Method and apparatus for encrypted communications to a secure server

US 7,509,490 B1
Filed: 05/26/2000
Issued: 03/24/2009
Est. Priority Date: 05/26/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

at a first server in a first Internet domain outside of a firewall, receiving, over a secure connection, encrypted data from a computer behind said firewall, wherein said receiving over said secure connection includes decrypting said encrypted data according to a protocol specified by said secure connection to produce decrypted data, wherein said decrypted data includes a request for a web page in a second Internet domain that is different from the first Internet domain, wherein said request is directed to a first address hosted by the first server in the first Internet domain by directing the request to a URL including an encrypted address of said web page appended after an unencrypted form of the first address;

said first server decrypting the encrypted address of the web page;

in response to said decrypting, said first server communicating with a second server in the second Internet domain to retrieve the web page from the second Internet domain; and

said first server sending data to said computer over the secure connection via the firewall, wherein said sending data includes encrypting said data, wherein said encrypted data includes said retrieved web page.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embodiment of the invention includes a secure server. A user at a terminal, communicatively coupled to the secure server by a secure link, can obtain web pages from web sites in a network, in encrypted form, via the secure link. Addresses associated with the web pages are altered to make it appear as if the web pages come from the secure server rather than from the web sites. Spoofing units may be used as alternative access points to the secure server, with the secure server sending the requested web pages directly to the terminal. In general, address rewriting and other manipulation can be performed on the requested web pages, such that the true sources of the web pages are disguised and such that subsequent communications from the terminal are directed to the secure server and/or spoofing unit, rather than to the true source of the web pages. Components of the user'"'"'s privacy may be sold, or advertisements may be provided, in exchange for protection of the user'"'"'s identity.

Citations

13 Claims

1. A method comprising:
- at a first server in a first Internet domain outside of a firewall, receiving, over a secure connection, encrypted data from a computer behind said firewall, wherein said receiving over said secure connection includes decrypting said encrypted data according to a protocol specified by said secure connection to produce decrypted data, wherein said decrypted data includes a request for a web page in a second Internet domain that is different from the first Internet domain, wherein said request is directed to a first address hosted by the first server in the first Internet domain by directing the request to a URL including an encrypted address of said web page appended after an unencrypted form of the first address;
  
  said first server decrypting the encrypted address of the web page;
  
  in response to said decrypting, said first server communicating with a second server in the second Internet domain to retrieve the web page from the second Internet domain; and
  
  said first server sending data to said computer over the secure connection via the firewall, wherein said sending data includes encrypting said data, wherein said encrypted data includes said retrieved web page.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein said protocol specified by said secure connection is SSL.
  - 3. The method of claim 1,wherein said retrieved web page includes one or more links pointing to the second Internet domain, wherein the method further comprises:
    - before sending the encrypted data including the retrieved web page to the computer, the first server modifying the retrieved web page by modifying the one or more links to point to the first Internet domain instead of the second Internet domain.
  - 4. The method of claim 1, further including providing advertisements to the computer.
  - 5. The method of claim 1, further including providing information regarding one or more web pages requested by said computer to one or more third parties.

6. A server system, includinga first server outside of a firewall and accessible via a first Internet domain, wherein said first server includes:
- a processor; and
  
  a memory storing program instructions executable by the processor to;
  
  receive, over a secure connection, encrypted data from a computer behind said firewall, wherein said receiving over said secure connection includes decrypting said encrypted data according to a protocol specified by said secure connection to produce decrypted data, wherein said decrypted data includes a request for a web page in a second Internet domain that is different from the first Internet domain, wherein said request is directed to a first address hosted by the first server in the first Internet domain by directing the request to a URL including an encrypted address of said web page appended after an unencrypted form of the first address;
  
  decrypt the encrypted address of the web page;
  
  in response to said decrypting, communicate with a second server in the second Internet domain to retrieve the requested web page from the second Internet domain; and
  
  send data to said computer over the secure connection via the firewall, wherein said sending data includes encrypting said data according to said protocol, wherein said encrypted data includes said retrieved web page.
- View Dependent Claims (7)
- - 7. The system of claim 6,wherein said retrieved web page includes one or more links pointing to the second Internet domain, wherein the program instructions are further executable by the processor to:
    - before sending the encrypted data including the retrieved web page to the computer, modify the retrieved web page by modifying the one or more links to point to the first Internet domain instead of the second Internet domain.

8. A computer-readable memory medium, including program instructions executable to:
- at a first server in a first Internet domain outside of a firewall, receive, over a secure connection, encrypted data from a computer behind said firewall, wherein said receiving over said secure connection includes decrypting said data according to a protocol specified by said secure connection to produce decrypted data, wherein said decrypted data includes a request for a web page in a second Internet domain that is different from the first Internet domain, wherein said request is directed to a first address hosted by the first server in the first Internet domain by directing the request to a URL including an encrypted address of said web page appended after an unencrypted form of the first address;
  
  decrypt the encrypted address of the web page;
  
  in response to said decrypting, communicate with a second server in the second Internet domain to retrieve the requested web page from the second Internet domain; and
  
  send data to said computer over the secure connection via the firewall, wherein said sending data includes encrypting said data according to said protocol, wherein said encrypted data includes said retrieved web page.
- View Dependent Claims (9, 10)
- - 9. The memory medium of claim 8, further including program instructions executable to provide advertisements from a third party to the computer.
  - 10. The memory medium of claim 8,wherein said retrieved web page includes one or more links pointing to the second Internet domain, wherein the memory medium further includes program instructions executable to:
    - before sending the encrypted data including the retrieved web page to the computer, modify the retrieved web page by modifying the one or more links to point to the first Internet domain instead of the second Internet domain.

11. A method comprising:
- at a first server in a first Internet domain outside of a firewall, receiving via a second server in a second Internet domain different from the first Internet domain, over a secure connection, encrypted data originating from a computer behind said firewall, wherein said receiving over said secure connection includes decrypting said encrypted data according to a protocol specified by said secure connection to produce decrypted data, wherein said decrypted data includes a request for a web page in a third Internet domain that is different from the first and second Internet domains, wherein said request is directed to a first address hosted by the first server in the first Internet domain by directing the request to a URL including an encrypted address of the web page appended after an unencrypted form of the first address;
  
  the first server decrypting the encrypted address of the web page;
  
  in response to said decrypting, the first server communicating with a third server in the third Internet domain to retrieve the web page from the third Internet domain; and
  
  the first server sending data to said computer over the secure connection via the firewall, wherein said sending data includes encrypting said data, wherein said encrypted data includes said retrieved web page.
- View Dependent Claims (12, 13)
- - 12. The method of claim 11, wherein the first server in the first Internet domain receives the encrypted data in response to the second server in the second Internet domain receiving the encrypted data from the computer behind said firewall and forwarding the encrypted data to the first server.
  - 13. The method of claim 11,wherein said retrieved web page includes one or more links pointing to the third Internet domain, wherein the method further comprises:
    - before sending the encrypted data including the retrieved web page to the computer, the first server modifying the retrieved web page by modifying the one or more links to point to the first Internet domain instead of the third Internet domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.), Purepulse Technologies, Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Chun, Jon A, Hsu, Stephen Dao Hui, Hormuzdiar, James Noshir
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Tran; Tongoc

Application Number

US09/580,365
Time in Patent Office

3,224 Days
Field of Search

713/150, 713/153, 713/155, 713/160, 713/162, 713/169, 705/74, 705/78
US Class Current

713/162
CPC Class Codes

G06Q 20/0855   involving a third party

G06Q 20/383   Anonymous user system

H04L 63/0281   Proxies

H04L 63/0407   wherein the identity of one...

H04L 63/0428   wherein the data content is...

H04L 67/01   Protocols

Method and apparatus for encrypted communications to a secure server

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for encrypted communications to a secure server

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links