System and method of filtering unsolicited messages

US 8,484,472 B2
Filed: 10/30/2006
Issued: 07/09/2013
Est. Priority Date: 10/30/2006
Status: Active Grant

First Claim

Patent Images

1. A method in a subscriber device for filtering unsolicited notification messages, the method comprising:

generating, at a subscriber device, a subscriber secure correlation identifier (SCID) associated with a subscription to a subscribed event source, wherein the subscriber SCID comprises a randomized correlation identifier and a secure tag, wherein the secure tag is generated using the randomized correlation identifier and a device encryption key associated with the subscriber device; and

providing the subscriber SCID to the subscribed event source in a subscription message;

receiving, at the subscriber device, a notification message upon occurrence of an event, the notification message having an event-source SCID comprising a first portion and a second portion;

verifying, in the subscriber device, that the notification message is from the subscribed event source if the second portion of the event-source SCID is equal to a secure hash of the first portion of the event-source SCID, wherein the secure hash is generated using the first portion and the device encryption key; and

accepting the notification message if the notification message is verified as being from the subscribed event source.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure correlation identifier (SCID) for authentically correlating notifications received from event sources with subscriptions, a SCID authentication system and method of filtering unsolicited messages are provided. The SCID comprises a correlation identifier for making the SCID unique, a sequence of bits concatenated with the correlation identifier and a secure tag concatenated with the concatenation of the correlation identifier and the sequence of bits. The system comprises a SCID generator for generating a SCID to be used in a message and a SCID authenticator for authenticating the SCID. The method comprises the steps of receiving a notification message having a SCID, verifying that that SCID is authentic, accepting the message if the SCID is authentic and rejecting the message if the SCID is not authentic.

21 Citations

View as Search Results

17 Claims

1. A method in a subscriber device for filtering unsolicited notification messages, the method comprising:
- generating, at a subscriber device, a subscriber secure correlation identifier (SCID) associated with a subscription to a subscribed event source, wherein the subscriber SCID comprises a randomized correlation identifier and a secure tag, wherein the secure tag is generated using the randomized correlation identifier and a device encryption key associated with the subscriber device; and
  
  providing the subscriber SCID to the subscribed event source in a subscription message;
  
  receiving, at the subscriber device, a notification message upon occurrence of an event, the notification message having an event-source SCID comprising a first portion and a second portion;
  
  verifying, in the subscriber device, that the notification message is from the subscribed event source if the second portion of the event-source SCID is equal to a secure hash of the first portion of the event-source SCID, wherein the secure hash is generated using the first portion and the device encryption key; and
  
  accepting the notification message if the notification message is verified as being from the subscribed event source.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method as claimed in claim 1, wherein the verifying comprises:
    - retrieving the event-source SCID from the notification message;
      
      dividing the event-source SCID into the first portion and the second portion;
      
      determining that the notification message is from the subscribed event source if the second portion is equal to a secure hash of the first portion; and
      
      determining that the notification message is not from the subscribed event source if the second portion is not equal to a secure hash of the first portion.
  - 3. The method as claimed in claim 2, wherein the retrieving the event-source SCID comprises obtaining the event-source SCID from a uniform resource locator.
  - 4. The method as claimed in claim 2, wherein the first portion and the second portion are divided from the event-source SCID using a predetermined function.
  - 5. The method as claimed in claim 2, wherein dividing the event-source SCID comprises parsing a predetermined length of the event-source SCID to obtain the first portion, the remainder being the second portion.
  - 6. The method as claimed in claim 2, wherein dividing the event-source SCID comprises parsing a predetermined length of the event-source SCID to obtain the second portion, the remainder being the first portion.
  - 7. The method as claimed in claim 1, wherein generating the subscriber SCID comprises:
    - generating a correlation identifier (CID) for the subscription;
      
      generating a sequence of random bits (R);
      
      concatenating the correlation identifier with the sequence of bits resulting in a CIDR;
      
      generating a sequence of secure tag bits (H) by performing a secure tag function on the CIDR and the device encryption key; and
      
      concatenating the CIDR with the H.
  - 8. The method claimed in claim 7, wherein the secure tag function is a message authentication code function.
  - 9. The method claimed in claim 7, wherein the secure tag function is a digital signature function.
  - 10. The method as claimed in claim 1, further comprising:
    - listening for the notification message from the event source; and
      
      forwarding an accepted notification message to a messaging subsystem of the subscriber device.
  - 11. The method as claimed in claim 1, further comprising:
    - monitoring a notification rate of notification messages received per minute per event-source SCID per Internet protocol (IP) address; and
      
      blocking notification messages from IP addresses if the notification rate exceeds a predetermined threshold for a given event-source SCID and IP address.
  - 12. The method as claimed in claim 1, further comprising:
    - checking expiry information of the subscriber SCID; and
      
      rejecting notification messages having an expired subscriber SCID.
  - 13. The method of claim 1, further comprising:
    - rejecting the notification message if the notification message is not verified as being from the subscribed event source.

14. A secure correlation identifier (SCID) authentication system in a subscriber device for filtering unsolicited notification messages, the SCID authentication system comprising:
- a message listener configured to receive a notification message upon occurrence of an event, the notification message having an event-source SCID comprising a first portion and a second portion; and
  
  a SCID authenticator configured to;
  
  generate a subscriber SCID associated with a subscription to a subscribed event source, wherein the subscriber SCID comprises a randomized correlation identifier and a secure tag, wherein the secure tag is generated using the randomized correlation identifier and a device encryption key associated with the subscriber device; and
  
  provide the subscriber SCID to the subscribed event source in a subscription message;
  
  upon the message listener receiving the notification message, verify that the notification message is from the subscribed event source if the second portion of the event-source SCID is equal to a secure hash of the first portion of the event-source SCID, wherein the secure hash of the first portion is generated using the first portion and the device encryption key; and
  
  accept the notification message if the notification message is verified as being from the subscribed event source.
- View Dependent Claims (15, 16)
- - 15. The SCID authentication system as claimed in claim 14, further comprising a message parser for obtaining the event-source SCID from the notification message.
  - 16. The SCID authentication system as claimed in claim 14, further comprising a notification counter for monitoring a notification rate of notification messages received per minute per event-source SCID per Internet protocol (IP) address.

17. A computer program product for filtering unsolicited messages, the computer program product comprising a non-transitory computer readable medium embodying program code means for implementing a method in a subscriber device for filtering unsolicited notification messages, the method comprising:
- generating, at a subscriber device, a subscriber secure correlation identifier (SCID) associated with a subscription to a subscribed event source, wherein the subscriber SCID comprises a randomized correlation identifier and a secure tag, wherein the secure tag is generated using the randomized correlation identifier and a device encryption key associated with the subscriber device; and
  
  providing the subscriber SCID to the subscribed event source in a subscription message;
  
  receiving a notification message upon an occurrence of an event, the notification message having an event-source SCID comprising a first portion and a second portion;
  
  verifying that the notification message is from the subscribed event source if the second portion of the event-source SCID is equal to a secure hash of the first portion of the event-source SCID, wherein the secure hash is generated using the first portion and the device encryption key;
  
  accepting the notification message if the notification message is verified as being from the subscribed event source.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Sherkin, Alexander, Bibr, Viere
Primary Examiner(s)
Khoshnoodi, Nadia

Application Number

US11/589,249
Publication Number

US 20080104674A1
Time in Patent Office

2,444 Days
Field of Search

None
US Class Current

713/170
CPC Class Codes

G06Q 10/107   Computer-aided management o...

H04L 51/212   using filtering or selectiv...

H04L 63/0227   Filtering policies mail mes...

H04L 63/123   received data contents, e.g...

System and method of filtering unsolicited messages

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of filtering unsolicited messages

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links