Time and threshold based whitelisting

US 8,112,485 B1
Filed: 11/22/2006
Issued: 02/07/2012
Est. Priority Date: 11/22/2006
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for managing electronic mail message whitelists, the method comprising the steps of:

monitoring incoming and outgoing electronic messages, by a computer;

responsive to detecting an outgoing electronic message from a user to a recipient, adding a temporary whitelist entry for the recipient to a whitelist of the user by a computer, the temporary whitelist entry being set to automatically expire after a set period of time;

delivering electronic messages from the recipient to the user without any security screening during the set period of time prior to the automatic expiration of the temporary whitelist entry, by a computer;

analyzing electronic mail message traffic between the user and the recipient during the set period of time prior to the automatic expiration of the temporary whitelist entry, by a computer;

responsive to results of analyzing the electronic mail message traffic between the user and the recipient during the set period of time prior to the expiration of the temporary whitelist entry, determining whether to transform the temporary whitelist entry into a permanent whitelist entry and continue to deliver electronic messages from the recipient to the user without any security screening, by a computer; and

performing an additional step transforming the status of the temporary whitelist entry, by a computer.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In response to a user sending an electronic mail message to a recipient, a whitelist manager creates a temporary whitelist entry for the recipient on the user'"'"'s whitelist. The temporary whitelist entry is set to expire after a set period of time. During the period of time that the temporary whitelist entry is in effect, electronic mail messages from the recipient are passed to the user without being subject to security screening. The whitelist manager keeps track of email traffic between the user and the recipient during this time period. If the nature of this email traffic is sufficient to establish that the recipient is legitimate, the whitelist manager converts the temporary entry to a permanent one. Otherwise, the whitelist manager disables the temporary entry, after which email from the recipient to the user is subject to normal security processing.

Citations

18 Claims

1. A computer implemented method for managing electronic mail message whitelists, the method comprising the steps of:
- monitoring incoming and outgoing electronic messages, by a computer;
  
  responsive to detecting an outgoing electronic message from a user to a recipient, adding a temporary whitelist entry for the recipient to a whitelist of the user by a computer, the temporary whitelist entry being set to automatically expire after a set period of time;
  
  delivering electronic messages from the recipient to the user without any security screening during the set period of time prior to the automatic expiration of the temporary whitelist entry, by a computer;
  
  analyzing electronic mail message traffic between the user and the recipient during the set period of time prior to the automatic expiration of the temporary whitelist entry, by a computer;
  
  responsive to results of analyzing the electronic mail message traffic between the user and the recipient during the set period of time prior to the expiration of the temporary whitelist entry, determining whether to transform the temporary whitelist entry into a permanent whitelist entry and continue to deliver electronic messages from the recipient to the user without any security screening, by a computer; and
  
  performing an additional step transforming the status of the temporary whitelist entry, by a computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising:
    - determining, by a computer, whether the electronic mail message traffic between the user and the recipient during the set period of time prior to the expiration of the temporary whitelist entry meets set conditions; and
      
      performing a step from a group of steps consisting of;
      
      responsive to determining that the electronic mail message traffic between the user and the recipient during the set period of time prior to the expiration of the temporary whitelist entry meets the set conditions, transforming the temporary whitelist entry to a permanent whitelist entry by a computer; and
      
      responsive to determining that the electronic mail message traffic between the user and the recipient during the set period of time prior to the expiration of the temporary whitelist entry does not meet the set conditions, transforming, by a computer, the temporary whitelist entry into a disabled whitelist entry, by a computer, such that the entry is no longer on the whitelist.
  - 3. The method of claim 2 wherein determining, by a computer, whether the electronic mail message traffic between the user and the recipient during the set period of time prior to the expiration of the temporary whitelist entry meets the set conditions further comprises:
    - determining, by a computer, whether the electronic mail message traffic between the user and the recipient during the set period of time prior to the expiration of the temporary whitelist entry meets at least one threshold value.
  - 4. The method of claim 1 further comprising:
    - responsive to determining, by a computer, that electronic mail message traffic between the user and multiple recipients at a single domain meets set conditions, adding a permanent whitelist entry for the entire domain to the user'"'"'s whitelist, by a computer.
  - 5. The method of claim 4 wherein determining, by a computer, that electronic mail message traffic between the user and multiple recipients at the single domain meets the set conditions further comprises:
    - determining, by a computer, that electronic mail message traffic between the user and multiple recipients at the single domain meets at least one threshold value.
  - 6. The method of claim 1 further comprising:
    - responsive to determining, by a computer, that electronic mail message traffic between multiple users associated with a gateway and multiple recipients at a single domain meets set conditions, adding a permanent whitelist entry for the entire domain to the whitelist of each user associated with the gateway, by a computer.
  - 7. The method of claim 6 wherein determining, by a computer, that electronic mail message traffic between multiple users associated with the gateway and multiple recipients at the single domain meets the set conditions further comprises:
    - determining, by a computer, that electronic mail message traffic between multiple users associated with the gateway and multiple recipients at the single domain meets at least one threshold value.
  - 8. The method of claim 1 further comprising:
    - during the set period of time prior to the expiration of the temporary whitelist entry, responsive to the presence of the temporary whitelist entry in the user'"'"'s whitelist, passing, by a computer, any electronic mail messages from the recipient to the user without any security screening.
  - 9. The method of claim 1 further comprising:
    - responsive to the absence of a whitelist entry for a source in a user'"'"'s whitelist, subjecting, by a computer, any electronic mail messages from that source to the user to security screening.

10. At least one non-transitory computer readable medium containing a computer program product for managing electronic mail message whitelists, the computer program product comprising:
- program code for monitoring incoming and outgoing electronic messages;
  
  program code for, responsive to detecting an outgoing electronic message from a user to a recipient, adding a temporary whitelist entry for the recipient to a whitelist of the user, the temporary whitelist entry being set to automatically expire after a set period of time;
  
  program code for delivering electronic messages from the recipient to the user without any security screening during the set period of time prior to the automatic expiration of the temporary whitelist entry;
  
  program code for analyzing electronic mail message traffic between the user and the recipient during the set period of time prior to the automatic expiration of the temporary whitelist entry;
  
  program code for, responsive to results of analyzing the electronic mail message traffic between the user and the recipient during the set period of time prior to the expiration of the temporary whitelist entry, determining whether to transform the temporary whitelist entry into a permanent whitelist entry and continue to deliver electronic messages from the recipient to the user without any security screening; and
  
  performing an additional step transforming the status of the temporary whitelist entry.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer program product of claim 10 further comprising:
    - program code for determining whether the electronic mail message traffic between the user and the recipient during the set period of time prior to the expiration of the temporary whitelist entry meets set conditions; and
      
      program code for performing a step from a group of steps consisting of;
      
      responsive to determining that the electronic mail message traffic between the user and the recipient during the set period of time prior to the expiration of the temporary whitelist entry meets the set conditions, converting the temporary whitelist entry to a permanent whitelist entry; and
      
      responsive to determining that the electronic mail message traffic between the user and the recipient during the set period of time prior to the expiration of the temporary whitelist entry does not meet the set conditions, disabling the temporary whitelist entry.
  - 12. The computer program product of claim 11 wherein the program code for determining whether the electronic mail message traffic between the user and the recipient during the set period of time prior to the expiration of the temporary whitelist entry meets the set conditions further comprises:
    - program code for determining whether the electronic mail message traffic between the user and the recipient during the set period of time prior to the expiration of the temporary whitelist entry meets at least one threshold value.
  - 13. The computer program product of claim 10 further comprising:
    - program code for, responsive to determining that electronic mail message traffic between the user and multiple recipients at a single domain meets set conditions, adding a permanent whitelist entry for the entire domain to the user'"'"'s whitelist.
  - 14. The computer program product of claim 13 wherein the program code for determining that electronic mail message traffic between the user and multiple recipients at the single domain meets the set conditions further comprises:
    - program code for determining that electronic mail message traffic between the user and multiple recipients at the single domain meets at least one threshold value.
  - 15. The computer program product of claim 10 further comprising:
    - program code for responsive to determining that electronic mail message traffic between multiple users associated with a gateway and multiple recipients at a single domain meets set conditions, adding a permanent whitelist entry for the entire domain to the whitelist of each user associated with the gateway.
  - 16. The computer program product of claim 15 wherein the program code for determining that electronic mail message traffic between multiple users associated with the gateway and multiple recipients at the single domain meets the set conditions further comprises:
    - program code for determining that electronic mail message traffic between multiple users associated with the gateway and multiple recipients at the single domain meets at least one threshold value.
  - 17. The computer program product of claim 10 further permanent comprising:
    - program code for, during the set period of time prior to the expiration of the temporary whitelist entry, responsive to the presence of the temporary whitelist entry in the user'"'"'s whitelist, passing any electronic mail messages from the recipient to the user without any security screening.
  - 18. The computer program product of claim 10 further comprising:
    - program code for, responsive to the absence of a whitelist entry for a source in a user'"'"'s whitelist, subjecting any electronic mail messages from that source to the user to security screening.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NortonLifeLock Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Cooley, Shaun, McCorkendale, Bruce
Primary Examiner(s)
Moore, Ian N
Assistant Examiner(s)
TOWFIGHI, AFSHAWN M

Application Number

US11/562,948
Time in Patent Office

1,903 Days
Field of Search

709201-207
US Class Current

709/206
CPC Class Codes

G06Q 10/107 Computer-aided management o...

Time and threshold based whitelisting

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Time and threshold based whitelisting

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links