SYSTEMS AND METHODS FOR PREVENTING SPAM AND DENIAL OF SERVICE ATTACKS IN MESSAGING, PACKET MULTIMEDIA, AND OTHER NETWORKS

US 20050132060A1
Filed: 12/05/2004
Published: 06/16/2005
Est. Priority Date: 12/15/2003
Status: Abandoned Application

First Claim

Patent Images

1. A system for preventing messaging spam, comprising:

a packet network;

one or more gateways coupled to the packet network and operable to authenticate messages and message senders, reject inauthentic message traffic, and detect and control excessive message traffic; and

one or more network authorities coupled to the packet network and operable to register and certify gateways and other network authorities.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, various methods, and various apparatuses are provided for the purpose of supplying and including in an electronic message or multimedia session signalling unit a valid cryptographic authentication token, verifying said token'"'"'s validity upon arrival of said message or signalling unit, and thereby providing message recipients or session parties with the assurance that said message or signalling unit is from a valid sender. A system, apparatus, and various methods are further provided for the purpose of protecting legitimate application traffic and the network elements exchanging it from intrusion by wild packets attempting to consume application resources and thereby deny service to legitimate users or network elements. A system, various methods, and various apparatuses are further provided for the purpose of enabling legitimate advertising via electronic messages, relying upon message and sender authentication to assure both advertisers and viewers of advertising messages that all participants are valid, legitimate, and accountable for any abuse that may occur.

363 Citations

24 Claims

1. A system for preventing messaging spam, comprising:
- a packet network;
  
  one or more gateways coupled to the packet network and operable to authenticate messages and message senders, reject inauthentic message traffic, and detect and control excessive message traffic; and
  
  one or more network authorities coupled to the packet network and operable to register and certify gateways and other network authorities.
- View Dependent Claims (2, 8)
- - 2. The system of claim 1, further comprising one or more user registries coupled to the packet network and operable to provide per-user management of questionable message traffic.
  - 8. The system of claim 1, further comprising one or more user registries coupled to the packet network and operable to provide per-user management of questionable multimedia traffic.

3. A messaging anti-spam gateway comprising:
- an information security element operable to create authentication tokens for outgoing messages and to verify authentication tokens in incoming messages; and
  
  a message relay element operable to forward messages with verified authentication tokens.

4. A user registry comprising:
- an information security element operable to register and authenticate users; and
  
  an account management element operable to provide users access to information related to their registration and, as necessary, create authentication tokens.
- View Dependent Claims (5)
- - 5. The user registry of claim 4, further comprising a webmail proxy that permits users to send and receive authenticated messages.

6. A network authority comprising:
- an information security element operable to register and certify other network elements; and
  
  an introduction management element operable to provide other network elements with encryption/authentication certificates issued by the network authority.

7. A system for preventing multimedia spam, comprising:
- a packet network;
  
  one or more gateways coupled to the packet network and operable to authenticate multimedia signalling units and their senders, reject inauthentic multimedia signalling traffic, and detect and control excessive multimedia signalling traffic; and
  
  one or more network authorities coupled to the packet network and operable to register and certify gateways and other network authorities.

9. A multimedia antispam gateway comprising:
- an information security element operable to create authentication tokens for outgoing multimedia signalling units and to verify authentication tokens in incoming multimedia signalling units; and
  
  a signalling relay element operable to forward multimedia signalling units with verified authentication tokens.

10. A method of preventing spam in a messaging service, comprising:
- deploying an antispam gateway at the boundary of each protected network;
  
  authenticating the sender of every outgoing message;
  
  placing an authentication token in every outgoing message;
  
  verifying the authentication token in any incoming message containing one; and
  
  discarding any message for which the authentication token does not verify.
- View Dependent Claims (11, 12, 13)
- - 11. A method in accordance with claim 10, further comprising:
    - deploying an antispam agent adjacent to the messaging client of any user not served by an antispam gateway in a protected network; and
      
      inviting the sender of any message not containing an authentication token to acquire an antispam agent.
  - 12. A method in accordance with claim 10, further comprising:
    - tracking and limiting the amount of messaging traffic of each user;
      
      providing feedback to each user regarding excessive and suspicious traffic; and
      
      learning new traffic limits based on user response to feedback.
  - 13. A method in accordance with claim 10, further comprising:
    - tracking the amount of incoming messaging traffic; and
      
      providing feedback to sending gateways regarding sources of excessive messaging traffic.

14. A method of preventing spam in a multimedia service, comprising:
- deploying an antispam gateway at the boundary of each protected network;
  
  authenticating the sender of every outgoing multimedia signalling unit;
  
  placing an authentication token in every outgoing multimedia signalling unit; and
  
  verifying the authentication token in any incoming multimedia signalling unit containing one.
- View Dependent Claims (15, 16, 17, 18)
- - 15. A method in accordance with claim 14, further comprising:
    - providing distinctive alerting to a called user that the calling user identified by a multimedia signalling unit is unverified.
  - 16. A method in accordance with claim 14, further comprising:
    - deploying an antispam agent adjacent to the multimedia signalling client of any user not served by an antispam gateway in a protected network.
  - 17. A method in accordance with claim 14, further comprising:
    - tracking and limiting the amount of multimedia signalling traffic of each user;
      
      providing feedback to each user regarding excessive traffic; and
      
      learning new traffic limits based on user response to feedback.
  - 18. A method in accordance with claim 14, further comprising:
    - tracking the amount of incoming multimedia signalling traffic; and
      
      providing feedback to sending gateways regarding sources of excessive multimedia signalling traffic.

19. A system for enabling dynamic electronic advertising with interactive communication, comprising:
- a spam-free messaging medium;
  
  one or more directory engines operable to collate and present listings and to support communication between users and listers; and
  
  a directory clearinghouse operable to coordinate listings and communication services among multiple directory engines.

20. A method of providing mediated communication between advertisers and prospective customers, comprising:
- deploying a spam-free communication medium;
  
  offering advertising listings featuring mediated communication opportunities;
  
  requesting a mediated communication; and
  
  delivering the mediated communication such that the prospective customer'"'"'s identity is not revealed to the advertiser.

21. A system for preventing denial of service attacks against applications, comprising:
- a packet network;
  
  one or more secure application gateways coupled to the packet network and operable to characterize and enforce normal application traffic levels, encrypt legitimate application traffic, and randomize communication ports so that wild traffic cannot interfere with legitimate application traffic; and
  
  one or more network authorities coupled to the packet network and operable to register and certify secure application gateways and other network authorities.

22. A secure application gateway comprising:
- an exposed application proxy element, operable to process and track wild traffic;
  
  a secured application proxy element, operable to process and track protected traffic; and
  
  an information security element, operable to randomize communication ports, authenticate correspondents, and encrypt communications.

23. A method of randomizing communication ports such that wild traffic cannot interfere with legitimate application traffic, comprising:
- storing randomization parameters associated with a destination server in that server'"'"'s encryption and authentication certificate;
  
  selecting a listening port at that server by combining its randomization parameters with the current time;
  
  at a requesting server, retrieving from a network authority the encryption and authentication certificate, including randomization parameters, of the destination server for a particular transaction; and
  
  at the requesting server, selecting a destination port on the destination server by combining the destination server'"'"'s randomization parameters with the current time.

24. A method of enforcing normal application traffic levels, comprising;
- characterizing normal traffic;
  
  detecting abnormal traffic;
  
  tracing abnormal traffic back to its originators; and
  
  preventing those originators from creating further abnormal traffic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Autouptodate LLC
Original Assignee
Autouptodate LLC
Inventors
Au, Sandra, Mo, Richard, Bishop, James William Jr.

Application Number

US10/904,919
Publication Number

US 20050132060A1
Time in Patent Office

Days
Field of Search
US Class Current

709/227
CPC Class Codes

H04L 2463/141   Denial of service attacks a...

H04L 51/212   using filtering or selectiv...

H04L 63/1458   Denial of Service

H04L 65/1079   of unsolicited session atte...

SYSTEMS AND METHODS FOR PREVENTING SPAM AND DENIAL OF SERVICE ATTACKS IN MESSAGING, PACKET MULTIMEDIA, AND OTHER NETWORKS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

363 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR PREVENTING SPAM AND DENIAL OF SERVICE ATTACKS IN MESSAGING, PACKET MULTIMEDIA, AND OTHER NETWORKS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

363 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links