FORM2
THE PATENTS ACT, 1970 (39 of 1970)
PROVISIONAL / COMPLETE SPECIFICATION (See section 10; rule 13)

l. TITLE OF THE INVENTION:

Virus Detection in Mobile Phone Type Devices in Which Virus Detection Software Is Executed Externally

2. APPLICANT:

(a) Cat Computer Services Pvt Ltd
(b) 603 Mayfair Towers II, Mumbai-Pune Road,Shivajinagar,Pune Maharashtra-India 411005

3 NATIONALITY

(c) India

The following specification particularly describes the nature of this invention (and the manner in which it is to be performed)

Patent Specification

Page 1 of 17

Cat-001 /India

Background Field of the Invention
The present invention relates generally to virus detection systems, and more specifically to a method and apparatus for detecting viruses in mobile phones type devices in which virus detection software is executed externally.
Related Art
Virus detection software refers to program(s) which scan (examine) data on a target device for existence of any viruses on the target device. A virus generally refers to a software code/data which gets installed on target devices (often without the knowledge of the user of the target device) and is often in the form of (part of a) a file present on the non-volatile memory. The file can be executable (in which case processing resources can be wasted or features otherwise available on the target device may be impacted) or mere data wasting storage resources on the target device.
There are several scenarios in which virus detection software is executed external to the target device being scanned. For example, virus detection software is often executed on a computer system to scan mobile phone type devices (example target device), often since such types of devices have insufficient resources (storage and/or processing capacity) to execute virus detection software.
Such target devices are increasingly vulnerable to virus attacks. For example, mobile phones are increasingly being provided with features such as ability to access electronic mail and world-wide web, multi-media messaging services (MMS), games, short message services (SMS), desktop applications, etc. Due to such connectivity applications, mobile phones (or target devices, in general) are increasingly more vulnerable to virus attacks. Furthermore the virus can spread from one mobile phone to another, thereby infecting additional mobile phones. Accordingly, it is generally desirable to at least detect the presence of the viruses on mobile phones.
According to one prior approach, detection of viruses in a target device is performed by connecting the target device to a computer (having relatively larger memory and processing power) and running a virus scan software in the computer. In one embodiment, different virus scanning software programs are implemented for corresponding operating environments (e.g., operating system or model of the mobile phone) on the computer. Such a fragmented approach leads to several inefficiencies such as increased cost of development, potentially not detecting files of viruses which are designed for other operating environments, etc.
Brief Description of the Drawings
The present invention will be described with reference to the accompanying drawings, which are described below briefly. In the drawings, like reference numbers

Patent Specification

Page 2 of 17

Cat-001 /India

generally indicate identical, functionally similar, and/or structurally similar elements. The drawing in which an element first appears is indicated by the leftmost digit(s) in the corresponding reference number.
Figure 1 is a block diagram illustrating an example environment in which several aspects of the present invention can be implemented.
Figure 2 is a flow chart illustrating the manner in which virus detection is performed in mobile phones according to an aspect of the present invention.
Figure 3 is a block diagram representing various functional blocks in an embodiment of a mobile phone.
Figure 4 is a block diagram depicting various functional blocks in a computer illustrating the manner in which viruses can be detected in an embodiment of the present invention.
Figure 5 is a example set of function calls according to a software development
kit (SDK) provided by a vendor of a mobile phone type in one embodiment.
Figure 6 is a flow chart illustrating the manner in which mobile phones of different operating environments (or types) can be scanned according to an aspect of the present invention.
Figure 7 is a block diagram illustrating the manner in which a virus scan program can scan different mobile phone types in an embodiment of the present invention.
Figure 8 is a block diagram illustrating the details of a digital processing system in which several aspects of the present invention are operative upon execution of software instructions in one embodiment.
Detailed Description of the Preferred Embodiments 1. Overview and Discussion of the Invention
A virus scanning program provided according to an aspect of the present invention scans a target device (e.g., mobile phone) for files containing viruses even if the files are not executable on the device. Corrective actions such as removing the files can be performed once the viruses are detected. As a result, viruses which are not executable (as being designed for other device types) can also be detected and removed from the devices. Further, cost/effort of procuring and loading (copy of) virus scan program into each target device is avoided.
According to another aspect, a common interface is provided when a virus scanning program requests data from target devices, and the computer is provided with different remote application programming interfaces suited to retrieve the specified data from the corresponding devices. As a result, the computer can be extended to integrate scanning of new device types easily.
According to one more aspect, a scanning program retrieves only data portions required for continuing the scan operation. Thus, the scan operation can be completed

Patent Specification

Page 3 of 17

Cat-001 /India

without copying the entire file locally to the computer on which the scanning program is executed.
Several aspects of the invention are described below with reference to examples for illustration. It should be understood that numerous specific details, relationships, and methods are set forth to provide a full understanding of the invention. One skilled in the relevant art, however, will readily recognize that the invention can be practiced without one or more of the specific details, or with other methods, etc. In other instances, well_known structures or operations are not shown in detail to avoid obscuring the features of the invention.
2. Example Environment
Figure 1 is a block diagram illustrating an example environment in which several aspects of the present invention can be implemented. The block diagram is shown containing mobile phones (example target devices) 150A-150Z, personal computer 180, and wireless network 120. Each block is described below in further detail.
Wireless network 120 provides connectivity between mobile phones 150A-150Z using various standards such as GSM, CDMA etc.. Each mobile phone 150A-150Z transfers voice signal and/or data according to the protocol defined by the corresponding standards. Each mobile phone may also be provided with ability to communicate using technologies such as USB connection, Infra Red, Bluetooth and WiFi or wired LAN connection to communicate with other devices/systems.
Personal computer (PC) 180 provides a platform on which virus scan software (implemented according to an aspect of the present invention) can be executed and mobile phones 150-150Z can be scanned for viruses. In addition, PC 180 may facilitate operations such as configuring mobile phones, uploading a new application providing a new feature, configuring the present settings, uploading a phonebook data, and operation of the mobile phones through graphical user interface provided in the PC (using an appropriate physical/ protocol interface provided to the corresponding mobile phone, as is well known in the relevant arts).
Mobile phones 150A-150Z enable telephone calls to be made/received using wireless network 120. Each mobile phone may have a corresponding different operating environment (operating system such as Symbian OS from Symbian Ltd., WIN Ce from Microsoft Corporation, and modifications to such operating systems as suited for different model of the mobile devices, etc). Each mobile phones 150A-150Z runs a desired application providing features such as multimedia accessing, web application, file transfer massaging services etc. Mobile phones communicate and exchange data using wireless network 120. The data exchange may be in the form of

Patent Specification

Page 4 of 17

Cat-001 /India

messages SMS, MMS, and other data exchange features provided by the corresponding network standard noted above.
Mobile phones 150A-150Z receives viruses through MMS, SMS, Blue Tooth connection etc. The viruses while propagating may land up (or infects) a mobile phone that is having different operating environment. Such viruses may not be able to spread further from the corresponding mobile since, it is designed to be executed on a particular type of operating environment (for a virus to spread further it needs to execute itself in the mobile to spread to other mobile phones). Thus, the virus file may remain saved on the mobile phone as it is.
The manner in which the virus detection is performed (including detection of such unwanted files) using PC 180 is described below in further detail.
3. Virus Detection
Figure 2 is a flow chart illustrating the manner in which virus detection is performed in mobile phones according to an aspect of the present invention. The flow chart is illustrated with respect to Figure 1 merely for illustration. However the flow chart can be implemented in other environments as well, as will be apparent to one skilled in the relevant arts by reading the disclosure provided herein. Many of such implementations are contemplated to be covered by various aspects of the present invention. The flow chart begins in step 201, in which control passes to step 210.
In step 210, computer 180 establishes communication with a target device/mobile phone sought to be scanned. Communication may be established by connecting the mobile phone to the PC on a physical port such as USB , RS232, and proprietary physical/protocol interfaces, etc. Various software modules (e.g., drivers) may be run in the mobile phone to facilitate access to the content in the mobile phone based on (or inherent to) the provided communication.
In step 220, computer 180 retrieves a portion of a file needed to continue scanning for detecting a set of viruses. In general, a designer of the scan program chooses the set of viruses to scan (can be a single virus or more), and the nature/format of the data representing the viruses determines the amount of data and the location of the data in the files that is required to continue scanning. Thus, a designer of the scanning program needs to understand the content of the virus files to determine the specific location in the file and the amount of data required.
As described in sections below, the file portion may be retrieved using API functions provided for each mobile phones for accessing the data. The API function may retrieve the data from a specified location. In one embodiment, header portion of the file is retrieved first. The retrieved portion may be stored in a buffer.

Patent Specification

Page 5 of 17

Cat-001/India

In step 230, computer 180 scans the portion for the set of viruses. Scanning may be performed consistent with the understanding of the nature/format of data representing the set of viruses, and can be performed in a known way. Computer 180 may compare the content of the buffer with a already available strings (sequence of binary bytes in one embodiment) to determine (some conditionally) the presence of a corresponding virus. For example, a file header may be compared with known file header formats and each corresponding field in the file header may be checked for file type, size, etc. Based on file type(determined by the contents of the header), the set of viruses to scan the corresponding file may be determined. Also based on the file type and certain header bytes, the portion of the file and the amount of bytes/data to be scanned for viruses may be determined.
In step 240, computer 180 determines if more data is needed in the file to detect any of the set of viruses. For example, based on the content of the header or the portion of the file thus far examined, computer 180 may determine if additional portion is needed to detect the set of viruses. As an illustration, one type of virus may attach itself towards the end of the content in an executable file and accordingly the end portion may be determined to be such additional portion. If additional portion is needed, control transfers to step 250 else to step 260.
In step 250, computer 180 retrieves the additional portion of the file containing the required data and control passes to step 230. The additional portion from the specified location may be retrieved again using API calls as described in the examples scenarios in sections below. With reference to above example, computer 180 may retrieve the end portion of an executable file as additional portion.
In step 260, computer 180 determines if none of the set of viruses exists based on the data scanned thus far for a file. Again the content of the retrieved data may be compared with pre-specified data in making such a determination. If the determination indicates the presence of a virus, control passes to step 290, or else to step 299.
In step 290, computer 180 performs a desired action for the detected virus. For example, computer 180 may delete the portion determined to be containing the virus or the entire file. The flow chart end in step 299.
Due to the above described approach, viruses can be detected while retrieving limited data (instead of entire file) from mobile phones. In addition, the flow chart of Figure 2 can be repeated for different sets of viruses, potentially designed only for execution on other (i.e., not the one implemented in the present phone being scanned) operating environments as described in further detail in sections below.

Patent Specification

Page 6 of 17

Cat-001/India

The description is continued with respect to the details of an example embodiment of mobile device 150A, which supports the above described features of computer 180.
4. Mobile phone
Figure 3 is a block diagram representing various functional blocks in an embodiment of mobile phone 150A. The block diagram is shown containing operating system 310, memory 340, data access interface 360 and driver 380. Each block is described below in further detail.
Driver 380 provides electrical/physical and protocol interfaces using which bits of data can be transmitted and received to/from computer 180. The interfaces may specify various aspects such as signal levels, bit rates, command/interchange requirements, etc., consistent with the specific interface implementations employed in computer 180. Path 399 may be of type USB, Serial port, Ethernet, etc. The extracted data (during reception) is provided to file access interface 360 using any of the data transfer technique. Similarly, driver 380 transmits data received from file access interface 360.
Operating system 310 may control access to and allocate various resources (available within mobile phone 150A) to various entities (user applications, file access interface, etc.) executing in mobile phone 150A. Different mobile phones can be implemented with different operating systems (potentially provided by same/different vendors) and the noted entities are generally designed consistent with the interface provided by operating system 310 to access the desired resources.
Data access interface 360 represents set of program interfaces for accessing data from memory 340. Data access interface 360 receives a request or command from driver 380 and performs requested operation such as opening a file, retrieving desired portion of the data (either of a file or previously stored MMS/SMS) from memory 340, write data into memory 340, etc., and performs the corresponding action by interfacing with operating system 310. Data access interface 360 may be interfaced to driver 380 using various service routines (interrupt service routines, pipes, etc.,) supported in operating system 310 (though not shown), as is well known in the relevant arts.
Memory 340 may store data in various formats and provide access for writing and reading the data in the corresponding format. For example, memory 340 may store
some data (representing pre-specified images, program files representing operating system portions or user applications, etc.) in a file system format (structure) as individual files and facilitate data access through various file access program interface.

Patent Specification

Page 7 of 17

Cat-001 /India

The data representing SMS, MMS etc., may also be stored as files. For example, all SMS may be stored in one file or each SMS may be stored in an individual file. APIs are often provided to access an individual or group of messages from such file formats, and may thus be used for scanning.
Memory 340 may also contain viruses written/ designed for operating system 310 and also viruses designed for operating system other than 310. The manner in which all such viruses in memory 340 may be detected in PC 180 is described below with reference to Figure 4.
5. Computer System
Figure 4 is a block diagram depicting various functional blocks in PC 180 illustrating the manner in which viruses can be detected in an embodiment of the present invention. The block diagram is shown containing operating system services 420, memory buffer 430, virus scan module 450, data access modules 460, remote application program interface (RAPI) 470, driver 480, and virus definitions 490. Each block is described below in further detail.
User interface 410 may provide an interface to a user for monitoring the status of scan operation as well as provide any necessary inputs. For example, virus scan program 450 may prompt the user to input data for confirming operations such as delete, modify scan, etc.
Driver 480 operates similar to and cooperatively with driver 380 described above. Driver 480 transmits on path 399 the requests for desired data portions received from RAPI 470, and receives the requested data in response. The received data is provided to remote application program interface (RAPI) 470.
Remote application program (RAPI) 470 represents a set of program logic (code corresponding to functions or procedures) to generate command strings to access memory 340. The program logics are implemented compliant with the requirements of program logic in data access interface 360. Often RAPI for each mobile phone is provided by the mobile phone vendor for accessing mobile phones through PC 180.
Example set of program logics (functions) are listed in Figure 5. The set of program logics are provided for mobile phone with Window CE based operating environment. Each row contains a function call in first column (530) and description of the action performed by the corresponding function call in second column (560). For example, details in row 521 indicates a function call "CeReadFile" and the corresponding action indicate that the function reads the data from a file starting at the position indicated by the file pointer. The remaining rows are not described in the interest of conciseness.

Patent Specification

Page 8 of 17

Cat-001 /India

Continuing with respect to Figure 4, data access modules 460 invokes the program logics (e.g., corresponding to the functions of Figure 5) in RAPI 470 to retrieve a desired portion of data requested by virus scan module 450. The data received in response is stored in memory buffer 430 by interfacing with operating system services 420. In addition to data retrieval, data access module 460 may also enable virus scan module 450 to perform actions such as delete file, write to a file, etc., by interfacing with RAPI 470.
Virus definitions 490 may contain data strings or other suitable logic which identify each virus type. The set may contain strings representing viruses executable on all possible operating environments. Though not shown in the Figure, the definitions can be updated periodically as more viruses are discovered.
Virus scan program 450 detects viruses in mobile phone 180A according to an aspect present invention. Virus scan program 450 interfaces with data access module 460 for retrieving file/data in mobile phone 180. Virus scan program 450 may operate in accordance with Figure 2 described above in retrieving only portions of data as required for detecting a set of viruses chosen for each iteration. However, alternative approaches (e.g., copying the entire file to local storage) may be employed without departing from the scope and spirt of several aspects of the present invention.
According to an aspect of the present invention, virus definitions 490 contains the definitions of all viruses, whether executable in specific operating environment (mobile device type) or not. Accordingly, virus scan program 450 can scan each mobile device for all known viruses, irrespective of whether the data/file corresponding to the virus is executable or not on the specific mobile device. Once virus data/files are detected, a suitable action such as deleting the data/file can be performed to free up storage space on the target mobile device (scanned).
According to another aspect of the present invention, an approach is chosen which facilitates the virus scan program to easily scan mobile devices of different operating environments, as described below in further detail.
6. Scanning Mobile Phones of Different Operating Environments
Figure 6 is a flow chart illustrating the manner in which mobile phones of different operating environments can be scanned according to an aspect of the present invention. The flow chart is illustrated with reference to Figures 1 and 2 merely for illustration. However the flow chart may be implemented in other environments as well, as will be apparent to one skilled in the relevant arts by reading the disclosure provided herein. Many of such implementations are contemplated to be covered by several aspects of the present invention. The flow chart begins in step 601 and control passes to step 610.

Patent Specification

Page 9 of 17

Cat-001/India

In step 610, computer 180 determines a type of the device sought to be scanned. The mobile phone may be configured to communicate the ID upon establishment of the connection with the PC 180, and the type may be determined based on the received ID. Alternately, a user may provide the corresponding information through appropriate user interface (graphical display, key board, etc., as represented by user interface 410).
In step 650, computer 180 selects a device interface providing connectivity with the determined type. The set of interface programs providing connectivity with the corresponding device types may be stored in a local memory. In one embodiment, a set of program modules are provided by the mobile phone vendor in the form of SDK (software development kit). The SDK contains a set of application program interface (APIs), and the appropriateAPI can be selected based on the determined phone type.
New set of library (APIs) and drivers may be added with the help of SDK to support a new model of phones. Such new set of API are often provided by the corresponding mobile phone mobile phone vendors along with the mobile phone. The user using the phone connected to PC may install appropriate drivers provided by the phone vendor.
In step 660, computer 180 retrieves the content of a file of the device using the selected device interface. Corresponding API may be used to retrieve desired content (portion) of the file. The retrieved portion may be stored in a local buffer for scanning. The approach of Figure 2 can be used to retrieve only portion of the file. Alternatively, the file/data can be copied locally before scanning the data for virus.
In step 680, computer 180 scans the file for the viruses of all device types consistent with the definitions in virus definitions 490. Scanning of the retrieved content may be performed using any of the scanning technique. In step 690, computer 180 performs desired actions (e.g., deleting, repairing, or cleaning of the file if infected with virus) based on the results of the scan. The flow chart ends in step 699.
Thus, by integrating different SDKs into computer 180, multiple phone types can be easily scanned using a single virus scan program. In addition, since the virus definitions can contain information of all types of the viruses, any type of virus even if its designed for different mobile operating environment can be reliably detected and removed from phones.
Another aspect of the present invention facilitates easier integration of additional phone types by having the scan program use a common interface to interface with the various SDKs as described below in further detail.

Patent Specification

Page 10 of 17

Cat-001 /India

7. Example Architecture
Figure 7 is a block diagram illustrating the manner in which a virus scan program scans different mobile phones in an embodiment of the present invention. The block diagram is shown containing physical interface 790, drivers 780A-780K, RAPIs 760A-760K, virus scan module 750, multi data access modules 730, user interface 710, virus definitions 490 operating system services 420, and memory buffer 430. Similar elements are chosen with similar label and reference numerals as in Figure 4 and the description not repeated for conciseness. The remaining blocks are described below in further detail.
Multi data access module 730 provides (to virus scan module 750) universal/ common library functions facilitating access of desired data in mobile phones 150A-150Z, irrespective of phone type. Universal library functions is designed facilitate data access required for virus scan. For example, multi data access module 730 may contain function calls to enable file access, SMS access, MMS access, and data source (containing informations such as phone type, make, model and other properties of phone)access.
In one embodiment, the provided library functions include, but not limited to, OpenFile, ReadFile, WriteFile, CloseFile, GetFileSize, GetFileAttributes, DeleteFile, RenameFile, FindFirstFile, FindNextFile etc., each with self-explanatory label. Similarly, for SMS access and MMS access, the library may contain functions such as GetMessageProperties (like time stamp, number sent or received from etc.), DeleteMessage (to delete message from storage), GetSMSMessage GetMMSFile etc.
Universal library functions in turn invoke the program logics in one of RAPIs 760A-760 J, depending on the mobile phone type sought to be scanned, to retrieve data from the corresponding mobile. The type of mobile phone that is being scanned may be obtained from user interface 710 (based on appropriate user inputs) or through device ID sent through the physical interface 790.
Virus scan module 750 scans the content of memory buffer 430 as described in Figure 4. Physical interface 790 provide physical connectivity to mobile phones 150A-150Z. The physical interface may represent a USB port, serial Port, ethernet port, wireless (bluetooth) port etc., through which mobile phones are connected to PC 180.
Each driver 780A-780K provides data connectivity based on a type of driver implemented in the corresponding mobile phone 150A-150Z. For example, a mobile phone with a USB connectivity may be connected through one of drivers 780A-780K implemented with USB protocol.

Patent Specification

Page 11 of 17

Cat-001 /India

Each RAPIs 760A-760K represents the set of function calls (program logics) to access the corresponding mobile phone. Each RAPIs 760A-760J perform an operation similar to the RAPI 470 described in Figure 4. Accordingly, RAPIs 760A-760J retrieve the data/portion of file, which is eventually stored by multi-data access modules 730 to memory buffer 430. Often each mobile phone manufacturer provides a software package containing RAPI along with the mobile phone. The software package enables the access to mobile phone having the corresponding operating environment. Each software package is installed in the PC 180 as the corresponding one of RAPI 760A-760J.
In addition, for each operating environment, vendors may provide a software development kit (SDK). Software application integrating the corresponding RAPI may be developed using the SDK. SDK may be used to develop functions in the multi data access module 730.
It should be appreciated that the features described above can be implemented in a combination of one or more of hardware, software and firmware. The description is continued with respect to an embodiment in which the features are operative by execution of software instructions as described below in further detail.
8. Software Implementation
Figure 8 is a block diagram illustrating the details of digital processing system 800 in one embodiment. System 800 may correspond to computer 180. System 800 is shown containing processing unit 810, random access memory (RAM) 820, secondary memory 830, output interface 860, packet memory 870, phone interface 880 and input interface 890. Each component is described in further detail below.
Input interface 890 (e.g., interface with a keyboard and/or mouse, not shown) enables a user to provide any necessary inputs (e.g., confirmation of delete type operations, the mobile phone type) to system 800. Output interface 860 provides output signals (e.g., display signals to display unit 870 to indicate the status of scan or other messages), and the two interfaces together can form the basis for a suitable user interface for a user to interact with system 800.
Phone interface 880 may enable system 800 to send/receive data to the phones and may be viewed as containing physical interface 790 and 399 described above. Phone interface 880, output interface 860 and input interface 890 can be implemented in a known way.
RAM 820 (supporting memory 860), secondary memory 830, and packet memory 870 may together be referred to as a memory. RAM 820 receives instructions

Patent Specification

Page 12 of 17

Cat-001/India

and data on path 850 (which may represent several buses) from secondary memory 830, and provides the instructions to processing unit 810 for execution.
Packet memory 870 stores (queues) packets (representing voice or data) waiting to be forwarded (or otherwise processed). Secondary memory 830 may contain units such as hard drive 835 and removable storage drive 837. Secondary memory 830 may store the software instructions and data (e.g., virus definitions), which enable system 800 to provide several features in accordance with the present invention.
Some or all of the data and instructions may be provided on removable storage unit 840 (or from a network using protocols such as Internet Protocol), and the data and instructions may be read and provided by removable storage drive 837 to processing unit 810. Floppy drive, magnetic tape drive, CDROM drive, DVD Drive, Flash memory, removable memory chip (PCMCIA Card, EPROM) are examples of such removable storage drive 837.
Processing unit 810 may contain one or more processors. Some of the processors can be general purpose processors which execute instructions provided from RAM 820. Some can be special purpose processors adapted for specific tasks (e.g., for memory/queue management). The special purpose processors may also be provided instructions from RAM 820.
In general, processing unit 810 reads sequences of instructions from various types of memory medium (including RAM 820, storage 830 and removable storage unit 840), and executes the instructions to provide various features of the present invention described above.
9. Conclusion
While various embodiments of the present invention have been described above, it should be understood that they have been presented by way of example only, and not limitation. Thus, the breadth and scope of the present invention should not be limited by any of the above-described embodiments, but should be defined only in accordance with the following claims and their equivalents.

Patent Specification

Page 13 of 17

Cat-001 /India

I/We claim:
1. A method of scanning a target device for existence of a set of viruses, said method being performed in a system external to said target device, said method comprising:
establishing communication with said target device;
determining a portion of a file required to scan said file present on said target device, wherein said portion is determined by a program logic underlying a virus scan software;
retrieving said portion from said file on said target device;
scanning said portion to determine whether any of said set of viruses are present on said file or another portion of said file is required to continue scan according to said program logic;
retrieving said another portion and repeating said scanning if said scanning indicates that said another portion is required.
whereby said entire file need not be retrieved into said system determine existence of said set of virus programs.
2. The method of claim 1, wherein said mobile phone is of a first operating environment and a first virus contained in said set of viruses is not designed to execute in said first operating environment, wherein said scanning detects the existence of said first virus in said file.
3. The method of claim 2, further comprising removing said first file from said mobile phone upon detection of said first virus in said file.
4. The method of claim 1, wherein said retrieving comprises sending a first request to provide said portion of said file according to an Application Programming
Interface (API) and sending a second request to provide said another portion of said file according to said API.
5. The method of claim 1, wherein said target device is a mobile phone.
6. A method of detecting a plurality of target devices each having a
corresponding one of a plurality of operating environments and exposure to execution
of a corresponding one of a plurality of sets of viruses, said method being
implemented in a single scan application on a system external to said plurality of
target devices, said method comprises:
implementing a plurality of device interfaces, wherein each of said plurality of device interfaces has the ability to interface with a corresponding one of said plurality of operating environments;

Patent Specification

Page 14 of 17

Cat-001 /India

receiving information indicating a first operating environment present on a first target device sought to be scanned, said first operating environment being comprised in said plurality of operating environments and said first target device being comprised in said plurality of target devices, a first device interface contained in said plurality of device interfaces having the ability to interface with said first target device;
sending commands via said first interface to access content of a file present on said first target device; and
scanning said file for existence of viruses.
7. The method of claim 6, providing a common interface using which said
single scan application can request said file irrespective of the operating environment
of said plurality of target devices, wherein each of said plurality of interfaces is
designed to interface with said common interface also.
8. The method of claim 7, wherein said scanning scans said first target device for each of said plurality of sets of viruses.
9. A computer readable medium carrying one or more sequences of instructions to cause a digital processing system to scan a target device for existence of a set of viruses, said digital processing system being external to said target device, wherein execution of said one or more sequences of instructions by one or more processors contained in said digital processing system causes said one or more processors to perform the actions of:
establishing communication with said target device;
determining a portion of a file required to scan said file present on said target device, wherein said portion is determined by a program logic underlying a virus scan software;
retrieving said portion from said file on said target device;
scanning said portion to determine whether any of said set of viruses are present on said file or another portion of said file is required to continue scan according to said program logic;
retrieving said another portion and repeating said scanning if said scanning indicates that said another portion is required.
whereby said entire file need not be retrieved into said system determine existence of said set of virus programs.
10. A computer readable medium carrying one or more sequences of
instructions to cause a digital processing system to detect a plurality of target devices
each having a corresponding one of a plurality of operating environments and
exposure to execution of a corresponding one of a plurality of sets of viruses, said
computer readable medium carrying a single scan application, said digital processing
system being external to said plurality of target devices, wherein execution of said one

Patent Specification

Page 15 of 17

Cat-001 /India

or more sequences of instructions by one or more processors contained in said digital processing system causes said one or more processors to perform the actions of:
implementing a plurality of device interfaces, wherein each of said plurality of device interfaces has the ability to interface with a corresponding one of said plurality of operating environments;
receiving information indicating a first operating environment present on a first
target device sought to be scanned, said first operating environment being comprised in said plurality of operating environments and said first target device being comprised in said plurality of target devices, a first device interface contained in said plurality of device interfaces having the ability to interface with said first target device;
sending commands via said first interface to access content of a file present on said first target device; and
scanning said file for existence of viruses.
Dated this 14th day of December 2006

Signature \..
(THAPPETA NARENDRA REDDY)
Patent Agent
REGD. NO. 1N/PA-392

Patent Specification

Page 16 of 17

Cat-001/India

Abstract
A virus scanning program which scans a mobile phone/target device for files containing viruses even if the files are not executable on the mobile phone. Corrective actions such as removing the files can be performed once the viruses are detected. As a result, viruses which are not executable (as being designed for other mobile phone types) can also be detected and removed from mobile phones. According to another aspect, a common interface is provided when a virus scanning program requests data from mobile phones, and the computer is provided with different remote application programming interfaces suited to retrieve the specified data from the corresponding mobile phones. As a result, the computer can be extended to integrate scanning of new device types easily. According to one more aspect, a scanning program retrieves only data portions required for continuing the scan operation.

Patent Specification

Page 17 of 17

Cat-001 /India