System and method for protecting privacy and anonymity of parties of network communications

US 20030182443A1
Filed: 03/20/2002
Published: 09/25/2003
Est. Priority Date: 03/20/2002
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium having computer-executable instructions for performing steps by a routing control server for handling messages between a client and a target server on the Internet, the steps comprising:

receiving from the client a request for a secured routing chain for accessing the target server;

selecting, from a pool of participating Web servers, a plurality of Web servers as routers in the secured routing chain;

generating a first set of cryptographic keys each corresponding to a selected Web server;

depositing each of the cryptographic keys in the first set with a corresponding selected Web server;

sending routing information identifying the selected Web routers for the routing chain and a second set of cryptographic keys for the client to perform multi-layered encryption on messages to be sent to the target client, each cryptographic key in the second set being associated with a cryptographic key in the first set.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is provided for handling network communications between a client and a target server on the Internet to protect the privacy and anonymity of the client. For a session between the client and the target server, a routing control server sets up a routing chain using a plurality of Web servers randomly selected from a pool of participating Web servers as routers for routing messages between the client and the target server. To prevent traffic analysis, an “onion encryption” scheme is applied to the messages as they are forwarded along the routing chain. A payment service cooperating with the routing control server allows a user to pay for the privacy protection service without revealing her real identity.

Citations

24 Claims

1. A computer-readable medium having computer-executable instructions for performing steps by a routing control server for handling messages between a client and a target server on the Internet, the steps comprising:
- receiving from the client a request for a secured routing chain for accessing the target server;
  
  selecting, from a pool of participating Web servers, a plurality of Web servers as routers in the secured routing chain;
  
  generating a first set of cryptographic keys each corresponding to a selected Web server;
  
  depositing each of the cryptographic keys in the first set with a corresponding selected Web server;
  
  sending routing information identifying the selected Web routers for the routing chain and a second set of cryptographic keys for the client to perform multi-layered encryption on messages to be sent to the target client, each cryptographic key in the second set being associated with a cryptographic key in the first set.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A computer-readable medium as in claim 1, wherein the cryptographic keys in the first set form public-private key pairs with the cryptographic keys in the second set.
  - 3. A computer-readable medium as in claim 1, wherein the cryptographic keys in the first set are identical to the cryptographic keys in the second set.
  - 4. A computer-readable medium as in claim 1, having further computer-executable instructions for performing the steps of:
    - receiving a logon request from the client;
      
      redirecting the logon request to an account service;
      
      receiving a notification from the account service that a user of the client has been authenticated for payment for service.
  - 5. A computer-readable medium as in claim 1, wherein the step of selecting selects the plurality of Web servers for the secured routing chain randomly from the pool of participating Web servers.

6. A computer-readable medium having computer-executable instructions for performing steps by a client on the Internet to protect messages to be sent to a target server through the Internet, the steps comprising:
- sending a request to a routing control server for a secured routing chain formed by Web servers for routing messages between the client and the target server;
  
  receiving from the routing control server routing information identifying a plurality of Web servers selected to be used in the secured routing chain, and a plurality of cryptographic keys each corresponding to a Web server in the secured routing chain;
  
  formatting a message to be sent to the target server according to a protocol for accessing Web services;
  
  encrypting the message to be sent to the target server with the plurality of cryptographic keys according to an order of the Web servers in the routing chain; and
  
  forwarding the encrypted message to a first Web server in the routing chain.
- View Dependent Claims (7, 8, 9, 10)
- - 7. A computer-readable medium as in claim 6, comprising further computer-executable instructions for client to performs the steps of:
    - receiving a message from the target server and forwarded by the first Web server in the routing chain;
      
      decrypting the message from the target server with the plurality of cryptographic keys according to the order of the Web servers in the routing chain.
  - 8. A computer-readable medium as in claim 6, having further computer-executable instructions for performing the step of sending to an account service an authentication request containing a user account ID for payment for service.
  - 9. A computer-readable medium as in claim 8, wherein the account ID is an anonymous account ID.
  - 10. A computer-readable medium as in claim 8, wherein the authentication request is sent to the account service through the routing chain of Web servers.

11. A computer-readable medium having computer-executable instructions for performing, by a Web server, steps comprising:
- receiving a cryptographic key from a routing control server for use in routing messages passed during a communication session between a client and a target server;
  
  receiving a message associated with the communication session from an upstream node of a routing chain for the communication session in which the Web server is a node;
  
  decrypting the message from the upstream Web server with the cryptographic key; and
  
  forwarding the decrypted message to a downstream node of the routing chain.
- View Dependent Claims (12)
- - 12. A computer-readable medium as in claim 11, having further computer-executable instructions to perform the steps of:
    - receiving a message associated with the communication session from the downstream node;
      
      encrypting the message received from the downstream Web server with the cryptographic key; and
      
      forwarding the encrypted message to the upstream node.

13. A method for a routing control server to provide protection for messages passed between a client and a target server on the Internet, comprising the steps of:
- receiving from the client a request for a secured routing chain for accessing the target server;
  
  selecting, from a pool of participating Web servers, a plurality of Web servers as routers in the secured routing chain;
  
  generating a first set of cryptographic keys each corresponding to a selected Web server;
  
  depositing each of the cryptographic keys in the first set with a corresponding selected Web server;
  
  sending routing information identifying the selected Web routers for the routing chain and a second set of cryptographic keys to the client for performing multi-layered encryption on messages to be sent to the target client, each cryptographic key in the second set being associated with a cryptographic key in the first set.
- View Dependent Claims (14, 15, 16)
- - 14. A method as in claim 13, wherein the cryptographic keys in the first set form public-private key pairs with the cryptographic keys in the second set.
  - 15. A method as in claim 13, wherein the cryptographic keys in the first set are identical to the cryptographic keys in the second set.
  - 16. A computer-readable medium as in claim 13, wherein the step of selecting selects the plurality of Web servers for the secured routing chain randomly from the pool of participating Web servers.

17. A method for a client on the Internet to protect messages to be sent to a target server through the Internet, comprising the steps of:
- sending a request to a routing control server for a secured routing chain formed by Web servers for routing messages between the client and the target server;
  
  receiving from the routing control server routing information identifying a plurality of Web servers selected to be used in the secured routing chain, and a plurality of cryptographic keys each corresponding to a Web server in the secured routing chain;
  
  formatting a message to be sent to the target server according to a protocol for accessing Web services;
  
  encrypting the message to be sent to the target server with the plurality of cryptographic keys according to an order of the Web servers in the routing chain; and
  
  forwarding the encrypted message to a first Web server in the routing chain.
- View Dependent Claims (18, 19, 20)
- - 18. A method as in claim 17, comprising a further step of sending to an account service an authentication request containing a user account ID for payment for service.
  - 19. A method as in claim 18, wherein the user account ID is an anonymous account ID.
  - 20. A method as in claim 19, wherein the authentication request is sent to the account service through the routing chain of Web servers.

21. A method for a Web server to participate in protecting messages passed between a client and a target server through the Internet, comprising the steps of:
- receiving a cryptographic key from a routing control server for use in routing messages passed during a communication session between a client and a target server;
  
  receiving a message associated with the communication session from an upstream node on a routing chain for the communication session in which the Web server is a node;
  
  decrypting the message from the upstream Web server with the cryptographic key;
  
  forwarding the decrypted message to a downstream node of the routing chain;
  
  receiving a message associated with the communication session from the downstream node;
  
  encrypting the message received from the downstream Web server with the cryptographic key; and
  
  forwarding the encrypted message to the upstream node.

22. A system for providing a message protection service for messages passed between a client and a target server on the Internet, comprising:
- a plurality of Web servers participating in the message protection service; and
  
  a routing control server programmed to perform the step of selecting, in response to request from the client, from the pool of participating Web servers a plurality of Web servers as routers to form a secured routing chain;
  
  generating a first set of cryptographic keys each corresponding to a selected Web server;
  
  depositing each of the cryptographic keys in the first set with a corresponding selected Web server; and
  
  sending routing information identifying the selected Web routers for the routing chain and a second set of cryptographic keys associated with the first set of cryptographic keys to the client for performing multi-layered encryption on messages to be sent to the target client.
- View Dependent Claims (23, 24)
- - 23. A system as in claim 22, whether in the cryptographic keys in the second set are identical to the cryptographic keys in the first set.
  - 24. A system as in claim 22, further including an account service for receiving from the client an authentication request containing a user account ID for payment for service and validating the user account ID.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Simon, Daniel R., Wang, Yi-Min, Russell, Wilfred, Sun, Qixiang

Granted Patent

US 6,986,036 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/238
CPC Class Codes

G06Q 20/3821   Electronic credentials

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 67/02   based on web technology, e....

H04L 67/63   Routing a service request d...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

System and method for protecting privacy and anonymity of parties of network communications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for protecting privacy and anonymity of parties of network communications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links