G06F21/54 ,  G06F21/566 ,  G06F21/577 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/145 ,  H04W12/12

Abstract: The various aspects provide a method for recognizing and preventing malicious behavior on a mobile computing device before it occurs by monitoring and modifying instructions pending in the mobile computing device's hardware pipeline (i.e., queued instructions). In the various aspects, a mobile computing device may preemptively determine whether executing a set of queued instructions will result in a malicious configuration given the mobile computing device's current configuration. When the mobile computing device determines that executing the queued instructions will result in a malicious configuration, the mobile computing device may stop execution of the queued instructions or take other actions to preempt the malicious behavior before the queued instructions are executed.

Abstract translation: 各方面提供了一种用于在移动计算设备发生之前通过监视和修改在移动计算设备的硬件流水线中挂起的指令（即，排队的指令）来识别和防止恶意行为的方法。 在各个方面，移动计算设备可以预先确定在给定移动计算设备的当前配置的情况下，是否执行一组排队指令将导致恶意配置。 当移动计算设备确定执行排队的指令将导致恶意配置时，移动计算设备可以在排队的指令被执行之前停止执行排队的指令或采取其他动作来抢占恶意行为。

公开(公告)号：US09774614B2

公开(公告)日：2017-09-26

申请号：US14312957

申请日：2014-06-24

Applicant: QUALCOMM Incorporated

Inventor： Satyajit Prabhakar Patne ,  Rajarshi Gupta ,  Lu Xiao

IPC: G06F21/55 ,  H04L29/06

CPC classification number: H04L63/1416 ,  G06F21/556 ,  G06F21/755 ,  H04L63/1466

Abstract: A computing device may use machine learning techniques to determine whether a side channel attack is underway and perform obfuscation operations (e.g., operations to raise the noise floor) or other similar operations to stop or prevent a detected side channel attack. The computing device may determine that a side channel attack is underway in response to determining that the computing device is in airplane mode, that the battery of the computing device the battery has been replaced with a stable DC power supply, that the touch-screen display of the computing device has been disconnected, that there are continuous calls to a cipher application programming interface (API) using the same cipher key, that there has been tampering with a behavioral analysis engine of the computing device, or any combination thereof.

公开(公告)号：US09721212B2

公开(公告)日：2017-08-01

申请号：US14295561

申请日：2014-06-04

Applicant: QUALCOMM Incorporated

Inventor： Rajarshi Gupta ,  Vinay Sridhara ,  Satyajit Prabhakar Patne ,  Mihai Christodorescu

IPC: G06N5/00 ,  G06F1/00 ,  G06N99/00 ,  G06F21/55

CPC classification number: G06N99/005 ,  G06F21/552

Abstract: Various aspects provide methods implemented by at least one processor executing on a mobile communication device to efficiently identify, classify, model, prevent, and/or correct the non-benign (e.g., performance degrading) conditions and/or behaviors that are related to an application operating on the device. Specifically, in various aspects, the mobile computing device may derive or extract application-specific features by performing a binary analysis of an application and may determine the application's category (e.g., a “games,” “entertainment,” or “news” category) based on the application-specific features. The mobile computing device may also obtain a classifier model associated with the application's category that includes various conditions, features, behaviors and corrective actions that may be used to quickly identify and correct non-benign behaviors (e.g., undesirable, malicious, and/or performance-degrading behaviors) occurring on the mobile computing device that are related to the application.

公开(公告)号：US09684775B2

公开(公告)日：2017-06-20

申请号：US14514662

申请日：2014-10-15

Applicant: QUALCOMM Incorporated

Inventor： Rajarshi Gupta ,  Satyajit Prabhakar Patne

IPC: G06F7/04 ,  G06F12/00 ,  G06F12/04 ,  G06F13/00 ,  G06F17/30 ,  G06F21/31 ,  G06F21/57 ,  H04L29/06 ,  H04W12/06 ,  H04W12/08

CPC classification number: G06F21/31 ,  G06F21/316 ,  G06F21/577 ,  G06F2221/034 ,  H04L63/08 ,  H04L63/105 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/145 ,  H04L2463/082 ,  H04W12/06 ,  H04W12/08

Abstract: A computing device processor may be configured with processor-executable instructions to implement methods of using behavioral analysis and machine learning techniques to identify, prevent, correct, and/or otherwise respond to malicious or performance-degrading behaviors of the computing device. As part of these operations, the processor may perform multifactor authentication operations that include determining one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value, using the one or more of these values to determine a number of authentication factors that are be evaluated when authenticating a user of the computing device, and authenticating the user by evaluating the determined number of authentication factors.

公开(公告)号：US09509707B2

公开(公告)日：2016-11-29

申请号：US14312939

申请日：2014-06-24

Applicant: QUALCOMM Incorporated

Inventor： Satyajit Prabhakar Patne ,  Rajarshi Gupta ,  Lu Xiao

IPC: H04L29/06 ,  G06F21/55

CPC classification number: H04L63/1416 ,  G06F21/556 ,  G06F2221/2125 ,  H04L63/1433

Abstract: A computing device may use machine learning techniques to determine the level, degree, and severity of its vulnerability to side channel attacks. The computing device may intelligently and selectively perform obfuscation operations (e.g., operations to raise the noise floor) to prevent side channel attacks based on the determined level, degree, or severity of its current vulnerability to such attacks. The computing device may also monitor the current level of natural obfuscation produced by the device, determining whether there is sufficient natural obfuscation to prevent a side channel attack during an ongoing critical activity, and perform the obfuscation operation during the ongoing critical activity and in response to determining that there is not sufficient natural obfuscation to adequately protect the computing device against side channel attacks.

Abstract translation: 计算设备可以使用机器学习技术来确定其侧向通道攻击的漏洞的级别，程度和严重性。 计算设备可以智能地和选择性地执行模糊操作（例如，提高噪声底层的操作），以基于其当前对这种攻击的脆弱性的确定的水平，程度或严重性来防止侧信道攻击。 计算设备还可以监视由设备产生的自然混淆的当前水平，确定在持续的关键活动期间是否存在足够的自然混淆以防止侧信道攻击，并且在正在进行的关键活动期间执行混淆操作，并响应于 确定没有足够的自然混淆来充分保护计算设备免受侧向信道攻击。

公开(公告)号：US09213831B2

公开(公告)日：2015-12-15

申请号：US14044956

申请日：2013-10-03

Applicant: QUALCOMM Incorporated

Inventor： Vinay Sridhara ,  Satyajit Prabhakar Patne ,  Rajarshi Gupta

IPC: G06F11/00 ,  G06F21/55 ,  G06F21/57 ,  G06F9/30 ,  G06F21/52 ,  G06F21/56 ,  H04L29/06 ,  H04W12/12

CPC classification number: G06F21/55 ,  G06F9/30145 ,  G06F9/3861 ,  G06F11/3612 ,  G06F21/125 ,  G06F21/52 ,  G06F21/54 ,  G06F21/566 ,  G06F21/577 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/145 ,  H04W12/12

Abstract: The various aspects provide a method for recognizing and preventing malicious behavior on a mobile computing device before it occurs by monitoring and modifying instructions pending in the mobile computing device's hardware pipeline (i.e., queued instructions). In the various aspects, a mobile computing device may preemptively determine whether executing a set of queued instructions will result in a malicious configuration given the mobile computing device's current configuration. When the mobile computing device determines that executing the queued instructions will result in a malicious configuration, the mobile computing device may stop execution of the queued instructions or take other actions to preempt the malicious behavior before the queued instructions are executed.

Abstract translation: 各方面提供了一种用于在移动计算设备发生之前通过监视和修改在移动计算设备的硬件流水线中挂起的指令（即，排队的指令）来识别和防止恶意行为的方法。 在各个方面，移动计算设备可以预先确定在给定移动计算设备的当前配置的情况下，是否执行一组排队指令将导致恶意配置。 当移动计算设备确定执行排队的指令将导致恶意配置时，移动计算设备可以在排队的指令被执行之前停止执行排队的指令或采取其他动作来抢占恶意行为。

公开(公告)号：US20150356451A1

公开(公告)日：2015-12-10

申请号：US14295561

申请日：2014-06-04

Applicant: QUALCOMM Incorporated

Inventor： Rajarshi GUPTA ,  Vinay Sridhara ,  Satyajit Prabhakar Patne ,  Mihai Christodorescu

IPC: G06N7/00 ,  G06N99/00

CPC classification number: G06N99/005 ,  G06F21/552

Abstract: Various aspects provide methods implemented by at least one processor executing on a mobile communication device to efficiently identify, classify, model, prevent, and/or correct the non-benign (e.g., performance degrading) conditions and/or behaviors that are related to an application operating on the device. Specifically, in various aspects, the mobile computing device may derive or extract application-specific features by performing a binary analysis of an application and may determine the application's category (e.g., a “games,” “entertainment,” or “news” category) based on the application-specific features. The mobile computing device may also obtain a classifier model associated with the application's category that includes various conditions, features, behaviors and corrective actions that may be used to quickly identify and correct non-benign behaviors (e.g., undesirable, malicious, and/or performance-degrading behaviors) occurring on the mobile computing device that are related to the application.

Abstract translation: 各个方面提供由在移动通信设备上执行的至少一个处理器实现的方法，以有效地识别，分类，建模，防止和/或校正与非正式（例如性能降级）条件和/或与 应用程序在设备上运行。 具体地，在各个方面，移动计算设备可以通过执行应用的二进制分析来导出或提取特定于应用的特征，并且可以确定应用的类别（例如，“游戏”，“娱乐”或“新闻”类别） 基于应用程序的特征。 移动计算设备还可以获得与应用程序类别相关联的分类器模型，其包括可用于快速识别和校正非良性行为（例如，不期望的，恶意的和/或性能的）的各种条件，特征，行为和校正动作 - 降级行为）发生在与应用程序相关的移动计算设备上。