FR2877114A1 - Message e.g. instant message, managing method for e.g. Internet, involves transmitting message comprising object with originator terminal authentication unit and content with access information of server, to destination terminal by server - Google Patents

Abstract

The method involves receiving a message from an originator server by an originator access server during transmission of the message from originator to destination terminal. The server transmits another message to the destination terminal. The latter message has an object having an authentication unit to authenticate the originator terminal closer to the destination terminal, and a content having access information of the server. Independent claims are also included for the following: (A) a system for managing messages in a communication network (B) a storage medium readable by a terminal and storing instructions for implementing a method for managing messages.

Description

SYSTEM AND METHOD FOR MANAGING MESSAGES IN A

  COMMUNICATION NETWORK BY ELECTRONIC MESSAGING.

  The subject of the present invention is a system and a method for managing messages in an electronic messaging communication network making it possible to limit or even eliminate the propagation of computer viruses and the drawbacks associated with unsolicited messages.

  Communication networks, such as the Internet, give their users access to, and allow them to exchange, virtually any type of information. In particular, with the use of instant messaging systems or couriers such as email, commonly referred to as email or email, the transmission and reception of information and become virtually instantaneous. This ability to communicate directly with a correspondent and a huge interest for most people, so that all or almost all users of a terminal now have an email address allowing them to use an email system.

  The use of email has become widespread, allowing users to stay in touch more easily, to exchange information more frequently and without much effort. However, in return, email has also become a commercial tool. Email lists, or lists of emails, are therefore valuable marketing tools that can solicit mass of prospects by direct and cheap access. This is why such lists are sold and used to advertise in particular. The mechanism is so simple and cheap to use that these unsolicited and mass messages end up being problematic.

  There are programs to filter out unauthorized emails. Some are based for example on the keyword analysis of the content of the message subject field. If certain keywords are present, the message is blocked, or deleted, or placed in a special folder for later analysis. These filters can optionally be set up directly at the access server (typically at a web mail level), so that a message blocked by such a filter will never be unloaded on the recipient's terminal. While this method may be useful, it is not efficient enough. Indeed, the list of key words used for the filter can not be exhaustive and the filter thus allows certain messages to pass. These filters are therefore not very flexible and limited, particularly as regards the type and the number of filtering criteria.

  In addition, the senders of such unsolicited messages, knowing the existence of the filters and their mode of operation, use more general and more personal terms in their messages so as to avoid the filters. This has the consequence that the user, in many cases, still has to consult the content of the message to determine whether it is an unsolicited or unauthorized message.

  The volume of unsolicited or unauthorized e-mails thus causes many problems for victim users, such as the consumption of storage space and the loss of time.

  Moreover, these unsolicited messages are effective vectors for spreading computer viruses. Indeed, viruses usually use email to spread from one terminal to another, within an attachment to the message sent. When the attachment is opened by the recipient, the virus is released and can act. Viruses are particularly known that are able to scan the content of the address book on the terminal on which they run and thus spread to all or part of the terminals whose address is in this address book.

  To avoid this, users are now reluctant to open attachments to unsolicited or unauthorized messages. To circumvent this defense response, malicious senders of such messages use other techniques such as the fraudulent misuse of a terminal's identity to send unsolicited messages that will not be recognized by the recipient as unsolicited messages. or not allowed.

  In addition, some viruses have been developed that are directly transported by email, without the need to insert an attachment, which makes them even more difficult, if not impossible, to detect. At the opening of such a message, from a seemingly trusted sender but whose identity has been stolen, the recipient will automatically be infected with the virus.

  The problem for any e-mail user, particularly as a recipient of e-mail, is also to be able to recognize the questionable messages that may be vectors of virus propagation. In particular, it is very important to be able to recognize them even before these messages have physically arrived on the user's terminal.

  Most anti-virus solutions consist of running software that scans the contents of the device to check for the presence of known viruses. Classically, this type of anti-virus is effective only if it is very regularly updated to be able to detect new viruses or new variants of existing viruses that arrive on the network every week or even every day. In addition, these anti-viruses work, by definition, when the virus has been physically unloaded on the terminal on which it runs. Between the moment this virus arrives on the terminal and the time when the anti-virus software is running, the virus may already have come into action to damage the terminal and / or spread to other terminals.

  There is therefore a need for a message management system and method in an electronic communication network, which overcomes the aforementioned drawbacks. Thus, it is the object of the present invention to overcome these disadvantages by proposing a solution that limits or even eliminates the spread of viruses by electronic mail.

  The invention thus relates, according to a first aspect, to a message management method in an electronic communication network comprising at least one sender access server. The sender access server is used by at least one sender terminal to connect to the communication network. The communication network comprises at least one destination terminal of at least a first electronic message M1 sent by the sender terminal, the first message M1 comprising at least one object 01 and at least one content C1.

  The method of the invention is characteristic in that, when the sending terminal sends the first message M1 to the destination terminal, this first message M1 is first received by the sending access server. The latter then sends at least a second message M2 to the destination terminal, this second message comprising at least one object 02 and at least one content C2. The object 02 comprises at least one authentication element which makes it possible to authenticate the sender terminal to the destination terminal. The content C2 comprises in turn at least part of the object 01 of the first message M1 and at least one piece of information called access information giving the destination terminal access, on the sending access server, to the first message M1.

  Thus, at no time, the user of the destination terminal is obliged to unload or repatriate all the M1 messages on this terminal, or even on its own destination access server which may be different from the sender access server the sending terminal.

  In an alternative embodiment, the authentication element that is included in the object 02 of the second message M2 comprises at least one identifier associated with the sending terminal of the first message M1, and / or a reception code associated with the sending terminal. of the first message MI.

  In another variant embodiment, possibly in combination with the previous one, the information called access information included in the content C2 of the second message M2 is a hyperlink to the sender access server.

  Optionally, this hyperlink makes available, through a viewing window, at least the first message M1 sent by the sender terminal, and / or the possibility of acknowledging receipt of this first message M1, and / or the possibility to reply directly to this first message M1 from the sender access server, and / or the possibility of classifying this first message M1 as a questionable message according to the reception code, and / or the possibility of unloading or repatriating the first M1 message on the destination terminal, and / or the ability to delete the first message M1 of the sender access server.

  Optionally, the first message M1 and / or the second message M2 are automatically deleted from the sender access server when closing the viewing window.

  In another variant embodiment, possibly in combination with one or more of the preceding variants, the sender access server stores all the objects of the messages sent by the sender terminal.

  Optionally, the object 01 of the first message M1 sent by the sender terminal contains at least one sending code associated with the destination terminal 25 of this first message M1, and / or contains at least one security code defined by the server of sender access.

  Preferably, upon reception by the sending access server of the first message M1 sent by the sending terminal, this sending access server performs at least one or more of the following tests: the object 01 is not not identical to the subject of the previous message sent by the sending terminal to the destination terminal; the sending code is in accordance with the code associated with the destination terminal; the security code conforms to the security code defined by the sending access server; the archiving data, on the sending terminal, messages sent by this sender terminal, are not duplicated on this sending terminal.

  When at least one of these tests is negative, the sender access server informs the sender terminal, and / or possibly blocks the first message M1.

  The invention also relates, according to a second aspect, to a message management system in an electronic messaging communication network which implements the method of the invention as explained above.

  Finally, the invention relates, according to a third aspect, to a storage medium readable by a terminal, on which is stored a sequence of instructions which, when executed by a computer system, allows this computer system to implement the method of the invention as described above.

  Thus, the method and system of the invention advantageously make it possible to recognize the questionable messages before they are unloaded or repatriated to the destination terminal, and reduce the spread of viruses through electronic mail.

  Other features and advantages of the invention will appear more clearly and completely on reading the following description of the preferred embodiments of the device, which are given as non-limiting examples and with reference to the accompanying drawings. following.

  FIG. 1 schematically represents an electronic message management system according to the invention, FIGS. 2a and 2b schematically represent the method of managing electronic messages according to the invention.

  FIG. 1 diagrammatically represents an electronic message management system according to the invention, in which there is a first access server 2 allowing a first terminal 3 to access the communication network 1, and a second server 5 for access allowing a second terminal 4 to access the communication network 1. The communication network 1 is for example the Internet.

  Terminal means any terminal for sending and receiving e-mails. This may be for example a computer, as shown schematically in Figure 1, or a personal electronic assistant, a limited function terminal entirely dedicated to electronic mail, a mobile phone supporting the e-mail functions. In general, any electronic device supporting the functions of electronic mail, able to connect to the communication network 1, by wire (telephone line for example) or wireless (GSM for example), may be suitable.

  The access server 2 may comprise a processor 21, an information storage zone 22, or memory 22, and a module 23 for managing sent or received messages, all of which makes it possible to implement the method of the invention. as will be described later with reference to Figures 2a and 2b. The memory 22 may equally well be a conventional structure with single or multiple registers, or a database. This description of a portion of the access server 2 is purely functional, and non-structural. Indeed, the memory 22 may very well be structurally integrated with the processor 21, or the module 23 for example. Similarly, the module 23 and the processor 22 may form only one entity.

  The access server, meanwhile, may include a processor 51, an information storage area 52, or memory 52, and a module 53 for managing sent or received messages. The memory 52 may equally well be a conventional structure with single or multiple registers, or a database. This description of a portion of the access server is also purely functional, and non-structural. Indeed, the memory 52 may very well be structurally integrated with the processor 51, or the module 53 for example. Similarly, the module 53 and the processor 52 may form a single entity.

  This access server therefore allows the terminal 4 to access the communication network 1. In particular, it allows this terminal 4 to receive messages sent by the terminal 3 via the access server 2. It should be noted, however, that the distinction between the two servers 4 and 5 access is given by way of example and is therefore not exhaustive of the invention. Indeed, an access server generally allowing multiple terminals to access the communication network, the terminals 3 and 4 can very well access this communication network 1 through the same access server 2. It then alternately plays the role of sender access server when it is used by one of the terminals to send a message to another, and recipient access server when it is used by one or other of the terminals to receive a message sent by the other.

  As a non-limiting example of the invention, for the description of the system and the method of the invention, we will consider that the server 2 is a sender access server, and that the server 5 is an access server. recipient.

  The method of the invention will now be described with reference to Figures 2a and 2b.

  In step 100, a user of the terminal 3, which we will call the sending terminal, connects to the electronic mail system in order to send a message M1 to the user of the terminal 4, which we will call the destination terminal. The operation can be done locally, with appropriate messaging software installed on the sending terminal. It can also be performed from any terminal connected to the network directly at the sender access server 2, typically through a so-called web mail service.

  In both cases, the user prepares the object 01 and the content C1 of the message M1 that he wishes to send to the destination terminal 4.

  In step 101, the user of the sender terminal inserts in the object 01 a sending code associated with the identifier of the recipient and / or a permanent security code, fixed, for example daily, by the server 2 d. sender and returnee access, for example daily, on the terminal 3 sender. These codes can be added manually or, preferably, automatically. In the case of the automatic insertion of these codes, and if this is done locally, the messaging software installed on the sending terminal can take care of inserting codes previously stored on the terminal. If the operation is done at the web mail, the module 23 and / or the processor 21 of the sender access server 2 are responsible for inserting in the object 01 these codes previously stored in the memory 22. Automation insertion, both locally and at the level of the web mail, allows the user of the terminal 3 sender not to have to worry about the existence of these codes, nor to remember the particular code associated with a particular recipient In step 200, the message is sent by the sender terminal 3 to the destination terminal 4. If this operation is carried out locally, it is followed by the step 300 of receiving the message M1 by the sender access server 2. We understand of course that this step is useless if the operation is carried out at the level of the web mail, and that it is thus not executed.

  If this step 200 is executed, following the sending locally, ie without going through the web mail, M1 by the sender terminal 3, and if the sending codes and / or security n ' have not been inserted into the object at this local level (step 101), this insertion operation may optionally be performed automatically by the sender access server 2, under the same conditions as in step 101.

  Optionally, in step 301, the object 01 is stored in the memory 22 of the sender access server 2, associated with the identifier of the sender terminal 3 and the identifier of the destination terminal 4.

  The module 23 of the sender access server 2 then proceeds, in step 302, to a check.

  This verification can relate, among other things, to the sending code and / or the security code and / or the message M1 (including its object 01).

  Regarding the sending and / or security codes, the sending access server 2 tests whether these are present in 01, and whether they comply with the information stored in the memory 22 of the sender access server 2.

  Concerning the object 01, the sender access server 2 tests whether the latter is not identical to the object of the previous message sent by the sender terminal 3 to the destination terminal 4 and previously stored in the memory 22 of the server 2 d sender access (see step 301).

  The sender access server 2 optionally tests, by means of a scanning of the storage means of the sender terminal 3, whether the local archiving data of the messages sent by this terminal (whose objects and / or the contents of the messages) are not duplicated on this terminal, in the case where this duplication can be considered as a sign of the presence of a virus.

  If at least one of the tests is negative, the message is temporarily blocked, and the verification step 302 is followed by the step 303 in which the sending access server 2 sends a message to the sender terminal 3 to inform him of the problem and possibly to obtain an instruction for unblocking the message M1. Otherwise (all previously performed tests are positive) step 302 is followed by step 400 which we will detail a little further.

  If the blocking is confirmed, or in the absence of any particular instruction obtained possibly in step 304, step 305 is executed to definitively block the message M1 and possibly archive it on the sender access server 2. If not (unblocking instruction), step 304 is followed by step 400.

  This step 400 consists in sending a message M2, by the sender access server 2, to the destination terminal 4. This message includes an object 02 and a content C2. The object 02 comprises at least one authentication element making it possible to authenticate the sender terminal 3 with the destination terminal 4. This authentication element may comprise the identifier of the sender terminal 3 (or of its user) and / or a reception code associated with the sender terminal 3 and previously stored in the memory 22 of the sender access server 2. The content C2 comprising at least a part of the object 01 of the first message M1, and at least one access information giving the terminal 4 recipient access, on the access server 2 sender, this first message M1.

  Step 400 is followed by step 500 of receiving the message M2 by the destination access server. This destination access server 5 may then proceed to the verification, in step 600, of the authentication element contained in the object 02 of the message M2, via its module 53 and / or its processor 51. If this authentication element contains a reception code, and if it does not comply with the reception code associated with the sender terminal 3 previously stored in the memory 52 of the destination access server 5, step 600 is followed by step 601 in which the message M2 is deleted or classified as a questionable message for further processing. In both cases, the recipient of the message is informed. If not (compliance of the authentication element), step 600 is followed by step 700.

  During this step 700, a user of the terminal 4, or terminal recipient, connects to the e-mail system to view any e-mail messages he may have received.

  The operation can be performed locally, with appropriate messaging software installed on the destination terminal. It can also be performed from any terminal connected to the network directly at the destination access server, typically through a so-called web mail service.

  Once connected during step 700, and thus having access to the electronic mail service locally or via the web mail, the recipient user of the destination terminal 4 consults, in step 800, his messages by selecting them classic in the list of received messages. In particular, he consults the message M2, and at step 900 he can click on the hyperlink in the content C2 of the message M2.

  This action has the effect, in step 910, to open a window for viewing data relating to M2 stored on the sender access server 2. This window can be viewed in a conventional manner via the display means of the destination terminal 4, which can be for example a standard display screen.

  This window for displaying data relating to the message M2 stored on the sender access server 2, opened on the destination terminal 4, allows the recipient user to select a certain number of options in step 920.

  For example, he may choose in step 930 to consult all the data relating to the message M1, including its content C1 and its object 01, stored on the sender access server 2. In this case, a window for viewing said data opens on the display screen in step 931.

  It may also choose in step 940 to repatriate or download this data relating to the message M1, and / or the data relating to the message M2, or to the recipient terminal 4 in local access via the destination access server 5. either on the server 5 of access recipient webmail access. The previously selected operation is then performed in step 941.

  The recipient user can further choose in step 950 to delete the data relating to the message M1, and / or the message M2, from the sender access server 2, whether or not he has previously repatriated this data on his own server. 5 recipient access and / or on its own terminal 4 recipient. This deletion is then implemented in step 951.

  Optionally, the recipient user can choose that this deletion operation will be carried out automatically in step 961 which follows step 960 closing the window for viewing the data relating to M2.

  Thus, at no time the recipient terminal user has the obligation to repatriate all M1 messages on this terminal, or even on his own destination access server, as long as he is not certain of the healthy character and sure messages.

  It is recalled that the entire description above is of course given by way of example, and is not limiting of the invention. In particular, the presence of two separate access servers, one sender 2 and the other recipient 5, is not limiting of the invention, since the sender user and the recipient user can very well use the same access server to access the network.

  Moreover, it will be recalled that the use of terminals to connect to the network is not limited to the invention. Indeed, terminal means any terminal for sending and receiving electronic messages. It may be for example a simple computer, or an electronic personal assistant, a limited function terminal entirely dedicated to electronic mail, a mobile phone supporting the functions of electronic mail. In general, any electronic device supporting the functions of electronic mail, able to connect to the communication network, wired (telephone line for example) or wireless (GSM for example), may be suitable.

  In addition, the same terminal can be used by the sender user on the one hand and the recipient user on the other hand, playing the sender terminal role which connects to the network via an access server. sender, and destination terminal that connects to the network via a destination access server, the latter may be the same as the sender access server (see note above).

2877114 15

Claims (11)

  1. Method for managing messages in an electronic messaging communication network (1) comprising at least one sending access server (2) used by at least one sending terminal (3) to connect to said communication network (1) , and comprising at least one terminal (4) receiving at least a first electronic message M1 sent by said terminal lo (3) sender, said first message M1 having at least one object 01 and at least one content C1, said method being characterized in that, during the sending by said sender terminal (3) of said first message M1 to said recipient terminal (4): said first message M1 is received by said sender access server (2), said access server (2) sender sends at least a second message M2 to said recipient terminal (4), said second message M2 comprising at least one object 02 and at least one content C2, said object 02 comprising at least one authentication element it makes it possible to authenticate said sender terminal (3) with said recipient terminal (4), and said C2 content comprising at least a part of said object 01 and at least one access information giving the terminal (4) recipient access, on the access server (2) sender, said first message M1.   2. Method according to claim 1, characterized in that said authentication element included in said object 02, comprises at least one identifier associated with said sending terminal (3) 3o of said first message M1, and / or a reception code associated with said terminal (3) sender of said first message M1.   2877114 16 3. Method according to any one of claims 1 and 2, characterized in that said access information included in said C2 content of said second message M2 is a hyperlink to said sender access server (2).   4. Method according to claim 3, characterized in that said hyperlink provides, via a viewing window, at least: - the data relating to said first message M1 sent by said terminal (3) sender, - and / or the possibility of acknowledging receipt of said first message M1, and / or the possibility of responding directly to said first message M1 from said sender access server (2), and / or the possibility of classifying said first message M1 as a questionable message according to said reception code, and / or the possibility of discharging said first message M1 on said destination terminal (4), and / or the possibility of deleting said first message M1 from said access server (2) sender.   5. Method according to claim 4, characterized in that said first message M1 and / or said second message M2 are automatically deleted from said sender access server (2) when closing said viewing window.   6. Method according to any one of claims 1 to 5, characterized in that said sender access server (2) stores all objects messages sent by said terminal (3) sender.   7. Method according to any one of claims 1 to 6, characterized in that said object 01 said first M1 message sent by said terminal (3) sender contains at least one sending code associated with the terminal (4) recipient said first message M1, and / or at least one security code defined by said sender access server (2).   8. Method according to any one of claims 6 and 7, characterized in that, upon reception by said sender access server (2) of said first message M1 sent by said sender terminal (3), said server of access (2) sender performs at least one of the following tests: - said object 01 is not identical to the object of the previous message sent by said sender terminal (3) to said recipient terminal (4), and / or said sending code is in accordance with the code associated with the destination terminal (4), and / or said security code complies with said security code defined by said sender access server (2), and / or the data of archiving on said sender terminal (3) messages sent by the said terminal (3) sender are not duplicated on the said terminal (3) sender.   9. The method of claim 8, characterized in that, when any of said tests is negative, said sender access server (2) informs said sender terminal (3) and / or blocks said first message M1.   10. Message management system in an electronic communication network implementing the method according to any one of claims 1 to 9.   11. A storage medium readable by a terminal, on which is stored a sequence of instructions which, when executed by a computer system, allows said computer system to implement the method according to any one of claims 1 to 9.