Spam detector giving identification requests

FIELD: physics; computer engineering.

SUBSTANCE: present invention includes an e-mail component and an identification request component. The e-mail component can receive e-mail messages and calculate associated probability that data of the e-mail message are spam. The identification request component sends an identification request to the e-mail message sender having the said probability greater than the first received value. The identification request component corrects the probability that the given e-mail message is spam at least partially based on the response to the identification request. The identification request can be an embedded code, a calculated identification request, an identification request requiring participation of a person, and/or micro-payment requirement.

EFFECT: invention provides detection of spam through identification requests.

31 cl, 13 dwg

 

The scope of the invention

The present invention relates, in General, to electronic mail and, more specifically, to a system and method of using the detection of unsolicited email messages (spam) through the implementation of authentication requests.

Prior art

Electronic communications, in particular transmitted over the Internet by e-mail, not only acquires the rapid spread in public life, but also becomes the preferred mode of information exchange for many individuals and organizations due to the inherent informality, ease of use and low cost.

Unfortunately, as has happened with more traditional forms of information exchange (e.g., regular mail, message and telephone), e-mail recipients increasingly subjected to mass unsolicited mailings. When the explosive development of Internet Commerce, particularly observed in the last few years, a wide and growing variety of representatives of e-Commerce repeatedly performs the sending of unsolicited e-mail messages advertising their goods and services for an ever-expanding set of email recipients. Most consumers who order some comrade is ture or on the contrary, enter into a transaction with a merchant over the Internet, waiting for a similar commercial proposals and actually get them. However, distributors e-mail constantly expand their mailing lists to provide deeper penetration into the society to cover the ever-increasing number of recipients. For example, recipients who simply provide their e-mail addresses in response to may appear harmless requests for information generated by different web sites, and later, after receiving an unsolicited email, often to their dismay to find that they were included in the mailing list e-mail. This inclusion is so that recipients do not have any idea about it, except that they only agreed to the above query. Moreover, as in the case of lists, direct mailing lists, distributor, e-mail often conveys your mailing list through sale, lease or in any other way similar to the distributor and then the subsequent distributors. Subsequently, the e-mail recipients over time find that their mailbox crammed with unsolicited mail, which is the result of what Alicia separate mailing lists supported a wide and growing variety of mass distributors-mail. Despite the fact that there are certain tools that are based on mutual cooperation in the industry direct mail, through which the individual may request that his / her name removed from most lists direct mail, such a mechanism among distributors of e-mail does not exist.

As soon as the recipient finds himself in the mailing list, e-mail, this individual will not easily, if at all will be able to remove its address from it, thereby ensuring that he(she) will be based on this list, and often based on other lists, continue to get unsolicited mail is often in an ever increasing amount. This is simply because the sender or prevents the recipient can identify the sender of this message (for example, by sending mail via the proxy server), and, thus, prevents contact between the recipient and the sender in an attempt to make exceptions to the mailing list, or simply ignores any previously received from the recipient requests for such an exception.

During the year or for a lesser period, the individual can easily get with the no unsolicited e-mail messages. On the contrary, given the simplicity and low cost, thanks to which you can easily share lists by email and distribute e-mail messages among a large number of recipients, separate the email recipient that is included in several mailing lists, you may expect to receive a lot of unsolicited messages for a shorter period of time. Moreover, although many of unsolicited e-mail (for example, suggestions about the service, discounts, or computer support, or invitations to attend conferences or other type) are harmless; others that include pornographic, seditious and obscene material, for many recipients can be highly offensive.

Unsolicited e-mail in General referred to as “spam”. Similarly, the task of handling unwanted e-mail messages e-mail recipient should carefully analyze your incoming mail in order to remove spam. Unfortunately, the choice of whether the e-mail message is spam or not, depends strongly on the particular recipient and message content is that for a single recipient is spam, may not be spam to another. Often spread the spruce email prepares the message so so its true contents were not apparent from the subject field of this message, and it became clear just from reading the communication. Therefore, to completely remove the messages from the spam, often before the recipient is the unenviable task of reading each message received by him(her) in any given day, instead of simply viewing their subject fields. Needless to say that such filtering (often manual) can be tedious, time-consuming.

As attempts to automate the task of detecting offensive messages (so-called “raids”) news groups in the field of engineering study approach to the classification of message news groups via text classifier based on rules. Cm. E.Spertus “Smokey: Automatic Recognition of Hostile Messages”, Proceedings of the Conference on Innovative Applications in Artificial Intelligence (ELSE), 1997. In this publication the hallmarks of semantic and syntactic classification of texts for the first time, are determined by the run of the corresponding set of message news groups through the generator tree probabilistic solutions as the training set. In the presence of classifications developed independently for each of these messages to determine whether it is the collisions” or not, the above generator allocates specific distinctive features of the text so that if they are present or absent in the message, he can usually predict whether this message “collisions” or not. Further, those distinctive features that provide the correct prediction of the essence of the message with highest probability are selected for subsequent use. Then to classify an incoming message every sentence of this communication process with the aim of obtaining at the output of the multi-element (for example, consisting of 47 items) vector of distinctive features, each element of which simply means the presence or absence of a distinct hallmark of this proposal. Then the vector of the distinctive features of all proposals considered messages summarize the purpose of obtaining the output vector of characteristics of the message (for all messages). Then the vector of characteristics of the message is evaluated by the relevant rules produced by the generator of a decision tree to assess if there is any combination and number of distinctive features that are present or absent in the entire message, whether the message “collisions” or not. As one example of this is nticeship distinctive signs, the applicant noticed what phrases contain the word “you”modified through a nominal group, such as “you people”, “you”, “you, brawler”likely to be offensive. The exception is the phrase “you guys”, which in use is rarely offensive. Therefore, one of the distinguishing characteristics is whether any of the above phrases. Associate rule is that if such a phrase exists, the proposal is offensive, and the message is a “hit”. Another hallmark is the presence of the words “thank you”, “please” or structures of phrases containing the word “if” (as, for example, in the sentence: “do you want to send me your logo by e-mail”), but not the words “no thanks”. If any of these phrases or words are present (except for the “no thanks”), then the associated rule, which the author calls “the rule of politeness”, categorizes the message as polite and, therefore, are not "collisions". With some exceptions, the rules used in this approach, no matter the location, that is, for the most part they use the same features and operate in the same way, regardless of the recipient receiving the newsletter.

In W.W.Cohen, "Learning Rules that Classify E-mail", 1996 AAAI Spring Symposium on Machine Learning in Information Access, 1996 (hereinafter called publication "Cohen") described in the text classifier e-mail based on rules, which in this case is a special classifier, which includes learning the "rules of recognition of keywords". According to this approach at the input of the system serves a set of e-mail, pre-classified into different categories. Next, on the basis of this set perform training rules to classify incoming e-mail messages in various categories. Although this method does include a training component, which allows you to automatically generate rules, these rules just make distinctions at the level of "Yes/no" to classify e-mail messages in different categories, without providing any measure of confidence in this prediction. Moreover, in this work an actual problem of spam detection is not considered. In this regard, for classifiers based on the rules, is characterized by serious shortcomings that severely limit their practical use when spam is detected. First, the existing system of spam detection to differentiate between legitimate email and spam require polzovatelya design appropriate rules. Most recipients will not burden yourself with worries about the implementation of such tedious tasks. As noted above, the assessment of whether or not a particular e-mail message is spam, can be quite subjective depending on the recipient. What is spam to one recipient to another may not be. Moreover, post non-spam differs greatly from person to person. Therefore, to demonstrate acceptable performance when filtering mostly spam from incoming mail stream, the user must build and program a set of classification rules for based on the rules of the classifier that accurately distinguish between what is spam and what spam is not applicable (legitimate email). The proper operation of the described procedures can be extremely difficult and tedious task, time-consuming, even for knowledgeable computer users with a great experience.

Secondly, the characteristics of e-mail and non-spam, can vary significantly over time; based on the rules of the static classifiers (of course, if the user is not going to constantly change the rules). Accordingly, sends and, carrying out a mass mailing e-mail regularly modify the content of their messages in a constant attempt to prevent (to trick) ensure that recipients initially recognize these messages as spam and then delete these messages without reading them fully. Thus, if the user is not going to constantly design new rules or update existing rules for the purpose of tracking changes in the spam (as data recipients perceive these changes), then over time based on the rules of the classifier becomes more and more inaccurate when conducting for this recipient of the differences between spam and required e-mail (not spam), thereby further reducing the usefulness of the classifier and irritating the user/recipient.

Alternatively, the user may consider the use of methods for learning rules (as described in the publication Cohen) on the basis of already existing spam to adapt over time to changes in the flow of incoming e-mail. Here the problem approach, based on the rules highlighted more clearly. The rules are based on logical expressions; thus, as noted above, the rules simply draw a distinction at the level of "Yes/no" to Semo classification of this e-mail message. Problematically, such rules do not provide any level of confidence in the predictions based on them. Due to the fact that users can specify different tolerances for how aggressive they would like to filter your e-mail in order to remove spam, in an application such as spam detection, classification on the basis of rules becomes very problematic. For example, the conservative, the user can request that the system was highly confident that the message is spam before deleting it, while another user may not be so prudent. Easily like changing the degree of foresight users to embed in based on the rules of the system, such as those described in the publication Cohen, impossible.

The INVENTION

Below is brief summary of the present invention are represented in simplified form to ensure a basic understanding of some aspects of the present invention. This summary is not a comprehensive overview of the present invention. This does not mean that it identifies the key/critical elements of the present invention or covers the subject area of the present invention. His only goal is before is given in simplified form some of the concepts of the present invention as a prelude to a more detailed description, which is presented below.

In the present invention, a system designed to detect unsolicited messages (e.g. electronic mail). This system includes the e-mail and component identification requests. The system can receive messages and associated probability that these messages are spam. Based, at least partially, associated probabilities, the system may send an identification request to the sender of the message. Component e-mail can save messages and the associated probability that these messages are spam. In one of the examples based on the associated probability that the message is spam, e-mail, save with different attributes, such as the folder name. In another example, an email message, with associated probabilities less than or equal to the first threshold value, save in the folder for legitimate e-mail as e-mail, with associated probabilities, large first threshold value, save in the spam folder. In yet another implementation of the present invention, the e-mail message, with associated probabilities, smaller iliauni first threshold value, keep in a folder for legitimate e-mail; e-mail, with associated probabilities, large first threshold value but smaller second threshold value, save in the folder for messages suspected to be spam. The same e-mail messages that have associated probabilities, large second threshold value, save in the spam folder. It should be noted that the first threshold value and/or the second threshold value may be fixed based on user preferences and/or adaptive (e.g., based, at least partially, the available computational resources).

It should be noted that non-probability numbers, such as ratings, calculated auxiliary vector computing machine, neural network, etc. can be used for the same purposes, and that the probability in the General case, in accordance with one aspect of the present invention numeric output of any machine learning algorithm can be used instead of probability. Similarly, some machine learning algorithms such as decision trees, provide information about the categories, and it can also be used instead of the combination of the probability and the threshold value. Component identification requests may send the identification query from which ravital e-mail, with associated probability, most of the first threshold value. For example, the identification request may be based at least in part, on the built-in authentication request code (for example, an alphanumeric code). In response to this authentication request to the sender of the email can be answered by means of this code. In one example system, the sender can be adapted for automatic extraction of the embedded code and response to the identification request. Alternatively and/or additions, the sender may receive an invitation to respond to authentication request (e.g., manually). Use the authentication request based on the embedded code can increase network and/or computing load in the system of the sender of the spam, thereby acting as a deterrent from spamming. It should be noted that the identification request may be any of a variety of suitable types (for example, computed authentication request, authentication request, requiring human intervention, and/or the requirement of microplates). The identification request may be fixed and/or variable. For example, when the associated probability component identification requests can send more complex identification request or Recognizer is the first request, requires more microplates.

Component identification requests can adjust the associated probability that the email message is spam based at least in part, a response to the identification request. For example, after receiving an acceptable (e.g., correct) response to the identification request component identification requests can reduce the associated probability that the email message is spam. In one example, the email message is moved from the folder to the spam folder for legitimate emails. In another embodiment, the implementation of the e-mail message is moved from the folder for messages with suspected spam folder for legitimate emails. After receiving unacceptable (e.g., incorrect) response to the identification request and/or in case of failure to receive a response to the identification request within a certain period of time (for example, 4 hours) component identification requests can increase associated probability that the email message is spam. For example, an e-mail message can be moved from folder for messages with suspected spam in the spam folder.

According to another aspect of the present invention Ave is delivered to the system, which additionally includes a classifier-mail. Classifier-mail receives an e-mail message, determines the associated probability that the email message is spam, and saves e-mail messages and associated probability component in e-mail. Accordingly, the mail classifier analyzes the contents of the message for a given recipient, on the basis of the content for this recipient makes a distinction between spam and legitimate e-mail (spam) and thus classifies each incoming message for this recipient.

In addition and/or alternative e-mail message can be marked with the indicator of the likelihood (probability) that the message is spam; messages assigned to intermediate probability that they are spam, you can move to the folder for messages with suspected spam based on the above likelihood. Based at least in part, information provided by the classifier-mail component identification requests may send an identification request to the sender of the e-mail message, with associated probability, most of the first threshold value.

According to another AC is the object of the present invention is a system, additionally includes folder(s) for spam and folder(s) for legitimate e-mail. The classifier e-mail identifies the associated probability that the email message is spam, and stores the e-mail message in the folder(s) for spam and folder(s) for legitimate e-mail (for example, based on the first threshold value). Incoming email messages are served at the input of the classifier-mail, which, in turn, based on the probability of classifying each of these messages as either legitimate or spam. Message sent or folder(s) for spam or folder(s) for legitimate e-mail based on its classification. Then, the authentication requests may send an identification request to the sender of the messages stored in the folder(s) spam (for example, associated with a probability, most of the first threshold value). Based at least in part, a response to the identification request component identification queries can move are considering the e-mail message from a folder(s) to the spam folder(s) for legitimate e-mail. For example, after receiving an acceptable (e.g., correct) response to the identification request component identification query mo is no move considering the e-mail message from a folder(s) to the spam folder(s) for legitimate e-mail. In addition, after receiving unacceptable (e.g., incorrect) response to the identification request and/or in case of failure to receive a response to the identification request within a certain period of time (for example, 4 hours) component identification requests can delete this e-mail message from a folder(OK) for spam and/or modify the attribute(s) e-mail messages stored in the folder(s) for spam.

According to another aspect of the present invention, the system additionally includes a directory (repository) senders of legitimate email and directory (repository) to send spam. In the directory of legitimate senders of e-mail stored information (e.g., e-mail addresses)associated with senders of legitimate email. To e-mail messages from senders that are identified in the directory of legitimate senders of e-mail, component identification requests in the General case identification query does not issue. Information (e.g. email addresses) can be stored in the directory (repository) senders of legitimate email based on user selection (e.g., by choosing not to send the query to a specific shipper), the user's address book, address, to which uses the user has sent, at least a specified number of e-mail messages, and/or by a component identification requests. In the catalog senders of legitimate email can optionally store the trust level associated with the sender of legitimate e-mail. To e-mail with associated probabilities less than or equal to the associated trust level, component identification query does not issue identification requests, while on the e-mail message, with associated probabilities, large associated trust level, component identification issues requests authentication requests. In the directory (repository) senders of spam stores information (for example, e-mail addresses)associated with senders of spam. Saving information in the directory senders of spam a user can perform and/or component identification requests.

To accomplish the above and related objectives this document describes some illustrative aspects of the present invention in conjunction with the following description and the accompanying drawings. However, these aspects show only some of the many ways that allow you to use the principles of the present invention, when et is m means, what the present invention includes all such aspects and their equivalents. Other advantages and novel features of the present invention become apparent from the following detailed description of the present invention, which is considered together with the drawings.

LIST of FIGURES

Figure 1 is a block diagram corresponding to one of the aspects of the present invention system designed to detect unsolicited e-mail;

figure 2 is a block diagram corresponding to one of the aspects of the present invention system designed to detect unsolicited e-mail;

figure 3 is a block diagram corresponding to one of the aspects of the present invention system designed to detect unsolicited e-mail;

figure 4 is a block diagram corresponding to one of the aspects of the present invention system designed to detect unsolicited e-mail;

figure 5 is a block diagram corresponding to one of the aspects of the present invention system designed to detect unsolicited e-mail;

6 is a block diagram corresponding to one of the aspects of this izobreteny the system, designed to detect unsolicited e-mail;

7 is a block diagram corresponding to one of the aspects of the present invention of a system designed to respond to the identification request;

Fig is a block diagram of an algorithm illustrating corresponding to one of the aspects of the present invention a method designed to detect unsolicited e-mail;

Fig.9 is a block diagram of the algorithm, further illustrating the method according to Fig;

figure 10 is a block diagram of an algorithm illustrating corresponding to one of the aspects of the present invention the method is designed for response to the identification request;

11 is a block diagram of an algorithm illustrating corresponding to one of the aspects of the present invention a method designed to respond to authentication requests;

Fig represents a corresponding one of the aspects of the present invention a sample user interface that is designed to answer many authentication requests;

Fig illustrates an example operating environment in which you can operate the present invention.

DETAILED description of the INVENTION

Below is a description of this is bretania with reference to the drawings, moreover, throughout the descriptions for these items use the same item numbers. In the following description for illustrative purposes set forth numerous specific details to provide a comprehensive understanding of the present invention. However, it may be apparent that the present invention can be used in practice without these specific details. Other examples of well-known structures and devices are shown in the form of block diagrams to facilitate description of the present invention.

Means that is used in this patent application the term "computer component" refers to the object associated with the computer, whether it's hardware, a combination of hardware and software, software, or software that is sung at the moment. For example, a computer component can be a process, executed by the processor, a processor, an object, an executable, a thread of execution, a program and/or computer, but the computer component is not limited to the above. As an illustration, as sung on the server application and the server can be a computer component. One or more computer components may reside within a process and/or thread of execution, and to the ponent can be localized on one computer and/or distributed between two or more computers.

Refer to figure 1, which depicts a corresponding one of the aspects of the present invention, the system 100 is designed to detect unsolicited messages (e.g. electronic mail). The system 100 includes a component 110 e-mail and the component 120 identification requests. The system 100 can receive e-mail and the associated probability that these emails are spam. Based at least in part, referred to the associate probability system 100 may send an identification request to the sender of the e-mail message.

Component 110 e-mail receives and/or stores the e-mail message, receives and/or calculates the associated probability that these emails are spam. For example, the component 110 e-mail can save the information based, at least in part, information received from the mail classifier (not shown). In one of the examples of e-mail messages remain in the component 110 e-mail based on the associated probabilities that these emails are spam. In another example, the component 110 e-mail takes your e-mail address, and calculates the associated Vero is in the surrounding area, these email messages are spam.

Component 120 identification requests may send an identification request to the sender of the e-mail message, with associated probability, most of the first threshold value. For example, the identification request may be based at least in part, on the built-in authentication request code (for example, an alphanumeric code). In response to this authentication request, the sender of an email message, reply with this code. In one example system, a sender (not shown) can be adapted for automatic extraction of the embedded code and response to the identification request. As an alternative and/or Supplement the sender may receive an invitation to respond to authentication request (e.g., manually). Use the authentication request based on the embedded code can increase network and/or computing load in the system of the sender of the spam, thereby acting as a deterrent from spam.

As additions and/or alternatives, the identification request may be computed authentication request, authentication request, requiring human intervention, and/or requirement of microplates. Following such identification requests and re is s such identification requests are considered in more detail. Moreover, the identification request may be fixed and/or variable. For example, when the associated probability component 120 authentication requests can send more complex identification request or identification query that requires more microplates.

For example, the requirement of microplates can optionally use certificates spam a single use. System 100 may impose a "lock" on the certificate received spam. In the case where the user of the system 100 reads the message and marks it as spam, certificate of spam is revoked by the sender will not be able to use this certificate of spam. If the message is not marked as spam, then the lock is removed, thereby allowing the sender to use the certificate of spam again (for example, the sender of the message has not spent money). In an alternative implementation, the certificate of spam when getting always void regardless of whether the message was marked as spam or not.

As for the calculated authentication request, in one embodiment, the implementation of the sender of the authentication request (the receiver of the message can determine what should be computed authentication request. However, in another embodiment, the implementation of the identification request clearly points to is acne determined by some combination of message content, time of receiving or sending messages, the sender of the message and, more importantly, the recipient of the message. For example, the calculated identification request may be based on one-way hashing these values. If the sender of the call (the receiver of the message is allowed to choose the identification request, the distributor spam can use the following method. He subscribes to mailing lists or otherwise, generates a mail on behalf of users. Thus, respondents send messages back to the distributor spam, in which the distribution of spam answers chosen at the discretion of the calculated identification request. In particular, the distribution of spam can choose authentication requests that legitimate users are sent to the distributor spam shortly before that, in response to spam. Some percentage of recipients authentication requests sent by the distribution of spam, allow identification requests, thereby allowing the distribution of spam in the future to respond to authentication requests sent to it. In one implementation options of the calculated call is based on a one-way hashing of the message (including the timestamp and the label of the recipient), making identification nearly now is mportant for the sender or recipient, but gives each of them the opportunity to ensure that the identification request serves its intended purpose.

Component 120 authentication requests can adjust the associated probability that the email message is spam, based at least in part, a response to the identification request. For example, after receiving an acceptable (e.g., correct) response to the identification request component 120 authentication requests can reduce the associated probability that the email message is spam. In one example, the email message is moved from the folder to the spam folder for legitimate emails. In another example, an e-mail message is moved from the folder for messages with suspected spam folder for legitimate emails. In addition, after receiving unacceptable (e.g., incorrect) response to the identification request and/or in case of failure to receive a response to the identification request within a certain period of time (for example, 4 hours) component 120 authentication requests can increase associated probability that the email message is spam. In one implementation options of the offer options to the user identification sabroso is a choice. For example, options identification queries can be based on the filter.

Moreover, instead of storing the e-mail message, the system 100 can "reflect" the message, thereby forcing the sender to send the message again with the response to the identification request.

While figure 1 is a block diagram illustrating components of the system 100, it should be noted that the component 120 identification query can be implemented as one or more computer components in accordance with the definition of this term in the document. Thus, it should be noted that computer executable components suitable for implementing the system 100 and/or the component 120 authentication requests can be stored on a machine-readable storage medium, which is in accordance with the present invention includes a specialized integrated circuit (SYSTEM), compact disc (CD), digital video disc (DVD), a persistent storage device (ROM), a floppy disk, a hard disk drive, electrically erasable programmable ROM (EEPROM), and memory Stick, but not limited to the above.

Refer to figure 2, which depicts a corresponding one of the aspects of the present invention, the system 200 is designed to detect nesap the requested e-mail. The system 200 includes a component 110 e-mail component 120 identification requests and classifier 130-mail. Rough version of the classifier 130-mail address set forth in more detail in pending concurrently with this patent application the application for a U.S. patent on A TECHNIQUE WHICH UTILIZES A PROBABILISTIC CLASSIFIER TO DETECT "JUNK" E-MAIL", which has a number 09/102837 and fully incorporated herein by reference. In one example, the classifier 130-mail receives an e-mail message, determines the associated probability that the email message is spam, and saves e-mail messages and associated probability component 110 e-mail. The classifier 130-mail analyzes the contents of the message for a given recipient, based on the content for the user draws a distinction between spam and legitimate e-mail (spam) and thus classifies each incoming e-mail message for the recipient.

In another example, each incoming e-mail message (in the message flow) first analyzed to assess what distinguishing features from a set of pre-defined distinctive characteristics, particularly those related to the characteristics of spam, contains Dan is the second message. These distinctive features (for example, "the set of distinctive features") include both distinctive features based on simple words, and distinguishing characteristics, developed independently, the latter include, for example, a special phrase of several words, and various distinctive features of e-mail messages, such as discernment, not based on the analysis of words. Generally speaking, these distinctions are not based on the analysis of words, connected together, for example, with certain formatting attributes authorship, delivery and/or exchange of data which, if present in the message, most likely serve as an indicator of spam they are characteristics of spam, reflecting the specifics of a particular domain. As an illustration, the formatting attributes may include such feature as dialed if a predetermined word in the text messages in capital letters, or does the text sequence predefined punctuation. As an illustration, the attributes of delivery may include such indication exists, as does the message the address of the recipient or address multiple recipients, or the time at which it was transferred to the message (mail, sent to the middle of the night, is more likely to be spam). Attributes authorship can the conclude in itself, for example, such indication exists, as does the message with a specific e-mail addresses. As an illustration, attributes, data exchange may include such indication exists, as does the message attached data (message, spam, rarely has an attached data), or whether the message sent by the sender-specific domain type (the majority of spam comes from domains like ".com or .net"). Distinctive features developed independently, can also include words or phrases that are known, for example, as obscene, pornographic, or offensive; or certain punctuation or groups, such as repeated exclamation marks or numbers that are likely to appear in spam. Specific distinctive features, developed independently, usually defined exclusively through the conclusion made by the person, or in combination with empirical analysis of the distinguishing attributes of the messages that are spam.

For each incoming message form the vector of distinctive features, each element of which corresponds to a particular distinctive feature of the mentioned set. This element simply stored binary value that specifies whether the given message is AI corresponding distinctive sign or not. This vector can be stored in sparse format (for example, in the form of a list only positive distinctive features). The contents of this vector serves to input a probabilistic classifier, preferably classifier representing a modified auxiliary vector computing machine (VWM), which is based on distinctive features present or absent in this message, generates a measure of the probability of whether the message is spam or not. Then this measure is compared with a predefined threshold value. If any messages it measure associated probability equal to the threshold value or exceeds it, then the message is classified as spam (for example, remain in the spam folder). Alternatively, if the measure of the probability for this message less than the threshold value, then the message is classified as legitimate (for example, remain in the folder for legitimate mail). The classification result of each message can be stored as a separate field in the above-mentioned vector for this message. Then the contents of the folder for legitimate mail can be displayed by client programs for e-mail (not shown) so as to enable the user to select and view. Keep the spam folder will be displayed by client programs for e-mail only by special request of the user.

Moreover, the classifier 130-mail can be trained using a set of M e-mail (for example, the “training set”, where M is an integer), each of which was manually classified as either legitimate or spam. In particular, each of these messages is analyzed to determine from a relatively large set of n possible distinguishing features (called in this document “the space of the distinctive features”), including distinctive features based on simple words and distinguishing features developed on their own, precisely those N distinctive features (where n and N are both integers and n>N), which should be the set of distinctive features designed for use in the subsequent classification. Namely, to obtain the reduced matrix N×M distinguishing characteristics the size of the matrix (usually sparse), containing the results for the training set for all n distinctive signs, reduced by the application of the law Zipf and joint information described below in the required amount. The resulting N distinctive features form a set of distinctive features, which is used in subsequent classification. Then this matrix and the known classification for each message, and the training set jointly fed to the classifier 130-mail for teaching.

Moreover, even if the recipient manually move a message from one folder to another and, therefore, re-classifies it, for example, brings it from the category of legitimate mail into the category of spam, the contents of any folders or both folders can be used again as a new training set with the aim of re-training and, thus, update the classifier. Such re-training may take place in the re-classification of each message; automatically after it has been re-classification to a certain number of messages; after the expiry of the specified period of use (e.g., several weeks or months); or upon user request. According to the procedure described in the behavior of the classifier can successfully track the changing subjective perceptions and preferences of the particular user. Alternatively, e-mail can be classified in many categories (subclasses) spam (for example, commercial spam, pornographic spam etc). In addition, messages can be classified by categories, corresponding to different degrees of spam ("reliable spam, suspected spam" and "not spam"). Based at least in part, information provided by examining what the op 130-mail component 120 identification requests may send an identification request to the sender of the e-mail message, with associated probability, most of the first threshold value. For example, the identification request may be based, at least in part, on the built-in authentication request code (for example, an alphanumeric code). In response to this authentication request, the sender of an email message, reply with this code. The system of the sender (not shown) can be adapted for automatic extraction of the embedded code and response to the identification request. As an alternative and/or Supplement the sender may receive an invitation to respond to authentication request (e.g., manually). Use the authentication request based on the embedded code can increase network and/or computing load in the system of the sender, thereby acting as a deterrent from spamming. It should be noted that you can use any type of authentication request (for example, computed authentication request, authentication request, requiring human intervention, and/or the requirement of microplates), suitable for implementing the present invention, it is understood that all of these types of authentication requests is adout in the scope of the subject area, defined attached to this document by the claims.

Component 120 authentication requests can adjust the associated probability that the email message is spam, based at least in part, a response to the identification request. For example, after receiving an acceptable (e.g., correct) response to the identification request component 120 authentication requests can reduce the associated probability that the email message is spam.

After receiving unacceptable (e.g., incorrect) response to the identification request and/or in case of failure to receive a response to the identification request within a certain period of time (for example, 4 hours) component 120 authentication requests can increase associated probability that the email message is spam. It should be noted that the classifier 130-mail can be a computer component in accordance with the definition of this term in the document.

Please refer to Fig. 3, which depicts a corresponding one of the aspects of the present invention, the system 300 is designed to detect unsolicited e-mail. The system 300 includes a classifier 310-mail components is NT 320 identification requests the folder(and) 330 for spam and folder(s) 340 for legitimate e-mail. In one implementation options of the folder(and) 330 for spam and/or folder(s) 340 for legitimate e-mail can be virtual, which means storing information associated with the email message (for example, links to e-mail), together with e-mail messages stored somewhere in other place. Or in another implementation, instead of using folders, you can simply set an attribute of the message.

As described above, the classifier 310 e-mail identifies the associated probability that the email message is spam, and stores the e-mail message in the folder(s) 330 spam or folder(s) 340 for legitimate e-mail (for example, based on the first threshold value). Incoming email messages are served at the input of the classifier 310-mail, which, in turn, based on the probability of classifying each message as either legitimate or spam. The e-mail message is sent either to a folder(and) 330 spam or folder(s) 340 for legitimate e-mail based on its classification. Thus, the e-mail message having associated probabilities less than or equal to the first threshold value is, save in the folder(s) 340 for legitimate e-mail as e-mail, with associated probabilities, large first threshold value, save in the folder(s) 330 spam. The first threshold value may be fixed based on user preferences and/or adaptive (e.g., based, at least partially, the available computational resources).

After this component 320 identification requests may send an identification request to the sender of the messages stored in the folder(s) spam (for example, associated with a probability, most of the first threshold value). For example, the identification request may be based at least in part, on the built-in authentication request code, the calculated authentication request, authentication request, requiring human intervention, and/or on demand of microplates. Based at least in part, a response to the identification request component 320 identification queries can move are considering the e-mail message from a folder(OK) 330 spam folder(s) 340 for legitimate e-mail. For example, after receiving an acceptable (e.g., correct) response to the identification request component 320 identification queries can move in question reported the e-mail folder(s) 330 spam folder(s) 340 for legitimate e-mail.

After receiving unacceptable (e.g., incorrect) response to the identification request and/or in case of failure to receive a response to the identification request within a certain period of time (for example, 4 hours) component 320 authentication requests can delete this e-mail message from a folder(OK) 330 for spam and/or modify the attribute(s) e-mail messages stored in the folder(s) 330 spam. For example, in order to attract the user's attention to the increased likelihood that an email message is spam, you can change the attribute(s) display (e.g., color) of the e-mail message.

Next, figure 4 shows a corresponding one of the aspects of the present invention, the system 400 is designed to detect unsolicited e-mail. The system 400 includes a classifier 310-mail component 320 identification queries folder(and) 330 for spam and folder(s) 340 for legitimate e-mail. The system 400 additionally includes a storage 350 legitimate senders of e-mail and/or store 360 senders of spam. In the vault 350 senders of legitimate email is stored information (e.g., e-mail addresses)associated with senders of legitimate email. Messages electr is authorized mail from senders identified in the vault 350 senders of legitimate email component 320 identification requests, in General, authentication requests are not issues. Accordingly, if in one example, a sender of e-mail messages stored in the vault 350 senders of legitimate e-mail, his e-mail messages stored by the classifier 310-mail folder(s) 330 spam, move to the folder(s) 340 for legitimate e-mail.

Information (e.g. email addresses) can be stored in the vault 350 legitimate senders of e-mail based on user selection (e.g., by choosing not to send the query to a specific shipper), the user's address book, address, to which the user has sent at least a specified number of e-mail messages, and/or by component 320 identification requests. For example, as soon as the sender of the e-mail message replied to the identification request, the component 320 identification requests may store information associated with the sender (e.g., email address), in the vault 350 senders of legitimate email.

In the vault 350 senders of legitimate email, you can optionally store the level of trust, the Association is virovanny with the sender of legitimate e-mail. To e-mail with associated probabilities less than or equal to the associated level of trust component 320 identification query identification query does not issue, while on the e-mail message, with associated probabilities, large associated trust level, component 320 identifying query issues identification requests. For example, the trust level may be based, at least in part, on the identification request message having the highest associated probability, had responded to the sender.

In one implementation options of the sender can be removed from the vault 350 senders of legitimate email based, at least in part, the actions of the user (e.g., received from the sender e-mail removed as spam). In accordance with another aspect, the sender can be added to the vault 350 senders of legitimate email after the user sent this one sender e-mail - this can be useful in the case of mailing lists.

Store 360 senders of spam stores information (for example, e-mail addresses)associated with spammers. Save to keep the ische 360 senders of spam a user can perform and/or component 320 identification requests. For example, once the user has deleted some e-mail message as spam, the information associated with the sender of this e-mail message can be stored in the storage 360 senders of spam. In another example, in the storage 360 senders of spam, you can save the information associated with the sender of the e-mail message that incorrectly answered identification request and/or failed to respond to authentication request.

Figure 5 illustrates the corresponding one of the aspects of the present invention a system 500 that is used to detect unsolicited e-mail. The system 500 includes a classifier 510-mail component 520 identification queries folder(s) 530 spam folder(s) 540 for messages with suspected spam and folder(s) 550 for legitimate e-mail. As described above, the classifier 510-mail identifies the associated probability that the email message is spam, and stores the e-mail message in the folder(s) 530 to spam folder(s) 540 for messages with suspected spam or folder(s) 550 for legitimate e-mail. Incoming email messages are served at the input of the classifier 510-mail, which, in turn, based on the probability of classifying each of the messages is either legal, or as the message is suspected spam, or spam. Each message sent or folder(s) 530 spam or folder(s) 540 for messages with suspected spam or folder(s) 550 for legitimate e-mail based on its classification.

E-mail message having associated probabilities less than or equal to the first threshold value, are in the folder(s) 550 for legitimate e-mail. E-mail, with associated probabilities, large first threshold value but less than or equal to the second threshold value, save in the folder(s) 540 for messages suspected to be spam. Next, the e-mail message, with associated probabilities, large second threshold value, save in the folder(s) 530 spam. It should be noted that the first threshold value and/or the second threshold value may be fixed based on user preferences and/or adaptive (e.g., based, at least partially, the available computational resources). Then the component 520 authentication requests may send an identification request to the sender of the e-mail messages stored in the folder(s) 540 for messages suspected to be spam. For example, the identification request may be based at least in part, built on the nom in the identification request code, the calculated authentication request, authentication request, requiring human intervention, and/or on demand of microplates.

Based at least in part, a response to the identification request or the lack thereof component 520 identification queries can move the e-mail message from a folder(OK) 540 for messages with suspected spam folder(s) 550 for legitimate e-mail or folder(s) 530 spam. For example, after receiving an acceptable (e.g., correct) response to the identification request component 520 identification queries can move the e-mail message from a folder/folders 540 for messages with suspected spam folder(s) 550 for legitimate e-mail.

Further, if the reception is unacceptable (e.g., incorrect) response to the identification request and/or in case of failure to receive a response to the identification request within a certain period of time (for example, 4 hours), the component 520 identification queries can move the e-mail message from a folder(OK) 540 for messages with suspected spam folder(s) 530 spam.

We turn now to Fig.6, which shows a corresponding one of the aspects of the present invention, the system 600 is intended for the detection of unsolicited e-mail. The system 600 including the AET in the classifier 510-mail component 520 identification queries folder(s) 530 spam folder(s) 540 for messages with suspected spam and folder(s) 550 for legitimate e-mail. The system 600 additionally includes a storage 560 legitimate senders of e-mail and/or store 570 senders of spam.

Store 560 senders of legitimate email is stored information (e.g., e-mail addresses)associated with senders of legitimate email. To e-mail from the objects identified in the repository 560 senders of legitimate email component 520 identification requests in the General case identification query does not issue. Accordingly, if in one example, a sender e-mail is stored in the storage 560 senders of legitimate e-mail, his e-mail messages stored by the classifier 510-mail folder(s) 530 spam or folder(s) 540 for messages with suspected spam, move to the folder(s) 550 for legitimate e-mail.

Information (e.g. email addresses) can be stored in the storage 560 legitimate senders of e-mail based on user selection (e.g., by choosing not to send the query to a specific shipper), the user's address book, address, to which floor the user has sent, at least a specified number of e-mail messages, and/or by component 520 identification requests. For example, as soon as the sender of the e-mail message replied to the identification request, the component 520 authentication requests may store information associated with the sender (e.g., email address)store 560 senders of legitimate email.

Store 560 senders of legitimate email can optionally store the trust level associated with the sender of legitimate e-mail. For example, an email message, with associated probabilities less than or equal to the associated trust level, the component 520 identification query does not issue identification requests, while on the e-mail message, with associated probabilities, large associated trust level, the component 520 identifying query issues identification requests. For example, the trust level may be based, at least in part, on the identification request message having the highest associated probability, had responded to the sender.

In one of the examples of the sender can be removed from the repository 560 senders legally the email-based, at least part of the user actions (e.g., received from the sender e-mail removed as spam). In another example, the sender can be added to the repository 560 senders of legitimate email after the user sent by a given sender to a single e-mail message.

Store 570 spam senders stored information (e.g., e-mail addresses)associated with senders of spam. Saving information in the repository 570 senders of spam a user can perform and/or component 520 identification requests. For example, once the user has deleted a message as spam, the information associated with the sender of this e-mail message, you can save in the store 570 senders of spam. In another example, the repository 570 senders of spam, you can save the information associated with the sender of the e-mail message that incorrectly answered identification request and/or failed to respond to authentication request.

In one of the examples in the process of performing the authentication request can be executed currency unique identifier (for example, to reduce the likelihood that the distribution of spam will be able to send spam using the usual address on the ruler). Senders can use the signature message. Unsigned messages from senders that are stored in the storage 560 senders of legitimate email, which usually sign their messages are processed and are candidates for execution of the authentication request.

In another example, the sender of a large volume of e-mail can generate the ' from ' address on an individual basis (for example, to create a unique for the recipient address "from whom"). For example, the ' from ' address can be based on a global secret key known to the sender and hashed with the email address of the recipient. Alternatively, for each recipient, you can generate and store a random number.

In the third example, the e-mail message includes an identifier that is unique for each recipient" (IEP). FTI adds unique information about the sender in the form of a special message header fields. It should be noted that the IEP does not need to be installed depending on the sender. Thus, in the process of sending mail within the organization to ensure the inheritance of inclusion in the repository 560 legitimate email senders. IPM can be a public key, is the first to use a digital signature with a public key (for example, OpenPGP or S/MIME).

In addition, senders of e-mail messages can include a requirement to perform the authentication request (for example, to facilitate the planning of obtaining identification query). For example, an e-mail message may include a header CHALLENGE_ME_NOW: TRUE”. This may cause the system 600 to automatically send an identification request and after receipt of the correct answer to include the sender in the store 560 legitimate email senders.

Component 520 authentication requests can be adapted to detect e-mail messages received from mailing lists (for example, modelirovaniya mailing lists and/or nemodulirovannyj mailing lists). For example, in e-mail messages received from a mailing list, you can include strings such as “Precedence: list” or “Precedence: bulk”. In another example, the component 520 identification query detects that the e-mail message is spam based at least in part, detecting that the contents of the string "sender" is different from the content of the string "from". The headers of email messages usually contain two different string that identifies the sending side: one line from the top of the message (the example placed there by the command "who"used a simple e-mail Protocol (SMTP)), and the header field “from:” (for example, what is commonly display to the user). In the case of mailing lists their contents may vary.

In one example, the component 520 authentication requests can detect e-mail messages received from mailing lists, and to give the user the ability to include these lists in the directory (repository) 560 legitimate email senders. Component 520 authentication requests may additionally include a trust level associated with the mailing lists.

The difficulty, to which you should pay attention in connection with a mailing list, is to reduce the probability of occurrence of a situation in which receiving from the mailing lists messages that look like spam will create a storm identification requests to the mailing lists. The extent of this problem depends on the type of list. There are 8 different situations, although many of them have the same solution. In particular, the distribution list may be modelirovanie or remodelirovaniem, and in addition, have different levels of ability to respond to authentication requests. This leads to 8 types.

Many modelirovanie mailing lists include the title “the eat-sanctioned”. For example, for modelirovaniya mailing lists can be assumed that either all messages are legal, or all the spam. If nemodulirovannyj lists can be assumed that in the mailing list send a number of messages that are spam. Thus, in the case remodelirovania mailing list component 520 authentication requests may allow the user to set a threshold value that determines whether to show similar spam messages, or you just need to put in the folder(s) 530 spam.

For example, when a message from a mailing list allows the user to determine the associated with this mailing list level of confidence. This should take care not to send too many authentication requests to the mailing lists, especially those that do not have the ability to automatically respond to authentication requests. If modelirovaniya mailing lists, the user can, for example, to receive an invitation to include the mailing list in the directory (repository) 560 legitimate email senders. In another example, the distribution list can answer the identification request from the component 520 identification requests and can be included in the repository 560 legitimate email senders In the third example, after subscribing to the mailing list this mailing list prompts the user, so he included this list in owned by this user repository 560 legitimate email senders.

If nemodulirovannyj mailing lists, the user can, for example, to receive an invitation to establish for the mailing list some threshold. E-mail message with the probability that they are spam, most of this threshold value, move to the folder(s) 530 for spam and/or remove. In another example, the distribution list can answer the identification request from the component 520 identification requests and can be included in the repository 560 legitimate email senders. In the third example, after subscribing to the mailing list this mailing list prompts the user to include this list in owned by this user repository 560 legitimate email senders.

Component 520 authentication requests can consider the distribution lists that do not have the ability to automatically respond to authentication requests. In particular, in the case modelirovaniya mailing lists component 520 authentication requests may include the mailing list in store 560 legitimate email senders. If nemodulirovannyj mailing lists component 520 TNA is navalnyj requests may facilitate the establishment of thresholds for a given mailing list: messages above the threshold value, given identification requests, and messages falling below a threshold, miss.

The inclusion in the repository 560 legitimate e-mail senders may occur in suitable time. In the case of mailing lists it is very likely that the user will not send mail to the list. However, the inclusion of a mailing list in store 560 legitimate email senders based on a small number obtained from the given list of messages is undesirable. Otherwise, the distribution of spam can pretend mailing list, send a small number of messages (none of which will be deleted as spam, then spam freely. In one embodiment, implementation, when mail arrives from a mailing list for the first time and is not detected as spam, the user is prompted to add a mailing list in store 560 legitimate e-mail senders with an associated threshold value. Since most lists include a welcome message, if some welcome message included in the training data, it is unlikely that the welcome message will be marked as spam.

However, if all of the first incoming message is s largely similar to spam, these messages should be included in the folder(s) 530 spam. In particular, it is undesirable that anyone had the opportunity to pretend to be a mailing list and send spam. Thus, before the mailing list will be included in the repository 560 legitimate e-mail senders, the component 520 authentication requests can be sent to the mailing list identification requests, as described above. If the messages look like spam, but are legal, then you can choose to receive or not to receive them, depending on how processed identification requests. If the answers to authentication requests is not received, these messages will not be missed. Thus, the spam will be difficult to penetrate. In the end, the mailing list send a message, not like spam, and the user will be prompted to establish a policy for the mailing list.

It should be noted that mailing lists can have such a ' from ' address that mail sent to this address from headers, sent to the entire list. If the list is a list of this type, then send him an identification query is undesirable, because in fact they can get all subscribers of the mailing list. Before this mailing list will be included in the repository 560 legitimate senders who elektronnoy mail coming from an explicit spam, you can simply ignore. Definition of procedures for inclusion in the repository 560 legitimate email senders in the case of mailing lists can be modified. Provided that even if modelirovanie mailing list, the string "from" address is different for each sender, the inclusion in the repository 560 legitimate e-mail senders can be based on other parts of the header. Often the line of the mailing list is the name of the mailing list (so that the response is sent to the entire list as a whole). Thus, in the case of mailing lists inclusion in the repository 560 legitimate e-mail senders may be based, at least in part, on the to : line. This can be a Supplement to the classification based on a string "from" address (for example, if the sender of the mailing list is in store 560 legitimate e-mail senders, then this also should be enough). It should be noted that in the case of mailing lists as an alternative and/or Supplement store 560 legitimate e-mail senders can include information from other header lines such as the line "sender".

In order to determine the validity of email addresses, spammers rely on "reflection". Lots of the e normal e-mail servers reflect e-mail her back to the sender in case if it was aimed at a false address. Thus, for these e-mail servers absence of reflection the e-mail message increases the confidence score of the e-mail addresses. Accordingly, the spammers can send more messages related to spam to addresses that have not received reflections.

For those e-mail servers, which reflect the e-mail authentication requests of the present invention do not provide any additional information the distribution of spam (e.g., no reflection is an indicator of the validity of the address). In addition, the email server may send the identification query for "half-dead" addresses (for example, reliable, but uncontrolled addresses) through a system designed to detect unsolicited e-mail.

As for e-mail servers that do not reflect the e-mail directed at false addresses, e-mail server again may send authentication requests through the system designed for the detection of unsolicited e-mail to, for example, the behavior of inaccurate addresses was similar to the behavior of valid addresses. Moreover, in about the EBM implementation options of the server system may further add to the probability that e-mail is spam, some factor of randomization (for example, to prevent attempts to circumvent the adaptive spam filters).

Figure 7 depicts the corresponding one of the aspects of the present invention, the system 700 is designed for response to the identification request. The system 700 includes a component 710 receiving the authentication request component 720 processing the authentication request and the component 730 response to the identification request.

Component 710 receiving the authentication request receives the identification request (for example, a query related to a previously sent e-mail). For example, the identification request may be based at least in part, on the built-in authentication request code, the calculated authentication request, authentication request, requiring human intervention, and/or on demand of microplates.

In one example, the component 710 receiving the authentication request determines which of the many modalities identification request must be forwarded to the component 720 processing the authentication request (for example, on the basis of the available computing resources and/or user preferences). In another example, component 710 receiving the authentication request provides the user with information to facilitate selection of od is Oh from a variety of modalities identification request, thereby allowing the user to choose the modality, if any, which the user intends to use for the response to the identification request. For example, a component 710 receiving the authentication request may provide information that may be useful for the user when selecting the appropriate modality of response, such as the amount of computational resources required to answer the calculated identification request, the amount of microplates and/or balance microplating account. Once selected modality authentication request authentication request sent to a component 720 processing the authentication request.

It should be noted that in certain circumstances the user may wish not to respond to the identification request, resulting component 720 processing the authentication request and/or component 730 response to the identification request, no information is transmitted.

Component 720 processing identification request identification processes the request and provides the output data associated with the processed identification request. For example, if the identification request includes an embedded code, then the component 720 processing the authentication request may provide a component 730 response to identification Zap the OS output which include this built-in code. In that case, when the identification request includes the calculated authentication request component 720 processing the authentication request may contribute to the formation of solutions of the calculated authentication request. If the identification request includes the identification request, requiring human intervention, component 720 processing the authentication request may provide the user with information in order to permit identification of the request requiring human intervention. In one example of the identification request, requiring human intervention, may include a task that is relatively simple for humans, but relatively difficult for a computer. In one example of the identification request, requiring the participation of a person, includes the image of the word (for example, GIF or JPEG). The word itself is partially masked by noise. The presence of noise complicates the automatic development of a computer program designed to read words (or, at least, use ready-made components), and at the same time not too complicated reading of the word man. In this example, component 720 processing the authentication request may provide the user with the image of the word. Then p is lovatelli provides that word back component 720 processing the authentication request. Component 720 processing the authentication request provides output that includes this word, component 730 response to the identification request.

If the identification request includes the requirement of microplates, component 720 processing the authentication request may help provide the output component 730 response to the identification request. In one example, the response to the identification request with the requirement of microplates is based on the "certificate of spam a single use, which can be issued by a certain Issuer authority. Component 720 processing the authentication request can either automatically or based on user input to provide the certificate number of spam component 730 response to the identification request. After submitting the certificate number of spam this certificate of spam void (for example, a single use certificate).

In another example, the response to the identification request with the requirement of microplates is based on microplating account. Each such response causes the write-off of certain amounts from microplating account, supported by some issuing authority. Component 720 processing the authentication request may provide a component 730 response to the identification request information, the Association is consistent with microplating account.

Component 730 response to the identification request generates a response to the authentication request based, at least partially, the output data associated with the processed identification request. For example, the response to the identification request may include a built-in code, the computed solution for the authentication request, the solution for the authentication request, requiring human intervention, and/or microplates.

For example, in one embodiment, the implementation in order to reduce the probability of attacks denial of service computed authentication requests are ordered by the number of identification requests already processed this message. Handling messages with a smaller number of processed identification queries perform before processing messages with a large number of processed identification requests (e.g., as available computational resources). Thus, in the case of sending messages to a distribution list, the recipient can intentionally send the calculated identification requests in order to perform attacks denial of service attacks. However, once you complete the processing of one or more of the calculated identification queries relating to this message, priority will be given to other messages that have fewer treatment is subjected to identification requests thereby reducing the likelihood of attacks denial of service.

Referring to the examples of the systems shown and described above, a better understanding of the techniques that can be implemented in accordance with the present invention is achieved in consideration with reference to the flowcharts of the algorithms in Fig. 8, 9, 10 and 11. Although for simplicity these methods shown and described as a sequence of blocks (stages), you should understand and recognize that the present invention is not limited to the order of the stages, as in accordance with the present invention, some steps may be in a different order and/or concurrently with other steps from that shown and described herein. Moreover, not all of the depicted steps may be required for the implementation of the present invention methods.

The description of the present invention may be implemented in the General context of machine-executable instructions, such as program modules, executed by one or more components. Generally, program modules include procedures, programs, objects, data structures, etc. that perform certain tasks or implement certain abstract data types. Generally, in various embodiments, implementation of functionality of the software modules can be combined is activated or distribute as you wish.

Contact Fig and 9, which are illustrated corresponding to one of the aspects of the present invention, the method 800 that is designed to detect unsolicited e-mail. At step 804 receive an e-mail message. At step 808 determines the probability that the email message is spam (for example, by means of the classifier-mail).

At step 812 determines whether the sender of this e-mail in the directory of legitimate email senders. If at step 812 the answer is YES, then processing continues at step 816. If at step 812 the answer is NO, then at step 820 determines whether the sender of this e-mail in the directory senders of spam. If at step 820 the answer is YES, then processing continues at step 824. If at step 820 the answer is NO, then at step 828 to determine whether the probability that the email message is spam, the first threshold value. If at step 828 the answer is NO, then processing continues at step 816. If at step 828 the answer is YES, then at step 832 to the sender of this e-mail sends one or more authentication requests.

At step 836 determine if the response to the identification request. The EU is at the stage 836 answered NO, the process continues to step 836. If at step 836 the answer is YES, then at step 840 to determine correctly whether the received response to the identification request. If at step 840 the answer is YES, then processing continues at step 816. Ate at step 840 the answer is NO, then processing continues at step 824.

At step 816 e-mail message identified as "not spam" (for example, it is placed in the folder(s) for legitimate e-mail and/or reduce the associated probability). Then, in step 844 the sender of this e-mail add in the directory of legitimate senders of e-mail, after which further processing is aborted.

At step 824 e-mail identified as spam (for example, it is placed in the folder(s) for spam and/or increase associated probability). Then at step 848 the sender of this e-mail add in the directory senders of spam, then further processing is aborted.

Now refer to figure 10, which is illustrated corresponding to one of the aspects of the present invention, the method 1000 is designed for response to the identification request. At step 1010 send an e-mail message. At step 1020 receives the identification request (for example, the embedded code, a calculated opoznavat the local query the identification request, requiring human intervention, and/or the requirement of microplates). At step 1030 processes the authentication request. At step 1040 sends the response to the authentication request.

Now let us turn to 11, which is illustrated corresponding to one of the aspects of the present invention, the method 1100 that is designed to respond to authentication requests. At step 1110 send e-mail. At step 1120 receive authentication requests (e.g., each of which has an embedded code that represents the calculated authentication request, authentication request, requiring human intervention, and/or the requirement of microplates). At step 1130 want to process authentication requests are ordered based at least in part, to the fact that the processing of messages with a smaller number of identification requests performed before processing messages with a large number of identification requests (for example, to reduce the likelihood of attacks denial of service). At step 1140 handle an identification request. At step 1150 send a reply to the selected identification request. At step 1160 determine whether you still want to process authentication requests. If at step 1160 the answer is YES, then processing continues at step 1130. E is the same at step 1160 answered NO, then further processing is stopped.

Now let us turn to Fig, which depicts a corresponding one of the aspects of the present invention a sample user interface 1200, designed to answer many authentication requests. In this exemplary embodiment, the user interface the user is prompted with the following message:

SENT YOU AN E-MAIL MESSAGE WAS CLASSIFIED AS POTENTIAL SPAM. IF YOU FAIL TO CORRECTLY ANSWER ONE OF THE FOLLOWING AUTHENTICATION REQUESTS, THIS E-MAIL MESSAGE MAY BE IDENTIFIED AS SPAM AND/OR DELETED AS SPAM.

The user is offered a choice of three possible options: computed authentication request, authentication request, requiring human intervention, and microplates. Based at least in part, of the user's choice, you can perform the processing for the selected authentication request.

In order to provide additional context for various aspects of the present invention provides pig and the following description, the purpose of which is to brief General description of a suitable operating environment 1310, in which you can implement various aspects of the present invention. Although the description of this subramaniapuram within the General context of machine-executable instructions, such as program modules, executed by one or more computers or other devices, experts in this field technicians will agree that the present invention can also be implemented in combination with other program modules and/or as a combination of hardware and software. Generally, program modules include procedures, programs, objects, components, data structures, etc. that perform certain tasks or implement certain types of data. Operating environment 1310 is just an example of a suitable operating environment and is not intended to impose any restrictions on the scope of use or functionality of the present invention. Other widely known computer systems, environments and/or configurations that may be suitable for use with the present invention include personal computers, handheld or laptop devices, multiprocessor systems, microprocessor-based systems, programmable consumer electronics, network personal computers (PCs), minicomputers, large universal computers, distributed computing environments that include the above systems and devices, and the like, but are not limited to the above.

With the publicly Fig rough version of the environment 1310, designed for implementing various aspects of the present invention, includes a computer 1312. Computer 1312 includes block 1314 processing, system storage device 1316 and the system bus 1318. The system bus 1318 connects the system components, including the connection system of the storage device 1316 unit 1314 processing, but is not limited to them. In block 1314, the processing may be any of various available processors. In block 1314 processing you can also use two microprocessor or other multiprocessor architecture.

The system bus 1318 may be one of several types of structures tires, including tire storage device or the storage controller, bus peripherals or external bus, and/or a local bus using all sorts of a variety of available bus architecture, including a 13-bit bus; architecture, relevant industry standard (ISA bus); microchannel architecture (MCA); the extended architecture, appropriate industrial standard (EISA bus); intelligent interface storage devices (IDE bus); local bus standard Association standards in the field of video electronics (VLB bus); bus inter-component connections (PCI); universal serial bus (W is on upsh(USB)); bus advanced graphics port (AGP bus); bus standard of the International Association of manufacturers of memory cards for personal computers (bus PCMCIA), and small computer system interface (SCSI), but is not limited to the above.

The system storage device 1316 includes a volatile storage device 1320 and the non-volatile storage device 1322. In the non-volatile storage device 1322 stores the basic input/output system (BIOS), which contains the basic procedures that are used to transfer information between elements within the computer 1312, for example, during start-up. As an example, but not limitation, nonvolatile memory device 1322 may include a permanent storage device (ROM), programmable ROM (EPROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. A volatile storage device 1320 includes a random access memory (RAM), which acts as external cache memory. As an example, but not limitation, a volatile storage device 1320 is available in many forms such as synchronous RAM (SRAM), dynamic RAM (DRAM), synchronous dynamic RAM (SDRAM), synchronous Dean the dynamic RAM is double data rate (DDR SDRAM), enhanced synchronous dram (ESDRAM), dynamic RAM technology Synchlink (SLDRAM), and RAM direct access technology Rambus (DRRAM).

Computer 1312 also includes removable/non-removable, volatile/non-volatile storage media of the computer. On Fig in the example shown, the drive 1324 on the disks. Drive 1324 disks includes devices like a magnetic disk drive, floppy drive, floppy disk, tape drive, Jaz drive, Zip drive type, drive type LS-100, flash memory or memory Stick, but not limited to the above. In addition, the drive 1324 drives can include storage media separately or in combination with other storage media, including optical disks, such as reader ROM on the CD-ROM (CD-ROM), CD-ROM, write-once (CD-R)drive, a rewritable CD (CD-RW) or drive ROM on digital versatile disks (DVD-ROM), but is not limited to the above. For communication drive 1324 on CDs with system bus 1318 use interface fixed or removable devices, such as interface 1326.

It should be noted that Fig describes software that acts as a group is the'dnik between users and the basic computer resources, described in the context of a suitable operating environment 1310. Such software includes the operating system 1328. Operating system 1328, which can be stored on the drive 1324 drives, acts to control and allocate resources of the computer system 1312. System application 1330 benefit resource management through the operating system 1328 through software modules 1332 and data 1334 programs stored either in system memory 1316, or on the drive 1324 on the disks. It should be noted that the present invention can be implemented for various operating systems or combinations thereof.

The user enters into the computer 1312 commands or information through devices 1336 input. Device 1336 input include a pointing device such as a mouse, trackball, light pen, touch pad, keyboard, microphone, joystick, gaming keyboard, parabolic satellite dish, scanner, card TV receiver, digital camera, digital video camera, web camera and so on, but are not limited to the above. These and other input devices are connected to a block 1314 processing via the system bus 1318 through interface ports 1338. Interface ports 1338 include, for example, the serial is ORT, parallel port, game port and universal serial bus (bus upsh(USB)). Device 1340 o use some of the same types of ports that the device 1336 input. For example, the port upsh(USB) can be used to provide input data to the computer 1312 and delivery of information from a computer 1312 on the device 1340 output. Adapter 1342 output is given to illustrate the fact that, among other devices 1340 o there are some devices 1340 output, such as monitors, speakers and printers that require special adapters. Adapters 1342 output include, as an example, but not limitation, video and sound cards that provide a means of connection between the device 1340 output and the system bus 1318. It should be noted that other devices and/or systems are devices, such as remote computers 1344, provide opportunities for both input and output.

Computer 1312 may operate in a networked environment using logical connections to one or more computers, such as remote computer 1344. The remote computer 1344 may be a personal computer, a server, a router, a network PC, a workstation, a microprocessor based appliance, a component of peer-to-peer network or other network node, etc. and usually VK is uchet in many or all of the elements, described in connection with the computer 1312. For brevity in the composition of the remote computer 1344 shows only storage device 1346. The remote computer 1344 logically connected to the computer 1312 via the network interface 1348, and the physical connection is made through the communication connection 1350. Network interface 1348 covers such a communication network as a local area network (LAN) and wide area network (WAN). Technology drugs include distributed data interface fiber optic (FDDI), distributed wired data interface (CDDI), Ethernet/IEEE 1302.3, Token Ring/IEEE 1302.5 and other Technologies global networks include connection type to point-to-point, circuit switched network circuits, such as digital communication network integrated services (CSCW(ISDN)and their variants, network with packet switching and digital subscriber line (DSL(DSL)), but are not limited to the above.

Communication connection 1350 (connection connection) refer to the hardware/software that is used to connect the network interface 1348 bus 1318. Although for purposes of clarity, the communication connection 1350 shown inside the computer 1312, it can also be external to the computer 1312. Required to connect through a network interface 1348 apparatus is atnie tools/software include, solely as an example, internal and external technologies such as, modems including regular modems to connect through telephone lines, cable modems and DSL modems(DSL), adapters CSCW(ISDN) and Ethernet card.

The above description includes examples of the present invention. Naturally, in order to describe the present invention, it is impossible to consider all potential combinations of components and techniques, but an ordinary specialist in the field of engineering will agree that there are many further combinations and modifications of the present invention. Accordingly understood that the present invention covers all such changes, modifications, and variations which correspond to the ideas and subject areas the following claims. Moreover, to the extent that the term "include" is used in either the detailed description or in the claims, should be considered similar to the meaning of the term "contain" in the volume in which the term "contain" is interpreted when used as a binder of the words in the claims.

1. System for facilitating detection of unsolicited e-mail containing:
component e-mail, which accepts or retains messages and accepts or vychislyaet the associated probability these email messages are spam, calculated by the classifier e-mail based, at least partially, the feature vector generated for each message mentioned by the classifier;
component identification requests, which selectively sends an identification request to the sender of the email message having probability, most of the first threshold value, and component identification requests additionally adjusts the probability that the email message is spam based at least in part, a response to the identification request.

2. The system according to claim 1, additionally containing mail classifier that accepts e-mail message and determines the associated probability that the email message is spam.

3. The system according to claim 1, in which the identification request is a built-in code.

4. The system according to claim 1, in which the identification request is a calculated authentication request.

5. The system according to claim 4, in which the calculated authentication request is the result of a one-way hash of the message, including a timestamp and the label of the recipient.

6. The system according to claim 1, in which the identification request represents the t of an authentication request, requiring human intervention.

7. The system according to claim 1, in which the identification request is a requirement of microplates.

8. The system according to claim 1, in which the user is provided with options identification selection queries, the choice of the options identification query based on the filter.

9. System for facilitating detection of unsolicited messages and contains:
classifier-mail that takes the incoming message and classifies the incoming message as spam or legitimate message based, at least partially, the probability that the email message is spam, based at least in part, reduced by the application of the law Zipf matrix N×M distinguishing features available in the message; and
component identification requests, which selectively sends an identification request to the sender of the e-mail message, if the message is classified as spam, and component identification requests additionally adjusts the probability that the email message is spam, based at least in part, a response to the identification request.

10. The system according to claim 9, in which advanced classifier-mail stores the incoming message in the spam folder or the folder for legitimate messages.

11. The system of claim 10 in which the optional component identification query moves the message from the spam folder in the folder for legitimate messages, based at least in part, a response to the identification request.

12. The system according to claim 9, in which the identification request is a built-in code.

13. The system according to claim 9, in which the identification request is a calculated authentication request.

14. The system according to claim 9, in which the authentication request is an authentication request, requiring human intervention.

15. The system according to claim 9, in which the identification request is a requirement of microplates.

16. The system according to claim 9, further containing store the sender(s) of legal messages that stores information associated with senders of legitimate messages.

17. System according to clause 16, in which the component identification query adds the information associated with the sender of the message store legitimate senders of the message, if the authentication request is received in the correct answer.

18. The system according to claim 9, further containing store the sender(s) spam that stores information associated with senders of spam.

19. System for facilitating detection of unsolicited e-mail, and containing the I:
classifier-mail that takes the incoming message and classifies the incoming message as spam, as the message is suspected spam or legitimate e-mail, based at least in part, changes in subjective perceptions and preferences of the user; and component identification requests, which selectively sends an identification request to the sender of the e-mail message, which was classified as the message is suspected spam, and component identification requests additionally adjusts the probability that the email message is spam, based at least in part, a response to the identification request.

20. The system according to claim 19, in which advanced classifier-mail saves the incoming e-mail message in the spam folder, the folder for messages with suspected or spam folder for legitimate mail.

21. The system according to claim 20, in which the additional component identification query moves the e-mail folder for messages with suspected spam in the spam folder or in the folder for legal mail, based at least in part, a response to the identification request.

22. The system according to claim 19, additionally containing storage senders of legitimate email, in the cat the rum is stored information, associated with senders of legitimate email.

23. The system according to claim 19, additionally containing storage senders of spam that stores information associated with senders of spam.

24. The system according to claim 19, in which the e-mail message includes an identifier that is unique for the recipient.

25. The system according to claim 19, in which the additional component identification query is adapted to detect the fact that the e-mail message received from a mailing list.

26. System A.25, in which the additional component identification query is adapted to detect the fact that the mailing list is modelirovanie or remodelirovaniem mailing list.

27. The method of detection of unsolicited e-mail, and consists in the fact that:
selectively sending an identification request to the sender of the e-mail message, which was classified as the message is suspected spam.
accept response to the identification request; and
correct classification of this e-mail message based at least in part, a response to the identification request or changes in subjective perceptions and preferences of the user.

28. The method according to item 27, further consists in the fact that they perform at least the bottom of the following:
take the e-mail message;
classify the email message as spam, the message is suspected spam or legitimate e-mail;
determine whether the sender is in store senders of legitimate e-mail; and
determine whether the sender is in store senders of spam.

29. The method according to item 27, in which the identification request represents at least one of: inline; calculated identification query; identifying a request requiring human intervention; the requirement of microplates.

30. Machine-readable storage medium storing executable computer system components, enabling the detection of unsolicited e-mail, and this media contains:
component classifier-mail address that accepts e-mail message and determines the associated probability that the email message is spam, based at least in part, reduced by the application of the law Zipf matrix N×M distinguishing features available in the message; and
component identification requests, which selectively sends an identification request to the sender of the e-mail message, with associated probability, most of the first threshold value, the rich component identification requests additionally adjusts the probability of this e-mail message is spam, based at least in part, a response to the identification request.

31. System for facilitating detection of unsolicited e-mail containing:
the tool used to determine the probability that
the e-mail message is spam; and
a tool that is designed to selectively send the authentication request to the sender of the email message having probability, most of the first threshold value,
means for further adjusting the probability that the email message is spam, based at least in part, a response to the identification request or changes in subjective perceptions and preferences of the user.



 

Same patents:

FIELD: information technologies.

SUBSTANCE: radio communication method in code division multiple access system features the following: usage of the first code by user station is temporarily interrupted, and usage of the second code only is introduced, further usage of the first code is resumed depending on available transmission power which is at disposal for usage of the first code by user station. Network device for radio communications system contains facilities to receive messages transmitted using both the first and the second code, facility for determination of available transmission power.

EFFECT: keeping track of transmission conditions, using the first or the second transmission code depending on transmission power.

11 cl, 2 dwg

Message processing // 2369029

FIELD: information technology.

SUBSTANCE: invention relates to processing a message addressed to a client terminal. The method comprises stages on which a message, which is addressed to a client terminal, is received. The message contains information meant for a high level application, where the high level application is an application which is separate from a message exchange client. Option information, associated with the client terminal, is received and checked if it contains information on high level applications, which are supported by the client terminal, and action is taken in response to the checking stage.

EFFECT: client terminal contains a message exchange client, meant for processing messages.

33 cl, 6 dwg

FIELD: physics; computer engineering.

SUBSTANCE: present invention pertains to the method and system of preventing malicious use of electronic mail messages. The method involves breaking up the electronic mail message into its components, altering the structural component form (for example, structure, format and content) so as to conform it with general rules, every time the structural form of a component does not comply with the rules, and repeated composition of an electronic mail message from its components (in their last state). The rules pertain to the structure of electronic mail messages for preventing incorrectly formed structure of electronic mail messages, for preventing malicious use of electronic mail messages etc. If the structural form of a component cannot be identified, the component may not be included in repeated composition of the electronic mail message or may be included as it is.

EFFECT: prevention of malicious use of electronic mail messages using an unusual structure.

14 cl, 6 dwg

FIELD: physics; computer technology.

SUBSTANCE: invention relates to data exchange between client and server applications in computer networks, in particular, e-mail applications. E-mail server is capable to keep tabulated record of changes, which occur in folders stored in corresponding data storage device and to send notifications on the table contents change to e-mail client, which is a subscriber for this service. In return, the client sends a request to synchronise modified folders only.

EFFECT: improved efficiency of synchronisation of e-mail folders of client and server.

4 cl, 31 dwg

FIELD: information technologies.

SUBSTANCE: cooperative server-based invocation is run by e-mail. When user creates e-mail message with attachments, web-site for cooperative invocation is provided. Web-site for cooperative invocation allows to message receivers for cooperative attachment invocation. Thus user scores both advantage of cooperative e-mail attachment invocation usability, and advantages of server for cooperative invocation.

EFFECT: simplified system and cooperative server control method.

42 cl, 3 dwg

FIELD: information technology.

SUBSTANCE: this invention refers to the system and connection improvement method between the client and the server, particularly improved protocol that can be used for connection between the client and the server in email environment. The email server can provide the best message body available for the email message; transfer the data object in whole, if the requested property or properties are not completely defined in the data object; provide data considering loading process; send error info for the error containing data object. The email changes can be optimised on the email server component even if these changes appeared on the other email server component. The email server can support the table of changes appearing in the folders of the corresponding data bank and can notify the client email component about changes that appear in the table.

EFFECT: connection improvement between the client and the server.

14 cl, 31 dwg

FIELD: communication system, possible use for routing a message to a temporarily inaccessible network user.

SUBSTANCE: in accordance to the invention, subscription is imitated for network user registration status, if network user is listed as inaccessible. Then notification is generated, when network user registration status changes, to list condition, when network user is accessible again or when network user is registered again, and message is routed to network user in response to receipt of notification.

EFFECT: ensured awareness of subscriber about condition of connection or registration of network user.

4 cl, 4 dwg

FIELD: electronic mailing technologies.

SUBSTANCE: method for notification of user about receipt of electronic mail message by mail center, wherein information is stored, related to mail accounts, assigned to identifiers of decoder receivers, enables transfer of notification message in broadcast signal, while notification message includes at least additional portion of text of electronic mail message and identifier of decoder receiver targeted as destination for current notification message. Described transmission is realized by appropriate devices and decoder receivers.

EFFECT: decreased load of addressed transmission channel.

3 cl, 7 dwg

The invention relates to a device and method for providing service with a guaranteed frame rate (GSPC) ARP-switch

The invention relates to commercial communication systems

FIELD: physics; computer engineering.

SUBSTANCE: invention relates to ensuring information security on web serves. In order to monitor security of a web server, such quality factors of operation of the web server as query runtime t and number of link errors eERROR are given at a preliminary stage. A loading test is then carried out to determine threshold values of the query runtime of the web server (tCRIT) and number of link errors (eERROR-CRIT). Analytical models for predicting query runtime tPRED are constructed. Monitoring period TM is determined at the functioning stage of the server, after which N queries are received for establishing connection during the monitoring period TM. Current values of quality factors of operation of the web server t,eERROR are derived. The predicted query runtime tPRED is then calculated based on the said values. Values of tPRED and eERROR are then compared with threshold values of the quality factors and if threshold values are greater than the said values, there is an attack.

EFFECT: invention improves quality of monitoring security of a web server and provides on-line detection of critical mode of operation of the web server caused by unknown and known "denial of service" attacks, as well as legitimate user requests.

3 dwg

FIELD: physics; computer engineering.

SUBSTANCE: present invention relates to a method and system for sharing objects which can be located in different machines. These objects can be accessed and shared over a computer network, for example the Internet. The objects can be computer programming objects which can include application programming interfaces (API), programming object libraries, determination of computer program objects and other similar information for applications based on a computer network. The method and the system do not require a server computer since the invention can work as a peer-to-peer or a multipoint computer network.

EFFECT: method and system can work with peer-to-peer networks and "client-server" networks without requirement for identification of computers on the network as servers or non-server computers (clients).

20 cl, 9 dwg

FIELD: physics; computer engineering.

SUBSTANCE: invention relates to protection of information systems, and specifically to assessment of security of information systems through presentation of system states, security requirements and a model for monitoring and controlling access using predicate logic and automatic verification of meeting security requirements on several system states, taking into account rules of the model for monitoring and controlling access. The result is achieved due to predicate presentation of system states, a model for monitoring and controlling access, security requirements, as well as application of resolution (output) rules, automating verification of security requirements on system states.

EFFECT: cutting on number of security management errors, increased guarantee of meeting security requirements, cutting on time and resource expenses on assessing security of information systems.

10 cl, 3 dwg

FIELD: physics; communications.

SUBSTANCE: invention relates to inspection technology and can be used in telecommunication systems. Values of disruptive effects on a communication line are monitored, while simultaneously evaluating transmission capacity of each type of communication line. The obtained values are scaled relative maximum values for each class of parametres. The given values are used to train artificial neural networks with radial basic elements for approximating dependency of efficiency of each type of communication line on values of disruptive effects. Matrices of synaptic weights of trained neural networks are filled and further installed in accordance with a specific designed communication network for evaluating transmission capacity from forecast values of disruptive effects, obtained with time delay. Based on the forecast values of transmission capacity for each communication line, the available network resource is allocated between subscribers taking into account their priority categories.

EFFECT: wider functional capabilities, lying in timely rendering of information services to subscribers of different categories with external disruptive effects acting on a communication network.

11 dwg

FIELD: physics; computer engineering.

SUBSTANCE: invention relates to management of security of Windows family operating systems (including Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server, Microsoft Windows XP Professional, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Vista Ultimate, Enterprise and Business 32-x and 64-x versions of any localisation), and specifically to comparison of configuration characteristics of operating systems from the view point of assessing their security. The result is achieved owing to possibility of comparing configuration parametres, monitoring the behaviour of changes in status and detection from a given "standard" status in Windows family operating systems after proposal of a procedure for comparing security status and switching to the analysed complete set of configuration parameters of security of user layer resources.

EFFECT: increased efficiency of assessing system security.

3 cl, 1 dwg

FIELD: physics; communications.

SUBSTANCE: invention relates to the technology of protecting digital content, and specifically to playing back digital content using licenses. A chain comprises an end license associated with content at one end, and a root license at the other end and all intermediate licenses in between. The end license and all intermediate licenses in the chain are attached to neighbouring licenses in the chain towards the root license, and the root license is attached to the private key owner (PR-U). Each license in the chain is verified and confirmation is made of whether the license allows content playback. A decryption key is obtained from the end license based on application of (PR-U) to the root license. The obtained key is used to decrypt the encrypted content, and the decrypted content is played back.

EFFECT: provision of playback of encrypted digital content on a computer in accordance with a license chain, on which a request for playing back encrypted content is received and a license chain corresponding to that content is found.

5 cl, 5 dwg

FIELD: physics; computer engineering.

SUBSTANCE: invention relates to systems and methods for coordinating software components. Version management policy, which is included in the target component, shows how to access the target component, for instance either as a library component or as a platform component. A component can be designated a library component when it creates a version which is compatible at the binary code level. When other components request for such a component, they receive exactly the component version which they requested. On the other hand, a component can be designated a platform component when it creates a version which is compatible at the bit code level. When other components request for such a component, they receive the last updated version of the requested component instead. That way, access to the corresponding component version is provided (even a version which is different from the requested version). Other implementation versions include mechanisms for stratification of the component application field, based on different data processing levels.

EFFECT: improved version management.

23 cl, 8 dwg

FIELD: physics; computer engineering.

SUBSTANCE: invention relates to computer security. In the system, according to the invention, a basic operating system is used together with a highly reliable operating system. The basic operating system is at least a certain part of infrastructure of the highly reliable system. Occlusion of elements of the graphical user interface, related to the highly reliable operating system, is prevented. Also part of the secret information, which upon command can be displayed by elements of the graphical user interface, related to the highly reliable system, is stored. Coordination of defined components of images of all elements of the graphical user interface, related to the highly reliable operating system, also enables identification of valid elements. In the system for managing windows of the basic operating system there is public heading information for window identification, belonging to the process operating under control of the highly reliable operating system. Information of the secret heading, related to same window, is used only in the highly reliable operating system.

EFFECT: invention increases security of computer systems from hacking.

30 cl, 9 dwg

FIELD: physics; computer engineering.

SUBSTANCE: invention relates to architecture and a method of permitting display of digital content with the corresponding digital license, associated with a specific computer device. Transmitting and receiving computer devices are connected to each other over a network. A transmitting device transmits protected digital content to a receiving device such that, the receiving device can access that content even if the content is directly licensed to the transmitting device and not to the receiving device.

EFFECT: coordinated access to content between computer devices on a network.

20 cl, 6 dwg

FIELD: information technologies.

SUBSTANCE: inventions are related to computer systems and methods for provision of protected access to database. System comprises memory device for protection descriptors, which store information about protection, related to at least one line of database, besides database contains at least one table that includes at least one line and two columns, in one of columns there is a protection descriptor stored, being related to line, information stored in protection descriptor comprises data about which type of access and to which principal is permitted or prohibited; database processor that issues response to query of database, based at least partially on information about protection stored in protection descriptor, which is assessed on the basis of information stored in database, and context of user that makes query; query component that contains optimiser of queries, which defines optimal route for response provision to query.

EFFECT: improved protection of access to database.

20 cl, 9 dwg, 2 tbl

FIELD: engineering of devices and methods for using server for access to processing server, which performs given processing.

SUBSTANCE: for this in accordance to method reservation is requested, reservation is confirmed, authentication information included in reservation information is stored, service is requested on basis of authentication information, server utilization is authenticated and server is utilized on basis of authentication result, while on stage of reservation confirmation device for controlling reservation transfers reservation setting information, and on stage of authentication server utilization is only confirmed when authentication information matches authentication information transferred from user terminal. Device contains receiving means, information generation device and transmitting means.

EFFECT: creation of method for using server, device for controlling server reservation and means for storing a program, capable of providing multiple users with efficient utilization of functions of processing server with simultaneous decrease of interference from unauthorized users without complicated processing or authentication operations.

6 cl, 51 dwg

Up!