System and method for protecting privacy and anonymity of parties of network communications
First Claim
1. A computer-readable medium having computer-executable instructions for performing steps by a routing control server for handling messages between a client and a target server on the Internet, the steps comprising:
- receiving from the client a request for a secured routing chain for accessing the target server;
selecting, from a pool of participating Web servers, a plurality of Web servers as routers in the secured routing chain;
generating a first set of cryptographic keys each corresponding to a selected Web server;
depositing each of the cryptographic keys in the first set with a corresponding selected Web server;
sending routing information identifying the selected Web routers for the routing chain and a second set of cryptographic keys for the client to perform multi-layered encryption on messages to be sent to the target client, each cryptographic key in the second set being associated with a cryptographic key in the first set.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method is provided for handling network communications between a client and a target server on the Internet to protect the privacy and anonymity of the client. For a session between the client and the target server, a routing control server sets up a routing chain using a plurality of Web servers randomly selected from a pool of participating Web servers as routers for routing messages between the client and the target server. To prevent traffic analysis, an “onion encryption” scheme is applied to the messages as they are forwarded along the routing chain. A payment service cooperating with the routing control server allows a user to pay for the privacy protection service without revealing her real identity.
-
Citations
24 Claims
-
1. A computer-readable medium having computer-executable instructions for performing steps by a routing control server for handling messages between a client and a target server on the Internet, the steps comprising:
-
receiving from the client a request for a secured routing chain for accessing the target server;
selecting, from a pool of participating Web servers, a plurality of Web servers as routers in the secured routing chain;
generating a first set of cryptographic keys each corresponding to a selected Web server;
depositing each of the cryptographic keys in the first set with a corresponding selected Web server;
sending routing information identifying the selected Web routers for the routing chain and a second set of cryptographic keys for the client to perform multi-layered encryption on messages to be sent to the target client, each cryptographic key in the second set being associated with a cryptographic key in the first set. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-readable medium having computer-executable instructions for performing steps by a client on the Internet to protect messages to be sent to a target server through the Internet, the steps comprising:
-
sending a request to a routing control server for a secured routing chain formed by Web servers for routing messages between the client and the target server;
receiving from the routing control server routing information identifying a plurality of Web servers selected to be used in the secured routing chain, and a plurality of cryptographic keys each corresponding to a Web server in the secured routing chain;
formatting a message to be sent to the target server according to a protocol for accessing Web services;
encrypting the message to be sent to the target server with the plurality of cryptographic keys according to an order of the Web servers in the routing chain; and
forwarding the encrypted message to a first Web server in the routing chain. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer-readable medium having computer-executable instructions for performing, by a Web server, steps comprising:
-
receiving a cryptographic key from a routing control server for use in routing messages passed during a communication session between a client and a target server;
receiving a message associated with the communication session from an upstream node of a routing chain for the communication session in which the Web server is a node;
decrypting the message from the upstream Web server with the cryptographic key; and
forwarding the decrypted message to a downstream node of the routing chain. - View Dependent Claims (12)
-
-
13. A method for a routing control server to provide protection for messages passed between a client and a target server on the Internet, comprising the steps of:
-
receiving from the client a request for a secured routing chain for accessing the target server;
selecting, from a pool of participating Web servers, a plurality of Web servers as routers in the secured routing chain;
generating a first set of cryptographic keys each corresponding to a selected Web server;
depositing each of the cryptographic keys in the first set with a corresponding selected Web server;
sending routing information identifying the selected Web routers for the routing chain and a second set of cryptographic keys to the client for performing multi-layered encryption on messages to be sent to the target client, each cryptographic key in the second set being associated with a cryptographic key in the first set. - View Dependent Claims (14, 15, 16)
-
-
17. A method for a client on the Internet to protect messages to be sent to a target server through the Internet, comprising the steps of:
-
sending a request to a routing control server for a secured routing chain formed by Web servers for routing messages between the client and the target server;
receiving from the routing control server routing information identifying a plurality of Web servers selected to be used in the secured routing chain, and a plurality of cryptographic keys each corresponding to a Web server in the secured routing chain;
formatting a message to be sent to the target server according to a protocol for accessing Web services;
encrypting the message to be sent to the target server with the plurality of cryptographic keys according to an order of the Web servers in the routing chain; and
forwarding the encrypted message to a first Web server in the routing chain. - View Dependent Claims (18, 19, 20)
-
-
21. A method for a Web server to participate in protecting messages passed between a client and a target server through the Internet, comprising the steps of:
-
receiving a cryptographic key from a routing control server for use in routing messages passed during a communication session between a client and a target server;
receiving a message associated with the communication session from an upstream node on a routing chain for the communication session in which the Web server is a node;
decrypting the message from the upstream Web server with the cryptographic key;
forwarding the decrypted message to a downstream node of the routing chain;
receiving a message associated with the communication session from the downstream node;
encrypting the message received from the downstream Web server with the cryptographic key; and
forwarding the encrypted message to the upstream node.
-
-
22. A system for providing a message protection service for messages passed between a client and a target server on the Internet, comprising:
-
a plurality of Web servers participating in the message protection service; and
a routing control server programmed to perform the step of selecting, in response to request from the client, from the pool of participating Web servers a plurality of Web servers as routers to form a secured routing chain;
generating a first set of cryptographic keys each corresponding to a selected Web server;
depositing each of the cryptographic keys in the first set with a corresponding selected Web server; and
sending routing information identifying the selected Web routers for the routing chain and a second set of cryptographic keys associated with the first set of cryptographic keys to the client for performing multi-layered encryption on messages to be sent to the target client. - View Dependent Claims (23, 24)
-
Specification