Method and system for evaluating security for an interactive service operation by a mobile device

摘要

A method for evaluating security during an interactive service operation by a mobile communications device includes launching, by a mobile communications device, an interactive service configured to access a server over a network during an interactive service operation, and generating a security evaluation based on a plurality of trust factors related to a current state of the mobile communications device, to a security feature of the application, and/or to a security feature of the network. When the security evaluation is generated, an action is performed based on the security evaluation.

主权项

1. A method for evaluating security during an interactive service operation by a mobile communications device, the method comprising:
identifying, by a security component on a mobile communications device, a launch of an interactive service configured to communicate with a server over a network during an interactive service operation, wherein the interactive service is associated with an entity and is configured to transmit data to and receive data from a target website purportedly associated with the entity; verifying that the target website is an authentic website associated with the entity, wherein the verifying includes identifying a domain of the target website based on a uniform resource locator (URL) of the target website and includes determining that the domain of the target website is registered by the entity; in response to the launch of the interactive service, generating, by the security component, a security evaluation of the interactive service based on a plurality of trust factors including: a trust factor related to a current state of the mobile communications device, a trust factor related to a security feature of the interactive service, and a trust factor related to a security feature of the network; and allowing, by the security component, the performance, by the mobile communications device, of the interactive service operation when a security measure from the security evaluation does not go beyond a threshold security measure.