Techniques for to defeat phishing
First Claim
1. A process for defeating phishers and carried out in a distributed email system having a protected email server coupled via a wide area network (WAN) to a plurality of client computers executing protected email software, comprising:
- A) receiving an initiation message at the protected email server from a particular client computer executing a protected email sender process, the initiation message requesting a code in a form of a stemp for inclusion in a header of a proposed email addressed to a recipient, the initiation message including at least ID information which identifies a sender and includes secure information to which a particular phisher would not have access and including at least the header of the proposed email;
B) using the ID information and/or the secure information to determine an identity of the sender of the initiation message by looking up an owner of a protected email micropayments account associated with the ID information and/or the secure information;
C) authenticating the sender of the initiation message by determining if the sender of the initiation message is the owner of the protected email micropayments account determined from the ID information and/or the secure information in the initiation message;
D) if the sender of the initiation message is not authentic, sending a warning message and denying a particular request for the stemp;
E) if the sender is authentic, determining if the particular request for the stemp from the sender is legitimate in terms of a stemp policy; and
, if not, denying the particular request for the stemp;
F) if the particular request for the stemp is within the stemp policy, using an encryption key to encrypt the stemp, the encrypted stemp including at least unique information which directly or indirectly identifies the sender;
G) saving the encryption key, the unique information, the identity of the sender or a pointer to the identity of the sender, any Truemark, generic logo or white list source icon associated with the sender an the encrypted version of the stemp in a table or database;
H) determining if the sender is on a white list of an intended recipient, and if not, deducting a micropayment amount from a micropayments account owned by the sender;
(I) sending the stemp back to the sender computer which sent the initiation message along with the header of the proposed email;
J) after a recipient computer receives a proposed email purportedly from the sender computer, receiving at least the header of the proposed email if the proposed email had the stemp therein;
K) using the encrypted version of the stemp or a transaction number decrypted using a standard key from the encrypted stemp to look up a database record or table entry that pertains to the proposed email;
L) determining the identity of the sender from the database record or the table entry that pertains to the proposed email, determining if the stemp is a valid paid-for stemp and determining if there is a source icon of a particular Truemark or a particular white list variety associated with the proposed email that should be displayed with the proposed email when the proposed email is displayed on the recipient computer;
M) determining if a sender ID decrypted from the stemp matches the sender who purportedly sent the proposed email;
N) if the sender does not match, sending back a warning message to the recipient computer; and
O) if the sender matches, sending back another message to the recipient computer indicating the sender is authenticated and sending the particular Truemark or the particular white list icon to be displayed with the proposed email or data indicating which locally stored Truemark source icon should be displayed with the proposed email or that the particular white list icon should be displayed with the proposed email.
2 Assignments
0 Petitions
Accused Products
Abstract
A protocol for protected email transmission using micropayments and a segregated inbox in which protected emails are displayed. The protocol also involves authentication of the sender to defeat phishers and an opt out protocol which can be used to block protected emails from sources from which the user no longer wishes to receive emails even if the source has made a micropayment. Branded email is also taught wherein a sender of protected emails can pay extra to have a miniature version of its brand logo or trademark displayed with its email in the segregated inbox. A white list is maintained on the protected email server (along with the opt out black list) so that recipients can designat specific senders who may send email to that recipient without paying a micropayment and still have the protected email displayed in the segregated inbox.
25 Citations
33 Claims
-
1. A process for defeating phishers and carried out in a distributed email system having a protected email server coupled via a wide area network (WAN) to a plurality of client computers executing protected email software, comprising:
-
A) receiving an initiation message at the protected email server from a particular client computer executing a protected email sender process, the initiation message requesting a code in a form of a stemp for inclusion in a header of a proposed email addressed to a recipient, the initiation message including at least ID information which identifies a sender and includes secure information to which a particular phisher would not have access and including at least the header of the proposed email; B) using the ID information and/or the secure information to determine an identity of the sender of the initiation message by looking up an owner of a protected email micropayments account associated with the ID information and/or the secure information; C) authenticating the sender of the initiation message by determining if the sender of the initiation message is the owner of the protected email micropayments account determined from the ID information and/or the secure information in the initiation message; D) if the sender of the initiation message is not authentic, sending a warning message and denying a particular request for the stemp; E) if the sender is authentic, determining if the particular request for the stemp from the sender is legitimate in terms of a stemp policy; and
, if not, denying the particular request for the stemp;F) if the particular request for the stemp is within the stemp policy, using an encryption key to encrypt the stemp, the encrypted stemp including at least unique information which directly or indirectly identifies the sender;
G) saving the encryption key, the unique information, the identity of the sender or a pointer to the identity of the sender, any Truemark, generic logo or white list source icon associated with the sender an the encrypted version of the stemp in a table or database; H) determining if the sender is on a white list of an intended recipient, and if not, deducting a micropayment amount from a micropayments account owned by the sender; (I) sending the stemp back to the sender computer which sent the initiation message along with the header of the proposed email; J) after a recipient computer receives a proposed email purportedly from the sender computer, receiving at least the header of the proposed email if the proposed email had the stemp therein; K) using the encrypted version of the stemp or a transaction number decrypted using a standard key from the encrypted stemp to look up a database record or table entry that pertains to the proposed email; L) determining the identity of the sender from the database record or the table entry that pertains to the proposed email, determining if the stemp is a valid paid-for stemp and determining if there is a source icon of a particular Truemark or a particular white list variety associated with the proposed email that should be displayed with the proposed email when the proposed email is displayed on the recipient computer; M) determining if a sender ID decrypted from the stemp matches the sender who purportedly sent the proposed email; N) if the sender does not match, sending back a warning message to the recipient computer; and O) if the sender matches, sending back another message to the recipient computer indicating the sender is authenticated and sending the particular Truemark or the particular white list icon to be displayed with the proposed email or data indicating which locally stored Truemark source icon should be displayed with the proposed email or that the particular white list icon should be displayed with the proposed email. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A process to defeat phishers carried out in a client computer running protected email software operated by a recipient via a recipient computer in a distributed email system including a protected email server coupled via a wide area network (WAN) to client computers executing protected email software, comprising:
-
A) receiving an encryption key, a transaction number from a protected email server; B) receiving an email message sent by a client computer executing protected email software operated by a sender via a sender computer; C) responding to a receipt of the email message by retrieving the encryption key sent by the protected email server which was used to encrypt a Truemark, a generic stemp or a white list stemp and attempting to decrypt the Truemark, the generic stemp or the white list stemp to retrieve the transaction number encrypted therein; D) comparing the transaction number received from the protected email server with the transaction number decrypted from the Truemark, the generic stemp or the white list stemp in a header of the email message received from the sender computer; E) if there is a match between transaction numbers, storing the email message in a segregated email folder which contains only email messages that have the Truemark, the generic stemp or the white list stemp therein or which is sent by the sender on a white list of the recipient; and F) when a command is received to display contents of the segregated email folder, displaying on the recipient computer selected information about each particular email message in the segregated email folder in a predetermined way. - View Dependent Claims (8, 9, 10)
-
-
11. A process for defeating phishers and carried out in a distributed email system having a protected email server coupled via a wide area network (WAN) to a plurality of client computers executing protected email software, comprising:
-
A) at a sender computer, receiving data from a sender to compose a proposed email message and receiving a user command to send the proposed email message to a particular, identified recipient; B) sending an initiation message to a protected email server requesting a code in the form of a stemp for inclusion in a header of the proposed email message and passing information with the proposed email message which identifies the sender; C) at a protected email server, authenticating an identity of the sender using information from the proposed email message and verifying the sender has an account with sufficient money in that account to pay for the stemp requested in step B or that the sender is on a white list of the recipient; D) at the protected email server, if conditions in step C are proper to send the proposed email message, the protected email server generates a transaction number, encrypts the stemp with other information which identifies the sender and encrypts the stemp with a transaction number associated with the proposed email message, saves an encryption key, deducts an amount of a micropayment from the account of the sender if the sender is not on the white list of the recipient, sends back to the sender the header with the stemp encoded therein; E) sending from the protected email server the encryption key used in step D and the transaction number generated in step D and, to a client computer operated by the recipient via the recipient computer DD) at the sender computer, attaching the header received from the protected email server to the proposed email message and sending the proposed email message to the recipient via normal email sending processes; EE) at the recipient computer, receiving the encryption key, the transaction number and the Truemark or the generic logo from the protected email server; F) at the recipient computer, receiving the proposed email message sent by the sender computer, and responding thereto by retrieving the encryption key used to encrypt the Truemark, the generic logo or a white list stemp and attempting to decrypt the Truemark, the generic stemp or the white list stemp to retrieve the account number and transaction number encrypted therein; and G) if the Truemark, the generic stemp or the white list stemp decrypts properly and a decrypted transaction number matches the transaction number received from the protected email server, the recipient computer places the proposed email message in a segregated inbox folder and stores the Truemark, the generic stemp or the white list stemp with the proposed email message for display when a user gives a command to display contents of the segregated inbox folder. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A recipient computer in a protected email environment, comprising:
-
a keyboard for entering data and giving commands; a monitor for displaying data, the commands and menu options; a pointing device; a central processing unit (CPU) coupled to the keyboard, the monitor and the pointing device and programmed to perform the following steps; A) receiving an encryption key and a transaction number regarding a protected environment email from a protected email server; B) receiving an email message sent by a client computer executing protected email software operated by a sender via a sender computer; C) responding to receipt of the email message by retrieving the encryption key sent by the protected email server which was used to encrypt a Truemark, a generic stemp or a white list stemp included within the email message received in step B, and attempting to decrypt the Truemark, the generic stemp or the white list stemp using the encryption key to retrieve a transaction number encrypted therein;
D) comparing the transaction number received from the protected email server with another transaction number decrypted from the Truemark, the generic stemp or the white list stemp in a header of the said email message received from the sender computer; E) if there is a match between the transaction numbers, storing the email message in a segregated email folder maintained by a protected email receiver process executing on the CPU, the segregated email folder containing only emails that has the Truemark, the generic stemp or the white list stemp therein or which is sent by the sender on the white list of the recipient; and F) when a particular command is received to display the contents of the segregated email folder, displaying on the monitor of the recipient computer selected information about each email in the segregated email folder in a predetermined way. - View Dependent Claims (17, 18, 19)
-
-
20. A process for defeating phishers and carried out in a distributed email system having a protected email server coupled via a wide area network (WAN) to a plurality of client computers executing protected email software, comprising:
-
A) receiving in a client computer executing a recipient computer protected email process an email; B) examining a header of the email for a presence of a stemp; C) if the stemp is not present, sending the email to an non protected email client application for display in a non segregated inbox; D) if the stemp is present, sending the header of the email to the protected email server to which the client computer is connected by the WAN along with a validation message requesting validation of a sender of the email; E) if a warning message is received back from the protected email server indicating the sender of the email is not who the sender is purporting to be, displaying the warning message to an operator of the recipient computer; and F) if the validation message is received back from the protected email server indicating the sender of the email is who the sender purports to be, storing the email in a segregated email inbox to be displayed when an icon representing the segregated email inbox is selected in the non protected email client application. - View Dependent Claims (21)
-
-
22. A protected email recipient client computer comprising:
-
a display; a keyboard and pointing device; a central processing unit (CPU) programmed with an operating system (OS) and further programmed with one or more application programs which control the CPU to carry out the following process; A) receiving in a client computer executing a recipient computer protected email process an email; B) examining a header of the email for a presence of a stemp; C) if the stemp is not present, sending the email to an non protected email client application for display in a non segregated inbox; D) if the stemp is present, sending the header of the email to a protected email server to which the client computer is connected by the WAN along with a validation message requesting validation of a sender of the email; E) if a warning message is received back from the protected email server indicating the sender of the email is not from the sender it purports to be from, displaying the warning message to an operator of the recipient computer; and F) if the validation message is received back from the protected email server indicating the sender of the email is from the sender it purports to be from, storing the email in a segregated email inbox to be displayed when an icon representing the segregated email inbox is selected in the non protected email client application. - View Dependent Claims (23)
-
-
24. A server computer in a protected email environment, comprising:
-
a keyboard for entering data and giving commands; a monitor for displaying data, the commands and menu options; a pointing device; a central processing unit (CPU) coupled to the keyboard, the monitor and the pointing device and programmed to perform the following functions; A) receive a message from a client computer coupled to the CPU via a wide area network (WAN) and executing protected email software via a sender computer and operated by a sender, the message including sender identification information identifying the sender, the message requesting issuance of a code in the form of a Truemark, a stemp or a general logo to be used to gate an email to be sent from the sender computer into a segregated inbox of a protected email system, the segregated inbox maintained by a protected email recipient process executing on a recipient computer; B) authenticate an identity of the sender using the sender identification information in the message received from the sender computer, C) if the sender is authentic, the CPU verifies that the sender has an account with sufficient money in it to pay for the code requested in the message received during step A and to verify that the sender is not on a black list or an opt out list of the recipient and to determine if the sender is on a white list of the recipient operating receiver software executing on the recipient computer; and D) if conditions are determined in step C to be proper to send the email, performing the following steps; i) generating a transaction number;
ii) encrypting a Truemark, a generic stemp or a white list stemp which contains an identification of the sender and the transaction number, iii) saving an encryption key; iv) deducting an amount of a micropayment from the account of the sender if the sender is not on the white list of the recipient; v) sending back to the sender the header with the Truemark, the generic stemp or the white list stemp encoded therein; and vi) sending the encryption key and the transaction number to the recipient computer. - View Dependent Claims (25)
-
-
26. A protected email server comprising:
-
a display; a keyboard and pointing device; a central processing unit (CPU) programmed with an operating system (OS) and further programmed with one or more application programs which control the CPU to carry out the following process; A) receiving an initiation message at the protected email server from a client computer executing a protected email sender process, the initiation message requesting a code in a form of a stemp for inclusion in a header of a proposed email addressed to a recipient, the initiation message including at least ID information which identifies a sender and includes secure information to which a phisher would not have access and including at least the header of the proposed email; B) using the ID information and/or the secure information to determine an identity of the sender of the initiation message by looking up an owner of a protected email micropayments account associated with the ID information and/or the secure information; C) authenticating the sender of the initiation message by determining if the sender of the initiation message is the owner of the protected email micropayments account determined from the ID information and/or the secure information in the initiation message; D) if the sender of the initiation message is not authentic, sending a warning message and denying a particular request for the stemp; E) if the sender is authentic, determining if the particular request for the stemp from the sender is legitimate in terms of a stemp policy; and
, if not, denying the particular request for the stemp;F) if the particular request for the stemp is within the stemp policy, using an encryption key to encrypt the stemp, the encrypted stemp including at least unique information which directly or indirectly identifies the sender; G) saving the encryption key, the unique information, the identity of the sender or a pointer to the identity of the sender, any Truemark, generic logo or white list source icon associated with the sender and the encrypted version of the stemp in a table or database; H) determining if the sender is on a white list of an intended recipient, and, if not, deducting a micropayment amount from a micropayments account owned by the sender; I) sending the stemp back to a sender computer which sent the initiation message along with the header of the proposed email; J) after a recipient computer receives the proposed an email purportedly from the sender computer, receiving at least the header of the proposed email if the proposed email had the stemp therein; K) using the encrypted version of the stemp or a transaction number decrypted using a standard key from the encrypted stemp to look up a database record or table entry that pertains to the proposed email; L) determining the identity of the sender from the said database record or the table entry that pertains to the proposed email, determining if the stemp is a valid paid for stemp and determining if there is a source icon of a particular Truemark or a particular white list variety associated with the proposed email that should be displayed with the proposed email when the proposed email is displayed on the recipient computer; M) determining if the sender ID decrypted from the stemp matches the sender who purportedly sent the proposed email; N) if the sender does not match, sending back a warning message to the recipient computer; and O) if the sender matches, sending back another message to the recipient computer indicating the sender is authenticated and sending a particular Truemark or a particular white list icon to be displayed with the proposed email or other data indicating which locally stored Truemark source icon should be displayed with the proposed email or that the white list icon should be displayed with the proposed email.
-
-
27. A computer-readable storage medium and storing thereon computer-readable instructions which, when programmed into a computer, and controlling the computer to perform the following process:
-
A) receiving an initiation message at a protected email server from a client computer executing a protected email sender process, the initiation message requesting a code in a form of a stemp for inclusion in a header of a proposed email addressed to a recipient, the initiation message including at least ID information which identifies a sender and includes secure information to which a phisher would not have access and including at least the header of the proposed email; B) using the ID information and/or the secure information to determine an identity of the sender of the initiation message by looking up an owner of a protected email micropayments account associated with the ID information and/or the secure information; C) authenticating the sender of the initiation message by determining if the purported sender of the initiation message is the owner of the protected email micropayments account determined from the ID information and/or the secure information in the initiation message; D) if the sender of the initiation message is not authentic, sending a warning message and denying a particular request for the stemp; E) if the sender is authentic, determining if the particular request for the stemp from the sender is legitimate in terms of a stemp policy; and
, if not, denying the particular request for the stemp;F) if the particular request for the stemp is within the stemp policy, using an encryption key to encrypt the stemp, an encrypted version of the stemp including at least unique information which directly or indirectly identifies the sender; G) saving an encryption key, the unique information, the identity of the sender or a pointer to the identity of the sender, any Truemark, generic logo or white list source icon associated with the sender and the encrypted version of the stemp in a table or database; H) determining if the sender is on a white list of an intended recipient, and, if not, deducting a micropayment amount from a micropayments account owned by the sender; I) sending the stemp back to a sender computer which sent the initiation message along with the header of the proposed email; J) after a recipient computer receives the proposed email purportedly from the sender computer, receiving at least the header of the proposed email if the proposed email had the stemp therein; K) using the encrypted version of the stemp or a transaction number decrypted using a standard key from the encrypted version of the stemp to look up a database record or table entry that pertains to the proposed email; L) determining the identity of the sender from the database record or the table entry that pertains to the proposed said email, determining if the stemp is a valid paid-for stemp and determining if there is a source icon of a particular Truemark or a particular white list variety associated with the proposed email that should be displayed with the proposed email when the proposed email is displayed on the recipient computer; M) determining if the sender ID decrypted from the stemp matches the sender who purportedly sent the proposed email; N) if the sender does not match, sending back a warning message to the recipient computer; and O) if the sender matches, sending back another message to the recipient computer indicating the sender is authenticated and sending the particular Truemark or the particular white list icon to be displayed with the proposed email or other data indicating which locally stored Truemark source icon should be displayed with the proposed email or that the white list icon should be displayed with the proposed email.
-
-
28. A computer readable medium having stored thereon computer readable instructions, which when programmed into a computer, and controlling the computer to carry out the following process:
-
A) receiving in a client computer executing a recipient computer protected email process an email; B) examining a header of the email for a presence of a stemp; C) if the stemp is not present, sending the email to an non protected email client application for display in a non segregated inbox; D) if the stemp is present, sending a header of the email to a protected email server to which the client computer is connected by a wide area network (WAN) along with a validation message requesting validation of a sender of the email; E) a warning message is received back from the protected email server indicating the sender of the email is not who the sender purports to be, displaying the email to an operator of the recipient computer; F) if the validation message is received back from the protected email server indicating the sender of the email is who the sender purports to be, storing the email in a segregated email inbox to be displayed when an icon representing the segregated email inbox is selected in the non protected email client application.
-
-
29. A process to defeat phishers carried out in a protected email server coupled via a wide area network (WAN) to client computers executing protected email software, comprising:
-
A) authenticating an identity of a sender using information from an email message received from a client computer executing a protected email sender process, the email message requesting issuance of a code in the form of a Truemark, a stemp or a general logo to be used to gate the email message to be sent from the sender process into a segregated inbox maintained by a recipient process executing on a recipient computer; B) using information in the email message to verify the identity of the sender and that the sender has an account with sufficient money in it to pay for the code requested in step A and to verify that the sender is not on a black list or an opt out list of a recipient and to determine if the sender is on a white list of the recipient operating receiver software executing on the recipient computer; and C) if conditions in step B are proper to send the email message, performing the following steps; generating a transaction number; encrypting a Truemark, a generic stemp or a white list stemp which contains an identification of the sender and the transaction number, saving an encryption key; deducting an amount of a micropayment from an account of the sender if the sender is not on the white list of the recipient; sending back to the sender a header of the email message with the Truemark, the generic stemp or the white list stemp encoded therein; and sending the encryption key and the transaction number and the Truemark or the generic logo to the recipient computer.
-
-
30. A process to defeat phishers carried out in a client computer running protected email software operated by a sender of email via a sender computer in a distributed email system including a protected email server coupled via a wide area network (WAN) to client computers executing protected email software, comprising:
-
the sender computer operating protected email software operated by a sender receives input data comprising an email and identifying a recipient and a subject and including sender identification information which identifies the sender of the email in a protected email system, and receiving a command to send the email to the recipient; the sender computer sends to the protected email server a message including said sender identification information and a header of the email which includes data which identifies the recipient of the email, the message requesting a code for inclusion in the header of the email which causes the email to not be blocked by a computer executing the protected email software operated by the recipient via a recipient computer the sender computer receives the header back from the protected email server if the protected email server authenticates the sender, the header including the code; and the sender computer integrates the header received from the protected email server with the email and sends the email in manner every other email not part of the protected email system is sent.
-
-
31. A sender computer apparatus, comprising:
-
a keyboard for entering data and giving commands; a monitor for displaying data, the commands and menu options; a pointing device; a central processing unit (CPU) coupled to the keyboard, the monitor and the pointing device and programmed to perform the following functions; receive input data comprising an email and identifying a recipient and a subject and including sender identification information which identifies a sender of the email in a protected email system; receive a particular command to send the email to the recipient; send to a protected email server a particular message including the sender identification information and a header of the email which includes other data which identifies the recipient of the email, the particular message requesting a code for inclusion in the header of the email which causes the email to not be blocked by a computer executing protected email software operated by the recipient via a recipient computer; receive the header back from the protected email server if the protected email server authenticates the sender, the header including the code; and integrate the header received from the protected email server with the email and send the email in manners every other email not part of the protected email system is sent.
-
-
32. A computer-readable medium having stored thereon computer executable instructions which control a computer to perform the following functions:
-
A) receive a message from a client computer coupled to a central processing unit (CPU) via a wide area network (WAN) and executing protected email software via a sender computer and operated by a sender, the said message including sender identification information identifying the sender, the message requesting issuance of a code in the form of a Truemark, a stemp or a general logo to be used to gate an email message to be sent from the sender computer into a segregated inbox of a protected email system, the segregated inbox maintained by a protected email recipient process executing on a recipient computer; B) authenticate an identity of the sender using the sender identification information in the message received from the sender computer, C) if the sender is authentic, the CPU verifies that the sender has an account with sufficient money in it to pay for the code requested in the message received during step A and to verify that the sender is not on a black list or an opt out list of a recipient and to determine if the sender is on a white list of a recipient operating receiver software executing on the recipient computer; and D) if conditions are determined in step C to be proper to send the email, performing the following steps; i) generating a transaction number; ii) encrypting a Truemark, a generic stemp or a white list stemp which contains the identification of the sender and the transaction number, iii) saving an encryption key; iv) deducting the amount of a micropayment from the account of the sender if the sender is not on the white list of the recipient; v) sending back to the sender a header with the Truemark, the generic stemp or the white list stemp encoded therein; and vi) sending the encryption key and the transaction number to the recipient computer.
-
-
33. A computer-readable storage medium having stored thereon computer executable instructions which control a recipient computer to perform the following process:
-
A) receiving an encryption key and a transaction number regarding a protected environment email from a protected email server; B) receiving an email message sent by a client computer executing protected email software operated by a sender via a sender computer; C) responding to a receipt of the email message by retrieving the encryption key sent by the protected email server which was used to encrypt a Truemark, a generic stemp or a white list stemp included within the email message received in step B, and attempting to decrypt the Truemark, the generic stemp or the white list stemp using the encryption key to retrieve a transaction number encrypted therein; D) comparing the transaction number received from the protected email server with the transaction number decrypted from the Truemark, the generic stemp or the white list stemp in a header of the email message received from the sender computer; E) if there is a match between transaction numbers, storing the email message in a segregated email folder maintained by a protected email receiver process executing on the CPU, the segregated email folder containing only emails that has the Truemark, the generic stemp or the white list stemp therein or which is sent by the sender on a white list of the recipient; and F) when a particular command is received to display contents of the segregated email folder, displaying on a monitor of the recipient computer selected information about each of the emails in the segregated email folder in a predetermined way.
-
Specification