JP2019526955A - Secure personal server system and method - Google Patents

Abstract

The provider computer notifies the provider computer of the content and establishes a secure connection to the VPN server. A request for content is received from a consumer computer with a protocol (HTTPS) and forwarded by a protocol conversion proxy to a VPN server with a low secure protocol (HTTP), which then forwards the request to a provider computer. . Public URLs and secure URLs may be associated with the same content. The public URL is notified to the consumer computer. The public server receives the public URL and returns a secure URL, and the consumer computer uses the secure URL to establish a secure connection to the provider computer. When the secure URL is compromised, a new secure URL is associated with the public URL. To determine if the secure URL is compromised, the source IP address of the request for the public URL and the secure URL may be compared. [Selection] Figure 1

Description

[Priority of invention]
This application claims priority to the name “Secure Personal Server” of US Provisional Patent Application No. 62 / 100,788, filed Jan. 7, 2015, which is incorporated herein by reference in its entirety.

[Background technology]
Internet users generate a large amount of content such as images, videos, and audio files. Users can share selected files by sending messages to friends or posting to well-known websites such as social networks, image or video galleries.

  However, the amount of content generated by many users is too large to deliver through these channels. Uploading all this content to an online storage server is often costly or impractical. For example, security recordings generated by a webcam may consume a large amount of storage while only a small portion of these recordings are used for detailed consideration. Even if a large number of personal images are collected, there are relatively few images that are repeatedly viewed at a high resolution. Another problem with uploading content to online storage is the potential for privacy infringement and the disclosure of sensitive content.

  These problems can be solved if user-generated content stored on a personal computer is made available for remote access by installing a local web server addressable by a public domain name. However, many personal computers are installed behind routers that use network address translation (NAT). These routers typically do not allow external access to their local network, and changing custom settings to relax restrictions such as port forwarding can reduce the security of computers on the local network, resulting in denial-of-service attacks ( denial of service attack), extensive port scans, and exposing them to external threats such as prey for known vulnerabilities.

  By establishing a communication channel with an intermediate server that can support reverse connections, it is possible to bypass router restrictions on external access without changing custom settings. After the initial connection is established between the personal computer and the intermediate server, the server can then forward the request from the remote client to the personal computer through the reverse connection and return the response from the personal content server to the remote client. One such implementation is the Opera Software ASA Corporation under the name Opera Unite®. This implementation allows a remote client to view the user's content without installing additional software, and any standard web browser can open a web page provided by a personal HTTP server through a reverse connection. Can do.

  One such implementation problem is insecure data exchange between a personal computer and a remote client. Even if the channel used for reverse communication is encrypted (such as a reverse SSH tunnel), this encryption does not protect the traffic between the content consumer and the intermediate server. An unauthorized third party can observe or modify the traffic, or even impersonate a content provider by redirecting DNS requests to their IP address and responding to the requested link.

  End-to-end data security (eg, by using the HTTPS protocol between a personal content server and a remote client) requires storing a private SSL certificate on the personal computer, which is costly , Difficult to protect from unauthorized disclosure.

  Therefore, without first uploading the user's content to the remote server, performing an insecure modification of the router configuration, or requiring the remote client to install additional software, Need to enable secure sharing with remote clients.

In one aspect of the invention, a method for providing access to content on a first computer comprises:
1. Establishing an encrypted connection with the first computer by a server system capable of providing a reverse connection to the first computer;
2. Receiving from a second computer a request for content on a first computer by a server system, the request being implemented using a first type of communication protocol;
3. The server system uses a protocol conversion module to convert the request for the content into a converted request having a second type of communication protocol, where the first type of communication protocol is: Data exchanged is at least partially encrypted using an encryption key available to the protocol conversion module, while the second type of communication protocol is such that the corresponding part of the request for content is the first type Unencrypting at least some portions of the converted request that are encrypted by the other communication protocol.

  In some implementations, sending the converted request to the first computer is performed only in response to determining that the number of simultaneous connections to the first computer is less than a threshold.

  In some implementations, the first type of communication protocol is hypertext transfer protocol secure (HTTPS) and the second type of protocol is hypertext transfer protocol (HTTP). The encrypted connection may be a transport level tunnel and the protocol conversion module may be an HTTPS-to-HTTP proxy.

  In some embodiments, the method reports the availability of content on the first computer to the routing module by the server system, and the availability of content on different computers by the routing module. Receiving a report from a plurality of intermediate servers, receiving a request for content on a first computer from a second computer by a routing module, and requesting for content on the first computer by a routing module. Routing to the server system.

The server system and the routing module may be in the same local network. The server system may include a VPN server and a protocol conversion server, the VPN server establishes an encrypted connection with the first computer, the protocol conversion server implements a protocol conversion module, and the VPN server and the protocol conversion server are the same. In the local computer. In some embodiments, at least one intermediate server of the plurality of intermediate servers is in a local network that is different from the same local network.
1. In another aspect of the invention, a method for providing access to content on a personal computer comprises:
2. Receiving a posting message including a posting uniform resource locator (URL) from a personal computer by the server system and referencing content on the personal computer;
3. Receiving a request message from a requester computer including a posting URL and having a hypertext transfer protocol secure (HTTPS) request format by a server system;
4). Establishing a virtual private network (VPN) tunnel to the personal computer by the server system;
5). By the server system to convert the request message into a converted message that includes a post URL and has a hypertext transfer protocol (HTTP) request format;
6). Sending the converted message to the personal computer within the VPN tunnel by the server system.

In some implementations, the method is
1. Receiving, by a server system, a response to the transformed message from the personal computer having the HTTP response format;
2. Converting the response into a translated response having an HTTPS response format by the server system;
3. Further comprising, by the server system, sending the transformed response to the requester computer.

  In some implementations, the server system includes a protocol conversion proxy computer and a VPN server computer, each installed within a local network. Converting the request message into a converted message may be performed by a protocol conversion proxy (PCP) computer. Establishing a VPN tunnel to the personal computer may be performed by a VPN server computer. The method may further include sending the converted message by PCP to the VPN server computer and forwarding the converted message by the VPN server through the VPN tunnel to the personal computer.

  In some implementations, converting the response to a transformed response may be performed by a PCP computer. The method may further include forwarding the response to the PCP computer by the VPN server computer and sending the transformed response to the requester computer by the PCP computer.

  In some implementations, the method reports the posting URL to the routing module by the server system and receives other URLs from multiple intermediate servers that reference content on multiple other computers by the routing module. And receiving the request message by the routing module and routing the request message to the server system by the routing module.

  In some embodiments, the server system and the routing module are in the same local network.

In another aspect of the invention, the computer readable medium includes a non-transitory storage device;
1. Receiving instructions to make the content available to the recipient computer system;
2. In response to instructions to make the content available to the recipient computer system, sending an invitation to the content to the recipient computer system;
3. Establishing an encrypted virtual private network (VPN) to the intermediate server system;
4). Receiving one or more requests for content;
5). For each request of one or more requests, sending content to the intermediate server via the encrypted VPN connection only if each request is received from the intermediate server and through the encrypted VPN connection; Instruct one or more processors to refrain from sending content to the intermediate server via the encrypted VPN connection if each request is not received from the intermediate server and through the encrypted VPN connection. Stores executable code that is useful for

  In some implementations, the executable code is configured to send an invitation to access the content to the recipient computer system in at least one of a text message, email, message, and website posting. Contains instructions for instructing one or more processors. The invitation to access the content includes a domain name that refers to the computer that hosts the processor. The executable code may further be effective to instruct one or more processors to bypass the intermediate server and send an invitation to access the content to the recipient computer system.

  For the purposes of promoting an understanding of the advantages of the invention, the invention briefly described above will be described in further detail with reference to specific embodiments illustrated in the accompanying drawings. Based on the understanding that the drawings depict only typical embodiments of the invention and are therefore not to be considered as limiting its scope, the invention will be further illustrated through the use of the accompanying drawings. Will be described and explained in detail.

1 is a diagram of a first network environment for sharing content from a provider's personal computer according to an embodiment of the present invention. FIG. FIG. 3 is a process flow diagram of a method for sharing content from a provider's personal computer according to an embodiment of the present invention. FIG. 4 is a diagram of a second network environment for sharing content that includes a protocol conversion proxy, in accordance with an embodiment of the present invention. FIG. 4 is a process flow diagram of a method for sharing content using a protocol conversion proxy, in accordance with an embodiment of the present invention. FIG. 4 is a diagram of a third network environment including both a protocol conversion proxy and a VPN router according to an embodiment of the present invention. FIG. 6 is a diagram of a fourth network environment including a protocol conversion proxy and a domain name server according to an embodiment of the present invention. FIG. 6 is a diagram of a fifth network environment for providing a secure HTTPS connection between a provider and a consumer computer according to an embodiment of the present invention. FIG. 2 shows a process flow diagram of a method for providing a secure HTTPS connection between a provider and a consumer computer according to an embodiment of the present invention. FIG. 2 shows a process flow diagram of a method for providing a secure HTTPS connection between a provider and a consumer computer according to an embodiment of the present invention. FIG. 10 is a diagram of a sixth network environment for providing a secure HTTPS connection between a provider and a consumer computer according to an embodiment of the present invention. FIG. 3 is an exemplary user interface for sharing content, in accordance with an embodiment of the present invention. FIG. 2 is a schematic block diagram of a computer system suitable for implementing a method according to an embodiment of the invention.

  It will be readily appreciated that the components of the invention schematically described herein and illustrated in the drawings can be arranged and designed in a wide variety of different configurations. Accordingly, the following detailed description of embodiments of the invention as may be represented in the drawings is not intended to limit the scope of the invention as recited in the claims, but is merely discussed herein in accordance with the invention. It merely represents some examples of embodiments. The embodiments described herein are best understood by reference to the drawings, wherein like elements are designated with like reference numerals.

  In one aspect of the invention, the first computer establishes an encrypted connection with a connection server capable of providing reverse connection. The second computer issues a request for content available from the first computer using the first type of communication protocol. The protocol conversion module receives this request, converts it to a second type of communication protocol, and forwards it to the first computer through an encrypted reverse connection provided by the connection server. The first type of communication protocol at least partially encrypts the exchanged data using an encryption key available to the protocol conversion module, while the second type of communication protocol is the first type of communication protocol. Do not encrypt at least some of the data that is encrypted by the communication protocol.

  In one implementation, the first computer provides the requested content only if one or more conditions are met, one of the conditions being presented through an encrypted reverse connection from the connection server. That is.

  In some implementations, the content request is sent to the first computer only if one or more conditions are met, and one or more of these conditions may occur before the second computer issues the content request. Provided by the first computer. An example of the preset condition is that the number of simultaneous connections to the first computer does not exceed a threshold value.

  In some examples, the first computer notifies the second computer of the availability of content, bypassing the protocol conversion module, before the second computer issues a content request. In one example, the notification includes sending a link to the notified content through an email, text message, instant message, or posting to a website accessible from the second computer.

  In one implementation, the first type of protocol is HTTPS, while the second type of protocol is HTTP. The encrypted connection is a transport level tunnel and the connection server is a VPN server. In such an implementation, the protocol conversion module is an HTTPS-to-HTTP proxy.

  In one embodiment, the plurality of first computers are connected to different intermediate servers through encrypted communication. Before the second computer issues a content request, the at least one intermediate server reports the accessibility of the first computer associated with the content reference to the routing module. The routing module receives the content request associated with the content reference and routes it to the corresponding intermediate server.

  In one example, at least one of the intermediate servers is connected to different local networks, while the protocol conversion module and the routing module are connected to the same local network.

  In another embodiment, the plurality of content items are available from a plurality of first computers and are associated with a plurality of domain names including corresponding first computer identifiers. Content items from at least two different first computers can be accessed by issuing requests to different IP (Internet Protocol) addresses. The second computer obtains a domain name that refers to the first computer that provides the requested content item and issues a request to resolve the domain to a domain name server. The domain name server obtains information about a plurality of IP addresses associated with different domains and returns an IP address associated with the requested domain.

  In one example, multiple IP addresses point to multiple protocol conversion modules, each of which sends the content request to a connection server that maintains an encrypted connection with a first computer that provides the requested content. Forward. In one example, the protocol conversion module resides on the same local network as the connection server, thereby protecting the data exchange from external observation. In one implementation, the protocol conversion module and the connection server reside on the same node of the local network and are associated with the same physical computer hardware.

  In another aspect of the invention, the first computer establishes an encrypted connection with a connection server capable of providing reverse connection. The second computer issues a request that includes a reference to content provided by the third computer. The second computer receives a response including a reference to the content provided by the first computer and subsequently requests this content through a reverse connection to the first computer, where the first and second Data exchange between computers is encrypted using a key known to the first and second computers.

  In one implementation, the reference to content provided by the first computer includes a domain name associated with an encryption key known to the first computer, and upon detecting an increased risk that the encryption key can be compromised, The name and associated encryption key are replaced without changing the reference to the content available from the third computer.

  In one example, before the second computer issues a content request, the first computer provides the content availability by providing a reference to the content available from the third computer. Notify In one example, the notification includes sending a link to the notified content through an email, text message, instant message, and posting to a website accessible from the second computer.

  In one implementation, the connection server is a VPN server. In another implementation, the connection server is a proxy server. In another implementation, the connection server is an SSH server.

  In one embodiment, the data exchange between the first and second computers is encrypted using the HTTPS protocol, and the first computer is a private SSL for HTTPS data exchange between the first and second computers. Host an HTTPS server with access to the certificate.

  In one implementation, data exchange between the second and third computers uses a different protocol than that used for data exchange between the second and first computers.

  In one example, the data exchange between the first and second computers is encrypted using the VPN protocol, and the first computer includes a VPN server.

  In one embodiment, the data exchange between the first and third computers is encrypted using an encryption key known to the third computer. In one example, the data exchange between the first and third computers is encrypted using the HTTPS protocol, and the third computer hosts an HTTPS server.

  In another embodiment, data exchange between the first and third computers uses the HTTP protocol. In one example, the third computer is the same as the first computer.

  In one embodiment, the response from the second computer is an HTML document that includes an HTML element having a source that references content provided by the third computer. In one implementation, the HTML element is selected from the group of image, video, and IFframe.

  In another embodiment, the response from the second computer is a redirect to a URL that references content provided by the third computer.

  In another aspect of the invention, the first computer requests content from the second computer, receives a response including a reference to the content available from the third computer, and encrypts to the third computer. Establish a generalized connection and request content via this connection. If the source IP addresses of the requests to the second and third computers are compared and these IP addresses do not match, the risk of compromising one of the encrypted connections established by the first computer is increased. .

  In one example, the third computer establishes a connection with a connection server capable of providing a reverse connection, and a content request from the first computer to the second computer is transmitted bypassing the connection server. On the other hand, a content request from the first computer to the third computer is transmitted through the connection server.

  In one implementation, the connection between the first and second computers uses a different encryption key than the connection between the first and third computers.

  In one embodiment, one of the two encryption notification channels established by the first computer has a lower risk of compromising that encryption than the other channel, and the source IP addresses of the two requests Detecting that they do not match increases the likelihood that an encrypted channel with a higher security risk will be compromised. In one example, the encrypted connection between the first and third computers is at a higher risk of compromise than the connection between the first and second computers.

  In one implementation, if the request for content referenced in the response from the second server does not arrive in a preset time interval, eg, less than 10 seconds, the risk of an encrypted connection between the first and third computers is To increase.

  In one example, a reference to content available from the third computer is returned only if one or more conditions are met, otherwise a response is returned without reference to the content. In another example, a reference to content available from a third computer is only visible to the user if it is returned but one or more conditions are met.

  In one implementation, a reference to content available from the first computer is returned and the content is visualized only if at least one of the prescribed conditions is met, from the third computer Content is accessible before a specified past time, the number of requests for that content does not exceed the specified number of times, and the risk of an encrypted connection with a third server remains low Including those from the group of things.

  In one embodiment, the response from the second computer is an HTML document that includes an HTML element having a source that references content provided by the third computer. An HTML element has at least one attribute that controls its visibility. In one implementation, the HTML element is selected from the group of image, video, and IFframe.

  In another embodiment, the response from the second computer is a redirect to a URL that references content provided by the third computer.

  In one example, detecting that the IP addresses do not match increases the security risk for subsequent requests from at least one of these source IP addresses during a specified time.

  In another example, the same source IP address for a request for content from a third server is observed after at least two requests for content from a second server, and the two requests have different source IP addresses. If this is the case, the risk that the encrypted connection with the third server is compromised increases by a larger amount.

  In one embodiment, one or more first computers issue requests to the same second computer, and each first computer has multiple references to content available from multiple third computers. Receive a response containing One or more first computers establish a plurality of encrypted connections to the referenced third computer and request content via these connections.

  Embodiments in accordance with the invention may be embodied as an apparatus, method, or computer program product. Accordingly, the invention is generally referred to as a hardware embodiment, an entirely software embodiment (including firmware, resident software, microcode, etc.) or generally referred to herein as a “module” or “system”. It may take the form of an embodiment combining software and hardware aspects. Further, the invention may take the form of a computer program product embodied in any tangible medium of representations having computer usable program code embodied in the medium.

  Any combination of one or more computer usable or computer readable media may be utilized. For example, computer readable media include portable computer floppy disks, hard disks, random access memory (RAM) devices, read only memory (ROM) devices, erasable programmable ROM (EPROM or flash memory) devices, portable compact disk ROM (CDROM), One or more of optical storage devices and magnetic storage devices may be included. In some selected embodiments, the computer-readable medium is any non-transitory that can hold, store, communicate, propagate, or move programs used by or connected to an instruction execution system, apparatus, or device. Media may be included.

  The computer program code for performing the operations of the invention includes one or more programs including object-oriented programming languages such as Java, Smalltalk, or C ++, and conventional procedural programming languages such as C programming language or similar programming language It may be described in any combination of languages, and a description language or markup language such as HTML, XML, and JSON may also be used. The program code may be executed entirely on a computer system as a stand-alone software package, may be executed partially on a remote computer at some distance from the computer, or may be entirely remote. It may be executed on a computer or a server. In the latter case, the remote computer may be connected to the computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or (eg, through the Internet using an Internet service provider). A connection may be made to an external computer. The computer network may use a transport protocol other than the Internet protocol. Thus, the present invention can be implemented for network addresses other than IP addresses.

  The present invention is described below with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented as computer program instructions or code. These computer program instructions provide means for instructions or instructions executed through a processor of a programmable data processing device to implement functions / acts specified in one or more blocks of the flowcharts and / or block diagrams. As produced, it may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing device for generating machines.

  These computer program instructions also cause the instructions stored in the computer readable medium to produce a product that includes instruction means that implement the functions / acts specified in one or more blocks of the flowcharts and / or block diagrams. , A computer, other programmable data processing apparatus, or other device may be stored in a computer readable non-transitory medium that functions in a particular manner.

  Computer program instructions also provide instructions for instructions executed on a computer or other programmable device to provide a process for implementing functions / acts specified in one or more blocks of the flowcharts and / or block diagrams. It may be loaded onto a computer or other programmable data processing device to cause a series of operational steps to be performed on the computer or other programmable device.

  FIG. 1 illustrates an example network architecture 100 in which the methods disclosed herein may be implemented. In one aspect of the invention, the provider computer 102 establishes an encrypted connection with a connection server, such as the illustrated virtual private network (VPN) server 104 that can provide a reverse connection. The consumer computer 106 issues a request for content available from the first computer, such as a content file 108 stored on the personal computer 102, a video or image from the security camera 110, or a file from the network storage 112. . The security camera 114 and network storage may be coupled to the provider computer 102 by a local network 114, such as a LAN or other type of network.

  The consumer computer 106 may issue a request using the first type of communication protocol. The protocol conversion proxy 116 receives this request, converts it to a second type of communication protocol, and forwards it to the provider computer 102 through the encrypted reverse connection provided by the VPN server 104. The first type of communication protocol at least partially encrypts the exchanged data using an encryption key available to the protocol conversion proxy 116, while the second type of communication protocol is the first type Do not encrypt at least a part of the data encrypted by the protocol.

  In the embodiment shown in FIG. 1, the first type of protocol is HTTPS (Hypertext Transfer Protocol Secure), while the second type of protocol is HTTP (Hypertext Transfer Protocol). The encrypted connection between the provider computer 102 and the VPN server 104 may be a transport level tunnel. The protocol conversion proxy 116 may be embodied as an HTTPS-to-HTTP proxy.

  Still referring to FIG. 1, the provider computer 102 may be a personal computer that hosts a personal server 118 capable of providing local content files along with data from a local network 114, eg, network attached storage 112 or security camera 110. Good.

  The provider computer 102 hosts a VPN client 120 that establishes an encrypted VPN tunnel 122 with the VPN server 104, which provides a reverse connection to the personal server 118 through the VPN tunnel 122.

  In one implementation, the provider computer 102 bypasses the protocol conversion proxy 116 and notifies the consumer computer 106 of the availability of content. In the illustrated embodiment, it sends a message with an HTTPS URL from the provider's messaging application 124 to a corresponding messaging application 126 hosted by the consumer computer 106. Messaging applications include email, text messages (SMS, MMS, iMessage (R), etc.), instant messengers, social media platforms (Twitter (R), Facebook, LinkedIn (R), etc.) It can be any messaging application known in the art. The HTTPS URL may be communicated to the consumer computer 106 by the provider computer 102 by posting it to a well-known online location or using other communication methods known in the art. Bypassing the protocol conversion proxy 116 allows the exchange of additional information, such as HTTPS URL hashtags, that can be used for additional encryption with protocol conversion proxy 116 recognition.

  The HTTPS browser 128 on the consumer computer 106 may issue an HTTPS request for the HTTPS URL received from the provider computer 102. This request is received by the protocol conversion proxy 116, which decrypts the received data using a private SSL (Secure Socket Layer) certificate and through the reverse connection provided by the VPN server 104, the provider computer 102. An HTTP request is transmitted to the personal server 118. After receiving the HTTP response from the personal server 118, the protocol conversion proxy 116 converts it into an HTTPS response and sends it back to the HTTPS browser 128 of the consumer computer 106.

  As a result, the data exchange between the provider computer 102 and the consumer computer 106 is a strong encryption without requiring the provider computer 102 to store an encryption key (eg, a private SSL key) that compromises communication security when published. Protected by HTTPS (in part of the data path by HTTPS and in part by the VPN tunnel 122). Instead, private SSL keys, for example, keys used to secure HTTPS communication between the HTTPS browser and the protocol conversion proxy 116, are external to the personal server 118 at a location that can be better protected from security breaches. Stored.

  In other implementations, the VPN server 104 may additionally or alternatively include a proxy or application level tunnel server (such as an SSH server) that can provide a reverse connection over an encrypted channel.

  Similarly, if the consumer computer 106 hosts a client and the protocol conversion proxy 116 hosts a server for such a protocol, the first type of protocol is any encryption between the consumer computer 106 and the protocol conversion proxy 116. It may be a communication protocol. For example, a VPN tunnel (protocol conversion proxy 116 hosts a VPN server, consumer computer 106 hosts a VPN client), encrypted WebRTC (web real-time communication) (protocol conversion proxy 116 hosts a WebRTC module, and consumer computer 106 WebRTC Hosting client), or a secure messaging protocol (protocol conversion proxy 116 includes a secure messaging server and consumer computer 106 includes a secure messaging client). In each of these implementations, the second type of protocol is an optional protocol that provides data exchange without the provider computer 102 having access to a sensitive encryption key, such as insecure FTP or any type of unprotected message. It can be a protocol.

  In one implementation, the provider computer 102 provides content only if one or more pre-set conditions are met, one of the conditions being requested via an encrypted reverse connection to the VPN server 104. It is to be presented. Ensuring only content requests that pass through an encrypted connection with the VPN server 104 makes available additional access control means that are applied before the content request reaches the client computer, and these Access control means are discussed below with reference to FIGS.

  FIG. 2 illustrates a method 200 that may be implemented using the environment 100 of FIG. In particular, the described method 200 may be performed on the provider computer 102, such as by a personal server 118 executing on the provider computer 102.

  Method 200 may include receiving 202 content to be shared, eg, content specification. The content may be an arbitrary file such as a sound, a moving image, an image, or a text file. Receiving 202 content specification may include receiving a file on provider computer 102, network storage 112, video from security camera 110, or other source specification. Receiving the content specification 202 may include receiving a file name or the actual content of the file, eg, a full path or URL pointing to the file.

  Method 202 may further include sending 204 an invitation to access the content along with a URL (URL_A in the illustrated example). Specifically, the personal server 118 may assign URL_A to correspond to the content received in step 202 in response to receiving 202 a command for sharing the content.

  The method 202 may further include connecting 206 the provider computer 102 to the VPN server 104, such as by a VPN client 120. The step of connecting 206 the provider computer 102 may be performed prior to and / or independent of receiving content 202 and sending 204 an invitation. For example, the provider computer 102 may maintain a connection to the VPN server 104 while the provider computer 102 is on and connected to a network, such as the Internet.

  Method 202 may include listening 208 for requests for content. For example, the personal server 118 may listen for requests that reference URLs associated with shared content. In response to receiving a request for content, the personal server 118 may evaluate whether the response to the request is appropriate. The request for content may include a URL associated with the content, such as URL_A assigned to the content received in step 202, for example. Various content items may be shared and each may have a unique URL assigned to them, and the unique URL may be included in a request for received content.

  The method 200 may include determining 210 whether the request has been received through a VPN tunnel. Otherwise, an error message may be returned 212 to the requester, eg, the source IP address included in the request, and no content is returned in response to the request.

  If so, the method 200 may include evaluating 214 whether the request includes a valid URL. Otherwise, a corresponding error message is returned 212 and no content is returned in response to the request. If so, then method 200 may include evaluating 216 whether the requester is authorized. For example, step 216 evaluates some or all of the source IP address, username, password, or other authentication or identification information included in the request and determines this information for the subject to whom the invitation was sent 204. And comparing with information for the invitee. If the requester finds 216 that the invitation was not sent to the invitee sent 204, or otherwise found 216, the method 200 returns an error message without returning the content requested by the request. It may include replying. If the requester is found 216 authorized, the method 200 may include evaluating 218 whether the provider computer 102 has sufficient resources to respond to the request. For example, the resources evaluated may include CPU usage, bandwidth, or the number of other requests currently responding. If the resources required to respond to the request in view of current usage exceed the capabilities of the provider computer 102, an error message may be returned without returning the content requested by the request.

  The evaluation of conditions in steps 210-218 may be performed in any order, and in some embodiments, one or more of steps 210-218 may be omitted. If all of the conditions evaluated in a particular embodiment are found to be met, then the content requested by the request is returned 220 to the requester. Specifically, the content reference by the request may be identified according to a mapping between the request and the URL included in the content. For example, in the example described, the mapping between URL_A and the content received at step 202. The content reply may be performed through a VPN tunnel so that the VPN server 104 forwards the requested content to the requestor via the protocol conversion proxy 116, as discussed above.

  FIG. 3 is a block diagram of an implementation 300 in which multiple provider computers 102a, 102b are connected to the same connection server, eg, VPN server 104. Each provider computer 102a, 102b accesses its identifier (eg, dev_id1, dev_id2) and references to available content (eg, URL1, URL2) by a VPN server, referred to herein as an access controller 302. Report to possible modules. Upon receiving a URL request from the protocol conversion proxy 116, the VPN server 104 obtains rules and identifiers associated with this request, for example, the URL included in the request. For example, the rules may be defined in response to a URL received from a particular device. For example, when URL_A is received from the computer 102a having the identifier dev_id1, a rule indicating that URL_A is mapped to dev_id1 may be created.

  Upon receiving the request, the VPN server 104 applies the rules and determines the provider computer 102a, 102b corresponding to the identifier mapped to the URL included in the request, and sends the request to the provider computer 102a, 102b. Route. In the illustrated example, the provider computers 102a, 102b notify the access controller 302 of their contents (eg, URL1, URL2, respectively), and the VPN server 104 communicates the provider computers 102a, 102b and URLs presented thereby with the URL. Store the mapping between. Subsequently, a request for URL1 may be received. VPN server 104 subsequently connects the request to provider computer 102a in response to determining that the stored mapping maps provider computer 102a to URL1. In other examples, multiple content requests can be processed in the same time period and routed to multiple provider computers through a single VPN server 104 and protocol conversion proxy 116.

  In some embodiments, a content request is sent to the provider computers 102a, 102b identified by the request only if one or more preset conditions are met. For example, one or more conditions received from the provider computers 102a, 102b referenced by the request before the consumer computer 106 issues the request.

  FIG. 4 illustrates a method 400 in which any provider computer of the plurality of provider computers, in the example described, provider computer 102a, is associated with a content, eg, URL, for association with a URL, such as URL_A. The content designation as described above is received 402. The provider computer 102a connects 404 to the VPN server 104 and registers 406 as a content provider for URL_A. Registering 406 provider computer 102a as a content provider for URL_A may include sending URL_A to VPN server 104 along with one or more access rules for URL_A. The VPN server 104 registers 408 the received URL_A and access rules together with the connection identifier of the VPN client 120 of the provider computer 102a that is the recipient of the received URL_A, thereby mapping the personal server 118 of the provider computer 102a to URL_A. To do.

  Following registering 408 URL_A, VPN server 104 may receive 410 a request for URL_A. In the described embodiment, VPN server 104 then retrieves the access rules registered 408 for URL_A and applies these access rules. The described steps 412-420 describe examples of access rules that may be applied. For example, the provider computer 102a is found to be accessible 412 and the number of source IP addresses currently accessing the provider computer 102a is found to be less than the maximum number of users (Max_Users) 416 and output by the provider computer 102a. The received 410 request is registered against URL_A only if the traffic being received is found 418 less than the maximum bandwidth (Max_Bandwidth) and the URL_A of the request is not found 420 to be expired. It may be transferred 422 to the provider computer 102a. The validity values of Max_Users, Max_Bandwidth, URL_A evaluated in steps 416-420 may be specified in the access rules received from provider computer 102a when registering URL_A. If it is found that the conditions evaluated in steps 412, 416, 418, and 420 are not met, then the request is blocked 414 and not forwarded to the provider computer 102a. In some embodiments, the access rules may be stored and / or applied by another module accessible from the VPN server 104, such as the access controller 302 of FIG.

  Upon receiving the forwarded request, the provider computer 102a searches for the content specified in step 402 as being associated with URL_A, such as by using the personal server 118, and the source IP address included in the IP address Reply to the request by replying to it. Returning the content may include sending the requested content via a VPN tunnel between the provider computer 102a and the VPN server 104.

  As long as the access rule described with reference to FIG. 4 accepts a content request only through an encrypted reverse connection to the VPN server 104, attacks common to the content server (for example, denial of service, port scan, unauthorized consumer, etc.) ) Advantageously protects the provider computer 102a from

  FIG. 5 is a block diagram of an implementation 500, where a consumer computer 106 is provided with a URL1 pointing to a single protocol conversion proxy 116, while multiple provider computers 102a, 102b may be connected to different connection servers, eg, VPNs. Connected to the servers 104a and 104b. In order to access the provided content through the correct VPN server 104a, 104b, the implementation 500 routes the content request to the provider based on the URLs included in the request and the access rules associated with each URL. A VPN router 500 may be included to enable this. After each provider computer 102a, 102b connects to the VPN server 104a, 104b, each VPN server 104a, 104b sends the identifier of the provider computer 102a, 102b connected to them together with the identifier of each VPN server 104a, 104b to a VPN router. To 500. As described above with reference to FIG. 3, each provider computer 102 a and 102 b registers its own identifier and the URL of the content that it can provide in the access controller 300 together with the access rule.

  Upon receiving a request for URL1 from protocol conversion proxy 116, VPN router 500 obtains the identifier of provider computer 102a and the access rules associated with URL1 from access controller 512 and the corresponding association with the identifier of provider computer 102a. The request is routed through the VPN server 104a. In this example, the VPN router 500 also passes the access rule associated with URL1 to the VPN server 104a along with the URL. In other implementations, the VPN router 500 may check several access rules (eg, whether the URL has expired) and block requests that do not meet those checked access rules. Those requests that meet the conditions of the checked access rules will be sent to the appropriate VPN servers 104a, 140b along with those access rules that were not checked (eg, rules regarding maximum allowed bandwidth as described with reference to FIG. 4). May then be passed to. In the described embodiment, protocol translation proxy 116 and VPN router 500 may be located in a single location, eg, the same computer or the same local network, while VPN servers 104a, 140b are connected to provider computer 102a. , 102b may be located at different geographical locations selected to be proximate to 102b.

  FIG. 6 is a block diagram of an implementation 600 where, in addition to connecting the VPN clients 120 of the various provider computers 102a, 102b to the different VPN servers 104a, 104b, the content consumer 106 may have different protocol conversion proxies 116a. , 116b. Instead of processing using a single protocol conversion proxy 116 and VPN router 500 to process each content request after being issued by the consumer, this implementation does not require the VPN router 500 and is accurate. The domain name server 602 is used to point the consumer computer 106 to the protocol conversion proxies 116a, 116b associated with the active VPN servers 104a, 104b.

  In one example, the protocol conversion proxies 116a, 116b each reside on the same local network (eg, in the same collocation) as the corresponding VPN server 104a, 104b. In another example, both the VPN servers 104a, 104b and the corresponding protocol conversion proxies 116a, 116b are located on the same node of the local network and associated with the same physical computer hardware. These implementations protect HTTP traffic between the protocol conversion proxies 116a, 116b and the VPN servers 104a, 104b from interception and limit it to the local network or the same computer.

  After receiving the HTTPS URL from the provider computers 102a, 102b, in a message as described herein, the consumer computer 106 issues a DNS (Domain Name Service) request to resolve the HTTPS domain to an IP address. May be. The domain name server 602 is registered as an authoritative name server for the domain used by the personal content URL and therefore handles such requests.

  In this implementation, the domain of the content URL (URL1) notified to the consumer computer 106 by the provider computer 102a is a reference to an identifier (for example, dev_id1.maindomain.com) of the connection between the provider computer 102a and the VPN server 104a. including. Each protocol conversion proxy 116a, 116b may have access to a private wildcard SSL certificate (eg, * .maindomain.com), and the private wildcard SSL certificate will match all the patterns that match this pattern. Enable it as an HTTPS server for requests.

  After the provider computer 102a, 102b connects to the VPN server 104a, 104b, the VPN server 104a, 104b should route the request that includes the identifier associated with the connection to the provider computer 102a, 102b through the VPN server 104a, 104b. If so, the domain name server 602 is notified. When the provider computer 102a, 102b disconnects from the VPN server 104a, 104b, the VPN server 104a, 104b is configured such that the association of the provider computer 102a, 102b identifier to the VPN server 104a, 104b is no longer valid. The name server 602 is notified. To minimize the delay in propagating these changes, the domain name server 602 sets a time-to-live (TTL) for the domain after which the domain expires and is no longer used for request routing.

  After receiving the request for the domain name, the domain name server 602 matches it with the connection identifier reported by the VPN servers 104a, 104b. If a match is found, the domain name server 602 responds with an IP address corresponding to the protocol translation proxies 116a, 116b associated with the VPN server that reported the matched connection identifier. The consumer computer 106 receives the IP address of the appropriate protocol conversion proxy 116a, 116b, and sends a request for URL1 to the protocol conversion proxy 116a, 116b. Upon receiving the notified HTTPS URL (URL1) request, the protocol conversion proxies 116a and 116b pass the converted HTTP request to the corresponding VPN server 104a and 104b associated with URL1.

  In another aspect described below with reference to FIGS. 7-9, provider computers 102a, 102b establish a connection with a connection server, eg, VPN servers 104a, 104b, that allows for providing reverse connections. The consumer computer 106 issues a request for content available on the server computer, receives a response that includes a reference to the content provided by the provider computers 102a, 102b, and this content through a reverse connection to the provider computers 102a, 102b. Where the data exchange between the first and second computers is encrypted using a key known to the provider computers 102a, 102b and the consumer computer 106.

  For example, referring to FIG. 7, consumer computer 106 may issue a request for content associated with URL_B from provider computer 102. This request passes through the reverse connection between the VPN server 104 and the VPN client of the provider computer 102 and reaches the personal server 118 of the provider computer 102. This reverse connection allows content requests from the consumer computer 106 to reach the provider computer 102 even if external access to the provider computer 102 is blocked by a NAT or firewall. In the described embodiment, the VPN server 104 is capable of establishing a reverse connection (eg, an OpenVPN server provided by OpenVPN Technologies Inc.). In other implementations, the VPN server 104 may be replaced with a connection server that is a proxy or application level tunnel server (such as an SSH server) capable of providing reverse connections.

  In the embodiment of FIG. 7, data exchange between the computers 102, 106 is encrypted using the HTTPS protocol. Requests from the provider computer 106 are issued by an HTTPS browser 128 on the consumer computer 106 and processed by a personal server 118 on the provider computer 102 that may be embodied as an HTTPS server. The personal server 118 may have access to the private SSL certificate used to establish an HTTPS connection to Domain_B that is used by URL_B. Data exchange between the content provider computer 102 and the consumer computer 106 is encrypted end-to-end and remains opaque to intermediate modules such as the VPN server 104.

  Data exchange between the provider computer 102 and the consumer computer 106 may be protected by different encryption protocols, for example, a VPN protocol such as IPSEC or L2TP. In such an implementation, consumer computer 106 may host a VPN client, while provider computer 102 has a VPN server and provides end-to-end encryption between content provider computer 102 and consumer computer 106. To do. In this case, the VPN tunnel between the consumer and provider computers 102, 106 may be further encapsulated by a VPN tunnel between the provider computer 102 and the VPN server 104, and additional capsules from the VPN server 104 to the consumer computer 106. Processed without conversion. In another implementation, consumers and providers may have different nodes of messaging applications 124, 126 that encrypt communications between clients using public / private key cryptography or other encryption means.

  In such embodiments, personal server 118 may need to have access to an encryption key to establish end-to-end encryption with consumer computer 106. In the case of the HTTPS protocol, the personal HTTPS server 702 may need to have access to a private SSL certificate that authenticates the server 702 as a provider of content associated with a particular domain (eg, domain_B for HTTPS URL_B). . In the illustrated embodiment, the VPN server 104 obtains a private SSL certificate from the provider 704 and subsequently sends it to the provider computer 102 through the VPN client 120. In another embodiment, the provider computer 102 may obtain a private SSL certificate from the provider 704, bypassing the VPN server 104, for example, by establishing a direct secure connection with the provider 704. Hide the private SSL certificate from observation. For other encryption protocols, the personal server 118 may need access to other types of private encryption keys. Personal computers, such as provider computer 102, are less protected from unauthorized access than servers in a dedicated location, increasing the risk that such private certificates or private keys may be obtained by unauthorized third parties. . Such a third party can snoop on the data exchange (e.g., by becoming an intermediary) or can become a spoofer (notifying the availability of content from an unauthorized server).

  In the aspect shown in FIG. 1, this problem was addressed by using a protocol conversion proxy 116 to terminate the SSL connection before reaching the provider computer 102. However, it does open HTTP traffic between the protocol conversion proxy 116 and the personal server 118 for viewing by modules such as the protocol conversion proxy 116 that handle the traffic and the connection server, eg, the VPN server 104. I let you.

  In the aspect shown in FIG. 7, which prevents the interception of traffic between the provider and consumer, the increased security risk of making a confidential certificate or key available on a personal computer is the content link provided to the consumer. Mitigated by the ability to easily replace compromised certificates or keys without having to revoke

  In the illustrated embodiment, the consumer computer 106 issues a content request for URL_A provided by a publicly accessible HTTPS server 702. SSL certificates accessible by the server 702 are considered secure because the server can be placed in a secure location.

  In the illustrated embodiment, consumer computer 106 obtains URL_A from provider computer 102, and provider computer 102 sends URL_A by sending a message from one messaging application 124 to messaging application 126 running on consumer computer 106. Send. For example, URL_A can be sent via instant message, email, or posted to a known website in the same manner as discussed with reference to step 204 of method 200 of FIG.

  In one implementation, the provider computer 102 sends a message with a reference to content available from the public HTTPS server to the consumer computer 106, bypassing the VPN server 104, concealing at least the path and query portion of URL_A from observation. To do.

  In response to the request for URL_A, the public server 702 returns a URL_B that refers to the content stored on the provider computer 102, and the URL is, for example, an IF frame source, an image or video embedded in the HTML content. Or as a redirect. It may be done immediately or after a few intermediate steps (eg, a series of redirects or nested IFframes).

  The public server only needs to know which URL_B to return in response to a request for URL_A, and in one implementation it can generate URL_A that includes a reference to URL_B, and content for delivery to the consumer You can send it to the provider. For example, such a URL may take the form “www.domain_A.com/index”, where index is a reference to URL_B provided by personal server 118.

  In one example, communication between provider computer 102 and server 702 is protected from interception by HTTPS encryption or is issued bypassing server 104.

  If the domain_B certificate stored on the provider computer 102 is compromised, the URL_B can be easily replaced with one that uses a different SSL certificate without changing the link to the URL_A known to the consumer.

  In the illustrated embodiment, after determining that domain_B can be compromised (eg, by detecting malware traffic from provider computer 102 through a VPN tunnel), VPN server 104 selects a new domain_B, A new SSL certificate for that domain is obtained from the SSL certificate provider 704 and the new domain_B and the new SSL certificate are then passed to the personal HTTPS server 118. In another example, the provider computer 102 may select a new domain_B by itself and may receive an updated certificate from the SSL certificate provider without notifying the VPN server. In another example, the provider computer 102 may be considered a “high security risk” and may be denied the ability to provide its content instead of providing a new SSL certificate issue.

  In another embodiment, a different communication protocol is used to obtain content notified by the provider than for obtaining content from a personal server. In one example, the request for HTTPS URL_A sent to the public server 702 may return the updated host name of the personal VPN server (eg, IPSEC server) on the provider computer 102. If such a host name is to be replaced, URL_A sends back the alternative and notifies the consumer that the local VPN client configuration should be updated. In another example, a request for URL_B may use the HTTPS protocol to protect sensitive content, while a request for URL_A uses the HTTP protocol (eg, just to send a redirect to HTTPS URL_B). obtain.

  In one implementation, the server that returns public content and the server that returns personal content may be installed on the same personal computer. For example, the content referenced by URL_A may be provided by an HTTP server on provider computer 102, and the content provided by URL_B may be provided by a personal HTTPS server that also executes on provider computer 102. .

  The embodiment of FIG. 7 advantageously improves the detection of compromised domains associated with personal content. In this aspect, the consumer computer 106 requests content from the public HTTPS server 702 and receives a response that includes a reference to the content available from the provider computer 102. The consumer computer 106 establishes an encrypted connection to the provider computer 102 and requests content via this connection. The source IP address of the request to the public HTTPS server 702 is compared with the source IP address of the request to the provider computer 102. If these IP addresses do not match, this indicates an increased risk of compromising one of the encrypted connections to those IP addresses established by the consumer computer 106.

  In one implementation, the connection between the consumer computer 106 and the public HTTPS server 702 uses a different encryption key than the connection between the consumer computer 106 and the provider computer 102. If one of the two encrypted communication channels established by the consumer computer 106 has a lower risk of compromised encryption than the other channel, the detection that the source IPs of the two requests do not match is detected. Increasing the probability that an encrypted channel with a higher security risk will be compromised.

  In one example, the provider computer 102 establishes a connection with a connection server capable of providing a reverse connection, such as the VPN server 104, and content requests from the consumer computer 106 to the public HTTPS server 702 bypass the connection server. On the other hand, the content request from the consumer computer 106 to the provider computer 102 is transmitted through this connection server. In this example, if the provider computer 102 is a personal computer and its private encryption key is stored in a location that is less secure than the public HTTPS server 702, the encrypted connection between the consumer computer 106 and the provider computer 102 is The risk of being intercepted is higher.

  Referring to FIG. 7, server 702 sends the source IP of consumer computer 106 used to request URL_A to VPN server 104, which compares it with the source IP of the request for URL_B. If the source IPs are different, this means that an unauthorized third party can obtain a private SSL certificate for domain_B corresponding to HTTPS URL_B and point domain_B to its server (eg, DNS cache poisoning) Modify the DNS response and perform a “man-in-the-middle” attack, ie, 2 between the provider computer 102 and the consumer computer 106 instead of one HTTPS connection between the consumer computer 106 and the provider computer 102. Create two separate HTTPS connections, thereby increasing the risk of gaining the ability to intercept and modify their HTTPS traffic.

  This embodiment assists in detecting interference from a third party having a different public IP address than the consumer computer 106.

  In one implementation, if the request for content referenced in the response from the public HTTPS server 702 does not arrive within a defined time interval, eg, having a value less than 10 seconds, or other time period, the consumer computer 106 and the provider The risk of an encrypted connection with the computer 102 increases. If the time between requests (s) from the same IP address exceeds the interval, it is further to intercept the traffic, for example by routing through a data channel under the control of a third party. It may indicate that it took time. If no request for content referenced in the response from the public HTTPS server 702 arrives at all, this may indicate a spoofer who masquerades as a content provider and responds with his content. In this embodiment, even if the source IP address does not change (for example, when a third party uses deep packet inspection to decrypt the observed packet using a compromised SSL certificate), the third embodiment To help identify interference from the

  8A and 8B show a method 800 that may be used in the implementation of FIG. 7, where a server that receives a first content request (public server 702) and a server that receives a second content request (VPN). Both servers 104) perform checks that protect the provider computer 102 from invalid or compromised requests.

  Method 800 may include receiving 802 selection of shared content on provider computer 102, such as in a manner similar to other methods described herein. Provider computer 102 may receive 804 a security certificate, such as a secure socket layer (SSL) certificate. For example, the provider computer 102 may request an SSL certificate for the domain_B corresponding to URL_B from the SSL certificate provider 704 (see FIG. 7), and may receive the requested SSL certificate.

  Provider computer 102 may further connect 806 to VPN server 104. Provider computer 102 may connect 806 to VPN server 104 prior to steps 802, 804. For example, provider computer 102 may request and receive 804 an SSL certificate through VPN server 104.

  Method 800 may include receiving 808 URL_A from public server 702. For example, provider computer 102 may request a unique URL to associate with the content identified in step 802. In response, the public server 702 may return URL_A, which is subsequently received 808 by the provider computer 102 and the content received in step 802 may be associated with URL_A.

  Provider computer 102 may then specify 810 to public server 702 that URL_B is associated with URL_A. The provider computer 102 may further specify access rules for URL_A and URL_B. Provider computer 102 may further send 812 an invitation containing URL_A to one or more consumer computers 106, such as using any of the messaging applications described above.

  The public server 702 may receive 814 a request for URL_A from the consumer computer 106 or the like that has received the invitation sent in step 812. The public server 702 may then apply one or more access rules, such as received in step 808 or set as a default access rule, according to steps 816-820.

  For example, if URL_B associated with URL_A is found to be expired 816, the request for URL_A may be ignored. Specifically, URL_B may expire after a certain period of time after the certificate for domain_B is generated. URL_B can also expire after being returned to the requester a certain number of times. Accordingly, if one or more of these expiration conditions are met, the request is ignored 818 by the public server 702 so that URL_B is not returned in response to a request that includes URL_A.

  Public server 702 may further evaluate 820 whether URL_B may be accessed by the requester. For example, an access rule for URL_B may specify an identifier, password, source IP address, or other identification information for one or more requesters who are allowed to receive URL_B in response to a request for URL_A. Accordingly, if the request is found 820 not to contain such an identifier for the authorized requestor, the request may be ignored 818.

  In some embodiments, if a request is ignored 818 because it does not satisfy one or more access rules, a response may still be returned to the requestor in response to a request for URL_A. For example, the content associated with URL_A by the public server 702 may be returned to the requester, but may not include URL_B.

  In some embodiments, public server 702 may replace the link to URL_B in response to the request with a message notifying the consumer that the content associated with URL_B is not available.

  In some embodiments, if the request is ignored 818, the public server 702 may include an interface element in the response to the requester that allows the consumer to access the provider's content, for example, A message may be sent to the provider computer 102 that provides authorization credentials or requests an increase in the maximum number of accesses to the requested content.

  In another embodiment, if the public server 702 determines that the request should be ignored 818, it returns the content referenced by the advertised URL (URL_A) with a link to the provider's content (URL_B). However, the provider's content is hidden from observation by consumers. For example, the public server may set the visibility attribute of the HTML IF frame loaded from URL_B to the value “hidden”. In this embodiment, the VPN server 104 is notified about the source IP of the request received at step 814 and can compare it with the source IP of the second request for URL_B, but the requester can view the requested content. I can't.

  In another embodiment, the public server 702 may change the link to the provider's content (eg, URL_B) to another link accessible from the same domain in response to the request for URL_A, and returned The requester may be informed that content is not displayed. For example, the public server may set URL_B = “HTTPs://mydomain.com/image20.jpg” for the content to be displayed, or URL_B = HTTPs: //mydomain.for the content to be hidden. com / empty. jpg? file = image20. jpg & count = 3 & action = hide may be returned (notifying the personal server that the number of requested files exceeds the specified threshold, requesting an empty image, and the public server conceals data from the consumer) .

  If the request is found 816, 820 to satisfy one or more access rules, then the method 800 may include, via the public server 702, returning 822 the content associated with URL_A to the requestor. Specifically, the content for URL_A may include URL_B. The public server 702 may further send 824 a message to the VPN server 104 indicating that a request for URL_B has been received from the requester, the message including the requester's source IP address and possibly other identifying information. And may be included. In some embodiments, if the public server 702 does not return URL_B to the requestor in response to the request, the public server 702 does not notify the VPN server 104 or other modules of the request.

  Continuing with FIG. 8B, the method 800 may continue with the VPN server 104 receiving a request for URL_B addressed to the provider computer 102. In response to receiving this request, VPN server 104 evaluates 828 whether the source IP of the request for URL_B is the same as that used for the request for URL_A received at step 814. If the source IP is found not to match, the VPN server may mark 830 at least one of them as suspicious and treat any request from that source IP as suggesting a security compromise. . If the check performed by the VPN server 104 indicates that the security risk has increased beyond a specified threshold, the VPN server 104 may compromise domain_B to the provider computer 102 assigned URL_B. May be notified 832 and a request for URL_B reaching the provider computer 102 may be block 834. In response to the notification in step 832, the provider computer may replace domain_B and its SSL certificate with another domain and certificate. In particular, the new domain and certificate may be mapped to the original advertised URL (URL_A), and the public server 702 can map the mapping and one or more in the same way as for URL_B. The access rule may be notified. In this way, consumer computer 106 can still access content associated with URL_A using URL_A, despite the new mapping.

  In some embodiments, the determination 828 that the source IP addresses do not match marks one or both of the source IP addresses as suspicious for a specified time. In some embodiments, security risks may accumulate over time. For example, the security risk of URL_B may be incremented each time it is determined that the source IP addresses of requests for URL_A and URL_B do not match. If the security risk exceeds the threshold condition, it is determined that URL_B has been compromised, and steps 830 to 836 may be performed.

  In some embodiments, the security risk that the encrypted connection with the provider computer 102 is compromised is the same first after the public server 702 is notified of two or more source IPs in a request for different URL_A. Increase in a larger amount if the source IP of the same is included in more than one request for URL_B.

  If the source IP is found to match 828 and the source IP of the request received at step 826 is found 838 that the check at step 828 has not previously failed 838, then the request is sent to the provider computer 102. Transfer 840 is performed. The provider computer then establishes an encrypted HTTPS connection to the requester and provides 842 content associated with URL_B to the requester via the encrypted communication. If the source IP of the request received at step 826 is found 838 that the check at step 826 has previously failed, the request may be blocked 834.

  The system of FIG. 7 and the method of FIGS. 8A and 8B improve detection of compromised domains associated with personal content by comparing source IPs for different requested domains. The system of FIG. 7 and the method of FIGS. 8A and 8B may be implemented without establishing an end-to-end encrypted communication channel between the consumer computer 106 and the provider computer 102, i.e., of the source IP address. The comparison can detect unauthorized actions without an encrypted connection between the computers 102, 106.

  FIG. 9 shows that HTTPS requests for personal content from multiple provider computers 102a, 102b are sent to multiple protocol conversion proxies 116a, 116b, convert them to HTTP requests, and are established by the VPN servers 104a, 104b. Fig. 4 illustrates an embodiment for forwarding to a content provider through reverse connection. In this example, each provider computer 102a, 102b uses a different domain (eg, domain_B1, domain_B2 for provider computer 102a, 102b, respectively). Each protocol conversion proxy 116a, 116b obtains an SSL certificate for the corresponding domain from the SSL certificate provider 704 (in other examples, a previously obtained certificate may be requested to secure storage). .

  The provider computers 102a, 102b notify the availability of the URL. For example, provider computer 102a may notify consumer computer 106 of content associated with URL_A1, such as by using messaging applications 124, 126. The content of URL_A may be provided by public HTTPS server 702, which includes references to content from two different personal content providers (URL_B1, URL_B2 for provider computers 102a and 102b, respectively). . The content may be, for example, two images or IF frames with different source URLs embedded in the HTML content. The public server 702 reports the source IP of the consumer computer 106 that requests the notified URL (for example, URL_A) to each protocol conversion proxy that provides the domain returned after the request for URL_A.

  After the consumer computer 106 issues a request for URL_B1 and URL_B2, the corresponding translation proxy 116a, 116b reports the source IP of the request for URL_B1 and URL_B2 as reported by the public server 702 as included in the request for URL_A. Compare with each IP. If the source IP does not match or the request for private content does not arrive, the risk that the corresponding domain (domain_B1 or domain_B2) is compromised respectively increases.

  If the protocol conversion proxy 116a, 116b is installed in a collocation owned by an untrusted third party, the security of the private SSL certificate can be compromised if the third party does not implement sufficient protection. As the security risk increases, the protocol translation proxy 116a, 116b may select an alternative to the compromised domain and request another SSL certificate from the SSL certificate provider 704. In another example, the service provider decides to move the protocol conversion proxy 116a, 116b (possibly with the corresponding VPN server 104a, 104b) to another collocation before requesting another private SSL certificate. May be.

  In some embodiments, each provider computer 102a, 102b specifies access rules for its content. In such an embodiment, each set of rules is enforced by two parts: private rules enforced by VPN servers 104a, 104b (eg, number of users connected simultaneously, or maximum bandwidth) and public HTTPS server 702. It may be divided into public rules (for example, the upper limit number of access requests from the same user or the validity period). Each provider computer 102a, 102b reports the rules to the access controller 302, which forwards them to the appropriate VPN server 104a, 104b and public HTTPS server 702.

  In the embodiment illustrated in FIGS. 8 and 9, the public server 702 maintains a history of previous requests for personal content, such as the number of requests from the same user and the time until the content expires. . This history can be accessed without recognizing the details of the personal content. For example, the public server 702 belongs to a third-party aggregator having its own private SSL certificate that is not available to servers that process personal content (for example, the VPN servers 104a and 104b and the protocol conversion proxies 116a and 116b). May be. Therefore, even if this certificate is compromised, it does not affect the security of personal content.

  FIG. 10 illustrates an exemplary interface 1000 that includes content presented by a third party aggregator, eg, a private social network, on a consumer computer 106, where references to personal content items from different provider computers 102a, 102b. Are displayed in the parent content provided by the public server 702. In this example, the public server 702 determines which content is to be displayed, and conceals or blocks content that does not satisfy the public access rule. In this example, only permitted content is displayed (“currently sharing”). In another embodiment, public server 702 may include a placeholder for “blocked content” (“Visit later and view again”).

  In addition to determining what content to display, in this example, public server 702 may display metadata about personal content items in interface 1000 and an interface for updating this metadata. Provides time since content was provided 1002, feedback statistics, and user interfaces 1004, 1006, notification that content is concealed after this browsing, and the ability to change this rule 1008, 1010. This metadata is provided by the public server 702 without knowing what content is actually displayed by the user. The user of the consumer computer 106 may change or delete it without the consent of the third party aggregator.

  Personal content providers can collect their statistics or communicate with friends without the knowledge of the public server. For example, the personal content provider can request specific user feedback, such as user interface element 1012, or privately exchange text messages privately using interface elements 1014, 1016.

  In the illustrated embodiment, consumers can add their own personal content servers. For example, after clicking button 1018, a new provider of personal content receives a public URL (URL_A) from a public server, obtains an SSL certificate for the domain associated with personal content (domain_B), and personal content. A replaceable URL referring to (URL_B) may be provided to the public server 702. Button 1010 may trigger a notification to other consumers of a public URL that references personal content of interest, for example by sending an email, text message, or other type of message.

  FIG. 11 is a block diagram illustrating an exemplary computing device 11 that may embody any of the computers and servers disclosed herein. The computing device 1100 may be used to perform various procedures, such as the procedures discussed herein. The computing device 1100 can function as a server, client, or any other computing entity. The computing device can perform various monitoring functions as discussed herein and can execute one or more application programs, such as the application programs described herein. The computing device 1100 can be any of a variety of computing devices such as desktop computers, notebook computers, server computers, handheld computers, and tablet computers.

  The computing device 1100 includes one or more processors 1102, one or more storage devices 1104, one or more interfaces 1106, one or more mass storage devices 1108, one or more input / output (I / O) devices. 1110 and display device 1130, all of which are coupled to bus 1112. The processor 1102 includes one or more processors or controllers that execute instructions stored in the storage device 1104 and / or the mass storage device 1108. The processor 1102 may also include various types of computer readable media, such as cache memory.

  Storage device 1304 includes a variety of computer readable media such as volatile memory (eg, random access memory (RAM) 1114) and / or non-volatile memory (eg, read only memory (ROM) 1116). The storage device 1304 may also include a rewritable ROM such as a flash memory.

  Mass storage device 1108 includes a variety of computer readable media such as magnetic tape, magnetic disks, optical disks, and solid state memory (eg, flash memory). As shown in FIG. 11, one specific mass storage device is a hard disk drive 1124. The mass storage device 1108 may also include various drives to enable read / write to various computer readable media. Mass storage device 1108 includes replaceable media 1126 and / or fixed media.

  Input / output device 1110 includes a variety of devices that allow data and / or other information to be entered into or retrieved from computing device 1100. Exemplary input / output devices 1110 include cursor control devices, keyboards, keypads, microphones, monitors and other display devices, speakers, printers, network interface cards, modems, lenses, CCDs or other image acquisition devices, and the like. .

  Display device 1130 includes any type of device capable of displaying information to one or more users of computing device 1100. Examples of the display device 1130 include a monitor, a display terminal, and a video projection device.

  Interface 1106 includes various interfaces that allow computing device 1100 to interact with other systems, devices, or computing environments. Exemplary interfaces 1106 include any number of different network interfaces 1120, such as a local area network (LAN), a wide area network (WAN), a wireless network, an interface to the Internet, and the like. Other interfaces include a user interface 1118 and a peripheral device interface 1122. The interface 1106 may also include one or more user interface elements 1118. The interface 1106 includes one or more peripheral interfaces, such as an interface to a printer, pointing device (mouse, trackpad, etc.), keyboard, and the like.

  Bus 1112 allows processor 1102, storage device 1104, interface 1106, mass storage device 1108, and input / output device 1110 to communicate with each other, along with other devices or components coupled to bus 1112. . Bus 1112 represents one or more of several types of bus configurations, such as a system bus, a PCI bus, an IEEE 1194 bus, and a USB bus.

  For purposes of explanation, programs and other executable program components are shown herein as separate blocks, but such programs and components may be present at different times in different storage elements of computing device 1100. It is understood that it may exist and may be executed by the processor 1102. Alternatively, the systems and procedures described herein may be implemented by hardware or a combination of hardware, software, and / or firmware. For example, one or more application specific integrated circuits (ASICs) can be programmed to perform one or more systems and procedures described herein.

  The scope of the claims:

Claims (60)

A method for providing access to content on a first computer comprising:
Establishing an encrypted connection with the first computer by a server system capable of providing a reverse connection to the first computer;
Receiving by the server system a request for the content on the first computer from a second computer that is implemented using a first type of communication protocol;
The server system using a protocol conversion module to convert the request for the content into a converted request having a second type of communication protocol, wherein the first type of communication protocol Encrypts the data to be exchanged at least partially using an encryption key available to the protocol conversion module, while the second type of communication protocol allows the corresponding part of the request for content to be Not encrypting at least some portions of the transformed request that are encrypted by a first type of communication protocol.   The method of claim 1, further comprising: transmitting the converted request to the first computer only in response to determining that the number of simultaneous connections to the first computer is less than a threshold. .   The method of claim 1, wherein the first type of communication protocol is Hypertext Transfer Protocol Secure (HTTPS).   The method of claim 2, wherein the second type of protocol is a hypertext transfer protocol (HTTP), while the first type of communication protocol is HTTPS.   The method of claim 4, wherein the encrypted connection is a transport level tunnel.   The method of claim 4, wherein the protocol conversion module is an HTTPS-to-HTTP proxy. Reporting the availability of the content on the first computer to the routing module by the server system;
Receiving, by the routing module, reports of availability of content on different computers from a plurality of intermediate servers;
Receiving the request for the content on the first computer from the second computer by the routing module;
The method of claim 1, further comprising routing the request for the content on the first computer to the server system by the routing module.   The method of claim 7, wherein the server system and the routing module are in the same local network.   The server system includes a VPN server and a protocol conversion server, the VPN server establishes the encrypted connection with the first computer, the protocol conversion server implements the protocol conversion module, and the VPN server And the protocol conversion server is in the same local computer.   The method of claim 9, wherein at least one intermediate server of the plurality of intermediate servers is in a local network different from the same local network. A method for providing access to content on a personal computer, comprising:
Receiving a posting message from the personal computer that includes a posting uniform resource locator (URL) by the server system and refers to content on the personal computer;
Receiving a quest message from the requester computer by the server system having the post URL and having a hypertext transfer protocol secure (HTTPS) request format;
Establishing a virtual private network (VPN) tunnel to the personal computer by the server system;
Converting the request message by the server system into a converted message including the posting URL and having a hypertext transfer protocol (HTTP) request format;
Sending by the server system the converted message to the personal computer within the VPN tunnel. Receiving from the personal computer a response to the converted message by the server system, the response having an HTTP response format;
Converting the response into a translated response having an HTTPS response format by the server system;
The method of claim 11, further comprising: sending by the server system the transformed response to the requester computer. The server system includes a protocol conversion proxy computer and a VPN server computer, each installed in a local network,
Converting the request message to the converted message is performed by the protocol conversion proxy (PCP) computer;
Establishing the VPN tunnel to the personal computer is performed by the VPN server computer;
The method
Sending the converted message to the VPN server computer by the PCP;
13. The method of claim 12, further comprising: forwarding the converted message to the personal computer through the VPN tunnel by the VPN server. Converting the response to the converted response is performed by the PCP computer;
The method
Forwarding the response to the PCP computer by the VPN server computer;
14. The method of claim 13, further comprising: sending by the PCP computer the converted response to the requester computer. Reporting the posting URL to a routing module by the server system;
Receiving, by the routing module, other URLs referring to content on a plurality of other computers from a plurality of intermediate servers;
Receiving the request request message by the routing module;
The method of claim 1, further comprising: routing the request message to the server system by the routing module.   The method of claim 15, wherein the server system and the routing module are in the same local network. Including non-temporary storage devices,
Receiving instructions to make the content available to the recipient computer system;
In response to the instructions for making the content available to the recipient computer system, sending an invitation to the content to access the content;
Establishing an encrypted virtual private network (VPN) to the intermediate server system;
Receiving one or more requests for the content;
For each request in the one or more requests,
Sending the content to the intermediate server through the encrypted VPN connection only when each request is received from the intermediate server and through the encrypted VPN connection;
If each request is not received from the intermediate server and through the encrypted VPN connection, one or more processors may refrain from sending the content to the intermediate server through the encrypted VPN connection. A computer readable medium storing executable code useful for instructing.   The executable code is configured to send the invitation to access the content to the recipient computer system in at least one of a text message, email, message, and posting to a website. The computer-readable medium of claim 17, comprising instructions for instructing one or more processors.   The computer-readable medium of claim 17, wherein the invitation to access the content includes a domain name that refers to a computer hosting the processor.   The executable code is further effective to instruct the one or more processors to send the invitation to access the content to the recipient computer system, bypassing the intermediate server; The computer readable medium of claim 17. A method for providing access to content comprising:
Receiving a request from a first requester computer by a server system that includes a first reference to content on the first computer;
In response to receiving the request including the first reference to the content on the first computer, by the server system, a second reference to content on a second computer, Returning a response including the second reference specifying a secure communication protocol for data exchange between the second computer and the first requester computer to the first requester computer;
Determining by the server system that the second reference may compromise the security of data exchange with the second computer;
In response to determining that the second reference may compromise the security of data exchange with the second computer, the server system provides a third reference to the content on the second computer. Obtaining the third reference different from the second reference;
Receiving, by the server system, a request including the first reference to the content on the first computer from one of the first requester computer and a second requester computer;
The server system provides the third reference to the content on the second computer, the second computer, the first requester computer, and the second requester computer. Returning a response including the third reference specifying a secure communication protocol for data exchange with one to the one of the first requester computer and the second requester computer; Including a method.   The secure communication protocol specified by the second reference is a first encryption key that must be kept secret from an unauthorized person and is associated with at least a portion of the second reference The method of claim 21, wherein the second computer requires access to a first encryption key.   The secure communication protocol specified by the third reference is a second encryption key that must be kept secret from an unauthorized person, and is different from the first encryption key. 23. The method of claim 22, wherein the second computer requires access to an encryption key.   The secure communication protocol specified by the second and third references is hypertext transfer protocol secure (HTTPS), and the first and second encryption keys are secure socket layer (SSL) certificate The first key is associated with the first domain name included in the second reference, and the second key is the second domain included in the third reference. 24. The method of claim 23, wherein a first domain name is associated with a first name and the second domain name is different. Obtaining the third reference to the content on the second computer comprises:
Obtaining the second domain name by the server system;
25. The method of claim 24, further comprising generating the third reference by replacing the first domain name included in the second reference with the second domain name.   The method of claim 21, wherein the second and third references point to the same content on the second server. In response to determining that the second reference may compromise the security of data exchange with the second computer,
Further comprising sending one or more messages from the server system to the second computer indicating that an encryption key associated with at least a portion of the first reference may be accessible to unauthorized persons. The method of claim 22.   28. The method of claim 27, wherein the at least one message from the server computer to the second computer includes a second encryption key for replacing the first encryption key. Receiving a first request from the first requester computer by the server system that includes the second reference to the content on the second computer;
The method of claim 21, further comprising: transferring, by the server system, the first request to the second computer through a reverse connection between the server system and the second computer.   30. The reverse connection between the server system and the second computer is selected from the group comprising a virtual private network (VPN) tunnel, a proxy connection, and a secure shell (SSH) connection. Method. A system for providing access to content, comprising one or more processors and one or more memory devices operably coupled to the one or more processors, the one or more memory devices Is
Receiving a request from a first requester computer that includes a first reference to content on a first computer;
A second reference to content on a second computer in response to receiving the request that includes the first reference to the content on the first computer, the second computer Returning a response including the second reference specifying a secure communication protocol for data exchange between the first requester computer and the first requester computer to the first requester computer;
Evaluating the security of the second reference with respect to compromising the security of data exchange with the second computer;
A third reference to the content on the second computer by the system if the security of the second reference is compromised, (a) by the system on the first computer; Receiving a request including the first reference to the content from one of the first requester computer and a second requester computer, and (b) by the system on the second computer The third reference different from the second reference returning a response including the third reference to the content to the one of the first requester computer and the second requester computer. The second requester computer, the first requester computer and the second requester computer. Storing executable and operable code effective to cause the one or more processors to obtain the third reference specifying a secure communication protocol for data exchange with the one ,system.   The secure communication protocol specified by the second reference is a first encryption key that must be kept secret from an unauthorized person and is associated with at least a portion of the second reference 32. The system of claim 31, wherein the second computer requires access to a first encryption key.   The secure communication protocol specified by the third reference is a second encryption key that must be kept secret from an unauthorized person, and is different from the first encryption key. 33. The system of claim 32, wherein the second computer requires access to an encryption key.   The secure communication protocol specified by the second and third references is hypertext transfer protocol secure (HTTPS), and the first and second encryption keys are secure socket layer (SSL) certificate The first key is associated with the first domain name included in the second reference, and the second key is the second domain included in the third reference. 34. The system of claim 33, wherein the system is associated with a first name and the first domain name is different from the second domain name. The executable and operable code is:
Obtaining the second domain name;
Generating the third reference by replacing the first domain name included in the second reference with the second domain name, thereby allowing the content to be stored on the second computer. 35. The system of claim 34, further effective for causing the one or more processors to obtain a third reference.   32. The system of claim 31, wherein the second and third references point to the same content on the second server.   The executable and operable operational code may allow an encryption key associated with at least a portion of the first reference to be accessible to unauthorized persons if the security of the second reference is compromised. 35. The system of claim 32, further effective for causing the one or more processors to transmit one or more messages indicating that from the system to the second computer.   38. The system of claim 37, wherein the at least one message from the system to the second computer includes a second encryption key for replacing the first encryption key. The executable and operable code is:
Receiving a first request from the first requester computer that includes the second reference to the content on the second computer;
32. It is further effective to cause the one or more processors to transfer the first request to the second computer through a reverse connection between the system and the second computer. The system described in.   40. The system of claim 39, wherein the reverse connection between the system and the second computer is selected from the group comprising a virtual private network (VPN) tunnel, a proxy connection, and a secure shell (SSH) connection. . A method for providing access to content comprising:
Receiving, by a server system, a first request including a reference to first content on a first computer from a first network address;
Returning a response including a reference to second content on a second computer to the first network address by the server system;
Receiving, by the server system, a second request including a reference to the second content on the second computer from a second network address;
Determining by the server system that the second network address is different from the first network address;
Refraining from returning the second content from the second computer to the second network address in response to determining that the second network address is different from the first network address; Including a method. Receiving, by the server system, a third request including a reference to second content on a second computer from a third network address;
Determining by the server system that the third network address is the same as the first source network address;
In response to determining that the third network address is the same as the first network address, the server system returns the second content from the second computer to the first network address. 42. The method of claim 41, further comprising: In response to determining that the third network address is the same as the first network address, the server system transfers the third request to the second computer, and the second computer Receiving a response from the server system and sending the response to the first network address by the server system;
43. further comprising refraining from forwarding the second request to the second computer in response to determining that the second network address is different from the first network address. The method described in 1.   44. The forwarding of the third request to the second computer includes sending the third request through a reverse connection between the server system and the second computer. the method of.   45. The reverse connection between the server system and the second computer is selected from the group comprising a virtual private network (VPN) tunnel, a proxy connection, and a secure shell (SSH) connection. Method.   Returning the second content from the second computer to the first network address is an encrypted communication channel between the second computer and the computer associated with the first network address. 43. The method of claim 42, comprising establishing the channel established by using an encryption key accessible by the second computer.   43. The encrypted communication channel uses hypertext transfer secure protocol (HTTPS), and the encryption key accessible by the second computer is a private key for a secure socket layer (SSL) certificate. The method described in 1. In response to determining that the second network address is different from the first network address, the server system notifies that the security of the encryption key accessible by the second computer is compromised. 48. The method of claim 46, further comprising transmitting. In response to determining that the second network address is different from the first network address, the second network address for the one or more requests for the second content following the second request. 42. The method of claim 41, further comprising refraining from returning content from the second computer. In response to determining that the second network address is different from the first network address, a response returned by the server system in response to the first request to the first content is 42. The method of claim 41, further comprising returning at least one response to a request for the first content that includes a different reference to the second content. A method for providing access to content comprising:
A server system receives a first request from a first network address including a reference to first content on a first computer;
A response including a reference to second content on a second computer is returned by the server system to the first network address;
Determining by the server system that a request for the second content from the first network address has not reached within a threshold time;
In response to determining that a request from the first network address has not arrived within the threshold time, the second content is sent to the second content for one or more requests received after the threshold time. And refraining from replying from the computer. One or more processors and operably coupled to the one or more processors;
Receiving a first request from a first network address including a reference to first content on a first computer;
Returning a response including a reference to second content on a second computer to the first network address;
Receiving from a second network address a second request including a reference to the second content on the second computer;
Refraining from returning the second content from the second computer to the second network address when the second network address is different from the first network address. A system for providing access to content, including one or more memory devices that store executable and operable code effective to cause a processor of the system to execute. The executable and operable code is:
Returning the second content from the second computer to the first network address only if the second network address is the same as the first source network address. 53. The system of claim 52, further effective for causing a processor. The executable and operable code is:
Only if the second network address is the same as the first source network address, (a) transfer the second request to the second computer, and (b) respond to the second request. Receiving a response from the second computer, and (c) sending the response to the second request to the first network address;
More effective to cause the one or more processors to refrain from forwarding the second request to the second computer if the second network address is different from the first network address. 54. The method of claim 53, wherein   The executable and operable code transmits the third request to the second computer by sending the third request over a reverse connection between the system and the second computer. 55. The method of claim 54, further effective for transfer to one or more processors.   56. The system of claim 55, wherein the reverse connection between the system and the second computer is selected from the group comprising a virtual private network (VPN) tunnel, a proxy connection, and a secure shell (SSH) connection. . The executable and operable code is:
An encrypted communication channel between the second computer and a computer associated with the first network address, the channel established by using an encryption key accessible by the second computer; Returning the second content from the second computer to the first network address by establishing;
54. The method of claim 53, further effective to cause the one or more processors to run.   The encrypted communication channel implements Hypertext Transfer Secure Protocol (HTTPS) and the encryption key accessible by the second computer is a private key for a secure socket layer (SSL) certificate. 58. The method according to 57. The executable and operable code is:
In response to determining that the second network address is different from the first network address, a notification that the security of the encryption key accessible by the second computer has been compromised. 58. The method of claim 57, further effective to cause the one or more processors to transmit to a computer. The executable and operable code is:
If the second network address is different from the first network address, the second content is transferred to the second content in response to one or more requests for the second content following the second request. 42. The system of claim 41, further effective to cause the one or more processors to refrain from replying from another computer.