Spam reduction in real time communications by human interaction proof

US 8,495,727 B2
Filed: 08/07/2007
Issued: 07/23/2013
Est. Priority Date: 08/07/2007
Status: Active Grant

First Claim

Patent Images

1. A system comprising;

at least one processor configured to execute computer-executable instructions; and

memory storing computer-executable instructions that, when executed by the at least one processor, implement;

an interface component configured to receive data related to a real time data communication between two or more clients; and

a verification component configured to identify a particular client participating within the real time data communication as a potential security threat, communicate a message including a human interaction proof (HIP) to the particular client from a user participating within the real time data communication, authenticate a human identity for the particular client by evaluating a response to the HIP, and communicate a result associated with the HIP to the user, wherein the verification component includes;

a detection component configured to dynamically monitor the real time data communication in order to identify potential security threats and configured to provide a warning to the user about potential security issues with the particular client, andan HIP generator configured to create the HIP to be provided to the particular client during the real time data communication between the two or more clients.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The claimed subject matter provides a system and/or a method that facilitates authenticating a data communication. An interface component can receive data related to a real time data communication between two or more clients. A verification component can employ a human interaction proof (HIP) to a client participating within the real time data communication, wherein a human identity of the client is authenticated as a function of a response to the HIP.

22 Citations

View as Search Results

20 Claims

1. A system comprising;
- at least one processor configured to execute computer-executable instructions; and
  
  memory storing computer-executable instructions that, when executed by the at least one processor, implement;
  
  an interface component configured to receive data related to a real time data communication between two or more clients; and
  
  a verification component configured to identify a particular client participating within the real time data communication as a potential security threat, communicate a message including a human interaction proof (HIP) to the particular client from a user participating within the real time data communication, authenticate a human identity for the particular client by evaluating a response to the HIP, and communicate a result associated with the HIP to the user, wherein the verification component includes;
  
  a detection component configured to dynamically monitor the real time data communication in order to identify potential security threats and configured to provide a warning to the user about potential security issues with the particular client, andan HIP generator configured to create the HIP to be provided to the particular client during the real time data communication between the two or more clients.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system of claim 1, wherein the real time data communication includes at least one of an instant messaging communication, a voice communication, an audio communication, a voice over Internet protocol (VoIP) communication, a file sharing communication, a desktop sharing communication, or a conference communication.
  - 3. The system of claim 1, wherein the human interaction proof includes at least one of an image, a portion of characters, a portion of audio data, a portion of voice data, a portion of video data, a distorted string of text, a question, a password request, a biometric input a fingerprint scan, a retinal scan, a facial scan, a spoken word, a voice sample, a digital signature, or an inductance specific to an individual.
  - 4. The system of claim 1, wherein the detection component dynamically monitors the real time data communication for characteristics associated with at least one of a bot, an automated program, a real time application, a phishing attack, an automated application, an automated agent, an automated agent in a cloud, a portion of spam, a phishing uniform resource locator (URL), a user in a public Internet cloud, or a malicious portion of data.
  - 5. The system of claim 1, wherein the real time data communication occurs in a first communication mode, the HIP generator creates the HIP for the first communication mode, and the HIP generator is further configured to create a disparate HIP for another communication mode different from the first communication mode.
  - 6. The system of claim 1, wherein the detection component is configured to employ a pattern matching heuristic based on previous conversations to identify malicious data communications.
  - 7. The system of claim 1, wherein the detection component warns the user that the particular client is a bot or a malicious user.
  - 8. The system of claim 1, wherein the response to the HIP must include human input in order to authenticate the human identity for the particular client.
  - 9. The system of claim 1, wherein the HIP generator is configured to create the HIP based upon one or more of:
    - a type of the real time data communication;
      
      ora type of the particular client participating in the real time data communication.
  - 10. The system of claim 1, further comprising a performance component configured to implement an action relating to the real time data communication based upon the response to the HIP.
  - 11. The system of claim 10, wherein the action based upon an invalid response to the HIP includes at least one of issuing a warning to the particular client, a re-issue of the HIP to the particular client, a suspension of the real time data communication, a block of the particular client, a block of a URL associated with the real time data communication, a termination of the real time data communication, or an addition of the particular client to a spam/bot list.
  - 12. The system of claim 10, wherein the action based upon a valid response to the HIP includes at least one of a continuation of the real time data communication, a validation of the particular client, or a validation of the real time data communication.
  - 13. The system of claim 1, wherein the verification component is configured to utilize authentication of the particular client for instant messaging communication to authenticate the particular client for audio data communication.
  - 14. The system of claim 1, wherein the real time data communication occurs within a conference session, and the verification component is configured to identify a joining participant as a potential security threat based on silence of the joining participant during the conference session.
  - 15. The system of claim 1, wherein the verification component communicates the message including the HIP to the particular client during the real time data communication based upon a manual command from the user to initiate a bot check.
  - 16. The system of claim 1, wherein the verification component is configured to automatically invoke the HIP based upon at least one of an identification of a bot pattern, a file sharing, a desktop sharing, a pre-defined time of silence, or a phishing attack.

17. A computer-implemented method comprising:
- monitoring a real time data communication between two or more clients in order to identify potential security threats;
  
  identifying a particular client participating within the real time data communication as a potential security threat;
  
  providing, to a user participating within the real time data communication, a warning about potential security issues with the particular client;
  
  creating a human interaction proof (HIP) to be provided to the particular client during the real time data communication;
  
  communicating a message including the HIP to the particular client from the user participating within the real time data communication;
  
  authenticating a human identity for the particular client by evaluating a response to the HIP provided by the particular client; and
  
  communicating a result associated with the HIP to the user participating within the real time data communication.
- View Dependent Claims (18, 19)
- - 18. The method of claim 17, wherein the real time data communication includes at least one of an instant messaging communication, a voice communication, an audio communication, a voice over Internet protocol (VoIP) communication, a file sharing communication, a desktop sharing communication, or a conference communication.
  - 19. The method of claim 17, further comprising:
    - identifying a bot pattern; and
      
      sending a hint about a potential bot threat to the user participating within the real time data communication.

20. A computer-readable storage device storing computer-executable instructions that, when executed by a computing device, cause the computing device to perform operations comprising:
- monitoring a real time data communication between two or more clients in order to identify potential security threats;
  
  identifying a particular client participating within the real time data communication as a potential security threat;
  
  providing, to a user participating within the real time data communication, a warning about potential security issues with the particular client;
  
  creating a human interaction proof (HIP) to be provided to the particular client during the real time data communication;
  
  communicating a message including the HIP to the particular client from the user participating within the real time data communication;
  
  authenticating a human identity for the particular client by evaluating a response to the HIP provided by the particular client; and
  
  communicating a result associated with the HIP to the user participating within the real time data communication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Ramanathan, Rajesh, Raghav, Amritansh, Combel, Craig M.
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
VICTORIA, NARCISO F

Application Number

US11/834,883
Publication Number

US 20090044264A1
Time in Patent Office

2,177 Days
Field of Search

726/2, 726/14
US Class Current

726/14
CPC Class Codes

G06F 21/552   involving long-term monitor...

H04L 63/08   for authentication of entit...

H04L 63/1441   Countermeasures against mal...

Spam reduction in real time communications by human interaction proof

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Spam reduction in real time communications by human interaction proof

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links