JP2007028606A - Method for verifying and constructing high-security anonymous communication path in peer-to-peer anonymous proxy - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To ensure a high-security anonymous communication path by selecting a reliable anonymous communication path server from a network mixing reliable anonymous communication path servers and non-reliable anonymous communication path servers therein. <P>SOLUTION: Access is performed from a dedicated program (hereinafter referred to peer-to-peer anonymous proxy) having the character of an anonymous proxy, available cooperatively for a user and other person, initiated by the user to a peer-to-peer anonymous proxy initiated by the other person, and a data transmission/reception anonymous communication path with a server is temporarily constructed. At such a time, an authentication password is received from a peer-to-peer anonymous proxy of a relay point, another anonymous communication path is then constructed newly, such anonymous communication path is used to access the peer-to-peer anonymous proxy from which the password is received before, and the password is authenticated. If the password matches, the anonymous communication path is determined as a reliable relay point, and the anonymous communication path is used to transmit/receive data. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a communication processing device, a communication method, and a program that can ensure a highly secure anonymous communication path in a computer network.

  TCP / IP communication methods used in the Internet and the like are quite popular in the world. This communication method has become a standard that can be easily applied to various devices due to its simple configuration (FIG. 2).

  In general, most of the communication data on the Internet is not encrypted, and the information of these IP packets is completely visible on the computer that has been relayed. Therefore, it is possible for a malicious administrator of a computer serving as a relay point to peep at the communication contents between the transmission source and the destination (FIG. 3).

  When communication is performed with encryption such as SSL, the data contents cannot be understood only by the administrator at the relay point looking at the IP packet. However, since the IP header and TCP / UDP header, which are other information, are not encrypted, it is possible to know where to communicate from where to the relayed computer.

  Furthermore, the IP communication procedure has a drawback that it is possible to determine where the transmission source is for a destination that is a communication partner with which information is to be exchanged (20 in FIG. 4). In order to overcome this, a plurality of anonymous proxies can be used as relay points, and communication can be performed through these relay points so that the transmission source is not notified to the destination (22 in FIG. 4).

  However, this method has a disadvantage that all anonymous proxy managers know where the communication is destined. Furthermore, there is a drawback that both the transmission source and the destination are exposed to the anonymous proxy (21 in FIG. 4) to which the client first connects. Further, since the communication route itself is always fixed, the transmission source is likely to be detected.

  Instead of using a specific anonymous proxy to prevent such a situation, a dedicated program (hereinafter referred to as a peer-to-peer anonymous proxy) with the nature of an anonymous proxy that can be used jointly by yourself and others is always launched. It is possible to solve the problem by selecting a relay point arbitrarily or randomly from these, and constructing an anonymous communication path that performs peer-to-peer encrypted communication between strangers and passes data to each other. (FIG. 5).

In this way, the very first peer-to-peer anonymous proxy is one you have set up and you can trust. A peer-to-peer anonymous proxy that is a relay point cannot be determined from the flow of data on the network whether the other peer-to-peer anonymous proxy that has connected to it is the starting point or another relay point. This is because an operating peer-to-peer anonymous proxy has two functions, ie, a starting point for communication and a relay point for communication of others. Therefore, it is difficult to judge from the outside.
RFC791 RFC919 RFC922

  If communication can be actually performed using the method shown in FIG. 5, it is possible to avoid leakage of considerable communication information. However, this is a case where all relay points are operating correctly, and when a maliciously altered peer-to-peer anonymous proxy becomes a relay point, communication cannot always be performed securely. Specifically, there are the following problems.

  When communication between peer-to-peer anonymous proxies connected to each other is simply encrypted communication such as SSL, peer-to-peer type which becomes a connection source client to a third party monitoring the network from the outside It is no longer possible to grasp whether it is an anonymous proxy. However, since the content of these communication data is decrypted inside the peer-to-peer anonymous proxy, the administrator of the peer-to-peer anonymous proxy that has been relayed knows the destination of the communication.

  Further, when the peer-to-peer anonymous proxy at the relay point determines the peer-to-peer anonymous proxy to be the next relay, it is possible to make it possible to grasp only the IP addresses before and after the relaying itself. However, if there is a modified peer-to-peer anonymous proxy, even if the user has specified to go through more relay points, it may not be routed as it is, thus maintaining anonymity. Not always. In addition, there is no way for the user himself to confirm whether the anonymous communication path used in this case is really safe.

  On the other hand, when specifying what route the user himself / herself passes, it can be confirmed whether the route is correctly routed, but the route is also grasped by the peer-to-peer anonymous proxy serving as a relay point.

  A user who wishes to perform anonymous communication starts up a peer-to-peer type anonymous proxy on the computer used by the user (1 in FIG. 1), and uses this as the starting point of the anonymous communication path to be a peer-to-peer type anonymous proxy A. The peer-to-peer anonymous proxy A selects and connects the peer-to-peer anonymous proxy B that is the next relay point. Then exchange public keys with each other. The peer-to-peer anonymous proxy B generates a unique password for authentication, encrypts it so as to be known only by the peer-to-peer anonymous proxy A, and sends it to the peer-to-peer anonymous proxy A (2 in FIG. 1).

  The peer-to-peer anonymous proxy A selects the next relay point peer-to-peer anonymous proxy C of the peer-to-peer anonymous proxy B, and connects the peer-to-peer anonymous proxy B to the peer-to-peer anonymous proxy C. Again, exchange public keys with each other. The peer-to-peer anonymous proxy C generates a unique password for authentication, encrypts it so as to be known only by the peer-to-peer anonymous proxy A, and sends it to the peer-to-peer anonymous proxy A (2, 3 in FIG. 1).

  As connected from peer-to-peer anonymous proxy A to peer-to-peer anonymous proxies B and C, peer-to-peer anonymous proxy A connects to peer-to-peer anonymous proxies D and E via another route, and then peer-to-peer anonymous proxy B is accessed. At this time, the password acquired by the route 2 in FIG. 1 is encrypted so as to be known only to the peer-to-peer anonymous proxy B, and sent to the peer-to-peer anonymous proxy B for authentication (4, 5 in FIG. 1). 6).

  Further, as connected from the peer-to-peer anonymous proxy A to the peer-to-peer anonymous proxy B and C, the peer-to-peer anonymous proxy A is connected to the peer-to-peer anonymous proxy F and G by another route, and then the peer-to-peer anonymous proxy C is accessed. . At this time, the password acquired by the routes 2 and 3 in FIG. 1 is encrypted so as to be known only by the peer-to-peer anonymous proxy C, and sent to the peer-to-peer anonymous proxy C for authentication (7 in FIG. 1). 8, 9).

  When the passwords of the peer-to-peer anonymous proxy B and the peer-to-peer anonymous proxy C match, it is proved that correct routing is performed as specified by the peer-to-peer anonymous proxy A. After that, using the routes 2, 3, and 10 in FIG. This data is encrypted and sent to the peer-to-peer anonymous proxy A, and the content is not grasped at all by the peer-to-peer anonymous proxy serving as a relay (2, 3, 10, and FIG. 5 in FIG. 1).

  In addition, a method of constructing peer-to-peer anonymous proxies that serve as relay points for an anonymous path for data transmission / reception with a server is also conceivable. In this case, the connections are made in the order of 2, 4, 5, 6, 3, 7, 8, 9, 10 in FIG.

  Communication can be performed without notifying a communication partner (such as an http server) of the original transmission source. In addition, the destination of communication is not known other than the end-point peer-to-peer anonymous proxy. Therefore, the destination of communication can be kept secret from the organization to which a user such as a company or provider belongs when connecting to the Internet. Other than the peer-to-peer anonymous proxy at the end point, the packet contents with the communication partner (such as an http server) are not known at all. The relay point peer-to-peer anonymous proxy that constitutes the anonymous communication path other than the peer-to-peer anonymous proxy that the user starts up does not know where the original transmission source is. An existing Internet service using TCP or UDP such as http or ftp can be used as it is with the transmission source and the destination kept secret.

  The relay point of the peer-to-peer type anonymous proxy can be understood only before and after the connection route, and it can be confirmed whether the routing as specified by the user is performed. Therefore, even when there are unreliable relay points, it is possible to eliminate them and form an anonymous communication path.

  Since users themselves will also establish peer-to-peer anonymous proxies for anonymous communication paths, even if the number of users using anonymous communication paths increases, the number of peer-to-peer anonymous proxies that serve as relay points will increase accordingly, resulting in a decrease in line speed. Easy to escape. Further, when an anonymous communication path is secured, an anonymous communication path is selected in consideration of the speed between the peer-to-peer anonymous proxies, so that it is possible to efficiently use a network that is always available.

  Two methods are conceivable depending on the situation. The type of connection in the order of 2, 3, 4, 5, 6, 7, 8, 9, 10 in FIG. 1 is a connection method suitable when there are many reliable relay points. This is because the routes 4, 5, 6, and 7, 8, 9 can be accessed simultaneously. The type of connection in the order 2, 4, 5, 6, 3, 7, 8, 9, 10 in FIG. 1 is a connection method suitable for cases where there are many unreliable relay points. Because, even if an anonymous communication path for data transmission / reception with a server is constructed at a time, when an illegal peer-to-peer anonymous proxy is detected in subsequent verification, an anonymous communication path for data transmission / reception with that server is constructed. Because you have to start over. The basic exchange is the same except that the order of establishment of the anonymous communication path for data transmission and reception with the server is different from the establishment order of the anonymous communication path for checking. Therefore, the former will be described in the embodiment.

  FIG. 6 shows a flowchart for constructing an anonymous communication path. A user U0 who wants to access a server SV such as an http server starts up a peer-to-peer anonymous proxy P (U0) in advance. Thereafter, the user U0 determines an internal variable m of P (U0) as to how many peer-to-peer anonymous proxies are passed as relay points (step S1). Thereafter, P (U0) randomly selects one address from a list of IP addresses of other peer-to-peer anonymous proxies held internally (step S2). The selected IP address is A (U1), which is the next relay point of P (U0). P (U0) initializes an internal variable n indicating the number of peer-to-peer anonymous proxies currently being relayed to 0 (step S3).

  When n = 0 (step S4), P (U0) is the public key LP1 (U0) and the corresponding private key LS1 (U0), and the public key LP2 (U0) and the corresponding private key LS2 (U0). Is generated (step S5).

  P (Un) is connected to P (Un + 1) whose IP address is A (Un + 1) (step S6). P (Un + 1) generates a public key LP1 (Un + 1) and a corresponding private key LS1 (Un + 1) (step S7). Then, the public key LP1 (Un + 1) is sent without encryption from P (Un + 1) to P (Un) (step S8). P (Un) receives the data.

  If the variable n is not 0 in P (U0) (step S9), the public key LP2 (U0) is encrypted from P (Un) to P (U0), and the public key LP1 (Un + 1) is sent. P (U0) decrypts the received data with the private key LS2 (U0) (step S10). At this time, P (Un) is not sent directly from P (Un), but P (Un) is transferred from P (Un) to P (Un-1) while performing encryption communication between adjacent relay points. 1) to P (Un-2), and so on to P (U0) (FIG. 7).

  In the flowchart of FIG. 7, P (R0) is the same peer-to-peer anonymous proxy as P (Un). DATA (R0) corresponds to the public key LP1 (Un + 1) encrypted with the public key LP2 (U0) in step S10 of FIG. 6 (step S32). The variable k is for convenience in explaining the flowchart (step S33), and this variable does not exist in any peer-to-peer anonymous proxy. If P (Rk) and P (U0) do not match (step S34), encryption is performed from P (Rk) to P (Rk + 1) with the public key LP1 (Rk + 1), and DATA (R0) is sent (step S35). Here, P (Rk) corresponds to P (Un-k), P (Rk + 1) corresponds to P (Un-k-1), and public key LP1 (Rk + 1) corresponds to public key LP1 (Un-k-1). To do. Thereafter, 1 is added to the variable k, and the process jumps to step S34 in FIG. 7 (step S36). If P (Rk) and P (U0) match (step S34), the process jumps to step S11 in FIG.

  The public key LP1 (Un + 1) is encrypted from P (Un) to P (Un + 1), and the public key LP1 (Un) and the public key LP2 (U0) are sent. P (Un + 1) decrypts the received data with the private key LS1 (Un + 1) (step S11).

  P (Un + 1) generates a unique password PW (Un + 1) (step S12). The password PW (Un + 1) is sent from P (Un + 1) to P (U0) with the public key LP2 (U0). P (U0) decrypts the received data with the private key LS2 (U0) (step S13). At this time, without performing direct transmission from P (Un + 1) to P (U0), while performing relay communication between adjacent relay points, P (Un + 1) to P (Un) and P (Un) to P (Un) Send to P (U0) in this order (Un-1) (FIG. 7).

  In the flowchart of FIG. 7, P (R0) is the same peer-to-peer anonymous proxy as P (Un + 1). DATA (R0) corresponds to the unique password PW (Un + 1) encrypted with the public key LP2 (U0) in step S13 of FIG. 6 (step S32). The variable k is for convenience in explaining the flowchart (step S33), and this variable does not exist in any peer-to-peer anonymous proxy. If P (Rk) and P (U0) do not match (step S34), encryption is performed from P (Rk) to P (Rk + 1) with the public key LP1 (Rk + 1), and DATA (R0) is sent (step S35). Here, P (Rk) corresponds to P (Un + 1-k), P (Rk + 1) corresponds to P (Un-k), and public key LP1 (Rk + 1) corresponds to public key LP1 (Un-k). Thereafter, 1 is added to the variable k, and the process jumps to step S34 in FIG. 7 (step S36). If P (Rk) and P (U0) match (step S34), the process jumps to step S14 in FIG.

  P (U0) confirms whether m = n + 1 holds. If established, the process jumps to step S18, and if not established, the process jumps to step S15 (step S14). P (U0) randomly selects one from the IP address list of other peer-to-peer anonymous proxies held internally (step S15). The selected IP address is A (Un + 2), which is the next relay point of P (Un + 1). The IP address A (Un + 2) is sent from P (U0) to P (Un + 1) with the public key LP1 (Un + 1). P (Un + 1) decrypts the received data with the private key LS1 (Un + 1) (step S16). At this time, without performing direct transmission from P (U0) to P (Un + 1), while performing encryption communication between relay points connected adjacently, P (U0) to P (U1), P (U1) to P Send to P (Un + 1) in the order of (U2) (FIG. 7).

  In the flowchart of FIG. 7, P (R0) is the same peer-to-peer anonymous proxy as P (U0). DATA (R0) corresponds to IP address A (Un + 2) encrypted with public key LP1 (Un + 1) in step S16 of FIG. 6 (step S32). The variable k is for convenience in explaining the flowchart (step S33), and this variable does not exist in any peer-to-peer anonymous proxy. When P (Rk) and P (Un + 1) do not match (step S34), encryption is performed from P (Rk) to P (Rk + 1) with the public key LP1 (Rk + 1), and DATA (R0) is sent (step S35). Here, P (Rk) corresponds to P (Uk), P (Rk + 1) corresponds to P (Uk + 1), and public key LP1 (Rk + 1) corresponds to public key LP1 (Uk + 1). Thereafter, 1 is added to the variable k, and the process jumps to step S34 in FIG. 7 (step S36). If P (Rk) and P (Un + 1) match (step S34), the process jumps to step S17 in FIG.

  P (U0) adds 1 to n and jumps to step S4 (step S17).

  P (U0) initializes the internal variable n to 1 (step S18). P (U0) is connected to P (Un), the password received in step S13 is sent to P (Un), and the same password or return value is received from P (Un) (step S19, FIG. 8).

  The flowchart of FIG. 8 will be described. Steps S37 to S53 in FIG. 8 are substantially the same as steps S1 to S17 in FIG. C0 and U0 are the same user, and P (C0) of the peer-to-peer anonymous proxy is the same as P (U0). When n> 0 and i> 0, Un and Ci are all different users, and P (Un) and P (Ci) are also different peer-to-peer anonymous proxies. Here, the user C0 (= U0) who wants to access P (Un) determines in advance an internal variable h of P (U0) indicating how many peer-to-peer anonymous proxies pass as a relay point (step S37). . After that, P (C0) (= P (U0)) of the peer-to-peer anonymous proxy launched by the user C0 randomly selects one address from the IP address list of the other peer-to-peer anonymous proxy held internally. Select (step S38). The selected IP address is A (C1), which becomes the next relay point of P (C0). P (U0) initializes internal variable i with 0 (step S39).

  When i = 0 (step S40), P (C0) is the public key LP3 (C0) and the corresponding private key LS3 (C0), and the public key LP4 (C0) and the corresponding private key LS4 (C0). Is generated (step S41).

  P (Ci) is connected to P (Ci + 1) whose IP address is A (Ci + 1) (step S42). P (Ci + 1) generates a public key LP3 (Ci + 1) and a corresponding private key LS3 (Ci + 1) (step S43). Then, the public key LP3 (Ci + 1) is sent without encryption from P (Ci + 1) to P (Ci) (step S44). P (Ci) receives the data.

  If the variable i is not 0 at P (C0) (step S45), the public key LP4 (C0) is encrypted from P (Ci) to P (C0), and the public key LP3 (Ci + 1) is sent. P (C0) decrypts the received data with the private key LS4 (C0) (step S46). At this time, P (Ci) is not sent directly to P (C0), and the relay points connected adjacent to each other are performing cryptographic communication between P (Ci) and P (Ci-1). 1) to P (Ci-2) in this order and sent to P (C0) (FIG. 7).

  In the flowchart of FIG. 7, P (R0) is the same peer-to-peer anonymous proxy as P (Ci). DATA (R0) corresponds to the public key LP3 (Ci + 1) encrypted with the public key LP4 (C0) in step S46 of FIG. 8 (step S32). The variable k is for convenience in explaining the flowchart (step S33), and this variable does not exist in any peer-to-peer anonymous proxy. If P (Rk) and P (C0) do not match (step S34), encryption is performed from P (Rk) to P (Rk + 1) with the public key LP1 (Rk + 1), and DATA (R0) is sent (step S35). Here, P (Rk) corresponds to P (Ci-k), P (Rk + 1) corresponds to P (Ci-k-1), and public key LP1 (Rk + 1) corresponds to public key LP3 (Ci-k-1). To do. Thereafter, 1 is added to the variable k, and the process jumps to step S34 in FIG. 7 (step S36). If P (Rk) and P (C0) match (step S34), the process jumps to step S47 in FIG.

  P (Ci) is encrypted with P (Ci + 1) with public key LP3 (Ci + 1), and public key LP3 (Ci) and public key LP4 (C0) are sent. P (Ci + 1) decrypts the received data with the private key LS3 (Ci + 1) (step S47).

  P (Ci + 1) generates a unique password PW (Ci + 1) (step S48). The password PW (Ci + 1) is transmitted from P (Ci + 1) to P (C0) with the public key LP4 (C0). However, since the current path is the anonymous communication path for checking shown in FIG. 1, this password is never used. For a peer-to-peer anonymous proxy that is a relay, a process of sending a password is performed because it is not determined whether it is an anonymous communication channel for data transmission / reception or an anonymous communication channel for checking. P (C0) decrypts the received data with the private key LS4 (C0) (step S49). At this time, without performing direct transmission from P (Ci + 1) to P (C0), P (Ci + 1) to P (Ci) and P (Ci) to P (Ci) while performing encryption communication between adjacent relay points. Send to P (C0) in the order of Ci-1) (FIG. 7).

  In the flowchart of FIG. 7, P (R0) is the same peer-to-peer anonymous proxy as P (Ci + 1). DATA (R0) corresponds to the unique password PW (Ci + 1) encrypted with the public key LP4 (C0) in step S49 of FIG. 8 (step S32). The variable k is for convenience in explaining the flowchart (step S33), and this variable does not exist in any peer-to-peer anonymous proxy. If P (Rk) and P (C0) do not match (step S34), encryption is performed from P (Rk) to P (Rk + 1) with the public key LP1 (Rk + 1), and DATA (R0) is sent (step S35). Here, P (Rk) corresponds to P (Ci + 1-k), P (Rk + 1) corresponds to P (Ci-k), and public key LP1 (Rk + 1) corresponds to public key LP3 (Ci-k). Thereafter, 1 is added to the variable k, and the process jumps to step S34 in FIG. 7 (step S36). If P (Rk) and P (C0) match (step S34), the process jumps to step S50 in FIG.

  P (C0) checks whether h = i + 1 holds. If established, the process jumps to step S54, and if not established, the process jumps to step S51 (step S50). P (C0) selects one randomly from the IP address list of other peer-to-peer anonymous proxies held internally (step S51). The selected IP address is A (Ci + 2), which is the next relay point of P (Ci + 1). The IP address A (Ci + 2) is sent from P (C0) to P (Ci + 1) with the public key LP3 (Ci + 1). P (Ci + 1) decrypts the received data with the private key LS3 (Ci + 1) (step S52). At this time, without performing direct transmission from P (C0) to P (Ci + 1), while performing relay communication between adjacent relay points, P (C0) to P (C1), P (C1) to P Send to P (Ci + 1) in the order of (C2) (FIG. 7).

  In the flowchart of FIG. 7, P (R0) is the same peer-to-peer anonymous proxy as P (C0). DATA (R0) corresponds to IP address A (Ci + 2) encrypted with public key LP3 (Ci + 1) in step S52 of FIG. 8 (step S32). The variable k is for convenience in explaining the flowchart (step S33), and this variable does not exist in any peer-to-peer anonymous proxy. If P (Rk) and P (Ci + 1) do not match (step S34), encryption is performed with the public key LP1 (Rk + 1) from P (Rk) to P (Rk + 1), and DATA (R0) is sent (step S35). Here, P (Rk) corresponds to P (Ck), P (Rk + 1) corresponds to P (Ck + 1), and public key LP1 (Rk + 1) corresponds to public key LP3 (Ck + 1). Thereafter, 1 is added to the variable k, and the process jumps to step S34 in FIG. 7 (step S36). If P (Rk) and P (Ci + 1) match (step S34), the process jumps to step S53 in FIG.

  P (C0) adds 1 to i and jumps to step S40 (step S53).

  The password PW (Un) encrypted from the public key LP1 (Un) is transmitted from P (C0) to P (Un) and received in step S13 of FIG. P (Un) decrypts the received data with the private key LS1 (Un) (step S54). At this time, without performing direct transmission from P (C0) to P (Un), while performing relay communication between adjacent relay points, P (C0) to P (C1), P (C1) to P Send to P (Un) in the order of (C2) (FIG. 7).

  In the flowchart of FIG. 7, P (R0) is the same peer-to-peer anonymous proxy as P (C0). DATA (R0) corresponds to the password PW (Un) encrypted with the public key LP1 (Un) in step S54 of FIG. 8 (step S32). The variable k is for convenience in explaining the flowchart (step S33), and this variable does not exist in any peer-to-peer anonymous proxy. If P (Rk) and P (Un) do not match (step S34), encryption is performed from P (Rk) to P (Rk + 1) with the public key LP1 (Rk + 1), and DATA (R0) is sent (step S35). Here, P (Rk) corresponds to P (Uk), P (Rk + 1) corresponds to P (Uk + 1), and public key LP1 (Rk + 1) corresponds to public key LP1 (Uk + 1). Thereafter, 1 is added to the variable k, and the process jumps to step S34 in FIG. 7 (step S36). If P (Rk) and P (C0) match (step S34), the process jumps to step S55 in FIG.

  P (Un) confirms whether the decrypted data matches the password group generated by P (Un) within the past specific time. If they match, it is encrypted with the public key LP2 (U0) from P (Un) to P (C0), and the password P (Un) is sent back. If the data sent from P (C0) cannot be decrypted, or if the passwords do not match, the contents that convey this are sent back to P (C0). P (C0) decrypts the received data with the private key LS2 (U0) (step S55). At this time, without performing direct transmission from P (Un) to P (C0), while carrying out encrypted communication between adjacent relay points, P (Un) to P (Ch), P (Ch) to P ( Send to P (Un) in the order of Ch-1) (FIG. 7).

  In the flowchart of FIG. 7, P (R0) is the same peer-to-peer anonymous proxy as P (Un). DATA (R0) corresponds to the password PW (Un) encrypted with the public key LP2 (U0) in step S55 of FIG. 8, and if the passwords do not match with P (Un), the contents are transmitted. Equivalent to. The variable k is for convenience in explaining the flowchart (step S33), and this variable does not exist in any peer-to-peer anonymous proxy. If P (Rk) and P (C0) do not match (step S34), encryption is performed from P (Rk) to P (Rk + 1) with the public key LP1 (Rk + 1), and DATA (R0) is sent (step S35). Here, when k = 0, P (Rk) becomes P (Un), when k> 0, P (Rk) becomes P (Ch + 1-k), and P (Rk + 1) becomes P (Ch-k). The public key LP1 (Rk + 1) corresponds to the public key LP1 (Ch-k). Thereafter, 1 is added to the variable k, and the process jumps to step S34 in FIG. 7 (step S36). If P (Rk) and P (C0) match (step S34), the process jumps to step S20 in FIG.

  P (U0) decrypts the data sent back from P (Un) with the private key LS2 (U0) (step S55). At this time, the data cannot be correctly decrypted, or the data is password PW (Un (Step S20), it does not pass through P (Un) of the peer-to-peer anonymous proxy of IP address A (Un) designated by P (U0) in the anonymous channel for data transmission / reception, or P (Un ) Or the peer-to-peer anonymous proxy on the anonymous communication path for checking can be judged as not operating correctly. Therefore, it is assumed that the anonymous channel currently being constructed is unreliable, and the process jumps to step S1 in FIG. 6 to secure a new anonymous channel using a peer-to-peer anonymous proxy other than the IP address used this time. To do. If the data transmitted and received between P (U0) and P (Un) match with the password PW (Un) (step S20), the process jumps to step S21 in FIG.

  P (U0) confirms whether the variables m and n match (step S21). If they match, all the peer-to-peer anonymous proxies on the anonymous communication path for data transmission / reception have been checked, and the process jumps to step S23 in FIG. Conversely, if the variables m and n do not match (step S21), all the peer-to-peer anonymous proxies on the data transmission / reception anonymous channel have not been checked, and P (U0) adds 1 to the variable n. (Step S22), jump to Step S19 in FIG. 6 and continue the check.

  In P (U0), it is confirmed whether there is an end command from the user U0 (step S23). When there is an end command, the securement of the anonymous communication path is interrupted and the process ends. If there is no end command, it is confirmed whether there is an access to P (U0) from the user U0 with a web browser or the like (step S24). If there is, the process jumps to step S26 in FIG. 6, and if not, the process jumps to step S25 in FIG. Therefore, it is confirmed whether there is a route change command from the user U0 (step S25). If there is a route change command, the process jumps to step S1 in FIG. 6 to re-allocate an anonymous communication path for data transmission / reception. If there is no route change command, the process jumps to step S23 in FIG. 6 to repeat the process.

  The user U0 connects from the web browser to P (U0) of the peer-to-peer anonymous proxy that he / she has launched. Then, the URL or the like to be accessed is sent from U0's web browser to P (U0) without being encrypted (step S26). In this case, since the personal computer operated by U0 and the computer on which the peer-to-peer anonymous proxy exists are on the same or the network of the same node, the contents can be concealed without encryption. This does not apply to cases where they are not in the same node or when encryption is desired on the same node network. Thereafter, the URL received from the user U0 is sent from P (U0) to P (Um) with the public key LP1 (Um). P (Um) decrypts the received data with the private key LS1 (Um) (step S27). At this time, without performing direct transmission from P (U0) to P (m), while performing relay communication between adjacent relay points, P (U0) to P (U1), P (U1) to P Send to P (Um) in the order of (U2) (FIG. 7).

  In the flowchart of FIG. 7, P (R0) is the same peer-to-peer anonymous proxy as P (U0). DATA (R0) corresponds to the request URL of user U0 encrypted with public key LP1 (Um) in step S27 of FIG. 6 (step S32). The variable k is for convenience in explaining the flowchart (step S33), and this variable does not exist in any peer-to-peer anonymous proxy. If P (Rk) and P (Um) do not match (step S34), encryption is performed from P (Rk) to P (Rk + 1) with the public key LP1 (Rk + 1), and DATA (R0) is sent (step S35). Here, P (Rk) corresponds to P (Uk), P (Rk + 1) corresponds to P (Uk + 1), and public key LP1 (Rk + 1) corresponds to public key LP1 (Uk + 1). Thereafter, 1 is added to the variable k, and the process jumps to step S34 in FIG. 7 (step S36). If P (Rk) and P (Um) match (step S34), the process jumps to step S28 in FIG.

  The P (Um) that received the URL accesses the web server SV of the URL (step S28). Then, the data html is received from the server SV (step S29). This communication is not encrypted, but this is not the case when the Web server itself is encrypted with SSL or the like.

  P (Um) is encrypted with P (U0) with public key LP2 (U0), and data html received from SV is sent. P (U0) decrypts the received data with the private key LS2 (U0) (step S30). At this time, P (Um) is not sent directly from P (U0), but P (Um) is transferred from P (Um) to P (Um-1) while performing encryption communication between adjacent relay points. 1) to P (Um-2) in this order and sent to P (U0) (FIG. 7).

  In the flowchart of FIG. 7, P (R0) is the same peer-to-peer anonymous proxy as P (Um). DATA (R0) corresponds to the data html from the SV encrypted with the public key LP2 (U0) in step S30 of FIG. 6 (step S32). The variable k is for convenience in explaining the flowchart (step S33), and this variable does not exist in any peer-to-peer anonymous proxy. If P (Rk) and P (U0) do not match (step S34), encryption is performed from P (Rk) to P (Rk + 1) with the public key LP1 (Rk + 1), and DATA (R0) is sent (step S35). Here, P (Rk) corresponds to P (Um-k), P (Rk + 1) corresponds to P (Um-k-1), and public key LP1 (Rk + 1) corresponds to public key LP1 (Um-k-1). To do. Thereafter, 1 is added to the variable k, and the process jumps to step S34 in FIG. 7 (step S36). If P (Rk) and P (U0) match (step S34), the process jumps to step S31 in FIG.

  The data html is sent without being encrypted from the P (U0) that received the data to the web browser used by the user U0 (step S31). In this case, since the personal computer operated by U0 and the computer on which the peer-to-peer anonymous proxy exists are on the same or the network of the same node, the contents can be concealed without encryption. This is not the case when it is not in the same node or when it is desired to perform encryption even on the network of the same node. The data transmission / reception with the web server SV is repeated from the steps S23 to S31 in FIG.

  FIG. 9 shows data determination, generation, and transmission / reception of the anonymous communication path from the user U0 to the server SV in the procedure in FIG. The computer item includes a user U0, a peer-to-peer anonymous proxy, and a server SV in data transmission / reception. In the corresponding step, the step in the flowchart of FIG. 6 is shown. Time passes from the top to the bottom of the table. Note that the flowcharts of FIGS. 6 and 8 have almost the same data flow, and therefore, the data determination, generation, and transmission / reception diagram of the anonymous communication path corresponding to FIG. 8 are omitted.

  FIG. 10 illustrates data transmission / reception between the peer-to-peer anonymous proxies in FIG. The computer item describes a peer-to-peer anonymous proxy, and describes the flow when data is transmitted from P (R0) to P (Rh). In the corresponding step, the procedure in the flowchart of FIG. 7 is shown. Time passes from the top to the bottom of the table.

  By using this method, an individual using the Internet can start up a program for protecting privacy without using an anonymous proxy prepared by an Internet service provider or a specific organization.

  Currently, personal access information in the country is strictly managed by the management of the provider. This cannot be seen by a third party unless certain conditions are met. However, in reality, there is a risk that these personal information may be leaked due to management errors on the provider side or hacking from inside and outside.

  Since these risks can be protected by themselves, privacy and secret protection can be performed more easily. The user's anxiety about data leakage on the Internet is removed, and the use of the Internet is promoted.

  Also, by using this system, it becomes possible to safely protect the identity of the whistleblower in whistleblowing using the Internet. Therefore, it is possible to promote the accusations of illegal activities conducted within society and companies, and to play a role in building a healthy society and economic formation.

It is an anonymous communication path confirmation procedure figure. (Best Mode for Carrying Out the Invention) It is a conceptual diagram of an IP packet structure. (Background technology) It is a connection conceptual diagram on the Internet. (Background technology) It is a conceptual diagram of the connection via an anonymous proxy. (Background technology) It is a conceptual diagram of anonymous communication of a peer-to-peer type anonymous proxy. (Background technology) It is an operation | movement flowchart between peer-to-peer type | mold anonymous proxies. (Example) It is an operation | movement flowchart between peer-to-peer type | mold anonymous proxies. (Example) It is an operation | movement flowchart between peer-to-peer type | mold anonymous proxies. (Example) FIG. 7 is a diagram of data determination, generation, and transmission / reception between peer-to-peer anonymous proxies in FIG. 6. (Example) FIG. 8 is a diagram of data determination, generation, and transmission / reception between peer-to-peer anonymous proxies in FIG. 7. (Example)

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Computer which has started up client and peer-to-peer anonymous proxy 2 Connection between peer-to-peer anonymous proxy A and peer-to-peer anonymous proxy B 3 Connection between peer-to-peer anonymous proxy B and peer-to-peer anonymous proxy C 4 Peer-to-peer anonymous proxy A and peer-to-peer Connection of type anonymous proxy D 5 Connection of peer to peer type anonymous proxy D and peer to peer type anonymous proxy E 6 Connection of peer to peer type anonymous proxy E and peer to peer type anonymous proxy B 7 Connection of peer to peer type anonymous proxy A and peer to peer type anonymous proxy F 8 Peer to peer Type anonymous proxy F and peer-to-peer type anonymous proxy G connection 9 peer-to-peer type anonymous proxy G and peer-to-peer type anonymous proxy C connection 10 peer-to-peer type anonymous proxy C and http server connection 20 Connection between client and http server 21 Anonymous proxy A
22 Connection between anonymous proxy C and http server

Claims (2)

  From a dedicated program that has been set up by the user and has the property of an anonymous proxy that can be used jointly by yourself and others (hereinafter referred to as a peer-to-peer anonymous proxy), using a peer-to-peer anonymous proxy launched by others, Temporarily constructing an anonymous communication path for data transmission and reception with the server, receiving a password from the peer-to-peer anonymous proxy serving as each relay point, and passing the password through an anonymous communication path for checking another route constructed with the peer-to-peer anonymous proxy, Password authentication is performed by sending / receiving to / from a peer-to-peer anonymous proxy that is considered to be a peer-to-peer anonymous proxy on an anonymous channel for data transmission / reception, and a peer-to-peer anonymous proxy on the anonymous channel for data transmission / reception constructed is verified. And the above password Communication method comprising the step of encrypting data redundantly to conversion.   The peer-to-peer type authentication for the peer-to-peer type anonymous proxy that constructs the anonymous channel for data transmission / reception without temporarily constructing the anonymous channel for data transmission / reception with the server of claim 1 A communication method comprising the steps of verifying one by one using an anonymous communication channel for checking constructed by an anonymous proxy and constructing an anonymous communication channel for data transmission and reception.

Images