\
`
`'5'
`
`:4 uni-7'
`
`ELSEVIER
`DIGI'I‘AL
`PRESS
`
`John W. Rittinghouse
`
`James F. Ransome
`
`
`
`
`Sec rity
`
`
`
`
`
`
`Page 1 of 13
`
`Samsung Exhibit 1025
`
`Page 1 of 13
`
`Samsung Exhibit 1025
`
`

`

`
`
`
`
`
`
`
`
`
`
`
`Elsevier Digital Press
`30 Corporate Drive, Suite 400, Burlington, MA 01803, USA
`Linacre House, jordan Hill, Oxford OX2 8DP, UK
`
`Copyright © 2005, John W Rittinghouse and James F. Ransome. All rights reserved.
`
`No part of this publication may be reproduced, stored in a retrieval system, or
`transmitted in any Form or by any means, electronic, mechanical, photocopying,
`recording, or otherwise, without the prior written permission of the publisher.
`
`Permissions may be sought directly from Elsevier’s Science 8C Technology Rights
`Department in Oxford, UK: phone: (+44) 1865 843830, fax: {+44} 1865 853333,
`e—mail: permissions@elsevier.eom.ul(. You may also complete your request on-line
`via the Elsevier homepage (http:”clsevi€r.c0m), by selecting "Customer Support”
`and then “Obtaining Permissions.”
`
`Recognizing the importance of preserving what has been written, Elsevier prints its
`books on acid—free paper whenever possible.
`
`Library of Congress Cataloging-in-Publication Data
`Application Submitted.
`
`iSBN: 165558—3385
`
`British Library Cataloguing—in—Publication Data
`A catalogue record for this book is available from the British Library.
`
`
`
`
`
`
`
`Printed in the United States ofAmeriea
`
`For information on all Elsevier Digital Press publications
`visit our Web site at wwwboolrselsevieecom
`
`050607080910987654321
`
`
`
`Page 2 of 13
`
`Page 2 of 13
`
`

`

`Contents
`
`List of Figures and Tables
`
`Acknowledgments
`
`Foreword
`
`I
`
`Introduction
`
`_
`
`H Purpose and Audience
`|.2 What to Expect from This Book
`I3 What Is “‘1?
`
`IM and its History
`|.3.|
`IM as an Integrated Communications Platform
`|.3.2
`Common IM Application Approaches
`L33
`i.3.4 Who Uses IM?
`
`|.3.5 What Are the Advantages of Using IN?
`|.3.6 What Are the Risks of Using IN?
`Summary
`Endnotes
`
`1.4
`I5
`
`2 How Does IM Work!
`
`2.1
`
`High-LevelView of IM
`2.! .|
`The Presence Service
`
`2.2
`
`2.3
`
`The Instant Messaging Service
`2. I .2
`Basic IM Features
`
`Enterprise Instant Messaging Considerations
`2.3.!
`Operating System
`2.3.2
`Database
`
`2.3.3
`2.3.4
`
`Directory Services
`Interoperability
`
`xiii
`
`xv
`
`xvii
`
`I
`
`I
`
`2
`2
`
`3
`6
`7
`7
`
`|
`I
`IS
`27
`27
`
`3|
`
`3|
`32
`
`38
`40
`
`42
`42
`43
`
`43
`43
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 3 of 13
`
`Page 3 of 13
`
`

`

`Contents
`
`43
`44
`44
`44
`44
`4s
`46
`46
`47
`47
`47
`4s
`48
`49
`49
`5 l
`52
`
`53
`
`53
`S7
`58
`59
`65
`66
`68
`69
`
`69
`69
`7O
`70
`7|
`7|
`7|
`7]
`72
`
`3.4.4
`3.4.5
`3.4.6
`3.4.7
`3.4.8
`3.4.9
`3.4.10
`3.4.l |
`3.4.12
`
`3.4.[3
`
`73
`Middie-to-End Security
`73
`SIP Security Issues
`75
`3.5
`SIP for 11"! and Presence Leveraging Extensions
`
`
`
`2.3.5
`2.3.6
`2.3.7
`2.3.8
`2.3.9
`
`Schema Change Requirements
`Standards Based for Third-Party Support
`Compliance Management
`Remote Access
`Cost Considerations
`
`2.4
`2.5
`
`An Enterprise EIM Nightmare Scenario
`An Overview of Mobile and Wireless Instant Messaging
`2.5. I
`What ls Mobile Instant Messaging?
`2.5.2
`What lsWireless Instant Messaging?
`2.5.3
`Short Message Service
`2.5.4
`Wireless Application Protocol
`2.5.5
`General Packet Radio Service
`2.5.6
`The Future oleM
`2.5.7
`The Future of NM
`
`2.6
`2.7
`2.8
`
`Selecting and Securing aWIM Solution
`Summary
`Endnotes
`
`3
`
`IM Standards and Protocols
`
`3.[
`
`3.2
`
`3.3
`3.4
`
`Extensible Messaging and Presence Protocol—RFC 2778
`3.].[
`jabber and the IN Community
`Jabber Protocol and XMPP
`3.2.l
`Architectural Design
`Instant Messagingl'Presence Protocol—RFC 2779
`Session Initiation Protocol
`3.4.]
`3.4.2
`3.4.3
`
`SIP Security
`Existing Security Features in the SIP Protocol
`Signaling Authentication Using HTTP
`Digest Authentication
`SIMIME Usage within SIP
`Confidentiality of Media Data in SIP
`TLS Usage within SIP
`IPsec Usage within SIP
`Security Enhancements for SIP
`SIP Authenticated Identity Body
`SIP Authenticated Identity Management
`SIP Security Agreement
`SIP End-to—Middle, Middle-to-MiddIe,
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 4 of 13
`
`Page 4 of 13
`
`

`

`
`
`Contents
`
`
`
`3.6
`3.7
`
`The Future of IM Standards
`Endnotes
`
`76
`78
`
`8|
`
`8|
`83
`85
`86
`87
`88
`88
`88
`89
`9G
`90
`9|
`9|
`93
`93
`95
`96
`99
`l00
`l04
`I07
`I09
`I
`|
`l
`I
`|
`l
`
`“3
`
`ll6
`i|6
`
`l l9
`|20
`[22
`I22
`|24
`|24
`I25
`IZS
`
`Overview
`4.I.l
`Instant Messaging Opens New Security Holes
`4.|.2
`Legal Risk and Unregulated Instant Messaging
`The Use of IM as Malware
`4.2
`4.3 What Is Malware?
`Viruses
`4.3.l
`4.3.2
`Worms
`4.3.3
`Wabbits
`4.3.4
`4.3.5
`4.3.6
`4.3.7
`4.3.8
`4.3.9
`Exploits
`4.3. l0
`Rootkits
`4.4 How Is IM Used as Malware?
`4.4.l
`As a Carrier
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Contents
`
`
`4
`
`IM Malware
`
`4. |
`
`Trojan Horses
`Spyware
`Browser Hijackers
`Blended Threats
`Backdoors
`
`4.4.2
`4.4.3
`4.4.4
`4.4.5
`
`As a Staging Center
`As aVehicle for General Hacking
`As a Spy
`As a Zombie Machine
`
`As an Anonymizer
`4.4.6
`Summary
`End notes
`
`4.5
`4.6
`
`5
`
`IM Security for Enterprise and Home
`
`5.|
`
`5.2
`
`5.3
`
`How Can IM Be Used Safely in Corporate Settings?
`5.|.|
`Understanding IM and Corporate Firewalls
`5.|.2
`Understanding IM File Transfers and Corporate Firewalls
`5.|.3
`Blocking and Proxying Instant Messaging
`IM Detection Tools
`5.|.4
`
`Legal Risk and Corporate Governance
`5.2.l
`Legal issues with Monitoring lMTraffic
`Corporate IM Security Best Practices
`5.3.l
`Start from the Firewall
`5.3.2
`
`Consider the Desktop
`
`Page 5 of 13
`
`Page 5 of 13
`
`

`

`5.3.3
`5.3.4
`5.3.5
`5.3.6
`5.3.7
`5.3.8
`5.3.9
`5.3.10
`5.3.] l
`
`Install Patches to [M Software ASAP
`
`Enforce Client-Side [M Settings
`[M Proxy Gateways
`VPNS
`Antivirus
`
`Set up ContainmentWards
`Secure Information with Encryption
`[M System Rules, Policies. and Procedures
`Monitor to Ensure IM Client Policy Compliance
`Security Risks and Solutions for Specific Public [M Clients
`5.4.]
`MSN Messenger
`5.4.2
`Yahoo! Messenger
`5.4.3
`America Online instant Messaging
`5.4.4
`ICQ
`5.4.5
`
`Beware of [M Third-Party Clients and Services
`Home [M Security Best Practices
`Summary
`Endnotes
`
`6
`
`[M Security Risk Management
`
`[M [s a Form of E-mail
`
`IM Security and the Law
`Cybersecurity and the Law
`6.3.1
`The [996 National Information Infrastructure
`Protection Act
`President's Executive Order on Critical
`Infrastructure Protection
`The USA Patriot Act of 200[
`
`6.3.2
`
`6.3.3
`6.3.4
`
`The Homeland Security Act of 2002
`{M Must Be Managed as a Business Record
`[M Risk Management
`Summary
`Endnotes
`
`5.4
`
`5.5
`
`56
`5.7
`
`6.[
`6.2
`6.3
`
`6.4
`6.5
`6.6
`6.7
`
`Contents
`
`126
`126
`126
`I27
`128
`[28
`[29
`I30
`I31
`I32
`I32
`I37
`I45
`[53
`[56
`[58
`l6l
`I61
`
`{65
`
`[65
`I66
`I69
`
`I70
`
`[70
`I7[
`[75
`[88
`[89
`[9!
`[9|
`
`I95
`
`I 95
`200
`202
`204
`205
`
`
`
`viii
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`7 The Business Value of IM
`
`7. |
`7.2
`7.3
`7.4
`7.5
`
`Ubiquitous Presence andWorkflow
`lt‘s All about Culture
`Overall ROI for [M
`The Choice Is Yours
`Endnotes
`
`
`
`
`
`Page 6 of 13
`
`Page 6 of 13
`
`

`

`
`
`i
`
`Contents
`
`8
`
`The Future of IN
`8.l
`The Pervasive Network
`8.2
`Peer-to-Peer Instant Messaging
`8.3
`Peer-to-Application (the Human-Computer Interface)
`8.4 Machine-to-Machine (Application-to-Application)
`8.5
`Jabber
`8.6
`Security and Government Compliance
`8.7
`The Business Impact
`8.8
`Endnotes
`
`A General Network Security
`
`A.l
`A2
`A3
`
`Threats to Personal Privacy
`Fraud and Theft
`Internet Fraud
`
`AA Employee Sabotage
`A5
`Infrastructure Attacks
`A6 Malicious Hackers
`A.7 Malicious Coders
`
`AB Industrial Espionage
`A?
`Social Engineering
`A.9.|
`Educate Staff and Security Personnel
`A32
`Crafting Corporate Social Engineering Policy
`A.9.3
`Prevention
`A.9.4 Audits
`
`A95
`A.9.6
`
`A9]
`A38
`
`Privacy Standards and Regulations
`NAIC Model Act
`
`Gramm-Leach-Bliley Act
`HIPAA
`
`A.lO Summary
`Al I Endnotes
`
`B Managing Access
`B.I
`Access Control
`
`B. H
`B. l.2
`
`B. l.3
`3. L4
`B. l.5
`B. L6
`
`Purpose ofAccess Control
`Access Control Entities
`
`Fundamental Concepts of ACCess Control
`Access Control Criteria
`Access Control Models
`Uses of Access Control
`
`ix
`
`207
`209
`2| |
`2| l
`2|2
`2H
`2 I 5
`2l7
`2 I8
`
`2I9
`
`220
`220
`22|
`
`223
`224
`224
`225
`
`225
`228
`229
`23|
`232
`232
`
`232
`233
`
`234
`235
`
`237
`238
`
`24I
`24|
`
`24|
`242
`
`242
`244
`244
`249
`
`..
`
`.
`
`Contents
`
`
`
`Page 7 of 13
`
`Page 7 of 13
`
`

`

`
`
` x Contents
`
`3. | .7
`B. l .3
`B. | .9
`
`Access ControiAdministration Models
`Access Control Mechanisms
`Internal Access Controls
`
`3.2
`
`3| .10 Techniques Used to Bypass Access Controls
`Password Management
`B.2.[
`SmartCards
`
`B22
`3.2.3
`
`Biometric Systems
`Characteristics of Good Passwords
`
`Password Cracking
`3.2.4
`3.2.5 WindOWS NT L0phtCracl< (LC4)
`3.2.6
`Password Cracking for Self-Defense
`3.2.7
`UNiX Crack
`
`3.2.8
`3.2.9
`
`john the Ripper
`Password Attack Countermeasures
`
`3.3
`3.4
`3.5
`
`Physical Access
`Summary
`Endnotes
`
`C
`
`Security Management Issues
`
`C.[ Organizational Security Management
`C.I.|
`Perceptions of Security
`C.i.2
`Placement of a Security Group in the Organization
`C. 1.3
`Security Organizational Structure
`C. 1.4
`Convincing Management of the Need
`C. [.5
`Legal Responsibilities for Data Protection
`C. [.6
`DHS Office of Private Sector Liaison
`
`(:2 Security ManagementAreas of Responsibility
`C2}
`Awareness Programs
`C22
`Risk Analysis
`C23
`incident Handling
`C24 Alerts and Advisories
`
`C25 Warning Banners
`C26
`EmpioyeeTerrninacion Procedures
`C27
`Training
`C28
`Personnel Security
`C29
`Internet Use
`C2 IO E-mail
`C.2.| i Sensitive Information
`
`C2 | 2 System Security
`C2. | 3 Physical Security
`Security Policies
`
`C3
`
`249
`251
`25[
`
`256
`257
`253
`
`258
`258
`
`259
`260
`260
`26|
`
`262
`263
`
`263
`263
`264
`
`265
`
`266
`266
`266
`267
`268
`268
`269
`
`269
`270
`27|
`272
`273
`
`274
`274
`275
`275
`276
`276
`276
`
`277
`277
`278
`
`
`
`Page 8 of 13
`
`Page 8 of 13
`
`

`

`1
`
`_.
`
`Contents
`
`C4 Basic Approach to Policy Development
`C.4.I
`Identify What Needs Protection and Why
`C.4.2 Determine Likelihood ofThreats
`
`Implement Protective Measures
`C.4.3
`(2.4.4 What Makes a Good Security PolicyiI
`(2.4.5
`Review and Assess Regularly
`OS Security Personnel
`C.5.|
`Coping with InsiderThreats
`(2.5.2 How to Identify Competent Security Professionals
`C.5.3
`How to Train and Certify Security Professionals
`Security-Related Job Descriptions
`C.5.4
`C.6 Management of Security Professionals
`C.6.l
`Organizational Infrastructure
`C.6.2
`Reporting Relationships
`(2.6.3 Working Relationships
`C.6.4 Accountability
`Summary
`(3.7
`C.8 Endnotes
`
`278
`279
`279
`280
`28 I
`283
`283
`283
`285
`286
`289
`295
`295
`296
`297
`297
`298
`298
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`D IN Policy Essentials
`
`D.| ABC Inc. Information SecurityAcceptable Use Policy
`[)2 ABC Inc. E—maiIIIM Use Policy
`0.3 ABC Inc. E-maililM Retention Policy
`
`E Glossary, References, and Policy Issues
`
`IM Specific Glossary
`E.|
`E2 General Security Glossary
`E3
`References
`
`2.99
`
`300
`306
`308
`
`3H
`
`3H
`3|6
`342
`
`Index
`
`349
`
`
`
`
`
`
`,J
`
`Contents
`
`Page 9 of 13
`
`Page 9 of 13
`
`

`

`I.3 What IS IN?
`
`l.3.|
`
`IM and Its History
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`In our fast—paced world there are times when even the rapid response of e-
`mail is not Fast enough. There is no way for you to know if the person you
`are sending e-mail to is online at that moment. This is one of the reasons
`why 1M has gained popularity, acceptance, and become a desired tool in the
`workplace. 1M provides us with the ability to maintain a list of people,
`often called a buddy list or contact list, whom we want or need to interact
`with. IM monitors our list of people and their status of being online or
`offline. If they are online, we can send messages back and forth. Businesses
`today are increasingly viewing IM as an excellent productivity and commu—
`nication tool that complements voice mail and e-mail. In order for there to
`be complete acceptance, there needs to be specific security, accountability,
`and uniformity among 1M solution providers. There needs to be policies
`that protect critical organizational interests and comply with federal man-
`dates and regulations. Corporations want 1M solutions that provide seam—
`less sccurity, Full audit trails, identity controls, and administrative controls.
`Most corporations agree that message encryption is essential.
`
`There are three basic types of IM, as Follows:
`
`1.
`
`2.
`
`3.
`
`Public messaging
`
`Enterprise messaging
`
`Wireless messaging
`
`In 1987, a computer scientist at MIT developed an instant—messaging
`program called Zephyr in order to provide a system that was Faster than e—
`mail, which had begun to be bogged down, so that urgent messages
`regarding the school’s network and server could be received instantly in
`case, for example, the school’s network server was going down. Soon, stu-
`dents adopted Zephyr as a form of easy communication that could be used
`while they worked at
`their computers. This technology was quickly
`adopted by other universities, and the simple early warning system that
`Zephyr was originally designed to be was repurposcd, becoming a popular
`tool of conversation and information exchange called IM. IM as we know
`it today was created in july 1996 by four young Israeli entrepreneurs. Yair
`Goldfinger, Arik Vardi, Sefi Vigiser, and Arnnon Amir, started a company
`called Mirabilis in order to introduce a new way of communication over
`the Internet. They created a technology that would enable Internet users to
`locate each other online on the Internet and create peer—to—peer communi—
`
`
`__
`
`| Chapter |
`
`
`
`Page 10 of 13
`
`Page 10 of 13
`
`

`

`|.3 What IS IN? 4
`
`cation channels easily. They called their technology ICQ (I seek you) and
`released it in November 1996. Within six months, 850,000 users had been
`
`registered by Mirabilis. By June 1997, Mirabilis was able to handle
`100,000 concurrent users and had become the world’s largest Internet
`communications network. Mirabiiis and ICQ were acquired by America
`Online,1nc., in June 1998 for $287 million. AOL had also created its own
`Instant Messenger system. By that time, Microsoft had created its own IM
`client and service, MSN Messenger, and another Internet heavyweight,
`Yahool, created one as well. Because 1M services evolved From proprietary
`systems created by companies to make a profit,
`their systems remain
`unabie to interoperate because of the desire to control the 1M marlcet.
`AOL and ICQ, even though owned by the same company, are not interop-
`erable. ICQ currently has two clients: ICQ4 Lite Edition with Xtraz (Fig—
`ure 1.1} and ICQProTM {Figure 1.2) [5,6].
`
`The A01. and ICQ clients cannot communicate with one another, and
`AOL maintains both systems and market dominance in the 1M field. All
`this may change soon. Conditions of the AOL—Time Warner merger
`required AOL to open up its 1M systems [7]. in its analysis of 1M, the FCC
`concluded that the merger would combine an essential input of AOL’s
`dominant IM service and future IM—hased services—chiefly, the Names and
`Presence Directory (NPD)—with assets of Time Warner, including its cable
`
`—>
`
`Figure 1.2
`ICQTMPW,
`
`file-incalrglnn]
`
`fl} U.:r's L"-|':::Il 195?):I-thErJrl
`1‘; Nina-n:
`‘3‘; 0"an
`if U: at: [lure-Selim:
`
`
`
`
`
`Page 11 of13
`
`Page 11 of 13
`
`

`

`l.3 What Is IM?
`
`
`
`facilities and Road Runner ISP An IM provider’s NPD consists of a data-
`base of its users' unique IM names, their Internet addresses, and a “presence
`detection” function, which indicates to the provider that a certain user is
`online and allows the provider to alert others to this information. The FCC
`noted that these features created a market with strong network effects.
`AOL, with by far the largest NPI), resisted making its IM services interop—
`erable with other providers’ services. The merger brought Time Warner’s
`cable Internet platform and content library under AOL’s control and gave
`AOL Time Warner a significant and anticompetitive first~mover advantage
`in the market for advanced, iM—based highdspeed services (Ail-IS). Potential
`AIHS applications include those using streaming video (lengthy, high—
`quality, one— or two-way video). The merger would frustrate the objectives
`of the Communications Act by preventing the emergence of a competitive
`and innovative market for advanced, iM-basecl services. This would violate
`
`key Communications Act principles, including the further development of
`healthy competition in the Internet and interactive services arena. The FCC
`did not establish an interoperability protocol. Rather,
`the FCC’s remedy
`requires AOL Time Warner to follow a protocol developed by the industry
`or to create a protocol with other IM providers pursuant to contracts. Thus,
`the FCC did not create and will not review an Internet protocol.
`
`The FCC imposed an “IM condition” on the merger to avert market
`harm now so that it would not be required to regulate IM in the future.
`Given AOL Time Warner’s likely domination of the potentially competitive
`business of new, IM-based services, especially advanced, IM—based high—
`speed services applications, the FCC ruled that AOLTime Warner may not
`offer any MHS steaming video applications that use :1 Names and Presence
`Directory {NPD) over the Internet via AOL Time Warner broadband facil-
`ities until the company demonstrates that it has satisfied one of three pro—
`competitive options filed by the FCC. AOL Time Warner must file a
`progress report with the FCC, 180 days from the release date of the order
`and every 180 days thereafter, describing in technical depth the actions it
`has taken to achieve interoperability of its IM offerings and other offerings.
`These reports will be placed on public notice for comment. The IM condi-
`tion was set to sunset five years after the release of the order.
`
`AOL Time Warner was directed to show that it had implemented an
`industry—wide Standard for server-to-server interoperability. AOL Time
`Warner had to show that it had entered into a contract for server—to—server
`
`interoperability with at least one significant, unaffiliated provider of NPD—
`based services within 180 days of executing the first contract. AOL Time
`Warner also had to show that it entered into two additional contracts with
`
`| Chapter |
`
`
`
`Page 12 of 13
`
`Page 12 of 13
`
`

`

`I.3 What IS IN?
`
`significant, unaffiliated, actual or potential competing providers. AOL
`Time Warner was given the opportunity to seek relief by showing by clear
`and convincing evidence that this condition no longer serves the public
`interest, convenience, or necessity because there has been a material change
`in circumstances.
`
`several competing companies have joined
`Since the FCC ruling,
`together to advocate an IM protocol similar to those that allow the interop~
`erability of email systems. Other companies have taken a different
`approach rather than wait for an agreed-upon standard. Jabber is one com—
`pany that has created a client program capable of communicating with var-
`ious 1M systems. In less than two decades, the concept of 1M has become
`an international tool of communication.
`
`I.3.2
`
`IM as an Integrated Communications Platform
`
`The lM platform can be the basis For true integrated communications by
`incorporating additional technology (such as extending it into the wireless
`realm with mobile phones and personal digital assistants [PDAsD or by
`adding other means of communication (such as voice chat or video chat).
`With the addition of IP telephony (VoIP) capability, the messaging service
`can even extend to telephony, making it possible to communicate with any-
`one at any time. It can be used as a personal communications portal to cre—
`ate a single point of contact for all methods of communication, allowing a
`user to initiate any kind of communication From one place, using a single
`contact list. Using [M as an integrated communications platform allows for
`one—click communication. Instead of having to run through a list ofhome,
`office, mobile, pager numbers, and e-mail addresses, someone trying to
`reach another person can simply elicit on that person’s name. It also enables
`users to control how others communicate with them. If they prefer that
`calls go to their mobile phones when they are away from the office, they can
`set their profile so that the system directs calls that way. The system would
`route communications according to that person’s preferences. When addi-
`tional features such as integrated communications, reachability, and com-
`munications profiles are part of 1M, the market for IM will increase from
`personal to professional use, creating better business markets for messaging
`services and making these services more of a revenue—generating opportu—
`nity for service providers [8].
`
`
`
`Page 13 of 13
`
`Page 13 of 13
`
`