公开(公告)号：US09713041B2

公开(公告)日：2017-07-18

申请号：US14639373

申请日：2015-03-05

Applicant: QUALCOMM Incorporated

Inventor： Gavin Bernard Horn ,  Parag Arun Agashe ,  Rajarshi Gupta ,  Rajat Prakash

IPC: H04W36/00 ,  H04W36/08 ,  H04W12/08 ,  H04W8/20 ,  H04W48/08

CPC classification number: H04W36/0038 ,  H04W8/20 ,  H04W12/08 ,  H04W36/08 ,  H04W48/08

Abstract: Access control for an access point (e.g., a cell of the access point) may be based on an access mode associated with the access point. For example, depending on the access mode, access control may involve performing a membership check for the access point. Such a membership check may be performed at a network entity, a source access point, or some other suitable location in a network. In some aspects, access control may involve performing a membership check for an access point in conjunction with a context fetch procedure. Such a procedure may be performed, for example, when an access terminal arrives at the access point after experiencing RLF at another access point.

公开(公告)号：US09703962B2

公开(公告)日：2017-07-11

申请号：US14510772

申请日：2014-10-09

Applicant: QUALCOMM Incorporated

Inventor： Mastooreh Salajegheh ,  Vinay Sridhara ,  Yin Chen ,  Rajarshi Gupta

IPC: G06F21/31 ,  H04L29/06 ,  G06F21/56 ,  G06F21/57 ,  G06F11/30 ,  G06F11/34 ,  G06F21/55

CPC classification number: G06F21/577 ,  G06F11/3024 ,  G06F11/3438 ,  G06F21/316 ,  G06F21/552 ,  H04L63/1425 ,  H04L63/145

Abstract: A computing device processor may be configured with processor-executable instructions to implement methods of using behavioral analysis and machine learning techniques to identify, prevent, correct, or otherwise respond to malicious or performance-degrading behaviors of the computing device. As part of these operations, the processor may generate user-persona information that characterizes the user based on that user's activities, preferences, age, occupation, habits, moods, emotional states, personality, device usage patterns, etc. The processor may use the user-persona information to dynamically determine the number of device features that are monitored or evaluated in the computing device, to identify the device features that are most relevant to determining whether the device behavior is not consistent with a pattern of ordinary usage of the computing device by the user, and to better identify or respond to non-benign behaviors of the computing device.

公开(公告)号：US09684787B2

公开(公告)日：2017-06-20

申请号：US14247400

申请日：2014-04-08

Applicant: QUALCOMM Incorporated

Inventor： Vinay Sridhara ,  Rajarshi Gupta ,  Bohuslav Rychlik

IPC: G06F21/56 ,  G06F9/48 ,  G06F1/32

CPC classification number: G06F21/566 ,  G06F1/3206 ,  G06F9/4893

Abstract: Methods, systems and devices compute and use the actual execution states of software applications to implement power saving schemes and to perform behavioral monitoring and analysis operations. A mobile device may be configured to monitor an activity of a software application, generate a shadow feature value that identifies actual execution state of the software application during that activity, generate a behavior vector that associates the monitored activity with the shadow feature value, and determine whether the activity is malicious or benign based on the generated behavior vector, shadow feature value and/or operating system execution states. The mobile device processor may also be configured to intelligently determine whether the execution state of a software application is relevant to determining whether any of the monitored mobile device behaviors are malicious or suspicious, and monitor only the execution states of the software applications for which such determinations are relevant.

公开(公告)号：US09684775B2

公开(公告)日：2017-06-20

申请号：US14514662

申请日：2014-10-15

Applicant: QUALCOMM Incorporated

Inventor： Rajarshi Gupta ,  Satyajit Prabhakar Patne

IPC: G06F7/04 ,  G06F12/00 ,  G06F12/04 ,  G06F13/00 ,  G06F17/30 ,  G06F21/31 ,  G06F21/57 ,  H04L29/06 ,  H04W12/06 ,  H04W12/08

CPC classification number: G06F21/31 ,  G06F21/316 ,  G06F21/577 ,  G06F2221/034 ,  H04L63/08 ,  H04L63/105 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/145 ,  H04L2463/082 ,  H04W12/06 ,  H04W12/08

Abstract: A computing device processor may be configured with processor-executable instructions to implement methods of using behavioral analysis and machine learning techniques to identify, prevent, correct, and/or otherwise respond to malicious or performance-degrading behaviors of the computing device. As part of these operations, the processor may perform multifactor authentication operations that include determining one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value, using the one or more of these values to determine a number of authentication factors that are be evaluated when authenticating a user of the computing device, and authenticating the user by evaluating the determined number of authentication factors.

公开(公告)号：US20170132411A1

公开(公告)日：2017-05-11

申请号：US14937949

申请日：2015-11-11

Applicant: QUALCOMM Incorporated

Inventor： Mastooreh Salajegheh ,  Rajarshi Gupta ,  Nayeem Islam

IPC: G06F21/53 ,  G06F21/56

CPC classification number: G06F21/53 ,  G06F21/566 ,  G06F2221/2105

Abstract: Various embodiments include methods implemented on a computing device for analyzing a program executing within a virtual environment on the computing device. The methods may include determining whether the program is attempting to detect whether it is being executed within the virtual environment, and analyzing the program within a protected mode of the computing device in response to determining that the program is attempting to detect whether it is being executed within the virtual environment.

公开(公告)号：US09609456B2

公开(公告)日：2017-03-28

申请号：US14339809

申请日：2014-07-24

Applicant: QUALCOMM Incorporated

Inventor： Andres Valencia ,  Rajarshi Gupta ,  Mihai Christodorescu

IPC: G06F15/16 ,  H04W4/00 ,  G06F9/44 ,  G06F21/55 ,  H04M3/00 ,  G06F21/45 ,  G06F21/56

CPC classification number: H04W4/00 ,  G06F8/71 ,  G06F21/45 ,  G06F21/554 ,  G06F21/567 ,  H04M3/00

Abstract: Methods, systems and devices for communicating behavior analysis information using an application programming interface (API) may include receiving via the API a request to register the second module to access an operation of a behavioral monitoring system of the mobile computing device, and exchanging authentication information between the first module and the second module to accomplish mutual authentication. Aspects may include receiving via the API a request for version identification information that may be used by the server to determine how to interpret, evaluate, or crowd-source information, and exchanging version identification information between the first module and the second module to cause the second module to send the information to the server. Aspects may further include receiving via the API a provision malware model request including a command causing the first module to send a malware or classifier model to a behavioral monitoring system of the mobile computing device.

公开(公告)号：US09606893B2

公开(公告)日：2017-03-28

申请号：US14451597

申请日：2014-08-05

Applicant: QUALCOMM Incorporated

Inventor： Rajarshi Gupta ,  Charles Bergan

IPC: G06F11/36 ,  G06N5/04 ,  G06F21/55 ,  G06F21/56 ,  G06F21/44 ,  G06F21/52 ,  G06N99/00 ,  G06F19/00

CPC classification number: G06F11/3612 ,  G06F19/707 ,  G06F21/44 ,  G06F21/52 ,  G06F21/552 ,  G06F21/562 ,  G06F21/566 ,  G06F2221/034 ,  G06N5/04 ,  G06N5/043 ,  G06N99/005 ,  H04L63/14

Abstract: Methods, and computing devices implementing the methods, improve the efficiency and performance of a comprehensive behavioral monitoring and analysis system that is configured to predict whether a software application is causing undesirable or performance depredating behavior. The behavioral monitoring and analysis system may be configured to quickly and efficiently classify certain software applications as being benign by generating a behavior vector that characterizes the activities of the software application, determining whether the generated behavior vector includes a distinguishing behavior or behavioral clue identifying the software application as a trusted software application, and classifying the software application as benign in response to determining that the generated behavior vector includes a distinguishing behavior identifying the software application as a trusted software application.

公开(公告)号：US09578049B2

公开(公告)日：2017-02-21

申请号：US14706099

申请日：2015-05-07

Applicant: QUALCOMM Incorporated

Inventor： Vinay Sridhara ,  Yin Chen ,  Rajarshi Gupta

IPC: H04L29/06 ,  G06F21/56

CPC classification number: H04L63/1425 ,  G06F21/566

Abstract: A computing device processor may be configured with processor-executable instructions to implement methods of detecting and responding non-benign behaviors of the computing device. The processor may be configured to monitor device behaviors to collect behavior information, generate a behavior vector information structure based on the collected behavior information, apply the behavior vector information structure to a classifier model to generate analysis results, use the analysis results to classify a behavior of the device, use the analysis results to determine the features evaluated by the classifier model that contributed most to the classification of the behavior, and select the top “n” (e.g., 3) features that contributed most to the classification of the behavior. The computing device may display the selected features on an electronic display of the computing device.

Abstract translation: 计算设备处理器可以配置有处理器可执行指令，以实现检测和响应计算设备的非良性行为的方法。 处理器可以被配置为监视设备行为以收集行为信息，基于收集的行为信息生成行为向量信息结构，将行为向量信息结构应用于分类器模型以生成分析结果，使用分析结果对行为进行分类 的设备，使用分析结果来确定由分类器模型评估的功能，对行为的分类最有贡献，并选择对行为分类最有贡献的顶部“n”（例如，3）特征。 计算设备可以在计算设备的电子显示器上显示所选择的特征。

公开(公告)号：US09544798B1

公开(公告)日：2017-01-10

申请号：US14806811

申请日：2015-07-23

Applicant: QUALCOMM Incorporated

Inventor： Seyed Ali Ahmadzadeh ,  Saumitra Mohan Das ,  Rajarshi Gupta

IPC: H04W24/00 ,  H04W24/08 ,  H04W12/12

CPC classification number: H04W24/08 ,  H04L63/1408 ,  H04W12/12

Abstract: Various aspects include methods for profiling access points for a mobile communication device that includes a modem controlling a first radio access technology (RAT) and a second RAT. The device modem may establish a first level of communications with a potential network access point and obtain a first set of observed parameters of the potential network access point through the first level of communications. The modem may determine whether the first set of observed parameters of the potential network access point matches expected parameters for a network access point, and establish a second level of communications with the potential network access point in response to determining that the first set of observed parameters matches expected parameters of the network access point.

Abstract translation: 各个方面包括用于对包括调制解调器控制第一无线电接入技术（RAT）和第二RAT的移动通信设备的接入点进行分析的方法。 设备调制解调器可以建立与潜在的网络接入点的第一级通信，并通过第一级通信获得潜在的网络接入点的第一组观测参数。 调制解调器可以确定潜在网络接入点的第一组观察参数是否与网络接入点的预期参数相匹配，并响应于确定第一组观测参数而建立与潜在网络接入点的第二级通信 匹配网络接入点的预期参数。

公开(公告)号：US09519533B2

公开(公告)日：2016-12-13

申请号：US14607251

申请日：2015-01-28

Applicant: QUALCOMM Incorporated

Inventor： Man Ki Yoon ,  Mastooreh Salajegheh ,  Mihai Christodorescu ,  Yin Chen ,  Vinay Sridhara ,  Rajarshi Gupta

IPC: G06F11/00 ,  G06F11/07 ,  G06F9/54 ,  G06F11/36 ,  G06F21/57 ,  G06F21/52

CPC classification number: G06F11/0751 ,  G06F9/54 ,  G06F11/073 ,  G06F11/36 ,  G06F11/3604 ,  G06F11/3612 ,  G06F11/366 ,  G06F11/3668 ,  G06F21/52 ,  G06F21/577

Abstract: Methods and devices for tracking data flows in a computing device include monitoring memory in a hardware component of the computing device to identify a read operation that reads information from a tainted memory address, using heuristics to identify a first, second, and third number of operations performed after the identified read operation, marking memory addresses of write operations performed after first number of operations and before the second number of operations as tainted, and marking memory addresses of write operations performed after the third number of operations and before the second number of operations as untainted.

Abstract translation: 用于在计算设备中跟踪数据流的方法和设备包括监视计算设备的硬件组件中的存储器，以识别从污染的存储器地址读取信息的读取操作，使用启发式来识别第一，第二和第三数量的操作 在所识别的读取操作之后执行，标记在第一次操作之后和在第二次操作之前执行的写入操作的存储器地址，并且标记在第三次操作之后和在第二个操作次数之前执行的写入操作的存储器地址 没有了。