System and method for controlling access to an electronic message recipient

US 7,870,260 B2
Filed: 08/11/2003
Issued: 01/11/2011
Est. Priority Date: 08/09/2002
Status: Active Grant

First Claim

Patent Images

1. A method for selectively allowing or denying communication access to a recipient user coupled to an electronic communication network by other users coupled to the electronic communications network, said recipient user having an associated recipient identifier, comprising the steps of:

A. generating by a security module, a plurality of distinct proxy identifiers associated with said recipient user, each of said proxy identifiers having at least three associated security states,a first of said states being indicative of allowing any other user coupled to said electronic communication network communication access to said recipient user,a second of said states being indicative of denying any other user coupled to said electronic communication network communication access to said recipient user, anda third of said states being conditionally indicative of allowing at least one but fewer than all other users coupled to said electronic communication network communication access to said recipient user if predetermined criteria are met and denying access to said recipient user otherwise;

B. receiving by a receiver, an inbound message from a sender user coupled to said electronic communication network including a sender identifier and said recipient identifier, said sender identifier being associated with the sender user of said inbound message, and said recipient identifier being one of said proxy identifiers, and transferring said inbound message to a queue storageC. processing by the security module, said transferred inbound message to determine a security status associated therewith pursuant to security settings alterable by said recipient user and using said sender identifier and said recipient identifier; and

D. pursuant to said determination, controlling by the queue storage communication access for said transferred inbound message to said recipient user by;

i. allowing communication access for said transferred inbound message to said recipient user when said security status corresponds to said first state;

ii. denying communication access for said transferred-inbound message to said recipient user when said security status corresponds to said second state;

iii. allowing communication access for said transferred inbound message to said recipient user when said security status corresponds to said third state and meets one or more of said predetermined criteria at least partially related to said security status of said one of said proxy identifiers, and denying communication access for said transferred inbound message to said recipient user otherwise.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for, and method of, generating a plurality of proxy identities to a given originator identity as a means of providing controlled access to the originator identity in electronic communications media such as e-mail and instant messaging.

32 Citations

View as Search Results

94 Claims

1. A method for selectively allowing or denying communication access to a recipient user coupled to an electronic communication network by other users coupled to the electronic communications network, said recipient user having an associated recipient identifier, comprising the steps of:
- A. generating by a security module, a plurality of distinct proxy identifiers associated with said recipient user, each of said proxy identifiers having at least three associated security states,a first of said states being indicative of allowing any other user coupled to said electronic communication network communication access to said recipient user,a second of said states being indicative of denying any other user coupled to said electronic communication network communication access to said recipient user, anda third of said states being conditionally indicative of allowing at least one but fewer than all other users coupled to said electronic communication network communication access to said recipient user if predetermined criteria are met and denying access to said recipient user otherwise;
  
  B. receiving by a receiver, an inbound message from a sender user coupled to said electronic communication network including a sender identifier and said recipient identifier, said sender identifier being associated with the sender user of said inbound message, and said recipient identifier being one of said proxy identifiers, and transferring said inbound message to a queue storageC. processing by the security module, said transferred inbound message to determine a security status associated therewith pursuant to security settings alterable by said recipient user and using said sender identifier and said recipient identifier; and
  
  D. pursuant to said determination, controlling by the queue storage communication access for said transferred inbound message to said recipient user by;
  
  i. allowing communication access for said transferred inbound message to said recipient user when said security status corresponds to said first state;
  
  ii. denying communication access for said transferred-inbound message to said recipient user when said security status corresponds to said second state;
  
  iii. allowing communication access for said transferred inbound message to said recipient user when said security status corresponds to said third state and meets one or more of said predetermined criteria at least partially related to said security status of said one of said proxy identifiers, and denying communication access for said transferred inbound message to said recipient user otherwise.
- View Dependent Claims (2, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 2. The method of claim 1, wherein said sender identifier is an e-mail address and said recipient identifier is an e-mail address.
  - 5. The method of claim 1, wherein at least one of the generated proxy identifiers associated with said recipient user is substantially absent content that identifies said recipient user.
  - 6. The method of claim 1, wherein at least one of the generated proxy identifiers associated with said recipient user is valid for a predefined time period.
  - 7. The method of claim 1, wherein the plurality of proxy identifiers are stored in a database.
  - 8. The method of claim 7, wherein an entry in the database includes data representing a contact name associated with said sender user, a proxy identifier assigned to said sender user, and the security state associated with the proxy identifier.
  - 9. The method of claim 1, wherein processing said inbound message includes attempting to match said recipient identifier with at least one of the plurality of proxy identifiers associated with said recipient user.
  - 10. The method of claim 1, wherein processing said inbound message includes attempting to match said sender identifier with at least one of a plurality of identifiers associated with contacts of the recipient user.
  - 11. The method of claim 1, wherein processing said inbound message includes determining the security state associated with said sender user.
  - 12. The method of claim 1, wherein denying transfer of said message to said recipient user includes sending a reply message to said sender user.
  - 13. The method of claim 1, wherein denying transfer of said message to said recipient user includes sending a reply message to said sender user, wherein said reply message includes one of said plurality of proxy identifiers associated with said recipient user.
  - 14. The method of claim 1, wherein denying transfer of said message to said recipient user includes generating a proxy identifier associated with said recipient user and sending a reply message to said sender user, wherein said reply message includes the generated proxy identifier associated with said recipient user.
  - 15. The method of claim 1, wherein denying transfer of said message to said recipient user includes entering said sender identifier into a database.
  - 16. The method of claim 1, wherein allowing transfer of said message to said recipient user includes determining if said recipient user replied to a message previously sent from said sender user.
  - 17. The method of claim 1, wherein allowing transfer of said message to said recipient user includes determining if said recipient user initiated generation of a proxy identifier included in the message.
  - 18. The method of claim 17, wherein said user-generated proxy identifier is absent from said plurality of proxy identifiers.
  - 19. The method of claim 18, further comprising the step:
    - if said user-generated proxy identifier is absent from said plurality of proxy identifiers, adding said user-generated proxy identifier to said plurality of proxy identifiers.
  - 20. The method of claim 17, wherein allowing transfer of said message to said recipient user includes removing reference to said user-generated proxy identifier in said inbound message.
  - 21. The method of claim 17, wherein allowing transfer of said message to said recipient user includes removing reference to said user-generated proxy identifier in said message and adding an e-mail address associated with said recipient user to said inbound message.
  - 22. The method of claim 1, wherein processing said inbound message includes removing reference to said recipient identifier included in said inbound message.
  - 23. The method of claim 1, wherein said first state that is indicative of allowing any other user coupled to said electronic communication network communication access to said recipient user, includes allowing transfer of a message from said other user to said recipient user.
  - 24. The method of claim 1, wherein said second state that is indicative of denying any other user coupled to said electronic communication network communication access to said recipient user, includes blocking transfer of a message from said any other user to said recipient user.
  - 25. The method of claim 1, wherein said predetermined criteria includes the recipient user previously responding to a message previously sent by the sender user.
  - 26. The method of claim 25, wherein said previously sent message includes said sender identifier.
  - 27. The method of claim 1, wherein one of the predetermined criteria includes the sender identifier matching one of a plurality of identifiers.
  - 28. The method of claim 1, wherein one of the predetermined criteria includes the recipient identifier matching one of the plurality of proxy identifiers.
  - 29. The method of claim 1, wherein one of the predetermined criteria includes both the recipient identifier and the sender identifier are associated with the same network domain.

3. A system for selectively allowing or denying communication access to a recipient user coupled to an electronic communication network by other users coupled to the electronic communications network, said recipient user having an associated recipient identifier, comprising:
- A. a generator for generating a plurality of distinct proxy identifiers associated with said recipient user, each of said proxy identifiers having at least three associated security states,a first of said states being indicative of allowing any other user coupled to said electronic communication network communication access to said recipient user,a second of said states being indicative of denying any other user coupled to said electronic communication network communication access to said recipient user, anda third of said states being conditionally indicative of allowing at least one but fewer than all other users coupled to said electronic communication network communication access to said recipient user if predetermined criteria are met and denying access to said recipient user otherwise;
  
  B. a message transferor for receiving an inbound message from a sender user coupled to said electronic communication network including a sender identifier and said recipient identifier, said sender identifier being associated with the sender user of said inbound message, and said receiver identifier being one of said proxy identifiers, and transferring said inbound message to a queue location;
  
  C. a processor for processing said transferred inbound message to determine a security status associated with said transferred inbound message pursuant to security settings alterable by said recipient user, and using said sender identifier and said recipient identifier, andD. pursuant to said determination, a gate for controlling communication access for said transferred inbound message to said recipient user by;
  
  i. allowing communication access for said transferred inbound message to said recipient user when said security status corresponds to said first state;
  
  ii. denying communication access for said transferred inbound message to said recipient user when said security status corresponds to said second state;
  
  iii. allowing communication access for said transferred inbound message to said recipient user when said security status corresponds to said third state and meets one or more of said predetermined criteria at least partially related to said security states of said one of said proxy identifiers, and denying communication access for said transferred message to said recipient user otherwise.
- View Dependent Claims (4, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66)
- - 4. The system of claim 3, wherein said sender identifier is an e-mail address and said recipient identifier is an e-mail address.
  - 44. The system of claim 3, wherein at least one of the generated proxy identifiers associated with said recipient user is substantially absent content that identifies said recipient user.
  - 45. The system of claim 3, wherein at least one of the generated proxy identifiers associated with said sender user is valid for a predefined time period.
  - 46. The system of claim 3, further comprising:
    - a database configured to store the plurality of proxy identifiers.
  - 47. The system of claim 46, wherein the database includes an entry that stores data that represents a contact name associated with said sender user, a proxy identifier assigned to said sender user, and the security state associated with the proxy address.
  - 48. The system of claim 3, wherein the processor attempts to match said sender identifier with a least one of a plurality of identifiers associated with the recipient user.
  - 49. The system of claim 3, wherein the processor determines the security state associated with said sender user that overrides the security state associated with the message.
  - 50. The system of claim 3, wherein the processor determines if said recipient identifier matches one of said plurality of proxy identifiers associated with said recipient user.
  - 51. The system of claim 3, wherein the gate initiates sending a reply message to said sender user to report denying transfer of said inbound message.
  - 52. The system of claim 3, wherein the gate initiates sending a reply message to said sender user to report denying transfer of said inbound message, wherein said reply message includes one of said plurality of proxy identifiers associated with said recipient user.
  - 53. The system of claim 3, wherein the processor initiates entering said sender identifier into a database when access to the recipient user by transferring said inbound message is denied.
  - 54. The system of claim 3, wherein the processor determines if said recipient user replied to a previously sent message from said sender user to determine whether to transfer said inbound message to said recipient user.
  - 55. The system of claim 3, wherein the processor determines if said recipient user initiated generation of said recipient identifier to determine whether to transfer said message to said recipient user.
  - 56. The system of claim 55, wherein said user-generated recipient identifier is absent from said plurality of proxy identifiers.
  - 57. The system of claim 56, wherein if said processor determines that said user-generated recipient identifier is absent, said processor initiates adding said user-generated recipient identifier into said plurality of proxy identifiers.
  - 58. The system of claim 3, wherein if said inbound message is transferred to said recipient user, said processor initiates removing any reference to said recipient identifier from said message.
  - 59. The system of claim 3, wherein if said inbound message is transferred to said user, said processor initiates adding a reference to an identifier associated with the recipient user in said transferred inbound message.
  - 60. The system of claim 3, wherein if said first security state is detected, the gate allows transfer of said inbound message to said recipient user.
  - 61. The system of claim 3, wherein if said second state is detected, the gate blocks transfer of said inbound message to said recipient user.
  - 62. The system of claim 3, wherein said predetermined criteria includes the recipient user responding to a previously sent message from said sender user.
  - 63. The system of claim 62, wherein said previously sent message includes the sender identifier.
  - 64. The system of claim 3, wherein the predetermined criteria includes the processor matching the sender identifier to one of a plurality of identifiers.
  - 65. The system of claim 3, wherein the predetermined criteria includes the processor matching the recipient identifier to one of the plurality of proxy identifiers.
  - 66. The system of claim 3, wherein the predetermined criteria includes the processor determining that the recipient identifier and the sender identifier are associated with the same network domain.

30. A method for selectively allowing or denying communication access to a recipient user coupled to an electronic communication network by other users coupled to the electronic communications network, comprising the steps of:
- receiving by a receiver, an inbound message over the electronic communications network from a sender user, wherein the inbound message includes a sender identifier associated with a sender user and recipient identifier associated with the recipient user; and
  
  determining by a security module, pursuant to security settings alterable by said recipient user, and using said sender identifier and said recipient identifier, one of at least three security states associated with the inbound message, whereina first security state is indicative of allowing delivery of the inbound message to the recipient user,a second security state is indicative of denying delivery of the inbound message to the recipient user,a third security state is indicative of conditionally allowing delivery of the message to the recipient user,each of the at least three security states are associated with the sender identifier and the recipient identifier included in the inbound message.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 31. The method of claim 30, wherein determining one of the at least three security states includes determining if the recipient identifier matches one of a plurality of proxy identifiers.
  - 32. The method of claim 30, further comprising:
    - prior to delivery, replacing each reference to the recipient identifier in the message with the recipient identifier associated with the recipient user if the recipient identifier matches one of a plurality of proxy identifiers.
  - 33. The method of claim 30, wherein determining one of the at least three security states includes determining if the sender identifier matches one of a plurality of sender identifiers.
  - 34. The method of claim 30, wherein the recipient identifier is a proxy identifier that is substantially absent content that identifies said recipient user.
  - 35. The method of claim 30, wherein the sender identifier is an e-mail address and the recipient identifier is an e-mail address.
  - 36. The method of claim 30, wherein detecting the second security state initiates sending a reply message to the sender user to report the delivery denial.
  - 37. The method of claim 30, wherein detecting the second security state initiates sending a reply message to the sender user that reports the delivery denial, wherein the reply message includes a proxy identifier associated with the recipient user for sending a future message.
  - 38. The method of claim 30, wherein detecting the third security state associates an alert indicator with the inbound message.
  - 39. The method of claim 38, wherein the alert indicator includes a flag that is associated with the inbound message.
  - 40. The method of claim 30, wherein the third security state is triggered if the inbound message is a response to a message previously sent by the recipient user to the sender user.
  - 41. The method of claim 30, wherein the third security state is triggered if the recipient identifier included in the inbound message is a proxy identifier generated by the recipient user and is absent from the plurality of proxy identifiers.
  - 42. The method of claim 30, wherein the third security state is triggered if the recipient identifier and the sender identifier include the same network domain.
  - 43. The method of claim 30, wherein the recipient identifier is a proxy identifier assigned to the sender user for a period of time.

67. A system for selectively allowing or denying communication access to a recipient user coupled to an electronic communication network by other users coupled to the electronic communications network, comprising:
- a receiver configured to receive an inbound message over the electronic communications network from a sender user and transfer said inbound message to a queue storage, wherein the inbound message includes an identifier of the sender user and an identifier of the recipient user; and
  
  a processor configured to determine pursuant to security settings alterable by said recipient user, and using said sender identifier and said recipient identifier, one of at least three security states associated with the inbound message, whereina first security state is indicative of allowing delivery of the inbound message to the recipient user,a second security state is indicative of denying delivery of the inbound message to the recipient user,a third security state is indicative of conditionally allowing delivery of the message to the recipient user,each of the at least three security states being associated with the sender identifier and the recipient identifier included in the inbound message.
- View Dependent Claims (68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80)
- - 68. The system of claim 67, wherein the processor determines if the recipient identifier matches one of a plurality of proxy identifiers to determine one of the at least three security states.
  - 69. The system of claim 67, wherein prior to delivery, the processor is configured to replace each reference to the recipient identifier in the inbound message with an identifier of the recipient user if the recipient identifier matches one of a plurality of proxy identifiers.
  - 70. The system of claim 67, wherein the processor is configured to determine if the sender identifier matches one of a plurality of sender identifiers.
  - 71. The system of claim 67, wherein the recipient identifier is a proxy identifier that is substantially absent content that identifies said recipient user.
  - 72. The system of claim 67, wherein the sender identifier is an e-mail address and the recipient identifier is an e-mail address.
  - 73. The system of claim 67, wherein when the second security state is detected, the processor initiates sending a reply message to the sender user to report the delivery denial.
  - 74. The system of claim 67, wherein when the second security state is detected, the processor initiates sending a reply message to the sender user to report the delivery denial, wherein the reply message includes a proxy identifier to send a future message.
  - 75. The system of claim 67, wherein when the third security state is detected, an alert indicator is associated with the inbound message.
  - 76. The system of claim 75, wherein the alert indicator includes a flag that is associated with the inbound message.
  - 77. The system of claim 67, wherein the third security state is triggered if the inbound message is a response to a previously sent message from the recipient user to the sender user.
  - 78. The system of claim 67, wherein the third security state is triggered if the recipient identifier is a proxy identifier generated by the recipient user and is absent from a plurality of proxy identifiers associated with the recipient user that are stored in a database.
  - 79. The system of claim 67, wherein the third security state is triggered if the recipient user identifier and the sender identifier include the same network domain.
  - 80. The system of claim 67, wherein the recipient identifier is assigned to the recipient user for a period of time.

81. A computer program product residing on a computer readable medium having a plurality of instructions stored thereon which, when executed by a processor, cause that processor to:
- receive an inbound message to a recipient user over a electronic communications network from a sender user, wherein the inbound message includes an identifier of the sender user and an identifier of a recipient user;
  
  transfer said inbound message to a queue storage; and
  
  determine pursuant to security settings alterable by said recipient user, and using said sender identifier and said recipient identifier, one of at least three security states associated with the inbound message, wherein a first security state is indicative of allowing delivery of the inbound message to a recipient user, a second security state is indicative of denying delivery of the inbound message to the recipient user, a third security state is indicative of conditionally allowing delivery of the message to the recipient user, each of the at least three security states being are associated with the sender identifier and the recipient identifier included in the inbound message, wherein the computer readable medium not being a transitory signal.
- View Dependent Claims (82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94)
- - 82. The computer program product of claim 81, wherein to determine one of the at least three security states includes determining if the recipient identifier matches one of a plurality of proxy identifiers.
  - 83. The computer program product of claim 81, further comprising instructions for:
    - prior to delivery, if the recipient identifier matches one of a plurality of proxy identifiers, replacing each reference of the recipient identifier in the inbound message with an identifier associated with the recipient user.
  - 84. The computer program product of claim 81, wherein to determine one of the at least three security states includes determining if the sender identifier matches one of a plurality of sender identifiers.
  - 85. The computer program product of claim 81, wherein the recipient identifier is a proxy identifier that is substantially absent content that identifies said recipient user.
  - 86. The computer program product of claim 81, wherein the sender identifier is an e-mail address and the recipient identifier is an e-mail address.
  - 87. The computer program product of claim 81, further comprising instructions for:
    - upon detecting the second security state, sending a reply message to the sender user to report delivery denial.
  - 88. The computer program product of claim 81, further comprising instructions for:
    - upon detecting the second security state, sending a reply message to the sender that reports the delivery denial, wherein the reply message includes a proxy address to send a future message.
  - 89. The computer program product of claim 81, further comprising instructions for:
    - upon detecting the third security state, associating an alert indicator with the inbound message.
  - 90. The computer program product of claim 89, wherein the alert indicator includes a flag that is associated with the inbound message.
  - 91. The computer program product of claim 81, wherein the third security state is triggered if the inbound message is a response to a previously sent message from the recipient user to the sender user.
  - 92. The computer program product of claim 81, wherein the third security state is triggered if the recipient identifier in the inbound message is a proxy identifier generated by the recipient user and is absent from a plurality of proxy identifiers that are associated with the recipient user and stored in a database.
  - 93. The computer program product of claim 81, wherein the third security state is triggered if the recipient identifier and the sender identifier include the same network domain.
  - 94. The computer program product of claim 81, wherein the recipient identifier is assigned to the recipient user for a period of time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sophos Limited (Sophos Group Ltd.)
Original Assignee
Reflexion Networks, Inc. (Sophos Group Ltd.)
Inventors
McIsaac, Joseph E., Dahllof, Marcus, Vallett, Richard K., Tatarsky, Bruce L.
Primary Examiner(s)
Korzuch; William R
Assistant Examiner(s)
WRIGHT, BRYAN F

Application Number

US10/523,760
Publication Number

US 20060156017A1
Time in Patent Office

2,710 Days
Field of Search

726/156, 726/2, 709/227
US Class Current

709/227
CPC Class Codes

G06Q 10/107   Computer-aided management o...

H04L 2101/37   E-mail addresses

H04L 51/212   using filtering or selectiv...

H04L 51/214   using selective forwarding

H04L 51/48   Message addressing, e.g. ad...

H04L 61/30   Managing network names, e.g...

H04L 61/301   Name conversion

H04L 61/5069   for group communication, mu...

H04L 61/59   using proxies for addressing

H04L 63/0254   Stateful filtering

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 65/611   for multicast or broadcast ...

System and method for controlling access to an electronic message recipient

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

94 Claims

Specification

Use Cases

Quick Links

Others

System and method for controlling access to an electronic message recipient

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

94 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others