Techniques for anonymous internet access
First Claim
1. A machine-implemented method implemented in a non-transitory computer-readable medium and for processing on a processor-enabled device, comprising:
- inspecting, by the processor-enabled device, an Internet Protocol (IP) address that originates from a principal and that is directed to an external resource located over the Internet from the principal;
evaluating, by the processor-enabled device, a policy in response to the IP address of the external resource;
selecting, by the processor-enabled device, a particular anonymizer from a list of available anonymizers in response to the policy evaluation, a variety of external anonymizers are available in the list and based on the policy evaluation the particular anonymizer is selected; and
establishing, by the processor-enabled device, a secure connection between the principal and the particular anonymizer for the particular anonymizer to access the external resource on behalf of the principal, the processor-enabled device acting as a firewall proxy for the external resource and makes the secure connection with the particular anonymizer.
11 Assignments
0 Petitions
Accused Products
Abstract
Techniques are presented for anonymous Internet access. Internet requests are intercepted within a firewalled environment before being routed over the Internet to destination sites. Each Internet requests is evaluated in view of policy and one or more anonymizers are selected in response to that evaluation. The Internet requests are then routed through the appropriate anonymizers for processing to the destination sites. A relationship between an Internet Protocol (IP) address associated with the firewalled environment and IP addresses of the destination sites is masked and hidden via the anonymizers from Internet observers. Moreover, a secure communication between the firewalled environment and the anonymizers is maintained.
-
Citations
20 Claims
-
1. A machine-implemented method implemented in a non-transitory computer-readable medium and for processing on a processor-enabled device, comprising:
-
inspecting, by the processor-enabled device, an Internet Protocol (IP) address that originates from a principal and that is directed to an external resource located over the Internet from the principal; evaluating, by the processor-enabled device, a policy in response to the IP address of the external resource; selecting, by the processor-enabled device, a particular anonymizer from a list of available anonymizers in response to the policy evaluation, a variety of external anonymizers are available in the list and based on the policy evaluation the particular anonymizer is selected; and establishing, by the processor-enabled device, a secure connection between the principal and the particular anonymizer for the particular anonymizer to access the external resource on behalf of the principal, the processor-enabled device acting as a firewall proxy for the external resource and makes the secure connection with the particular anonymizer. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A machine-implemented method implemented and residing in a non-transitory computer-readable medium and for processing on a processor-enabled device, comprising:
-
receiving, by the processor-enabled device, a request to access an external resource over the Internet from a user within a firewall environment; determining, by the processor-enabled device, in response to a policy that the request is to be masked when routed over the Internet by having the processor-enabled device establish a secure connection with an anonymizer to access the external resource on behalf of the user; and routing, by the processor-enabled device, the request through the anonymizer that hides a relationship between the user and the external resource from network onlookers, the anonymizer selected from a list of available anonymizers also based on the evaluation of the policy, where different users or classes of users uses different ones of the anonymizers. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer-implemented system, comprising:
-
a non-transitory computer-readable medium configured with a policy store residing in the non-transitory computer-readable medium and accessible to an anonymizer selection service; and a proxy machine that is a processor enabled device and is configured with the anonymizer selection service, the anonymizer executes on the proxy machine within a firewalled environment, wherein the proxy machine acts as an intermediary to Internet access from and to the firewalled environment; the anonymizer selection service intercepts uniform resource locator (URL) link requests from users within the firewalled environment that are directed to external world-wide web (WWW) sites and acquires policies from the policy store, evaluates the policies to determine when particular URL requests are to be re-routed through anonymizers to mask an Internet Protocol (IP) address of the firewalled environment from where the URL requests originate, each request is evaluated in view of a particular policy to select a particular anonymizer from the anonymizers to service that request and each request is tied to a secure connection between a particular user and a particular anonymizer. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification