Gilman,
It depends what you consider is the "history of the strategy." and you need
to know a lot more about the history of 'mass telecomputing' - it did not
begin with the internet. You need to know what keywords to search
"Challenge/Response or CR" is not it.
The strategy of a Callback Verifier (CBV) AKAT Challenge/Response system
dates back to the dawn of BBS (Bulletin Board Systems) AKAT Internet
Hosting Server , in particular when they evolved to have programmable
languages AKAT Server-Side Scripting. Same strategy and concept. Now,
mind you, the social engineering of the time centered around verified the
caller or signup into a private BBS AKAT Intranet. And for the most part,
new user signs up were giving a default "New User" Security Profile, and
many CBV systems were designed to not only verify a telephone number AKAT IP
Address (and possible his email address) but also automatically upgrade the
user access to "Registered" status once the user has been validated.
A simple search for "Verifier" on our exclusive customer-only
http://www.winserver.com BBS/Support center in the File Area yields at
least 60 3rd party CBV for our Wildcat! DOS version (no longer supported).
Here is the first 10 or so.
Area 6 - WC4 wcCODE Applications
AUTOS401.ZIP AUTO-SECURE 4.01, On-line User Security Verifier for WC! 4.01
64,625 11/29/94
BDBCBV20.ZIP BDBCBV v2.0 another EXCELLENT CBV for Wildcat! v4 (WCX 4.xx)
26,211 4/14/96
BESTCALL.ZIP THE BEST CALLback Verifier 4.4 $20 (MB GUARANTEE!) 125
FEATURES! 208,742 11/13/96
BESTLOCK.ZIP The BEST Lock-Out "Twilight Zone..." By The Makers Of Bestcall!
43,505 9/20/95
BESTPAGE.ZIP The (Absolute) BEST Pager Module... From the makers of
Bestcall! 41,601 4/11/95
BESTPEEK.ZIP The BEST Who's Online v2.2! By the Makers of Bestcall! 43,976
7/4/95
BESTWHO.ZIP The BESTwho Called Today .WCX program. From the makers of
Bestcall! 48,065 4/4/95
BLUE410.ZIP BlueCode Call Back Verifier Written in WCX v4.10... 5,032
3/27/95
BSSLGMAN.ZIP LogonManager for Wildcat 4.12 made w/ wcCODE 4,584 4/30/96
BYTEBACK.ZIP Tired of Bogus Users? Try the ByteBack!! Callback Verification
System 7,675 2/3/96
DCAT20.ZIP D'CatBack v2.0, Call-Back Verifier A wcCODE program for Wildcat!
4.x 30,441 6/26/95
FREECALL.ZIP freeCALL source code. A free callback verifier for Wildcat
4,376 11/29/94
ICECBV10.ZIP IceCbv v1.0 - IT WORKS! a WCCODE program written for Wildcat
4.11+ 8,814 7/20/95
Adding the keyword "email" to the search yields 3 for our Windows version
(current version).
Area 45 - WIN Server wcBasic
TELEFI11.ZIP Telefier v1.1 compiled in wcCODE a Telnet verifier for wins
37,987 3/27/97
WSWV.ZIP WS-WebVerify v3.0, Released 12:50 PM 4/25/1999. 85,185 10/28/99
WSWV206.ZIP WS-WebVerify http Security Verifier. *-Upgraded Version-* v2.0.6
236,479 2/14/99
But I won't base it on such a simple search. Also, the dates are "Upload
Dates." Not the original design dates. The Wildcat! DOS gain internet
support via UUCP (late 80s/early 90s) before the internet was widely
available. So I am sure there were CBV systems that focused on validating
email addresses.
I can also put you in contact with the author of WS-WEBVerifiy who is an
beta tester, 3rd party developer and old customer of Wildcat dating back to
the DOS days. I'm sure he can give you a good history and grasp on CBV
concepts back then and how it evolved today.
With that said, by no means, Wildcat! has a copyright on the CBV concept.
There were plenty of other BBS/internet ready systems during the 90s as
well. None really survive like us but, do a simple Google search for "CBV
BBS EMAIL" and you will find quite a few still being used or 3rd party files
archived.
So the history of the strategy is well documented in the BBS annals
including those evolved to be internet ready. The difference today, the
focus is on SPAM. Original the focus was on validating the "Access", the
ingredient that is missing with SMTP hence the problem. Nonetheless, the
end result "strategy" is the same. I should also note we researched C/R
back in a few years ago specifically for SMTP/EMAIL/WEB operations and it
was immediately discarded as an unreliable and social engineering nuisance.
However, we did switch to using the recommended permanent SMTP reject
response to address spams per the RFC 2505. I believe one of the C/R patent
claims is based on the idea.
Word of advice to patenteneurs - Search the technology on BBS systems and
don't assume that life began with the internet and the web, and even thought
GOOGLE is a excellent research tool, you need to go find the BBSes which
still have many of the archives remaining from the hey-pre-internet BBS
days.
PS: Petite left the Yanks! - OUCH! George must be pissed.
---
Hector Santos, CTO
WINSERVER "Wildcat! Interactive Net Server"
support: http://www.winserver.com
sales: http://www.santronics.com
----- Original Message -----
From: "Gilman Research Services" <ngilman(_at_)gilmanresearch(_dot_)com>
To: <asrg(_at_)ietf(_dot_)org>
Sent: Thursday, December 11, 2003 8:59 PM
Subject: [Asrg] 2 Questions: History of "Challenge-Response" SPAM filter and
Info re. Julian Byrne
Hello,
I am a patent researcher conducting research into the history of
"Challenge-Response" SPAM filters and would appreciate any assistance or
guidance you can provide. I apologize if this is not exactly in keeping
with
the list's posting guidelines.
1) I believe I am up to date on the current status of "Challenge-Response"
SPAM filters but seem to have hit a dead end re. the history of the
strategy. Most references go back as far as 1996 and 1997 with newsgroup
postings by Julian Byrne on the topic, i.e., "challenge-response antispam
'bot (CRABS) and others. Can anyone provide me with any additional
references that pre-date 1997?
2) Secondly, does anyone have any additional information re. Julian Byrne?
There appears to be no posting by the professor after 1998 and he is no
longer at Monash University in AU. Again and information would be
appreciated.
Thank you in advance for your patience and time.
Sincerely,
Norm Gilman
Gilman Research Services, LLC
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg