(12) United States Patent
`Gregg et al.
`
`USOO6516416B2
`(10) Patent No.:
`US 6,516,416 B2
`(45) Date of Patent:
`*Feb. 4, 2003
`
`(54) SUBSCRIPTION ACCESS SYSTEM FOR USE
`WITH AN UNTRUSTED NETWORK
`
`(75) Inventors: Richard L. Gregg, Omaha, NE (US);
`Sandeep Giri, Omaha, NE (US);
`Timothy C. Goeke, Elkhorn, NE (US)
`(73) Assignee: Prism Resources, Omaha, NE (US)
`(*) Notice:
`This patent issued on a continued pros-
`ecution application filed under 37 CFR
`1.53(d), and is subject to the twenty year
`patent term provisions of 35 U.S.C.
`154(a)(2).
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`(21) Appl. No.: 08/872,710
`(22) Filed:
`Jun. 11, 1997
`(65)
`Prior Publication Data
`
`US 2002/0002688 A1 Jan. 3, 2002
`(51) Int. Cl. .................................................. H04L 9/00
`(52) U.S. Cl. .......................................... 713/201; 705/51
`(58) Field of Search .............................. 380/25, 21,49,
`380/30; 713/202, 201, 200; 705/54, 51
`References Cited
`
`(56)
`
`U.S. PATENT DOCUMENTS
`5,629,980 A * 5/1997 Stefik et al. .................. 705/54
`
`5,677.953 A * 10/1997 Dolphin ......................... 380/4
`5,708,780 A * 1/1998 Levergood et al. ......... 709/229
`5,765,152 A
`6/1998 Erickson ........................ 707/9
`6,006,332 A * 12/1999 Rabne et al. ............... 713/201
`
`* cited by examiner
`
`Primary Examiner Matthew Smithers
`(74) Attorney, Agent, or Firm-Greer, Burns & Crain, Ltd.
`(57)
`ABSTRACT
`A System and method is disclosed for controlling access to
`computer resources using an untrusted network. The System
`preferably uses a hardware key connected to each Subscriber
`client computer and adds Software to the Subscriber client
`computer and to the existing Server computer. A clearing
`house is provided to Store client and Server identification
`data, including demographic data, including URL data,
`usage data and billing information. The clearinghouse
`authenticates the Subscriber and Server computers before an
`operating Session occurs. For every new client Session, a
`login mechanism requires the client computer to Supply
`appropriate identification data, including a digital identifi
`cation generated by the hardware key. The login parameters
`are verified by the clearinghouse and a Session is then
`Started. The System is adapted to protect preselected content
`from being printed or copied by a client using a web
`browser. The System architecture permits a geographical
`distributed System of multiple Subscriber client computers,
`multiple Server computers and multiple clearinghouses
`which can interact with each other.
`
`31 Claims, 24 Drawing Sheets
`
`CLIENT
`APPICATION
`
`48
`?
`- - - - - - - - - - - - v - - - - - - - -
`
`- -
`
`36
`
`(sissCRIBER
`
`-
`- - - - - - - - - - - - - - - -
`CONTENT
`NETWORK
`CONTROL-
`USAGE
`LER
`TRACKER
`
`Y
`
`- - - - - - - - - - - - - - -
`
`SERVER
`APPLICATION
`
`- - - - - - -
`
`!
`
`-- - a
`
`CENT
`ACCESS
`LOG-IN
`ENORAUTHENTICE
`AOR
`WALIDATOR
`
`SERVER
`
`7
`
`s - - - - - - -
`:
`TRANSACTION
`dor:
`
`- - - - - :
`--
`USER ASELECLIENT
`UNTRUSD
`:
`MESSENGER
`NETWORK
`SESSION
`SE
`SERVCE
`ATOR
`viLiDATOR
`INITIATOR
`FUNCri6,
`- F - Y-11
`--- SESSION.
`-- LOG-N
`CLENT
`INTERFACE
`CRYPTC
`proTECTEDUN-PROTECTED
`MANAGER
`GrAPHER
`:
`SESSION ||
`CONTENTS
`CONTENTS
`-----------i---------------
`TERMINATOR
`DIGITAL
`ACCESS -
`KEY
`INTERFACE
`
`. . . .
`
`N-34
`
`Y.
`
`:
`
`
`
`:
`
`
`
`NETWORK
`JSAGE -
`TRACKING
`COLLECTOR
`
`
`
`!
`
`ACCESS
`
`KEY
`
`Y-54
`KEY__
`
`-3
`- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
`NETWORK
`SAS
`I
`USAGE
`AUTHENTICATION
`TRACKING
`SRWEr
`SERVER
`SERVER
`
`:
`
`N CLEARNGHOUSE
`VesV - -
`
`DATABASE
`----1
`
`MCM Ex. 2002, pg. 1
`
`
`Gregg et al.
`
`USOO6516416B2
`(10) Patent No.:
`US 6,516,416 B2
`(45) Date of Patent:
`*Feb. 4, 2003
`
`(54) SUBSCRIPTION ACCESS SYSTEM FOR USE
`WITH AN UNTRUSTED NETWORK
`
`(75) Inventors: Richard L. Gregg, Omaha, NE (US);
`Sandeep Giri, Omaha, NE (US);
`Timothy C. Goeke, Elkhorn, NE (US)
`(73) Assignee: Prism Resources, Omaha, NE (US)
`(*) Notice:
`This patent issued on a continued pros-
`ecution application filed under 37 CFR
`1.53(d), and is subject to the twenty year
`patent term provisions of 35 U.S.C.
`154(a)(2).
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`(21) Appl. No.: 08/872,710
`(22) Filed:
`Jun. 11, 1997
`(65)
`Prior Publication Data
`
`US 2002/0002688 A1 Jan. 3, 2002
`(51) Int. Cl. .................................................. H04L 9/00
`(52) U.S. Cl. .......................................... 713/201; 705/51
`(58) Field of Search .............................. 380/25, 21,49,
`380/30; 713/202, 201, 200; 705/54, 51
`References Cited
`
`(56)
`
`U.S. PATENT DOCUMENTS
`5,629,980 A * 5/1997 Stefik et al. .................. 705/54
`
`5,677.953 A * 10/1997 Dolphin ......................... 380/4
`5,708,780 A * 1/1998 Levergood et al. ......... 709/229
`5,765,152 A
`6/1998 Erickson ........................ 707/9
`6,006,332 A * 12/1999 Rabne et al. ............... 713/201
`
`* cited by examiner
`
`Primary Examiner Matthew Smithers
`(74) Attorney, Agent, or Firm-Greer, Burns & Crain, Ltd.
`(57)
`ABSTRACT
`A System and method is disclosed for controlling access to
`computer resources using an untrusted network. The System
`preferably uses a hardware key connected to each Subscriber
`client computer and adds Software to the Subscriber client
`computer and to the existing Server computer. A clearing
`house is provided to Store client and Server identification
`data, including demographic data, including URL data,
`usage data and billing information. The clearinghouse
`authenticates the Subscriber and Server computers before an
`operating Session occurs. For every new client Session, a
`login mechanism requires the client computer to Supply
`appropriate identification data, including a digital identifi
`cation generated by the hardware key. The login parameters
`are verified by the clearinghouse and a Session is then
`Started. The System is adapted to protect preselected content
`from being printed or copied by a client using a web
`browser. The System architecture permits a geographical
`distributed System of multiple Subscriber client computers,
`multiple Server computers and multiple clearinghouses
`which can interact with each other.
`
`31 Claims, 24 Drawing Sheets
`
`CLIENT
`APPICATION
`
`48
`?
`- - - - - - - - - - - - v - - - - - - - -
`
`- -
`
`36
`
`(sissCRIBER
`
`-
`- - - - - - - - - - - - - - - -
`CONTENT
`NETWORK
`CONTROL-
`USAGE
`LER
`TRACKER
`
`Y
`
`- - - - - - - - - - - - - - -
`
`SERVER
`APPLICATION
`
`- - - - - - -
`
`!
`
`-- - a
`
`CENT
`ACCESS
`LOG-IN
`ENORAUTHENTICE
`AOR
`WALIDATOR
`
`SERVER
`
`7
`
`s - - - - - - -
`:
`TRANSACTION
`dor:
`
`- - - - - :
`--
`USER ASELECLIENT
`UNTRUSD
`:
`MESSENGER
`NETWORK
`SESSION
`SE
`SERVCE
`ATOR
`viLiDATOR
`INITIATOR
`FUNCri6,
`- F - Y-11
`--- SESSION.
`-- LOG-N
`CLENT
`INTERFACE
`CRYPTC
`proTECTEDUN-PROTECTED
`MANAGER
`GrAPHER
`:
`SESSION ||
`CONTENTS
`CONTENTS
`-----------i---------------
`TERMINATOR
`DIGITAL
`ACCESS -
`KEY
`INTERFACE
`
`. . . .
`
`N-34
`
`Y.
`
`:
`
`
`
`:
`
`
`
`NETWORK
`JSAGE -
`TRACKING
`COLLECTOR
`
`
`
`!
`
`ACCESS
`
`KEY
`
`Y-54
`KEY__
`
`-3
`- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
`NETWORK
`SAS
`I
`USAGE
`AUTHENTICATION
`TRACKING
`SRWEr
`SERVER
`SERVER
`
`:
`
`N CLEARNGHOUSE
`VesV - -
`
`DATABASE
`----1
`
`MCM Ex. 2002, pg. 1
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 1 of 24
`
`US 6,516,416 B2
`
`
`
`
`
`38
`
`e
`•
`
`SA SUBSCRIBER SOFTWARE
`ISA ACCESS KEY (OPTIONAL)
`
`=
`
`36
`
`a
`e
`
`SA SERVER SOFTWARE
`ISA SITE ADMINSTRATION
`SOFTWARE
`
`FIREWALL
`
`WEB SERVER
`
`
`
`SA SUBSCRBER
`ADMINISTRATION SOFTWARE
`
`ISA CLEARNGHOUSE SERVER
`SOFTWARE
`ISA CLEARNGHOUSE
`DATABASE
`SQL SERVER
`
`4- is,
`.
`.
`.
`.
`.
`BACKEND SYSTEM
`
`FIG. 1
`
`MCM Ex. 2002, pg. 2
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 2 of 24
`
`US 6,516,416 B2
`
`36
`
`
`
`
`
`1 Request for
`Protected Content
`
`D
`
`Sb
`-2S N. Command
`
`SA
`Subscriber
`
`LOg-in
`Parameters
`
`
`
`Protected
`6 Content
`N
`
`
`
`
`
`
`
`
`
`Subscription
`HOSt
`(Web Site with
`ISA Server)
`
`-
`Authentication
`Request
`
`34
`
`Authentication
`Response
`-1 Usage
`30 N
`21h.
`
`Data u1
`
`ISA Clearinghouse
`
`F G 2
`
`MCM Ex. 2002, pg. 3
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 3 of 24
`
`US 6,516,416 B2
`
`|
`
`!!1)NOISSaS|
`
`SLN3LNO9DSLNSLNOO
`
`MYOMLAN
`
`aSvsn
`
`ONIMOVaL
`
`YOLDATION
`
`MYOMLSN
`
`cS
`
`YaoVNVA
`
`NoIssas___!
`
`YOLVANVA
`YOLVILINI
`
`NoIssas
`
`NOISSAS
`
`ADIAYAS
`
`NOILONNA
`
`gt
`
`LNANS
`
`“OLdAYO
`
`YaHdVeoO
`
`NOILOVSNVaL
`
`YOLINOW
`
`LN3I19
`
`“OILNSHLAY
`Ysa0YdOANA
`
`MYOMLAN
`
`aOVSn
`
`YaMoval
`
`4LNALNOD
`
`“TOYULNOD
`
`YF]
`
`daLlLsnYinn
`
`LNAMO
`
`AYOMLAN
`YaONASSAW
`DILNSHLAY
`
`YaAuss
`
`v7
`
`YaAdsS
`
`NOILWONdd¥
`
`LNSMNS
`
`NOILWONddV
`
`YaAdssS
`
`
`WLvdYsaAdaSONIMOVEL
`
`NOILVOILNSHLNYa9vsn
`
`ASNOHONIYV3A19
`
`dsvevlvd
`
`YsaAYAS
`
`€Old
`
`MCM Ex. 2002, pg. 4
`
`MCM Ex. 2002, pg. 4
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 4 of 24
`
`US 6,516,416 B2
`
`AdIAYAS
`
`NOILONNA
`
`LINALNOD
`
`S159
`
`daloaloudd
`NOLLVYLSININGYALIS
`NOILVOILNSAHLAY-3a
`ASNOHONIAVSTO
`NOILVYLSNINGY
`AYVMLIOS
`o9|NoWava
`
`
`
`S199
`
`aovsn
`
`NOISS3S
`
`YaOVNVA
`
`9969oe
`
`VSIVSI
`
`
`
`QayvHSYAgYOSEns
`
`
`
`LOoardoAYVMLAOS
`
`adam
`
`YsaSMONs
`
`
`
`NOlLdIdDSENSANIINO
`
`Tan
`
`ONYNOLLYOMddV¥
`ONIWMOVEL
`
`
`
`
`
`S199NOILVAILOYSID9
`
`
`
`
`
`NOILVYOILNAHLAYYaASn=n
`
`NOWaAvd
`
`ASNOHONIYV319
`
`
`
`YaAdasasvavLVvd
`
`NOW3VG
`
`0¢
`
`VS!
`
`“ONINVA19
`
`ASNOH
`
`ONIMOVEL
`
`MCM Ex. 2002, pg. 5
`
`MCM Ex. 2002, pg. 5
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 5 of 24
`
`US 6,516,416 B2
`
`USAGE
`DAEMON
`
`
`
`
`
`URL TRACKING
`DAEMON
`
`58
`
`USER
`AUTHENTICATION
`DAEMON
`
`
`
`
`
`
`
`CLEARNGHOUSE
`DATABASE SERVER
`
`FIG 5
`
`CLEARNGHOUSE
`ADMNSTRATION
`SOFTWARE
`
`MCM Ex. 2002, pg. 6
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 6 of 24
`
`US 6,516,416 B2
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`74
`
`ONLINE
`APPLICATION
`
`
`
`ONNE
`ACTIVATION
`
`SESSION MANAGER
`
`USER
`AUTHENTICATION
`DAEMON
`
`CLEARINGHOUSE
`DATABASE
`SERVER
`
`
`
`
`
`56
`
`CREDIT CARD
`PROCESSING CG
`
`
`
`SESSION
`MANAGER
`
`SITE ADMINISTRATION
`CG'S
`
`FG 16
`
`MCM Ex. 2002, pg. 7
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 7 of 24
`
`US 6,516,416 B2
`
`FG 7
`
`FIG. 8
`
`FG. 9
`
`SESSION MANAGER
`
`URL TRACKNG
`CGS
`
`CEARNGHOUSE
`ADMNSTRATION
`SOFTWARE
`
`USAGE
`DAEMON
`
`URL TRACKING
`DAEMON
`
`ODBC
`DRIVER
`
`CLEARINGHOUSE
`DATABASE
`SERVER
`
`CLEARNGHOUSE
`DATABASE
`SERVER
`
`CLEARINGHOUSE
`DAABASE
`SERVER
`
`
`
`
`
`
`
`
`
`69
`
`66
`
`ISA
`WEB
`SUBSCRIBER
`BROWSER
`SOFTWARE
`
`ISA
`WEB SERVER SHARED
`OBJECT
`
`LOG-N CGIS
`
`
`
`
`
`
`
`
`
`FIG 10
`
`SESSIONMANAGER
`
`RE-AUTHENTICATION
`CGIS
`
`70
`
`52
`
`MCM Ex. 2002, pg. 8
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 8 of 24
`
`US 6,516,416 B2
`
`sER SHARED
`
`SA
`
`OBJECT
`
`69
`
`
`
`
`
`FIG 11
`
`RE-AUTHENTICATION
`CG'S
`
`STE
`ADMINISTRATION
`CGI'S
`
`AUTHENTICATION
`DAEMON
`
`
`
`58
`
`
`
`69
`
`66
`
`
`
`
`
`
`
`
`
`
`
`
`
`START
`LOG-N
`WEB
`ISA
`SA
`CHALLENGE
`BROWSER SUBSCRIBER LocIN comMAND WEBSERVER SHARED
`SOFTWARE LOG-IN COMMAND
`LOG-N
`PARAMETERS
`
`
`
`
`
`68
`
`SESSION MANAGER
`
`
`
`MCM Ex. 2002, pg. 9
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 9 of 24
`
`US 6,516,416 B2
`
`69
`
`WEB
`BROWSER
`
`SA
`SUBSCRIBER
`SOFTWARE
`
`OG-N
`
`ENCRYPTED
`DGITAL ID
`
`SA
`WEBSERVER SHARED
`OBJECT
`
`
`
`
`
`RE-AUTHENTICATION
`CG'S
`
`F.G. 13
`
`
`
`SESSION
`MANAGER
`
`MCM Ex. 2002, pg. 10
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 10 of 24
`
`US 6,516,416 B2
`
`69
`
`SA
`WEB
`SUBSCRIBER
`BROWSERS WA
`
`WEB
`SERVER
`
`SA
`SHARED
`OBJECT
`
`66
`
`
`
`
`
`ONLINE
`APPLICATION
`CGI'S
`
`
`
`
`
`ONLINE
`ACTIVATION
`CGIS
`
`PASSWORD CHANGE
`CGIS
`
`USER
`AUTHENTCATION
`DAEMON
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`WEB
`BROWSER
`
`ISA
`SUBSCRIBER
`SOFTWARE
`
`
`
`
`
`69
`
`66
`
`STARTURL TRACK
`
`CHALLENGE
`
`WEB
`RL TRACK COMMAND SERVER
`
`SA
`SHARED
`OBJECT
`
`URL TRACKDATA
`
`FIG 15
`
`
`
`SESSONMANAGER
`
`
`
`72
`
`URL TRACKING
`CG'S
`
`URL TRACKING
`DAEMON
`
`
`
`MCM Ex. 2002, pg. 11
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 11 of 24
`
`US 6,516,416 B2
`
`USER REOUESS
`ACCESS TO A
`PROTECTED
`RESOURCE
`
`SERVER
`APPLICATION
`FORWARDS
`REQUEST TO
`CENT
`AUTHENTICAOR
`
`1OO
`
`102
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`SESSION-DIN
`COMMUNICATION
`HEADERS2
`
`CLIENT
`AUTHENTCATOR
`SENDS CHECK
`SESSION (CS)
`MESSAGETO
`SESSION
`VALIDATOR
`
`SESSION
`VALIDATOR
`SEARCHESFOR
`SESSION-ENTRY IN
`ITSLIST OF ACTIVE
`SESSIONS
`
`ACTIVE
`SESSION-ENTRY
`FOUND?
`
`YES
`
`
`
`TRANSACTION
`SERVICE AND
`LOGGNG
`
`STARTING OF A SESSION
`
`110
`
`116
`
`CEN
`AUTHENCATOR
`DENIES PERMISSION
`TO SERVER
`APPLICATION TO
`SERVICE USERS
`RECUEST
`
`118
`
`120
`
`SESSION
`WALIDATOR
`SENDS
`UNSUCCESSFUL
`SESSION
`RESPONSE (SR) To
`CLENT
`AUTHENTICATOR
`
`22
`
`114
`
`
`
`SERVER
`APPLICATION
`NWOKES LOG-IN
`ENFORCERTO
`MAKE THE USER
`LOG-IN
`
`LOG-IN ENFORCER
`SENDS START
`LOGIN MESSAGETO
`CLIENT MESSENGER
`THROUGH CLIENT
`APPLICATION
`
`CLIENT MESSENGER
`SENOSA RANDOM
`CHALLENGE TO
`LOG-NENFORCER
`HROUGH SERVER
`APPLICATION
`
`LOG-N ENFORCER
`ENCRYPTS SERVER
`APPLICATION
`PASSWORD WITH
`CLIENT
`MESSENGER'S
`CHALLENGE
`
`
`
`CLIENT MESSENGER
`DISPLAYS SERVER
`AUTHENTICAON
`ERROR MESSAGE TO
`THE USER
`
`
`
`
`
`132
`
`NO
`
`128
`
`SERVER
`AUTHENTICATION
`SUCCESSFUL2
`
`YES
`
`130
`
`LOG-1N, USER
`AUTHENTICATION,
`AND SESSION
`INITIATION
`PROCESS
`
`124
`
`LOG-IN ENFORCER SENDS
`LOG-IN COMMAND AND
`ITS ENCRYPTED
`PASSWORD TO CLEN
`MESSENGER WITH ANEW
`RANDOM CHALLENGE OF
`ITS OWN
`
`FIG. 17
`
`116
`
`126
`
`
`
`
`
`CENT MESSENGER
`NWOKES SERVER
`AUTHENCATOR TO
`AUTHENTICATE SERVER
`APPLICATION'S
`PASSWORD
`
`MCM Ex. 2002, pg. 12
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 12 of 24
`
`US 6,516,416 B2
`
`i140
`
`156
`
`USER AUTHENTICATION
`SERVER ACCESSES THE
`USER'S SUBSCRIPTION
`INFORMATION FROM ITS
`DATABASE AND
`AUTHENTICATES THE
`OG-N PARAMETERS
`
`172
`
`
`
`USER
`AUTHENTCATION
`SERVER SENDSA
`SUCCESSFUL
`AUTHENTICATION
`RESPONSE (AR)
`MESSAGE TO SESSION
`NITIATOR
`
`160
`
`YES
`
`162
`
`SESSION INITIATOR
`ENTERS ANEW
`SESSION-ENTRY FOR
`THE USER IN ITS LIST
`OF ACTIVE SESSIONS
`WITH A UNICUE
`SESSION-ID
`
`CLIENT MEsseNGER
`NWOKES OG-N
`INTERFACE TO PROMPT
`USER FOR USERNAME
`AND PASSWORD
`142
`USER INPUTS
`USERNAME AND
`PASSWORD
`
`144
`LOG-1N INTERFACE
`RECQUESS ACCESS KEY
`INTERFACE TO POLL
`FOR ACCESS KEY
`146
`ACCESS KEY INTERFACE
`READS THE DIGITAL ID
`FROM ACCESS KEY AND
`SENDS TO LOG-IN
`INTERFACE
`
`148
`LOG-1N INTERFACE
`SENDS THE LOG-IN
`PARAMETERS
`(USERNAME,
`PASSWORD, AND
`DIGITALID) TO CLIENT
`CRYPTOGRAPHER
`150
`
`CLENT
`CRYPTOGRAPHER
`ENCRYPTS THE
`PASSWORD AND THE
`DGITALID USING THE
`CHAL LENGE SENT BY
`OG-IN ENFORCER AND
`SENDS THEM TO THE
`LOG-N ENFORCER
`152
`LOG-IN ENFORCER
`SENDS INITIATE
`SESSION (IS) MESSAGE
`TO SESSION INITIATOR
`WITH THE ENCRYPTED
`LOG-N PARAMETERS
`154
`SESSION INITIATOR
`SENDS AUTHENTICATE
`LOG-IN (AL) MESSAGE
`TO CLEARINGHOUSE'S
`USER AUTHENTICATION
`SERVER
`
`
`
`
`
`
`
`
`
`
`
`
`
`USER
`AUTHENTCATION
`No SERVER SENDS AN
`UNSUCCESSFU
`AUTHENTICATION
`RESPONSE (AR) TO
`SESSION INITIATOR
`
`
`
`174
`
`SESSION INITIATOR
`SENDS AN
`UNSUCCESSFUL
`SESSION
`RESPONSE (SR) TO
`LOG-IN ENFORCER
`
`LOG-NENFORCER
`DENES
`PERMISSION TO
`SERVER
`APPLICATION TO
`SERVICE THE
`USER'S RECQUEST
`FOR PROTECTED
`CONTENT
`
`164
`
`76
`
`SESSION INITIATOR
`SENDSA SUCCESSFUL
`SESSION RESPONSE
`(SR) TO LOG-IN
`ENFORCER
`
`OSNENFORCE |
`ENTERS THE USER'S
`NEW SESSION-DIN
`THE COMMUNCATION
`HEADERSFOR
`REAUTHENTCATION
`PURPOSES
`
`OG-NENFORCER 168
`GRANTS PERMISSION
`TO SERVICE
`APPLICATION TO
`SERVICE THE USER'S
`REQUEST FOR
`PROTECTED CONTENT
`
`TRANSACTION
`SERVICE AND
`LOGGNG
`
`170
`
`178
`
`SERVER
`APPLICATION
`SENDS BACKAN
`ERROR RESPONSE
`TO THE USER
`
`LOG-IN, USER
`AUTHENTICATION,
`AND SESSION
`INITIATION
`FIG. 18
`
`MCM Ex. 2002, pg. 13
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 13 of 24
`
`US 6,516,416 B2
`
`TRANSACTION SERVICE AND LOGGING
`
`
`
`SESSION VALIDATOR
`ENTERS ANEW
`TRANSACTION-ENTRY
`FOR THE USER'S
`CURRENT SESSION
`
`SESSION VALIDATOR
`SENDSA SUCCESSFUL
`SESSION-RESPONSE
`(SR) TO CLIENT
`AUTHENTICATOR
`
`CLENT
`AUTHENTCATOR
`GRANTS PERMISSION
`TO SERVER
`APPLICATION TO
`SERVICE THE USER'S
`RECUEST
`
`SERVER APPLICATION
`INVOKES THE
`APPROPRIATE
`SERVICE FUNCTION TO
`SEND THE PROTECTED
`CONTENT TO THE
`USER
`
`SERVER APPLICATION
`NWOKES
`TRANSACTION
`MONITOR TO SEND AN
`END TRANSACTION
`(ET). MESSAGE TO
`SESSION VALIDATOR
`
`SESSION VALIDATOR
`UPDATES THE
`TRANSACTION ENTRY
`WITH THE
`TRANSACTION
`SPECIFIC
`INFORMATION IN THE
`ET MESSAGE
`
`18O
`
`182
`
`184
`
`186
`
`188
`
`190
`
`FIG. 19
`
`MCM Ex. 2002, pg. 14
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 14 of 24
`
`US 6,516,416 B2
`
`REAUTHENTCATION
`FG. 20
`
`A USER WHAN
`ACTIVE SESSION
`REOUESTS SERVER
`APPLICATION FORA
`PROTECTED
`RESOURCE
`
`
`
`
`
`
`
`
`
`
`
`SERVER
`APPLICATION
`FORWARDS
`RECQUEST TO
`CENT
`AUTHENTICATOR
`
`
`
`SESSION-I) N
`COMMUNICATION
`HEADERSP
`
`CLIENT
`AUTHENTICATOR
`DENES
`PERMISSIONO
`SERVER
`APPLICATION TO
`SERVICE THE
`REGUEST
`
`208
`
`SERVER
`APPLICATION
`DIRECTS THE USER
`TOLOG-N
`ENFORCERTO
`STARTA NEW
`SION
`SES
`
`
`
`
`
`
`
`CLENT MESSENGER
`SENDS AN
`UNSUCCESSFUL
`POLLING MESSAGE TO
`ACCESSKEY
`VALIDATOR WHO
`REDIRECTS THE USER
`TOLOG-IN ENFORCER
`
`222
`
`
`
`SESSION
`WALDATOR
`CHECKSFOR
`THE TIME OF
`LAST POLNG
`OF USER'S
`MACHINE FOR
`ACCESS KEY
`
`218
`
`220
`
`
`
`DURATION
`EXCEEDED
`PRESE TIME
`LIM2
`
`NO
`
`YES
`
`226
`
`228
`
`SESSION WALIDATOR
`SENDS A SESSION
`RESPONSE (SR) TO
`CLENT AUTHENICATOR
`ASKING TO POLFOR
`USER'S ACCESS KEY
`
`224
`
`CLIENT AUTHENTCATOR
`NWOKES ACCESS KEY
`WALDAOR
`
`ACCESS KEY WALIDAOR
`SENDS CHECKLOGN
`MESSAGE TO CLENT
`MESSENGER WITHA
`NEW RANDOMLY
`GENERATED
`CHALLENGE
`
`TRANSACTION
`SERVICE AND
`LOGGING
`
`CLENT MESSENGER
`NWOKES LOG-IN
`NTERFACE
`
`170
`
`230
`
`232
`
`LOG-IN INTERFACE
`NWOKES ACCESS KEY
`NERFACE
`
`ACCESS KEY INTERFACE
`POLLS THE USER'S
`MACHINE FOR THE
`ACCESS KEY
`
`234
`
`NO
`
`ACCESS KEY
`AACHED TO USER'S
`MACHINE
`
`
`
`ACCESS KEY
`INTERFACE SENDS
`ERROR MESSAGE
`TOOG-IN
`NERFACE
`
`YES
`
`SESSION RENEWAL
`
`2OO
`
`210
`
`CLIEN
`AUTHENTCATOR
`SENDS CHECK
`SESSION (CS)
`MESSAGETO
`SESSION
`VALIDAOR
`
`SESSION VALIDATOR
`SEARCHES FOR
`SESSION-ENTRY IN
`TSLIST OF ACTIVE
`SESSIONS
`
`ACTIVE
`SESSION-ENTRY
`FOUND?
`
`16
`
`SESSION VALIDATOR
`SENDS AN
`UNSUCCESSFUL
`SESSION RESPONSE
`(SR) TO CLIENT
`AUTHENTCATOR
`
`LOG-IN INTERFACE
`ERROR MESSAGE
`TO CLIENT
`MESSENGER
`
`242
`
`240
`
`238
`
`236
`
`MCM Ex. 2002, pg. 15
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 15 of 24
`
`US 6,516,416 B2
`
`SESSION
`RENEWAL
`
`FG 21
`
`262
`
`
`
`SESSION VALIDATOR
`SENDS AN
`UNSUCCESSFUL SESSION
`RESPONSE (SR) TO
`ACCESS KEY WADATOR
`
`ACCESS KEY WALIDATOR
`REDIRECTS USERO
`OG-IN ENFORCERTO
`SARA NEW SESSION
`
`264
`
`ACCESS KEY INTERFACE
`READS THE DIGITAL D AND
`SUBMTS T TO LOG-N
`NTERFACE
`
`LOG-IN INTERFACE
`SUBMSDGITAL ID TO
`CLIENT CRYPTOGRAPHER
`
`
`
`
`
`CLIENT CRYPTOGRAPHER
`ENCRYPTS GITALID USING
`THE CHALLENGESENT BY
`ACCESS KEYVALIDATOR AND
`SENDS IT TO ACCESS KEY
`VALIDATOR
`
`ACCESS KEY WADATOR
`SENDS RENEW SESSION
`(RS) MESSAGE TO SESSION
`VALIDATORWTH
`ENCRYPTED DIGITAL ID
`
`250
`
`252
`
`254
`
`256
`
`SESSION VALIDATOR FINDS
`USER'S SESSION-ENTRY
`AND WALIDATES THE
`ENCRYPED DIGITAL ID
`
`258
`
`266
`
`NO
`
`
`
`YES
`VALIDATION
`sucCESSFU-1
`260
`
`SESSION VALIDATOR
`UPDATES THE SESSION
`|EYS.NEEAST
`
`170
`
`
`
`TRANSACTION
`SERVICE AND
`LOGGING
`
`SESSION WALDATOR SENDS
`A SUCCESSFUL SESSION
`RESPONSE (SR) TO ACCESS
`KEYVALIDATOR
`
`268
`270
`
`ACCESS KEY WALIDATOR
`GRANTS PERMISSION TO
`SERVER APPLICATION TO
`PROCESS USER'S REOUEST
`FOR PROTECTED RESOURCE
`
`MCM Ex. 2002, pg. 16
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 16 of 24
`
`US 6,516,416 B2
`
`28O
`
`282
`
`START FROM HE
`FIRST SESSION-ENTRY
`OF SESSION LIST
`
`SESSION TERMINATOR
`CHECKS THE
`DIFFERENCE BE WEEN
`THE CURRENT TIME AND
`THE TIME OF LAST
`REOUEST
`
`SESSION
`TERMINATION
`
`FIG. 22
`
`TIME DIFFERENCE
`EXCEEDED IDLE TIME
`MTP
`
`290
`
`292
`
`294
`
`SESSION TERMINATOR
`AGS THE SESSION
`ENTRY AS NACTIVE
`
`SESSION TERMINATOR
`SENDS ALL SESSION
`USAGE DATA TO
`CLEARNGHOUSE'S
`USAGE DATASERVER
`
`USAGE DAA. SERVER
`UPDATES
`CLEARINGHOUSE
`DATABASE WITH THE
`SESSIONUSAGE DATA
`
`DATABASE
`UPDATE
`UCCESSFUL
`
`USAGE DATASERVER
`SENDS UNSUCCESSFUL
`MESSAGE CONFIRMATION
`(MC) TO SESSION
`TERMINATOR
`
`SESSION TERMINATOR
`SENDS ERROR MESSAGE
`TOSYSTEM
`ADMNSTRATOR
`
`USAGE DATASERVER
`SENDS SUCCESSFUL
`MESSAGE
`CONFIRMATION (MC) TO
`SESSION TERMINATOR
`
`SESSION TERMINATOR
`REMOVESSESSION
`ENTRY FROM SESSION
`LST
`
`
`
`
`
`
`
`288
`
`FETCH NEXT SESSION-
`ENTRY INSESSION
`LIST
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`LAST SESSION-
`ENTRY IN THE
`SESSION LIST?
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`MCM Ex. 2002, pg. 17
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 17 of 24
`
`US 6,516,416 B2
`
`NETWORK
`USAGE
`TRACKING
`
`FIG 23
`
`310
`
`312
`
`314
`
`316
`
`USAGE TRACKENG COLLECTOR
`SENDS INTATE USAGE
`TRACKENG MESSAGE TO CLIENT
`MESSENGER
`
`CLIENT MESSENGER GENERATES
`RANDOM CHALLENGE AND SENDS
`IT TO USAGE TRACKENG
`COLLECTOR
`
`USAGE TRACKING COLLECTOR
`ENCRYPTS SERVER
`APPLICATION'S PASSWORD
`USNG THE RANDOM CHALLENGE
`AND SENDS A USAGE TRACK
`COMMAND TO CLENT
`MESSENGER WITH THE
`ENCRYPTED PASSWORD
`
`
`
`CLENT MESSENGERINVOKES
`SERVER AUTHENTICATOR TO
`AUTHENTCATE SERVER
`APPLICATION'S PASSWORD
`
`
`
`NO
`
`
`
`SERVER
`AUTHENTCATION
`SUCCESSFUL?
`
`3.18
`
`YES
`
`
`
`CLIEN MESSENGER
`DISPLAYS SERVER
`AUTHENTICATION ERROR
`MESSAGE TO USER
`
`320
`
`322
`
`CLIENT MESSENGERINVOKES
`NETWORK USAGE TRACKERTO
`COLLECT ALL NETWORK USAGE
`DATA AND SENDS TO USAGE
`TRACKING COLLECTOR
`
`324
`
`326
`
`
`
`NETWORKUSAGE
`TRACKING SERVER
`UPDATES THE
`CLEARNGHOUSE
`DATABASE WITH THE
`NEWORKUSAGE DATA
`
`USAGE TRACKING
`COLLECTOR SENDS
`NETWORK USAGE DATA TO
`CLEARNGHOUSE'S
`NETWORK USAGE
`TRACKNG SERVER
`
`MCM Ex. 2002, pg. 18
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 18 of 24
`
`US 6,516,416 B2
`
`
`
`
`
`
`
`USERREGUESTS CONTENTS
`FROM SERVER APPLICATION
`THROUGHCLIENT APPLICATION
`
`330
`
`332
`
`334
`
`SERVER APPLICATON
`SENDS CONTENTS TO
`CLENT APPLICATION
`
`CLIENT APPLICATION DISPLAYS
`CONTENTS TO USER WITH
`OPTIONS TO PRINT, SAVE, AND/OR
`CU/COPYFPASTE
`
`
`
`
`
`
`
`
`
`
`
`USER CHOSE
`PRINT, SAVE, OR
`CUTICOPY1PASTE2
`
`CLIENT APPLICATION
`DISPLAYING CONTENTS
`WITHOUT COPYRIGHT
`
`PROTECTION
`
`FG 24
`
`338
`
`CLENT APPLICATION RECOGNIZES
`USER'S SELECTION
`IN THE FORM OF A UNIQUE MESSAGE
`OF ETHER PRINT, SAVE,
`OR
`CUT/COPY1PASTE COMMAND
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`END
`
`35
`
`CLIEN APPLICATION
`INVOKES PRINT
`FUNCION
`
`S.
`MESSAGE PRINT
`MESSAGEP
`
`CLENT APPLICATION
`NWOKES SAVE
`FUNCTON
`
`IS
`MESSAGE SAVE
`MESSAGE
`
`342
`
`344
`
`CLIENT APPLICATON
`NWOKES CUTICOPY
`PASTE FUNCION
`
`CUTICOPY1PASTE
`MESSAGE
`
`MCM Ex. 2002, pg. 19
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 19 of 24
`
`US 6,516,416 B2
`
`
`
`
`
`USER RECUESTS
`COPYRIGHTED
`CONTENS FROM SERVER
`APPLICATION THROUGH
`CLIENT APPLICATION
`
`360
`
`CEN MESSENGER
`DETERMNES
`COPYRIGHT
`PROTECTION LEVEL
`FROM COPYRIGHT
`
`SEEN CLIENT APPLICATION
`DISPLAYING
`CONTENTS
`WITH COPYRIGHT
`PROTECTION
`
`CONTROLLER
`
`374
`
`CONTENT
`CONTROLERSUB
`CLASSES CLENT
`APPLICATION TO GAIN
`CONTROL OF CLIENT
`APPLICATION
`FUNCTIONS
`
`376
`
`FIG. 25
`
`362
`
`SERVER APPLICATON
`AUHENTCATES USER'S
`SESSION
`THROUGH CENT
`AUTHENTICATOR
`
`364
`
`SERVER APPLICATION
`READS COPYRIGHT LEVE
`FOR COPYRIGHTED
`CONTENTS FROM
`CONTENT HEADERS
`
`366
`
`SERVER APPLICATION
`PUTS COPYRIGHT
`INSTRUCTIONN
`COMMUNCATION HEADERS
`
`
`
`
`
`
`
`
`
`
`
`
`
`SUB-CLASSES CLENT
`APPLICATION
`DISPLAYS
`COPYRIGHTED
`CONTENTS TO USER
`
`378
`
`368
`
`
`
`SERVER APPLICATION
`SENDS COPYRIGHTED
`CONTENTS TO CLENT
`APPLICATION
`
`
`
`
`
`
`
`
`
`USER CHOSE
`PRINT, SAVE, OR
`CUTICOPYI
`PASTEP
`
`
`
`384
`
`
`
`COPYRIGHT
`PROTECTION
`PROCESS
`
`370
`
`CLIENT APPLICATION
`FINDS COPYRIGHT
`NSTRUCONN
`COMMUNCATION HEADERS
`
`372
`
`CLIENT APPLICATION
`INVOKES CLENT
`MESSENGER
`
`END
`
`MCM Ex. 2002, pg. 20
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 20 of 24
`
`US 6,516,416 B2
`
`SUB-CLASSED CENT
`APPLICATION GETS
`USER'S CHOICE
`
`
`
`
`
`
`
`
`
`
`
`USER
`CHOSE PRINT,
`SAVE, OR CUTf
`COPYIPASTE 2
`
`
`
`
`
`NO
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`390
`
`SUB-CLASSED
`CLEN APPLICATION
`RECOGNIZED USER'S
`SELECTIONASA
`UNIOUE MESSAGE
`FOREITHER PRINT,
`SAVE, OR CUTICOPY1
`PASTE
`
`396
`
`COPYRIGHT
`PROTECTION
`PROCESS
`
`SUB-CLASSED CLIENT
`APPLICATION
`FORWARDS USER
`MESSAGE TO
`CONTENT
`CONTROLLER
`
`398
`
`FIG. 26
`
`IS
`MESSAGE PRINT
`MESSAGE2
`
`
`
`
`
`404
`
`CONTENT
`YES 1 COPYRIGHTNys CONTROLLER
`LEVE ALLOWS
`INVOKES
`FUNCTION
`
`402
`
`406
`
`
`
`NO
`CONTENT CONTROLLER
`DISPLAY'S COPYRIGHT NOTICE
`AGAINST PRINTING CONTENTS
`
`IS
`MESSAGE SAVE
`MESSAGE2
`
`YES
`
`
`
`
`
`COPYRIGHT
`LEVELALLOWS
`SAVE2
`
`YES
`
`414
`
`NO
`
`N 41
`O
`
`CONTENT CONTROLLER
`DISPLAYS COPYRIGHT NOTICE
`AGAINST SAVING CONTENTS
`
`412
`CONTENT
`CONTROLLER
`INVOKES
`SAVE
`FUNCTON
`
`S MESSAGE
`CUT/COPY/PASTE
`MESSAGE2
`
`
`
`
`
`
`
`YES
`
`COPYRIGHT
`LEVELALLOWS
`UTICOPY/PASTE2
`
`YES
`
`
`
`CONTENT
`CONTROLLER
`NWOKES CUT!
`COPY/PASTE
`FUNCTION
`
`416
`
`NO
`
`418
`
`CONTENT CONTROLLER
`DISPLAYS COPYRIGHT NOTICE AGAINST 422
`CUTTING/COPYING/PASTING CONTENTS
`
`MCM Ex. 2002, pg. 21
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 21 of 24
`
`US 6,516,416 B2
`
`PUG-IN TRAPS
`THE WINDOWS
`MESSAGE FOR
`USER COMMAND
`
`444
`
`EXAMPLE COPYRIGHT
`PROTECTION IN WEB
`ENVIRONMENT
`FIG 27
`
`USER INPUTSURL
`FOR COPYRIGHTED 4
`HTML USNGWEB
`BROWSER
`
`432
`
`WEBSERVER SENDS
`COPYRIGHTED HTML
`DOCUMENT
`
`
`
`
`
`
`
`
`
`WEB BROWSER FINDS YES
`EMBEDTAG FOR
`COPYRIGHT LUG-N
`AND NWOKES THE
`PLUG-N
`
`
`
`434
`
`446
`
`
`
`452
`
`IS
`MESSAGE
`FOR
`PRINT?
`
`YES
`
`COPYRIGHT
`LEVELALLOWS
`
`YES
`
`454
`
`PLUG-NLETS
`WEB
`BROWSER
`PROCESS THE
`MESSAGE
`
`436
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`PLUG-IN READS
`COPYRIGHT
`PARAMETER TO FND
`COPYRIGHT LEVEL
`
`438
`
`PLUG-IN SUB-CASSES
`THE WEB BROWSER
`WINDOW WHERE HTML
`CONTENTS ARE
`DISPLAYED
`
`CHOSE WEB
`BROWSER'S
`PRINT, SAVE,
`OR CUTICOPYI
`PASTE
`OPTIONS
`
`
`
`END
`
`NO
`
`PLUG-N DISPLAYS
`COPYRIGHT MESSAGE
`AGAINST PRENTING
`
`456
`
`IS
`MESSAGE
`
`YES
`
`
`
`458
`
`COPYRIGH
`LEVE ALOWS
`SAVEP
`
`YES
`
`460
`
`PLUG-INLETS
`WEB
`BROWSER
`PROCESS THE
`SAVE
`MESSAGE
`
`NO
`
`
`
`PLUG-INDISPLAYS
`COPYRIGHT MESSAGE
`AGAINST SAVING
`
`462
`
`
`
`450
`GEssage
`FoR cut YYES
`COPY!
`
`
`
`466
`
`464
`
`PLUG-INES
`WEB
`LEVEL ALLOWS Ya YES ESE
`CUTICOPY!
`PASTE?
`CUT/COPY
`PASTE
`MESSAGE
`
`PUG-INOISPLAYS
`COPYRIGHT MESSAGE
`AGAINST CUTICOPYFPASTE
`
`468
`
`MCM Ex. 2002, pg. 22
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 22 of 24
`
`US 6,516,416 B2
`
`PORT
`INTERFACE
`
`DATABUS
`BUFFER
`
`MESSAGE
`DGEST
`ENCRYPTION
`ENGINE
`
`NON
`SENA
`PURPOSE
`MEMORY
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`54
`
`READ
`WRITE
`CONTROL
`LOGIC
`
`
`
`CONTROL
`REGISTER
`
`PASSWORD
`REGISTER
`
`PASSWORD
`COMPARATOR
`
`NON
`WOLATLE
`PASSWORD
`MEMORY
`
`STATUS
`REGISTER
`
`488
`
`FG. 28
`
`ACCESS KEYBLOCKDAGRAM
`
`MCM Ex. 2002, pg. 23
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 23 of 24
`
`US 6,516,416 B2
`
`MULTIPLE SASERVERS WITH A
`SINGLE SA CLEARNGHOUSE
`
`
`
`69
`
`
`
`
`
`
`
`
`
`SA
`SUBSCRBER
`
`
`
`
`
`WEBSERVER 1
`
`SASERVER 1
`
`34
`
`(BOSTON)
`
`69
`
`WEBSERVER 2
`
`SASERVER 2
`
`34
`
`(OMAHA)
`
`WEBSERVER
`
`
`
`
`
`SASERVER in
`
`(SAN JOSE)
`
`34
`
`
`
`
`
`
`
`30
`
`(OMAHA)
`
`SA
`CLEARNGHOUSE
`
`ENTERPRISE-VVDE
`SUBSCRIPTION DATABASE
`USAGE DATA
`WAREHOUSE
`DEMOGRAPHCS DATA
`WAREHOUSE
`
`F.G. 29
`
`MCM Ex. 2002, pg. 24
`
`
`
`U.S. Patent
`
`Feb. 4, 2003
`
`Sheet 24 of 24
`
`US 6,516,416 B2
`
`MULTIPLE SA SERVERS WITH
`MULTIPLE SA CLEARINGHOUSES
`
`69
`
`.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`WEB SERVER 1
`
`S
`A SERVER 1
`
`(BOSTON
`)
`
`34
`
`69
`
`SA
`SUBSCRIBER "a"
`
`WEB SERVER 2
`
`SASERVER 2
`
`34
`
`(OMAHA)
`
`
`
`
`
`SA
`SUBSCRIBER"b"
`
`WEB SERVER
`
`SASERVERn
`
`..
`
`(SAN JOSE)
`
`
`
`.
`
`34
`
`30
`
`SA
`CLEARINGHOUSEA
`
`(OMAHA)
`
`
`
`SA
`CLEARNGHOUSEB
`
`(CHICAGO)
`
`FIG. 30
`
`MCM Ex. 2002, pg. 25
`
`
`
`1
`SUBSCRIPTION ACCESS SYSTEM FOR USE
`WITH AN UNTRUSTED NETWORK
`
`The present invention generally relates to Security Sys
`tems for use with computer networks and more particularly
`to a Subscription access System that is particularly adapted
`for use with untrusted networks, Such as the Internet.
`There are many information providers which are con
`nected to the Internet or some other untrusted network. Such
`information providers may provide information without
`charge for certain information that can be accessed by any
`user that has access to the network. However, the same
`information provider may want to generate revenue from
`Subscription Services and also to protect its information
`assets. In order to generate revenue, there must be control
`Over user access, rights management, billings, usage track
`ing and even demographic data. For an information provider
`to publish content on an untrusted network Such as the web,
`it must have access to a web server which connects to the
`Internet. Any user with a web browser can then access the
`web site and view its contents. If an organization is a private
`corporate network and wants to display parts of its corporate
`data on its web site, the organization can make the private
`network available to the web server through a firewall
`computer. This enables the corporate data that is desired to
`be displayed without the private network being accessible to
`the rest of the web.
`To implement a Subscription acceSS System for use over
`the web, information providers need to implement authen
`tication and usage tracking. Authentication involves provid
`ing restricted access to the contents that are made available
`and this is typically implemented through traditional user
`name-password Schemes. Such schemes are vulnerable to
`password fraud because Subscribers can share their user
`names and password by word of mouth or through Internet
`news groups, which obviously is conducive to fraudulent
`access and loSS of revenue. Usage tracking involves collect
`ing information on how Subscribers are using a particular
`subscription web site, which typically now involves web
`Server access logs which tell what web resources were
`accessed by particular addresses. This information is often
`inadequate to link web site usage and a particular Subscriber
`who used the web site. There is also no generic transaction
`model that defines a web transaction, which contributes to
`the difficulty in implementing a Subscription model based
`upon usage.
`Accordingly, it is a primary object of the present inven
`tion to provide an improved Subscription access System for
`use in an untrusted network, Such as the Internet, which
`System provides effective authentication and usage tracking,
`among other features.
`Another object of the present invention is to provide Such
`an improved Subscription access System which provides
`additional features that combine elements of Subscriber
`authentication, Subscriber authorization, demographics cap
`ture and rights management to effectively protect the assets
`of an online information provider.
`More particularly, it is an object of the present invention
`to provide Such an improved Subscription access System that
`provides Secure access through either a one factor
`(conventional user name and password) or two factor
`authentication (using an optional hardware access key with
`a unique digital ID), thus enabling a Superior and effective
`Subscriber authentication which only allows registered Sub
`Scribers to access protected contents and Subscriber autho
`rization which determines the Subscriber's access level
`within a protected Site.
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`US 6,516,416 B2
`
`2
`Yet another object of the present invention is to provide
`Such a System that has usage tracking capability for collect
`ing all of the Subscriber's usage data and Storing it in a
`Structured query language (SQL) database under a generic
`transaction model.
`Another object of the present invention is to provide Such
`a System which enables demographic capture to Store a
`Subscriber's network usage history.
`Still another object of the present invention is to provide
`Such a System that has the capability of preventing content
`from being copied by controlling the functionality of a client
`application, Such as a web browser, while displaying pro
`tected contents. More particularly, the functionality is con
`trolled in a manner whereby copyrighted content, for
`example, can be identified and the client application can be
`controlled to preclude Such functionality as cut and paste,
`copy or print. Such functionality can be controlled on a
`hierarchical basis.
`Still another object of the present invention is to provide
`Such a System that easily administerS Subscriptions and
`Subscribers through a graphical user interface client/server
`application.
`Other objects and advantages will become apparent upon
`reading the following detailed description, while referring to
`the attached drawings.
`DESCRIPTION OF THE DRAWINGS
`FIG. 1 is a block diagram of the Subscription access
`System embodying the present invention, wherein a Sub
`Scription acceSS Server is part of a local area network, with
`the Server being connected to the Internet and to the local
`area network via a firewall;
`FIG. 2 is a functional block diagram of the Subscription
`acceSS System embodying the present invention and illus
`trating the functional interaction of components of the
`System and a Subscriber;
`FIG. 3 is a more detailed block diagram of the schema of
`the present invention;
`FIG. 4 is a Software block diagram illustrating the System
`architecture of the preferred embodiment in the web
`environment, also known as the Internet Subscription
`Access (ISA) system;
`FIG. 5 is a functional block diagram illustrating the
`Structure and operation of the clearinghouse database Server
`process of the preferred embodiment;
`FIG. 6 is a functional block illustrating the structure and
`operation of the clearinghouse user authentication daemon
`of the preferred embodiment;
`FIG. 7 is a block diagram illustrating the structure and
`operation of the clearinghouse usage daemon of the pre
`ferred embodiment;
`FIG. 8 is a block diagram illustrating the structure and
`operation of the clearinghouse URL tracking daemon of the
`preferred embodiment;
`FIG. 9 is a functional block diagram illustrating the
`Structure and operation of the clearinghouse administration
`Software of the preferred embodiment;
`FIG. 10 is a functional block diagram illustrating the
`Structure and operation of the Server shared object of the
`preferred embodiment;
`FIG. 11 is a functional block diagram illustrating the
`Structure and operation of the Server Session manager of the
`preferred embodiment;
`FIG. 12 is a functional block diagram illustrating the
`Structure and operation of the Server login common gateway
`interface (CGI) program of the preferred embodiment;
`
`MCM Ex. 2002, pg. 26
`
`
`
`US 6,516,416 B2
`
`15
`
`25
`
`3
`FIG. 13 is a functional block diagram illustrating the
`Structure and operation of the Server reauthentication com
`mon gateway interface (CGI) program of the preferred
`embodiment;
`FIG. 14 is a functional block diagram illustrating the
`Structure and operation of the Server online application and
`activation common gateway interface (CGI) program of the
`preferred embodiment;
`FIG. 15 is a functional block diagram illustrating the
`Structure and operation of the Server URL tracking common
`gateway interface program of the preferred embodiment;
`FIG. 16 is a functional block diagram illustrating the
`Structure and operation of the Server Site administration
`common gateway interface program of the preferred
`embodiment;
`FIG. 17 is a flow chart of the operation of the system at
`the Start of a Session where a user requests access to a
`protected resource;
`FIG. 18 is a flow chart of the system illustrating the steps
`that are taken during the login, user authentication and
`Session initiation;
`FIG. 19 is a flow chart of the sequence of steps that occur
`during transaction Service and login;
`FIG. 20 is a flow chart of the sequence of steps taken
`during a reauthentication operation;
`FIG. 21 is a flow chart of the sequence of steps that occur
`during a Session renewal;
`FIG.22 is a flow chart of the sequence of steps that occur
`during a Session termination;
`FIG. 23 is a flow chart of the sequence of steps that are
`taken during network usage tracking,
`FIG. 24 is a flow chart of the sequence of steps that occur
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
