Anonymization of traffic patterns over communication networks
First Claim
1. A computer-implemented method of obfuscating communication traffic patterns occurring over a cloud-based communication infrastructure including a plurality of computer servers, the computer-implemented method comprising:
- accessing, at a first communications device, an information content threshold value associated with first data communication sessions between the first communications device and a second communications device;
accessing, at the first communications device, a first traffic pattern based on the first data communication sessions, the first traffic pattern determining communication occurrences between the first and the second communication devices over a first predefined time period;
generating, at the first communications device, based on a randomization process, a dummy data communication pattern for transmission to the second communications device;
generating a second traffic pattern for obfuscating a traffic pattern change between the first and the second traffic pattern, wherein the second traffic pattern is generated by appending the dummy data communication pattern to the first traffic pattern; and
re-routing, using the network protocol, the first data communication sessions via the first computer server to a second data communication session having the second traffic pattern between the first communications device and the second communications device via a second computer server, wherein the second data communication session is established based on a detection of an information content value associated with the accessed first traffic pattern exceeding the information content threshold value.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer-implemented method of obfuscating communication traffic patterns may include detecting, at a first communications device, data communication sessions with a second communications device via the computer server using a network protocol. At the first device, a first traffic pattern is accessed based on the data communication sessions over a first predefined time period. At the first communications device, a second traffic pattern is accessed based on the data communication sessions over a second predefined time period that occurs after the first predefined time period. At the first communications device, based on a randomization process, a dummy data communication pattern is generated for transmission to the second communication devices, whereby the dummy data communication pattern is appended to the second traffic pattern for obfuscating a traffic pattern change between the first and the second traffic pattern at the computer server used to establish the communication sessions.
23 Citations
20 Claims
-
1. A computer-implemented method of obfuscating communication traffic patterns occurring over a cloud-based communication infrastructure including a plurality of computer servers, the computer-implemented method comprising:
-
accessing, at a first communications device, an information content threshold value associated with first data communication sessions between the first communications device and a second communications device; accessing, at the first communications device, a first traffic pattern based on the first data communication sessions, the first traffic pattern determining communication occurrences between the first and the second communication devices over a first predefined time period; generating, at the first communications device, based on a randomization process, a dummy data communication pattern for transmission to the second communications device; generating a second traffic pattern for obfuscating a traffic pattern change between the first and the second traffic pattern, wherein the second traffic pattern is generated by appending the dummy data communication pattern to the first traffic pattern; and re-routing, using the network protocol, the first data communication sessions via the first computer server to a second data communication session having the second traffic pattern between the first communications device and the second communications device via a second computer server, wherein the second data communication session is established based on a detection of an information content value associated with the accessed first traffic pattern exceeding the information content threshold value. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product for obfuscating communication traffic patterns occurring over a cloud-based communication infrastructure including a plurality of computer servers, the computer program product comprising:
-
one or more non-transitory computer-readable storage devices and program instructions stored on at least one of the one or more non-transitory storage devices, the program instructions executable by a processor, the program instructions comprising; instructions to access, at a first communications device, an information content threshold value associated with first data communication sessions between the first communications device and a second communications device; instructions to access, at the first communications device, a first traffic pattern based on the first data communication sessions, the first traffic pattern determining communication occurrences between the first and the second communication devices over a first predefined time period; instructions to generate, at the first communications device, based on a randomization process, a dummy data communication pattern for transmission to the second communications device; instructions to generate a second traffic pattern for obfuscating a traffic pattern change between the first and the second traffic pattern, wherein the second traffic pattern is generated by appending the dummy data communication pattern to the first traffic pattern; and instructions to re-route, using the network protocol, the first data communication sessions via the first computer server to a second data communication session having the second traffic pattern between the first communications device and the second communications device via a second computer server, wherein the second data communication session is established based on a detection of an information content value associated with the accessed first traffic pattern exceeding the information content threshold value. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer system for obfuscating communication traffic patterns occurring over a cloud-based communication infrastructure including a plurality of computer servers, the computer system comprising:
-
one or more processors, one or more computer-readable memories, one or more non-transitory computer-readable storage devices, and program instructions stored on at least one of the one or more non-transitory storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, wherein the computer system is capable of performing a method comprising; accessing, at a first communications device, an information content threshold value associated with first data communication sessions between the first communications device and a second communications device; accessing, at the first communications device, a first traffic pattern based on the first data communication sessions, the first traffic pattern determining communication occurrences between the first and the second communication devices over a first predefined time period; generating, at the first communications device, based on a randomization process, a dummy data communication pattern for transmission to the second communications device; generating a second traffic pattern for obfuscating a traffic pattern change between the first and the second traffic pattern, wherein the second traffic pattern is generated by appending the dummy data communication pattern to the first traffic pattern; and re-routing, using the network protocol, the first data communication sessions via the first computer server to a second data communication session having the second traffic pattern between the first communications device and the second communications device via a second computer server, wherein the second data communication session is established based on a detection of an information content value associated with the accessed first traffic pattern exceeding the information content threshold value. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification