Field of invention

This invention relates to a system, apparatus and method for network communication; specifically relating to controlling and/or monitoring communications over a network.

Background

In many applications, it is desirable to monitor and filter incoming communications so that only relevant communications are shown to a user. Examples of this principle can be found in the form of email spam filters and checking incoming phone callers against 'blocklists' of known nuisance phone callers.

It may also be desirable to monitor a user's communications for safety reasons and to ensure that the user is not exposed to inappropriate or harmful content, especially when the user is a vulnerable person. This is an increasing concern with the rise of smartphones, which allow easy and relatively private access to various communication media. Various forms of control software are known for this purpose.

Many of these systems are however rather inflexible and fail to capture relevant information in an integrated way. In addition, they often lack the required functionality to usefully control communications beyond simply accepting or rejecting a specific communication. The present invention seeks at least to alleviate partially at least some of the above problems.

According to one aspect, there is provided a method for managing communications involving a protected party, the method comprising: receiving notice of a communication between the protected party and a communication party; classifying that communication; saving data relating to the communication; receiving notice of a subsequent communication involving the protected party; and classifying said communication in dependence on said data. This provides the advantage that communications to and from a protected party can be managed based on previous communications involving the protected and a communication party. Optionally, the subsequent communication may be over a different communication channel. This provides the advantage that the system can use data relating to communications over a plurality of different communication channels to classify the communication (email, SMS, voice over landline, voice over mobile phone, social media, instant messaging, etc).

Receiving notice of a previous communication comprises receiving data relating to a past communication; for example by accessing the protected party's communication history. This allows past communication history to influence how future communications are treated.

Communications may be classified in dependence on said data relating to a plurality of previous communications. Using a large data set enables more accurate classifications of communications.

The data relating to a past communication comprises data relating to a communication involving the communication party. This allows malicious communication parties to be flagged so that if they attempt to contact another protected party that communication may be classified accordingly.

The communication may be classified based on a determined identity of the communication party. The identity is determined by similar characteristics shared between said communication party and other parties; for example caller ID, email server, and location. The identity of the communication party may be determined using data collected via one or more communication channels, including the first communication channel. The identity of the communication party may be determined by the communication party identifying themselves. This provides the advantage that the party sending or receiving the communication may be identified across a number of communication channels, using a variety of different methods to improve the chances of successfully identifying the communication party.

The communication may be classified based on the location of the protected party and or the communication party. The communication may be classified based on a defined status (e.g. a status entered by a party on a social network or on an application) of at least one of the protected and communication parties. This provides the advantage that additional information may be used to assist with the classification of a communication. The communication may be classified based on a comparison of the properties of the communication against a probabilistic model of communication traffic based on prior communications involving the protected party. This provides the advantage that abnormal communication traffic can be identified based on comparisons with prior traffic patterns. The communication may be classified into one of a plurality of categories, which is advantageous in that further processing of the communication is simplified.

The saved data may comprise data relating to the communication, protected party, communication party, other parties, and/or communication channel; for example data in prior communications, meta data and routing data concerning the communication and prior communications, caller-ID, return email address, IP address, authorisation flags, SIP flags, certificates, time and date, the location of the protected or communication party, frequency of previous communications between the protected and communication party, recency of previous communications between the protected and communication party, social media status of the protected and/or communication party, the communication party's place in a hierarchy, audio recording of a voice, video call or call attempt, content of text messages sent and received, instant messaging communications, social networking posts, emails sent and received, photo messages sent and received, and/or a list of web sites and pages visited. This provides that advantage that a wide variety of data sources can be used to classify the communication.

Preferably, a communication is routed in dependence on the classification of that communication. The communication may be routed such that it is stored in a database, and transmitted from the database to the intended recipient of the communication at a later time. Alternatively, the communication may be routed via an alternative communication channel. In further alternatives, the communication may be blocked; the duration or data size of the communication may be restricted; the number of communications between the protected and communication parties within a set period of time may be restricted; or certain contents of the communication may be blocked and the remainder of the communication may be directed to the intended recipient of the communication or another party, in which case the blocked content may be in a different medium to the remainder of the communication. The communication may be routed to the third party such that it interrupts any communication between the third party and another party. Advantageously, many potential routings are possible depending on the situation, making the method suitable for a wide variety of uses.

Consider a user who may be the protected party, or an authorised third party. The user may be notified about the subsequent communication in dependence on the classification of said subsequent communication. The user may be notified about the subsequent communication in additional dependence on a location of the protected and/or communication party. The user may be notified about the subsequent communication in additional dependence on a status of the protected and/or communication party. This provides the advantage that the protected party or a trusted third party (such as a parent) may be notified about relevant communications involving their child and may then take appropriate action.

The communication may be routed to a third party in place of the intended recipient of the communication. Alternatively, the communication may be routed to a third party in addition to the intended recipient of the communication. The third party may specify further routing of the communication. This provides the advantage that the third party can intercept and take action on threatening, unsuitable or otherwise unwelcome messages sent to or from the protected party.

The communication may be classified based on rules stored in a database. New rules may be dynamically devised based on saved data relating to communications between the protected and communication parties, the communicating party and other parties and communication between the protected party and other parties. This provides the advantage that unwelcome communications or conversations can be better identified, potentially without the intervention of a third party.

The sensitivity of the rules may be user-set, the database may be accessed by a user, and new rules may be devised by a user. The user may be the protected party or a third party, in which case the third party may manage several databases defining rules for multiple parties. This makes the method more flexible and suited to a wide range of situations.

The system may indicate the classification of the communication to the protected party; for example by way of different notification tones or an announcement. This allows the protected party to more easily determine whether accept the communication or not.

A further communication from a third party may be received and the communication involving the protected party interrupted in dependence on the identity of the third party. This allows urgent communications (e.g. from a child's parent) to interrupt a current communication. According to another aspect, there is provided a method of managing a communication between a protected and communication party, comprising: receiving notification of a communication involving said protected party, determining data related to prior communications involving the protected party, inhibiting access to the communication for a period of time in dependence on said data, and enabling access to the communication by the protected party following the expiry of said period of time. This provides the advantage that conversations involving the protected party can be 'throttled' to limit the rate of incoming and/or outgoing messages, and that the protected party's access to communication capabilities may be limited during certain hours. This may be between the protected party and a particular communications party, or all communications involving the protected party may be throttled.

Optionally, the period of time may be defined by the protected party or a third party. Alternatively, the period of time may be dynamically calculated in dependence on the data related to prior communications between the protected and communication party. Access to the communication may be inhibited in additional dependence on a location or a defined status of the protected and/or communication party. Advantageously, access to the communication may therefore be limited based on a wide variety of factors. Inhibiting access to the communication may comprise redirecting the communication to be saved in a database. At least a portion of the database may be a cache local to the protected user or it may be is an external database. In some cases the database is inaccessible to the protected party. A third party may be able to remotely view and/or edit the contents of the database. Enabling access to the communication may comprise the communication being sent from the database to the protected party. This provides the advantage that the deferred communication can be effectively stored and managed.

Inhibiting access to the communication may comprise redirecting the communication to a third party. Enabling access to the communication may comprise the communication being sent to the protected party by the third party. This provides the advantage that deferred communication may be manually handled by the third party, providing a greater level of flexibility.

The method may further comprise indicating to the protected and/or communication party that access to the communication has been inhibited. This provides the advantage that the protected and/or communication party know that communications are being deferred may take appropriate action. The data related to prior communications between the protected and communication party may for example, comprise data in prior communications, meta data and routing data concerning the communication and prior communications, caller-ID, return email address, IP address, authorisation flags, SIP flags, certificates, time and date, a location of the protected or communication party, frequency of previous communications between the protected and communication party, recency of previous communications between the protected and communication party, a status of the protected and/or communication party, the communication party's place in a hierarchy, audio recording of a voice, video call or call attempt, content of text messages sent and received, instant messaging communications, social networking posts, emails sent and received, photo messages sent and received, and/or a list of web sites and pages visited. This provides the advantage that the decision to inhibit communications may be based on a wide variety of data inputs. The invention extends to apparatus for managing communications involving a protected party, comprising: a detecting module for receiving notice of a communication between the protected and communication party; a classification module for classifying a communication; a memory; and a module for saving data relating to a communication using the memory; wherein a communication is classified based on data related to prior communications between the protected and communication party.

The invention extends to a system for managing communications involving a protected party, comprising: a first device, operated by the protected party; one or more further devices, operated by the communication party; a processor, in communication with the first device; wherein the system is adapted to carry out any method as described.

The invention extends to any novel aspects or features described and/or illustrated herein. Further features of the invention are characterised by the other independent and dependent claims Any feature in one aspect of the invention may be applied to other aspects of the invention, in any appropriate combination. In particular, method aspects may be applied to apparatus aspects, and vice versa.

Furthermore, features implemented in hardware may be implemented in software, and vice versa. Any reference to software and hardware features herein should be construed accordingly. Any apparatus feature as described herein may also be provided as a method feature, and vice versa. As used herein, means plus function features may be expressed alternatively in terms of their corresponding structure, such as a suitably programmed processor and associated memory. It should also be appreciated that particular combinations of the various features described and defined in any aspects of the invention can be implemented and/or supplied and/or used independently.

The invention also provides a computer program and a computer program product comprising software code adapted, when executed on a data processing apparatus, to perform any of the methods described herein, including any or all of their component steps.

The invention also provides a computer program and a computer program product comprising software code which, when executed on a data processing apparatus, comprises any of the apparatus features described herein. The invention extends to a client or user device in the form of a telecommunications device or handset such as a smartphone, laptop or tablet computer, or digital television adapted to execute a computer program product as described.

The invention also provides a computer program and a computer program product having an operating system which supports a computer program for carrying out any of the methods described herein and/or for embodying any of the apparatus features described herein.

The invention also provides a computer readable medium having stored thereon the computer program as aforesaid. The invention also provides a signal carrying the computer program as aforesaid, and a method of transmitting such a signal.

The invention extends to methods and/or apparatus substantially as herein described with reference to the accompanying drawings. The invention will now be described by way of example, with references to the accompanying drawings in which incoming and outgoing phone calls are mediated using a set of rules specified by the user (the Protected Party), or a Responsible Third Party. The purpose is to manage, protect, authenticate and control the communications of the Protected Party.

Detailed description

The term 'network communication' 'communication', 'communications channel' or 'channel' used herein (as a noun or a verb) includes but it not limited to voice calls (over fixed line, mobile or VoIP), video calls, text messages, picture messages, video messages, social media messages, instant messaging, voice messages, emails, Digital TV popups, or other data transfer over a communications network.

The term 'communication' used herein includes not only successful communications, but also attempted communications, blocked communications, and failed communications over any communications channel. The terms 'communications network' or 'telecommunications network' used herein includes (but is not limited to) landline telephone networks such as PSTN (Public Switched Telephone Network); mobile networks such as GSM (Global System for Mobile Communications), GPRS (General Packet Radio Services), EDGE (Enhanced Data rates for GSM Evolution), WAP (Wireless Application Protocol), 3GPP (3 ^rd Generation Partnership Project, 4G, 5G, LTE (Long Tern Evolution), WIMAX (Worldwide Interoperability for Microwave Access); internet networks such as VoIP (Voice over Internet Protocol) or Wi-Fi; broadcast networks such as digital TV. The terms 'communications network' or 'telecommunications network' may be a number of telephone lines registered together as a group. The telephone lines may be landline, mobile or VoIP lines or other types of line that can deliver voice, text or instant messaging services.

The term 'defined status' used herein may refer to a status entered by a party on a social network or on an application. This status may comprise a mood, an activity, or a willingness and/or ability to communicate. The invention will now be described by way of example, with references to the accompanying drawings in which:

Figure 1 shows a flow chart illustrating an example of an authentication and control system;

Figure 2 shows the system of Figure 1 in more detail where a protected party is a receiver of the communication;

Figure 3 shows the system of Figure 1 in more detail where a protected party is an initiator of the communication;

Figure 4 shows an example of the system used to send phone calls to voicemail;

Figure 5 shows an example of the system where the protected party is a child and a priority caller phones the child;

Figure 6 shows an example of the system where the protected party is a child and a trusted caller phones the child;

Figure 7 shows an example of the system where the protected party is a child and an unrecognised caller phones the child; and

Figure 8 shows an example of the system used to defer and retransmit communications.

Figure 1 shows a flow chart illustrating a system 100 configured to manage, protect, authenticate and control the communications that are engaged in by a protected party 10, which may be an individual, family, group, device, company or other entity or group of entities. The system 100 uses a range of communication channels (e.g. voice calls, video calls, text messages, picture messages, video messages, social media messages, instant messaging, Digital TV popups, voice messages, emails or other data transfer over a communications network).

The system 100 is arranged to manage the protected party's communications over this range of communication channels with any communication party 12, which should be understood to refer to any individual, entity, device or company that may communicate with the protected party 10 using any of the communication channels covered by the system 100. In addition to the protected and communication parties 10,12 which are in communication (or attempting to initiate communication) with each other, a third party 14 may optionally interact with the system 100 to monitor or change the way in which communications are managed by the system 100. The protected party 10 may be referred to as the protected party, and the communication party 12 may be referred to as the communication party. The method used by the system 100 may be compared to a method that would be carried out by a personal assistant (to the protected party 10) who answers a phone call and assesses it before allowing it through, but differs in that it consolidates multiple communication channels. As shown in Figure 1 , when a communication is sent from the communication party 12 to the protected party 10 it goes through a mediation process prior to be displayed and/or brought to the attention of the protected party 10. This process uses a specified set of rules.

The purpose of the mediation is to:- · manage communications

• protect the protected party 10 from unwanted or inappropriate communications

• authenticate the communication party 12 to the protected party 10 (or authenticate the protected party 10 to the communication party 12)

• control the number of communications and/or their timing The rules that control the mediation process are stored in a preference database 20 and managed by either the protected party 10, or alternatively by a third party 14. This is particularly useful where the protected party 10 is a vulnerable person, such as a child or an elderly person. The third party 14 may then be a parent, carer, legal guardian or other official. The preference database 20 may be accessed and the rules managed in a number of ways - for example, via a web site, a smartphone app, or a voice menu system.

As shown in Figure 1 , an activity log 30 is provided which is used to log all data related to communications and all activity performed by the system 100.

Figure 2 shows the system of Figure 1 in more detail where the protected party 10 is the receiver of the communication (or part of a group of entities receiving the communication). Similarly, Figure 3 shows the system of Figure 1 in more detail where the protected party 10 is the initiator of the communication (or part of a group of entities initiating the communication). Identification and communications management

As shown in Figures 2 and 3, the system 100 monitors each incoming communication attempt and attempts to identify the communication party 12 using all data that is available - for example the communication party's communication 'address' (data such as caller-ID, return email address, internet protocol (IP) address, authorisation flags, session initiation protocol (SIP) flags, and certificates) and information identifying the current location of the communication party 12.

If the communication party 12 cannot be reliably identified, the system 100 may require the communication party 12 to identify themselves. In the case of an incoming telephone call this may be done with an automated process - for example, the communication party 12 could be asked to key in a code on their telephone handset, or say a series of words for voice recognition or recognition by the protected party 10 - or their communication could be routed to another individual to carry out the authentication (e.g. the third party 14). This identification process allows the communication party 12 to be classified into various categories which affect the further processing of the communication. These categories could, for example, include 'trusted caller' or 'unknown caller'.

Once this identification and classification is complete the preference database 20 mentioned above is used to determine the appropriate treatment for the communication. Various factors are considered to determine the appropriate treatment for the communication. These factors could, for example, include the current time and date, the current location of the protected party 10, the frequency and recency of previous communications with the communication party 12 via all communication channels, data collected about communications made between the communication party and other parties (for example, have other people classified this person as an undesirable), and/or a status of the protected party 10 (e.g. interruptible/not interruptible).

The classification of the communication can be stored in a database and used to classify future communications with the same protected party, or another protected party. For example, if Andrew sends a malicious text messages to Beth, her parents may flag Andrew as someone who sends malicious texts. If Andrew phones Charlie the call may be routed via Charlies' parents first because Andrew is not a fully trusted communicator. This 'reputation management' builds a community of protection for the protected parties. Other forms of data that may be used to identify and/or classify a communication include: data in prior communications, meta data and routing data concerning the communication and prior communications, caller-ID, return email address, IP address, authorisation flags, SIP flags, certificates, time and date, a location of the protected or communication party, frequency of previous communications between the protected and communication party, recency of previous communications between the protected and communication party, patterns of previous communications or communication attempts, a status of the protected and/or communication party, the communication party's place in a hierarchy, audio recording of a voice, video call or call attempt, content of text messages sent and received, instant messaging communications, social networking posts, emails sent and received, photo messages sent and received, and/or a list of web sites and pages visited.

A range of outcomes are possible for each communication attempt, as is shown in Figures 2 and 3. The outcomes could, for example, include:

• Allowing the communication to go ahead as requested

· Blocking the communication

• Redirecting the communication to another party (such as the third party 14)

• Storing the communication for later transmission to the protected party 10

• Asking the communication party 12 to leave a message that can be picked up by the protected party 10

· Generating a message telling the receiving protected party 10 that a communication attempt was received from the communication party 12 but that it was blocked

• Redirecting the communication to another channel (e.g. routing the audio portion of a video call via a channel that supports audio only)

· Sending a message via another communications channel (e.g. sending a text message)

Logging and monitoring

As discussed above, an activity log 30 may be kept of all the communications processed, preferably including all the data used by the decision process to determine the treatment (e.g. onward routing) of the communication. Additionally, if the communication is allowed to go ahead as requested, then it may be monitored based upon rules in the preference database 20. For example, the system 100 may be configured to store the actual content of the communication in some or all circumstances. This may include the audio recording of a voice or video call (or call attempt), the content of text messages sent and received, instant messaging communications, social networking posts, emails sent and received, photo messages sent and received, and a list of web sites and pages visited.

In one example, the system 100 may allow a communication to go ahead but limit the duration of a communication, or ban certain actions during the communication (for example, the inclusion of photographs as attachments).

In another example, action can be taken in real time during the communication based upon the content. For example, a text chat session may have been initiated and allowed, but during the session inappropriate words or phrases are detected, or one of the parties 10, 12 attempts to send an attachment (in contravention of the rules in the preference database for that type of communication). The session may then be terminated and further communication blocked. In some situations, the third party 14 can be notified about the communication while it is in progress and given the opportunity to join in, or alternatively just monitor the communication.

The third party 10, (and/or, optionally, the protected party 14):-

• has access to the communications log, and the outcome of each communication attempt.

· may be able to review the content of historic communications (by listening to phone call recordings or reading text messages and social media posts, for example)

• may receive alerts in real time when events that they deem significant occur

• may be able in real time to monitor and terminate communications Controlling multiple communications channels together

It will be appreciated that the system generally operates at a higher level than a typical 'spam filter'. Individuals have a variety of 'addresses' - their mobile phone number, their landline phone number, their instant messaging ID, their email address, their Facebook™ login ID, websites or web services that they are associated with, among others. The present system is able to recognise that different communications via different media are related to the same communication party 12. The rules stored in the preference database 20 cover all these channels and are informed by activity across all these channels.

Unlike regular spam filters that control inbound communications, it will be appreciated that both inbound and outbound communications may be controlled. Communications to a particular communication party 12 may be blocked or controlled.

A third party 14 may put controls over all these multiple communications channels - for example, on the basis of having spoken to a communication party 12 who wished to speak to the protected party 10 (based on a phone call being redirected to the third party 14) the third party 14 could block or throttle (limit) all communications to or from all the addresses that are known for that communication party 12 - affecting their phone calls, emails, and text messages, for example. This functionality is particularly useful in the case where the protected party 10 is a child, the third party 14 is a parent, and the communication party 12 is a person who wishes to speak to the child. These controls can apply to all communications devices that the protected party 10 uses. This might include their mobile phone, their personal computer (PC) or any other communications device or service. In the case where the protected party 10 is a child, the child's school could choose to allow the parent's preferences to be applied to their child's use of school computers. Control can be carried out at a fine level so that, for example, for a particular communication party 12 outbound phone calls could be allowed from the protected party's mobile phone, but inbound phone calls from that communication party 12 could be blocked. Similarly, inbound texts could be allowed, but not outbound texts, and all instant messaging and emails could be allowed from some devices (for example, a home PC) but not from a mobile device (for example, a mobile phone).

These rules can be applied to individual communication parties 12 or groups of communication parties 12 (for example the group 'school friends,' in the case where the protected party 10 is a child).

The present invention allows the preference databases 20 of a group of people to be managed together in one place - for example, within a family. Different members of the group will have different communications needs. For example, in the case of a family, children and older relatives may need to be protected from inappropriate communications. There may be some commonality between the preferences for all the family. For example, the phone number of another family member will be on everyone's preference database 20 as a trusted caller, and equally if one member of the family blocks calls from a specific telemarketer's phone number, then other members of the family will want similar protection from this number too.

Dynamic configuration control If the protected party 10 is the entity managing the preference database 20, then the system 100 may preferably dynamically manage system preferences and controls.

The protected party 10 can specify cost parameters in the preference database 20. This refers to the notional cost incurred if a 'bad' call is allowed through, and the notional cost if a 'good' call is blocked. This may differ for different members of a group. For the example use case of a family, for an adult member of the family who is not vulnerable the 'cost' of receiving a nuisance call is low - it is just an interruption and annoyance. For a vulnerable member of the family, for example, an elderly person, the 'cost' of receiving a nuisance call is higher because they may be at risk of being scammed. Similar differences in cost parameters could be specified for different functions of a business, for example.

This information allows the system 100 to dynamically devise rules for the preference database 20 based upon current and historic calling patterns to protect the protected party 10.

For example, the system 100 may learn who the acceptable communication parties 12 are and who are not by monitoring how the protected party 10 handles communications with them. If the protected party 10 always chooses to accept communications from a particular communication party 12, the system 100 may configure the preference database 20 to always allow communications from and to this communication party 12, and this may happen across all media. For example, if the protected party 10 always responds to text messages from a particular communication party 12, then if that communication party 12 makes a voice call to the protected party 10 the system 100 may allow the call directly through even though this communication party 12 has never called before. The protected party 10 or third party 14 is notified that the new rule has been added to the preference database 20 and can reject or amend the setting if they wish.

Automatic setup

When a protected party 10 first installs or registers the system 100 as a software application, or similar, the system 100 preferably is able to access their previous communication history (which may include, for example their phone call history, their previous SMS history and their social media engagement history) and uses this to implement a communications strategy for the communication parties 12 that the protected party 10 has previously engaged with. The communications strategy is held in the preference database 20.

For example, if the protected party 10 makes and receives phone calls to/from a certain communication party 12 frequently, and those phone calls last on average more than 5 minutes then the system 100 may judge that this is probably a known and trusted caller such as a friend or family member, so future calls could be allowed through unimpeded. Similarly, if the protected party 10 receives many phone calls from a certain communication party 12 that on average last under 20 seconds it suggests that the communication party 12 could be a nuisance caller and their communications should be handled accordingly in the future. In another example, if the protected party 10 never receives or makes phone calls to international numbers (or all calls from international numbers last less than 30 seconds) it suggests that any international phone calls received should be treated with caution.

Dynamic monitoring

Call history data can be used to create a dynamic probabilistic model of 'normal' telephone traffic. This probabilistic model could then be used, for example, to determine the mean number of calls received from each area code at different times of the day along with the standard deviation (or other statistical measure). By weighting these parameters by recency (telephone traffic patterns will change over time so recent call patterns are more important than historic call patterns) the system 100 can determine the probability that certain incoming call patterns that are being observed are 'normal' or 'abnormal' and take appropriate action. For example, if the protected party 10 (a business) received 100 calls between 6am and 6:10am from a particular telephone area code when it would be expected that less than 5 calls would be received in this time period from this area code then this may be designated as a an abnormal call pattern.

Connection via Digital TV set, tablet device or PC A further feature of the system 100 is an interface with one or more applications, which can preferably run on telephones, tablets, PCs or any other computing or communications device to notify the protected party 10 about incoming communications, and, preferably, allow the protected party 10 to control communications via this application.

For example, if someone contacts the protected party 10 but they are unable to respond, for example if someone calls the protected party's landline phone and they is away from home, the protected party 10 may receive an alert on the device they are currently using and can choose to pick up the call on that device (if possible), send the call to an alternative number, or instruct the system to answer the call and play a predefined message to the caller.

In another example where the protected party 10 is a child, a notification may be sent to the parent every time a child makes or receives a phone call or sends or receives a text message or other communication. This can give the parent details of the communication and allows then to monitor and interact with the call - for example, for a telephone call they may listen in, join in or terminate the call as previously described.

This feature could also be used with a digital TV using the TV remote control as a controller, rather than via a software application for a device. Call Waiting / Call Barging

An additional advantageous feature of the system 100 is a hierarchy and relationship map of communication parties 12 held in the preference database 20. This allows the system 100 to choose whether or not to notify the protected party 10 when there is a call waiting based on the priority of these relationships. This decision may be based upon factors including the hierarchical status of the communication party 12 that the protected party 10 is currently talking to as compared to the hierarchical status of the communication party 12 whose call is waiting. If it is appropriate for that particular category of caller to interrupt the current call, then the system 100 may use different notification tones to indicate different classes of caller to help the protected party 10 decide whether to interrupt their current call or not.

This feature is particularly useful when someone is engaged on a phone call and someone else calls them, because they have very little information about the new caller. Is it worth interrupting their current call to speak to the new caller? The new call may be a telemarketing call, or it may be an urgent call.

Preferably, the system 100 also provides an automatic 'barge in' option - for example, if a child is talking on the phone to one of their friends and their parent calls then the system can automatically put the friend on hold and directly connect the parent.

Example use of the system

Protecting vulnerable people

It is recognised that some people are vulnerable at certain stages of their lives, and so may need to have their communications mediated by a third party 14 in order to protect them from communications that are inappropriate for some reason - for example, because of their timing, frequency, content, the identity of the communication party 12, or the objectives of the communication party 12. In this example use, the protected party 10 may be a vulnerable person while the third party 14 may be a family member, friend or carer. While the protected party 10 will have the ability to manage some aspects of their communications, for example, calling friends or family, the system allows the third party 14 to control other aspects of their communications, for example, receiving calls from unknown communication parties 12.

Protection from interruption at particular times The protected party 10 may be in a position where they only want to receive communications from certain specified communication parties 12 (or certain types of communication party 12), or they may only want communications that communication parties 12 deem urgent. For example, the protected party 10 may be asleep or engaging in an activity that requires their full attention, such as teaching, participating in a meeting, driving, or working. Protection from bullying/malicious communications

Figure 4 shows an example embodiment of the system 100 in which phone calls are sent to voicemail. Voicemail is generally used to take messages when the called party is unable to answer the phone. Some parties use their answerphone to screen messages from people that they do not want to speak to.

The present system 100 can use voicemail for a different purpose - to take the immediacy and confrontation out of a communication. People who are being subjected to bullying or threatening phone calls find that actually speaking to the caller and having to respond to them in real time is a very frightening aspect of the experience. They may feel that they do not have control of the situation, and may panic whenever the phone rings. Phone calls from certain communication parties 12 go directly to voicemail without ringing the phone, and the protected party 10 is notified that there is a message (for example, by means of a phone call, a text, an instant message or an email) giving any available information that identifies the communication party 12.

The present system offers 'immediate voicemail'. This has two benefits:-

• If calls are filtered in this way then the protected party 10 may feel more in control of the situation. They can choose to listen to the message, or ignore it if they prefer to do so.

· The communication party 12 knows that their message has been recorded so is much less likely to make a threat - if they do, then this is available as evidence.

Protection against Denial of Service attacks

Individuals or organisations may be subject to 'denial of service' attacks where a communications channel is flooded with communications (or communication attempts) to prevent authentic communication from taking place. The system 100 allows the communications to be classified before they are forwarded to reduce the number of successful denial of service communications.

If the protected party 10 is a company there is a larger volume of historic data, and new data is added to the call history database all the time. This makes the use of a probabilistic model as previously described particularly viable. The probabilistic model of 'normal' communication traffic allows the incoming traffic to be analysed, and designate the call pattern as abnormal or exceptional if necessary. For example, if 100 phone calls are received in one hour from a particular area code, the system 100 evaluates the probability that this is normal traffic and the probability that it is part of a telephony denial of service attack. By using the probabilistic model and the cost parameters the system 100 can decide whether to block or allow through each individual phone call.

The dynamic management features of the system 100 monitor the characteristics of the exceptional calling patterns that are seen as part of the attack, and classifies them in real time and if necessary dynamically adds new rules to the preference database 20 to block them. These rules may only be active while the attack is in progress.

The present system 100 also provides a control panel for staff to view the attack in real time and devise their own blocking rules for the preference database 20. A simulator will test any new rule against the probabilistic model, the cost parameters and the recent call traffic data to determine the likely impact of a new blocking rule. Monitoring the communications of a child

The present system 100 may be used for the case where the protected party 10 is a child and the third party 14 is a parent. The communication party 12 may then be any other party attempting to communicate with the child. The system 100 allows the parent 14 to give their children 10 access to communications channels, but retain control over that access. This allows parents to feel secure in the knowledge that the child is not exposed to inappropriate content or communications from any unsuitable persons. This is particularly useful for children's mobile phones, for example, and especially for young children having their first mobile phone.

A particularly useful feature in this regard is that the parent can have a dialogue with a caller so as to determine their suitability before the call is allowed through.

Parents may have a number of reasons for accepting or blocking calls, or restricting other communication channels:-

• They do not want their child getting unsolicited telemarketing calls • They do not want their child to be contactable by anyone who they (the parent) haven't approved

• Certain specific callers may be undesirable - for example, other children who are bullying by phone

· Restricting the use of a phone can be a valuable sanction for parents who want their children to be more responsible on the phone

• Parents may want to limit the maximum amount of time each day their children spend on the phone, or the maximum amount of time they spend communicating with particular individuals.

· Parents may want to limit the hours of the day when communication can take place - for example, preventing all but the most urgent calls during school hours; or preventing their child sitting up all night texting

This control can be loosened or tightened by the parent as the child gets older and/or becomes more mature and responsible.

Figures 5, 6, and 7 illustrate different treatments that the system may apply to different types of callers for the case where the protected party 10 is a child. Different rules can be set in the preference database to meet specific needs. Callers can be allocated to a plurality of categories, and each category of caller may be treated differently. For example, telephone calls from priority callers (for example, the child's mother or father) will always get through, as is illustrated in Figure 5. Calls from other trusted callers (for example, other family members or the child's best friend at school) are passed straight through to the child during certain hours of the day, but are intercepted and redirected at other times, as is illustrated in Figure 6. As Figure 7 shows, all other unrecognised calls are routed to the parent. When the parent's phone rings and they pickup they hear a short message announcing the call (e.g. "This is a call for Bobby") before they are connected to the caller. They can speak to the caller to determine the caller's identity and the purpose of the call, and then exercise their parental judgement to decide how the call should be handled. A number of different call handling options are possible:- a) Whether to let the call through to the child

b) Whether to let the call through to the child, but continue listening in to the call until they are satisfied that the call is legitimate c) Whether to let the call through to the child and let all future calls from that caller through

d) Whether to block calls from this person to the child (this can be an incoming and outgoing call block - so as to also prevent the child calling this number) e) Whether to send all future calls from this person to the child's or the parent's voicemail box

All text messages or photo messages to or from certain communication parties 12 may be redirected via the parent for their approval before they are delivered. Parents can set hours when their child can receive any calls or texts - this may be quite sophisticated with different rules for weekdays, weekends, school holidays, family holidays, for example. Phone calls from friends who try to communicate outside these hours can be sent directly to voicemail or can be routed to the parent if the caller decides it is urgent. Similar provisions can be applied to other communication means. Figure 8 shows a use of the system in which incoming text messages may be deferred. Texts can be held in a deferment database 50 and released (retransmitted) when appropriate - for example when the child leaves school, or when a time period expires. By this means the system 100 can also throttle the communication, decreasing the 'velocity' of a text conversation. For example, the system 100 can put an artificial delay of 10 minutes on each text that is sent (and/or received). This has the effect of slowing down the speed of a text conversation and may prevent it getting out of hand. It will be appreciated that this feature may apply to other communication media, such as email or instant messaging.

The deferment database 50 may be located in the communication devices (e.g. phone) local memory, or may be an external database. In either case, the database 50 is preferably inaccessible to the child, although a parent may be able to remotely view the contents of this database 50. The text may then be retransmitted from this database 50 to the child's device, or otherwise shown to the child, when the time period has been expired. Alternatively, deferred texts could be sent to the parent who may then manually release them to the child's device. The child or the person texting the child may be informed that 'throttling' or 'deferment' is active, so the delivery of their message will be delayed, depending on user preferences. This decision may be taken across different communication media - for example, the volume of email messages to or from a particular communication party 12 (or group of communication parties) could cause the throttling and deferral of text messages to and from that particular communication party 12 (or group of communication parties).

Alternatives and modifications

Various other modifications will be apparent to those skilled in the art for example, although the description above relating to third and protected parties 14, 10 primarily describes a 'parent-child' scenario, where the parent is the third party and the child is the protected party the above examples apply to any other pairings or groups of people. The terms 'parent' and 'child' used throughout the description should therefore be construed accordingly. The term 'party' could mean a group of parties, for example, a number of parties having a shared characteristic such as geographic location or relationship to the user.

It will be understood that the present invention has been described above purely by way of example, and modifications of detail can be made within the scope of the invention.

Reference numerals appearing in the claims are by way of illustration only and shall have no limiting effect on the scope of the claims.