SYSTEMS AND METHODS FOR PREVENTING SPAM AND DENIAL OF SERVICE ATTACKS IN MESSAGING, PACKET MULTIMEDIA, AND OTHER NETWORKS
First Claim
1. A system for preventing messaging spam, comprising:
- a packet network;
one or more gateways coupled to the packet network and operable to authenticate messages and message senders, reject inauthentic message traffic, and detect and control excessive message traffic; and
one or more network authorities coupled to the packet network and operable to register and certify gateways and other network authorities.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, various methods, and various apparatuses are provided for the purpose of supplying and including in an electronic message or multimedia session signalling unit a valid cryptographic authentication token, verifying said token'"'"'s validity upon arrival of said message or signalling unit, and thereby providing message recipients or session parties with the assurance that said message or signalling unit is from a valid sender. A system, apparatus, and various methods are further provided for the purpose of protecting legitimate application traffic and the network elements exchanging it from intrusion by wild packets attempting to consume application resources and thereby deny service to legitimate users or network elements. A system, various methods, and various apparatuses are further provided for the purpose of enabling legitimate advertising via electronic messages, relying upon message and sender authentication to assure both advertisers and viewers of advertising messages that all participants are valid, legitimate, and accountable for any abuse that may occur.
363 Citations
24 Claims
-
1. A system for preventing messaging spam, comprising:
-
a packet network;
one or more gateways coupled to the packet network and operable to authenticate messages and message senders, reject inauthentic message traffic, and detect and control excessive message traffic; and
one or more network authorities coupled to the packet network and operable to register and certify gateways and other network authorities. - View Dependent Claims (2, 8)
-
-
3. A messaging anti-spam gateway comprising:
-
an information security element operable to create authentication tokens for outgoing messages and to verify authentication tokens in incoming messages; and
a message relay element operable to forward messages with verified authentication tokens.
-
-
4. A user registry comprising:
-
an information security element operable to register and authenticate users; and
an account management element operable to provide users access to information related to their registration and, as necessary, create authentication tokens. - View Dependent Claims (5)
-
-
6. A network authority comprising:
-
an information security element operable to register and certify other network elements; and
an introduction management element operable to provide other network elements with encryption/authentication certificates issued by the network authority.
-
-
7. A system for preventing multimedia spam, comprising:
-
a packet network;
one or more gateways coupled to the packet network and operable to authenticate multimedia signalling units and their senders, reject inauthentic multimedia signalling traffic, and detect and control excessive multimedia signalling traffic; and
one or more network authorities coupled to the packet network and operable to register and certify gateways and other network authorities.
-
-
9. A multimedia antispam gateway comprising:
-
an information security element operable to create authentication tokens for outgoing multimedia signalling units and to verify authentication tokens in incoming multimedia signalling units; and
a signalling relay element operable to forward multimedia signalling units with verified authentication tokens.
-
-
10. A method of preventing spam in a messaging service, comprising:
-
deploying an antispam gateway at the boundary of each protected network;
authenticating the sender of every outgoing message;
placing an authentication token in every outgoing message;
verifying the authentication token in any incoming message containing one; and
discarding any message for which the authentication token does not verify. - View Dependent Claims (11, 12, 13)
-
-
14. A method of preventing spam in a multimedia service, comprising:
-
deploying an antispam gateway at the boundary of each protected network;
authenticating the sender of every outgoing multimedia signalling unit;
placing an authentication token in every outgoing multimedia signalling unit; and
verifying the authentication token in any incoming multimedia signalling unit containing one. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A system for enabling dynamic electronic advertising with interactive communication, comprising:
-
a spam-free messaging medium;
one or more directory engines operable to collate and present listings and to support communication between users and listers; and
a directory clearinghouse operable to coordinate listings and communication services among multiple directory engines.
-
-
20. A method of providing mediated communication between advertisers and prospective customers, comprising:
-
deploying a spam-free communication medium;
offering advertising listings featuring mediated communication opportunities;
requesting a mediated communication; and
delivering the mediated communication such that the prospective customer'"'"'s identity is not revealed to the advertiser.
-
-
21. A system for preventing denial of service attacks against applications, comprising:
-
a packet network;
one or more secure application gateways coupled to the packet network and operable to characterize and enforce normal application traffic levels, encrypt legitimate application traffic, and randomize communication ports so that wild traffic cannot interfere with legitimate application traffic; and
one or more network authorities coupled to the packet network and operable to register and certify secure application gateways and other network authorities.
-
-
22. A secure application gateway comprising:
-
an exposed application proxy element, operable to process and track wild traffic;
a secured application proxy element, operable to process and track protected traffic; and
an information security element, operable to randomize communication ports, authenticate correspondents, and encrypt communications.
-
-
23. A method of randomizing communication ports such that wild traffic cannot interfere with legitimate application traffic, comprising:
-
storing randomization parameters associated with a destination server in that server'"'"'s encryption and authentication certificate;
selecting a listening port at that server by combining its randomization parameters with the current time;
at a requesting server, retrieving from a network authority the encryption and authentication certificate, including randomization parameters, of the destination server for a particular transaction; and
at the requesting server, selecting a destination port on the destination server by combining the destination server'"'"'s randomization parameters with the current time.
-
-
24. A method of enforcing normal application traffic levels, comprising;
-
characterizing normal traffic;
detecting abnormal traffic;
tracing abnormal traffic back to its originators; and
preventing those originators from creating further abnormal traffic.
-
Specification