US20070165519A1 - Method and apparatus for re-establishing anonymous data transfers - Google Patents

Method and apparatus for re-establishing anonymous data transfers Download PDF

Info

Publication number
US20070165519A1
US20070165519A1 US11/331,713 US33171306A US2007165519A1 US 20070165519 A1 US20070165519 A1 US 20070165519A1 US 33171306 A US33171306 A US 33171306A US 2007165519 A1 US2007165519 A1 US 2007165519A1
Authority
US
United States
Prior art keywords
node
endpoint
path
neighbor
repair
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/331,713
Inventor
David George
Raymond Jennings
Jason LaVoie
Sambit Sahu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to US11/331,713 priority Critical patent/US20070165519A1/en
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION reassignment INTERNATIONAL BUSINESS MACHINES CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: LAVOIE, MR. JASON D., GEORGE, MR. DAVID A., JENNINGS, III, MR. RAYMOND B., SAHU, MR. SAMBIT
Publication of US20070165519A1 publication Critical patent/US20070165519A1/en
Priority to US12/165,196 priority patent/US7885184B2/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1044Group management mechanisms 
    • H04L67/1046Joining mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1044Group management mechanisms 
    • H04L67/1048Departure or maintenance mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1061Peer-to-peer [P2P] networks using node-based peer discovery mechanisms
    • H04L67/1068Discovery involving direct consultation or announcement among potential requesting and potential source peers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/563Data redirection of data network streams

Definitions

  • the present invention relates generally to computing networks and relates more particularly to anonymous data transfers between computing devices.
  • FIG. 1 is a schematic diagram of a network 100 of nodes (e.g., computing devices) interacting in a peer-to-peer (P 2 P) manner.
  • a requesting node 101 sends a search message 105 (e.g., containing keywords relating to data that the requesting node 101 wishes to locate) to one or more intermediate network nodes 111 connected to the requesting node 101 .
  • Each intermediate node 111 receives the search message 105 and then forwards the search message 105 to one or more additional nodes 111 .
  • the search message 105 reaches one or more responding nodes 103 having the requested data.
  • One or more responding nodes 103 then send a response message 107 back to the requesting node 101 , e.g., via the intermediate nodes 111 .
  • the requesting node 101 requests the relevant data from a responding node 103 by connecting directly to the responding node 103 , e.g., via direct connection 109 .
  • both the requesting node 101 and the responding node 103 are aware of the other's identity such that one node has some unique information about the other node (e.g., a network address). Intermediate nodes may likewise be aware of the identities of the requesting node 101 and/or the responding node 103 , depending on what type of identification is contained within the search and response messages 105 and 107 . In many instances, however, one or both of the requesting node 101 and the responding node 103 may not wish to have their identities known to other nodes. Unfortunately, most conventional anonymous transfer methods, such as static anonymizing services, may be easily compromised, revealing the identities of transferring parties and/or causing a denial of service.
  • One embodiment of the present method and apparatus for re-establishing anonymous data transfers between a first endpoint and a second endpoint in a network includes receiving, from a first node, the identity of a second node connected to the first node, where at least the first node is a neighbor node.
  • a third node (a neighbor node) is then selected and instructed to connect to the second node in order to establish a link for the path.
  • the first endpoint and the second endpoint remain unknown at least to each other (e.g., where “unknown” means that neither endpoint knows any identifying information, such as network address, about the other endpoint), and likely to all other nodes in the path as well.
  • a failure is detected at a neighbor node, where the neighbor node is part of an original path between the first endpoint and the second endpoint.
  • the neighbor node's repair server is contacted for a repair node associated with the neighbor node, and a connection to the repair node is made such that the path is established in a manner that maintains anonymity of the first endpoint and the second endpoint relative to each other.
  • FIG. 1 is a schematic diagram of a network of nodes interacting in a peer-to-peer manner
  • FIG. 2 is a flow diagram illustrating one embodiment of a method for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention
  • FIG. 3 is a flow diagram illustrating another embodiment of a method for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention
  • FIG. 4 is a flow diagram illustrating another embodiment of a method for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention
  • FIG. 5 is a schematic diagram illustrating the cooperative operation of the methods of FIGS. 2-4 to re-establish an anonymous path between a requesting node and a responding node;
  • FIG. 6 is a flow diagram illustrating a second method for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention
  • FIG. 7 is a flow diagram illustrating another embodiment of a method for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention.
  • FIG. 8 is a high level block diagram of the anonymous connection re-establishment method that is implemented using a general purpose computing device.
  • the present invention is a method and apparatus for re-establishing connections or paths for anonymous data transfers.
  • Embodiments of the present invention enable paths between two anonymous nodes (i.e., anonymous at least to each other) to be re-established in the event that a previously established path fails before a data transfer is completed (e.g., due to failure of a node in the path or to the path becoming compromised, where a path is compromised if one or both of the anonymous nodes learns the identity of the other).
  • a first node is “anonymous” or “unknown” to a second node if the second node does not know any identifying information (e.g., network address) about the first node.
  • Paths may be re-established in a manner that maintains a substantially equivalent level of anonymity and avoids restarting the (potentially large) data transfer, which can be time consuming.
  • Embodiments of the present invention are particularly well-suited for re-establishing an anonymous path between a requesting node and a responding node, where the path includes one or more intermediate or “relay” nodes that aid in the data transfer such that the requesting node and the responding node do not connect directly to each other.
  • Methods for establishing such an initial anonymous path using relay nodes have been discussed in co-pending, commonly assigned U.S. patent applications Ser. Nos. 10/903,531 and 10/909,024, both filed Jul. 30, 2004, and both of which are herein incorporated by reference in their entireties.
  • the ability of one or more relay nodes to participate in an anonymous data transfer may be compromised (e.g., by external attack or collusion of other nodes to reveal the identities of the requesting and responding nodes).
  • FIG. 2 is a flow diagram illustrating one embodiment of a method 200 for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention.
  • the method 200 may be implemented, for example, at a node that is an endpoint in an anonymous data transfer (e.g., a requesting node or a responding node).
  • the method 200 is initialized at step 202 and proceeds to step 204 , where the method 200 receives a notification to re-establish a path to a network endpoint (e.g., due to a failure of an intermediate or relay node in the previous path) or simply detects on its own that the existing path or connection has been lost. For example, if the method 200 is executing at the requesting node, the notification informs the method 200 of the need to re-establish a path to the responding node.
  • step 206 the method 200 selects a new neighbor node in response to the notification received in step 204 (e.g., to replace the previous neighbor node in the previous path). In one embodiment, the method 200 selects this new neighbor node autonomously. In another embodiment, the new neighbor node is selected by a management node. The method 200 then connects to the selected new neighbor node in step 208 . Thus, steps 206 and 208 succeed in establishing a first link in a new path between the requesting node and the responding node.
  • step 210 the method 200 informs the previous neighbor node of the new neighbor node's identity.
  • the method 200 then waits in step 212 to send or receive the requested data (e.g., once the path has been fully re-established), depending on whether the node at which the method 200 is executing is a requesting node or a responding node.
  • step 214 the method 200 terminates.
  • FIG. 3 is a flow diagram illustrating another embodiment of a method 300 for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention.
  • the method 300 may be implemented, for example, at an intermediate or relay node in the previous or failed path between the requesting node and the responding node.
  • the method 300 is initialized at step 302 and proceeds to step 304 , where the method 300 receives the identity of a new neighbor node from a first neighbor node in the previous path. That is, the first neighbor node, having selected a new neighbor node (e.g., in accordance with step 210 of the method 200 ), informs the node at which the method 300 is executing of the selection of the new neighbor node.
  • step 306 the method 300 selects a second neighbor node in response to the notification received in step 306 .
  • the method 300 then proceeds to step 308 and informs the selected second neighbor node of the identity of the new neighbor node (e.g., so that the second neighbor node may connect to the new neighbor node).
  • the method 300 enables a link of a new path between the requesting and responding nodes to be established, without disclosing the identity of either the requesting node or the responding node.
  • FIG. 4 is a flow diagram illustrating another embodiment of a method 400 for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention.
  • the method 400 may be implemented, for example, at a newly selected intermediate or relay node in a developing new path between the requesting node and the responding node (e.g., at the new neighbor node of the method 200 , or the new neighbor node or second neighbor node of the method 300 ).
  • the method 400 is initialized at step 402 and proceeds to step 404 , where the method 400 connects to a first neighbor node.
  • This connection may be made, for example, in response to the first neighbor node selecting the node at which the method 400 is executing (e.g., in accordance with steps 206 - 208 of the method 200 ) or in response to a notification from a previous neighbor node identifying a new neighbor node (e.g., in accordance with step 308 of the method 300 ).
  • the method 400 receives an identity of a new neighbor node from a second neighbor node (e.g., the second neighbor node informs the method 400 of the selection of a new neighbor node for the node at which the method 400 is executing). The method 400 then connects to the new neighbor node in step 408 .
  • a second neighbor node e.g., the second neighbor node informs the method 400 of the selection of a new neighbor node for the node at which the method 400 is executing.
  • the method 400 then connects to the new neighbor node in step 408 .
  • step 410 the method 400 receives data from one of the first neighbor node and the new neighbor node (e.g., depending on the direction of the data transfer between the requesting node and the responding node). The method 400 then delivers the data to the other of the first neighbor node and the new neighbor node (e.g., the one from which the data was not received in step 410 ) in step 412 . In step 414 , the method 400 terminates.
  • FIG. 5 is a schematic diagram illustrating the cooperative operation of the methods 200 , 300 and 400 to re-establish an anonymous path between a requesting node and a responding node.
  • an original path 512 (illustrated as a solid line) through a network 500 from a responding node 502 to a requesting node 504 includes one or more original relay nodes 506 1 - 506 n (hereinafter collectively referred to as “original relay nodes 506 ”) that assist in preserving the identities of the responding node 502 and the requesting node 504 , as discussed, for example, in connection with the methods described in U.S. patent application Ser. No. 10/909,024.
  • the original path 512 can no longer be used, for example because one of the original relay nodes (e.g., original relay node 506 n ) fails, a new path must be established between the responding node 502 and the requesting node 504 that affords substantially the same level of anonymity as the original path 512 .
  • one of the original relay nodes e.g., original relay node 506 n
  • a new path must be established between the responding node 502 and the requesting node 504 that affords substantially the same level of anonymity as the original path 512 .
  • the requesting node 504 selects and connects to a new neighbor node, thereby establishing a first link 510 1 in a new path (illustrated in phantom) between the requesting node 504 and the responding node 502 .
  • This new neighbor node is new relay node 508 n .
  • the requesting node 504 then informs its original neighbor node, original relay node 506 n , of the selection of the new relay node 508 n .
  • the original relay node 506 n in turn selects a new neighbor node, new relay node 5082 .
  • the original relay node 506 n then informs the new relay node 508 2 of the new neighbor node selected by the requesting node 504 (e.g., new relay node 508 n ).
  • the new relay node 508 2 selected by the original relay node 506 n then connects to the new relay node 508 n selected by the requesting node 504 , thereby establishing a second link 510 2 in a new path between the requesting node 504 and the responding node 502 .
  • new links 510 This process continues to establish new links 510 1 - 510 n (hereinafter collectively referred to as “new links 510 ”) until a final new link 510 n is established connecting the responding node 502 to one of the new relay nodes, new relay node 508 1 .
  • new links 510 a new path comprising new links 510 is established between the requesting node 504 and the responding node 502 .
  • each new relay node 508 1 - 508 n (hereinafter collectively referred to as “new relay nodes 508 ”) only knows the identity of its neighboring new relay nodes 508 and of the original relay node 506 that selected it, the anonymity of the requesting node 504 and the responding node 502 is preserved as well as if the original path 512 were still intact. Even those new relay nodes 508 that connect directly to requesting node 504 or the responding node 502 do not know that their neighboring node is an endpoint of the data transfer taking place.
  • each of the links of the original path 512 does not necessarily have to be replaced with new links 510 . That is, there is not necessarily a one-to-one correspondence between links of the original path 512 and new links 510 .
  • a new link 510 may serve to replace multiple links of the original path 512 , or a single link of the original path 512 may be replaced with multiple new links 510 .
  • one or more of the links in the original path 512 could be reused in re-establishing the path between the requesting node 504 and the responding node 502 .
  • FIG. 6 is a flow diagram illustrating another method 600 for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention.
  • the method 600 may be implemented, for example, at repair server that is configured to assist a given node in re-establishing anonymous data transfer paths.
  • the method 600 is initialized at step 602 and proceeds to step 604 , where the method 600 receives a request from a neighbor node of a node with which the repair server is associated.
  • the request indicates that the node with which the repair server is associated has failed and asks for assistance in repairing the data transfer path including the failed node.
  • step 606 the method 600 provides the neighbor node with the identity and weight value of a repair node associated with the failed node.
  • the repair node can “fill in” for the failed node in the data transfer path.
  • the weight value of the repair node is used, as discussed in greater detail below, to determine the order of nodes in the data transfer path.
  • the method 600 then terminates in step 608 .
  • FIG. 7 is a flow diagram illustrating another embodiment of a method 700 for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention.
  • the method 700 may be implemented, for example, at neighbor node of a failed node that is associated with a repair server (as discussed with respect to FIG. 6 ).
  • the method 700 is initialized in step 702 and proceeds to step 704 , where the method 700 detects the failure of a neighbor node.
  • the method 700 sends a request to the failed neighbor node's associated repair server, e.g., requesting a repair node to repair the data transfer path.
  • step 708 the method 700 receives the identity and weight value of the failed neighbor node's repair node.
  • the method 700 then connects to the repair node in step 710 .
  • connection to the repair node is made in accordance with the associated weight value, where weight values associated with nodes increase monotonically along the original and repaired data transfer path (e.g., from left to right) from node to node.
  • each node in a network may be associated with a different repair node. In another embodiment, each node may be associated with the same repair node.
  • FIG. 8 is a high level block diagram of the anonymous connection re-establishment method that is implemented using a general purpose computing device 800 .
  • a general purpose computing device 800 comprises a processor 802 , a memory 804 , an anonymous connection re-establishment module 805 and various input/output (I/O) devices 806 such as a display, a keyboard, a mouse, a modem, and the like.
  • I/O device is a storage device (e.g., a disk drive, an optical disk drive, a floppy disk drive).
  • the anonymous connection re-establishment module 805 can be implemented as a physical device or subsystem that is coupled to a processor through a communication channel.
  • the anonymous connection re-establishment module 805 can be represented by one or more software applications (or even a combination of software and hardware, e.g., using Application Specific Integrated Circuits (ASIC)), where the software is loaded from a storage medium (e.g., I/O devices 806 ) and operated by the processor 802 in the memory 804 of the general purpose computing device 800 .
  • ASIC Application Specific Integrated Circuits
  • the anonymous connection re-establishment module 805 for re-establishing anonymous data transfer paths between requesting and responding nodes described herein with reference to the preceding Figures can be stored on a computer readable medium or carrier (e.g., RAM, magnetic or optical drive or diskette, and the like).
  • the present invention represents a significant advancement in the field of data transfer systems.
  • a method and apparatus are provided that enable the re-establishment of anonymous data transfer paths between two nodes, without revealing the identity of the nodes requesting and responding nodes to each other or to other nodes participating in the data transfer and without re-starting the data transfer.
  • the present invention thus accounts for the possibility of the failure of a previously established anonymous data transfer path while maintaining a level of anonymity that is substantially equivalent to that afforded by the failed data transfer path.

Abstract

One embodiment of the present method and apparatus for re-establishing anonymous data transfers between a first endpoint and a second endpoint in a network includes receiving, from a first node, the identity of a second node connected to the first node, where at least the first node is a neighbor node. A third node (a neighbor node) is then selected, and instructed to connect to the second node in order to establish a link for the path. In this manner, the first endpoint and the second endpoint remain unknown at least to each other (e.g., where “unknown” means that neither endpoint knows any identifying information, such as network address, about the other endpoint), and likely to all other nodes in the path as well. In another embodiment, a failure is detected at a neighbor node, where the neighbor node is part of an original path between the first endpoint and the second endpoint. The neighbor node's repair server is contacted for a repair node associated with the neighbor node, and a connection to the repair node is made such that the path is established in a manner that maintains anonymity of the first endpoint and the second endpoint relative to each other.

Description

    BACKGROUND
  • The present invention relates generally to computing networks and relates more particularly to anonymous data transfers between computing devices.
  • FIG. 1 is a schematic diagram of a network 100 of nodes (e.g., computing devices) interacting in a peer-to-peer (P2P) manner. Generally, a requesting node 101 sends a search message 105 (e.g., containing keywords relating to data that the requesting node 101 wishes to locate) to one or more intermediate network nodes 111 connected to the requesting node 101. Each intermediate node 111 receives the search message 105 and then forwards the search message 105 to one or more additional nodes 111. Eventually, the search message 105 reaches one or more responding nodes 103 having the requested data. One or more responding nodes 103 then send a response message 107 back to the requesting node 101, e.g., via the intermediate nodes 111. The requesting node 101 then requests the relevant data from a responding node 103 by connecting directly to the responding node 103, e.g., via direct connection 109.
  • In conventional P2P systems, both the requesting node 101 and the responding node 103 are aware of the other's identity such that one node has some unique information about the other node (e.g., a network address). Intermediate nodes may likewise be aware of the identities of the requesting node 101 and/or the responding node 103, depending on what type of identification is contained within the search and response messages 105 and 107. In many instances, however, one or both of the requesting node 101 and the responding node 103 may not wish to have their identities known to other nodes. Unfortunately, most conventional anonymous transfer methods, such as static anonymizing services, may be easily compromised, revealing the identities of transferring parties and/or causing a denial of service. Other methods for preserving the identity of the transferring parties typically involve encrypting the transferred files such that their contents are unknown. However, searching content using standard text for file names becomes impractical, and users typically must know specific public keys for desired data, making key distribution a network bottleneck. Moreover, most typical methods for establishing anonymous data transfer paths between two nodes do not provide a way for re-establishing the anonymous path should the connection between the two nodes be broken (e.g., due to a compromised path or to failure of a node on the path).
  • Thus, there is a need in the art for a method and apparatus for re-establishing anonymous data transfers.
    • SUMMARY OF THE INVENTION
  • One embodiment of the present method and apparatus for re-establishing anonymous data transfers between a first endpoint and a second endpoint in a network includes receiving, from a first node, the identity of a second node connected to the first node, where at least the first node is a neighbor node. A third node (a neighbor node) is then selected and instructed to connect to the second node in order to establish a link for the path. In this manner, the first endpoint and the second endpoint remain unknown at least to each other (e.g., where “unknown” means that neither endpoint knows any identifying information, such as network address, about the other endpoint), and likely to all other nodes in the path as well. In another embodiment, a failure is detected at a neighbor node, where the neighbor node is part of an original path between the first endpoint and the second endpoint. The neighbor node's repair server is contacted for a repair node associated with the neighbor node, and a connection to the repair node is made such that the path is established in a manner that maintains anonymity of the first endpoint and the second endpoint relative to each other.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • So that the manner in which the above recited embodiments of the invention are attained and can be understood in detail, a more particular description of the invention, briefly summarized above, may be obtained by reference to the embodiments thereof which are illustrated in the appended drawings. It is to be noted, however, that the appended drawings illustrate only typical embodiments of this invention and are therefore not to be considered limiting of its scope, for the invention may admit to other equally effective embodiments.
  • FIG. 1 is a schematic diagram of a network of nodes interacting in a peer-to-peer manner;
  • FIG. 2 is a flow diagram illustrating one embodiment of a method for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention;
  • FIG. 3 is a flow diagram illustrating another embodiment of a method for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention;
  • FIG. 4 is a flow diagram illustrating another embodiment of a method for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention;
  • FIG. 5 is a schematic diagram illustrating the cooperative operation of the methods of FIGS. 2-4 to re-establish an anonymous path between a requesting node and a responding node;
  • FIG. 6 is a flow diagram illustrating a second method for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention;
  • FIG. 7 is a flow diagram illustrating another embodiment of a method for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention; and
  • FIG. 8 is a high level block diagram of the anonymous connection re-establishment method that is implemented using a general purpose computing device.
  • To facilitate understanding, identical reference numerals have been used, where possible, to designate identical elements that are common to the figures.
    • DETAILED DESCRIPTION
  • In one embodiment, the present invention is a method and apparatus for re-establishing connections or paths for anonymous data transfers. Embodiments of the present invention enable paths between two anonymous nodes (i.e., anonymous at least to each other) to be re-established in the event that a previously established path fails before a data transfer is completed (e.g., due to failure of a node in the path or to the path becoming compromised, where a path is compromised if one or both of the anonymous nodes learns the identity of the other). Within the context of the present invention, a first node is “anonymous” or “unknown” to a second node if the second node does not know any identifying information (e.g., network address) about the first node. Paths may be re-established in a manner that maintains a substantially equivalent level of anonymity and avoids restarting the (potentially large) data transfer, which can be time consuming.
  • Embodiments of the present invention are particularly well-suited for re-establishing an anonymous path between a requesting node and a responding node, where the path includes one or more intermediate or “relay” nodes that aid in the data transfer such that the requesting node and the responding node do not connect directly to each other. Methods for establishing such an initial anonymous path using relay nodes have been discussed in co-pending, commonly assigned U.S. patent applications Ser. Nos. 10/903,531 and 10/909,024, both filed Jul. 30, 2004, and both of which are herein incorporated by reference in their entireties.
  • It is possible that in the course of time, the ability of one or more relay nodes to participate in an anonymous data transfer may be compromised (e.g., by external attack or collusion of other nodes to reveal the identities of the requesting and responding nodes). In such a case, it may be necessary to re-establish an anonymous path between the requesting node and the responding node, omitting at least the compromised relay node. Furthermore, it is desirable to define a new path that affords substantially the same degree of anonymity (e.g., no additional identities or information revealed) as the old path.
  • FIG. 2 is a flow diagram illustrating one embodiment of a method 200 for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention. The method 200 may be implemented, for example, at a node that is an endpoint in an anonymous data transfer (e.g., a requesting node or a responding node).
  • The method 200 is initialized at step 202 and proceeds to step 204, where the method 200 receives a notification to re-establish a path to a network endpoint (e.g., due to a failure of an intermediate or relay node in the previous path) or simply detects on its own that the existing path or connection has been lost. For example, if the method 200 is executing at the requesting node, the notification informs the method 200 of the need to re-establish a path to the responding node.
  • In step 206, the method 200 selects a new neighbor node in response to the notification received in step 204 (e.g., to replace the previous neighbor node in the previous path). In one embodiment, the method 200 selects this new neighbor node autonomously. In another embodiment, the new neighbor node is selected by a management node. The method 200 then connects to the selected new neighbor node in step 208. Thus, steps 206 and 208 succeed in establishing a first link in a new path between the requesting node and the responding node.
  • In step 210, the method 200 informs the previous neighbor node of the new neighbor node's identity. The method 200 then waits in step 212 to send or receive the requested data (e.g., once the path has been fully re-established), depending on whether the node at which the method 200 is executing is a requesting node or a responding node. In step 214, the method 200 terminates.
  • FIG. 3 is a flow diagram illustrating another embodiment of a method 300 for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention. The method 300 may be implemented, for example, at an intermediate or relay node in the previous or failed path between the requesting node and the responding node.
  • The method 300 is initialized at step 302 and proceeds to step 304, where the method 300 receives the identity of a new neighbor node from a first neighbor node in the previous path. That is, the first neighbor node, having selected a new neighbor node (e.g., in accordance with step 210 of the method 200), informs the node at which the method 300 is executing of the selection of the new neighbor node.
  • In step 306, the method 300 selects a second neighbor node in response to the notification received in step 306. The method 300 then proceeds to step 308 and informs the selected second neighbor node of the identity of the new neighbor node (e.g., so that the second neighbor node may connect to the new neighbor node). In this way, the method 300 enables a link of a new path between the requesting and responding nodes to be established, without disclosing the identity of either the requesting node or the responding node.
  • FIG. 4 is a flow diagram illustrating another embodiment of a method 400 for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention. The method 400 may be implemented, for example, at a newly selected intermediate or relay node in a developing new path between the requesting node and the responding node (e.g., at the new neighbor node of the method 200, or the new neighbor node or second neighbor node of the method 300).
  • The method 400 is initialized at step 402 and proceeds to step 404, where the method 400 connects to a first neighbor node. This connection may be made, for example, in response to the first neighbor node selecting the node at which the method 400 is executing (e.g., in accordance with steps 206-208 of the method 200) or in response to a notification from a previous neighbor node identifying a new neighbor node (e.g., in accordance with step 308 of the method 300).
  • In step 406, the method 400 receives an identity of a new neighbor node from a second neighbor node (e.g., the second neighbor node informs the method 400 of the selection of a new neighbor node for the node at which the method 400 is executing). The method 400 then connects to the new neighbor node in step 408.
  • In step 410, the method 400 receives data from one of the first neighbor node and the new neighbor node (e.g., depending on the direction of the data transfer between the requesting node and the responding node). The method 400 then delivers the data to the other of the first neighbor node and the new neighbor node (e.g., the one from which the data was not received in step 410) in step 412. In step 414, the method 400 terminates.
  • FIG. 5 is a schematic diagram illustrating the cooperative operation of the methods 200, 300 and 400 to re-establish an anonymous path between a requesting node and a responding node. As illustrated, an original path 512 (illustrated as a solid line) through a network 500 from a responding node 502 to a requesting node 504 includes one or more original relay nodes 506 1-506 n (hereinafter collectively referred to as “original relay nodes 506”) that assist in preserving the identities of the responding node 502 and the requesting node 504, as discussed, for example, in connection with the methods described in U.S. patent application Ser. No. 10/909,024. However, when the original path 512 can no longer be used, for example because one of the original relay nodes (e.g., original relay node 506 n) fails, a new path must be established between the responding node 502 and the requesting node 504 that affords substantially the same level of anonymity as the original path 512.
  • In accordance with the method 200 described above, the requesting node 504 selects and connects to a new neighbor node, thereby establishing a first link 510 1 in a new path (illustrated in phantom) between the requesting node 504 and the responding node 502. This new neighbor node is new relay node 508 n. The requesting node 504 then informs its original neighbor node, original relay node 506 n, of the selection of the new relay node 508 n.
  • In accordance with the method 300 described above, the original relay node 506 n in turn selects a new neighbor node, new relay node 5082. The original relay node 506 n then informs the new relay node 508 2 of the new neighbor node selected by the requesting node 504 (e.g., new relay node 508 n).
  • In accordance with the method 400, the new relay node 508 2 selected by the original relay node 506 n then connects to the new relay node 508 n selected by the requesting node 504, thereby establishing a second link 510 2 in a new path between the requesting node 504 and the responding node 502.
  • This process continues to establish new links 510 1-510 n (hereinafter collectively referred to as “new links 510”) until a final new link 510 n is established connecting the responding node 502 to one of the new relay nodes, new relay node 508 1. Thus, a new path comprising new links 510 is established between the requesting node 504 and the responding node 502. Moreover, because each new relay node 508 1-508 n (hereinafter collectively referred to as “new relay nodes 508”) only knows the identity of its neighboring new relay nodes 508 and of the original relay node 506 that selected it, the anonymity of the requesting node 504 and the responding node 502 is preserved as well as if the original path 512 were still intact. Even those new relay nodes 508 that connect directly to requesting node 504 or the responding node 502 do not know that their neighboring node is an endpoint of the data transfer taking place.
  • Those skilled in the art will appreciate that the each of the links of the original path 512 does not necessarily have to be replaced with new links 510. That is, there is not necessarily a one-to-one correspondence between links of the original path 512 and new links 510. A new link 510 may serve to replace multiple links of the original path 512, or a single link of the original path 512 may be replaced with multiple new links 510. Moreover, one or more of the links in the original path 512 could be reused in re-establishing the path between the requesting node 504 and the responding node 502.
  • FIG. 6 is a flow diagram illustrating another method 600 for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention. The method 600 may be implemented, for example, at repair server that is configured to assist a given node in re-establishing anonymous data transfer paths.
  • The method 600 is initialized at step 602 and proceeds to step 604, where the method 600 receives a request from a neighbor node of a node with which the repair server is associated. The request indicates that the node with which the repair server is associated has failed and asks for assistance in repairing the data transfer path including the failed node.
  • In step 606, the method 600 provides the neighbor node with the identity and weight value of a repair node associated with the failed node. The repair node can “fill in” for the failed node in the data transfer path. The weight value of the repair node is used, as discussed in greater detail below, to determine the order of nodes in the data transfer path. The method 600 then terminates in step 608.
  • FIG. 7 is a flow diagram illustrating another embodiment of a method 700 for re-establishing a path between a requesting node and a responding node that maintains the anonymity of both parties, according to the present invention. The method 700 may be implemented, for example, at neighbor node of a failed node that is associated with a repair server (as discussed with respect to FIG. 6).
  • The method 700 is initialized in step 702 and proceeds to step 704, where the method 700 detects the failure of a neighbor node. In step 706, the method 700 sends a request to the failed neighbor node's associated repair server, e.g., requesting a repair node to repair the data transfer path.
  • In step 708, the method 700 receives the identity and weight value of the failed neighbor node's repair node. The method 700 then connects to the repair node in step 710. In one embodiment, connection to the repair node is made in accordance with the associated weight value, where weight values associated with nodes increase monotonically along the original and repaired data transfer path (e.g., from left to right) from node to node.
  • In one embodiment, each node in a network may be associated with a different repair node. In another embodiment, each node may be associated with the same repair node.
  • FIG. 8 is a high level block diagram of the anonymous connection re-establishment method that is implemented using a general purpose computing device 800. In one embodiment, a general purpose computing device 800 comprises a processor 802, a memory 804, an anonymous connection re-establishment module 805 and various input/output (I/O) devices 806 such as a display, a keyboard, a mouse, a modem, and the like. In one embodiment, at least one I/O device is a storage device (e.g., a disk drive, an optical disk drive, a floppy disk drive). It should be understood that the anonymous connection re-establishment module 805 can be implemented as a physical device or subsystem that is coupled to a processor through a communication channel.
  • Alternatively, the anonymous connection re-establishment module 805 can be represented by one or more software applications (or even a combination of software and hardware, e.g., using Application Specific Integrated Circuits (ASIC)), where the software is loaded from a storage medium (e.g., I/O devices 806) and operated by the processor 802 in the memory 804 of the general purpose computing device 800. Thus, in one embodiment, the anonymous connection re-establishment module 805 for re-establishing anonymous data transfer paths between requesting and responding nodes described herein with reference to the preceding Figures can be stored on a computer readable medium or carrier (e.g., RAM, magnetic or optical drive or diskette, and the like).
  • Thus, the present invention represents a significant advancement in the field of data transfer systems. A method and apparatus are provided that enable the re-establishment of anonymous data transfer paths between two nodes, without revealing the identity of the nodes requesting and responding nodes to each other or to other nodes participating in the data transfer and without re-starting the data transfer. The present invention thus accounts for the possibility of the failure of a previously established anonymous data transfer path while maintaining a level of anonymity that is substantially equivalent to that afforded by the failed data transfer path.
  • While foregoing is directed to the preferred embodiment of the present invention, other and further embodiments of the invention may be devised without departing from the basic scope thereof, and the scope thereof is determined by the claims that follow.

Claims (20)

1. A method for re-establishing a path for the transfer of data between a first endpoint and a second endpoint in a network, said method comprising the steps of:
receiving, from a first node, the identity of a second node connected to said first node, where at least the first node is a neighbor node;
selecting a third node, said third node being a neighbor node; and
instructing said third node to connect to said second node in order to establish a link for said path, where said first endpoint and said second endpoint are unknown at least to each other.
2. The method of claim 1, further comprising:
informing a fourth node of the selection of said third node, said fourth node being a neighbor node.
3. The method of claim 1, wherein said first endpoint is unknown to at least one of: said first node, said second node and said third node.
4. The method of claim 1, wherein said second endpoint is unknown to at least one of: said first node, said second node and said third node.
5. The method of claim 1, wherein said path replaces an original path between said first endpoint and said second endpoint.
6. The method of claim 5, wherein said path uses at least one link of said original path.
7. The method of claim 5, wherein at least said first node is part of said original path.
8. The method of claim 1, wherein said path requires re-establishment due to unexpected termination of said path by a node in said path, before completion of said transfer of data.
9. The method of claim 1, wherein said path requires re-establishment due to at least one of said first endpoint and said second endpoint learning an identity of the other, before completion of said transfer of data.
10. A computer program product stored on a computer readable medium ram for re-establishing a path for the transfer of data between a first endpoint and a second endpoint in a network, the computer readable medium comprising program code for causing a computer system to perform the steps of:
receiving, from a first node, the identity of a second node connected to said first node, where at least the first node is a neighbor node;
selecting a third node, said third node being a neighbor node; and
instructing said third node to connect to said second node in order to establish a link for said path, where said first endpoint and said second endpoint are unknown at least to each other.
11. The computer readable medium of claim 10, further comprising:
informing a fourth node of the selection of said third node, said fourth node being a neighbor node.
12. The computer readable medium of claim 10, wherein said path replaces an original path between said first endpoint and said second endpoint.
13. Apparatus for re-establishing a path for the transfer of data between a first endpoint and a second endpoint in a network, said apparatus comprising:
means for receiving, from a first node, the identity of a second node connected to said first node, where at least the first node is a neighbor node; and
means for selecting a third node, said third node being a neighbor node;
means for instructing said third node to connect to said second node in order to establish a link for said path, where said first endpoint and said second endpoint are unknown at least to each other.
14. A method for re-establishing a path for the transfer of data between a first endpoint and a second endpoint in a network, said method comprising the steps of:
detecting a failure of a neighbor node, said neighbor node being part of an original path between said first endpoint and said second endpoint;
receiving, from a repair server associated with said neighbor node, a repair node for said neighbor node; and
connecting to said repair node such that said path is established in a manner that maintains anonymity of said first endpoint and said second endpoint relative to each other.
15. The method of claim 14, wherein each node in said original path is associated with a weight value, said weight value increasing monotonically along said original path from node to node.
16. The method of claim 15, wherein said repair node is associated with a weight value that facilitates node ordering of said path.
17. The method of claim 14, wherein each node in said original path is associated with a common repair node.
18. The method of claim 14, wherein each node in said original path is associated with a different repair node.
19. The method of claim 14, wherein said path requires re-establishment due to unexpected termination of said path by a node in said path, before completion of said transfer of data.
20. The method of claim 14, wherein said path requires re-establishment due to at least one of said first endpoint and said second endpoint learning an identity of the other, before completion of said transfer of data.
US11/331,713 2006-01-13 2006-01-13 Method and apparatus for re-establishing anonymous data transfers Abandoned US20070165519A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US11/331,713 US20070165519A1 (en) 2006-01-13 2006-01-13 Method and apparatus for re-establishing anonymous data transfers
US12/165,196 US7885184B2 (en) 2006-01-13 2008-06-30 Method and apparatus for re-establishing anonymous data transfers

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US11/331,713 US20070165519A1 (en) 2006-01-13 2006-01-13 Method and apparatus for re-establishing anonymous data transfers

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US12/165,196 Continuation US7885184B2 (en) 2006-01-13 2008-06-30 Method and apparatus for re-establishing anonymous data transfers

Publications (1)

Publication Number Publication Date
US20070165519A1 true US20070165519A1 (en) 2007-07-19

Family

ID=38263034

Family Applications (2)

Application Number Title Priority Date Filing Date
US11/331,713 Abandoned US20070165519A1 (en) 2006-01-13 2006-01-13 Method and apparatus for re-establishing anonymous data transfers
US12/165,196 Expired - Fee Related US7885184B2 (en) 2006-01-13 2008-06-30 Method and apparatus for re-establishing anonymous data transfers

Family Applications After (1)

Application Number Title Priority Date Filing Date
US12/165,196 Expired - Fee Related US7885184B2 (en) 2006-01-13 2008-06-30 Method and apparatus for re-establishing anonymous data transfers

Country Status (1)

Country Link
US (2) US20070165519A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009524293A (en) * 2006-01-13 2009-06-25 インターナショナル・ビジネス・マシーンズ・コーポレーション Method and apparatus for establishing peer-to-peer karma and trust
US20100246554A1 (en) * 2009-03-27 2010-09-30 Motorola, Inc. Device and method for reestablishing a wireless connection in a wireless network

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230066784A1 (en) * 2021-08-31 2023-03-02 Cisco Technology, Inc. Orchestrated reconnect for client-unaware rolling of network nodes

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060023727A1 (en) * 2004-07-30 2006-02-02 George David A Method and apparatus for anonymous data transfers
US20060023646A1 (en) * 2004-07-30 2006-02-02 George David A Method and apparatus for anonymous data transfers
US20060198367A1 (en) * 2005-03-02 2006-09-07 Matsushita Electric Industrial Co., Ltd. Content based secure rendezvous chaotic routing system for ultra high speed mobile communications in ad hoc network environment
US20060280191A1 (en) * 2004-02-19 2006-12-14 Kai Nishida (90%) Method for verifying and creating highly secure anonymous communication path in peer-to-peer anonymous proxy
US7471625B2 (en) * 2001-10-31 2008-12-30 Nec Corporation Fault recovery system and method for a communications network

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7197565B2 (en) * 2001-01-22 2007-03-27 Sun Microsystems, Inc. System and method of using a pipe advertisement for a peer-to-peer network entity in peer-to-peer presence detection
US20020165948A1 (en) * 2001-05-07 2002-11-07 International Business Machines Corporation Scalable resource discovery and reconfiguration for distributed computer networks
US7529933B2 (en) * 2002-05-30 2009-05-05 Microsoft Corporation TLS tunneling
US7685073B2 (en) * 2002-07-30 2010-03-23 Baker Paul L Methods for negotiating agreement over concealed terms through a blind agent
US7558194B2 (en) * 2003-04-28 2009-07-07 Alcatel-Lucent Usa Inc. Virtual private network fault tolerance
US7783777B1 (en) * 2003-09-09 2010-08-24 Oracle America, Inc. Peer-to-peer content sharing/distribution networks
US20050108593A1 (en) * 2003-11-14 2005-05-19 Dell Products L.P. Cluster failover from physical node to virtual node
US7408911B2 (en) * 2004-11-08 2008-08-05 Meshnetworks, Inc. System and method to decrease the route convergence time and find optimal routes in a wireless communication network
US8006091B2 (en) * 2005-01-10 2011-08-23 Cisco Technology, Inc. Method and apparatus to provide failover capability of cached secure sessions

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7471625B2 (en) * 2001-10-31 2008-12-30 Nec Corporation Fault recovery system and method for a communications network
US20060280191A1 (en) * 2004-02-19 2006-12-14 Kai Nishida (90%) Method for verifying and creating highly secure anonymous communication path in peer-to-peer anonymous proxy
US20060023727A1 (en) * 2004-07-30 2006-02-02 George David A Method and apparatus for anonymous data transfers
US20060023646A1 (en) * 2004-07-30 2006-02-02 George David A Method and apparatus for anonymous data transfers
US20060198367A1 (en) * 2005-03-02 2006-09-07 Matsushita Electric Industrial Co., Ltd. Content based secure rendezvous chaotic routing system for ultra high speed mobile communications in ad hoc network environment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009524293A (en) * 2006-01-13 2009-06-25 インターナショナル・ビジネス・マシーンズ・コーポレーション Method and apparatus for establishing peer-to-peer karma and trust
US20100246554A1 (en) * 2009-03-27 2010-09-30 Motorola, Inc. Device and method for reestablishing a wireless connection in a wireless network
US8175079B2 (en) * 2009-03-27 2012-05-08 Motorola Solutions, Inc. Device and method for reestablishing a wireless connection in a wireless network

Also Published As

Publication number Publication date
US20080259789A1 (en) 2008-10-23
US7885184B2 (en) 2011-02-08

Similar Documents

Publication Publication Date Title
US10063599B2 (en) Controlling registration floods in VOIP networks via DNS
EP1934780B1 (en) Creating secure interactive connections with remote resources
US20050144288A1 (en) Technique for intercepting data in a peer-to-peer network
US20130055384A1 (en) Dealing with web attacks using cryptographically signed http cookies
CN110602108B (en) Data communication method, device, equipment and storage medium based on block chain network
CN111049696B (en) Method, node and computing device for node management of blockchain system
JP2006115505A (en) Method for establishing communication between peer-groups
CN111046110B (en) Method, node and computing device for node management of blockchain system
US20130227022A1 (en) Peer discovery and secure communication in failover schemes
CN108846745B (en) Block chain transaction processing auxiliary system, block chain data processing system and method
CN106506503B (en) System and method for promoting uniform user terminal behaviors of B/S and C/S mixed architecture
CN111327650A (en) Data transmission method, device, equipment and storage medium
US7885184B2 (en) Method and apparatus for re-establishing anonymous data transfers
CN106571968A (en) Business switching method and system
JP2002525894A (en) Method and system for managing I / O transmissions in a fiber channel network
JP2006227763A (en) Data sharing system, data sharing method, and program
MXPA02006896A (en) Method and apparatus for providing reliable communications in an intelligent network.
US20060023646A1 (en) Method and apparatus for anonymous data transfers
US20060023727A1 (en) Method and apparatus for anonymous data transfers
JP3307337B2 (en) WWW gateway and WWW communication system
CN113535464B (en) Disaster recovery backup method, server, cluster system and storage device
CN102301337A (en) Method for preserving service in a highly available environment
CN109120578B (en) Method and device for realizing link connection processing
KR102608629B1 (en) Local call manager registration system and local call manager registration method
US20200344275A1 (en) Communication network and method of decentralised management of communications via the communication network

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:GEORGE, MR. DAVID A.;JENNINGS, III, MR. RAYMOND B.;LAVOIE, MR. JASON D.;AND OTHERS;REEL/FRAME:017072/0073;SIGNING DATES FROM 20060111 TO 20060112

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION