WO2002045335A1 - System and method for secure and anonymous communications - Google Patents

System and method for secure and anonymous communications Download PDF

Info

Publication number
WO2002045335A1
WO2002045335A1 PCT/US2000/030168 US0030168W WO0245335A1 WO 2002045335 A1 WO2002045335 A1 WO 2002045335A1 US 0030168 W US0030168 W US 0030168W WO 0245335 A1 WO0245335 A1 WO 0245335A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
server
identity
user
application
Prior art date
Application number
PCT/US2000/030168
Other languages
French (fr)
Inventor
Colin Savage
Original Assignee
Ponoi Corp.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ponoi Corp. filed Critical Ponoi Corp.
Priority to AU2001219153A priority Critical patent/AU2001219153A1/en
Priority to PCT/US2000/030168 priority patent/WO2002045335A1/en
Publication of WO2002045335A1 publication Critical patent/WO2002045335A1/en
Priority to US14/038,513 priority patent/US8826021B2/en
Priority to US14/341,099 priority patent/US9262608B2/en
Priority to US14/808,805 priority patent/US9619632B2/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Definitions

  • This invention generally relates to the field of communications and more particularly to systems and methods for providing anonymous and secure communications over a network.
  • a client system (100) is connected over a telecommunications link (110) to an Internet Service Provider (ISP) (not shown) and ultimately to the Internet (150).
  • ISP Internet Service Provider
  • a Web server (Third-Party HTTP server 160) is connected over its own link (161) to the Internet (150).
  • IP Internet Protocol
  • Figure 1A shows the layout of a typical IP packet, including a header (191) containing, among other information, a source address (192) and a destination address (193), as well as data portions, (194, 195), comprising, in this example, 452 "octets" (bytes) of data.
  • Client system (100) runs Web browser software (105) which establishes a display window visible to the user.
  • Web browser (105) submits an http request (125) over the internet.
  • the IP packet containing request (105) contains a header that is encoded with the IP address of client (100).
  • Web server (160) may have previously given a "cookie" to client (100), containing information regarding the user of client (100). Information from this cookie may also be encoded as data within the IP request.
  • Web server (160) receives http request (125), it may acquire considerable identity information regarding the user, and will of course further have complete information about the action requested by the http request.
  • the correlation of action and identity is particularly valuable to marketers, yet at the same time most threatening to users when in the hands or people outside their confidence and control.
  • Web server (160) parses the http request, and processes it, serving up the Web page requested by the user, and/or conducting further processing via a "common gateway interface” (CGI) (185), which in turn may invoke further processing via scripts and programs (180), which may in turn communicate with databases such as database (190) and/or other facilities.
  • CGI common gateway interface
  • the requested information is sent back to client (100) by http response (175), again encoded in addressed IP packets and sent to client (100) over the Internet (150).
  • Web browser software (105) receives the http response (175) and from it creates the appropriate screen displays or multimedia effects for the end user.
  • Proxy server (140) is shown in Figure 1 as an optional addition to a prior art Internet communication system.
  • Web browser software (105) is adjusted through a setup or configuration facility to direct and receive IP packets in the first instance from proxy server (140), instead of the usual router, gateway or similar facility of the ISP.
  • Proxy server (140) can then intermediate, and thereby filter undesired or unacceptable input or output (which may be so deemed for any number of reasons, including security and censorship, in addition to privacy), and can also reconstruct IP packets so as to some extent mask the user's identity.
  • the operator of the proxy serve can readily retrieve, and perhaps secretly misuse, any of this information. Therefore, to be effective, the end user must trust the administrator of the proxy server in question. In a commercial setting, and most particularly in a mass market setting, establishing and maintaining such trust in an entity may not be practicable.
  • Crowds which was developed by AT&T, enhances privacy by sharing http requests randomly among a group of subscribed users.
  • the identity of a request sender can trace the identity of a request sender to the group of users, the third party cannot be traced to any specific user.
  • the system disclosed here provides greater security than prior solutions.
  • the system described here goes beyond masking the identity of the sender from third parties and masks the identity of the sender from both third parties and the system itself. This masking is accomplished by separating action from identity on the client computer.
  • the Crowds system prevents third-parties from knowing the identities of senders, the Crowds system itself has the ability to know both the identity and actions of its users.
  • the greater security provided by the system has the additional benefit of enabling more personal communications to be sent through the system. Because the system does not rely on removing identifying information for its functionality, end users can receive the benefits of identity protection without sacrificing the ability to act as individuals rather than anonymous entities.
  • the invention seeks to provide users with a greater degree of anonymity than is available with existing technologies.
  • an http request which normally contains both identity and action information, is separated in the first instance on the client side into action request and identity components, which are encrypted.
  • the encrypted action and identity components are transmitted to a facility comprising an "identity server” and an “action server", wherein the identity server receives the two encrypted request components and forwards the encrypted action request component to an action server.
  • the identity server has the key to decrypt the identity component (but not the action component), and the action server has the key to decrypt the action component (but not the identity component).
  • the action server decrypts the action request and forwards it to the third-party server.
  • the third-party server sends the http response back to the action server.
  • the action server receives and encrypts the action response, and forwards it to the identity server.
  • the identity server which has been holding the unencrypted user identity information, receives the encrypted action response (which it cannot decipher), and forwards it to the client system, wherein the user's browser software uses the action response in the normal manner, so as to create the appropriate displays and/or multimedia output.
  • Figure 1 shows a prior art system whereby Web browser software communicates over the Internet with a Web server, optionally through the intermediate means of a proxy server.
  • Figure 1 A shows the header and data layout of a typical IP packet as used over the Internet.
  • FIG. 2 is a block diagram showing the overall architecture of an embodiment of the invention.
  • Figure 3 is a diagram showing a range of additional functions that may be provided based in part on the technology of the present invention.
  • Figure 4 is a block diagram showing the request transmission side of a transaction in accordance with an embodiment of the invention.
  • Figure 5 is a block diagram showing the action response side of a transaction in accordance with an embodiment of the invention.
  • Figure 6 is a block diagram showing the principal physical components utilized in connection with an embodiment of the present invention, and their interconnection over the Internet.
  • Figure 7 is a flow chart showing the steps involved in the session initialization portion of the methods employed in connection with an embodiment of the invention.
  • Figure 8 is a flow chart showing the steps involved in the request transmission portion of the methods employed in connection with an embodiment of the invention.
  • Figure 9 is a flow chart showing the steps involved in the response transmission portion of the methods employed in connection with an embodiment of the invention.
  • Figure 10 is a flow chart showing the steps involved in the session termination portion of the methods employed in connection with an embodiment of the invention.
  • HTML Hypertext Mark-up Language
  • MIME Multimedia Internet Mail Extensions IP: Internet Protocol (version 4)
  • SSL Secure Socket Layer URI: Universal Resource Identifier
  • the preferred embodiment (sometimes referred to herein as the "system") consists of three major components that participate in relaying anonymous HTTP requests to a Web server via IP.
  • system consists of three major components that participate in relaying anonymous HTTP requests to a Web server via IP.
  • the first component of the system is a client application (for example, Java applet client (606)) that acts as an HTTP proxy for a user's web browser software while they are connected to the system.
  • client application for example, Java applet client (606)
  • This application is the only portion of the system that resides on client systems (such as client system
  • the second component is an identity server (251), which is part of privacy facility (300), that receives requests (225) from the client application and forwards them for further processing.
  • the identity server (251) maintains the information required to transmit information back to a user for the duration of that user's HTTP session. Portions of a user's request (225) that contain information concerning the destination of that request - or that permit divination of the request - must never be accessible to the identity server.
  • the third and final component of the system is an action server (252) that performs HTTP requests on behalf of the system's users (e.g., user (200), etc.).
  • the action server (252) must never have access to information that is specific to an individual user of the system, rather, it acts on behalf of the identity server (251) and return the results (275) of a user's HTTP request to the identity server (251) for transmission to the client.
  • the mechanism by which the identity server (251) is prevented from accessing information about the destination of an HTTP request and by which the action server (252) is prevented from accessing information about the source of a request is a communication protocol that employs public key cryptographic techniques. See generally, Rivets, et al., US 4,405,829.
  • cryptographic techniques to guarantee that the preferred embodiment internally separates identity information from action information, we also guarantee that this separation is maintained on either side of the system facility (300).
  • third parties monitoring network traffic going to or coming from any of the servers in the system facility, either legally or illegally, are never able to connect an action taken by the server to the identity of a user who is connected to the server.
  • the persons administering such servers also do not have any means for making such a connection. Thus, it is not necessary for such administrators to be trusted by users of the system in order for such users to derive the security and anonymity benefits provided by the invention.
  • the identity server, action server and other elements thereof can be separate processes on a single machine or processor, processes on separate machines or processors. Such servers and other elements can be under the same administration or separate administration. The detemiination of such matters is not critical to the invention. Rules:
  • the system preferably functions in accordance with the following rules:
  • the action server (252) has full knowledge of individual's actions but no knowledge of individual's identity
  • the identity server (251) has full knowledge of individual's identity but no knowledge of individual's actions
  • the Java applet client (606) separates identity and action information
  • Each of the action server (252), identity server (251) and Java applet client (606) have a unique pair of public-private keys
  • the action server (252) and Java applet client (606) can communicate with one another only by passing encrypted requests through identity server
  • system initialization 710 begins when user (200) who is running a Web browser (105), downloads the code for Java applet client (600) from a server associated with the system facility (300).
  • the Java applet client (606), running under Web browser (105) changes browser's (105) proxy setting to direct http requests through the Java applet.
  • the Java applet client (606) creates public-private key pair.
  • Java applet client receives identity server's (251) public key.
  • step 750 the Java applet client (606) encrypts its public key with the identity server's (251) public key and sends its public key, so encrypted, to identity server (251).
  • step 760 the identity server (251) encrypts action server's (252) public key with the Java applet client's (606) public key, and sends action server's (252) public key, so encrypted, to Java applet client (606).
  • step 770 Java applet client (606) encrypts its public key with the action server's (252) public key and sends its public key, so encrypted, to action server (252) via identity server (251).
  • request transmission comprises the following steps:
  • Java applet client monitors the input-output streams from browser (105).
  • step 820 when an http request (125) is sent by browser (105), Java applet client (606), which has been configured as such browser's http proxy, receives the request and parses it into separate identity and action information.
  • Java applet client creates a first sealed object containing the action information for the http request (125), encrypted with the action server's (252) public key.
  • step 840 the Java applet client (606) creates a second sealed object containing the identity information for the http request (125) encrypted with the identity server's (251) public key
  • Java applet client (606) sends both sealed objects to the identity server (251).
  • identity server (251) forwards the action sealed object to the action server (252).
  • action server decrypts action information for the http request and forwards it, preferably through another intermediate http proxy (not shown), to the destination third part server.
  • response transmission comprises the following steps: In step 910, the action server (252) receives http response (275) from the third- party server, preferably through said intermediate http server.
  • step 920 action server (252) encrypts http response (275) with the Java applet client's (606) public key.
  • action server (252) forwards encrypted http response (230) to identity server (251).
  • identity server (251) forwards encrypted http response (230) to Java applet client (606).
  • Java applet client decrypts http response (230) and forwards it to browser (105) for display.
  • session termination comprises the following steps:
  • Java applet client (606) purges public-private key pair it has created.
  • Java applet client (606) resets browser (105) proxy settings to previous values.
  • Figure 3 reflects other functionality in addition to simple network navigation and Web browsing (301) that is provided in connection with the invention.
  • Such functionality includes without limitation Web browsing with passwords (302), electronic mail (303), file storage and transfer (304), chat (305), telephony (306), transactions (307), and electronic commerce (308).
  • the proxy client of the preferred embodiment is the system component responsible for connecting end-users to the system. It functions as an HTTP proxy server and service HTTP requests from a user's web browser. Requests transferred through the system proxy client are encrypted and transferred to the identity server. Responses received by the proxy client from the action server via the identity server are decrypted and returned to a user's web browser.
  • the proxy client Upon invocation from a known URL on the world-wide-web, the proxy client is loaded from a JAR file by a client web browser. Once loaded, the proxy client generates and/or retrieve the cryptographic data required to establish a secure communication channel with the system action server, and automatically configures the user's web browser to use the proxy client as a proxy server for browsing the worldwide-web (or alternately prompts the user to make this setting manually).
  • the proxy .client After receiving an HTTP request generated by a user's web browser, the proxy .client establishes a secure connection to the identity server using the communication protocol discussed later in this disclosure. In the event of connection failure, the proxy client informs the user of the failure via a dialog box, and configuration changes to the user's web browser are reversed. Assuming a connection to the identity server can be successfully established, the proxy client filters all identifying information from the current HTTP request, removing HTTP header data or replacing header values with non-identifying defaults as neccessarry. The HTTP request is then be appended to any cryptographic data required for response transmission and both are be encrypted using the cryptographic protocol specified as part of the the system communication protocol (see Communication Protocol section below).
  • Encrypted data is then be placed within a well formed the system protocol request, and the request is transmitted to the identity server. Once a request has been sent from the proxy client to the identity server, the proxy client waits for a response. If a valid response is received, that response is be decrypted and returned to the user's web browser. Should the system fail to respond to a proxy client's request for a specified timeout interval, the proxy client aborts request processing and returns an error page to the user's web browser.
  • the proxy client applet Upon receiving a request from a web browser, the proxy client applet initiates a connection to the identity server. Once this connection is established the identity server reads the contents of an encrypted HTTP request from the proxy client. Should a valid request not be received within a specified time-out interval, the identity server (251) terminates the connection with the proxy client applet.
  • the identity server After receiving an encrypted client request, the identity server establishes a communication connection with the action server, and forward the request for further processing. In the event that a connection between the Identity and action servers cannot be established, the identity server terminates its connection with the proxy client applet. Once a connection is successfully established and those portions of the client request not related to the client's identity have been transferred, the identity server waits for a response from the action server. Again, in the event that a response is not received within a specified time-out interval, the identity server terminates its connection with the proxy client applet. Finally, valid response data received from the action server is forwarded to the proxy client applet, and all IP connections are terminated.
  • the action server (252) is a background process that resides on a computer system associated with system facility (300). Its role is to execute HTTP requests on behalf of users of the system, and act as an end-point for the cryptographically secure communication channel by which data is transferred between the system's back-end facilities and its users.
  • a connection is established between the identity server and an action server residing on a different physical computer. This connection is used to forward the HTTP request to the action server where it is decrypted. After decryption, the clear text HTTP request is forwarded to a standard HTTP proxy server that retrieves the requested URL and returns it to the action server.
  • the action server terminates its IP connections with both the proxy server and the identity server. If a valid HTTP response is received by the action server, that response is encrypted using the cryptographic data provided along with the HTTP request, and the response is returned to the proxy client via the identity server.
  • a single communication protocol is used to relay HTTP requests from the proxy client applet to the identity server and from the identity server to the Action Server.
  • This protocol contains encrypted HTTP data augmented with a cryptographic key exchange mechanism and a minimal amount of control information.
  • Two transmission formats are defined by this specification, the first for communication to the action server, and the second for communication by the action server.
  • HTTP requests transmitted by the proxy client to the identity server for processing by the action server is formatted as follows:
  • Each transmission consists of three distinct parts. The first is a 96-bit long clear text header block that contains control information for the transmission. The second and third portions are encrypted data blocks of variable length. The header is immediately followed by the proxy client's public key in order to pe ⁇ nit responses from the action server to be encrypted for transmission to the proxy client. The HTTP Request received from a user's web browser follows the public key.
  • Magic Cookie An identifier used to rapidly indicate a valid transmission. All components of the system shall terminate communications that do not begin with this sequence.
  • Protocol Version A number used to identify the version of the protocol for future compatibility.
  • the version of the protocol used in the prototype implementation will be 0x01 (one).
  • HTTP Request Data Length (bits 56-88): Length of the encrypted HTTP Request in bytes.
  • HTTP responses transmitted by the action server to the proxy client are formatted as follows:
  • Each transmission consists of two distinct parts.
  • the first is an 80-bit long clear text header block that contains control information for the transmission.
  • the second portions is an encrypted data block of variable length containing the HTTP response for a client's request.
  • Magic Cookie (bits 0-31): A unique identifier used to rapidly indicate a valid transmission. All components of the system shall tenninate communications that do not begin with this sequence.
  • Protocol Version A number used to identify the version of the protocol for future compatibility.
  • the version of the protocol used in the prototype implementation will be 0x01 (one).
  • HTTP Response Data Length bits 40-72: Length of the encrypted HTTP Response in bytes.

Abstract

The invention provides secure and anonymous communications over a network, which is accomplished by imposing mechanisms that separate a users' (200) actions from their identity. In one embodiment, involving use of the Internet, an http request, which normally contains both identity and action information, is separated in the first instance on the client side into action request and identity components, which are encrypted. The encrypted action and identity components are transmitted to a facility comprising an 'identity server' (251) and an 'action server' (252), wherein the identity server receives the two encrypted request components and forwards the encrypted action request component to an action server.

Description

SYSTEM AND METHOD FOR SECURE AND ANONYMOUS COMMUNICATIONS
BACKGROUND OF THE INVENTION
Field of The Invention
This invention generally relates to the field of communications and more particularly to systems and methods for providing anonymous and secure communications over a network.
Description of the Related Art
It is well known that individuals using telecommunications networks are continuously exposed to compromises of their privacy. This issue has become particularly acute with respect to the Internet. In many cases Internet hosts, service providers and Web sites can link users with their identities, and track and create databases of their activities. Voluntary privacy policies and related certification organizations such as Truste® have imposed some limits on Internet privacy abuses, but do not by any means assure end user privacy or anonymity.
As shown in Figure 1, a client system (100) is connected over a telecommunications link (110) to an Internet Service Provider (ISP) (not shown) and ultimately to the Internet (150). A Web server (Third-Party HTTP server 160) is connected over its own link (161) to the Internet (150). Properly addressed Internet Protocol (IP) packets may be exchanged over the Internet (150) between client (100) and Web server (160). Figure 1A shows the layout of a typical IP packet, including a header (191) containing, among other information, a source address (192) and a destination address (193), as well as data portions, (194, 195), comprising, in this example, 452 "octets" (bytes) of data.
Client system (100) runs Web browser software (105) which establishes a display window visible to the user. Web browser (105) submits an http request (125) over the internet. The IP packet containing request (105) contains a header that is encoded with the IP address of client (100). Furthermore, Web server (160) may have previously given a "cookie" to client (100), containing information regarding the user of client (100). Information from this cookie may also be encoded as data within the IP request. Thus, when Web server (160) receives http request (125), it may acquire considerable identity information regarding the user, and will of course further have complete information about the action requested by the http request. The correlation of action and identity is particularly valuable to marketers, yet at the same time most threatening to users when in the hands or people outside their confidence and control.
Web server (160) parses the http request, and processes it, serving up the Web page requested by the user, and/or conducting further processing via a "common gateway interface" (CGI) (185), which in turn may invoke further processing via scripts and programs (180), which may in turn communicate with databases such as database (190) and/or other facilities. The requested information is sent back to client (100) by http response (175), again encoded in addressed IP packets and sent to client (100) over the Internet (150). Web browser software (105) receives the http response (175) and from it creates the appropriate screen displays or multimedia effects for the end user.
The system commonly used in the prior art to provide some means of isolating an end user from total exposure to the Internet is known as a "firewall" or "proxy server". Proxy server (140) is shown in Figure 1 as an optional addition to a prior art Internet communication system. Web browser software (105) is adjusted through a setup or configuration facility to direct and receive IP packets in the first instance from proxy server (140), instead of the usual router, gateway or similar facility of the ISP. Proxy server (140) can then intermediate, and thereby filter undesired or unacceptable input or output (which may be so deemed for any number of reasons, including security and censorship, in addition to privacy), and can also reconstruct IP packets so as to some extent mask the user's identity. However, the operator of the proxy serve can readily retrieve, and perhaps secretly misuse, any of this information. Therefore, to be effective, the end user must trust the administrator of the proxy server in question. In a commercial setting, and most particularly in a mass market setting, establishing and maintaining such trust in an entity may not be practicable.
Another set of privacy-related systems that has been deployed to a limited extent are "anonymous remailers". These use various techniques to separate the body of an email message from its identifying header and to resend it the intended recipient under the remailer's headers. The difficulty with such systems, such as the well-known remailer at anon.penet.fi in Finland, is that the server administrator has access to both the identity and content information, rendering it vulnerable to abuse or disclosure. In the case of anon.penet.fi, the disclosure was forced by a subpoena obtained by the Church of Scientology and enforced in Finland, which required the server administrator to hand over records of communications from a user that were the subject of a lawsuit by the Church against the user.
Other systems for protecting end user privacy have been developed. Typically such systems involve setting one or more proxies in series either locally on an end user's computer or on one or more servers. Such systems generally provide privacy protection by masking the identity of the sender from third party servers.
For example, one system, Crowds, which was developed by AT&T, enhances privacy by sharing http requests randomly among a group of subscribed users. With Crowds, although the identity of a request sender can trace the identity of a request sender to the group of users, the third party cannot be traced to any specific user.
The system disclosed here provides greater security than prior solutions. The system described here goes beyond masking the identity of the sender from third parties and masks the identity of the sender from both third parties and the system itself. This masking is accomplished by separating action from identity on the client computer. By way of comparison, while the Crowds system prevents third-parties from knowing the identities of senders, the Crowds system itself has the ability to know both the identity and actions of its users. The greater security provided by the system has the additional benefit of enabling more personal communications to be sent through the system. Because the system does not rely on removing identifying information for its functionality, end users can receive the benefits of identity protection without sacrificing the ability to act as individuals rather than anonymous entities.
BRIEF SUMMARY OF THE INVENTION
It is an object of the present invention to provide a system whereby, without relying on trust, an end user can securely and anonymously use communications networks. The invention seeks to provide users with a greater degree of anonymity than is available with existing technologies.
Other objects of the invention include the following:
• A system that is secure. Both operational and cryptographic security are desirable. Cryptographic protocols employed in this project must preferably be both proven and "strong".
• A system that does not record the actions of its users. The system should not be able to link the actions of users to the identities of users, though it may record either separately. This separation is a fundamental design objective in providing personal and portable privacy protection.
• A system that functions in a reliable manner. Operation should be consistent and, in the event of failure, the system should notify its users and terminate without interfering with other functioning processes on its host computers.
• A system that reduces the need for user interaction. Preferably, the services provided by the system should be transparent to its users
• Preferably, a system that functions without the persistent installation of software on client computers, and is instead accessible from any compatible network computer or other access device.
• Preferably, a system that functions on a wide variety of host platforms and architectures.
• Preferably, a system that is able to accommodate a large number of concurrent users.
The foregoing and other objects of the invention are accomplished in an embodiment of the invention by imposing mechanisms on the client that separate users' actions from their identity. This separation provides the basic foundation from which individuals can then take control over manifestations of themselves that exist in digital form on networks.
In one embodiment, involving use of the Internet, an http request, which normally contains both identity and action information, is separated in the first instance on the client side into action request and identity components, which are encrypted. The encrypted action and identity components are transmitted to a facility comprising an "identity server" and an "action server", wherein the identity server receives the two encrypted request components and forwards the encrypted action request component to an action server. The identity server has the key to decrypt the identity component (but not the action component), and the action server has the key to decrypt the action component (but not the identity component). The action server decrypts the action request and forwards it to the third-party server. The third-party server sends the http response back to the action server. The action server receives and encrypts the action response, and forwards it to the identity server. The identity server, which has been holding the unencrypted user identity information, receives the encrypted action response (which it cannot decipher), and forwards it to the client system, wherein the user's browser software uses the action response in the normal manner, so as to create the appropriate displays and/or multimedia output.
The manner in which the invention achieves these and other objects is more particularly shown by the drawings enumerated below, and by the detailed description that follows.
BRIEF DESCRIPTION OF THE DRAWINGS
The following briefly describes the accompanying drawings: Figure 1 shows a prior art system whereby Web browser software communicates over the Internet with a Web server, optionally through the intermediate means of a proxy server.
Figure 1 A shows the header and data layout of a typical IP packet as used over the Internet.
Figure 2 is a block diagram showing the overall architecture of an embodiment of the invention.
Figure 3 is a diagram showing a range of additional functions that may be provided based in part on the technology of the present invention.
Figure 4 is a block diagram showing the request transmission side of a transaction in accordance with an embodiment of the invention.
Figure 5 is a block diagram showing the action response side of a transaction in accordance with an embodiment of the invention.
Figure 6 is a block diagram showing the principal physical components utilized in connection with an embodiment of the present invention, and their interconnection over the Internet.
Figure 7 is a flow chart showing the steps involved in the session initialization portion of the methods employed in connection with an embodiment of the invention.
Figure 8 is a flow chart showing the steps involved in the request transmission portion of the methods employed in connection with an embodiment of the invention.
Figure 9 is a flow chart showing the steps involved in the response transmission portion of the methods employed in connection with an embodiment of the invention.
Figure 10 is a flow chart showing the steps involved in the session termination portion of the methods employed in connection with an embodiment of the invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
The preferred embodiment of the invention is illustrated in Figures 2 - 10, and described in the text that follows. Although the invention has been most specifically illustrated with a particular preferred embodiment, its should be understood that the invention concerns the principles by which such embodiment may be constructed and operated, and is by no means limited to the specific configuration shown.
We first address issues of terminology. For purposes of this disclosure, we will take "anonymity" to mean the de facto separation of an entity's actions from its identity - and therefore from any distinguishing characteristics.
Further definitions used herein include the following:
HTML: Hypertext Mark-up Language
HTTP: Hypertext Transfer Protocol
MIME: Multimedia Internet Mail Extensions IP: Internet Protocol (version 4)
JAR: Java Archive
JDK: Java Development Kit
JRE: Java Runtime Environment
SSL: Secure Socket Layer URI: Universal Resource Identifier
URL: Universal Resource Locator
WWW: World Wide Web
The preferred embodiment (sometimes referred to herein as the "system") consists of three major components that participate in relaying anonymous HTTP requests to a Web server via IP. In reading the following description, general reference should be made to Figures 2, 4, 5 and 6.
1. The first component of the system is a client application (for example, Java applet client (606)) that acts as an HTTP proxy for a user's web browser software while they are connected to the system. This application is the only portion of the system that resides on client systems (such as client system
(100)) and will be communicated to those systems via the world- wide- web (for example, by ftp or http download from a server (not shown) associated with what is referred to in Figure 6 as the "privacy" or "system" facility (300). 2. The second component is an identity server (251), which is part of privacy facility (300), that receives requests (225) from the client application and forwards them for further processing. The identity server (251) maintains the information required to transmit information back to a user for the duration of that user's HTTP session. Portions of a user's request (225) that contain information concerning the destination of that request - or that permit divination of the request - must never be accessible to the identity server.
3. The third and final component of the system is an action server (252) that performs HTTP requests on behalf of the system's users (e.g., user (200), etc.). The action server (252) must never have access to information that is specific to an individual user of the system, rather, it acts on behalf of the identity server (251) and return the results (275) of a user's HTTP request to the identity server (251) for transmission to the client.
The mechanism by which the identity server (251) is prevented from accessing information about the destination of an HTTP request and by which the action server (252) is prevented from accessing information about the source of a request is a communication protocol that employs public key cryptographic techniques. See generally, Rivets, et al., US 4,405,829. By employing cryptographic techniques to guarantee that the preferred embodiment internally separates identity information from action information, we also guarantee that this separation is maintained on either side of the system facility (300). Because of this secure encryption, third parties monitoring network traffic going to or coming from any of the servers in the system facility, either legally or illegally, are never able to connect an action taken by the server to the identity of a user who is connected to the server. In addition, the persons administering such servers also do not have any means for making such a connection. Thus, it is not necessary for such administrators to be trusted by users of the system in order for such users to derive the security and anonymity benefits provided by the invention.
In the "privacy" or "system" facility referred to above, the identity server, action server and other elements thereof can be separate processes on a single machine or processor, processes on separate machines or processors. Such servers and other elements can be under the same administration or separate administration. The detemiination of such matters is not critical to the invention. Rules:
The system preferably functions in accordance with the following rules:
• The action server (252) has full knowledge of individual's actions but no knowledge of individual's identity
• The identity server (251) has full knowledge of individual's identity but no knowledge of individual's actions
• The Java applet client (606) separates identity and action information
• Each of the action server (252), identity server (251) and Java applet client (606) have a unique pair of public-private keys
• The action server (252) and Java applet client (606) can communicate with one another only by passing encrypted requests through identity server
Flow of Processing
The flow of processing in the system is illustrated in Figures 7 - 10.
Session Initialization
As shown in Figure 7, system initialization 710 begins when user (200) who is running a Web browser (105), downloads the code for Java applet client (600) from a server associated with the system facility (300). Next, 720, the Java applet client (606), running under Web browser (105), changes browser's (105) proxy setting to direct http requests through the Java applet.
Then, 730, the Java applet client (606) creates public-private key pair.
In step 740, Java applet client (606) receives identity server's (251) public key.
In step 750, the Java applet client (606) encrypts its public key with the identity server's (251) public key and sends its public key, so encrypted, to identity server (251).
In step 760, the identity server (251) encrypts action server's (252) public key with the Java applet client's (606) public key, and sends action server's (252) public key, so encrypted, to Java applet client (606). In step 770, Java applet client (606) encrypts its public key with the action server's (252) public key and sends its public key, so encrypted, to action server (252) via identity server (251).
Request transmission
As shown in Figure 8, request transmission comprises the following steps:
In step 810, Java applet client (606) monitors the input-output streams from browser (105).
In step 820, when an http request (125) is sent by browser (105), Java applet client (606), which has been configured as such browser's http proxy, receives the request and parses it into separate identity and action information.
In step 830, Java applet client (606) creates a first sealed object containing the action information for the http request (125), encrypted with the action server's (252) public key.
In step 840, the Java applet client (606) creates a second sealed object containing the identity information for the http request (125) encrypted with the identity server's (251) public key
In step 850, Java applet client (606) sends both sealed objects to the identity server (251).
In step 860, identity server (251) forwards the action sealed object to the action server (252).
In step 870, action server (252) decrypts action information for the http request and forwards it, preferably through another intermediate http proxy (not shown), to the destination third part server.
Response transmission
As shown in Figure 9, response transmission comprises the following steps: In step 910, the action server (252) receives http response (275) from the third- party server, preferably through said intermediate http server.
In step 920, action server (252) encrypts http response (275) with the Java applet client's (606) public key.
In step 930, action server (252) forwards encrypted http response (230) to identity server (251).
In step 940, identity server (251) forwards encrypted http response (230) to Java applet client (606).
In step 950, Java applet client (606) decrypts http response (230) and forwards it to browser (105) for display.
Session termination
As shown in Figure 109, session termination comprises the following steps:
In step 1010, Java applet client (606) purges public-private key pair it has created.
In step 1020, Java applet client (606) resets browser (105) proxy settings to previous values.
Other Functionality
Figure 3 reflects other functionality in addition to simple network navigation and Web browsing (301) that is provided in connection with the invention. Such functionality includes without limitation Web browsing with passwords (302), electronic mail (303), file storage and transfer (304), chat (305), telephony (306), transactions (307), and electronic commerce (308).
Further Description of System Components
What follows is a more detailed description of the various system components of the currently preferred embodiment and their operation. Proxy Client
The proxy client of the preferred embodiment, a small footprint Java applet (606), is the system component responsible for connecting end-users to the system. It functions as an HTTP proxy server and service HTTP requests from a user's web browser. Requests transferred through the system proxy client are encrypted and transferred to the identity server. Responses received by the proxy client from the action server via the identity server are decrypted and returned to a user's web browser.
Upon invocation from a known URL on the world-wide-web, the proxy client is loaded from a JAR file by a client web browser. Once loaded, the proxy client generates and/or retrieve the cryptographic data required to establish a secure communication channel with the system action server, and automatically configures the user's web browser to use the proxy client as a proxy server for browsing the worldwide-web (or alternately prompts the user to make this setting manually).
After receiving an HTTP request generated by a user's web browser, the proxy .client establishes a secure connection to the identity server using the communication protocol discussed later in this disclosure. In the event of connection failure, the proxy client informs the user of the failure via a dialog box, and configuration changes to the user's web browser are reversed. Assuming a connection to the identity server can be successfully established, the proxy client filters all identifying information from the current HTTP request, removing HTTP header data or replacing header values with non-identifying defaults as neccessarry. The HTTP request is then be appended to any cryptographic data required for response transmission and both are be encrypted using the cryptographic protocol specified as part of the the system communication protocol (see Communication Protocol section below). Encrypted data is then be placed within a well formed the system protocol request, and the request is transmitted to the identity server. Once a request has been sent from the proxy client to the identity server, the proxy client waits for a response. If a valid response is received, that response is be decrypted and returned to the user's web browser. Should the system fail to respond to a proxy client's request for a specified timeout interval, the proxy client aborts request processing and returns an error page to the user's web browser.
Server Architecture
Identity Server
Upon receiving a request from a web browser, the proxy client applet initiates a connection to the identity server. Once this connection is established the identity server reads the contents of an encrypted HTTP request from the proxy client. Should a valid request not be received within a specified time-out interval, the identity server (251) terminates the connection with the proxy client applet.
After receiving an encrypted client request, the identity server establishes a communication connection with the action server, and forward the request for further processing. In the event that a connection between the Identity and action servers cannot be established, the identity server terminates its connection with the proxy client applet. Once a connection is successfully established and those portions of the client request not related to the client's identity have been transferred, the identity server waits for a response from the action server. Again, in the event that a response is not received within a specified time-out interval, the identity server terminates its connection with the proxy client applet. Finally, valid response data received from the action server is forwarded to the proxy client applet, and all IP connections are terminated.
Action Server
The action server (252) is a background process that resides on a computer system associated with system facility (300). Its role is to execute HTTP requests on behalf of users of the system, and act as an end-point for the cryptographically secure communication channel by which data is transferred between the system's back-end facilities and its users. Once the identity server has received an HTTP request, a connection is established between the identity server and an action server residing on a different physical computer. This connection is used to forward the HTTP request to the action server where it is decrypted. After decryption, the clear text HTTP request is forwarded to a standard HTTP proxy server that retrieves the requested URL and returns it to the action server. Should the HTTP proxy fail to respond within a specified time-out interval, the action server terminates its IP connections with both the proxy server and the identity server. If a valid HTTP response is received by the action server, that response is encrypted using the cryptographic data provided along with the HTTP request, and the response is returned to the proxy client via the identity server.
Communication Protocol
Within the system, a single communication protocol is used to relay HTTP requests from the proxy client applet to the identity server and from the identity server to the Action Server. This protocol contains encrypted HTTP data augmented with a cryptographic key exchange mechanism and a minimal amount of control information. Two transmission formats are defined by this specification, the first for communication to the action server, and the second for communication by the action server.
Request Format
HTTP requests transmitted by the proxy client to the identity server for processing by the action server is formatted as follows:
Figure imgf000015_0001
Table 1. Client Transmission Format Each transmission consists of three distinct parts. The first is a 96-bit long clear text header block that contains control information for the transmission. The second and third portions are encrypted data blocks of variable length. The header is immediately followed by the proxy client's public key in order to peπnit responses from the action server to be encrypted for transmission to the proxy client. The HTTP Request received from a user's web browser follows the public key.
Figure imgf000016_0001
Table 2. Client Header Format
Magic Cookie (bits 0-31): An identifier used to rapidly indicate a valid transmission. All components of the system shall terminate communications that do not begin with this sequence.
Protocol Version (bits 32-39): A number used to identify the version of the protocol for future compatibility. The version of the protocol used in the prototype implementation will be 0x01 (one).
Public Key Length (bits 40-55): Length of the encrypted client public key in bytes.
HTTP Request Data Length (bits 56-88): Length of the encrypted HTTP Request in bytes.
End of Header Marker (bits 89-96): The literal value 0x00 (zero) used to delimit the header and data portions of a transmission.
Response Format
HTTP responses transmitted by the action server to the proxy client are formatted as follows:
Figure imgf000017_0001
Table 3. Server Transmission Format
Each transmission consists of two distinct parts. The first is an 80-bit long clear text header block that contains control information for the transmission. The second portions is an encrypted data block of variable length containing the HTTP response for a client's request.
Figure imgf000017_0002
Table 4. Server Header Format
Magic Cookie (bits 0-31): A unique identifier used to rapidly indicate a valid transmission. All components of the system shall tenninate communications that do not begin with this sequence.
Protocol Version (bits 32-39): A number used to identify the version of the protocol for future compatibility. The version of the protocol used in the prototype implementation will be 0x01 (one). HTTP Response Data Length (bits 40-72): Length of the encrypted HTTP Response in bytes.
End of Header Marker (bits 73-80): The literal value 0x00 (zero) used to delimit the header and data portions of a transmission.
It is apparent from the foregoing that the present invention achieves the specified objects of providing secure and anonymous use of a communications network, as well as the other objectives outlined herein. While the currently preferred embodiment of the invention has been described in detail, it will be apparent to those skilled in the art that the principles of the invention are readily adaptable to other implementations and system configurations and communications paradigms without departing from the scope and spirit of the invention, as defined in the following claims.

Claims

I claim: L A system whereby a user may securely and anonymously obtain over a communications network information from a remote server connected to said network, in response to requests submitted by said user over said network, comprising: a) a local application on a device connected to said network, characterized in that said application separates identity and action information from the user's information request, encrypts said information, transmits said encrypted information to the first intermediate server mentioned below, receives encrypted response information from said first intermediate server and decrypts said information and presents it to said user; b) a first intermediate server connected to said network, characterized in that said first intermediate server decrypts said encrypted identity information but not said action information, receives encrypted response information from the second intermediate server mentioned below, correlates said encrypted response information with said user identity information and transmits said encrypted response information to said application; and c) a second intermediate server connected to said network, characterized in that said second intermediate server decrypts said action information, transmits said decrypted action information to said remote server, receives said remote server's response, encrypts said response, and transmits it to said first intermediate server.
2. A method for providing secure and anonymous use of a communications network to obtain information from a remote server connected to said network, said network further having at least a local application, and first and second intermediate servers, said method characterized by: a) separating within said application the identity and action information from the user's information request, encrypting said information, and transmitting it to said first intermediate server; b) decrypting said encrypted identity information but not said action information, within said first intermediate server; c) decrypting said action information within said second intermediate server, transmitting such decrypted action information to said remote server, receiving said remote server's response, encrypting said response, and transmitting said response to said first intermediate server; d) receiving at said first intermediate server said encrypted response information from said second intermediate server, correlating such information with said identity information and transmitting said encrypted response information to said application; and e) decrypting said response information within said application, and presenting it to the user.
3. An executable application recorded in a machine-readable medium, characterized in that said application separates identity and action information from a user-supplied information request, encrypts said information, transmits said encrypted information to a server over a network, receives encrypted response information from said server and decrypts said information and presents it to said user.
4. A system comprising a first and second server connected to a communications network, which said first server is characterized in that it decrypts received encrypted identity and action information transmitted over said network by a user; decrypts said identity information but not said action information, receives encrypted response information from said second intermediate server, correlates said encrypted response information with said user identity information and transmits said encrypted response information to user; and which said second server is characterized in that it decrypts said action information, transmits said decrypted action information to a remote server, receives said remote server's response, encrypts said response, and transmits it to said first server.
5. A system in accordance with claim 1, wherein said remote server is a web server and said application comprises a web browser and client software for performing said separation, encryption and decryption steps within said application.
6. A method in accordance with claim 2, wherein said application utilized in connection therewith is further characterized in that it comprises a web browser and client software for performing said separation, encryption and decryption steps within said application.
7. A application in accordance with claim 2, further comprising a web browser and client software for performing said separation, encryption and decryption steps within said application.
8. A system in accordance with claim 4, wherein said remote server is a web server and said requests transmitted to said system by said user are http transmissions and the responses transmitted to said user are also http transmissions.
9. A system in accordance with claims 1, 4, 5 or 8, or a method in accordance with claims 2 or 6, or an application in accordance with claims 3 or 7, wherein said encryption is conducted with the use of public and private key pairs.
10. An application in accordance with claim 1, wherein said client software comprises a downloadable software module.
11. An application in accordance with claim 10, wherein said downloadable software module is a Java program.
77 12. An application in accordance with claims 7 or 10, wherein said client software
78 automatically modifies said browser's settings so as to be compatible therewith.
79 13. An application in accordance with claims 7 or 10, utilizing keys in accordance with so claim 9, wherein upon termination said client software automatically purges said
81 keys.
82 14. An application in accordance with claims 7 or 10, wherein said client software
83 automatically restores said browser's settings to their state prior to said initial
84 modification.
85 15. A system for providing secure and anonymous use of a communications network,
86 comprising means for separating a user's identity from the actions requested by said
87 user.
16. A method for providing secure and anonymous use of a communications network,
89 comprising separating a user's identity from the actions requested by said user.
PCT/US2000/030168 1999-12-02 2000-11-30 System and method for secure and anonymous communications WO2002045335A1 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
AU2001219153A AU2001219153A1 (en) 2000-11-30 2000-11-30 System and method for secure and anonymous communications
PCT/US2000/030168 WO2002045335A1 (en) 2000-11-30 2000-11-30 System and method for secure and anonymous communications
US14/038,513 US8826021B2 (en) 1999-12-02 2013-09-26 System for providing session-based network privacy, private, persistent storage, and discretionary access control for sharing private data
US14/341,099 US9262608B2 (en) 1999-12-02 2014-07-25 System for providing session-based network privacy, private, persistent storage, and discretionary access control for sharing private data
US14/808,805 US9619632B2 (en) 1999-12-02 2015-07-24 System for providing session-based network privacy, private, persistent storage, and discretionary access control for sharing private data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2000/030168 WO2002045335A1 (en) 2000-11-30 2000-11-30 System and method for secure and anonymous communications

Related Parent Applications (2)

Application Number Title Priority Date Filing Date
US09/453,239 Continuation-In-Part US6442687B1 (en) 1999-12-02 1999-12-02 System and method for secure and anonymous communications
US09/453,239 Continuation US6442687B1 (en) 1999-12-02 1999-12-02 System and method for secure and anonymous communications

Related Child Applications (2)

Application Number Title Priority Date Filing Date
PCT/US2002/008275 Continuation WO2002095545A2 (en) 1999-12-02 2002-04-19 System and method for secure and private communication
PCT/US2002/008275 Continuation-In-Part WO2002095545A2 (en) 1999-12-02 2002-04-19 System and method for secure and private communication

Publications (1)

Publication Number Publication Date
WO2002045335A1 true WO2002045335A1 (en) 2002-06-06

Family

ID=21741955

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/030168 WO2002045335A1 (en) 1999-12-02 2000-11-30 System and method for secure and anonymous communications

Country Status (2)

Country Link
AU (1) AU2001219153A1 (en)
WO (1) WO2002045335A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8280921B2 (en) 2006-07-18 2012-10-02 Chacha Search, Inc. Anonymous search system using human searchers

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5909491A (en) * 1996-11-06 1999-06-01 Nokia Mobile Phones Limited Method for sending a secure message in a telecommunications system
US6061448A (en) * 1997-04-01 2000-05-09 Tumbleweed Communications Corp. Method and system for dynamic server document encryption

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5909491A (en) * 1996-11-06 1999-06-01 Nokia Mobile Phones Limited Method for sending a secure message in a telecommunications system
US6061448A (en) * 1997-04-01 2000-05-09 Tumbleweed Communications Corp. Method and system for dynamic server document encryption

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
GOLDBERG IAN: "Freedom network 1.0 architecture and protocols", ZERO-KNOWLEDGE SYSTEMS TECH. PAPER, 29 November 1999 (1999-11-29), pages 2 - 3, 20, XP002939044 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8280921B2 (en) 2006-07-18 2012-10-02 Chacha Search, Inc. Anonymous search system using human searchers

Also Published As

Publication number Publication date
AU2001219153A1 (en) 2002-06-11

Similar Documents

Publication Publication Date Title
US6442687B1 (en) System and method for secure and anonymous communications
US9619632B2 (en) System for providing session-based network privacy, private, persistent storage, and discretionary access control for sharing private data
US8145898B2 (en) Encryption/decryption pay per use web service
Feamster et al. Infranet: Circumventing web censorship and surveillance
EP1854243B1 (en) Mapping an encrypted https network packet to a specific url name and other data without decryption outside of a secure web server
US7814208B2 (en) System and method for projecting content beyond firewalls
US7069434B1 (en) Secure data transfer method and system
US7441116B2 (en) Secure resource distribution through encrypted pointers
JPH11338799A (en) Method and system for controlling network connection
WO2004042537A2 (en) System and method for securing digital messages
US7421576B1 (en) Interception and modification of network authentication packets with the purpose of allowing alternative authentication modes
EP1091276A1 (en) Authentication of hypertext kind of resources through signature handling protocol
WO2002095545A2 (en) System and method for secure and private communication
WO2002045335A1 (en) System and method for secure and anonymous communications
Boncella Web security for e-commerce
JP4564739B2 (en) Server apparatus and communication system
Kiuchi et al. C-HTTP-The development of a secure, closed HTTP-based network on the Internet
EP3200420A1 (en) Providing communications security to an end-to-end communication connection
Gin Building a Secure Short Duration Transaction Network
Hussain Firewalls and internet security
Feamster et al. connect with us 11th Annual USENIX Security Symposium &# 151; Technical Paper
De Bruin Validity and accuracy issues in electronic commerce with specific reference to VPN's
Jang Design of the Security Module for Safe Data Sending in a Web System

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: JP