`Gregg et al.
`
`USOO6516416B2
`(10) Patent No.:
`US 6,516,416 B2
`(45) Date of Patent:
`*Feb. 4, 2003
`
`(54) SUBSCRIPTION ACCESS SYSTEM FOR USE
`WITH AN UNTRUSTED NETWORK
`
`(75) Inventors: Richard L. Gregg, Omaha, NE (US);
`Sandeep Giri, Omaha, NE (US);
`Timothy C. Goeke, Elkhorn, NE (US)
`(73) Assignee: Prism Resources, Omaha, NE (US)
`(*) Notice:
`This patent issued on a continued pros-
`ecution application filed under 37 CFR
`1.53(d), and is subject to the twenty year
`patent term provisions of 35 U.S.C.
`154(a)(2).
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`(21) Appl. No.: 08/872,710
`(22) Filed:
`Jun. 11, 1997
`(65)
`Prior Publication Data
`
`US 2002/0002688 A1 Jan. 3, 2002
`(51) Int. Cl. .................................................. H04L 9/00
`(52) U.S. Cl. .......................................... 713/201; 705/51
`(58) Field of Search .............................. 380/25, 21,49,
`380/30; 713/202, 201, 200; 705/54, 51
`References Cited
`
`(56)
`
`U.S. PATENT DOCUMENTS
`5,629,980 A * 5/1997 Stefik et al. .................. 705/54
`
`5,677.953 A * 10/1997 Dolphin ......................... 380/4
`5,708,780 A * 1/1998 Levergood et al. ......... 709/229
`5,765,152 A
`6/1998 Erickson ........................ 707/9
`6,006,332 A * 12/1999 Rabne et al. ............... 713/201
`
`* cited by examiner
`
`Primary Examiner Matthew Smithers
`(74) Attorney, Agent, or Firm-Greer, Burns & Crain, Ltd.
`(57)
`ABSTRACT
`A System and method is disclosed for controlling access to
`computer resources using an untrusted network. The System
`preferably uses a hardware key connected to each Subscriber
`client computer and adds Software to the Subscriber client
`computer and to the existing Server computer. A clearing
`house is provided to Store client and Server identification
`data, including demographic data, including URL data,
`usage data and billing information. The clearinghouse
`authenticates the Subscriber and Server computers before an
`operating Session occurs. For every new client Session, a
`login mechanism requires the client computer to Supply
`appropriate identification data, including a digital identifi
`cation generated by the hardware key. The login parameters
`are verified by the clearinghouse and a Session is then
`Started. The System is adapted to protect preselected content
`from being printed or copied by a client using a web
`browser. The System architecture permits a geographical
`distributed System of multiple Subscriber client computers,
`multiple Server computers and multiple clearinghouses
`which can interact with each other.
`
`31 Claims, 24 Drawing Sheets
`
`CLIENT
`APPICATION
`
`48
`?
`- - - - - - - - - - - - v - - - - - - - -
`
`- -
`
`36
`
`(sissCRIBER
`
`-
`- - - - - - - - - - - - - - - -
`CONTENT
`NETWORK
`CONTROL-
`USAGE
`LER
`TRACKER
`
`Y
`
`- - - - - - - - - - - - - - -
`
`SERVER
`APPLICATION
`
`- - - - - - -
`
`!
`
`-- - a
`
`CENT
`ACCESS
`LOG-IN
`ENORAUTHENTICE
`AOR
`WALIDATOR
`
`SERVER
`
`7
`
`s - - - - - - -
`:
`TRANSACTION
`dor:
`
`- - - - - :
`--
`USER ASELECLIENT
`UNTRUSD
`:
`MESSENGER
`NETWORK
`SESSION
`SE
`SERVCE
`ATOR
`viLiDATOR
`INITIATOR
`FUNCri6,
`- F - Y-11
`--- SESSION.
`-- LOG-N
`CLENT
`INTERFACE
`CRYPTC
`proTECTEDUN-PROTECTED
`MANAGER
`GrAPHER
`:
`SESSION ||
`CONTENTS
`CONTENTS
`-----------i---------------
`TERMINATOR
`DIGITAL
`ACCESS -
`KEY
`INTERFACE
`
`. . . .
`
`N-34
`
`Y.
`
`:
`
`
`
`:
`
`
`
`NETWORK
`JSAGE -
`TRACKING
`COLLECTOR
`
`
`
`!
`
`ACCESS
`
`KEY
`
`Y-54
`KEY__
`
`-3
`- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
`NETWORK
`SAS
`I
`USAGE
`AUTHENTICATION
`TRACKING
`SRWEr
`SERVER
`SERVER
`
`:
`
`N CLEARNGHOUSE
`VesV - -
`
`DATABASE
`----1
`
`MCM Ex. 2002, pg. 1
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 1 of 24
`
`US 6,516,416 B2
`
`
`
`
`
`38
`
`e
`•
`
`SA SUBSCRIBER SOFTWARE
`ISA ACCESS KEY (OPTIONAL)
`
`=
`
`36
`
`a
`e
`
`SA SERVER SOFTWARE
`ISA SITE ADMINSTRATION
`SOFTWARE
`
`FIREWALL
`
`WEB SERVER
`
`
`
`SA SUBSCRBER
`ADMINISTRATION SOFTWARE
`
`ISA CLEARNGHOUSE SERVER
`SOFTWARE
`ISA CLEARNGHOUSE
`DATABASE
`SQL SERVER
`
`4- is,
`.
`.
`.
`.
`.
`BACKEND SYSTEM
`
`FIG. 1
`
`MCM Ex. 2002, pg. 2
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 2 of 24
`
`US 6,516,416 B2
`
`36
`
`
`
`
`
`1 Request for
`Protected Content
`
`D
`
`Sb
`-2S N. Command
`
`SA
`Subscriber
`
`LOg-in
`Parameters
`
`
`
`Protected
`6 Content
`N
`
`
`
`
`
`
`
`
`
`Subscription
`HOSt
`(Web Site with
`ISA Server)
`
`-
`Authentication
`Request
`
`34
`
`Authentication
`Response
`-1 Usage
`30 N
`21h.
`
`Data u1
`
`ISA Clearinghouse
`
`F G 2
`
`MCM Ex. 2002, pg. 3
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 3 of 24
`
`US 6,516,416 B2
`
`|
`
`!!1)NOISSaS|
`
`SLN3LNO9DSLNSLNOO
`
`MYOMLAN
`
`aSvsn
`
`ONIMOVaL
`
`YOLDATION
`
`MYOMLSN
`
`cS
`
`YaoVNVA
`
`NoIssas___!
`
`YOLVANVA
`YOLVILINI
`
`NoIssas
`
`NOISSAS
`
`ADIAYAS
`
`NOILONNA
`
`gt
`
`LNANS
`
`“OLdAYO
`
`YaHdVeoO
`
`NOILOVSNVaL
`
`YOLINOW
`
`LN3I19
`
`“OILNSHLAY
`Ysa0YdOANA
`
`MYOMLAN
`
`aOVSn
`
`YaMoval
`
`4LNALNOD
`
`“TOYULNOD
`
`YF]
`
`daLlLsnYinn
`
`LNAMO
`
`AYOMLAN
`YaONASSAW
`DILNSHLAY
`
`YaAuss
`
`v7
`
`YaAdsS
`
`NOILWONdd¥
`
`LNSMNS
`
`NOILWONddV
`
`YaAdssS
`
`
`WLvdYsaAdaSONIMOVEL
`
`NOILVOILNSHLNYa9vsn
`
`ASNOHONIYV3A19
`
`dsvevlvd
`
`YsaAYAS
`
`€Old
`
`MCM Ex. 2002, pg. 4
`
`MCM Ex. 2002, pg. 4
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 4 of 24
`
`US 6,516,416 B2
`
`AdIAYAS
`
`NOILONNA
`
`LINALNOD
`
`S159
`
`daloaloudd
`NOLLVYLSININGYALIS
`NOILVOILNSAHLAY-3a
`ASNOHONIAVSTO
`NOILVYLSNINGY
`AYVMLIOS
`o9|NoWava
`
`
`
`S199
`
`aovsn
`
`NOISS3S
`
`YaOVNVA
`
`9969oe
`
`VSIVSI
`
`
`
`QayvHSYAgYOSEns
`
`
`
`LOoardoAYVMLAOS
`
`adam
`
`YsaSMONs
`
`
`
`NOlLdIdDSENSANIINO
`
`Tan
`
`ONYNOLLYOMddV¥
`ONIWMOVEL
`
`
`
`
`
`S199NOILVAILOYSID9
`
`
`
`
`
`NOILVYOILNAHLAYYaASn=n
`
`NOWaAvd
`
`ASNOHONIYV319
`
`
`
`YaAdasasvavLVvd
`
`NOW3VG
`
`0¢
`
`VS!
`
`“ONINVA19
`
`ASNOH
`
`ONIMOVEL
`
`MCM Ex. 2002, pg. 5
`
`MCM Ex. 2002, pg. 5
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 5 of 24
`
`US 6,516,416 B2
`
`USAGE
`DAEMON
`
`
`
`
`
`URL TRACKING
`DAEMON
`
`58
`
`USER
`AUTHENTICATION
`DAEMON
`
`
`
`
`
`
`
`CLEARNGHOUSE
`DATABASE SERVER
`
`FIG 5
`
`CLEARNGHOUSE
`ADMNSTRATION
`SOFTWARE
`
`MCM Ex. 2002, pg. 6
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 6 of 24
`
`US 6,516,416 B2
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`74
`
`ONLINE
`APPLICATION
`
`
`
`ONNE
`ACTIVATION
`
`SESSION MANAGER
`
`USER
`AUTHENTICATION
`DAEMON
`
`CLEARINGHOUSE
`DATABASE
`SERVER
`
`
`
`
`
`56
`
`CREDIT CARD
`PROCESSING CG
`
`
`
`SESSION
`MANAGER
`
`SITE ADMINISTRATION
`CG'S
`
`FG 16
`
`MCM Ex. 2002, pg. 7
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 7 of 24
`
`US 6,516,416 B2
`
`FG 7
`
`FIG. 8
`
`FG. 9
`
`SESSION MANAGER
`
`URL TRACKNG
`CGS
`
`CEARNGHOUSE
`ADMNSTRATION
`SOFTWARE
`
`USAGE
`DAEMON
`
`URL TRACKING
`DAEMON
`
`ODBC
`DRIVER
`
`CLEARINGHOUSE
`DATABASE
`SERVER
`
`CLEARNGHOUSE
`DATABASE
`SERVER
`
`CLEARINGHOUSE
`DAABASE
`SERVER
`
`
`
`
`
`
`
`
`
`69
`
`66
`
`ISA
`WEB
`SUBSCRIBER
`BROWSER
`SOFTWARE
`
`ISA
`WEB SERVER SHARED
`OBJECT
`
`LOG-N CGIS
`
`
`
`
`
`
`
`
`
`FIG 10
`
`SESSIONMANAGER
`
`RE-AUTHENTICATION
`CGIS
`
`70
`
`52
`
`MCM Ex. 2002, pg. 8
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 8 of 24
`
`US 6,516,416 B2
`
`sER SHARED
`
`SA
`
`OBJECT
`
`69
`
`
`
`
`
`FIG 11
`
`RE-AUTHENTICATION
`CG'S
`
`STE
`ADMINISTRATION
`CGI'S
`
`AUTHENTICATION
`DAEMON
`
`
`
`58
`
`
`
`69
`
`66
`
`
`
`
`
`
`
`
`
`
`
`
`
`START
`LOG-N
`WEB
`ISA
`SA
`CHALLENGE
`BROWSER SUBSCRIBER LocIN comMAND WEBSERVER SHARED
`SOFTWARE LOG-IN COMMAND
`LOG-N
`PARAMETERS
`
`
`
`
`
`68
`
`SESSION MANAGER
`
`
`
`MCM Ex. 2002, pg. 9
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 9 of 24
`
`US 6,516,416 B2
`
`69
`
`WEB
`BROWSER
`
`SA
`SUBSCRIBER
`SOFTWARE
`
`OG-N
`
`ENCRYPTED
`DGITAL ID
`
`SA
`WEBSERVER SHARED
`OBJECT
`
`
`
`
`
`RE-AUTHENTICATION
`CG'S
`
`F.G. 13
`
`
`
`SESSION
`MANAGER
`
`MCM Ex. 2002, pg. 10
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 10 of 24
`
`US 6,516,416 B2
`
`69
`
`SA
`WEB
`SUBSCRIBER
`BROWSERS WA
`
`WEB
`SERVER
`
`SA
`SHARED
`OBJECT
`
`66
`
`
`
`
`
`ONLINE
`APPLICATION
`CGI'S
`
`
`
`
`
`ONLINE
`ACTIVATION
`CGIS
`
`PASSWORD CHANGE
`CGIS
`
`USER
`AUTHENTCATION
`DAEMON
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`WEB
`BROWSER
`
`ISA
`SUBSCRIBER
`SOFTWARE
`
`
`
`
`
`69
`
`66
`
`STARTURL TRACK
`
`CHALLENGE
`
`WEB
`RL TRACK COMMAND SERVER
`
`SA
`SHARED
`OBJECT
`
`URL TRACKDATA
`
`FIG 15
`
`
`
`SESSONMANAGER
`
`
`
`72
`
`URL TRACKING
`CG'S
`
`URL TRACKING
`DAEMON
`
`
`
`MCM Ex. 2002, pg. 11
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 11 of 24
`
`US 6,516,416 B2
`
`USER REOUESS
`ACCESS TO A
`PROTECTED
`RESOURCE
`
`SERVER
`APPLICATION
`FORWARDS
`REQUEST TO
`CENT
`AUTHENTICAOR
`
`1OO
`
`102
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`SESSION-DIN
`COMMUNICATION
`HEADERS2
`
`CLIENT
`AUTHENTCATOR
`SENDS CHECK
`SESSION (CS)
`MESSAGETO
`SESSION
`VALIDATOR
`
`SESSION
`VALIDATOR
`SEARCHESFOR
`SESSION-ENTRY IN
`ITSLIST OF ACTIVE
`SESSIONS
`
`ACTIVE
`SESSION-ENTRY
`FOUND?
`
`YES
`
`
`
`TRANSACTION
`SERVICE AND
`LOGGNG
`
`STARTING OF A SESSION
`
`110
`
`116
`
`CEN
`AUTHENCATOR
`DENIES PERMISSION
`TO SERVER
`APPLICATION TO
`SERVICE USERS
`RECUEST
`
`118
`
`120
`
`SESSION
`WALIDATOR
`SENDS
`UNSUCCESSFUL
`SESSION
`RESPONSE (SR) To
`CLENT
`AUTHENTICATOR
`
`22
`
`114
`
`
`
`SERVER
`APPLICATION
`NWOKES LOG-IN
`ENFORCERTO
`MAKE THE USER
`LOG-IN
`
`LOG-IN ENFORCER
`SENDS START
`LOGIN MESSAGETO
`CLIENT MESSENGER
`THROUGH CLIENT
`APPLICATION
`
`CLIENT MESSENGER
`SENOSA RANDOM
`CHALLENGE TO
`LOG-NENFORCER
`HROUGH SERVER
`APPLICATION
`
`LOG-N ENFORCER
`ENCRYPTS SERVER
`APPLICATION
`PASSWORD WITH
`CLIENT
`MESSENGER'S
`CHALLENGE
`
`
`
`CLIENT MESSENGER
`DISPLAYS SERVER
`AUTHENTICAON
`ERROR MESSAGE TO
`THE USER
`
`
`
`
`
`132
`
`NO
`
`128
`
`SERVER
`AUTHENTICATION
`SUCCESSFUL2
`
`YES
`
`130
`
`LOG-1N, USER
`AUTHENTICATION,
`AND SESSION
`INITIATION
`PROCESS
`
`124
`
`LOG-IN ENFORCER SENDS
`LOG-IN COMMAND AND
`ITS ENCRYPTED
`PASSWORD TO CLEN
`MESSENGER WITH ANEW
`RANDOM CHALLENGE OF
`ITS OWN
`
`FIG. 17
`
`116
`
`126
`
`
`
`
`
`CENT MESSENGER
`NWOKES SERVER
`AUTHENCATOR TO
`AUTHENTICATE SERVER
`APPLICATION'S
`PASSWORD
`
`MCM Ex. 2002, pg. 12
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 12 of 24
`
`US 6,516,416 B2
`
`i140
`
`156
`
`USER AUTHENTICATION
`SERVER ACCESSES THE
`USER'S SUBSCRIPTION
`INFORMATION FROM ITS
`DATABASE AND
`AUTHENTICATES THE
`OG-N PARAMETERS
`
`172
`
`
`
`USER
`AUTHENTCATION
`SERVER SENDSA
`SUCCESSFUL
`AUTHENTICATION
`RESPONSE (AR)
`MESSAGE TO SESSION
`NITIATOR
`
`160
`
`YES
`
`162
`
`SESSION INITIATOR
`ENTERS ANEW
`SESSION-ENTRY FOR
`THE USER IN ITS LIST
`OF ACTIVE SESSIONS
`WITH A UNICUE
`SESSION-ID
`
`CLIENT MEsseNGER
`NWOKES OG-N
`INTERFACE TO PROMPT
`USER FOR USERNAME
`AND PASSWORD
`142
`USER INPUTS
`USERNAME AND
`PASSWORD
`
`144
`LOG-1N INTERFACE
`RECQUESS ACCESS KEY
`INTERFACE TO POLL
`FOR ACCESS KEY
`146
`ACCESS KEY INTERFACE
`READS THE DIGITAL ID
`FROM ACCESS KEY AND
`SENDS TO LOG-IN
`INTERFACE
`
`148
`LOG-1N INTERFACE
`SENDS THE LOG-IN
`PARAMETERS
`(USERNAME,
`PASSWORD, AND
`DIGITALID) TO CLIENT
`CRYPTOGRAPHER
`150
`
`CLENT
`CRYPTOGRAPHER
`ENCRYPTS THE
`PASSWORD AND THE
`DGITALID USING THE
`CHAL LENGE SENT BY
`OG-IN ENFORCER AND
`SENDS THEM TO THE
`LOG-N ENFORCER
`152
`LOG-IN ENFORCER
`SENDS INITIATE
`SESSION (IS) MESSAGE
`TO SESSION INITIATOR
`WITH THE ENCRYPTED
`LOG-N PARAMETERS
`154
`SESSION INITIATOR
`SENDS AUTHENTICATE
`LOG-IN (AL) MESSAGE
`TO CLEARINGHOUSE'S
`USER AUTHENTICATION
`SERVER
`
`
`
`
`
`
`
`
`
`
`
`
`
`USER
`AUTHENTCATION
`No SERVER SENDS AN
`UNSUCCESSFU
`AUTHENTICATION
`RESPONSE (AR) TO
`SESSION INITIATOR
`
`
`
`174
`
`SESSION INITIATOR
`SENDS AN
`UNSUCCESSFUL
`SESSION
`RESPONSE (SR) TO
`LOG-IN ENFORCER
`
`LOG-NENFORCER
`DENES
`PERMISSION TO
`SERVER
`APPLICATION TO
`SERVICE THE
`USER'S RECQUEST
`FOR PROTECTED
`CONTENT
`
`164
`
`76
`
`SESSION INITIATOR
`SENDSA SUCCESSFUL
`SESSION RESPONSE
`(SR) TO LOG-IN
`ENFORCER
`
`OSNENFORCE |
`ENTERS THE USER'S
`NEW SESSION-DIN
`THE COMMUNCATION
`HEADERSFOR
`REAUTHENTCATION
`PURPOSES
`
`OG-NENFORCER 168
`GRANTS PERMISSION
`TO SERVICE
`APPLICATION TO
`SERVICE THE USER'S
`REQUEST FOR
`PROTECTED CONTENT
`
`TRANSACTION
`SERVICE AND
`LOGGNG
`
`170
`
`178
`
`SERVER
`APPLICATION
`SENDS BACKAN
`ERROR RESPONSE
`TO THE USER
`
`LOG-IN, USER
`AUTHENTICATION,
`AND SESSION
`INITIATION
`FIG. 18
`
`MCM Ex. 2002, pg. 13
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 13 of 24
`
`US 6,516,416 B2
`
`TRANSACTION SERVICE AND LOGGING
`
`
`
`SESSION VALIDATOR
`ENTERS ANEW
`TRANSACTION-ENTRY
`FOR THE USER'S
`CURRENT SESSION
`
`SESSION VALIDATOR
`SENDSA SUCCESSFUL
`SESSION-RESPONSE
`(SR) TO CLIENT
`AUTHENTICATOR
`
`CLENT
`AUTHENTCATOR
`GRANTS PERMISSION
`TO SERVER
`APPLICATION TO
`SERVICE THE USER'S
`RECUEST
`
`SERVER APPLICATION
`INVOKES THE
`APPROPRIATE
`SERVICE FUNCTION TO
`SEND THE PROTECTED
`CONTENT TO THE
`USER
`
`SERVER APPLICATION
`NWOKES
`TRANSACTION
`MONITOR TO SEND AN
`END TRANSACTION
`(ET). MESSAGE TO
`SESSION VALIDATOR
`
`SESSION VALIDATOR
`UPDATES THE
`TRANSACTION ENTRY
`WITH THE
`TRANSACTION
`SPECIFIC
`INFORMATION IN THE
`ET MESSAGE
`
`18O
`
`182
`
`184
`
`186
`
`188
`
`190
`
`FIG. 19
`
`MCM Ex. 2002, pg. 14
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 14 of 24
`
`US 6,516,416 B2
`
`REAUTHENTCATION
`FG. 20
`
`A USER WHAN
`ACTIVE SESSION
`REOUESTS SERVER
`APPLICATION FORA
`PROTECTED
`RESOURCE
`
`
`
`
`
`
`
`
`
`
`
`SERVER
`APPLICATION
`FORWARDS
`RECQUEST TO
`CENT
`AUTHENTICATOR
`
`
`
`SESSION-I) N
`COMMUNICATION
`HEADERSP
`
`CLIENT
`AUTHENTICATOR
`DENES
`PERMISSIONO
`SERVER
`APPLICATION TO
`SERVICE THE
`REGUEST
`
`208
`
`SERVER
`APPLICATION
`DIRECTS THE USER
`TOLOG-N
`ENFORCERTO
`STARTA NEW
`SION
`SES
`
`
`
`
`
`
`
`CLENT MESSENGER
`SENDS AN
`UNSUCCESSFUL
`POLLING MESSAGE TO
`ACCESSKEY
`VALIDATOR WHO
`REDIRECTS THE USER
`TOLOG-IN ENFORCER
`
`222
`
`
`
`SESSION
`WALDATOR
`CHECKSFOR
`THE TIME OF
`LAST POLNG
`OF USER'S
`MACHINE FOR
`ACCESS KEY
`
`218
`
`220
`
`
`
`DURATION
`EXCEEDED
`PRESE TIME
`LIM2
`
`NO
`
`YES
`
`226
`
`228
`
`SESSION WALIDATOR
`SENDS A SESSION
`RESPONSE (SR) TO
`CLENT AUTHENICATOR
`ASKING TO POLFOR
`USER'S ACCESS KEY
`
`224
`
`CLIENT AUTHENTCATOR
`NWOKES ACCESS KEY
`WALDAOR
`
`ACCESS KEY WALIDAOR
`SENDS CHECKLOGN
`MESSAGE TO CLENT
`MESSENGER WITHA
`NEW RANDOMLY
`GENERATED
`CHALLENGE
`
`TRANSACTION
`SERVICE AND
`LOGGING
`
`CLENT MESSENGER
`NWOKES LOG-IN
`NTERFACE
`
`170
`
`230
`
`232
`
`LOG-IN INTERFACE
`NWOKES ACCESS KEY
`NERFACE
`
`ACCESS KEY INTERFACE
`POLLS THE USER'S
`MACHINE FOR THE
`ACCESS KEY
`
`234
`
`NO
`
`ACCESS KEY
`AACHED TO USER'S
`MACHINE
`
`
`
`ACCESS KEY
`INTERFACE SENDS
`ERROR MESSAGE
`TOOG-IN
`NERFACE
`
`YES
`
`SESSION RENEWAL
`
`2OO
`
`210
`
`CLIEN
`AUTHENTCATOR
`SENDS CHECK
`SESSION (CS)
`MESSAGETO
`SESSION
`VALIDAOR
`
`SESSION VALIDATOR
`SEARCHES FOR
`SESSION-ENTRY IN
`TSLIST OF ACTIVE
`SESSIONS
`
`ACTIVE
`SESSION-ENTRY
`FOUND?
`
`16
`
`SESSION VALIDATOR
`SENDS AN
`UNSUCCESSFUL
`SESSION RESPONSE
`(SR) TO CLIENT
`AUTHENTCATOR
`
`LOG-IN INTERFACE
`ERROR MESSAGE
`TO CLIENT
`MESSENGER
`
`242
`
`240
`
`238
`
`236
`
`MCM Ex. 2002, pg. 15
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 15 of 24
`
`US 6,516,416 B2
`
`SESSION
`RENEWAL
`
`FG 21
`
`262
`
`
`
`SESSION VALIDATOR
`SENDS AN
`UNSUCCESSFUL SESSION
`RESPONSE (SR) TO
`ACCESS KEY WADATOR
`
`ACCESS KEY WALIDATOR
`REDIRECTS USERO
`OG-IN ENFORCERTO
`SARA NEW SESSION
`
`264
`
`ACCESS KEY INTERFACE
`READS THE DIGITAL D AND
`SUBMTS T TO LOG-N
`NTERFACE
`
`LOG-IN INTERFACE
`SUBMSDGITAL ID TO
`CLIENT CRYPTOGRAPHER
`
`
`
`
`
`CLIENT CRYPTOGRAPHER
`ENCRYPTS GITALID USING
`THE CHALLENGESENT BY
`ACCESS KEYVALIDATOR AND
`SENDS IT TO ACCESS KEY
`VALIDATOR
`
`ACCESS KEY WADATOR
`SENDS RENEW SESSION
`(RS) MESSAGE TO SESSION
`VALIDATORWTH
`ENCRYPTED DIGITAL ID
`
`250
`
`252
`
`254
`
`256
`
`SESSION VALIDATOR FINDS
`USER'S SESSION-ENTRY
`AND WALIDATES THE
`ENCRYPED DIGITAL ID
`
`258
`
`266
`
`NO
`
`
`
`YES
`VALIDATION
`sucCESSFU-1
`260
`
`SESSION VALIDATOR
`UPDATES THE SESSION
`|EYS.NEEAST
`
`170
`
`
`
`TRANSACTION
`SERVICE AND
`LOGGING
`
`SESSION WALDATOR SENDS
`A SUCCESSFUL SESSION
`RESPONSE (SR) TO ACCESS
`KEYVALIDATOR
`
`268
`270
`
`ACCESS KEY WALIDATOR
`GRANTS PERMISSION TO
`SERVER APPLICATION TO
`PROCESS USER'S REOUEST
`FOR PROTECTED RESOURCE
`
`MCM Ex. 2002, pg. 16
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 16 of 24
`
`US 6,516,416 B2
`
`28O
`
`282
`
`START FROM HE
`FIRST SESSION-ENTRY
`OF SESSION LIST
`
`SESSION TERMINATOR
`CHECKS THE
`DIFFERENCE BE WEEN
`THE CURRENT TIME AND
`THE TIME OF LAST
`REOUEST
`
`SESSION
`TERMINATION
`
`FIG. 22
`
`TIME DIFFERENCE
`EXCEEDED IDLE TIME
`MTP
`
`290
`
`292
`
`294
`
`SESSION TERMINATOR
`AGS THE SESSION
`ENTRY AS NACTIVE
`
`SESSION TERMINATOR
`SENDS ALL SESSION
`USAGE DATA TO
`CLEARNGHOUSE'S
`USAGE DATASERVER
`
`USAGE DAA. SERVER
`UPDATES
`CLEARINGHOUSE
`DATABASE WITH THE
`SESSIONUSAGE DATA
`
`DATABASE
`UPDATE
`UCCESSFUL
`
`USAGE DATASERVER
`SENDS UNSUCCESSFUL
`MESSAGE CONFIRMATION
`(MC) TO SESSION
`TERMINATOR
`
`SESSION TERMINATOR
`SENDS ERROR MESSAGE
`TOSYSTEM
`ADMNSTRATOR
`
`USAGE DATASERVER
`SENDS SUCCESSFUL
`MESSAGE
`CONFIRMATION (MC) TO
`SESSION TERMINATOR
`
`SESSION TERMINATOR
`REMOVESSESSION
`ENTRY FROM SESSION
`LST
`
`
`
`
`
`
`
`288
`
`FETCH NEXT SESSION-
`ENTRY INSESSION
`LIST
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`LAST SESSION-
`ENTRY IN THE
`SESSION LIST?
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`MCM Ex. 2002, pg. 17
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 17 of 24
`
`US 6,516,416 B2
`
`NETWORK
`USAGE
`TRACKING
`
`FIG 23
`
`310
`
`312
`
`314
`
`316
`
`USAGE TRACKENG COLLECTOR
`SENDS INTATE USAGE
`TRACKENG MESSAGE TO CLIENT
`MESSENGER
`
`CLIENT MESSENGER GENERATES
`RANDOM CHALLENGE AND SENDS
`IT TO USAGE TRACKENG
`COLLECTOR
`
`USAGE TRACKING COLLECTOR
`ENCRYPTS SERVER
`APPLICATION'S PASSWORD
`USNG THE RANDOM CHALLENGE
`AND SENDS A USAGE TRACK
`COMMAND TO CLENT
`MESSENGER WITH THE
`ENCRYPTED PASSWORD
`
`
`
`CLENT MESSENGERINVOKES
`SERVER AUTHENTICATOR TO
`AUTHENTCATE SERVER
`APPLICATION'S PASSWORD
`
`
`
`NO
`
`
`
`SERVER
`AUTHENTCATION
`SUCCESSFUL?
`
`3.18
`
`YES
`
`
`
`CLIEN MESSENGER
`DISPLAYS SERVER
`AUTHENTICATION ERROR
`MESSAGE TO USER
`
`320
`
`322
`
`CLIENT MESSENGERINVOKES
`NETWORK USAGE TRACKERTO
`COLLECT ALL NETWORK USAGE
`DATA AND SENDS TO USAGE
`TRACKING COLLECTOR
`
`324
`
`326
`
`
`
`NETWORKUSAGE
`TRACKING SERVER
`UPDATES THE
`CLEARNGHOUSE
`DATABASE WITH THE
`NEWORKUSAGE DATA
`
`USAGE TRACKING
`COLLECTOR SENDS
`NETWORK USAGE DATA TO
`CLEARNGHOUSE'S
`NETWORK USAGE
`TRACKNG SERVER
`
`MCM Ex. 2002, pg. 18
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 18 of 24
`
`US 6,516,416 B2
`
`
`
`
`
`
`
`USERREGUESTS CONTENTS
`FROM SERVER APPLICATION
`THROUGHCLIENT APPLICATION
`
`330
`
`332
`
`334
`
`SERVER APPLICATON
`SENDS CONTENTS TO
`CLENT APPLICATION
`
`CLIENT APPLICATION DISPLAYS
`CONTENTS TO USER WITH
`OPTIONS TO PRINT, SAVE, AND/OR
`CU/COPYFPASTE
`
`
`
`
`
`
`
`
`
`
`
`USER CHOSE
`PRINT, SAVE, OR
`CUTICOPY1PASTE2
`
`CLIENT APPLICATION
`DISPLAYING CONTENTS
`WITHOUT COPYRIGHT
`
`PROTECTION
`
`FG 24
`
`338
`
`CLENT APPLICATION RECOGNIZES
`USER'S SELECTION
`IN THE FORM OF A UNIQUE MESSAGE
`OF ETHER PRINT, SAVE,
`OR
`CUT/COPY1PASTE COMMAND
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`END
`
`35
`
`CLIEN APPLICATION
`INVOKES PRINT
`FUNCION
`
`S.
`MESSAGE PRINT
`MESSAGEP
`
`CLENT APPLICATION
`NWOKES SAVE
`FUNCTON
`
`IS
`MESSAGE SAVE
`MESSAGE
`
`342
`
`344
`
`CLIENT APPLICATON
`NWOKES CUTICOPY
`PASTE FUNCION
`
`CUTICOPY1PASTE
`MESSAGE
`
`MCM Ex. 2002, pg. 19
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 19 of 24
`
`US 6,516,416 B2
`
`
`
`
`
`USER RECUESTS
`COPYRIGHTED
`CONTENS FROM SERVER
`APPLICATION THROUGH
`CLIENT APPLICATION
`
`360
`
`CEN MESSENGER
`DETERMNES
`COPYRIGHT
`PROTECTION LEVEL
`FROM COPYRIGHT
`
`SEEN CLIENT APPLICATION
`DISPLAYING
`CONTENTS
`WITH COPYRIGHT
`PROTECTION
`
`CONTROLLER
`
`374
`
`CONTENT
`CONTROLERSUB
`CLASSES CLENT
`APPLICATION TO GAIN
`CONTROL OF CLIENT
`APPLICATION
`FUNCTIONS
`
`376
`
`FIG. 25
`
`362
`
`SERVER APPLICATON
`AUHENTCATES USER'S
`SESSION
`THROUGH CENT
`AUTHENTICATOR
`
`364
`
`SERVER APPLICATION
`READS COPYRIGHT LEVE
`FOR COPYRIGHTED
`CONTENTS FROM
`CONTENT HEADERS
`
`366
`
`SERVER APPLICATION
`PUTS COPYRIGHT
`INSTRUCTIONN
`COMMUNCATION HEADERS
`
`
`
`
`
`
`
`
`
`
`
`
`
`SUB-CLASSES CLENT
`APPLICATION
`DISPLAYS
`COPYRIGHTED
`CONTENTS TO USER
`
`378
`
`368
`
`
`
`SERVER APPLICATION
`SENDS COPYRIGHTED
`CONTENTS TO CLENT
`APPLICATION
`
`
`
`
`
`
`
`
`
`USER CHOSE
`PRINT, SAVE, OR
`CUTICOPYI
`PASTEP
`
`
`
`384
`
`
`
`COPYRIGHT
`PROTECTION
`PROCESS
`
`370
`
`CLIENT APPLICATION
`FINDS COPYRIGHT
`NSTRUCONN
`COMMUNCATION HEADERS
`
`372
`
`CLIENT APPLICATION
`INVOKES CLENT
`MESSENGER
`
`END
`
`MCM Ex. 2002, pg. 20
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 20 of 24
`
`US 6,516,416 B2
`
`SUB-CLASSED CENT
`APPLICATION GETS
`USER'S CHOICE
`
`
`
`
`
`
`
`
`
`
`
`USER
`CHOSE PRINT,
`SAVE, OR CUTf
`COPYIPASTE 2
`
`
`
`
`
`NO
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`390
`
`SUB-CLASSED
`CLEN APPLICATION
`RECOGNIZED USER'S
`SELECTIONASA
`UNIOUE MESSAGE
`FOREITHER PRINT,
`SAVE, OR CUTICOPY1
`PASTE
`
`396
`
`COPYRIGHT
`PROTECTION
`PROCESS
`
`SUB-CLASSED CLIENT
`APPLICATION
`FORWARDS USER
`MESSAGE TO
`CONTENT
`CONTROLLER
`
`398
`
`FIG. 26
`
`IS
`MESSAGE PRINT
`MESSAGE2
`
`
`
`
`
`404
`
`CONTENT
`YES 1 COPYRIGHTNys CONTROLLER
`LEVE ALLOWS
`INVOKES
`FUNCTION
`
`402
`
`406
`
`
`
`NO
`CONTENT CONTROLLER
`DISPLAY'S COPYRIGHT NOTICE
`AGAINST PRINTING CONTENTS
`
`IS
`MESSAGE SAVE
`MESSAGE2
`
`YES
`
`
`
`
`
`COPYRIGHT
`LEVELALLOWS
`SAVE2
`
`YES
`
`414
`
`NO
`
`N 41
`O
`
`CONTENT CONTROLLER
`DISPLAYS COPYRIGHT NOTICE
`AGAINST SAVING CONTENTS
`
`412
`CONTENT
`CONTROLLER
`INVOKES
`SAVE
`FUNCTON
`
`S MESSAGE
`CUT/COPY/PASTE
`MESSAGE2
`
`
`
`
`
`
`
`YES
`
`COPYRIGHT
`LEVELALLOWS
`UTICOPY/PASTE2
`
`YES
`
`
`
`CONTENT
`CONTROLLER
`NWOKES CUT!
`COPY/PASTE
`FUNCTION
`
`416
`
`NO
`
`418
`
`CONTENT CONTROLLER
`DISPLAYS COPYRIGHT NOTICE AGAINST 422
`CUTTING/COPYING/PASTING CONTENTS
`
`MCM Ex. 2002, pg. 21
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 21 of 24
`
`US 6,516,416 B2
`
`PUG-IN TRAPS
`THE WINDOWS
`MESSAGE FOR
`USER COMMAND
`
`444
`
`EXAMPLE COPYRIGHT
`PROTECTION IN WEB
`ENVIRONMENT
`FIG 27
`
`USER INPUTSURL
`FOR COPYRIGHTED 4
`HTML USNGWEB
`BROWSER
`
`432
`
`WEBSERVER SENDS
`COPYRIGHTED HTML
`DOCUMENT
`
`
`
`
`
`
`
`
`
`WEB BROWSER FINDS YES
`EMBEDTAG FOR
`COPYRIGHT LUG-N
`AND NWOKES THE
`PLUG-N
`
`
`
`434
`
`446
`
`
`
`452
`
`IS
`MESSAGE
`FOR
`PRINT?
`
`YES
`
`COPYRIGHT
`LEVELALLOWS
`
`YES
`
`454
`
`PLUG-NLETS
`WEB
`BROWSER
`PROCESS THE
`MESSAGE
`
`436
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`PLUG-IN READS
`COPYRIGHT
`PARAMETER TO FND
`COPYRIGHT LEVEL
`
`438
`
`PLUG-IN SUB-CASSES
`THE WEB BROWSER
`WINDOW WHERE HTML
`CONTENTS ARE
`DISPLAYED
`
`CHOSE WEB
`BROWSER'S
`PRINT, SAVE,
`OR CUTICOPYI
`PASTE
`OPTIONS
`
`
`
`END
`
`NO
`
`PLUG-N DISPLAYS
`COPYRIGHT MESSAGE
`AGAINST PRENTING
`
`456
`
`IS
`MESSAGE
`
`YES
`
`
`
`458
`
`COPYRIGH
`LEVE ALOWS
`SAVEP
`
`YES
`
`460
`
`PLUG-INLETS
`WEB
`BROWSER
`PROCESS THE
`SAVE
`MESSAGE
`
`NO
`
`
`
`PLUG-INDISPLAYS
`COPYRIGHT MESSAGE
`AGAINST SAVING
`
`462
`
`
`
`450
`GEssage
`FoR cut YYES
`COPY!
`
`
`
`466
`
`464
`
`PLUG-INES
`WEB
`LEVEL ALLOWS Ya YES ESE
`CUTICOPY!
`PASTE?
`CUT/COPY
`PASTE
`MESSAGE
`
`PUG-INOISPLAYS
`COPYRIGHT MESSAGE
`AGAINST CUTICOPYFPASTE
`
`468
`
`MCM Ex. 2002, pg. 22
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 22 of 24
`
`US 6,516,416 B2
`
`PORT
`INTERFACE
`
`DATABUS
`BUFFER
`
`MESSAGE
`DGEST
`ENCRYPTION
`ENGINE
`
`NON
`SENA
`PURPOSE
`MEMORY
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`54
`
`READ
`WRITE
`CONTROL
`LOGIC
`
`
`
`CONTROL
`REGISTER
`
`PASSWORD
`REGISTER
`
`PASSWORD
`COMPARATOR
`
`NON
`WOLATLE
`PASSWORD
`MEMORY
`
`STATUS
`REGISTER
`
`488
`
`FG. 28
`
`ACCESS KEYBLOCKDAGRAM
`
`MCM Ex. 2002, pg. 23
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 23 of 24
`
`US 6,516,416 B2
`
`MULTIPLE SASERVERS WITH A
`SINGLE SA CLEARNGHOUSE
`
`
`
`69
`
`
`
`
`
`
`
`
`
`SA
`SUBSCRBER
`
`
`
`
`
`WEBSERVER 1
`
`SASERVER 1
`
`34
`
`(BOSTON)
`
`69
`
`WEBSERVER 2
`
`SASERVER 2
`
`34
`
`(OMAHA)
`
`WEBSERVER
`
`
`
`
`
`SASERVER in
`
`(SAN JOSE)
`
`34
`
`
`
`
`
`
`
`30
`
`(OMAHA)
`
`SA
`CLEARNGHOUSE
`
`ENTERPRISE-VVDE
`SUBSCRIPTION DATABASE
`USAGE DATA
`WAREHOUSE
`DEMOGRAPHCS DATA
`WAREHOUSE
`
`F.G. 29
`
`MCM Ex. 2002, pg. 24
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 24 of 24
`
`US 6,516,416 B2
`
`MULTIPLE SA SERVERS WITH
`MULTIPLE SA CLEARINGHOUSES
`
`69
`
`.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`WEB SERVER 1
`
`S
`A SERVER 1
`
`(BOSTON
`)
`
`34
`
`69
`
`SA
`SUBSCRIBER "a"
`
`WEB SERVER 2
`
`SASERVER 2
`
`34
`
`(OMAHA)
`
`
`
`
`
`SA
`SUBSCRIBER"b"
`
`WEB SERVER
`
`SASERVERn
`
`..
`
`(SAN JOSE)
`
`
`
`.
`
`34
`
`30
`
`SA
`CLEARINGHOUSEA
`
`(OMAHA)
`
`
`
`SA
`CLEARNGHOUSEB
`
`(CHICAGO)
`
`FIG. 30
`
`MCM Ex. 2002, pg. 25
`
`
`
`1
`SUBSCRIPTION ACCESS SYSTEM FOR USE
`WITH AN UNTRUSTED NETWORK
`
`The present invention generally relates to Security Sys
`tems for use with computer networks and more particularly
`to a Subscription access System that is particularly adapted
`for use with untrusted networks, Such as the Internet.
`There are many information providers which are con
`nected to the Internet or some other untrusted network. Such
`information providers may provide information without
`charge for certain information that can be accessed by any
`user that has access to the network. However, the same
`information provider may want to generate revenue from
`Subscription Services and also to protect its information
`assets. In order to generate revenue, there must be control
`Over user access, rights management, billings, usage track
`ing and even demographic data. For an information provider
`to publish content on an untrusted network Such as the web,
`it must have access to a web server which connects to the
`Internet. Any user with a web browser can then access the
`web site and view its contents. If an organization is a private
`corporate network and wants to display parts of its corporate
`data on its web site, the organization can make the private
`network available to the web server through a firewall
`computer. This enables the corporate data that is desired to
`be displayed without the private network being accessible to
`the rest of the web.
`To implement a Subscription acceSS System for use over
`the web, information providers need to implement authen
`tication and usage tracking. Authentication involves provid
`ing restricted access to the contents that are made available
`and this is typically implemented through traditional user
`name-password Schemes. Such schemes are vulnerable to
`password fraud because Subscribers can share their user
`names and password by word of mouth or through Internet
`news groups, which obviously is conducive to fraudulent
`access and loSS of revenue. Usage tracking involves collect
`ing information on how Subscribers are using a particular
`subscription web site, which typically now involves web
`Server access logs which tell what web resources were
`accessed by particular addresses. This information is often
`inadequate to link web site usage and a particular Subscriber
`who used the web site. There is also no generic transaction
`model that defines a web transaction, which contributes to
`the difficulty in implementing a Subscription model based
`upon usage.
`Accordingly, it is a primary object of the present inven
`tion to provide an improved Subscription access System for
`use in an untrusted network, Such as the Internet, which
`System provides effective authentication and usage tracking,
`among other features.
`Another object of the present invention is to provide Such
`an improved Subscription access System which provides
`additional features that combine elements of Subscriber
`authentication, Subscriber authorization, demographics cap
`ture and rights management to effectively protect the assets
`of an online information provider.
`More particularly, it is an object of the present invention
`to provide Such an improved Subscription access System that
`provides Secure access through either a one factor
`(conventional user name and password) or two factor
`authentication (using an optional hardware access key with
`a unique digital ID), thus enabling a Superior and effective
`Subscriber authentication which only allows registered Sub
`Scribers to access protected contents and Subscriber autho
`rization which determines the Subscriber's access level
`within a protected Site.
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`US 6,516,416 B2
`
`2
`Yet another object of the present invention is to provide
`Such a System that has usage tracking capability for collect
`ing all of the Subscriber's usage data and Storing it in a
`Structured query language (SQL) database under a generic
`transaction model.
`Another object of the present invention is to provide Such
`a System which enables demographic capture to Store a
`Subscriber's network usage history.
`Still another object of the present invention is to provide
`Such a System that has the capability of preventing content
`from being copied by controlling the functionality of a client
`application, Such as a web browser, while displaying pro
`tected contents. More particularly, the functionality is con
`trolled in a manner whereby copyrighted content, for
`example, can be identified and the client application can be
`controlled to preclude Such functionality as cut and paste,
`copy or print. Such functionality can be controlled on a
`hierarchical basis.
`Still another object of the present invention is to provide
`Such a System that easily administerS Subscriptions and
`Subscribers through a graphical user interface client/server
`application.
`Other objects and advantages will become apparent upon
`reading the following detailed description, while referring to
`the attached drawings.
`DESCRIPTION OF THE DRAWINGS
`FIG. 1 is a block diagram of the Subscription access
`System embodying the present invention, wherein a Sub
`Scription acceSS Server is part of a local area network, with
`the Server being connected to the Internet and to the local
`area network via a firewall;
`FIG. 2 is a functional block diagram of the Subscription
`acceSS System embodying the present invention and illus
`trating the functional interaction of components of the
`System and a Subscriber;
`FIG. 3 is a more detailed block diagram of the schema of
`the present invention;
`FIG. 4 is a Software block diagram illustrating the System
`architecture of the preferred embodiment in the web
`environment, also known as the Internet Subscription
`Access (ISA) system;
`FIG. 5 is a functional block diagram illustrating the
`Structure and operation of the clearinghouse database Server
`process of the preferred embodiment;
`FIG. 6 is a functional block illustrating the structure and
`operation of the clearinghouse user authentication daemon
`of the preferred embodiment;
`FIG. 7 is a block diagram illustrating the structure and
`operation of the clearinghouse usage daemon of the pre
`ferred embodiment;
`FIG. 8 is a block diagram illustrating the structure and
`operation of the clearinghouse URL tracking daemon of the
`preferred embodiment;
`FIG. 9 is a functional block diagram illustrating the
`Structure and operation of the clearinghouse administration
`Software of the preferred embodiment;
`FIG. 10 is a functional block diagram illustrating the
`Structure and operation of the Server shared object of the
`preferred embodiment;
`FIG. 11 is a functional block diagram illustrating the
`Structure and operation of the Server Session manager of the
`preferred embodiment;
`FIG. 12 is a functional block diagram illustrating the
`Structure and operation of the Server login common gateway
`interface (CGI) program of the preferred embodiment;
`
`MCM Ex. 2002, pg. 26
`
`
`
`US 6,516,416 B2
`
`15
`
`25
`
`3
`FIG. 13 is a functional block diagram illustrating the
`Structure and operation of the Server reauthentication com
`mon gateway interface (CGI) program of the preferred
`embodiment;
`FIG. 14 is a functional block diagram illustrating the
`Structure and operation of the Server online application and
`activation common gateway interface (CGI) program of the
`preferred embodiment;
`FIG. 15 is a functional block diagram illustrating the
`Structure and operation of the Server URL tracking common
`gateway interface program of the preferred embodiment;
`FIG. 16 is a functional block diagram illustrating the
`Structure and operation of the Server Site administration
`common gateway interface program of the preferred
`embodiment;
`FIG. 17 is a flow chart of the operation of the system at
`the Start of a Session where a user requests access to a
`protected resource;
`FIG. 18 is a flow chart of the system illustrating the steps
`that are taken during the login, user authentication and
`Session initiation;
`FIG. 19 is a flow chart of the sequence of steps that occur
`during transaction Service and login;
`FIG. 20 is a flow chart of the sequence of steps taken
`during a reauthentication operation;
`FIG. 21 is a flow chart of the sequence of steps that occur
`during a Session renewal;
`FIG.22 is a flow chart of the sequence of steps that occur
`during a Session termination;
`FIG. 23 is a flow chart of the sequence of steps that are
`taken during network usage tracking,
`FIG. 24 is a flow chart of the sequence of steps that occur
`