HK1113838A

HK1113838A - Apparatus and methods for managing content exchange on a wireless device

Info

Publication number: HK1113838A
Application number: HK08109571.0A
Authority: HK
Inventors: 肯尼‧福克; 蒂亚‧曼宁‧卡塞特; 黄智玄
Original assignee: 高通股份有限公司
Priority date: 2005-03-25
Filing date: 2006-03-27
Publication date: 2008-10-17

Abstract

Apparatus, methods, computer readable media and processors operable on a wireless device may provide an anti-spam engine operable to intercept content intended for and/or generated by client applications, and filter out unwanted content. The anti-spam engine may include a configurable module having a spam filter that may determine whether content is unwanted. Based on the result of subjecting the content to the spam filter, the anti-spam engine may forward the content to the intended client application and/or a network destination, and/or may generate a spam log. The anti-spam module may be further operable to forward the spam log to another device, such as a user manager device, operable to analyze the log and generate a report which may be viewable by an operator.

Description

Apparatus and method for managing content exchange on a wireless device

Claiming priority in accordance with 35 U.S.C. § 119

This patent application claims priority from provisional application No. 60/665,305 entitled "Methods and Apparatus for predicting Unauthorized Downloads to a Wireless Device", filed on 25/3/2005, which is assigned to the assignee of the present invention and is expressly incorporated herein by reference.

Technical Field

The described embodiments relate generally to wireless communication devices and computer networks, and more particularly, to apparatus and methods for detecting unauthorized content on a wireless device.

Background

Wireless networking connects one or more wireless devices to other computer devices without a direct electrical connection, such as a copper wire or optical cable. Wireless devices communicate data, typically in packets, over a wireless or partially wireless computer network, and open a "data" or "communication" channel over the network so that the device can send and receive data packets. Wireless devices typically have wireless device resources, such as programs and hardware components, that individually and cooperatively operate to use and generate data according to their design and specific protocol or configuration, such as using open communication connections to transmit and receive data over a network.

Wireless devices are being manufactured with increased computing capabilities and are becoming tantamount to personal computers, and include, for example, Internet browsing, instant Messaging ("IM"), email, and text messaging (including short message service and multiple

Media messaging service ("SMS/MMS")), etc. Because such features facilitate direct contact with wireless device users, these messaging clients have been the target of unauthorized, unsolicited and, in most cases, undesirable messages and/or viruses (referred to herein as "spam").

Spam delivery can be roughly defined as bulk delivery of unsolicited messages and/or viruses using any electronic communications medium, and by definition, occurs without recipient permission. While its usage is generally limited to indiscriminate bulk mailing and not any targeted marketing, the term "spam" may refer to any commercially-directed, unsolicited bulk mailing that is deemed superfluous and undesirable. While the most common form of spam is delivered through email, spammers have developed various spamming techniques, which differ depending on the media: e-mail spam, instant messaging spam, newsgroup spam, web search engine spam, weblog spam, and mobile phone messaging spam.

Spam by email is a type of spam that involves sending the same (or nearly the same) message to thousands (or millions) of recipients. Spammers typically gather the address of the intended recipient from newsgroup postings and/or web pages, obtain the address from a database, or simply guess the address by using a common name and domain name.

For example, Yahoo! Instant messaging ("IM") systems such as Messenger, AIM, MSN Messenger and ICQ are common targets for spammers. Many IM systems provide a user directory that contains demographic information such as age and gender. Advertisers can collect this information, register the information in the system, and send unsolicited messages.

Some forms of mobile phone spam contain spam directed at mobile phone text messaging services and may be particularly objectionable to users not only because of the inconvenience they cause, but also because users may have to pay for receiving unsolicited and often undesirable text messages. The mobile phone spam may also include any type of content that can be received by the mobile phone, such as audio content, video content, software programs, and the like, as well as combinations thereof.

Several methods of message analysis to protect networks from spam attacks include fingerprint authentication and rule-based scoring. Fingerprinting techniques take a "digital picture" of each message and match it to a known spam message profile to detect and mark undesirable e-mails as spam. Rule-based scoring involves scoring a message against a database of spam rules, assigning a score to the message based on the unique characteristics of spam and legitimate e-mail. When the score of a message exceeds a predefined threshold, it is marked as spam.

Anti-spam filtering methods at the wireless user device level have been accomplished, in large part, by incorporating an anti-spam module within each messaging client application. However, if anti-spam code is incorporated within each client application (e.g., email, MMS, SMS and IM), a significant amount of valuable handset storage/memory is wasted in performing essentially the same function (i.e., anti-spam filtering).

Furthermore, if the functionality of the anti-spam module is limited to filtering spam after it is received by the wireless device, then filtering does not solve the problem of network congestion due to the large amount of spam that passes through the network, which is as severe or even more severe than the spam problem. With millions of spam content instances for wireless devices that are also large and growing in number with several content-consuming client applications, a network that is accurately tailored to the specific bandwidth of legitimate traffic (plus a little additional bandwidth) may be urgently needed to maintain a design target quality of service.

It would therefore be advantageous to provide such an apparatus and method: it provides a single ubiquitous anti-spam module that can be configured to monitor all content entering the wireless device before any client application receives the content. It would also be advantageous to provide an apparatus and method operable to analyze spam filtering effects on a wireless device with the goal of blocking further spam attacks.

Disclosure of Invention

The described embodiments include apparatuses, methods, computer-readable media and processors to: it is operable on a wireless device to provide a single ubiquitous anti-spam detection mechanism that is capable of filtering out undesirable content, such as unauthorized and/or unsolicited content and/or viruses, i.e., spam, within a data stream received from a wireless network and intended for client applications resident on the wireless device and/or within a data stream generated on the wireless device and intended for transmission over the wireless network to a remote device.

Further, such apparatus and methods may include forwarding information regarding the detected undesirable content to a user manager and/or operator for further analysis and generation of reports. Furthermore, the network operator may be notified of undesirable content in order to block future propagation of undesirable content throughout the network.

In some aspects, a method for filtering content on a wireless device includes intercepting content on a wireless device prior to delivery of the content to a content destination. The method further includes analyzing the content based on a content filter to determine whether the content includes undesirable content, wherein the content filter is selected from a plurality of content filters based on at least one of: a network service provider associated with the wireless device, hardware characteristics associated with the wireless device, predetermined characteristics associated with the destination of the content, and hardware requirements associated with the content. Further, the method includes forwarding the content to a content destination or quarantining the content based on the analysis of the content. In other aspects, at least one processor may perform the functions described above. In a further aspect, a machine-readable medium may comprise instructions which, when executed by a machine, cause the machine to perform the operations described above.

In other some aspects, the wireless device includes means for intercepting content on the wireless device prior to delivery of the content to the content destination. The wireless device further comprises means for analyzing the content based on a content filter to determine a content classification, wherein the content filter is selected from a plurality of content filters based on at least one of: a network service provider associated with the wireless device, hardware characteristics associated with the wireless device, predetermined characteristics associated with the destination of the content, and hardware requirements associated with the content. Further, the wireless device includes means for forwarding content to a content destination or quarantining the content based on a content classification.

In other aspects, a wireless device includes an anti-spam engine operable to intercept content on the wireless device prior to delivery of the content to a content destination, the anti-spam engine comprising a content filter selected from a plurality of content filters based on at least one of: a network service provider associated with the wireless device, hardware characteristics associated with the wireless device, predetermined characteristics associated with the destination of the content, and hardware requirements associated with the content. Further, the wireless device comprises control logic associated with the anti-spam engine and operable to apply a content filter to content and determine whether the content comprises undesirable content, wherein the control logic is further operable to forward content to a content destination when the content does not comprise undesirable content, and to isolate content when the content comprises undesirable content.

In other aspects, a method for managing filtering of content on a wireless device comprises: providing predetermined content filters and reporting parameters to the wireless device; and receiving a spam log related to content located on the wireless device and subject to the predetermined content filter based on the reporting parameter. Further, the method includes generating a report based on the spam log. In other aspects, at least one processor may perform the above-described acts. In other aspects, a machine-readable medium may comprise instructions which, when executed by a machine, cause the machine to perform the operations described above.

In other aspects, an apparatus for managing filtering of content on a wireless device comprises: means for providing predetermined content filters and reporting parameters to the wireless device; and means for receiving a spam log related to content received by the wireless device and subject to the content filter processing based on the reporting parameter. Further, the apparatus includes means for generating a report based on the spam log.

In a further aspect, an apparatus for managing filtering of content on a wireless device includes a generator module operable to generate a content filter configuration and reporting parameters including at least one predetermined content filter. Further, the apparatus comprises an anti-spam module operable to forward a content filter configuration to the wireless device and operable to receive a spam log of content related to content received by the wireless device and subject to spam filter processing based on the reporting parameter. Further, the apparatus includes a report generator operable to generate a report based on the spam log.

Drawings

The disclosed embodiments will hereinafter be described in conjunction with the appended drawings, provided to illustrate and not to limit the disclosed embodiments, wherein like designations denote like elements, and in which:

FIG. 1 is a schematic diagram of one aspect of a system for preventing predetermined content from being received and/or transmitted by a client application on a wireless device;

FIG. 2 is a schematic diagram of one aspect of a wireless device according to FIG. 1;

FIG. 3 is a schematic diagram of one aspect of an anti-spam engine residing in memory of the wireless device according to FIG. 2;

FIG. 4 is a schematic diagram of one aspect of a user manager in accordance with the system of FIG. 1;

FIG. 5 is a schematic diagram of one aspect of a configuration generator module according to the user manager of FIG. 4;

FIG. 6 is a schematic diagram of an aspect of a device control module according to the user manager of FIG. 4;

FIG. 7 is a schematic diagram of one aspect of an operator workstation in accordance with the system of FIG. 1;

FIG. 8 is a schematic diagram in accordance with one aspect of the cellular telephone network of FIG. 1;

FIG. 9 is a flow chart of a method for preventing unauthorized downloads to a wireless device in accordance with the system of FIG. 1;

FIG. 10 is another flow chart of a method for preventing unauthorized downloads to a wireless device in accordance with the system of FIG. 1;

FIG. 11 is an event sequence diagram operable in some embodiments of the system of FIG. 1; and

fig. 12 is another sequence of events diagram operable in some embodiments of a system according to fig. 1.

Detailed Description

Referring to fig. 1, a system 100 for detecting undesirable content on a wireless device, including preventing receipt and/or transmission of such content, may comprise a wireless device 102, the wireless device 102 operable to receive a content filter configuration 170 from a user manager 110. Undesirable content or spam may include unauthorized or unsolicited content and/or viruses. The content filter configuration 170 defines parameters for: filtering the content using the filter module 180; recording details associated with the filtered content in a spam log 184; and forwards log 184 to user manager 110 or another device for analysis.

For example, the operator workstation 114 may be configured to receive a spam report 205 associated with the user manager 110 generated by the report generator 204, and may be further configured to communicate the future spam blocking instructions 116 to the message center 118. Communication between wireless device 102, user manager 110, operator workstation 114, and message center 118 may be accomplished via network 101.

The content filter configuration 170 and corresponding filter module 180 may include one or more content filters to apply to incoming and/or outgoing content. The content filter utilized by the wireless device 102 may be selected from a plurality of content filters based on, for example, at least one of: a network service provider associated with the wireless device, hardware characteristics associated with the wireless device, predetermined characteristics associated with the destination of the content, and hardware requirements associated with the content.

For example, wireless device 102 may operate on a local wireless network provided by a network service provider, but the device may roam from the local network to another wireless network under the control of another network service provider. Since spam may affect the performance of a given wireless network, each wireless service provider may define and provide customized content filters to be used by any wireless device operating on its wireless network.

In another example, the content filter may vary according to hardware characteristics of a given wireless device. For example, hardware characteristics such as processor type/capability, speaker type/capability, ringer type/capability, display type/capability, and memory type/capability may affect whether a given wireless device is capable of efficiently processing given content. For example, a given content comprising a given ringtone may require a sound that cannot be produced by a given ringer associated with a given wireless device, and thus the given content may be considered spam for the given device. Thus, a given content that negatively impacts the hardware characteristics of one wireless device may be classified as spam for that device, while the same content may be classified as non-spam for another wireless device having different hardware characteristics.

Similarly, the content filter may change according to a predetermined characteristic associated with the content destination. For example, in the case of incoming content received by a wireless device, the predetermined characteristic associated with the content destination may comprise, for example, an identification of a destination client application resident on the wireless device. In other words, content defined or categorized as spam may vary depending on whether the content is destined for a browser rather than a text messaging client. Where the outgoing content is intended to be transmitted from the wireless device, the predetermined characteristic associated with the content destination may include, for example, the number of content destinations associated with the content. In other words, sending more than a predetermined number of copies of the same content may be defined as a spam sending.

Similarly, the content filter may change according to hardware requirements associated with the content. For example, the hardware requirements may include, for example, at least one of: wireless device processor type/capability/capacity usage, audio component type/capability/usage, video component type/capability/usage, and wireless device memory type/capability/usage. In other words, for example, spam may be defined as more than a predetermined amount of the total capacity required to use a given wireless device hardware resource. Given content may negatively impact the overall performance of the wireless device due to the use of excess capacity, and/or may impact the performance of other applications executing on the wireless device.

The wireless device 102 may include any type of computerized device, such as a cellular telephone, a personal digital assistant, a two-way text pager, a portable computer, or even a separate computer platform that has a wireless communication portal, and which also may have a wired connection to a network or the Internet. The wireless devices may be remote slave devices or other devices that do not have an end user and simply communicate data across the wireless network 101, such as remote sensors, diagnostic tools, and data relays.

The wireless device 102 includes an anti-spam engine module 138 that monitors incoming and/or outgoing content and filters out undesirable, unsolicited and/or unauthorized content and/or viruses, collectively referred to as spam. The anti-spam module 138 can be loaded into the memory 136 of the wireless device 102 in a number of ways, including but not limited to: static installation at the factory 106; by wireless transmission over a wireless network (e.g., network 101); and through a hardwired connection, such as via a Personal Computer (PC). The wireless device 102 may be delivered to a network operator and/or some other retailer for sale and delivery to the user and activation on the network.

Once the wireless device 102 is activated by the carrier, the application client and wireless device components/ports/interfaces for sending and receiving content may operate on the wireless device 102. For example, application clients may include, but are not limited to, clients such as instant messaging ("IM"), email, and messaging clients such as Short Message Service (SMS) clients and Multimedia Messaging Service (MMS) clients, as well as browsers. The wireless device components/ports/interfaces may include any point at which content enters the wireless device and/or any point at which content exits the wireless device, as will be discussed in more detail below. By targeting these client applications and components/ports/interfaces, advertisers and other spam generators 122 of unsolicited communications can then gain access to the network 101 and obtain address information for the wireless device 102. Once provided with such information, such as a telephone number and/or an Internet Protocol (IP) address, spam generator 122 can begin sending spam 124 to wireless device 102 via message center 118 and wireless link 120. Spam 124 can be any content that is not requested, desired, and/or authorized by the user of wireless device 102 and/or an operator and/or network service provider associated with network 101. In addition, spam generated by client applications, either intentionally or unintentionally, may be transmitted to the network, thereby degrading network availability.

The anti-spam engine module 138 is operable to intercept all incoming content and/or all outgoing content and filter out content and/or viruses that are determined to be unauthorized and/or unsolicited and/or undesirable based on configurable parameters, as will be discussed in detail herein.

In one aspect, the anti-spam engine 138 can quarantine detected spam in a quarantine folder and can generate a spam log with details of the detected spam. Further, in another aspect, the anti-spam engine 138 can transmit the spam log over the wireless link 108 to the user manager 110 based on configurable reporting parameters.

User manager 110 may receive the logs, analyze the data, and generate reports. For example, the user manager 110 may email the report to the operator workstation 114 through the communication channel 126, or otherwise make the contents of the report available for viewing by the operator.

The operator may analyze the report and may issue a command 112 to the user manager 110 based on the analysis, with instructions to update the anti-spam engine 138 (e.g., to update the filtering features of the engine to detect new forms of spam). In addition, the operator workstation 114 may transmit instructions 116 to the message center 118 to block further access to the network 101 by the spam generator 122.

Referring to fig. 2, wireless device 102 may include a computer platform 130 interconnected with an input mechanism 132 and an output mechanism 134, the input mechanism 132 and output mechanism 134 providing input and output, respectively, for communicating with resident applications. For example, input mechanisms 132 may include, but are not limited to, mechanisms such as keys or keyboards, mice, touch screen displays, and voice recognition modules. Output mechanism 134 may include, but is not limited to, a display, an audio speaker, and a haptic feedback mechanism.

Computer platform 130 may further include a communications module 152 embodied in hardware, software, firmware, executable instruction data, and combinations thereof, operable to receive/transmit and otherwise enable communications between components within wireless device 102, as well as to enable communications between wireless device 102 and other devices, such as devices connected in series and devices connected via an air interface, such as network 101. The communication module 152 receives content 160 from one or more client applications 140 and/or from an input mechanism 132 on the wireless device 102 and/or from another device in communication with the wireless device 102, and cooperates with the anti-spam engine 138 to analyze the content 160 before allowing the content to be transmitted from the wireless device and/or received by the wireless device.

As described above, communication module 152 may include any components/ports/interfaces that may include any point at which content enters the wireless device and/or any point at which content exits the wireless device. As such, the communication module 152 may include interface components for hardwired communication and for wireless communication. For example, the communication module 152 may include, but is not limited to, interface components such as: serial port, Universal Serial Bus (USB), parallel port, and air interface components for wireless protocols/standards such as Wi-Fi, worldwide interoperability for microwave access technology (WiMAX), infrared protocols (e.g., infrared data association (IrDA)), short-range wireless protocols/technologies, bluetooth ® technology, ZigBee ® protocol, ultra-wideband (UWB) protocol, local radio frequency (HomeRF), shared radio access protocol (SWAP), broadband technologies (e.g., Wireless Ethernet Compatibility Association (WECA)), wireless fidelity association (Wi-Fi association), 802.11 network technologies, public switched telephone networks, public heterogeneous communication networks (e.g., internet), private wireless communication networks, terrestrial mobile radio networks, Code Division Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Universal Mobile Telecommunications System (UMTS); wireless communication systems, Advanced Mobile Phone Service (AMPS), Time Division Multiple Access (TDMA), Frequency Division Multiple Access (FDMA), Orthogonal Frequency Division Multiple Access (OFDMA), global system for mobile communications (GSM), single carrier (1X) Radio Transmission Technology (RTT), evolution data specific (EV-DO) technology, General Packet Radio Service (GPRS), Enhanced Data GSM Environment (EDGE), high speed downlink packet access (HSPDA), analog and digital satellite systems, and any other technology/protocol that may be used in at least one of a wireless communication network and a data communication network.

Computer platform 130 may also include memory 136, which may include volatile and nonvolatile memory such as read-only and/or random-access memory (RAM and ROM), EPROM, EEPROM, flash cards, or any memory common to computer platforms. Further, memory 136 may include one or more flash memory cells, or may include any secondary or tertiary storage device, such as magnetic media, optical media, tape, or soft or hard disk.

The memory 136 is operable to store one or more client applications 140, including but not limited to: a web browser client; an IM client; a messaging client, such as an SMS text messaging client and/or an MMS multimedia messaging client; and an email client.

Further, the anti-spam engine 138 can be stored in the memory 136 and can be operable to intercept content 160 received by the communication module 152, which content 160 would be forwarded directly from the communication module 152 to various content destinations, such as resident client applications and/or remote devices located on a wireless network, without the anti-spam engine 138. With anti-spam engine 138 in place, content determined to be spam can be blocked while legitimate content can be forwarded to various content destinations. It should be noted that the anti-spam engine 138 can be configured to filter all content 160 received by the communication module 152, or to filter only selected content received from a selective source/interface, such as only content intended for one or more predetermined client applications 140 and/or only content received at a predetermined port, such as USB.

Further, computer platform 130 may include a processing engine 148, which may be an application specific integrated circuit ("ASIC") or other chipset, processor, logic circuit, or other data processing device. Processing engine 148 is operable to execute an application programming interface ("API") layer 146 that can interface with any resident programs, such as anti-spam engine 138 and client application 140.

In one non-limiting aspect, the API146 is a runtime environment executing on the respective wireless device. One such runtime environment is binary runtime environment for wireless ® (BREW ®) software developed by Qualcomm, inc. Other runtime environments may be utilized that, for example, operate to control the execution of applications on wireless computing devices.

Still referring to fig. 2, processing engine 148 may include one or a set of processing subsystems 150 that provide functionality to wireless device 102. In the cellular telephone example, processing subsystem 150 may include subsystems such as: voice, non-volatile memory, file system, transmit, receive, searcher, layer 1, layer 2, layer 3, master control, remote program, handset, power management, diagnostics, digital signal processor, vocoder, messaging, call manager, bluetooth ® system, bluetooth ® LPOS, location determination, location engine, user interface, sleep, data services, security, authentication, USIM/SIM, voice services, graphics, USB, multimedia such as MPEG, GPRS, etc.

Processing subsystems 150 may include, but is not limited to, any subsystem components that interact with applications executing on computer platform 130. For example, processing subsystems 150 may include any subsystem components that receive data reads and data writes from API146 on behalf of resident anti-spam engine 138 and any other client applications 140 resident in memory.

Referring to fig. 3, the anti-spam engine 138 can monitor and analyze content generated by any client application 140 and/or specified for receipt by any client application 140. The anti-spam engine 138 can be any one or combination of hardware, software, firmware, executable instructions and data.

The anti-spam engine 138 can include an anti-spam engine Identification (ID)139 that identifies the anti-spam engine, and control logic 162 operable to manage all functions and components of the anti-spam engine 138. For example, the anti-spam engine ID139 can include one or more of a name, version, and the like. Further, the anti-spam engine 138 can include a content filter configuration file 170 that defines the content filters 182 to be applied to the incoming content. For example, content filter 182 may be a filter mechanism contained in content filter profile 170, may be a reference to a remotely stored filter mechanism, or may be an identification of a filter mechanism stored within filter module 180 resident on wireless device 102. Further, the control logic 162, in conjunction with the static controller/reporter module 168, is operable to apply specified content filters 182 to the content 160 and identify or classify the content as spam or non-spam, and further collect information associated with the filtering and classification operations. Further, the anti-spam engine 138 can store the filtered content in the isolation folder 164 and can store at least some portions of the filtered content and/or additional content related information in a spam log 184 that is used to report activity of the anti-spam engine 138. Further, anti-spam engine 138 can include a user interface ("UI") 166 that assists a user, such as a local user of wireless device 102 or a remotely located user in communication with wireless device 102, in operating anti-spam engine 138.

For example, the UI166, in conjunction with the input mechanisms 132, may be operated by an end user to configure at least a portion of the capabilities of the anti-spam engine 138, including content filtering, reporting, quarantining, and disposing of detected spam.

In addition to being configurable by a user, the content filter configuration file 170 may be downloaded to the memory 136 via wireless transmission over the wireless network 101, statically installed at manufacture by the OEM106 (FIG. 1), and downloaded to a Personal Computer (PC) via a hardwired connection. For example, the content filter profile 170 may be set by an operator associated with a network service provider and transmitted to the wireless device 102 via the user manager server 110.

Content filter profile 170 may include any combination of one or more sets of parameters that specify spam filtering, logging, and reporting activities to be performed by wireless device 102. For example, the content filter configuration file 170 may include a set of parameters that will apply to all content regardless of the destination of the content. Alternatively, the content filter configuration file 170 may include a set of destination-specific parameters that correspond to one or more resident client applications 140 (FIG. 2) capable of receiving content from the network 101 and/or one or more content destinations on the wireless network 101.

As such, in some aspects, the content filter configuration file 170 may include one or more of the following parameters: a content destination 172 that identifies the client application 140 and/or network device on the wireless network 101 corresponding to the given set of parameters in order to apply the given set of parameters to content designated for the respective content destination; a content filter 182 that identifies a content filter to be applied to the corresponding content; predetermined filter test results 174 associated with a given content filter and/or content destination, wherein the predetermined filter test results 174 are limits to which filter test results generated by applying the content filter 182 to incoming and/or outgoing content are compared, and wherein the predetermined filter test results 174 define spam and non-spam content; a storage limit parameter 176 associated with the isolated spam content, e.g., the storage limit parameter 176 may indicate a number of days the isolated content is to be retained before the content is automatically deleted, and/or may indicate a maximum amount of storage to store the isolated content; reporting parameters 178 that define what information is to be logged corresponding to any detected spam, when to forward logs for analysis, to whom to forward logs, and/or who is allowed to access logs; and a configuration Identification (ID)171 (e.g., one or more of a name, version, etc.) that identifies a given set of parameters associated with a given configuration.

The anti-spam engine 138 can be operated based on at least one of a number of spam detection mechanisms, referred to herein as content filters 182. In some aspects, the content filter 182 includes a software mechanism for classifying the content 160 as spam or non-spam. In some aspects, the content 160 may be run through the content filter 182 to produce filter test results 188, which are computed based on a set of predetermined rules (i.e., a filter mechanism).

There are many techniques for classifying content as spam or non-spam. These techniques are represented by content filter 182 and include, but are not limited to: host-based filtering; filtering based on rules; bayesian (Bayesian) statistical analysis; a noise filter; and a sender policy framework ("SPF") or sender Identification (ID) filter. For example, host-based filters and rule-based filters examine content for "spam flags," such as a common spam topic, a known spam delivery address, a known mailer, or simply a common spam phrase. In one aspect, for example where the content comprises a message, the title and/or body of the message may be examined for such indicia. Another approach is to classify all content from unknown addresses as spam.

Bayesian filtering compares what others have received to find common spam content and does so by tagging a large amount of spam and a large amount of non-spam. The theory behind bayesian filtering is that certain tags will be common in spam and not in spam, and other certain tags will be common in non-spam and not in spam. When content is to be classified, it is marked to see if the mark is more like that of spam content or more like that of non-spam content.

Noise filters are a form of bayesian filters that are directed to spam that contains many random words that are rarely used in merchandising. Spammers want to hinder bayesian filters by minimizing promotional language and by making spam look like personal letters. The bayesian noise reduction filter takes three main steps. The first step is model learning, where a model is built and its layout is learned by a filter. The second step may use the learned model and perform "copying" or elimination of labels whose layout does not conform to the text model to which it belongs. The third step may perform simultaneous elimination on the data from the sampling up to the stop flag. Once the stop flag has been reached, a special check may be performed on the length of simultaneous cancellation to determine whether the cancellation should be made permanent.

A sender policy framework ("SPF") or sender Identification (ID) filter protects against return path address forgery and makes spoofing easier to identify. SPF operates by having the domain name owner identify the server that sent the mail in a domain name server ("DNS"). The SMTP recipient checks the envelope sender address for this information and can distinguish between authentic content and counterfeit content before transmitting any content data.

Moreover, because large files may negatively impact wireless device 102 (e.g., by using memory or processing power) or network 101 (e.g., by using bandwidth), content may be identified as spam based on the size of the content transmitted to or from wireless device 102.

Any one or any combination of the filtering mechanisms disclosed herein may be incorporated within the filter module 180 to detect undesirable content. Further, any filter 182 within filter module 180 may be associated with a particular content destination 172, thereby enabling anti-spam engine 138 to select a particular filter within filter module 180 to apply for particular content 160 based on an intended destination.

For example, the control logic 162 may be operable to parse parameters from the content filter profile 170, and in conjunction with a statistics collector/reporter 168 (which may include any combination of hardware, software, firmware, data, and executable instructions), may be operable to monitor and analyze all content 160 received by the wireless device 102 and/or generated from the wireless device 102 for transmission. In other embodiments, only content 160 having a given content destination 172 may be intercepted for processing by the anti-spam engine 138. Further, in some embodiments, the same content filter 182 may be applied to all of the content 160.

In other embodiments, different spam filters 182 may be applied to different content 160 based on, for example, at least one of: a network service provider associated with the wireless device, hardware features associated with the wireless device, predetermined features associated with the destination of the content, and hardware requirements associated with the content, as discussed in detail above.

Regardless of the source and destination of the monitored content, the anti-spam engine 138 applies a particular content filter 182 to each content 160, generates calculated filter test results 188, compares the results 188 with corresponding predetermined filter test results 174, and classifies a given content 160 as spam 163 or authorized content. If classified as spam content 163, the anti-spam engine 138 can then store the content in the quarantine folder 164 and/or can automatically delete the content in accordance with the storage restrictions 176. If not classified as spam, the anti-spam engine 138 initiates delivery of the content 160 to the intended content destination 172.

Further, for spam content 163, statistics collector/reporter 168 is operable to collect and save information defined by a user and/or defined by a content filter configuration based on reporting parameters 178. For example, the statistics collector/reporter 168 may record: device/configuration information 141, such as one or a combination of the anti-spam engine ID139 and/or the content filter configuration 171, for example to identify how to filter the content 160; and wireless device information (e.g., hardware and software information), such as information identifying a device model, resident hardware, resident software, a status of selected hardware and/or software components, etc., and generally any information that may be used to troubleshoot or determine a diagnostic status for wireless device 102; all or selected portions 173 of a given content 160 and/or information associated with that content, including but not limited to: calculated filter test results 188; a content destination 172; and source information 186 identifying the originator of the content and including, for example, the URL, telephone number, MAC address, email address of the spam generator 122, and an identification of the generating client application 140 on the wireless device. The collected/calculated information may be saved in the memory 136 as part of the spam log 184, wherein the size of the spam log 184 is also configurable in one aspect.

Further, for content 160 classified as spam content 163 and stored in a separate quarantine folder 188, the anti-spam engine 138 can alert the user of the wireless device 102 of the presence of the content in order to cause them to view such content. Further, the anti-spam engine 138 can track used storage space and/or storage time and automatically delete spam content 163 based on the storage limit parameters 176. The act of viewing and/or deleting spam content 163 can be recorded in a spam log 184 specified by the reporting parameters 178.

Using the UI166, the user can access all configurable parameters and is additionally able to mark certain content as unauthorized (i.e., place content into the quarantine folder 188), retrieve content from the quarantine folder 188 that was previously identified as unauthorized content 163, and control which spam elements to record and when to upload the log 184. For example, the user may update the content filter 182 upon viewing the unauthorized content 163 and provide input identifying the given content as authorized content. For example, a user may identify the source 186 of given content as a non-spammer and/or an authorized source of content, and may update the content filter 182 accordingly.

Reporting parameters 178 may configure statistics collector/reporter 168 to selectively transmit log files 184 to user manager 110 over wireless network 101. The timing of log transmission is non-limiting and may be transmitted at predetermined times, at predetermined intervals, and upon the occurrence of a predetermined event (e.g., upon detection of at least one unauthorized content or upon request by an authorized remote device, such as user manager 110 or operator workstation 114). Further, reporting parameters 178 may determine which people are allowed to access log 170 locally, thereby allowing remote devices, such as user manager 110, to access memory 136.

In one non-limiting aspect, the spam log 170 can be transmitted over an open communication connection between the wireless device 102 and the wireless network 101. For example, the anti-spam engine 138 can "camel" the spam log 170 over a voice or data call that is being made over an open connection. Alternatively, in a cellular network configuration, the anti-spam engine 138 may transmit the spam log 170 to the subscriber manager 110 via Short Message Service (SMS). Further, as described above, user manager 110 may "pull" log 170 from wireless device 102 over network 101 on a scheduled or specifically set basis.

The anti-spam engine module 138 can also include, but is not limited to, a local wireless device control module 183. Local wireless device control module 183 may execute locally or remotely generated control commands 185 on wireless device 102 under the control of control logic 162. The local device control module 183 may request authorization of the control command 185 before executing the control command 185.

For example, control command 185 may be any operation executable on wireless device 102 including, but not limited to, receiving and activating content filter configuration file 170 downloaded from network 101, and uploading log file 184 to network 101.

Further, anti-spam engine module 138 can include a limited traffic configuration 187 operable to establish a limited access communication channel across wireless network 101 that is not typically available to users of wireless devices 102. For example, the limited access communication channel may be used for transmitting log files 184, receiving content filter configuration files 170, and for receiving/generating control commands 185.

The identification and setting of the limited access communication channel may be based on limited service settings 189. Restricted service settings 189 may identify the type of communication allowed and may identify the associated communication channels that may be utilized. Restricted service configuration 187 may be received over wireless network 101, may be transmitted locally to wireless device 102 (e.g., over a serial connection), or may be preloaded on wireless device 102.

Referring to FIG. 4, user manager 110 may be a server, a personal computer, a minicomputer, a mainframe computer, or any computing device operable to analyze and take proactive steps to block spam from network 101. In some aspects, the user manager 110 may operate in conjunction with the operator workstation 114 to perform these functions. User manager 110 may include a user manager anti-spam module 190, which may include at least one of any type of hardware, software, firmware, data, and executable instructions operable to generate content filter profile 170 and analyze spam log 184 from wireless device 102.

Furthermore, there is a separate server or computer device associated with user manager 110 that works in concert to provide data in usable formats to parties and/or to provide a separate layer of control in the data flow between wireless device 102 and user manager anti-spam module 190. User manager 110 may send software agents or applications to wireless device 102 across wireless network 101 such that wireless device 102 returns information from its resident applications and subsystems 150.

Referring to fig. 4 and 5, user manager anti-spam module 190 may include a configuration generator module 198, the configuration generator module 198 including hardware, content, software, and/or any other associated logic that allows the configuration generator module 198 to generate the content filter configuration file 170. In one aspect, the configuration generator module 198 is operable to assemble the various components of a given content filter configuration file 170 based on a selection from a number of configurable parameters.

For example, the configuration logic 220 may provide an authorized user with the ability to make selections from a menu of multiple content filters 208, i.e., host-based filtering, rule-based filtering, bayesian statistical analysis, noise filters, and Sender Policy Framework (SPF) or sender ID filters.

Further, the configuration logic 220 may provide an authorized user with the ability to make selections from a menu of multiple content destinations 210, including but not limited to client applications 140 residing on the wireless device 102 and network devices on the network 101, in order to generate the content filter configuration file 170.

Similarly, the configuration logic 220 may provide an authorized user with the ability to make selections from a menu of at least one of the plurality of reporting parameters 212, the plurality of control command parameters 206, and the plurality of predetermined filter score result values 216. Alternatively, rather than individually selecting various configuration parameters, the configuration logic 220 may provide an authorized user with the ability to make a selection from a menu of a plurality of predetermined content filter configurations 218, which predetermined content filter configurations 218 may contain predetermined groupings of the parameters described above including the content filter configuration 170.

Furthermore, content that may be viewed as spam by one network operator may not be viewed as spam by another network operator. Accordingly, the configuration logic 220 may provide an authorized user with the ability to make selections from a menu of a plurality of predetermined network providers 219 to thereby associate a given configuration with a given network service provider. Thus, different filtering configurations may be generated for different network providers, and devices roaming from one provider to the next may thus receive new filtering configurations and filter out different content according to the network provider.

Furthermore, the identification of spam may depend on the particular wireless device being operated. For example, since spam may be based on the size of the content, using more memory than a predetermined portion may result in classifying the content as spam. In this case, such spam definitions may be device specific since different wireless devices have different memory sizes. Other examples may be based on the processing power, graphics capabilities, etc. of a given wireless device. Accordingly, the configuration logic 220 may provide an authorized user with the ability to make a selection from a menu of a plurality of predetermined wireless device types 213.

Once the specific parameters of a given content filter configuration 170 are determined, then the configuration logic 220 may assign a unique configuration ID171 to the given configuration, and may store this configuration in a library for later recall, such as in a plurality of predetermined anti-spam content filter configurations 218. Further, configuration logic 220 and/or another component of user manager anti-spam module 190 may be operable to transmit configuration 170 to one or more wireless devices 102. In some embodiments, a command 185 may be transmitted in order to activate the transmitted configuration 170, or the anti-spam engine 138 on the wireless device itself may be configured to activate the newly transmitted configuration at the time of download.

User manager anti-spam module 190 can include an information storage area 194 for storing one or more spam logs 184 from one or more wireless devices 102. Information storage area 194 may include any type of memory or storage device compatible with user manager anti-spam module 190.

In addition, user manager anti-spam module 190 can include analyzer 202 and report generator 204. The analyzer 202 may include hardware and analysis logic, such as decision-making routines, statistical programs, and combinations thereof, for analyzing and interpreting the log 184 and generating reports 205. Further, the user manager anti-spam module 190 is operable to make the report 205 available for viewing by authorized users, and to generate and transmit an email message to a networked device (e.g., to the operator workstation 114) containing at least a portion of the report 205. For example, the report 205 may group the unauthorized content 163 based on predetermined parameters, such as the originator/sender, the destination wireless device and/or the client application, some portion of the content, such as a word, name or file, and so forth.

Referring to FIG. 6, user manager anti-spam module 190 may further comprise a remote device control module 200 operable, executed by control logic 230, to receive control commands 185 from operator workstation 114 and/or wireless device 102 or to generate control commands 185 to operator workstation 114 and/or wireless device 102. For example, the control command 185 may include an operator identification ("ID") 232 and a control activity 234. The operator ID232 may be some way of identifying the originator of the control command 185. For example, operator ID234 may be a name, number, digital signature, hash, or any other type of data or value that may be associated with an authorized user. Further, the operator ID232 may not be explicitly included in the control command 185, but rather is derived from the source of the control command 185.

Control activity 234 may be an operation performed on wireless device 102 by anti-spam engine module 138 by executing control command 185. As described above, the operations may include downloading the configuration 170 and uploading the log 184. Prior to executing or forwarding the control command 185, the remote device control module 200 may execute the permission logic 236 to verify the authenticity or authority of the party issuing the control command 185.

For example, a particular operator may be restricted to a particular control activity, or to control a particular wireless device. Authorization of the control command 185 may simply be to prompt the operator workstation 114 to confirm whether the operator workstation 114 actually wishes to perform the control activity 234 on the wireless device 102. Alternatively, permission logic 236 may parse operator ID232 and control activity 234 from control command 185 and correlate these parameters with a database of multiple operator IDs 226, multiple control permissions 224, and multiple wireless device Identifications (IDs) 228 in order to generate permission decision 222.

It should be noted, however, that the plurality of operator IDs 270, the plurality of control permissions 224, and the plurality of wireless device Identifications (IDs) 228 may be related in any manner. For example, the control command 185 may contain an operator ID232 and control activity 234 of "update content filter profile" for a particular one of the plurality of wireless device identifications 228. Permission logic 236 may search a database of control permissions 224 and operator IDs 226 to determine whether to permit the operator to "push" a new configuration on a given wireless device 102.

Referring now to fig. 7, the operator workstation 114 is operable to enable an authorized user to view the report 205, communicate with the user of the wireless device 102, download the anti-spam engine 138 and/or the content filter configuration file 170 to the wireless device 102, and upload the spam log 184 from the wireless device 102. Further, the operator, through operation of the operator workstation 114, is operable to request that the message center 118 block certain spam from entering the network 101.

The operator workstation 114 may include an input mechanism 248 and an output mechanism 250 interconnected with the computer platform 240. The input mechanism 248 and the output mechanism 250 may be similar to their respective counterparts 132 and 134 on the wireless device 102.

The operator workstation 114 may further include: a memory 246 for storing applications and data files; a processing engine 242; and a communication module 244 operable to transmit and receive content between the operator workstation 114, the user manager 110, the wireless device 102, and any network components on the wireless network 101. Further, the communication module 244 is operable to transmit voice over the network 101, thereby allowing an operator to communicate voice with any wireless device user or other authorized personnel.

Memory 246 may include an operator control module 252 that processing engine 242 makes executable. Because there is no limit to the number of operator workstations 114 and the number of operators, the operator ID parameter 232 previously discussed with reference to FIG. 6 may be entered into the memory 246 for logging into the network 101 and identifying the operator to network components.

The operator control module 252 may itself include operator anti-spam logic 254 that may operate in conjunction with Graphical User Interface (GUI) logic 256, input mechanism 248, and output mechanism 250 to guide the operator through any spam analysis and command activity selection and transmission. For example, GUI logic 256 may control browser communications, email communications, text messaging, voice communications, report rendering, and provide a menu to user manager 110 and wireless device 102 for selection and transmission of any control commands 185.

Operator control module 252 may further include a remote device control module 260, the remote device control module 260 being similar to remote device control module 200 of user manager module 190. Similar to the remote device control module 200, the operator-based remote device control module 260 may generate control commands 185, which control commands 185 may be executed on the wireless device 102 to perform various activities, including (but not limited to): upload log 184, download anti-spam engine 138, and/or configuration 170.

While the user of the operator workstation 114 may typically be an individual, the workstation 114 may be a computing device that includes hardware, software, content, and combinations thereof for analyzing the report 205 and responding to the report 205 or responding to an external communication, such as from the user of the wireless device 102. Such software may include algorithms, decision-making routines, statistical programs, etc. for analyzing and interpreting the report 205. Further, as with user manager anti-spam module 190, operator workstation 114 can reside on any network device of wireless network 101, such as on user manager 110, another server connected to the network, or even on wireless device 102.

Referring to fig. 1, wireless network 101 may include any communication network operable, at least in part, to enable wireless communication between wireless device 102 and any other device connected to wireless network 101. Further, wireless network 101 may include all network components and all connected devices that form a network. For example, wireless network 101 may include at least one of, or any combination of: a cellular telephone network; a land telephone network; a satellite telephone network; infrared networks, such as infrared data association ("IrDA") based networks; a short-range wireless network; bluetooth ® technology network; ZigBee ® protocol network; an ultra-wideband ("UWB") protocol network; a local radio frequency ("HomeRF") network; a shared wireless access protocol ("SWAP") network; broadband networks, such as wireless ethernet compatibility alliance ("WECA") networks, wireless fidelity alliance ("Wi-Fi alliance") networks, and 802.11 networks; a public switched telephone network; a public heterogeneous communications network, such as the internet; a private communication network; and a land mobile radio network.

Suitable examples of telephony networks include at least one of analog and digital networks/technologies such as the following, or any combination thereof: code division multiple access ("CDMA"), wideband code division multiple access ("WCDMA"), universal mobile telecommunications system ("UMTS"), advanced mobile phone service ("AMPS"), time division multiple access ("TDMA"), frequency division multiple access ("FDMA"), orthogonal frequency division multiple access ("OFDMA"), global system for mobile communications ("GSM"), single carrier ("1X") radio transmission technology ("RTT"), evolution data specific ("EV-DO") technology, general packet radio service ("GPRS"), high performance data GSM environment ("EDGE"), high speed downlink packet access ("HSPDA"), analog and digital satellite systems, and any other technology/protocol that may be used in at least one of a wireless communication network and a data communication network.

Referring back to fig. 1, message center 118 may include a processor, memory, and a middleware program disposed in the memory that is operable to process content sent using a messaging Application Program Interface (API) for use by other programs. The messaging center can typically queue and prioritize the content as needed and eliminate the need for each client program to perform these services.

Fig. 8 illustrates a non-limiting cellular telephone system 270 and includes at least one wireless device 102 and a cellular wireless network 288 connected to a wired network 280 via a wireless carrier network 284. Cellular telephone system 270 is merely exemplary and can include any system whereby remote modules, such as wireless devices 102, communicate packet data, including voice and data, over-the-air between and among each other and/or between and among components of a wireless network 288, including, without limitation, wireless network carriers and/or servers.

According to the system 270, the user manager 110 may communicate with the data store 274 over a wired network 280 (e.g., a local area network, LAN) to store spam information collected from the wireless devices 102, such as the spam log 184. Further, data management server 278 may communicate with user manager 110 to provide post-processing capabilities, data flow control, and the like. User manager 110, data storage 274 and data management server 278 may exist with any other network components needed to provide cellular telecommunication services. By way of user manager 272, data store 274, and data management server 278, spam detected by wireless device 102 can cause carrier network 284 to eventually block detected spam from wireless device 102 and/or network 288.

User manager 110 and/or data management server 278 may communicate with carrier network 284 via data links 282 and 286 (e.g., the internet, a secure LAN, WAN, or other network). The carrier network 284 may control the transfer of content, typically data packets, sent to a mobile switching center ("MSC") 290. In addition, the carrier network 284 communicates with the MSC290 by way of the network 286 (e.g., the Internet) and/or POTS ("plain old telephone service"). Typically in network 286, the network or internet portion transfers data, while the POTS portion transfers voice information.

MSC290 may be connected to multiple base stations ("BTS") 294 by another network 292, such as a data network and/or internet portion for data transfer and a POTS portion for voice information. BTS294 ultimately broadcasts content wirelessly to wireless devices, such as wireless device 102, by short messaging service ("SMS"), or other over-the-air methods.

Referring to fig. 9, a flow diagram illustrating a method of spam detection on a wireless device may include obtaining an anti-spam engine 138 at step 360. For example, the anti-spam engine module 138 may be implemented within the hardware and/or content of the wireless device 102 during manufacture of the device 102. Alternatively, anti-spam engine 138 can be "pushed" by user manager anti-spam module 190 to wireless device 102 across wireless network 101, or "pulled" by wireless device 102 from user manager anti-spam module 190 across wireless network 101.

At step 362, the content filter configuration 170 may be obtained by the wireless device 102 in a similar manner as the anti-spam engine 138, and may include parameters defining at least one content filter 182 and reporting parameters 178.

At step 364, the method includes intercepting the content 160 on the wireless device 102 prior to delivering the content to a content destination. For example, the content 160 may be intended to be sent to at least one client application 140, i.e., a browser client, an IM client, an SMS client, an MMS client, and an email client, residing on the wireless device 102, and the content 160 is intercepted before delivery to the intended client application. In other embodiments, the content 160 may be generated on the wireless device and intercepted before the content 160 is transmitted to another device on the network 101 through the communication module 152.

At step 366, at least one filter 182 may be applied to the content 160. For example, the filter may be any spam filtering mechanism 182, such as: a host-based filter; rule-based filters, i.e. filtering out content of a size larger than the user-determined size, wherein the filter may be specific for a given network operator; a Bayesian statistical filter; a noise filter; and a sender policy framework ("SPF") or sender Identification (ID) filter. At step 368, content filter test results 174 are determined based on applying the at least one filter 182 to the content 160. The calculated filter test result 174 may be a value operable to determine whether the content 160 is spam when compared to the predetermined filter test result 188 at step 370.

If the content classification indicates that the content 160 is not spam, the content can be forwarded at step 372 to various content destinations 172, which content destinations 172 can be client applications resident on the wireless device or another network device. Alternatively, if the content classification indicates that the content 160 is likely to be spam, the content is not forwarded to the intended client application. Further, at step 374, the content 160 may be stored as spam content 163 in the quarantine folder 163 until such time or other predetermined condition that the spam content 163 may be deleted at step 376. Predetermined conditions, such as storage limits 176, may be obtained from the content filter configuration 170. Further, the storage and deletion of quarantined content 163 may be accomplished under the control of control commands 185 as part of local device control module 183.

Further, once the content 160 is determined to be spam at step 370, a record can be entered into the spam log 184 at step 378 that includes at least a portion 173 of the content 160, such as the content destination 172 and the source 186 of the content, as well as the calculated filter test results 188. The spam log 184 can then be provided to remote devices (e.g., the user manager 110 and the operator location 114) at step 380 for further analysis.

At step 381, a message may be received by the wireless device 102 in response to the transmitted spam log 184. For example, the message may include a control command 185, the control command 185 instructing the wireless device 102 to receive and upload updates to the content filter configuration 170.

FIG. 10 illustrates a flow diagram of one aspect of a method operable on a network device, such as user manager 110, to manage content on a wireless device. In one aspect, the method includes providing an anti-spam engine to the wireless device at step 382. In one example, user manager 110 may wirelessly transmit an anti-spam engine 138 stored in the user manager's memory to wireless device 102 over wireless network 101.

The method further includes generating a content filter configuration to the wireless device at step 384. For example, the user manager 110 may generate the content filter configuration 170. User manager 110 may generate filter configuration 170 upon receiving a request from at least one of wireless device 102, operator 114, or user manager anti-spam logic 192. The filter configuration 170 may be generated by a configuration generator module 198 based on the parameters and logic shown in FIG. 5. At step 386, the content filter configuration 170 may be provided to the wireless device 102. In one example, user manager 110 may transmit configuration 170 to wireless device 102 over network 101.

At step 388, the method includes receiving a spam log from the wireless device based on the content filter configuration. In one example, user manager 110 can receive at least one spam log 184, the spam log 184 generated by at least one wireless device 102 by applying content filter configuration 170 to content 160 and transmitted over wireless network 101. The spam log 184 can be stored in the information store 194 where it can be further analyzed by an analyzer 202, which analyzer 202 can include hardware and analysis logic, such as decision-making routines, statistical programs, and combinations thereof, for analyzing and interpreting the log 184.

Based on the results of the spam log analysis, user manager 110 can generate report 205 at step 390 and make this report available to operator 114. The report 205 may be made available for viewing by an authorized user, such as the operator 114, on a user manager, or the user manager 110 may transmit at least portions of the report 205 as an email to the operator 114 over the network 101.

Based on the analysis of the spam log 184 by the operator 114 or the analyzer 202, the user manager 110 can generate or receive a modified content filter configuration 170 at step 392. Prior to accepting the content filter configuration 170 transmitted by the operator location 114, the remote device control module 200 of the user manager 110 is operable to verify the authorization of the operator 114 to update the configuration of the wireless device 102.

At step 394, the modified content filter configuration 170 may be made available to the wireless device 102 and/or the message center 118. All or some portion of filter configuration 170 may be transmitted to wireless device 102 and/or message center 118 over wireless network 101. In some cases, the wireless device 102 may request authorization confirmation before accepting the modification, and the confirmation may be provided by the control command 185 generated by the remote device control module 200.

Referring to fig. 11, some embodiments of a method of spam detection on a wireless device 102 may include receiving at least a portion of an anti-spam engine 138 onto the wireless device 102 at step 302. For example, the anti-spam engine module 138 may be implemented within the hardware and/or content of the wireless device 102 during manufacture of the device 102. Alternatively, anti-spam engine 138 can be "pushed" by user manager anti-spam module 190 to wireless device 102 across wireless network 101, or anti-spam engine 138 can be "pulled" by wireless device 102 from user manager anti-spam module 190 across wireless network 101, depending, for example, on whether wireless device 102 has the latest version of anti-spam engine module 138 for the respective wireless device 102. The push or pull anti-spam engine 138 to the wireless device 102 may be configured in any manner, such as: initiated by a predetermined event.

In some embodiments, the anti-spam engine 138, when activated, can have a basic content filter configuration 170. In some embodiments, the user may further configure the anti-spam engine 138 via the input mechanism 132 and the UI166 at step 304. Alternatively, at step 306, the new and/or updated content filter configuration 170 may be "pushed" by the user manager anti-spam module 190 to the wireless device 102 over the wireless network 101, or the new and/or updated content filter configuration 170 may be "pulled" by the wireless device 102 from the user manager anti-spam module 190 over the wireless network 101. The loading and activation of the configuration 170 may be initiated in any manner, such as by a specific request by a user, by a predetermined event (e.g., activation, power-up, and predetermined schedule).

After configuration, anti-spam engine 138 can operate as a background process on wireless device 102 at step 310, processing at least a portion of incoming content received by communication module 152 and stored in memory. Content may be received from spam generator 122 at step 308. While the statistics collector/reporter 168 may apply a common filter 182 to all content types, in some embodiments the statistics collector/reporter 168 may determine the client identification 172 associated with each content 160 and apply a respective filter 182 to each content 160 based on a given content filter configuration 170. Configurable client identifications may include, but are not limited to, browser, SSM, MMS, IM, and email clients. Based on the results of the application rules (i.e., "filter results") including the applied filters, some content may be forwarded to its intended client while other content may be classified as spam and stored in quarantine folder 164.

In some aspects, the filter results 188 may produce a calculated value that, when compared to the predetermined filter test value 174, is operable to determine whether the content is authorized or classified as spam.

The anti-spam engine 138 is operable to detect received spam, quarantine the spam in the quarantine folder 164, and create log entries in the log 184, according to the parameters of the at least one spam filter 182 and the content filter profile 170. The log entries are configurable and non-limiting and may include spam content 163 and/or additional information such as sender information 186, filter results 188 derived by applying content filters 182 to the received content, and the like.

Further, unauthorized content 163 stored in the quarantine folder may be removed based on the storage restriction parameter 176.

At step 312, log 184 may be uploaded to user manager anti-spam module 190 based on reporting parameters 178. Such mechanisms may include standard HTTP, FTP, or other data transfer protocols. In other embodiments, the collected log file 170 may be uploaded using any communication device accessible to the wireless device 102.

At step 314, the user manager anti-spam module 190 may store the spam log 184 in the information storage area 194, analyze the content of the spam log, and generate the report 205 based on the analysis.

At step 316, the user manager anti-spam module 190 may transmit the report 205 to the operator workstation 114 for further analysis and behavior. The report 205 may include any form of output representing an analysis of the log 184 and other information contained in the information store 194, as well as any other associated information, such as reports of spam, new filtering techniques, and the like.

While user manager anti-spam module 190 may generate reports 205, user manager 110 and its respective components may operate to present a view of information collected from wireless device 102 relating to spam information in any form, such as a table, a graph, a graphical view, plain text, an interactive program, or a web page, or any other display or presentation of data. For example, user manager anti-spam module 190 may present information related to content authorization on a monitor or display device, and/or may transmit this information via email to another computer device for further analysis or viewing by mechanisms such as standard HTTP, FTP, or some other data transfer protocol.

At step 318, an authorized user of the operator workstation 114 may analyze the report 205 and decide, for example, to contact the message center 118. In one aspect, the operator workstation 114 may transmit the appropriately composed message to the user manager 110 at step 320 for forwarding to the message center 118 at step 322. In an alternative embodiment, the operator workstation may send the message directly to message center 118. Such messages may be in any format suitable to both the sender and the recipient, including, but not limited to, email, SMS text messaging, and telephone communications.

Based on the message received from the operator, message center 118 may update its own filter and block future content from spam generator 122 at step 324.

FIG. 12 represents an additional aspect of the system 100 disclosed herein in which the user of the wireless device 102 contacts the operator 114 at step 330 for an accrued charge resulting from unsolicited content ("spam") when spam is received by the user on at least one client application on which the user resides in the wireless device. As disclosed above, the communication between the user and the operator may be by electronic message or by real-time voice communication.

The wireless device 102 may require the download of the anti-spam module 138 or may simply require the update of the content filter configuration file 170. At step 332, operator workstation 114 is operable to transmit a message to user manager 110 requesting user manager module 190 to "push" anti-spam module 138 and/or content filter profile 170 to wireless device 102 at step 334.

Additionally at step 334, a control command 185 may be generated by the operator workstation 114 and forwarded to the wireless device 102. Control commands 185 are operable to verify the authenticity and authorization of the operator/user manager in order to command wireless device 102 to perform a particular action. In one non-limiting aspect, remote device control module 200 can execute permission logic 236 in order to make permission decision 222 as to whether to relay operator-generated control command 185 to a particular wireless device 102.

Regardless of whether the operator workstation 114 has initiated a download of the anti-spam engine 138 and/or the content filter configuration file 170, the new unauthorized or spam content received by the wireless device 102 at step 336 can be filtered at step 338 and prevented from reaching its target clients. In addition, the filtered content is recorded in a log file 170, which log file 170 may be uploaded to user manager 110 for analysis at step 340 based on reporting parameters 178. Similar to the message sequence of fig. 9, the report 205 may be generated by the user manager 110 at step 342 and forwarded to the operator workstation 114 at step 344.

Steps 346, 348, 350, and 352 of fig. 12 operate similarly to steps 318, 320, 322, and 324 of fig. 11, enabling a user of the operator workstation 114 to analyze the spam reports 205 and take appropriate steps for the message center 118 to block similar spam attacks from blocking the network 101.

In another aspect (not shown), upon receiving a user complaint, the operator workstation 114 may simply send a request to the wireless device 102 requesting that the current log 184 be uploaded and/or the currently active configuration 170 be uploaded, without updating the content filter configuration file 170, in order to determine the current level of spam protection on the wireless device 102.

The various illustrative logics, logical blocks, modules, and circuits described in connection with the embodiments disclosed herein may be implemented or performed with a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or a combination thereof designed to perform the functions described herein. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.

Further, the steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC. The ASIC may reside in a user terminal. In the alternative, the processor and the storage medium may reside as discrete components in a user terminal.

While the foregoing disclosure shows illustrative aspects and/or embodiments, it should be noted that various changes and modifications could be made herein without departing from the scope of the described aspects and/or embodiments as defined by the appended claims. Furthermore, although elements of the described embodiments may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated. Moreover, all or a portion of any aspect and/or embodiment may be utilized with all or a portion of any other aspect and/or embodiment, unless stated otherwise.

Claims

1. A method for filtering content on a wireless device, comprising:

intercepting content on the wireless device prior to delivering the content to a content destination;

analyzing the content based on a content filter to determine whether the content includes undesirable content, wherein the content filter is selected from a plurality of content filters based on at least one of: a network service provider associated with the wireless device, a hardware feature associated with the wireless device, a predetermined feature associated with the content destination, and a hardware requirement associated with the content; and

based on the analysis of the content, forwarding the content to the content destination or quarantining the content.

2. The method of claim 1, wherein intercepting further comprises intercepting prior to delivery to a client application resident on the wireless device.

3. The method of claim 2, wherein forwarding further comprises forwarding the content to at least one of: a browser client, an Internet Messenger client, a Short Message Service (SMS) client, a Multimedia Messaging Service (MMS) client, and an email client.

4. The method of claim 1, wherein intercepting further comprises intercepting prior to transmitting the content from the wireless device to a wireless network.

5. The method of claim 1, wherein the hardware features comprise at least one of: processor capability, speaker capability, ringer capability, display capability, and memory capability.

6. The method of claim 1, wherein the predetermined characteristic associated with the content destination comprises at least one of: an identification of a destination client application resident on the wireless device, and a number of content destinations associated with the content.

7. The method of claim 1, wherein the hardware requirements comprise at least one of: wireless device processor requirements, wireless device audio component requirements, wireless device video component requirements, and wireless device memory component requirements.

8. The method of claim 1, wherein quarantining further comprises deleting the content based on a storage restriction parameter.

9. The method of claim 1, further comprising receiving the content filter from across a wireless network.

10. The method of claim 1, further comprising:

storing predetermined information associated with the content; and

transmitting the predetermined information to a remote device for analysis of the predetermined information.

11. The method of claim 10, wherein storing predetermined information further comprises storing at least one of:

a portion of the content, an identification of a source of the content, a computed filter test result associated with the content, and an identification of a destination of the content.

12. The method of claim 10, further comprising receiving a reporting parameter associated with the content filter, wherein transmitting the predetermined information further comprises transmitting based on the reporting parameter.

13. The method of claim 10, wherein transmitting the predetermined information further comprises establishing a limited-access communication channel across a wireless network based on a predefined limited service configuration.

14. The method of claim 1, wherein analyzing further comprises:

applying the content filter to the content;

calculating a filter test result based on applying the predetermined content filter to the content;

comparing the calculated filter test result with a predetermined filter test result; and

classifying the content as undesirable content based on the comparison of the calculated filter test result and the predetermined filter test result.

15. The method of claim 1, further comprising receiving a modified content filter based on an analysis of the content, and replacing the content filter with the modified content filter.

16. A machine-readable medium comprising instructions that when executed by a machine cause the machine to perform operations comprising:

analyzing the content based on a content filter to determine a content classification, wherein the content filter is selected from a plurality of content filters based on at least one of: a network service provider associated with the wireless device, a hardware feature associated with the wireless device, a predetermined feature associated with the content destination, and a hardware requirement associated with the content; and

based on the content classification, forwarding the content to the content destination or quarantining the content.

17. At least one processor configured to perform the acts of:

18. A wireless device, comprising:

intercepting means for intercepting content on the wireless device prior to delivery of the content to a content destination;

a forwarding device for forwarding the content to the content destination or quarantining the content based on the content classification.

19. A wireless device, comprising:

an anti-spam engine operable to intercept content on the wireless device prior to delivery of the content to a content destination, the anti-spam engine comprising a content filter selected from a plurality of content filters based on at least one of: a network service provider associated with the wireless device, a hardware feature associated with the wireless device, a predetermined feature associated with the content destination, and a hardware requirement associated with the content; and

control logic associated with the anti-spam engine and operable to apply the content filter to the content and determine whether the content comprises undesirable content, wherein the control logic is further operable to forward the content to the content destination if the content does not comprise undesirable content, or to isolate the content if the content comprises undesirable content.

20. The wireless device of claim 19, further comprising a memory having at least one client application, and wherein the content destination comprises the client application.

21. The wireless device of claim 20, wherein the control logic is further operable to forward the content to at least one of: a browser client, an Internet Messenger client, a Short Message Service (SMS) client, a Multimedia Messaging Service (MMS) client, and an email client.

22. The wireless device of claim 19, further comprising a memory having at least one client application operable to generate the content, and wherein the content destination comprises a destination wirelessly connectable with the wireless device.

23. The wireless device of claim 19, wherein the hardware features comprise at least one of: processor capability, speaker capability, ringer capability, display capability, and memory capability.

24. The wireless device of claim 19, wherein the predetermined characteristic associated with the content destination comprises at least one of: an identification of a destination client application resident on the wireless device, and a number of content destinations associated with the content.

25. The wireless device of claim 19, wherein the hardware requirements comprise at least one of: wireless device processor requirements, wireless device audio component requirements, wireless device video component requirements, and wireless device memory component requirements.

26. The wireless device of claim 19, further comprising a memory having an isolation log and a storage limit parameter, wherein the control logic is further operable to store the content in the isolation log based on a storage limit parameter.

27. The wireless device of claim 19, further comprising a memory having a spam log, wherein the control logic is further operable to store predetermined information associated with the content in the spam log if the content comprises undesirable content, and transmit the spam log to a remote device for analysis of the predetermined information.

28. The wireless device of claim 27, wherein the control logic is operable to generate a computed filter test result based on applying the content filter to the content, and wherein the predetermined information further comprises at least one of: a portion of the content, an identification of a source of the content, the calculated filter test results associated with the content, and an identification of a destination of the content.

29. The wireless device of claim 27, wherein the memory further comprises a reporting parameter associated with the content filter, and wherein the control logic is further operable to transmit the predetermined information based on the reporting parameter.

30. The wireless device of claim 27, wherein the memory further comprises a restricted traffic configuration, and wherein the anti-spam engine is further operable to transmit the predetermined information by establishing a restricted access communication channel across a wireless network based on the restricted traffic configuration.

31. The wireless device of claim 19, wherein the anti-spam engine is further operable to receive the content filter from across a wireless network.

32. The wireless device of claim 19, further comprising a memory having predetermined filter results corresponding to the content filter, wherein the control logic is further operable to: applying the content filter to the content to produce a filter test result; comparing the calculated filter test result with the predetermined filter test result; and classifying the content as undesirable content based on the comparison of the calculated filter test result and the predetermined filter test result.

33. The wireless device of claim 19, further comprising receiving a modified content filter based on an analysis of the content, and replacing the content filter with the modified content filter.

34. A method for managing filtering content on a wireless device, comprising:

providing predetermined content filters and reporting parameters to the wireless device;

receiving a spam log related to content on the wireless device and subject to the predetermined content filter processing based on the reporting parameters; and

generating a report based on the spam log.

35. The method of claim 34, wherein the predetermined content filter is selected from a plurality of content filters based on at least one of: a network service provider associated with the wireless device, a hardware feature associated with the wireless device, a predetermined feature associated with the content destination, and a hardware requirement associated with the content.

36. The method of claim 34, wherein the spam log comprises information related to at least one of: incoming content received by the wireless device, and outgoing content scheduled for transmission from the wireless device.

37. The method of claim 34, further comprising providing predetermined filter test results to the wireless device enabling the wireless device to determine whether to include notes to the content in the spam log after subjecting the content to the content filter processing.

38. The method of claim 37, wherein when the wireless device applies the content filter to the content, the content filter is operable to generate a calculated filter test result for comparison to the predetermined filter test result.

39. The method of claim 34, wherein the reporting parameter is operable to define predetermined information to be stored in the spam log.

40. The method of claim 39, wherein the predetermined information further comprises at least one of: a portion of the content, an identification of a source of the content, a computed filter test result associated with the content, and an identification of a destination of the content.

41. The method of claim 34, wherein providing the predetermined content filter and the reporting parameter further comprises forwarding to the wireless device over a wireless network.

42. The method of claim 34, further comprising forwarding a modified content filter to the wireless device based on the spam log.

43. A machine-readable medium comprising instructions that when executed by a machine cause the machine to perform operations comprising:

receiving a spam log related to content received by the wireless device and subject to the content filter processing based on the reporting parameters; and

generating a report based on the spam log.

44. A processor, wherein at least one processor is configured to perform the following acts:

generating a report based on the spam log.

45. An apparatus for managing filtering of content on a wireless device, comprising:

means for providing predetermined content filters and reporting parameters to the wireless device;

means for receiving a spam log related to content received by the wireless device and subject to the content filter processing based on the reporting parameter; and

means for generating a report based on the spam log.

46. An apparatus for managing filtering of content on a wireless device, comprising:

a generator module operable to generate a content filter configuration, the configuration comprising at least one predetermined content filter and reporting parameters;

an anti-spam module operable to forward the content filter configuration to the wireless device and operable to receive a spam log related to content received by the wireless device and subject to the spam filter based on the reporting parameter; and

a report generator operable to generate a report based on the spam log.

47. The apparatus of claim 46, wherein the configuration generator module is further operable to select the predetermined content filter from a plurality of content filters based on at least one of: a network service provider associated with the wireless device, a hardware feature associated with the wireless device, a predetermined feature associated with the content destination, and a hardware requirement associated with the content.

48. The apparatus of claim 46, wherein the spam log comprises information related to at least one of: incoming content received by the wireless device, and outgoing content scheduled for transmission from the wireless device.

49. The apparatus of claim 46, wherein the content filter configuration further comprises predetermined filter test results enabling the wireless device to determine whether to include a comment to the content in the spam log after subjecting the content to the content filter processing.

50. The apparatus of claim 49, wherein when the wireless device applies the content filter to the content, the content filter is operable to generate a calculated filter test result for comparison to the predetermined filter test result.

51. The apparatus of claim 46, wherein the reporting parameter is operable to define predetermined information to be stored in the spam log.

52. The apparatus of claim 51, wherein the predetermined information further comprises at least one of: a portion of the content, an identification of a source of the content, a computed filter test result associated with the content, and an identification of a destination of the content.

53. The apparatus of claim 46, wherein the anti-spam module is further operable to forward the predetermined content filter and the reporting parameters to the wireless device over a wireless network.

54. The apparatus of claim 46, wherein the anti-spam module is further operable to forward a modified content filter configuration to the wireless device based on the spam log.