Intel Patents Anonymity Server

[John Young]

http://cryptome.org/intel-anon.htm

[Excerpt. There are 15 images in the patent.]

Anonymity Server, May 14, 2002

Description

BACKGROUND

1. Field

The present invention relates to the field of communications. 
More particularly, the present invention relates to a system and 
method for maintaining anonymous and traffic analysis resistant 
communications over a communication link.

2. Related Art

Over the last few years, personal and commercial usage of the 
Internet has increased dramatically. As a result, companies are 
beginning to monitor such usage for a number of reasons. For 
example, marketing companies can analyze Internet traffic in 
order to develop consumer profiles of various users or to obtain 
information about ongoing projects by a competitive company.

In an attempt to thwart data collection through traffic analysis 
and provide message anonymity over public communication 
links like the Internet, anonymous remailers are now being 
provided. An "anonymous remailer" is a computer that
receives an electronic message over a communication link 
from a sender and redirects that electronic message to an 
intended recipient. By encrypting audible and/or viewable 
data of the electronic message, the integrity and confidentiality 
of that data would be protected against unauthorized access
by the operator of the anonymous remailer or an interloper.

It is evident that the above-described conventional communication 
scheme would substantially ensure the preservation of the 
integrity and confidentiality of data within an electronic message. 
However, this conventional communication scheme fails to protect 
the integrity or confidentiality of data transmitted back to the 
original sender in the form of a response from the intended
recipient.

In certain situations, anonymous remailers have been configured 
to assign a unique tag to each original sender of an electronic 
message before the electronic message is redirected to the 
intended recipient. This tag is used as a secret key by the intended 
recipient to encrypt data contained in a response to the electronic 
message. However, to support this communication scheme, the 
anonymous remailer would have to decrypt the response with the
tag and re-encrypt the response with the public key of the original 
sender because the intended recipient would have no knowledge 
of the original sender, namely a public key of the original sender. 
Since the operator responsible for the anonymous remailer would 
have access to the return path of the response, reliance on the 
integrity of that operator is required. Clearly, this substantially 
reduces the level of *security* of this communication scheme.

Therefore, it would be desirable to create an electronic system 
and a corresponding method for maintaining anonymous and 
traffic analysis resistant communications over a communication 
link without dependence on the integrity of the system operator. 

-----