System and method for secure and anonymous communications
First Claim
1. A system for providing communications over a network, by means including at least a client and a remote server, wherein a user may submit a request through said client for a specified action to be performed in response to said request by said remote server, said user-submitted request comprising identity information that identifies the user making the request, and action information that specifies the action requested from said remote server by said user, and wherein said communications are provided in a secure and anonymous manner in that said action information is submitted to said remote server without revealing said identity information to said remote server, and in that only said client, and not any facility through which said action information or any response thereto passes in the course of being submitted to or received from said remote server, possesses both said identity information and said action information, said system comprising (in addition to said client and remote server):
- a) an application that separates said identity information and said action information from the user'"'"'s information request, encrypts said identity information and said action information, and sends said identity information and said action information as so encrypted to a first intermediate server;
b) said first intermediate server, which contains means for decrypting said encrypted identity information but not said encrypted action information, and for transmitting said encrypted action information to a second intermediate server;
c) said second intermediate server, which contains means for decrypting said action information, transmitting said decrypted action information to said remote server, receiving the remote server'"'"'s response, encrypting said remote server response, and transmitting said encrypted remote server response to said first intermediate server;
d) said first intermediate server further having means for receiving said encrypted remote server response from said second intermediate server, associating said encrypted remote server response with said identity information and sending said encrypted remote server response to said application;
e) said application further having means for decrypting said remote server response and forwarding said decrypted remote server response to said client for presentation to the user.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides secure and anonymous communications over a network, which is accomplished by imposing mechanisms that separate a users'"'"' actions from their identity. In one embodiment, involving use of the Internet, an http request, which normally contains both identity and action information, is separated in the first instance on the client side into action request and identity components, which are encrypted. The encrypted action and identity components are transmitted to a facility comprising an “identity server” and an “action server”, wherein the identity server receives the two encrypted request components and forwards the encrypted action request component to an action server. The identity server has the key to decrypt the identity component (but not the action component), and the action server has the key to decrypt the action component (but not the identity component). The action server decrypts the action request and forwards it to the third-party server. The third-party server sends the http response back to the action server. The action server receives and encrypts the action response, and forwards it to the identity server. The identity server, which has been holding the unencrypted user identity information, receives the encrypted action response (which it cannot decipher), and forwards it to the client system, wherein the user'"'"'s browser software uses the action response in the normal manner, so as to create the appropriate displays and/or multimedia output.
249 Citations
1 Claim
-
1. A system for providing communications over a network, by means including at least a client and a remote server, wherein a user may submit a request through said client for a specified action to be performed in response to said request by said remote server, said user-submitted request comprising identity information that identifies the user making the request, and action information that specifies the action requested from said remote server by said user, and wherein said communications are provided in a secure and anonymous manner in that said action information is submitted to said remote server without revealing said identity information to said remote server, and in that only said client, and not any facility through which said action information or any response thereto passes in the course of being submitted to or received from said remote server, possesses both said identity information and said action information, said system comprising (in addition to said client and remote server):
-
a) an application that separates said identity information and said action information from the user'"'"'s information request, encrypts said identity information and said action information, and sends said identity information and said action information as so encrypted to a first intermediate server;
b) said first intermediate server, which contains means for decrypting said encrypted identity information but not said encrypted action information, and for transmitting said encrypted action information to a second intermediate server;
c) said second intermediate server, which contains means for decrypting said action information, transmitting said decrypted action information to said remote server, receiving the remote server'"'"'s response, encrypting said remote server response, and transmitting said encrypted remote server response to said first intermediate server;
d) said first intermediate server further having means for receiving said encrypted remote server response from said second intermediate server, associating said encrypted remote server response with said identity information and sending said encrypted remote server response to said application;
e) said application further having means for decrypting said remote server response and forwarding said decrypted remote server response to said client for presentation to the user.
-
Specification