EP3472991A1 - Secure personal server system and method - Google Patents

Secure personal server system and method

Info

Publication number
EP3472991A1
EP3472991A1 EP16905665.2A EP16905665A EP3472991A1 EP 3472991 A1 EP3472991 A1 EP 3472991A1 EP 16905665 A EP16905665 A EP 16905665A EP 3472991 A1 EP3472991 A1 EP 3472991A1
Authority
EP
European Patent Office
Prior art keywords
computer
content
request
server
network address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP16905665.2A
Other languages
German (de)
French (fr)
Other versions
EP3472991A4 (en
Inventor
Eugene Lapidous
Artem Arsitov
Maxim Molchanov
Vamsi Krishna AMBATI
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Pango LLC
Original Assignee
AnchorFree Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by AnchorFree Inc filed Critical AnchorFree Inc
Publication of EP3472991A1 publication Critical patent/EP3472991A1/en
Publication of EP3472991A4 publication Critical patent/EP3472991A4/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0471Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Definitions

  • One of the problems of such implementation is unsecure data exchange between personal computer and remote client. Even if channel used for reverse communications is encrypted (for instance, a reverse SSH tunnel), this encryption doesn't protect the traffic between the content consumer and an intermediary server. Unauthorized third party can observe or modify that traffic, or even pose as content provider by redirecting DNS requests to its own IP address and responding to requested links.
  • End-to-end data security (for instance, by using HTTPS protocol between the personal content server and remote client) would require storing private SSL certificates on personal computers, which could be costly and hard to protect from unauthorized disclosure.
  • a method for providing access to content on a first computer includes:
  • connection server being enabled to provide reverse connections to the first computer
  • transmitting the translated request to the first computer is performed only in response to determining that a number of simultaneous connections to the first computer are less than a threshold.
  • the first type of communication protocol is hypertext transfer protocol secure (HTTPS) and the second type of communication protocol is hyper text transfer protocol (HTTP).
  • HTTPS hypertext transfer protocol secure
  • HTTP hyper text transfer protocol
  • the encrypted connection may be a transport-level tunnel and the protocol conversion module may be an HTTPS-to-HTTP proxy.
  • the method may include reporting, by the server system, availability of the content on the first computer to a routing module; receiving, by the routing module, reports of availability of content on a plurality of different computers from a plurality of intermediary servers; receiving, by the routing module, the request for the content on the first computer from the second computer; and routing, by the routing module, the request for the content on the first computer to the server system.
  • the server system and routing module may be in the same local network.
  • the server system may include a VPN server and a protocol conversion server, the VPN server performing establishing the encrypted connection with the first computer and the protocol conversion server implementing the protocol conversion module, the VPN server and protocol conversion server are in the same local computer.
  • the at least one intermediary server of the plurality of intermediary servers is in a different local network than the same local network.
  • a method for providing access to content on a personal computer includes:
  • VPN virtual private network
  • HTTP hyper text transfer protocol
  • the method further includes:
  • the server system comprises a protocol conversion proxy computer and a VPN server computer each located within a local network.
  • Translating the request message to the translated message may be performed by the protocol conversion proxy (PCP) computer.
  • Establishing the VPN tunnel to the personal computer may be performed by the VPN server computer.
  • the method may further include transmitting the translated message to the VPN server computer by the PCP and forwarding the translated message to the personal computer by the VPN server through the VPN tunnel.
  • PCP protocol conversion proxy
  • translating the response to the translated response is performed by the PCP computer.
  • the method may further include forwarding the response to the PCP computer by the VPN server computer and transmitting the translated response by the PCP computer to the requesting computer.
  • the method further includes reporting, by the server system, the posting URL to a routing module; receiving, by the routing module from a plurality of intermediary servers, other URLs referencing content on a plurality of other computers;
  • routing module receiving, by the routing module, the request request message; and routing, by the routing module, the request message to the server system.
  • the server system and routing module are in the same local network.
  • a computer-readable medium includes a non- transitory storage device and storing executable code effective instruct one or more processors to:
  • VPN virtual private network
  • the executable code includes instruction for instructing the one or more processors to transmit the invitation to access the content to the recipient computer system in at least one of a text message, email, message, and posting to a web site.
  • the invitation to access the content includes a domain name referencing a computer hosing the processor.
  • the executable code may be further effective to instruct the one or more processors to transmit the invitation to access the content to the recipient computer system in bypass of the intermediary server.
  • FIG. 1 is a diagram of a first network environment for sharing content from a provider's personal computer in accordance with an embodiment of the present invention
  • FIG. 2 is a process flow diagram of a method for sharing content from a provider's personal computer in accordance with an embodiment of the present invention
  • FIG. 3 is a diagram of a second network environment for sharing content including a protocol conversion proxy in accordance with an embodiment of the present invention
  • FIG. 4 is a process flow diagram of a method for sharing content using a protocol conversion proxy in accordance with an embodiment of the present invention
  • FIG. 5 is a diagram of a third network environment including both a protocol conversion proxy and VPN router in accordance with an embodiment of the present invention
  • FIG. 6 is a diagram of a fourth network environment including a protocol conversion proxy and domain name server in accordance with an embodiment of the present invention
  • FIG. 7 is a diagram of a fifth network environment for providing secure HTTPS connections between provider and consumer computers in accordance with an embodiment of the present invention
  • FIGs. 8A and 8B illustrate a process flow diagram of a method for providing secure HTTPS connections between provider and consumer computers in accordance with an embodiment of the present invention
  • FIG. 9 is a diagram of sixth network environment providing secure HTTPS connections between provider and consumer computers in accordance with an embodiment of the present invention.
  • FIG. 10 is a diagram of an example user interface for sharing content in accordance with an embodiment of the present invention.
  • FIG. 11 is a schematic block diagram of a computer system suitable for implementing methods in accordance with embodiments of the present invention.
  • a first computer establishes an encrypted connection with a connection server enabled to provide reverse connections.
  • a second computer issues request for the content available from the first computer while using communication protocol of a first type.
  • a protocol conversion module receives this request, converting it to communication protocol of a second type and forwarding it to a first computer through the encrypted reverse connection provided by the connection server.
  • the communication protocol of the first type at least partially encrypts exchanged data using the encryption key available to the protocol conversion module, while communication protocol of the second type does not encrypt at least some parts of the data encrypted by the protocol of the first type.
  • the first computer serves requested content only if one or more conditions are met, one of the conditions being that request is submitted through encrypted reverse connection from the connection server.
  • a content request is sent to the first computer only if one or more conditions are met, one of more of these conditions being provided by the first computer before second computer issues a content request.
  • preset condition is that number of simultaneous connections to the first computer doesn't exceed a threshold value.
  • the first computer announces content availability to a second computer in bypass of the protocol conversion module before second computer issues a content request.
  • this announcement comprises sending a link to the announced content through email, text message, instant message or a post to a web site accessible from the second computer.
  • the protocol of the first type is HTTPS
  • the protocol of the second type is HTTP
  • the encrypted connection is a transport-level tunnel and the connection server is a VPN server.
  • the protocol conversion module is an HTTP S-to-HTTP proxy.
  • a plurality of the first computers are connected to different intermediary servers through encrypted connections.
  • at least one intermediary server reports accessibility of the first computer associated with a content reference to a routing module.
  • the routing module receives content request associated with that content reference and routes it to the corresponding intermediary server.
  • the protocol conversion module and routing module are connected to the same local network, while at least one of the intermediary servers is connected to a different local network.
  • a plurality of content items are available from plurality of first computers are associated with a plurality of domain names containing identifiers of corresponding first computers.
  • the content items from at least two different first computers are accessible by issuing requests to different IP (internet protocol) addresses.
  • the second computer obtains the domain name referencing the first computer providing the requested content item and issues a request to a domain name server to resolve that domain.
  • the domain name server obtains information about a plurality of IP addresses associated with different domains and returns an IP address associated with requested domain.
  • a plurality of IP addresses point to plurality of protocol conversion modules, each of these modules forwarding the content request to a connection server that maintains encrypted connection with a first computer providing requested content.
  • the protocol conversion module resides on the same local network as connection server, thereby protecting the data exchange from external observation.
  • the protocol conversion module and connection server reside on the same node of the local network, associated with the same physical computer hardware.
  • a first computer establishes connection with a connection server enabled to provide reverse connections.
  • a second computer issues a request containing a reference to the content provided by a third computer.
  • the second computer receives a response containing a reference to the content provided by the first computer and then requests this content through the reverse connection to the first computer, where the data exchange between the first and the second computers is encrypted using a key known to the first second computer.
  • reference to the content provided to the first computer contains a domain name associated with encryption key known to the first computer and, upon detecting increased risk that encryption key could be compromised, the domain and associated encryption key are replaced without changing the reference to the content available from the third computer.
  • the first computer announces content availability to a second computer by providing a reference to the content available from the third computer, before the second computer issues a content request.
  • this announcement comprises sending a link to the announced content through email, text message, instant message or a post to a web site accessible from the second computer.
  • connection server is a VPN server.
  • connection server is a proxy server.
  • connection server is an SSH server.
  • data exchange between the first and the second computers is encrypted using HTTPS protocol
  • the first computer hosts an HTTPS server having access to a private SSL certificate for the HTTPS data exchange between the first and second computers.
  • data exchange between the second and the third computer uses the protocol different from the one used for the data exchange between the second and the first computers.
  • data exchange between the first and the second computers is encrypted using VPN protocol
  • the first computer contains VPN server.
  • data exchange between the first and the third computer is encrypted using the key known to the third computer.
  • data exchange between the first and the third computer is encrypted using HTTPS protocol and the third computer hosts an HTTPS server.
  • data exchange between the first and the third computer uses HTTP protocol.
  • the third computer is the same as the first computer.
  • the response from the second computer is an HTML document containing HTML element with a source referencing the content provided by the third computer.
  • the HTML element is selected from the group of an image, a video and an IFrame.
  • the response from the second computer is a redirection to the URL referencing the content provided by the third computer.
  • the first computer requests content from the second computer, receives a response containing a reference to the content available from the third computer, establishes an encrypted connection to the third computer, and requests the content over this connection.
  • the source IP addresses of the requests to the second and the third computer are compared and the risk that one of the encrypted connections established by the first computer is compromised is increased if these IP addresses don't match.
  • third computer establishes connection with a connection server enabled to provide reverse connection, and content request from the first computer to the third computer is sent through the connection server, while content request from the first computer to the second computer is sent in bypass of the connection server.
  • connection between the first and the second computers uses different encryption keys than the connection between the first and the third computers.
  • one of the two encrypted communication channels established by the first computer has lower risk of compromising its encryption than another channel, and detection that source IP addresses of the two requests don't match increases the probability that encryption channel with the higher security risk is compromised.
  • the encrypted connection between the first and the third computer has higher risk of being compromised than the connection between the first and the second computer.
  • the risk that the encrypted connection between the first and the third computers is increased if the request for the content referenced in the response from the second server doesn't arrive within a pre-defined time interval, for instance less than 10 seconds.
  • the reference to content available from the third computer is returned only if one or more conditions are met, otherwise a response is returned without the reference to that content.
  • reference to content available from the third computer is returned but made visible to the user only if one or more conditions are met.
  • the reference to the content available from the first computer is returned and that content is made visible only if at least one of the predefined conditions are met, including ones from the group of the content from the third computer being accessible less than a pre-defined time ago, the number of requests for that content didn't exceed the pre-defined count and the risk that encrypted connection with the third server remains low.
  • the response from the second computer is an HTML document containing an HTML element with a source referencing the content provided by the third computer. That HTML element has at least one attribute controlling its visibility.
  • this HTML element is selected from the group of an image, a video and an IFrame.
  • response from the second computer is a redirection to the URL referencing the content provided by the third computer.
  • detection that IP addresses do not match increases security risk for subsequent requests from at least one of these source IP addresses for the pre-defined time.
  • the risk that the encrypted connection with the third server is compromised is increased by a larger amount if the same source IP for the request to the content from the third server is observed after at least two requests for the content from the second server, said two requests having different source IPs.
  • one or more first computers issue requests to the same second computer, each first computer receiving a response containing plurality of references to content available from plurality of third computers.
  • the one or more first computers establish a plurality of encrypted connections to the referenced third computers and request a content over these connections.
  • Embodiments in accordance with the invention may be embodied as an apparatus, method, or computer program product. Accordingly, the invention may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.), or an embodiment combining software and hardware aspects that may all generally be referred to herein as a "module” or "system.” Furthermore, the invention may take the form of a computer program product embodied in any tangible medium of expression having computer-usable program code embodied in the medium.
  • a computer-readable medium may include one or more of a portable computer diskette, a hard disk, a random access memory (RAM) device, a read-only memory (ROM) device, an erasable programmable read-only memory (EPROM or Flash memory) device, a portable compact disc read-only memory (CDROM), an optical storage device, and a magnetic storage device.
  • a computer-readable medium may comprise any non-transitory medium that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
  • Computer program code for carrying out operations of the invention may be written in any combination of one or more programming languages, including an object-oriented programming language such as Java, Smalltalk, C++, or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages, and may also use descriptive or markup languages such as HTML, XML, JSON, and the like.
  • the program code may execute entirely on a computer system as a stand-alone software package, on a stand-alone hardware unit, partly on a remote computer spaced some distance from the computer, or entirely on a remote computer or server.
  • the remote computer may be connected to the computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
  • Computer networks may use transport protocols other than Internet Protocol.
  • present invention could be implemented for types of network addresses other than IP addresses.
  • These computer program instructions may also be stored in a non-transitory computer-readable medium that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer- readable medium produce an article of manufacture including instruction means which implement the function/act specified in the flowchart and/or block diagram block or blocks.
  • the computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
  • Fig. 1 illustrates an example network architecture 100 in which the methods disclosed herein may be implemented.
  • provider computer 102 establishes an encrypted connection with a connection server, such as the illustrated virtual private network (VPN) server 104 enabled to provide reverse connections.
  • a consumer computer 106 issues a request for content available from the first computer, such as content files 108 stored on the personal computer 102, video or images from a security camera 110, or files from network storage 112.
  • the security camera 114 and network storage may be coupled to the provider computer 102 by a local network 114, e.g. LAN or some other type of network.
  • the consumer computer 106 may issue requests using a communication protocol of a first type.
  • a protocol conversion proxy 116 receives this request, converting it to a communication protocol of a second type and forwarding it the provider computer 102 through the encrypted reverse connection provided by the VPN server 104.
  • the communication protocol of the first type at least partially encrypts exchanged data using an encryption key available to the protocol conversion proxy 116, while communication protocol of the second type does not encrypt at least some parts of the data encrypted by the protocol of the first type.
  • the protocol of the first type is HTTPS (hypertext transfer protocol secure), while protocol of the second type is HTTP (hyper text transfer protocol).
  • the encrypted connection between provider computer 102 and the VPN server 104 may be a transport-level tunnel.
  • the protocol conversion proxy 116 may be embodied as an HTTPS-to-HTTP proxy.
  • the provider computer 102 may be a personal computer hosting a personal server 118 enabled to serve local content files as well as data from the local network 1 14, for instance, from network attached storage 112 or security camera 110.
  • the provider computer 102 hosts a VPN client 120 that establishes the encrypted VPN tunnel 122 with VPN server 104, which provides reverse connection to the personal server 118 through the VPN tunnel 122.
  • provider computer 102 announces content availability to the consumer computer 106 in bypass of the protocol conversion proxy 116.
  • it sends a message with an HTTPS URL from provider's messaging application 124 to a corresponding messaging application 126 hosted by the consumer computer 106.
  • the messaging application may be any messaging application known in the art such as email, text message (SMS, MMS, iMessageTM, etc.), instant messenger, messages within a social media platform (TwitterTM, Facebook, LinkedlnTM, etc.).
  • the HTTPS URL may be communicated to the consumer computer 106 by the provider computer 102 by posting it to a known online location or using other communication methods known in the art.
  • Bypassing the protocol conversion proxy 116 allows for exchanging of additional information, such as a hash tag of the HTTPS URL that could be used for additional encryption with the knowledge of protocol conversion proxy 116.
  • An HTTPS browser 128 on the consumer computer 106 may issue a HTTPS request for the HTTPS URL received from the provider computer 102.
  • This request is received by protocol conversion proxy 1 16, which uses a private SSL (secure socket layer) certificate to decrypt received data and then send an HTTP request to the personal server 118 of the provider computer 102 through the reverse connection provided by VPN server 104.
  • the protocol conversion proxy 116 After receiving an HTTP response from the personal server 118, the protocol conversion proxy 116 transforms it into an HTTPS response, and sends it back to the HTTPS browser 128 of the consumer computer 106.
  • the VPN server 104 may additionally or alternatively include a proxy or an application-level tunnel server (such as a SSH server), capable of providing reverse connection through an encrypted channel.
  • a proxy or an application-level tunnel server such as a SSH server
  • the protocol of the first type could be any encrypted communication protocol between the consumer computer 106 and protocol conversion proxy 116, provided the consumer computer 106 hosts a client and protocol conversion proxy 116 hosts a server for such a protocol.
  • it could be a VPN tunnel (protocol conversion proxy 116 would host a VPN server and consumer computer 106 a VPN client), encrypted WebRTC (Web Real Time Communication) (protocol conversion proxy 116 would host a WebRTC module and consumer computer 106 would host a WebRTC client), or secure messaging protocol (protocol conversion proxy 116 would include a secure messaging server and consumer computer 106 would include a secure messaging client).
  • the protocol of the second type could be any protocol that provides data exchange without the need for the provider computer 102 to have access to sensitive encryption keys, such as unsecure FTP or any type of unprotected messaging.
  • provider computer 102 provides content only if one or more preset conditions are met, one of the conditions being that the request is submitted through encrypted reverse connection to the VPN server 104. Ensuring that only content requests coming through the encrypted connection with VPN server 104 allows taking advantage of additional access control measures, applied before content request reaches the client's computer; these access control measures are discussed below in reference to Figs. 3 and 4.
  • Fig. 2 illustrates a method 200 that may be performed using the environment 100 of Fig. 1.
  • the illustrated method 200 may be executed on the provider computer 102, such as by the personal server 118 executing on the provider computer 102.
  • the method 200 may include receiving 202 content, e.g. a designation of content, to be shared.
  • the content may be any file, such as an audio, video, image, or text file.
  • Receiving 202 the designation of content may include receiving designation of a file on the provider computer 102, network storage 112, video from the security camera 110, or some other source.
  • Receiving 202 the designation of content may include receiving a file name or the actual content of the file, for example a full path or URL pointing to the file.
  • the method 202 may further include sending 204 an invitation to access the content with a URL, URL A in the illustrated example.
  • the personal server 118 may assign URL A to correspond to the content received at step 202 in response to receiving 202 the instruction to share the content.
  • the method 202 may further include connecting 206 the provider computer 102 to the VPN server 104, such as by the VPN client 120.
  • the step of connecting 206 the provider computer 102 may be performed prior to and/or independent of the receiving 202 of content and sending 204 of the invite.
  • the provider computer 102 may maintain a connection to the VPN server 104 while the provider computer 102 is on and connected to a network, e.g. the Internet.
  • the method 202 may include listening 208 for requests for content.
  • the personal server 118 may listen for requests referencing URLs associated with shared content.
  • the personal server 118 may evaluate whether a response to the request is appropriate.
  • a request for content may include, for example, a URL associated with that content, such as the URL A assigned to content received at step 202.
  • Various content items may be shared and each may have a unique URL assigned thereto and which may be include in a request for content received.
  • the method 200 may include determining 210 whether the request was received through the VPN tunnel. If not, an error message may be returned 212 to the requestor, e.g. a source IP address included in the request, and no content is returned in response to the request.
  • an error message may be returned 212 to the requestor, e.g. a source IP address included in the request, and no content is returned in response to the request.
  • the method 200 may include evaluating 214 whether the request includes a valid URL. If not, then a corresponding error message is returned 212 and no content is returned in response to the request. If so, then the method 200 may include evaluating 216 whether the requestor is authorized. For example, step 216 may include evaluating some or all of a source IP address, username, password, or other authenticating or identifying information included in the request and comparing this information to information for invitees to whom invitations have been sent 204. If the requestor is not found 216 to correspond to an invitee that has been sent 204 an invitation or is otherwise not authorized, the method 200 may include returning 212 an error message without returning content requested by the request.
  • the method 200 may include evaluating 218 whether the provider computer 102 has sufficient resources to respond to the request. For example, resources evaluated may include CPU usage, bandwidth, a number of other requests currently being responded to, or the like. If resources required to respond to the request in view of current usage would exceed the capacity of the provider computer 102, an error message may be returned without returning the content requested by the request.
  • the evaluation of the conditions in steps 210-218 may be performed in any order and one or more of the steps 210-218 may be omitted in some embodiments. If all of the conditions evaluated in the particular embodiment are found to be met, then the content requested by the request is returned 220 to the requestor.
  • the content references by the request may be identified according to a mapping of a URL included in the request and the content. For example, the mapping between URL A and the content received at step 202 in the illustrated example. Returning of content may be performed through the VPN tunnel such that the VPN server 104 forwards the requested content to the requestor by way of the protocol conversion proxy 116 as discussed above.
  • Fig. 3 is a block diagram of an implementation 300 where multiple provider computers 102a, 102b are connected to the same connection server, e.g. VPN server 104.
  • Each provider computer 102a, 102b reports its identifier (e.g., dev idl, dev_id2), references to available content (e.g., URLl, URL2) to a module accessible by the VPN server, herein referred to as the access controller 302.
  • VPN server 104 Upon receiving a URL request from a protocol conversion proxy 116, VPN server 104 obtains the rules and identifiers associated with this request, e.g. the URL included in the request.
  • rules may be defined in response to received URLs from a particular device. For example, upon receiving URL A from computer 102a having identifier dev idl, a rule may be created that indicates that URL A is mapped to dev idl .
  • the VPN server 104 Upon receiving a request, the VPN server 104 applies the rules, and routes the request to the provider computer 102a, 102b in response to determining the provider computer 102a, 102b to correspond to the identifier mapped to the URL included in the request.
  • provider computers 102a, 102b announce their content to the access controller 302 (e.g. URLl and URL2, respectively) and the VPN server 104 stores a mapping between provider computers 102a, 102b and the URLs submitted thereby.
  • a request for URLl may be received.
  • the VPN server 104 then connects the request to provider computer 102a in response to determining that the stored mapping maps provider computer 102a to URLl .
  • multiple content requests could be processed at the same time period and be routed to multiple provider computers through the single VPN server 104 and protocol conversion proxy 116.
  • a content request is sent to the provider computer 102a, 102b identified by the request only if one or more preset conditions are met. For example, one or more conditions that are received from the provider computer 102a, 102b referenced by the request before a consumer computer 106 issues the request.
  • Fig. 4 depicts a method 400 wherein any provider computer of a plurality of provider computers, provider computer 102a in the illustrated example, receives 402 content, e.g. a designation of content as described above, for association with a URL, such as URL A.
  • the provider computer 102a connects 404 to the VPN server 104 and registers 406 as a provider of content for URL A.
  • Registering 406 the provider computer 102a as provider of content for URL A may include transmitting URL A to VPN server 104 along with one or more access rules for URL_A.
  • the VPN server 104 registers 408 the received URL_A and access rules with a connection identifier of the VPN client 120 of provider computer 102a from which they were received, thereby mapping the personal server 118 of the provider computer 102a to URL A.
  • the VPN server 104 may receive 410 a request for URL A.
  • VPN server 104 retrieves access rules registered 408 for URL A and applies these access rules.
  • the illustrated steps 412-420 illustrate examples of access rules that may be applied.
  • the received 410 request may be forwarded 422 to the provider computer 102a registered for URL A only if the provider computer 102a is found 412 to be accessible, the number of source IP addresses currently accessing provider computer 102a is found 416 to be less than a maximum number of users (Max Users), the traffic being output by provider computer 102a is found 418 to be less than a maximum bandwidth (Max Bandwidth), and the URL A of the request is not found 420 to have been expired.
  • the values of Max Users, Max Bandwidth, and the expiry period for the URL A that are evaluated at steps 416-420 may be specified in the access rules received from the provider computer 102a when registering URL A.
  • access rules could be stored and/or applied by another module accessible from the VPN server 104, such as the access controller 302 of Fig. 3.
  • the provider computer 102a Upon receiving a forwarded request, the provider computer 102a, such as using the personal server 118, responds to the request, such as by retrieving the content designated at step 402 as being associated with URL A and returning it to the source IP address included in the request. Returning the content may include transmitting the requested content over the VPN tunnel between the provider computer 102a and the VPN server 104.
  • the access rules described with respect to Fig. 4 advantageously protect the provider computer 102a from attacks common to content servers (e.g., denial of service, port scans, unauthorized consumers, etc.), as long as it only accepts content requests through the encrypted reverse connection to the VPN server 104.
  • content servers e.g., denial of service, port scans, unauthorized consumers, etc.
  • Fig. 5 is a block diagram of an implementation 500 where multiple provider computers 102a, 102b are connected to different connection servers, e.g. VPN servers 104a, 104b, while the consumer computer 106 is provided with URL1 pointing to a single protocol conversion proxy 116.
  • the implementation 500 may include a VPN router 500, enabled to route content requests to their providers based on URLs included in the requests and access rules associated with each URL.
  • each VPN server 104a, 104b After each provider computer 102a, 102b connects to a VPN server 104a, 104b, each VPN server 104a, 104b sends identifiers of the provider computers 102a, 102b connected thereto to the VPN router 500, together with an identifier of the each VPN server 104a, 104b.
  • each provider computer 102a, 102b registers with access controller 300 its own identifier and URLs of the content it can serve as well as access rules.
  • VPN router 500 Upon receiving a request for URLl from the protocol conversion proxy 116, VPN router 500 obtains the identifier of the provider computer 102a and access rules that are associated with URL1 from the Access Controller 512 and routes the request through the corresponding VPN server 104a that is associated with the identifier of the provider computer 102a. In this example, VPN router 500 also passes the access rules associated with URL1 to VPN server 104a together with URL. In other implementations, VPN router 500 may check some access rules (for instance, whether URL has expired) and blocking requests that do not meet those access rules that are checked.
  • VPN servers 104a, 140b may be placed at different geographic locations selected to be close to provider computers 102a, 102b, while protocol conversion proxy 116 and VPN router 500 may be placed in the single location, e.g. the same computer or same local network.
  • FIG. 6 is a block diagram of an implementation 600 where, in addition to connecting VPN clients 120 of various provider computers 102a, 102b to different VPN servers 104a, 104b, content consumers 106 can be connected to different protocol conversion proxies 116a, 116b. Instead of using a single protocol conversion proxy 116 and VPN router 500 to process every content request after it's issued by the consumer, this implementation uses a domain name server 602 to point consumer computer 106 to a protocol conversion proxy 116a, 116b associated with the correct VPN server 104a, 104b, without the need for VPN router 500.
  • protocol conversion proxy 116a, 116b resides on the same local network as the corresponding VPN server 104a, 104b, respectively (for example, in the same colocation).
  • both VPN server 104a, 104b and corresponding protocol conversion proxy 116a, 116b are located on the same node of the local network, associated with the same physical computer hardware.
  • the consumer computer 106 may issue a DNS (domain name service) request to resolve the HTTPS domain to an IP address.
  • DNS domain name service
  • Domain name server 602 is registered as an authoritative name server for the domains used by personal content URLs and therefore processes such requests.
  • a domain of the content URL announced to the consumer computer 106 (URLl) by provider computer 102a contains a reference to identifier of the connection between the provider computer 102a and VPN server 104a (for instance, dev_idl .maindomain.com).
  • Each protocol conversion proxy 116a, 116b may have access to a private wildcard SSL certificate (for instance, *. maindomain.com), which enables it to function as an HTTPS server for all requests matching this pattern.
  • a provider computer 102a After a provider computer 102a, 102b connects to a VPN server 104a,
  • the VPN server 104a, 104b informs domain name server 602 that the requests including the identifier associated with the connection to provider computer 102a, 102b should be routed through that VPN server 104a, 104b.
  • VPN server 104a, 104b informs the domain name server 602 that its association of the identifier of the provider computer 102a, 102b to the VPN server 104a, 104b is no longer valid.
  • domain name server 602 may set a time to leave (TTL) for its domains, after which the domains will expire and no longer be used to route requests.
  • TTL time to leave
  • domain name server 602 After receiving a request for a domain name, domain name server 602 matches it with connection identifiers reported by the VPN server 104a, 104b. If a match is found, the domain name server 602 responds with an IP address corresponding to the protocol conversion proxy 116a, 116b associated with that VPN server that reported the matching connection identifier. The consumer computer 106 receives the IP address of the appropriate protocol conversion proxy 116a, 116b and sends a request for URLl to that protocol conversion proxy 116a, 116b. Upon receiving the request the announced HTTPS URL (URLl), the protocol conversion proxy 116a, 116b passes the converted HTTP request to a corresponding VPN server 104a, 104b associated with URLl .
  • URLl HyperText Transfer Protocol
  • a provider computer 102a, 102b establishes a connection with a connection server, e.g. VPN server 104a, 104b, enabled to provide reverse connections.
  • a consumer computer 106 issues a request for content available on a server computer and receives a response containing reference to the content provided by the provider computer 102a, 102b and then requests this content through a reverse connection to the provider computer 102a, 102b, where the data exchange between the first and the second computers is encrypted using the keys known to the provider computer 102a, 102b and the consumer computer 106.
  • consumer computer 106 may issue a request for content associated with URL B from the provider computer 102.
  • This request passes though reverse connection between VPN server 104 and the VPN client of provider computer 102 and reaches the personal server 118 of the provider computer 102.
  • This reverse connection allows content request from the consumer computer 106 to reach the provider computer 102, even if external access to the provider computer 102 is blocked by a NAT or a firewall.
  • the VPN server 104 is capable of establishing reverse connections (for instance, Open VPN Server provided by the Open VPN Technologies Inc.). In other
  • the VPN server 104 may be replaced by a connection server that is a proxy or an application-level tunnel server (such as SSH server) capable of providing reverse connection.
  • a connection server that is a proxy or an application-level tunnel server (such as SSH server) capable of providing reverse connection.
  • data exchange between computers 102, 106 is encrypted by HTTPS protocol.
  • the request from the provider computer 106 is issued by HTTPS browser 128 on the consumer computer 106 and processed by the personal server 1 18, which may be embodied as an HTTPS server, on the provider computer 102.
  • the personal server 118 may have access to the private SSL certificate required to establish HTTPS connection for domain B, used by URL B.
  • Data exchange between provider and consumer computers 102, 106 of the content is encrypted end-to-end, remaining opaque to the intermediate modules such as VPN server 104.
  • consumer computer 106 could be protected by different encryption protocols, for instance, a VPN protocol such as IPSEC or L2TP.
  • consumer computer 106 may host a VPN client, while provider computer 102 has a VPN server, providing end-to-end encryption between provider computer 102 and consumer computer 106 of the content.
  • a VPN tunnel between consumer and provider computers 102, 106 may be further encapsulated by a VPN tunnel between provider computer 102 and VPN server 104, and proceeds without additional encapsulation from VPN server 104 to consumer computer 106.
  • consumer and provider may have different nodes of the messaging application 124, 126 that encrypts communications between clients using public/private key encryption or some other encryption means.
  • personal server 118 may be required to have access to an encryption key to establish end-to-end encryption with consumer computer 106.
  • the personal HTTPS server 702 may be required to have access to a private SSL certificate that authenticates that server 702 as provider of the content associated with a specific domain (domain B for HTTPS URL B, for example).
  • VPN server 104 obtains private SSL certificate from the SSL certificate provider 704 and then sends it to the provider computer 102 through the VPN client 120.
  • provider computer 102 may obtain private SSL certificate from provider 704 in bypass of the VPN server 104, for instance, by establishing direct secure connection with provider 704, thereby hiding private SSL certificate from observation.
  • the personal server 118 may need access to other types of private encryption keys. Because a personal computer, such as the provider computer 102, is less protected from unauthorized access than a server in a dedicated location, it increases the risk that such private certificate or a private key could be obtained by unauthorized third party. Such a third party could snoop on the data exchange (e.g., by making itself a man-in-the-middle), or become an impostor (announce availability of the content from unauthorized server).
  • protocol conversion proxy 116 to terminate SSL connection before it reached the provider computer 102.
  • protocol conversion proxy 116 to terminate SSL connection before it reached the provider computer 102.
  • it made HTTP traffic between the protocol conversion proxy 116 and personal server 118 open to observation by modules processing that traffic, such as protocol conversion proxy 116 and connection server, e.g. VPN server 104.
  • consumer computer 106 issues content request for URL A, served by a publicly accessible HTTPS server 702.
  • the SSL certificate accessible by that server 702 is considered safe, because server can be placed in a secure location.
  • consumer computer 106 obtains URL A from provider computer 102, which transmits URL A by sending a message from one messaging application 124 to the messaging application 126 executing on the consumer computer 106.
  • URL A could be sent via instant messaging, email, or posted to a known web site in the same manner discussed above with respect to step 204 of the method 200 of Fig. 2.
  • provider computer 102 sends a message to consumer computer 106 with a reference to the content available from a public HTTPS server in bypass of the VPN server 104, hiding at least the path and query portions of the URL A from observation.
  • public server 702 In response to a request for URL A, public server 702 returns URL B that references the content stored on provider computer 102, Such URL could be returned, for instance, as a source of IFrame, an image or a video embedded into HTML content, or as a redirection. It may be done immediately, or after few intermediate steps (for instance, chain of redirects, or nested IFrames).
  • Public server only needs to know which URL B to return in response to request for URL A; in one implementation, it can generate URL A containing a reference to a URL B and then send it to the content provider for distribution to the consumer.
  • URL may take a form "www.domain_A.com/index", where index is a reference to URL B provided by the personal server 118.
  • communications between provider computer 102 and server 702 a protected from interception by HTTPS encryption, or issued in bypass of server 104.
  • URL B could easily be replaced with the one using a different SSL certificate, without changing the link to URL A known to the consumer.
  • VPN server 104 selects new domain_B, obtains new SSL certificate for that domain from SSL certificate provider 704 and then passes new domain B and new SSL certificate to the personal HTTPS server 118.
  • provider computer 102 may select new domain B by itself and receive the updated certificate from the SSL certificate provider without making it known to a VPN server.
  • provider computer 102 could be considered "high security risk" and denied the ability to serve its content, instead of providing the new SSL certificate.
  • different communication protocols are used to obtain content announced by the provider than to obtain content from the personal server.
  • request for HTTPS URL A sent to the public server 702 may return updated host name of the Personal VPN server (for instance, IPSEC server) on provider computer 102. If such host name should be replaced, URL A will return its replacement and may notify the consumer that settings of the local VPN client should be updated.
  • request for URL A could use HTTP protocol (for instance, only to return a redirect to HTTPS URL B), while request for URL B could use HTTPS protocol to protect sensitive content.
  • servers that return public content and personal content may be located on the same personal computer.
  • content referenced by the URL A may be served by a HTTP server on provider computer 102 and content served by URL B is served by a personal HTTPS server also executing on provider computer 102.
  • consumer computer 106 requests content from public HTTPS server 702 and receives a response containing a reference to a content available from the provider computer 102.
  • the consumer computer 106 establishes an encrypted connection to the provider computer 102 and requests a content over this connection.
  • the source IP addresses of the requests to the public HTTPS server 702 and provider computer 102 are compared. If these IP addresses do not match, it indicates an increased risk that one of the encrypted connections established by the consumer computer 106 to these IP addresses is compromised.
  • the connection between the consumer computer 106 and public HTTPS server 702 uses different encryption keys than the connection between the consumer computer 106 and provider computer 102.
  • detection that source IP addresses of the two requests don't match increases the probability that the encrypted channel with the higher security risk is compromised.
  • the provider computer 102 establishes a connection with a connection server, e.g. VPN server 104, enabled to provide reverse connection, and a content request from the consumer computer 106 to the provider computer 102 is sent through this connection server, while the content request from the consumer computer 106 to the public HTTPS server 702 is sent in bypass of this connection server.
  • a connection server e.g. VPN server 104
  • the encrypted connection between the consumer computer 106 and the provider computer 102 has higher risk of interception if provider computer 102 is a personal computer, storing its private encryption keys in the less secure location than the public HTTPS server 702.
  • the server 702 reports the source IP of consumer computer 106 used to request URL A to VPN server 104, which compares it with a source IP of request for URL B. If the source IPs are different, it increases the risk that an unauthorized third party has obtained the private SSL certificate for domain B corresponding to HTTPS URL B, changed the DNS response (for instance, through DNS cache poisoning) to point domain B to its own server, and performed a "man-in-the-middle" attack, i.e. created two separate HTTPS connections with provider computer 102 and consumer computer 106 instead of one HTTPS connection between consumer and provider computers 106, 102, thereby gaining an ability to intercept and modify their HTTPS traffic.
  • This implementation helps to detect interference from the third party server that has a different public IP address than consumer computer 106.
  • the risk that the encrypted connection between the consumer and provider computers 106, 102 is increased if the request for the content referenced in the response from the public HTTPS server 702 does not arrive within a pre-defined time interval, for instance having a value smaller than 10 seconds, or some other time period. If time between requests from the same IP address exceeds that interval, it may indicate additional time used to intercept the traffic, for instance by routing it though the data channels under third party control. If the request for the content referenced in the response from the public HTTPS server 702 does not arrive at all, it may indicate an impostor, pretending to be a content provider but responding with its own content. This implementation helps to identify interference from the third party even if source IP address doesn't change (for instance, if third party uses deep packet inspection, decoding the observed packets with a compromised SSL certificate).
  • Figs. 8 A and 8B illustrates a method 800 such as may be used for the implementation of Fig. 7, where both the server that receives the first content request (public server 702) and the server that receives the second content request (VPN server 104) perform the checks that protect provider computer 102 from invalid or compromised requests.
  • the method 800 may include receiving 802, on the provider computer
  • the provider computer 102 may receive 804 a security certificate, such as a secure socket layer (SSL) certificate.
  • SSL secure socket layer
  • the provider computer 102 may request an SSL certificate for domain B corresponding to URL B from a SSL certificate provider 704 (see Fig. 7) and receive the requested SSL certificate.
  • the provider computer 102 may further connect 806 to the VPN server
  • the provider computer 102 may be connected 806 to the VPN server 104 prior to steps 802, 804. For example, the provider computer 102 may request and receive 804 the SSL certificate through the VPN server 104.
  • the method 800 may include receiving 808 URL A from the public server 702.
  • the provider computer 102 may request a unique URL in order to associate it with the content identified at step 802.
  • the public server 702 may return URL A, which is then received 808 by the provider computer 102 and associated with the content received at step 802 to URL A.
  • the provider computer 102 may then specify 810 to the public server 702 that URL B is associated with URL A.
  • the provider computer 102 may further specify access rules for URL A and URL B.
  • the provider computer 102 may further send 812 an invitation including URL A to one or more consumer computers 106, such as using any of the messaging applications described above.
  • the public server 702 may receive 814 a request for URL A, such as from the consumer computer 106 that received the invitation sent at step 812.
  • the public server 702 may then apply one or more access rules according to steps 816-820 as received at step 808 or set as default access rules.
  • URL B associated with URL A may be ignored.
  • URL B may expire after some period after the certificate for domain B is generated.
  • URL B may also expire after having been returned to requestors some set number of times. Accordingly, if one or more of these expiration conditions are met, the request is ignored 818 by the public server 702 such that URL B is not returned in response to the request including URL A.
  • the public server 702 may further evaluate 820 whether URL B may be accessed by the requestor.
  • the access rules for URL B may specify an identifier, password, source IP address, or other identifying information for one or more requestors that are authorized to receive URL B in response to a request for URL A. Accordingly, if the request is not found 820 to include such an identifier for an authorized requestor, the request may be ignored 818.
  • a response may nonetheless be returned to a requestor in response to a request for URL A.
  • content associated with URL A by the public server 702 may be returned to the requestor but not include URL B.
  • the public server 702 may replace the link to
  • URL B in a response to the request with a message that would inform the consumer that the content associated with URL B is not available.
  • the public server 702 may include in a response to the requestor interface elements that would allow consumer to access provider's content - for example, provide authorization credentials, or send provider computer 102 a message requesting to increase maximal access count for requested content.
  • the public server 702 determines that a request should be ignored 818, it returns content referred by the announced URL (URL A) with a link to provider's content (URL B), but hides provider's content from observation by the consumer. For instance, the public server may set a visibility attribute of an HTML IFrame loaded from URL B to the value "hidden.”
  • VPN server 104 is informed about the source IP of the request received at step 814 and can compare it with the source IP of a second request for URL B, but the requestor will not be able to view the requested content.
  • the public server 702 may change the link to provider's content (e.g. URL B) in a response to a request to URL A to another link accessible from the same domain, letting the requestor know that returned content will not be displayed.
  • the method 800 may include returning 822 content associated with URL A by the public server 702 to the requestor.
  • the content for URL A may include URL B.
  • the public server 702 may further send 824 a message to the VPN server 104 indicating that a request for URL B was received from the requestor, the message including the source IP address of the requestor and possibly other identifying information.
  • the public server 702 does not return URL B to the requestor in response to a request, the public server 702 does not inform the VPN server 104 or other modules of the request.
  • the method 800 may continue with the VPN server 104 receiving a request for URL B addressed to provider computer 102.
  • the VPN server 104 evaluates 828 if the source IP of the request for URL B is the same that was used for the request for URL A received at step 814. If the source IPs are found to not match, the VPN server may mark 830 at least one of them as suspicious, treating any requests from that source IP as indications of compromised security. If checks performed by the VPN server 104 indicate that security risk is increased above pre-defined threshold, the VPN server 104 may notify 832 the provider computer 102 assigned URL B that domain B may be compromised and block 834 the request for URL B from reaching provider computer 102.
  • the provider computer may replace domain B and its SSL certificate with another domain and certificate.
  • the new domain and certificate may be mapped to the original announced URL (URL A)
  • the public server 702 may be informed of the mapping and one or more access rules in the same manner as for URL B. In this manner, consumer computers 106 may still access the content associated with URL A using URL A notwithstanding the new mapping.
  • determining 828 that the source IP addresses do not match will mark one or both of the source IP address as suspicious for a pre-defined time.
  • security risk may be accumulated over time. For example, upon each determining 828 that source IP addresses do not match for the requests for URL A and URL B, the security risk of URL B may be incremented. Upon the security risk exceeding a threshold condition, URL B may be deemed compromised and steps 830-836 may be performed.
  • a security risk that the encrypted connection with the provider computer 102 is compromised is increased by a larger amount if the same first source IP is included in two or more request for URL B after being notified by public server 702 of two or more source IPs in requests for URL A that are different from one another.
  • the request is forwarded 840 to the provider computer 102.
  • the provider computer then establishes an encrypted HTTPS connection to the requestor and provides 842 the content associated with URL B to the requestor over the encrypted connection. If the source IP of the request received at step 826 is found 838 to have previously failed the check at step 828, the request may be blocked 834.
  • the system of Fig. 7 and the method of Figs. 8A and 8B provide for improved detection of compromised domains associated with personal content by comparing source IPs for different requested domains.
  • the systems and methods of Figs. 7, 8 A and 8B may be implemented without establishing end-to-end encrypted communication channel between the consumer computer 106 and provider computer 102, i.e. the comparing of the source IP addresses may detect unauthorized activity even without an encrypted connection between computers 102, 106.
  • Fig.9 depict an embodiment in which HTTPS requests for the personal content from plurality of provider computers 102a, 102b are sent to plurality of protocol conversion proxies 116a, 116b, which convert them into HTTP requests and forward them to the content providers through reverse connections established by VPN servers 104a, 104b.
  • each provider computer 102a, 102b uses different domains (for example, domain Bl, domain_B2 for provider computer 102a, 102b, respectively).
  • Each protocol conversion proxy 116a, 116b obtains SSL certificates for the corresponding domains from the SSL certificate provider 704 (in other instance, previously obtained certificates may be requested from secure storage).
  • a provider computer 102a, 102b announces availability of a URL.
  • provider computer 102a may announce content associated with URL Al to consumer computer 106, such as by using a messaging applications 124, 126.
  • the content of URL A may be served by the public HTTPS server 702, which contains references to the content from two different personal content providers (URL Bl, URL B2 for provider computers 102a, 102b, respectively).
  • Content may be, for instance, two images or IFrames with different source URLs embedded into HTML content.
  • Public server 702 reports the source IP of the consumer computer 106 requesting the announced URL (URL A, for example) to each protocol conversion proxy that serves domain returned after request to URL A.
  • the corresponding conversion proxies 116a, 116b compare the source IPs of requests for URL B 1 and URL B2 with the source IP reported by the public server 702 as being included in requests for URL A. If the source IPs don't match, or request for the private content doesn't arrive, it increases the risk that the security of corresponding domain (domain Bl or domain_B2), respectively, is compromised.
  • protocol conversion proxy 116a, 116b may select a replacement for the compromised domain and ask for another SSL certificate from SSL certificate provider 704.
  • a service provider may decide to move protocol conversion proxy 116a, 116b (possibly, together with the corresponding VPN server 104a, 104b) to another colocation, before requesting another private SSL certificate.
  • each of the provider computers 102a, 102b specifies access rules for its content.
  • each set of rules may be split into two parts: private rules, enforced by VPN servers 104a, 104b (for instance, number of simultaneously connected users, or maximal bandwidth), and public rules enforced by a Public HTTPS server 702 (for instance, maximal number of access requests from the same user, or expiration time).
  • Each provider computer 102a, 102b reports the rules to the access controller 302, which forwards them to the appropriate VPN servers 104a, 104b and the Public HTTPS server 702.
  • public server 702 keeps the history of previous requests to the personal content, such as a count of requests from the same user and time until content expires. This history can be accessed without the knowledge about the details of the personal content.
  • public server 702 may belong to a third party aggregator, having its own private SSL certificate that is not available to the servers that process personal content (e.g. VPN server 104a, 104b, protocol conversion proxies 116a, 116b, etc.). Even if this certificate is compromised, it will therefore not affect the security of the personal content.
  • Fig.10 depicts an example interface 1000 including the content presented by a third party aggregator, e.g. private social network, on a consumer computer 106, where references to personal content items from different provider computers 102a, 102b are displayed within the parent content provided by the public server 702.
  • public server 702 decides which content to display, hiding or blocking the content that doesn't satisfy public access rules. In this instance, only allowed content is displayed ("Sharing now").
  • public server 702 may include a placeholder for the blocked content ("Please, visit later to see more").
  • public server 702 may display in the interface 1000 metadata about personal content items and provides interface elements to update this metadata: time since the content was provided 1002, feedback statistics and user interface 1004, 1006, notification that content will be hidden after this view and ability to change this rule 1008, 1010.
  • This metadata is provided by the public server 702 without the knowledge what content is actually displayed by the users.
  • the user of the consumer computer 106 may change or delete it without consent from the third party aggregator.
  • Personal content providers can collect their own statistics, or communicate with their friends without the knowledge of the public server. For instance, personal content provider can ask for specific user feedback, such as with user interface element 1012 or privately exchange text messages using interface elements 1014, 1016.
  • a new provider of personal content may receive a public URL (URL A) from the public server, obtain SSL certificate for the domain associated with personal content (domain B), and provide replaceable URL referencing personal content (URL B) to the public server 702.
  • Button 1010 may invoke announcement of the public URL referencing the personal content of interest to other consumers, for instance by sending an email, text message, or some other type of message.
  • Fig. 11 is a block diagram illustrating an example computing device 11 which may embody any of the computers and servers disclosed herein.
  • Computing device 1100 may be used to perform various procedures, such as those discussed herein.
  • Computing device 1100 can function as a server, a client, or any other computing entity.
  • Computing device can perform various monitoring functions as discussed herein, and can execute one or more application programs, such as the application programs described herein.
  • Computing device 1100 can be any of a wide variety of computing devices, such as a desktop computer, a notebook computer, a server computer, a handheld computer, tablet computer and the like.
  • Computing device 1100 includes one or more processor(s) 1102, one or more memory device(s) 1104, one or more interface(s) 1106, one or more mass storage device(s) 1108, one or more Input/Output (I/O) device(s) 1110, and a display device 1130 all of which are coupled to a bus 1112.
  • Processor(s) 1102 include one or more processors or controllers that execute instructions stored in memory device(s) 1104 and/or mass storage device(s) 1108.
  • Processor(s) 1102 may also include various types of computer-readable media, such as cache memory.
  • Memory device(s) 1104 include various computer-readable media, such as volatile memory (e.g., random access memory (RAM) 1114) and/or nonvolatile memory (e.g., read-only memory (ROM) 1116). Memory device(s) 1104 may also include rewritable ROM, such as Flash memory.
  • volatile memory e.g., random access memory (RAM) 111
  • ROM read-only memory
  • Memory device(s) 1104 may also include rewritable ROM, such as Flash memory.
  • Mass storage device(s) 1108 include various computer readable media, such as magnetic tapes, magnetic disks, optical disks, solid-state memory (e.g., Flash memory), and so forth. As shown in Fig. 11, a particular mass storage device is a hard disk drive 1124. Various drives may also be included in mass storage device(s) 1108 to enable reading from and/or writing to the various computer readable media. Mass storage device(s) 1108 include removable media 1126 and/or non-removable media.
  • I/O device(s) 1110 include various devices that allow data and/or other information to be input to or retrieved from computing device 1100.
  • Example I/O device(s) 1110 include cursor control devices, keyboards, keypads, microphones, monitors or other display devices, speakers, printers, network interface cards, modems, lenses, CCDs or other image capture devices, and the like.
  • Display device 1130 includes any type of device capable of displaying information to one or more users of computing device 1100. Examples of display device 1130 include a monitor, display terminal, video projection device, and the like.
  • Interface(s) 1106 include various interfaces that allow computing device 1100 to interact with other systems, devices, or computing environments.
  • Example interface(s) 1106 include any number of different network interfaces 1120, such as interfaces to local area networks (LANs), wide area networks (WANs), wireless networks, and the Internet.
  • Other interface(s) include user interface 1118 and peripheral device interface 1122.
  • the interface(s) 1106 may also include one or more user interface elements 1118.
  • the interface(s) 1106 may also include one or more peripheral interfaces such as interfaces for printers, pointing devices (mice, track pad, etc.), keyboards, and the like.
  • Bus 1112 allows processor(s) 1102, memory device(s) 1104, interface(s)
  • Bus 1112 represents one or more of several types of bus structures, such as a system bus, PCI bus, IEEE 1394 bus, USB bus, and so forth.
  • programs and other executable program components are shown herein as discrete blocks, although it is understood that such programs and components may reside at various times in different storage components of computing device 1100, and are executed by processor(s) 1102.
  • the systems and procedures described herein can be implemented in hardware, or a combination of hardware, software, and/or firmware.
  • one or more application specific integrated circuits (ASICs) can be programmed to carry out one or more of the systems and procedures described herein.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

A provider computer announces content to the provider computer and establishes a secure connection to a VPN server. Requests for the content are received in one protocol (HTTPS) from the consumer computer and forwarded to the VPN server in a less secure protocol (HTTP) by a protocol conversion proxy, which then forwards the request to the provider computer. A public URL and secure URL may be associated with the same content. The public URL is announced to a consumer computer. A public server receives the public URL and returns the secure URL, which consumer computer uses to establish a secure connection to the provider computer. Upon the secure URL being compromised, a new secure URL is associated with the public URL. The source IP addresses of requests for the public and secure URLs may be compared to determine whether the secure URL is compromised.

Description

TITLE: SECURE PERSONAL SERVER SYSTEM AND METHOD
RELATED APPLICATIONS
[0001] This application claims the benefit of U.S. Provisional Application Serial No. 62/100,788, filed 1/7/2015 and entitled Secure Personal Server, which is hereby incorporated herein by reference in its entirety.
BACKGROUND
[0002] Internet users generate large amounts of content, such as images, video and audio files. Users can share selected files by sending messages to friends, or by posting to known web sites, such as social networks, image or video galleries.
[0003] However, the amount of the content generated by many users is too large for distribution through these channels. Uploading all this content to the online storage servers is often costly or impractical. For instance, security videos generated by web cameras could consume large amount of storage, with only small portions of these videos being used for detailed reviews. Large collections of personal images may have relatively few pictures repeatedly viewed at high resolution, etc. Another problem with uploading the content to the online storage is a potential breach of privacy and disclosure of sensitive content.
[0004] These problems could be resolved if user-generated content, stored on a personal computer, is made available for remote access by installing a local web server addressable by a public domain name. However, many personal computers are located behind the routers that use Network Address Translation (NAT). Such routers usually don't allow external access to their local networks; custom configuration changes to relax these restrictions, such as port forwarding, may decrease security of computers on the local network, exposing them to outside threats such as denial of service attacks, extensive port scanning and exploits of known vulnerabilities.
[0005] It is possible to bypass router restrictions on external access without custom configuration changes, by establishing communication channel with an intermediary server capable of supporting reverse connections. After initial connection is established between the personal computer and the intermediary server, that server can forward request from remote client through a reverse connection to the personal computer and forward the response from the personal content server back to the remote client. One such implementation was done by the Opera Software ASA corporation under the name Opera Unite™. This implementation enables remote client to view user's content without installing additional software: any standard web browser can open the web page served by the personal HTTP server through the reverse connection.
[0006] One of the problems of such implementation is unsecure data exchange between personal computer and remote client. Even if channel used for reverse communications is encrypted (for instance, a reverse SSH tunnel), this encryption doesn't protect the traffic between the content consumer and an intermediary server. Unauthorized third party can observe or modify that traffic, or even pose as content provider by redirecting DNS requests to its own IP address and responding to requested links.
[0007] End-to-end data security (for instance, by using HTTPS protocol between the personal content server and remote client) would require storing private SSL certificates on personal computers, which could be costly and hard to protect from unauthorized disclosure.
[0008] Therefore, there is a need to enable secure sharing of user's content with remote clients without first uploading it to remote servers, performing unsecure modifications of router configurations or requiring remote clients to install additional software.
SUMMARY OF THE INVENTION
[0009] In one aspect of the invention, a method for providing access to content on a first computer includes:
1. establishing, by a server system, an encrypted connection with the first computer, the connection server being enabled to provide reverse connections to the first computer;
2. receiving, by the server system, from a second computer a request for the content on the first computer, the request being performed using a first type of
communication protocol; and
3. converting, by the server system, using a protocol conversion module the request for the content to a translated request having a second type of communication protocol, where the first type of communication protocol at least partially encrypts exchanged data using an encryption key available to the protocol conversion module whereas the second type of communication protocol does not encrypt at least some parts of the translated request for which corresponding parts of the request for content are encrypted by the first type of communication protocol.
[0010] In some implementations, transmitting the translated request to the first computer is performed only in response to determining that a number of simultaneous connections to the first computer are less than a threshold. [0011] In some implementations, the first type of communication protocol is hypertext transfer protocol secure (HTTPS) and the second type of communication protocol is hyper text transfer protocol (HTTP). The encrypted connection may be a transport-level tunnel and the protocol conversion module may be an HTTPS-to-HTTP proxy.
[0012] In some embodiments, the method may include reporting, by the server system, availability of the content on the first computer to a routing module; receiving, by the routing module, reports of availability of content on a plurality of different computers from a plurality of intermediary servers; receiving, by the routing module, the request for the content on the first computer from the second computer; and routing, by the routing module, the request for the content on the first computer to the server system.
[0013] The server system and routing module may be in the same local network. The server system may include a VPN server and a protocol conversion server, the VPN server performing establishing the encrypted connection with the first computer and the protocol conversion server implementing the protocol conversion module, the VPN server and protocol conversion server are in the same local computer. In some embodiments, the at least one intermediary server of the plurality of intermediary servers is in a different local network than the same local network.
1. In another aspect of the invention, a method for providing access to content on a personal computer includes:
2. receiving, by a server system from the personal computer, a posting message, the posting message including a posting uniform resource locator (URL) and referencing content on the personal computer; 3. receiving, by the server system, a request message from a requesting computer, the request message including the posting URL and having hyper text transfer protocol secure (HTTPS) request formatting;
4. establishing, by the server system, a virtual private network (VPN) tunnel to the
personal computer;
5. translating, by the server system, the request message to a translated message
including the posting URL and having hyper text transfer protocol (HTTP) request formatting; and
6. transmitting, by the server system, the translated message to the personal computer within the VPN tunnel.
[0014] In some implementations, the method further includes:
1. receiving, by the server system, a response to the translated message from the
personal computer, the response having HTTP response formatting;
2. translating, by the server system, the response to a translated response having HTTPS response formatting; and
3. transmitting, by the server system, the translated response to the requesting computer.
[0015] In some implementations, the server system comprises a protocol conversion proxy computer and a VPN server computer each located within a local network. Translating the request message to the translated message may be performed by the protocol conversion proxy (PCP) computer. Establishing the VPN tunnel to the personal computer may be performed by the VPN server computer. The method may further include transmitting the translated message to the VPN server computer by the PCP and forwarding the translated message to the personal computer by the VPN server through the VPN tunnel.
[0016] In some implementations, translating the response to the translated response is performed by the PCP computer. The method may further include forwarding the response to the PCP computer by the VPN server computer and transmitting the translated response by the PCP computer to the requesting computer.
[0017] In some implementations, the method further includes reporting, by the server system, the posting URL to a routing module; receiving, by the routing module from a plurality of intermediary servers, other URLs referencing content on a plurality of other computers;
receiving, by the routing module, the request request message; and routing, by the routing module, the request message to the server system.
[0018] In some embodiments, the server system and routing module are in the same local network.
[0019] In another aspect of the invention, a computer-readable medium includes a non- transitory storage device and storing executable code effective instruct one or more processors to:
1. receive an instruction to make content available to a recipient computer system;
2. in response to the instruction to make the content available to a recipient computer system, transmit an invitation to access the content to the recipient computer system;
3. establish an encrypted virtual private network (VPN) connection to an intermediary server system;
4. receive one or more requests for the content; and
5. for each request of the one or more requests— only if the each request is both of received from the intermediary server and through the encrypted VPN connection, transmitting the content to the intermediary server over the encrypted VPN connection; and if the each request is not both of received from the intermediary server and through the encrypted VPN connection, refraining from transmitting the content to the intermediary server over the encrypted VPN connection.
[0020] In some implementations, the executable code includes instruction for instructing the one or more processors to transmit the invitation to access the content to the recipient computer system in at least one of a text message, email, message, and posting to a web site. The invitation to access the content includes a domain name referencing a computer hosing the processor. The executable code may be further effective to instruct the one or more processors to transmit the invitation to access the content to the recipient computer system in bypass of the intermediary server.
BRIEF DESCRIPTION OF THE FIGURES
[0021] In order that the advantages of the invention will be readily understood, a more particular description of the invention briefly described above will be rendered by reference to specific embodiments illustrated in the appended drawings. Understanding that these drawings depict only typical embodiments of the invention and are not therefore to be considered limiting of its scope, the invention will be described and explained with additional specificity and detail through use of the accompanying drawings, in which: [0022] Fig. 1 is a diagram of a first network environment for sharing content from a provider's personal computer in accordance with an embodiment of the present invention;
[0023] Fig. 2 is a process flow diagram of a method for sharing content from a provider's personal computer in accordance with an embodiment of the present invention;
[0024] Fig. 3 is a diagram of a second network environment for sharing content including a protocol conversion proxy in accordance with an embodiment of the present invention;
[0025] Fig. 4 is a process flow diagram of a method for sharing content using a protocol conversion proxy in accordance with an embodiment of the present invention;
[0026] Fig. 5 is a diagram of a third network environment including both a protocol conversion proxy and VPN router in accordance with an embodiment of the present invention;
[0027] Fig. 6 is a diagram of a fourth network environment including a protocol conversion proxy and domain name server in accordance with an embodiment of the present invention;
[0028] Fig. 7 is a diagram of a fifth network environment for providing secure HTTPS connections between provider and consumer computers in accordance with an embodiment of the present invention;
[0029] Figs. 8A and 8B illustrate a process flow diagram of a method for providing secure HTTPS connections between provider and consumer computers in accordance with an embodiment of the present invention;
[0030] Fig. 9 is a diagram of sixth network environment providing secure HTTPS connections between provider and consumer computers in accordance with an embodiment of the present invention;
[0031] Fig. 10 is a diagram of an example user interface for sharing content in accordance with an embodiment of the present invention; and
[0032] Fig. 11 is a schematic block diagram of a computer system suitable for implementing methods in accordance with embodiments of the present invention.
DETAILED DESCRIPTION
[0033] It will be readily understood that the components of the invention, as generally described and illustrated in the Figures herein, could be arranged and designed in a wide variety of different configurations. Thus, the following more detailed description of the embodiments of the invention, as represented in the Figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of certain examples of presently contemplated
embodiments in accordance with the invention. The presently described embodiments will be best understood by reference to the drawings, wherein like parts are designated by like numerals throughout.
[0034] In one aspect of the invention, a first computer establishes an encrypted connection with a connection server enabled to provide reverse connections. A second computer issues request for the content available from the first computer while using communication protocol of a first type. A protocol conversion module receives this request, converting it to communication protocol of a second type and forwarding it to a first computer through the encrypted reverse connection provided by the connection server. The communication protocol of the first type at least partially encrypts exchanged data using the encryption key available to the protocol conversion module, while communication protocol of the second type does not encrypt at least some parts of the data encrypted by the protocol of the first type.
[0035] In one implementation, the first computer serves requested content only if one or more conditions are met, one of the conditions being that request is submitted through encrypted reverse connection from the connection server.
[0036] In some implementations, a content request is sent to the first computer only if one or more conditions are met, one of more of these conditions being provided by the first computer before second computer issues a content request. One example of preset condition is that number of simultaneous connections to the first computer doesn't exceed a threshold value.
[0037] In some instances, the first computer announces content availability to a second computer in bypass of the protocol conversion module before second computer issues a content request. In one example, this announcement comprises sending a link to the announced content through email, text message, instant message or a post to a web site accessible from the second computer.
[0038] In one implementation, the protocol of the first type is HTTPS, while the protocol of the second type is HTTP. The encrypted connection is a transport-level tunnel and the connection server is a VPN server. In such implementations, the protocol conversion module is an HTTP S-to-HTTP proxy.
[0039] In one embodiment, a plurality of the first computers are connected to different intermediary servers through encrypted connections. Before a second computer issues a content request, at least one intermediary server reports accessibility of the first computer associated with a content reference to a routing module. The routing module receives content request associated with that content reference and routes it to the corresponding intermediary server.
[0040] In one instance, the protocol conversion module and routing module are connected to the same local network, while at least one of the intermediary servers is connected to a different local network.
[0041] In one other embodiment, a plurality of content items are available from plurality of first computers are associated with a plurality of domain names containing identifiers of corresponding first computers. The content items from at least two different first computers are accessible by issuing requests to different IP (internet protocol) addresses. The second computer obtains the domain name referencing the first computer providing the requested content item and issues a request to a domain name server to resolve that domain. The domain name server obtains information about a plurality of IP addresses associated with different domains and returns an IP address associated with requested domain.
[0042] In one instance, a plurality of IP addresses point to plurality of protocol conversion modules, each of these modules forwarding the content request to a connection server that maintains encrypted connection with a first computer providing requested content. In one example, the protocol conversion module resides on the same local network as connection server, thereby protecting the data exchange from external observation. In one implementation, the protocol conversion module and connection server reside on the same node of the local network, associated with the same physical computer hardware.
[0043] In another aspect of the present invention, a first computer establishes connection with a connection server enabled to provide reverse connections. A second computer issues a request containing a reference to the content provided by a third computer. The second computer receives a response containing a reference to the content provided by the first computer and then requests this content through the reverse connection to the first computer, where the data exchange between the first and the second computers is encrypted using a key known to the first second computer.
[0044] In one implementation, reference to the content provided to the first computer contains a domain name associated with encryption key known to the first computer and, upon detecting increased risk that encryption key could be compromised, the domain and associated encryption key are replaced without changing the reference to the content available from the third computer.
[0045] In one instance, the first computer announces content availability to a second computer by providing a reference to the content available from the third computer, before the second computer issues a content request. In one example, this announcement comprises sending a link to the announced content through email, text message, instant message or a post to a web site accessible from the second computer.
[0046] In one implementation, connection server is a VPN server. In another implementation, connection server is a proxy server. In another implementation, connection server is an SSH server.
[0047] In one embodiment, data exchange between the first and the second computers is encrypted using HTTPS protocol, and the first computer hosts an HTTPS server having access to a private SSL certificate for the HTTPS data exchange between the first and second computers.
[0048] In one implementation, data exchange between the second and the third computer uses the protocol different from the one used for the data exchange between the second and the first computers.
[0049] In one instance, data exchange between the first and the second computers is encrypted using VPN protocol, and the first computer contains VPN server.
[0050] In one embodiment, data exchange between the first and the third computer is encrypted using the key known to the third computer. In one instance, data exchange between the first and the third computer is encrypted using HTTPS protocol and the third computer hosts an HTTPS server.
[0051] In one other embodiment, data exchange between the first and the third computer uses HTTP protocol. In one example, the third computer is the same as the first computer.
[0052] In one embodiment, the response from the second computer is an HTML document containing HTML element with a source referencing the content provided by the third computer. In one implementation, the HTML element is selected from the group of an image, a video and an IFrame.
[0053] In another embodiment, the response from the second computer is a redirection to the URL referencing the content provided by the third computer.
[0054] In another aspect of the present invention, the first computer requests content from the second computer, receives a response containing a reference to the content available from the third computer, establishes an encrypted connection to the third computer, and requests the content over this connection. The source IP addresses of the requests to the second and the third computer are compared and the risk that one of the encrypted connections established by the first computer is compromised is increased if these IP addresses don't match.
[0055] In one instance, third computer establishes connection with a connection server enabled to provide reverse connection, and content request from the first computer to the third computer is sent through the connection server, while content request from the first computer to the second computer is sent in bypass of the connection server.
[0056] In one implementation, the connection between the first and the second computers uses different encryption keys than the connection between the first and the third computers.
[0057] In one embodiment, one of the two encrypted communication channels established by the first computer has lower risk of compromising its encryption than another channel, and detection that source IP addresses of the two requests don't match increases the probability that encryption channel with the higher security risk is compromised. In one instance, the encrypted connection between the first and the third computer has higher risk of being compromised than the connection between the first and the second computer.
[0058] In one implementation, the risk that the encrypted connection between the first and the third computers is increased if the request for the content referenced in the response from the second server doesn't arrive within a pre-defined time interval, for instance less than 10 seconds.
[0059] In one instance, the reference to content available from the third computer is returned only if one or more conditions are met, otherwise a response is returned without the reference to that content. In another instance, reference to content available from the third computer is returned but made visible to the user only if one or more conditions are met.
[0060] In one implementation, the reference to the content available from the first computer is returned and that content is made visible only if at least one of the predefined conditions are met, including ones from the group of the content from the third computer being accessible less than a pre-defined time ago, the number of requests for that content didn't exceed the pre-defined count and the risk that encrypted connection with the third server remains low.
[0061] In one embodiment, the response from the second computer is an HTML document containing an HTML element with a source referencing the content provided by the third computer. That HTML element has at least one attribute controlling its visibility. In one implementation, this HTML element is selected from the group of an image, a video and an IFrame.
[0062] In another embodiment, response from the second computer is a redirection to the URL referencing the content provided by the third computer.
[0063] In one instance, detection that IP addresses do not match increases security risk for subsequent requests from at least one of these source IP addresses for the pre-defined time.
[0064] In one other instance, the risk that the encrypted connection with the third server is compromised is increased by a larger amount if the same source IP for the request to the content from the third server is observed after at least two requests for the content from the second server, said two requests having different source IPs.
[0065] In one embodiment, one or more first computers issue requests to the same second computer, each first computer receiving a response containing plurality of references to content available from plurality of third computers. The one or more first computers establish a plurality of encrypted connections to the referenced third computers and request a content over these connections.
[0066] Embodiments in accordance with the invention may be embodied as an apparatus, method, or computer program product. Accordingly, the invention may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.), or an embodiment combining software and hardware aspects that may all generally be referred to herein as a "module" or "system." Furthermore, the invention may take the form of a computer program product embodied in any tangible medium of expression having computer-usable program code embodied in the medium.
[0067] Any combination of one or more computer-usable or computer-readable media may be utilized. For example, a computer-readable medium may include one or more of a portable computer diskette, a hard disk, a random access memory (RAM) device, a read-only memory (ROM) device, an erasable programmable read-only memory (EPROM or Flash memory) device, a portable compact disc read-only memory (CDROM), an optical storage device, and a magnetic storage device. In selected embodiments, a computer-readable medium may comprise any non-transitory medium that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
[0068] Computer program code for carrying out operations of the invention may be written in any combination of one or more programming languages, including an object-oriented programming language such as Java, Smalltalk, C++, or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages, and may also use descriptive or markup languages such as HTML, XML, JSON, and the like. The program code may execute entirely on a computer system as a stand-alone software package, on a stand-alone hardware unit, partly on a remote computer spaced some distance from the computer, or entirely on a remote computer or server. In the latter scenario, the remote computer may be connected to the computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider). Computer networks may use transport protocols other than Internet Protocol. Correspondingly, present invention could be implemented for types of network addresses other than IP addresses.
[0069] The invention is described below with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions or code. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
[0070] These computer program instructions may also be stored in a non-transitory computer-readable medium that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer- readable medium produce an article of manufacture including instruction means which implement the function/act specified in the flowchart and/or block diagram block or blocks.
[0071] The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
[0072] Fig. 1 illustrates an example network architecture 100 in which the methods disclosed herein may be implemented. In one aspect of the present invention, provider computer 102 establishes an encrypted connection with a connection server, such as the illustrated virtual private network (VPN) server 104 enabled to provide reverse connections. A consumer computer 106 issues a request for content available from the first computer, such as content files 108 stored on the personal computer 102, video or images from a security camera 110, or files from network storage 112. The security camera 114 and network storage may be coupled to the provider computer 102 by a local network 114, e.g. LAN or some other type of network.
[0073] The consumer computer 106 may issue requests using a communication protocol of a first type. A protocol conversion proxy 116 receives this request, converting it to a communication protocol of a second type and forwarding it the provider computer 102 through the encrypted reverse connection provided by the VPN server 104. The communication protocol of the first type at least partially encrypts exchanged data using an encryption key available to the protocol conversion proxy 116, while communication protocol of the second type does not encrypt at least some parts of the data encrypted by the protocol of the first type.
[0074] In the embodiment depicted in Fig. l, the protocol of the first type is HTTPS (hypertext transfer protocol secure), while protocol of the second type is HTTP (hyper text transfer protocol). The encrypted connection between provider computer 102 and the VPN server 104 may be a transport-level tunnel. The protocol conversion proxy 116 may be embodied as an HTTPS-to-HTTP proxy.
[0075] Further referring to Fig.1, the provider computer 102 may be a personal computer hosting a personal server 118 enabled to serve local content files as well as data from the local network 1 14, for instance, from network attached storage 112 or security camera 110.
[0076] The provider computer 102 hosts a VPN client 120 that establishes the encrypted VPN tunnel 122 with VPN server 104, which provides reverse connection to the personal server 118 through the VPN tunnel 122.
[0077] In one implementation, provider computer 102 announces content availability to the consumer computer 106 in bypass of the protocol conversion proxy 116. In the depicted embodiment, it sends a message with an HTTPS URL from provider's messaging application 124 to a corresponding messaging application 126 hosted by the consumer computer 106. The messaging application may be any messaging application known in the art such as email, text message (SMS, MMS, iMessage™, etc.), instant messenger, messages within a social media platform (Twitter™, Facebook, Linkedln™, etc.). The HTTPS URL may be communicated to the consumer computer 106 by the provider computer 102 by posting it to a known online location or using other communication methods known in the art. Bypassing the protocol conversion proxy 116 allows for exchanging of additional information, such as a hash tag of the HTTPS URL that could be used for additional encryption with the knowledge of protocol conversion proxy 116.
[0078] An HTTPS browser 128 on the consumer computer 106 may issue a HTTPS request for the HTTPS URL received from the provider computer 102. This request is received by protocol conversion proxy 1 16, which uses a private SSL (secure socket layer) certificate to decrypt received data and then send an HTTP request to the personal server 118 of the provider computer 102 through the reverse connection provided by VPN server 104. After receiving an HTTP response from the personal server 118, the protocol conversion proxy 116 transforms it into an HTTPS response, and sends it back to the HTTPS browser 128 of the consumer computer 106.
[0079] As a result, data exchange between provider computer 102 and consumer computer 106 is protected by the strong encryption (in one part of the data path, by HTTPS; in another part, by VPN tunnel 122) without the need for the provider computer 102 to store an encryption key (e.g., a private SSL key), whose disclosure would compromise communication security. Instead, the private SSL key, e.g. a key used to secure HTTPS communication between HTTPS browser and protocol conversion proxy 116, is stored outside of the personal server 118 at a location that can be better protected from security breaches.
[0080] In other implementations, the VPN server 104 may additionally or alternatively include a proxy or an application-level tunnel server (such as a SSH server), capable of providing reverse connection through an encrypted channel.
[0081] Likewise, the protocol of the first type could be any encrypted communication protocol between the consumer computer 106 and protocol conversion proxy 116, provided the consumer computer 106 hosts a client and protocol conversion proxy 116 hosts a server for such a protocol. For instance, it could be a VPN tunnel (protocol conversion proxy 116 would host a VPN server and consumer computer 106 a VPN client), encrypted WebRTC (Web Real Time Communication) (protocol conversion proxy 116 would host a WebRTC module and consumer computer 106 would host a WebRTC client), or secure messaging protocol (protocol conversion proxy 116 would include a secure messaging server and consumer computer 106 would include a secure messaging client). In each of these implementations, the protocol of the second type could be any protocol that provides data exchange without the need for the provider computer 102 to have access to sensitive encryption keys, such as unsecure FTP or any type of unprotected messaging.
[0082] In one implementation, provider computer 102 provides content only if one or more preset conditions are met, one of the conditions being that the request is submitted through encrypted reverse connection to the VPN server 104. Ensuring that only content requests coming through the encrypted connection with VPN server 104 allows taking advantage of additional access control measures, applied before content request reaches the client's computer; these access control measures are discussed below in reference to Figs. 3 and 4.
[0083] Fig. 2 illustrates a method 200 that may be performed using the environment 100 of Fig. 1. In particular, the illustrated method 200 may be executed on the provider computer 102, such as by the personal server 118 executing on the provider computer 102.
[0084] The method 200 may include receiving 202 content, e.g. a designation of content, to be shared. The content may be any file, such as an audio, video, image, or text file. Receiving 202 the designation of content may include receiving designation of a file on the provider computer 102, network storage 112, video from the security camera 110, or some other source. Receiving 202 the designation of content may include receiving a file name or the actual content of the file, for example a full path or URL pointing to the file.
[0085] The method 202 may further include sending 204 an invitation to access the content with a URL, URL A in the illustrated example. In particular, the personal server 118 may assign URL A to correspond to the content received at step 202 in response to receiving 202 the instruction to share the content.
[0086] The method 202 may further include connecting 206 the provider computer 102 to the VPN server 104, such as by the VPN client 120. The step of connecting 206 the provider computer 102 may be performed prior to and/or independent of the receiving 202 of content and sending 204 of the invite. For example, the provider computer 102 may maintain a connection to the VPN server 104 while the provider computer 102 is on and connected to a network, e.g. the Internet.
[0087] The method 202 may include listening 208 for requests for content. For example, the personal server 118 may listen for requests referencing URLs associated with shared content. In response to receiving a request for content, the personal server 118 may evaluate whether a response to the request is appropriate. A request for content may include, for example, a URL associated with that content, such as the URL A assigned to content received at step 202.
Various content items may be shared and each may have a unique URL assigned thereto and which may be include in a request for content received.
[0088] The method 200 may include determining 210 whether the request was received through the VPN tunnel. If not, an error message may be returned 212 to the requestor, e.g. a source IP address included in the request, and no content is returned in response to the request.
[0089] If so, the method 200 may include evaluating 214 whether the request includes a valid URL. If not, then a corresponding error message is returned 212 and no content is returned in response to the request. If so, then the method 200 may include evaluating 216 whether the requestor is authorized. For example, step 216 may include evaluating some or all of a source IP address, username, password, or other authenticating or identifying information included in the request and comparing this information to information for invitees to whom invitations have been sent 204. If the requestor is not found 216 to correspond to an invitee that has been sent 204 an invitation or is otherwise not authorized, the method 200 may include returning 212 an error message without returning content requested by the request. If the requestor is found 216 to be authorized, the method 200 may include evaluating 218 whether the provider computer 102 has sufficient resources to respond to the request. For example, resources evaluated may include CPU usage, bandwidth, a number of other requests currently being responded to, or the like. If resources required to respond to the request in view of current usage would exceed the capacity of the provider computer 102, an error message may be returned without returning the content requested by the request.
[0090] The evaluation of the conditions in steps 210-218 may be performed in any order and one or more of the steps 210-218 may be omitted in some embodiments. If all of the conditions evaluated in the particular embodiment are found to be met, then the content requested by the request is returned 220 to the requestor. In particular, the content references by the request may be identified according to a mapping of a URL included in the request and the content. For example, the mapping between URL A and the content received at step 202 in the illustrated example. Returning of content may be performed through the VPN tunnel such that the VPN server 104 forwards the requested content to the requestor by way of the protocol conversion proxy 116 as discussed above.
[0091] Fig. 3 is a block diagram of an implementation 300 where multiple provider computers 102a, 102b are connected to the same connection server, e.g. VPN server 104. Each provider computer 102a, 102b reports its identifier (e.g., dev idl, dev_id2), references to available content (e.g., URLl, URL2) to a module accessible by the VPN server, herein referred to as the access controller 302. Upon receiving a URL request from a protocol conversion proxy 116, VPN server 104 obtains the rules and identifiers associated with this request, e.g. the URL included in the request. For example, rules may be defined in response to received URLs from a particular device. For example, upon receiving URL A from computer 102a having identifier dev idl, a rule may be created that indicates that URL A is mapped to dev idl .
[0092] Upon receiving a request, the VPN server 104 applies the rules, and routes the request to the provider computer 102a, 102b in response to determining the provider computer 102a, 102b to correspond to the identifier mapped to the URL included in the request. In the illustrated example, provider computers 102a, 102b announce their content to the access controller 302 (e.g. URLl and URL2, respectively) and the VPN server 104 stores a mapping between provider computers 102a, 102b and the URLs submitted thereby. Subsequently, a request for URLl may be received. The VPN server 104 then connects the request to provider computer 102a in response to determining that the stored mapping maps provider computer 102a to URLl . In other examples, multiple content requests could be processed at the same time period and be routed to multiple provider computers through the single VPN server 104 and protocol conversion proxy 116.
[0093] In some embodiments, a content request is sent to the provider computer 102a, 102b identified by the request only if one or more preset conditions are met. For example, one or more conditions that are received from the provider computer 102a, 102b referenced by the request before a consumer computer 106 issues the request.
[0094] Fig. 4 depicts a method 400 wherein any provider computer of a plurality of provider computers, provider computer 102a in the illustrated example, receives 402 content, e.g. a designation of content as described above, for association with a URL, such as URL A. The provider computer 102a connects 404 to the VPN server 104 and registers 406 as a provider of content for URL A. Registering 406 the provider computer 102a as provider of content for URL A may include transmitting URL A to VPN server 104 along with one or more access rules for URL_A. The VPN server 104 registers 408 the received URL_A and access rules with a connection identifier of the VPN client 120 of provider computer 102a from which they were received, thereby mapping the personal server 118 of the provider computer 102a to URL A.
[0095] Subsequent to registering 408 URL_A, the VPN server 104 may receive 410 a request for URL A. In the illustrated embodiment, VPN server 104 then retrieves access rules registered 408 for URL A and applies these access rules. The illustrated steps 412-420 illustrate examples of access rules that may be applied. For example, the received 410 request may be forwarded 422 to the provider computer 102a registered for URL A only if the provider computer 102a is found 412 to be accessible, the number of source IP addresses currently accessing provider computer 102a is found 416 to be less than a maximum number of users (Max Users), the traffic being output by provider computer 102a is found 418 to be less than a maximum bandwidth (Max Bandwidth), and the URL A of the request is not found 420 to have been expired. The values of Max Users, Max Bandwidth, and the expiry period for the URL A that are evaluated at steps 416-420 may be specified in the access rules received from the provider computer 102a when registering URL A. If the conditions evaluated at steps 412, 416, 418, and 420 are not found to have been met, then the request is blocked 414 and is not forwarded to the provider computer 102a. In some embodiments, access rules could be stored and/or applied by another module accessible from the VPN server 104, such as the access controller 302 of Fig. 3.
[0096] Upon receiving a forwarded request, the provider computer 102a, such as using the personal server 118, responds to the request, such as by retrieving the content designated at step 402 as being associated with URL A and returning it to the source IP address included in the request. Returning the content may include transmitting the requested content over the VPN tunnel between the provider computer 102a and the VPN server 104.
[0097] The access rules described with respect to Fig. 4 advantageously protect the provider computer 102a from attacks common to content servers (e.g., denial of service, port scans, unauthorized consumers, etc.), as long as it only accepts content requests through the encrypted reverse connection to the VPN server 104.
[0098] Fig. 5 is a block diagram of an implementation 500 where multiple provider computers 102a, 102b are connected to different connection servers, e.g. VPN servers 104a, 104b, while the consumer computer 106 is provided with URL1 pointing to a single protocol conversion proxy 116. To access provided content through the correct VPN server 104a, 104b, the implementation 500 may include a VPN router 500, enabled to route content requests to their providers based on URLs included in the requests and access rules associated with each URL. After each provider computer 102a, 102b connects to a VPN server 104a, 104b, each VPN server 104a, 104b sends identifiers of the provider computers 102a, 102b connected thereto to the VPN router 500, together with an identifier of the each VPN server 104a, 104b. As previously described in relation to Fig. 3, each provider computer 102a, 102b registers with access controller 300 its own identifier and URLs of the content it can serve as well as access rules.
[0099] Upon receiving a request for URLl from the protocol conversion proxy 116, VPN router 500 obtains the identifier of the provider computer 102a and access rules that are associated with URL1 from the Access Controller 512 and routes the request through the corresponding VPN server 104a that is associated with the identifier of the provider computer 102a. In this example, VPN router 500 also passes the access rules associated with URL1 to VPN server 104a together with URL. In other implementations, VPN router 500 may check some access rules (for instance, whether URL has expired) and blocking requests that do not meet those access rules that are checked. Those requests that meet the conditions of the access rules that are checked may then be passed to the appropriate VPN server 104a, 140b with those access rules that were not checked (for instance, rules regarding maximal amount of allowed bandwidth as described with respect to Fig. 4). In the illustrated embodiment, VPN servers 104a, 140b may be placed at different geographic locations selected to be close to provider computers 102a, 102b, while protocol conversion proxy 116 and VPN router 500 may be placed in the single location, e.g. the same computer or same local network.
[00100] Fig. 6 is a block diagram of an implementation 600 where, in addition to connecting VPN clients 120 of various provider computers 102a, 102b to different VPN servers 104a, 104b, content consumers 106 can be connected to different protocol conversion proxies 116a, 116b. Instead of using a single protocol conversion proxy 116 and VPN router 500 to process every content request after it's issued by the consumer, this implementation uses a domain name server 602 to point consumer computer 106 to a protocol conversion proxy 116a, 116b associated with the correct VPN server 104a, 104b, without the need for VPN router 500.
[00101] In one instance, protocol conversion proxy 116a, 116b resides on the same local network as the corresponding VPN server 104a, 104b, respectively (for example, in the same colocation). In another instance, both VPN server 104a, 104b and corresponding protocol conversion proxy 116a, 116b are located on the same node of the local network, associated with the same physical computer hardware. These implementations protect HTTP traffic between protocol conversion proxy 116a, 116b and VPN server 104a, 104b from interception, limiting it to a local network or the same computer.
[00102] After receiving an HTTPS URL from a provider computer 102a, 102b, in a message as described herein, the consumer computer 106 may issue a DNS (domain name service) request to resolve the HTTPS domain to an IP address. Domain name server 602 is registered as an authoritative name server for the domains used by personal content URLs and therefore processes such requests.
[00103] In this implementation, a domain of the content URL announced to the consumer computer 106 (URLl) by provider computer 102a contains a reference to identifier of the connection between the provider computer 102a and VPN server 104a (for instance, dev_idl .maindomain.com). Each protocol conversion proxy 116a, 116b may have access to a private wildcard SSL certificate (for instance, *. maindomain.com), which enables it to function as an HTTPS server for all requests matching this pattern.
[00104] After a provider computer 102a, 102b connects to a VPN server 104a,
104b, the VPN server 104a, 104b informs domain name server 602 that the requests including the identifier associated with the connection to provider computer 102a, 102b should be routed through that VPN server 104a, 104b. When the provider computer 102a, 102b disconnects from the VPN server 104a, 104b, VPN server 104a, 104b informs the domain name server 602 that its association of the identifier of the provider computer 102a, 102b to the VPN server 104a, 104b is no longer valid. To minimize delay in propagating these changes, domain name server 602 may set a time to leave (TTL) for its domains, after which the domains will expire and no longer be used to route requests.
[00105] After receiving a request for a domain name, domain name server 602 matches it with connection identifiers reported by the VPN server 104a, 104b. If a match is found, the domain name server 602 responds with an IP address corresponding to the protocol conversion proxy 116a, 116b associated with that VPN server that reported the matching connection identifier. The consumer computer 106 receives the IP address of the appropriate protocol conversion proxy 116a, 116b and sends a request for URLl to that protocol conversion proxy 116a, 116b. Upon receiving the request the announced HTTPS URL (URLl), the protocol conversion proxy 116a, 116b passes the converted HTTP request to a corresponding VPN server 104a, 104b associated with URLl .
[00106] In another aspect described below with respect to Figs. 7-9, a provider computer 102a, 102b establishes a connection with a connection server, e.g. VPN server 104a, 104b, enabled to provide reverse connections. A consumer computer 106 issues a request for content available on a server computer and receives a response containing reference to the content provided by the provider computer 102a, 102b and then requests this content through a reverse connection to the provider computer 102a, 102b, where the data exchange between the first and the second computers is encrypted using the keys known to the provider computer 102a, 102b and the consumer computer 106.
[00107] For example, referring to Fig. 7, consumer computer 106 may issue a request for content associated with URL B from the provider computer 102. This request passes though reverse connection between VPN server 104 and the VPN client of provider computer 102 and reaches the personal server 118 of the provider computer 102. This reverse connection allows content request from the consumer computer 106 to reach the provider computer 102, even if external access to the provider computer 102 is blocked by a NAT or a firewall. In the illustrated embodiment, the VPN server 104 is capable of establishing reverse connections (for instance, Open VPN Server provided by the Open VPN Technologies Inc.). In other
implementations, the VPN server 104 may be replaced by a connection server that is a proxy or an application-level tunnel server (such as SSH server) capable of providing reverse connection.
[00108] In the embodiment of Fig. 7, data exchange between computers 102, 106 is encrypted by HTTPS protocol. The request from the provider computer 106 is issued by HTTPS browser 128 on the consumer computer 106 and processed by the personal server 1 18, which may be embodied as an HTTPS server, on the provider computer 102. The personal server 118 may have access to the private SSL certificate required to establish HTTPS connection for domain B, used by URL B. Data exchange between provider and consumer computers 102, 106 of the content is encrypted end-to-end, remaining opaque to the intermediate modules such as VPN server 104.
[00109] Data exchange between provider computer 102 and consumer computer
106 could be protected by different encryption protocols, for instance, a VPN protocol such as IPSEC or L2TP. In such implementations, consumer computer 106 may host a VPN client, while provider computer 102 has a VPN server, providing end-to-end encryption between provider computer 102 and consumer computer 106 of the content. In this case, a VPN tunnel between consumer and provider computers 102, 106 may be further encapsulated by a VPN tunnel between provider computer 102 and VPN server 104, and proceeds without additional encapsulation from VPN server 104 to consumer computer 106. In another implementation, consumer and provider may have different nodes of the messaging application 124, 126 that encrypts communications between clients using public/private key encryption or some other encryption means.
[00110] In such implementations, personal server 118 may be required to have access to an encryption key to establish end-to-end encryption with consumer computer 106. In the case of HTTPS protocol, the personal HTTPS server 702 may be required to have access to a private SSL certificate that authenticates that server 702 as provider of the content associated with a specific domain (domain B for HTTPS URL B, for example). In the depicted embodiment, VPN server 104 obtains private SSL certificate from the SSL certificate provider 704 and then sends it to the provider computer 102 through the VPN client 120. In another embodiments provider computer 102 may obtain private SSL certificate from provider 704 in bypass of the VPN server 104, for instance, by establishing direct secure connection with provider 704, thereby hiding private SSL certificate from observation. For other encryption protocols, the personal server 118 may need access to other types of private encryption keys. Because a personal computer, such as the provider computer 102, is less protected from unauthorized access than a server in a dedicated location, it increases the risk that such private certificate or a private key could be obtained by unauthorized third party. Such a third party could snoop on the data exchange (e.g., by making itself a man-in-the-middle), or become an impostor (announce availability of the content from unauthorized server).
[00111] In the aspect depicted on Fig.1, this problem was addressed by using protocol conversion proxy 116 to terminate SSL connection before it reached the provider computer 102. However, it made HTTP traffic between the protocol conversion proxy 116 and personal server 118 open to observation by modules processing that traffic, such as protocol conversion proxy 116 and connection server, e.g. VPN server 104.
[00112] In the aspect depicted on Fig.7, which prevents the traffic between provider and consumer from interception, increased security risk of making sensitive certificate or a key available on the personal computer is mitigated by the ability to easily replace the compromised certificate or a key without the need to invalidate content links provided to consumers.
[00113] In the depicted embodiment, consumer computer 106 issues content request for URL A, served by a publicly accessible HTTPS server 702. The SSL certificate accessible by that server 702 is considered safe, because server can be placed in a secure location.
[00114] In the depicted embodiment, consumer computer 106 obtains URL A from provider computer 102, which transmits URL A by sending a message from one messaging application 124 to the messaging application 126 executing on the consumer computer 106. For example, URL A could be sent via instant messaging, email, or posted to a known web site in the same manner discussed above with respect to step 204 of the method 200 of Fig. 2.
[00115] In one implementation, provider computer 102 sends a message to consumer computer 106 with a reference to the content available from a public HTTPS server in bypass of the VPN server 104, hiding at least the path and query portions of the URL A from observation.
[00116] In response to a request for URL A, public server 702 returns URL B that references the content stored on provider computer 102, Such URL could be returned, for instance, as a source of IFrame, an image or a video embedded into HTML content, or as a redirection. It may be done immediately, or after few intermediate steps (for instance, chain of redirects, or nested IFrames).
[00117] Public server only needs to know which URL B to return in response to request for URL A; in one implementation, it can generate URL A containing a reference to a URL B and then send it to the content provider for distribution to the consumer. For instance, such URL may take a form "www.domain_A.com/index", where index is a reference to URL B provided by the personal server 118.
[00118] In one instance, communications between provider computer 102 and server 702 a protected from interception by HTTPS encryption, or issued in bypass of server 104.
[00119] If domain B certificate stored on a provider computer 102 is
compromised, URL B could easily be replaced with the one using a different SSL certificate, without changing the link to URL A known to the consumer.
[00120] In the depicted embodiment, after determining that domain B could be compromised (for instance, by detecting malware traffic from the provider computer 102 through VPN tunnel), VPN server 104 selects new domain_B, obtains new SSL certificate for that domain from SSL certificate provider 704 and then passes new domain B and new SSL certificate to the personal HTTPS server 118. In another instance, provider computer 102 may select new domain B by itself and receive the updated certificate from the SSL certificate provider without making it known to a VPN server. In one other instance, provider computer 102 could be considered "high security risk" and denied the ability to serve its content, instead of providing the new SSL certificate. [00121] In another embodiment, different communication protocols are used to obtain content announced by the provider than to obtain content from the personal server. In one instance, request for HTTPS URL A, sent to the public server 702, may return updated host name of the Personal VPN server (for instance, IPSEC server) on provider computer 102. If such host name should be replaced, URL A will return its replacement and may notify the consumer that settings of the local VPN client should be updated. In another instance, request for URL A could use HTTP protocol (for instance, only to return a redirect to HTTPS URL B), while request for URL B could use HTTPS protocol to protect sensitive content.
[00122] In one implementation, servers that return public content and personal content may be located on the same personal computer. For example, content referenced by the URL A may be served by a HTTP server on provider computer 102 and content served by URL B is served by a personal HTTPS server also executing on provider computer 102.
[00123] The embodiment of Fig. 7 advantageously improves detection of compromised domains associated with personal content. In this aspect, consumer computer 106 requests content from public HTTPS server 702 and receives a response containing a reference to a content available from the provider computer 102. The consumer computer 106 establishes an encrypted connection to the provider computer 102 and requests a content over this connection. The source IP addresses of the requests to the public HTTPS server 702 and provider computer 102 are compared. If these IP addresses do not match, it indicates an increased risk that one of the encrypted connections established by the consumer computer 106 to these IP addresses is compromised.
[00124] In one implementation, the connection between the consumer computer 106 and public HTTPS server 702 uses different encryption keys than the connection between the consumer computer 106 and provider computer 102. When one of the two encrypted communication channels established by the consumer computer 106 has lower risk of compromising its encryption that another channel, detection that source IP addresses of the two requests don't match increases the probability that the encrypted channel with the higher security risk is compromised.
[00125] In one instance, the provider computer 102 establishes a connection with a connection server, e.g. VPN server 104, enabled to provide reverse connection, and a content request from the consumer computer 106 to the provider computer 102 is sent through this connection server, while the content request from the consumer computer 106 to the public HTTPS server 702 is sent in bypass of this connection server. In this instance, the encrypted connection between the consumer computer 106 and the provider computer 102 has higher risk of interception if provider computer 102 is a personal computer, storing its private encryption keys in the less secure location than the public HTTPS server 702.
[00126] Referring to Fig.7, the server 702 reports the source IP of consumer computer 106 used to request URL A to VPN server 104, which compares it with a source IP of request for URL B. If the source IPs are different, it increases the risk that an unauthorized third party has obtained the private SSL certificate for domain B corresponding to HTTPS URL B, changed the DNS response (for instance, through DNS cache poisoning) to point domain B to its own server, and performed a "man-in-the-middle" attack, i.e. created two separate HTTPS connections with provider computer 102 and consumer computer 106 instead of one HTTPS connection between consumer and provider computers 106, 102, thereby gaining an ability to intercept and modify their HTTPS traffic. [00127] This implementation helps to detect interference from the third party server that has a different public IP address than consumer computer 106.
[00128] In one implementation, the risk that the encrypted connection between the consumer and provider computers 106, 102 is increased if the request for the content referenced in the response from the public HTTPS server 702 does not arrive within a pre-defined time interval, for instance having a value smaller than 10 seconds, or some other time period. If time between requests from the same IP address exceeds that interval, it may indicate additional time used to intercept the traffic, for instance by routing it though the data channels under third party control. If the request for the content referenced in the response from the public HTTPS server 702 does not arrive at all, it may indicate an impostor, pretending to be a content provider but responding with its own content. This implementation helps to identify interference from the third party even if source IP address doesn't change (for instance, if third party uses deep packet inspection, decoding the observed packets with a compromised SSL certificate).
[00129] Figs. 8 A and 8B illustrates a method 800 such as may be used for the implementation of Fig. 7, where both the server that receives the first content request (public server 702) and the server that receives the second content request (VPN server 104) perform the checks that protect provider computer 102 from invalid or compromised requests.
[00130] The method 800 may include receiving 802, on the provider computer
102, a selection of content to be shared, such as in the same manner as for other methods described herein. The provider computer 102 may receive 804 a security certificate, such as a secure socket layer (SSL) certificate. For example, the provider computer 102 may request an SSL certificate for domain B corresponding to URL B from a SSL certificate provider 704 (see Fig. 7) and receive the requested SSL certificate.
[00131] The provider computer 102 may further connect 806 to the VPN server
104. The provider computer 102 may be connected 806 to the VPN server 104 prior to steps 802, 804. For example, the provider computer 102 may request and receive 804 the SSL certificate through the VPN server 104.
[00132] The method 800 may include receiving 808 URL A from the public server 702. For example, the provider computer 102 may request a unique URL in order to associate it with the content identified at step 802. In response, the public server 702 may return URL A, which is then received 808 by the provider computer 102 and associated with the content received at step 802 to URL A.
[00133] The provider computer 102 may then specify 810 to the public server 702 that URL B is associated with URL A. The provider computer 102 may further specify access rules for URL A and URL B. The provider computer 102 may further send 812 an invitation including URL A to one or more consumer computers 106, such as using any of the messaging applications described above.
[00134] The public server 702 may receive 814 a request for URL A, such as from the consumer computer 106 that received the invitation sent at step 812. The public server 702 may then apply one or more access rules according to steps 816-820 as received at step 808 or set as default access rules.
[00135] For example, if URL B associated with URL A is found 816 to have expired, then the request for URL A may be ignored. In particular, URL B may expire after some period after the certificate for domain B is generated. URL B may also expire after having been returned to requestors some set number of times. Accordingly, if one or more of these expiration conditions are met, the request is ignored 818 by the public server 702 such that URL B is not returned in response to the request including URL A.
[00136] The public server 702 may further evaluate 820 whether URL B may be accessed by the requestor. For example, the access rules for URL B may specify an identifier, password, source IP address, or other identifying information for one or more requestors that are authorized to receive URL B in response to a request for URL A. Accordingly, if the request is not found 820 to include such an identifier for an authorized requestor, the request may be ignored 818.
[00137] In some embodiments, if a request is ignored 818 for failing to meet one or more access rules, a response may nonetheless be returned to a requestor in response to a request for URL A. For example, content associated with URL A by the public server 702 may be returned to the requestor but not include URL B.
[00138] In some embodiments, the public server 702 may replace the link to
URL B in a response to the request with a message that would inform the consumer that the content associated with URL B is not available.
[00139] In some embodiments, if the request is ignored 818, the public server 702 may include in a response to the requestor interface elements that would allow consumer to access provider's content - for example, provide authorization credentials, or send provider computer 102 a message requesting to increase maximal access count for requested content.
[00140] In another embodiment, if the public server 702 determines that a request should be ignored 818, it returns content referred by the announced URL (URL A) with a link to provider's content (URL B), but hides provider's content from observation by the consumer. For instance, the public server may set a visibility attribute of an HTML IFrame loaded from URL B to the value "hidden." In this embodiment, VPN server 104 is informed about the source IP of the request received at step 814 and can compare it with the source IP of a second request for URL B, but the requestor will not be able to view the requested content.
[00141] In another embodiment, the public server 702 may change the link to provider's content (e.g. URL B) in a response to a request to URL A to another link accessible from the same domain, letting the requestor know that returned content will not be displayed. For instance, public server may return URL_B="https://mydomain.com/image20.jpg" for the content that should be displayed, or & count=3 &action=hide" for the content that should be hidden (requesting an empty image while informing personal server that the count for the requested file exceeded pre-defined threshold and public server will hide the data from consumer.
[00142] If the request is found 816, 820 to satisfy the one or more access rules, then the method 800 may include returning 822 content associated with URL A by the public server 702 to the requestor. In particular, the content for URL A may include URL B. The public server 702 may further send 824 a message to the VPN server 104 indicating that a request for URL B was received from the requestor, the message including the source IP address of the requestor and possibly other identifying information. In some embodiments, if the public server 702 does not return URL B to the requestor in response to a request, the public server 702 does not inform the VPN server 104 or other modules of the request.
[00143] Continuing to Fig. 8B, the method 800 may continue with the VPN server 104 receiving a request for URL B addressed to provider computer 102. In response to receiving this request, the VPN server 104 evaluates 828 if the source IP of the request for URL B is the same that was used for the request for URL A received at step 814. If the source IPs are found to not match, the VPN server may mark 830 at least one of them as suspicious, treating any requests from that source IP as indications of compromised security. If checks performed by the VPN server 104 indicate that security risk is increased above pre-defined threshold, the VPN server 104 may notify 832 the provider computer 102 assigned URL B that domain B may be compromised and block 834 the request for URL B from reaching provider computer 102. In response to the notification of step 832, the provider computer may replace domain B and its SSL certificate with another domain and certificate. In particular, the new domain and certificate may be mapped to the original announced URL (URL A), the public server 702 may be informed of the mapping and one or more access rules in the same manner as for URL B. In this manner, consumer computers 106 may still access the content associated with URL A using URL A notwithstanding the new mapping.
[00144] In some embodiments, determining 828 that the source IP addresses do not match will mark one or both of the source IP address as suspicious for a pre-defined time. In some embodiments, security risk may be accumulated over time. For example, upon each determining 828 that source IP addresses do not match for the requests for URL A and URL B, the security risk of URL B may be incremented. Upon the security risk exceeding a threshold condition, URL B may be deemed compromised and steps 830-836 may be performed.
[00145] In some embodiments, a security risk that the encrypted connection with the provider computer 102 is compromised is increased by a larger amount if the same first source IP is included in two or more request for URL B after being notified by public server 702 of two or more source IPs in requests for URL A that are different from one another.
[00146] If the source IPs are found 828 to match and the source IP of the request received at step 826 is found 838 not to have previously failed the check at step 828, then the request is forwarded 840 to the provider computer 102. The provider computer then establishes an encrypted HTTPS connection to the requestor and provides 842 the content associated with URL B to the requestor over the encrypted connection. If the source IP of the request received at step 826 is found 838 to have previously failed the check at step 828, the request may be blocked 834.
[00147] The system of Fig. 7 and the method of Figs. 8A and 8B provide for improved detection of compromised domains associated with personal content by comparing source IPs for different requested domains. The systems and methods of Figs. 7, 8 A and 8B may be implemented without establishing end-to-end encrypted communication channel between the consumer computer 106 and provider computer 102, i.e. the comparing of the source IP addresses may detect unauthorized activity even without an encrypted connection between computers 102, 106.
[00148] Fig.9 depict an embodiment in which HTTPS requests for the personal content from plurality of provider computers 102a, 102b are sent to plurality of protocol conversion proxies 116a, 116b, which convert them into HTTP requests and forward them to the content providers through reverse connections established by VPN servers 104a, 104b. In this example, each provider computer 102a, 102b uses different domains (for example, domain Bl, domain_B2 for provider computer 102a, 102b, respectively). Each protocol conversion proxy 116a, 116b obtains SSL certificates for the corresponding domains from the SSL certificate provider 704 (in other instance, previously obtained certificates may be requested from secure storage).
[00149] A provider computer 102a, 102b announces availability of a URL. For example, provider computer 102a may announce content associated with URL Al to consumer computer 106, such as by using a messaging applications 124, 126. The content of URL A may be served by the public HTTPS server 702, which contains references to the content from two different personal content providers (URL Bl, URL B2 for provider computers 102a, 102b, respectively). Content may be, for instance, two images or IFrames with different source URLs embedded into HTML content. Public server 702 reports the source IP of the consumer computer 106 requesting the announced URL (URL A, for example) to each protocol conversion proxy that serves domain returned after request to URL A.
[00150] After consumer computer 106 issues requests for URL Bl and URL B2, the corresponding conversion proxies 116a, 116b, respectively, compare the source IPs of requests for URL B 1 and URL B2 with the source IP reported by the public server 702 as being included in requests for URL A. If the source IPs don't match, or request for the private content doesn't arrive, it increases the risk that the security of corresponding domain (domain Bl or domain_B2), respectively, is compromised.
[00151] If protocol conversion proxy 116a, 116b is located in the colocation owned by an untrusted third party, security of its private SSL certificate could be compromised if the third party doesn't deploy adequate protection measures. In response to increased security risk, protocol conversion proxy 116a, 116b may select a replacement for the compromised domain and ask for another SSL certificate from SSL certificate provider 704. In another instance, a service provider may decide to move protocol conversion proxy 116a, 116b (possibly, together with the corresponding VPN server 104a, 104b) to another colocation, before requesting another private SSL certificate.
[00152] In some embodiments, each of the provider computers 102a, 102b specifies access rules for its content. In such embodiments, each set of rules may be split into two parts: private rules, enforced by VPN servers 104a, 104b (for instance, number of simultaneously connected users, or maximal bandwidth), and public rules enforced by a Public HTTPS server 702 (for instance, maximal number of access requests from the same user, or expiration time). Each provider computer 102a, 102b reports the rules to the access controller 302, which forwards them to the appropriate VPN servers 104a, 104b and the Public HTTPS server 702.
[00153] In the implementations depicted on Figs. 8 and 9, public server 702 keeps the history of previous requests to the personal content, such as a count of requests from the same user and time until content expires. This history can be accessed without the knowledge about the details of the personal content. For instance, public server 702 may belong to a third party aggregator, having its own private SSL certificate that is not available to the servers that process personal content (e.g. VPN server 104a, 104b, protocol conversion proxies 116a, 116b, etc.). Even if this certificate is compromised, it will therefore not affect the security of the personal content.
[00154] Fig.10 depicts an example interface 1000 including the content presented by a third party aggregator, e.g. private social network, on a consumer computer 106, where references to personal content items from different provider computers 102a, 102b are displayed within the parent content provided by the public server 702. In this example, public server 702 decides which content to display, hiding or blocking the content that doesn't satisfy public access rules. In this instance, only allowed content is displayed ("Sharing now"). In another embodiment, public server 702 may include a placeholder for the blocked content ("Please, visit later to see more").
[00155] In addition to deciding which content to display, in this example public server 702 may display in the interface 1000 metadata about personal content items and provides interface elements to update this metadata: time since the content was provided 1002, feedback statistics and user interface 1004, 1006, notification that content will be hidden after this view and ability to change this rule 1008, 1010. This metadata is provided by the public server 702 without the knowledge what content is actually displayed by the users. The user of the consumer computer 106 may change or delete it without consent from the third party aggregator.
[00156] Personal content providers can collect their own statistics, or communicate with their friends without the knowledge of the public server. For instance, personal content provider can ask for specific user feedback, such as with user interface element 1012 or privately exchange text messages using interface elements 1014, 1016.
[00157] In the depicted embodiment, consumers can add their own personal content servers. For instance, after clicking on the button 1018, a new provider of personal content may receive a public URL (URL A) from the public server, obtain SSL certificate for the domain associated with personal content (domain B), and provide replaceable URL referencing personal content (URL B) to the public server 702. Button 1010 may invoke announcement of the public URL referencing the personal content of interest to other consumers, for instance by sending an email, text message, or some other type of message.
[00158] Fig. 11 is a block diagram illustrating an example computing device 11 which may embody any of the computers and servers disclosed herein. Computing device 1100 may be used to perform various procedures, such as those discussed herein. Computing device 1100 can function as a server, a client, or any other computing entity. Computing device can perform various monitoring functions as discussed herein, and can execute one or more application programs, such as the application programs described herein. Computing device 1100 can be any of a wide variety of computing devices, such as a desktop computer, a notebook computer, a server computer, a handheld computer, tablet computer and the like.
[00159] Computing device 1100 includes one or more processor(s) 1102, one or more memory device(s) 1104, one or more interface(s) 1106, one or more mass storage device(s) 1108, one or more Input/Output (I/O) device(s) 1110, and a display device 1130 all of which are coupled to a bus 1112. Processor(s) 1102 include one or more processors or controllers that execute instructions stored in memory device(s) 1104 and/or mass storage device(s) 1108.
Processor(s) 1102 may also include various types of computer-readable media, such as cache memory.
[00160] Memory device(s) 1104 include various computer-readable media, such as volatile memory (e.g., random access memory (RAM) 1114) and/or nonvolatile memory (e.g., read-only memory (ROM) 1116). Memory device(s) 1104 may also include rewritable ROM, such as Flash memory.
[00161] Mass storage device(s) 1108 include various computer readable media, such as magnetic tapes, magnetic disks, optical disks, solid-state memory (e.g., Flash memory), and so forth. As shown in Fig. 11, a particular mass storage device is a hard disk drive 1124. Various drives may also be included in mass storage device(s) 1108 to enable reading from and/or writing to the various computer readable media. Mass storage device(s) 1108 include removable media 1126 and/or non-removable media.
[00162] I/O device(s) 1110 include various devices that allow data and/or other information to be input to or retrieved from computing device 1100. Example I/O device(s) 1110 include cursor control devices, keyboards, keypads, microphones, monitors or other display devices, speakers, printers, network interface cards, modems, lenses, CCDs or other image capture devices, and the like.
[00163] Display device 1130 includes any type of device capable of displaying information to one or more users of computing device 1100. Examples of display device 1130 include a monitor, display terminal, video projection device, and the like.
[00164] Interface(s) 1106 include various interfaces that allow computing device 1100 to interact with other systems, devices, or computing environments. Example interface(s) 1106 include any number of different network interfaces 1120, such as interfaces to local area networks (LANs), wide area networks (WANs), wireless networks, and the Internet. Other interface(s) include user interface 1118 and peripheral device interface 1122. The interface(s) 1106 may also include one or more user interface elements 1118. The interface(s) 1106 may also include one or more peripheral interfaces such as interfaces for printers, pointing devices (mice, track pad, etc.), keyboards, and the like.
[00165] Bus 1112 allows processor(s) 1102, memory device(s) 1104, interface(s)
1106, mass storage device(s) 1108, and I/O device(s) 1110 to communicate with one another, as well as other devices or components coupled to bus 1112. Bus 1112 represents one or more of several types of bus structures, such as a system bus, PCI bus, IEEE 1394 bus, USB bus, and so forth.
[00166] For purposes of illustration, programs and other executable program components are shown herein as discrete blocks, although it is understood that such programs and components may reside at various times in different storage components of computing device 1100, and are executed by processor(s) 1102. Alternatively, the systems and procedures described herein can be implemented in hardware, or a combination of hardware, software, and/or firmware. For example, one or more application specific integrated circuits (ASICs) can be programmed to carry out one or more of the systems and procedures described herein.
[00167] What is claimed is:

Claims

1. A method for providing access to content on a first computer, the method comprising:
establishing, by a server system, an encrypted connection with the first computer, the connection server being enabled to provide reverse connections to the first computer;
receiving, by the server system, from a second computer a request for the content on the first computer, the request being performed using a first type of communication protocol; and converting, by the server system, using a protocol conversion module the request for the content to a translated request having a second type of communication protocol, where the first type of communication protocol at least partially encrypts exchanged data using an encryption key available to the protocol conversion module whereas the second type of communication protocol does not encrypt at least some parts of the translated request for which corresponding parts of the request for content are encrypted by the first type of communication protocol.
2. The method of claim 1, further comprising transmitting the translated request to the first computer only in response to determining that a number of simultaneous connections to the first computer are less than a threshold.
3. The method of claim 1, wherein the first type of communication protocol is hypertext transfer protocol secure (HTTPS).
4. The method of claim 2, wherein the first type of communication protocol is HTTPS, while protocol of the second type is hyper text transfer protocol (HTTP).
5. The method of claim 4, wherein the encrypted connection is a transport-level tunnel.
6. The method of claim 4, wherein the protocol conversion module is an HTTPS-to-
HTTP proxy.
7. The method of claim 1, further compri
reporting, by the server system, availability of the content on the first computer to a routing module;
receiving, by the routing module, reports of availability of content on a plurality of different computers from a plurality of intermediary servers;
receiving, by the routing module, the request for the content on the first computer from the second computer; and
routing, by the routing module, the request for the content on the first computer to the server system.
8. The method of claim 7, wherein the server system and routing module are in the same local network.
9. The method of claim 7, wherein the server system comprises a VPN server and a protocol conversion server, the VPN server performing establishing the encrypted connection with the first computer and the protocol conversion server implementing the protocol conversion module, the VPN server and protocol conversion server are in the same local computer.
10. The method of claim 9, wherein at least one intermediary server of the plurality of intermediary servers is in a different local network than the same local network.
11. A method for providing access to content on a personal computer, the method comprising:
receiving, by a server system from the personal computer, a posting message, the posting message including a posting uniform resource locator (URL) and referencing content on the personal computer;
receiving, by the server system, a request message from a requesting computer, the request message including the posting URL and having hyper text transfer protocol secure (HTTPS) request formatting;
establishing, by the server system, a virtual private network (VPN) tunnel to the personal computer;
translating, by the server system, the request message to a translated message including the posting URL and having hyper text transfer protocol (HTTP) request formatting; and
transmitting, by the server system, the translated message to the personal computer within the VPN tunnel.
12. The method of claim 11, further comprising:
receiving, by the server system, a response to the translated message from the personal computer, the response having HTTP response formatting;
translating, by the server system, the response to a translated response having HTTPS response formatting; and
transmitting, by the server system, the translated response to the requesting computer.
13. The method of claim 12, wherein:
the server system comprises a protocol conversion proxy computer and a VPN server computer each located within a local network;
translating the request message to the translated message is performed by the protocol conversion proxy (PCP) computer;
establishing the VPN tunnel to the personal computer is performed by the VPN server computer;
the method further comprising:
transmitting the translated message to the VPN server computer by the PCP; forwarding the translated message to the personal computer by the VPN server through the VPN tunnel.
14. The method of claim 13, wherein translating the response to the translated response is performed by the PCP computer;
the method further comprising:
forwarding the response to the PCP computer by the VPN server computer;
transmitting, the translated response by the PCP computer to the requesting computer.
15. The method of claim 1, further comprising:
reporting, by the server system, the posting URL to a routing module;
receiving, by the routing module from a plurality of intermediary servers, other URLs referencing content on a plurality of other computers;
receiving, by the routing module, the request request message; and
routing, by the routing module, the request message to the server system.
16. The method of claim 15, wherein the server system and routing module are in the same local network.
17. A computer-readable medium comprising a non-transitory storage device and storing executable code effective instruct one or more processors to:
receive an instruction to make content available to a recipient computer system;
in response to the instruction to make the content available to a recipient computer system, transmit an invitation to access the content to the recipient computer system;
establish an encrypted virtual private network (VPN) connection to an intermediary server system;
receive one or more requests for the content; and
for each request of the one or more requests- only if the each request is both of received from the intermediary server and through the encrypted VPN connection, transmitting the content to the intermediary server over the encrypted VPN connection; and
if the each request is not both of received from the intermediary server and through the encrypted VPN connection, refraining from transmitting the content to the intermediary server over the encrypted VPN connection.
18. The computer-readable medium of claim 17, wherein the executable code includes instruction for instructing the one or more processors to transmit the invitation to access the content to the recipient computer system in at least one of a text message, email, message, and posting to a web site.
19. The computer-readable medium of claim 17, wherein the invitation to access the content includes a domain name referencing a computer hosing the processor.
20. The computer-readable medium of claim 17, wherein the executable code is further effective to instruct the one or more processors to transmit the invitation to access the content to the recipient computer system in bypass of the intermediary server.
21. A method for providing access to content comprising:
receiving, by a server system from a first requestor computer, a request containing a first reference to a content on a first computer;
in response to receiving the request containing the first reference to the content on the first computer, returning, by the server system to the first requestor computer, a response containing a second reference to a content on a second computer, the second reference specifying a secure communication protocol for data exchange between the second computer and the first requestor computer, determining, by the server system, that the second reference may compromise security of data exchange with the second computer;
in response to determining that that the second reference may compromise security of data exchange with the second computer, obtaining, by the server system, a third reference to the content on the second computer, the third reference being different from the second reference; receiving, by the server system from one of the first requestor computer and a second requestor computer, a request containing the first reference to the content on the first computer; returning, by the server system to the one of the first requestor computer and the second requestor computer, a response containing the third reference to the content on the second computer, the third reference specifying secure communication protocol for data exchange between the second computer and the one of the first requestor computer and the second requestor computer.
22. The method of claim 21, wherein the secure communication protocol specified by the second reference requires the second computer to have access to a first encryption key that must be kept secret from unauthorized parties, the first encryption key being associated with at least part of the second reference.
23. The method of claim 22, wherein the secure communication protocol specified by the third reference requires the second computer to have access to a second encryption key that must be kept secret from unauthorized parties, the second encryption key being different from the first encryption key.
24. The method of claim 23, wherein the secure communication protocol specified by the second and third references is a hyper text transfer protocol secure (HTTPS), the first and second encryption keys are private keys for secure socket layer (SSL) certificates, the first key being associated with a first domain name included in the second reference, the second key being associated with a second domain name included in the third reference, the first domain name being different from the second domain name.
25. The method of claim 24, wherein obtaining the third reference to the content on the second computer further comprises:
obtaining, by the server system, the second domain name;
generating the third reference by the replacing the first domain name contained in the second reference by the second domain name.
26. The method of claim 21, wherein the second and the third references point to the same content on the second server.
27. The method of claim 22, further comprising, in response to determining that the second reference may compromise security of data exchange with the second computer:
sending one or more messages, from the server system to the second computer, indicating that encryption key associated with at least part of the first reference may became accessible to unauthorized party.
28. The method of claim 27, wherein at least one message from the server system to the second computer includes a second encryption key to replace the first encryption key.
29. The method of claim 21, further comprising:
receiving, by the server system from the first requestor computer, a first request containing the second reference to the content on the second computer;
forwarding, by the server system, the first request to the second computer through a reverse connection between the server system and the second computer.
30. The method of claim 29, wherein the reverse connection between the server system and the second computer is selected from a group consisting of virtual private network (VPN) tunnel, a proxy connection and a secure shell (SSH) connection.
31. A system for providing access to content comprising one or more processors and one or more memory devices operably coupled to the one or more processors, the one or more memory devices storing executable and operational code effective to cause the one or more processors to:
receive from a first requestor computer, a request containing a first reference to a content on a first computer;
in response to receiving the request containing the first reference to the content on the first computer, return to the first requestor computer, a response containing a second reference to a content on a second computer, the second reference specifying a secure communication protocol for data exchange between the second computer and the first requestor computer;
evaluate security of the second reference with respect to compromising of security of data exchange with the second computer; if security of the second reference is compromised, obtaining, by the system, a third reference to the content on the second computer, the third reference being different from the second reference (a) receiving, by the system from one of the first requestor computer and a second requestor computer, a request containing the first reference to the content on the first computer and (b) returning, by the system to the one of the first requestor computer and the second requestor computer, a response containing the third reference to the content on the second computer, the third reference specifying secure communication protocol for data exchange between the second computer and the one of the first requestor computer and the second requestor computer.
32. The system of claim 31, wherein the secure communication protocol specified by the second reference requires the second computer to have access to a first encryption key that must be kept secret from unauthorized parties, the first encryption key being associated with at least part of the second reference.
33. The system of claim 32, wherein the secure communication protocol specified by the third reference requires the second computer to have access to a second encryption key that must be kept secret from unauthorized parties, the second encryption key being different from the first encryption key.
34. The system of claim 33, wherein the secure communication protocol specified by the second and third references is a hyper text transfer protocol secure (HTTPS), the first and second encryption keys are private keys for secure socket layer (SSL) certificates, the first key being associated with a first domain name included in the second reference, the second key being associated with a second domain name included in the third reference, the first domain name being different from the second domain name.
35. The system of claim 34, wherein the executable and operational code are further effective to cause the one or more processors to obtain the third reference to the content on the second computer by:
obtaining the second domain name,
generating the third reference by the replacing the first domain name contained in the second reference by the second domain name.
36. The system of claim 31, wherein the second and the third references point to the same content on the second server.
37. The system of claim 32, wherein the executable and operational code are further effective to cause the one or more processors to, if security of the second reference is compromised, send one or more messages, from the system to the second computer, indicating that encryption key associated with at least part of the first reference may became accessible to unauthorized party.
38. The system of claim 37, wherein the at least one message from the system to the second computer includes a second encryption key to replace the first encryption key.
39. The system of claim 31, wherein the executable and operational code are further effective to cause the one or more processors to:
receive from the first requestor computer, a first request containing the second reference to the content on the second computer,
forward the first request to the second computer through a reverse connection between the system and the second computer.
40. The system of claim 39, wherein the reverse connection between the system and the second computer is selected from a group consisting of virtual private network (VPN) tunnel, a proxy connection and a secure shell (SSH) connection.
41. A method for providing access to content comprising:
receiving, by a server system from a first network address, a first request containing a reference to a first content on a first computer;
returning, by the server system to the first network address, a response containing a reference to a second content on a second computer;
receiving, by the server system from a second network address, a second request containing reference to the second content on the second computer;
determining, by the server system, that the second network address is different from the first network address; and
in response to determining that the second network address is different from the first network address, refraining from returning the second content from the second computer to the second network address.
42. The method of claim 41, further comprising:
receiving, by the server system from a third network address, a third request containing reference to a second content on a second computer;
determining, by the server system, that the third network address is same as the first source network address; and
in response to determining that the third network address is same as the first network address, returning, by the server system to the first network address, the second content from the second computer.
43. The method of claim 42, further comprising:
in response to determining that the third network address is same as the first network address, forwarding, by the server system, the third request to the second computer, receiving a response from the second computer and sending the response, by the server system, to the first network address; and
in response to determining that the second network address is different from the first network address, refraining from forwarding the second request to the second computer.
44. The method of claim 43, wherein forwarding the third request to the second computer comprises sending the third request through a reverse connection between the server system and the second computer.
45. The method as in claim 44, wherein the reverse connection between the server system and the second computer comprises one from a group of virtual private network (VPN) tunnel, proxy connection and secure shell (SSH) connection.
46. The method as in claim 42, wherein returning the second content from the second computer to the first network address comprises establishing an encrypted communication channel between the second computer and a computer associated with the first network address, the channel being established by using an encryption key accessible by the second computer.
47. The method of claim 46, wherein the encrypted communication channel uses hyper text transfer secure protocol (HTTPS) and the encryption key accessible by the second computer is a private key for a secure socket layer (SSL) certificate.
48. The method as in claim 46, further comprising:
in response to determining that the second network address is different from the first network address, sending notification, by the server system, that security of the encryption key accessible by the second computer is compromised.
49. The method as in claim 41, further comprising:
in response to determining that the second network address is different from the first network address, refraining from returning the second content from the second computer for one or more requests for the second content following the second request.
50. The method as in claim 41, further comprising:
in response to determining that the second network address is different from the first network address, returning, by the server system, at least one response to a request for the first content containing a reference to the second content different from the one returned in response to the first request for the first content.
51. A method for providing access to content comprising:
receiving, by a server system from a first network address, a first request containing reference to a first content on a first computer;
returning, by the server system to the first network address, a response containing reference to a second content on a second computer;
determining, by the server system, that request from the first network address for the second content did not arrive within the threshold time; and
in response to determining that request from the first network address did not arrive within the threshold time, refraining from returning the second content from the second computer for one or more requests received after the threshold time.
52. A system for providing access to content comprising one or more processors and one or more memory devices operably coupled to the one or more processors and storing executable and operational code effective to cause the one or more processors to:
receive from a first network address, a first request containing a reference to a first content on a first computer,
return, to the first network address, a response containing a reference to a second content on a second computer,
receive, from a second network address, a second request containing reference to the second content on the second computer, if the second network address is different from the first network address, refraining from returning the second content from the second computer to the second network address.
53. The system of claim 52, wherein the executable and operational code are further effective to cause the one or more processors to:
only if the second network address is same as the first source network address, return to the first network address, the second content from the second computer.
54. The system of claim 53, wherein the executable and operational code are further effective to cause the one or more processors to:
only if the second network address is the same as the first network address, (a) forward the second request to the second computer, (b) receive a response to the second request from the second computer, and (c) send the response to the second request to the first network address; and
if the second network address is different from the first network address, refrain from forwarding the second request to the second computer.
55. The system of claim 54, wherein the executable and operational code are further effective to cause the one or more processors to forward the third request to the second computer by sending the third request through a reverse connection between the system and the second computer.
56. The system of claim 55, wherein the reverse connection between the system and the second computer is selected from the group consisting of a virtual private network (VPN) tunnel, a proxy connection, and a secure shell (SSH) connection.
57. The system of claim 53, wherein the executable and operational code are further effective to cause the one or more processors to:
return the second content from the second computer to the first network address by establishing an encrypted communication channel between the second computer and a computer associated with the first network address, the channel being established by using an encryption key accessible by the second computer.
58. The system of claim 57, wherein the encrypted communication channel implements a hyper text transfer secure protocol (HTTPS) and the encryption key accessible by the second computer is a private key for a secure socket layer (SSL) certificate.
59. The system as in claim 57, wherein the executable and operational code are further effective to cause the one or more processors to:
in response to determining that the second network address is different from the first network address, send a notification to the second computer indicating that security of the encryption key accessible by the second computer is compromised.
60. The system as in claim 41, wherein the executable and operational code are further effective to cause the one or more processors to:
if the second network address is different from the first network address, refrain from returning the second content from the second computer for one or more requests for the second content following the second request.
EP16905665.2A 2016-06-17 2016-06-17 Secure personal server system and method Withdrawn EP3472991A4 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2016/038180 WO2017218013A1 (en) 2016-06-17 2016-06-17 Secure personal server system and method

Publications (2)

Publication Number Publication Date
EP3472991A1 true EP3472991A1 (en) 2019-04-24
EP3472991A4 EP3472991A4 (en) 2019-11-20

Family

ID=60664633

Family Applications (1)

Application Number Title Priority Date Filing Date
EP16905665.2A Withdrawn EP3472991A4 (en) 2016-06-17 2016-06-17 Secure personal server system and method

Country Status (5)

Country Link
EP (1) EP3472991A4 (en)
JP (1) JP2019526955A (en)
KR (1) KR20190031473A (en)
CA (1) CA3027340A1 (en)
WO (1) WO2017218013A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11704671B2 (en) * 2020-04-02 2023-07-18 Bottomline Technologies Limited Financial messaging transformation-as-a-service
CN111526161A (en) * 2020-05-27 2020-08-11 联想(北京)有限公司 Communication method, communication equipment and proxy system
WO2023154072A1 (en) * 2022-02-08 2023-08-17 QuSecure, Inc. System ans methods for switching among communication protocols
CN116582364B (en) * 2023-07-12 2023-10-03 苏州浪潮智能科技有限公司 Data access method, system, device, electronic equipment and readable storage medium

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003105010A1 (en) * 2002-06-06 2003-12-18 Neoteris, Inc. Method and system for providing secure access to private networks
US8812579B2 (en) * 2006-12-21 2014-08-19 Verizon Patent And Licensing Inc. Apparatus for transferring data via a proxy server and an associated method and computer program product
US7685280B2 (en) * 2007-04-23 2010-03-23 International Business Machines Corporation Populating requests to multiple destinations using a mass request
US8910272B2 (en) * 2008-02-28 2014-12-09 Hob Gmbh & Co. Kg Computer communication system for communication via public networks
WO2011146742A2 (en) * 2010-05-19 2011-11-24 Akamai Technologies Inc. Edge server http post message processing
US9384463B2 (en) * 2010-07-23 2016-07-05 Anchorfree, Inc. SSL HTTPS browser
US9203810B2 (en) * 2010-07-23 2015-12-01 Anchorfree Inc. Web VPN
US10248975B2 (en) * 2013-02-27 2019-04-02 Facebook, Inc. Providing advertisement content via an advertisement proxy server

Also Published As

Publication number Publication date
WO2017218013A1 (en) 2017-12-21
JP2019526955A (en) 2019-09-19
KR20190031473A (en) 2019-03-26
EP3472991A4 (en) 2019-11-20
CA3027340A1 (en) 2017-12-21

Similar Documents

Publication Publication Date Title
US9942204B2 (en) Secure personal server system and method
US11652792B2 (en) Endpoint security domain name server agent
JP7561265B2 (en) ENCRYPTED SNI FILTERING METHOD AND SYSTEM FOR CYBER SECURITY APPLICATIONS - Patent application
CN111034150B (en) Method and apparatus for selectively decrypting SSL/TLS communications
EP2989769B1 (en) Selectively performing man in the middle decryption
US10432588B2 (en) Systems and methods for improving HTTPS security
EP3033688B1 (en) Selectively performing man in the middle decryption
EP3453152B1 (en) Selectively altering references within encrypted pages using man in the middle
US10904227B2 (en) Web form protection
IL280889A (en) Nonce injection and observation system for detecting eavesdroppers
Chakravarty et al. Detection and analysis of eavesdropping in anonymous communication networks
EP3472991A1 (en) Secure personal server system and method
US11736516B2 (en) SSL/TLS spoofing using tags
US20230370492A1 (en) Identify and block domains used for nxns-based ddos attack
Johnson Domain fronting: Making backdoor access look like Google requests

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20190117

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

RIN1 Information on inventor provided before grant (corrected)

Inventor name: MOLCHANOV, MAXIM

Inventor name: AMBATI, VAMSI, KRISHNA

Inventor name: LAPIDOUS, EUGENE

Inventor name: ARSITOV, ARTEM

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
A4 Supplementary search report drawn up and despatched

Effective date: 20191018

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 29/06 20060101AFI20191014BHEP

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: PANGO INC.

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN

18W Application withdrawn

Effective date: 20200702