Method and apparatus for re-establishing anonymous data transfers

George; David A. ;   et al.

Patent Application Summary

U.S. patent application number 11/331713 was filed with the patent office on 2007-07-19 for method and apparatus for re-establishing anonymous data transfers. Invention is credited to David A. George, Raymond B. III Jennings, Jason D. LaVoie, Sambit Sahu.

Application Number20070165519 11/331713
Document ID /
Family ID38263034
Filed Date2007-07-19
United States Patent Application 20070165519
Kind Code A1
George; David A. ;   et al. July 19, 2007
Method and apparatus for re-establishing anonymous data transfers

Abstract

One embodiment of the present method and apparatus for re-establishing anonymous data transfers between a first endpoint and a second endpoint in a network includes receiving, from a first node, the identity of a second node connected to the first node, where at least the first node is a neighbor node. A third node (a neighbor node) is then selected, and instructed to connect to the second node in order to establish a link for the path. In this manner, the first endpoint and the second endpoint remain unknown at least to each other (e.g., where "unknown" means that neither endpoint knows any identifying information, such as network address, about the other endpoint), and likely to all other nodes in the path as well. In another embodiment, a failure is detected at a neighbor node, where the neighbor node is part of an original path between the first endpoint and the second endpoint. The neighbor node's repair server is contacted for a repair node associated with the neighbor node, and a connection to the repair node is made such that the path is established in a manner that maintains anonymity of the first endpoint and the second endpoint relative to each other.

Inventors: George; David A.; (Somers, NY) ; Jennings; Raymond B. III; (Ossining, NY) ; LaVoie; Jason D.; (Mahopac, NY) ; Sahu; Sambit; (Hopewell Junction, NY)
Correspondence Address: 
    MOSER, PATTERSON & SHERIDAN LLP;IBM CORPORATION
    595 SHREWSBURY AVE
    SUITE 100
    SHREWSBURY
    NJ
    07702
    US
Family ID: 38263034
Appl. No.: 11/331713
Filed: January 13, 2006
Current U.S. Class: 370/225
Current CPC Class: H04L 63/0421 20130101; H04L 67/1048 20130101; H04L 67/2814 20130101; H04L 67/104 20130101; H04L 67/1046 20130101; H04L 67/1068 20130101
Class at Publication: 370/225
International Class: H04J 3/14 20060101 H04J003/14
Claims


1. A method for re-establishing a path for the transfer of data between a first endpoint and a second endpoint in a network, said method comprising the steps of: receiving, from a first node, the identity of a second node connected to said first node, where at least the first node is a neighbor node; selecting a third node, said third node being a neighbor node; and instructing said third node to connect to said second node in order to establish a link for said path, where said first endpoint and said second endpoint are unknown at least to each other.

2. The method of claim 1, further comprising: informing a fourth node of the selection of said third node, said fourth node being a neighbor node.

3. The method of claim 1, wherein said first endpoint is unknown to at least one of: said first node, said second node and said third node.

4. The method of claim 1, wherein said second endpoint is unknown to at least one of: said first node, said second node and said third node.

5. The method of claim 1, wherein said path replaces an original path between said first endpoint and said second endpoint.

6. The method of claim 5, wherein said path uses at least one link of said original path.

7. The method of claim 5, wherein at least said first node is part of said original path.

8. The method of claim 1, wherein said path requires re-establishment due to unexpected termination of said path by a node in said path, before completion of said transfer of data.

9. The method of claim 1, wherein said path requires re-establishment due to at least one of said first endpoint and said second endpoint learning an identity of the other, before completion of said transfer of data.

10. A computer program product stored on a computer readable medium ram for re-establishing a path for the transfer of data between a first endpoint and a second endpoint in a network, the computer readable medium comprising program code for causing a computer system to perform the steps of: receiving, from a first node, the identity of a second node connected to said first node, where at least the first node is a neighbor node; selecting a third node, said third node being a neighbor node; and instructing said third node to connect to said second node in order to establish a link for said path, where said first endpoint and said second endpoint are unknown at least to each other.

11. The computer readable medium of claim 10, further comprising: informing a fourth node of the selection of said third node, said fourth node being a neighbor node.

12. The computer readable medium of claim 10, wherein said path replaces an original path between said first endpoint and said second endpoint.

13. Apparatus for re-establishing a path for the transfer of data between a first endpoint and a second endpoint in a network, said apparatus comprising: means for receiving, from a first node, the identity of a second node connected to said first node, where at least the first node is a neighbor node; and means for selecting a third node, said third node being a neighbor node; means for instructing said third node to connect to said second node in order to establish a link for said path, where said first endpoint and said second endpoint are unknown at least to each other.

14. A method for re-establishing a path for the transfer of data between a first endpoint and a second endpoint in a network, said method comprising the steps of: detecting a failure of a neighbor node, said neighbor node being part of an original path between said first endpoint and said second endpoint; receiving, from a repair server associated with said neighbor node, a repair node for said neighbor node; and connecting to said repair node such that said path is established in a manner that maintains anonymity of said first endpoint and said second endpoint relative to each other.

15. The method of claim 14, wherein each node in said original path is associated with a weight value, said weight value increasing monotonically along said original path from node to node.

16. The method of claim 15, wherein said repair node is associated with a weight value that facilitates node ordering of said path.

17. The method of claim 14, wherein each node in said original path is associated with a common repair node.

18. The method of claim 14, wherein each node in said original path is associated with a different repair node.

19. The method of claim 14, wherein said path requires re-establishment due to unexpected termination of said path by a node in said path, before completion of said transfer of data.

20. The method of claim 14, wherein said path requires re-establishment due to at least one of said first endpoint and said second endpoint learning an identity of the other, before completion of said transfer of data.
Description


BACKGROUND

[0001] The present invention relates generally to computing networks and relates more particularly to anonymous data transfers between computing devices.

[0002] FIG. 1 is a schematic diagram of a network 100 of nodes (e.g., computing devices) interacting in a peer-to-peer (P2P) manner. Generally, a requesting node 101 sends a search message 105 (e.g., containing keywords relating to data that the requesting node 101 wishes to locate) to one or more intermediate network nodes 111 connected to the requesting node 101. Each intermediate node 111 receives the search message 105 and then forwards the search message 105 to one or more additional nodes 111. Eventually, the search message 105 reaches one or more responding nodes 103 having the requested data. One or more responding nodes 103 then send a response message 107 back to the requesting node 101, e.g., via the intermediate nodes 111. The requesting node 101 then requests the relevant data from a responding node 103 by connecting directly to the responding node 103, e.g., via direct connection 109.

[0003] In conventional P2P systems, both the requesting node 101 and the responding node 103 are aware of the other's identity such that one node has some unique information about the other node (e.g., a network address). Intermediate nodes may likewise be aware of the identities of the requesting node 101 and/or the responding node 103, depending on what type of identification is contained within the search and response messages 105 and 107. In many instances, however, one or both of the requesting node 101 and the responding node 103 may not wish to have their identities known to other nodes. Unfortunately, most conventional anonymous transfer methods, such as static anonymizing services, may be easily compromised, revealing the identities of transferring parties and/or causing a denial of service. Other methods for preserving the identity of the transferring parties typically involve encrypting the transferred files such that their contents are unknown. However, searching content using standard text for file names becomes impractical, and users typically must know specific public keys for desired data, making key distribution a network bottleneck. Moreover, most typical methods for establishing anonymous data transfer paths between two nodes do not provide a way for re-establishing the anonymous path should the connection between the two nodes be broken (e.g., due to a compromised path or to failure of a node on the path).

[0004] Thus, there is a need in the art for a method and apparatus for re-establishing anonymous data transfers.

SUMMARY OF THE INVENTION

[0005] One embodiment of the present method and apparatus for re-establishing anonymous data transfers between a first endpoint and a second endpoint in a network includes receiving, from a first node, the identity of a second node connected to the first node, where at least the first node is a neighbor node. A third node (a neighbor node) is then selected and instructed to connect to the second node in order to establish a link for the path. In this manner, the first endpoint and the second endpoint remain unknown at least to each other (e.g., where "unknown" means that neither endpoint knows any identifying information, such as network address, about the other endpoint), and likely to all other nodes in the path as well. In another embodiment, a failure is detected at a neighbor node, where the neighbor node is part of an original path between the first endpoint and the second endpoint. The neighbor node's repair server is contacted for a repair node associated with the neighbor node, and a connection to the repair node is made such that the path is established in a manner that maintains anonymity of the first endpoint and the second endpoint relative to each other.

BRIEF DESCRIPTION OF THE DRAWINGS

[0006] So that the manner in which the above recited embodiments of the invention are attained and can be understood in detail, a more particular description of the invention, briefly summarized above, may be obtained by reference to the embodiments thereof which are illustrated in the appended drawings. It is to be noted, however, that the appended drawings illustrate only typical embodiments of this invention and are therefore not to be considered limiting of its scope, for the invention may admit to other equally effective embodiments.

[0007] FIG. 1 is a schematic diagram of a network of nodes interacting in a peer-to-peer manner;

[0008] FIG. 2 is a flow diagram illustrating one embodiment of a method for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention;

[0009] FIG. 3 is a flow diagram illustrating another embodiment of a method for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention;

[0010] FIG. 4 is a flow diagram illustrating another embodiment of a method for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention;

[0011] FIG. 5 is a schematic diagram illustrating the cooperative operation of the methods of FIGS. 2-4 to re-establish an anonymous path between a requesting node and a responding node;

[0012] FIG. 6 is a flow diagram illustrating a second method for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention;

[0013] FIG. 7 is a flow diagram illustrating another embodiment of a method for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention; and

[0014] FIG. 8 is a high level block diagram of the anonymous connection re-establishment method that is implemented using a general purpose computing device.

[0015] To facilitate understanding, identical reference numerals have been used, where possible, to designate identical elements that are common to the figures.

DETAILED DESCRIPTION

[0016] In one embodiment, the present invention is a method and apparatus for re-establishing connections or paths for anonymous data transfers. Embodiments of the present invention enable paths between two anonymous nodes (i.e., anonymous at least to each other) to be re-established in the event that a previously established path fails before a data transfer is completed (e.g., due to failure of a node in the path or to the path becoming compromised, where a path is compromised if one or both of the anonymous nodes learns the identity of the other). Within the context of the present invention, a first node is "anonymous" or "unknown" to a second node if the second node does not know any identifying information (e.g., network address) about the first node. Paths may be re-established in a manner that maintains a substantially equivalent level of anonymity and avoids restarting the (potentially large) data transfer, which can be time consuming.

[0017] Embodiments of the present invention are particularly well-suited for re-establishing an anonymous path between a requesting node and a responding node, where the path includes one or more intermediate or "relay" nodes that aid in the data transfer such that the requesting node and the responding node do not connect directly to each other. Methods for establishing such an initial anonymous path using relay nodes have been discussed in co-pending, commonly assigned U.S. patent applications Ser. Nos. 10/903,531 and 10/909,024, both filed Jul. 30, 2004, and both of which are herein incorporated by reference in their entireties.

[0018] It is possible that in the course of time, the ability of one or more relay nodes to participate in an anonymous data transfer may be compromised (e.g., by external attack or collusion of other nodes to reveal the identities of the requesting and responding nodes). In such a case, it may be necessary to re-establish an anonymous path between the requesting node and the responding node, omitting at least the compromised relay node. Furthermore, it is desirable to define a new path that affords substantially the same degree of anonymity (e.g., no additional identities or information revealed) as the old path.

[0019] FIG. 2 is a flow diagram illustrating one embodiment of a method 200 for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention. The method 200 may be implemented, for example, at a node that is an endpoint in an anonymous data transfer (e.g., a requesting node or a responding node).

[0020] The method 200 is initialized at step 202 and proceeds to step 204, where the method 200 receives a notification to re-establish a path to a network endpoint (e.g., due to a failure of an intermediate or relay node in the previous path) or simply detects on its own that the existing path or connection has been lost. For example, if the method 200 is executing at the requesting node, the notification informs the method 200 of the need to re-establish a path to the responding node.

[0021] In step 206, the method 200 selects a new neighbor node in response to the notification received in step 204 (e.g., to replace the previous neighbor node in the previous path). In one embodiment, the method 200 selects this new neighbor node autonomously. In another embodiment, the new neighbor node is selected by a management node. The method 200 then connects to the selected new neighbor node in step 208. Thus, steps 206 and 208 succeed in establishing a first link in a new path between the requesting node and the responding node.

[0022] In step 210, the method 200 informs the previous neighbor node of the new neighbor node's identity. The method 200 then waits in step 212 to send or receive the requested data (e.g., once the path has been fully re-established), depending on whether the node at which the method 200 is executing is a requesting node or a responding node. In step 214, the method 200 terminates.

[0023] FIG. 3 is a flow diagram illustrating another embodiment of a method 300 for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention. The method 300 may be implemented, for example, at an intermediate or relay node in the previous or failed path between the requesting node and the responding node.

[0024] The method 300 is initialized at step 302 and proceeds to step 304, where the method 300 receives the identity of a new neighbor node from a first neighbor node in the previous path. That is, the first neighbor node, having selected a new neighbor node (e.g., in accordance with step 210 of the method 200), informs the node at which the method 300 is executing of the selection of the new neighbor node.

[0025] In step 306, the method 300 selects a second neighbor node in response to the notification received in step 306. The method 300 then proceeds to step 308 and informs the selected second neighbor node of the identity of the new neighbor node (e.g., so that the second neighbor node may connect to the new neighbor node). In this way, the method 300 enables a link of a new path between the requesting and responding nodes to be established, without disclosing the identity of either the requesting node or the responding node.

[0026] FIG. 4 is a flow diagram illustrating another embodiment of a method 400 for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention. The method 400 may be implemented, for example, at a newly selected intermediate or relay node in a developing new path between the requesting node and the responding node (e.g., at the new neighbor node of the method 200, or the new neighbor node or second neighbor node of the method 300).

[0027] The method 400 is initialized at step 402 and proceeds to step 404, where the method 400 connects to a first neighbor node. This connection may be made, for example, in response to the first neighbor node selecting the node at which the method 400 is executing (e.g., in accordance with steps 206-208 of the method 200) or in response to a notification from a previous neighbor node identifying a new neighbor node (e.g., in accordance with step 308 of the method 300).

[0028] In step 406, the method 400 receives an identity of a new neighbor node from a second neighbor node (e.g., the second neighbor node informs the method 400 of the selection of a new neighbor node for the node at which the method 400 is executing). The method 400 then connects to the new neighbor node in step 408.

[0029] In step 410, the method 400 receives data from one of the first neighbor node and the new neighbor node (e.g., depending on the direction of the data transfer between the requesting node and the responding node). The method 400 then delivers the data to the other of the first neighbor node and the new neighbor node (e.g., the one from which the data was not received in step 410) in step 412. In step 414, the method 400 terminates.

[0030] FIG. 5 is a schematic diagram illustrating the cooperative operation of the methods 200, 300 and 400 to re-establish an anonymous path between a requesting node and a responding node. As illustrated, an original path 512 (illustrated as a solid line) through a network 500 from a responding node 502 to a requesting node 504 includes one or more original relay nodes 506.sub.1-506.sub.n (hereinafter collectively referred to as "original relay nodes 506") that assist in preserving the identities of the responding node 502 and the requesting node 504, as discussed, for example, in connection with the methods described in U.S. patent application Ser. No. 10/909,024. However, when the original path 512 can no longer be used, for example because one of the original relay nodes (e.g., original relay node 506.sub.n) fails, a new path must be established between the responding node 502 and the requesting node 504 that affords substantially the same level of anonymity as the original path 512.

[0031] In accordance with the method 200 described above, the requesting node 504 selects and connects to a new neighbor node, thereby establishing a first link 510.sub.1 in a new path (illustrated in phantom) between the requesting node 504 and the responding node 502. This new neighbor node is new relay node 508.sub.n. The requesting node 504 then informs its original neighbor node, original relay node 506.sub.n, of the selection of the new relay node 508.sub.n.

[0032] In accordance with the method 300 described above, the original relay node 506.sub.n in turn selects a new neighbor node, new relay node 5082. The original relay node 506.sub.n then informs the new relay node 508.sub.2 of the new neighbor node selected by the requesting node 504 (e.g., new relay node 508.sub.n).

[0033] In accordance with the method 400, the new relay node 508.sub.2 selected by the original relay node 506.sub.n then connects to the new relay node 508.sub.n selected by the requesting node 504, thereby establishing a second link 510.sub.2 in a new path between the requesting node 504 and the responding node 502.

[0034] This process continues to establish new links 510.sub.1-510.sub.n (hereinafter collectively referred to as "new links 510") until a final new link 510.sub.n is established connecting the responding node 502 to one of the new relay nodes, new relay node 508.sub.1. Thus, a new path comprising new links 510 is established between the requesting node 504 and the responding node 502. Moreover, because each new relay node 508.sub.1-508.sub.n (hereinafter collectively referred to as "new relay nodes 508") only knows the identity of its neighboring new relay nodes 508 and of the original relay node 506 that selected it, the anonymity of the requesting node 504 and the responding node 502 is preserved as well as if the original path 512 were still intact. Even those new relay nodes 508 that connect directly to requesting node 504 or the responding node 502 do not know that their neighboring node is an endpoint of the data transfer taking place.

[0035] Those skilled in the art will appreciate that the each of the links of the original path 512 does not necessarily have to be replaced with new links 510. That is, there is not necessarily a one-to-one correspondence between links of the original path 512 and new links 510. A new link 510 may serve to replace multiple links of the original path 512, or a single link of the original path 512 may be replaced with multiple new links 510. Moreover, one or more of the links in the original path 512 could be reused in re-establishing the path between the requesting node 504 and the responding node 502.

[0036] FIG. 6 is a flow diagram illustrating another method 600 for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention. The method 600 may be implemented, for example, at repair server that is configured to assist a given node in re-establishing anonymous data transfer paths.

[0037] The method 600 is initialized at step 602 and proceeds to step 604, where the method 600 receives a request from a neighbor node of a node with which the repair server is associated. The request indicates that the node with which the repair server is associated has failed and asks for assistance in repairing the data transfer path including the failed node.

[0038] In step 606, the method 600 provides the neighbor node with the identity and weight value of a repair node associated with the failed node. The repair node can "fill in" for the failed node in the data transfer path. The weight value of the repair node is used, as discussed in greater detail below, to determine the order of nodes in the data transfer path. The method 600 then terminates in step 608.

[0039] FIG. 7 is a flow diagram illustrating another embodiment of a method 700 for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention. The method 700 may be implemented, for example, at neighbor node of a failed node that is associated with a repair server (as discussed with respect to FIG. 6).

[0040] The method 700 is initialized in step 702 and proceeds to step 704, where the method 700 detects the failure of a neighbor node. In step 706, the method 700 sends a request to the failed neighbor node's associated repair server, e.g., requesting a repair node to repair the data transfer path.

[0041] In step 708, the method 700 receives the identity and weight value of the failed neighbor node's repair node. The method 700 then connects to the repair node in step 710. In one embodiment, connection to the repair node is made in accordance with the associated weight value, where weight values associated with nodes increase monotonically along the original and repaired data transfer path (e.g., from left to right) from node to node.

[0042] In one embodiment, each node in a network may be associated with a different repair node. In another embodiment, each node may be associated with the same repair node.

[0043] FIG. 8 is a high level block diagram of the anonymous connection re-establishment method that is implemented using a general purpose computing device 800. In one embodiment, a general purpose computing device 800 comprises a processor 802, a memory 804, an anonymous connection re-establishment module 805 and various input/output (I/O) devices 806 such as a display, a keyboard, a mouse, a modem, and the like. In one embodiment, at least one I/O device is a storage device (e.g., a disk drive, an optical disk drive, a floppy disk drive). It should be understood that the anonymous connection re-establishment module 805 can be implemented as a physical device or subsystem that is coupled to a processor through a communication channel.

[0044] Alternatively, the anonymous connection re-establishment module 805 can be represented by one or more software applications (or even a combination of software and hardware, e.g., using Application Specific Integrated Circuits (ASIC)), where the software is loaded from a storage medium (e.g., I/O devices 806) and operated by the processor 802 in the memory 804 of the general purpose computing device 800. Thus, in one embodiment, the anonymous connection re-establishment module 805 for re-establishing anonymous data transfer paths between requesting and responding nodes described herein with reference to the preceding Figures can be stored on a computer readable medium or carrier (e.g., RAM, magnetic or optical drive or diskette, and the like).

[0045] Thus, the present invention represents a significant advancement in the field of data transfer systems. A method and apparatus are provided that enable the re-establishment of anonymous data transfer paths between two nodes, without revealing the identity of the nodes requesting and responding nodes to each other or to other nodes participating in the data transfer and without re-starting the data transfer. The present invention thus accounts for the possibility of the failure of a previously established anonymous data transfer path while maintaining a level of anonymity that is substantially equivalent to that afforded by the failed data transfer path.

[0046] While foregoing is directed to the preferred embodiment of the present invention, other and further embodiments of the invention may be devised without departing from the basic scope thereof, and the scope thereof is determined by the claims that follow.

* * * * *

uspto.report is an independent third-party trademark research tool that is not affiliated, endorsed, or sponsored by the United States Patent and Trademark Office (USPTO) or any other governmental organization. The information provided by uspto.report is based on publicly available data at the time of writing and is intended for informational purposes only.

While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, reliability, or suitability of the information displayed on this site. The use of this site is at your own risk. Any reliance you place on such information is therefore strictly at your own risk.

All official trademark data, including owner information, should be verified by visiting the official USPTO website at www.uspto.gov. This site is not intended to replace professional legal advice and should not be used as a substitute for consulting with a legal professional who is knowledgeable about trademark law.

© 2024 USPTO.report | Privacy Policy | Resources | RSS Feed of Trademarks | Trademark Filings Twitter Feed