Techniques for anonymous internet access

US 8,302,161 B2
Filed: 02/25/2008
Issued: 10/30/2012
Est. Priority Date: 02/25/2008
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method implemented in a non-transitory computer-readable medium and for processing on a processor-enabled device, comprising:

inspecting, by the processor-enabled device, an Internet Protocol (IP) address that originates from a principal and that is directed to an external resource located over the Internet from the principal;

evaluating, by the processor-enabled device, a policy in response to the IP address of the external resource;

selecting, by the processor-enabled device, a particular anonymizer from a list of available anonymizers in response to the policy evaluation, a variety of external anonymizers are available in the list and based on the policy evaluation the particular anonymizer is selected; and

establishing, by the processor-enabled device, a secure connection between the principal and the particular anonymizer for the particular anonymizer to access the external resource on behalf of the principal, the processor-enabled device acting as a firewall proxy for the external resource and makes the secure connection with the particular anonymizer.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are presented for anonymous Internet access. Internet requests are intercepted within a firewalled environment before being routed over the Internet to destination sites. Each Internet requests is evaluated in view of policy and one or more anonymizers are selected in response to that evaluation. The Internet requests are then routed through the appropriate anonymizers for processing to the destination sites. A relationship between an Internet Protocol (IP) address associated with the firewalled environment and IP addresses of the destination sites is masked and hidden via the anonymizers from Internet observers. Moreover, a secure communication between the firewalled environment and the anonymizers is maintained.

Citations

20 Claims

1. A machine-implemented method implemented in a non-transitory computer-readable medium and for processing on a processor-enabled device, comprising:
- inspecting, by the processor-enabled device, an Internet Protocol (IP) address that originates from a principal and that is directed to an external resource located over the Internet from the principal;
  
  evaluating, by the processor-enabled device, a policy in response to the IP address of the external resource;
  
  selecting, by the processor-enabled device, a particular anonymizer from a list of available anonymizers in response to the policy evaluation, a variety of external anonymizers are available in the list and based on the policy evaluation the particular anonymizer is selected; and
  
  establishing, by the processor-enabled device, a secure connection between the principal and the particular anonymizer for the particular anonymizer to access the external resource on behalf of the principal, the processor-enabled device acting as a firewall proxy for the external resource and makes the secure connection with the particular anonymizer.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein inspecting further includes intercepting via a transparent proxy configuration the IP address from the principal in a manner that the principal is unaware of.
  - 3. The method of claim 1, wherein inspecting further includes acquiring via a forward proxy configuration the IP address from the principal, wherein the principal sends the IP address to the forward proxy configuration to forward to the external resource.
  - 4. The method of claim 1, wherein evaluating further includes evaluating the policy using a variety of factors, the factors including one or more of the following:
    - the IP address of the external resource, an identity of the principal, a role associated with the principal, a group to which the principal is assigned, an attribute associated with the principal, a time-of-day when the IP address was requested, and a randomly generated number.
  - 5. The method of claim 1, wherein selecting further includes randomly selecting the particular anonymizer from the list.
  - 6. The method of claim 1, wherein selecting further includes instructing the particular anonymizer to use one or more additional anonymizers to create a chain of anonymizers that contact the IP address for the principal.
  - 7. The method of claim 1, wherein establishing further includes routing a request from the principal for the IP address through a secure sockets layer (SSL) or a transport layer security (TLS) connection with the particular anonymizer, wherein the particular anonymizer acts as a proxy for the principal to connect and interact with the external resource at the IP address over the Internet.

8. A machine-implemented method implemented and residing in a non-transitory computer-readable medium and for processing on a processor-enabled device, comprising:
- receiving, by the processor-enabled device, a request to access an external resource over the Internet from a user within a firewall environment;
  
  determining, by the processor-enabled device, in response to a policy that the request is to be masked when routed over the Internet by having the processor-enabled device establish a secure connection with an anonymizer to access the external resource on behalf of the user; and
  
  routing, by the processor-enabled device, the request through the anonymizer that hides a relationship between the user and the external resource from network onlookers, the anonymizer selected from a list of available anonymizers also based on the evaluation of the policy, where different users or classes of users uses different ones of the anonymizers.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein receiving further includes intercepting the request at a proxy that manages traffic exiting and entering the firewall environment.
  - 10. The method of claim 8, wherein determining further includes acquiring an identity for the user and using the identity to select the policy.
  - 11. The method of claim 10, wherein acquiring further includes selecting the anonymizer in response to the identity of the user.
  - 12. The method of claim 8, wherein determining further includes randomly selecting the anonymizer from a list of available anonymizers.
  - 13. The method of claim 8, wherein routing further includes identifying the anonymizer as a first anonymizer in the list of anonymizers, wherein each anonymizer of the list passes the request to a next anonymizer of the list and a last anonymizer of the list passes the request to the external resource.
  - 14. The method of claim 8, wherein routing further includes establishing a secure sockets layer (SSL) virtual private network (VPN) connection between the user and the anonymizer for the anonymizer to handle the request on behalf of the user.

15. A computer-implemented system, comprising:
- a non-transitory computer-readable medium configured with a policy store residing in the non-transitory computer-readable medium and accessible to an anonymizer selection service; and
  
  a proxy machine that is a processor enabled device and is configured with the anonymizer selection service, the anonymizer executes on the proxy machine within a firewalled environment, wherein the proxy machine acts as an intermediary to Internet access from and to the firewalled environment;
  
  the anonymizer selection service intercepts uniform resource locator (URL) link requests from users within the firewalled environment that are directed to external world-wide web (WWW) sites and acquires policies from the policy store, evaluates the policies to determine when particular URL requests are to be re-routed through anonymizers to mask an Internet Protocol (IP) address of the firewalled environment from where the URL requests originate, each request is evaluated in view of a particular policy to select a particular anonymizer from the anonymizers to service that request and each request is tied to a secure connection between a particular user and a particular anonymizer.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the anonymizer selection service uses a variety of factors to acquire the policies from the policy store and when evaluating the policies.
  - 17. The system of claim 15, wherein the anonymizer selection service chains certain URL requests to lists of the anonymizers to further mask the IP address of the firewalled environment.
  - 18. The system of claim 15, wherein the anonymizer selection service is a transparent.
  - 19. The system of claim 15, wherein the anonymizer selection service is a forward proxy.
  - 20. The system of claim 15, wherein the anonymizer selection service randomly selects a number of the anonymizers for the URL requests to ensure no particular pattern can be detected from an observer outside the firewalled environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Burch, Lloyd Leon, Earl, Douglas G., Stilmar, Robert Skousen, Carter, Stephen R.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
KAPLAN, BENJAMIN A

Application Number

US12/036,523
Publication Number

US 20090217351A1
Time in Patent Office

1,709 Days
Field of Search

726/3, 726/11, 709/217, 709/238, 709/246
US Class Current

726/3
CPC Class Codes

H04L 63/0281 Proxies

H04L 63/0407 wherein the identity of one...

Techniques for anonymous internet access

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for anonymous internet access

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links