Stateless Human Detection For Real-Time Messaging Systems

US 20070179905A1
Filed: 01/31/2006
Published: 08/02/2007
Est. Priority Date: 01/31/2006
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving an electronic message from a sender;

determining if the electronic message includes a sender response to a previously issued challenge;

if the electronic message does not include a response to a previously issued challenge;

submitting a challenge to the sender to determine that the electronic message was sent from a human user;

transmitting the challenge to the sender in a challenge packet that includes encrypted information that, when returned from the sender and decrypted, is sufficient to identify the challenge and a challenge answer; and

wherein after the challenge packet is transmitted to the sender, no state related to the electronic message or the challenge is retained.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Stateless human detection for real-time systems allows a real-time message system to challenge incoming messages suspected of being generated by an automated application. When a suspect message is detected, a challenge is presented to a sender of the message. The challenge is designed to require human intervention to provide a correct answer to the challenge. A challenge packet is sent with the challenge and includes a challenge answer and, possibly, a server identifier, a challenge identifier and/or a time stamp that can be used to prevent attacks on the challenge. The challenge packet is encrypted so that the sender cannot access the contents thereof. When the sender provides a response to the challenge, the sender returns the challenge packet. The challenge packet is decrypted and the challenge answer is compared to a sender answer. If the answers match, the sender is allowed subsequent access to the messaging system.

67 Citations

View as Search Results

20 Claims

1. A method, comprising:
- receiving an electronic message from a sender;
  
  determining if the electronic message includes a sender response to a previously issued challenge;
  
  if the electronic message does not include a response to a previously issued challenge;
  
  submitting a challenge to the sender to determine that the electronic message was sent from a human user;
  
  transmitting the challenge to the sender in a challenge packet that includes encrypted information that, when returned from the sender and decrypted, is sufficient to identify the challenge and a challenge answer; and
  
  wherein after the challenge packet is transmitted to the sender, no state related to the electronic message or the challenge is retained.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, further comprising:
    - if the electronic message includes a sender response to a previously issued challenge;
      
      decrypting a challenge answer contained in the electronic message, the challenge answer being a portion of the challenge packet transmitted to the sender;
      
      determining if a sender answer included in the electronic message matches the decrypted challenge answer; and
      
      processing the electronic message if the sender answer matches the decrypted challenge answer.
  - 3. The method according to claim 2, further comprising decrypting a server identifier in the electronic message to verify the source of the challenge;
    - and wherein;
      
      the challenge packet further comprises the server identifier that is uniquely associated with the source of the challenge and is a part of the encrypted portion of the challenge packet; and
      
      the processing the electronic message is only performed if the source of the challenge can be verified.
  - 4. The method according to claim 1, wherein the submitting a challenge to the sender further comprises submitting a challenge to the sender if the electronic message originates from a remote and previously unknown network.
  - 5. The method according to claim 1, wherein the submitting a challenge to the sender further comprises submitting a challenge to the sender if the electronic message contains a URL (Uniform Resource Locator).
  - 6. The method according to claim 1, wherein the challenge further comprises a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart).
  - 7. The method according to claim 1, wherein the encrypted information further comprises:
    - a challenge identifier that identifies a challenge in a challenge in a challenge library;
      
      a challenge answer;
      
      a server identifier that uniquely identifies a source of the challenge; and
      
      a time stamp that is used to verify a time frame of the challenge and a response thereto.
  - 8. The method according to claim 1, wherein the submitting a challenge further comprises:
    - selecting a challenge from a challenge library that stores a plurality of challenges; and
      
      wherein the challenge library is a fixed size data structure.
  - 9. The method according to claim 8, wherein the challenge library further comprises a challenge answer for each challenge included in the challenge library.

10. One or more computer-readable media having executable instructions stored thereon that, when executed, implement the following steps:
- receiving a message from a sender;
  
  determining that an interactive challenge should be issued to the sender to determine if the sender is a human user;
  
  selecting a challenge and a corresponding challenge answer from a challenge library;
  
  encrypting the challenge answer with a private certificate;
  
  creating a challenge packet that includes at least the challenge and the encrypted challenge answer;
  
  transmitting the challenge packet to the sender; and
  
  wherein no state related to the message or the challenge is retained after the challenge packet is transmitted to the sender.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The one or more computer-readable media as recited in claim 10, wherein the challenge library further comprises a fixed size data structure that stores a plurality of challenges and corresponding challenge answers.
  - 12. The one or more computer-readable media as recited in claim 10, further comprising:
    - determining if the message includes a sender response that includes a sender answer to a previously issued challenge and, if so;
      
      validating the sender answer to verify a human interaction in providing the sender response; and
      
      processing the message if the sender answer is valid.
  - 13. The one or more computer-readable media as recited in claim 12, further comprising:
    - validating the challenge response to verify a source of the previously issued challenge; and
      
      wherein the processing the message is performed only if the source of the previously issued challenge is verified.
  - 14. The one or more computer-readable media as recited in claim 13, wherein the step of validating the challenge response to verify a source of the previously issued challenge further comprises:
    - decrypting an encrypted portion of the message to derive a server identifier; and
      
      determining that the server identifier uniquely identifies the source of the previously issued response.
  - 15. The one or more computer-readable media as recited in claim 12, wherein the determining if the message includes a sender response that includes a sender answer to a previously issued challenge further comprises:
    - decrypting an encrypted portion of the message; and
      
      determining if at least one element of a sender response is contained in the message.
  - 16. The one or more computer-readable media as recited in claim 12, wherein the step of validating a sender answer included in the sender response further comprises:
    - decrypting an encrypted portion of the message to derive a challenge answer; and
      
      comparing the challenge answer with the sender answer included in the message to determine if the sender answer matches the challenge answer.
  - 17. The one or more computer-readable media as recited in claim 10, further comprising:
    - determining a challenge identifier that corresponds to the selected challenge;
      
      encrypting the challenge identifier with the private certificate;
      
      encrypting a time stamp with the private certificate; and
      
      wherein the step of creating a challenge packet further comprises creating a challenge packet that includes at least the challenge, the encrypted challenge answer, the encrypted challenge identifier and the encrypted time stamp.

18. A system, comprising:
- a messaging module configured to send messages to and receive messages from at least one remote system;
  
  a communications stack configured, among other things, to provide a challenge to a sender of an incoming message to determine if the sender is an automated application, the challenge being provided without saving any state related to the challenge or the incoming message;
  
  a challenge library that stores a plurality of challenges and corresponding challenge answers in a fixed size data structure; and
  
  a cryptographic module configured to encrypt a portion of a challenge packet that is transmitted with a challenge.
- View Dependent Claims (19, 20)
- - 19. The system as recited in claim 18, wherein the challenge packet further comprises at least the challenge that is provided to the sender and a challenge answer, wherein the challenge is answer is encrypted so that the sender is unable to obtain access to the challenge answer.
  - 20. The system as recited in claim 18, wherein the challenge packet further comprises at least one of the following challenge packet elements:
    - a challenge identifier that identifies a challenge from within the challenge library;
      
      a server identifier that uniquely identifies the source of the challenge;
      
      a time stamp that identifies a time at which the challenge is provided to the sender; and
      
      wherein any of the challenge packet elements that are included in the challenge packet are encrypted so that the sender of the incoming message cannot access the challenge packet elements.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Buch, Jeremy, Eminovici, Vlad

Granted Patent

US 8,261,071 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/75
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/31   User authentication

G06Q 10/107   Computer-aided management o...

G06Q 20/386   using messaging services or...

H04L 51/04   Real-time or near real-time...

H04L 51/212   using filtering or selectiv...

Stateless Human Detection For Real-Time Messaging Systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

67 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Stateless Human Detection For Real-Time Messaging Systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others