(19) United States
`(12) Patent Application Publication (10) Pub. No.: US 2003/0009523 A1
`Lindskog et al.
`(43) Pub. Date:
`Jan. 9, 2003
`
`US 2003OOO9523A1.
`
`(54) SYSTEM AND METHOD FOR SECURING
`PRIVACY OF CHAT PARTICIPANTS
`(76) Inventors: Helena Lindskog, Karlstad (SE);
`Mikael Nilsson, Karlstad (SE)
`Correspondence Address:
`JENKENS & GILCHRIST, P.C.
`Suite 3200
`1445 ROSS Avenue
`Dallas, TX 75202-2799 (US)
`(21) Appl. No.:
`09/901,332
`(22) Filed:
`Jul. 9, 2001
`Publication Classification
`
`(51) Int. Cl. .................................................. G06F 15/16
`
`(52) U.S. Cl. ............................................ 709/205; 713/201
`
`(57)
`
`ABSTRACT
`
`The present invention discloses a System and method for
`providing privacy to a client accessing a chat application on
`a chat Server via the Internet wherein a request is transmitted
`for a chat application from a client to a first proxy server.
`The request is forwarded from the first proxy server to a
`Second proxy server. In response to the receipt of the request
`at the Second proxy Server, a unique ID is forwarded back to
`the first proxy Server and the request along with the unique
`ID are forwarded on to the chat server. A response to the
`request is transmitted from the chat Server back to the Second
`proxy server along with the originally provided unique ID.
`The response and unique ID are Stored within the Second
`proxy server and may be accessed form the first proxy server
`by providing the unique ID.
`
`
`
`10
`
`First
`Pseudonymizing
`Proxy Server
`
`Second
`Pseudonymizing
`Proxy Server
`
`Positioning
`Application
`
`Exhibit 1021
`Page 01 of 06
`
`

`

`Patent Application Publication
`
`Jan. 9, 2003 Sheet 1 of 2
`
`US 2003/0009523 A1
`
`
`
`10
`
`
`
`
`
`First
`Pseudonymizing
`Proxy Server
`
`Second
`Pseudonymizing
`Proxy Server
`
`Positioning
`Application
`
`FIG. 1
`
`Privote
`
`ever,
`
`55
`
`60
`
`65
`FIG. 3
`
`55
`
`
`
`Response
`
`g
`
`50
`
`
`
`
`
`\
`
`85
`
`gigs
`
`60
`
`65 N90
`
`86
`
`FIG. 4
`
`115
`
`110
`FIG. 5
`
`130
`135
`FIG. 6
`
`Exhibit 1021
`Page 02 of 06
`
`

`

`Patent Application Publication
`
`Jan. 9, 2003. Sheet 2 of 2
`
`US 2003/0009523 A1
`
`Client Connects to First Proxy Server
`
`Provide Position
`
`35
`
`40
`
`Send HTTP Request to Second Proxy Server
`
`45
`
`Send Unique ID to First Proxy Server
`
`Decrypt HTTP Request
`
`Send HTTP Request to Origin Server
`
`70
`
`75
`
`80
`
`Perform Requested Service at Origin Server -95
`
`Send Response to Second Proxy Server
`
`100
`
`Decrypt & Store Response and Unique ID
`
`120
`
`Request Content
`
`Provide Content
`
`Erase Content
`
`Push Response to Client
`
`FIG. 2
`
`125
`
`140
`
`145
`
`150
`
`Exhibit 1021
`Page 03 of 06
`
`

`

`US 2003/0009523 A1
`
`Jan. 9, 2003
`
`SYSTEMAND METHOD FOR SECURING
`PRIVACY OF CHAT PARTICIPANTS
`TECHNICAL FIELD
`0001. The present invention relates to the use of chat
`applications on the Internet, and more particularly, to a
`method for Securing privacy for chat participants from a
`Service operator providing chat Services.
`BACKGROUND OF THE INVENTION
`0002 Chat services on the Internet provide for real time
`communication between two users via a computer, wireleSS
`device, or any other text based communication apparatus.
`Once a chat has been initiated, either user may enter text by
`typing on an interface, and the entered text will appear upon
`the other user's display. Most networks and online Services
`offer Some type of chat feature. One type of chat application,
`ICO, comprises an easy-to-use online instant messaging
`program. ICO is used as a mostly PC-based conferencing
`tool by individuals to chat, e-mail, perform file transfers,
`play computer games and many other applications. ICO
`enables a user to create a list of friends, family, and busineSS
`asSociates who also have ICO on their computer or mobile
`communications device. ICO uses this list to find other
`friends for a user and notifies the user when people on their
`list have signed on to the Internet.
`0003) Another example of a chat application comprises
`Internet relay chat (IRC). IRC has become more popular as
`more individuals become connected to the Internet because
`it enables people connected anywhere on the Internet to join
`in live discussions. Also, unlike older chat systems, IRC is
`not limited to just two participants. An IRC client on a user
`computer or mobile communications device Sends and
`receives messages to an IRC Server located on the Internet.
`The IRC server is responsible for making sure that all
`messages are broadcast to everyone participating in the
`discussion.
`0004 Another type of chat application includes instant
`messaging enabling a user to create a private chat room with
`another individual. The instant messaging System normally
`alerts a user whenever Somebody on their private list is
`on-line. Their application may create a chat Session with that
`particular individual. There is presently no Standard for
`instant messaging So both parties must be utilizing the same
`instant messaging System.
`0005 The development of the wireless application pro
`tocol (WAP) has enabled users to obtain access to the
`Internet in a mobile fashion via mobile telephones, pagers,
`portable computers and many other types of mobile com
`puting devices. Also, the ability to position individuals
`accessing the Internet via mobile devices has also greatly
`increased. While in Some circumstances a user may desire
`for individuals to localize their position, there are many
`circumstances in which a user may not want, for example, a
`chat application Service provider, to be able to position the
`user and provide the user with unwanted information and/or
`advertising based upon the user's current position. Many
`users desire a degree of privacy with respect to their posi
`tioning and would like to keep this information from the chat
`Service provider.
`SUMMARY OF THE INVENTION
`0006 The present invention overcomes the foregoing and
`other problems with a System and method wherein a client
`
`transmits a request for a chat application to a first proxy
`Server. The request, encrypted by the public key of a Second
`proxy Server and a public key of a chat Server, is then
`transmitted from the first proxy Server to the Second proxy
`Server. In response to receipt of the request at the Second
`proxy Server, a unique ID is transmitted back to the first
`proxy server, and the request is transmitted to the chat Server
`along with the same unique ID. The transmission from the
`Second proxy server to the chat Server is encrypted using
`only the public key of the chat Server. A response, including
`the unique ID, and encrypted using the private key of the
`Second proxy server and the private key of the first proxy
`Server is transmitted from the chat Server back to the Second
`proxy server The response is Stored at the Second proxy
`Server along with the unique ID. The response is accessed by
`the provision of the unique ID from the first proxy server.
`BRIEF DESCRIPTION OF THE DRAWINGS
`0007. A more complete understanding of the method and
`apparatus of the present invention may be obtained by
`reference to the following Detailed Description when taken
`in conjunction with the accompanying Drawings wherein:
`0008 FIG. 1 is a block diagram of a system utilizing the
`method of the present invention,
`0009 FIG. 2 is a flow diagram describing a method for
`providing privacy to a user of a chat application;
`0010 FIG. 3 is an illustration of the request transmitted
`from a first proxy Server to a Second proxy server;
`0011 FIG. 4 illustrates the request transmitted from the
`Second proxy server to the origin Server,
`0012 FIG. 5 illustrates a response transmitted between
`the origin Server and the Second proxy server; and
`0013 FIG. 6 illustrates a request transmitted between the
`first proxy server and the Second proxy server including a
`unique ID.
`
`DETAILED DESCRIPTION
`0014) Referring now to the drawings, and more particu
`larly to FIG. 1, there is illustrated a block diagram of a
`System for accessing a chat application according to the
`method of the present invention. The client 10 is included
`within a device 12 Such as a mobile telephone, portable
`computer, pager, personal data assistant, or other type of
`device capable of wirelessly accessing the Internet and
`communicating using a chat application. The client 10
`accesses a first pseudonymizing proxy server 15 as will be
`more fully described with respect to FIG. 2. The first
`pseudonymizing proxy Server 15 may be provided by a
`System operator and is responsible for retrieving the position
`of the client 10 from the appropriate application 16. The first
`pseudonymizing proxy server 15 may also be a personal
`proxy located within an Intranet associated with the client 10
`or even located within the device 12 containing the client 10.
`The first pseudonymizing proxy server 15 must be a trusted
`entity and has a public and a private key.
`0015. A second pseudonymizing proxy server 20 is an
`anonymizer Server located Somewhere within the Internet. It
`is trusted that the Second pseudonymizing proxy server 20
`does not cooperate in any fashion with the origin Server 25.
`The Second pseudonymizing proxy server 20 has a public
`key and a private key.
`
`Exhibit 1021
`Page 04 of 06
`
`

`

`US 2003/0009523 A1
`
`Jan. 9, 2003
`
`0016. The origin server 25 is responsible for providing
`chat services to the client 10. Examples of these include a
`Sign-up Service enabling the client 10 to Sign up for a
`particular Service, an "add user” option which requests the
`addition of a particular user to a user list, a “view list” option
`enabling a user to See all users upon an accepted list, a “find
`pals' request enabling the display of a list of friends and
`their respective positions, an “enter invisible' option
`enabling a user to anonymously enter a chat with their
`position being erased, an “enter Visible” mode where the
`user's position is periodically Sent to the origin Server 25 and
`an “alert” request which periodically provides a particular
`client's position. A database 30 associated with the origin
`Server 25 Stores a user's number, a pseudo identity, a latest
`position of a user with a timestamp, and a list of related users
`to a user (i.e., their buddy list). None of the users are known
`to the origin server 25, but they are known to each other.
`Thus, by using a unique pseudo identity that is transmitted
`Via other channel to friends, the Secret may not be perfectly
`Safe, but Safe enough for most users and Scenarios.
`0017 Referring now to FIG. 2, there is a flow diagram
`illustrating a method for ensuring privacy of a client's
`position if desired. The client 10 connects at step 35 to the
`first pseudonymizing proxy Server 15 to request a chat
`service. The client 10 may, in one embodiment, connect with
`the first pseudonymizing proxy server 15 via a WAP gate
`way, not shown, or Similar type of gateway connection
`depending upon the location of the first pseudonymizing
`proxy server 15. The client 10 also provides the position of
`the client at step 40 to the first proxy server 15, using, for
`example, base Station position techniqueS Such a mobile
`positioning system (MPS), GPS, or other positioning tech
`nology.
`0.018. The first proxy server 15 transmits at step 45 an
`HTTP request relating to a chat application to the Second
`pseudonymizing proxy Server 20. Referring now also to
`FIG. 3, there is illustrated an example of the HTTP request
`50. The request 50 contains the parameters 55 necessary for
`providing a particular chat Service requested by the client 10.
`The parameters 55 are encrypted with the public key of the
`origin server 25. The request 50 also includes the URL 60 of
`the requested chat Service at the origin Server 25 and the
`private key 65 of the first pseudonymizing proxy server 15.
`All of this data (the encrypted parameters, the URL and the
`private key) are encrypted with the public key of the Second
`pseudonymizing proxy server 20 and transmitted to the
`second proxy server 20 at step 45.
`0019. In response to receipt of the HTTP request 50, the
`Second pseudonymizing proxy server 20 Sends a unique ID
`to the first pseudonymizing proxy server 15 at step 70 and
`decrypts the received HTTP request 50 at step 75. The
`Second pseudonymizing proxy server 20 transmits the
`decrypted HTTP request to the origin server at step 80.
`Referring now also to FIG.4, there is illustrated the partially
`decrypted HTTP request 85 transmitted from the second
`pseudonymizing proxy server 20 to the origin server 25. The
`HTTP request 85 includes the originally provided encrypted
`parameters 55, the URL 60 and the private key 65 of the first
`pseudonymizing proxy server 15. Also included within the
`request 85 is the unique ID 90 that was provided to the first
`pseudonymizing proxy server 15 and the private key 86 of
`the second proxy server 20. The parameters 55, URL 60,
`unique ID 90 and first pseudonymizing proxy server private
`
`key 65 are each Still encrypted using the origin Server's
`public key. The added unique ID 90 and private key 86 of the
`Second proxy server 20 are also encrypted with the origin
`server's 25 public key.
`0020. The origin server performs at step 95 the requested
`action and transmits a response 110 at step 100 back to the
`Second pseudonymizing proxy server 20. AS illustrated in
`FIG. 5, the message 105 transmitted from the origin server
`25 includes the response 110 and the unique ID 115. The
`message 105 is first encrypted by the first pseudonymizing
`proxy server's 15 private key and by the Second pseudony
`mizing proxy server's 20 private key. The Second proxy
`server 20 decrypts the message 105 at step 120 using both
`of the private keys and Stores the response along with the
`unique ID. The first pseudonymizing proxy server 15
`requests the information contained within the response at
`step 125 by providing the unique ID originally provided to
`the first pseudonymizing proxy server 15 by the Second
`pseudonymizing proxy server 20 at step 70. The request 130
`(FIG. 6) includes the unique ID 135. The content is then
`provided to the first pseudonymizing proxy server at Step
`140 responsive to the unique ID 135, and the information
`associated with the unique ID is erased at step 145 at the
`second proxy server 20. The provided content may be
`pushed to the client at step 150, if relevant.
`0021. The previous description is of a preferred embodi
`ment for implementing the invention, and the Scope of the
`invention should not necessarily be limited by this descrip
`tion. The Scope of the present invention is instead defined by
`the following claims.
`What is claimed is:
`1. A method for providing privacy to a client accessing a
`chat application on a chat Server, comprising the Steps of
`transmitting a request for the chat application from the
`client to a first proxy server;
`transmitting the request for the chat application from the
`first proxy Server to a Second proxy Server;
`providing a unique ID to the first proxy Server from the
`Second proxy server responsive to the request;
`transmitting the request for the chat application and the
`unique ID from the Second proxy Server to the chat
`Server,
`transmitting a response and the unique ID from the chat
`Server to the Second proxy server responsive to the
`request,
`Storing the response at the Second proxy server with the
`unique ID; and
`accessing the Stored response from the first proxy server
`by providing the unique ID.
`2. The method of claim 1, further comprising the Step of
`erasing the Stored response and the unique ID in the Second
`proxy server responsive to an access by the first proxy
`SCWC.
`3. The method of claim 1, further comprising the step of
`pushing the response from the first proxy Server to the client.
`4. The method of claim 1, further comprising the step of
`providing a position of the client to the first proxy Server.
`5. The method of claim 1, further including the step of
`encrypting transmissions from the first proxy Server to the
`
`Exhibit 1021
`Page 05 of 06
`
`

`

`US 2003/0009523 A1
`
`Jan. 9, 2003
`
`Second proxy Server using both a first public key of the chat
`Server and a Second public key of the Second proxy Server.
`6. The method of claim 5, further including the step of
`encrypting transmissions from the Second proxy Server to
`the chat Server using the first public key of the chat Server.
`7. The method of claim 5, further including the step of
`encrypting transmissions from the chat Server to the Second
`proxy server using both a first private key of the first proxy
`Server and a Second private key of the Second proxy Server.
`8. A method for providing privacy to a client accessing a
`chat application on a chat Server, comprising the Steps of:
`transmitting a request for the chat application from the
`client to a first proxy server;
`encrypting transmissions from the first proxy server to the
`Second proxy Server using both a first public key of the
`chat application Server and a Second public key of a
`Second proxy server;
`transmitting the request for the chat application from the
`first proxy Server to a Second proxy Server;
`providing a unique ID to the first proxy server from the
`Second proxy server responsive to the request;
`encrypting transmissions from the Second proxy server to
`the chat Server using the first public key of the chat
`Server,
`transmitting the request for the chat application and the
`unique ID from the Second proxy Server to the chat
`application Server;
`encrypting transmissions from the chat Server to the
`Second proxy Server using both a first private key of the
`first proxy server and the Second private key of the
`Second proxy server;
`transmitting a response and the unique ID from the chat
`Server to the Second proxy server responsive to the
`request,
`Storing the response at the Second proxy server with the
`unique ID;
`accessing the Stored response from the first proxy Server
`by providing the unique ID; and
`erasing the Stored response and the unique ID in the
`Second proxy server responsive to the access.
`9. The method of claim 8, further comprising the step of
`pushing the response from the first proxy Server to the client.
`10. The method of claim 8, further comprising the step of
`providing a position of the client to the first proxy.
`11. A System for protecting location data on a client
`accessing a client Server comprising:
`a first proxy server associated with the client,
`a Second proxy server located on the Internet;
`
`wherein the first proxy Server and the Second proxy Server
`are configured to:
`receive a request for the chat application from the client
`at the first proxy server,
`transmit the request for the chat application from the
`first proxy Server to the Second proxy server;
`provide a unique ID to the first proxy server from the
`Second proxy server responsive to the request;
`transmit the request for the chat application and the
`unique ID from the Second proxy server to the chat
`Server,
`receive a response and the unique ID from the chat
`Server at the Second proxy server;
`Store the response at the Second proxy Server with the
`unique ID; and
`access the Stored response from the first proxy Server
`by providing the unique ID to the Second proxy
`SCWC.
`12. The system of claim 11, wherein the first and second
`proxy servers are further configured to erase the Stored
`response and the unique ID in the Second proxy server
`responsive to an acceSS by the first proxy server.
`13. The system of claim 11, wherein the first and second
`proxy Servers are further configured to push the response
`from the first proxy server to the client.
`14. The system of claim 11, wherein the first and second
`proxy servers are further configured to determine a position
`of the client at the first proxy server.
`15. The system of claim 11, wherein the first and second
`proxy Servers are further configured to encrypt transmissions
`from the first proxy Server to the Second proxy server using
`both a first public key of the chat server and a second public
`key of the Second proxy Server.
`16. The system of claim 11, wherein the first and second
`proxy servers are further configured to encrypt from the
`Second proxy server to the chat Server using the first public
`key of the chat server.
`17. The system of claim 11, wherein the first and second
`proxy Servers are further configured to decrypt transmissions
`from the client Server at the Second proxy server using both
`a first private key of the first proxy server and a Second
`private key of the Second proxy server.
`18. The system of claim 11, wherein the first proxy server
`is located in an intranet associated with the client.
`19. The system of claim 11, wherein the first proxy server
`is located within an apparatus containing the client.
`20. The system of claim 11, wherein the second proxy
`server is accessible from the first proxy server via the
`Internet.
`
`Exhibit 1021
`Page 06 of 06
`
`