Message sender authenticity validation

US 9,762,591 B2
Filed: 12/27/2014
Issued: 09/12/2017
Est. Priority Date: 12/27/2014
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a network interface; and

one or more logic elements, including at least a processor and a memory, comprising a validation server engine operable for multi-phase validation, comprising;

receiving an unverified message via the network interface;

parsing header data of the message;

analyzing the header data in relation to a content of the message; and

assigning the message a phase 1 credibility score based at least in part on the analyzing the header data; and

working cooperatively with end-user input to validate the unverified message; and

wherein the validation server engine is further operable for;

analyzing a publically-available database via the network interface;

comparing the publically-available database to the content of the message; and

assigning the message a phase 2 credibility score based at least in part on the comparing.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an example, a system and method are provided for validating the sender of a message, such as an e-mail, text message, voice mail, network message, internet posting, or other electronic message. An authenticity server engine may first prescreen the message with anti-spam, anti-malware, and other filters. The screened message is then provided to the end user. If the end user deems the message suspicious, he may request additional validation. The authenticity server engine may then apply an example four-phase validation scheme, including analyzing header data for consistency with the message body, analyzing public data sources, analyzing private data sources, and receiving a result of an off-channel challenge to the sender. The server may then assign the message a sender validity confidence score.

15 Citations

View as Search Results

20 Claims

1. An apparatus comprising:
- a network interface; and
  
  one or more logic elements, including at least a processor and a memory, comprising a validation server engine operable for multi-phase validation, comprising;
  
  receiving an unverified message via the network interface;
  
  parsing header data of the message;
  
  analyzing the header data in relation to a content of the message; and
  
  assigning the message a phase 1 credibility score based at least in part on the analyzing the header data; and
  
  working cooperatively with end-user input to validate the unverified message; and
  
  wherein the validation server engine is further operable for;
  
  analyzing a publically-available database via the network interface;
  
  comparing the publically-available database to the content of the message; and
  
  assigning the message a phase 2 credibility score based at least in part on the comparing.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The apparatus of claim 1, wherein analyzing the header data in relation to the content of the message comprises:
    - determining a likely locus of origin for the message; and
      
      analyzing a body of the message to determine whether location indicators in the body are consistent with the likely locus of origin.
  - 3. The apparatus of claim 1, wherein the publically-available database comprises an account age for a sender of the message.
  - 4. The apparatus of claim 1, wherein the validation server engine is further operable for providing an aggregate phase 1 and phase 2 credibility score directed to an end user device via the network interface.
  - 5. The apparatus of claim 1, wherein the validation server engine is further operable for receiving credentials for accessing a private data source via the network interface.
  - 6. The apparatus of claim 5, wherein the validation server engine is further operable for:
    - analyzing the private data source;
      
      comparing the private data source to the content of the message; and
      
      assigning the message a phase 3 credibility score based at least in part on the comparing.
  - 7. The apparatus of claim 1, wherein the validation server engine is further operable for receiving a user feedback score for the message via the network interface.
  - 8. The apparatus of claim 7, wherein the validation server engine is further operable for updating a global malware database based at least in part on receiving the user feedback score for the message.
  - 9. The apparatus of claim 7, wherein the validation server engine is further operable for receiving a result of an end user challenge, and assigning the message a phase 4 credibility score based at least in part on the receiving the result.
  - 10. The apparatus of claim 9, wherein the validation server engine is further operable for updating a global malware database based at least in part on receiving the result of the end user challenge.
  - 11. The apparatus of claim 1, wherein the validation server engine is further operable for applying at least one of anti-spam, anti-malware, anti-spyware, or anti-phishing filters to the message.

12. One or more tangible, non-transitory computer-readable mediums having stored thereon executable instructions operable for providing a validation server engine operable for providing a multi-phase authentication, comprising:
- receiving an unverified message via a network interface;
  
  parsing header data of the message;
  
  analyzing the header data in relation to a content of the message;
  
  assigning the message a phase 1 credibility score based at least in part on the analyzing the header data; and
  
  working cooperatively with end-user input to validate the unverified message; and
  
  wherein the validation server engine is further operable for;
  
  analyzing a publically-available database via the network interface;
  
  comparing the publically-available database to the content of the message; and
  
  assigning the message a phase 2 credibility score based at least in part on the comparing.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The one or more tangible, non-transitory computer-readable mediums of claim 12, wherein analyzing the header data in relation to the content of the message comprises:
    - determining a likely locus of origin for the message; and
      
      analyzing a body of the message to determine whether location indicators in the body are consistent with the likely locus of origin.
  - 14. The one or more tangible, non-transitory computer-readable mediums of claim 12, wherein the validation server engine is further operable for providing an aggregate phase 1 and phase 2 credibility score directed to an end user device via the network interface.
  - 15. The one or more tangible, non-transitory computer-readable mediums of claim 12, wherein the validation server engine is further operable for receiving credentials for accessing a private data source via the network interface.
  - 16. The one or more tangible, non-transitory computer-readable mediums of claim 15, wherein the validation server engine is further operable for:
    - analyzing the private data source;
      
      comparing the private data source to the content of the message; and
      
      assigning the message a phase 3 credibility score based at least in part on the comparing.
  - 17. The one or more tangible, non-transitory computer-readable mediums of claim 16, wherein the validation server engine is further operable for receiving a result of an end user challenge, and assigning the message a phase 4 credibility score based at least in part on the receiving the result.
  - 18. The one or more tangible, non-transitory computer-readable mediums of claim 17, wherein the validation server engine is further operable for updating a global malware database based at least in part on receiving the result of the end user challenge.
  - 19. The one or more tangible, non-transitory computer-readable mediums of claim 12, wherein the validation server engine is further operable for applying at least one of anti-spam, anti-malware, anti-spyware, or anti-phishing filters to the message.

20. A method for providing multi-phase validation on a computing apparatus, comprising:
- receiving an unverified message via a network interface;
  
  parsing header data of the message;
  
  analyzing the header data in relation to a content of the message;
  
  assigning the message a phase 1 credibility score based at least in part on the analyzing the header data;
  
  working cooperatively with end-user input to validate the unverified message;
  
  analyzing a publically-available database via the network interface;
  
  comparing the publically-available database to the content of the message; and
  
  assigning the message a phase 2 credibility score based at least in part on the comparing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Srivastava, Neeta, Zheng, Yi, Bennett, Jeremy
Primary Examiner(s)
SHEHNI, GHAZAL B

Application Number

US14/583,622
Publication Number

US 20160191542A1
Time in Patent Office

990 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0876   based on the identity of th...

H04L 63/123   received data contents, e.g...

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

Message sender authenticity validation

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Message sender authenticity validation

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links