System and method of electronic mail filtering using interconnected nodes

US 6,072,942 A
Filed: 09/18/1996
Issued: 06/06/2000
Est. Priority Date: 09/18/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method of filtering electronic mail messages, comprising the steps of:

defining a plurality of nodes, wherein each node identifies an operation and wherein one of the nodes is a filter node which identifies messages to filter;

interconnecting nodes from the plurality of nodes such that the interconnected nodes describe a security policy; and

reassembling an electronic mail message from two or more packets;

passing the electronic mail message through the filter node, wherein the step of passing an electronic mail message through the filter node includes the steps of;

determining if the electronic mail message is one which is to be filtered;

if the electronic mail message is identified as to be filtered, processing the electronic mail message through one or more filter flows; and

otherwise delivering the electronic mail message without filtering.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for filtering electronic mail messages is described. A message is received an processed through a one or more filter flows. Each filter flow is comprised of one or more self-contained nodes which can be combined in whatever order is required to enforce a given security policy. Node independence provides a policy-neutral environment for constructing filter flows. A filter flow may be as simple as forwarding the mail to the intended recipient, or may perform one or more checks where it decides whether to forward, reject, return (or some combination thereof) the message. Certain node types are also able to append information on to a mail message, while others are able to modify certain parts of a mail message. Several of the node types are able to generate audit or log messages in concert with processing a mail message.

566 Citations

27 Claims

1. A method of filtering electronic mail messages, comprising the steps of:
- defining a plurality of nodes, wherein each node identifies an operation and wherein one of the nodes is a filter node which identifies messages to filter;
  
  interconnecting nodes from the plurality of nodes such that the interconnected nodes describe a security policy; and
  
  reassembling an electronic mail message from two or more packets;
  
  passing the electronic mail message through the filter node, wherein the step of passing an electronic mail message through the filter node includes the steps of;
  
  determining if the electronic mail message is one which is to be filtered;
  
  if the electronic mail message is identified as to be filtered, processing the electronic mail message through one or more filter flows; and
  
  otherwise delivering the electronic mail message without filtering.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the step of processing the electronic mail message comprises the steps of:
    - analyzing the message to determine if it has a particular characteristic; and
      
      disposing of the electronic mail message based on the outcome of the analysis.
  - 3. The method of claim 2, wherein the step of disposing of the electronic mail message comprises the step of delivering the message.
  - 4. The method of claim 2, wherein the step of disposing of the electronic mail message comprises the step of rejecting the message.
  - 5. The method of claim 2, wherein the step of disposing of the electronic mail message comprises the step of transmitting an audit message.
  - 6. The method of claim 2, wherein the step of disposing of the electronic mail message comprises the steps of:
    - delivering the message;
      
      rejecting the message; and
      
      transmitting an audit message.
  - 7. The method of claim 1, wherein the step of processing the electronic mail message comprises the step of modifying the electronic mail message.
  - 8. The method of claim 7, wherein the step of modifying the electronic mail message comprises the step of altering an electronic mail message address.
  - 9. The method of claim 7, wherein the step of modifying the electronic mail message comprises the step of altering an electronic mail message header.

10. A system for filtering electronic mail, comprising:
- means for receiving electronic mail messages, including a first electronic mail message, from one or more sources;
  
  an analysis module, for determining whether to filter the first electronic mail message, wherein the analysis module includes;
  
  node defining means for defining a plurality of nodes, wherein each node identifies an operation and wherein two of the nodes are filter nodes wherein each filter node includes a filter, for analyzing characteristics of the first electronic mail message; and
  
  one or more terminals, including a first terminal, wherein each terminal is connected to a node and wherein the first terminal is connected to one of the filter nodes in order to deliver the first electronic mail message to one or more destinations.
- View Dependent Claims (11)
- - 11. The system of claim 10, wherein the analysis module further comprises a plurality of modifiers, including a first modifier, wherein each of the plurality of modifiers operates to modify the first electronic mail message.

12. A method of managing a filter map, comprising the steps:
- identifying one or more nodes to be included in the map, wherein each node defines an operation to be performed on an electronic mail message, wherein the step of identifying includes the step of defining a security policy;
  
  defining an order in which operations are to be performed on the electronic mail message;
  
  graphically positioning each of the one or more nodes according to the defined order; and
  
  graphically identifying connections between the nodes as a function of one or more routing paths available from any one node.

13. A method for constructing an electronic mail filter having one or more message routing paths, comprising the steps:
- identifying a policy describing the one or more message routing paths;
  
  defining a plurality of filter nodes for analyzing electronic mail messages;
  
  defining a plurality of modifier nodes for modifying electronic mail messages;
  
  defining one or more terminal nodes for delivering electronic mail messages and other electronic information; and
  
  interconnecting the plurality of filter nodes, modifier nodes and terminal nodes so as to implement the policy.

14. An electronic mail system, comprising:
- a mail filter having a plurality of filter objects, wherein the filter objects are arranged in a flow which enforces a security policy; and
  
  a mail delivery agent connected to the mail filter, wherein the mail delivery agent receives an electronic mail message and routes the electronic mail message based on a mail filter policy, wherein the mail filter policy determines mail to queue and mail to pass on;
  
  wherein the mail filter retrieves electronic mail messages queued by the mail delivery agent and filters the retrieved electronic messages according to the security policy.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The electronic mail system according to claim 14, wherein the plurality of filter objects includes a terminal node type.
  - 16. The electronic mail system according to claim 14, wherein the plurality of filter objects includes a modifier node type.
  - 17. The electronic mail system according to claim 14, wherein the plurality of filter objects includes a filter node type.
  - 18. The electronic mail system according to claim 14, wherein the plurality of filter objects includes a plurality of node types, wherein each node type includes an initialization section, a message processing section and a node clean-up section.
  - 19. The electronic mail system according to claim 14, wherein the plurality of filter objects includes a plurality of node types, wherein one of the plurality node types appends information on to a mail message.
  - 20. The electronic mail system according to claim 14, wherein the plurality of filter objects includes a plurality of node types, wherein one of the plurality of node types generates audit messages.
  - 21. The electronic mail system according to claim 14, wherein the mail filter policy is stored in a mail filter policy file as a set of burb pairs, wherein each burb pair includes a first and a second burb, wherein messages from the first to the second burb are queued by the mail delivery agent.
  - 22. The electronic mail system according to claim 18, wherein the mail filter policy is stored in a mail filter policy file as a set of burb pairs, wherein each burb pair includes a first and a second burb, wherein messages from the first to the second burb are queued by the mail delivery agent.

23. A method of filtering electronic mail messages, comprising the steps of:
- providing a plurality of node types;
  
  defining a security policy wherein defining includes specifying an order in which the plurality of node types are to be connected;
  
  connecting the plurality of node types according to the security policy;
  
  receiving an electronic mail message; and
  
  analyzing the electronic mail message as a function of the security policy.
- View Dependent Claims (24, 25)
- - 24. The method according to claim 23, wherein the step of connecting includes the steps of:
    - displaying the plurality of node types as icons within a visual medium;
      
      placing copies of the icons on the visual medium in response to input from a user; and
      
      connecting the icons placed on the visual medium.
  - 25. The method according to claim 23, wherein the step of connecting includes the step of configuring the plurality of nodes types to perform a function from one of a set of functions including forwarding, rejecting and returning the message.

26. An electronic mail filter, comprising:
- an analysis module for analyzing an electronic mail message, wherein the analysis module includes;
  
  node defining means for defining a plurality of nodes, wherein each node identifies an operation and wherein one of the nodes is a filter node which identifies messages to filter; and
  
  interconnecting means for interconnecting nodes from the plurality of nodes such that the interconnected nodes describe a security policy; and
  
  an output module, connected to the analysis module, for generating a plurality of output messages, wherein one of the plurality of messages is generated as a function of analysis of the electronic mail message by the analysis module.
- View Dependent Claims (27)
- - 27. The electronic mail filter of claim 26, wherein the node defining means includes means for creating a plurality of individual independent filter, modifier and terminal nodes;
    - andwherein the interconnecting means includes means for interconnecting the plurality of individual filter, modifier and terminal nodes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
Secure Computing Corporation (McAfee, LLC)
Inventors
Greve, Paula Budig, Stockwell, Edward B.
Primary Examiner(s)
Lall, Parshotam S.
Assistant Examiner(s)
VU, VIET DUY

Application Number

US08/715,336
Time in Patent Office

1,357 Days
Field of Search

395/200.34, 395/200.35, 395/200.31, 395/200.37, 395/200.32, 395/754, 395/759, 395/12, 395/672, 395/680, 395/186, 395/187.01, 395/200.8, 345/356
US Class Current

709/206
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 51/234   for tracking messages

H04L 63/0245   Filtering by information in...

H04L 9/40   Network security protocols

System and method of electronic mail filtering using interconnected nodes

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

566 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of electronic mail filtering using interconnected nodes

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

566 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links