(12) United States Patent
`Yiu et al.
`
`111111
`
`1111111111111111111111111111111111111111111111111111111111111
`US006928291B2
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 6,928,291 B2
`Aug. 9, 2005
`
`(54) METHOD AND APPARATUS FOR
`DYNAMICALLY CONTROLLING RELEASE
`OF PRIVATE INFORMATION OVER A
`NETWORK FROM A WIRELESS DEVICE
`
`(75)
`
`Inventors: Jennifer 0. Yiu, Fremont, CA (US);
`Ramkumar Venketaramani, Foster
`City, CA (US); Suresh B. Bashyam,
`Sunnyvale, CA (US); Seetharaman
`Ramasubramani, San Jose, CA (US)
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`5,740,539 A * 4/1998 Ishii ........................ 455/456.1
`5,907,804 A * 5/1999 Schroderus eta!. ........ 455/411
`6,311,069 B1 * 10/2001 Havinis et a!.
`.......... 455!456.4
`6,571,212 B1 * 5!2003 Dent ....................... 704/270.1
`6,687,504 B1 * 2/2004 Raith ...................... 455/456.1
`6,687,505 B1 * 2/2004 Hagebarth ............... 455!456.2
`6,716,101 B1 * 4/2004 Meadows et a!. ........... 340/989
`
`(73) Assignee: Openwave Systems Inc., Redwood
`City, CA (US)
`
`* cited by examiner
`
`( *) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 689 days.
`
`(21) Appl. No.: 09/895,521
`
`(22) Filed:
`
`Jun.29,2001
`
`(65)
`
`Prior Publication Data
`
`US 2003/0181205 A1 Sep. 25, 2003
`
`Related U.S. Application Data
`( 60) Provisional application No. 60/264,210, filed on Jan. 25,
`2001.
`
`Int. Cl? .................................................. H04Q 7/20
`(51)
`(52) U.S. Cl. ................................ 455/456.1; 455/426.1;
`455/404.2
`(58) Field of Search ........................... 455/426.1, 456.1,
`455/456.3, 432.1, 414.3, 404.2, 440, 457,
`414.2
`
`Primary Examiner-Marsha D. Banks-Harold
`Assistant Examiner---Nghi H. Ly
`(74) Attorney, Agent, or Firm-Blakely, Sokoloff, Taylor &
`Zafman LLP
`
`(57)
`
`ABSTRACT
`
`A proxy gateway is coupled to one or more wireless hand(cid:173)
`held devices over a wireless network and to one or more
`origin servers over a wired network. The proxy gateway
`proxies requests and responses between the wireless devices
`and the origin servers. The proxy gateway determines when
`private information associated with a wireless device is
`needed or requested by another network entity, such as an
`origin server. In response to such determination, the proxy
`gateway communicates with the wireless device to enable
`the wireless device to present a user interface which allows
`a user of the wireless device to dynamically control release
`of the private information.
`
`24 Claims, 8 Drawing Sheets
`
`4
`
`Proxy
`Gateway
`
`5-1
`
`Origin
`Server
`
`3
`
`Origin
`Server
`
`5-M
`
`

`

`U.S. Patent
`U.S. Patent
`
`Aug. 9, 2005
`Aug. 9, 2005
`
`Sheet 1 of8
`Sheet 1 of 8
`
`US 6,928,291 B2
`US 6,928,291 B2
`
`,(cid:173)
`5-1
`I
`lO
`
`:......
`c
`·- <l>
`.Q' ~
`:......
`<l>
`0(.1J
`
`•
`
`•
`
`•
`
`~
`I
`L!)
`
`.._
`c:
`·- <l> O>>
`·- .....
`.....
`(!)
`0(.1J
`
`FIG.1
`Network
`
`Wired
`
`ProxyGateway
`
`Wireless
`
`Network
`
`Zo™N
`— e000
`[Jesse
`e
`e
`e
`
`i
`=
`
`0000
`
`°
`o
`
`oO
`
`Google Exhibit 1006, Page 2 of 15
`
`

`

`U.S. Patent
`
`Aug. 9, 2005
`
`Sheet 2 of 8
`
`US 6,928,291 B2
`
`Show where I am to
`"Yahoo.com"
`1.>Yes
`2. No
`3. Always
`4. Never
`OK
`
`Back
`
`100
`
`216
`
`230
`
`POWER
`(BACK J
`
`220
`
`(
`
`1
`
`)
`
`SEND
`~CCES~
`
`END
`(MENU J
`
`ciT)
`~
`
`( 2 ABC)
`
`( 3 DEF)
`
`( 4 GHI )
`
`( 5 JKL )
`
`( 6 MNO)
`
`(1 PQRS)
`
`( 8 TUV)
`
`(9 WXYZ)
`
`(*@_)
`
`( 0
`
`)
`
`(#?_)
`
`FIG. 2
`
`

`

`U.S. Patent
`
`Aug. 9, 2005
`
`Sheet 3 of 8
`
`US 6,928,291 B2
`
`''\_
`
`''\_
`
`''<._
`
`:?!
`<{ a:
`
`:?!
`0 a:
`
`-CJJ
`
`.._.,
`,_
`0
`CJJ
`CJJ w
`(.)
`0 ,_
`a..
`
`rl
`
`~
`
`T""
`
`"""'\.
`
`co
`(")'\.
`
`['-..
`
`C'?\
`
`c.o
`(YJ~
`
`L{)
`
`(")'\.
`
`'<;j"
`
`(YJ'\_
`
`E
`E
`0
`(.)
`
`•
`•
`•
`
`E
`E
`0
`0
`
`Q
`
`•
`•
`•
`
`0
`:::::
`
`<D
`CIJO)
`cn m
`ro
`.._
`~.9
`(J)
`
`

`

`U.S. Patent
`
`Aug. 9, 2005
`
`Sheet 4 of 8
`
`US 6,928,291 B2
`
`Receive GET/POST request from client
`intended for origin server
`
`Proxy request to origin server
`
`Receive response from origin server
`
`402
`
`403
`
`405
`Send WML deck to client for acquiring
`user's privacy choice and/or protected
`information
`
`406
`Receive user's choice (URI) and/or
`protected information from client
`
`Process response
`in appropriate
`manner
`
`414
`
`Send redirect
`to client
`
`Receive request
`from client
`
`Proxy request to
`origin server
`
`Send protected information to origin server
`
`Receive response from origin server
`
`Proxy origin server's response to the client
`
`410
`
`411
`
`FIG. 4
`
`

`

`U.S. Patent
`
`Aug. 9, 2005
`
`Sheet 5 of 8
`
`US 6,928,291 B2
`
`1
`
`/
`
`Client
`
`4
`
`r
`
`Proxy
`Gateway
`
`5
`
`/
`Origin
`Server
`
`/53
`
`/54
`
`.....
`
`~
`
`_..
`
`~
`
`...
`-..
`
`.....
`
`~
`
`/51
`
`/S2
`
`......
`
`~
`
`/55
`
`/56
`
`.. ....
`
`FIG. 5
`
`

`

`U.S. Patent
`
`Aug. 9, 2005
`
`Sheet 6 of 8
`
`US 6,928,291 B2
`
`Receive GET/POST request from client
`intended for orig1n server
`
`701
`
`13
`
`Proxy request to
`origin server
`
`Save original request with headers
`704
`Send WML deck to client for acquiring
`user's privacy choice and/or protected
`information
`
`Receive user's choice (URI) and/or
`protected information from client
`
`714
`
`Send redirect
`to client
`
`Receive request
`from client
`
`No
`
`FIG. 6A
`
`

`

`U.S. Patent
`
`Aug. 9, 2005
`
`Sheet 7 of 8
`
`US 6,928,291 B2
`
`Create new request from previously saved
`request and additional information
`
`Send new request to origin server
`
`Proxy origin server's response to the
`client
`
`710
`
`711
`
`712
`
`FIG. 68
`
`

`

`U.S. Patent
`
`Aug. 9, 2005
`
`Sheet 8 of 8
`
`US 6,928,291 B2
`
`1 r'
`
`Client
`
`4
`
`/
`Proxy
`Gateway
`
`5
`
`/
`Origin
`Server
`
`...
`
`... ..
`
`.. .
`
`/71
`
`/72
`
`/73
`
`/74
`
`/75
`
`/77
`
`.J
`
`.....
`
`,...
`
`~
`
`..
`...
`
`~/6
`
`• ...
`
`FIG. 7
`
`

`

`US 6,928,291 B2
`
`1
`METHOD AND APPARATUS FOR
`DYNAMICALLY CONTROLLING RELEASE
`OF PRIVATE INFORMATION OVER A
`NETWORK FROM A WIRELESS DEVICE
`
`2
`Other features of the present invention will be apparent
`from the accompanying drawings and from the detailed
`description which follows.
`
`5
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`This application claims the benefit of Provisional U.S.
`patent application No. 60/264,210, filed on Jan. 25, 2001,
`entitled, "Privacy Negotiation Model", which is incorpo(cid:173)
`rated herein by reference.
`
`FIELD OF THE INVENTION
`
`10
`
`The present invention pertains to techniques for control(cid:173)
`ling the release of private information over a network. More
`particularly, the present invention relates to controlling the 15
`release of private information over a network from a
`wireless, hand-held device.
`
`BACKGROUND OF THE INVENTION
`
`The present invention is illustrated by way of example
`and not limitation in the figures of the accompanying
`drawings, in which like references indicate similar elements
`and in which:
`FIG. 1 illustrates a network environment in which mobile
`devices can communicate with origin servers and service
`initiators;
`FIG. 2 shows a cellular telephone;
`FIG. 3 illustrates a processing system representative of
`any or the devices shown in FIG. 1;
`FIG. 4 is a flow diagram showing a process that may be
`implemented by the proxy gateway, according to a first
`embodiment, to obtain a user's permission to release private
`20 information;
`FIG. 5 illustrates the exchange of messages between
`network entities for the process of FIG. 4.
`FIGS. 6A and 6B is a flow diagram showing a process that
`25 may be implemented by the proxy gateway, according to a
`second embodiment, to obtain a user's permission to release
`private information; and
`FIG. 7 illustrates the exchange of messages between
`network entities for the process of FIGS. 6A and 6B.
`
`DETAILED DESCRIPTION
`
`Present technology allows users of hand-held, wireless
`devices to access to applications on the Internet. Some of
`those applications need to access information about wireless
`devices which may be considered private. Two types of
`information which may be considered private are informa(cid:173)
`tion on whether a wireless device is currently turned on
`("presence" information) and information about the geo(cid:173)
`graphic location of a wireless device ("location"
`information). For example, a network application might
`need to know the location of a wireless device in order to
`provide the device with real-time traffic or weather updates 30
`relevant to the user's location. Other examples of private
`information are serial numbers and telephone numbers of
`wireless devices.
`Wireless devices commonly access the Internet through a
`gateway which links the wireless network to the Internet. 35
`The gateway or a separate server system may act as a proxy
`server, which proxies requests from the wireless devices to
`applications on the Internet. In some cases, when private
`information is needed by a network application in order to
`process a request from a wireless device, the proxy server 40
`adds the private information to the request before sending
`the request to the network application.
`The proxy server is typically operated by the wireless
`carrier. However, the wireless carrier generally cannot
`release private information to network applications without
`prior authorization from the subscriber. Today, the subscrib(cid:173)
`er's authorization to release private information is normally
`acquired in a paper agreement or click-through agreement.
`These types of privacy agreement can be cumbersome to
`manage and normally must be in place before a subscriber
`attempts to access applications which require private data.
`Further, there is no way for the subscriber to give permission
`to release private data on a per request basis. In addition, the
`carrier generally must inform the subscriber about every
`modification to the agreement manually, and the user must
`agree to this before the modifications can take effect.
`
`45
`
`50
`
`55
`
`SUMMARY OF THE INVENTION
`
`The present invention includes a method and apparatus
`for dynamically controlling the release of information on a
`network. The method includes determining that protected
`information associated with a hand-held wireless commu-
`nication device is needed or requested by a remote network
`entity, and in response, enabling a user of the hand-held 65
`wireless communication device to dynamically control
`release of the protected information.
`
`A method and apparatus for controlling the release of
`private information over a network from a wireless, hand(cid:173)
`held device are described. Note that in this description,
`references to "one embodiment" or "an embodiment" mean
`that the feature being referred to is included in at least one
`embodiment of the present invention. Further, separate ref(cid:173)
`erences to "one embodiment" in this description do not
`necessarily refer to the same embodiment; however, neither
`are such embodiments mutually exclusive, unless so stated
`and except as will be readily apparent to those skilled in the
`art. Thus, the present invention can include any variety of
`combinations and/or integrations of the embodiments
`described herein.
`The techniques described herein relate to controlling the
`release of information often considered by users to be
`"private", such as location or presence information, sub(cid:173)
`scriber numbers, etc. Note, however, that the described
`techniques can be applied to controlling the release of
`essentially any type of information. That is, the described
`technique can be used to dynamically negotiate essentially
`any parameter with a user. Hence, information which is
`controlled using the techniques described herein is referred
`to generally in this specification as "protected" information,
`which may be (but does not have to be) private information.
`The present invention allows a user's authorization to
`release private information to be obtained dynamically, e.g.,
`in response to a request. This allows authorization to be
`60 given (or denied) on a per request basis and reduces the need
`for cumbersome paper or click through privacy agreements.
`In addition, the technique can be implemented over a
`standard network communication protocol, such as hyper-
`text transfer protocol (HTTP).
`As described in greater detail below, in one embodiment
`a processing system is coupled to one or more wireless
`hand-held communication devices (hereinafter "wireless
`
`

`

`US 6,928,291 B2
`
`3
`devices") over a wireless network and to one or more origin
`servers over a wired network. The processing system may be
`a proxy gateway, which proxies requests and responses
`between the wireless devices and the origin servers. The
`processing system determines when protected (e.g., private) 5
`information associated with a wireless device, such as
`location or presence information, is needed or requested by
`another network entity, such as an origin server. Upon
`making such a determination, the proxy gateway initiates an
`exchange of information with the wireless device to dynami- 10
`cally determine whether release of the protected information
`is authorized by the user of the wireless device. In one
`embodiment, the wireless device presents a user interface
`which allows the user to dynamically authorize or prohibit
`release of the protected information. The user may grant or 15
`deny permission to release the information for only the
`current interaction or for all future interactions with the
`network entity. The protected information is then only
`released to the extent authorized by the user. In one
`embodiment, this dynamic determination of user permission 20
`to release protected information is accomplished over stan(cid:173)
`dard HTTP. In other embodiments, other standards may be
`used.
`In this description, various acts are described as being
`performed by a proxy gateway in connection with establish(cid:173)
`ing a privacy agreement with a user (in addition to standard
`proxy or gateway functions). Note, however, that a proxy
`gateway is only one example of a platform in which the
`described acts can be carried out. The acts related to estab(cid:173)
`lishing a privacy agreement do not have to be performed by
`a device that acts as a proxy or as a gateway. They may
`instead be performed in a processing system that is separate
`from any proxy or gateway, which may be a processing
`system dedicated to performing such acts, or a processing
`system which performs the described acts in addition to
`having other purposes. Nonetheless, typically, those acts
`will be performed by a processing system controlled by a
`wireless carrier (i.e., the operator of the wireless network 2),
`although that also is not necessarily so.
`FIG. 1 illustrates an example of a network environment in
`which the present invention can be implemented. A number
`(N) of wireless devices 1-1 through 1-N operate on a
`wireless network 2. Each of the wireless devices 1 may be,
`for example, any of: a cellular telephone, a personal digital
`assistant (PDA), a notebook (laptop) computer, a two-way 45
`pager, or any other hand-held wireless device. The wireless
`network 2 is coupled to a conventional wired computer
`network 3 through a proxy gateway 4. The wired network 3
`may be, for example, the Internet, a corporate intranet, a
`wide area network (WAN), a local area network (LAN), a 50
`public switched telephone network (PSTN), or a combina(cid:173)
`tion thereof. The proxy gateway 4 uses well-known tech(cid:173)
`niques to enable communication between the wireless
`devices 1 and a number (M) of processing systems ("origin
`servers") 5-1 through 5-M operating on the wired network 3. 55
`The physical computing platforms which embody the proxy
`gateway 4 and processing systems 5 may include, for
`example, conventional personal computers (PCs) and/or
`server-class computer systems.
`At least some of the origin servers 5 may be conventional 60
`web servers on the World Wide Web. Accordingly, origin
`servers 5 provide content to the wireless devices 1 in
`response to standard (e.g., WAP or HTTP) requests from the
`wireless devices 1. In some cases, origin servers 5 may (or
`alternatively) "push" content to the mobile devices 1, i.e., 65
`send content to the mobile devices 1 without the content
`having been requested by the mobile devices 1. Content
`
`4
`provided to the wireless devices 1 by the origin servers 5
`may include, for example, hypermedia documents, email,
`short messages, real-time updates of traffic, stock quotes or
`weather, and the like.
`In one embodiment, the wireless devices 1 do not support
`the same protocols or languages used by the origin servers
`5. For example, the wireless devices 1 might support only
`wireless markup language (WML) and wireless access pro(cid:173)
`tocol (WAP), while the origin servers 5 use only hypertext
`markup language (HTML) or extensible mark-up language
`(XML) and HTTP. In that case, the gateway feature of proxy
`gateway 4 converts/translates between the languages and
`protocols used by processing systems 5 and the languages
`and protocols used by the mobile devices 1 to allow these
`entities to communicate with each other. In other
`embodiments, some or all of the wireless devices 1 might
`directly support the protocol (or language) used by the origin
`servers 5, such as HTTP. In such embodiments, at least some
`of the translation/conversion operations would not be
`needed for those devices.
`To facilitate explanation, it is henceforth assumed in this
`description that the wireless devices 1 and the origin servers
`5 all support HTTP. It will be recognized, however, that the
`techniques described herein can be easily adapted to net-
`25 work environments in which that is not the case.
`Proxy gateway 4 also operates as a proxy for transmitting
`various requests and responses on behalf of the mobile
`devices 1 and the processing devices 5, as described further
`below. Note that while proxy gateway 4 is shown as a single
`30 network entity, the proxy and gateway functions can be
`distributed between two or more physical platforms.
`Furthermore, both functions do not necessarily have to be
`used in a given network environment, as noted above.
`Origin servers 5 may require private information relating
`35 the wireless devices 1, such as information of the types
`mentioned above. The information may be needed by the
`origin servers 5 in order to process requests from the
`wireless devices 1 or in order to push information to the
`wireless devices 1. Accordingly, another responsibility of
`40 the proxy gateway 4 is to determine when private informa(cid:173)
`tion associated with one of the wireless devices 1 is needed
`or requested by another network entity, such as an origin
`server 5. In response to making such a determination, the
`proxy gateway 4 transmits information to the subject wire(cid:173)
`less device 1, to cause a browser in the wireless device 1
`(sometimes called a "minibrowser" or "microbrowser") to
`generate a predetermined graphical user interface (GUI)
`mode. The predetermined GUI mode allows the user to
`dynamically provide or deny permission to release the
`private information. By "dynamically", what is meant is that
`the user is prompted to provide or deny permission in
`response to a contemporaneous determination (by proxy
`gateway 4, for example) that private information associated
`with the user is needed or requested.
`The predetermined GUI mode is henceforth referred to as
`the "privacy negotiation GUI" to facilitate description. Note,
`however, that the process is not necessarily a "negotiation"
`in a strict sense. The information transmitted by the proxy
`server 4 to the wireless device 1 may be, for example,
`mark-up language code (e.g., a WML deck) for use by the
`wireless device to generate the privacy negotiation GUI.
`Alternatively, the mark-up language code for generating the
`privacy negotiation GUI may be stored permanently or
`semi-permanently in the wireless device, in which case the
`information transmitted by the proxy server 4 may be a
`simple signal to cause the wireless device to generate the
`privacy negotiation GUI.
`
`

`

`US 6,928,291 B2
`
`5
`Private information relating to a wireless device 1 may be
`normally stored within the wireless device 1. In that case,
`when authorized by the user, the wireless device 1 releases
`the private information to the proxy gateway 4, to allow the
`proxy gateway 4 to release the information to other network
`entities, as authorized. Alternatively, the private information
`may already be stored within the proxy gateway 4 when a
`need or request for such information is detected. In that case,
`the proxy gateway 4 merely needs to release the information
`when it receives authorization to do so.
`FIG. 2 shows an example of one of the wireless devices
`1, in particular a cellular telephone 100, in which the privacy
`negotiation GUI may be implemented. As shown, the tele(cid:173)
`phone 100 includes a display 102 and a keypad 103. Display
`102 may display hypermedia information, such as informa(cid:173)
`tion 208. Function keys 216 and 220 can be used to activate
`softkeys. Keypad 103 includes alphanumerical keys 230
`(such as for dialing a telephone numbers and entering
`hyperlinks), function keys 216 and 220, directional arrow
`keys 221A and 221B. Arrow keys 221A and 221B are used
`to navigate through information displayed on display 102,
`such as to move a selection indicator (e.g., highlighting),
`cursor, pointer, or other indicator, or to scroll the display.
`The hypermedia information 208 shown in FIG. 2 is one
`example of the privacy negotiation GUI, generated by a
`browser in the telephone 100. As shown, it includes a list of
`selectable items ("Yes", "No", "Always", "Never") from
`which the user of the device can select to dynamically
`specify privacy parameters permissions. The GUI may
`enable the user to provide or deny permission to release the
`private information for only the current request (by choosing
`"Yes" or "No") or for all requests associated with the target
`application (by choosing "Always" or "Never"). Each of the
`selectable items may represent a hyperlink which has a
`corresponding Uniform Resource Identifier (URI). These
`URI's may correspond to network addresses within the
`proxy gateway 4.
`Hypermedia information 208 may be, for example, a
`WML file ("deck") including one or more WML cards. In
`certain modes of operation, activating function key 220
`while a displayed item is selected (e.g., highlighted) causes
`the telephone 100 to retrieve and display a WML card
`associated with a URI of that item. In addition, by using the
`alphanumerical keys 230, the user may enter a URI manu-
`ally to access hypermedia content.
`FIG. 3 illustrates the internal components of a processing
`system which may represent any of the devices shown in
`FIG. 1. Note that FIG. 3 is not intended to represent any one
`specific physical arrangement of components, as such details 50
`are not germane to the present invention and are well within
`the knowledge of those skilled in the art. Variations of the
`described structure may be appropriate according to the
`particular type of device being referred to, which variations
`will be readily apparent to those skilled in the art.
`The illustrated processing system includes one or more
`processors 31, i.e. a central processing unit (CPU), read-only
`memory (ROM) 32, and random access memory (RAM) 33,
`each connected to a bus system 41. Also coupled to the bus
`system 41 are a mass storage device 34, one or more 60
`input/output (110) devices 35 through 36, and one or more
`data communication devices 37 through 38. Note that a
`server would not necessarily require any 1!0 devices in
`addition to a data communication device.
`The processor(s) 31 may be, or may include, one or more 65
`programmable general-purpose or special-purpose micro(cid:173)
`processors or digital signal processors (DSPs), application
`
`6
`specific integrated circuits (ASICs), programmable logic
`devices (PLDs), or a combination of such devices. The bus
`system 41 includes one or more buses, which may be
`connected to each other through various bridges, controllers
`5 and/or adapters, such as are well-known in the art. For
`example, the bus system may include a "system bus", which
`may be connected through one or more adapters to one or
`more expansion buses, such as a Peripheral Component
`Interconnect (PCI) bus, HyperTransport or industry standard
`architecture (ISA) bus, small computer system interface
`10 (SCSI) bus, universal serial bus (USB), or Institute of
`Electrical and Electronics Engineers (IEEE) standard 1392
`bus (sometimes referred to as "Firewire").
`Mass storage device 17 may be, or may include, any one
`or more devices suitable for storing large volumes of data in
`15 a non-volatile manner, such as a magnetic disk or tape,
`magneto-optical (MO) storage device, or any of various
`types of Digital Versatile Disk (DVD) or Compact Disk
`(CD) based storage, or a combination of such devices. The
`1/0 devices 35 through 36 may include, for example, any
`20 one or more of: a keyboard or keypad, a pointing device
`(e.g., a mouse, trackball, or touchpad), a display device, and
`an audio speaker.
`The data communication devices 37 and 38 may be any
`25 devices suitable for enabling the processing system to com(cid:173)
`municate data with a remote processing system over a data
`communication link, such as a wireless transceiver (e.g., if
`implemented in a wireless device), a conventional telephone
`modem, a wireless modem, an Integrated Services Digital
`30 Network (ISDN) adapter, a Digital Subscriber Line (DSL)
`modem, a cable modem, a satellite transceiver, an Ethernet
`adapter, or the like. At least one of communication links 39
`and 40 may be a wireless link, such as to provide the
`connection between wireless devices 1 and wireless network
`35 2 in FIG. 1.
`Note that while FIG. 3 shows two communication devices
`37 and 38, more than one data communication device would
`not necessarily be required. The proxy gateway 4 does
`require at least two communication interfaces (i.e., one to
`connect to the wireless network 2 and one to connect to the
`wired network 3), although these interfaces potentially can
`be implemented in a single physical device.
`FIG. 4 illustrates a process that may be implemented by
`the proxy gateway 4, according to a first embodiment, to
`obtain a user's permission to release private information.
`FIG. 5 illustrates the exchange of messages between net-
`work entities for the process of FIG. 4. In FIGS. 4 and 5, the
`sequence progresses downward in the Figure as time
`advances.
`In this first embodiment, the proxy gateway 4 lacks the
`"intelligence" to determine, solely from a client's request,
`that private information is needed to process the request.
`Initially, at process block 401, proxy gateway 4 receives a
`standard HTTP GET/Post request 51 from one of the wire-
`55 less devices 1 (the "client"), and proxies the request to the
`targeted origin server 5 at block 402. At block 403 the proxy
`gateway 4 receives a response 52 at to the request from the
`origin server 5.
`If the origin server 5 requires additional information to
`process the request, such as presence or location information
`from the client 1, the origin server 5 responds with a
`standard "409" error message as defined in HTTP version
`1.1. Accordingly, if the proxy gateway 4 identifies the origin
`server's response 52 as an HTTP "409" error message at
`block 404, then at block 405 the proxy gateway 4 sends to
`the client 1 a WML deck 53 to cause the client 1 to generate
`the privacy negotiation GUI.
`
`40
`
`45
`
`

`

`US 6,928,291 B2
`
`7
`If the private information is already stored within the
`proxy gateway 4 or the user denies permission to release
`information, the proxy gateway 4 may receive only the
`user's choice at block 406. Conversely, if the private infor(cid:173)
`mation is not currently available to the proxy gateway 4,
`then the private information may be provided to the proxy
`gateway 4 by the wireless device 1 at block 406, assuming
`the user gives permission to do so. The user's choice may be
`in the form of a URI, as noted above. The client 1 may
`provide the private information to the proxy gateway 4 in
`any suitable manner, such as in a markup language docu(cid:173)
`ment or in an extended header of a markup language
`document.
`If the response 52 from the origin server 5 was an error
`message other then a "409" error message (block 412), then 15
`the response 52 is processed in an appropriate manner at
`block 413, which is not germane to the present invention. If
`the response 52 is not an error message at block 412, then
`the proxy gateway 4 simply proxies the origin server's
`response 52 to the client 1 at block 411.
`If the proxy gateway 4 determines at block 407 that the
`user authorized release of the private information, based on
`the client's response 54 to the WML deck, and if all of the
`required information is available at block 408, then the
`proxy gateway 4 sends the private information 55 to the 25
`origin server 5 at block 409. As an alternative, at block 409
`the proxy gateway 4 may send the origin server 5 a new
`request, which includes the private information and all of the
`information in the original request 51 from the client 1. At
`block 410, the proxy gateway 4 receives a response from the 30
`origin server 5, and it proxies the response to the client 1 at
`block 411.
`If the proxy gateway 4 determines at block 407 that
`permission to release of the private information was denied
`by the user, then the proxy gateway 4 sends a redirect to the
`client 1 at block 414, to reset the browser context and to
`cause the browser to retry its original request. The new
`request is received by the proxy gateway 4 at block 415 and
`proxied to the origin server at block 416. The origin server
`will presumably respond to this new request with another
`HTTP 409 response, which is received by the proxy gateway
`4 at block 410 and proxied to the client 1 at block 411. If
`permission to release the information was given, but not all
`necessary information was received (block 408), the process
`loops back to block 405.
`Of course, many variations upon this process are possible
`without departing from its basic principle. For example,
`certain operations might be added or deleted from the
`above-described process, or the sequence of operations
`altered, while still employing the same basic principle.
`FIGS. 6A and 6B illustrate a process that may be imple(cid:173)
`mented by the proxy gateway 4, according to a second
`embodiment, for purposes of obtaining a user's permission
`to release private information. FIG. 7 illustrates the
`exchange of messages between the a network entities for the
`process of FIGS. 6A and 6B. In FIGS. 6A, 6B and 7, the
`sequence progresses downward as time advances. In this
`second embodiment, the proxy gateway 4 has the "intelli(cid:173)
`gence" to determine, solely from the client's request, that
`private information is needed to process a request. This
`intelligence may be in the form of a simple lookup table,
`stored in proxy gateway 4, of the URis of applications
`known to require additional information about a requesting
`client.
`Thus, at process block 701, proxy gateway 4 receives a
`standard HTTP GET/POST request 71 from one of the
`
`8
`wireless devices 1 (the "client"). It may be assumed that the
`original request 71 specifies a URI representing the proxy
`gateway 4. At block 702 the proxy gateway 4 determines
`whether additional (private) information is needed for the
`5 origin server 5 to process the request. If no additional
`information is needed, the proxy gateway 4 simply proxies
`the request to the origin server 5 at block 713. If additional
`information is required, then at block 703 the proxy gateway
`4 saves the original request with headers. It then sends a
`10 WML deck 72 to the client 1 at block 704 for generating the
`privacy negotiation GUI. At block 705 the proxy gateway 4
`receives the user's choice and/or the private information 73
`from the client 1.
`If the proxy gateway 4 determines at block 706, based on
`the client's response 73, that the user authorized release of
`the private information, and if all of the required information
`is available at block 707, then at block 708 the proxy
`gateway 4 sends an HTTP redirect 74 (or the equivalent) to
`the client 1, to reset the browser context and to cause the
`20 browser to retry its original request.
`If permission to release the information was given, but not
`all necessary information was received (block 707), the
`process loops back to block 704. If the proxy gateway 4
`determines at block 706 that permission to release the
`private information