TECHNIQUES FOR ANONYMOUS INTERNET ACCESS

US 20090217351A1
Filed: 02/25/2008
Published: 08/27/2009
Est. Priority Date: 02/25/2008
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method, comprising:

inspecting an Internet Protocol (IP) address that originates from a principal and that is directed to an external resource located over the Internet from the principal;

evaluating a policy in response to the IP address of the external resource;

selecting a particular anonymizer from a list of available anonymizers in response to the policy evaluation; and

establishing a secure connection between the principal and the particular anonymizer for the particular anonymizer to access the external resource on behalf of the principal.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are presented for anonymous Internet access. Internet requests are intercepted within a firewalled environment before being routed over the Internet to destination sites. Each Internet requests is evaluated in view of policy and one or more anonymizers are selected in response to that evaluation. The Internet requests are then routed through the appropriate anonymizers for processing to the destination sites. A relationship between an Internet Protocol (IP) address associated with the firewalled environment and IP addresses of the destination sites is masked and hidden via the anonymizers from Internet observers. Moreover, a secure communication between the firewalled environment and the anonymizers is maintained.

Citations

24 Claims

1. A machine-implemented method, comprising:
- inspecting an Internet Protocol (IP) address that originates from a principal and that is directed to an external resource located over the Internet from the principal;
  
  evaluating a policy in response to the IP address of the external resource;
  
  selecting a particular anonymizer from a list of available anonymizers in response to the policy evaluation; and
  
  establishing a secure connection between the principal and the particular anonymizer for the particular anonymizer to access the external resource on behalf of the principal.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein inspecting further includes intercepting via a transparent proxy configuration the IP address from the principal in a manner that the principal is unaware of.
  - 3. The method of claim 1, wherein inspecting further includes acquiring via a forward proxy configuration the IP address from the principal, wherein the principal sends the IP address to the forward proxy configuration to forward to the external resource.
  - 4. The method of claim 1, wherein evaluating further includes evaluating the policy using a variety of factors, the factors including one or more of the following:
    - the IP address of the external resource, an identity of the principal, a role associated with the principal, a group to which the principal is assigned, an attribute associated with the principal, a time-of-day when the IP address was requested, and a randomly generated number.
  - 5. The method of claim 1, wherein selecting further includes randomly selecting the particular anonymizer from the list.
  - 6. The method of claim 1, wherein selecting further includes instructing the particular anonymizer to use one or more additional anonymizers to create a chain of anonymizers that contact the IP address for the principal.
  - 7. The method of claim 1, wherein establishing further includes routing a request from the principal for the IP address through a secure sockets layer (SSL) or a transport layer security (TLS) connection with the particular anonymizer, wherein the particular anonymizer acts as a proxy for the principal to connect and interact with the external resource at the IP address over the Internet.

8. A machine-implemented method, comprising:
- receiving a request to access an external resource over the Internet from a user within a firewall environment;
  
  determining in response to a policy that the request is to be masked when routed over the Internet; and
  
  routing the request through an anonymizer that hides a relationship between the user and the external resource from network onlookers.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein receiving further includes intercepting the request at a proxy that manages traffic exiting and entering the firewall environment.
  - 10. The method of claim 8, wherein determining further includes acquiring an identity for the user and using the identity to select the policy.
  - 11. The method of claim 10, wherein acquiring further includes selecting the anonymizer in response to the identity of the user.
  - 12. The method of claim 8, wherein determining further includes randomly selecting the anonymizer from a list of available anonymizers.
  - 13. The method of claim 8, wherein routing further includes identifying the anonymizer as a first anonymizer in a list of anonymizers, wherein each anonymizer of the list passes the request to a next anonymizer of the list and a last anonymizer of the list passes the request to the external resource.
  - 14. The method of claim 8, wherein routing further includes establishing a secure sockets layer (SSL) virtual private network (VPN) connection between the user and the anonymizer for the anonymizer to handle the request on behalf of the user.

15. A computer-implemented system, comprising:
- a policy store residing in a computer-readable medium and accessible to an anonymizer selection service; and
  
  the anonymizer selection service implemented in a computer-readable medium and to process on a proxy machine within a firewalled environment, wherein the proxy acts as an intermediate to Internet access from and to the firewalled environment;
  
  wherein the anonymizer selection service intercepts uniform resource locator (URL) link requests from users within the firewalled environment that are directed to external world-wide web (WWW) sites and acquires policies from the policy store, the policies are evaluated to determine when particular URL requests are to be re-routed through anonymizers to mask an Internet Protocol (IP) address of the firewalled environment from where the URL requests originate.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the anonymizer selection service uses a variety of factors to acquire the policies from the policy store and when evaluating the policies.
  - 17. The system of claim 15, wherein the anonymizer selection service chains certain URL requests to lists of the anonymizers to further mask the IP address of the firewalled environment.
  - 18. The system of claim 15, wherein the anonymizer selection service is a transparent.
  - 19. The system of claim 15, wherein the anonymizer selection service is a forward proxy.
  - 20. The system of claim 15, wherein the anonymizer selection service randomly selects a number of the anonymizers for the URL requests to ensure no particular pattern can be detected from an observer outside the firewalled environment.

21. A computer-implemented system, comprising:
- a proxy implemented on a server machine within a firewalled environment and that handles traffic exiting the firewalled environment over an Internet connection and entering the firewalled environment from the Internet; and
  
  an anonymizer implemented on a machine outside the firewalled environment over the Internet;
  
  wherein the proxy uses policies to determine when Internet requests that emanate from within the firewalled environment are to be processed via the anonymizer and routed through the anonymizer.
- View Dependent Claims (22, 23, 24)
- - 22. The system of claim 21, wherein the anonymizer routes the Internet requests received from the proxy through one or more additional anonymizers.
  - 23. The system of claim 21, wherein the anonymizer services a variety of other users from other environments and associated with other Internet requests and wherein the anonymizer mask an IP address associated with the firewalled environment when processing the Internet requests.
  - 24. The system of claim 21, wherein the proxy resolves identities for principals associated with the Internet requests to select the policies for evaluation and to identify the anonymizer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Stilmar, Robert Skousen, Carter, Stephen R., Burch, Lloyd Leon, Earl, Douglas G.

Granted Patent

US 8,302,161 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

H04L 63/0281 Proxies

H04L 63/0407 wherein the identity of one...

TECHNIQUES FOR ANONYMOUS INTERNET ACCESS

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

TECHNIQUES FOR ANONYMOUS INTERNET ACCESS

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links