Identity broker tools and techniques for use with forward proxy computers

US 9,514,459 B1
Filed: 03/15/2001
Issued: 12/06/2016
Est. Priority Date: 03/24/2000
Status: Active Grant

First Claim

Patent Images

1. A method for managing identities while accessing the Internet, the method comprising the following steps performed with a forward proxy computer:

acquiring from a person by the forward proxy computer data that is placed by the forward proxy computer in an identity broker data structure defining a plurality of different identities for said person, and acquiring data that defines presentation information to identify and/or authenticate the forward proxy computer to a remote Internet site using one of said plurality of identities, the forward proxy computer acts on behalf of the person in interactions with the Internet site and preserves the anonymity of the person during those interactions with and between the remote Internet site, and the forward proxy computer supplies information to the remote Internet site to gain access thereto but preserves the anonymity of the person in that interaction;

receiving, by the forward proxy computer and from a user computer, a request by the person for desired information from the remote Internet site, the user computer configured to directly interact with the forward proxy computer, and the person via the user computer initially logs into the forward proxy computer and provides instructions to the forward proxy computer to communicate with the remote Internet site and to not reveal a true identity of the person or user computer to the remote Internet site, and the user computer retains administrative oversight of the forward proxy computer;

determining, by the forward proxy computer, which of the plurality of identities of the person should be used as a specified identity in making a corresponding request of the remote Internet site for the desired information;

presenting, by the forward proxy computer, the specified identity to the remote Internet site, the specified identity presented by using the presentation information, and masking the true identity of the person via the specified identity to preserve the anonymity of the true identity with respect to the remote Internet site;

requesting, by the forward proxy computer, the desired information from the remote Internet site in a communication by identifying the forward proxy computer as the source of the request, via the specified identity, so as to not identify the user computer;

receiving, by the forward proxy computer and from the remote Internet site identity information that identifies the forward proxy computer as the requester and identity-independent information;

forwarding, by the forward proxy computer, the identity-independent information to the user computer;

storing the identity information by the forward proxy computer in a storage location at the forward proxy computer, the identify information being stored as a cookie that can be written to by the remote Internet site in response to a communication from the remote Internet site; and

transparently operating the forward proxy computer relative to the remote Internet site as the specified identity in place of the user computer and forwarding identity-independent information from the remote Internet site to the user computer, and providing by the forward proxy computer identity substitution and identity mapping on behalf of the person.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A forward proxy can perform identity substitutions and related services. The user provides the forward proxy with identity information, and the forward proxy presents itself to remote Internet sites on behalf of the user in the guize of the specified identity. From the remote site'"'"'s point of view, the forward proxy is the machine being used by the user; the identity of the actual user machine can be hidden. Cookies are thus stored and updated at the forward proxy instead of being stored and updated at the user computer as they would be if a conventional forward proxy had been used. This helps preserve user privacy. The use of group identities, which are shared by multiple users, are also facilitated.

Citations

14 Claims

1. A method for managing identities while accessing the Internet, the method comprising the following steps performed with a forward proxy computer:
- acquiring from a person by the forward proxy computer data that is placed by the forward proxy computer in an identity broker data structure defining a plurality of different identities for said person, and acquiring data that defines presentation information to identify and/or authenticate the forward proxy computer to a remote Internet site using one of said plurality of identities, the forward proxy computer acts on behalf of the person in interactions with the Internet site and preserves the anonymity of the person during those interactions with and between the remote Internet site, and the forward proxy computer supplies information to the remote Internet site to gain access thereto but preserves the anonymity of the person in that interaction;
  
  receiving, by the forward proxy computer and from a user computer, a request by the person for desired information from the remote Internet site, the user computer configured to directly interact with the forward proxy computer, and the person via the user computer initially logs into the forward proxy computer and provides instructions to the forward proxy computer to communicate with the remote Internet site and to not reveal a true identity of the person or user computer to the remote Internet site, and the user computer retains administrative oversight of the forward proxy computer;
  
  determining, by the forward proxy computer, which of the plurality of identities of the person should be used as a specified identity in making a corresponding request of the remote Internet site for the desired information;
  
  presenting, by the forward proxy computer, the specified identity to the remote Internet site, the specified identity presented by using the presentation information, and masking the true identity of the person via the specified identity to preserve the anonymity of the true identity with respect to the remote Internet site;
  
  requesting, by the forward proxy computer, the desired information from the remote Internet site in a communication by identifying the forward proxy computer as the source of the request, via the specified identity, so as to not identify the user computer;
  
  receiving, by the forward proxy computer and from the remote Internet site identity information that identifies the forward proxy computer as the requester and identity-independent information;
  
  forwarding, by the forward proxy computer, the identity-independent information to the user computer;
  
  storing the identity information by the forward proxy computer in a storage location at the forward proxy computer, the identify information being stored as a cookie that can be written to by the remote Internet site in response to a communication from the remote Internet site; and
  
  transparently operating the forward proxy computer relative to the remote Internet site as the specified identity in place of the user computer and forwarding identity-independent information from the remote Internet site to the user computer, and providing by the forward proxy computer identity substitution and identity mapping on behalf of the person.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the determining step determines that the forward proxy computer should use a group identity which is shared by multiple persons.
  - 3. The method of claim 2, wherein the group identity is shared by persons having a shared interest in a particular topic.
  - 4. The method of claim 2, wherein the group identity is shared by persons belonging to a particular organization.
  - 5. The method of claim 2, wherein the method further comprises notifying a party responsible for a particular Internet site that persons using the group identity are concerned by apparent privacy violations involving the site.
  - 6. The method of claim 2, wherein the method further comprises notifying a party responsible for a particular Internet site that persons using the group identity are concerned by apparent violations at the site of an interest shared by at least a portion the persons who are using the group identity.
  - 7. The method of claim 2, wherein the method further comprises notifying a party responsible for a particular Internet site that persons using the group identity are concerned by false or misleading information posted at the site.
  - 8. The method of claim 2, wherein the method further comprises notifying a party responsible for a particular Internet site that persons using the group identity are concerned by intrusive actions by items sent from the site to such persons.
  - 9. The method of claim 2, wherein the method further comprises the forward proxy computer distinguishing between users with the group identity and those without when making an access control determination.
  - 10. The method of claim 2, wherein the method further comprises the forward proxy computer distinguishing between users with the group identity and those without when making a quality of service determination.
  - 11. The method of claim 2, wherein the remote Internet site provides commercial services or products under the group identity on different commercial terms than the terms on which it provides commercial services or products to other users.

12. A non-transitory computer-readable storage medium storing computer readable instructions which when executed by a forward proxy computer cause the forward proxy computer to perform the method comprising:
- receiving, by the forward proxy computer from a user, data which specifies a plurality of different identities for the user, and acquiring data which also includes presentation information to identify and/or authenticate the forward proxy computer as one of said plurality of identities of the user to a remote Internet site, the forward proxy computer acts as a proxy on behalf of the user in interactions with the remote Internet site and is operated for preserving the anonymity of the user during those interactions with the remote Internet site by masking a true identity of the user from the remote Internet site, and the forward proxy computer supplies information to gain access to the remote Internet site but preserves the anonymity of the identity of the user during that interaction, and the forward proxy computer operates on behalf of the user to provide identity substitution and identity mapping between the user and the remote Internet site;
  
  receiving, by the forward proxy computer from a user computer a request by the user for desired information from the remote Internet site, the user computer is configured to directly interact with the forward proxy computer, and the user via the user computer initially logs into the forward proxy computer and provides instructions to the forward proxy computer to not reveal a true identity of the user or user computer to the remote Internet site, and the user computer and the forward proxy computer communicate with one another via Hypertext Transfer Protocol (HTTP) and the user via HTTP communications and the user computer retains administrative oversight of the forward proxy computer;
  
  determining by the forward proxy computer which one identity of the plurality of identities of the user should be used as a specified identity in making a corresponding request of the remote Internet site for the desired information, and acquiring the specified identity from storage of the forward proxy computer;
  
  presenting by the forward proxy computer the specified identity to the remote Internet site by using the presentation information;
  
  requesting by the forward proxy computer the desired information from the remote Internet site in a communication which identifies the forward proxy computer as the source of the request via the specified identity, and which does not identify the user computer;
  
  receiving by the forward proxy computer from the remote Internet site identity information that identifies the forward proxy computer as the requesting source and receiving identity-independent information;
  
  forwarding by the forward proxy computer the identity-independent information to the user computer; and
  
  storing by the forward proxy computer the identity information in a storage location at the forward proxy computer, the identity information stored as a cookie that can be written to by the remote Internet site in response to a communication from the remote Internet site;
  
  transparently operating the forward proxy computer relative to the remote Internet site using the specified identity and forwarding identity-independent information from the remote Internet site to the user computer.
- View Dependent Claims (13, 14)
- - 13. The configured medium of claim 12, wherein the user computer does not store, at the user computer in a storage location which is written in response to communications from the remote Internet site, the same identity information which is stored at the forward proxy computer.
  - 14. The configured medium of claim 12, wherein the determining step determines that the forward proxy computer should use a group identity which is shared by multiple persons.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
EMC Corporation (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Doshi, Kshitij A., Ebrahimi, Hashem Mohammad, McClain, Carolyn B.
Primary Examiner(s)
Hewitt, II, Calvin L
Assistant Examiner(s)
Sherr, Cristina

Application Number

US09/809,501
Time in Patent Office

5,745 Days
Field of Search

705/64, 705/65, 705/66, 705/67, 705/68, 705/69, 705/70, 705/71, 705/72, 705/73, 705/74, 705/75, 705/76, 705/77, 705/78, 705/79, 709/217, 709/218, 709/219
US Class Current

1/1
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06Q 20/383   Anonymous user system

H04L 63/0281   Proxies

H04L 63/0407   wherein the identity of one...

H04L 63/08   for authentication of entit...

Identity broker tools and techniques for use with forward proxy computers

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Identity broker tools and techniques for use with forward proxy computers

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links