Identity broker tools and techniques for use with forward proxy computers
First Claim
1. A method for managing identities while accessing the Internet, the method comprising the following steps performed with a forward proxy computer:
- acquiring from a person by the forward proxy computer data that is placed by the forward proxy computer in an identity broker data structure defining a plurality of different identities for said person, and acquiring data that defines presentation information to identify and/or authenticate the forward proxy computer to a remote Internet site using one of said plurality of identities, the forward proxy computer acts on behalf of the person in interactions with the Internet site and preserves the anonymity of the person during those interactions with and between the remote Internet site, and the forward proxy computer supplies information to the remote Internet site to gain access thereto but preserves the anonymity of the person in that interaction;
receiving, by the forward proxy computer and from a user computer, a request by the person for desired information from the remote Internet site, the user computer configured to directly interact with the forward proxy computer, and the person via the user computer initially logs into the forward proxy computer and provides instructions to the forward proxy computer to communicate with the remote Internet site and to not reveal a true identity of the person or user computer to the remote Internet site, and the user computer retains administrative oversight of the forward proxy computer;
determining, by the forward proxy computer, which of the plurality of identities of the person should be used as a specified identity in making a corresponding request of the remote Internet site for the desired information;
presenting, by the forward proxy computer, the specified identity to the remote Internet site, the specified identity presented by using the presentation information, and masking the true identity of the person via the specified identity to preserve the anonymity of the true identity with respect to the remote Internet site;
requesting, by the forward proxy computer, the desired information from the remote Internet site in a communication by identifying the forward proxy computer as the source of the request, via the specified identity, so as to not identify the user computer;
receiving, by the forward proxy computer and from the remote Internet site identity information that identifies the forward proxy computer as the requester and identity-independent information;
forwarding, by the forward proxy computer, the identity-independent information to the user computer;
storing the identity information by the forward proxy computer in a storage location at the forward proxy computer, the identify information being stored as a cookie that can be written to by the remote Internet site in response to a communication from the remote Internet site; and
transparently operating the forward proxy computer relative to the remote Internet site as the specified identity in place of the user computer and forwarding identity-independent information from the remote Internet site to the user computer, and providing by the forward proxy computer identity substitution and identity mapping on behalf of the person.
7 Assignments
0 Petitions
Accused Products
Abstract
A forward proxy can perform identity substitutions and related services. The user provides the forward proxy with identity information, and the forward proxy presents itself to remote Internet sites on behalf of the user in the guize of the specified identity. From the remote site'"'"'s point of view, the forward proxy is the machine being used by the user; the identity of the actual user machine can be hidden. Cookies are thus stored and updated at the forward proxy instead of being stored and updated at the user computer as they would be if a conventional forward proxy had been used. This helps preserve user privacy. The use of group identities, which are shared by multiple users, are also facilitated.
-
Citations
14 Claims
-
1. A method for managing identities while accessing the Internet, the method comprising the following steps performed with a forward proxy computer:
-
acquiring from a person by the forward proxy computer data that is placed by the forward proxy computer in an identity broker data structure defining a plurality of different identities for said person, and acquiring data that defines presentation information to identify and/or authenticate the forward proxy computer to a remote Internet site using one of said plurality of identities, the forward proxy computer acts on behalf of the person in interactions with the Internet site and preserves the anonymity of the person during those interactions with and between the remote Internet site, and the forward proxy computer supplies information to the remote Internet site to gain access thereto but preserves the anonymity of the person in that interaction; receiving, by the forward proxy computer and from a user computer, a request by the person for desired information from the remote Internet site, the user computer configured to directly interact with the forward proxy computer, and the person via the user computer initially logs into the forward proxy computer and provides instructions to the forward proxy computer to communicate with the remote Internet site and to not reveal a true identity of the person or user computer to the remote Internet site, and the user computer retains administrative oversight of the forward proxy computer; determining, by the forward proxy computer, which of the plurality of identities of the person should be used as a specified identity in making a corresponding request of the remote Internet site for the desired information; presenting, by the forward proxy computer, the specified identity to the remote Internet site, the specified identity presented by using the presentation information, and masking the true identity of the person via the specified identity to preserve the anonymity of the true identity with respect to the remote Internet site; requesting, by the forward proxy computer, the desired information from the remote Internet site in a communication by identifying the forward proxy computer as the source of the request, via the specified identity, so as to not identify the user computer; receiving, by the forward proxy computer and from the remote Internet site identity information that identifies the forward proxy computer as the requester and identity-independent information; forwarding, by the forward proxy computer, the identity-independent information to the user computer; storing the identity information by the forward proxy computer in a storage location at the forward proxy computer, the identify information being stored as a cookie that can be written to by the remote Internet site in response to a communication from the remote Internet site; and transparently operating the forward proxy computer relative to the remote Internet site as the specified identity in place of the user computer and forwarding identity-independent information from the remote Internet site to the user computer, and providing by the forward proxy computer identity substitution and identity mapping on behalf of the person. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory computer-readable storage medium storing computer readable instructions which when executed by a forward proxy computer cause the forward proxy computer to perform the method comprising:
-
receiving, by the forward proxy computer from a user, data which specifies a plurality of different identities for the user, and acquiring data which also includes presentation information to identify and/or authenticate the forward proxy computer as one of said plurality of identities of the user to a remote Internet site, the forward proxy computer acts as a proxy on behalf of the user in interactions with the remote Internet site and is operated for preserving the anonymity of the user during those interactions with the remote Internet site by masking a true identity of the user from the remote Internet site, and the forward proxy computer supplies information to gain access to the remote Internet site but preserves the anonymity of the identity of the user during that interaction, and the forward proxy computer operates on behalf of the user to provide identity substitution and identity mapping between the user and the remote Internet site; receiving, by the forward proxy computer from a user computer a request by the user for desired information from the remote Internet site, the user computer is configured to directly interact with the forward proxy computer, and the user via the user computer initially logs into the forward proxy computer and provides instructions to the forward proxy computer to not reveal a true identity of the user or user computer to the remote Internet site, and the user computer and the forward proxy computer communicate with one another via Hypertext Transfer Protocol (HTTP) and the user via HTTP communications and the user computer retains administrative oversight of the forward proxy computer; determining by the forward proxy computer which one identity of the plurality of identities of the user should be used as a specified identity in making a corresponding request of the remote Internet site for the desired information, and acquiring the specified identity from storage of the forward proxy computer; presenting by the forward proxy computer the specified identity to the remote Internet site by using the presentation information; requesting by the forward proxy computer the desired information from the remote Internet site in a communication which identifies the forward proxy computer as the source of the request via the specified identity, and which does not identify the user computer; receiving by the forward proxy computer from the remote Internet site identity information that identifies the forward proxy computer as the requesting source and receiving identity-independent information; forwarding by the forward proxy computer the identity-independent information to the user computer; and storing by the forward proxy computer the identity information in a storage location at the forward proxy computer, the identity information stored as a cookie that can be written to by the remote Internet site in response to a communication from the remote Internet site; transparently operating the forward proxy computer relative to the remote Internet site using the specified identity and forwarding identity-independent information from the remote Internet site to the user computer. - View Dependent Claims (13, 14)
-
Specification