Anonymous communicating over interconnected networks
First Claim
1. A system for concealing from an outside observer a source and destination of information transmitted over interconnected networks comprising:
- a plurality of hosts connected to the interconnected networks and enabled to send and receive two types of data defined as application data and auxiliary data used for delivery of said application data, wherein said auxiliary data is encapsulated into announcement packets, which are conventional IP packets with source and destination addresses included in a packet header, and said application data is encapsulated into content packets;
wherein a content packet header contains a flow number assigned to a flow application data and does not contain a data source and destination address;
a plurality of conventional IP routers on the interconnected networks for forwarding the announcement packets;
a plurality of flow routers on the interconnected networks for forwarding the content packets; and
a trusted server operative for receiving a request from a source host or a destination host for delivery of specific application data from the source host to the destination host, choosing a path from the source host to the destination host over a sequence of said flow routers, assigning a flow number to a flow of said specific application data to be delivered and sending notifications specifying the flow number to the source host, the destination host and each said flow router along the chosen path;
wherein the request for said specific application data and all said notifications are encapsulated into said announcement packets and forwarded to their destinations by the conventional IP routers, while said specific application data is encapsulated into said content packets with the assigned flow number and forwarded to said destinations by the flow routers;
wherein said specific application data is delivered over a virtual circuit that is both anonymous and congestion-free, because it does not reveal the data source and destination addresses, and the trusted server, which is a potential bottleneck for network traffic, is not a part of the virtual circuit;
wherein the notifications sent by the trusted server to the source and destination hosts are encrypted with individual public keys of the hosts so to conceal association of a particular flow number with a flow source and destination; and
wherein a large flow of said content packets is divided into smaller parts and different flow numbers are assigned to the parts so that the parts would look like flows of different application data, thereby making it harder for an outside observer to trace the path of said application data.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for concealing from an outside observer the source and destination of information transmitted over computer network. Two types of data packets are defined: content packets that are carrying application data, i.e. real information, and announcement packets that are carrying data providing delivery of content packets. A flow number is assigned to a flow of packets carrying specific application data from a source host to a destination host and the number is included in the content packet header instead of the source and destination addresses. Applying public/private key encryption to announcement packets, which are delivered according to the standard IP protocol, a network server provides the flow number to the source and destination hosts and each router along the path between them, thereby building an anonymous virtual circuit for delivery of application data.
-
Citations
7 Claims
-
1. A system for concealing from an outside observer a source and destination of information transmitted over interconnected networks comprising:
-
a plurality of hosts connected to the interconnected networks and enabled to send and receive two types of data defined as application data and auxiliary data used for delivery of said application data, wherein said auxiliary data is encapsulated into announcement packets, which are conventional IP packets with source and destination addresses included in a packet header, and said application data is encapsulated into content packets;
wherein a content packet header contains a flow number assigned to a flow application data and does not contain a data source and destination address;a plurality of conventional IP routers on the interconnected networks for forwarding the announcement packets; a plurality of flow routers on the interconnected networks for forwarding the content packets; and a trusted server operative for receiving a request from a source host or a destination host for delivery of specific application data from the source host to the destination host, choosing a path from the source host to the destination host over a sequence of said flow routers, assigning a flow number to a flow of said specific application data to be delivered and sending notifications specifying the flow number to the source host, the destination host and each said flow router along the chosen path; wherein the request for said specific application data and all said notifications are encapsulated into said announcement packets and forwarded to their destinations by the conventional IP routers, while said specific application data is encapsulated into said content packets with the assigned flow number and forwarded to said destinations by the flow routers; wherein said specific application data is delivered over a virtual circuit that is both anonymous and congestion-free, because it does not reveal the data source and destination addresses, and the trusted server, which is a potential bottleneck for network traffic, is not a part of the virtual circuit; wherein the notifications sent by the trusted server to the source and destination hosts are encrypted with individual public keys of the hosts so to conceal association of a particular flow number with a flow source and destination; and wherein a large flow of said content packets is divided into smaller parts and different flow numbers are assigned to the parts so that the parts would look like flows of different application data, thereby making it harder for an outside observer to trace the path of said application data. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification