Techniques for to defeat phishing

US 7,422,115 B2
Filed: 09/07/2004
Issued: 09/09/2008
Est. Priority Date: 09/07/2004
Status: Active Grant

First Claim

Patent Images

1. A process for defeating phishers and carried out in a distributed email system having a protected email server coupled via a wide area network (WAN) to a plurality of client computers executing protected email software, comprising:

A) receiving an initiation message at the protected email server from a particular client computer executing a protected email sender process, the initiation message requesting a code in a form of a stemp for inclusion in a header of a proposed email addressed to a recipient, the initiation message including at least ID information which identifies a sender and includes secure information to which a particular phisher would not have access and including at least the header of the proposed email;

B) using the ID information and/or the secure information to determine an identity of the sender of the initiation message by looking up an owner of a protected email micropayments account associated with the ID information and/or the secure information;

C) authenticating the sender of the initiation message by determining if the sender of the initiation message is the owner of the protected email micropayments account determined from the ID information and/or the secure information in the initiation message;

D) if the sender of the initiation message is not authentic, sending a warning message and denying a particular request for the stemp;

E) if the sender is authentic, determining if the particular request for the stemp from the sender is legitimate in terms of a stemp policy; and

, if not, denying the particular request for the stemp;

F) if the particular request for the stemp is within the stemp policy, using an encryption key to encrypt the stemp, the encrypted stemp including at least unique information which directly or indirectly identifies the sender;

G) saving the encryption key, the unique information, the identity of the sender or a pointer to the identity of the sender, any Truemark, generic logo or white list source icon associated with the sender an the encrypted version of the stemp in a table or database;

H) determining if the sender is on a white list of an intended recipient, and if not, deducting a micropayment amount from a micropayments account owned by the sender;

(I) sending the stemp back to the sender computer which sent the initiation message along with the header of the proposed email;

J) after a recipient computer receives a proposed email purportedly from the sender computer, receiving at least the header of the proposed email if the proposed email had the stemp therein;

K) using the encrypted version of the stemp or a transaction number decrypted using a standard key from the encrypted stemp to look up a database record or table entry that pertains to the proposed email;

L) determining the identity of the sender from the database record or the table entry that pertains to the proposed email, determining if the stemp is a valid paid-for stemp and determining if there is a source icon of a particular Truemark or a particular white list variety associated with the proposed email that should be displayed with the proposed email when the proposed email is displayed on the recipient computer;

M) determining if a sender ID decrypted from the stemp matches the sender who purportedly sent the proposed email;

N) if the sender does not match, sending back a warning message to the recipient computer; and

O) if the sender matches, sending back another message to the recipient computer indicating the sender is authenticated and sending the particular Truemark or the particular white list icon to be displayed with the proposed email or data indicating which locally stored Truemark source icon should be displayed with the proposed email or that the particular white list icon should be displayed with the proposed email.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A protocol for protected email transmission using micropayments and a segregated inbox in which protected emails are displayed. The protocol also involves authentication of the sender to defeat phishers and an opt out protocol which can be used to block protected emails from sources from which the user no longer wishes to receive emails even if the source has made a micropayment. Branded email is also taught wherein a sender of protected emails can pay extra to have a miniature version of its brand logo or trademark displayed with its email in the segregated inbox. A white list is maintained on the protected email server (along with the opt out black list) so that recipients can designat specific senders who may send email to that recipient without paying a micropayment and still have the protected email displayed in the segregated inbox.

25 Citations

View as Search Results

33 Claims

1. A process for defeating phishers and carried out in a distributed email system having a protected email server coupled via a wide area network (WAN) to a plurality of client computers executing protected email software, comprising:
- A) receiving an initiation message at the protected email server from a particular client computer executing a protected email sender process, the initiation message requesting a code in a form of a stemp for inclusion in a header of a proposed email addressed to a recipient, the initiation message including at least ID information which identifies a sender and includes secure information to which a particular phisher would not have access and including at least the header of the proposed email;
  
  B) using the ID information and/or the secure information to determine an identity of the sender of the initiation message by looking up an owner of a protected email micropayments account associated with the ID information and/or the secure information;
  
  C) authenticating the sender of the initiation message by determining if the sender of the initiation message is the owner of the protected email micropayments account determined from the ID information and/or the secure information in the initiation message;
  
  D) if the sender of the initiation message is not authentic, sending a warning message and denying a particular request for the stemp;
  
  E) if the sender is authentic, determining if the particular request for the stemp from the sender is legitimate in terms of a stemp policy; and
  
  , if not, denying the particular request for the stemp;
  
  F) if the particular request for the stemp is within the stemp policy, using an encryption key to encrypt the stemp, the encrypted stemp including at least unique information which directly or indirectly identifies the sender;
  
  G) saving the encryption key, the unique information, the identity of the sender or a pointer to the identity of the sender, any Truemark, generic logo or white list source icon associated with the sender an the encrypted version of the stemp in a table or database;
  
  H) determining if the sender is on a white list of an intended recipient, and if not, deducting a micropayment amount from a micropayments account owned by the sender;
  
  (I) sending the stemp back to the sender computer which sent the initiation message along with the header of the proposed email;
  
  J) after a recipient computer receives a proposed email purportedly from the sender computer, receiving at least the header of the proposed email if the proposed email had the stemp therein;
  
  K) using the encrypted version of the stemp or a transaction number decrypted using a standard key from the encrypted stemp to look up a database record or table entry that pertains to the proposed email;
  
  L) determining the identity of the sender from the database record or the table entry that pertains to the proposed email, determining if the stemp is a valid paid-for stemp and determining if there is a source icon of a particular Truemark or a particular white list variety associated with the proposed email that should be displayed with the proposed email when the proposed email is displayed on the recipient computer;
  
  M) determining if a sender ID decrypted from the stemp matches the sender who purportedly sent the proposed email;
  
  N) if the sender does not match, sending back a warning message to the recipient computer; and
  
  O) if the sender matches, sending back another message to the recipient computer indicating the sender is authenticated and sending the particular Truemark or the particular white list icon to be displayed with the proposed email or data indicating which locally stored Truemark source icon should be displayed with the proposed email or that the particular white list icon should be displayed with the proposed email.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The process of claim 1 wherein step F further comprises encrypting in said stemp with tying information comprising some or all information from a header of said proposed email and/or a portion of said main body of said proposed email so as to ties said stemp to said proposed email, and wherein step M further comprises decrypting said tying information from said stemp and determining if the tying information matches information from the header or main body of said email so as to verify that the stemp sent back to the sender computer was in fact attached to said proposed email.
  - 3. The process of claim 1 wherein step C further comprises the step of determining if the sender is on a black list or an opt out list of the intended recipient, and, if so, denying the stemp to the sender thereby preventing the sender from sending the proposed email to the intended recipient.
  - 4. The process of claim 1 wherein step F further comprises encrypting the stemp with other information indicating which one of a plurality of Truemarks to display in a segregated inbox when a particular email bearing the stemp is received when the sender has paid for a Truemark stemp service.
  - 5. The process of claim 1 wherein step F further comprises encrypting the stemp with other information indicating a particular white list source icon is to be displayed in a segregated inbox when a particular email bearing the stemp is received by the recipient computer when the sender has been designated by the intended recipient of the proposed email to be on a particular white list of recipients that are allowed to send protected emails to the intended recipient without a micropayment.
  - 6. The process of claim 1 wherein step F further comprises encrypting the stemp with other information that associates the stemp with a generic logo when the sender is not on a particular white list of the intended recipient and has not paid a subscription for a Truemark branded stemp service.

7. A process to defeat phishers carried out in a client computer running protected email software operated by a recipient via a recipient computer in a distributed email system including a protected email server coupled via a wide area network (WAN) to client computers executing protected email software, comprising:
- A) receiving an encryption key, a transaction number from a protected email server;
  
  B) receiving an email message sent by a client computer executing protected email software operated by a sender via a sender computer;
  
  C) responding to a receipt of the email message by retrieving the encryption key sent by the protected email server which was used to encrypt a Truemark, a generic stemp or a white list stemp and attempting to decrypt the Truemark, the generic stemp or the white list stemp to retrieve the transaction number encrypted therein;
  
  D) comparing the transaction number received from the protected email server with the transaction number decrypted from the Truemark, the generic stemp or the white list stemp in a header of the email message received from the sender computer;
  
  E) if there is a match between transaction numbers, storing the email message in a segregated email folder which contains only email messages that have the Truemark, the generic stemp or the white list stemp therein or which is sent by the sender on a white list of the recipient; and
  
  F) when a command is received to display contents of the segregated email folder, displaying on the recipient computer selected information about each particular email message in the segregated email folder in a predetermined way.
- View Dependent Claims (8, 9, 10)
- - 8. The process of claim 7 wherein step E further comprises the step of storing the Truemark, the generic stemp or the white list stemp received with the email message in the segregated email folder if there is a match between the transaction numbers.
  - 9. The process of claim 8 wherein step A further comprises receiving a particular Truemark, a particular generic stemp or a particular white list stemp from the protected email server and storing the particular Truemark, the particular generic stemp or the particular white list stemp received from the protected email server with the email message in the segregated email folder, and wherein step F further comprises displaying the particular Truemark, the particular generic stemp or the particular white list stemp with the email message with which the particular Truemark, the particular generic stemp or the particular white list stemp is associated when the contents of the segregated email folder is displayed.
  - 10. The process of claim 8 wherein step C further comprises using the encryption key to retrieve the account number of the sender which is encrypted in the Truemark, the generic stemp or the white list stemp, and using the account number to look up the Truemark or the generic logo for display with the email message, and step F further comprises displaying the Truemark or the generic logo looked up from a table with the email message with which the Truemark, the generic stemp or the white list stemp is associated when the contents of the segregated email folder are displayed.

11. A process for defeating phishers and carried out in a distributed email system having a protected email server coupled via a wide area network (WAN) to a plurality of client computers executing protected email software, comprising:
- A) at a sender computer, receiving data from a sender to compose a proposed email message and receiving a user command to send the proposed email message to a particular, identified recipient;
  
  B) sending an initiation message to a protected email server requesting a code in the form of a stemp for inclusion in a header of the proposed email message and passing information with the proposed email message which identifies the sender;
  
  C) at a protected email server, authenticating an identity of the sender using information from the proposed email message and verifying the sender has an account with sufficient money in that account to pay for the stemp requested in step B or that the sender is on a white list of the recipient;
  
  D) at the protected email server, if conditions in step C are proper to send the proposed email message, the protected email server generates a transaction number, encrypts the stemp with other information which identifies the sender and encrypts the stemp with a transaction number associated with the proposed email message, saves an encryption key, deducts an amount of a micropayment from the account of the sender if the sender is not on the white list of the recipient, sends back to the sender the header with the stemp encoded therein;
  
  E) sending from the protected email server the encryption key used in step D and the transaction number generated in step D and, to a client computer operated by the recipient via the recipient computerDD) at the sender computer, attaching the header received from the protected email server to the proposed email message and sending the proposed email message to the recipient via normal email sending processes;
  
  EE) at the recipient computer, receiving the encryption key, the transaction number and the Truemark or the generic logo from the protected email server;
  
  F) at the recipient computer, receiving the proposed email message sent by the sender computer, and responding thereto by retrieving the encryption key used to encrypt the Truemark, the generic logo or a white list stemp and attempting to decrypt the Truemark, the generic stemp or the white list stemp to retrieve the account number and transaction number encrypted therein; and
  
  G) if the Truemark, the generic stemp or the white list stemp decrypts properly and a decrypted transaction number matches the transaction number received from the protected email server, the recipient computer places the proposed email message in a segregated inbox folder and stores the Truemark, the generic stemp or the white list stemp with the proposed email message for display when a user gives a command to display contents of the segregated inbox folder.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The process of claim 11 wherein step C further comprises the step of determining if the sender is on a black list or an opt out list of recipient, and, if so, blocking issuance of the stemp to the sender thereby preventing the sender from sending the proposed email message to the recipient.
  - 13. The process of claim 11 wherein step D comprises encrypting a Truemark stemp when said sender has paid for a Truemark stemp service.
  - 14. The process of claim 11 wherein step D comprises encrypting the white list stemp when the sender has been designated by the recipient of the proposed email message to be on the white list of recipient so that that the sender can send protected emails to the recipient without micropayments.
  - 15. The process of claim 11 wherein step D comprises encrypting the stemp associated with a generic logo when the sender is not on the white list of the recipient and has not paid a subscription for a Truemark branded stemp service.

16. A recipient computer in a protected email environment, comprising:
- a keyboard for entering data and giving commands;
  
  a monitor for displaying data, the commands and menu options;
  
  a pointing device;
  
  a central processing unit (CPU) coupled to the keyboard, the monitor and the pointing device and programmed to perform the following steps;
  
  A) receiving an encryption key and a transaction number regarding a protected environment email from a protected email server;
  
  B) receiving an email message sent by a client computer executing protected email software operated by a sender via a sender computer;
  
  C) responding to receipt of the email message by retrieving the encryption key sent by the protected email server which was used to encrypt a Truemark, a generic stemp or a white list stemp included within the email message received in step B, and attempting to decrypt the Truemark, the generic stemp or the white list stemp using the encryption key to retrieve a transaction number encrypted therein;
  
  D) comparing the transaction number received from the protected email server with another transaction number decrypted from the Truemark, the generic stemp or the white list stemp in a header of the said email message received from the sender computer;
  
  E) if there is a match between the transaction numbers, storing the email message in a segregated email folder maintained by a protected email receiver process executing on the CPU, the segregated email folder containing only emails that has the Truemark, the generic stemp or the white list stemp therein or which is sent by the sender on the white list of the recipient; and
  
  F) when a particular command is received to display the contents of the segregated email folder, displaying on the monitor of the recipient computer selected information about each email in the segregated email folder in a predetermined way.
- View Dependent Claims (17, 18, 19)
- - 17. The computer of claim 16 wherein the CPU is programmed to perform step F by displaying a navigation pane and a single content pane, the navigation pane having displayed therein an icon representing the segregated inbox of the protected email system, and when the recipient selects the icon, displaying the contents of the segregated inbox in the single content pane so that white list emails are interspersed with Truemark emails bearing a logo of a company which made a micropayment to get that company'"'"'s email into the segregated inbox.
  - 18. The computer of claim 16 wherein the CPU is programmed to perform step F by displaying a navigation pane and a single content pane with a friends tab and a logo mail tab, the navigation pane having displayed therein an icon representing the segregated inbox of the protected email system, and when the recipient selects the icon, displaying the contents of the segregated inbox in the single content pane so that only white list emails are displayed if the friends tab has been selected and only Truemark logo bearing emails are displayed if the logo mail tab has been selected.
  - 19. The computer of claim 16 wherein the CPU is programmed to perform step F by displaying a navigation pane and a dual content pane, the navigation pane having displayed therein an icon representing the segregated inbox of the protected email system, and when the recipient selects the icon, displaying the contents of the segregated inbox in the dual content pane so that white list emails are displayed in a first pane of the dual content pane and Truemark emails bearing a logo of a company which made a micropayment to get that company'"'"'s email into the segregated inbox are displayed in a second pane of the dual content pane.

20. A process for defeating phishers and carried out in a distributed email system having a protected email server coupled via a wide area network (WAN) to a plurality of client computers executing protected email software, comprising:
- A) receiving in a client computer executing a recipient computer protected email process an email;
  
  B) examining a header of the email for a presence of a stemp;
  
  C) if the stemp is not present, sending the email to an non protected email client application for display in a non segregated inbox;
  
  D) if the stemp is present, sending the header of the email to the protected email server to which the client computer is connected by the WAN along with a validation message requesting validation of a sender of the email;
  
  E) if a warning message is received back from the protected email server indicating the sender of the email is not who the sender is purporting to be, displaying the warning message to an operator of the recipient computer; and
  
  F) if the validation message is received back from the protected email server indicating the sender of the email is who the sender purports to be, storing the email in a segregated email inbox to be displayed when an icon representing the segregated email inbox is selected in the non protected email client application.
- View Dependent Claims (21)
- - 21. The process of claim 20 wherein step F further comprises receiving a Truemark source icon or a white list source icon from the protected email server with the validation message, and displaying the source icon with the email to indicate that the email belongs in the segregated inbox.

22. A protected email recipient client computer comprising:
- a display;
  
  a keyboard and pointing device;
  
  a central processing unit (CPU) programmed with an operating system (OS) and further programmed with one or more application programs which control the CPU to carry out the following process;
  
  A) receiving in a client computer executing a recipient computer protected email process an email;
  
  B) examining a header of the email for a presence of a stemp;
  
  C) if the stemp is not present, sending the email to an non protected email client application for display in a non segregated inbox;
  
  D) if the stemp is present, sending the header of the email to a protected email server to which the client computer is connected by the WAN along with a validation message requesting validation of a sender of the email;
  
  E) if a warning message is received back from the protected email server indicating the sender of the email is not from the sender it purports to be from, displaying the warning message to an operator of the recipient computer; and
  
  F) if the validation message is received back from the protected email server indicating the sender of the email is from the sender it purports to be from, storing the email in a segregated email inbox to be displayed when an icon representing the segregated email inbox is selected in the non protected email client application.
- View Dependent Claims (23)
- - 23. The computer of claim 22 further programmed by a particular one of the application programs to carry out step F by receiving a Truemark source icon or a white list source icon from the protected email server with the validation message, and displaying the source icon with the email to which it pertains in the segregated inbox.

24. A server computer in a protected email environment, comprising:
- a keyboard for entering data and giving commands;
  
  a monitor for displaying data, the commands and menu options;
  
  a pointing device;
  
  a central processing unit (CPU) coupled to the keyboard, the monitor and the pointing device and programmed to perform the following functions;
  
  A) receive a message from a client computer coupled to the CPU via a wide area network (WAN) and executing protected email software via a sender computer and operated by a sender, the message including sender identification information identifying the sender, the message requesting issuance of a code in the form of a Truemark, a stemp or a general logo to be used to gate an email to be sent from the sender computer into a segregated inbox of a protected email system, the segregated inbox maintained by a protected email recipient process executing on a recipient computer;
  
  B) authenticate an identity of the sender using the sender identification information in the message received from the sender computer,C) if the sender is authentic, the CPU verifies that the sender has an account with sufficient money in it to pay for the code requested in the message received during step A and to verify that the sender is not on a black list or an opt out list of the recipient and to determine if the sender is on a white list of the recipient operating receiver software executing on the recipient computer; and
  
  D) if conditions are determined in step C to be proper to send the email, performing the following steps;
  
  i) generating a transaction number;
  
  ii) encrypting a Truemark, a generic stemp or a white list stemp which contains an identification of the sender and the transaction number,iii) saving an encryption key;
  
  iv) deducting an amount of a micropayment from the account of the sender if the sender is not on the white list of the recipient;
  
  v) sending back to the sender the header with the Truemark, the generic stemp or the white list stemp encoded therein; and
  
  vi) sending the encryption key and the transaction number to the recipient computer.
- View Dependent Claims (25)
- - 25. The computer of claim 24 wherein the CPU is programmed to perform the following additional step when performing step D(vi):
    - sending to the recipient computer the Truemark or the generic logo associated with the sender of the email to which said transaction number pertains.

26. A protected email server comprising:
- a display;
  
  a keyboard and pointing device;
  
  a central processing unit (CPU) programmed with an operating system (OS) and further programmed with one or more application programs which control the CPU to carry out the following process;
  
  A) receiving an initiation message at the protected email server from a client computer executing a protected email sender process, the initiation message requesting a code in a form of a stemp for inclusion in a header of a proposed email addressed to a recipient, the initiation message including at least ID information which identifies a sender and includes secure information to which a phisher would not have access and including at least the header of the proposed email;
  
  B) using the ID information and/or the secure information to determine an identity of the sender of the initiation message by looking up an owner of a protected email micropayments account associated with the ID information and/or the secure information;
  
  C) authenticating the sender of the initiation message by determining if the sender of the initiation message is the owner of the protected email micropayments account determined from the ID information and/or the secure information in the initiation message;
  
  D) if the sender of the initiation message is not authentic, sending a warning message and denying a particular request for the stemp;
  
  E) if the sender is authentic, determining if the particular request for the stemp from the sender is legitimate in terms of a stemp policy; and
  
  , if not, denying the particular request for the stemp;
  
  F) if the particular request for the stemp is within the stemp policy, using an encryption key to encrypt the stemp, the encrypted stemp including at least unique information which directly or indirectly identifies the sender;
  
  G) saving the encryption key, the unique information, the identity of the sender or a pointer to the identity of the sender, any Truemark, generic logo or white list source icon associated with the sender and the encrypted version of the stemp in a table or database;
  
  H) determining if the sender is on a white list of an intended recipient, and, if not, deducting a micropayment amount from a micropayments account owned by the sender;
  
  I) sending the stemp back to a sender computer which sent the initiation message along with the header of the proposed email;
  
  J) after a recipient computer receives the proposed an email purportedly from the sender computer, receiving at least the header of the proposed email if the proposed email had the stemp therein;
  
  K) using the encrypted version of the stemp or a transaction number decrypted using a standard key from the encrypted stemp to look up a database record or table entry that pertains to the proposed email;
  
  L) determining the identity of the sender from the said database record or the table entry that pertains to the proposed email, determining if the stemp is a valid paid for stemp and determining if there is a source icon of a particular Truemark or a particular white list variety associated with the proposed email that should be displayed with the proposed email when the proposed email is displayed on the recipient computer;
  
  M) determining if the sender ID decrypted from the stemp matches the sender who purportedly sent the proposed email;
  
  N) if the sender does not match, sending back a warning message to the recipient computer; and
  
  O) if the sender matches, sending back another message to the recipient computer indicating the sender is authenticated and sending a particular Truemark or a particular white list icon to be displayed with the proposed email or other data indicating which locally stored Truemark source icon should be displayed with the proposed email or that the white list icon should be displayed with the proposed email.

27. A computer-readable storage medium and storing thereon computer-readable instructions which, when programmed into a computer, and controlling the computer to perform the following process:
- A) receiving an initiation message at a protected email server from a client computer executing a protected email sender process, the initiation message requesting a code in a form of a stemp for inclusion in a header of a proposed email addressed to a recipient, the initiation message including at least ID information which identifies a sender and includes secure information to which a phisher would not have access and including at least the header of the proposed email;
  
  B) using the ID information and/or the secure information to determine an identity of the sender of the initiation message by looking up an owner of a protected email micropayments account associated with the ID information and/or the secure information;
  
  C) authenticating the sender of the initiation message by determining if the purported sender of the initiation message is the owner of the protected email micropayments account determined from the ID information and/or the secure information in the initiation message;
  
  D) if the sender of the initiation message is not authentic, sending a warning message and denying a particular request for the stemp;
  
  E) if the sender is authentic, determining if the particular request for the stemp from the sender is legitimate in terms of a stemp policy; and
  
  , if not, denying the particular request for the stemp;
  
  F) if the particular request for the stemp is within the stemp policy, using an encryption key to encrypt the stemp, an encrypted version of the stemp including at least unique information which directly or indirectly identifies the sender;
  
  G) saving an encryption key, the unique information, the identity of the sender or a pointer to the identity of the sender, any Truemark, generic logo or white list source icon associated with the sender and the encrypted version of the stemp in a table or database;
  
  H) determining if the sender is on a white list of an intended recipient, and, if not, deducting a micropayment amount from a micropayments account owned by the sender;
  
  I) sending the stemp back to a sender computer which sent the initiation message along with the header of the proposed email;
  
  J) after a recipient computer receives the proposed email purportedly from the sender computer, receiving at least the header of the proposed email if the proposed email had the stemp therein;
  
  K) using the encrypted version of the stemp or a transaction number decrypted using a standard key from the encrypted version of the stemp to look up a database record or table entry that pertains to the proposed email;
  
  L) determining the identity of the sender from the database record or the table entry that pertains to the proposed said email, determining if the stemp is a valid paid-for stemp and determining if there is a source icon of a particular Truemark or a particular white list variety associated with the proposed email that should be displayed with the proposed email when the proposed email is displayed on the recipient computer;
  
  M) determining if the sender ID decrypted from the stemp matches the sender who purportedly sent the proposed email;
  
  N) if the sender does not match, sending back a warning message to the recipient computer; and
  
  O) if the sender matches, sending back another message to the recipient computer indicating the sender is authenticated and sending the particular Truemark or the particular white list icon to be displayed with the proposed email or other data indicating which locally stored Truemark source icon should be displayed with the proposed email or that the white list icon should be displayed with the proposed email.

28. A computer readable medium having stored thereon computer readable instructions, which when programmed into a computer, and controlling the computer to carry out the following process:
- A) receiving in a client computer executing a recipient computer protected email process an email;
  
  B) examining a header of the email for a presence of a stemp;
  
  C) if the stemp is not present, sending the email to an non protected email client application for display in a non segregated inbox;
  
  D) if the stemp is present, sending a header of the email to a protected email server to which the client computer is connected by a wide area network (WAN) along with a validation message requesting validation of a sender of the email;
  
  E) a warning message is received back from the protected email server indicating the sender of the email is not who the sender purports to be, displaying the email to an operator of the recipient computer;
  
  F) if the validation message is received back from the protected email server indicating the sender of the email is who the sender purports to be, storing the email in a segregated email inbox to be displayed when an icon representing the segregated email inbox is selected in the non protected email client application.

29. A process to defeat phishers carried out in a protected email server coupled via a wide area network (WAN) to client computers executing protected email software, comprising:
- A) authenticating an identity of a sender using information from an email message received from a client computer executing a protected email sender process, the email message requesting issuance of a code in the form of a Truemark, a stemp or a general logo to be used to gate the email message to be sent from the sender process into a segregated inbox maintained by a recipient process executing on a recipient computer;
  
  B) using information in the email message to verify the identity of the sender and that the sender has an account with sufficient money in it to pay for the code requested in step A and to verify that the sender is not on a black list or an opt out list of a recipient and to determine if the sender is on a white list of the recipient operating receiver software executing on the recipient computer; and
  
  C) if conditions in step B are proper to send the email message, performing the following steps;
  
  generating a transaction number;
  
  encrypting a Truemark, a generic stemp or a white list stemp which contains an identification of the sender and the transaction number,saving an encryption key;
  
  deducting an amount of a micropayment from an account of the sender if the sender is not on the white list of the recipient;
  
  sending back to the sender a header of the email message with the Truemark, the generic stemp or the white list stemp encoded therein; and
  
  sending the encryption key and the transaction number and the Truemark or the generic logo to the recipient computer.

30. A process to defeat phishers carried out in a client computer running protected email software operated by a sender of email via a sender computer in a distributed email system including a protected email server coupled via a wide area network (WAN) to client computers executing protected email software, comprising:
- the sender computer operating protected email software operated by a sender receives input data comprising an email and identifying a recipient and a subject and including sender identification information which identifies the sender of the email in a protected email system, and receiving a command to send the email to the recipient;
  
  the sender computer sends to the protected email server a message including said sender identification information and a header of the email which includes data which identifies the recipient of the email, the message requesting a code for inclusion in the header of the email which causes the email to not be blocked by a computer executing the protected email software operated by the recipient via a recipient computerthe sender computer receives the header back from the protected email server if the protected email server authenticates the sender, the header including the code; and
  
  the sender computer integrates the header received from the protected email server with the email and sends the email in manner every other email not part of the protected email system is sent.

31. A sender computer apparatus, comprising:
- a keyboard for entering data and giving commands;
  
  a monitor for displaying data, the commands and menu options;
  
  a pointing device;
  
  a central processing unit (CPU) coupled to the keyboard, the monitor and the pointing device and programmed to perform the following functions;
  
  receive input data comprising an email and identifying a recipient and a subject and including sender identification information which identifies a sender of the email in a protected email system;
  
  receive a particular command to send the email to the recipient;
  
  send to a protected email server a particular message including the sender identification information and a header of the email which includes other data which identifies the recipient of the email, the particular message requesting a code for inclusion in the header of the email which causes the email to not be blocked by a computer executing protected email software operated by the recipient via a recipient computer;
  
  receive the header back from the protected email server if the protected email server authenticates the sender, the header including the code; and
  
  integrate the header received from the protected email server with the email and send the email in manners every other email not part of the protected email system is sent.

32. A computer-readable medium having stored thereon computer executable instructions which control a computer to perform the following functions:
- A) receive a message from a client computer coupled to a central processing unit (CPU) via a wide area network (WAN) and executing protected email software via a sender computer and operated by a sender, the said message including sender identification information identifying the sender, the message requesting issuance of a code in the form of a Truemark, a stemp or a general logo to be used to gate an email message to be sent from the sender computer into a segregated inbox of a protected email system, the segregated inbox maintained by a protected email recipient process executing on a recipient computer;
  
  B) authenticate an identity of the sender using the sender identification information in the message received from the sender computer,C) if the sender is authentic, the CPU verifies that the sender has an account with sufficient money in it to pay for the code requested in the message received during step A and to verify that the sender is not on a black list or an opt out list of a recipient and to determine if the sender is on a white list of a recipient operating receiver software executing on the recipient computer; and
  
  D) if conditions are determined in step C to be proper to send the email, performing the following steps;
  
  i) generating a transaction number;
  
  ii) encrypting a Truemark, a generic stemp or a white list stemp which contains the identification of the sender and the transaction number,iii) saving an encryption key;
  
  iv) deducting the amount of a micropayment from the account of the sender if the sender is not on the white list of the recipient;
  
  v) sending back to the sender a header with the Truemark, the generic stemp or the white list stemp encoded therein; and
  
  vi) sending the encryption key and the transaction number to the recipient computer.

33. A computer-readable storage medium having stored thereon computer executable instructions which control a recipient computer to perform the following process:
- A) receiving an encryption key and a transaction number regarding a protected environment email from a protected email server;
  
  B) receiving an email message sent by a client computer executing protected email software operated by a sender via a sender computer;
  
  C) responding to a receipt of the email message by retrieving the encryption key sent by the protected email server which was used to encrypt a Truemark, a generic stemp or a white list stemp included within the email message received in step B, and attempting to decrypt the Truemark, the generic stemp or the white list stemp using the encryption key to retrieve a transaction number encrypted therein;
  
  D) comparing the transaction number received from the protected email server with the transaction number decrypted from the Truemark, the generic stemp or the white list stemp in a header of the email message received from the sender computer;
  
  E) if there is a match between transaction numbers, storing the email message in a segregated email folder maintained by a protected email receiver process executing on the CPU, the segregated email folder containing only emails that has the Truemark, the generic stemp or the white list stemp therein or which is sent by the sender on a white list of the recipient; and
  
  F) when a particular command is received to display contents of the segregated email folder, displaying on a monitor of the recipient computer selected information about each of the emails in the segregated email folder in a predetermined way.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Iconix Incorporated (Matthews Group LLC)
Original Assignee
Iconix Incorporated (Matthews Group LLC)
Inventors
Zager, Robert Philip, Picazo, Jose Jesus Jr., Duvvoori, Vikram, Trytten, Chris David, Ames, William, Vempaty, Nageshwara Rao
Primary Examiner(s)
Harrell; Robert B

Application Number

US10/935,639
Publication Number

US 20060075028A1
Time in Patent Office

1,463 Days
Field of Search

709/206
US Class Current

209/206
CPC Class Codes

G06Q 10/107   Computer-aided management o...

H04L 12/66   Arrangements for connecting...

H04L 51/212   using filtering or selectiv...

H04L 63/0428   wherein the data content is...

H04L 63/126   the source of the received ...

Techniques for to defeat phishing

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

33 Claims

Specification

Use Cases

Quick Links

Others

Techniques for to defeat phishing

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

33 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others