Systems and methods for preventing spam

US 7,711,786 B2
Filed: 01/22/2008
Issued: 05/04/2010
Est. Priority Date: 08/06/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A spam-prevention method, comprising:

receiving, at an exchange entity for a recipient, an electronic message that includes a source address associated with a sender and a dynamic tag, wherein the dynamic tag includes a first dynamic code and a counter;

locating a hashing function and a secret key;

determining a second dynamic code using at least the hashing function, the secret key, and the counter of the dynamic tag;

verifying the dynamic tag by matching the first dynamic code of the dynamic tag to the second dynamic code; and

accepting the electronic message to an account of the recipient upon verifying at least the dynamic tag,wherein the sender is a non-qualified sender, wherein the dynamic tag is a dynamic passcode, wherein locating the hashing function and the secret key includes locating a system hashing function and a system key, and wherein the dynamic passcode is obtained by the non-qualified sender manually querying a public dynamic passcode provider,wherein the dynamic passcode provider is a Web server, and querying the dynamic passcode provider includes the non-qualified sender entering at least a static email address of the recipient and completing a human interactive proof, wherein the dynamic passcode is generated by the dynamic passcode provider applying the system hashing function to a concatenated string comprising at least a portion of the static email address of the recipient, the system key, and an incremental counter associated with the recipient,wherein the prior steps are performed by one or more computers.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are disclosed for preventing spam, including email spam and telephone spam, through the use of dynamic passcodes or dynamic signatures included with transmitted messages. Both the dynamic passcodes and dynamic signatures may be changed periodically or continually, according to an example embodiment of the invention. Qualified senders may include a dynamic signature that is automatically generated by the sender'"'"'s node or exchange entity. The recipient'"'"'s node or exchange entity can then use a graylist associated with the recipient account in verifying the qualified sender and/or dynamic signature. On the other hand, non-qualified senders may need to manually obtain a dynamic passcode from a dynamic passcode provider and include the dynamic passcode with the transmitted message. The dynamic passcode provider may be a public website using human interactive proofs. According to an embodiment, a non-qualified sender may be optionally pre-charged with a fee to obtain a dynamic passcode. The recipient of the message may then refund the charge if the received message is not spam.

Citations

23 Claims

1. A spam-prevention method, comprising:
- receiving, at an exchange entity for a recipient, an electronic message that includes a source address associated with a sender and a dynamic tag, wherein the dynamic tag includes a first dynamic code and a counter;
  
  locating a hashing function and a secret key;
  
  determining a second dynamic code using at least the hashing function, the secret key, and the counter of the dynamic tag;
  
  verifying the dynamic tag by matching the first dynamic code of the dynamic tag to the second dynamic code; and
  
  accepting the electronic message to an account of the recipient upon verifying at least the dynamic tag,wherein the sender is a non-qualified sender, wherein the dynamic tag is a dynamic passcode, wherein locating the hashing function and the secret key includes locating a system hashing function and a system key, and wherein the dynamic passcode is obtained by the non-qualified sender manually querying a public dynamic passcode provider,wherein the dynamic passcode provider is a Web server, and querying the dynamic passcode provider includes the non-qualified sender entering at least a static email address of the recipient and completing a human interactive proof, wherein the dynamic passcode is generated by the dynamic passcode provider applying the system hashing function to a concatenated string comprising at least a portion of the static email address of the recipient, the system key, and an incremental counter associated with the recipient,wherein the prior steps are performed by one or more computers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, further comprising:
    - receiving, at the exchange entity for the recipient, a second electronic message that includes a second source address associated with a second sender and a second dynamic tag, wherein the second dynamic tag includes a third dynamic code and a second counter;
      
      locating a second hashing function and a second secret key;
      
      determining a fourth dynamic code using at least the second hashing function, the second secret key, and the second counter of the second dynamic tag;
      
      verifying the second dynamic tag by matching the third dynamic code of the second dynamic tag to the fourth dynamic code; and
      
      accepting the second electronic message to the account of the recipient upon verifying at least the second dynamic tag,wherein the second sender is a qualified sender, wherein the second secret key is a qualified seed, and wherein locating the second hashing function and the second secret key includes locating the second hashing function and the qualified seed in a profile record associated with the qualified sender of the electronic message in a graylist identifying qualified senders.
  - 3. The method of claim 2, wherein the profile record includes a qualified address of the qualified sender, and wherein the profile record is located based at least in part on the source address matching at least a portion of the qualified address.
  - 4. The method of claim 2, wherein accepting the electronic message includes accepting the electronic message upon additionally verifying one or both of (i) the profile record is not expired, and (ii) a limit on the number of accepted messages within a time period has not been exceeded.
  - 5. The method of claim 2, wherein the profile record includes a chaining function, and further comprising:
    - subsequent to verifying the first dynamic code of the dynamic tag, updating the qualified seed by applying the chaining function to a current value of the qualified seed,wherein the prior step is performed by one or more computers.
  - 6. The method of claim 2, wherein the profile record includes a chaining function, a previously accepted counter value, and a predefined maximum counter value, and further comprising:
    - applying the chaining function to a current value of the qualified seed to obtain an updated value for the qualified seed when the second counter of the second dynamic tag is less than or equal to the previously accepted counter values,wherein the prior step is performed by one or more computers.
  - 7. The method of claim 6, wherein the second counter of the second dynamic tag is less than or equal to the previously accepted counter value, and wherein the fourth dynamic code is determined using the updated value for the qualified seed.
  - 8. The method of claim 1, wherein querying the dynamic passcode provider further includes the non-qualified sender further entering a static email address of the sender, wherein the concatenated string further comprises at least a portion of the static email address of the sender.
  - 9. The method of claim 1, wherein the sender is pre-charged a fee for querying the dynamic passcode provider to obtain the dynamic passcode, and further comprising:
    - returning the pre-charged fee to the second sender if the second electronic message accepted into the account of the recipient is not spam; and
      
      providing the pre-charged fee to the recipient if the second electronic message accepted into the account of the recipient is spam,wherein the prior steps are performed by one or more computers.
  - 10. The method of claim 1, wherein the counter is a first counter, and further comprising:
    - transmitting, to the dynamic passcode provider, the system key, the system hashing function, and an identification of recipient accounts at the exchange entity, wherein the dynamic passcode provider generates dynamic passcodes based upon queries of a static destination email addresses that corresponds to recipient accounts at the exchange entity, wherein the dynamic passcodes are based at least in part upon the system key, the system hashing function and a second counter stored in association with the static destination email address.
  - 11. The method of claim 10, further comprising:
    - upon accepting the electronic message, updating a history list with the system key and the second counter, wherein the history list is utilized for enforcing limited use of dynamic passcodes within a time period; and
      
      upon accepting the electronic message, updating the system key randomly in a predefined time period.
  - 12. The method of claim 1, wherein the electronic message is received over a network, wherein the network is an email network, a public switched telephone (PSTN) network, a cellular phone network, and session initiation protocol (SIP) communication network.
  - 13. The method of claim 1, wherein the electronic message includes a dynamic destination address associated with the recipient, wherein the dynamic destination address includes the dynamic tag.
  - 14. The method of claim 13, wherein the dynamic destination address is a dynamic destination email address that comprises:
    - a local-part string of a static email address of the recipient;
      
      a domain string of the static email address of the recipient; and
      
      the dynamic tag.
  - 15. The method of claim 1, wherein the hashing function is a first hashing function, the secret key is a first secret key, the counter is a first counter, and wherein the dynamic tag is generated by applying a second hashing function to a second secret key and a second counter, wherein the second hashing function, the second secret key, and the second counter are maintained by the sender or a representative of the sender.

16. A system, comprising:
- a memory for storing data and computer-executable instructions;
  
  a processor in communication with the memory, wherein the processor is operative to execute the computer-executable instructions to;
  
  receive an electronic message addressed to a recipient, wherein the electronic message includes a source address associated with a sender and a dynamic tag, wherein the dynamic tag includes a first dynamic code and a counter;
  
  retrieve a hashing function and a secret key stored in the memory;
  
  compute a second dynamic code using at least the hashing function, the secret key, and the counter of the dynamic tag;
  
  verify the dynamic tag by matching the first dynamic code of the dynamic tag to the computed second dynamic code; and
  
  accept the electronic message to an account of the recipient upon verifying at least the dynamic tag,wherein the sender is a non-qualified sender, wherein the dynamic tag is a dynamic passcode, wherein the processor is operative to retrieve a system hashing function and a system key as the respective hashing function and the secret key, wherein the dynamic passcode is obtained by the non-qualified sender manually querying a public dynamic passcode provider,wherein the dynamic passcode provider is a Web server, and querying the dynamic passcode provider includes the non-qualified sender entering at least a static email address of the recipient and completing a human interactive proof, wherein the dynamic passcode is generated by the dynamic passcode provider applying the system hashing function to a concatenated string comprising at least a portion of the static email address of the recipient, the system key, and an incremental counter associated with the recipient.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The system of claim 16, wherein the sender is a qualified sender, wherein the secret key is a qualified seed, and wherein the processor is operative to execute the computer-executable instructions to:
    - receive a second electronic message addressed to the recipient that includes a second source address associated with a second sender and a second dynamic tag, wherein the second dynamic tag includes a third dynamic code and a second counter;
      
      locate a second hashing function and a second secret key;
      
      determine a fourth dynamic code using at least the second hashing function, the second secret key, and the second counter of the second dynamic tag;
      
      verify the second dynamic tag by matching the third dynamic code of the second dynamic tag to the fourth dynamic code;
      
      accept the second electronic message to the account of the recipient upon verifying at least the second dynamic tag,wherein the second hashing function and the second secret key is located by retrieving the hashing function and the qualified seed from a profile record of a graylist identifying qualified senders, wherein the profile record is associated with the qualified sender of the second electronic message.
  - 18. The system of claim 16, wherein the sender is pre-charged a fee for querying the dynamic passcode provider to obtain the dynamic passcode, and wherein the processor is further operative to execute the computer-executable instructions to:
    - return the pre-charged fee to the second sender if the recipient if the second electronic message accepted into the account of the recipient is not spam; and
      
      provide the pre-charged fee to the recipient if the second electronic message accepted into the account of the recipient is spam.
  - 19. The system of claim 16, wherein the processor is further operative to execute the computer-executable instructions to:
    - transmit, to the dynamic passcode provider, the system key, the system hashing function, and an identification of recipient accounts at the exchange entity, wherein the dynamic passcode provider generates dynamic passcodes based upon queries of a static destination email addresses that corresponds to recipient accounts at the exchange entity, wherein the dynamic passcodes are based at least in part upon the system key and the system hashing function.
  - 20. The system of claim 19, wherein the processor is further configured to execute the computer-executable instructions to:
    - upon accepting the second electronic message, update a history list with the system key and the second counter, wherein the history list is utilized for enforcing limited use of dynamic passcodes within a time period; and
      
      upon accepting the second electronic message, update the system key randomly in a predefined time period.
  - 21. The system of claim 16, wherein the electronic message includes a dynamic destination address associated with the recipient, wherein the dynamic destination address includes the dynamic tag.

22. A spam-prevention method, comprising:
- receiving, at an exchange entity for a recipient, an electronic message that includes a source address associated with a sender and a dynamic tag, wherein the dynamic tag includes a first dynamic code and a first counter;
  
  locating a hashing function and a secret key;
  
  determining a second dynamic code using at least the hashing function, the secret key, and the first counter of the dynamic tag;
  
  verifying the dynamic tag by matching the first dynamic code of the dynamic tag to the second dynamic code;
  
  accepting the electronic message to an account of the recipient upon verifying at least the dynamic tag, wherein the sender is a non-qualified sender, wherein the dynamic tag is a dynamic passcode, wherein locating the hashing function and the secret key includes locating a system hashing function and a system key, and wherein the dynamic passcode is obtained by the non-qualified sender manually querying a public dynamic passcode provider, andtransmit, to the dynamic passcode provider, the system key, the system hashing function, and an identification of recipient accounts at the exchange entity, wherein the dynamic passcode provider generates dynamic passcodes based upon queries of a static destination email addresses that corresponds to recipient accounts at the exchange entity, wherein the dynamic passcodes are based at least in part upon the system key, the system hashing function and a second counter stored in association with the static destination email address.

23. A system, comprising:
- a memory for storing data and computer-executable instructions;
  
  a processor in communication with the memory, wherein the processor is operative to execute the computer-executable instructions to;
  
  receive an electronic message addressed to a recipient, wherein the electronic message includes a source address associated with a sender and a dynamic tag, wherein the dynamic tag includes a first dynamic code and a counter;
  
  retrieve a hashing function and a secret key stored in the memory;
  
  compute a second dynamic code using at least the hashing function, the secret key, and the counter of the dynamic tag;
  
  verify the dynamic tag by matching the first dynamic code of the dynamic tag to the computed second dynamic code;
  
  accept the electronic message to an account of the recipient upon verifying at least the dynamic tag, wherein the sender is a non-qualified sender, wherein the dynamic tag is a dynamic passcode, wherein the processor is operative to retrieve a system hashing function and a system key as the respective hashing function and the secret key, wherein the dynamic passcode is obtained by the non-qualified sender manually querying a public dynamic passcode provider; and
  
  transmit, to the dynamic passcode provider, the system key, the system hashing function, and an identification of recipient accounts at the exchange entity, wherein the dynamic passcode provider generates dynamic passcodes based upon queries of a static destination email addresses that corresponds to recipient accounts at the exchange entity, wherein the dynamic passcodes are based at least in part upon the system key, the system hashing function and a second counter stored in association with the static destination email address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Xuebin Jiang, Yunzhou Zhu
Original Assignee
Xuebin Jiang, Yunzhou Zhu
Inventors
Jiang, Xuebin, Zhu, Yunzhou
Primary Examiner(s)
Dinh; Khanh Q

Application Number

US12/017,692
Publication Number

US 20090044013A1
Time in Patent Office

833 Days
Field of Search

709/206, 709/224, 709/227, 709/228, 715/760, 707/3, 713/150
US Class Current

709/206
CPC Class Codes

G06Q 10/107   Computer-aided management o...

H04L 2209/80   Wireless

H04L 51/212   using filtering or selectiv...

H04L 9/0891   Revocation or update of sec...

H04L 9/3236   using cryptographic hash fu...

H04L 9/50   using hash chains, e.g. blo...

H04M 15/47   Fraud detection or preventi...

H04M 15/8088   involving increased rates, ...

H04M 15/8221   Message based

H04M 2215/0148   Fraud detection or preventi...

H04M 2215/7826   Message based

Systems and methods for preventing spam

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for preventing spam

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links