GB2430284A - Platform for message management - Google Patents

Platform for message management Download PDF

Info

Publication number
GB2430284A
GB2430284A GB0618187A GB0618187A GB2430284A GB 2430284 A GB2430284 A GB 2430284A GB 0618187 A GB0618187 A GB 0618187A GB 0618187 A GB0618187 A GB 0618187A GB 2430284 A GB2430284 A GB 2430284A
Authority
GB
United Kingdom
Prior art keywords
message
database
user
module
archiving
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0618187A
Other versions
GB0618187D0 (en
Inventor
Jeroen Oostendorp
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GB0518876A external-priority patent/GB2418330B/en
Priority claimed from GB0523360A external-priority patent/GB0523360D0/en
Priority claimed from GB0604543A external-priority patent/GB0604543D0/en
Priority claimed from GB0605655A external-priority patent/GB0605655D0/en
Priority claimed from GB0605650A external-priority patent/GB0605650D0/en
Priority claimed from GB0613431A external-priority patent/GB0613431D0/en
Priority claimed from GB0613430A external-priority patent/GB0613430D0/en
Application filed by Individual filed Critical Individual
Publication of GB0618187D0 publication Critical patent/GB0618187D0/en
Publication of GB2430284A publication Critical patent/GB2430284A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/212Monitoring or handling of messages using filtering or selective blocking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1076Screening of IP real time communications, e.g. spam over Internet telephony [SPIT]
    • H04L65/1079Screening of IP real time communications, e.g. spam over Internet telephony [SPIT] of unsolicited session attempts, e.g. SPIT
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/06Message adaptation to terminal or network requirements
    • H04L51/066Format adaptation, e.g. format conversion or compression
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F17/30
    • H04L12/58
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/06Message adaptation to terminal or network requirements
    • H04L51/063Content adaptation, e.g. replacement of unsuitable content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/07User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail characterised by the inclusion of specific contents
    • H04L51/08Annexed information, e.g. attachments
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/214Monitoring or handling of messages using selective forwarding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/226Delivery according to priorities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms

Abstract

In a first aspect the present invention is a digital message filtering system that comprises a database module containing one or more configuration options relating to one or more end-users and a scanning engine module connected to the database module. The system also includes a message archiving system and a message prioritization system also connected to the database module. The message archiving system includes an auto-archiving engine whose behavior is determined by settings in said database so that if a particular message in a message steam 108 falls within criteria specified in said database a copy of said message is added to an auto-archive database. The behavior of the scanning engine module, the message archiving system and the message prioritization system are modified on a message-by-message basis according to the configuration options for the end-users. The digital message may be: IM for text and image messaging computer to computer, SMS for text messaging via mobile devices. VoIP for communication via telephony, MMS for transmission of images, 3GP for transmission of video, and Fax. In further aspects, the message filtering system may additionally include a set-up process so that a third party database may be synchronized as appropriate with the database module. The scanning engine module may additionally include a pre-filtering engine.

Description

Platform for Intelligent Message Management
Technical Field
This invention is related to a Platform for Intelligent Message Management (P1MM). It is particularly directed to the filtering of digital messages, within set end-user parameters, in network environments encompassing large numbers of message addresses and message Domains, a message Domain being the logical grouping of users.
Furthermore, the present invention is directed to synchronisation of Domain information for authentification and identification of users for the purposes of security of access to messages.
Background Art
With the advent of the Internet, email has become prevalent in digital communications. For example, email messages are exchanged on a daily basis to conduct business, to maintain personal contacts, to send and receive files, etc. Unfortunately, undesired email messages have also become prevalent with increased email traffic. Often, these email messages are unsolicited advertisements, which are often referred to as "junk mail" or "spam"; worse, they may contain viruses, or other malicious content, such as spyware.' Demand for Email Anti Virus, Anti Spam, Content Filtering and Mail Forwarding solutions for corporate users and Internet Service Providers, who in turn offer these services to home and residential users, has been rapidly increasing over the last five years. This is primarily in response to a newer kind of Email virus that gains control of its infected host digital computer and propagates itself further via Email (e.g SMTP and similar protocols), or through the web (e. g HTTP; HTTPS; FTP and similar protocols).
Software applications exist, which remove some of the spam or junk mail from a recipient's email account, thereby reducing clutter in the recipient's email account. Some of these applications remove email messages that contain a particular text or content (e.g., large image files, etc.) that may indicate that the email message is spam or junk mail. Email messages that are *:*. determined to be spain or junk mail are then either removed (e.g., permanently deleted) or stored in a designated folder (e.g., "trash" folder, "junk mail" folder, etc.). Unfortunately, some of the algorithms used to detect sparn or junk mail may be quite complicated, cumbersome and at worst, ineffective.
Filtering of Email data on entry to a corporate or Internet service provider network can therefore be time and cost intensive in terms of hardware, personnel, and data loss should infection occur. During periods following the release of a new variant of virus, these issues are further exacerbated at the XSP level (an xSP may be, for example, an Internet Service Provider, a Managed Service Provider, or an Application Service Provider) because there are a large number of Email domains to be filtered, and these change on a daily basis (an Email domain being a logical grouping of Email users, such as @NOTMAIL.COM, for example).
Email also exposes family members within a home user environment to content and advertisements, not virus related, that may be unacceptable and / or inappropriate for their age group, or personal morals and values. With more than one mailbox being given to the home user as part of their service, specifically to allow family access to Email from a single home digital computer, there are conflicting requirements on the level of filtering required.
Moreover the nature of current anti-virus, anti-spam and Email content filtering solutions for corporate and xSPs allows for limited individual configuration by end-users and limited integration with third party application software.
W002/28l27 provides for a centralized, preprocessing electronic messaging solution that performs value-added tasks to electronic messages on behalf of the ISP or the end user, before these messages are delivered to the destination email server. The service can detect and detain damaging or unwanted messages, such as spam, viruses or other junk email messages, and route electronic messages from various sources covering a variety of topics to wired and wireless destinations, apart from the intended recipient email * ** address, in various formats. * * * ****
Currently available Email security and anti-virus solutions are possessed of critical shortcomings; specifically they do not offer: 1) capability for end-users directly to control individual security * settings over multiple and/or individual mail boxes within an assigned Email S..
* sub-domain; 2) caoabilitv for the donijn owner on behalf of the Email users within * U that domain or sub-domains to directly control individual security settings .: over multiple, individual mail boxes within an assigned Email domain and sub- domain; 3) capability for end-users directly to control individual content filtering settings over multiple, individual mailboxes within an assigned Email domain and sub-domain; 4) capability for end-users directly to control individual Spam acceptance or rejection criteria over multiple, individual mail boxes within an assigned Email domain and sub-domain; 5) capability for integrating fully within an existing secure Email filtered environment by providing direct domain synchronisation services to third party Email filtering solutions and third party databases containing user information; or - 6) capability for integrating fully within an existing secure Email filtered environment by providing cost-effective pre-filtering facilities to third party Email filtering solutions, and subsequent Email redirection or quarantine options.
Third party databases containing user information may typically include those supporting Lightweight Directory Access Protocol (LDAP), which is an Internet protocol that email and other programs use to look up information from a server. LDAP deployments typically use Domain Name System (DNS) names for structuring the simplest levels of the hierarchy. Further into the directory might appear entries representing people, organizational units, printers, documents, groups of people or anything else which represents a given tree entry, or multiple entries. Other formats include ActiveDirectory Whilst large numbers of communications are disseminated via the Internet using Simple Mail Transfer Protocol (SMTP), messages' may also be transmitted via email as non-text attachments, for example: Fax-to-email image attachments in some image format, e.g. tif; Scanned attachments of * meeting reports, agenda, legal documents, meeting notes, etc. In addition, more recently, messages' are communicated by a number of other digital formats other than email. These currently include; IM for text and image messaging computer to computer; SMS for text messaging via mobile devices; *:::: voIp for communication via telephony; MMS for transmission of images, which could in future be document images as camera resolution improves; 3GP for S..
* transmission of video (e.g. via 3GP etc), which could in future be video- phone style information exchange or video voicemail; and Fax, for : transmission of documents.
*..: Moreover, some messages will clearly have a higher degree of importance than others, depending on who the sender is or the content, or both. Similarly, some messages, whilst not falling into the category of spam, may have a low priority.
Archiving an email or message (e.g IM in MSN, or SMS) in a useful manner is a major challenge, technically and operationally. Technically, it is a complex task to implement, particularly as the volume of email to be archived often exceeds GB's of data in total. The management of this archive Consumes a large amount of business resources that could be more intelligently deployed in other areas. Operationally, locating an archived email or message that was sent or received within an organization can be difficult. Emails or messages often contain vast amounts of corporate information to which various employees or interested parties of a business need access. In addition, legislation relating to emails presents a significant compliance issue for businesses, and courts now treat email as they would any other form of corporate information. This means that a business must be able to retrieve email from many years ago upon request.
In U.S. Patent Application Ptiblication No. 2004/0267886 an email message is filtered to determine whether or not it is an undesired email message (e.g., "spam," "junk mail," etc.) that originates from an undesirable domain, such as, for example, a domain designated as originating from an undesirable geographic location. In some embodiments, upon determining that the email message originates from an undesirable domain, the email message is deleted (e.g, permanently removed, moved to a designated folder, marked for follow up, etc). In other embodiments, upon determining that the email message originates from an undesirable domain, the email message is further filtered to determine whether or not the email message includes attributes that indicate that the email message should not be discarded In U.S. Patent Application Publication No. 2005/0080856 an e-mail filtering method and system that categorize received e-mail messages based on information about the sender is disclosed. Data about the sender is contained in the message and is used to identify the actual sender of the message using * ** a signature combining pieces of information from the message header or ***30 derived from information in the message header. This and other information S...
about the messagP is then sent by each member of an c-mail network to one or more central databases (in one embodiment, the information will also be ** stored at a database associated with the recipient's e-mail program and *: filtering software) which stores the information and compiles statistics about c-mails sent by the sender to indicate the likelihood that the email is unsolicited and determine the reputation of the sender (a good reputation *:*. indicates the sender does not send unwanted messages while a bad reputation indicates the sender sends unsolicited e-mail messages) . Information from the central database is then sent to recipients in order to determine the likelihood that a received e-mail message is spam (information may also be obtained from the local database associated with the recipient's e-mail program and filtering software). This need has been met by an e-mail filtering method and system that categorize received e-mail messages based on information about the sender. A sender of a message may be either the individual sending the message or the machine(s) that forwarded the message.
The sender may be identified in various ways based on single or combined pieces of information in the message header. For instance, the sender could be identified by an e-mail address, a single IP address, a range of IP addresses, an IP address used with a certain domain name, a range of IP address combined with a certain domain name, etc.
Disclosure of Invention
In a first aspect the present invention is a digital message filtering system that comprises a database module containing one or more configuration options relating to one or more end-users and a scanning engine module connected to the database module. The behaviour of the scanning engine module is modified on a message-by-message basis according to the configuration options for the end-users. The digital message may be IN for text and image messaging computer to computer, SMS for text messaging via mobile devices, V0IP for communication via telephony, MMS for transmission of images, 3GP for transmission of video, and Fax. The digital message filtering system may additionally include a set-up process so that a third party database may be synchronized as appropriate with the database module.
In a second aspect the present invention is a message filtering system that comprises a database module containing one or more configuration options relating to one or more end-users, a scanning engine module connected to the database module, and either or both of a message archiving system and a message prioritization system also connected to the database module. The behaviour of the scanning engine module, the message archiving system and the :.:::. message prioritization system are modified on a message-by-message basis according to the configuration options for the end-users. The message filtering system may additionally include a set-up process so that a third party database may be synchronized as appropriate with the database module.
The scanning engine module may additionally include a pre-filtering engine.
The message may be an Email, or it may be IN for text and image messaging computer to computer, SMS for text messaging via mobile devices, VoIP for : *35 communication via telephony, MMS for transmission of images, 3GP for *:*. transmission of video, and Fax.
In a third aspect the present invention is a message filtering system that comprises a database module containing one or more configuration options relating to one or more end-users, a set-up process so that a third party user database may be synchronized as appropriate with the database module, and a scanning engine module connected to said database module comprising a pre-filtering engine The behaviour of the scanning engine module is modified on a message-by-message basis according to the configuration options for the end-users. The message may be an Email, or it may be IM for text and image S messaging computer to computer, SMS for text messaging via mobile devices, V0IP for communication via telephony, MMS for transmission of images, 3GP for transmission of video, and Fax.
According to the present invention the sender or recipient of a message may be end-user of the message filtering system.
Tn a fourth aspect the present invention is a pre-filter able to identify a digital message that is not capable of carrying an unwanted or undesirable component prior to full scanning of the message by the standard filtering software. If the message is not capable of carrying unwanted or undesirable components, then it is not passed to the standard filtering software, but if it is, then it is passed to the standard fiJtering software for further analysis.
In a fifth aspect the present invention is a message archiving system comprising a message stream, an auto-archiving engine, a database and an auto-archive database. The message archiving system is characterised in that its behaviour is determined by settings in the database so that if a particular message in the message stream falls within criteria specified in the database a copy of the message is added to the auto-archive database.
In a sixth aspect the present invention is a message prioritisation system comprising a message stream, prioritisation module, a database and one or more delivery streams. The message prioritisation system is characterised in that its behaviour is determined by settings in the database so that if a particular message in the message stream falls within criteria specified in : ** the database a delivery stream B1, B2, B3 BN is chosen.
In a seventh aspect the present invention is a method for pre-filtering digital messages is disclosed which involves the steps of: (a) identifying a digital message that is not capable of carrying an unwanted or undesirable . component prior to full scanning of said message by filtering software; (b) passing the message so identified to a data stream not requiring full scanning of said message by filtering software; and (C) passing other messages not identified in step (a) as not capable of carrying an unwanted or *:*. undesirable component to a module able to do a full scan of said message.
In an eighth aspect the present invention is a method for archiving messages which involves the steps of: (a) receiving a message from a message stream (120); (b) comparing the message to criteria in a database (610); and (C) copying the message to an auto-archive database if the message falls within the criteria.
In a ninth aspect the present invention is a method for prioritising messages which involves the steps of: (a) receiving a message from a message stream (120); (b) comparing the message to criteria in a database (610); and (C) delivering the message to a delivery stream B1, B2, B3 3N if the message falls within criteria.
In a tenth aspect the present invention is a method for filtering digital messages which involves the steps of: (a) receiving a message for an enduser; (b) identifying configuration options related to the end-user held in a user database module; (c) modifying a behaviour of a scanning engine module according to the configuration options; and (d) scanning and filtering the message according to the configuration options. The digital message may be IM for text and image messaging computer to computer, SMS for text messaging via mobile devices, V0IP for communication via telephony, MMS for transmission of images, 3GP for transmission of video, and Fax. The digital message filtering system may additionally include a set-up process so that a third party database may be synchronized as appropriate with the database module.
In an eleventh aspect the present invention is a method for filtering digital messages which involves the steps of: (a) receiving a message for an end- user; (b) identifying configuration options related to the end-user held in a user database module; (c) modifying a behaviour of a scanning engine module according to the configuration options; and (d) scanning and filtering the message according to the configuration options. The method also includes either or both of archiving and prioritizing the message. The method may additionally include a set-up process so that a third party database may be synchronized as appropriate with the database module. The scanning engine * module may additionally include a pre-filtering engine. The message may be an Email, or it may be IM for text and image messaging computer to computer, SMS .3O for text messaging via mobile devices, V0IP for communication via telephony, **** MMS for transm.ission of images, 3GP for transmission of video, and Fax. ****
In a twelfth aspect the present invention is a method for filtering digital messages which involves the steps of: (a) receiving a message for an end- user; (b) identifying configuration options related to the end-user held in a :. 35 user database module; (C) modifying a behaviour of a scanning engine module * according to the configuration options; (d) pre-filtering the message as described above; (e) scanning and filtering the message according to the configuration options; (f) synchronizing a third party user database as appropriate with the user database by means of a set-up process.
In a thirteenth aspect the present invention is a method of synchronising which comprises the steps: (a) accessing a first field in a third party database; (b) accessing a corresponding field in the user database; Cc) determining whether data in this field of the third party database is newer than data in the corresponding field in the user database; and (d) replacing the data in the corresponding field in the user database with the data in the first field in the third party database if the first field in the third party database is newer than data in the corresponding field in the user database.
Brief Description of Drawings
For a more complete explanation of the present invention and the technical advarlLdges thereof, reference is now made to the following description and the accompanying drawing in which: Figure 1 shows a schematic of the data flows in a platform for intelligent message management according to one aspect of the present invention; Figure 2 shows a schematic of the data flows in a scanning engine of the present invention; Figures 3a and 3b show schematics of the data flows of the present invention when implemented to divert a service provider's messages via P1MM; Figure 4 shows a schematic of the data flows in a platform for intelligent message management according to a further aspect of the present invention; Figure 5 shows the essential features of a pre- filter module of the present invention in a schematic form; Figure 6 shows the essential features of an auto-archiving module of the invention in a schematic form; and Figure 7 shows a schematic of a prioritisation process of the present invention in a schematic form. S... * I * ...
*:::: Best Mode for Carrying Out the Invention
Embodiments of the present invention and their technical advantages may be SW.
* better understood by referring to Figures 1 - 7.
The present invention is exemplified in the following embodiments, in which a number of daemons' or discrete sections with composite functions and scanning engines for dedicated tasks are combined. This application suite will be referred to as the Platform for Intelligent Message Management, or P1MM, in the following.
Referring now to Figure 1, which shows a schematic of one embodiment of the present invention, module 106 receives messages from incoming data stream 108 which are processed and passed onto data queue 110 prior to processing by scanning engine 112. Processed messages are transferred via outbound data queue 120 to relay module 126 and thence to outgoing data stream 122.
In operation, listener 106 receives messages from an incoming data stream 108 and is preferably capable of accepting and acting on externally held data that may modify its behaviour on a message-by-message basis. Listener module 106 may be, for example and without limitation, a High Performance Port listener, for sM'rp, P0p3, IP4 or other protocols (see Table 1) Preferably these messages are decoded and unpacked and pass into data queue 110 prior to processing by the scanning engine 112.
CIFS DHCP DNS
FTP Hotline@ HTTP ICP@ IP IRC Kerberos Mail MUD5@ NNTP NTP PKIX@ PPP PPTP@ RADIUS@ RTSP RWhois SIP SMB@ SNMP SOAP@ SSH SSL-TLS TCP@ UDP@ WebDV Xli Table 1 - Coionly used protocols The overall behaviour of P1MM on a message-by-message basis is controlled by information contained in a secure data store, or user database 102. User database 102 is customerspecific and is an information store for end-user * i. data. Its function is to hold information set by the end-user's preference options, and provides configuration for the behaviour of P1MM.
Referring again to Figure 1, end-user preference options may be set via an end-user interface 103, and an optional set-up process 104. End-user S interface 103 provides access for the end-user to set configuration options, for example, over a corporate network, or the general Internet. In a .,L..4-. - .., . . ... r... - .1 pLC.1. CS. 1. e..a esLuJ%14 sitiC nit., a t..t..c. .1. . v..i. a a wet.i.. e. sin a L LI 1e e I_.1. et.
:.. embodiment, access is via a secure means of communication, preferably 25 involving a Secure Sockets Layer. In a further preferred embodiment, access is via a further protocol from hand held and mobile devices, preferably involving a secure communications protocol. Wben a new user is added by the customer, set-up process 104 automatically adds default information to 102, including for example, login and password details, which services within P1MM the user is subscribed to, and so on.
The scanning engine 112, performs anti virus, anti spain, and content control filtering services for inbound messages and file attachments and also provides further pre-filteririg services of the kind disclosed above (see Figure 1) using third party software solutions and/or services onserver or off-server, with the ability to quarantine any infected message for virus, or with the ability to process any message according to predeternaned parameters. For example the message may be checked for the presence of a virus, so that messages that cannot contain a virus are not processed further. In this context, "pre-filtering" is defined as the capability to exclude or reroute message traffic either detected as unwanted by the database engine 102 or by third party services.
Scanning engine 112 is connected with a single master server that feeds all message servers for all services. The scanning engine 112 also receives updates of anti virus signatures and the like, via proprietary or third party update service 118.
Referring now to Figure 2, which shows a schematic of scanning engine 112, data from queue 110 passes through a pre-filtering engine 200, and, depending on the action of the pre-filtering engine 200 may subsequently pass through one or more of the following: an anti virus engine 202, an anti spam filtering engine 212, and a content-filtering engine 222. Filtered messages are passed either to quarantine (208, 220, or 230), or waste bin 210, and acceptable messages passed on to 120.
Pre-filtering engine 200 can if required provide redirection to third party software solutions and/or services on- or off-server, or the builtin capabilities afforded by 102. This typically operates using a defined rule : set to determine the status of the message, for example i, the probable infection status of inbound message to the antivirus engine, or third party ". 30 antivirus scanning engine within 112; for example ii, content control S..
settings of the message to an individual user to the content control engine; *: for example iii, age control settings of the message to an individual user to the content control engine.
Anti virus engine 202, used either stand alone, or using unique synchronisation technology to integrate third party anti virus software :**:; solutions, provides antivirus filtering for the message and for any file attachment if the message is an email. Information regarding the filtering options performed on the message is provided by the user database, for example via an Application Programming Interface. Protection against viruses may typically be provided by Known Virus Protection 204, for example by examining signatures and detecting known viruses by name, and/or Outbreak Virus Detection 206, for example by heuristic analysis to proactively stop new viruses. When a virus is detected it can be moved to quarantine 208 or a waste bin 210.
Anti span filtering engine 212 which uses heuristics and Bayesian model methodologies combined with inthvidual word probabilities. The antispam Engine, used either stand alone, or using unique synchronisation technology to integrate third party antispam software solutions, provides user level preference spam filtering for the message and for any file attachment if the message is an email. Information regarding the filtering options performed on messages is provided by Application Programming Interface access to the user database. Typically it provides a Message Structure Analysis 214 that analyses, for example, the structure of a message, its reputation and travel path, performs heuristic rule-based checks 216 by checking against a knowledge base and heuristic and/or Bayesian content analysis, and is able to detect hoaxes and phishing, and uses White and Black Lists of global, domain and user lists 218 based on list entries. Messages are allowed or blocked based on sender, domain, hosts, etc. Detected spam is moved to quarantine 220 for further predetermined action or routing of messages depending on the content ot the message, or a it is passed to waste bin 210, or the subject line of the message is changed and the message allowed through.
Content-filtering engine 222 integrated with the external database enables individual messagebox preferences for content filtering to be set. It typically provides Message Server Protection 224 that detects and stops oversized attachments, mailbombs, etc, an Attachment Type Control List 226 that blocks selectable file types such as.mp3, video and executables, a Custom Rules Control 228 which uses custom rules to block specific subjects, * ** message content or file names. Detected content message is moved to * * S 30 quarantine 230 or a waste bin 210, or the subject lIne of the message is S...
changed and the message allowed through.
The scanning engine 112 is preferably able to place undesired messages inquarantine queues 208, 220, and 230 and the software suite allows for a secure folder structure for the placement of quarantined messages. If required, the system may provide an alert to the user, the sender, or the systems administrator, (for example if the content is considered as not being acceptable or is inappropriate) via alert service 116. This alert is passed * .: to an outbound queue 120.
Associated with the operation of the scanning engine, is a reporting mechanism 123 (not shown), which provides a summary by end-user as defined in 102 of, for example, quarantined and/or deleted messages. All reports, notifications and clean messages go via 120 and 126 to the customers message server.
A virus in quarantine queue 208 may be released or deleted according to user level or domain level defined settings.
Spam in quarantine queue 220 may be released or deleted according to user level or domain level protocols; in addition, when releasing quarantined messages a user can select to remember a particular message as being not spain. Any further simi.lar message would be recognised by 212 to not be spain.
Messages having content that is considered as not being acceptable or is inappropriate, or which has special characteristics specified in 102, may be released, forwarded, modified or deleted from quarantine queue 230 according to user level or domain level protocols; in addition notification can be made to an administrator or user. A message that originates from certain URL's or domain names according to spam blacklists is treated similarly.
Referring again to Figure 1, relay module 126 enables delivery to enduser message systems or third party application software on completion of antivirus, anti-spain, and content filtering checking. Relay module 126 transmits filtered Einails not quarantined or deleted to an outgoing data stream 122. Optionally, a standard or customizable banner 124 may be added to the message (not shown) . Clean processed messages are passed to an outbound queue 120 to enable delivery of Message data. In a preferred embodiment P1MM additionally comprises an outbound queue for clean processed message 120.
Should message not be delivered, it is retained in 120, and stored or forwarded for a defined period of time. Relay module 126 may be for example and without limitation a high performance relay module for SM'TP, POP3, IMAP4 or other protocols (see Table 1)
.. 30 Each stage of the process requires information from 102 to determine the action the message is to be subjected to. ..DTD: S
In a further aspect of the invention, the sender of a message may be an end- u5er of P1MM. ifl this case, the outgoing message passes li-ito data queue 110 and the message is processed as described above according to settings in user ,* 35 database 102 before the message is passed to outbound data queue 120.
Typically the spam filter is not applied to outbound messages as they are considered to be real messages.
If the intended recipient of the message is not an end-user of P1MM, the message is passed via relay module 126 to outgoing data stream 122 as described above. This may also be the case if the intended recipient of the message is an end-user of P1MM, in which case it will pass via the internet to listener 106 via incoming data stream 108. The message will be again processed by P1MM, but this time according to the user database settings for the recipient. Alternatively, the message may be diverted from 120 to 106, and processed again, but this time according to the recipients' settings in the user database, as described above.
A preferred embodiment of the present invention where the customer is a third-party service provider may be understood by reference to Figure 3a, which shows a schematic of data tiows during message processing. When the third-party service provider subscribes to the P1MM service, information on database 302 concerning the third-party service message server is altered so that incoming message from a message sender 300 is sent to P1MM 304. Scanning engine 112 processes each message in data queue 110 according to the data in 102 as described in the foregoing. If the message has not been passed to 208, 210, 220, or 230, then it is sent to the third-party service message server 306, and thence to end-user messagebox 308. Such a P1MM system, typically located externally to the third-party service provider's servers, is able to process message data from multiple third-party service providers; in each case the records on database 302 concerning the third-party service provider are adjusted so that all messages for its customers are diverted to P1MM 304, processed, and sent to each third-party service provider' s message server as appropriate. Of course, each third-party service provider will have multiple end-users; many, if not most of these will be grouped into specific groups, domains and sub-domains, allowing a domain, or sub-domain, administrator to set default settings for the end-users within their respective domains or subdomains. This is achieved via set- up process 104 mounted on the server ::::. 30 of the third-party service provider, so that, for example, when a new user subscribes to the third-party service provider, automatic synchronization * . from the third-party service provider to P1MM could instantly add a new user or domain to the P1MM user database 102. Js soon as the user is added, the * * * * user may login to P1MM through the interface 103 running from the P1MM 35 service mounted on a third paiLy server. 103 has a separate sign-in and logon to authenticate users, and allows them to set their own settings at a Service Providers view (for some or all) or at the end-user view for personal *. settings. The end-user may also change the settings relating to the priority * of various messages. For example, the end- user may request that an SMS message be sent to his mobile device should he receive a message from his boss.A domain owner or corporate customer of the xSP providing the P1MM services may also define on behalf of its end users certain settings, whether idividualy, by group, or for all end users.
In a further preferred embodiment, a user interface 105 (not shown) allows end-users to modify their settings and preferences, and operates in a manner substantially identical to 103, as described above. However, according to this embodiment 105 connects to, and interchanges data with, 104, and both 104 and 105 are mounted on the third-party service provider's server. This end-user information held on 104 is synchronised as appropriate with the user database 102. Thus when a new user subscribes to a Service Provider, automatic synchronization from the Service Provider to P1MM could instantly add a new user or domain to the P1MM user database (configuration database) As soon as the user is added, the user could login through the web interface 103 as described above. Synchronisation between information held by the third-party service provider on 104 and the end-user database 102 on the P1MM service mounted on a third party server may happen at a frequency set by the needs of the third-party service provider. Both 104 and 105 may be mounted on different servers. Access to 105 may be via a corporate network, or the general Internet, and allows the third-party service provider to set configuration options on individual messageboxes within an assigned Email Domain or sub Domain, on behalf of the end-users. In a preferred embodiment, access is via a means of communication, such as via a web site. In a further preferred embodiment, access is via a secure means of communication, preferably involving a Secure Sockets Layer. In a further preferred embodiment, access is via a further protocol from hand held and mobile devices, preferably involving a Secure Communications Protocol. In a further preferred embodiment, access is via remote control or neurological implants.
In a particularly preferred embodiment the third-party service provider is an xSP. According to this embodiment, shown in Figure 3b, database 302 is a DNS server containing, for example, MX records. When an xSP subscribes to the * ** P1MM service, information on DNS server 302 concerning the xSP's message server, for example MX records, is altered so that incoming message from a S...
message sender 300 is sent to P1MM 304, mounted on a third-party service *:::: provider. Scanning engine 112 processes each message in data queue 110 * according to the data in 102 as described in the foregoing. If the message 5.
* 35 has not been passed to 208, 210, 220, or 230, then it is sent to the. xSP :. message server 306, and thence to end-user mailbox 308. Such an externally- mounted P1MM system is able to process Message data from multiple xSPs; in 5* S * . . each case an xSP's DNS records are adjusted so that all messages forits * *.
customers are diverted to P1MM 304, processed, and sent to each xSP's message server as appropriate. Each xSP will have multiple end-users; many, if not most of these will be grouped into specific domains and subdomains, allowing a domain, or sub-domain, administrator to set default settings for the end- users within their respective domains or sub-domains. This is achieved via set-up process 104 mounted on the xSP's server, so that, for example, when a new user subscribes to the xSP, automatic synchronization from the xSP to P1MM could instantly add a new user or domain to the P1MM user database 102.
As soon as the user is added, the user may login to P1MM through the interface 103 running from the P1MM service mounted on a third party server.
103 has a separate sign-in and logon to authenticate users, and allows them to set their own settings at a Service Providers view (for some or all) or at the end-user view for personal settings.
The approach disclosed above and shown in Figures 3a and 3b may be applied to any digital message stream to route the message to P1MM rather than the message service provider's servers. Thus the digital message may be IM for text and image messaging computer to computer, SMS for text messaging via mobile devices, V0IP for communication via telephony, MMS for transmission of images, 3GP for transndssjon of video, and Fax. Each method of routing will be specific to the protocol being utilized, and requires for example a BlackBerry server to route via its carrier to P1MM for processing, thereafter routing back to carrier to Blackberry recipient clean message. Similarly for any form of pda or wireless technology.
Information about an end-user's preference in relation to message handling may be stored on a variety of databases. For example, LDAP, Lightweight Directory Access Protocol, is an Internet protocol that email and other programs use to look up information from a server. Other formats include ActiveDirectory. Other main database formats are mostly based on the SQL standards, including Oracle, MS SQL, MySQL etc. These kinds of databases offer a high degree of flexibility, as they do not have a predefined form and may therefore be used for specialized systems.
In SQL terms when databases are kept in synchrony automatically this is S. ..
called "database replication". This can be one way, with a master and one or more slaves, or both-ways, which means neither is a master or slave.
When using one-way synchronization, updates/changes/additions are made in the master and automatically updated in the slave database. When using both-ways 35 updates/changes/additions can be made on either of the databases and updates are replicated/synchronised to the other(s).
: .. In one embodiment user database 102 takes advantage of this flexibility and is written in an SQL format. Similarly, the third party database with which P1MM synchronises data may be written in an SQL format. In one embodiment of the present invention, the database at the third-party/customer end is the master and changes are synchronised/repl:icated to user database 102. From a technical perspective, the user database 102 could also be the master, or there could be a both-ways mechanism if the third-party database also supports this.
Synchronizing LDAP, ActiveDirectory and SQL-based database formats requires different "modules' to read from a source database and update data in the target database. This is easiest with LDAP and active directory as these formats are mainly predefined, whereas SQL formats are more flexible.
For the synchronization fields from the source must be linked to the fields at the target database. For example in the source there might be a field which is called "Namel" and "Name2" where these may be called "FirstName" and "LastName" in the target database. Linking these fields together is what the specific module, based on the source type, does.
The kind of information stored might include information on people, organizational units, printers, documents, groups of people or anything else which represents a given tree entry, or multiple entries. This kind of information can be viewed as a group of settings/information just like the user database of P1MM. Instead of having to make separate changes in two systems, for example first in an external LDAP system and then secondly in user database 102, third party database synchronization can be used. P.s part of the synchronization mechanism there is a part that can detect changes in an LDAP structure/database to keep the user database up-to-date.
Other databases that may synchronise with the user database might include those owned and operated by cellular telephone service providers, whereby a user of such a service may set certain parameters regarding the delivery of a message to the user's cellular device. For example, the user may only wish to receive messages from certain senders whilst, for example, in a meeting.
Using his cellular device the user can set the appropriate setting that updates the cellular telephone service provider's database, and synchronises subsequently with the P1MM user database.
Thus the third party database that is able to synchronise with the user database of P1MM can be any third party database containing information about *: P1MM end-users that can update corresponding information on the P1MM user $ datahe. S..
Thus external databases for example that have information about an enduser that could be related to the end-users preferences on P1MM, but which the end user does not want manually to enter into P1MM, but which if it were to be modified on P1MM by the end user would also be changed on this external database through a synchronisation process, or which if the end user changes by accessing this external database by a different means, will also lead to an update on P1MM.
The benefit of this for the user, is that changes need to be made only once whatever digital message service the end user may be using, be it Email, SMS, IM, VM and so on.
A key aspect of P1MM is that only one update of Master server 119 with information about spam, worms, viruses errant scripts and the like is required, thereby reducing the volume of update traffic from an enduser's computer to antivirus, antispam, etc, and ensuring that these security measures are implemented across a user network regardless of the habits of the end-user These modules within the suite, according to the invention allow, for
example:
1) End-users to directly apply individual security control over multiple, and/or individual message box within an assigned address, domain and subdomain by accepting configuration from the web interface as described, and referencing that information on an individual message basis for processing.
2) End-users to directly control individual content filtering control over multiple, and/or individual message boxes within an assigned address, domain and sub-domain. Using the scanning engine, with end-user configuration supplied via the user database from the web interface, individual content rules are applied on a message-by-message basis. Differing content rules can be applied to each message box within an assigned message domain and sub domain.
3) End-users to directly control individual Spain acceptance or rejection criteria control over multiple, and/or individual message boxes within an assigned message domains and sub-domain. Using the scanning engine, with end- user configuration supplied via the user database from the web interface, * ** individual spam acceptance or rejection criteria rules are applied on a message-by-message basis. Differing Spam acceptance or rejection criteria rules can be applied to each message box within an assigned message domain and sub domain. a.. * Ss
4) super-users or administrators can control the entire domain for all end-user message boxes, or to groups of end-users according to business function or seniority.
5) Capability for integrating fully within an existing secure message . filtered environment by providing pre-filtering facilities to third party S ** message filtering solutions, and subsequent message redirection or quarantine options (208, 220, 230) . The pre-filter module allows pre-filtering capabilities and redirection via 202, 212, 222 to either the end-user message system, existing third party software or managed service solutions for anti virus, anti-spam and content control services, or to quarantine for infected messages.
6) capability for integrating fully within an existing secure message filtered environment by providing cost-effective pre-filtering facilities to third party message filtering solutions, and subsequent message redirection or quarantine options.
Whilst the foregoing disclosure is refers to digital messages, it is to be understood that this includes a variety of message protocols, including for Email protocols such as SMTP, POP3 and T1P4 It is also to be understood that the message includes those messages that can be transmitted via Email as non-text attachments, for example: Fax-to-Email image attachments in some image format, e.g. tif; Scanned attachments of meeting reports, agenda, legal documents, meeting notes, etc. In this case, listener module 106 would include an OCR capability prior to content analysis. Further, it is to be understood that listener module 106 and output module 1.26 be able to handle multi-protocol inputs/outputs for digital message management to allow various capabilities for content analysis of non-text based messages including: voice recognition (for data streams comprising voice rather than text, or for filtering 3GP streams), and or other streaming technology; image processing (for filtering MMS streams), etc; OCR (for fax and other attachments), text to voice, and voice to text, etc. The message includes those communicated by a number of other digital formats other than message, including IM for text and image messaging computer to computer; SMS for text messaging via mobile devices; V0IP for communication via telephony; MMS for transmission of images, which could in future be document images as camera resolution improves; 3GP for transmission of video, which could in future be video-phone style information exchange or video voicemail; and Fax, for transmission of documents. Various protocols for message transmission are to be understood to be included within the scope ot the present invention, including G3 and WAP.
It is to be further understood that the platform for intelligent message management described above in Figure 1 is capable of handling any message in a digital format including those messages and protocols disclosed below (eg via a neural interface) S..
Referring now to Figure 4, which shows a schematic of a further embodiment of :. P1MM capable of handling a wide range of digital messages, module 106 of Figure 1 is able to process a series of data streams A1, A2, ... A1 which represent different message types and protocols (see Table 1) . These may be, for example and without limitation an SM'TP stream, an SMS stream, a MMS stream, a fax stream, a voip stream, an IM stream. These messages, after conversion into a suitable digital format where necessary are transferred to data stream 110 and thence to filter module 112. The filter module includes pre-filter processes and full virus, spam and content control filters as S disclosed above in Figure 3. The behaviour of these filters is set and controlled by a user database 102. Depending on the settings in the user database and the behaviour of the filters, messages may be sent to one or more of a quarantine store (for example, to 209, 220, 230 of Figure 3), a waste bin (for example, to 210 of Figure 3) or a message stream (for example 120 of Figure 3) . Optional embodiments of this aspect of the invention include an archiving module 502, and a prioritisation module 504. Messages that have been prioritized or archived are passed to module 126, and following suitable format inter-conversion are subsequently be passed to an appropriate delivery stream B1, B2, .. . BH. These delivery streams may be, for example and without limitation, an smtp stream, an SMS or MMS stream, a fax stream, a yelp stream, an IN stream or another output data stream, as appropriate based on and on settings in the user database, so that a user may receive them. End-user preference options may be set via an end-user interface 103, and an optional set-up process 104 as described above for Figure 1.
In a further aspect of the invention, the sender of an message may be an end- user of P1MM. In this case, the outgoing message passes into data queue 110 and the message is processed as described above according to settings in user database 102 before the message is passed to outbound data queue 120.
Typically, for outgoing messages, the spam filter is not applied as these are considered to be real messages.
If the intended recipient of the message is not an end-user of P1MM, the message is passed via relay module 126 to outgoing data stream 122 as described above. This may also be the case if the intended recipient of the ", 30 message is an end-user of P1MM, in which case it will pass to listener 106 via incoming data stream 108. The message will be again processed by P1MM, * . but this time according to the user database settings for the recipient.
Alternatively, the message may be diverted from 120 to 106, and processed * * . again, but this time according to the recipients' settings in the user database, as described above.
:. Referring now to Figure 5a, which shows in schematic form an embodiment of * * pre-filter 200, incoming messages from a sender 10 are passed to an incoming 0* message queue 11 and thence to pre-filter 12. The pre-filter is able to detect messages that are not capable of carrying an unwanted component. The unwanted component may be, for example and without limitation, a virus, spam or other unwanted content. If the message is so identified, then it is passed to outgoing message queue 19; otherwise it is passed to a standard filter 15.
The standard filter may be, for example and without limitation, an antivirus, anti-span or content filter. If, after analysis by standard filter 15, it is found to be carrying an unwanted component, it is passed to quarantine 18a; otherwise it is passed to outgoing message queue 19 and thence to recipient 20.
Referring now to Figure 5b, which shows in schematic form a further enthodiment of pre-filter 200, having two pre-filters, incoming messages from a sender 10 are passed to an incoming message 11 queue and thence to pre- filter 12 or pre-filter 13. The pre-filter is able to detect messages that are not capable of carrying an unwanted component. The unwanted component may be, for example and without limitation, a virus, spain or other unwanted content. If the message is so identified, then it is passed to a second pre- filter 13 able to detect messages that are not capable of carrying an unwanted component; otherwise it is passed to a standard filter 15. The standard filter may be, for example and without limitation, an antivirus, anti-spain or content filter. If, after analysis by standard filter 15, it is found to be carrying an unwanted component, it is passed to quarantine 18a; if not, it is passed to second pre-filter 13. If the message is identified by second pre-tilter 13 as being incapable of carrying an unwanted component, then it is passed to outgoing message queue 19; otherwise it is passed to a standard filter 16. The standard filter may be, for example and without limitation, an antivirus, antispan or content filter. Typically, if first pre-tilter 12 is able to detect messages incapable of carrying a virus, second pre-filter 13 is able to detect a message unable to carry spain. If, after analysis by standard filter 16, it is found to be carrying an unwanted component, it is passed to quarantine lBb; otherwise it is passed to outgoing message queue 19 and thence to recipient 20.
:.:::130 Referring now to Figure 5c, which shows in schematic form a further S...
embodiment of pre-filter 200, having one or more pre-filters 12, 13 or 14, incoming messages from a sender 10 are passed to an incoming message 11 queue : and thence to one of the pre-filters. Typically, these may be a virus pre- * filter, a spain pre-filter and a content pre-filter. Preferably the message is S..
* 35 passed first to antivirus pre-filter 12, then antispam pre-filter 13, and finally to content pre-filter 14. This order is preferable, because if the virus pre-filter is missed, it is possible that a message containing a virus *:*. may be passed to the outgoing message stream. After pre-filtering, the message is passed to the virus filter 15 if virus pre-filter 12 determines it likely contains a virus, otherwise it is passed to spam pre- filter 13.
Similarly, a message from spam pre-filter 13 is passed to the spain filter 16 if the pre-tilter determines that the message is likely to be spam, other wise it is passed to content pre-filter 14. If the content pre-filter deternünes that content filtering is likely needed, it is passed to content filter 17; otherwise the message is passed to the outgoing message queue 19 and thence to recipient 20. If any of the standard filters determine that the message is carrying an unwanted component, it is passed to the appropriate quarantine 18a, 18b, or 18c. The exact data flows may be specified by a user database (not shown; see the disclosure concerning Figure 1) The pre-filtering system of the present invention performs a simple technical analysis of the message to see what sort of message it is. The analysis determines, for example, whether the message come from a trusted source, whether it contains harmful links/code, what kind of structure the message has, and whether it has attachments and of what type.
The pre-filtering system of the present invention will determine it the message needs subsequent spain, virus and or content filtering. Thus a message having an.exe file attachment to a message will certainly need virus- scanning, whilst a message with only two lines of text, which forms the bulk of the message, or for example, from a trusted source, or with a url link of a trusted HTTP site embedded in the message, will not necessarily need to be checked by an antivirus, spam or content engine.
Messages that do not need further analysis by the more complex virus/spam/content filters disclosed by the prior art are thus not processed further. This reduces the number of messages passed to the virus/spam/content filters, which serves to reduce the processing overhead of the message filtering system of the present invention, and also reduces the (license or subscriber) cost of utilising third party virus/spam/content filters where a fee is charged by the virus/spam/content filter authors per message, or per user (by message address, message alias, or frequency of messages scanned) as :.. identified from the message being filtered. This enables faster delivery of S...
messages to the user, reduces amount of hardware infrastructure necessary to scan messages that do not need to be scanned, resulting in lower costs for S...
: the organisation and users using the invention. ..DTD: Thus applicationof the rules in a pre-filter of the present invention is differentiated in substance from simply applying the rules within the virus, spam and content filters: the rules are simpler, the processor overhead is * , lowered, and the licence cost of using third party filters is reduced. S*
S
The present invention aims to detect messages that do not require further analysis by an antivirus module, an anti-spam module or a contentfiltering module. The approach the pre-filter uses is to examine a message and assess for the absence of certain characteristics in a message.
In one aspect, if the pre-filter identifies messages, for example, having: (a) attachments; (b) IFRj or other embedded elements that will download when the message is opened, and which could download malicious code from the internet, or have privacy or other security implications; (c) a link to a website that could cause a virus to be downloaded; (d) a message originator blacklisted as a virus distribution server or user; then the pre-filter passes the message to a standard antivirus filter for further analysis. If the message does not have these components, then the message can be passed onto the user inbox, or to a second pre-filter for spam, to a third for content and so on.
In a further aspect, if the pre-filter identifies messages in which for
example:
(a) the originator state is a known source of spain; (b) the sending program is probably bulk rather than personal; (c) the structure of the message is poor and may contain lazy' html; (d) a message originator blacklisted as a spain distribution server or user; then the pre-filter passes the message to a standard antispam filter for further analysis. If the message does not have these components, then the message can be passed onto a further content filter, or to the user inbox.
In a further aspect, if the pre-filter identifies messages having attachments, then the pre-filter passes the message to a standard content filter.
* Whilst the foregoing discloses separate pre-filters for each type of unwanted content, it is to be understood that this is partly for clarity; the pre- filter functions may also be merged into one module to further increase the Ic..
speed of the pre-filtering process.
The pre-filtering module disclosed above can be used in a pre-processing step in conjunction with conventional third-party software for anti-virus, antispam and content filtering programs. This offers significant advantages :. in reducing the number of messages to be processed, particularly in a * . commercial environment where the majority of messages might be considered to .35 be not requiring anti-virus, antispam and content filtering.
However the pre-filtering module may also be part of a bigger system.
Referring now to Figure 6, which shows the essential features of the autoarchiving module 502 of the present invention in a schematic form, a processed message, which may be, for example, from filter module 112 disclosed above, is received by auto-archiving engine 612 from message stream 120. The behaviour of the auto-archiving module is determined by settings in a database 608 or where the auto-archiving module is part of an integrated system of the type shown in Figures 1 and 4, through the user database 102, as described above, so that if a particular message falls within the criteria specified in the database, either at the individual user level or at an administrator level, a copy of the message is added to auto-archive database 610. Access to the database may be via a web portal 602, accessible by the end user, whether individual or administrator level. For regulatory compliance, a compliance officer may set the auto-archiving parameters within the user database and the auto-archived messages are stored in a secure database, potentially on an external regulatory database. Thus this aspect of the invention includes standard auto-archiving and bespoke', customer- specific archiving capabilities.
Preferences may be set by a user I administrator to specify how emails should be archived or automatically stored. Where the end user is for example an individual who is a private customer of a commercial ISP, the scope for auto- archiving may simply be according to sender or subject line, and non- relevant messages are not auto-archived in this way. For example, to auto- archive anything from an end-user's lawyer or banker. The auto-archiving database may include mechanisms for allowing rapid access to stored messages by, for example, subject, content, sender or date. The auto- archiving database may also permit compression of messages to save space. In a more commercial environment, where the end customer is a business or organisation, the auto- archiving may also be done for individual users within the organisation in this simple way according to header, date, sender, or subject line, or it may be by more complex content analysis. At a user level in an organisation or in : *4 a non-commercial environment, incoming messages may also be auto- archived by user-determined priority. For example, this may be simply according to respondent (sender), file type, subject line, key word, sound, image or another determined criteria search. The database may be searchable, either at e,.
. :35 the user level, or at the domain level by a user / administrator.
Additionally, incoming messages may also be auto-archived by administrator- specified criteria, to provide compliance with current and evolving :. regulatory requirements to help achieve compliance, for example for US companies to comply with Sarbanes Oxley, for UK patient confidentiality . . 40 requirements HIPPAA, for EMEA finance companies Easel II and so on. Thus, access and retrieval of the stored messages carry different access levels, to help secure privacy of the user and/or to protect corporate information by an administrator. The data may be retrieved based on any message feature or content, such as respondent (sender), file type, subject line, key word, sound, image or another determined criteria search. Typically the data in a S compliance data-base is read-only, and only modifiable by a compliance officer.
Aichiving engine 502 may also generate useful summaries of emails and attachments as each message passes through the engine, provide management reports, etc and store that information in a database. The summary can then be used subsequently to locate emails based on content, recipient and so on.
It is important that any messages that are released from quarantine 606 via instructions given via user interface 604, or where the autoarchiving module is part of an integrated system of the type shown in Figures 1 and 4, through the user database 102 via interface 103, are also copied and stored in the auto-archive database.
A further feature for the platform for intelligent message management shown in Figure 4 is to extend these archiving capabilities to all message formats, to permit congruence of multiple-format digital information flows through a single portal. This means that all messages may be stored in a single place, in a format enabling uniform access and control over all messages. Storing of this uniform format is done on fault redundant systems with an effective search tool to interrogate and easily find stored messages, based on, for example, sender, recipient, content, and any other detail as may be specified to enable effective retrieval of required messages.
Referring now to Figure 7, which shows the essential features of the prioritisatiori module of the present invention in a schematic form, a message stream 120 carrying a processed message, which may be, for example, from filter module 112 disclosed above, is received by prioritisation module 504.
The behaviour of the prioritisation module is determined by settings in a *.30 database 702 or where the prioritisation module is part of an integrated system of the type shown in Figures 1 and 4, through the user database 102, * * as described above, and depending on the settings in the user database, an outgoing delivery stream B1, B2, B3 B is chosen. The outgoing delivery may * ** ** * ,...-. ..... .,-......i.. -,.,,,± 1,,,,.. ,,, 1,-1.,,r,, C.1. I.) A. C AQ J....CaAIt.AW..LLLS..JLLL.SLtLSI...CS,_SJ AS1 Li S S 5.5155.5.5. 7 55 555 55.5/ message, a MMS/multixnedia message, a voice mail, a fax delivery, a pda/mobile delivery and so on, and the user determines which message stream is preferred for certain messages. For example, the user may elect to receive a text alert : to a mobile device when a message from the user's lawyer is received. The xSP can then, at a fee, enable the end user to receive the message on the device of choice.
It is important that messages released from qiarantine 606 via instructions given via user interface 604, or where the prioritisation module is part of an integrated system of the type shown in Figures 1 and 4, through the user database 102 via interface 103, are also dealt with by the prioritisation S module.
Messages may be prioritized, for example, according to sender, content or subject line, thus identifying to the user the immediacy of receipt and notification of receipt by end user, or administrator determined importance.
The action taken for high priority messages may include the following: forwarding a copy of the message to a user-specified device; forwarding a copy of the message to a mobile service provider arid pushing' an alert message to a mobile device to alert the user to pull' the copy message from the mobile service provider; forwarding the message to a Personal Assistant for action; alerting the user on receipt of a file type, such as.tif, a fax; forwarding the message to a distribution list; renewing an insurance premium in response to a communication; booking an airline ticket in response to a cormnunication; acting on share information; acting on a virus alert.
The user may specify which device, devices or persons (such as another messaging protocol> he wishes messages to be sent, and these would include: a cell-phone; fax; V0IP; Pda.
Some delivery devices and actions may require format conversion or communication with an end-point web interface.
Action taken for low priority messages may include auto-archiving and the removal of the message as pre determined by the user and / or network administrator from the delivery queue, for example, messages from a particular sender may not be spam, but not be deemed worthy of receipt by the end user or administrator, such as messages from an ex-employee, or specific communication from a previous business or personal relationship.
Prioritization of emails and messaqes as described above could be further : **30 extended to allow scheduling of responses. S...
Thus, for example, high-priority messages should be responded within one hour, medium priority messages within one day, and low priority messages are essentially for information only. Reporting can be managed, and should response not be with pre determined parameters held in a database, further 35 action can automatically be initiated, such as the message or message is forwarded to other personnel, a distribution list, a named contact, or other device, pda, mobile phone etc. and then that message be subject to predetermined priority levels and further actions as appropriate by the end user / administrator.
Priority information from content analysis can be further extended to include project-specific information to allow data to be automatically entered into tools such as Microsoft Project Manager, Outlook, or other scheduling, calendar systems, or Customer Relationship Management (CRy) systems. For example, sending out meeting or action reminder messages at scheduled times.
Additionally, failure to respond to messages within the required time could lead to the generation of alert messages and st.mmiary reporting.
Scheduling features may also include a reminder service according to parameters set by the user or administrator. For example, by SMS, SMTP message, VOIP, or other communications protocol as the end user may use.
The prioritisation service may be applied to outbound messages also; for example, large messages may be sent overnight.
Although the foregoing disclosure contains many specificities, these should not be construed as limiting the scope of the invention but as merely providing illustrations of some of the presently preferred embodiments of this invention.
Industrial Applicability
The foregoing describes a digital message tiltering system that comprises a database module containing one or more configuration options relating to one or more end-users and a scanning engine module connected to the database module. The behaviour of the scanning engine module is modified on a message- by-message basis according to the configuration options for the end-users.
The digital message may be IN for text and image messaging computer to computer, SMS for text messaging via mobile devices, V0IP for communication via telephony, MMS for transmission of images, 3GP for transmission of video, and Fax. The digital message filtering system may additionally include a set- up process so that a third party database may be synchronized as appropriate with the database module. A message archiving system and a message prioritization system may also be also be part of the message filtering :.::,*30 system, and the behaviour of the message archiving system and the message prioritization system may also be modified on a message-by- message basis according to the configuration options for the end-users. The message filtering system may additionally include a pre-filterinq engine. S..
S S. * * * S.. *5 * S S * * S.

Claims (1)

  1. Claims 1. A message archiving system comprising: (a) a message stream
    (120); (b) an auto-archiving engine (612); (C) a database (608); and (d) an auto-archive database (610); characterised in that a behaviour of said auto-archiving module is determined by settings in said database so that if a particular message in said message stream falls within criteria specified in said database a copy of said message is added to said autoarchive database.
    2. The message archiving system of claim 1 wherein said criteria comply with a regulatory code.
    3. The message archiving system of claim 2 wherein said regulatory code is selected from the group consisting of: Sarbanes Oxley, HIPPAA, and Basel II.
    4. The message archiving system of claim 1 wherein said auto-archive database is a secure database.
    5. The message archiving system of claim 4 wherein data stored in said database is read-only.
    6. The message archiving system of claim 1 wherein said auto-archive database is external to said system.
    7. The message archiving system of claim 1 wherein said auto-archiving database comprises a mechanism to compress messages.
    8. The message archiving system of claim 1 wherein said message stream comprises messages of any format.
    9. The message archiving system of claim 8 wherein said auto-archiving database additionally comprises a mechanism to convert multiple-format digital information to a uniform format. S... S...
    *,. 10. The message archiving system of claim 8 wherein said autoarchiving database comprises a mechanism to search said auto-archiving database. S...
    11. The message archiving system of claim 10 wherein said search is at a user level.
    12. The message archiving system of claim 10 wherein said search is at a domain level. S. S S * S *I
    13. The message archiving system of claim 1 wherein said auto-archiving database comprises a mechanism to allow access to stored messages according to different access permissions.
    14. The message archiving system of claim 13 wherein said auto-archiving database comprises a mechanism to allow rapid access to stored messages by subject, content, sender or date.
    15. The message archiving system of claim 13 wherein said auto-archiving database comprises a mechanism to allow access based on any message feature or content.
    16. The message archiving system of claim 15 wherein said message feature or content is selected from the group consisting of: sender, file type, subject line, key word, sound, and image.
    17. The message archiving system of claim 1 wherein said auto-archiving engine additionally comprises a mechanism to generate a suniinary of messages that have passed through Lhe system.
    18. The message archiving system of claim 17 wherein said summary is used subsequently to locate emails based on content, recipient and so on.
    19. The message archiving system of claims 1-18 wherein said database is a user database (102) - 20. The message archiving system of claim 19 wherein said criteria are set by a user.
    21. The message archiving system of claim 20 wherein said criteria are selected from the group consisting of: sender, subject line, file type, key word, key sound, and key image.
    22. The message archiving system of claim 20 wherein said user is a business or organisation 23. The message archiving system of claim 22 wherein said criteria apply to all individual users within said business or organisat..ion.
    24. The message archiving system of claim 20 wherein said criteria are set by an administrator. S...
    25. 1 message filtering system, comprising a database module (102) S... . 0 C. - 1
    : coIiLdiLliIIy one OL iLIoie eorIL.LguraLiorL opior1s reLaLing LO OflC or more * end-users, a scanning engine module (112) connected to said database S..
    * module (102) and a message archiving system of claims 1-24, wherein said one or more configuration options for said one or more end-users modify * the scanning engine module (112) behaviour and the message archiving *:*. system on a message by message basis.
    26. The message filtering system of claim 25 additionally comprising a message prioritisation system.
    27. The message filtering system of claims 25 and 26 wherein said scanning engine module comprises a pre-filtering engine.
    28. The message filtering system of claims 25 and 26 additionally comprising a set-up process (104), wherein a third party user database is synchronized as appropriate with the user database.
    29. The message filtering system of claims 25-28 wherein said message is an Email message.
    30. The message filtering system of claims 25-28 wherein said message comprises a message selected from the group consisting of: IM for text and image messaging computer to computer, SMS for text messaging via mobile devices, V0IP for communication via telephony, MMS for transmission of images, 3GP for transmission of video, and Fax.
    31. The message filtering system of claims 25-30 wherein a sender of a message is end-user of P1MM.
    32. The message filtering system of claims 25-31 wherein a recipient of a message is end-user of P1MM.
    33. The message filtering system of claim 25-32 in which said prioritisation system comprises: (a) a message stream (120); (b) prioritisation module (504); and (C) one or more delivery streams (B1, B2, B3... BN) characterised in that a behaviour of said auto-archiving module is determined by settings in said database module (102) so that if a particular message in said message stream falls within criteria specified in said database a delivery stream B1, B2, B3 BN is chosen.
    34. The message filtering system of claim 33 wherein said delivery stream * *, comprises a delivery stream selected from the group consisting of: an * S * ** 30 email message delivery, an SMS/text message delivery, a MMS/multimedia **** message delivery, a fax delivery, a voice mail delivery, and pda/mobile delivery.
    *..* : 35. The message filtering system of claim 33 wherein said criteria are selected from the group consisting of: sender, message content, and subject line.
    36. The message filtering system of claim 33 wherein a particular message in said message stream falls within criteria specified in said user database, said message is accorded a priority.
    37. The message filtering system of claim 36 wherein said chosen delivery stream is to a device selected for said priority and specified in said database.
    38. The message filtering system of claim 36 wherein if said priority is high the delivery stream chosen is a message stream to a mobile service provider.
    39. The message filtering system of claim 36 wherein if said priority is high the delivery stream chosen is a message stream to a mobile service provider, said mobile service provider pushing' an alert message to a mobile device whereby a recipient of said alert message pulls' a copy of said particular message from the mobile service provider.
    40. The message filtering system of claim 33 wherein a particular message in said message stream falls within criteria specified in said user database, said message is accorded a low priority.
    41. The message filtering system of claim 40 wherein if said priority is low the delivery stream chosen is a stream to the message archiving system of claim X and the message is not delivered.
    42. The message filtering system of claim 40 wherein if said priority is low and said message is from a particular sender no delivery stream chosen and the message is not delivered.
    43. The message filtering system of claim 33 wherein said message stream comprises messages of any format.
    44. The message filtering system of claim 43 wherein said prioritisation engine additionally comprises a mechanism to inter-convert multipleformat digital information.
    45. The message filtering system of claims 25-44 wherein said criteria are set by a user.
    46. The message filtering system of claim 25-45 additionally comprising a * ** set-up process (104), wherein a third party user database is * S * synchronized as appropriate with the user database. **** * S
    48. The message filtering system of claims 46 or 47 for which information on a database (302) concerning a third party's message server (306) has : been altered so that incoming messages from a message sender (300) is sent to said filtering system (304).
    49. The message filtering system of claim 48 wherein said third party is an xSP or corporate organization. ** S
    50. The message filtering system of claim 48 wherein said xSP database contains subscription data for a new end-user to said xSP.
    51. The message filtering system of claim 48 wherein said clean message is sent to a message server of said xSP, and thence to said end-user messagebox (308) 52. The message filtering system of claim 48 wherein said xSP has multiple end-users, and wherein said end-users are grouped according to specific domains and subdomairis.
    53. The message filtering system of claim 49 wherein default settings for said end-users may be set by an administrator of said domain or subdomain.
    54. The message filtering system of claims 48-53 wherein said message is an Email message.
    55. The message filtering system of claims 48-53 wherein said message comprises a message selected from the group consisting of: IM for text and image messaging computer to computer, SMS for text messaging via mobile devices, V0IP for communication via telephony, MMS for transmission of images, 3GP for transmission of video, and Fax.
    56. The message filtering system of claims 46-55 wherein a sender of a message is end-user of PII1.
    57. The message filtering system of claims 46-55 wherein a recipient of a message is end-user of P1MM.
    58. The message filtering system of claims 46-57 further characterized in that said scanning engine module (112) comprises at least one of: (a) an antivirus filter module (202); (b) an anti-spain filter module (212); and (C) a content control filtering module (222) - 59. The message filtering system of claim 58 additionally comprising a quarantine queue (208, 220, 230) for secure holding of mail for each of said at least one of: said antivirus filter module (202), said anti-spain filter module (212) and said content control filtering module (222). * .*
    60. The message filtering system of claim 59 wherein messages may be released, forwarded, modified or deleted from said quarantine queue according to user level or domain level protocols held in said database.
    61. The message filtering system of claim 58 further characterized in that said content control filtering module (222) comprises: (a) a first module (224) able to detect messages having attachments of a size greater than that specified in said database; (b) a second module (226) able to detect messages having attachments of specific file types specified in said database; and (C) a third module (228) able to detect messages having specific subjects, message content or attachment file names specified in said database.
    62. The message filtering system of claim 58 wherein said antivirus filter module (202) providing antivirus filtering for message and file attachments and whose behavior is determined by settings contained within said database module (112), comprises: (a) a first module (204) able to detect messages having virus infection by examining signatures and detect known viruses by name; and (b) a second module (206) able to detect messages having virus infection by heuristic analysis of said message.
    63. The message filtering system of claim 58 wherein said antispam filter module (212) for message and whose behaviour is determined by settings contained within a database module (112) and set by a user, or administrator on behalf of a user or group of users, comprises: (a) a first module (214) able to analyze the structure of a message, its reputation and travel path (b) a second module (216) able to perform heuristic rule-based checks against a knowledge base and perform heuristic and/or Bayesian content analysis using heuristics and Bayesian model methodologies combined with individual word probabilities (C) a third module (218) able to detect hoaxes and phishing, and using White and Black Lists on global, domain and user level.
    64. The message filtering system of claims 46-55 wherein said third party database and said user database have a format compatible with LD1P.
    65. The message filtering system of claims 46-55 wherein said third party database and said user database have a format compatible with ActiveDirectory.
    66. The message filtering system of claims 46-55 wherein said third party database and said user database have an SQL format. a.*
    67. The message filtering system of claims 46-55 wherein said third party database is a master and said user database is a slave.
    68. The message filtering system of claims 46-55 wherein said third party database is a slave and said user database is a master.
    69. The message filtering system of claims 46-55 wherein said third party database and said user database use both-ways synchronisation.
    70. The message filtering system of claims 46-55 wherein said third party . database contains information including information on people, S. organizational units, printers, documents, or groups of people.
    71. A method for archiving messages comprising the steps of: (a) receiving a message from a message stream (120); (b) comparing said message to criteria in a database (610); and (c) copying a message to an auto-archive database (610) if said message falls within said criteria.
    72. The method of claim 71 wherein said criteria comply with a regulatory code.
    73. The method of claim 72 wherein said regulatory code is selected from the group consisting of: Sarbanes Oxley, HIPPA, and Basel II.
    74. The method of claim 71 wherein said auto-archive database is a secure database.
    75. The method of claim 74 wherein data stored in said auto-archive database is read-only.
    76. The method of claim 71 additionally comprising the step of comprising said message if said message falls within said criteria.
    77. The method of claim 71 wherein said message stream comprises messages of any format.
    78. The method of claim 77 additionally comprising the step of converting multiple-format digital information to a uniform format if said message falls within said criteria.
    79. The method of claim 77 additionally comprising the step of searching said auto-archiving database.
    80. The method of claim 79 wherein said search is at a user level.
    81. The method of claim 80 wherein said search is at a domain level.
    82. The method of claim 71 additionally comprising the step of allowing access to said auto-archiving database according to different access permissions.
    : 83. The method of claim 82 wherein access is according to subject, content, sender or date.
    84. The method of claim 82 wherein access is according to any message feature or content.
    : 85. The method of claim 84 wherein said message feature or content is selected from the group consisting of: sender, file type, subject line, key word, sound, and image.
    : 1* 35 86. The method of claim 71 additionally comprising the step of generating a summary of messages that have passed through the system.
    87. The method of claim 86 wherein said summary is used subsequently to locate emails based on content, recipient and so on 88. The method of claims 71-87 wherein said database is a user database (102).
    89. The method of claim 88 wherein said criteria are set by a user.
    90. The method of claim 89 wherein said criteria are selected from the group consisting of: sender, subject line, file type, key word, key sound, and key image.
    91. The method of claim 90 wherein said user is a business or organisation 92. The method of claim 91 wherein said criteria apply to all individual users within said business or organisation.
    93. The method of claim 90 wherein said criteria are set by an administrator.
    94. A method for filtering messages comprising the steps: (a) receiving a message for an end-user; (b) identifying one or more configuration options related to said end- user held in a user database module; (c) modifying a behaviour of a scanning engine module according to said one or more configuration options; (d) scanning and filtering said message according to said configuration options; and (e) archiving said message according to the method of claim 84-106 wherein said database is the user database module (102) 95. The method of claim 94 additionally comprising the step of prioritising said message.
    96. The method of claims 94-95 additionally comprising synchronizing a third party user database as appropriate with the user database according to a set-up process.
    97. The message filtering system of claims 94-96 wherein said message is an Email message.
    98. The message filtering system of claims 94-96 wherein said message comprises a message selected from the group consisting of: IM for text and image messaging computer to computer, SMS for text messaging via mobile devices, V0IP for communication via telephony, MMS for :. 35 transmission of images, 3GP for transmission of video, and Fax.
    * S.. 99. The method of claims 94-96 additionally comprising prefiltering said *:*. message according to the steps: (a) identifying a digital message that is not capable of carrying an unwanted or undesirable component prior to full scanning of said message by filtering software; (b) passing said message identified as not capable of carrying an unwanted or undesirable component to a data stream not requiring full scanning of said message by filtering software; (c) passing other messages not identified in step (a) as not capable of carrying an unwanted or undesirable component to a module able to do a full scan of said message.
    100. The method of claim 99 wherein said unwanted or undesirable component is a virus and wherein said step of identifying a digital message that is not capable of carrying a virus comprises: (a) detecting the presence of an attachment to said message; (b) detecting an embedded element (for example iFrame /ActiveX code) able to download potentially malicious code from the internet when said message is received, or opened; (c) detecting whether or not said message had a link to a website that could cause a virus to be downloaded; (d) detecting whether or not an originator of said message is blacklisted as a virus distribution server or user.
    101. The method of claim 99 wherein said unwanted or undesirable component is spain and wherein said step of identifying a digital message that is not capable of carrying spam comprises: (a detecting whether or not the originator state is a known source of spam; (b) detecting whether or not the sending program is probably bulk rather than personal; (c) detecting whether or not the structure of the message is poor and may contain lazy html.
    102. The method of claim 99 wherein said unwanted or undesirable component is message content and wherein said step of identifying a digital message ::. that is not capable of carrying spam comprises: detecting the presence of an attachment to said message.
    S S S'S.
    103. The method of claim 99 wherein said step of passing said message a: 35 identified as not capable of carrying an unwanLed or undesirable * component to a data stream not requiring full scanning of said message * by filtering software additionally comprises passing said message via :. said data stream to the filter of claim 3.
    104. The method of claim 99 wherein if said message is not capable of carrying an unwanted or undesirable component to a data stream not requiring full scanning of said message by filtering software additionally comprises passing said message via said data stream to the filter of claim 4.
    105. The method of any of claims 99 to 104 wherein if said message is not capable of carrying an unwanted or undesirable component to a data stream not requiring full scanning of said message by filtering software additionally comprises passing said message via said data stream to a user inbox.
    106. The method of claim 95 wherein said step of prioritising said message comprises the steps of: (a) receiving a message from a message stream (120); (b) comparing said message to criteria in said database; (c) delivering said message to a delivery stream B1, B2, B3... B5 if said message in said message falls within criteria.
    107. The method of claim 106 wherein said delivery stream comprises a delivery stream selected from the group consisting of: an email message delivery, an SMS/text message delivery, a MMS/multimedia message delivery, a fax delivery, a voice mail delivery, and pda/mobile delivery.
    107. The method of claim 106 wherein said criteria are selected from the group consisting of: sender, message content, and subject line.
    109. The method of claim 106 wherein said step of comparing said message to criteria in a database comprises according a priority to said message if said message falls within said criteria.
    110. The method of claim 109 wherein said step of delivering said message to a delivery stream comprises selecting a deliverer stream for said priority as specified in said database.
    ill. The method of claim 109 wherein if said priority is high the delivery stream selected is a delivery stream to a mobile service provider.
    ,30 112. The method of claim 111 wherein comprising the additional steps of: (a) pushing' an alert message trom said mobile service provider to a mobile device; (b) pulling' a copy of said particular message from the mobile service provider by a recipient.
    35 113. The method of claim 106 wherein a particular message in said message stream falls within criteria specified in said user database, said message is accorded a low priority. *0 S S. S -3-7-
    114. The method of claim 113 wherein the delivery stream chosen is a stream to a message archiving system and the message is not delivered.
    115. The method of claim 109 wherein if said priority is low and said message is from a particular sender no delivery stream is chosen and the message is not delivered.
    116. The method of claim 106 wherein said message stream comprises messages of any format.
    117. The method of claim 116 additionally comprising the step of interconverting wherein said multiple-format digital information.
    118. The method of claim 106 additionally comprising the step of allowing a user to set said criteria.
    119. The method of claim 96 wherein said step of synchroriising comprises the steps: (a) accessing a first field in said third party database; (b) accessing a corresponding field in said user database (c) determining whether data in said first field in said third party database is newer than data in said corresponding field in said user database; and (d) replacing said data in said corresponding field in said user database with said data in said first field in said third party database if said first field in said third party database is newer than data in said corresponding field in said user database.
    120. The method of claim 119 additionally comprising the step of replacing said data in said first field in said third party database with said data in said corresponding field in said user database if said first field in said third party database is older than data in said
    corresponding field in said user database.
    121. The method of claim 119 and 120 in which said third party database has a format selected from the qroup consisting of: LDAP, ActiveDirectory, : ***30 Oracle, MS SQL, and MySQL.
    122. The method of claim 119 and 120 in which said user database has a format selected from the group consisting of: LDAP, ActiveDirectory, Oracle, MS SQL, and MySQL. * * S
    123. The message filtering system of claim 27 wherein said pre-filter is able to identify a digital message that is not capable of carrying an unwanted or undesirable component prior to full scanning of said message by filtering software wherein if said message is not capable of carrying said unwanted or undesirable component said message is not passed to a module able to do a full scan of said message and if said message is capable of carrying said unwanted or undesirable component said message is passed to a module able to do a full scan of said message.
    124. The pre-tilter of claim 123 wherein said unwanted or undesirable component is a virus and wherein said pre-tilter comprises one or more S of the following component modules: (a) a module able to detect the presence of an attachment to said message; (b) a module able to detect an embedded element (for example iFrame /ActiveX code) able to download potentially malicious code from the internet when said message is received, or opened; (c) a module able to detect whether or not said message had a link to a website that could cause a virus to be downloaded; (d) a module able to detect whether or not an originator of said message is blacklisted as a virus distribution server or user.
    125. The pre-filter of claim 123 wherein said unwanted or undesirable component is spam and wherein said pre-filter comprises one or more of the following component modules: (a) a module able to detect whether or not the originator state is a known source of spam; (b) a module able to detect whether or not the sending program is probab'y bulk rather than personal; (C) a module able to detect whether or not the structure of the message is poor and may contain lazy html.
    126. The pre-filter of claim 123 wherein said unwanted or undesirable component is message content and wherein said pre-filter comprises a module able to detect the presence of an attachment to said message.
    127. A pre-filter comprising the filter of claim 124 wherein if said message : ** is not capable of carrying a virus said message is passed to the filter of claim 3. * * ****
    ju iz8. The pre-fiter of claim 127 wherein f said message s not capable of carrying spam said message is passed to the filter of claim 4.
    * 129. The pre-filter of claims 124-128 wherein if said message is not capable S..
    * of carrying said unwanted or undesirable component it is passed to a user inbox. * . :*:;
GB0618187A 2005-09-16 2006-09-15 Platform for message management Withdrawn GB2430284A (en)

Applications Claiming Priority (7)

Application Number Priority Date Filing Date Title
GB0518876A GB2418330B (en) 2004-09-17 2005-09-16 Platform for intelligent Email distribution
GB0523360A GB0523360D0 (en) 2005-11-17 2005-11-17 Enhanced email filtering and processing
GB0604543A GB0604543D0 (en) 2006-03-07 2006-03-07 Email Prefilter
GB0605655A GB0605655D0 (en) 2006-03-21 2006-03-21 Enhanced email filtering and processing
GB0605650A GB0605650D0 (en) 2006-03-21 2006-03-21 Email prefilter
GB0613431A GB0613431D0 (en) 2006-07-06 2006-07-06 Email prefilter
GB0613430A GB0613430D0 (en) 2006-07-06 2006-07-06 Enhanced email filtering and processing

Publications (2)

Publication Number Publication Date
GB0618187D0 GB0618187D0 (en) 2006-10-25
GB2430284A true GB2430284A (en) 2007-03-21

Family

ID=37309990

Family Applications (3)

Application Number Title Priority Date Filing Date
GB0618187A Withdrawn GB2430284A (en) 2005-09-16 2006-09-15 Platform for message management
GB0618185A Withdrawn GB2430335A (en) 2005-09-16 2006-09-15 Pre-filtering of digital messages
GB0618310A Withdrawn GB2430336A (en) 2005-09-16 2006-09-15 System which converts, forwards and/or stores messages in accordance with user defined criteria

Family Applications After (2)

Application Number Title Priority Date Filing Date
GB0618185A Withdrawn GB2430335A (en) 2005-09-16 2006-09-15 Pre-filtering of digital messages
GB0618310A Withdrawn GB2430336A (en) 2005-09-16 2006-09-15 System which converts, forwards and/or stores messages in accordance with user defined criteria

Country Status (2)

Country Link
GB (3) GB2430284A (en)
WO (1) WO2007031963A2 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101272594B (en) * 2007-03-22 2012-04-25 华为技术有限公司 Method for filtering enciphered contents, filter device and contents consuming device
US9063993B2 (en) 2008-01-31 2015-06-23 Microsoft Technology Licensing, Llc Coexistence tools for synchronizing properties between on-premises customer locations and remote hosting services
ATE505018T1 (en) * 2008-03-31 2011-04-15 Mitsubishi Electric Corp TREATMENT OF RECEIVED DATA MESSAGES OF A TEXT-BASED PROTOCOL
GB2499787B (en) * 2012-02-23 2015-05-20 Liberty Vaults Ltd Mobile phone
US20140006528A1 (en) * 2012-06-27 2014-01-02 Synchronoss Technologies, Inc. Protocol agnostic dynamic messaging platform and a system and a method thereof
US9143475B2 (en) 2013-01-29 2015-09-22 Synchronoss Technologies, Inc. Unified messaging proxy, a system and a method thereof
GB2512138B (en) * 2013-03-22 2015-03-25 F Secure Corp Secured online transactions
US11501252B1 (en) * 2015-12-31 2022-11-15 American Airlines, Inc. Context-based communication platform
US11025651B2 (en) * 2018-12-06 2021-06-01 Saudi Arabian Oil Company System and method for enhanced security analysis for quarantined email messages

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004003704A2 (en) * 2002-06-28 2004-01-08 Prgrs, Inc. Systems and methods for capturing and archiving email
US20040254988A1 (en) * 2003-06-12 2004-12-16 Rodriguez Rafael A. Method of and universal apparatus and module for automatically managing electronic communications, such as e-mail and the like, to enable integrity assurance thereof and real-time compliance with pre-established regulatory requirements as promulgated in government and other compliance database files and information websites, and the like
EP1509014A2 (en) * 2003-08-19 2005-02-23 Sophos Plc Method and apparatus for filtering electronic mail

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5649095A (en) * 1992-03-30 1997-07-15 Cozza; Paul D. Method and apparatus for detecting computer viruses through the use of a scan information cache
AU725370C (en) * 1996-06-18 2003-01-02 Cranberry Properties, Llc Integrated voice, facsimile and electronic mail messaging system
US6938024B1 (en) * 2000-05-04 2005-08-30 Microsoft Corporation Transmitting information given constrained resources
US6973578B1 (en) * 2000-05-31 2005-12-06 Networks Associates Technology, Inc. System, method and computer program product for process-based selection of virus detection actions
US6928555B1 (en) * 2000-09-18 2005-08-09 Networks Associates Technology, Inc. Method and apparatus for minimizing file scanning by anti-virus programs
US7376701B2 (en) * 2002-04-29 2008-05-20 Cisco Technology, Inc. System and methodology for control of, and access and response to internet email from a wireless device
GB2396227B (en) * 2002-12-12 2006-02-08 Messagelabs Ltd Method of and system for heuristically detecting viruses in executable code
GB2400933B (en) * 2003-04-25 2006-11-22 Messagelabs Ltd A method of, and system for, heuristically detecting viruses in executable code by detecting files which have been maliciously altered
US7155484B2 (en) * 2003-06-30 2006-12-26 Bellsouth Intellectual Property Corporation Filtering email messages corresponding to undesirable geographical regions
GB2418330B (en) * 2004-09-17 2006-11-08 Jeroen Oostendorp Platform for intelligent Email distribution
US8396927B2 (en) * 2004-12-21 2013-03-12 Alcatel Lucent Detection of unwanted messages (spam)

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004003704A2 (en) * 2002-06-28 2004-01-08 Prgrs, Inc. Systems and methods for capturing and archiving email
US20040133645A1 (en) * 2002-06-28 2004-07-08 Massanelli Joseph A. Systems and methods for capturing and archiving email
US20040254988A1 (en) * 2003-06-12 2004-12-16 Rodriguez Rafael A. Method of and universal apparatus and module for automatically managing electronic communications, such as e-mail and the like, to enable integrity assurance thereof and real-time compliance with pre-established regulatory requirements as promulgated in government and other compliance database files and information websites, and the like
EP1509014A2 (en) * 2003-08-19 2005-02-23 Sophos Plc Method and apparatus for filtering electronic mail

Also Published As

Publication number Publication date
GB2430336A (en) 2007-03-21
GB2430335A (en) 2007-03-21
GB0618187D0 (en) 2006-10-25
GB0618185D0 (en) 2006-10-25
WO2007031963A3 (en) 2007-10-18
GB0618310D0 (en) 2006-10-25
WO2007031963A2 (en) 2007-03-22

Similar Documents

Publication Publication Date Title
US20060075052A1 (en) Platform for Intelligent Email Distribution
US6732157B1 (en) Comprehensive anti-spam system, method, and computer program product for filtering unwanted e-mail messages
GB2430284A (en) Platform for message management
US10185479B2 (en) Declassifying of suspicious messages
US8135779B2 (en) Method, system, apparatus, and software product for filtering out spam more efficiently
US6779022B1 (en) Server that obtains information from multiple sources, filters using client identities, and dispatches to both hardwired and wireless clients
US7761498B2 (en) Electronic document policy compliance techniques
US20020124057A1 (en) Unified communications system
US7366761B2 (en) Method for creating a whitelist for processing e-mails
US7206814B2 (en) Method and system for categorizing and processing e-mails
US20070220143A1 (en) Synchronous message management system
US7627642B1 (en) Methods and systems for automatically presenting users with option to call sender responsive to email message
US20060031309A1 (en) Electronic mail attachment management system and method
US20060036690A1 (en) Network protection system
GB2347053A (en) Proxy server filters unwanted email
EP2068516A1 (en) E-mail management services
US20050198171A1 (en) Managing electronic messages using contact information
US20090264100A1 (en) Flexible Messaging System For Mobile Phone Users
US20070094321A1 (en) General purpose rss catcher
WO2008031871A1 (en) Method for automatically classifying communication between a sender and a recipient
US20060086798A1 (en) Deferred email message system and service
WO2009116054A2 (en) Method and system for organizing electronic mails
US20060265459A1 (en) Systems and methods for managing the transmission of synchronous electronic messages
US8380791B1 (en) Anti-spam system, method, and computer program product
EP1997022B1 (en) Synchronous message management system

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)