WO2005086411A1 - ピアツーピア型匿名プロキシにおける安全性の高い匿名通信路の検証及び構築する方法 - Google Patents
ピアツーピア型匿名プロキシにおける安全性の高い匿名通信路の検証及び構築する方法 Download PDFInfo
- Publication number
- WO2005086411A1 WO2005086411A1 PCT/JP2005/003242 JP2005003242W WO2005086411A1 WO 2005086411 A1 WO2005086411 A1 WO 2005086411A1 JP 2005003242 W JP2005003242 W JP 2005003242W WO 2005086411 A1 WO2005086411 A1 WO 2005086411A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- peer
- anonymous
- proxy
- communication path
- reception
- Prior art date
Links
- 238000000034 method Methods 0.000 title description 42
- 238000004891 communication Methods 0.000 claims abstract description 100
- 230000005540 biological transmission Effects 0.000 claims abstract description 33
- 238000012545 processing Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 7
- 101710179738 6,7-dimethyl-8-ribityllumazine synthase 1 Proteins 0.000 description 4
- 101710186608 Lipoyl synthase 1 Proteins 0.000 description 4
- 101710137584 Lipoyl synthase 1, chloroplastic Proteins 0.000 description 4
- 101710090391 Lipoyl synthase 1, mitochondrial Proteins 0.000 description 4
- 101710179734 6,7-dimethyl-8-ribityllumazine synthase 2 Proteins 0.000 description 2
- 101710186609 Lipoyl synthase 2 Proteins 0.000 description 2
- 101710122908 Lipoyl synthase 2, chloroplastic Proteins 0.000 description 2
- 101710101072 Lipoyl synthase 2, mitochondrial Proteins 0.000 description 2
- 230000009365 direct transmission Effects 0.000 description 2
- 208000019901 Anxiety disease Diseases 0.000 description 1
- 230000036506 anxiety Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Definitions
- the present invention relates to a communication processing device, a communication method, and a program that can ensure a highly secure anonymous communication path in a computer network.
- the data content of the relay point cannot be understood just by looking at the IP packet.
- other information such as the IP header and TCP / UDP header, is not encrypted, so it is possible to know from where and where the relay computer is communicating.
- the address of the communication partner with whom you want to exchange information there is also a disadvantage that the destination can be determined from the destination (20 in Fig. 4).
- multiple anonymous proxies can be used as relay points, and by communicating through these relay points, it is possible to prevent the source from being known to the destination (22 in Fig. 4).
- a peer-to-peer anonymous proxy that is a relay point cannot determine whether another peer-to-peer anonymous proxy connected to itself is the origin or another relay point from the data flow on the network. This is because a running peer-to-peer anonymous proxy has two functions: a communication origin and a relay point for other people's communications. Therefore, it is difficult to judge from outside. Disclosure of the invention Problems to be solved by the invention
- peer-to-peer anonymous proxies connected to each other is simply encrypted communication such as SSL
- the network will be monitored from the outside, It will not be known if it is a peer-to-peer anonymous proxy.
- the administrator of the peer-to-peer anonymous proxy that relays the data can know the destination of the communication.
- peer-to-peer anonymous proxy at the relay point decides the peer to be the next relay ⁇ "peer-type anonymous proxy, it is possible to know only the IP adorme before and after each other as the relay. Is
- a user who wants to perform anonymous communication launches a peer-to-peer anonymous proxy on the computer used by the user (1 in Fig. 1), and uses this as the starting point of the anonymous communication path, which is called a peer-to-peer anonymous proxy A.
- the peer-to-peer anonymous proxy A selects the peer-to-peer anonymous proxy B as the next relay point and connects. Then, they exchange public keys with each other.
- Peer-to-peer anonymous proxy B generates a unique password for authentication, encrypts it so that it is unknown only to peer-to-peer anonymous proxy A, and sends it to peer-to-peer anonymous proxy A (2 in Figure 1 ').
- the peer-to-peer anonymous proxy A selects the next relay point peer-to-peer anonymous proxy C after the peer-to-peer anonymous proxy B, and connects from the peer-to-peer anonymous proxy B to the peer-to-peer anonymous proxy C.
- the public keys are exchanged with each other.
- Peer-to-peer anonymous proxy C generates a unique password for authentication, encrypts it so that it is unknown only to peer-to-peer anonymous proxy A, and sends it to peer-to-peer anonymous proxy A (2, 3 in Figure 1).
- the peer-to-peer anonymous proxy A connects to the peer-to-peer anonymous proxy D and E via another route, and then accesses the peer-to-peer anonymous proxy B. .
- the password obtained by the route 2 in Fig. 1 is encrypted so as to be unknown only to the peer-to-peer anonymous proxy B and sent to the peer-to-peer anonymous proxy B for authentication (4, Fig. 1). 5, 6
- peer-to-peer anonymous proxy A connects to peer-to-peer anonymous proxy F and G through another route, and then to peer-to-peer anonymous proxy C. to access.
- the password obtained through the routes 2 and 3 in Fig. 1 is encrypted so that it is not known to anyone other than the peer-to-peer anonymous proxy C and sent to the peer-to-peer anonymous proxy C for authentication (Fig. 1 7, 8, 9).
- the client accesses the http server, etc. using the norms 2, 3, and 10 in Fig. 1, and the client sends and receives data to and from the server.
- This data is encrypted and sent to the peer-to-peer anonymous proxy A, and its contents are not known at all by the peer-to-peer anonymous proxy acting as a relay (Fig. 1, 2, 3, 10 and Fig. 5). .
- connection in the order of 2, 3, 4, 5, 6, 7, 8, 9, 10 in Figure 1 is a connection method that is suitable when there are many reliable relay points. Because 4, 5, 6 and 7, 8, 9 can be accessed at the same time.
- Figure 1 2, 4, 5, 6,
- the format of connecting in the order of 3, 7, 8, 9, 10 is a suitable connection method when there are many unreliable relay points. This is because even if an anonymous communication channel for data transmission / reception with a server is established at once, if an anonymous peer-to-peer anonymous proxy is found in subsequent verification, the anonymous communication channel for data transmission / reception with that server is established. You have to start over from the beginning.
- the basic exchange is the same except that the order of establishing the anonymous communication path for data transmission and reception with the server and the anonymous communication path for checking differ. Therefore, the former will be described in the embodiment. Example
- FIG. 6 shows a flowchart for constructing an anonymous communication channel.
- the user U0 who wants to access the server SV, such as an http server, starts up a peer-to-peer anonymous proxy P (U0) in advance.
- the user U0 determines an internal variable m of P (U0), which is how many peer-to-peer anonymous proxies to pass as a relay point (step S1).
- P (U 0) randomly selects one address from the list of IP addresses of other peer-to-peer anonymous proxies stored internally (step S 2).
- the selected IP address is A (U1), the next relay point of P (U0).
- P (U0) indicates the number of peer-to-peer anonymous proxies currently relayed.
- the internal variable n is initialized to 0 (step S3).
- P (U0) is the public key LP 1 (U 0) and its corresponding private key LS 1 (UO), and public key LP 2 (UO) and its corresponding secret
- the key LS 2 (U0) is generated (step S5).
- P (Un). Is the IP address A (Un + 1) P (U n + 1) (Step S6).
- P (Un + 1) generates a public key LP 1 (Un + '1) and a corresponding private key LS 1 (Un + 1) (step S7).
- the public key LP 1 (Un + 1) is sent without encryption from P (Un + 1) to P (Un) (step S8).
- P (Un) receives the data.
- step S 9 If the variable n is not 0 in P (U0) (step S 9), encrypt from P (Un) to P (U0) with public key LP 2 (UO) and send public key LP 1 (Un + 1) .
- P (UO) decrypts the received data with the secret key L S 2 (UO) (step S10). At this time, P (Un) is not sent directly from P (Un) to P (U0). -1) to P (U n 1 2), and then to P (U0) (Fig. 7).
- P (R 0) is the same peer-to-peer anonymous proxy as P (Un).
- DATA (R 0) corresponds to public key LP 1 (Un + 1) encrypted with public key LP 2 (UO) in step S 10 in FIG. 6 (step S.32).
- the variable k is for convenience in explaining the flowchart (step S33), and does not exist in any peer-to-peer anonymous proxy. If P (Rk) and P (U0) do not match (step S34), P (Rk) is encrypted from P (Rk) to P (Rk + 1) with public key LP 1 (Rk + 1), and DATA (R0) (Step S35).
- P (Rk) is P (Un-k)
- P (Rk + 1) is P (U n— k— 1)
- public key LP 1 (Rk + 1) is public key LP 1 (U n— k— 1).
- P (Un + 1) decrypts from P (Un) to P (Un + 1) with public key L P 1 (Un + 1), and sends public key LP 1 (Un) and public key LP 2 (U0).
- P (Un + 1) decrypts the received data with the secret key LS1 (Un + 1) (step S11).
- P (Un + 1) generates a unique password—PW (Un + 1) (step S1 2). From P (Un + 1) to P (UO) Public key LP 2 (U
- P (U0) Encrypt with 0) and send password PW (Un + 1).
- P (U0) decrypts the received data with secret key LS2 (U0) (step S13).
- P (Un + 1) instead of sending directly from P (Un + 1) to P (U0), while performing encrypted communication between relay points connected side by side, from P (Un + 1) to P (Un), from P (Un) To P (Un-1), and then to P (U0) ( Figure 7).
- P (R 0) is the same peer-to-peer anonymous proxy as P (Un + 1).
- DATA (R 0) corresponds to the unique password P W (Un + 1) encrypted by the public communication LP 2 (U 0) in step S 13 in FIG. 6 (step S 32).
- the variable k is for convenience in explaining the flowchart (step S33), and this variable does not exist in any peer-to-peer anonymous proxy. If P (Rk) and P (U0) do not match (step S34), encrypt the data from P (Rk) to P (Rk + 1) with public key LP 1 (Rk + 1) and send DATA (R0) (Step S35). Here, P (Rk) becomes P (Un + 1 1 ⁇ k) and P (Rk +
- step S34 If P (Rk) and P (U0) match (step S34), the process jumps to step S14 in FIG.
- P (U0) randomly selects one from the list of IP addresses of other peer-to-peer anonymous proxies stored internally (step S15). The selected IP address is A (Un + 2), which is the next relay point of P (Un + 1). From P (U0) to P (Un + 1) using public key LP 1 (Un + 1), send IP address A (Un + 2).
- P (U n + 1) decrypts the received data with the secret key LS 1 (Un + 1) (step S 16). In this case, P (U0), P (Un + 1) is not directly sent to P (U0), but P (U0) From U1) to P (U 2), and then to P (Un + 1) (Fig. 7).
- P (R 0) is the same peer-to-peer anonymous proxy as P (U0).
- DATA (R0) corresponds to the IP address A (Un + 2) encrypted with the public key LP 1 (Un + 1) in step S16 in FIG. 6 (step S32).
- the variable k is for convenience in explaining the flowchart (step S33), and does not exist in any peer-to-peer anonymous proxy. If P (Rk) and P (Un + 1) do not match (step S34), P (Rk) is encrypted from P (Rk) to P (Rk + 1) with public key LP 1 (Rk + 1), and DATA (R 0) is encrypted. Send (step S35).
- step S34 P (Rk) is equivalent to P (Uk)
- P (Rk + 1) is equivalent to P (Uk + 1)
- public key LP 1 (Rk + 1) is equivalent to public key LP 1 (Uk + 1). 1 Thereafter, 1 is added to the variable k, and the process jumps to step S34 in FIG. 7 (step S36). If P (Rk) and P (Un + 1) match (step S34), the process jumps to step S17 in FIG.
- P (U0) calculates 1 to n and jumps to step S4 (step S17) o
- P (U0) initializes an internal variable n to 1 (step S18). Connect from P (U0) to P (Un), send the password received in step S13 to P (Un), and receive the same password and return value from P (Un) (step S19) , Figure '8).
- the flow up to S53 is almost the same as the flow from step S1 to step S17 in FIG. CO and U0 are the same user, and P (CO) of the peer-to-peer anonymous proxy is the same as P (U0). If n> 0 and i> 0, Un and C i are all different users, and P (Un) and P (C i) are also ⁇ : different peer-to-peer anonymous proxies.
- P (CO) ( P (UO)) of the peer-to-peer anonymous proxy launched by the user CO randomly changes the IP address list of other internally stored peer-to-peer anonymous proxies. Select one address (step S38).
- the selected IP address is A (C1), which is the next relay point for P (CO).
- P (U0) initializes an internal variable i to 0 (step S39).
- P (CO) is the public key LP 3 (C 0) and a corresponding private key LS 3 (CO), and a public key LP 4 (CO) and a corresponding private key LS 4 (CO) are generated (step S41).
- P (C i) connects to P (C i +1) whose IP address is A (C i +1) (step S42).
- P (C i +1) generates a public key LP 3 (C i +1) and a corresponding private key L S 3 (C i +1) (step S43).
- the public key LP 3 (C i +1) is sent without encrypting from P (C i +1) to P (C i) (step S44).
- P (C i) receives the data.
- variable i is not 0 in P (CO) (step S 45), it is encrypted from P (C i) to P (CO) with the public key LP 4 (CO) and the public key LP 3 (C i +1) Send. P (CO). Decrypts the received data with the secret key LS 4 (CO) (step S46). At this time, P (C i) is not sent directly from P (C i) to P (C 0), but is transmitted from P (C i) to P (C i-1) while performing encrypted communication between relay points connected side by side. P (C i-1) force is sent to P (C i-1 2), and then to P (CO) in that order (Fig. 7).
- P (R0) is the same peer-to-peer anonymous proxy as P (C i).
- DATA (R 0) corresponds to the public key LP 3 (C i +1) encrypted with the public key LP 4 (CO) in step S 46 in FIG. 8 (step S 32).
- the variable k is for convenience in explaining the flowchart (step S33), and does not exist in any peer-to-peer anonymous proxy. If P (Rk) and P (CO) do not match (step S34), P (Rk) is encrypted to P (Rk + 1) with public key LP 1 (R k + 1), and DATA (R 0) is Send it (Step S35).
- step S34 P (Rk) is P (C i—k) and P (Rk + 1) is P (C i—k— In 1), public key LP 1 (Rk + 1) is equivalent to public key LP 3 (C i-k- l). Thereafter, 1 is added to the variable k, and the routine jumps to step S34 in FIG. 7 (step S36). If P (Rk) and P (CO) match (step S34), the process jumps to step S47 in FIG.
- P (C i +1) generates a unique password PW (C i +1) (step S48).
- P (C i + 1) sends the encrypted password and password PW (C i + 1) to P (CO) using public key L P 4 (C 0).
- the current route is the anonymous communication channel for checking in Fig. 1, so this password is not used.
- P (CO) decrypts the received data with the secret key LS 4 (CO) (step S49).
- P (C i + 1) goes to P (C i) without performing direct transmission from P (C i + 1) to P (C 0), while performing encrypted communication between relay points connected side by side. , P (C i) to P (C i -1), and then to P (C0) (Fig. 7).
- P (R 0) is the same peer-to-peer anonymous proxy as P (C i +1).
- DATA (R0) corresponds to the unique password PW (Ci + 1) encrypted with the public key LP4 (C0) in step S49 in FIG. 8 (step S32).
- the variable k is a convenience (step S33) for explaining the flow chart, and This variable does not exist in peer anonymous proxies. If P (Rk) and P (CO) do not match (step S 34), encrypt the data from P (Rk) to P (Rk + 1) with the public key LP 1 (R k + 1), and use DATA (R 0) (Step S35).
- P (Rk) is P (Ci + 1-k)
- P (Rk + 1) is P (Ci-k)
- public key LP1 (Rk + 1) is public key LP3 ( C i -k). Then, 1 is added to the variable k, and the process jumps to steps S3 and S4 in FIG. 7 (step S36). If P (Rk) and P (CO) match (step S34), the process jumps to step S50 in FIG.
- P (CO) randomly selects one from the list of IP addresses of other peer-to-peer anonymous proxies stored internally (step S51). The selected IP address is A (C i + 2), the next relay point of P (C i + 1).
- P (C 0) encrypts P (C i + 1) with public key LP 3 (C i + 1), and sends IP address A (C i + 2).
- P (C i +1) decrypts the received data with the secret key LS 3 (C i +1) (step S52). At this time, P (C 0) is not sent directly to P (C i + 1), but is connected side-by-side. 5 (C 1), P (C 1) to P (C 2), and then to P (C i + 1) (Fig. 7).
- P (R0) is the same peer-to-peer anonymous proxy as P (C 0).
- DATA (R 0) corresponds to the IP address A (C i +2) encrypted with the public key LP 3 (C i +1) in step S 52 in FIG. 8 (step S 32).
- the variable k describes the flowchart 'This variable is not present in any peer-to-peer anonymous proxy (step S33). If P (Rk) and P (C i + 1) do not match (step S34), P (Rk) is encrypted from P (Rk) to P (Rk + 1) with public key LP 1 (Rk + 1), and DATA ( R 0) is sent (step S35).
- P (Rk) is equivalent to P (Ck)
- P (Rk + 1) is equivalent to P (Ck + 1)
- public key LP 1 (Rk + 1) is equivalent to public key LP 3 (Ck + 1).
- 1 is added to the variable k, and the process jumps to step S34 in FIG. 7 (step S36).
- step S 5 P (CO) adds 1 to i and jumps to step S 40 (step S 5
- the password is encrypted from P (CO) to P (Un) with the public key LP 1 (Un), and the password PW (Un) received in step S13 in FIG. 6 is sent.
- P (Un) decrypts the received data with the secret key LS 1 (Un) (step S54).
- P (CO) to P (C 1) and P (C 1) do not send directly from P (CO) to P (Un), but perform encrypted communication between relay points connected next to each other. From 1) to P (C 2), and then to P (Un) (Fig. 7).
- P (R 0) is the same peer-to-peer anonymous proxy as P (C0).
- DATA (R 0) corresponds to the password PW (Uri) encrypted with the public key LP 1 (Un) in step S 54 in FIG. S (step S 32).
- the variable k is for the convenience of explaining the flowchart (step S33), and this variable does not exist in any peer-to-peer anonymous proxy. If P (Rk) and P (Un) do not match ( Step S34), encrypts P (Rk) to P (Rk + 1) with public key LP1 (Rk + 1), and sends DATA (RO) (step S35).
- step S34 P (Rk) is P (Uk)
- P (Rk + 1) P (Uk + 1)
- public key LP l (Rk + 1) is public key LP 1 (Uk + 1) Is equivalent to Thereafter, 1 is added to the variable k, and the process jumps to step S34 in FIG. 7 (step S36). If P (Rk) and P (CO) match (step S34), the process jumps to step S55 in FIG.
- P (Un) checks whether the decrypted data matches the password group generated by P (Un) within the specified time in the past. If they match, it encrypts from P (Un) to P (CO) with the public key LP 2 (U0) and sends back the password P (U n). If the data sent from P (CO) cannot be decrypted, or if the password does not match, send back the information to P (CO). P (CO) decrypts the received data with the secret key LS2 (U0) (step S55). At this time, P (Un) to P (Ch) and P (Ch) to P (Un) do not directly send from P (Un) to P (CO), but perform encrypted communication between relay points connected side by side. Send to (C-1) and then to P (Un) in the order shown ( Figure 7).
- P (R0) is the same peer-to-peer anonymous proxy as P (Un).
- DATA (R0) corresponds to the password PW (Un) encrypted with the public key LP 2 (U0) in step S55 in FIG. 8, and if the password does not match in P (Un), it is replaced. It is equivalent to what is conveyed.
- the variable k is for convenience in explaining the flowchart (step S33), and does not exist in any peer-to-peer anonymous proxy. (Rk) and P (CO) do not match (Step S 3 4) Then, the data is encrypted from P (Rk) to P (Rk + 1) with the public key LP 1 (Rk + 1). Data (R0) is sent (step S35).
- step S34 P (Rk) and P (C 0) match (step S34). If P (Rk) and P (C 0) match (step S34), the process jumps to step S20 in FIG.
- P (UO) decrypts the data sent back from P (Un) with secret key LS 2 (UO) (step S55), but at this time the data cannot be decrypted correctly, If it is different from the password PW (Un) (step S20), the password passes through P (U n) of the peer-to-peer anonymous proxy with the IP address A (Un) specified by P (U0) on the anonymous communication path for data transmission and reception. No, or it can be determined that the peer-to-peer anonymous proxy on the P (Un) or anonymous communication path for checking is not operating correctly. Therefore, it is assumed that the anonymous communication channel currently under construction is unreliable, and the process jumps to step S1 in Fig.
- step S20 If the data transmitted and received between P (U0) and P (Un) match with the password PW (Un) (step S20), the process jumps to step S21 in FIG.
- step S21 If they match, it means that all peer-to-peer anonymous proxies on the anonymous communication path for data transmission and reception have been checked, and the process jumps to step S23 in FIG. Conversely, if the variables m and n do not match (step S21), check all peer-to-peer anonymous proxies on the anonymous communication path for data transmission and reception. Therefore, P (U0) adds 1 to the variable n (step S22) and jumps to step S19 in FIG. 6 to continue checking.
- step S23 it is checked whether there is an end command from the user UO (step S23). If there is a termination instruction, secure the anonymous communication channel and suspend. If there is no end command, it is confirmed whether user U0 has access to P (U0) using a web browser or the like (step S24). If there is, the process jumps to step S26 in FIG. 6; otherwise, the process jumps to step S25 in FIG. Therefore, it is confirmed whether or not there is a route change command from the user U0 (step S25). If there is a route change command, the process jumps to step S1 in FIG. If there is no route change command, the process jumps to step S23 in FIG. 6 and repeats the process.
- User U0 connects from a web browser to P (U0), a peer-to-peer anonymous proxy that he has launched. Then, the web browser of U0 sends the URL to be accessed without encryption to P (U0) (step S26).
- the computer operated by U0 and the computer on which the peer-to-peer anonymous proxy exists are on the same or on the same node network, their contents can be concealed without encryption. This does not apply to cases where encryption is not performed on the same node or encryption is desired even on the network of the same node.
- it encrypts from P (U0) to P (Urn) with the public key LP 1 (Urn) and sends the URL received from user U0.
- P (Urn) decrypts the received data with the secret key LS1 (Urn) (step S27). At this time, P (U0) transfers to P (U 1) from P (U0) to P (U 1) without performing direct transmission from P (U0) to P (m), while performing cryptographic communication between relay points connected side by side. From 1) to P (U 2) and then to P (Urn) ( Figure 7).
- p (R 0) is the same peer-to-peer anonymous proxy as P (U0).
- DATA (R0) corresponds to the request URL of the user U0 encrypted with the public key LP1 (Urn) in step S27 in FIG. 6 (step S32).
- the variable k is for convenience in explaining the flowchart (step S33), and does not exist in any peer-to-peer anonymous proxy. If P (Rk) and P (Urn) do not match (step S34), encrypt P (Rk) to P (Rk + 1) with public key LP 1 (Rk-1) and send DATA (R0) (Step S35).
- P (Rk) is equivalent to P (Uk)
- P (Rk + 1) is equivalent to P (Uk + 1)
- public key LP 1 (Rk + 1) is equivalent to public key LP 1 (Uk + 1).
- 1 is added to the variable k ', and the process jumps to step S34 in FIG. 7 (step S36). If P (Rk) and P (Urn) match (step S34), the process jumps to step S28 in FIG. .
- P (Urn) encrypts data with public key LP 2 (U0) from P (Urn) to P (U0), and sends data h tm 1 received from SV.
- P (U0) decrypts the received data with secret key LS2 (U0) (step S30).
- P (Urn) to P (Urn-1) from P (Urn) to P (Urn-1) without performing direct communication from P (Urn) to P (U0), while performing signal communication between relay points connected side by side.
- p (R 0) is the same peer-to-peer anonymous proxy as P (Urn).
- DATA (R 0) corresponds to data h tm 1 from SV encrypted with the public key LP 2 (U 0) in step S 30 in FIG. 6 (step S 32).
- the variable k is for convenience in explaining the flowchart (step S33), and does not exist in any peer-to-peer anonymous proxy. If P (Rk) and P (U0) do not match (step S34), P (Rk) is decrypted from P (Rk) to P (Rk + 1) with public key LP 1 (Rk + 1), and DATA (R0 ) (Step S35).
- step S34 P (Rk) (Urn- k)
- P (Rk + 1) P (Um— k— 1)
- public key LP 1 (Rk + 1) is public key LP 1 (Um— k— This corresponds to 1).
- 1 is calculated for the variable k, and the process jumps to step S34 in FIG. 7 (step S36). If P (Rk) and P (U0) match (step S34), the process jumps to step S31 in FIG.
- the data html is transmitted from P (U0) which received the data to the web browser used by user U0 without encryption (step S31).
- the computer operated by U0 and the computer on which the peer-to-peer anonymous proxy exists are on the same or on the same node network, their contents can be concealed without encryption. This is not the case if it is not on the same node or if you want to perform encryption even on the network of the same node. Steps S23 to S31 in FIG. 6 are repeated as necessary for data transmission and reception with the web server SV.
- FIG. 9 illustrates the data determination, generation, and transmission / reception of the anonymous communication path from the user U0 to the server SV in the procedure in FIG. Convenience
- user U0, peer-to-peer anonymous proxy, and server SV in data transmission / reception are described.
- the corresponding steps show the steps in the flowchart of FIG. Time passes from top to bottom of the table. Note that the flow charts of FIG. 6 and FIG. 8 have almost the same data flow, and the data determination, generation, and transmission / reception diagrams of the anonymous communication path corresponding to FIG. 8 are omitted.
- FIG. 10 illustrates the data transmission / reception between the peer-to-peer anonymous proxies in FIG.
- the item of computer describes a peer-to-peer anonymous proxy, and describes the flow when data is sent from P (R O) to P (R h).
- the corresponding steps show the procedure in the flowchart of FIG. Time passes from top to bottom of the table.
- Industrial Applicability: + 'By using this method individuals using the Internet can launch programs to protect privacy without using anonymous proxies provided by Internet service providers or specific organizations. This will be possible.
- Figure 1 is an anonymous communication path determination procedure.
- FIG. 2 is a conceptual diagram of an IP packet configuration.
- Figure 3 is a conceptual diagram of the connection on the Internet.
- Figure 4 is a conceptual diagram of a connection via an anonymous proxy.
- Figure 5 is a conceptual diagram of anonymous communication of a peer-to-peer anonymous proxy.
- FIG. 6 is an operation flowchart between the peer-to-peer anonymous proxies.
- Fig. 7 is an operation flow chart between the peer-to-peer anonymous proxies.
- Fig. 8 is an operation flow chart between the peer-to-peer anonymous proxies.
- FIG. 7 is a diagram showing data determination, generation, and transmission / reception between peer-to-peer anonymous proxies in FIG. 6;
- FIG. 10 is a diagram illustrating data determination, generation, and transmission / reception between the peer-to-peer anonymous proxies in FIG.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/506,561 US20060280191A1 (en) | 2004-02-19 | 2006-08-17 | Method for verifying and creating highly secure anonymous communication path in peer-to-peer anonymous proxy |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2004077168A JP3890398B2 (ja) | 2004-02-19 | 2004-02-19 | ピアツーピア型匿名プロキシにおける安全性の高い匿名通信路の検証及び構築する方法 |
JP2004-077168 | 2004-02-19 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/506,561 Continuation US20060280191A1 (en) | 2004-02-19 | 2006-08-17 | Method for verifying and creating highly secure anonymous communication path in peer-to-peer anonymous proxy |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005086411A1 true WO2005086411A1 (ja) | 2005-09-15 |
Family
ID=34918668
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2005/003242 WO2005086411A1 (ja) | 2004-02-19 | 2005-02-21 | ピアツーピア型匿名プロキシにおける安全性の高い匿名通信路の検証及び構築する方法 |
Country Status (3)
Country | Link |
---|---|
US (1) | US20060280191A1 (ja) |
JP (1) | JP3890398B2 (ja) |
WO (1) | WO2005086411A1 (ja) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7661128B2 (en) | 2005-03-31 | 2010-02-09 | Google Inc. | Secure login credentials for substantially anonymous users |
US7885184B2 (en) | 2006-01-13 | 2011-02-08 | International Business Machines Corporation | Method and apparatus for re-establishing anonymous data transfers |
US7958544B2 (en) | 2006-07-21 | 2011-06-07 | Google Inc. | Device authentication |
Families Citing this family (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA2636270C (en) | 2006-02-10 | 2013-04-30 | Qualcomm Incorporated | Signaling with opaque ue identities |
JP4758814B2 (ja) * | 2006-04-27 | 2011-08-31 | 日本電信電話株式会社 | 匿名暗号文通信システム、鍵生成装置、通信装置、それらの方法、プログラム及び記録媒体 |
US8209921B2 (en) | 2006-09-11 | 2012-07-03 | Dana Innovations | Flush mount panels with multiple aligned receiving brackets |
US7886352B2 (en) * | 2006-09-22 | 2011-02-08 | Oracle International Corporation | Interstitial pages |
US8370261B2 (en) * | 2007-01-10 | 2013-02-05 | Amnon Nissim | System and a method for access management and billing |
JP4875526B2 (ja) * | 2007-03-28 | 2012-02-15 | 株式会社ディ・アイ・システム | セキュリティプログラムおよびサーバ |
US8464334B1 (en) * | 2007-04-18 | 2013-06-11 | Tara Chand Singhal | Systems and methods for computer network defense II |
JP5344193B2 (ja) * | 2008-07-31 | 2013-11-20 | 日本電気株式会社 | 匿名通信システム |
US20110182210A1 (en) * | 2008-07-31 | 2011-07-28 | Natsuko Kagawa | Anonymous communication system |
US8560604B2 (en) | 2009-10-08 | 2013-10-15 | Hola Networks Ltd. | System and method for providing faster and more efficient data communication |
JP5601328B2 (ja) * | 2009-11-17 | 2014-10-08 | 日本電気株式会社 | 匿名通信方法 |
US9536366B2 (en) * | 2010-08-31 | 2017-01-03 | Democracyontheweb, Llc | Systems and methods for voting |
US8762284B2 (en) | 2010-12-16 | 2014-06-24 | Democracyontheweb, Llc | Systems and methods for facilitating secure transactions |
US9432342B1 (en) * | 2011-03-08 | 2016-08-30 | Ciphercloud, Inc. | System and method to anonymize data transmitted to a destination computing device |
US9118731B2 (en) * | 2011-10-08 | 2015-08-25 | Broadcom Corporation | Ad hoc social networking |
GB2495797B (en) | 2011-10-19 | 2013-11-20 | Ibm | Protecting privacy when communicating with a web server |
US9241044B2 (en) | 2013-08-28 | 2016-01-19 | Hola Networks, Ltd. | System and method for improving internet communication by using intermediate nodes |
US11991176B2 (en) | 2013-11-13 | 2024-05-21 | Dmitri Dozortsev | Controlled method and system for secure information sharing |
US10348692B2 (en) | 2014-09-16 | 2019-07-09 | Nokia Technologies Oy | Method and apparatus for anonymous access and control of a service node |
US11057446B2 (en) | 2015-05-14 | 2021-07-06 | Bright Data Ltd. | System and method for streaming content from multiple servers |
US20170063813A1 (en) * | 2015-06-03 | 2017-03-02 | The Government Of The United States, As Represented By The Secretary Of The Army | Secure Packet Communication with Common Protocol |
US10467551B2 (en) | 2017-06-12 | 2019-11-05 | Ford Motor Company | Portable privacy management |
EP4020940A1 (en) | 2017-08-28 | 2022-06-29 | Bright Data Ltd. | Content fetching by selecting tunnel devices |
US11190374B2 (en) | 2017-08-28 | 2021-11-30 | Bright Data Ltd. | System and method for improving content fetching by selecting tunnel devices |
EP4053717A3 (en) | 2019-02-25 | 2022-10-26 | Bright Data Ltd. | System and method for url fetching retry mechanism |
EP4027618A1 (en) | 2019-04-02 | 2022-07-13 | Bright Data Ltd. | Managing a non-direct url fetching service |
CN110990073B (zh) * | 2019-11-13 | 2023-09-29 | 北京城市网邻信息技术有限公司 | 一种验证应用程序的定制需求的方法及装置 |
CN111935018B (zh) * | 2020-07-23 | 2022-03-08 | 北京华云安信息技术有限公司 | 一种可自主配置组网规则的跳板网络路径生成方法 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH08263575A (ja) * | 1995-01-23 | 1996-10-11 | Nec Corp | 匿名メッセージ伝送方式および投票方式 |
US6266704B1 (en) * | 1997-05-30 | 2001-07-24 | The United States Of America As Represented By The Secretary Of The Navy | Onion routing network for securely moving data through communication networks |
JP2001217824A (ja) * | 1999-05-19 | 2001-08-10 | Nippon Telegr & Teleph Corp <Ntt> | 検証可能匿名通信路、それを実施する方法及びその方法を記録した記録媒体 |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5751813A (en) * | 1996-04-29 | 1998-05-12 | Motorola, Inc. | Use of an encryption server for encrypting messages |
CA2410431A1 (en) * | 2000-05-24 | 2001-11-29 | Gavin Walter Ehlers | Authentication system and method |
WO2002057917A2 (en) * | 2001-01-22 | 2002-07-25 | Sun Microsystems, Inc. | Peer-to-peer network computing platform |
US7797375B2 (en) * | 2001-05-07 | 2010-09-14 | International Business Machines Corporat | System and method for responding to resource requests in distributed computer networks |
US7398388B2 (en) * | 2002-02-28 | 2008-07-08 | Hewlett-Packard Development Company, L.P. | Increasing peer privacy |
US7159108B2 (en) * | 2002-10-04 | 2007-01-02 | International Business Machines Corporation | Anonymous peer-to-peer networking |
US7457946B2 (en) * | 2002-10-17 | 2008-11-25 | International Business Machines Corporation | Method and program product for privately communicating web requests |
US7774495B2 (en) * | 2003-02-13 | 2010-08-10 | Oracle America, Inc, | Infrastructure for accessing a peer-to-peer network environment |
US20050021976A1 (en) * | 2003-06-23 | 2005-01-27 | Nokia Corporation | Systems and methods for controlling access to an event |
-
2004
- 2004-02-19 JP JP2004077168A patent/JP3890398B2/ja not_active Expired - Fee Related
-
2005
- 2005-02-21 WO PCT/JP2005/003242 patent/WO2005086411A1/ja active Application Filing
-
2006
- 2006-08-17 US US11/506,561 patent/US20060280191A1/en not_active Abandoned
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH08263575A (ja) * | 1995-01-23 | 1996-10-11 | Nec Corp | 匿名メッセージ伝送方式および投票方式 |
US6266704B1 (en) * | 1997-05-30 | 2001-07-24 | The United States Of America As Represented By The Secretary Of The Navy | Onion routing network for securely moving data through communication networks |
JP2001217824A (ja) * | 1999-05-19 | 2001-08-10 | Nippon Telegr & Teleph Corp <Ntt> | 検証可能匿名通信路、それを実施する方法及びその方法を記録した記録媒体 |
Non-Patent Citations (5)
Title |
---|
FREEDMAN M.J. ET AL: "Tarzan: A Peer-to-Peer Anonymizing Network Layer.", PROCEEDINGS OF THE 9TH ACM CONFERENCE AND COMPUTER AND COMMUNICATION SECURITY., November 2002 (2002-11-01), pages 193 - 206 * |
MATSUMOTO T. ET AL: "Tsuhin ni Okeru information Hiding.", JOHO SHORI., vol. 44, no. 3, 15 March 2003 (2003-03-15), pages 254 - 259 * |
REITER M.K. ET AL: "Anonymous Web transactions with Crowds.", COMMUNICATIONS OF THE ACM., vol. 42, no. 2, February 1999 (1999-02-01), pages 32 - 38 * |
SENOO K. ET AL: "Internet-Jo no Tokumei Tsushinro Hoshiki no Hyoka.", 1998 NEN ANGO TO JOHO SECURITY SYMPOSIUM KOEN RONBUNSHU., 29 January 1998 (1998-01-29) * |
SONG R. AND KORBA L. ET AL: "Review of Network-Based Approaches for Privacity.", PROCEEDINGS OF THE 14TH ANNUAL CANADIAN INFORMATION TECHNOLOGY SECIRITY SYMPOSIUM., Retrieved from the Internet <URL:URL:http://iit-iti.nrc-cnrc.gc.ca/publications/nrc-44905_e.html> [retrieved on 20050707] * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7661128B2 (en) | 2005-03-31 | 2010-02-09 | Google Inc. | Secure login credentials for substantially anonymous users |
US7885184B2 (en) | 2006-01-13 | 2011-02-08 | International Business Machines Corporation | Method and apparatus for re-establishing anonymous data transfers |
US7958544B2 (en) | 2006-07-21 | 2011-06-07 | Google Inc. | Device authentication |
Also Published As
Publication number | Publication date |
---|---|
JP2005236939A (ja) | 2005-09-02 |
US20060280191A1 (en) | 2006-12-14 |
JP3890398B2 (ja) | 2007-03-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2005086411A1 (ja) | ピアツーピア型匿名プロキシにおける安全性の高い匿名通信路の検証及び構築する方法 | |
JP5047291B2 (ja) | インターネットユーザに対して認証サービスを提供するための方法およびシステム | |
US7584505B2 (en) | Inspected secure communication protocol | |
JP4101839B2 (ja) | セッション制御サーバ及び通信システム | |
US20170201382A1 (en) | Secure Endpoint Devices | |
US20090210712A1 (en) | Method for server-side detection of man-in-the-middle attacks | |
JP2003030143A (ja) | 携帯用記憶装置を用いるコンピュータネットワークセキュリティシステム | |
JP2005027312A (ja) | 透過仮想プライベートネットワークを用いたネットワーク構成の複雑さの低減 | |
JPWO2005101217A1 (ja) | アドレス変換方法、アクセス制御方法、及びそれらの方法を用いた装置 | |
CN106169952B (zh) | 一种英特网密钥管理协议重协商的认证方法及装置 | |
JP4490352B2 (ja) | Vpnサーバホスティングシステム、およびvpn構築方法 | |
WO2009082950A1 (fr) | Procédé, dispositif et système de distribution de clés | |
CN117354032A (zh) | 一种基于代码服务器的多重认证方法 | |
JP4837470B2 (ja) | Vpnサーバホスティングシステム、vpn構築方法、およびコンピュータプログラム | |
US20150381387A1 (en) | System and Method for Facilitating Communication between Multiple Networks | |
JP4608246B2 (ja) | 匿名通信方法 | |
JP2007028606A (ja) | ピアツーピア型匿名プロキシにおける安全性の高い匿名通信路の検証及び構築する方法 | |
JP4608245B2 (ja) | 匿名通信方法 | |
JP2003224562A (ja) | 個人認証システム及びプログラム | |
JP2005064984A (ja) | 通信装置、鍵交換システムおよび鍵交換プログラム | |
JP2008160497A (ja) | 通信システムおよび通信方法 | |
JP6787874B2 (ja) | 通信システム、通信方法及び通信プログラム | |
Enghardt et al. | RFC 8922: A Survey of the Interaction between Security Protocols and Transport Services | |
Enghardt et al. | A survey of the interaction between security protocols and transport services | |
JP4675982B2 (ja) | セッション制御サーバ、通信装置、通信システムおよび通信方法、ならびにそのプログラムと記録媒体 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 11506561 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
WWP | Wipo information: published in national office |
Ref document number: 11506561 Country of ref document: US |
|
122 | Ep: pct application non-entry in european phase |