E-mail authentication

US 10,284,597 B2
Filed: 01/28/2013
Issued: 05/07/2019
Est. Priority Date: 05/07/2007
Status: Active Grant

First Claim

Patent Images

1. A method for determining whether at least one e-mail originates from a forged source, the method comprising:

receiving data at a client device pertaining to the least one e-mail directed to at least one intended recipient, wherein the data includes information identifying a purported sender;

sending a query from the client device to a verification host requesting confirmation that the at least one e-mail originated from the purported sender, wherein the query includes information identifying the at least one e-mail comprising at least one of at least a portion of text contained in a message body of the e-mail or a hash of the at least a portion of the text;

receiving, by the client device, a response from the verification host indicating whether or not the at least one e-mail originated from the purported sender based on whether the purported sender sent an e-mail that matches the information identifying the at least one e-mail to the intended recipient; and

determining that the at least one e-mail originates from a forged source unless the response indicates that the at least one e-mail originated from the purported sender.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for determining whether an e-mail originates from a sender authorized by an address provider to send the e-mail to an intended recipient'"'"'s e-mail address. The e-mail identifies an address provider from which the intended recipient'"'"'s e-mail address was obtained. The e-mail is delivered to the intended recipient only upon verification that the sender is authorized by the address provider to obtain the intended recipient'"'"'s e-mail address. The system and method may also provide for determining whether an e-mail originates from a forged source. A server receives data relating to an e-mail, including a purported sender and a verification host. The server queries the verification host with information pertaining to the e-mail and requests confirmation that the e-mail originates from the purported sender. The e-mail is determined to originate from a forged source unless the verification host responds that the e-mail originates from the purported sender.

33 Citations

View as Search Results

20 Claims

1. A method for determining whether at least one e-mail originates from a forged source, the method comprising:
- receiving data at a client device pertaining to the least one e-mail directed to at least one intended recipient, wherein the data includes information identifying a purported sender;
  
  sending a query from the client device to a verification host requesting confirmation that the at least one e-mail originated from the purported sender, wherein the query includes information identifying the at least one e-mail comprising at least one of at least a portion of text contained in a message body of the e-mail or a hash of the at least a portion of the text;
  
  receiving, by the client device, a response from the verification host indicating whether or not the at least one e-mail originated from the purported sender based on whether the purported sender sent an e-mail that matches the information identifying the at least one e-mail to the intended recipient; and
  
  determining that the at least one e-mail originates from a forged source unless the response indicates that the at least one e-mail originated from the purported sender.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the information identifying the purported sender includes any one or more of the following:
    - an e-mail address, a domain name, and an IP address.
  - 3. The method of claim 1, wherein the verification host is a server operated by the purported sender.
  - 4. The method of claim 3, wherein the step of querying the verification host is conducted via a two-way transmission channel.
  - 5. The method of claim 1, wherein the information identifying the at least one e-mail further comprises any one or more selected from the group consisting of:
    - a hash value, a checksum, a digest of the e-mail, and an authorization code.
  - 6. The method of claim 5, wherein delivery of the at least one e-mail to the intended recipient is prevented if the e-mail is determined to not have originated from the purported sender.
  - 7. The method of claim 1, further comprising determining an address for the verification host from information contained in the at least one e-mail.
  - 8. The method of claim 1, further comprising the steps of determining an identity of hosts authorized to transmit e-mails for the purported sender.
  - 9. The method of claim 1, further comprising the step of determining an identity of hosts authorized to transmit e-mails for the purported sender.
  - 10. The method of claim 9, wherein delivery of the at least one e-mail to the at least one intended recipient is prevented if the at least one e-mail is not being transmitted from an authorized host.
  - 11. The method of claim 1, wherein the verification host comprises a third party server authorized by the purported source.
  - 12. The method of claim 1, wherein the at least one e-mail is a plurality of e-mails and wherein a single query is provided for the plurality of e-mails.
  - 13. The method of claim 12, wherein delivery of the plurality of e-mails to the intended recipients is allowed only if every one of the plurality of e-mails is determined to have originated from the purported sender.
  - 14. The method of claim 12, wherein the response from the verification host indicates that at least one of the plurality of e-mails does not originate from the purported sender.
  - 15. The method of claim 14 further comprising the step of dividing the plurality of e-mails into a plurality of groups.
  - 16. The method of claim 15 further comprising the step of querying the verification host to confirm that the e-mails in the plurality of groups originates from the purported senders.

17. An apparatus comprising a processor operatively coupled to a memory, the memory holding instructions that when executed by the processor, cause the apparatus to perform operations comprising:
- receiving data pertaining to the least one e-mail directed to at least one intended recipient, wherein the data includes information identifying a purported sender;
  
  sending a query to a verification host requesting confirmation that the at least one e-mail originated from the purported sender, wherein the query includes information identifying the at least one e-mail comprising at least one of at least a portion of text contained in a message body of the e-mail or a hash of the at least a portion of the text;
  
  receiving a response from the verification host indicating whether or not the at least one e-mail originated from the purported sender based on whether the purported sender sent an e-mail that matches the information identifying the at least one e-mail to the intended recipient; and
  
  determining that the at least one e-mail originates from a forged source unless the response indicates that the at least one e-mail originated from the purported sender.
- View Dependent Claims (18, 19, 20)
- - 18. The apparatus of claim 17, wherein the instructions further specify that the information identifying the at least one e- mail further comprises any one or more selected from the group consisting of:
    - a hash value, a checksum, a digest of the e-mail, and an authorization code.
  - 19. The apparatus of claim 17, wherein the instructions further comprise determining an address for the verification host from information contained in the at least one e-mail.
  - 20. The apparatus of claim 17, wherein the instructions further specify that at least one e-mail is a plurality of e-mails and wherein a single query is provided for the plurality of e-mails.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gary S. Shuster
Original Assignee
Gary S. Shuster
Inventors
Shuster, Gary Stephen
Primary Examiner(s)
Dada, Beemnet W

Application Number

US13/752,149
Publication Number

US 20140215571A1
Time in Patent Office

2,290 Days
Field of Search

713168, 713170, 709206, 709207
US Class Current
CPC Class Codes

H04L 63/126 the source of the received ...

H04L 63/1483 service impersonation, e.g....

E-mail authentication

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

E-mail authentication

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links