System for generating site-specific user aliases in a computer network
First Claim
Patent Images
1. A method for providing a site-specific alias to identify a user to a computer network site, the method comprising the steps of:
- for each of a plurality of computer network sites accessed by a user having an identity, generating a corresponding, unique alias such that the identity of the user cannot be determined from the alias, and where the user cannot modify the alias; and
for at least one of the computer network sites, sending the corresponding alias to the computer network site upon access of the computer network site by the user.
3 Assignments
0 Petitions
Accused Products
Abstract
An system for allowing a computer network site to recognize an anonymous user without revealing the identity of the user. The system involves generating a user alias based on the user'"'"'s identity and the computer network site such that it is computationally difficult to determine the user'"'"'s identity from the alias alone. The system further involves informing the computer network site of the alias upon access of the site by the user. The computer network site may then block access to the site'"'"'s contents whenever it receives an alias associated with a disruptive user.
338 Citations
61 Claims
-
1. A method for providing a site-specific alias to identify a user to a computer network site, the method comprising the steps of:
-
for each of a plurality of computer network sites accessed by a user having an identity, generating a corresponding, unique alias such that the identity of the user cannot be determined from the alias, and where the user cannot modify the alias; and
for at least one of the computer network sites, sending the corresponding alias to the computer network site upon access of the computer network site by the user. - View Dependent Claims (2)
-
-
3. A method for allowing a computer network site to recognize a user without revealing the identity of the user to the computer network site, the method comprising the steps of:
-
generating an alias based on the identity of the user and the computer network site such that it is computationally difficult to determine the identity of the user from the alias alone;
protecting the alias from modification by the user; and
informing the computer network site of the alias upon access of the computer network site by the user. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
processing the network address through the one-way hash function to obtain a preliminary value, and then, for each combination of identification code and data string, completing the one-way hash function by processing the identification code and data string through the one-way hash function to obtain a final value from the preliminary value, until a final value matching the alias is obtained. -
10. The method of claim 3, wherein the user has an identification code and the computer network site has a network address, and where the step of generating includes encrypting the identification code and the network address with at least one is secret encryption key.
-
11. The method of claim 10, wherein the step of generating includes computing a one-way hash value of the secret encryption key and the network address to form a site key, and encrypting the identification code with the site key.
-
12. The method of claim 10, wherein the step of generating includes computing a one-way hash value of the identification code with a data string, and encrypting the identification code, the data string and the one-way hash value to form the alias.
-
13. The method of claim 12, wherein the alias can be decrypted to determine the identification code, the data string and the one-way hash value, and where the decryption can be verified by computing the one-way hash value of the decrypted identification code and the decrypted data string, and comparing the computed hash value with the decrypted hash value.
-
14. The method of claim 10, wherein the alias can be decrypted to determine the identification code using the at least one secret encryption key.
-
15. The method of claim 3, wherein the step of informing is carried out each time the user accesses a computer network site.
-
16. The method of claim 3, wherein the step of informing is carried out if requested by the computer network site accessed by the user.
-
17. The method of claim 3, wherein the step of informing is carried out if the user accesses a computer network site which previously requested the alias.
-
18. The method of claim 3, wherein the step of informing includes sending the alias to the computer network site in an HTTP header.
-
19. The method of claim 3, wherein the step of informing includes sending the alias to the computer network site in the form of a cookie.
-
20. The method of claim 3, wherein the step of informing is carried out using a secure network protocol.
-
-
21. A method for providing a site-specific user alias to an Internet site accessed by a user, the method comprising the steps of:
-
assigning an identification code to a user;
providing an alias server system connected to the Internet;
generating an alias by the server system, where the alias is based on the identification code and the Internet site selected by the user such that it is computationally difficult to determine the identification code from the alias alone; and
sending the alias to the Internet site upon access of the Internet site by the user. - View Dependent Claims (22)
-
-
23. A method for allowing a computer network site to recognize a user without revealing the identity of the user to the computer network site, the method comprising the steps of:
-
providing an identification code to a user utilizing a user terminal to access a computer network site;
generating an alias based on the identification code and the computer network site such that it is impractical to determine the identification code from the alias alone;
storing the alias on the user terminal; and
configuring the user terminal to inform the computer network site of the alias. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
processing the network address through the one-way hash function to obtain a preliminary value, and then, for each combination of identification code and data string, completing the one-way hash function by processing the identification code and data string through the one-way hash function to obtain a final value from the preliminary value, until a final value matching the alias is obtained. -
30. The method of claim 25, wherein the computer network site has a computer network address, and where the step of generating includes encrypting the identification code and the computer network address with at least one secret encryption key.
-
31. The method of claim 30, wherein the alias can be decrypted to determine the identification code using the at least one secret encryption key.
-
32. The method of claim 23, wherein the step of configuring includes configuring the user terminal to send the alias to the computer network site in an HTTP header.
-
33. The method of claim 23, wherein the step of storing includes storing the alias on the user terminal in the form of a cookie.
-
34. The method of claim 33, wherein the step of configuring includes configuring the user terminal to send the alias to the computer network site in the form of a cookie.
-
35. The method of claim 33, wherein the step of storing includes protecting the alias from modification by the user.
-
36. The method of claim 33, wherein the user terminal is configured to receive a set-cookie command from the computer network site, and where the step of storing is carried out if the user terminal receives a set-cookie command from the computer network site.
-
37. The method of claim 23, wherein the step of configuring includes configuring the user terminal to inform the computer network site using a secure network protocol.
-
-
38. A method for blocking access to an Internet site by an anonymous user, where the user has an identification code and a site-specific alias based on the identification code and the Internet site such that it is computationally difficult to determine the identification code from the alias alone, and where the user cannot modify the alias, the method comprising the steps of:
-
receiving the alias if the user accesses the Internet site; and
denying the user access to the Internet site.
-
-
39. A system for allowing a computer network site to recognize an anonymous user, the system comprising:
-
a user terminal configured to access a computer network site, where the user terminal is operated by a user having an identification code that cannot be modified by the user; and
an alias server system connected to communicate with the user terminal and with a computer network site accessed by the user terminal, where the alias server system is configured to generate an alias based on the identification code and the computer network site such that it is excessively difficult to determine the identity of the user from the alias alone. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
-
-
50. A system for allowing a computer network site to recognize an anonymous user, the system comprising:
-
an alias server system connected to communicate with a user terminal, and configured to generate an alias based on the identity of a user and a computer network site accessed by the user, where it is computationally intractable to determine the identity of the user from the alias alone, and where the alias server system is configured to transmit the alias to the user terminal after the alias is generated; and
a user terminal for operation by a user, where the user has an identity, and where the user terminal is connected to access a computer network site, and where the user terminal is configured to receive an alias from the alias server system and to send the alias to the computer network site upon access of the computer network site by the user. - View Dependent Claims (51, 52, 53, 54, 55)
-
-
56. An alias server system, the system comprising:
a computer server configured to receive a request for a user alias, and configured to generate a user alias based on an identification code and a computer network site such that it is impractical to determine the identification code from the alias alone, and where the computer server is configured to transmit the alias to a user terminal. - View Dependent Claims (57, 58)
-
59. A user terminal for identifying an anonymous user to a computer network site, comprising:
a user terminal for operation by a user having an identity, where the user terminal is connected to access a computer network site, and where the user terminal is configured to request and receive an alias based on the identity of the user and the computer network site, and where it is computationally difficult to determine the identity of the user from the alias alone. - View Dependent Claims (60, 61)
Specification