IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0059147
(2002-01-31)
|
등록번호 |
US-7325249
(2008-01-29)
|
발명자
/ 주소 |
- Sutton, Jr.,Lorin R.
- Despeaux,Craig E.
- Adamski,Michael K.
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
77 인용 특허 :
51 |
초록
▼
An unwanted message may be identified by inspecting the payload portion of a message being communicated, comparing the characteristics of the payload portion with stored data indicating characteristics of other messages, and identifying a security condition based on a comparison of the message inspe
An unwanted message may be identified by inspecting the payload portion of a message being communicated, comparing the characteristics of the payload portion with stored data indicating characteristics of other messages, and identifying a security condition based on a comparison of the message inspected. The characteristics inspected may include the payload portion of a message or the whole message when the characteristics are being compared against messages being exchanged on more than one local exchanging system. Furthermore, the characteristics of messages may be tracked for comparison against the characteristics of future messages. A threshold number of those characteristics may subsequently implicate a hostile security condition, even if a current comparison of these characteristics does not reach the threshold necessary to implicate a hostile security condition.
대표청구항
▼
What is claimed is: 1. A method of identifying unwanted messages, the method comprising: inspecting a payload portion of an electronic mail message being communicated and identifying characteristics of the payload portion, the electronic mail message including an address of a recipient; comparing t
What is claimed is: 1. A method of identifying unwanted messages, the method comprising: inspecting a payload portion of an electronic mail message being communicated and identifying characteristics of the payload portion, the electronic mail message including an address of a recipient; comparing the characteristics of the inspeceted payload portion of the electronic mail message with stored data indicating characterisitics of at least one other electronic mail message that has been inspected; based on comparison results, identifying a first security condition for the electronic mail message from among at least one of acceptable, unacceptable, and indeterminate states; and processing the electronic mail message based on the first security condition, wherein processing, the electronic mail message includes: rejecting the electronic mail message if the first security condition associated with the electronic mail message reflects the unacceptable state; accepting the electronic mail message if the first security condition associated with the electronic mail message reflects the acceptable state; and if the first security condition associated with the electronic mail message reflects the indeterminate state, monitoring the electronic mail message by: transmitting the electronic mail message based on the address of the electronic mail message; tracking a location of the transmitted electronic mail message; inspecting at least one other electronic mail message subsequent to transmitting the electronic mail message; updating the stored data to indicate characteristics of the at least one other electronic mail message that has been inspected; recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message based on the updated stored data; and reprocessing the transmitted electronic mail message based on the second security condition, wherein reprocessing the transmitted electronic mail message includes deleting the transmitted electronic mail message if the second security condition reflects the unacceptable state. 2. The method of claim 1 wherein the characteristics of the payload portion include information other than address information. 3. The method of claim 2 wherein the characteristics of the payload portion do not include address information. 4. The method of claim 1 wherein a security condition associated with an electronic mail message is identified as reflecting the unacceptable state when the comparison of the characteristics reveals a threshold number of messages having a shared characteristic. 5. The method of claim 4 wherein reprocessing the transmitted electronic mail message based on the second security condition includes deleting the transmitted electronic mail message if the security condition associated with the at least one other electronic mail message inspected subsequent to the transmitting the electronic mail message is identified as reflecting the unacceptable state and the at least one other electronic mail message has characteristics in common with the transmitted electronic mail message. 6. The method of claim 1 further comprising tracking the characteristics of the payload portion for comparison against characteristics of future electronic mail messages, wherein the characteristics of a new electronic mail message are compared with the characteristics of at least one electronic mail message that has been tracked. 7. The method of claim 6 wherein comparing the characteristics of the payload portion includes comparing the characteristics of the payload portion of electronic mail messages inspected with stored characteristics of other communicated electronic mail messages. 8. The method of claim 6 wherein the characteristics of the payload portion of the electronic mail message are tracked when the first security condition is indentified as reflecting the indeterminate state. 9. The method of claim 8 wherein an indeterminate state is identified if the comparison of the characteristics does not itself reveal an unacceptable state, but the characteristics of the payload portion would reveal the unacceptable state in combination with similar characteristics of other electronic mail messages. 10. The method of claim 8 further comprising accepting the transmitted electronic mail message if the second security condition associated with the transmitted electronic mail message reflects the acceptable state. 11. The method of claim 1 wherein identifying the first security condition includes comparing the characteristics of more than one electronic mail message received by a single device. 12. The method of claim 1 wherein identifying the first security condition includes comparing the characteristics of more than one electronic mail message sent by a single device. 13. The method of claim 1 wherein recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message includes recategorizing the first security condition of the transmitted electronic mail message to second security condition that reflects the unacceptable state. 14. The method of claim 1 wherein recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message includes recategorizing the first security condition of the transmitted electronic mail message to a second security condition that reflects the unacceptable state. 15. The method of claim 1 wherein identifying the first security condition as reflecting the acceptable state includes identifying the first security condition as reflecting a neutral state. 16. The method of claim 1 wherein identifying the first security condition as reflecting the unacceptable state includes identifying the first security condition as reflecting a hostile state. 17. The method of claim 1 wherein recategorizing the first security condition of the transmitted electronic mail message is performed when the stored data is updated such that the security condition associated with an electronic mail message with certain characteristics would be identified as reflecting a state other than the indeterminate state and the security condition associated with an electronic mail message with the same characteristics would have been identified as reflecting the indeterminate state prior to the update. 18. The method of claim 1 wherein recategorizing the first security condition of the transmitted electronic mail message is performed if at least one other electronic mail message inspected subsequent to transmitting the electronic mail message includes a characteristic that increases the number of electronic mail messages inspected with that characteristic above a threshold level. 19. The method of claim 1 wherein recategorizing the first security condition of the transmitted electronic mail message is performed when an administrator updates the stored data to indicate that at least one characteristic of an electronic mail message is acceptable. 20. The method of claim 1 wherein recategorizing the first security condition of the transmitted electronic mail message is performed when an administrator updates the stored data to indicate that at least one characteristic of an electronic mail message is unacceptable. 21. The method of claim 1 wherein reprocessing the transmitted electronic mail message includes removing the transmitted electronic mail message from storage if the second security condition reflects the unacceptable state. 22. The method of claim 1 wherein reprocessing the transmitted electronic mail message includes generating an alarm if the second security condition reflects the unacceptable state. 23. The method of claim 1 wherein reprocessing the transmitted electronic mail message includes continuing to track the location of the transmitted electronic mail message if the second security condition still reflects the indeterminate state. 24. The method of claim 1 wherein recategorizing the first security condition of the transmitted electronic mail message includes: accessing the location of the electronic mail message; retrieving the electronic mail message from the location; inspecting the payload portion of the transmitted electronic mail message and identifying characteristics of the payload portion; comparing the characteristics of the payload portion of the transmitted electronic mail message with the updated stored data; and in response to comparing, identifying the second security condition from among at least one of the acceptable, unacceptable, and indeterminate states. 25. At least one storage medium storing one or more computer programs, the one or more computer programs including instructions that, when executed, perform operations comprising: inspecting a payload portion of an electronic mail message being communicated and identifying characteristics of the payload portion, the electronic mail message including an address of a recipient; comparing the characteristics of the inspected payload portion of the electronic mail message with stored data indicating characteristics of at least one other electronic mail message that has been inspected; based on comparison results, identifying a first security condition for the electronic mail message from among at least one of acceptable, unacceptable and indeterminate states; and processing the electronic mail message based on the first security condition, wherein processing the electronic mail message includes: rejecting the electronic mail message if the first security condition associated with the electronic mail message reflects the unacceptable state; accepting the electronic mail message if the first security condition associated with the electronic mail message reflects the acceptable state; and if the first security condition associated with the electronic mail message reflects the indeterminate state, monitoring the electronic mail message by: transmitting the electronic mail message based on the address of the electronic mail message; tracking a location of the transmitted electronic mail message; inspecting at least one other electronic mail message subsequent to transmitting the electronic mail message; updating the stored data to indicate characteristics of the at least one other electronic mail message that has been inspected; recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message based on the updated stored data; and reprocessing the transmitted electronic mail message based on the second security condition, wherein reprocessing the transmitted electronic mail message includes deleting the transmitted electronic mail message if the second security condition reflects the unacceptable state. 26. An electronic system comprising: at least one storage element configured to store data indicating characteristics of electronic mail messages; and at least one processor configured to execute instructions, stored on the at least one storage element, to perform operations comprising: inspecting a payload portion of an electronic mail message being communicated and identifying characteristics of the payload portion, the electronic mail message including an address of a recipient; comparing the characteristics of the inspected payload portion of the electronic mail message with stored data indicating characteristics of at least one other electronic mail message that has been inspected; based on comparison results, identifying a first security condition for the electronic mail message from among at least one of acceptable, unacceptable, and indeterminate states; and processing the electronic mail message based on the first security condition, wherein processing the electronic mail message includes: rejecting the electronic mail message if the first security condition associated with the electronic mail message reflects the unacceptable state; accepting the electronic mail message if the first security condition associated with the electronic mail message reflects the acceptable state; and if the first security condition associated with the electronic mail message reflects the indeterminate state, monitoring the electronic mail message by: transmitting the electronic mail message based on the address of the electronic mail message; tracking a location of the transmitted electronic mail message; inspecting at least one other electronic, mail message subsequent to transmitting the electronic mail message; updating the stored data to indicate characteristics of the at least one other electronic mail message that has been inspected; recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message based on the updated stored data; and reprocessing the transmitted electronic mail message based on the second security condition, wherein reprocessing the transmitted electronic mail message includes deleting the transmitted electronic mail message if the second security condition reflects the unacceptable state. 27. Art electronic system comprising: means for inspecting a payload portion of an electronic mail message being communicated and identifying characteristics of the payload portion, the electronic mail message including an address of a recipient; means for comparing the characteristics of the inspected payload portion of the electronic mail message with stored data indicating characteristics of at least one other electronic mail message that has been inspected; means for, based on comparison results, identifying a first security condition for the electronic mail message from among at least one of acceptable, unacceptable, and indeterminate states; and means for processing the electronic mail message based on the first security condition, wherein the means for processing the electronic mail message includes: means for rejecting the electronic mail message if the first security condition associated with the electronic mail message reflects the unacceptable state; means for accepting the electronic mail message if the first security condition associated with the electronic mail message reflects the acceptable state; and means for, if the first security condition associated with the electronic mail message reflects the indeterminate state, monitoring the electronic mail message by: transmitting the electronic mail message based on the address of the electronic mail message; tracking a location of the transmitted electronic mail message; inspecting at least one other electronic mail message subsequent to transmitting the electronic mail message; updating the stored data to indicate characteristics of the at least one other electronic mail message that has been inspected; recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message based on the updated stored data; and reprocessing the transmitted electronic mail message based on the second security condition, wherein reprocessing the transmitted electronic mail message includes deleting the transmitted electronic mail message if the second security condition reflects the unacceptable state.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.