WO2004061611A2 - Implicit access for communications pathway - Google Patents

Implicit access for communications pathway Download PDF

Info

Publication number
WO2004061611A2
WO2004061611A2 PCT/US2003/041499 US0341499W WO2004061611A2 WO 2004061611 A2 WO2004061611 A2 WO 2004061611A2 US 0341499 W US0341499 W US 0341499W WO 2004061611 A2 WO2004061611 A2 WO 2004061611A2
Authority
WO
WIPO (PCT)
Prior art keywords
communication
intended recipient
sender
client device
user
Prior art date
Application number
PCT/US2003/041499
Other languages
French (fr)
Other versions
WO2004061611A3 (en
Inventor
James A. Roskind
Barry Appelman
Original Assignee
America Online, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/334,142 external-priority patent/US7263614B2/en
Priority claimed from US10/746,230 external-priority patent/US7945674B2/en
Priority claimed from US10/746,232 external-priority patent/US7949759B2/en
Application filed by America Online, Inc. filed Critical America Online, Inc.
Priority to AU2003300029A priority Critical patent/AU2003300029A1/en
Publication of WO2004061611A2 publication Critical patent/WO2004061611A2/en
Publication of WO2004061611A3 publication Critical patent/WO2004061611A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/212Monitoring or handling of messages using filtering or selective blocking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/54Presence management, e.g. monitoring or registration for receipt of user log-on information, or the connection status of the users

Definitions

  • the following description relates to network communications.
  • the Internet has become the communications medium of choice for many users.
  • the Internet is a public medium, techniques have been developed for using the Internet to enable private communications between networks.
  • One such private communications technique is used to enable instant messaging.
  • Instant messaging allows users to rapidly communicate with other users of a communications network.
  • client messaging software runs on a client A device and provides a communications interface for entry of a message.
  • the intended message recipient may be entered manually or may be selected from a user list, such as a Buddy ListTM from America Online, Inc.
  • Instant messaging may be used to communicate text messages, images, and sounds or voice.
  • Another communications technique is e-mail. Unfortunately, because the costs of sending e-mail are relatively low, e-mail recipients are being subjected to mass, unsolicited, commercial e-mailings (colloquially known as e-mail spam or spam e-mail). These are akin to junk mail sent through the postal service.
  • spam e-mail can be disruptive, annoying, and time consuming.
  • spam e-mail represents tangible costs in terms of storage and bandwidth usage. These costs may be substantial when large numbers of spam e-mails are sent.
  • messaging applications, systems, and methods may be used to automatically configure a communications pathway based on an implicit trust between users.
  • Each user of a communications application may have a user list that identifies other users to which a message may be sent. If two users of the communications application each include the other user on their user lists, an implicit trust may be inferred between the users. For example, if user A includes user B in her user list and user B includes user A in his user list, then it may be inferred or determined that each user knows and/or implicitly trusts the other user.
  • a connection or communications pathway may be automatically created, configured or regulated between the client devices of the users to facilitate communications between the users based on the implicit trust.
  • the communications application may be an instant messaging application.
  • the communications pathway may be implemented as a virtual private network.
  • a communications pathway between a first client A device associated with the first user and a second client A device 1 (associated with the second user may be established upon determining that the first user is included on a user list associated with a communications application of the second user and that the second user is included on the user list associated with a communications application of the first user.
  • the communications pathway may be a virtual private network.
  • an Internet protocol address of the first user may be provided to the second client device, and an Internet protocol address of the second user may be provided to the first client device.
  • a shared secret also may be provided to the first and second client devices.
  • the first client device may contact the Internet protocol address of the second client A device 102nd present the shared secret.
  • the second client device may validate the identity of the first client B device 104ased on the presented shared secret.
  • an Internet protocol address e.g., a global Internet protocol address of a firewall associated with the first client device
  • the Internet protocol address e.g., a local source Internet protocol address
  • a determination may be made that a direct communications pathway between the first client A device 102nd the second client device may not be established.
  • a hole may be opened in the firewall associated with the first client device for an Internet protocol address associated with the second client device.
  • a request for a proxy forward may be sent to the firewall.
  • the firewall selects a target Internet protocol address and a port number.
  • the target Internet protocol address is provided to a host (e.g., an instant messaging host) associated with the communications application.
  • the host sends the target Internet protocol address to the second client device.
  • the second client device responds to the host with an Internet protocol address associated with the second client device.
  • the host provides the Internet protocol address associated with the second client device to the firewall associated with the first client device to enable the proxy forward for the Internet protocol address associated with the second client device.
  • the Internet protocol address associated with the second client device may be the Internet protocol address of a firewall associated with the second client device.
  • a determination that a first user is included on a user list associated with a communications application of a second user is made.
  • a determination that the second user is included on a user list of a communications application associated with the first user also is made.
  • an implicit trust between the first user and the second user is inferred.
  • communications between the first user and the second user may be regulated.
  • the inferred implicit trust may be greater than an implicit trust inferred based only on a determination that the first user is included on a user list associated with a communications application of the second user.
  • a communication is received from a sender.
  • the communication is directed to an intended recipient.
  • the sender of the communication and the intended recipient of the communication are identified.
  • a determination is made as to whether the sender and the intended recipient are linked by less than a threshold number of degrees of separation. Based at least in part on whether the sender and the intended recipient are linked by less than the threshold number of degrees of separation, a determination is made as to whether the communication is a spam communication.
  • Implementations of this aspect may include one or more of the following features. For example, determining whether the sender and the intended recipient are linked by less than the threshold number of degrees of separation may include determining whether the sender and the intended recipient are linked by at least one intermediary entity. How many intermediary entities are needed to link the sender to the intended recipient may be determined and whether the communication is a spam communication may be determined based on how many intermediary entities are needed to link the sender to the intended recipient.
  • Determining whether the sender is linked to the intended recipient by at least one intermediary entity may include accessing a contact list of the intended recipient to determine at least one contact on the contact list.
  • Accessing a contact list of the intended recipient may include accessing a contact list with communication identifiers related to the same or a different type of communication than the communication from the sender to the intended recipient.
  • the contact list of the intended recipient may include an address book; a buddy list; a personal phone book; or a white list.
  • the communication may be, for instance, an e-mail message; an instant message; an SMS message; or a telephone call.
  • Determining whether the communication is a spam communication may include determining a spam rating for the communication based on whether the sender is linked to the intended recipient by less than a threshold number of degrees of separation; and designating the communication as spam or blocking the communication when the spam rating exceeds a classification threshold. How many intermediary entities link the sender to the intended recipient may be determined and determining the spam rating may include determining the spam rating for the communication based on how many intermediary entities link the sender to the intended recipient.
  • the communication may be exempted from the determination of whether the communication is a spam communication when less than M intermediary entities link the sender to the intended recipient or when greater than M+X entities link the sender to the intended recipient. Whether the communications is a spam communication may be determined when between M+l and M+X intermediary entities link the sender and the intended recipient.
  • Determining whether the sender and the intended recipient are linked by at least one intermediary entity may include accessing a contact list of the intended recipient to determine a first contact on the intended recipient's contact list; and accessing a contact list of the first contact to determine a second contact on the first contact's contact list.
  • a communication from a sender is received.
  • the communication is directed to an intended recipient.
  • the sender and the intended recipient of the communication are identified.
  • a contact list of the intended recipient is accessed.
  • the contact list contains communication identifiers related to a different type of communication than the communication from the sender. Whether the sender and the intended recipient are linked by less than a threshold number of degrees of separation is determined based on the communication identifiers in the contact list that are related to a different type of communication than the communication from the sender.
  • the communication is handled based on whether the sender and the intended recipient are linked by less than the threshold number of degrees of separation.
  • Implementations of this aspect may include one or more of the following features. For example, determining whether the sender and the intended recipient are linked by less than the threshold number of degrees of separation may include determining whether the sender and the intended recipient are linked by at least one intermediary entity based on the contact list.
  • the communication may be an e-mail message and the communication identifiers in the contact list may relate to a communication type other than e-mail messages.
  • the communication may be an instant message and the communication identifiers in the contact list relate to a communication type other than instant messages.
  • the communication may be an SMS message and the communication identifiers in the contact list may relate to a communication type other than SMS messages.
  • the communication may be a telephone call and the communication identifiers in the contact list may relate to a communication type other than telephone calls.
  • How many intermediary entities are needed to link the sender to the intended recipient may be determined. Whether the communication is a spam communication may be based on how many intermediary entities are needed to link the sender to the intended recipient.
  • the contact list of the intended recipient may include an address book; a buddy list; a personal phone book; or a white list.
  • Handling the communication may include using whether the sender and the intended recipient are linked by less than a threshold number of degrees of separation to determine if the communication is spam. Handling the communication may include exempting the communication from filtering if the sender is linked to the intended recipient. Handling the communication may include determining a spam rating for the communication based on whether the sender is linked to the intended recipient by less than a threshold number of degrees of separation; and designating the communication as spam or blocking the communication when the spam rating exceeds a classification threshold. The spam rating for the communication may be determined based on how many intermediary entities link the sender to the intended recipient.
  • Handling the communication may include handling the communication differently based on how many intermediary entities link the sender to the intended recipient. Handling the communication differently may include exempting the communication from filtering if less than M intermediary entities link the sender to the intended recipient; subjecting the communication to filtering if between M+l and M+X intermediary entities link the sender to the intended recipient; and/or discarding the communication if greater than M+X entities link the sender to the intended recipient.
  • Determining whether the sender and the intended recipient are linked by at least one intermediary entity may include determining a first contact on the contact list of the intended recipient; and accessing a contact list of the first contact to determine a second contact on the first contact's contact list.
  • Handling the communication may include invoking a knock-knock interface when the sender and the intended recipient are not linked by less than the threshold number of degrees of separation.
  • techniques for handling a communication from a sender to an intended recipient are described.
  • a communication from a sender directed to an intended recipient is received.
  • the sender and intended recipient of the communication are identified. Whether the sender and the intended recipient are linked by less than a threshold number of degrees of separation is determined.
  • An interface is displayed to the sender prior to displaying the communication to the sender when the sender and the intended recipient are not linked by less than the threshold number of degrees of separation.
  • the interface includes an interface element that allows the intended recipient to indicate that the communication should be displayed.
  • Implementations may include one or more of the following features.
  • the interface may inform the intended recipient that the sender has sent a communication to the intended recipient.
  • the interface may display to the intended recipient an identifier of the sender.
  • the communication may be displayed when the intended recipient uses the interface element to indicate that the communication should be displayed.
  • Determining whether the sender and the intended recipient are linked by less than the threshold number of degrees of separation may include determining whether the sender and the intended recipient are linked by at least one intermediary entity. Determining whether the sender is linked to the intended recipient by at least one intermediary entity may include accessing a contact list of the intended recipient to determine at least one contact on the contact list. Determining whether the sender and the intended recipient are linked by at least one intermediary entity may include accessing a contact list of the intended recipient to determine a first contact on the intended recipient's contact list; and accessing a contact list of the first contact to determine a second contact on the first contact's contact list.
  • the contact list of the intended recipient may include an address book, a buddy list, a personal phone book, or a white list.
  • the communication may be an e-mail message, an instant message, an SMS message, or a telephone call.
  • Implementations of the described techniques may include hardware, a method or process, or computer software on a computer-accessible medium.
  • Figs. 1-4 and 7 are block diagrams of an exemplary communications system including communications pathways.
  • Figs. 5 and 6 are flow charts of an exemplary process used to establish implicit communications.
  • Fig. 8 is a diagram showing an exemplary networked computing environment that supports e-mail communications and in which spam filtering may be performed.
  • Fig. 9 is an illustration showing an exemplary address book that may be displayed to a user of an e-mail client program.
  • Fig. 10 is an illustration showing an interface that allows an e-mail client program user to add contacts to a white list.
  • Fig. 11 is a flow chart of a process for using an e-mail sender's degrees of separation from a mail recipient to aid in spam filtering.
  • Fig. 12 is a flow chart of an alternate process for using a sender's degrees of separation from a mail recipient to aid in spam filtering.
  • Fig. 13 is an illustration showing an exemplary interface that may be used to allow a user to adjust preferences with regard to the degrees of separation feature.
  • Some communications techniques include the use of a contact list or user list. Communications applications employing these techniques facilitate communications by allowing a user to select an intended recipient of a message from the user list. Although such applications provide a useful interface for transmitting messages, the user lists also may be helpful to facilitate other types of communications. For example, if two users include each other on their user lists, an implicit trust between the users may be inferred. Based on the implicit trust, a communications pathway may be established between the users to facilitate communications, as described in detail below.
  • a communications system 100 includes a client A device 102 and a client B device 104 that are associated with users A and B.
  • Client device 102 and 104 include communication applications 115 and 116 (e.g., IM applications).
  • the communications application 115 may connect with the host network 120 connected to the external network 110 (e.g., by logging-on to the host network 120) using communications link 112.
  • the client A device 102 also may connect to an IM host 125 that is part of the host network 120.
  • the communications application 116 may connect with the host network 120 and the LM host 125 using communications link 113.
  • the IM host 125 may determine that the user list of user B or a particular portion of the user list (e.g., a group, such as buddies, family, or gamers) includes user A, and that the user list (or particular portion of the user list) of user A includes user B. Based on this determination, the LM host 125 may infer that there is an implicit trust between user A and user B or that user A and user B have granted access of their client devices to each other. The IM host 125 automatically creates a communications pathway between the client devices 102 and 104 by sending a message to each of client devices 102 and 104. Each message includes the IP address and port of the other client A device 102nd a shared secret.
  • a particular portion of the user list e.g., a group, such as buddies, family, or gamers
  • Each client device may contact the other client device using the specified IP address and port.
  • each client device may present the shared secret to the other client device to validate.
  • the client devices 102 and 104 then enter negotiations to establish the details (e.g., a communications protocol and encryption) of the communications pathway 130.
  • the external network 110 may be implemented using one or more local area networks (LANs), wide area networks (WANs), global networks, or any combination of these networks (e.g., the World Wide Web or the Internet). These networks may include any number of components and/or devices (e.g., hubs, routers, switches, servers, repeaters, storage devices, communications interfaces, and various communications media) and various other supporting components (e.g., software, operators/administrators/technicians, and other infrastructure).
  • LANs local area networks
  • WANs wide area networks
  • global networks e.g., the World Wide Web or the Internet.
  • These networks may include any number of components and/or devices (e.g., hubs, routers, switches, servers, repeaters, storage devices, communications interfaces, and various communications media) and various other supporting components (e.g., software, operators/administrators/technicians, and other infrastructure).
  • the client devices 102 and 104 may be operated by one or more users to access the external network 110 and any associated devices and/or components.
  • An example of a client device is a general -purpose computer capable of responding to and executing instructions in a defined manner.
  • Client devices also may include a special-purpose computer, a personal computer ("PC"), a workstation, a server, a laptop, a Web-enabled phone, a Web-enabled personal digital assistant ("PDA”), an interactive television set, a set top box, an on-board (i.e., vehicle-mounted) computer, or a combination of one or more these devices capable of responding to and executing instructions.
  • the client device may include any number of other devices, components, and/or peripherals, such as memory/storage devices, input devices, output devices, user interfaces, and/or communications interfaces.
  • the client A device 1021so may include one or more software applications (e.g., an operating system, a browser application, a microbrowser application, a server application, a proxy application, a gateway application, a tunneling application, an e-mail application, an IM client application, an online service provider client application, and/or an interactive television client application) loaded on the client device to command and direct the client device.
  • Applications include a computer program, a piece of code, an instruction, or some combination thereof, for independently or collectively instructing the client device to interact and operate as desired.
  • the applications may be embodied permanently or temporarily in any type of machine, device, component, physical or virtual equipment, storage medium, or propagated signal capable of providing instructions to the client device.
  • the applications may be stored on a storage media or device (e.g., read only memory (ROM), a random access memory (RAM), a volatile/non-volatile memory, a magnetic disk, or a propagated signal or wave) readable by the client device, such that if the storage medium or device is read by the client device, the steps or instructions specified are performed.
  • a storage media or device e.g., read only memory (ROM), a random access memory (RAM), a volatile/non-volatile memory, a magnetic disk, or a propagated signal or wave
  • Each of the client devices 102 and 104 also includes one or more a corresponding communications interface 117 or 118 that allow the client device to send information to and receive information from the corresponding communications links 112 or 113.
  • the communications links 112 and 113 may be configured to send and receive signals (e.g., electrical, electromagnetic, or optical) that convey or carry data streams representing various types of analog and/or digital content.
  • the communications links 112 and 113 may be implemented using various communications media and one or more networks comprising one or more network devices (e.g., servers, routers, switches, hubs, repeaters, and storage devices).
  • the one or more networks may include WANs, LANs, a plain old telephone service (POTS) network, a digital subscriber line (DSL) network, an integrated services digital network (ISDN), and a synchronous optical network (SONNET), or a combination of one or more of these networks.
  • POTS plain old telephone service
  • DSL digital subscriber line
  • ISDN integrated services digital network
  • SONNET synchronous optical network
  • the communications links 112 and 113 may include one or more wireless links that transmit and receive electromagnetic signals, such as, for example, radio, infrared, and microwave signals, to convey information.
  • Communications applications such as communications applications 115 and 116, loaded and/or running on a client device may command and direct communications by the client device.
  • the communications applications may work in conjunction with or enable the corresponding communications interface 117 or 118 to exchange data with other devices, networks, and communications media.
  • Examples of communications applications include a browser application, a microbrowser application, a server application, a proxy application, a gateway application, a tunneling application, an e-mail application, an instant messaging (IM) application, an interactive television application, and/or an Internet service provider (ISP) application.
  • IM instant messaging
  • ISP Internet service provider
  • the LM application may provide an IM user interface that allows a user to send and receive messages.
  • the LM user interface may include an EM message display area including one or more windows/frames to enter and present messages.
  • the IM user interface also may include icons, menus, and/or other inputs to control the interface, configure interface settings, and activate features of the interface.
  • One feature of an IM application is a list of users or contacts, such as, for example, the Buddy ListTM for AOL's Instant Messenger.
  • the user list may be populated with identifiers (e.g., screen names) of one or more users.
  • the user identifiers that populate the user list may be divided into one or more categories of users (e.g., friends, family, coworkers, buddies, and gamers).
  • the user list also provides an indication of whether a user associated with an identifier is currently able to receive messages (e.g., is currently connected to the external network 110 and able to engage in a one-to-one and/or peer-to-peer communication with another client device).
  • a user may send a message to another user by manually entering a user identifier or selecting a user identifier from the list.
  • the host network 120 may include one or more login servers (not shown) to enable communications with and to authorize access by a client A device 102nd other networks to various elements of the host network 120 and/or the LM host 125.
  • the LM host 125 may include one or more LM servers and storage devices that manage and enable LM communications provided by the host network 120.
  • the client device 102 or 104 To access the IM host 125 and begin an LM session, the client device 102 or 104 establishes a connection to the login server.
  • the login server determines whether a particular user is authorized to access the EVI host 125 by verifying a user identifier and/or a password. If the user is authorized to access the LM host 125, the login server identifies a particular LM server (not shown) for use during the user's session.
  • the client device establishes a connection to the LM host 125 and the designated server through the corresponding communications link 112 or 113.
  • the client device may directly or indirectly transmit data to and access content from the LM server.
  • a user may use the LM application to view whether or not particular users are online, exchange instant messages with users, participate in group chat rooms, trade files, such as pictures, invitations, or documents, find other users with similar interests, get customized news and stock quotes, and search the World Wide Web.
  • the IM host 125 also may include a user profile server (not shown) connected to a database that may store user profile data. The user profile server may be used to enter, retrieve, edit, manipulate, or otherwise process user profile data.
  • a user's profile data includes, for example, a user list, identified interests, a geographic location, an Internet protocol address associated with the client device, a general account, and demographic information.
  • the user may enter, edit and/or delete profile data using an installed LM application on the client device.
  • the user data profile may be accessed by the LM host 125, the user does not have to reenter or update such information in the event that the user accesses the LM host 125 using a new or different client device. Accordingly, when a user accesses the LM host 125, the LM server can instruct the user profile server to retrieve the user's profile data from the database and to provide, for example, the user list to the LM server.
  • the user profile server also may communicate with other servers in the host network 120 to share user profile data.
  • the user profile data also may be saved locally on a client device. In this implementation, the client device may provide the user profile or user profile data to the host network 120 at specified times or when requested.
  • the user profile may be stored locally at the client A device 102nd at the host network 120 and may be periodically synchronized (e.g., at login).
  • One communications pathway 130 that may be established between the client devices is a virtual private network (NPN).
  • a VPN also known as an encrypted tunnel, allows two physically separated networks or client devices to be connected over a WAN, such as the Internet, without exposing transmitted data to viewing by unauthorized parties.
  • VPNs require at least two cooperating devices.
  • the communication path between these devices may be viewed as a secure tunnel through the insecure external network 110. Wrapped around the tunnel is a series of functions, which may include authentication, access control, and data encryption, that protect the transmitted data from being viewed or used by others.
  • the VPN may be established by the LM application or other communication application working in conjunction with the communications interface 117 or 118 and/or other devices (e.g., a firewall).
  • a communications pathway 130 may be established as follows.
  • the LM host 125 receives the message, and, if the second user is connected to the host network 120, sends the message to the second user.
  • the IM host may determine whether each user is listed in the user list of the other user (e.g., by contacting the profile server or by querying the client devices). If each user is listed in the user list of the other user, the LM host 125 may determine that permission has been granted implicitly by each user to give the other user access to their client device. The LM host 125 may then send a message to each client device including the LP address and port of the other client A device 102nd a shared secret.
  • the shared secret may include information (e.g., an identification, a key, or a certificate) that enables a client device to prove and/or authenticate the identity of a user.
  • the shared secret may be provided to each client B device 104y a third party host (e.g., an Internet certificate site, such as Verisign) that facilitates communications.
  • each client device may attempt to establish a communications pathway 130. For example, each device may contact the other client A device 102 the LP address and port specified in the message. After establishing contact with the other client device, the shared secret is presented to prove the identity of the contacting client device. Once the shared secret is verified by the other client device, the client devices may enter negotiations to establish the details of the communications pathway 130 (e.g., a communications protocol and encryption). If two communications pathways are established, one may be dropped during the negotiations.
  • the details of the communications pathway 130 e.g., a communications protocol and encryption
  • the client devices may exchange data using the communications pathway 130.
  • Both client devices are provided with, in effect, a virtual network communication card that is able to exchange information directly with the other client device. This process is transparent to the users of the client devices.
  • a client device may send a request to the LM host 125 to establish a connection with another client device.
  • the IM host 125 responds to the request by determining whether the implicit access has been granted between the requesting client A device 102nd the target client device. If so, the requesting client device is provided with the LP address and port of the target device and a shared secret. The target device also is provided with the shared secret. Establishing of the communications pathway 130 may then proceed as described above.
  • a communications system 200 includes client A device 102 connected to an intranet 240 or other system configuration that includes a firewall 250 (or other device, such as a server performing filtering or network address translation).
  • the firewall 250 may enforce an access control policy between the intranet 240 and the external network 110, and provides at least two basic mechanisms: one to block traffic and the other to permit traffic.
  • the firewall 250 may be implemented by one or more applications running on the client device (e.g., a personal firewall) or one or more separate devices, such as, for example, a router.
  • the firewall 250 may provide one or more functions, such as packet filtering, network address translation (NAT), and proxy services.
  • the firewall may provide encrypted authentication and virtual private networking, in addition to other features (e.g., content filtering and virus scanning).
  • the IM host 125 determines whether the user associated with each client device is included in the user list of the other user. If each user is included in the list of the other user, the EM host 125 may provide the EP address/port of each client A device 102nd a shared secret to the other device. Each client device 102 and 104 may attempt to establish contact with the other client device.
  • client B device 104 is not able to establish contact with client A device 102 because the EP address provided by the EVI host 125 does not result in a connection.
  • the EM host 125 provides the EP address and port number of client A device 102
  • an error is generated because the EP address is a local EP address of the intranet 240 (and not understood by devices outside of the intranet 240.
  • the firewall 250 blocks any connection attempted by client B device 104 because the firewall 250 expects a message from the EP address of the EM host 125 (which is different than that of client B device 104).
  • the communications pathway 130 from client A device 102 to client B device 104 may established.
  • client A device 102 may contact client B device 104 at the specified EP address/port and present the shared secret to client B device 104 to prove the identity of client A device 102, which client B device 104 verifies. Then, the client devices 102 and 104 may enter negotiations to establish the details of the communications pathway 130.
  • the EM host 125 may determine that the EP address and port associated with client A device 102 does not match the actual EP address being used to establish communications (e.g., because firewall 250 substitutes the local EP address with a global EP address of the firewall 250). From this information, the EVI host 125 may be configured to deduce that the client A device 102 is behind a firewall (or similar device). Through a similar process, the EVI host 125 may determine that the client B device 104 is not behind a firewall.
  • the EM host 125 may send a message to the client A device 102 that provides the EP address and port of the client B device 104 and a shared secret, and also may send the shared secret to client B device 104 to facilitate communications. Client A device 102 then proceeds to contact client B device 104 and establish a communications pathway 130 as described above.
  • a communications system 300 includes client devices 102 and 104 that are both connected to respective intranets 330 and 340, or otherwise behind firewalls (or other NAT devices).
  • Client A device 102 connects to firewall 350 to access the external network 110 using communications link 112.
  • client B device 104 connects to firewall 360 to access the external network 110.
  • firewalls 350 and 360 are shown as separate elements of the intranets 330 and 340, the firewalls also may be implemented by client devices 102 and 104.
  • the EM host 125 may determine that user A is listed on the user list of user B (or a group of the list of user B), and that user B is listed on the user list of user A (or a group of the list user A). Based on this determination, the EM host 125 may infer that user A and user B have implicitly granted access to each other. If the EM host 125 attempts to give the local EP address or the global IP address of the associated firewall of either client A device 102 or 104 to the other, a communications pathway 130 may not result for the reasons explained above with regard to Fig. 2. However, this implementation may provide a connection as follows.
  • the EM host 125 may determine that a direct connection cannot be made by the client devices. For example, the EM host 125 may determine that the global EP addresses used to establish communications with the EM host 125 do not match the local IP addresses purported to be used by the DM applications of the client devices. The EM host 125 also may determine that direct connection may not be made as a default because all other attempts to establish a communications pathway fail. In either case, the EM host 125 may inform one client device (e.g., client A device 102) that a direct connection may not be established, whether or not it is physically impossible to achieve such a connection.
  • client A device 102 may inform one client device that a direct connection may not be established, whether or not it is physically impossible to achieve such a connection.
  • the communications application 115 of client A device 102 may contact the firewall 350 and request that the firewall 350 open a hole.
  • the communications application 115 may request that the firewall 350 create a proxy forward to pass traffic from client B device 104 to client A device 102.
  • the firewall 350 randomly selects a port number and replies to the communication application 115 of client A device 102 with the selected port number and the public IP address of the firewall 350.
  • the selected IP address/port data effectively designate a hole in firewall 350 that may be opened to allow direct communications with client A device 102.
  • the communications application 115 may provide the selected IP address/port data to the E host 125.
  • the LM host 125 sends the selected EP address/port data to the communications application 116 of client B device 104 along with a shared secret.
  • the IM host 125 also provides the EP address of firewall 360 to the communications application 115 of client A device 102 along with the shared secret.
  • the communications application 115 passes the IP address of firewall 360 to firewall 350.
  • Firewall 350 opens the hole only for firewall 360 using the EP address of firewall 360.
  • the communications application 116 of client B device 104 connects to the specified EP address and port of firewall 350 (through firewall 360). As a result, the traffic from the communications application 116 arriving at the firewall 350 appears to originate from firewall 360, and the traffic is proxied forward to the communications application 115 of client A device 102.
  • the communications application 115 may verify the identity of client B device 104 using the shared secret.
  • Communications applications 115 and 116 may negotiate the details of the communications pathway 130 (e.g., a NPN) and establish the communications pathway 130.
  • Fig. 4 shows a communications system 400 that includes an intranet 410 in which both client A device 102 and client B device 104 are located behind a firewall 450.
  • a communications pathway 460 may be directly established by the client devices using the infrastructure of the intranet 410 in a manner as described with regard to Fig. 1 above.
  • the EM user interface may include a feature or setting to allow a user to block one or more users, a group of users, or all users on the user list from establishing a communications pathway.
  • the EM user interface may include a setting to disable or prohibit the IM application from establishing any communications pathway regardless of whether each of two users includes the other user on their user lists.
  • the EM user interface also may be configured to allow the communication pathway to be established for a specified group of users on the list (e.g., a user category, such as buddies, family, coworkers, and/or gamers).
  • Fig. 5 shows an exemplary process 500 to establish a communications pathway (e.g., a VPN).
  • a communications pathway e.g., a VPN
  • a user A starts an EM session (510).
  • a determination is made as to whether user A is included in the list of user B (515). If not, a VPN is not established (517).
  • Fig. 6 shows an exemplary a process 600 for setting up or establishing a communications pathway, such as a VPN.
  • the EM host provides information about each client device (e.g., the client's IP address, port, and a shared secret that may be used to authenticate user/client identity) to the client devices (610).
  • each client may attempt to establish a VPN using the information (615), for example, by contacting the IP address/port provided and offering the shared secret for validation/authentication. If either client device is able to contact the other client device using the information, the VPN may be established as negotiated between the client devices.
  • one of the client devices may contact its firewall to request a proxy forward be created for the other client device (e.g., client B device 104) (640) .
  • the client A device 102 receives a target public IP address and random port number selected by its associated firewall.
  • Client device A sends the target EP/Port information to a host (645).
  • the host returns the public IP address of the firewall of client B device 104 (650).
  • Client device A provides the IP address to its firewall, which opens a hole in the firewall for the firewall of client B (655).
  • the host sends the target IP/port information to the firewall of client B (660).
  • the firewall of client B contacts firewall of client A to establish a VPN (665). If a VPN is not established (670), an error message is generated (675) (e.g., automatic VPN could not be configured).
  • a communications system 700 includes client devices 102 and 104 connected to an external network 110.
  • peripheral devices 750 and 760 e.g., a gaming device, such as an X-BoxTM or PlaystationTM
  • the peripheral devices 750 and 760 may employ an exploring application to determine whether they are connected to any other peripheral devices. If another gaming device is detected, the gaming devices 750 and 760 may establish a connection using a data exchange protocol.
  • the local communications applications 115 and 116 on the client devices 102 and 104 may be programmed to mimic the data exchange protocol of the peripheral devices (e.g., to appear as peripheral devices).
  • Client devices 102 and 104 (using the communications application on each client device) may automatically establish a communications pathway (e.g., VPN) as described above.
  • the peripheral devices 750 and 760 may exchange data (e.g., game data that is used to play a multiplayer/device game) with the communications applications as if the communications application were another peripheral device.
  • the communications application 115 may pass the data to the other communications application 116 using the communications pathway 130.
  • the other communications application 116 passes the data to its connected peripheral device 760.
  • an automatic (or configurable) communications link may be established between the peripheral devices (e.g., to play a game). To the peripheral devices 750 and 760, it appears as if each device is communicating with another local peripheral device.
  • An implicit trust between two entities may be inferred based on the degree of separation between the two entities.
  • the degree of separation between two entities describes a relationship between those entities.
  • the two entities may be linked to one another through other entities or relationships.
  • an implicit trust may be inferred based on whether the entities are linked, and if so, by how many degrees of separation they are linked. Communications between the linked users may be handled, controlled or regulated based on the implicit trust inferred as a result of them being linked by the other entities or relationships.
  • User contact lists may be evaluated to determine whether two entities or users are linked, and if so, the number of degrees (or hops) that are required to link or relate them.
  • recipient A may list user B in recipient A's address book
  • user B may list user C in user B's address book
  • user C may list sender D in user Cs address book.
  • sender D is linked to recipient A by two degrees of separation (with user B as the first degree and user C as the second degree).
  • Recipient A is related to user C by one degree of separation (user B) and user B is separated from sender D by one degree of separation (user C).
  • Recipient A and user B, users B and C, and user C and sender D are each respectively separated by zero degrees of separation.
  • the connectedness or lack of connectedness may be used, possibly along with the degrees of separation, to aid the handling of communications sent to the recipient by the sender. For instance, handling may be informed based on: (1) whether a sender and a recipient are connected (i.e., the sender and the recipient are known to each other or the sender is known to the recipient); and (2) if they are connected, the number of degrees, hops or intermediaries required to link or relate the sender to the recipient.
  • the following description more fully describes these techniques as applied to e- mail spam filtering. However, the techniques may be applied to other communication media and to other filtering applications.
  • Fig. 8 illustrates an exemplary networked computing environment 800 that supports e-mail communications and in which spam filtering may be performed.
  • Computer users are distributed geographically and communicate using client systems 810a and 810b.
  • Client systems 810a and 810b are connected to Internet service provider (ISP) networks 820a and 820b, respectively.
  • ISP Internet service provider
  • Clients 810a and 810b maybe connected to the respective ISP networks 820a and 820b through various communication channels such as a modem connected to a telephone line (using, for example, serial line internet protocol (SLIP) or point-to-point protocol (PPP)) or a direct network connection (using, for example, transmission control protocol/internet protocol (TCP/EP)).
  • SLIP serial line internet protocol
  • PPP point-to-point protocol
  • TCP/EP transmission control protocol/internet protocol
  • E-mail servers 830a and 830b also are connected to ISP networks 820a and 820b, respectively.
  • ISP networks 820a and 820b are connected to a global network 840 (e.g., the Internet) such that a device on one ISP network 820a or 820b can communicate with a device on the other ISP network 820a or 820b.
  • a global network 840 e.g., the Internet
  • ISP networks 820a and 820b have been illustrated as connected to Internet 840.
  • many e-mail servers and many client systems may be connected to each ISP network.
  • Each of the client systems 810a and 810b and the e-mail servers 830a and 830b may be implemented using, for example, a general-purpose computer capable of responding to and executing instructions in a defined manner, a personal computer, a special-purpose computer, a workstation, a server, a device, a component, or other equipment or some combination thereof capable of responding to and executing instructions.
  • Client systems 810a and 810b and e-mail servers 830a and 830b may receive instructions from, for example, a software application, a program, a piece of code, a device, a computer, a computer system, or a combination thereof, which independently or collectively direct operations.
  • These instructions may take the form of one or more communications programs that facilitate communications between the users of client systems 810a and 810b.
  • Such communications programs may include, for example, e- mail programs, EM programs, file transfer protocol (FTP) programs, or voice-over-EP (VoEP) programs.
  • the instructions may be embodied permanently or temporarily in any type of machine, component, equipment, storage medium, or propagated signal that is capable of being delivered to a client system 810a and 810b or the e-mail servers 830a and 830b.
  • Each of client systems 810a and 810b and e-mail servers 830a and 830b includes a communications interface (not shown) used by the communications programs to send communications.
  • the communications may include e-mail, audio data, video data, general binary data, or text data (e.g., data encoded in American Standard Code for Information Interchange (ASCII) format).
  • ASCII American Standard Code for Information Interchange
  • ISP networks 820a and 820b include Wide Area Networks (WANs), Local Area Networks (LANs), analog or digital wired and wireless telephone networks (e.g., a Public Switched Telephone Network (PSTN), an Integrated Services Digital Network (ISDN), or a Digital Subscriber Line (xDSL)), or any other wired or wireless network.
  • Networks 820a and 820b may include multiple networks or subnetworks, each of which may include, for example, a wired or wireless data pathway.
  • Each of e-mail servers 830a and 830b may handle e-mail for thousands or more e- mail users connected to an ISP network 820a or 820b.
  • Each e-mail server may handle e- mail for a single e-mail domain (e.g., aol.com) or for multiple e-mail domains.
  • each e-mail server may be composed of multiple, interconnected computers working together to provide e-mail service for e-mail users of the corresponding ISP network.
  • An e-mail user such as a user of client system 810a or 810b, typically has one or more e-mail accounts on an e-mail server 830a or 830b. Each account corresponds to an e-mail address.
  • Each account may have one or more folders in which e-mail is stored.
  • E-mail sent to one of the e-mail user's e-mail addresses is routed to the corresponding e-mail server 830a or 830b and placed in the account that corresponds to the e-mail address to which the e-mail was sent.
  • the e-mail user uses, for example, an e-mail client program executing on client system 810a or 810b to retrieve the e-mail from e-mail server 830a or 830b and view the e-mail.
  • the e- mail client program may be, for example, a web browser (in the case of HTML mail), a stand-alone e-mail program, or an e-mail program that is part of an integrated suite of applications.
  • the e-mail client programs executing on client systems 810a and 810b also may allow one of the users to send e-mail to an e-mail address.
  • the e-mail client program executing on client system 810a may allow the e-mail user of client system 810a (the sender) to compose an e-mail message and address the message to a recipient address, such as an e-mail address of the user of client system 810b.
  • the sender indicates the e-mail is to be sent to the recipient address
  • the e-mail client program executing on client system 810a communicates with e-mail server 830a to handle the sending of the e-mail to the recipient address.
  • e-mail server 830a For an e-mail addressed to an e-mail user of client system 810b, for example, e-mail server 830a sends the e-mail to e-mail server 830b. E-mail server 830b receives the e-mail and places the e-mail in the account that corresponds to the recipient address. The user of client system 810b may then retrieve the e-mail from e-mail server 830b, as described above.
  • An address book is a list of the user's contacts along with their contact information.
  • An address book may contain a contact's e-mail address, instant messaging screenname, street address, and/or telephone number(s).
  • the address book may be stored on the client system or on a server, and may be accessed by the client program.
  • Fig. 9 illustrates an exemplary address book 900 that may be displayed to a user of an e-mail client program.
  • Address book 900 includes a list box 910 that contains a list 915 of the user's contacts. Only a single contact, John Smith, is shown in contact list 915, though a contact list may contain multiple entries.
  • the contact's information 925 is shown in a box 920.
  • the information contains, for example, the contact's name, the contact's screenname, and the contact's e-mail address.
  • a spammer typically uses an e-mail client program to send similar spam e-mails to hundreds, if not thousands, of e- mail recipients.
  • a spammer may target hundreds of recipient e-mail addresses serviced by e-mail server 830b on ISP network 820b, and may maintain the list of targeted recipient addresses as a distribution list.
  • the spammer may use the e-mail client program to compose a spam e-mail and may instruct the e-mail client program to use the distribution list to send the spam e-mail to the recipient addresses.
  • the e-mail then is sent to e-mail server 830b for delivery to the recipient addresses.
  • Filtering traditionally has been used to eliminate or at least reduce some spam e- mail. Filtering may be done on the server-side, e.g. at e-mail server 830b, or on the client-side, e.g. at client 810b.
  • a spam filter may be located on the server or the client. Wherever located, the spam filter may analyze e-mail coming into the server or client to determine whether any of the e-mail is spam. Once the filter designates a piece of e-mail as spam, the e-mail is treated accordingly. For example, the spam e-mail may be deleted or placed in a specific spam folder.
  • a spam filter may be implemented using a number of techniques.
  • One technique that has been used is simple text filtering, in which an e-mail's headers and/or the e-mail body is searched for simple text strings or regular expressions and the e-mail is classified as spam based on whether the string or expression is present.
  • Other techniques analyze word or other features of an e-mail to develop a rating or probability measure of the likelihood that the e-mail is spam, and then compare the rating or measure to a classification threshold. If the rating or measure exceeds the threshold, the e-mail is designated as spam.
  • the techniques used to develop the ratings may be, for example, heuristic or Bayesian based.
  • the spam filter also may employ so-called white lists and/or black lists.
  • a black list is a list of e-mail domains, specific e-mail addresses, or IP addresses that are considered to be a source of spam. Any e-mail received from a blacklisted domain, e- mail address or EP address is designated by the filter as spam.
  • a white list typically is used to help ensure that legitimate e-mail is delivered to the recipient. Similar to a black list, a white list is a list of e-mail domains, specific e- mail addresses, or EP addresses. The items on a white list, however, generally are considered to be sources of legitimate e-mail. Consequently, any e-mail received from a source on the white list is designated as legitimate e-mail (i.e., non-spam) and exempted from further filtering.
  • Fig. 10 illustrates an interface 1000 that allows an e-mail client program user to add contacts to a white list
  • interface 1000 includes a list box 1010 that contains a list of contacts 1015.
  • Interface 1000 also includes an edit box 1020 and "Add" button 1030 for adding additional contacts to list 1015.
  • a radio button 1040 is included in interface 1000 to allow the user to designate list 1015 as a white list (i.e. to allow e-mail from the listed contacts to be delivered without being subjected to spam filtering).
  • An e-mail sender's degree of separation from a mail recipient also may be used to aid in spam filtering.
  • the "degree of separation" represents a metric used to quantify whether/how the recipient is linked to the sender through intermediary people or other entities. For example, a recipient may know a first user (first degree of separation) and the first user may know a second user (second degree of separation) who knows the sender of an e-mail. In this case, the sender is separated from the recipient by two degrees of separation (i.e., by two intermediate contacts).
  • a level of "trust” or "legitimacy” about a sender's communication can be inferred by looking at whether the sender is linked to a recipient through the recipient's contacts, the recipient's contacts' contacts, or otherwise, with the level of trust typically diminishing as the number of degrees of separation increases. For instance, a system or user may consider a communication based on more degrees of separation between the sender and recipient as less likely to be legitimate or trusted than one with fewer degrees of separation.
  • an increased level of trust may be inferred when sender and recipient and/or one or more of the users or entities linking the sender and the recipient are bidirectionally linked. That is, when the sender and the intended recipient and/or one or more of the users connected the sender and intended recipient include each other in their respective contact lists, an increased level of trust may be inferred. For instance, recipient A may list user B in recipient As address book, and user B may list user C in user B's address book. An increased level of trust may be inferred, for instance, if user C also includes user B in Cs address book and/or user B also includes user A in B' address book. A trusted list of contacts linked to a user/recipient may be developed for use with a spam filter when filtering.
  • the trusted list may be developed, for example, by evaluating a contact list for the intended recipient that lists the intended recipient's contacts as more fully described below.
  • the contact list may contain communication identifiers related to the type of communication that is received (e.g., a buddy list may be accessed when the type of communication is an instant message, while an address book may be referenced when the type of communication being filtered is an e-mail communication or telephone call), or the contact list may contain communication identifiers related to a different type of communication than the one that is sent (e.g., a buddy list may be accessed when the communication is an e-mail), or a combination of similar and different types of contact lists may be accessed.
  • a single contact list may have both communication identifiers related to the type of communication received and communication identifiers related to a different type of communication than the one received. Whether a contact is linked to an intended recipient may be based on communication identifiers related to the type of communication received or may be based on communication identifiers related to a different type of communication than the one received.
  • a contact may be determined as linked to an intended recipient based on an EM screen names.
  • This contact may be placed in a trusted list that is used for e-mail communications.
  • a contact may be determined to be linked to the intended recipient based on one type of communication, and this link is used for other types of communications.
  • the link based on EM screen names may be determined, for instance, by accessing a buddy list of the intended recipient or by accessing a central contact list that contains e-mail addresses and EM screen names.
  • the trusted list may simply contain a communication identifier (e.g., e-mail address or screenname) for the linked contacts, or the trusted list also may contain the degrees of separation between the user and the linked contacts, depending on how the trusted list is used to facilitate spam filtering.
  • the trusted list also may contain other information about a linked contact. The following is an example of a trusted list that contains a communication identifier and the degrees of separation for each linked contact:
  • the trusted list may be used simply as a white list to exempt from spam filtering those e-mails from the linked contacts.
  • the trusted list may be used simply as a white list to allow only communications from those entities on the white list to be delivered to the intended recipient, with all other communications being prevented from reaching the intended recipient.
  • the presence or absence of a sender on the trusted list may be considered a feature of an e-mail when determining whether the e-mail is spam.
  • the presence in the trusted list may decrease the rating, with lower degrees of separation decreasing the rating more than higher degrees of separation.
  • the presence or absence on the trusted list, along with the degrees of separation may be considered a feature for both training and classification.
  • the degrees of separation may be used with other features of the e-mail to determine a spam rating.
  • the other features may include, for example, origin EP address, origin domain, mime-types contained in the e-mail, sender's address, and specific words in the body of the e-mail.
  • e-mail may be treated differently based on the sender's degrees of separation. For example, e-mail whose sender is within 1 to M degrees of separation may be exempted from filtering, e-mail whose sender is within M+l to M+X degrees of separation may be treated as unknown and consequently filtered, and e-mail whose sender is not linked or is linked by a degree of separation greater than M+X may be automatically discarded as spam.
  • FIG. 11 is a flow chart of a process 1100 for using an e-mail sender's degrees of separation from a mail recipient to aid in spam filtering.
  • a list of contacts is maintained for the recipient (1110).
  • the list of contacts may be any personally maintained list, for example, an address book, a buddy list for instant messaging, and/or a white list.
  • the rest of process 1100 will be described using an address book as an example of a list of contacts.
  • the contacts in the recipient's address book are added to a trusted list of the recipient (1120). If the trusted list contains, for example, e-mail addresses, but the contact list only contains screennames, then the contacts' e-mail addresses may be looked-up using, for example, a database that correlates information such as a user's e-mail address and EM screennames.
  • the contacts linked to the recipient i.e., up to a desired degree of separation
  • the address books of each contact in the recipient's address book are accessed (1130).
  • the contacts in the recipient's contacts' address books i.e., the contacts separated by one degree
  • the degree of separation is incremented (1160) such that the address books of the contacts that are separated from the recipient by one degree are accessed (1130) and the contacts in those address books are added to the trusted list (1140).
  • the contact's degree of separation from the recipient also may be added. The addition of contacts continues until the desired degree of separation is reached (1150). Once the desired degree of separation has been reached, the trusted list is input to the spam filter for use in filtering spam (1170).
  • Process 1100 may be performed before an e-mail is received and the trusted list may be stored for use with the spam filter. Alternatively, process 1100 may be performed whenever an e-mail is received.
  • Process 1100 may result in the trusted list not being updated when any users related to the intended recipient update their contact lists. That is, if a user related to the intended recipient adds a contact to the user's contact list, the new contact may not be reflected in the intended recipient's trusted list. This situation may not be overly detrimental, particularly in implementations where the trusted list is used as a white list to exempt certain e-mails from spam filtering. However, repeating process 1100 on a periodic or aperiodic basis may mitigate this situation. Another manner of mitigating this situation is to use an update system in which changes to contact lists are tracked and trusted lists are updated accordingly in an incremental fashion or by triggering an update or re-initiation of process 1100 when an update occurs. The alternate process 1200 illustrated in Fig. 12 also may mitigate such a situation.
  • Fig. 12 is a flow chart of an alternate process 1200 for using a sender's degrees of separation from a mail recipient to aid in spam filtering.
  • the sender's address is retrieved from the e-mail (1220).
  • a search then is performed to determine the sender's degree of separation from the recipient (1230).
  • the contacts in the recipient's address book i.e., the contacts separated by zero degrees
  • the address books of one or more contacts in the recipient's address book are accessed and searched to determine if the sender is among those contacts.
  • the degree of separation is incremented such that the address books of the contacts that are separated from the recipient by one degree are accessed and searched to determine if the sender is among those contacts. This continues until the desired degree of separation has been reached. At that point, if the sender has not been located, then the sender is not considered to be linked to the recipient.
  • An indication of whether the sender is linked to the intended recipient, and possibly also the sender's degree of separation from the intended recipient, are input to a spam filter for use in determining whether the e-mail is spam (1240).
  • Process 1100 or process 1200 may be implemented by the server, by the client, or by a combination of both.
  • the contact lists of the users may be stored centrally or in a distributed fashion.
  • the techniques may be applied to an environment in which all of the users' contact lists are stored on a single server (completely centralized), or on a single cluster of servers owned by the same e-mail service provider (partially centralized/distributed).
  • the contact lists may be stored in a more fully distributed fashion by being stored on different servers owned by different e-mail service providers (which may or may not adopt a standardized protocol for sharing information such as contact lists), or by being stored on each client system (i.e., each user's contact list is stored on the user's client system). If the contact lists are stored on the client (e.g., a client running Microsoft Outlook), the accessing and searching of the contacts' address books or other contact lists may be performed using peer-to-peer techniques.
  • client e.g., a client running Microsoft Outlook
  • privacy and security measures may be implemented, such as hashing the trusted list or otherwise making it unreadable to the user, so that the user can not determine who is listed in his or her contacts' lists or otherwise have access to someone's contact information that has not been specifically given to the user. For example, if a recipient has only one contact in his or her contact list and only one degree of separation is used, then the recipient may be able to discern who that single contact has on his or her contact list. Making the trusted list unreadable to its "owner" may eliminate this potential issue.
  • a trusted group model may be implemented to allow access to the different contact lists, as needed, to develop the degrees of separation between a recipient and a sender.
  • the user's address book may include contacts with address books maintained on a server owned by a different provider, such as, for example, server 130a.
  • a provider of server 130a would not allow outside parties to access the contact lists of its users.
  • a trusted group model may be developed that allows server 130b to access the address books or other contact lists of the users whose accounts are maintained on server 130a. In this way, server 130b may be able to determine the linked contacts, even if some of the contact lists are on server 130a.
  • e-mail service providers such as America Online (AOL) and Hotmail may cooperate to allow access to users' contact lists so as to increase the effectiveness of the foregoing techniques.
  • AOL America Online
  • Hotmail may cooperate to allow access to users' contact lists so as to increase the effectiveness of the foregoing techniques.
  • two corporations each running an e-mail server (e.g., a Microsoft Exchange server), a corporation and an ISP, or any two e-mail service providers may cooperate to allow access to users' contact lists.
  • the foregoing techniques may be limited out of privacy or security concerns similar to those described above with regard to storing the contact lists at the client. For example, if a recipient has only one contact in his or her contact list and only one degree of separation is used, then the recipient may be able to discern who that single contact has on his or her contact list if restrictions are not applied.
  • the use of the foregoing techniques may be limited such that the techniques are not performed when the number of contacts in a recipient's contact list is below a predetermined number. Also, there may be a requirement that a minimum number of degrees of separation are searched. Other limitations may include limiting a user's ability to perceive his or her trusted list.
  • Preventing the user's ability to perceive or access the trusted list may be accomplished by preventing the display of the trusted list, storing the trusted list remote from the user, or, as described above, storing the trusted list as a hash.
  • the foregoing techniques also may be limited such that a contact list is not used when the contact list does not contain the recipient. In other words, the contact lists of users who do not include the recipient are not used to determine contacts at the next level of separation. For example, if user A is a mail recipient, a user B that is in user A's address book may be indicated as a linked user.
  • user B's address book contains user A
  • user B's address book is used for the, next degree of separation, which results in a user C (who is in user B's address book) as being linked to user A.
  • user Cs address book does not contain user A
  • user Cs address book is not used when a search is done for the next degree of separation.
  • the techniques are described as being applied to e-mail spam filtering. However, the techniques may be used for spam filtering of communications in other communication media, including both text and non-text media.
  • the techniques may be applied to instant messaging.
  • an instant messaging buddy list or an address book may be used as the contact list
  • the trusted list may contain the screennames of linked contacts.
  • the trusted list may be input into a spam filter that prevents spam instant messages.
  • SMS short messaging service
  • a phone book for the cell phone may be used as the contact list.
  • these techniques may be used to filter telephone calls based on a user's contact list, such as a personal phone book or an address book, particularly if the telephone calls are carried over packet networks such as the Internet.
  • the above techniques also may be extended to apply to the general handling, classification, or filtering of communications. For example, a recipient may want messages from senders who are linked to the recipient to be classified as important, while other messages are classified as low priority.
  • a Bayesian classifier may be used to classify received e-mail into classes other than spam. The Bayesian classifier may be trained with a set of e-mail that includes information about whether a sender of the e-mail is linked to the recipient and, if so, by how many degrees. The Bayesian classifier then may use the information when classifying an unknown e-mail.
  • the handling in an instant messaging implementation may include bypassing or invoking a "knock-knock" interface.
  • the intended recipient's instant messaging program invokes a "knock-knock" interface.
  • the interface typically informs the intended recipient that the sender is trying to instant message him or her, identifies the sender (e.g., by displaying the screen name of the sender), and provides the intended recipient with an option of accepting the message. If the intended recipient indicates that he or she wishes to accept the instant message, it is delivered to the intended recipient and displayed to the intended recipient.
  • the sender also is placed on a block list when the intended recipient indicates he or she does not want to receive an instant message from the sender.
  • the block list is used to prevent further instant message communications from users on the block list without bothering the intended recipient, i.e., instant messages from users on the block list are automatically ignored without asking the intended recipient whether he or she wants to receive them.
  • the trusted list may be used to determine when to invoke a knock-knock interface. To do so, whether a knock-knock interface is invoked may depend on the number of degrees of separation between the sender and the intended recipient. In one implementation, instant messages from senders less than or equal to n degrees away from the intended recipient are provided to the intended recipient automatically without a knock-knock interface being invoked, while a knock-knock interface is invoked for instant messages from senders greater than n degrees away from the intended recipient.
  • instant messages from senders within 1 to M degrees may be provided to the intended recipient without a knock-knock interface being invoked
  • instant messages from senders within M+l to N degrees may cause a knock-knock to be invoked
  • instant messages from senders greater than N degrees away may be automatically discarded without invoking a knock-knock interface or otherwise informing the intended recipient.
  • the above techniques have been described as creating a "trusted" list. However, these techniques could be used to source a "non-trusted" list by adding the black lists (or other lists denoting untrusted senders) of linked contacts to a non-trusted list for the intended recipient, at least up to a threshold degree of separation. The non-trusted list may then, for example, be used as a black list, or may be a factor for spam filtering.
  • Creating such a non-trusted list may be used in conjunction with developing the trusted list. For example, for each or a subset of the contacts added to the trusted list, the entities on the added contacts' black lists (or other lists denoting untrusted senders) can be placed on the intended recipient's non-trusted list. As another example, when a contact's contact list is accessed and added to the trusted list, the contact's list of untrusted senders also may be accessed and added to the non-trusted list.
  • Fig. 13 illustrates an exemplary interface 1300 that may be used to allow a user to adjust preferences with regard to the degrees of separation feature. Some implementations may provide a user the ability to decide whether degrees of separation will be used, and, if so, how many degrees should be used.
  • Exemplary interface 1300 includes a text 1305 that explains to the user that the user may decide to have his or her white list populated using degrees of separation and that the user may select how many degrees to use.
  • Text 1305 includes a hyperlinked portion 1310 that, when selected by the user, invokes an interface (not shown) that provides information about degrees of separation.
  • Interface 1300 also has a check box 1315 that allows a user to select whether degrees of separation should be used to develop his or her white list. When check box 1315 is not checked, degrees of separation will not be used. When check box 1315 is checked, degrees of separation will be used. Interface 1300 additionally has an edit box 1320 that allows a user to select how many degrees will be used to develop the white list. When check box 1315 is not checked, edit box 1320 becomes inactive and is grayed out. When check box 1315 is checked, however, edit box 1320 becomes active and the user is able to enter the number of degrees to be used. An OK button 1325 is available on interface 1300 to allow the user to indicate that the preferences selected in interface 1300 should be saved. A Cancel button 1330 cancels the preferences without saving them.
  • implementations may provide varying levels of user control. For instance, the user may be able to select whether white lists (or other trusted lists) are used, but without any control over whether degrees of separation are used. That is, the system may automatically use degrees of separation when the user chooses to use white lists or other trusted lists. Alternatively, for example, a system may use the white lists or other trusted lists and degrees of separation without providing the user control over either.
  • the techniques described above are not limited to any particular hardware or software configuration. Rather, they may be implemented using hardware, software, or a combination of both.
  • the methods and processes described may be implemented as computer programs that are executed on programmable computers comprising at least one processor and at least one data storage system. The programs may be implemented in a high-level programming language and may also be implemented in assembly or other lower level languages, if desired.
  • Any such program will typically be stored on a computer-usable storage medium or device (e.g., CD-Rom, RAM, or magnetic disk).
  • a computer-usable storage medium or device e.g., CD-Rom, RAM, or magnetic disk.
  • the instructions of the program When read into the processor of the computer and executed, the instructions of the program cause the programmable computer to carry out the various operations described above.

Abstract

Communication applications may include lists of users with which a user of the application communicates. If two users of a communications application each include the other user on their user lists, an implicit trust may be established between the users. An implicit trust between two entities also may be inferred based on the degree of separation between two entities. As a result of the implicit trust, a connection or communications pathway may be automatically created between the client devices of the users or otherwise regulated to facilitate communications between the users.

Description

IMPLICIT ACCESS FOR COMMUNICATIONS PATHWAY
TECHNICAL FIELD
The following description relates to network communications.
BACKGROUND
With the rapid proliferation and affordability of computers, the Internet has become the communications medium of choice for many users. Although the Internet is a public medium, techniques have been developed for using the Internet to enable private communications between networks. One such private communications technique is used to enable instant messaging.
Instant messaging allows users to rapidly communicate with other users of a communications network. Generally, client messaging software runs on a client A device and provides a communications interface for entry of a message. The intended message recipient may be entered manually or may be selected from a user list, such as a Buddy List™ from America Online, Inc. Instant messaging may be used to communicate text messages, images, and sounds or voice. Another communications technique is e-mail. Unfortunately, because the costs of sending e-mail are relatively low, e-mail recipients are being subjected to mass, unsolicited, commercial e-mailings (colloquially known as e-mail spam or spam e-mail). These are akin to junk mail sent through the postal service. However, because spam e- mail requires neither paper nor postage, the costs incurred by the sender of spam e-mail are quite low when compared to the costs incurred by conventional junk mail senders. Due to this and other factors, a significant amount of spam e-mail is sent to e-mail users on a daily basis.
Spam e-mail impacts both e-mail users and e-mail providers. For an e-mail user, spam e-mail can be disruptive, annoying, and time consuming. For an e-mail service provider, spam e-mail represents tangible costs in terms of storage and bandwidth usage. These costs may be substantial when large numbers of spam e-mails are sent. SUMMARY
In one general aspect, messaging applications, systems, and methods may be used to automatically configure a communications pathway based on an implicit trust between users. Each user of a communications application may have a user list that identifies other users to which a message may be sent. If two users of the communications application each include the other user on their user lists, an implicit trust may be inferred between the users. For example, if user A includes user B in her user list and user B includes user A in his user list, then it may be inferred or determined that each user knows and/or implicitly trusts the other user. As a result, a connection or communications pathway may be automatically created, configured or regulated between the client devices of the users to facilitate communications between the users based on the implicit trust. The communications application may be an instant messaging application. The communications pathway may be implemented as a virtual private network. In another general aspect, a communications pathway between a first client A device associated with the first user and a second client A device 1 (associated with the second user may be established upon determining that the first user is included on a user list associated with a communications application of the second user and that the second user is included on the user list associated with a communications application of the first user. The communications pathway may be a virtual private network.
To establish the communications pathway, an Internet protocol address of the first user may be provided to the second client device, and an Internet protocol address of the second user may be provided to the first client device. A shared secret also may be provided to the first and second client devices. The first client device may contact the Internet protocol address of the second client A device 102nd present the shared secret. The second client device may validate the identity of the first client B device 104ased on the presented shared secret.
In another general aspect, upon determining that an Internet protocol address (e.g., a global Internet protocol address of a firewall associated with the first client device) of a communication received from a first client device is different from the Internet protocol address (e.g., a local source Internet protocol address) of the first client device, a determination may be made that a direct communications pathway between the first client A device 102nd the second client device may not be established. In this case, to establish the communications pathway a hole may be opened in the firewall associated with the first client device for an Internet protocol address associated with the second client device.
To open the hole, a request for a proxy forward may be sent to the firewall. The firewall selects a target Internet protocol address and a port number. The target Internet protocol address is provided to a host (e.g., an instant messaging host) associated with the communications application. The host sends the target Internet protocol address to the second client device. The second client device responds to the host with an Internet protocol address associated with the second client device. The host provides the Internet protocol address associated with the second client device to the firewall associated with the first client device to enable the proxy forward for the Internet protocol address associated with the second client device.
The Internet protocol address associated with the second client device may be the Internet protocol address of a firewall associated with the second client device. In another aspect, a determination that a first user is included on a user list associated with a communications application of a second user is made. A determination that the second user is included on a user list of a communications application associated with the first user also is made. Based on these determinations, an implicit trust between the first user and the second user is inferred. Based on the inferred implicit trust, communications between the first user and the second user may be regulated. The inferred implicit trust may be greater than an implicit trust inferred based only on a determination that the first user is included on a user list associated with a communications application of the second user.
In another aspect, techniques for handling a communication from a sender to an intended recipient are described. A communication is received from a sender. The communication is directed to an intended recipient. The sender of the communication and the intended recipient of the communication are identified. A determination is made as to whether the sender and the intended recipient are linked by less than a threshold number of degrees of separation. Based at least in part on whether the sender and the intended recipient are linked by less than the threshold number of degrees of separation, a determination is made as to whether the communication is a spam communication.
Implementations of this aspect may include one or more of the following features. For example, determining whether the sender and the intended recipient are linked by less than the threshold number of degrees of separation may include determining whether the sender and the intended recipient are linked by at least one intermediary entity. How many intermediary entities are needed to link the sender to the intended recipient may be determined and whether the communication is a spam communication may be determined based on how many intermediary entities are needed to link the sender to the intended recipient.
Determining whether the sender is linked to the intended recipient by at least one intermediary entity may include accessing a contact list of the intended recipient to determine at least one contact on the contact list. Accessing a contact list of the intended recipient may include accessing a contact list with communication identifiers related to the same or a different type of communication than the communication from the sender to the intended recipient. For example, the contact list of the intended recipient may include an address book; a buddy list; a personal phone book; or a white list. The communication may be, for instance, an e-mail message; an instant message; an SMS message; or a telephone call. Determining whether the communication is a spam communication may include determining a spam rating for the communication based on whether the sender is linked to the intended recipient by less than a threshold number of degrees of separation; and designating the communication as spam or blocking the communication when the spam rating exceeds a classification threshold. How many intermediary entities link the sender to the intended recipient may be determined and determining the spam rating may include determining the spam rating for the communication based on how many intermediary entities link the sender to the intended recipient.
The communication may be exempted from the determination of whether the communication is a spam communication when less than M intermediary entities link the sender to the intended recipient or when greater than M+X entities link the sender to the intended recipient. Whether the communications is a spam communication may be determined when between M+l and M+X intermediary entities link the sender and the intended recipient.
Determining whether the sender and the intended recipient are linked by at least one intermediary entity may include accessing a contact list of the intended recipient to determine a first contact on the intended recipient's contact list; and accessing a contact list of the first contact to determine a second contact on the first contact's contact list.
In another aspect, a communication from a sender is received. The communication is directed to an intended recipient. The sender and the intended recipient of the communication are identified. A contact list of the intended recipient is accessed. The contact list contains communication identifiers related to a different type of communication than the communication from the sender. Whether the sender and the intended recipient are linked by less than a threshold number of degrees of separation is determined based on the communication identifiers in the contact list that are related to a different type of communication than the communication from the sender. The communication is handled based on whether the sender and the intended recipient are linked by less than the threshold number of degrees of separation.
Implementations of this aspect may include one or more of the following features. For example, determining whether the sender and the intended recipient are linked by less than the threshold number of degrees of separation may include determining whether the sender and the intended recipient are linked by at least one intermediary entity based on the contact list. The communication may be an e-mail message and the communication identifiers in the contact list may relate to a communication type other than e-mail messages. The communication may be an instant message and the communication identifiers in the contact list relate to a communication type other than instant messages. The communication may be an SMS message and the communication identifiers in the contact list may relate to a communication type other than SMS messages. The communication may be a telephone call and the communication identifiers in the contact list may relate to a communication type other than telephone calls.
How many intermediary entities are needed to link the sender to the intended recipient may be determined. Whether the communication is a spam communication may be based on how many intermediary entities are needed to link the sender to the intended recipient. The contact list of the intended recipient may include an address book; a buddy list; a personal phone book; or a white list.
Handling the communication may include using whether the sender and the intended recipient are linked by less than a threshold number of degrees of separation to determine if the communication is spam. Handling the communication may include exempting the communication from filtering if the sender is linked to the intended recipient. Handling the communication may include determining a spam rating for the communication based on whether the sender is linked to the intended recipient by less than a threshold number of degrees of separation; and designating the communication as spam or blocking the communication when the spam rating exceeds a classification threshold. The spam rating for the communication may be determined based on how many intermediary entities link the sender to the intended recipient.
Handling the communication may include handling the communication differently based on how many intermediary entities link the sender to the intended recipient. Handling the communication differently may include exempting the communication from filtering if less than M intermediary entities link the sender to the intended recipient; subjecting the communication to filtering if between M+l and M+X intermediary entities link the sender to the intended recipient; and/or discarding the communication if greater than M+X entities link the sender to the intended recipient.
Determining whether the sender and the intended recipient are linked by at least one intermediary entity may include determining a first contact on the contact list of the intended recipient; and accessing a contact list of the first contact to determine a second contact on the first contact's contact list. Handling the communication may include invoking a knock-knock interface when the sender and the intended recipient are not linked by less than the threshold number of degrees of separation.
In another aspect, techniques for handling a communication from a sender to an intended recipient are described. A communication from a sender directed to an intended recipient is received. The sender and intended recipient of the communication are identified. Whether the sender and the intended recipient are linked by less than a threshold number of degrees of separation is determined. An interface is displayed to the sender prior to displaying the communication to the sender when the sender and the intended recipient are not linked by less than the threshold number of degrees of separation. The interface includes an interface element that allows the intended recipient to indicate that the communication should be displayed.
Implementations may include one or more of the following features. For example, the interface may inform the intended recipient that the sender has sent a communication to the intended recipient. The interface may display to the intended recipient an identifier of the sender. The communication may be displayed when the intended recipient uses the interface element to indicate that the communication should be displayed.
Determining whether the sender and the intended recipient are linked by less than the threshold number of degrees of separation may include determining whether the sender and the intended recipient are linked by at least one intermediary entity. Determining whether the sender is linked to the intended recipient by at least one intermediary entity may include accessing a contact list of the intended recipient to determine at least one contact on the contact list. Determining whether the sender and the intended recipient are linked by at least one intermediary entity may include accessing a contact list of the intended recipient to determine a first contact on the intended recipient's contact list; and accessing a contact list of the first contact to determine a second contact on the first contact's contact list.
Accessing a contact list of the intended recipient may include accessing a contact list that contains communication identifiers related to a different type of communication than the communication from the sender to the intended recipient. Accessing a contact list of the intended recipient may include accessing a contact list that contains communication identifiers related to the type of communication that includes the communication from the sender to the recipient.
The contact list of the intended recipient may include an address book, a buddy list, a personal phone book, or a white list. The communication may be an e-mail message, an instant message, an SMS message, or a telephone call.
Implementations of the described techniques may include hardware, a method or process, or computer software on a computer-accessible medium.
The details of one or more implementations are set forth in the accompanying drawings and the description below. Other features will be apparent from the description and drawings, and from the claims.
DESCRIPTION OF DRAWINGS
Figs. 1-4 and 7 are block diagrams of an exemplary communications system including communications pathways. Figs. 5 and 6 are flow charts of an exemplary process used to establish implicit communications.
Fig. 8 is a diagram showing an exemplary networked computing environment that supports e-mail communications and in which spam filtering may be performed.
Fig. 9 is an illustration showing an exemplary address book that may be displayed to a user of an e-mail client program.
Fig. 10 is an illustration showing an interface that allows an e-mail client program user to add contacts to a white list. Fig. 11 is a flow chart of a process for using an e-mail sender's degrees of separation from a mail recipient to aid in spam filtering.
Fig. 12 is a flow chart of an alternate process for using a sender's degrees of separation from a mail recipient to aid in spam filtering. Fig. 13 is an illustration showing an exemplary interface that may be used to allow a user to adjust preferences with regard to the degrees of separation feature.
DETAILED DESCRIPTION
Some communications techniques include the use of a contact list or user list. Communications applications employing these techniques facilitate communications by allowing a user to select an intended recipient of a message from the user list. Although such applications provide a useful interface for transmitting messages, the user lists also may be helpful to facilitate other types of communications. For example, if two users include each other on their user lists, an implicit trust between the users may be inferred. Based on the implicit trust, a communications pathway may be established between the users to facilitate communications, as described in detail below.
Referring to Fig. 1, a communications system 100 includes a client A device 102 and a client B device 104 that are associated with users A and B. Client device 102 and 104 include communication applications 115 and 116 (e.g., IM applications). When client A device 102 connects to the external network 110, the communications application 115 may connect with the host network 120 connected to the external network 110 (e.g., by logging-on to the host network 120) using communications link 112. The client A device 102 also may connect to an IM host 125 that is part of the host network 120. Similarly, when client B device 104 connects to the external network 110, the communications application 116 may connect with the host network 120 and the LM host 125 using communications link 113. Once a client device 102 or 104 has connected to the LM host 120, the communications applications 115 and 116 may send and receive messages.
If user A sends a message to user B, the IM host 125 may determine that the user list of user B or a particular portion of the user list (e.g., a group, such as buddies, family, or gamers) includes user A, and that the user list (or particular portion of the user list) of user A includes user B. Based on this determination, the LM host 125 may infer that there is an implicit trust between user A and user B or that user A and user B have granted access of their client devices to each other. The IM host 125 automatically creates a communications pathway between the client devices 102 and 104 by sending a message to each of client devices 102 and 104. Each message includes the IP address and port of the other client A device 102nd a shared secret.
Each client device may contact the other client device using the specified IP address and port. In addition, each client device may present the shared secret to the other client device to validate. The client devices 102 and 104 then enter negotiations to establish the details (e.g., a communications protocol and encryption) of the communications pathway 130.
The external network 110 may be implemented using one or more local area networks (LANs), wide area networks (WANs), global networks, or any combination of these networks (e.g., the World Wide Web or the Internet). These networks may include any number of components and/or devices (e.g., hubs, routers, switches, servers, repeaters, storage devices, communications interfaces, and various communications media) and various other supporting components (e.g., software, operators/administrators/technicians, and other infrastructure).
The client devices 102 and 104 may be operated by one or more users to access the external network 110 and any associated devices and/or components. An example of a client device is a general -purpose computer capable of responding to and executing instructions in a defined manner. Client devices also may include a special-purpose computer, a personal computer ("PC"), a workstation, a server, a laptop, a Web-enabled phone, a Web-enabled personal digital assistant ("PDA"), an interactive television set, a set top box, an on-board (i.e., vehicle-mounted) computer, or a combination of one or more these devices capable of responding to and executing instructions. The client device may include any number of other devices, components, and/or peripherals, such as memory/storage devices, input devices, output devices, user interfaces, and/or communications interfaces.
The client A device 1021so may include one or more software applications (e.g., an operating system, a browser application, a microbrowser application, a server application, a proxy application, a gateway application, a tunneling application, an e-mail application, an IM client application, an online service provider client application, and/or an interactive television client application) loaded on the client device to command and direct the client device. Applications include a computer program, a piece of code, an instruction, or some combination thereof, for independently or collectively instructing the client device to interact and operate as desired. The applications may be embodied permanently or temporarily in any type of machine, device, component, physical or virtual equipment, storage medium, or propagated signal capable of providing instructions to the client device. In particular, the applications may be stored on a storage media or device (e.g., read only memory (ROM), a random access memory (RAM), a volatile/non-volatile memory, a magnetic disk, or a propagated signal or wave) readable by the client device, such that if the storage medium or device is read by the client device, the steps or instructions specified are performed.
Each of the client devices 102 and 104 also includes one or more a corresponding communications interface 117 or 118 that allow the client device to send information to and receive information from the corresponding communications links 112 or 113.
The communications links 112 and 113 may be configured to send and receive signals (e.g., electrical, electromagnetic, or optical) that convey or carry data streams representing various types of analog and/or digital content. For example, the communications links 112 and 113 may be implemented using various communications media and one or more networks comprising one or more network devices (e.g., servers, routers, switches, hubs, repeaters, and storage devices). The one or more networks may include WANs, LANs, a plain old telephone service (POTS) network, a digital subscriber line (DSL) network, an integrated services digital network (ISDN), and a synchronous optical network (SONNET), or a combination of one or more of these networks. In addition, the communications links 112 and 113 may include one or more wireless links that transmit and receive electromagnetic signals, such as, for example, radio, infrared, and microwave signals, to convey information.
Communications applications, such as communications applications 115 and 116, loaded and/or running on a client device may command and direct communications by the client device. The communications applications may work in conjunction with or enable the corresponding communications interface 117 or 118 to exchange data with other devices, networks, and communications media. Examples of communications applications include a browser application, a microbrowser application, a server application, a proxy application, a gateway application, a tunneling application, an e-mail application, an instant messaging (IM) application, an interactive television application, and/or an Internet service provider (ISP) application.
As described above, one example of a communications application is the IM application. The LM application may provide an IM user interface that allows a user to send and receive messages. The LM user interface may include an EM message display area including one or more windows/frames to enter and present messages. The IM user interface also may include icons, menus, and/or other inputs to control the interface, configure interface settings, and activate features of the interface.
One feature of an IM application is a list of users or contacts, such as, for example, the Buddy List™ for AOL's Instant Messenger. The user list may be populated with identifiers (e.g., screen names) of one or more users. The user identifiers that populate the user list may be divided into one or more categories of users (e.g., friends, family, coworkers, buddies, and gamers).
The user list also provides an indication of whether a user associated with an identifier is currently able to receive messages (e.g., is currently connected to the external network 110 and able to engage in a one-to-one and/or peer-to-peer communication with another client device). A user may send a message to another user by manually entering a user identifier or selecting a user identifier from the list.
When the LM application is activated and the client device is connected to the external network 110, the LM application causes the client device to contact the host network 120, which is connected to the external network 110. The host network 120 may include one or more login servers (not shown) to enable communications with and to authorize access by a client A device 102nd other networks to various elements of the host network 120 and/or the LM host 125. The LM host 125 may include one or more LM servers and storage devices that manage and enable LM communications provided by the host network 120.
To access the IM host 125 and begin an LM session, the client device 102 or 104 establishes a connection to the login server. The login server determines whether a particular user is authorized to access the EVI host 125 by verifying a user identifier and/or a password. If the user is authorized to access the LM host 125, the login server identifies a particular LM server (not shown) for use during the user's session. The client device establishes a connection to the LM host 125 and the designated server through the corresponding communications link 112 or 113.
Once a connection to the LM server has been established, the client device may directly or indirectly transmit data to and access content from the LM server. By accessing the LM server, a user may use the LM application to view whether or not particular users are online, exchange instant messages with users, participate in group chat rooms, trade files, such as pictures, invitations, or documents, find other users with similar interests, get customized news and stock quotes, and search the World Wide Web. The IM host 125 also may include a user profile server (not shown) connected to a database that may store user profile data. The user profile server may be used to enter, retrieve, edit, manipulate, or otherwise process user profile data. In one implementation, a user's profile data includes, for example, a user list, identified interests, a geographic location, an Internet protocol address associated with the client device, a general account, and demographic information. The user may enter, edit and/or delete profile data using an installed LM application on the client device.
Because the user data profile may be accessed by the LM host 125, the user does not have to reenter or update such information in the event that the user accesses the LM host 125 using a new or different client device. Accordingly, when a user accesses the LM host 125, the LM server can instruct the user profile server to retrieve the user's profile data from the database and to provide, for example, the user list to the LM server. The user profile server also may communicate with other servers in the host network 120 to share user profile data. The user profile data also may be saved locally on a client device. In this implementation, the client device may provide the user profile or user profile data to the host network 120 at specified times or when requested. In another implementation, the user profile may be stored locally at the client A device 102nd at the host network 120 and may be periodically synchronized (e.g., at login). One communications pathway 130 that may be established between the client devices is a virtual private network (NPN). A VPN, also known as an encrypted tunnel, allows two physically separated networks or client devices to be connected over a WAN, such as the Internet, without exposing transmitted data to viewing by unauthorized parties. VPNs require at least two cooperating devices. The communication path between these devices may be viewed as a secure tunnel through the insecure external network 110. Wrapped around the tunnel is a series of functions, which may include authentication, access control, and data encryption, that protect the transmitted data from being viewed or used by others. The VPN may be established by the LM application or other communication application working in conjunction with the communications interface 117 or 118 and/or other devices (e.g., a firewall).
In one implementation, a communications pathway 130 may be established as follows. When a first user sends an instant message to second user, the LM host 125 receives the message, and, if the second user is connected to the host network 120, sends the message to the second user. In addition, the IM host may determine whether each user is listed in the user list of the other user (e.g., by contacting the profile server or by querying the client devices). If each user is listed in the user list of the other user, the LM host 125 may determine that permission has been granted implicitly by each user to give the other user access to their client device. The LM host 125 may then send a message to each client device including the LP address and port of the other client A device 102nd a shared secret. The shared secret may include information (e.g., an identification, a key, or a certificate) that enables a client device to prove and/or authenticate the identity of a user. In another implementation, the shared secret may be provided to each client B device 104y a third party host (e.g., an Internet certificate site, such as Verisign) that facilitates communications.
Using the information in the message from the LM host 125, each client device may attempt to establish a communications pathway 130. For example, each device may contact the other client A device 102 the LP address and port specified in the message. After establishing contact with the other client device, the shared secret is presented to prove the identity of the contacting client device. Once the shared secret is verified by the other client device, the client devices may enter negotiations to establish the details of the communications pathway 130 (e.g., a communications protocol and encryption). If two communications pathways are established, one may be dropped during the negotiations.
Once the communications pathway 130 is established, the client devices may exchange data using the communications pathway 130. Both client devices are provided with, in effect, a virtual network communication card that is able to exchange information directly with the other client device. This process is transparent to the users of the client devices.
In another implementation, a client device may send a request to the LM host 125 to establish a connection with another client device. In this case, the IM host 125 responds to the request by determining whether the implicit access has been granted between the requesting client A device 102nd the target client device. If so, the requesting client device is provided with the LP address and port of the target device and a shared secret. The target device also is provided with the shared secret. Establishing of the communications pathway 130 may then proceed as described above.
Either or both client devices may attempt to establish a communications pathway 130. If both client devices attempt to establish the communications pathway 130, only one of the attempts needs to be successful. However, if more than one communications pathway 130 is established, one of the two pathways may be dropped as part of the negotiations. Once the communications pathway 130 is established, client devices 102 and 104 may exchange data using the pathway 130. As shown in Fig. 2, a communications system 200 includes client A device 102 connected to an intranet 240 or other system configuration that includes a firewall 250 (or other device, such as a server performing filtering or network address translation). The firewall 250 may enforce an access control policy between the intranet 240 and the external network 110, and provides at least two basic mechanisms: one to block traffic and the other to permit traffic. The firewall 250 may be implemented by one or more applications running on the client device (e.g., a personal firewall) or one or more separate devices, such as, for example, a router. The firewall 250 may provide one or more functions, such as packet filtering, network address translation (NAT), and proxy services. In addition, the firewall may provide encrypted authentication and virtual private networking, in addition to other features (e.g., content filtering and virus scanning).
If either client device 102 or 104 sends a message to the EM host 125, the IM host 125 determines whether the user associated with each client device is included in the user list of the other user. If each user is included in the list of the other user, the EM host 125 may provide the EP address/port of each client A device 102nd a shared secret to the other device. Each client device 102 and 104 may attempt to establish contact with the other client device.
However, as shown in Fig. 2, client B device 104 is not able to establish contact with client A device 102 because the EP address provided by the EVI host 125 does not result in a connection. For example, if the EM host 125 provides the EP address and port number of client A device 102, an error is generated because the EP address is a local EP address of the intranet 240 (and not understood by devices outside of the intranet 240. If the EP address/port of the firewall 250 is provided, the firewall 250 blocks any connection attempted by client B device 104 because the firewall 250 expects a message from the EP address of the EM host 125 (which is different than that of client B device 104).
Notwithstanding the difficulties that may be encountered establishing a connection due to the firewall associated with client A device 102, the communications pathway 130 from client A device 102 to client B device 104 may established. For instance, client A device 102 may contact client B device 104 at the specified EP address/port and present the shared secret to client B device 104 to prove the identity of client A device 102, which client B device 104 verifies. Then, the client devices 102 and 104 may enter negotiations to establish the details of the communications pathway 130.
In another implementation of the communications system 200, when an instant message is sent to either client device, the EM host 125 may determine that the EP address and port associated with client A device 102 does not match the actual EP address being used to establish communications (e.g., because firewall 250 substitutes the local EP address with a global EP address of the firewall 250). From this information, the EVI host 125 may be configured to deduce that the client A device 102 is behind a firewall (or similar device). Through a similar process, the EVI host 125 may determine that the client B device 104 is not behind a firewall. In this case, if an attempt is made to establish a communications pathway 130 by either client device, the EM host 125 may send a message to the client A device 102 that provides the EP address and port of the client B device 104 and a shared secret, and also may send the shared secret to client B device 104 to facilitate communications. Client A device 102 then proceeds to contact client B device 104 and establish a communications pathway 130 as described above.
As shown in Fig. 3, a communications system 300 includes client devices 102 and 104 that are both connected to respective intranets 330 and 340, or otherwise behind firewalls (or other NAT devices). Client A device 102 connects to firewall 350 to access the external network 110 using communications link 112. Similarly, client B device 104 connects to firewall 360 to access the external network 110. Although firewalls 350 and 360 are shown as separate elements of the intranets 330 and 340, the firewalls also may be implemented by client devices 102 and 104.
If a message is sent by user A to user B, the EM host 125 may determine that user A is listed on the user list of user B (or a group of the list of user B), and that user B is listed on the user list of user A (or a group of the list user A). Based on this determination, the EM host 125 may infer that user A and user B have implicitly granted access to each other. If the EM host 125 attempts to give the local EP address or the global IP address of the associated firewall of either client A device 102 or 104 to the other, a communications pathway 130 may not result for the reasons explained above with regard to Fig. 2. However, this implementation may provide a connection as follows.
First, the EM host 125 may determine that a direct connection cannot be made by the client devices. For example, the EM host 125 may determine that the global EP addresses used to establish communications with the EM host 125 do not match the local IP addresses purported to be used by the DM applications of the client devices. The EM host 125 also may determine that direct connection may not be made as a default because all other attempts to establish a communications pathway fail. In either case, the EM host 125 may inform one client device (e.g., client A device 102) that a direct connection may not be established, whether or not it is physically impossible to achieve such a connection.
In this instance, the communications application 115 of client A device 102 may contact the firewall 350 and request that the firewall 350 open a hole. For example, the communications application 115 may request that the firewall 350 create a proxy forward to pass traffic from client B device 104 to client A device 102. The firewall 350 randomly selects a port number and replies to the communication application 115 of client A device 102 with the selected port number and the public IP address of the firewall 350. The selected IP address/port data effectively designate a hole in firewall 350 that may be opened to allow direct communications with client A device 102. The communications application 115 may provide the selected IP address/port data to the E host 125. The LM host 125 sends the selected EP address/port data to the communications application 116 of client B device 104 along with a shared secret. The IM host 125 also provides the EP address of firewall 360 to the communications application 115 of client A device 102 along with the shared secret. The communications application 115 passes the IP address of firewall 360 to firewall 350. Firewall 350 opens the hole only for firewall 360 using the EP address of firewall 360.
The communications application 116 of client B device 104 connects to the specified EP address and port of firewall 350 (through firewall 360). As a result, the traffic from the communications application 116 arriving at the firewall 350 appears to originate from firewall 360, and the traffic is proxied forward to the communications application 115 of client A device 102. The communications application 115 may verify the identity of client B device 104 using the shared secret. Communications applications 115 and 116 may negotiate the details of the communications pathway 130 (e.g., a NPN) and establish the communications pathway 130. Fig. 4 shows a communications system 400 that includes an intranet 410 in which both client A device 102 and client B device 104 are located behind a firewall 450. However, even though the client devices 102 and 104 are behind the firewall 450, the local IP address and port of each client device allow direct communications between the client devices to be established because the local IP address information is recognized by devices within the intranet 410. In this case, a communications pathway 460 may be directly established by the client devices using the infrastructure of the intranet 410 in a manner as described with regard to Fig. 1 above.
The EM user interface may include a feature or setting to allow a user to block one or more users, a group of users, or all users on the user list from establishing a communications pathway. In addition, the EM user interface may include a setting to disable or prohibit the IM application from establishing any communications pathway regardless of whether each of two users includes the other user on their user lists. The EM user interface also may be configured to allow the communication pathway to be established for a specified group of users on the list (e.g., a user category, such as buddies, family, coworkers, and/or gamers).
Fig. 5 shows an exemplary process 500 to establish a communications pathway (e.g., a VPN). Initially, a user A starts an EM session (510). A determination is made as to whether user A is included in the list of user B (515). If not, a VPN is not established (517).
If user A is in the list of user B, a determination is made as to whether user B is in the list of user A (520). If not, a VPN is not established (517).
Optionally, a determination may be made whether automatic VPN connections are enabled (525). If not, a VPN is not established (517). If user B is in the list of user A and the automatic VPN connections are enabled, then an attempt to establish a VPN (530) is made as described below with respect to Fig. 6. If the VPN is established (540), the VPN is maintained until the EM session is over, either client device requests that the VPN be closed, or either client device disconnects from the external network (550). Once the EVI session is finished, the VPN is closed (560).
Fig. 6 shows an exemplary a process 600 for setting up or establishing a communications pathway, such as a VPN. First, the EM host provides information about each client device (e.g., the client's IP address, port, and a shared secret that may be used to authenticate user/client identity) to the client devices (610). After receiving the information, each client may attempt to establish a VPN using the information (615), for example, by contacting the IP address/port provided and offering the shared secret for validation/authentication. If either client device is able to contact the other client device using the information, the VPN may be established as negotiated between the client devices. Upon determining that a VPN was established (620), a determination is made as to whether more than one VPN was established (e.g., both clients were able to contact each other with the information provided and therefore established two VPNs) (630). If more than one VPN was established between the clients, one of the two VPNs is dropped during the negotiations (635).
Upon determining that a VPN was not established (620), one of the client devices (e.g., client A device 102) may contact its firewall to request a proxy forward be created for the other client device (e.g., client B device 104) (640) . The client A device 102 receives a target public IP address and random port number selected by its associated firewall. Client device A sends the target EP/Port information to a host (645). The host returns the public IP address of the firewall of client B device 104 (650). Client device A provides the IP address to its firewall, which opens a hole in the firewall for the firewall of client B (655). The host sends the target IP/port information to the firewall of client B (660). The firewall of client B contacts firewall of client A to establish a VPN (665). If a VPN is not established (670), an error message is generated (675) (e.g., automatic VPN could not be configured).
As shown in Fig. 7, a communications system 700 includes client devices 102 and 104 connected to an external network 110. In addition, peripheral devices 750 and 760 (e.g., a gaming device, such as an X-Box™ or Playstation™) are connected to each client device 110. The peripheral devices 750 and 760 may employ an exploring application to determine whether they are connected to any other peripheral devices. If another gaming device is detected, the gaming devices 750 and 760 may establish a connection using a data exchange protocol.
In the implementation shown in Fig. 7, the local communications applications 115 and 116 on the client devices 102 and 104 may be programmed to mimic the data exchange protocol of the peripheral devices (e.g., to appear as peripheral devices). Client devices 102 and 104 (using the communications application on each client device) may automatically establish a communications pathway (e.g., VPN) as described above. As a result, the peripheral devices 750 and 760 may exchange data (e.g., game data that is used to play a multiplayer/device game) with the communications applications as if the communications application were another peripheral device. The communications application 115 may pass the data to the other communications application 116 using the communications pathway 130. The other communications application 116 passes the data to its connected peripheral device 760. As a result, an automatic (or configurable) communications link may be established between the peripheral devices (e.g., to play a game). To the peripheral devices 750 and 760, it appears as if each device is communicating with another local peripheral device.
User lists such as contact lists also may be useful to infer an implicit trust in other manners and such implicit trust may be used to regulate or otherwise handle/control communications between users. An implicit trust between two entities may be inferred based on the degree of separation between the two entities. The degree of separation between two entities describes a relationship between those entities. For example, the two entities may be linked to one another through other entities or relationships. In this case, an implicit trust may be inferred based on whether the entities are linked, and if so, by how many degrees of separation they are linked. Communications between the linked users may be handled, controlled or regulated based on the implicit trust inferred as a result of them being linked by the other entities or relationships.
User contact lists (e.g., address book, buddy list, and/or white list) may be evaluated to determine whether two entities or users are linked, and if so, the number of degrees (or hops) that are required to link or relate them. For example, recipient A may list user B in recipient A's address book, user B may list user C in user B's address book, and user C may list sender D in user Cs address book. Here, sender D is linked to recipient A by two degrees of separation (with user B as the first degree and user C as the second degree). Recipient A is related to user C by one degree of separation (user B) and user B is separated from sender D by one degree of separation (user C). Recipient A and user B, users B and C, and user C and sender D are each respectively separated by zero degrees of separation.
The connectedness or lack of connectedness may be used, possibly along with the degrees of separation, to aid the handling of communications sent to the recipient by the sender. For instance, handling may be informed based on: (1) whether a sender and a recipient are connected (i.e., the sender and the recipient are known to each other or the sender is known to the recipient); and (2) if they are connected, the number of degrees, hops or intermediaries required to link or relate the sender to the recipient. The following description more fully describes these techniques as applied to e- mail spam filtering. However, the techniques may be applied to other communication media and to other filtering applications.
Fig. 8 illustrates an exemplary networked computing environment 800 that supports e-mail communications and in which spam filtering may be performed. Computer users are distributed geographically and communicate using client systems 810a and 810b. Client systems 810a and 810b are connected to Internet service provider (ISP) networks 820a and 820b, respectively. Clients 810a and 810b maybe connected to the respective ISP networks 820a and 820b through various communication channels such as a modem connected to a telephone line (using, for example, serial line internet protocol (SLIP) or point-to-point protocol (PPP)) or a direct network connection (using, for example, transmission control protocol/internet protocol (TCP/EP)). E-mail servers 830a and 830b also are connected to ISP networks 820a and 820b, respectively. ISP networks 820a and 820b are connected to a global network 840 (e.g., the Internet) such that a device on one ISP network 820a or 820b can communicate with a device on the other ISP network 820a or 820b. For simplicity, only two ISP networks 820a and 820b have been illustrated as connected to Internet 840. However, there may be a large number of such ISP networks connected to Internet 840. Likewise, many e-mail servers and many client systems may be connected to each ISP network. Each of the client systems 810a and 810b and the e-mail servers 830a and 830b may be implemented using, for example, a general-purpose computer capable of responding to and executing instructions in a defined manner, a personal computer, a special-purpose computer, a workstation, a server, a device, a component, or other equipment or some combination thereof capable of responding to and executing instructions. Client systems 810a and 810b and e-mail servers 830a and 830b may receive instructions from, for example, a software application, a program, a piece of code, a device, a computer, a computer system, or a combination thereof, which independently or collectively direct operations. These instructions may take the form of one or more communications programs that facilitate communications between the users of client systems 810a and 810b. Such communications programs may include, for example, e- mail programs, EM programs, file transfer protocol (FTP) programs, or voice-over-EP (VoEP) programs. The instructions may be embodied permanently or temporarily in any type of machine, component, equipment, storage medium, or propagated signal that is capable of being delivered to a client system 810a and 810b or the e-mail servers 830a and 830b.
Each of client systems 810a and 810b and e-mail servers 830a and 830b includes a communications interface (not shown) used by the communications programs to send communications. The communications may include e-mail, audio data, video data, general binary data, or text data (e.g., data encoded in American Standard Code for Information Interchange (ASCII) format).
Examples of ISP networks 820a and 820b include Wide Area Networks (WANs), Local Area Networks (LANs), analog or digital wired and wireless telephone networks (e.g., a Public Switched Telephone Network (PSTN), an Integrated Services Digital Network (ISDN), or a Digital Subscriber Line (xDSL)), or any other wired or wireless network. Networks 820a and 820b may include multiple networks or subnetworks, each of which may include, for example, a wired or wireless data pathway.
Each of e-mail servers 830a and 830b may handle e-mail for thousands or more e- mail users connected to an ISP network 820a or 820b. Each e-mail server may handle e- mail for a single e-mail domain (e.g., aol.com) or for multiple e-mail domains. In addition, each e-mail server may be composed of multiple, interconnected computers working together to provide e-mail service for e-mail users of the corresponding ISP network. An e-mail user, such as a user of client system 810a or 810b, typically has one or more e-mail accounts on an e-mail server 830a or 830b. Each account corresponds to an e-mail address. Each account (otherwise referred to as a user mailbox) may have one or more folders in which e-mail is stored. E-mail sent to one of the e-mail user's e-mail addresses is routed to the corresponding e-mail server 830a or 830b and placed in the account that corresponds to the e-mail address to which the e-mail was sent. The e-mail user then uses, for example, an e-mail client program executing on client system 810a or 810b to retrieve the e-mail from e-mail server 830a or 830b and view the e-mail. The e- mail client program may be, for example, a web browser (in the case of HTML mail), a stand-alone e-mail program, or an e-mail program that is part of an integrated suite of applications.
The e-mail client programs executing on client systems 810a and 810b also may allow one of the users to send e-mail to an e-mail address. For example, the e-mail client program executing on client system 810a may allow the e-mail user of client system 810a (the sender) to compose an e-mail message and address the message to a recipient address, such as an e-mail address of the user of client system 810b. When the sender indicates the e-mail is to be sent to the recipient address, the e-mail client program executing on client system 810a communicates with e-mail server 830a to handle the sending of the e-mail to the recipient address. For an e-mail addressed to an e-mail user of client system 810b, for example, e-mail server 830a sends the e-mail to e-mail server 830b. E-mail server 830b receives the e-mail and places the e-mail in the account that corresponds to the recipient address. The user of client system 810b may then retrieve the e-mail from e-mail server 830b, as described above.
To aid a user in sending e-mails, many e-mail client programs or other programs allow a user to maintain an address book. An address book is a list of the user's contacts along with their contact information. An address book may contain a contact's e-mail address, instant messaging screenname, street address, and/or telephone number(s). The address book may be stored on the client system or on a server, and may be accessed by the client program. Fig. 9 illustrates an exemplary address book 900 that may be displayed to a user of an e-mail client program. Address book 900 includes a list box 910 that contains a list 915 of the user's contacts. Only a single contact, John Smith, is shown in contact list 915, though a contact list may contain multiple entries. When a contact in contact list 915 is selected, the contact's information 925 is shown in a box 920. The information contains, for example, the contact's name, the contact's screenname, and the contact's e-mail address.
In an e-mail environment such as that shown in Fig. 8, a spammer typically uses an e-mail client program to send similar spam e-mails to hundreds, if not thousands, of e- mail recipients. For example, a spammer may target hundreds of recipient e-mail addresses serviced by e-mail server 830b on ISP network 820b, and may maintain the list of targeted recipient addresses as a distribution list. The spammer may use the e-mail client program to compose a spam e-mail and may instruct the e-mail client program to use the distribution list to send the spam e-mail to the recipient addresses. The e-mail then is sent to e-mail server 830b for delivery to the recipient addresses. Filtering traditionally has been used to eliminate or at least reduce some spam e- mail. Filtering may be done on the server-side, e.g. at e-mail server 830b, or on the client-side, e.g. at client 810b. Thus, a spam filter may be located on the server or the client. Wherever located, the spam filter may analyze e-mail coming into the server or client to determine whether any of the e-mail is spam. Once the filter designates a piece of e-mail as spam, the e-mail is treated accordingly. For example, the spam e-mail may be deleted or placed in a specific spam folder.
A spam filter may be implemented using a number of techniques. One technique that has been used is simple text filtering, in which an e-mail's headers and/or the e-mail body is searched for simple text strings or regular expressions and the e-mail is classified as spam based on whether the string or expression is present. Other techniques analyze word or other features of an e-mail to develop a rating or probability measure of the likelihood that the e-mail is spam, and then compare the rating or measure to a classification threshold. If the rating or measure exceeds the threshold, the e-mail is designated as spam. The techniques used to develop the ratings may be, for example, heuristic or Bayesian based.
The spam filter also may employ so-called white lists and/or black lists. A black list is a list of e-mail domains, specific e-mail addresses, or IP addresses that are considered to be a source of spam. Any e-mail received from a blacklisted domain, e- mail address or EP address is designated by the filter as spam.
A white list typically is used to help ensure that legitimate e-mail is delivered to the recipient. Similar to a black list, a white list is a list of e-mail domains, specific e- mail addresses, or EP addresses. The items on a white list, however, generally are considered to be sources of legitimate e-mail. Consequently, any e-mail received from a source on the white list is designated as legitimate e-mail (i.e., non-spam) and exempted from further filtering.
Fig. 10 illustrates an interface 1000 that allows an e-mail client program user to add contacts to a white list, interface 1000 includes a list box 1010 that contains a list of contacts 1015. Interface 1000 also includes an edit box 1020 and "Add" button 1030 for adding additional contacts to list 1015. A radio button 1040 is included in interface 1000 to allow the user to designate list 1015 as a white list (i.e. to allow e-mail from the listed contacts to be delivered without being subjected to spam filtering).
An e-mail sender's degree of separation from a mail recipient also may be used to aid in spam filtering. The "degree of separation" represents a metric used to quantify whether/how the recipient is linked to the sender through intermediary people or other entities. For example, a recipient may know a first user (first degree of separation) and the first user may know a second user (second degree of separation) who knows the sender of an e-mail. In this case, the sender is separated from the recipient by two degrees of separation (i.e., by two intermediate contacts). A level of "trust" or "legitimacy" about a sender's communication can be inferred by looking at whether the sender is linked to a recipient through the recipient's contacts, the recipient's contacts' contacts, or otherwise, with the level of trust typically diminishing as the number of degrees of separation increases. For instance, a system or user may consider a communication based on more degrees of separation between the sender and recipient as less likely to be legitimate or trusted than one with fewer degrees of separation.
In addition, an increased level of trust may be inferred when sender and recipient and/or one or more of the users or entities linking the sender and the recipient are bidirectionally linked. That is, when the sender and the intended recipient and/or one or more of the users connected the sender and intended recipient include each other in their respective contact lists, an increased level of trust may be inferred. For instance, recipient A may list user B in recipient As address book, and user B may list user C in user B's address book. An increased level of trust may be inferred, for instance, if user C also includes user B in Cs address book and/or user B also includes user A in B' address book. A trusted list of contacts linked to a user/recipient may be developed for use with a spam filter when filtering. The trusted list may be developed, for example, by evaluating a contact list for the intended recipient that lists the intended recipient's contacts as more fully described below. The contact list may contain communication identifiers related to the type of communication that is received (e.g., a buddy list may be accessed when the type of communication is an instant message, while an address book may be referenced when the type of communication being filtered is an e-mail communication or telephone call), or the contact list may contain communication identifiers related to a different type of communication than the one that is sent (e.g., a buddy list may be accessed when the communication is an e-mail), or a combination of similar and different types of contact lists may be accessed. Further, a single contact list may have both communication identifiers related to the type of communication received and communication identifiers related to a different type of communication than the one received. Whether a contact is linked to an intended recipient may be based on communication identifiers related to the type of communication received or may be based on communication identifiers related to a different type of communication than the one received.
Thus, for example, a contact may be determined as linked to an intended recipient based on an EM screen names. This contact, however, may be placed in a trusted list that is used for e-mail communications. In other words, a contact may be determined to be linked to the intended recipient based on one type of communication, and this link is used for other types of communications. The link based on EM screen names may be determined, for instance, by accessing a buddy list of the intended recipient or by accessing a central contact list that contains e-mail addresses and EM screen names. The trusted list may simply contain a communication identifier (e.g., e-mail address or screenname) for the linked contacts, or the trusted list also may contain the degrees of separation between the user and the linked contacts, depending on how the trusted list is used to facilitate spam filtering. The trusted list also may contain other information about a linked contact. The following is an example of a trusted list that contains a communication identifier and the degrees of separation for each linked contact:
Figure imgf000027_0001
Depending on the spam filtering techniques employed by the spam filter, the trusted list may be used simply as a white list to exempt from spam filtering those e-mails from the linked contacts. Similarly, the trusted list may be used simply as a white list to allow only communications from those entities on the white list to be delivered to the intended recipient, with all other communications being prevented from reaching the intended recipient.
Alternatively, the presence or absence of a sender on the trusted list (and possibly the sender's degrees of separation) may be considered a feature of an e-mail when determining whether the e-mail is spam. For example, for a spam filter that heuristically develops a rating of the likelihood that an e-mail is spam, the presence in the trusted list may decrease the rating, with lower degrees of separation decreasing the rating more than higher degrees of separation. For a Bayesian spam filter, the presence or absence on the trusted list, along with the degrees of separation, may be considered a feature for both training and classification. The degrees of separation may be used with other features of the e-mail to determine a spam rating. The other features may include, for example, origin EP address, origin domain, mime-types contained in the e-mail, sender's address, and specific words in the body of the e-mail. Alternatively, or additionally, e-mail may be treated differently based on the sender's degrees of separation. For example, e-mail whose sender is within 1 to M degrees of separation may be exempted from filtering, e-mail whose sender is within M+l to M+X degrees of separation may be treated as unknown and consequently filtered, and e-mail whose sender is not linked or is linked by a degree of separation greater than M+X may be automatically discarded as spam. Other ways of treating the e-mail are possible, as are other ways of dividing up the relevant degrees of separation. Fig. 11 is a flow chart of a process 1100 for using an e-mail sender's degrees of separation from a mail recipient to aid in spam filtering. A list of contacts is maintained for the recipient (1110). The list of contacts may be any personally maintained list, for example, an address book, a buddy list for instant messaging, and/or a white list. The rest of process 1100 will be described using an address book as an example of a list of contacts.
The contacts in the recipient's address book are added to a trusted list of the recipient (1120). If the trusted list contains, for example, e-mail addresses, but the contact list only contains screennames, then the contacts' e-mail addresses may be looked-up using, for example, a database that correlates information such as a user's e-mail address and EM screennames.
Next, the contacts linked to the recipient (i.e., up to a desired degree of separation) are identified and added to the trusted list. To do so, the address books of each contact in the recipient's address book are accessed (1130). The contacts in the recipient's contacts' address books (i.e., the contacts separated by one degree) then are added to the trusted list (1140). If another degree of separation is desired (1150), the degree of separation is incremented (1160) such that the address books of the contacts that are separated from the recipient by one degree are accessed (1130) and the contacts in those address books are added to the trusted list (1140). When a contact is added to the trusted list, the contact's degree of separation from the recipient also may be added. The addition of contacts continues until the desired degree of separation is reached (1150). Once the desired degree of separation has been reached, the trusted list is input to the spam filter for use in filtering spam (1170).
Process 1100 may be performed before an e-mail is received and the trusted list may be stored for use with the spam filter. Alternatively, process 1100 may be performed whenever an e-mail is received.
Process 1100 may result in the trusted list not being updated when any users related to the intended recipient update their contact lists. That is, if a user related to the intended recipient adds a contact to the user's contact list, the new contact may not be reflected in the intended recipient's trusted list. This situation may not be overly detrimental, particularly in implementations where the trusted list is used as a white list to exempt certain e-mails from spam filtering. However, repeating process 1100 on a periodic or aperiodic basis may mitigate this situation. Another manner of mitigating this situation is to use an update system in which changes to contact lists are tracked and trusted lists are updated accordingly in an incremental fashion or by triggering an update or re-initiation of process 1100 when an update occurs. The alternate process 1200 illustrated in Fig. 12 also may mitigate such a situation.
Fig. 12 is a flow chart of an alternate process 1200 for using a sender's degrees of separation from a mail recipient to aid in spam filtering. When an e-mail is received (1210), the sender's address is retrieved from the e-mail (1220). A search then is performed to determine the sender's degree of separation from the recipient (1230). In one implementation, to perform the search, the contacts in the recipient's address book (i.e., the contacts separated by zero degrees) are searched to determine if the sender is among those contacts. If not, then the address books of one or more contacts in the recipient's address book are accessed and searched to determine if the sender is among those contacts. If the sender is not among those contacts, and another degree of separation is desired, the degree of separation is incremented such that the address books of the contacts that are separated from the recipient by one degree are accessed and searched to determine if the sender is among those contacts. This continues until the desired degree of separation has been reached. At that point, if the sender has not been located, then the sender is not considered to be linked to the recipient. An indication of whether the sender is linked to the intended recipient, and possibly also the sender's degree of separation from the intended recipient, are input to a spam filter for use in determining whether the e-mail is spam (1240). Process 1100 or process 1200 may be implemented by the server, by the client, or by a combination of both.
The contact lists of the users may be stored centrally or in a distributed fashion. For example, the techniques may be applied to an environment in which all of the users' contact lists are stored on a single server (completely centralized), or on a single cluster of servers owned by the same e-mail service provider (partially centralized/distributed).
The contact lists may be stored in a more fully distributed fashion by being stored on different servers owned by different e-mail service providers (which may or may not adopt a standardized protocol for sharing information such as contact lists), or by being stored on each client system (i.e., each user's contact list is stored on the user's client system). If the contact lists are stored on the client (e.g., a client running Microsoft Outlook), the accessing and searching of the contacts' address books or other contact lists may be performed using peer-to-peer techniques. When contact lists are stored on the clients, privacy and security measures may be implemented, such as hashing the trusted list or otherwise making it unreadable to the user, so that the user can not determine who is listed in his or her contacts' lists or otherwise have access to someone's contact information that has not been specifically given to the user. For example, if a recipient has only one contact in his or her contact list and only one degree of separation is used, then the recipient may be able to discern who that single contact has on his or her contact list. Making the trusted list unreadable to its "owner" may eliminate this potential issue. In a distributed environment in which different contact lists are maintained on servers of different providers, a trusted group model may be implemented to allow access to the different contact lists, as needed, to develop the degrees of separation between a recipient and a sender. For example, if the user of client system 110b has an account on e-mail server 130b and the user's address book is maintained on server 130b, the user's address book (or the user's contacts' address books) may include contacts with address books maintained on a server owned by a different provider, such as, for example, server 130a. Generally, the provider of server 130a would not allow outside parties to access the contact lists of its users. To implement the foregoing techniques, however, a trusted group model may be developed that allows server 130b to access the address books or other contact lists of the users whose accounts are maintained on server 130a. In this way, server 130b may be able to determine the linked contacts, even if some of the contact lists are on server 130a. Thus, for instance, e-mail service providers such as America Online (AOL) and Hotmail may cooperate to allow access to users' contact lists so as to increase the effectiveness of the foregoing techniques. Also, for example, two corporations, each running an e-mail server (e.g., a Microsoft Exchange server), a corporation and an ISP, or any two e-mail service providers may cooperate to allow access to users' contact lists.
Regardless of whether a client-side or server-side implementation is used, for some implementations the foregoing techniques may be limited out of privacy or security concerns similar to those described above with regard to storing the contact lists at the client. For example, if a recipient has only one contact in his or her contact list and only one degree of separation is used, then the recipient may be able to discern who that single contact has on his or her contact list if restrictions are not applied. The use of the foregoing techniques may be limited such that the techniques are not performed when the number of contacts in a recipient's contact list is below a predetermined number. Also, there may be a requirement that a minimum number of degrees of separation are searched. Other limitations may include limiting a user's ability to perceive his or her trusted list. Preventing the user's ability to perceive or access the trusted list may be accomplished by preventing the display of the trusted list, storing the trusted list remote from the user, or, as described above, storing the trusted list as a hash. The foregoing techniques also may be limited such that a contact list is not used when the contact list does not contain the recipient. In other words, the contact lists of users who do not include the recipient are not used to determine contacts at the next level of separation. For example, if user A is a mail recipient, a user B that is in user A's address book may be indicated as a linked user. When user B's address book contains user A, user B's address book is used for the, next degree of separation, which results in a user C (who is in user B's address book) as being linked to user A. However, because user Cs address book does not contain user A, user Cs address book is not used when a search is done for the next degree of separation.
The techniques are described as being applied to e-mail spam filtering. However, the techniques may be used for spam filtering of communications in other communication media, including both text and non-text media. For example, the techniques may be applied to instant messaging. In such an environment, an instant messaging buddy list or an address book may be used as the contact list, and the trusted list may contain the screennames of linked contacts. The trusted list may be input into a spam filter that prevents spam instant messages. Another example of an environment in which the foregoing techniques may be implemented is short messaging service (SMS) communications used in cell phones. In this case, a phone book for the cell phone may be used as the contact list. As another example, these techniques may be used to filter telephone calls based on a user's contact list, such as a personal phone book or an address book, particularly if the telephone calls are carried over packet networks such as the Internet. The above techniques also may be extended to apply to the general handling, classification, or filtering of communications. For example, a recipient may want messages from senders who are linked to the recipient to be classified as important, while other messages are classified as low priority. Similarly, a Bayesian classifier may be used to classify received e-mail into classes other than spam. The Bayesian classifier may be trained with a set of e-mail that includes information about whether a sender of the e-mail is linked to the recipient and, if so, by how many degrees. The Bayesian classifier then may use the information when classifying an unknown e-mail.
As another example of general handling of communications, the handling in an instant messaging implementation (or other implementations) may include bypassing or invoking a "knock-knock" interface. At times, when a sender sends an intended recipient an instant message, instead of receiving the instant message right away, the intended recipient's instant messaging program invokes a "knock-knock" interface. The interface typically informs the intended recipient that the sender is trying to instant message him or her, identifies the sender (e.g., by displaying the screen name of the sender), and provides the intended recipient with an option of accepting the message. If the intended recipient indicates that he or she wishes to accept the instant message, it is delivered to the intended recipient and displayed to the intended recipient. On the other hand, if the intended recipient indicates he or she would not like to receive the message, the message is not provided to the intended recipient and, for example, may be discarded. In some implementations, the sender also is placed on a block list when the intended recipient indicates he or she does not want to receive an instant message from the sender. The block list is used to prevent further instant message communications from users on the block list without bothering the intended recipient, i.e., instant messages from users on the block list are automatically ignored without asking the intended recipient whether he or she wants to receive them.
The trusted list may be used to determine when to invoke a knock-knock interface. To do so, whether a knock-knock interface is invoked may depend on the number of degrees of separation between the sender and the intended recipient. In one implementation, instant messages from senders less than or equal to n degrees away from the intended recipient are provided to the intended recipient automatically without a knock-knock interface being invoked, while a knock-knock interface is invoked for instant messages from senders greater than n degrees away from the intended recipient. Alternatively, instant messages from senders within 1 to M degrees may be provided to the intended recipient without a knock-knock interface being invoked, instant messages from senders within M+l to N degrees may cause a knock-knock to be invoked, while instant messages from senders greater than N degrees away may be automatically discarded without invoking a knock-knock interface or otherwise informing the intended recipient. The above techniques have been described as creating a "trusted" list. However, these techniques could be used to source a "non-trusted" list by adding the black lists (or other lists denoting untrusted senders) of linked contacts to a non-trusted list for the intended recipient, at least up to a threshold degree of separation. The non-trusted list may then, for example, be used as a black list, or may be a factor for spam filtering.
Creating such a non-trusted list may be used in conjunction with developing the trusted list. For example, for each or a subset of the contacts added to the trusted list, the entities on the added contacts' black lists (or other lists denoting untrusted senders) can be placed on the intended recipient's non-trusted list. As another example, when a contact's contact list is accessed and added to the trusted list, the contact's list of untrusted senders also may be accessed and added to the non-trusted list.
Fig. 13 illustrates an exemplary interface 1300 that may be used to allow a user to adjust preferences with regard to the degrees of separation feature. Some implementations may provide a user the ability to decide whether degrees of separation will be used, and, if so, how many degrees should be used. Exemplary interface 1300 includes a text 1305 that explains to the user that the user may decide to have his or her white list populated using degrees of separation and that the user may select how many degrees to use. Text 1305 includes a hyperlinked portion 1310 that, when selected by the user, invokes an interface (not shown) that provides information about degrees of separation.
Interface 1300 also has a check box 1315 that allows a user to select whether degrees of separation should be used to develop his or her white list. When check box 1315 is not checked, degrees of separation will not be used. When check box 1315 is checked, degrees of separation will be used. Interface 1300 additionally has an edit box 1320 that allows a user to select how many degrees will be used to develop the white list. When check box 1315 is not checked, edit box 1320 becomes inactive and is grayed out. When check box 1315 is checked, however, edit box 1320 becomes active and the user is able to enter the number of degrees to be used. An OK button 1325 is available on interface 1300 to allow the user to indicate that the preferences selected in interface 1300 should be saved. A Cancel button 1330 cancels the preferences without saving them.
Other implementations may provide varying levels of user control. For instance, the user may be able to select whether white lists (or other trusted lists) are used, but without any control over whether degrees of separation are used. That is, the system may automatically use degrees of separation when the user chooses to use white lists or other trusted lists. Alternatively, for example, a system may use the white lists or other trusted lists and degrees of separation without providing the user control over either. The techniques described above are not limited to any particular hardware or software configuration. Rather, they may be implemented using hardware, software, or a combination of both. The methods and processes described may be implemented as computer programs that are executed on programmable computers comprising at least one processor and at least one data storage system. The programs may be implemented in a high-level programming language and may also be implemented in assembly or other lower level languages, if desired.
Any such program will typically be stored on a computer-usable storage medium or device (e.g., CD-Rom, RAM, or magnetic disk). When read into the processor of the computer and executed, the instructions of the program cause the programmable computer to carry out the various operations described above.
A number of exemplary implementations have been described. Nevertheless, it is understood that various modifications may be made. For example, suitable results may be achieved if the steps of the disclosed techniques are performed in a different order and/or if components in a disclosed architecture, device, or circuit are combined in a different manner and/or replaced or supplemented by other components. Accordingly, other implementations are within the scope of the following claims.

Claims

WHAT IS CLAIMED IS:
1. A method comprising: determining that a first user is included on a user list associated with a communications application of a second user; determining that the second user is included on a user list of a communications application associated with the first user; and regulating a communications pathway between a first client device associated with the first user and a second client device associated with the second user based on the determination that the first user is included on a user list associated with a communications application of the second user and the determination that the second user is included on a user list of a communications application associated with the first user.
2. The method of claim 1 wherein establishing the communications pathway includes establishing a virtual private network.
3. The method of claim 1 wherein the communications application is an instant messaging application such that determining that the first and second users are included on user lists includes accessing the instant messaging application.
4. The method of claim 1 wherein establishing the communications pathway includes providing an Internet protocol address of the first client device to the second client device.
5. The method of claim 4 wherein establishing the communications pathway includes providing an Internet protocol address of the second client device to the first client device.
6. The method of claim 5 wherein establishing the communications pathway includes: providing a shared secret to the first and second client devices, sending a communication to the Internet protocol address of the second client device, the communication including the shared secret, and validating the identity of the first client device based on the shared secret included in the communication.
7. The method of claim 1 further comprising sending an initial message from the first client device to the second client device, wherein establishing the communications pathway includes determining that a source Internet protocol address for the message received from the first client device is different from the Internet protocol address of the first client device.
8. The method of claim 7 further comprising determining that the source Internet protocol address of the message received from the first client device is a global Internet protocol address, and the Internet protocol address of the first client device is a local Internet protocol address.
9. The method of claim 7 wherein establishing the communications pathway includes providing the Internet protocol address of the second client device to the first client device, providing a shared secret to the first and second client devices, sending a communication including the shared secret to the Internet protocol address of the second client device, and validating the identity of the first client device using the shared secret.
10. The method of claim 1 wherein establishing the communications pathway includes establishing a hole in a firewall associated with the first client device for an Internet protocol address associated with the second client device.
11. The method of claim 10 further comprising determining that a direct communications pathway between the first client device and the second client device may not be established.
12. The method of claim 10 wherein establishing the hole includes: requesting creation of a proxy forward, selecting a port number of the firewall, providing the port number and Internet protocol address of the firewall to the second client device, and establishing the proxy forward for the Internet protocol address associated with the second client device.
13. The method of claim 12 wherein establishing the communications pathway further includes: providing a shared secret to the first and second client devices, contacting by the second client device the Internet protocol address associated with the firewall, presenting the shared secret, validating the identity of the second client device using the shared secret, and establishing the communications pathway.
14. The method of claim 13 wherein requesting the proxy forward includes: selecting a target Internet protocol address and a port number of the firewall associated with the first client device, providing the target Internet protocol address to a host, sending the target Internet protocol address from the host to the second client device, sending an Internet protocol address associated with the second client device to the host, providing the Internet protocol address associated with the second client device to the firewall associated with the first client device, and enabling the proxy forward for the Internet protocol address associated with the second client device.
15. The method of claim 14 wherein providing the Internet protocol address associated with the second client device includes providing the Internet protocol address of a firewall associated with the second client device.
16. The method of claim 15 wherein establishing the communications pathway includes receiving a contact from the firewall associated with the second client device at the target Internet protocol address and port number of the firewall associated with the first client device.
17. The method of claim 1 wherein determining that the first user is included in the user list of a communications application of a second user includes determining if a screen name associated with the first user is included in the user list of the second user.
18. The method of claim 17 wherein determining that the second user is included in the user list of the communications application of the first user determining if a screen name associated with the second user is included in the user list of the first user.
19. A communications system comprising: a first client device associated with a first user and including a communications application; a second client associated with a second user and including the communications application; and a host to determine that the first user is included on a user list of the communications application of the second client device, and to determine that the second user is included on a user list of the communications application of the first client device, and to establish a communications pathway between the first client device and the second client device based on the determinations of the host based on the determination that the first user is included on a user list associated with a communications application of the second user and the determination that the second user is included on a user list of a communications application associated with the first user.
20. The system of claim 19 wherein the communications pathway comprises a virtual private network.
21. The system of claim 20 wherein the host is configured to provide an Internet protocol address of the first client device to the second client device.
22. The system of claim 21 wherein the host is configured to provide an Internet protocol address of the second client device to the first client device.
23. The system of claim 22 wherein the host is configured to provide a shared secret to the first and second client devices, the first client device is configured to contact the Intemet protocol address of the second client device and present the shared secret, and the second client device is configured to validate the identity of the first client device based on the shared secret.
24. The system of claim 19 wherein the first client device is configured to send a message to the second client device using the communications application and the host is configured to receive the message and to determine that the Internet protocol address of the message is different from the Internet protocol address of the first client device.
25. The system of claim 24 wherein Internet protocol address of the message is a global Internet protocol address and the Internet protocol address of the first client device is a local Internet protocol address.
26. The system of claim 24 wherein the host is configured to provide the Internet protocol address of the second client device to the first client device and to provide a shared secret to the first and second client devices, the first client device is configured to contact the Internet protocol address of the second client device and present the shared secret, and the second client device is configured to validate the identity of the first user device.
27. The system of claim 19 wherein the host is configured to determine a direct communications pathway between first client device and the second client device may not be established.
28. The system of claim 27 wherein the first client device is configured to request creation of a hole in a firewall associated with the first device for an Internet protocol address associated with the second device.
29. The system of claim 28 wherein the first device is configured to receive a proxy forward from the firewall in response to the request and a port number and Internet protocol address of the firewall.
30. The system of claim 29 wherein the proxy forward is created for the Internet protocol address associated with the second device.
31. The system of claim 29 wherein the second client device is configured to contact the Internet protocol address associated with the firewall and to present the shared secret, and the first client device is configured to validate the identity of the second client device and to negotiate details of the communications pathway with the second client device.
32. The system of claim 28 wherein the first client device is configured to receive a target Internet protocol address and a port number in response to the request from the firewall, the first client device is configured to provide the target Internet protocol address to the host, the host is configured to provide the target Internet protocol address to the second client device, the second client devices is configured to send an EP address associated with the second client device to the host, the host is configured to provide the Internet protocol address associated with the second IP device to the firewall, and the first client device is configured to receive the proxy forward for the Enternet protocol address associated with the second client device.
33. The system of claim 32 wherein the Internet protocol address associated with the second device is an IP address of a firewall associated with the second client device.
34. The system of claim 33 wherein the second client device is configured through its associated firewall to contact the firewall associated with the first client device at the target Internet protocol address and port number to establish the communications pathway.
35. The system of claim 19 wherein the host is configured to determine that a screen name associated with the first user is included in the user list of the second user.
36. The system of claim 19 wherein the host is configured to determine that a screen name of the second user is included on the user list of the first user.
37. The system of claim 19 wherein the communications application is an instant messaging application.
38. The system of claim 19 wherein the first client device include an interface to receive gaming device signals, the second client device includes an interface to receive gaming device signals, and the communications pathway is configured to exchange the gaming device signals.
39. A host system comprising: an interface to receive a communication from a first client device associated with a first user and to transmit a communication to a second client device associated with a second user; storage to store a user list associated with the first user and to store a user list associated with the second user; and a host to determine an identifier of the first user and an identifier of the second user associated with a received message, to determine if the first user list includes the second user identifier, to determine if the second user list includes the first user identifier, and to facilitate establishing a communications pathway between the first and second client devices when the second user identifier is included on the first user list and the first user identifier is included on the second user list.
40. The system of claim 39 wherein the communications pathway is a virtual private network.
41. The system of claim 39 wherein the host is configured to provide an Internet protocol address of the first client device to the second client device.
42. The system of claim 41 wherein the host is configured to provide an Internet protocol address of the second client device to the first client device.
43. The system of claim 42 wherein the host is configured to provide a shared secret to the first and second client devices to provide for validation of the identities of the first and second client devices.
44. The system of claim 39 wherein the host is configured to determine that the Intemet protocol address of the message is different from the Internet protocol address of the first client device.
45. The system of claim 44 wherein the Internet protocol address of the message is a global Intemet protocol address and the Internet protocol address of the first client device is a local Internet protocol address.
46. The system of claim 45 wherein the host is configured to determine a direct communications pathway between fist client device and the second client device may not be established.
47. The system of claim 46 wherein the host is configured to receive a communication from the first client device including a target Internet protocol address and a port number of a firewall associated with the first client device, to provide the target Internet protocol address to the second client device, to receive an Internet protocol address associated with the second client device, and provide the second user Internet protocol address to the first client device to enable creation of a proxy forward to first client device for the second client device Internet protocol address.
48. The system of claim 47 wherein the second client device Internet protocol address is an Internet protocol address of a firewall associated with the second client device.
49. The system of claim 39 wherein the identifiers of the first and second users are screen names.
50. The system of claim 39 wherein the host is configured to provide the Internet protocol address of the second client device to the first client device and to provide a shared secret to the first and second client devices to facilitate establishing the communications pathway.
51. The system of claim 39 wherein the host is configured to determine a direct communications pathway between first client device and the second client device may not be established.
52. The system of claim 51 wherein the host is configured to receive a communication from the first client device including a target Enternet protocol address and a port number of a firewall associated with the first client device, to provide the target Internet protocol address to the second client device, to receive an Internet protocol address associated with the second client device, and to provide the second client device Intemet protocol address to the first client device to enable creation of a proxy forward to first client device for the second client device Internet protocol address.
53. The system of claim 52 wherein the second client device Internet protocol address is an Internet protocol address of a firewall associated with the second client device.
54. A method comprising: determining that a first user is included on a user list associated with a communications application of a second user; determining that the second user is included on a user list of a communications application associated with the first user; and inferring an implicit trust between the first user and the second user based on the determination that the first user is included on a user list associated with a communications application of the second user and the determination that the second user is included on a user list of a communications application associated with the first user.
55. The method of claim 54 further comprising regulating communications between the first user and the second user based on the inferred implicit trust.
56. The method of claim 54 wherein the inferred implicit trust is greater than an implicit trust inferred based only on a determination that the first user is included on a user list associated with a communications application of the second user.
57. A method for handling a communication from a sender to an intended recipient, the method comprising: receiving a communication from a sender, wherein the communication is directed to an intended recipient; identifying the sender of the communication; identifying the intended recipient of the communication; determining whether the sender and the intended recipient are linked by less than a threshold number of degrees of separation; and determining whether the communication is a spam communication based at least in part on whether the sender and the intended recipient are linked by less than the threshold number of degrees of separation.
58. The method of claim 57 wherein determining whether the sender and the intended recipient are linked by less than the threshold number of degrees of separation includes determining whether the sender and the intended recipient are linked by at least one intermediary entity.
59. The method of claim 58 further comprising: determining how many intermediary entities are needed to link the sender
to the intended recipient; and
determining whether the communication is a spam communication based
on how many intermediary entities are needed to link the sender to the intended recipient.
60. The method of claim 58 wherein determining whether the sender is linked to the intended recipient by at least one intermediary entity comprises accessing a contact list of the intended recipient to determine at least one contact on the contact list.
61. The method of claim 60 wherein accessing a contact list of the intended recipient comprises accessing a contact list with communication identifiers related to a different type of communication than the communication from the sender to the intended recipient.
62. The method of claim 60 wherein accessing a contact list of the intended recipient comprising accessing a contact list with communication identifiers related to the type of communication that includes the communication from the sender to the recipient.
63. The method of claim 60 wherein the contact list of the intended recipient comprises an address book.
64. The method of claim 60 wherein the contact list of the intended recipient comprises a buddy list.
65. The method of claim 60 wherein the contact list of the intended recipient comprises a personal phone book.
66. The method of claim 60 wherein the contact list of the intended recipient comprises a white list.
67. The method of claim 58 wherein the communication is an e-mail message.
68. The method of claim 58 wherein the communication is an instant message.
69. The method of claim 58 wherein the communication is an SMS message.
70. The method of claim 58 wherein the communication is a telephone call.
71. The method of claim 58 wherein determining whether the communication is a spam communication further comprises: determining a spam rating for the communication based on whether the sender is linked to the intended recipient by less than a threshold number of degrees of separation; and designating the communication as spam or blocking the communication when the spam rating exceeds a classification threshold.
72. The method of claim 71 further comprising determining how many intermediary entities link the sender to the intended recipient; wherein determining the spam rating further comprises determining the spam rating for the communication based on how many intermediary entities link the sender to the intended recipient.
73. The method of claim 58 further comprising: determining how many intermediary entities link the sender to the intended recipient; exempting the communication from the determination of whether the communication is a spam communication when less than M intermediary entities link the sender to the intended recipient or when greater than M+X entities link the sender to the intended recipient; and wherein determining whether the communication is a spam communication comprises determining whether the communications is a spam communication when between M+l and M+X intermediary entities link the sender and the intended recipient.
74. The method of claim 58 wherein determining whether the sender and the intended recipient are linked by at least one intermediary entity comprises: accessing a contact list of the intended recipient to determine a first contact on the intended recipient's contact list; and accessing a contact list of the first contact to determine a second contact on the first contact's contact list.
75. A computer-usable medium storing a computer program for handling a communication from a sender to an intended recipient, the computer program comprising instructions for causing a computer to: receive a communication from a sender, wherein the communication is directed to an intended recipient identify the sender of the communication; identify the intended recipient of the communication; determine whether the sender and intended recipient are linked by less than a threshold number of degrees of separation; and determine whether the communication is a spam communication based at least in part on whether the sender and intended recipient are linked by less than a threshold number of degrees of separation.
76. The medium of claim 75 wherein, to determine whether the sender and intended recipient are linked by less than a threshold number of degrees of separation, the program comprises instmctions for causing the computer to determine whether the sender and the intended recipient are linked by at least one intermediary entity.
77. The medium of claim 76 further comprising instructions for causing the computer to: determine how many intermediary entities are needed to link the sender to the intended recipient; and determine whether the communication is a spam communication based on how many intermediary entities are needed to link the sender to the intended recipient.
78. The medium of claim 76 wherein, to determine whether the sender is linked to the intended recipient by at least one intermediary entity, the computer program comprises instructions for causing a computer to access a contact list of the intended recipient to determine at least one contact on the intended recipient's contact list.
79. The medium of claim 78 wherein, to access a contact list of the intended recipient, the computer program comprises instmctions for causing a computer to access a contact list related to a different type of communication than the communication from the sender to the intended recipient.
80. The medium of claim 78 wherein, to access a contact list of the intended recipient, the computer program comprises instmctions for causing a computer to access a contact list related to the type of communication from the sender.
81. The medium of claim 78 wherein the contact list of the intended recipient comprises an address book.
82. The medium of claim 78 wherein the contact list of the intended recipient comprises a buddy list.
83. The medium of claim 78 wherein the contact list of the intended recipient comprises a personal phone book.
84. The medium of claim 78 wherein the contact list of the intended recipient comprises a white list.
85. The medium of claim 76 wherein the communication is an e-mail message.
86. The medium of claim 76 wherein the communication is an instant message.
87. The medium of claim 76 wherein the communication is an SMS message.
88. The medium of claim 76 wherein the communication is a telephone call.
89. The medium of claim 76 wherein, to determine whether the communication is a spam communication, the computer program comprises instmctions for causing a computer to: determine a spam rating for the communication based on whether the sender is linked to the intended recipient by less than a threshold number of degrees of separation; and designate the communication as spam or blocking the communication when the spam rating exceeds a classification threshold.
90. The medium of claim 89 further comprising instructions for causing a computer to: determine how many intermediary entities link the sender to the intended recipient; and wherein, to determine the spam rating, the computer program comprises instmctions for causing a computer to determine the spam rating for the communication based on how many intermediary entities link the sender to the intended recipient.
91. The medium of claim 76 further comprising instmctions for causing a computer to: determine how many intermediary entities link the sender to the intended recipient; exempt the communication from the determination of whether the communication is a spam communication when less than M intermediary entities link the sender to the intended recipient or when greater than M+X entities link the sender to the intended recipient; and
wherein determining whether the communication is a spam
communication comprises determining whether the communication is a spam
communication when between M+l and M+X intermediary entities link the sender and
the intended recipient.
92. The medium of claim 76 wherein, to determine whether the sender and
intended recipient are linked by at least one intermediary entity, the computer program
comprises instmctions for causing a computer to:
access a contact list of the intended recipient to determine a first contact on
the intended recipient's contact list; and
access a contact list of the first contact to determine a second contact on
the first contact's contact list.
93. An apparatus for handling a communication from a sender to an intended
recipient, the apparatus comprising:
means for receiving a communication from a sender, wherein the
communication is directed to an intended recipient;
means for identifying the sender of the communication;
means for identifying the intended recipient of the communication;
means for determining whether the sender and intended recipient are
linked by less than a threshold number of degrees of separation; and means for determining whether the communication is a spam communication based at least in part on whether the sender and intended recipient are linked by less than a threshold number of degrees of separation.
94. The apparatus of claim 93 wherein the means for determining whether the sender and intended recipient are linked by less than a threshold number of degrees of separation includes means for determining whether the sender and intended recipient are linked by at least one intermediary entity.
95. The apparatus of claim 94 wherein the means for determining whether the sender is linked to the intended recipient comprises means for accessing a contact list of the intended recipient to determine at least one contact on the intended recipient's contact list.
96. A method for handling a communication from a sender to an intended recipient, the method comprising: receiving a communication from a sender, wherein the communication is directed to an intended recipient; identifying the sender of the communication; identifying the intended recipient of the communication; accessing a contact list of the intended recipient that contains communication identifiers related to a different type of communication than the communication from the sender; determining whether the sender and the intended recipient are linked by less than a threshold number of degrees of separation based on the communication identifiers in the contact list that are related to a different type of communication than the communication from the sender; and handling the communication based on whether the sender and the intended recipient are linked by less than the threshold number of degrees of separation.
97. The method of claim 96 wherein determining whether the sender and the intended recipient are linked by less than the threshold number of degrees of separation includes determining whether the sender and the intended recipient are linked by at least one intermediary entity based on the contact list.
98. The method of claim 97 wherein the communication is an e-mail message and the communication identifiers in the contact list relate to a communication type other than e-mail messages.
99. The method of claim 97 wherein the communication is an instant message and the communication identifiers in the contact list relate to a communication type other than instant messages.
100. The method of claim 97 wherein the communication is an SMS message and the communication identifiers in the contact list relate to a communication type other than SMS messages.
101. The method of claim 97 wherein the communication is a telephone call and the communication identifiers in the contact list relate to a communication type other than telephone calls.
102. The method of claim 97 further comprising: determining how many intermediary entities are needed to link the sender to the intended recipient; and determining whether the communication is a spam communication based on how many intermediary entities are needed to link the sender to the intended recipient.
103. The method of claim 96 wherein the contact list of the intended recipient comprises an address book.
104. The method of claim 96 wherein the contact list of the intended recipient comprises a buddy list.
105. The method of claim 96 wherein the contact list of the intended recipient comprises a personal phone book.
106. The method of claim 96 wherein the contact list of the intended recipient comprises a white list.
107. The method of claim 97 wherein handling the communication comprises using whether the sender and the intended recipient are linked by less than a threshold number of degrees of separation to determine if the communication is spam.
108. The method of claim 97 wherein handling the communication further comprises exempting the communication from filtering if the sender is linked to the intended recipient.
109. The method of claim 97 wherein handling the communication further comprises: determining a spam rating for the communication based on whether the sender is linked to the intended recipient by less than a threshold number of degrees of separation; and designating the communication as spam or blocking the communication when the spam rating exceeds a classification threshold.
110. The method of claim 109 further comprising determining how many intermediary entities link the sender to the intended recipient; wherein determining the spam rating further comprises determining the spam rating for the communication based on how many intermediary entities link the sender to the intended recipient.
111. The method of claim 97 further comprising determining how many intermediary entities link the sender to the intended recipient; wherein handling the communication comprises handling the communication differently based on how many intermediary entities link the sender to the intended recipient.
112. The method of claim 111 wherein handling the communication differently comprises: exempting the communication from filtering if less than M intermediary entities link the sender to the intended recipient; subjecting the communication to filtering if between M+l and M+X intermediary entities link the sender to the intended recipient; and discarding the communication if greater than M+X entities link the sender to the intended recipient.
113. The method of claim 97 wherein determining whether the sender and the intended recipient are linked by at least one intermediary entity comprises: determining a first contact on the contact list of the intended recipient; and accessing a contact list of the first contact to determine a second contact on the first contact's contact list.
114. The method of claim 96 wherein handling the communication includes invoking a knock-knock interface when the sender and the intended recipient are not linked by less than the threshold number of degrees of separation.
115. The method of claim 114 wherein the communication is an instant message.
116. A computer-usable medium storing a computer program for handling a communication from a sender to an intended recipient, the computer program comprising instmctions for causing a computer to: receive a communication from a sender, wherein the communication is directed to an intended recipient; identify the sender of the communication; identify the intended recipient of the communication; access a contact list of the intended recipient that contains communication identifiers related to a different type of communication than the communication from the sender; determine whether the sender and the intended recipient are linked by less than a threshold number of degrees of separation based on the communication identifiers in the contact list that are related to a different type of communication than the communication from the sender; and handle the communication based on whether the sender and the intended recipient are linked by less than the threshold number of degrees of separation.
117. The medium of claim 116 wherein, to determine whether the sender and the intended recipient are linked by less than the threshold number of degrees of separation, the computer program comprises instmctions for causing a computer to determining whether the sender and the intended recipient are linked by at least one intermediary entity based on the contact list.
118. The medium of claim 117 wherein the communication is an e-mail message and the communication identifiers in the contact list relate to a communication type other than e-mail messages.
119. The medium of claim 117 wherein the communication is an instant message and the communication identifiers in the contact list relate to a communication type other than instant messages.
120. The medium of claim 117 wherein the communication is an SMS message and the communication identifiers in the contact list relate to a communication type other than SMS messages.
121. The medium of claim 117 wherein the communication is a telephone call and the communication identifiers in the contact list relate to a communication type other than telephone calls.
122. The medium of claim 117 wherein the computer program further comprises instmctions for causing a computer to: determine how many intermediary entities are needed to link the sender to the intended recipient; and determine whether the communication is a spam communication based on how many intermediary entities are needed to link the sender to the intended recipient.
123. The medium of claim 116 wherein the contact list of the intended recipient comprises an address book.
124. The medium of claim 116 wherein the contact list of the intended recipient comprises a buddy list.
125. The medium of claim 116 wherein the contact list of the intended recipient comprises a personal phone book.
126. The medium of claim 116 wherein the contact list of the intended recipient comprises a white list.
127. The medium of claim 117 wherein, to handle the communication, the computer program comprises instmctions for causing a computer to use whether the sender and the intended recipient are linked by less than a threshold number of degrees of separation to determine if the communication is spam.
128. The medium of claim 117 wherein, to handle the communication, the computer program further comprises instmctions for causing a computer to exempting the communication from filtering if the sender is linked to the intended recipient.
129. The medium of claim 117 wherein, to handle the communication, the computer program further comprises instmctions for causing a computer to: determine a spam rating for the communication based on whether the sender is linked to the intended recipient by less than a threshold number of degrees of separation; and designate the communication as spam or blocking the communication when the spam rating exceeds a classification threshold.
130. The medium of claim 129 wherein the computer program further comprises instmctions for causing a computer to determine how many intermediary entities link the sender to the intended recipient; and to determine the spam rating, the computer program further comprises instmctions for causing a computer to determine the spam rating for the communication based on how many intermediary entities link the sender to the intended recipient.
131. The medium of claim 117 wherein the computer program further comprises instmctions for causing a computer to determine how many intermediary entities link the sender to the intended recipient; wherein, to handle the communication, the computer program further comprises instmctions for causing a computer to handle the communication differently based on how many intermediary entities link the sender to the intended recipient.
132. The medium of claim 131 wherein, to handle the communication differently, the computer program further comprises instmctions for causing a computer to: exempt the communication from filtering if less than M intermediary entities link the sender to the intended recipient; subject the communication to filtering if between M+l and M+X intermediary entities link the sender to the intended recipient; and discard the communication if greater than M+X entities link the sender to the intended recipient.
133. The medium of claim 117 wherein, to determine whether the sender and the intended recipient are linked by at least one intermediary entity, the computer program further comprises instmctions for causing a computer to: determine a first contact on the contact list of the intended recipient; and access a contact list of the first contact to determine a second contact on the first contact's contact list.
134. The medium of claim 116 wherein, to handle the communication, the computer program further comprises instmctions for causing a computer to invoke a knock-knock interface when the sender and the intended recipient are not linked by less than the threshold number of degrees of separation.
135. The medium of claim 134 wherein the communication is an instant message.
136. An apparatus for handling a communication from a sender to an intended recipient, the apparatus comprising: means for receiving a communication from a sender, wherein the communication is directed to an intended recipient; means for identifying the sender of the communication; means for identifying the intended recipient of the communication; means for accessing a contact list of the intended recipient that contains communication identifiers related to a different type of communication than the communication from the sender; means for determining whether the sender and the intended recipient are linked by less than a threshold number of degrees of separation based on the communication identifiers in the contact list that are related to a different type of communication than the communication from the sender; and means for handling the communication based on whether the sender and the intended recipient are linked by less than the threshold number of degrees of separation.
137. The apparatus of claim 136 wherein the means for determining whether the sender and the intended recipient are linked by less than the threshold number of degrees of separation includes means for determining whether the sender and the intended recipient are linked by at least one intermediary entity based on the contact list.
138. The apparatus of claim 137 wherein the communication is an e-mail message and the communication identifiers in the contact list relate to a communication type other than e-mail messages.
139. The apparatus of claim 137 wherein the communication is an instant message and the communication identifiers in the contact list relate to a communication type other than instant messages.
140. The apparatus of claim 137 wherein the communication is an SMS message and the communication identifiers in the contact list relate to a communication type other than SMS messages.
141. The apparatus of claim 137 wherein the communication is a telephone call and the communication identifiers in the contact list relate to a communication type other than telephone calls.
142. A method for handling a communication from a sender to an intended recipient, the method comprising: receiving a communication from a sender, wherein the communication is directed to an intended recipient; identifying the sender of the communication; identifying the intended recipient of the communication; determining whether the sender and the intended recipient are linked by less than a threshold number of degrees of separation; and displaying an interface to the sender prior to displaying the communication to the sender when the sender and the intended recipient are not linked by less than the threshold number of degrees of separation, wherein the interface comprises an interface element that allows the intended recipient to indicate that the communication should be displayed.
143. The method of claim 142 wherein the interface informs the intended recipient that the sender has sent a communication to the intended recipient.
144. The method of claim 142 wherein the interface displays to the intended recipient an identifier of the sender.
145. The method of claim 142 further comprising displaying the communication when the intended recipient uses the interface element to indicate that the communication should be displayed.
146. The method of claim 142 wherein determining whether the sender and the intended recipient are linked by less than the threshold number of degrees of separation includes determining whether the sender and the intended recipient are linked by at least one intermediary entity.
147. The method of claim 146 wherein determining whether the sender is linked to the intended recipient by at least one intermediary entity comprises accessing a contact list of the intended recipient to determine at least one contact on the contact list.
148. The method of claim 147 wherein accessing a contact list of the intended recipient comprises accessing a contact list that contains communication identifiers related to a different type of communication than the communication from the sender to the intended recipient.
149. The method of claim 147 wherein accessing a contact list of the intended recipient comprising accessing a contact list that contains communication identifiers related to the type of communication that includes the communication from the sender to the recipient.
150. The method of claim 147 wherein the contact list of the intended recipient comprises an address book.
151. The method of claim 147 wherein the contact list of the intended recipient comprises a buddy list.
152. The method of claim 147 wherein the contact list of the intended recipient comprises a personal phone book.
153. The method of claim 147 wherein the contact list of the intended recipient comprises a white list.
154. The method of claim 146 wherein the communication is an e-mail message.
155. The method of claim 146 wherein the communication is an instant message.
156. The method of claim 146 wherein the communication is an SMS message.
157. The method of claim 146 wherein the communication is a telephone call.
158. The method of claim 146 wherein determining whether the sender and the intended recipient are linked by at least one intermediary entity comprises: accessing a contact list of the intended recipient to determine a first contact on the intended recipient's contact list; and accessing a contact list of the first contact to determine a second contact on the first contact's contact list.
159. A computer-usable medium storing a computer program for handling a communication from a sender to an intended recipient, the computer program comprising instmctions for causing a computer to: receive a communication from a sender, wherein the communication is directed to an intended recipient; identify the sender of the communication; identify the intended recipient of the communication; determine whether the sender and the intended recipient are linked by less than a threshold number of degrees of separation; and display an interface to the sender prior to displaying the communication to the sender when the sender and the intended recipient are not linked by less than the threshold number of degrees of separation, wherein the interface comprises an interface element that allows the intended recipient to indicate that the communication should be displayed.
160. The medium of claim 159 wherein the interface informs the intended recipient that the sender has sent a communication to the intended recipient.
161. The medium of claim 159 wherein the interface displays to the intended recipient an identifier of the sender.
162. The medium of claim 159 further comprising displaying the communication when the intended recipient uses the interface element to indicate that the communication should be displayed.
163. The medium of claim 159 wherein, to determine whether the sender and the intended recipient are linked by less than the threshold number of degrees of separation, the computer program further comprises instmctions for causing a computer to determine whether the sender and the intended recipient are linked by at least one intermediary entity.
164. The medium of claim 163 wherein, to determine whether the sender is linked to the intended recipient by at least one intermediary entity, the computer program further comprises instmctions for causing a computer to access a contact list of the intended recipient to determine at least one contact on the contact list.
165. The medium of claim 163 wherein, to access a contact list of the intended recipient, the computer program further comprises instmctions for causing a computer to access a contact list that contains communication identifiers related to a different type of communication than the communication from the sender to the intended recipient.
166. The medium of claim 163 wherein, to access a contact list of the intended recipient, the computer program further comprises instmctions for causing a computer to access a contact list that contains communication identifiers related to the type of communication that includes the communication from the sender to the recipient.
167. The medium of claim 163 wherein the contact list of the intended recipient comprises an address book.
168. The medium of claim 163 wherein the contact list of the intended recipient comprises a buddy list.
169. The medium of claim 163 wherein the contact list of the intended recipient comprises a personal phone book.
170. The medium of claim 163 wherein the contact list of the intended recipient comprises a white list.
171. The medium of claim 162 wherein the communication is an e-mail message.
172. The medium of claim 162 wherein the communication is an instant message.
173. The medium of claim 162 wherein the communication is an SMS message.
174. The medium of claim 162 wherein the communication is a telephone call.
175. The medium of claim 162 wherein, to determine whether the sender and the intended recipient are linked by at least one intermediary entity, the computer program further comprises instmctions for causing a computer to: access a contact list of the intended recipient to determine a first contact on the intended recipient's contact list; and access a contact list of the first contact to determine a second contact on the first contact's contact list.
176. An apparatus for handling a communication from a sender to an intended recipient, the apparatus comprising: means for receiving a communication from a sender, wherein the communication is directed to an intended recipient; means for identifying the sender of the communication; means for identifying the intended recipient of the communication; means for determining whether the sender and the intended recipient are linked by less than a threshold number of degrees of separation; and means for displaying an interface to the sender prior to displaying the communication to the sender when the sender and the intended recipient are not linked by less than the threshold number of degrees of separation, wherein the interface comprises an interface element that allows the intended recipient to indicate that the communication should be displayed.
177. The apparatus of claim 176 wherein the interface informs the intended recipient that the sender has sent a communication to the intended recipient.
178. The apparatus of claim 176 wherein the interface displays to the intended recipient an identifier of the sender.
179. The apparatus of claim 176 further comprising displaying the communication when the intended recipient uses the interface element to indicate that the communication should be displayed.
PCT/US2003/041499 2002-12-31 2003-12-30 Implicit access for communications pathway WO2004061611A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003300029A AU2003300029A1 (en) 2002-12-31 2003-12-30 Implicit access for communications pathway

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
US10/334,142 2002-12-31
US10/334,142 US7263614B2 (en) 2002-12-31 2002-12-31 Implicit access for communications pathway
US45927203P 2003-04-02 2003-04-02
US60/459,272 2003-04-02
US10/746,232 2003-12-29
US10/746,230 US7945674B2 (en) 2003-04-02 2003-12-29 Degrees of separation for handling communications
US10/746,232 US7949759B2 (en) 2003-04-02 2003-12-29 Degrees of separation for handling communications
US10/746,230 2003-12-29

Publications (2)

Publication Number Publication Date
WO2004061611A2 true WO2004061611A2 (en) 2004-07-22
WO2004061611A3 WO2004061611A3 (en) 2005-01-06

Family

ID=33556613

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2003/041499 WO2004061611A2 (en) 2002-12-31 2003-12-30 Implicit access for communications pathway

Country Status (2)

Country Link
AU (1) AU2003300029A1 (en)
WO (1) WO2004061611A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2666099A4 (en) * 2011-01-17 2017-02-15 Alibaba Group Holding Limited System and method for transmitting and filtering instant messaging information
US9787789B2 (en) 2013-01-16 2017-10-10 Alibaba Group Holding Limited Method, device and system for pushing information

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020055975A1 (en) * 2000-11-08 2002-05-09 Yevgeniy Petrovykh Method and apparatus for intelligent routing of instant messaging presence protocol (IMPP) events among a group of customer service representatives
US20020083136A1 (en) * 2000-12-22 2002-06-27 Whitten William B. Method of authorizing receipt of instant messages by a recipient user
US20020086732A1 (en) * 2000-07-03 2002-07-04 Yahoo! Inc. Game server for use in connection with a messenger server

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020086732A1 (en) * 2000-07-03 2002-07-04 Yahoo! Inc. Game server for use in connection with a messenger server
US20020055975A1 (en) * 2000-11-08 2002-05-09 Yevgeniy Petrovykh Method and apparatus for intelligent routing of instant messaging presence protocol (IMPP) events among a group of customer service representatives
US20020083136A1 (en) * 2000-12-22 2002-06-27 Whitten William B. Method of authorizing receipt of instant messages by a recipient user

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
HUDSON GREG: 'Security in the Internet Message and Presence Protocols', [Online] pages 1 - 6, XP002903234 Retrieved from the Internet: <URL:http://www.watersprings.org/pub/id/dra ft-hudson-impp-security-00.txt> *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2666099A4 (en) * 2011-01-17 2017-02-15 Alibaba Group Holding Limited System and method for transmitting and filtering instant messaging information
US9787789B2 (en) 2013-01-16 2017-10-10 Alibaba Group Holding Limited Method, device and system for pushing information
US10419565B2 (en) 2013-01-16 2019-09-17 Alibaba Group Holding Limited Method, device and system for pushing information

Also Published As

Publication number Publication date
WO2004061611A3 (en) 2005-01-06
AU2003300029A1 (en) 2004-07-29
AU2003300029A8 (en) 2004-07-29

Similar Documents

Publication Publication Date Title
USRE48102E1 (en) Implicit population of access control lists
US10972429B2 (en) Electronic message identifier aliasing
US7949759B2 (en) Degrees of separation for handling communications
US9462046B2 (en) Degrees of separation for handling communications
EP1523837B1 (en) Method and system for controlling messages in a communication network
US8271596B1 (en) Apparatus and methods for controlling the transmission of messages
US7249175B1 (en) Method and system for blocking e-mail having a nonexistent sender address
US7600258B2 (en) Methods and systems for detecting and preventing the spread of malware on instant messaging (IM) networks by using fictitious buddies
US7822818B2 (en) Methods and systems for detecting and preventing the spread of malware on instant messaging (IM) networks by using automated IM users
AU782333B2 (en) Electronic message filter having a whitelist database and a quarantining mechanism
US20070006026A1 (en) Methods and systems for detecting and preventing the spread of malware on instant messaging (IM) networks by using Bayesian filtering
US20050044156A1 (en) Verified registry
US20050044154A1 (en) System and method of filtering unwanted electronic mail messages
JP2006216021A (en) Secure safe sender list
US7823200B2 (en) Methods and systems for detecting and preventing the spread of malware on instant messaging (IM) networks by analyzing message traffic patterns
EP2315407A2 (en) Address couplet communication filtering
GB2405234A (en) E-mail message filtering method for excluding spam
US20070250922A1 (en) Integration of social network information and network firewalls
WO2004061611A2 (en) Implicit access for communications pathway
GB2405004A (en) Electronic message filtering

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP