587 results about "Black list" patented technology

An individual's social network is used to authorize information flow to the individual and to authenticate the individual for access to certain information or services. Information flow to the individual is authorized if the source of the information is a member of the individual's social network who is connected to the individual along a path that does not traverse through anyone on a gray list of the individual. The black list identifies those members who previously sent unwanted communication to the individual or posted content that was deemed offensive by the individual. The gray list identifies those members who are one degree separated from any black list member. The individual is authenticated for access to certain information or services if a member of the individual's social network already has access and this member is connected to the individual along a path that does not traverse through anyone on a gray list of the individual, or if members of the individual's social network who are connected to the individual along a path that does not traverse through anyone on a gray list of the individual have an average authentication rating that is at least a minimum value.

Dynamically filtering and classifying messages, as good messages, bulk periodicals, or spam. A regular expression recognizer, and pre-trained neural networks. The neural networks distinguish “likely good” from “likely spam,” and also operate at a more discriminating level to distinguish among the three categories above. A dynamic whitelist and blacklist; sending addresses are collected when the number of their messages indicates the sender is good or a spammer. A dynamically selected set of regular expressions input to the neural networks.

A method and system to protect users against potentially fraudulent activities associated with spoof web sites are described. According to one aspect of the present invention, the URL of a document downloaded via a web browser client is compared to the URLs in a list of URLs for known spoof sites. If the URL for the downloaded document is found in the list of URLs for known spoof sites, a security indicator is displayed to the user to indicate to the user that the downloaded document is associated with a known spoof site. According to another aspect of the invention, a security server maintains a master black list and periodically communicates updates of the master black list to the local list of a client security application.

A URL verification service is provided that is used to evaluate the trustworthiness of universal resource locators (URLs). As a user browses the world wide web, a URL verification client captures a URL associated with a web page of unknown authenticity. The URL verification client transmits the captured URL to a URL verification server. The URL verification server compares the URL to actively maintained whitelist and blacklist information. The server also uses the URL and a user-supplied or automatically-extracted brand to query a search engine. The URL verification server processes the response of the search engine to the search engine queries and the results of cache and whitelist and blacklist comparisons to determine whether the captured URL is legitimately associated with the brand. The results of the URL evaluation process are transmitted from the URL verification server to the URL verification client, which notifies user.

A protocol for protected email transmission using micropayments and a segregated inbox in which protected emails are displayed. The protocol also involves authentication of the sender to defeat phishers and an opt out protocol which can be used to block protected emails from sources from which the user no longer wishes to receive emails even if the source has made a micropayment. Branded email is also taught wherein a sender of protected emails can pay extra to have a miniature version of its brand logo or trademark displayed with its email in the segregated inbox. A white list is maintained on the protected email server (along with the opt out black list) so that recipients can designate specific senders who may send email to that recipient without paying a micropayment and still have the protected email displayed in the segregated inbox.

Systems and methods for caller id authentication, spoof detection and list based call handling are disclosed. The caller ID authentication is performed by an authentication device connected to the calling party telephone transmitting the source and destination telephone numbers of the call to an authentication server. The called party authentication device extracts the caller ID of the incoming call and transmits the caller ID of the caller and the telephone number of the called party to the authentication server. The authentication server analyzes the transmitted information from both devices and replies with the authentication status of the caller ID to the called party authentication device. Other embodiments are disclosed where the authentication server is not available and caller ID authentication is performed in a peer-to-peer manner. In another embodiment, the concepts of active and passive certification passwords are used to maintain the integrity of the system. Other embodiments allow for authenticating blocked caller ID's, reveling blocked caller ID's, VoIP implementations, legitimate caller ID spoofing, and placing a blocked caller ID on private white or black lists. Another embodiment combines the described caller ID authentication system within a call handling system utilizing internal, global and private white and black lists. Applications of caller ID authentication methodology to other forms of communication source address authentication, such as email, SMS, and postal mail are envisioned.

A method of cell reselection in a wireless communications system where parameters are transmitted by the network in system information blocks to WTRU's on the network. Parameters are either added or subtracted from an equation representing the signal power and/or quality of a cell. Parameters may be prioritized. The results of the calculations are used to rank the servicing cell and neighboring cells. If a neighboring cell has a higher quality than the servicing cell, then the WTRU reselects the better cell. The network may transmit a blacklist of cells where the WTRU cannot camp as well as a barring timer for each cell where if the timer expires, the cell may again be considered for reselection. Information germane to the reselection decision may be transmitted and used by the network.

Provided herein is an electronic message management platform that enables management and execution of electronic message campaigns while appropriately managing challenges presented by spam filters, black lists, and domain blocking technologies, and that includes elements for managing an electronic message campaign based on dynamic conditions, quality measures, engagement factors, and other measures, factors and conditions.

A phishing filter employs a plurality of heuristics or rules (in one embodiment, 12 rules) to detect and filter phishing attempts solicited by electronic mail. Generally, the rules fall within the following categories: (1) identification and analysis of the login URL (i.e., the “actual” URL) in the email, (2) analysis of the email headers, (3) analysis across URLs and images in the email other than the login URL, and (4) determining if the URL is accessible. The phishing filter does not need to be trained, does not rely on black or white lists and does not perform keyword analysis. The filter may be implemented as an alternative or supplemental to prior art spam detection filters.

A system, method and computer program product for detection of false positives occurring during execution of anti-malware applications. The detection and correction of the false positives is implemented in two phases, before creation of new anti-virus databases (i.e., malware black lists) or before creation of new white lists, and after the anti-virus databases or new white lists are created and new false positives are detected. The system calculates a probability of detection of a certain potential malware object. Based on this probability, the system decides to either correct a white list (i.e., a collection of known clean objects) or update a black list (i.e., a collection of known malware objects). A process is separated into a several steps: creation and update (or correction) of white lists; creation and update of black lists; detection of collisions between these lists and correction of black lists or white lists based on the detected collisions.

A system is disclosed for protecting a network against malicious attacks or attempts for unauthorized access. A network is connected to an external network by a number of firewalls. Inspectors detect packets blocked by the firewalls and some or all of the packets are detected to a labyrinth configured to emulated an operational network and response to the packets in order to engage an attacker. Blocked packets may be detected by comparing packets entering and exiting a firewall. Packets for which a corresponding packets are not received within a transit delay may be identified as blocked. Entering and exiting packets may be compared by comparing only header information. A central module may receive information from the inspectors and generate statistical information and generate instructions for the inspectors, such as blacklists of addresses known to be used by attackers.

A method achieving united processing of a mobile phone comprises steps as below: a user installs client terminal software on a mobile terminal; achieving operations like number binding and establishing an account simply with pressing of one key and the like, and a cloud server carries out functional configuration to the client terminal software; achieving setting and management of a personal address book, a personal white list, a personal black list, contextual models, and harassment prevention; the cloud server carries out united controlling and processing of the calling process of the incoming calls of the user according to a set calling processing scheme and a calling process of an incoming call. The system achieving the united processing of the mobile phone comprises a subsystem of an intelligent network, an independent peripheral platform, a cloud server, and client terminal software, wherein the cloud server comprises a mobile terminal access service subsystem and a management and data-analyzing server subsystem. The method and the system achieving the united processing of the mobile phone achieve united processing functions of harassment prevention, disturb prevention, call transfer, a voice mail, a secretary station and the like.

The link exchange system and method 100 automatically creates links between web sites. Specifically, the method of creating links includes providing an account Owner the opportunity to create and manage whitelists 111 and blacklists 116 which are used as filters to automatically accept or decline a proposed link according to criteria set forth in the respective lists. If the link request is accepted, the link is created on the account Owner's link page(s).

The invention discloses a method and a system for detecting a network security threat based on trusted business flow. The method comprises the following steps of establishing a blacklist and a white list of network flow and constructing a baseline model, wherein the white list is the trusted business flow and is a feature contour library of normal network behavior and host behavior; comparing real-time monitoring flow data and the baseline model; when the real-time data is matched with the blacklist, outputting an abnormal flow alarm; when the real-time data is matched with the white list and a deviation exceeds a preset threshold, outputting a threat flow alarm; and when the real-time data is mismatched with the blacklist and the white list, treating as a gray list and outputting an unknown flow alarm. According to the method and the system, the network security threat can be comprehensively and effectively detected at a low false alarm rate and high anti-virus efficiency, and the method and the system can adapt to a more granular network attack and defense confrontation environment.

The invention discloses a real time filtrating method for large-scale garbage message based on the content, including the steps as following: 1, pre-filtrating by using the black list and the white list; 2, carrying out the online filtrating by using the filtrating module based on the frequency; 3, carrying out the fast filtrating for the message content by using the method of twice hashing; 4, carrying out the pretreating of the message text for suspicion message, and converting the same into the phase vector; 5, judging the suspicion message by using the method of combination of Naive Bayesian classifier and support vector classifier. The invention can greatly improve the filtrating speed of garbage message, and efficiently reduce the produced erroneous judgement rate in the conventional key word filtrating method; can efficiently solve the problem of group sending garbage messages with malicious intent in the short time; can efficiently avoid to mistake the common message as the garbage message so as to reduce the erroneous judgement, and efficiently improve the filtrating accuracy of whole system by analyzing the message content on the semantics.

A source of side-loaded software is determined. An action may be performed in response to the determination of the source. In one case, the handling of an application on a mobile device may be based on whether the source of the application is trusted or untrusted. If a software application being newly-installed on a mobile device of a user is determined to be untrusted, installation or execution is blocked. In one approach, the determination of the source includes: determining whether a first source identifier of a first application matches a white list of source identifiers or a black list of source identifiers; and sending the first source identifier and a first application identifier for the first application to a different computing device.

The invention discloses a botnet detection method based on DNS (Domain Name System) flow characteristics. The method of the invention comprises a Domain-Flux botnet detection method based on DNS flow characteristics. The method comprises steps: legal main domain names and illegal main domain names are combined to form a target set; a domain name whose length is larger than 6 is extracted and processed as a research target; the domain name entropy, word formation characteristics, phonetic characteristics and grouped characteristics are calculated respectively; and the above is put in a random forest classifier to obtain a training model. A Fast-Flux botnet detection method based on the Domain-Flux botnet detection method comprises steps: the original data of a DNS server are processed; the training model obtained before is used for evaluating a to-be-processed domain name, and a score for a DGA condition is acquired; a white list, a black list and a grey list are used for scoring the domain name and an IP; time characteristics of the IP address are calculated; the stability of the IP address is calculated; and the above is put in the random forest classifier to obtain a training model SFF. The experiment accuracy is high.

Disclosed methods provide for publishing domain name related reputation data in WHOIS records. Reputation data may be published in the WHOIS records of the domain name. Reputation data may include values, ratings, or scores, as well as links or references to the locations where such values, ratings, or scores may be found (e.g. URL link). The reputation data may be tracked on the domain name itself, URLs, domain name purchaser or registrant, or email addresses associated with the domain name. The reputation data may include various categories, such as email practices, website content, privacy policies and practices, fraudulent activities, domain name related complaints, overall reputation, etc. The requester may decide whether to allow email messages or visit URLs based on the domain name related reputation. The reputation data in WHOIS may be digitally signed for authenticity. WHOIS data may blacklist or whitelist a resource.

The invention discloses a method and a system for preventing harassment call. The method comprises the following steps of: judging whether a calling number is in a black list, if so, rejecting to transfer calling to a phone owner; judging whether the calling number is in a white list if the calling number is not in the black list; automatically transferring to the phone owner if the calling number is in the white list, otherwise judging whether the calling number is in the call record of the phone owner; and automatically transferring to the phone owner if the calling number is in the call record of the phone owner, otherwise transferring to an automatic intelligent voice recognition platform. By the method, the harassment call can be effectively filtered, an acquaintance cannot feel strange by filtering the calling according to the white list and the black list and screening many frequently-contact numbers in the call record. Moreover, the workloads of manual operation can be reduced by adopting an intelligent voice recognition technology.

A system and method for detecting and mitigating abuse and fraud on advertising platforms using artificial intelligence is disclosed, the system and method including a advertising platform built upon blockchain technologies storing records of transactions, and a discovery system that periodically audits records stored against website code and website image data to automatically identify suspicious transactions. The suspicious transactions are identified to establish a blacklist of identities who are then prevented from interacting with the blockchain technologies in respect of available transactions.

A method and apparatus for blocking unwanted messages (spam) in a telecommunications network. A location server of the network stores black lists of message sources which are known or believed to be generators of spam messages, or sources from which a particular destination does not wish to receive messages. When a location inquiry is made to a location server, such as a home location register (HLR) of a mobile network or a home subscriber server (HSS) of an Internet Protocol network, wherein is stored a table of sources which have been black listed because they are believed to be sources of spam messages. Advantageously, this arrangement avoids use of network resources to make extensive checks to identify spam messages.

This invention addresses to execute an emergency access interception in a widely distributed environment.

An access controller 100 manages an access control list (ACL) 110 recording access right to each object, and a black list (BL) 120 recording user information corresponding to the emergency access interception. The access controller 100 receives a request for authentication to access right and judges whether or not the access right is proper, first according to the BL 120 then ACL110. In case where the user information corresponding to the request is recorded in the BL 120, the access controller 100 sends out the user information to other access controllers and instructs them to register it in the black list. This invention effectively actualizes the emergency access interception under the widely distributed environment in case where the interception is required for any user.

The invention discloses a fuzzy hashing algorithm-based malicious code detection system and a fuzzy hashing algorithm-based malicious code detection method. The system consists of a client and a cloud server. The client calculates a fuzzy hash value of an object to be detected, and transmits the fuzzy hash value to the cloud server. The cloud server compares the fuzzy hash value with fuzzy hash values of known normal files, and determines that the object to be detected is a normal file if one of obtained similarities is higher than a white list threshold value. The cloud server compares the fuzzy hash value with fuzzy hash values of known malicious codes, and determines that the object to be detected is a malicious code if one of obtained similarities is higher than a blacklist threshold value. The client transmits back the whole object to be detected under other conditions, and the object to be detected is further detected by adopting the conventional cloud searching and killing method. Compared with the conventional cloud-based malicious code detection technology, the method and the system have the technical effects of larger data transmission size, lower network resource consumption and better malicious code detection effect.

A vehicle real-time monitoring system based on a wireless RF identification technology is provided, which is composed of an interactive vehicle license plate, a detector, a communication network terminal, a communication network, a center server and a control management system, etc. The system is capable of realizing digitalization of vehicle monitoring information; the interactive vehicle license plate realizes an interactive function of the vehicle license plate by using a RFID technic and an audio, optical prompting technic, thereby interactive response between a vehicle to be monitored and the vehicle monitoring system; the interactive vehicle license plate is decryption-proof, falsification-proof, every license plate has a global unique identification number capable of realizing no-parking large-distance automatic identification and automatic examination of unlawful vehicles, vehicles with pirated license plates, and blacklist vehicles; a vehicle information database of real-time positions of the vehicles to be monitored, moving tracks and the like can be generated. The invention uses an active RF card, avoids a fault that an effective distance of a passive RF card (such as a bus IC card, an entrance guard card), and uses an omnidirectional (non-directional antenna) to veritably realizing no-parking large-distance automatic identification.

A method and system for data session establishment from a mobile device in a multiple networks scenario, the method including, checking whether an identifier for an first network is on a blacklist on the mobile device; if the first network identifier is not on the blacklist, attempting to establish a data connection with the first network; and if the first network identifier is on the blacklist, establishing a data connection with a second network. The method and system for data session establishment include deriving and maintaining the blacklist.

The invention relates to a method, device and system for preventing malicious requests for a server. The method includes the following steps that: first verification is performed on a received first network request, and verification results of the first verification and a generated session token are returned to the cookie of a user end which transmits the first network request; and second verification is performed on the verification results, the session token and the like which are carried by a received second first network request, if verification is successful, a response is made to the second first network request, so that corresponding service data processing can be performed, otherwise, the second first network is intercepted. According to the method, device and system for preventing malicious requests for the server of the invention, a blacklist user data table is updated in real time in a malicious request verification process, and users who send malicious requests are marked as blacklist users; and service processing is performed on the network request (the second network request) which is transmitted by a user based on the session token obtained by the user; and therefore, the rate of misjudgment and the rate of missed judgment can be effectively decreased, and the accuracy of malicious request judgment can be improved.

A method for providing a customized platform for facilitating prescheduling transport and delivery services based on estimated driver availability and compatibility with individual customers. A service provider and customer may be matched based on favorites, preferred or regular and a dispatch matrix of preferences, limitations, and indicators. Customers and service providers may create favorites lists, preferred lists, and blacklists according to feedback with each other to enable customers to receive service from their favorite service providers and vice versa, and prevent service between customers and service providers when blacklisted. Customers and drivers may also negotiate prices for requested services based at least in part on supply and demand. The method provides for automatically scheduling transportation services in which service requests are received and automatically scheduled based on a partner driver arrangement using a micro-dispatch system without live dispatching agent involvement.

A method for guarding against telephony-based fraud that includes, at a telephony device, identifying a caller ID of an incoming call or a dialled number of an outgoing call attempt or a number to be dialled. The identified caller ID or dialled number or number to be dialled is then compared against a blacklist of telephone numbers. In the event that a match is found, a warning is presented to a user of the device and/or the call or call attempt is terminated.

The present invention provides a network transaction security system and method. The monitoring module monitors user input in real time so that the judging module can judge in real time whether the currently visited website is a phishing website, and the prompt module quickly sends a vigilant prompt to the user and informs the unknown URL of the currently visited website. Report for review to update to the black and white list database, which improves the correct rate of identifying phishing websites and blocking access, and greatly reduces the probability of huge losses caused by theft of the user's online banking account. It is applicable to various bank cards, credit cards, and social security cards. Anti-phishing for online transactions such as game point cards, recharge cards, shopping cards and electronic money, with wide coverage, multiple notification methods and channels, and high timeliness.

A method and apparatus for creating predictive filters for messages. In one embodiment, filter information is coupled to a reputation database. One or more filters for a message feature are generated if a reputation of the message feature is associated with one or more portions of the filter information. In one embodiment, SPAM filters are generated. In yet another embodiment, one or more message features are tested using heuristics. One or more message features are blacklisted based on a determination of the heuristics. One or more additional message filters are generated if a reputation of the message feature is associated with a blacklisted feature.