WO2019005555A1 - Methods and systems for protecting user-generated data in computer network traffic - Google Patents
Methods and systems for protecting user-generated data in computer network traffic Download PDFInfo
- Publication number
- WO2019005555A1 WO2019005555A1 PCT/US2018/038483 US2018038483W WO2019005555A1 WO 2019005555 A1 WO2019005555 A1 WO 2019005555A1 US 2018038483 W US2018038483 W US 2018038483W WO 2019005555 A1 WO2019005555 A1 WO 2019005555A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- browser
- user
- data
- generated content
- application
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/954—Navigation, e.g. using categorised browsing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/953—Querying, e.g. by the use of web search engines
- G06F16/9535—Search customisation based on user profiles and personalisation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2216/00—Indexing scheme relating to additional aspects of information retrieval not explicitly covered by G06F16/00 and subgroups
- G06F2216/15—Synchronised browsing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
Definitions
- the disclosure relates to protecting computer network traffic data. More particularly, the methods and systems described herein relate to functionality for protecting user-generated data in computer network traffic from analysis.
- Digital privacy is an issue for both individual consumers and enterprises. For individual consumers, companies often profile them based on their personal data for a variety of purposes. Additionally, some individuals believe strongly in a right to privacy and do not want companies tracking them. Enterprises often find it necessary to protect business strategy and intellectual property from competitors; privacy threats can severely undermine these efforts.
- DNS Domain Name Server
- ISP Internet Service Provider
- IP Internet Protocol
- IP Internet Protocol
- VPNs and proxies also fail if the ISP is collecting data as the ISP can see both the tunnel to the VPN/Proxy server and the outgoing traffic from the server and the IP address must be in plaintext in order for the traffic to be routed to the destination machine, revealing the existence of the VPN/Proxy server itself and the tunnels connecting to it to the ISP.
- a method for synchronizing, in a browser state of a web browser application, automatically-generated content and user-generated content to statistically poison analytics of computer network traffic including data associated with the synchronized browser state includes retrieving, by a controller application executing on a first computing device, from a profile database, profile content.
- the method includes receiving, by a first browser application executing on the first computing device, from the controller application, a first request including automatically-generated content based on the retrieved profile content.
- the method includes transmitting, by the first browser application, a first network request, the network request including the automatically-generated content.
- the method includes synchronizing, by a second browser application executing on the first computing device, a browser state of the second browser application with a browser state of the first browser application.
- the method includes receiving, by the second browser application, a second request including user-generated content.
- the method includes transmitting, by the first browser application, a second network request including the user-generated content and data from the synchronized browser state.
- FIG. 1 A is a block diagram depicting an embodiment of a system for synchronizing, in a browser state of a web browser application, automatically-generated content and user- generated content state;
- FIG. IB is a block diagram depicting one embodiment of a profile for use in a system for protecting user-generated data in computer network traffic
- FIG. 1 C is a block diagram depicting an embodiment of a system for synchronizing, in a browser state of a web browser application, automatically-generated content and user- generated content;
- FIG. ID is a block diagram depicting an embodiment of a system for synchronizing, in a browser state of a web browser application, automatically-generated content and user- generated content;
- FIG. IE is a block diagram depicting an embodiment of a system for synchronizing, in a browser state of a web browser application, automatically-generated content and user- generated content;
- FIG. 1 F is a block diagram depicting an embodiment of a system for synchronizing, in a browser state of a web browser application, automatically-generated content and user- generated content;
- FIG. 2 is a flow diagram depicting an embodiment of a method for synchronizing, in a browser state of a web browser application, automatically-generated content and user- generated content;
- FIG. 3A depicts a graph of user-generated data categorized according to type of data prior to combination with automatically-generated content by a system for synchronizing automatically-generated content and user-generated content;
- FIG. 3B depicts a graph of user-generated data in combination with automatically - generated content in which automatically-generated content is generated randomly;
- FIG. 3C depicts a graph of user-generated data in combination with automatically- generated content in which the automatically-generated content is generated by a system for synchronizing automatically-generated content and user-generated content, the system accessing at least one profile data;
- FIGs. 4A-4C are block diagrams depicting embodiments of computers useful in connection with the methods and systems described herein.
- the methods and systems described herein make analytics of the traffic infeasible, if not impossible, by, injecting into the computer network traffic, computer network traffic including both user-generated content and automatically-generated content.
- the methods and systems described herein provide functionality that produces human-looking browser traffic that fools even highly sophisticated bot-detection systems.
- a privacy engine is configurable to produce traffic characteristic of different interests, lifestyles, occupations, etc., and this noise will confound any attempts to track an entity protected by the privacy engine. The privacy stems from the difficulty of the task of determining which traffic is authentic traffic originating from the entity and which traffic is noise produced by the privacy engine.
- the methods and systems described herein provide functionality for creating computer network traffic including automatically-generated content and for generating browser state data associated with the computer network traffic including automatically-generated content.
- the methods and systems described herein provide functionality for combining the generated browser state data with browser state data generated in connection with user-generated content; in this way, the combined browser state data makes it infeasible to determine what data is associated with a user and what was automatically-generated ("noise"), confounding attempts to analyze user-generated content.
- browser state data includes, without limitation, cookies, web-storage data, session-storage data, indexeddb storage, window size, display size and color depth, user agent, platform, language preference, ADOBE FLASH cache, and time zone.
- the methods and systems described herein provide functionality for generating additional computer network traffic including automatically- generated data.
- the combination of automatically -generated data and user-generated data in the set of computer network traffic data transmitted from a user machine to one or more networked machines confounds attempts to identify and analyze what data is related to a particular user.
- the methods and systems described herein provide functionality for performs spurious DNS lookups; thus, as above, an ISP or DNS server would be unable to determine which traffic is simply noise and which traffic contains genuine user requests for DNS lookups. This "smokescreens" the user's DNS lookups, providing the user with more privacy. Furthermore, this may impact a monetary value of analytics data and may even render attempts at analytics or sale of the data for analysis futile, which would disincentivize the collection of the data.
- the methods and systems described herein provide functionality for controlling a web browser in a manner similar to the manner in which a human user might control a web browser. In one of these embodiments, however, the methods and systems described herein provide functionality for retrieving and using profile data to automatically generate content for use in a network request, the content associated with the retrieved profile data instead of with a profile of the user.
- the methods and systems described herein provide functionality for leveraging "statistical poisoning", or the production of inaccurate but realistic looking data that cannot be cleaned from a data set. Without a clean and accurate data set, any analytics of, and conclusions drawn from the data are likely inaccurate, rendering threats posed by the data or its collection moot.
- the methods and systems described herein can be deployed in many numerous ways, depending on the nature of the entity that needs its protection. These range from a software deployment running locally on a user machine to server and data center deployments or deployments in a "Privacy as a Service" type model. In each deployment, the privacy engine remains the same while the number of engines running and how they are accessed differs.
- the system 100 includes a computing device 102, a privacy engine 104, a controller application 106, a profile database 108, a first browser 110a, an automation driver 1 12, an automation Application Programming Interface (API) 1 14, a browser synchronization plugin 116a, a second browser 1 10b, a browser synchronization plugin 1 16b, a synchronization application 1 18, a synchronization API 120, a controller application customization plugin 122, and a controller customization API 124.
- the computing device 102 may be any type or form of computing device (as described in greater detail below in connection with FIGs. 3A-C) that has been modified to execute instructions for providing the functionality described herein, resulting in a new type of computing device that provides a technical solution to a problem rooted in computer network technology.
- This type of deployment provides users with an easy-to-use privacy solution. Such a deployment may be advantageous if the machine will be taken on many different LANs (such as a laptop being taken to coffee shops). It is also viable for a small business with limited infrastructure and a relatively small number of workstations.
- the system 100 includes a privacy engine 104.
- the privacy engine 104 is a software program.
- the privacy engine 104 is a hardware module.
- the privacy engine 104 executes on the computing device 102, which may be a machine 100 as described below in connection with FIGs. 3A-C.
- the privacy engine 104 executes the controller application 106, the synchronization application 118, and the first browser 1 10a.
- the controller application 106 is a software program. In other embodiments, the controller application 106 is a hardware module. In some embodiments, the controller application 106 is in communication with the privacy engine 104. In other embodiments, the privacy engine 104 provides the functionality of the controller application 106. In one embodiment, the controller application 106 accesses an automation application programming interface (API) 1 14 to communicate with the automation driver 112 to provide instructions to the first browser 1 10a.
- API automation application programming interface
- the automation API 114 is an API distributed by the automation API 114 .
- the controller application 106 includes functionality for using the automation API 1 14 to send commands to the automation driver 1 12, which in turn uses the received commands to execute instructions with the first browser 1 10a.
- the automation driver 1 12 is a software program. In other embodiments, the automation driver 1 12 is a hardware module. In some embodiments, the automation driver 1 12 is in communication with the privacy engine 104. In other embodiments, the privacy engine 104 provides the functionality of the automation driver 112. In some embodiments, the automation driver 112 is a driver distributed by the Selenium Project, a member of the Software Freedom conserveancy, Inc. of Brooklyn, NY. In some embodiments, the automation driver 1 12 is a plugin to the first browser 1 10a. In one of these embodiments, executing the automation driver 1 12 results in a browser which can be controlled without user involvement.
- the automation driver 1 12 as used by the system 100 is used for its functionality to automatically generate computer network traffic simulating a type of computer network traffic that a human user might generate but without involvement of the human user.
- the profile database 108 is a software program. In other embodiments, the profile database 108 is a hardware module. In some embodiments, the profile database 108 is in communication with the privacy engine 104. In other embodiments, the privacy engine 104 provides the functionality of the profile database 108. In some embodiments, the profile database 108 is an ODBC-compliant database.
- the profile database 108 may be provided as an ORACLE database, manufactured by Oracle Corporation of Redwood Shores, CA. In other embodiments, the profile database 108 can be a Microsoft ACCESS database or a Microsoft SQL server database, manufactured by Microsoft Corporation of Redmond, WA.
- the profile database 108 can be a SQLite database distributed by Hwaci of Charlotte, NC, or a PostgreSQL database distributed by The PostgreSQL Global Development Group.
- the profile database 108 may be a custom- designed database based on an open source database, such as the MYSQL family of freely available database products distributed by MySQL AB Corporation of Uppsala, Sweden.
- examples of databases include, without limitation, structured storage (e.g., NoSQL-type databases and BigTable databases), HBase databases distributed by The Apache Software Foundation of Forest Hill, MD, MongoDB databases distributed by lOGen, Inc., of New York, NY, and Cassandra databases distributed by The Apache Software Foundation of Forest Hill, MD.
- the database may be any form or type of database.
- a block diagram depicts one embodiment of a profile for use in a system for protecting user-generated data in computer network traffic.
- the profile database 108 may store one or more profiles 109, each of which may be accessed by the controller application 106.
- the profiles 109 may be any type or form of data structure (e.g., table, spreadsheet, word processing file, array, a lightweight data-interchange format data structure (e.g., JavaScript Object Notation data structure), markup language file (e.g., a YAML Ain't Markup Language (YAML) file) and so on) capable of storing (e.g., in physical memory on a computing device accessible to the profile database 108) an identifier of a profile and profile data such as, without limitation, browser state data, sample search terms, and sample Uniform Resource Locations (URLs), schedules for searching, keywords matching "interesting" content, behaviors, frequency of behaviors, and verbs, adjectives, and nouns for generating search phrases.
- data structure e.g., table, spreadsheet, word processing file, array, a lightweight data-interchange format data structure (e.g., JavaScript Object Notation data structure), markup language file (e.g., a YAML Ain't Markup Language (YAML)
- the profile 109 may include a description of a type of the profile 109.
- the profile 109 may include data that the controller application 106 may use to automatically generate content for use by the first browser 110a.
- the profile 109 may include a listing of web sites to visit when generating network traffic, a listing of search terms to use when generating network traffic include requests to search engines, and a schedule of times at which to generate network traffic.
- profiles are generated manually.
- profiles are generated automatically (e.g., by the system 100).
- the system 100 may include a natural language processing engine (not shown) that the system 100 leverages to generate profiles.
- the natural language processing engine may identify words that are more common in a corpus of training documents and generating an output file (such as a file in a markup language) that includes at least a subset of common terms.
- profiles are generated through a combination of automatic and manual processes.
- the system 100 may receive an instruction to generate a profile.
- the system 100 may receive an instruction to generate a type of profile.
- the system 100 may generate a file (e.g., a markup language file) containing profile data.
- a profile 109 might include text such as the following:
- Keywords #These keywords represent interests, and configure the engine to be more likely to select links that contain one or more keywords
- SearchTerms #pre-defined search terms, for things that a person would "check on” occasionally [Next docker release, docker release new features, next release of kubernetes, docker on fedora, docker on CentOS, docker container failed to start, docker daemon spawns endless thread, failed to start docker daemon] Plus Verbs: [upgrade, update, latest]
- NegativeNouns #Opposite of plus... takes a verb and a noun to make something like "error docker daemon died" as search term
- another profile 109 might include profile information to emulate a type of user interested in exotic plants, such as the following information:
- Keywords #These keywords represent interests, and configure the engine to be more likely to select links that contain one or more keywords
- the profile 109 may, in some embodiments, more information than a simple list of network addresses or uniform resource identifiers that the first browser 1 10a should contact or a list of terms for providing to a search engine, but may include additional customizable instructions such as how long the first browser 110a should stay on a particular web page before loading a different page or instructions for constructing a more detailed search phrase.
- the profile 109 may include more than randomly generated data or substantially randomly generated data.
- the profile 109 may include data selected for inclusion in order to have the profile 109 bear a greater resemblance to user-generated content. As discussed in further detail in connection with FIGs. 3A-3C, this may, for example, result in a profile 109 that precludes or makes challenging attempts for filtering or statistical analysis that can identify the profile 109 as anything other than a profile containing user-generated content.
- the first browser 110a is a software program. In other embodiments, the first browser 110a is a hardware module. In some embodiments, the first browser 110a is in communication with the privacy engine 104. In other embodiments, the privacy engine 104 provides the functionality of the first browser 110a.
- the first browser 110a may be any type or form of web browsing application, e.g., an application executed by a computing device that receives user content and uses the received user content to generate and send computer network traffic on behalf of the user and displays responses to the traffic received from other computers; for example, the first browser 110a may receive user input such as uniform resource locators (URLs) and internet protocol (IP) addresses for identifying computers to which the first browser 110a should transmit network traffic and the first browser 110a may receive user input such as user-generated content that the first browser 110a should include in transmitted network traffic allowing users to, by way of example, interact with user interface provided by the contacted computers (e.g., the first browser 110a may receive search terms for transmitting to a search engine).
- URLs uniform resource locators
- IP internet protocol
- the first browser 110a executes the automation driver 112 and executes instructions received from the controller application 106 via the automation driver 112.
- the privacy engine 104 may include functionality that generates fake torrent traffic but which may or may not have the functionality of a conventional browser (for example, it might not have a user interface for entering network addresses or bookmarking web site addresses). Therefore, the first browser 110a may be any web traffic generating application, including stateful web traffic generating applications and torrent clients. As another example, the application may provide browser-based messaging applications allowing a user to exchange messages with one or more other users.
- the application may generate network data of any type and need not be restricted to web browsing data.
- the second browser 110b is a software program. In other embodiments, the second browser 110b is a hardware module. In some embodiments, the second browser 110b is in communication with the privacy engine 104. A user of the system 100 may interact directly with the second browser 110b.
- the second browser 110b may be any type or form of web browsing application, e.g., an application executed by a computing device that receives user content and uses the received user content to generate and send computer network traffic on behalf of the user and displays responses to the traffic received from other computers; for example, the second browser 110b may receive user input such as uniform resource locators (URLs) and internet protocol (IP) addresses for identifying computers to which the second browser 110b should transmit network traffic and the second browser 110b may receive user input such as user-generated content that the second browser 110b should include in transmitted network traffic allowing users to, by way of example, interact with user interface provided by the contacted computers (e.g., the second browser 110b may receive search terms for transmitting to a search engine).
- URLs uniform resource locators
- IP internet protocol
- Examples of browsers include, without limitation, MOZILLA FIREFOX distributed by the Mozilla Foundation of San Francisco, CA; GOOGLE CHROME provided by Google Inc. of Mountain View, CA; and MICROSOFT INTERNET EXPLORER provided by Microsoft Corporation of Redmond, WA.
- the synchronization application 118 is a software program.
- the synchronization application 118 may be an application writing in the PYTHON programming language. In other embodiments, the synchronization application 118 is a hardware module. In some embodiments, the synchronization application 118 is in communication with the privacy engine 104. In other embodiments, the privacy engine 104 provides the functionality of the synchronization application 118.
- the synchronization application 118 may include a database (not shown) for storing data received from one or more browsers.
- the synchronization application 118 may include functionality for sending, to a browser, received browser state data for incorporation into a browser state of the browser.
- the synchronization API 120 includes commands for transmitting, from a browser, to the synchronization application 118, browser state data.
- the synchronization API 120 may include commands for transmitting (e.g., posting) web cookies from a browser to the synchronization application 118.
- the synchronization API 120 may include commands for requesting data (e.g., web browser state data) from a browser.
- the synchronization API 120 may be an API in accordance with a Representational State Transfer (REST) standard.
- REST Representational State Transfer
- the synchronization API 120 may include commands such as, without limitation, commands to: push cookies, push session storage, push local storage, push indexedb, pull cookies, pull session storage, pull local storage, and pull indexed.
- commands such as, without limitation, commands to: push cookies, push session storage, push local storage, push indexedb, pull cookies, pull session storage, pull local storage, and pull indexed.
- other aspects of the browser state e.g., language and user agent
- the synchronization application 1 18 may use the synchronization API 120 to request browser state data from the first browser 110a.
- the synchronization application 118 may use the synchronization API 120 to request browser state data from the second browser 1 10b.
- the synchronization application 1 18 may receive data formatted according to the synchronization API 120 from the first browser 1 10a.
- the synchronization application 118 may receive data formatted according to the synchronization API 120 from the second browser 110b.
- the browser synchronization plugin 1 16a is a software program.
- the browser synchronization plugin 116a may be a JAVASCRIPT program executing in the background on a computing device.
- the browser synchronization plugin 116a may be a plugin to a browser application.
- the browser synchronization plugin 1 16a is a hardware module.
- the browser synchronization plugin 116a is in communication with the privacy engine 104.
- the privacy engine 104 provides the functionality of the browser synchronization plugin 1 16a.
- the browser synchronization plugin 116a uses the synchronization application programming interface (API) 120 to exchange information with the synchronization application 118.
- the browser synchronization plugin 1 16a uses the synchronization API 120 to exchange browser state data with the synchronization application 1 18.
- the browser synchronization plugin 116a may send browser state data of the first browser 110a to the synchronization application 1 18.
- the browser synchronization plugin 1 16a may receive browser state data of the second browser 116b from the synchronization application 1 18.
- the browser synchronization plugin 1 16b is a software program.
- the browser synchronization plugin 116a may be a JAVASCRIPT program executing in the background on a computing device.
- the browser synchronization plugin 116a may be a plugin to a browser application.
- the browser synchronization plugin 1 16a is a hardware module.
- the browser synchronization plugin 1 16b is a hardware module.
- the browser synchronization plugin 1 16b is in communication with the privacy engine 104.
- the privacy engine 104 provides the functionality of the browser synchronization plugin 1 16b.
- the browser synchronization plugin 116b uses the synchronization Application Programming Interface (API) 120 to exchange information with the synchronization application 118.
- the browser synchronization plugin 116b uses the synchronization API 120 to exchange browser state data with the synchronization application 1 18.
- the browser synchronization plugin 116b may send browser state data of the second browser 1 10a to the synchronization application 118.
- the browser synchronization plugin 1 16b may receive browser state data of the second browser 116b from the synchronization application 118.
- the browser synchronization plugin 116b uses received browser state data to modify the browser state of the second browser 110b.
- the browser synchronization plugin 1 16b may incorporate the web cookie into a database of cookies stored by the second browser 110b as part of its browser state.
- the controller application customization plugin 122 is a software program. In other embodiments, the controller application customization plugin 122 is a hardware module. In some embodiments, the controller application customization plugin 122 is in communication with the privacy engine 104. In other embodiments, the privacy engine 104 provides the functionality of the controller application customization plugin 122.
- the second browser 110b executes the controller application customization plugin 122. For example, by executing the controller application customization plugin 122, the second browser 110b may provide functionality allowing a user to customize the controller application 106. By way of example, the controller application customization plugin 122 may allow a user to provide input such as selecting a profile from the profile database 108 that the controller application 106 should use in directing the first browser 1 10a via the automation driver 1 12.
- the controller application customization plugin 122 may allow a user to provide input such as modifying a profile stored in the profile database 108.
- the controller application customization plugin 122 may allow a user to provide input such as modifying access right on a profile (e.g., to allow for sharing the profile with other users on the computing device 102 or with other users of other computing devices).
- the controller application customization plugin 122 may allow a user to provide input such as creating a new profile.
- the computing device 102, the privacy engine 104, the controller application 106, the profile database 108, the first browser 110a, the automation driver 112, the browser synchronization plugin 116a, the second browser 110b, the browser synchronization plugin 116b, the synchronization application 118, the synchronization API 120, the controller application customization plugin 122, and the controller customization API 124 are described as separate modules, it should be understood that this does not restrict the architecture to a particular implementation. For instance, these modules may be encompassed by a single circuit or software function or, alternatively, distributed across a plurality of computing devices.
- the synchronization API 120 and the controller customization API 124 may be provided by a single API.
- the synchronization application 118 uses a separate database (not shown) to store browser state data. In other examples, however, the synchronization application 118 may use the profile database 108 to store browser state data. As another example, the functionality of the synchronization application 118 and of the synchronization API 120 may be provided by a single application (e.g., by an XPI file or a JAVASCRIPT application).
- FIG. 1 C a block diagram depicts another embodiment of a system for synchronizing, in a browser state of a web browser application, automatically-generated content and user-generated content to confound analytics of computer network traffic including data associated with the synchronized browser state.
- the privacy engine 104 and its sub-components may be executed on an external hardware device 130, separate from the computing device 102.
- the hardware device 130 may be a Raspberry Pi.
- the computing device 102 may have a physical connection to the hardware device 130 (e.g., via a wired connection such as a USB connection).
- the computing device 102 may have a wireless connection to the hardware device 130 (e.g., via WiFi).
- the APIs on the privacy engine 104 provide a basic authentication mechanism, which may prevent other network devices from accessing the APIs or the browser state information on the privacy engine 104.
- FIG. ID a block diagram depicts another embodiment of a system for synchronizing, in a browser state of a web browser application, automatically-generated content and user-generated content to confound analytics of computer network traffic including data associated with the synchronized browser state.
- the system 100 may include a plurality of privacy engines 104a-N and a plurality of computing devices 102a-N executing in a distributed computing environment.
- Each of the plurality of privacy engines 104 may be a privacy engine as described above in connection with FIG. 1A.
- the plurality of privacy engines 104a-N may all execute on a single machine 106 (e.g., a server).
- the plurality of privacy engines 104a-N may execute on a plurality of machines 106.
- Each of the computing devices 102a-N may be a computing device 102 as described above in connection with FIG. 1A.
- a distributed implementation as depicted in FIG. ID may allow for an entity (such as, for example, an enterprise) to protect a plurality of workstations. It should be noted that not all the privacy engine instances have to be in sync with a user workstation. In this configuration, an enterprise could easily add privacy engine instances in order add fake employees to their network, further hindering attempts at data collection and protecting the organization's privacy.
- each privacy engine instance runs in ajail or container, as to isolate the processes and file system from other privacy engine instances on the same server.
- FIG. IE a block diagram depicts another embodiment of a system for synchronizing, in a browser state of a web browser application, automatically-generated content and user-generated content to confound analytics of computer network traffic including data associated with the synchronized browser state.
- client computing devices may connect through a gateway 130 to a VPN server 140.
- the connection may be a VPN tunnel.
- Double-line arrows identify the VPN tunnels in FIG. IE.
- Clients may connect to the VPN hosted alongside each privacy engine 104, and it is as if they are on the same LAN.
- This deployment is ideal for mobile devices, as regardless of how they are connecting to the internet, they are protected by a privacy engine 104.
- This architecture allows for the privacy engine 104 to be delivered as a service, in a "privacy as a service" type model, usable by even the least technical consumer and available all over the world.
- the privacy engine 104 and the use of VPNs may be implemented to work in synergy for maximum privacy.
- the VPN tunnel may prevent web resources from determining an actual IP address of a client computing device 102.
- the ISP is still capable of determining the actual IP address since the tunnel goes over the ISP network but attempts to exploit this may be thwarted by the privacy engine 104, since the exit of the tunnel is also sending traffic from the privacy engine 104, camouflaging the user-generate content.
- FIG. IF a block diagram depicts another embodiment of a system for synchronizing, in a browser state of a web browser application, automatically-generated content and user-generated content to confound analytics of computer network traffic including data associated with the synchronized browser state.
- the system 100 may include a plurality of privacy engines 104a-N, a shared synchronization application 118, a shared controller application 106, a shared profile database 108, and a plurality of computing devices 102a-N executing in a distributed computing environment.
- Each of the plurality of privacy engines 104 may be a privacy engine as described above in connection with FIG. 1A; however, in contrast to the depiction in FIG.
- certain functionality is shared amongst the plurality of privacy engines 104a-N, including the shared synchronization application 118, the shared controller application 106, and the shared profile database 108.
- the plurality of privacy engines 104a-N may all execute on a single machine 106 (e.g., a server).
- the plurality of privacy engines 104a-N may execute on a plurality of machines 106.
- Each of the computing devices 102a-N may be a computing device 102 as described above in connection with FIG. 1A.
- a distributed implementation as depicted in FIG. IF may allow for an entity (such as, for example, an enterprise) to protect a plurality of workstations.
- each privacy engine instance runs in a jail or container, as to isolate the processes and file system from other privacy engine instances on the same server.
- the privacy engines 104a-Ndo not include individual profile databases nor are they accessible via separate APIs - the shared synchronization application 118, the shared controller application 106, and the shared profile database 108 are shared by each privacy engine in the plurality of privacy engines 104a-N in the architecture depicted by FIG. IF and each of the computing devices 102a-N may access one of the privacy engines 104a-N via those shared resources.
- a block diagram depicts one embodiment of a method 200 for synchronizing, in a browser state of a web browser application, automatically-generated content and user-generated content to confound analytics of computer network traffic including data associated with the synchronized browser state.
- the method 200 includes retrieving, by a controller application executing on a first computing device, from a profile database, profile content (202).
- the method 200 includes receiving, by a first browser application executing on the first computing device, from the controller application, a first request including automatically-generated content based on the retrieved profile content (204).
- the method 200 includes transmitting, by the first browser application, a first network request, the network request including the automatically- generated content (206).
- the method 200 includes synchronizing, by a second browser application executing on the first computing device, a browser state of the second browser application with a browser state of the first browser application (208).
- the method 200 includes receiving, by the second browser application, a second request including user- generated content (210).
- the method 200 includes transmitting, by the second browser application, a second network request including the user-generated content and data from the synchronized browser state (212).
- the method 200 includes retrieving, by a controller application executing on a first computing device, from a profile database, profile content (202).
- a user has specified a profile 109 for the controller application 106 to use.
- the controller application 106 selects a profile 109 without user direction.
- the system 100 may determine an area of interest to a user (e.g., by retrieving data such as browser data from a machine associated with a user, including, without limitation, a personal computing device of the user as well as network devices that monitor or have access to user-generated traffic, and instructing a natural language processing engine to analyze the retrieved data and receiving an identification of at least one common term in the user-generated traffic that the system 100 uses to identify an area of interest to the user).
- the system 100 may then identify a profile 109 that includes keywords identified with areas of interest that are substantially different from the area of interest to the user.
- the controller application 106 may use profile content retrieved from a profile 109 in the profile database 108 to generate computer network traffic including automatically generated content.
- the controller application 106 may retrieve a search term from a profile 109 and use the text of the search term when directing the generation of computer network traffic.
- the controller application 106 may generate an instruction to the automation driver 112, based on the automation API 114, the instruction directing the automation driver 1 12 to execute a web search with the first browser 110a using the retrieved search terms.
- the controller application 106 may retrieve profile data identifying a time of day at which the controller application 106 should generate computer network traffic.
- the controller application 106 may retrieve a URL to provide to the automation driver 112 with an instruction to direct the first browser 1 10a to retrieve a web page available at the URL.
- the controller application 106 may execute a retrieved instruction (e.g., retrieving profile data or URLs or performing other instructions).
- the actions of the controller application 106 and/or the automation driver 112 may result in the generation of new browser state data and the storing of the new browser state data by the first browser 110a.
- the method 200 includes receiving, by a first browser application executing on the first computing device, from the controller application, a first request including automatically-generated content based on the retrieved profile content (204).
- the first browser 110a receives, from the controller application 106, via the automation driver 1 12, a request for execution.
- the request may be a request to execute a web search (e.g., to go to a URL or IP address associated with a search engine and to enter one or more terms provided by the controller application 106).
- the method 200 includes transmitting, by the first browser application, a first network request, the network request including the automatically -generated content (206).
- the first browser application 110a executes instructions received directly or indirectly from the controller application 106 to access one or more computers across a network, generating computer network traffic.
- the method 200 includes synchronizing, by a second browser application executing on the first computing device, a browser state of the second browser application with a browser state of the first browser application (208).
- the first browser 110a As the first browser 110a generates computer network traffic, the first browser 110a develops browser state data (e.g., web cookies received over a network from other computers); the first browser 1 10a may transmit this browser state data to the synchronization application 1 18 for synchronization with browser state data of the second browser 1 10b.
- browser state data e.g., web cookies received over a network from other computers
- the first browser 1 10a may transmit one or more web cookies to the synchronization application 118 using the synchronization API 120 and the synchronization application 118 may transmit the received one or more web cookies to the browser synchronization plugin 116b executed by the second browser 1 10b (e.g., by transmitting, to the browser synchronization plugin 116b, a file, such as a JSON file, including the one or more web cookies).
- the browser synchronization plugin 116b may incorporate the received one or more web cookies into data associated with the second browser 1 10b (e.g., copying the web cookie into a cache for cookies associated with the second browser 1 10b).
- the privacy engine 104 has provided the second browser 110b with a browser state that includes data associated with at least two entities - data associated with the human user of the second browser 1 10b and data associated with computer network traffic generated by the first browser 110a based on data retrieved from the profile selected by the controller application 106.
- the controller application 106 may have selected a profile intended to confound an attempt to analyze preferences or interests of the human user. For example, and without limitation, a user of the system 100 may specify that she is a network security expert researching computer viruses and wishes to camouflage her interests; the profile databases 108 may include a plurality of profiles 109 from which the user may select a profile 109.
- the user might select a profile 109 intended to add variety to her browser state (e.g., the state of second browser 110b) so that instead of only including data related to computer viruses or network security topics generally, the browser state data might also include cookies from other unrelated web sites.
- the user might select a profile 109 of an academic searching for academic publications on medieval history in non-security- related sites or a profile 109 of an individual interested in health and fitness (e.g., a profile 109 that would include URLs for online stores that sell yoga clothes or for meditation sites or gyms).
- the user might select a plurality of profiles 109 so that the synchronized browser data would include web cookies suggesting that the user of the second browser 110b is interested in (e.g., retrieves for rendering) web sites relating to computer security, academic papers on medieval history, and healthcare and fitness.
- the system minimizes the impact of unwelcome analysis on the user's data.
- analysis of web data is used for everything from targeted online advertising, targeted physical advertising (e.g., catalogs sent to the user in the mail, and in more ominous scenarios, corporate espionage; by minimizing the accuracy of the analysis, the system 100 minimizes the impact of the analysis on the user. For example, and without limitation, by modifying an analytical result by generating additional computer network traffic so that, for example, the browser data shows that network security sites comprise 10% of the pages visited by the computing device 102 instead of 100% (because 90% of the traffic was generated by the first browser 110a and related to data associated with a profile 109 instead of with the human user), the system 100 minimizes the likelihood that analytics will reveal network security to be a major interest of the user.
- targeted physical advertising e.g., catalogs sent to the user in the mail, and in more ominous scenarios, corporate espionage
- the system 100 minimizes the impact of the analysis on the user. For example, and without limitation, by modifying an analytical result by generating additional computer network traffic so that, for example, the
- the method 200 includes receiving, by the second browser application, a second request including user-generated content (210).
- the user of the second browser application 110b may generate computer network traffic in a customary manner. For example, the user may type in a URL or IP address for the second browser application 110b to use. As another example, the user of the second browser 110b may use the browser 110b to interact with a web page provided by a remote machine such as, without limitation, a search engine that the user wants to use conduct online research.
- the method 200 includes transmitting, by the second browser application, a second network request including the user-generated content and data from the synchronized browser state (212).
- the second browser application may respond to a request from a third-party web site for cookie data with cookie data from the synchronized browser state (including, for example, cookie data generated by a network transaction executed by the first browser application 110a instead of the second browser application 110b).
- the privacy engine described above could be integrated into existing firewalls and routers, and work in conjunction with other IT tools such as those for management and security. Such integrations would allow for an IT organization to handle all aspects of data protection through one console.
- a graph 300 depicts one embodiment of user-generated content categorized according to type of content (e.g., type of data or activity associated with the content) prior to combination with automatically-generated content by a system for synchronizing automatically -generated content and user-generated content.
- type of content e.g., type of data or activity associated with the content
- an amount of user-generated data can be used to categorize the user- generated content into different types of data that may correlate to activities; for example, there is a certain amount of user-generated data associated with type of data "B" and a higher amount of user-generated data associated with type of data "C”.
- a system may associate the user with a particular type of activity.
- the addition of automatically -generated content to the user-generated content may provide the user increased privacy by masking what type of activity the user-generated content relates to.
- a graph 310 depicts a graph of user-generated data in combination with automatically-generated content in which automatically-generated content is generated randomly.
- a system might use randomly generated data.
- combining the user- generated data with automatically -generated (or "decoy" data) serves to provide a level of masking of the user-generated data, making it more challenging to determine what are the types of data or activities that are associated with the user.
- the methods and systems described above provide improvements over both randomly generated data and no automated data at all.
- a graph 320 depicts a graph of user-generated data in combination with automatically-generated content in which the automatically-generated content is generated by a system for synchronizing automatically-generated content and user-generated content, the system accessing at least one profile data.
- the use of automatically -generated content in combination with user-generated content provides an improved level of masking over the level of masking provided by randomly generated data.
- the automatically-generated content and the user-generated content are not separated from each other and a reviewer of the user activity data (including, without limitation, browser state data, domain name service queries, and other activity data) would see a compiled set of both content types, not two different data types; that is, a reviewer of the user data would see only the aggregate of the automatically-generated content and the user-generated content.
- a reviewer of the user activity data including, without limitation, browser state data, domain name service queries, and other activity data
- the privacy engine described above could be used to protect individual consumers from differential pricing based on network traffic. For individual consumers, companies often profile consumers based on their personal data. This can result in different offerings, and in some cases, different prices.
- browser state data including, for example and without limitation, cookie data
- the consumer may receive higher prices for items sold or recommended by the commerce web site (including, without limitation, retail purchases, recommendations for more expensive products, and air fare); this may be based on a presumption that an individual who can afford a computer from Apple, Inc., has more wealth than one who is using a machine sold by Microsoft, Inc., or other vendor.
- the privacy engine 104 may generate computer network traffic that is generated to include data indicating it comes from a different type of machine than the type of machine used by the user; in this way, there will be computer network data associated with both Apple, Inc., hardware and non-Apple, Inc., hardware, confounding attempts to identify the hardware type and provide differential pricing.
- an insurance carrier e.g., health insurance and life insurance
- users may generate a variety of types of content for computer network data and have the privacy engine 104 generate different types of content (e.g., generating both content for local yoga classes and content for high risk activities such as rock climbing) and confound attempts by insurance carriers to classify them based on their network activity.
- types of content e.g., generating both content for local yoga classes and content for high risk activities such as rock climbing
- the privacy engine described above may be used to protect individual consumers from having accurate psychological profiles generated by third parties.
- a first entity may instantiate a privacy engine 104 to generate network traffic relating to a product or area of research the first entity knows will mislead a second entity (e.g., a product the first entity knows will be a commercial failure or a research topic unrelated to research topics the second entity is interested in or a topic the second entity uses as input to a machine learning system). Furthermore, if the first entity receives corporate information about the second entity relating to the misleading information, the first entity may determine that the second entity has been spying on the first entity.
- Such privacy engines 104 may also be used to divert hackers.
- the first entity may divert hackers who view the computing device 100a as an actual resource of the entity based on the network traffic generated by the privacy engine 104 (e.g., using the computing device 100a as a diversion minimizing the hacker's effectiveness against the network as a whole, as well as a honeypot).
- Entities may want to deploy privacy engines at certain physical locations as a countermeasure to attempts to tap the internet connection (e.g., governments may wish to install privacy engines 104 at one or more embassies).
- a privacy engine could be configured to emulate a high value target (a politician, general, intelligence officer, etc.), diverting and absorbing enemy cyberattacks; this is analogous to the inflatable tanks the army uses to draw enemy fire away from actual targets. This could also be useful for chief executive officers and other "high value" corporate executives who are undoubtedly frequently targeted.
- the methods and systems described herein are broad in scope and mitigate all manner of web-based privacy threats including, without limitation, ISP, DNS lookups, websites, and third-party trackers.
- the methods and systems described herein provide a flexible solution for creating a variety of types of traffic.
- the methods and systems described herein provide a scalable solution - while a consumer VPN helps mask an individual's IP address, putting 5000 employees on a VPN is not effective at masking users because there is still an obvious large group in one block of IP addresses; in contrast, a company could instantiate as many privacy engines 104 as it has computational power to run, and can thus disguise arbitrary numbers of employees (or for that matter, create arbitrary numbers of fake employees).
- the methods and systems described herein represents a novel, non-obvious, viable and highly efficacious privacy solution useful for a wide variety of privacy needs. This technology represents a great step forward in the preservation of individual privacy, intellectual property, and business strategy.
- the systems and methods described above may be implemented as a method, apparatus, or article of manufacture using programming and/or engineering techniques to produce software, firmware, hardware, or any combination thereof.
- the techniques described above may be implemented in one or more computer programs executing on a programmable computer including a processor, a storage medium readable by the processor (including, for example, volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device.
- Program code may be applied to input entered using the input device to perform the functions described and to generate output.
- the output may be provided to one or more output devices.
- Each computer program within the scope of the claims below may be implemented in any programming language, such as assembly language, machine language, a high-level procedural programming language, or an object-oriented programming language.
- the programming language may, for example, be LISP, PYTHON, PROLOG, PERL, C, C++, C#, JAVA, or any compiled or interpreted programming language.
- Each such computer program may be implemented in a computer program product tangibly embodied in a machine-readable storage device for execution by a computer processor.
- Method steps of the invention may be performed by a computer processor executing a program tangibly embodied on a computer-readable medium to perform functions of the invention by operating on input and generating output.
- Suitable processors include, by way of example, both general and special purpose microprocessors.
- the processor receives instructions and data from a read-only memory and/or a random access memory.
- Storage devices suitable for tangibly embodying computer program instructions include, for example, all forms of computer-readable devices, firmware, programmable logic, hardware (e.g., integrated circuit chip; electronic devices; a computer- readable non-volatile storage unit; non-volatile memory, such as semiconductor memory devices, including EPROM, EEPROM, and flash memory devices; magnetic disks such as internal hard disks and removable disks; magneto-optical disks; and CD-ROMs). Any of the foregoing may be supplemented by, or incorporated in, specially-designed ASICs (application-specific integrated circuits) or FPGAs (Field-Programmable Gate Arrays).
- a computer can generally also receive programs and data from a storage medium such as an internal disk (not shown) or a removable disk.
- a computer may also receive programs and data (including, for example, instructions for storage on non-transitory computer-readable media) from a second computer providing access to the programs via a network transmission line, wireless transmission media, signals propagating through space, radio waves, infrared signals, etc.
- FIGs. 4A, 4B, and 4C block diagrams depict additional detail regarding computing devices that may be modified to execution functionality for implementing the methods and systems described above.
- the network environment comprises one or more clients 102a- 102n (also generally referred to as local machine(s) 102, client(s) 102, client node(s) 102, client machine(s) 102, client computer(s) 102, client device(s) 102, computing device(s) 102, endpoint(s) 102, or endpoint node(s) 102) in communication with one or more remote machines 106a-106n (also generally referred to as server(s) 106 or computing device(s) 106) via one or more networks 404.
- clients 102a- 102n also generally referred to as local machine(s) 102, client(s) 102, client node(s) 102, client machine(s) 102, client computer(s) 102, client device(s) 102, computing device(s) 102, endpoint(s) 102, or endpoint node(s) 102
- remote machines 106a-106n also generally referred to as server(s) 106 or computing device
- FIG. 4A shows a network 404 between the client(s) 102 and the remote machines 106
- the network 404 can be a local area network (LAN), such as a company Intranet, a metropolitan area network (MAN), or a wide area network (WAN), such as the Internet or the World Wide Web.
- LAN local area network
- MAN metropolitan area network
- WAN wide area network
- a network 404' (not shown) may be a private network and a network 404 may be a public network.
- a network 404 may be a private network and a network 404' a public network.
- networks 404 and 404' may both be private networks.
- networks 404 and 404' may both be public networks.
- the network 404 may be any type and/or form of network and may include any of the following: a point to point network, a broadcast network, a wide area network, a local area network, a telecommunications network, a data communication network, a computer network, an ATM (Asynchronous Transfer Mode) network, a SONET (Synchronous Optical Network) network, an SDH (Synchronous Digital Hierarchy) network, a wireless network, and a wireline network.
- the network 404 may comprise a wireless link, such as an infrared channel or satellite band.
- the topology of the network 404 may be a bus, star, or ring network topology.
- the network 404 may be of any such network topology as known to those ordinarily skilled in the art capable of supporting the operations described herein.
- the network 404 may comprise mobile telephone networks utilizing any protocol or protocols used to communicate among mobile devices (including tables and handheld devices generally), including AMPS, TDMA, CDMA, GSM, GPRS, UMTS, or LTE.
- AMPS AMPS
- TDMA Time Division Multiple Access
- CDMA Code Division Multiple Access
- GSM Global System for Mobile communications
- GPRS Global System for Mobile communications
- UMTS Universal Mobile communications
- LTE Long Term Evolution
- different types of data may be transmitted via different protocols.
- the same types of data may be transmitted via different protocols.
- a client(s) 102 and a remote machine 106 can be any workstation, desktop computer, laptop or notebook computer, server, portable computer, mobile telephone, mobile smartphone, or other portable telecommunication device, media playing device, a gaming system, mobile computing device, or any other type and/or form of computing, telecommunications or media device that is capable of communicating on any type and form of network and that has sufficient processor power and memory capacity to perform the operations described herein.
- a client(s) 102 may execute, operate or otherwise provide an application, which can be any type and/or form of software, program, or executable instructions, including, without limitation, any type and/or form of web browser, web-based client, client-server application, an ActiveX control, or a JAVA applet, or any other type and/or form of executable instructions capable of executing on client(s) 102.
- an application can be any type and/or form of software, program, or executable instructions, including, without limitation, any type and/or form of web browser, web-based client, client-server application, an ActiveX control, or a JAVA applet, or any other type and/or form of executable instructions capable of executing on client(s) 102.
- a computing device 106 provides functionality of a web server.
- a web server 106 comprises an open-source web server, such as the NGINX web servers provided by NGINX, Inc., of San Francisco, CA, or the APACHE servers maintained by the Apache Software Foundation of Delaware.
- the web server executes proprietary software, such as the INTERNET INFORMATION SERVICES products provided by Microsoft Corporation of Redmond, WA, the ORACLE IPLANET web server products provided by Oracle Corporation of Redwood Shores, CA, or the BEA WEBLOGIC products provided by BEA Systems of Santa Clara, CA.
- the system may include multiple, logically-grouped remote machines 106.
- the logical group of remote machines may be referred to as a server farm 438.
- the server farm 438 may be administered as a single entity.
- FIGs. 4B and 4C depict block diagrams of a computing device 100 useful for practicing an embodiment of the client(s) 102 or a remote machine 106.
- each computing device 100 includes a central processing unit 421, and a main memory unit 422.
- a computing device 100 may include a storage device 428, an installation device 416, a network interface 418, an I/O controller 423, display devices 424a- «, a keyboard 426, a pointing device 427, such as a mouse, and one or more other I/O devices 430a- «.
- the storage device 428 may include, without limitation, an operating system and software. As shown in FIG.
- each computing device 100 may also include additional optional elements, such as a memory port 403, a bridge 470, one or more input/output devices 430a- « (generally referred to using reference numeral 430), and a cache memory 440 in communication with the central processing unit 421.
- additional optional elements such as a memory port 403, a bridge 470, one or more input/output devices 430a- « (generally referred to using reference numeral 430), and a cache memory 440 in communication with the central processing unit 421.
- the central processing unit 421 is any logic circuitry that responds to and processes instructions fetched from the main memory unit 422.
- the central processing unit 421 is provided by a microprocessor unit, such as: those manufactured by Intel Corporation of Mountain View, CA; those manufactured by Motorola Corporation of Schaumburg, IL; those manufactured by Transmeta Corporation of Santa Clara, CA; those manufactured by International Business Machines of White Plains, NY; or those manufactured by Advanced Micro Devices of Sunnyvale, CA.
- Other examples include SPARC processors, ARM processors, processors used to build UNIX/LINUX "white” boxes, and processors for mobile devices.
- the computing device 400 may be based on any of these processors, or any other processor capable of operating as described herein.
- Main memory unit 422 may be one or more memory chips capable of storing data and allowing any storage location to be directly accessed by the microprocessor 421.
- the main memory 422 may be based on any available memory chips capable of operating as described herein.
- the processor 421 communicates with main memory 422 via a system bus 450.
- FIG. 4C depicts an embodiment of a computing device 400 in which the processor communicates directly with main memory 422 via a memory port 403.
- FIG. 4C also depicts an embodiment in which the main processor 321 communicates directly with cache memory 440 via a secondary bus, sometimes referred to as a backside bus.
- the main processor 421 communicates with cache memory 440 using the system bus 450.
- FIG. 4C depicts an embodiment of a computing device 400 in which the processor communicates directly with main memory 422 via a memory port 403.
- FIG. 4C also depicts an embodiment in which the main processor 321 communicates directly with cache memory 440 via a secondary bus, sometimes referred to as a
- the processor 421 communicates with various I/O devices 430 via a local system bus 450.
- Various buses may be used to connect the central processing unit 421 to any of the I/O devices 430, including a VESA VL bus, an ISA bus, an EISA bus, a MicroChannel Architecture (MCA) bus, a PCI bus, a PCI-X bus, aPCI-Express bus, or aNuBus.
- MCA MicroChannel Architecture
- PCI bus PCI bus
- PCI-X bus PCI-X bus
- PCI-Express a PCI-Express bus
- NuBus a User Service Bus
- FIG. 4C depicts an embodiment of a computer 400 in which the main processor 421 also communicates directly with an I/O device 430b via, for example, HYPERTRANSPORT, RAPIDIO, or INFINIBAND communications technology.
- I/O devices 430a- « may be present in or connected to the computing device 400, each of which may be of the same or different type and/or form.
- Input devices include keyboards, mice, trackpads, trackballs, microphones, scanners, cameras, and drawing tablets.
- Output devices include video displays, speakers, inkjet printers, laser printers, 3D printers, and dye-sublimation printers.
- the I/O devices may be controlled by an I/O controller 423 as shown in FIG. 4B.
- an I/O device may also provide storage and/or an installation medium 416 for the computing device 400.
- the computing device 400 may provide USB connections (not shown) to receive handheld USB storage devices such as the USB Flash Drive line of devices manufactured by Twintech Industry, Inc. of Los Alamitos, CA.
- the computing device 100 may support any suitable installation device 416, such as a floppy disk drive for receiving floppy disks such as 3.5- inch, 5.25-inch disks or ZIP disks; a CD-ROM drive; a CD-R/RW drive; a DVD-ROM drive; tape drives of various formats; a USB device; a hard-drive or any other device suitable for installing software and programs.
- the computing device 400 may provide functionality for installing software over a network 404.
- the computing device 400 may further comprise a storage device, such as one or more hard disk drives or redundant arrays of independent disks, for storing an operating system and other software.
- the computing device 100 may rely on memory chips for storage instead of hard disks.
- the computing device 400 may include a network interface 418 to interface to the network 404 through a variety of connections including, but not limited to, standard telephone lines, LAN or WAN links (e.g., 802.11, Tl, T3, 56kb, X.25, SNA, DECNET), broadband connections (e.g., ISDN, Frame Relay, ATM, Gigabit Ethernet, Ethernet-over-SONET), wireless connections, or some combination of any or all of the above.
- standard telephone lines LAN or WAN links (e.g., 802.11, Tl, T3, 56kb, X.25, SNA, DECNET), broadband connections (e.g., ISDN, Frame Relay, ATM, Gigabit Ethernet, Ethernet-over-SONET), wireless connections, or some combination of any or all of the above.
- LAN or WAN links e.g., 802.11, Tl, T3, 56kb, X.25, SNA, DECNET
- broadband connections e.g., ISDN, Frame Relay
- Connections can be established using a variety of communication protocols (e.g., TCP/IP, IPX, SPX, NetBIOS, Ethernet, ARCNET, SONET, SDH, Fiber Distributed Data Interface (FDDI), RS232, IEEE 802.11, IEEE 802.11a, IEEE 802.11b, IEEE 802.1 lg, IEEE 802.11 ⁇ , 802.15.4, Bluetooth, ZIGBEE, CDMA, GSM, WiMax, and direct asynchronous connections).
- the computing device 400 communicates with other computing devices 100' via any type and/or form of gateway or tunneling protocol such as Secure Socket Layer (SSL) or Transport Layer Security (TLS).
- SSL Secure Socket Layer
- TLS Transport Layer Security
- the network interface 418 may comprise a built-in network adapter, network interface card, PCMCIA network card, card bus network adapter, wireless network adapter, USB network adapter, modem, or any other device suitable for interfacing the computing device 100 to any type of network capable of communication and performing the operations described herein.
- an I/O device 430 may be a bridge between the system bus 150 and an external communication bus, such as a USB bus, an Apple Desktop Bus, an RS- 232 serial connection, a SCSI bus, a FireWire bus, a FireWire 800 bus, an Ethernet bus, an AppleTalk bus, a Gigabit Ethernet bus, an Asynchronous Transfer Mode bus, a HIPPI bus, a Super HIPPI bus, a SerialPlus bus, a SCI/LAMP bus, a FibreChannel bus, or a Serial Attached small computer system interface bus.
- an external communication bus such as a USB bus, an Apple Desktop Bus, an RS- 232 serial connection, a SCSI bus, a FireWire bus, a FireWire 800 bus, an Ethernet bus, an AppleTalk bus, a Gigabit Ethernet bus, an Asynchronous Transfer Mode bus, a HIPPI bus, a Super HIPPI bus, a SerialPlus bus, a SCI/LAMP bus, a FibreChannel bus,
- a computing device 400 of the sort depicted in FIGs. 4B and 4C typically operates under the control of operating systems, which control scheduling of tasks and access to system resources.
- the computing device 400 can be running any operating system such as any of the versions of the MICROSOFT WINDOWS operating systems, the different releases of the UNIX and LINUX operating systems, any version of the MAC OS for Macintosh computers, any embedded operating system, any real-time operating system, any open source operating system, any proprietary operating system, any operating systems for mobile computing devices, or any other operating system capable of running on the computing device and performing the operations described herein.
- Typical operating systems include, but are not limited to: WINDOWS 3.x, WINDOWS 95, WINDOWS 98, WINDOWS 2000, WINDOWS NT 3.1-4.0, WINDOWS CE, WINDOWS XP, WINDOWS 7, WINDOWS 8, WINDOWS VISTA, and WINDOWS 10, all of which are manufactured by Microsoft Corporation of Redmond, WA; any version of MAC OS manufactured by Apple Inc. of Cupertino, CA; OS/2 manufactured by International Business Machines of Armonk, NY; Red Hat Enterprise Linux, a Linus-variant operating system distributed by Red Hat, Inc., of Raleigh, NC; Ubuntu, a freely-available operating system distributed by Canonical Ltd. of London, England; or any type and/or form of a Unix operating system, among others.
- the computing device 400 can be any workstation, desktop computer, laptop or notebook computer, server, portable computer, mobile telephone or other portable telecommunication device, media playing device, a gaming system, mobile computing device, or any other type and/or form of computing, telecommunications or media device that is capable of communication and that has sufficient processor power and memory capacity to perform the operations described herein.
- the computing device 100 may have different processors, operating systems, and input devices consistent with the device.
- the computing device 400 is a mobile device, such as a JAVA-enabled cellular telephone/smartphone or personal digital assistant (PDA).
- PDA personal digital assistant
- the computing device 400 may be a mobile device such as those manufactured, by way of example and without limitation, by Apple Inc.
- the computing device 100 is a smartphone, POCKET PC, POCKET PC PHONE, or other portable mobile device supporting Microsoft Windows Mobile Software.
- the computing device 400 is a digital audio player.
- the computing device 400 is a digital audio player such as the Apple IPOD, IPOD TOUCH, IPOD NANO, and IPOD SHUFFLE lines of devices manufactured by Apple Inc.
- the digital audio player may function as both a portable media player and as a mass storage device.
- the computing device 100 is a digital audio player such as those manufactured by, for example, and without limitation, Samsung Electronics America of Ridgefield Park, NJ, or Creative Technologies Ltd. of Singapore.
- the computing device 400 is a portable media player or digital audio player supporting file formats including, but not limited to, MP3, WAV, M4A/AAC, WMA Protected AAC, AEFF, Audible audiobook, Apple Lossless audio file formats, and .mov, .m4v, and .mp4 MPEG-4 (H.264/MPEG-4 AVC) video file formats.
- file formats including, but not limited to, MP3, WAV, M4A/AAC, WMA Protected AAC, AEFF, Audible audiobook, Apple Lossless audio file formats, and .mov, .m4v, and .mp4 MPEG-4 (H.264/MPEG-4 AVC) video file formats.
- the computing device 400 comprises a combination of devices, such as a mobile phone combined with a digital audio player or portable media player.
- the computing device 100 is a device in the Google/Motorola line of combination digital audio players and mobile phones.
- the computing device 400 is a device in the IPHONE smartphone line of devices manufactured by Apple Inc.
- the computing device 400 is a device executing the ANDROID open source mobile phone platform distributed by the Open Handset Alliance; for example, the device 100 may be a device such as those provided by Samsung Electronics of Seoul, Korea, or HTC Headquarters of Taiwan, R.O.C.
- the computing device 400 is a tablet device such as, for example and without limitation, the IP AD line of devices manufactured by Apple Inc.; the PLAYBOOK manufactured by Research In Motion; the CRUZ line of devices manufactured by Velocity Micro, Inc. of Richmond, VA; the FOLIO and THRIVE line of devices manufactured by Toshiba America Information Systems, Inc. of Irvine, CA; the GALAXY line of devices manufactured by Samsung; the HP SLATE line of devices manufactured by Hewlett-Packard; and the STREAK line of devices manufactured by Dell, Inc. of Round Rock, TX.
- the IP AD line of devices manufactured by Apple Inc. the PLAYBOOK manufactured by Research In Motion
- the FOLIO and THRIVE line of devices manufactured by Toshiba America Information Systems, Inc. of Irvine, CA the GALAXY line of devices manufactured by Samsung
- the HP SLATE line of devices manufactured by Hewlett-Packard the HP SLATE line of devices manufactured by Hewlett-Packard
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Radar, Positioning & Navigation (AREA)
- Remote Sensing (AREA)
- Medical Informatics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2018292120A AU2018292120A1 (en) | 2017-06-30 | 2018-06-20 | Methods and systems for protecting user-generated data in computer network traffic |
EP18822696.3A EP3646560A4 (en) | 2017-06-30 | 2018-06-20 | Methods and systems for protecting user-generated data in computer network traffic |
CA3063533A CA3063533A1 (en) | 2017-06-30 | 2018-06-20 | Methods and systems for protecting user-generated data in computer network traffic |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201762527032P | 2017-06-30 | 2017-06-30 | |
US62/527,032 | 2017-06-30 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2019005555A1 true WO2019005555A1 (en) | 2019-01-03 |
Family
ID=64738917
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2018/038483 WO2019005555A1 (en) | 2017-06-30 | 2018-06-20 | Methods and systems for protecting user-generated data in computer network traffic |
Country Status (5)
Country | Link |
---|---|
US (2) | US11003732B2 (en) |
EP (1) | EP3646560A4 (en) |
AU (1) | AU2018292120A1 (en) |
CA (1) | CA3063533A1 (en) |
WO (1) | WO2019005555A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11003732B2 (en) | 2017-06-30 | 2021-05-11 | Diluvian LLC | Methods and systems for protecting user-generated data in computer network traffic |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20200012890A1 (en) * | 2018-07-06 | 2020-01-09 | Capital One Services, Llc | Systems and methods for data stream simulation |
CN112711571A (en) * | 2019-10-25 | 2021-04-27 | 京东方科技集团股份有限公司 | File synchronization method and device |
CN111212134A (en) * | 2019-12-31 | 2020-05-29 | 北京金山云网络技术有限公司 | Request message processing method and device, edge computing system and electronic equipment |
US20230244502A1 (en) * | 2022-02-03 | 2023-08-03 | Capital One Services, Llc | Executing automated browsing sessions |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6757691B1 (en) * | 1999-11-09 | 2004-06-29 | America Online, Inc. | Predicting content choices by searching a profile database |
US20070157304A1 (en) * | 2006-01-05 | 2007-07-05 | International Business Machines Corporation | Method, apparatus and computer program product for automatic cookie synchronization between distinct web browsers |
US20110078333A1 (en) * | 2009-09-29 | 2011-03-31 | Robert Jakubowski | Synchronization of server-side cookies with client-side cookies |
US20140223488A1 (en) * | 2011-09-08 | 2014-08-07 | Axel Springer Digital Tv Guide Gmbh | Method and apparatus for automatic generation of recommendations |
US9213776B1 (en) * | 2009-07-17 | 2015-12-15 | Open Invention Network, Llc | Method and system for searching network resources to locate content |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6286104B1 (en) * | 1999-08-04 | 2001-09-04 | Oracle Corporation | Authentication and authorization in a multi-tier relational database management system |
EP1779216A1 (en) * | 2004-08-20 | 2007-05-02 | Rhoderick John Kennedy Pugh | Server authentication |
US10346186B2 (en) | 2014-12-11 | 2019-07-09 | Rohan Kalyanpur | System and method for simulating internet browsing system for user without graphical user interface |
US10498850B2 (en) * | 2016-12-20 | 2019-12-03 | General Electric Company | Cross-domain context sharing engine |
EP3646560A4 (en) | 2017-06-30 | 2020-12-02 | Diluvian LLC | Methods and systems for protecting user-generated data in computer network traffic |
-
2018
- 2018-06-20 EP EP18822696.3A patent/EP3646560A4/en not_active Withdrawn
- 2018-06-20 AU AU2018292120A patent/AU2018292120A1/en not_active Abandoned
- 2018-06-20 US US16/013,222 patent/US11003732B2/en active Active
- 2018-06-20 CA CA3063533A patent/CA3063533A1/en not_active Abandoned
- 2018-06-20 WO PCT/US2018/038483 patent/WO2019005555A1/en active Application Filing
-
2021
- 2021-04-08 US US17/225,607 patent/US20210224338A1/en not_active Abandoned
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6757691B1 (en) * | 1999-11-09 | 2004-06-29 | America Online, Inc. | Predicting content choices by searching a profile database |
US20070157304A1 (en) * | 2006-01-05 | 2007-07-05 | International Business Machines Corporation | Method, apparatus and computer program product for automatic cookie synchronization between distinct web browsers |
US9213776B1 (en) * | 2009-07-17 | 2015-12-15 | Open Invention Network, Llc | Method and system for searching network resources to locate content |
US20110078333A1 (en) * | 2009-09-29 | 2011-03-31 | Robert Jakubowski | Synchronization of server-side cookies with client-side cookies |
US20140223488A1 (en) * | 2011-09-08 | 2014-08-07 | Axel Springer Digital Tv Guide Gmbh | Method and apparatus for automatic generation of recommendations |
Non-Patent Citations (1)
Title |
---|
See also references of EP3646560A4 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11003732B2 (en) | 2017-06-30 | 2021-05-11 | Diluvian LLC | Methods and systems for protecting user-generated data in computer network traffic |
Also Published As
Publication number | Publication date |
---|---|
US20190005142A1 (en) | 2019-01-03 |
US20210224338A1 (en) | 2021-07-22 |
CA3063533A1 (en) | 2019-01-03 |
AU2018292120A1 (en) | 2019-11-28 |
EP3646560A4 (en) | 2020-12-02 |
US11003732B2 (en) | 2021-05-11 |
EP3646560A1 (en) | 2020-05-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210224338A1 (en) | Methods and Systems for Protecting User-Generated Data in Computer Network Traffic | |
US20200151771A1 (en) | Extending audience reach in messaging campaigns using probabilistic id linking | |
US11120163B2 (en) | Associating anonymous information with personally identifiable information in a non-identifiable manner | |
US20180316640A1 (en) | Operating a match cooperative without handling personally identifiable information | |
Bujlow et al. | A survey on web tracking: Mechanisms, implications, and defenses | |
KR102194202B1 (en) | Establish links between identifiers without disclosing specific identifying information | |
US9875363B2 (en) | Use of generic (browser) encryption API to do key exchange (for media files and player) | |
US10489822B2 (en) | Extending audience reach in messaging campaigns using probabilistic ID linking | |
JP6060310B2 (en) | Privacy of wireless data maintained through social networks | |
US9264418B1 (en) | Client-side spam detection and prevention | |
US8843646B2 (en) | Multi-desktop interaction using nested remote desktop sessions | |
US20160125467A1 (en) | Classifying user intent based on location information electronically communicated from a mobile device | |
KR102504075B1 (en) | Matching and attributes of user device events | |
US20080140765A1 (en) | Efficient and reproducible visitor targeting based on propagation of cookie information | |
US10531286B2 (en) | Methods and systems for auto-completion of anonymized strings | |
US9231939B1 (en) | Integrating business tools in a social networking environment | |
US20130191494A1 (en) | Secure Proxied Data Retrieval from Third-Party Services | |
US10581831B2 (en) | Authenticating devices to a network | |
US20160044087A1 (en) | User contact information privacy protection in computer networks | |
US20180234508A1 (en) | Header Enhancement | |
US20130282493A1 (en) | Non-unique identifier for a group of mobile users | |
Speed et al. | Mobile Security: How to secure, privatize and recover your devices | |
US9647987B1 (en) | Transferring data | |
US20180227327A1 (en) | Secure content delivery over a domain portal | |
US10574538B1 (en) | Network visualization user interface |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18822696 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 3063533 Country of ref document: CA |
|
ENP | Entry into the national phase |
Ref document number: 2018292120 Country of ref document: AU Date of ref document: 20180620 Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2018822696 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2018822696 Country of ref document: EP Effective date: 20200130 |