As it is generally known, instant messaging (IM) systems have become increasingly popular for both business and personal use. Existing instant messaging systems provide real-time communication between two or more people by conveying text and/or other content between client devices connected over a network such as the Internet. Typical existing instant messaging systems operate using an instant messaging client program or the like that connects to an instant messaging service provided through one or more remote server systems. Instant messaging is sometimes referred to as “chatting” on-line, and an instant messaging session is sometime referred to as a “chat” session. Examples of existing instant messaging systems include AOL Instant Messenger, Microsoft Network (MSN) Messenger, and Yahoo! Messenger, as well as IBM Lotus Sametime®, Microsoft Office® Live Communications Server, and Jabber XCP.
A problem with existing systems relates to the need for users to be able to confirm the identity of other users with whom they are currently participating in an instant messaging session. Most existing instant messaging systems have the ability to integrate with a corporate LDAP (Lightweight Directory Access Protocol) directory, which provides authentication at the time users sign-on. However, existing systems fail to handle the case where a participant's identity has been obtained by someone else. Unfortunately, there are many ways for this to happen. For example, an instant messaging session may be left open and unattended on a user's client device, thus inadvertently allowing another person to enter an on-going conversation with the same instant messaging identity as the absent user. Given that an increasing amount of confidential business is communicated via instant messaging, the lack of an ability to verify a participant's credentials during a conversation poses a serious security threat. Without an adequate solution, this vulnerability may lead to the disclosure of confidential information, infiltration of malicious content, and/or phishing.
For these reasons and others, it would be desirable to have a system that enables a participant in an instant messaging session to verify the identity of another participant at any given time during a session, that provides configurable levels of verification requirements, and that can log the resulting status of the verification into a saved history file for the instant messaging session.