Challenge response systems

US 20060031338A1
Filed: 08/09/2004
Published: 02/09/2006
Est. Priority Date: 08/09/2004
Status: Active Grant

First Claim

Patent Images

1. A challenge-response system that mitigates dissemination of spam comprising:

a sending component that sends messages including information, at least a portion of which is used for verification;

a challenge receiving component that receives challenges, the challenges comprising at least a portion of the verification information sent by the sending component or derived therefrom; and

a verification component that verifies that the sender sent the message in part by utilizing the verification information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are systems and methods that facilitate securing communication channels used in a challenge-response system to mitigate spammer intrusion or deception. The systems and methods make use of unique IDs that can be added to outbound messages originating from a sender, a recipient, and a third-party server. The IDs can be correlated according to the relevant parties. Thus, for example, a sender can add a signed ID to an outgoing message. A challenge sent back to the sender for that particular message can echo the same ID or a new ID derived from the original ID to allow a sender to verify that the challenge corresponds to an actual message. The IDs can include cookies as well to facilitate correlation of messages and to facilitate the retrieval of messages once a sender is determined to be legitimate.

118 Citations

View as Search Results

44 Claims

1. A challenge-response system that mitigates dissemination of spam comprising:
- a sending component that sends messages including information, at least a portion of which is used for verification;
  
  a challenge receiving component that receives challenges, the challenges comprising at least a portion of the verification information sent by the sending component or derived therefrom; and
  
  a verification component that verifies that the sender sent the message in part by utilizing the verification information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 44)
- - 2. The system of claim 1, further comprising a component that responds to challenges.
  - 3. The system of claim 1, the verification component signs or encrypts information about each of the sender'"'"'s outbound messages and includes at least a portion of that information in the challenge.
  - 4. The system of claim 3, the verification component employs a key stored on a server to sign or encrypt the information.
  - 5. The system of claim 4, the key employed is the same for all clients and/or for the recipient'"'"'s server.
  - 6. The system of claim 1, an information storage component that stores at least some information about substantially all of the sender'"'"'s outbound messages.
  - 7. The system of claim 6, the information storage component assigns and/or stores an ID for the message for substantially all of the sender'"'"'s outbound messages.
  - 8. The system of claim 6, the message ID is used to correlate the sender'"'"'s responses with the message that was challenged.
  - 9. The system of claim 6, the information comprises at least one of a subject, recipient, unique ID or random number, number of recipients, number of expected challenges, and date of the message.
  - 10. The system of claim 1, the verification component communicates to the sender that the message originated from the sender in accordance with the verification information.
  - 11. The system of claim 1, the verification component communicates to the sender that the message did not originate from the sender based at least in part upon the verification information.
  - 12. The system of claim 1, the challenge comprises a micropayment.
  - 13. The system of claim 1, the challenge comprises a computation puzzle.
  - 44. A computer readable medium comprising the computer executable components of claim 1.

14. A challenge-response system that facilitates spam prevention comprising:
- a challenge generation component that sends at least one challenge to a message sender before the sender'"'"'s message is opened by the recipient; and
  
  a validation component that receives notification from a server that a challenge has been solved and verifies that the challenge was solved by a trusted challenge server.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 15. The system of claim 14, the challenge is a micropayment and the validation component receives a message confirming payment from a micropayment server.
  - 16. The system of claim 14, the challenge is a HIP and the validation component receives a message confirming a solution was received from a HIP server.
  - 17. The system of claim 14, the email communication channel comprises a signature system, whereby an email is sent to the recipient using at least one signature type.
  - 18. The system of claim 17, wherein the signature type utilizes a public key cryptographic system.
  - 19. The system of claim 17, the signature type further comprises a symmetric (private) key cryptographic system comprising a plurality of symmetric keys corresponding to different recipient systems.
  - 20. The system of claim 14, the communication channel employs any one of signing or encryption.
  - 21. The system of claim 14, further comprising an email authentication component that authenticates validity of the email by a round-trip communication to the HIP server.
  - 22. The system of claim 21, the round-trip communication is via email.
  - 23. The system of claim 21, the round-trip communication is via HTTP.
  - 24. The system of claim 14, the validation component verifies responses via IP addresses in the respective responses.

25. A challenge-response system that facilitates message retrieval comprising:
- a message receiving component that receives at least one incoming message from a sender and asks the sender to respond to a challenge message, the challenge message comprising an ID that correlates the sender'"'"'s message to the challenge message;
  
  a message repository that stores messages that have been challenged and their respective IDs; and
  
  a message retrieval component that retrieves the sender'"'"'s message from the message repository when the challenge message is correctly solved by matching an ID of the message to an ID in the challenge message.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The system of claim 25, further comprising a validation component that verifies a source of a challenge response message.
  - 27. The system of claim 25, the message receiving component associates the ID to the message.
  - 28. The system of claim 25, the ID comprises a cookie to facilitate later retrieval of the message.
  - 29. The system of claim 25, the ID is appended to a message header in the challenge message.
  - 30. The system of claim 25, wherein the sender'"'"'s message is attached in its entirety to the challenge and used in a corresponding solution.

31. A method that facilitates a secure challenge-response round trip comprising:
- sending at least one message to at least one recipient to trigger sending a challenge to the sender, the message comprising information, at least a portion of which includes verification information;
  
  receiving a challenge for sender response, the challenge comprising at least a portion of the verification information; and
  
  verifying that the sender sent the message by matching at least a portion of the verification information in the message to that of the challenge.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38)
- - 32. The method of claim 31, verifying that the sender sent the message comprises signing or encrypting information about each outbound message sent by the sender and including a corresponding signature or encryption in the respective message.
  - 33. The method of claim 32, the signing or encrypting comprises employing a key stored on a server.
  - 34. The method of claim 31, the verification information comprises an ID of the message that is utilized to correlate incoming sender responses with the message that was challenged.
  - 35. The method of claim 31, further comprising:
    - receiving a server message from a challenge server that indicates that the challenge was solved by the sender, the server message comprising an ID that identifies the challenge server and at least one of the sender or the sender'"'"'s message; and
      
      validating that the server message came from a trusted server at least in part by the ID via email communication.
  - 36. The method of claim 35, validating that the server message came from the trusted server further comprises:
    - sending a message including a random number back to the server that sent the server message; and
      
      determining whether the server returns a message with any one of the following to the recipient;
      
      the same random number or a number derived from the random number.
  - 37. The method of claim 35, further comprising using a signature system to maintain authenticity of messages whereby outbound messages sent from a recipient are signed using a public key or symmetric key cryptographic system that comprises a plurality of symmetric keys for each different recipient.
  - 38. The method of claim 35, further comprising retrieving the sender'"'"'s message once the challenge is solved and validated;
    - and moving the message to the recipient'"'"'s inbox.

39. A challenge-response system that facilitates a secure challenge-response round trip comprising:
- means for sending at least one message to at least one recipient to trigger sending a challenge to the sender, the message comprising information, at least a portion of which includes verification information;
  
  means for receiving a challenge for sender response, the challenge comprising at least a portion of the verification information; and
  
  means for verifying that the sender sent the message by matching at least a portion of the verification information in the message to that of the challenge.
- View Dependent Claims (40, 41, 42)
- - 40. The system of claim 39, further comprising:
    - means for receiving a server message from a challenge server that indicates that the challenge was solved by the sender, the server message comprising an ID that identifies the challenge server and at least one of the sender or the sender'"'"'s message; and
      
      means for validating that the server message came from a trusted server at least in part by the ID via email communication.
  - 41. The method of claim 40, validating that the server message came from the trusted server further comprises:
    - means for sending a message including a random number back to the server that sent the server message; and
      
      means for determining whether the server returns a message with any one of the following to the recipient;
      
      the same random number or a number derived from the random number.
  - 42. The method of claim 40, further comprising means for retrieving the sender'"'"'s message once the challenge is solved and validated;
    - and moving the message to the recipient'"'"'s inbox.

43. A data packet adapted to be transmitted between two or more computer processes facilitating improved challenge-response communications, the data packet comprising:
- information associated with appending a randomly generated ID to outgoing messages from a message sender or recipient and echoing the ID or a number derived from the ID on challenge messages to authenticate the respective message and its source to mitigate spammer interference in the challenge-response communications between the message sender, the recipient, and third party servers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Seshadrinathan, Gopalakrishnan, Rounthwaite, Robert L., Goodman, Joshua T., Mishra, Manav, Benaloh, Josh, Murphy, Elissa E., Hazeur, Derek M., Colvin, Ryan C., Kang, Nina W.

Granted Patent

US 7,904,517 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/206
CPC Class Codes

G06Q 20/3674 involving authentication

H04L 51/212 using filtering or selectiv...

Challenge response systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

118 Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

Challenge response systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

118 Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links