WO2008015669A2 - Communication authenticator - Google Patents

Communication authenticator Download PDF

Info

Publication number
WO2008015669A2
WO2008015669A2 PCT/IL2007/000950 IL2007000950W WO2008015669A2 WO 2008015669 A2 WO2008015669 A2 WO 2008015669A2 IL 2007000950 W IL2007000950 W IL 2007000950W WO 2008015669 A2 WO2008015669 A2 WO 2008015669A2
Authority
WO
WIPO (PCT)
Prior art keywords
server
party
sending party
communication link
validation
Prior art date
Application number
PCT/IL2007/000950
Other languages
French (fr)
Other versions
WO2008015669A3 (en
Inventor
Jacob Cohen
Original Assignee
Jacob Cohen
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jacob Cohen filed Critical Jacob Cohen
Publication of WO2008015669A2 publication Critical patent/WO2008015669A2/en
Publication of WO2008015669A3 publication Critical patent/WO2008015669A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/212Monitoring or handling of messages using filtering or selective blocking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Definitions

  • the present invention relates to systems and methods for authenticating emails for the purpose of making sure that the incoming email is not spam, more particularly the present invention relates to systems and method for authenticating emails by using peer-to-peer means.
  • Junk mail received via email is fast becoming a problem of epidemic proportions. Spanners use different methods for harvesting email addresses of potential recipients and it is increasingly difficult to find methods of avoiding junk emails or filtering them out.
  • One such method relies on examining the content of the incoming mail and determining its validity accordingly. This method is found to have a low success rate and spammers are constantly finding ways of bypassing it such as misspelling key words.
  • an additional method analyzes the header of the email in order to identify spam mail. This method has also proven to have a low success rate.
  • One common method authenticates only emails whose sender is in a 'safe list 1 of the recipient.
  • This method has several shortcomings. First, it does not enable the initial correspondence since the email of the sending party does not already exist on the safe list. Second, spammers may bypass this method using worm attacks, by identifying names in the safe list or finding ways of getting listed. Similarly, one other method includes blacklisting email addresses which have been found to be the senders of spam mail. These lists have to constantly be updated since spammers often use many different email addresses to send spam mail from. Additionally, when a spammer uses the email of an innocent third party as the sending address of spam, this person might find that his or her address is blacklisted.
  • a method for automatically authenticating incoming electronic messages from a sending party to a receiving party The electronic message is transferred to the receiving party via a first data communication network.
  • the method comprises the steps of establishing a second data communication link, transferring at least one validation query to the sending party via the second communication UnIc, and determining the level of validity of the incoming electronic message in accordance with responses to the validation query received from the sending party.
  • the second communication link is optionally a direct communication link such as a peer-to-peer communication link.
  • the second communication link is optionally established via a dedicated secure server.
  • An optional non-direct communication link is established using the same messaging protocol such as mail (POP/SMTP) and SMS protocols but using a different address for validation purposes.
  • the method optionally also includes the step of attaching metadata to the outgoing electronic message by sending party.
  • the metadata optionally includes the electronic address of the sending party and a unique identification code.
  • the validation query optionally includes the step of validating the electronic address of the sending party.
  • the query optionally also includes a challenge for validating that the sending party is human, such as a Completely Automated Public Turing test to tell
  • the method can optionally also include the step of adding an access code by sending party to an outgoing electronic message.
  • the access code provides a validation for the authentication of the outgoing electronic message.
  • the addition of the access code optionally annuls the step of sending the validation query.
  • the receiving party is optionally a remote database management application and the electronic message is a request for accessing the remote database.
  • a system for automatically authenticating incoming electronic messages from a sending party to a receiving party The electronic message is transferred to the receiving party via a first data communication network.
  • the system comprises a second data communication link, a sender module for supporting the authentication process of the electronic message, and a validation module for performing the validation process through the second data communication link.
  • the sender module optionally resides on the client computer, the Personal Digital Assistant (PDA), or the cellular phone of the sending party, a general purpose server, a dedicated server, a mail server, a message server, or a web mail server.
  • the validation module resides on the client computer, the Personal Digital Assistant (PDA), or the cellular phone of the receiving party, a mail server, a message server, or a web mail server.
  • the system optionally also includes a dedicated secured server.
  • the second data communication link is established via the dedicated server.
  • the validation module optionally resides on the dedicated server.
  • Figure 1 is a flowchart illustrating a simplified process of authenticating an email in accordance with the first embodiment of the present invention
  • Figure 2 is a block diagram illustrating the components of the present invention in accordance with a second embodiment
  • Figure 3 is a flowchart illustrating the process of email authentication in accordance with a second embodiment of the present invention which includes a dedicated email authentication server;
  • Figure 4 is a block diagram illustrating an additional embodiment of the present invention which relates to a configuration in which the communication between the two clients is performed through two servers;
  • FIG. 5 is a flowchart illustrating the process of message authentication in accordance with an embodiment of the present invention in which the communication between the two clients is performed through two servers;
  • FIG. 6 is a block diagram illustrating another embodiment of the present invention according to which the communication between the two clients is performed through two servers and the authentication process is performed through a third dedicated secure server;
  • FIG. 7 is a flowchart illustrating the process of message authentication in accordance with an embodiment of the present invention according to which the communication between the two clients is performed through two servers and the authentication process is performed through a third dedicated secure server.
  • the present invention is a system and a method for authenticating incoming emails and eliminating spam messages.
  • Embodiments of the present invention include solutions for ensuring that the incoming email was sent from a person and not through an automated email dispatcher.
  • the proposed system makes use of peer-to-peer (P2P) technology.
  • the system makes use of client/server technology to authenticate an incoming email.
  • the system includes a challenge- response mechanism for validating that the received email was sent from a legitimate sender before presenting the email to the recipient.
  • users of the system are assured that all undesired junk emails are filtered out by the system and that they receive all the valid messages sent to them.
  • An embodiment is an example or implementation of the inventions.
  • the various appearances of "one embodiment,” “an embodiment” or “some embodiments” do not necessarily all refer to the same embodiments.
  • various features of the invention may be described in the context of a single embodiment, the features may also be provided separately or in any suitable combination.
  • the invention may also be implemented in a single embodiment.
  • Reference in the specification to "one embodiment”, “an embodiment”, “some embodiments” or “other embodiments” means that a particular feature, structure, or characteristic described in connection with the embodiments is included in at least one embodiments, but not necessarily all embodiments, of the inventions.
  • SMS short messaging service
  • MMS multimedia messaging service
  • the process of authentication of an incoming email is performed in two stages.
  • the first stage includes the automatic authentication of the address of the sender, such as the internet protocol (IP) address of the sender, and the second includes a process ensuring that the sending party is a person and not an automated email dispatcher.
  • IP internet protocol
  • the address of the sender is automatically authenticated using a dedicated identification string. Additional meta-data is attached to the outgoing email by the dedicated software.
  • the second stage of authentication makes use of any type of method known to people who are skilled in the art for validating that the user on the sending side is human, such as the Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) method.
  • IP internet protocol
  • CATCHA Completely Automated Public Turing test to tell Computers and Humans Apart
  • the system is a standalone client system.
  • the system is a client/server system.
  • the client end may be any type of computer, personal digital assistant (PDA), a cell phone and the like.
  • PDA personal digital assistant
  • this process is performed using P2P technology.
  • all processes are performed on the client computers and the client computers connect directly to execute the authentication process after receiving the message in the traditional manner.
  • Figure 1 is a flowchart illustrating a simplified process of authenticating an email in accordance with the first embodiment of the present invention. The flowchart illustrated in Figure 1 depicts the authentication process in a configuration according to which both the sending and the receiving parties have a dedicated software component locally installed.
  • the sender initiates the process by sending the email using any known method (step 100).
  • the designated software component on the client computer of the sending party attaches metadata to the outgoing email before the transmission to a server or a reciever (step 105).
  • the metadata includes a unique identification code and the address of the sending party such as an Internet Protocol (IP) address and any additional information needed for a successful P2P connection.
  • IP Internet Protocol
  • the metadata optionally includes additional data which may aid the receiving party to retrieve this information. This information is encrypted and attached to the outgoing email.
  • the dedicated software component examines the email before displaying it to the user.
  • the dedicated software component on the client computer of the receiving party extracts the metadata attached to the incoming email and decrypts it (step 110).
  • the first is an identification query to authenticate the metadata in the incoming email (step 115) and the second is an authentication challenge, such as a CAPTCHA challenge (step 120).
  • the connection between the client computer of the receiving party and the client computer of the sending party is established directly using any type of direct communication link such as a P2P connection.
  • the connection is performed according to the address of the sending party which is attached to the incoming email.
  • the sending party receives the two queries.
  • the response to the metadata query is performed automatically (step 125).
  • the user is prompt to respond to the CAPTCHA challenge manually (step 130). Both responses are sent back to the receiving party through the direct communication link between the two client computers which was established by the dedicated software.
  • the dedicated software component on the client computer of the receiving party first checks that the CAPTCHA challenge was answered correctly (step 135). Provided that the response to the CAPTCHA challenge is correct, it also checks that the response to the identification query is valid (step 140). If the response to the identification query is valid the incoming mail is found to be authentic and is displayed to the user of the receiving party by placing the incoming email in the inbox (step 150).
  • the incoming email is marked as suspicious (step 155) and dealt with according to user preferences. If the CAPTCHA challenge was not answered correctly (step 135) the response to the identification query is also checked (step 145). Provided that the identification query in this instance is found to be invalid the email message is deleted (step 165). If the identification query is found to be valid the incoming email is marked as spam (step 160). The order of performing the validation checks - the CAPTCHA challenge (step 135) and the identification query (step 140, 145) -is interchangeable. [0045] According to some embodiments of the present invention users of the system on the receiving end can determine the level of security they wish to maintain.
  • users can determine that email senders whose identification query or addresses are found to be valid but who do not pass the CAPTCHA challenge are still acceptable. Similarly, users can optionally adjust their user preferences to accept emails from senders who pass the CAPTCHA challenge but whose identification query or IP address are found to be invalid.
  • the sending party attaches the metadata, but the process on the receiving end is performed in the normal manner in which incoming email is processed according to prior art. If the dedicated software component is not installed on the client computer of the sending party the dedicated software component on the client computer of the receiving party does not find the metadata in the incoming email.
  • the user on the receiving end can optionally define the status of such mail messages. For instance, the user can define that these types of emails are marked as suspicious or are deleted automatically by the dedicated software.
  • the dedicated software component on the client computer of the receiving party may then send an automatic reply email message to the sending party informing them that their email was rejected. This email optionally includes a link to a website from which the sending party can download the appropriate software component or plug-in for future correspondence.
  • the system may also be implemented whenever at least one of the parties uses a web-based mail server to send and receive emails.
  • the dedicated software component is installed on the web server of the web mail. If the sending party uses web mail to send the email, the dedicated software component on the web server of the web mail extracts the address of the sender and attaches it to the outgoing mail along with the unique identifier and additional information. This information is encrypted and attached to the outgoing email.
  • the web mail server receives the CAPTCHA challenge by a direct communication link.
  • the dedicated component on the web mail server generates an email message and implants it in the inbox of the sender or in a different designated folder.
  • This implanted email contains a type of CAPTCHA validation procedure such as an HTML form (ASP, PHP 5 etc) , script, or even a specific console or dedicated software.
  • a type of CAPTCHA validation procedure such as an HTML form (ASP, PHP 5 etc) , script, or even a specific console or dedicated software.
  • the system is also comprised of a dedicated server.
  • Figure 2 is a block diagram illustrating the components of the present invention in accordance with a second embodiment.
  • Client computer 200 is the sending party and client computer 210 is the receiving party.
  • the receiving party can optionally be multiple client computers 210.
  • the email is sent using traditional email server 240. All authentication and verification procedures are conducted through a dedicated secure server 230 which communicates both with sending party 200 and with receiving party 210. According to the second embodiment all authentication queries and challenges are conducted using dedicated secures server 230 instead of through a direct P2P communication link between the client computers of sending party 200 and receiving party 210.
  • FIG. 3 is a flowchart illustrating the process of email authentication in accordance with a second embodiment of the present invention which includes a dedicated email authentication server.
  • sending party logs on to the server (step 300).
  • sending party sends an email (step 300).
  • a dedicated software component on client computer of sending party attaches encoded information containing metadata (a unique ID and address and other needed identifying information) to the email (step 305).
  • the email is then sent to the client computers of the receiving parties and to the dedicated secured server, but it is not yet displayed to the users at the receiving end.
  • a dedicated software component on the client computers of the receiving parties request an email authentication from dedicated secure server before determining whether the incoming email is displayed to the user (step 320).
  • the dedicated secure server initiates a connection session with the client computer of the sending party. Through this communication session the dedicated secure server sends the sending party two queries: the first verifies that the unique ID and IP address details are correct (step 325), and the second is an authentication challenge, such as a CAPTCHA challenge (step 330). [0051] The sending party receives the two queries. The response to the metadata query is performed automatically (step 335). The user is prompt to respond to the CAPTCHA challenge manually (step 340). Both responses are sent back to the dedicated secure server through the secured communication link between the secure server and the client computer of the sending party. The dedicated secure server sends the results to the queries to the client computers of the receiving parties (step 345).
  • the dedicated software components on the client computers of the receiving parties check that the CAPTCHA challenge was answered correctly (step 350). Provided that the response to the CAPTCHA challenge is correct, it also checks that the response to the identification query is valid (step 355). If the response to the identification query is valid the incoming mail is found to be authentic (step 365). Provided that the response to the identification query is found to be invalid, the incoming email is marked as suspicious (step 370). If the CAPTCHA challenge was not answered correctly (step 350) the response to the identification query is also checked (step 360). Provided that the identification query in this instance is found to be invalid the email message is marked as to be deleted (step 380). If the identification query is found to be valid the incoming email is marked as spam (step 375). The order of performing the validation checks - the CAPTCHA challenge (step 350) and the identification query (step 355, 360) - is interchangeable.
  • the status of the incoming email is then sent from the dedicated secure server to the client computer of the receiving party (step 370).
  • the dedicated software component on the client computer of the receiving party treats the incoming message according to the results of the validation process conducted by the dedicated secure server and in accordance with user preference.
  • users of the system on the receiving end can determine the level of security they wish to maintain.
  • users can determine that email senders whose identification query or addresses are found to be valid but who do not pass the CAPTCHA challenges are still acceptable.
  • users can optionally adjust their user preferences to accept emails from senders who pass the CAPTCHA challenge but whose identification query or address are found to be invalid.
  • the dedicated software component on the client computer of the receiving party optionally includes a safe list of addresses.
  • the safe list includes the email addresses of resources from which the user expects to receive emails and which are known to the user as reliable. This information can be extracted from the user's mail program such as inbox, sent items, contacts, address books and the like. AU emails received from addresses which are included in the safe list are transferred to the inbox of the user without conducting any of the verification queries described above.
  • the user of the system can optionally send an access code to a person from which he or she wishes to receive emails for conducting a correspondence.
  • the access code can optionally be a temporary one or a constant one.
  • the sending party then adds the access code to the outgoing email and the dedicated software component on the client computer of the receiving party identifies the access code and automatically marks the incoming email as safe according to the security preferences of the user.
  • the access code is optionally generated randomly and may be permanent or good for only a single use. A randomly generated temporary code may prove useful for service providers who wish to publish a contact email address for the use of potential clients who are not clients of the system.
  • Email addresses published on websites are harvested by web-robots searching for addresses to spam, and therefore quickly become blocked with junk mail and become useless.
  • a periodically changing access code offers a simple solution to this problem since only emails from users who are equipped with an updated valid access code are saved by the system. AU other emails are quarantined or deleted.
  • the sending party adds an access code in addition to the metadata to the outgoing email.
  • the process of validation includes the automatic validation query to authenticate the metadata and the address and does not necessarily include the CAPTCHA challenge. This configuration enables ensuring a high level of security without having the sending party manually reply to a validation challenge.
  • FIG. 4 is a block diagram illustrating an additional embodiment of the present invention which relates to a configuration in which the communication between the two clients is performed through two servers.
  • Sending client 400 is connected to a mail server 420, and the client of the recipient 410 is also connected to a mail server 430.
  • the dedicated software runs on the dedicated mail servers 420, 430, thus, most authentication procedures are performed on the servers.
  • the described embodiment relates to cellular phones, but it may also relate to computer clients connected to a central mail server such as users connected to a company server.
  • FIG. 5 is a flowchart illustrating the process of message authentication in accordance with an embodiment of the present invention in which the communication between the two clients is performed through two servers.
  • a cellular phone user sends a message to a second cellular phone client (step 500).
  • the message can optionally be a short messaging service (SMS) message, an email message, a multimedia messaging service (MMS) message or any other type of message.
  • SMS short messaging service
  • MMS multimedia messaging service
  • the message goes through a dedicated messages server 420 of the cell-phone company.
  • Server 420 adds the needed metadata to the message and sends it to server 430 of the receiving party (step 505).
  • Server 430 of the receiving party extracts the metadata (step 510), generates a verification process, and initiates an authentication procedure with server 420 of the sending party (step 515).
  • This process is optionally performed in accordance with user preferences.
  • This procedure can optionally include a CAPTCHA request: server 430 of the receiving party sends server 420 of the sending party the CAPTCHA request (step 525).
  • Server 420 of the sending party forwards the CAPTCHA request directly to the client of the sending party 400 using any form of communication or technology known in the art (step 535).
  • the sender manually inserts the answer to the CAPTCHA challenge (step 540) and transmits it back to server 420 of the sending party.
  • Server 420 of the sending party transmits the CAPTCHA request answer to server 430 of the receiving party (step 545).
  • the answer of the sender is analyzed by server 430 of the receiving party (step 550).
  • server 430 of the receiving party sends server 420 of the sending party a request to authenticate the identification and metadata information (step 520).
  • server 420 of the sending party automatically replies to the request for authenticating the identification and metadata information (step 530).
  • the answer of server 420 of the sending party is analyzed by server 430 of the receiving party (step 550). If server 430 of the receiving party approves the results of the authentication procedure (steps 555 and 560), the message is transmitted to the cellular phone of the receiving party 410 (step 570). Otherwise, the message is quarantined or deleted, according to user preferences.)
  • FIG. 6 is a block diagram illustrating another embodiment of the present invention according to which the communication between the two clients is performed through two servers and the authentication process is performed through a third dedicated secure server.
  • the sending party sends a message through client computer 600 of the sending party.
  • the message is transmitted from client computer 600 of the sending party to server 620 of the sending party.
  • Server 620 of the sending party transmits the message to servers 640 of the receiving parties 610.
  • the validation procedure of the message is performed on dedicated secure server 630.
  • dedicated secure server 620 informs servers 640 of the receiving parties about the security status of the incoming message.
  • FIG. 7 is a flowchart illustrating the process of message authentication in accordance with an embodiment of the present invention according to which the communication between the two clients is performed through two servers and the authentication process is performed through a third dedicated secure server.
  • the process combines two embodiments described above: a communication between sending party and the receiving party which is performed through two servers as illustrated in Figure 5 and the embodiment which includes a dedicated secure server for performing the authentication process as illustrated in Figure 3.
  • the identification information and metadata are attached to the message by server 620 of the sending party (step 705).
  • Server 620 of the sending party logs into dedicated secure server 630 (step 710) and sends both dedicated secure server 630 and servers 640 of the receiving parties the message (step 715).
  • Servers 640 of the receiving parties retrieve the identification and metadata from the message (step 720) and request the authentication of dedicated secure server 630 (step 725).
  • Dedicated secure server 630 sends the CAPTCHA challenge to server 620 of the sending party (step 735) which in turn forwards the challenge to client computer 600 of the sending party (step 745).
  • dedicated secure server 630 sends the identification information and the metadata to server 620 of the sending party for authentication (step 730).
  • Servers 640 of the receiving parties can optionally also send the identification information and the metadata to the server 620 of the sending party for authentication.
  • Server 620 of the sending party replies to the authentication requests (step 740).
  • AU results are gathered by dedicated secure server 630 forwarded to servers 640 of the receiving parties (step 760).
  • the answers of server 620 of the sending party are analyzed by servers 640 of the receiving parties (step 760). If servers 640 of the receiving parties approve the results of the authentication procedure (steps 770 and 775), the message is transmitted to client computers 610 of the receiving party (step 785). Otherwise, the message is quarantined or deleted, according to user preferences.
  • a dedicated address such as a mailbox
  • the transmission of the authentication message according this option is established through traditional non-direct mail communication (SMTP/POP/IMAP) or other technologies which enable transmission through direct communication.
  • the system then exercises the messages authentication validation procedures, as described above via this dedicated address.
  • Messages in the dedicated address are used only for authentication validation purposes and are eventually erased without being transferred to the message management application program of the client.
  • the dedicated address can be used for serving one or multiple mailboxes of clients. All other authentication procedures are performed as described above.
  • Messages which are found to be valid using the dedicated address for dedicated software communication and authentication validation are automatically transferred to the inbox of the receiving party, other messages are deleted, quarantined or flagged in accordance with user preferences.
  • users residing behind firewalls do not have to configure additional secure communication lines in their firewalls and are able to make use of the disclosed authentication validation system and method through existing email communication routes, these communication can optionally work in batch mode.
  • a dedicated software component associated with the database establishes a second communication link with the dedicated software component on the client computer of the sending party. Via the second communication link the validation procedure is performed between the dedicated software components on both ends. This procedure ensures that automatic programs cannot access the database since automatic programs cannot successfully answer the CAPTCHA challenge.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Tourism & Hospitality (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Strategic Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present invention is a system and a method for authenticating incoming emails and eliminating spam and other harmful messages. Embodiments of the present invention include solutions for ensuring that the incoming email was sent from a person and not through an automated email dispatcher. According to some embodiments of the present invention the proposed system makes use of peer-to-peer (P2P) technology. According to additional embodiments the system makes use of client/server technology to authenticate an incoming email. The system includes a challenge-response mechanism for validating that the received email was sent from an actual person before presenting the email to the recipient. Thus, users of the system are ensured that all undesired junk emails are filtered out by the system and that they receive all the valid messages sent to them.

Description

Communication Authenticator
[001] FIELD OF INVENTION
[002] The present invention relates to systems and methods for authenticating emails for the purpose of making sure that the incoming email is not spam, more particularly the present invention relates to systems and method for authenticating emails by using peer-to-peer means.
[003] BACKGROUND
[004] Junk mail received via email is fast becoming a problem of epidemic proportions. Spanners use different methods for harvesting email addresses of potential recipients and it is increasingly difficult to find methods of avoiding junk emails or filtering them out. Currently there are several methods used for filtering out undesirable emails. However none of these methods provides a solution which blocks all undesirable emails while ensuring that all of the valid emails are not filtered out. [005] One such method relies on examining the content of the incoming mail and determining its validity accordingly. This method is found to have a low success rate and spammers are constantly finding ways of bypassing it such as misspelling key words. Similarly, an additional method analyzes the header of the email in order to identify spam mail. This method has also proven to have a low success rate. Other methods rely on email white pages checking that the sender of the email appears in the white pages of email addresses. This method can be easily bypassed by spammers through forging seemingly valid email addresses as senders. Additional methods include a challenge response method, querying the sender before authenticating the validity of the email. Since spammers can forge the sending party's email in the email header and use the email of an innocent third party as the sender, all challenge queries are sent to this third party instead of to the spammer.
[006] One common method authenticates only emails whose sender is in a 'safe list1 of the recipient. This method has several shortcomings. First, it does not enable the initial correspondence since the email of the sending party does not already exist on the safe list. Second, spammers may bypass this method using worm attacks, by identifying names in the safe list or finding ways of getting listed. Similarly, one other method includes blacklisting email addresses which have been found to be the senders of spam mail. These lists have to constantly be updated since spammers often use many different email addresses to send spam mail from. Additionally, when a spammer uses the email of an innocent third party as the sending address of spam, this person might find that his or her address is blacklisted.
[007] There is therefore a need for a system and a method which would enable blocking undesirable email and allow only valid emails to be received by the user. This solution should also enable the user to control its preferences, adjust its operation and determine the level of security he or she desires.
[008] SUMMARY OF INVENTION
[009] Disclosed is a method for automatically authenticating incoming electronic messages from a sending party to a receiving party. The electronic message is transferred to the receiving party via a first data communication network. The method comprises the steps of establishing a second data communication link, transferring at least one validation query to the sending party via the second communication UnIc, and determining the level of validity of the incoming electronic message in accordance with responses to the validation query received from the sending party. The second communication link is optionally a direct communication link such as a peer-to-peer communication link. Then the second communication link is optionally established via a dedicated secure server. An optional non-direct communication link is established using the same messaging protocol such as mail (POP/SMTP) and SMS protocols but using a different address for validation purposes.
[0010] The method optionally also includes the step of attaching metadata to the outgoing electronic message by sending party. The metadata optionally includes the electronic address of the sending party and a unique identification code. The validation query optionally includes the step of validating the electronic address of the sending party.
[0011] Additionally the query optionally also includes a challenge for validating that the sending party is human, such as a Completely Automated Public Turing test to tell
Computers and Humans Apart (CAPTCHA) challenge.
[0012] The method can optionally also include the step of adding an access code by sending party to an outgoing electronic message. The access code provides a validation for the authentication of the outgoing electronic message. The addition of the access code optionally annuls the step of sending the validation query.
[0013] The receiving party is optionally a remote database management application and the electronic message is a request for accessing the remote database.
[0014] Also disclosed is a system for automatically authenticating incoming electronic messages from a sending party to a receiving party. The electronic message is transferred to the receiving party via a first data communication network. The system comprises a second data communication link, a sender module for supporting the authentication process of the electronic message, and a validation module for performing the validation process through the second data communication link. [0015] The sender module optionally resides on the client computer, the Personal Digital Assistant (PDA), or the cellular phone of the sending party, a general purpose server, a dedicated server, a mail server, a message server, or a web mail server. The validation module resides on the client computer, the Personal Digital Assistant (PDA), or the cellular phone of the receiving party, a mail server, a message server, or a web mail server.
[0016] The system optionally also includes a dedicated secured server. The second data communication link is established via the dedicated server. The validation module optionally resides on the dedicated server.
[0017] BRIEF DESCRIPTION OF THE DRAWINGS
[0018] The subject matter regarded as the invention will become more clearly understood in light of the ensuing description of embodiments herein, given by way of example and for purposes of illustrative discussion of the present invention only, with reference to the accompanying drawings, wherein
[0019] Figure 1 is a flowchart illustrating a simplified process of authenticating an email in accordance with the first embodiment of the present invention;
[0020] Figure 2 is a block diagram illustrating the components of the present invention in accordance with a second embodiment;
[0021] Figure 3 is a flowchart illustrating the process of email authentication in accordance with a second embodiment of the present invention which includes a dedicated email authentication server; [0022] Figure 4 is a block diagram illustrating an additional embodiment of the present invention which relates to a configuration in which the communication between the two clients is performed through two servers;
[0023] Figure 5 is a flowchart illustrating the process of message authentication in accordance with an embodiment of the present invention in which the communication between the two clients is performed through two servers;
[0024] Figure 6 is a block diagram illustrating another embodiment of the present invention according to which the communication between the two clients is performed through two servers and the authentication process is performed through a third dedicated secure server;
[0025] Figure 7 is a flowchart illustrating the process of message authentication in accordance with an embodiment of the present invention according to which the communication between the two clients is performed through two servers and the authentication process is performed through a third dedicated secure server.
[0026] The drawings together with the description make apparent to those skilled in the art how the invention may be embodied in practice.
[0027] No attempt is made to show structural details of the invention in more detail than is necessary for a fundamental understanding of the invention,
[0028] It will be appreciated that for simplicity and clarity of illustration, elements shown in the figures have not necessarily been drawn to scale. For example, the dimensions of some of the elements may be exaggerated relative to other elements for clarity. Further, where considered appropriate, reference numerals may be repeated among the figures to indicate corresponding or analogous elements. [0029] DESCRIPTION OF SOME EMBODIMENTS OF THE INVENTION [0030] The present invention is a system and a method for authenticating incoming emails and eliminating spam messages. Embodiments of the present invention include solutions for ensuring that the incoming email was sent from a person and not through an automated email dispatcher. According to some embodiments of the present invention the proposed system makes use of peer-to-peer (P2P) technology. According to additional embodiments the system makes use of client/server technology to authenticate an incoming email. The system includes a challenge- response mechanism for validating that the received email was sent from a legitimate sender before presenting the email to the recipient. Thus, users of the system are assured that all undesired junk emails are filtered out by the system and that they receive all the valid messages sent to them.
[0031] An embodiment is an example or implementation of the inventions. The various appearances of "one embodiment," "an embodiment" or "some embodiments" do not necessarily all refer to the same embodiments. Although various features of the invention may be described in the context of a single embodiment, the features may also be provided separately or in any suitable combination. Conversely, although the invention may be described herein in the context of separate embodiments for clarity, the invention may also be implemented in a single embodiment. [0032] Reference in the specification to "one embodiment", "an embodiment", "some embodiments" or "other embodiments" means that a particular feature, structure, or characteristic described in connection with the embodiments is included in at least one embodiments, but not necessarily all embodiments, of the inventions. It is understood that the phraseology and terminology employed herein is not to be construed as limiting and are for descriptive purpose only. [0033] The principles and uses of the teachings of the present invention may be better understood with reference to the accompanying description, figures and examples. It is to be understood that the details set forth herein do not construe a limitation to an application of the invention. Furthermore, it is to be understood that the invention can be carried out or practiced in various ways and that the invention can be implemented in embodiments other than the ones outlined in the description below. [0034] It is to be understood that the terms "including", "comprising", "consisting" and grammatical variants thereof do not preclude the addition of one or more components, features, steps, or integers or groups thereof and that the terms are to be construed as specifying components, features, steps or integers. The phrase "consisting essentially of, and grammatical variants thereof, when used herein is not to be construed as excluding additional components, steps, features, integers or groups thereof but rather that the additional features, integers, steps, components or groups thereof do not materially alter the basic and novel characteristics of the claimed composition, device or method.
[0035] If the specification or claims refer to "an additional" element, that does not preclude there being more than one of the additional element. It is to be understood that where the claims or specification refer to "a" or "an" element, such reference is not be construed that there is only one of that element. It is to be understood that where the specification states that a component, feature, structure, or characteristic "may", "might", "can" or "could" be included, that particular component, feature, structure, or characteristic is not required to be included.
[0036] Where applicable, although state diagrams, flow diagrams or both may be used to describe embodiments, the invention is not limited to those diagrams or to the corresponding descriptions. For example, flow need not move through each illustrated box or state, or in exactly the same order as illustrated and described. [0037] Methods of the present invention may be implemented by performing or completing manually, automatically, or a combination thereof, selected steps or tasks. The term "method" refers to manners, means, techniques and procedures for accomplishing a given task including, but not limited to, those manners, means, techniques and procedures either known to, or readily developed from known manners, means, techniques and procedures by practitioners of the art to which the invention belongs. The descriptions, examples, methods and materials presented in the claims and the specification are not to be construed as limiting but rather as illustrative only.
[0038] Meanings of technical and scientific terms used herein are to be commonly understood as by one of ordinary skill in the art to which the invention belongs, unless otherwise defined. The present invention can be implemented in the testing or practice with methods and materials equivalent or similar to those described herein. [0039] Any publications, including patents, patent applications and articles, referenced or mentioned in this specification are herein incorporated in their entirety into the specification, to the same extent as if each individual publication was specifically and individually indicated to be incorporated herein. In addition, citation or identification of any reference in the description of some embodiments of the invention shall not be construed as an admission that such reference is available as prior art to the present invention.
[0040] While the description below refers to email messages, this is for the purpose of simplifying the description. The disclosed system and method are applicable for any type of electronic messages transferred between a sending party and a receiving party. Such messages optionally include short messaging service (SMS) messages, multimedia messaging service (MMS) messages, instant messages, or any other type of electronic message.
[0041] According to embodiments of the present invention the process of authentication of an incoming email is performed in two stages. The first stage includes the automatic authentication of the address of the sender, such as the internet protocol (IP) address of the sender, and the second includes a process ensuring that the sending party is a person and not an automated email dispatcher. The address of the sender is automatically authenticated using a dedicated identification string. Additional meta-data is attached to the outgoing email by the dedicated software. The second stage of authentication makes use of any type of method known to people who are skilled in the art for validating that the user on the sending side is human, such as the Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) method. Only after the sending party successfully passes the validation procedure, does the system insert the incoming email into the inbox of the receiving party. According to a first embodiment of the present invention the system is a standalone client system. According to a second embodiment of the present invention the system is a client/server system. In both configurations the client end may be any type of computer, personal digital assistant (PDA), a cell phone and the like. [0042] According to one embodiment of the present invention this process is performed using P2P technology. According to this embodiment, all processes are performed on the client computers and the client computers connect directly to execute the authentication process after receiving the message in the traditional manner. Figure 1 is a flowchart illustrating a simplified process of authenticating an email in accordance with the first embodiment of the present invention. The flowchart illustrated in Figure 1 depicts the authentication process in a configuration according to which both the sending and the receiving parties have a dedicated software component locally installed.
[0043] First the sender initiates the process by sending the email using any known method (step 100). The designated software component on the client computer of the sending party attaches metadata to the outgoing email before the transmission to a server or a reciever (step 105). The metadata includes a unique identification code and the address of the sending party such as an Internet Protocol (IP) address and any additional information needed for a successful P2P connection. The metadata optionally includes additional data which may aid the receiving party to retrieve this information. This information is encrypted and attached to the outgoing email. Upon receiving the incoming email the dedicated software component examines the email before displaying it to the user. The dedicated software component on the client computer of the receiving party extracts the metadata attached to the incoming email and decrypts it (step 110). Then, it initiates a P2P handshake and sends two different queries to the client computer of the sending party. The first is an identification query to authenticate the metadata in the incoming email (step 115) and the second is an authentication challenge, such as a CAPTCHA challenge (step 120). The connection between the client computer of the receiving party and the client computer of the sending party is established directly using any type of direct communication link such as a P2P connection. The connection is performed according to the address of the sending party which is attached to the incoming email.
[0044] The sending party receives the two queries. The response to the metadata query is performed automatically (step 125). The user is prompt to respond to the CAPTCHA challenge manually (step 130). Both responses are sent back to the receiving party through the direct communication link between the two client computers which was established by the dedicated software. The dedicated software component on the client computer of the receiving party first checks that the CAPTCHA challenge was answered correctly (step 135). Provided that the response to the CAPTCHA challenge is correct, it also checks that the response to the identification query is valid (step 140). If the response to the identification query is valid the incoming mail is found to be authentic and is displayed to the user of the receiving party by placing the incoming email in the inbox (step 150). Provided that the response to the identification query is found to be invalid, the incoming email is marked as suspicious (step 155) and dealt with according to user preferences. If the CAPTCHA challenge was not answered correctly (step 135) the response to the identification query is also checked (step 145). Provided that the identification query in this instance is found to be invalid the email message is deleted (step 165). If the identification query is found to be valid the incoming email is marked as spam (step 160). The order of performing the validation checks - the CAPTCHA challenge (step 135) and the identification query (step 140, 145) -is interchangeable. [0045] According to some embodiments of the present invention users of the system on the receiving end can determine the level of security they wish to maintain. Thus, users can determine that email senders whose identification query or addresses are found to be valid but who do not pass the CAPTCHA challenge are still acceptable. Similarly, users can optionally adjust their user preferences to accept emails from senders who pass the CAPTCHA challenge but whose identification query or IP address are found to be invalid.
[0046] Provided that the dedicated software component is not installed on the client computer of the receiving party, the sending party attaches the metadata, but the process on the receiving end is performed in the normal manner in which incoming email is processed according to prior art. If the dedicated software component is not installed on the client computer of the sending party the dedicated software component on the client computer of the receiving party does not find the metadata in the incoming email. The user on the receiving end can optionally define the status of such mail messages. For instance, the user can define that these types of emails are marked as suspicious or are deleted automatically by the dedicated software. The dedicated software component on the client computer of the receiving party may then send an automatic reply email message to the sending party informing them that their email was rejected. This email optionally includes a link to a website from which the sending party can download the appropriate software component or plug-in for future correspondence.
[0047] According to the first embodiment the system may also be implemented whenever at least one of the parties uses a web-based mail server to send and receive emails. For these implementations the dedicated software component is installed on the web server of the web mail. If the sending party uses web mail to send the email, the dedicated software component on the web server of the web mail extracts the address of the sender and attaches it to the outgoing mail along with the unique identifier and additional information. This information is encrypted and attached to the outgoing email. In the verification and authentication process the web mail server receives the CAPTCHA challenge by a direct communication link. The dedicated component on the web mail server generates an email message and implants it in the inbox of the sender or in a different designated folder. This implanted email contains a type of CAPTCHA validation procedure such as an HTML form (ASP, PHP5 etc) , script, or even a specific console or dedicated software. When the sender answers the CAPTCHA the web-based mail server then extracts the answer of the user and transmits it back via a direct communication link.
[0048] Similarly, if the email account of the receiving party resides on a web-based mail server all authentication procedures are activated by a dedicated software component which resides on the web mail server. The dedicated software component on the web mail server sends the sending party the ID and IP address authentication requests and the CAPTCHA challenge, and examines the results accordingly. Only after receiving satisfactory results is the incoming mail transferred to the inbox of the receiving party in the web-based mail server. Otherwise the incoming mail is marked as suspicious, spam or deleted in accordance to the algorithm described above. [0049] According to a second embodiment of the present invention the system is also comprised of a dedicated server. Figure 2 is a block diagram illustrating the components of the present invention in accordance with a second embodiment. Client computer 200 is the sending party and client computer 210 is the receiving party. The receiving party can optionally be multiple client computers 210. The email is sent using traditional email server 240. All authentication and verification procedures are conducted through a dedicated secure server 230 which communicates both with sending party 200 and with receiving party 210. According to the second embodiment all authentication queries and challenges are conducted using dedicated secures server 230 instead of through a direct P2P communication link between the client computers of sending party 200 and receiving party 210.
[0050] Figure 3 is a flowchart illustrating the process of email authentication in accordance with a second embodiment of the present invention which includes a dedicated email authentication server. First, sending party logs on to the server (step 300). Then, sending party sends an email (step 300). Before the email is dispatched, a dedicated software component on client computer of sending party attaches encoded information containing metadata (a unique ID and address and other needed identifying information) to the email (step 305). The email is then sent to the client computers of the receiving parties and to the dedicated secured server, but it is not yet displayed to the users at the receiving end. A dedicated software component on the client computers of the receiving parties request an email authentication from dedicated secure server before determining whether the incoming email is displayed to the user (step 320). The dedicated secure server initiates a connection session with the client computer of the sending party. Through this communication session the dedicated secure server sends the sending party two queries: the first verifies that the unique ID and IP address details are correct (step 325), and the second is an authentication challenge, such as a CAPTCHA challenge (step 330). [0051] The sending party receives the two queries. The response to the metadata query is performed automatically (step 335). The user is prompt to respond to the CAPTCHA challenge manually (step 340). Both responses are sent back to the dedicated secure server through the secured communication link between the secure server and the client computer of the sending party. The dedicated secure server sends the results to the queries to the client computers of the receiving parties (step 345). The dedicated software components on the client computers of the receiving parties check that the CAPTCHA challenge was answered correctly (step 350). Provided that the response to the CAPTCHA challenge is correct, it also checks that the response to the identification query is valid (step 355). If the response to the identification query is valid the incoming mail is found to be authentic (step 365). Provided that the response to the identification query is found to be invalid, the incoming email is marked as suspicious (step 370). If the CAPTCHA challenge was not answered correctly (step 350) the response to the identification query is also checked (step 360). Provided that the identification query in this instance is found to be invalid the email message is marked as to be deleted (step 380). If the identification query is found to be valid the incoming email is marked as spam (step 375). The order of performing the validation checks - the CAPTCHA challenge (step 350) and the identification query (step 355, 360) - is interchangeable.
[0052] The status of the incoming email is then sent from the dedicated secure server to the client computer of the receiving party (step 370). The dedicated software component on the client computer of the receiving party treats the incoming message according to the results of the validation process conducted by the dedicated secure server and in accordance with user preference.
[0053] As mentioned above, according to some embodiments of the present invention users of the system on the receiving end can determine the level of security they wish to maintain. Thus, users can determine that email senders whose identification query or addresses are found to be valid but who do not pass the CAPTCHA challenges are still acceptable. Similarly, users can optionally adjust their user preferences to accept emails from senders who pass the CAPTCHA challenge but whose identification query or address are found to be invalid.
[0054] According to some embodiments of the present invention the dedicated software component on the client computer of the receiving party optionally includes a safe list of addresses. The safe list includes the email addresses of resources from which the user expects to receive emails and which are known to the user as reliable. This information can be extracted from the user's mail program such as inbox, sent items, contacts, address books and the like. AU emails received from addresses which are included in the safe list are transferred to the inbox of the user without conducting any of the verification queries described above.
[0055] According to some embodiments of the present invention the user of the system can optionally send an access code to a person from which he or she wishes to receive emails for conducting a correspondence. The access code can optionally be a temporary one or a constant one. The sending party then adds the access code to the outgoing email and the dedicated software component on the client computer of the receiving party identifies the access code and automatically marks the incoming email as safe according to the security preferences of the user. The access code is optionally generated randomly and may be permanent or good for only a single use. A randomly generated temporary code may prove useful for service providers who wish to publish a contact email address for the use of potential clients who are not clients of the system. Email addresses published on websites are harvested by web-robots searching for addresses to spam, and therefore quickly become blocked with junk mail and become useless. A periodically changing access code offers a simple solution to this problem since only emails from users who are equipped with an updated valid access code are saved by the system. AU other emails are quarantined or deleted. [0056] According to another embodiment of the present invention the sending party adds an access code in addition to the metadata to the outgoing email. The process of validation includes the automatic validation query to authenticate the metadata and the address and does not necessarily include the CAPTCHA challenge. This configuration enables ensuring a high level of security without having the sending party manually reply to a validation challenge.
[0057] Figure 4 is a block diagram illustrating an additional embodiment of the present invention which relates to a configuration in which the communication between the two clients is performed through two servers. Sending client 400 is connected to a mail server 420, and the client of the recipient 410 is also connected to a mail server 430. In such cases the dedicated software runs on the dedicated mail servers 420, 430, thus, most authentication procedures are performed on the servers. The described embodiment relates to cellular phones, but it may also relate to computer clients connected to a central mail server such as users connected to a company server.
[0058] Figure 5 is a flowchart illustrating the process of message authentication in accordance with an embodiment of the present invention in which the communication between the two clients is performed through two servers. A cellular phone user sends a message to a second cellular phone client (step 500). The message can optionally be a short messaging service (SMS) message, an email message, a multimedia messaging service (MMS) message or any other type of message. The message goes through a dedicated messages server 420 of the cell-phone company. Server 420 adds the needed metadata to the message and sends it to server 430 of the receiving party (step 505). Server 430 of the receiving party extracts the metadata (step 510), generates a verification process, and initiates an authentication procedure with server 420 of the sending party (step 515). This process is optionally performed in accordance with user preferences. This procedure can optionally include a CAPTCHA request: server 430 of the receiving party sends server 420 of the sending party the CAPTCHA request (step 525). Server 420 of the sending party forwards the CAPTCHA request directly to the client of the sending party 400 using any form of communication or technology known in the art (step 535). The sender manually inserts the answer to the CAPTCHA challenge (step 540) and transmits it back to server 420 of the sending party. Server 420 of the sending party transmits the CAPTCHA request answer to server 430 of the receiving party (step 545). The answer of the sender is analyzed by server 430 of the receiving party (step 550).
[0059] Simultaneously, server 430 of the receiving party sends server 420 of the sending party a request to authenticate the identification and metadata information (step 520). In response, server 420 of the sending party automatically replies to the request for authenticating the identification and metadata information (step 530). The answer of server 420 of the sending party is analyzed by server 430 of the receiving party (step 550). If server 430 of the receiving party approves the results of the authentication procedure (steps 555 and 560), the message is transmitted to the cellular phone of the receiving party 410 (step 570). Otherwise, the message is quarantined or deleted, according to user preferences.)
[0060] Figure 6 is a block diagram illustrating another embodiment of the present invention according to which the communication between the two clients is performed through two servers and the authentication process is performed through a third dedicated secure server. According to this embodiment the sending party sends a message through client computer 600 of the sending party. The message is transmitted from client computer 600 of the sending party to server 620 of the sending party. Server 620 of the sending party transmits the message to servers 640 of the receiving parties 610. The validation procedure of the message is performed on dedicated secure server 630. After the authentication procedure is completed dedicated secure server 620 informs servers 640 of the receiving parties about the security status of the incoming message. According to the security status of the incoming message and the user preferences servers 640 of the receiving parties decide whether to transmit the message to the client computers 610 of the receiving parties, to delete the message or to quarantine it. [0061] Figure 7 is a flowchart illustrating the process of message authentication in accordance with an embodiment of the present invention according to which the communication between the two clients is performed through two servers and the authentication process is performed through a third dedicated secure server. The process combines two embodiments described above: a communication between sending party and the receiving party which is performed through two servers as illustrated in Figure 5 and the embodiment which includes a dedicated secure server for performing the authentication process as illustrated in Figure 3. [0062] After the sending party sends the message (step 700), the identification information and metadata are attached to the message by server 620 of the sending party (step 705). Server 620 of the sending party logs into dedicated secure server 630 (step 710) and sends both dedicated secure server 630 and servers 640 of the receiving parties the message (step 715). Servers 640 of the receiving parties retrieve the identification and metadata from the message (step 720) and request the authentication of dedicated secure server 630 (step 725). Dedicated secure server 630 sends the CAPTCHA challenge to server 620 of the sending party (step 735) which in turn forwards the challenge to client computer 600 of the sending party (step 745). Sending party replies manually to the CAPTCHA challenge (step 750) and the server 620 of the sending party sends the reply to the dedicated secure server 630 (step 755). [0063] At the same time dedicated secure server 630 sends the identification information and the metadata to server 620 of the sending party for authentication (step 730). Servers 640 of the receiving parties can optionally also send the identification information and the metadata to the server 620 of the sending party for authentication. Server 620 of the sending party replies to the authentication requests (step 740). AU results are gathered by dedicated secure server 630 forwarded to servers 640 of the receiving parties (step 760). The answers of server 620 of the sending party are analyzed by servers 640 of the receiving parties (step 760). If servers 640 of the receiving parties approve the results of the authentication procedure (steps 770 and 775), the message is transmitted to client computers 610 of the receiving party (step 785). Otherwise, the message is quarantined or deleted, according to user preferences.
[0064] According to another embodiment of the present invention all authentication procedures are performed using a dedicated address such as a mailbox, the transmission of the authentication message according this option is established through traditional non-direct mail communication (SMTP/POP/IMAP) or other technologies which enable transmission through direct communication. The system then exercises the messages authentication validation procedures, as described above via this dedicated address. Messages in the dedicated address are used only for authentication validation purposes and are eventually erased without being transferred to the message management application program of the client. The dedicated address can be used for serving one or multiple mailboxes of clients. All other authentication procedures are performed as described above. Messages which are found to be valid using the dedicated address for dedicated software communication and authentication validation, are automatically transferred to the inbox of the receiving party, other messages are deleted, quarantined or flagged in accordance with user preferences. According to this embodiment users residing behind firewalls do not have to configure additional secure communication lines in their firewalls and are able to make use of the disclosed authentication validation system and method through existing email communication routes, these communication can optionally work in batch mode. [0065] According to yet another embodiment of the present invention it is suggested to implement the same authentication procedure as described above for validating remote access to a database. The validation procedure is performed between the user requesting to access the database (the sending party) and the database (the receiving party). After the sending party sends the request to access the database, a dedicated software component associated with the database, establishes a second communication link with the dedicated software component on the client computer of the sending party. Via the second communication link the validation procedure is performed between the dedicated software components on both ends. This procedure ensures that automatic programs cannot access the database since automatic programs cannot successfully answer the CAPTCHA challenge.
[0066] While the invention has been described with respect to a limited number of embodiments, these should not be construed as limitations on the scope of the invention, but rather as exemplifications of some of the embodiments. Those skilled in the art will envision other possible variations, modifications, and applications that are also within the scope of the invention. Accordingly, the scope of the invention should not be limited by what has thus far been described, but by the appended claims and their legal equivalents. Therefore, it is to be understood that alternatives, modifications, and variations of the present invention are to be construed as being within the scope and spirit of the appended claims.

Claims

What is claimed is:
1. A method for automatically authenticating incoming electronic messages from a sending party to a receiving party, wherein said electronic message is transferred to a first electronic address of the receiving party via a data communication network, said method comprising the steps of:
- transferring at least one validation query to said sending party to a second electronic address , wherein said second address is configured to receive only validation communication;
- determining the level of validity of said incoming electronic message in accordance with responses to said validation query received from said sending party.
2. The method of claim 1 further comprising the step of establishing a second data communication link, wherein the validation query is transferred via said second communication link.
3. The method of claim 2 wherein said second communication link is a direct communication link.
4. The method of claim 3 wherein said direct communication link is a peer-to-peer communication link.
5. The method of claim 2 wherein said second communication link is established via a dedicated secure server.
6. The method of claim 1 further including the step of attaching metadata to the outgoing electronic message by sending party.
7. The method of claim 6 wherein said metadata includes at least one of the following: the electronic address of the sending party, a unique identification code.
8. The method of claim 7 wherein said validation query includes the step of validating said electronic address of said sending party.
9. The method of claim 1 wherein said query includes a challenge for validating that the sending party is human.
10. The method of claim 9 wherein said challenge is a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) challenge.
11. The method of claim 1 further including the step of adding an access code by sending party to an outgoing electronic message wherein said access code provides a validation for the authentication of said outgoing electronic message.
12. The method of claim 11 wherein said addition of said access code annuls the step of sending said validation query.
13. The method of claim 6 further including the step of sending a challenge query to said sending party wherein said query includes a challenge for validating that the sending party is human.
14. The method of claim 13 wherein said metadata includes at least one of the following: the electronic address of the sending party, a unique identification code.
15. The method of claim 13 wherein said validation query includes the step of validating said electronic address of said sending party.
16. The method of claim 13 wherein said challenge is a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) challenge.
17. The method of claim 2 wherein said receiving party is a remote database management application and said electronic message is a request for accessing said remote database.
18. A system for automatically authenticating incoming electronic messages from a sending party to a receiving party, wherein said electronic message is transferred to a first electronic address of the receiving party via a first data communication network, said system comprises:
- a sender module for supporting said authentication process of said electronic message, wherein the supporting include at least one query transferred to a second electronic address of the receiving party;
- a validation module for performing the validation process , said validation process includes checking recipient response to said query . .
19. The system of claim 18 further comprising a second data communication link, wherein the query transferred through said second communication link.
20. The system of claim 18 wherein said sender module attaches metadata to said electronic message before the message is sent.
21. The system of claim 18 wherein said sender module resides on at least one of the following: the client computer of said sending party, a mail server, a message server, a web mail server.
22. The system of claim 18 wherein said validation module resides on at least one of the following: the client computer of said receiving party, a mail server, a message server, a web mail server.
23. The system of claim 18 further comprising a dedicated secured server, wherein said second data communication link is established via said dedicated server.
24. The system of claim 22 wherein said validation module resides on said dedicated server.
25. The system of claim 18 wherein said second communication link is a direct communication link.
6. The system of claim 18 wherein said direct communication link is a peer-to- peer communication link.
PCT/IL2007/000950 2006-07-31 2007-07-30 Communication authenticator WO2008015669A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US83424506P 2006-07-31 2006-07-31
US60/834,245 2006-07-31

Publications (2)

Publication Number Publication Date
WO2008015669A2 true WO2008015669A2 (en) 2008-02-07
WO2008015669A3 WO2008015669A3 (en) 2009-05-07

Family

ID=38997562

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL2007/000950 WO2008015669A2 (en) 2006-07-31 2007-07-30 Communication authenticator

Country Status (1)

Country Link
WO (1) WO2008015669A2 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013123560A1 (en) * 2012-02-21 2013-08-29 Jillian Jolly Moveable frame arrangement
WO2014035674A1 (en) * 2012-08-28 2014-03-06 Alcatel Lucent Direct electronic mail
WO2016049644A1 (en) * 2014-09-26 2016-03-31 Sanjay Parekh Method and system for email privacy, security and information theft detection
US11005802B1 (en) 2020-06-25 2021-05-11 Sony Corporation Importance determination for undelivered messages
US11962719B2 (en) 2022-08-18 2024-04-16 Sony Group Corporation Real time verification of caller identification (ID)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030196116A1 (en) * 2002-04-15 2003-10-16 Todd Troutman Electronic mail blocking system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030196116A1 (en) * 2002-04-15 2003-10-16 Todd Troutman Electronic mail blocking system

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013123560A1 (en) * 2012-02-21 2013-08-29 Jillian Jolly Moveable frame arrangement
WO2014035674A1 (en) * 2012-08-28 2014-03-06 Alcatel Lucent Direct electronic mail
US20140067962A1 (en) * 2012-08-28 2014-03-06 Alcatel-Lucent Direct electronic mail
US9338119B2 (en) 2012-08-28 2016-05-10 Alcatel Lucent Direct electronic mail
WO2016049644A1 (en) * 2014-09-26 2016-03-31 Sanjay Parekh Method and system for email privacy, security and information theft detection
US10419476B2 (en) 2014-09-26 2019-09-17 Sanjay M. Parekh Method and system for email privacy, security, and information theft detection
US10931709B2 (en) 2014-09-26 2021-02-23 MailMosh, Inc. Method and system for email privacy, security, and information theft detection
US11005802B1 (en) 2020-06-25 2021-05-11 Sony Corporation Importance determination for undelivered messages
US11962719B2 (en) 2022-08-18 2024-04-16 Sony Group Corporation Real time verification of caller identification (ID)

Also Published As

Publication number Publication date
WO2008015669A3 (en) 2009-05-07

Similar Documents

Publication Publication Date Title
US7917757B2 (en) Method and system for authentication of electronic communications
US20200382496A9 (en) Domain-based Isolated Mailboxes
US8819410B2 (en) Private electronic information exchange
US6615348B1 (en) Method and apparatus for an adapted digital signature
US20050015455A1 (en) SPAM processing system and methods including shared information among plural SPAM filters
KR101109817B1 (en) Method and apparatus for reducing e-mail spam and virus distribution in a communications network by authenticating the origin of e-mail messages
US20030231207A1 (en) Personal e-mail system and method
US20060149823A1 (en) Electronic mail system and method
US20040236838A1 (en) Method and code for authenticating electronic messages
WO2009011807A1 (en) Sender authentication for difficult to classify email
Schryen Anti-spam measures
JP2012185858A (en) Method of confirming intended recipient of electronic message before delivery, and method of dynamically generating message contents during confirmation
US20060031338A1 (en) Challenge response systems
US20060053202A1 (en) Method and system implementing secure email
US20080276318A1 (en) Spam detection system based on the method of delayed-verification on the purported responsible address of a message
WO2008015669A2 (en) Communication authenticator
WO2004054188A1 (en) Electronic mail system
EP1145485B1 (en) Apparatus and method for an authenticated electronic userid
Baran Stopping spam with sending session verification
KR20080093084A (en) System for blocking spam mail
GB2405004A (en) Electronic message filtering
KR20080069281A (en) System for blocking spam mail and method of the same
JP2009505216A (en) System and method for detecting and filtering unsolicited electronic messages
Schwenk Email: Protocols and SPAM
Chrobok et al. Advantages and vulnerabilities of pull-based email-delivery

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07790005

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 07790005

Country of ref document: EP

Kind code of ref document: A2