1111111111111111 IIIIII IIIII 11111 1111111111 lllll lllll lllll lllll lllll 111111111111111 11111111
`US 20020147912Al
`
`(19) United States
`(12) Patent Application Publication
`Shmueli et al.
`
`(10) Pub. No.: US 2002/0147912 Al
`Oct. 10, 2002
`(43) Pub. Date:
`
`(54) PREFERENCE PORTABILITY FOR
`COMPUTING
`
`(76)
`
`Inventors: Shimon Shmueli, Raleigh, NC (US);
`Alex Lang, Raleigh, NC (US); Jean
`Billman, Chapel Hill, NC (US)
`
`Correspondence Address:
`WITHROW & TERRANOVA, P.L.L.C.
`P.O. BOX 1287
`CARY, NC 27512 (US)
`
`(21) Appl. No.:
`
`09/802,691
`
`(22) Filed:
`
`Mar. 9, 2001
`
`Related U.S. Application Data
`
`(60) Provisional application No. 60/243,816, filed on Oct.
`27, 2000.
`
`Publication Classification
`
`(51)
`
`Int. Cl.7 ............................ G06F 15/177; G06F 9/00
`
`(52) U.S. Cl. .............................................................. 713/182
`
`ABSTRACT
`(57)
`The present invention uses a portable memory device to
`directly or wirelessly interact with one or more host com(cid:173)
`puting devices to provide a customized configuration for one
`or more aspects associated with a computing session. In
`particular, software on the portable device will automatically
`execute on the host computing device after the host com(cid:173)
`puting device recognizes the presence of the portable device.
`The software provides instructions for the host computing
`device to launch a select program on the host computing
`device and provide a customized configuration for the
`program. The customized configuration is based on infor(cid:173)
`mation stored on the portable device. As such, the portable
`device may automatically set preferred interface or program
`configurations personalized to the user. For example, the
`interface settings for a desktop, productivity, or browser
`application may be tailored as defined by information stored
`on the portable device. Other settings, such as bookmarks
`for a browser, may be stored on the portable device and
`made available to the program launched on the host com(cid:173)
`puting device.
`
`MEMORY
`ill.
`SOFTWARE
`@.
`DATA
`gg
`
`KEY INTERFACE
`~
`
`10
`
`12
`
`u
`s
`E
`R
`
`I
`N
`T
`E
`R
`F
`A
`C
`E
`M
`
`KEY INTERFACE
`36
`
`CPU
`g§
`
`MEMORY
`g§
`SOFTWARE
`~
`DATA
`E
`NETWORK INTERFACE
`;l§.
`
`NETWORK INTERFACE
`29.
`CPU
`12
`MEMORY
`~
`SOFTWARE
`1±
`DATA
`46
`
`USER INTERFACE
`1§.
`
`PayPal Ex. 1009, p. 1
`PayPal v. IOENGINE
`
`

`

`Patent Application Publication Oct. 10, 2002 Sheet 1 of 6
`
`US 2002/0147912 Al
`
`MEMORY
`~
`SOFTWARE
`20
`DATA
`22
`
`KEY INTERFACE
`24
`
`10
`
`12
`
`KEY INTERFACE
`36
`
`CPU
`26
`
`MEMORY
`28
`SOFTWARE
`30
`DATA
`32
`
`NETWORK INTERFACE
`38
`
`HOST
`12
`
`u
`s
`E
`R
`
`I
`N
`T
`E
`R
`F
`A
`C
`E
`34
`
`SERVER
`1±
`
`NETWORK
`
`16
`
`NETWORK INTERFACE
`50
`CPU
`40
`MEMORY
`42
`
`SOFTWARE
`44
`DATA
`46
`
`USER INTERFACE
`48
`
`FIG. 1
`
`HOST
`12
`
`SERVER
`14
`
`PayPal Ex. 1009, p. 2
`PayPal v. IOENGINE
`
`

`

`Patent Application Publication Oct. 10, 2002 Sheet 2 of 6
`
`US 2002/0147912 Al
`
`/ 1 0A
`
`FIG. 2A
`
`/ 1 0B
`
`L ff;;ff/7
`
`FIG. 2B
`
`10C~
`
`FIG. 2C
`
`PayPal Ex. 1009, p. 3
`PayPal v. IOENGINE
`
`

`

`Patent Application Publication Oct. 10, 2002 Sheet 3 of 6
`
`US 2002/0147912 Al
`
`SENSE KEY INSERTION OR PRESENCE
`(E.G. PLUG AND PLAY, DISCOVERY)
`
`IDENTIFY KEY
`
`CONFIGURE INTERFACE
`
`EXECUTE INITIAL KEYLET
`FROM KEY (UNSECURE)
`
`ACCESS DATA FROM KEY
`AS NECESSARY
`
`EXECUTE AUTHENTICATION ROUTINE
`
`PROVIDE USER AUTHENTICATION INTERFACE
`
`RECEIVE AUTHENTICATION INDICIA
`FROM USER
`
`100
`
`102
`
`104
`
`106
`
`108
`
`110
`
`112
`
`114
`
`YES
`
`NO
`
`118
`
`HAVE USER REENTER
`AUTHENTICATION INDICIA
`OR END PROCESS
`
`EXECUTE KEYLETS BASED ON AUTHENTICATION
`(I.E. SECURITY LEVEL, USER, ETC.)
`
`120
`
`FIG. 3A
`
`PayPal Ex. 1009, p. 4
`PayPal v. IOENGINE
`
`

`

`Patent Application Publication Oct. 10, 2002 Sheet 4 of 6
`
`US 2002/0147912 Al
`
`122
`
`124
`
`126
`
`130
`
`ACCESS DATA FROM KEY AS NECESSARY
`BASED ON AUTHENTICATION
`
`UPDATE KEY BASED ON USER INTERACTION,
`IF DESIRED (E.G. AUTOMATICALLY,
`SCHEDULED EXIT, OR USER REQUEST)
`
`MONITOR FOR DE-INSERTION OR
`LOSS OF PRESENCE
`
`NO
`
`YES
`
`CLEAN RESIDUE LEFT FROM
`USER INTERACTION
`
`FIG. 3B
`
`PayPal Ex. 1009, p. 5
`PayPal v. IOENGINE
`
`

`

`'"""
`>
`'""" N
`\0
`-..J
`'"""
`,i;;..
`0
`~
`0
`0
`N
`'Jl
`d
`
`O'I
`
`0 ....,
`Ul
`~ ....
`'Jl =(cid:173)~
`
`'""" ~=
`
`:-'"
`I")
`0
`
`N
`0
`0
`N
`
`.... 0 =
`~ ....
`O' -....
`~
`.... 0 =
`~ ....
`~ "Cl -....
`~ .... ~ = ....
`
`I")
`
`I")
`
`""C
`
`FIG. 4
`
`PayPal Ex. 1009, p. 6
`PayPal v. IOENGINE
`
`DATA FILES
`
`WEB
`
`64
`
`DATA FILES
`
`CORE
`
`62
`
`DATA FILES
`
`60
`
`AUX.
`
`74
`API
`EXTENDED
`
`SERVICES
`
`PARTY
`TH;RD
`
`70
`
`I,
`
`l
`
`'
`
`l
`
`•
`
`KEY MANAGER (KM)
`
`58
`
`72
`API
`MAN
`KEY
`
`. SERVICES
`
`CORE
`
`. SERVLETS -
`
`WEB
`
`------~
`68
`
`•l
`
`66
`
`.
`
`WEB
`
`KEYLETS
`
`56
`
`v.--, ------.----------
`
`KEYLETS
`
`CORE
`
`l
`
`54
`
`KEYLETS
`
`AUX.
`
`'
`52
`
`SERVER ARCHITECTURE
`
`-------~
`
`~--------
`
`__,A.._
`
`KEY ARCHITECTURE
`
`

`

`Patent Application Publication Oct. 10, 2002 Sheet 6 of 6
`
`US 2002/0147912 Al
`
`I
`
`@:JI
`
`,.-76
`
`ML AREA
`80
`
`FIG. 5
`
`I
`.......
`1 HELP r
`82
`I END,--
`
`84
`
`I
`
`LAUNCH
`BUTTON
`\
`'--86
`
`,.-16
`
`ML AREA
`80
`
`88
`
`90
`
`92
`
`82
`
`84
`
`HELP
`
`END
`
`MY
`BOOKMARK
`
`E-CART
`
`E-WALLET
`
`LAUNCH
`BUTTON
`
`86
`
`FIG. 6
`
`96
`
`CONTENT
`PUSH SERVICE
`PUSH
`SERVLET
`98
`
`BBi
`
`WEB-BASED
`DESIGN/INPUT
`94
`
`PUSH
`KEYLET
`100
`
`ENCRYPTED
`ML FILE
`102
`
`ML AREA
`80
`
`FIG. 7
`
`1L~~011
`
`76
`
`82
`84
`
`HELP
`
`END
`
`86
`
`PayPal Ex. 1009, p. 7
`PayPal v. IOENGINE
`
`

`

`US 2002/0147912 Al
`
`Oct. 10, 2002
`
`1
`
`PREFERENCE PORTABILITY FOR COMPUTING
`
`PREFERENCE PORTABILITY FOR
`COMPUTING
`
`[0001] This application claims the benefit of provisional
`application serial No. 60/243,816, filed Oct. 27, 2000,
`entitled PORTABLE PRIVACY AND CONFIGURATION
`FOR COMPUTER AND WEB BASED APPLICATIONS,
`the disclosure of which is incorporated herein by reference.
`
`FIELD OF THE INVENTION
`
`[0002] The present invention relates to portable devices to
`facilitate computing, and in particular, relates to a portable
`device capable of interacting with a computing device to
`facilitate user interaction.
`
`BACKGROUND OF THE INVENTION
`
`[0003] Using multiple computers and multiple computing
`devices is becoming commonplace. The need or desire for
`people to use more than one computer in addition to mobile
`computing devices, such as personal digital assistants
`(PDAs) and mobile telephones accessing the Internet, is
`increasing for private and business use. These users fre(cid:173)
`quently access the Internet and demand customization of
`their computing environments. For example, most users
`customize their desktop and browser settings to provide a
`friendly interface as well as make favorite web pages readily
`accessible with organized bookmark settings. Unfortunately,
`such settings configured on one computing device are not
`readily portable to other computing devices. The other
`computing devices typically require replicating configura(cid:173)
`tion information to arrive at the preferred settings that are
`frequently used. Although users that interact with different
`computing devices on a routine basis would often benefit
`from having customized settings available on each device,
`the limited use on any one computing device does not
`outweigh the time and effort necessary for customization.
`When a user accesses the web from a public or shared host
`system, the web browser does not contain a user's setup and
`preferences, but rather those of the host system. In addition,
`shared access may compromise the privacy of the owner of
`the system as well as that of the user.
`
`[0004] The increase in mobile computing also corresponds
`to concerns about privacy. Administrators of computing
`devices want to make sure that users are authorized to use
`the computer and control access to the various programs and
`data available from the computer. Second, users would like
`the freedom to use computing devices as desired without
`leaving readily accessible records of their activities, which
`are available by viewing cookies, computing or browsing
`histories, and the like.
`
`[0005] As such, there is a need for a way to provide
`portability of customization options and settings to optimize
`interactions on multiple computing devices. There is a
`further need to address the privacy and security issues
`associated with computing on multiple computing devices
`on commercial and personal levels.
`
`SUMMARY OF THE INVENTION
`
`[0006] The present invention relates to a portable device
`configured to interact with a number of host computing
`devices. The portable device primarily includes memory
`
`having software capable of running on one of the host
`computing devices. The memory will be associated with an
`interface to facilitate interaction with one or more of the host
`computing devices. Although the portable device is prima(cid:173)
`rily a memory device, the portable memory device may
`include control circuitry to assist in interaction with the host
`computing devices as well as organizing the data stored
`thereon.
`[0007] The present invention uses a portable memory
`device to directly or wirelessly interact with one or more
`host computing devices to provide a customized configura(cid:173)
`tion for one or more aspects associated with a computing
`session. In particular, software on the portable device will
`automatically execute on the host computing device after the
`host computing device recognizes the presence of the por(cid:173)
`table device. The software provides instructions for the host
`computing device to launch a select program on the host
`computing device and provide a customized configuration
`for the program. The customized configuration is based on
`information stored on the portable device. As such, the
`portable device may automatically set preferred interface or
`program configurations personalized
`to
`the user. For
`example, the interface settings for a desktop, productivity, or
`browser application may be tailored as defined by informa(cid:173)
`tion stored on the portable device. Other settings, such as
`bookmarks for a browser, may be stored on the portable
`device and made available to the program launched on the
`host computing device.
`[0008] Preferably, the portable computing device will
`emulate a file system in memory of the host computing
`device, such as a hard disk drive, wherein the software and
`data appear as a file system or other memory available to the
`host computing device. The portable device may interact
`with the host computing device through a direct or wireless
`interface. Preferably, most of the information provided on or
`by the portable device is encrypted to enhance security. Data
`compression techniques are available to max1m1ze the
`amount of information capable of being stored on the
`portable device.
`[0009]
`to customizing select programs
`In addition
`launched on the host computing device, the present inven(cid:173)
`tion may provide an authentication procedure. Authentica(cid:173)
`tion may include receiving authentication indicia from the
`user via an interface on the host computing device and
`determining if the authentication information received from
`the user matches authentication indicia stored on the por(cid:173)
`table device. As such, protection is provided to prevent
`non-authorized users from using the portable device. The
`portable device may also be configured to remove remnants
`or records of user interaction during a computing session
`from the host computing device to enhance the privacy
`associated with the computing session.
`[0010] The present invention may be implemented on
`numerous types of portable devices as well as in software
`provided on a computer readable medium, such as a compact
`disk, floppy disk, or the like, capable of being provided to or
`stored on the portable device according to the present
`invention.
`[0011] Those skilled in the art will appreciate the scope of
`the present invention and realize additional aspects thereof
`after reading the following detailed description of the pre(cid:173)
`ferred embodiments in association with the accompanying
`drawing figures.
`
`PayPal Ex. 1009, p. 8
`PayPal v. IOENGINE
`
`

`

`US 2002/0147912 Al
`
`Oct. 10, 2002
`
`2
`
`BRIEF DESCRIPTION OF IBE DRAWING
`FIGURES
`
`[0012] The accompanying drawing figures incorporated in
`and forming a part of the specification illustrate several
`aspects of the invention, and together with the description
`serve to explain the principles of the invention.
`
`[0013] FIG. 1 is an illustration of a computing environ(cid:173)
`ment compatible with the operation of the present invention.
`
`[0014] FIG. 2A illustrates a portable key that is capable of
`being inserted into and interacting with multiple computing
`devices according to the present invention.
`
`[0015] FIG. 2B is a smart card configured to interact with
`multiple computing devices according to the present inven(cid:173)
`tion.
`
`[0016] FIG. 2C is a remote communication device, such
`as a transponder, configured to interact with multiple com(cid:173)
`puting devices according to the present invention.
`
`[0017] FIGS. 3A and 3B are a flow chart outlining a basic
`process for interacting with multiple computing devices
`according to the present invention.
`
`[0018] FIG. 4 illustrates a software architecture according
`to a preferred embodiment of the present invention.
`
`[0019] FIG. 5 illustrates an exemplary launching bar
`provided by the present invention.
`
`[0020] FIG. 6 represents an expansion window associated
`with the launching bar illustrated in FIG. 5.
`
`[0021] FIG. 7 illustrates a preferred service providing a
`content push for the markup language area of the launching
`bar illustrated in FIG. 5.
`
`DETAILED DESCRIPTION OF IBE
`PREFERRED EMBODIMENTS
`
`[0022] The present invention provides a portable memory
`device capable of interfacing with a number of computing
`devices. The portable memory device, referred to generally
`as a key, is preferably configured to provide one or more
`applications capable of running on a computing device,
`generally referred to as a host, to facilitate user interaction.
`Preferably, the user interaction is embraced with one or more
`privacy and security measures.
`
`[0023] The embodiments set forth below represent the
`necessary information to enable those skilled in the art to
`practice the invention and illustrate the best mode of prac(cid:173)
`ticing the invention. Upon reading the following description
`in light of the accompanying drawing figures, those skilled
`in the art will understand the concepts of the invention and
`will recognize applications of these concepts not particularly
`addressed herein. It should be understood that these appli(cid:173)
`cations and concepts fall within the scope of this disclosure
`and the accompanying claims.
`
`[0024] With reference to FIG. 1, a basic representation of
`a computing environment consistent with the implementa(cid:173)
`tion of the present invention is illustrated. At the heart of the
`invention is the portable memory device, which is referred
`to as a key 10. The key 10 is configured to interact with any
`number of computing devices, which are referred to as hosts
`12. Each host 12 will typically interact with one or more
`
`servers 14 via a network 16, which may include a local area
`network (LAN), the Internet, or a combination thereof.
`[0025] The key 10 will primarily include memory 18
`having software 20 capable of running on one of the hosts
`12, and data 22. The memory 18 will be associated with a
`key interface 24 to facilitate an interface with one or more
`of the hosts 12. Although the key 10 is primarily a memory
`device, the key may include control circuitry to assist in
`interaction with the host as well as organizing the data 22.
`Preferably, once an interaction between the key 10 and a
`host 12 is established, the memory 18 will emulate a file
`system on a memory device, such as a hard disk drive,
`accessible by the host 12 wherein at least certain aspects of
`the software 20 are capable of running or executing on the
`host 12.
`[0026]
`In the preferred embodiment, the key 10 will
`include four or more megabytes of flash memory and a
`built-in USE sleeve interface. When the key 10 is plugged
`into a USE port of a host 12, the key 10 will emulate a file
`system on a solid state mass storage device, and via plug(cid:173)
`and-play functionality, rely on device drivers that are typi(cid:173)
`cally associated with the host's operating system. The key
`10 is preferably configured for autorun capability, which
`may emulate that of a CD-ROM autorun configuration. This
`configuration will allow a start-up application stored on the
`key 10 to start executing when the key 10 is plugged in to
`the USE port of the host 12. Those skilled in the art will
`recognize a variety of configurations for the key 10 wherein
`when the key 10 is placed into or associated with the host 12,
`one or more applications are automatically executed by the
`host 12. The organization of the memory 18 will preferably
`resemble a file structure addressable by the host 12. Pref(cid:173)
`erably, the software 20 will include Java applets, Active-X
`components, or the like capable of automatically running on
`the host 12 upon engaging the key 10 with the host 12, or
`otherwise establishing an interaction between the two
`devices. Additional detail is provided below.
`[0027] The host 12 may take many forms, including a
`personal computer (PC), workstation, personal digital assis(cid:173)
`tant (PDA), notebook computer, web-enabled mobile tele(cid:173)
`phone, or the like. The host 12, regardless of form, will
`typically include a central processing unit (CPU) 26 asso(cid:173)
`ciated with memory 28 having the requisite software 30 and
`data 32 for operation. Typically, a user interface 34 is
`provided to facilitate interaction with the host's user, which
`is preferably the owner of the key 10, who is interacting with
`the host 12. The CPU 26 is preferably associated with a key
`interface 36 to facilitate interaction with the key 10, and a
`network interface 38 to facilitate interaction with any num(cid:173)
`ber of devices associated with network 16, such as the
`servers 14.
`
`Importantly, the software 20 on the key 10 is
`[0028]
`configured to readily execute on the host 12 upon interface.
`For example, the key 10 may be compatible with Windows
`plug-and-play capability, and the key interface 24 may be
`USE compatible, wherein when the key 10 is plugged into
`the key interface 36 of the host 12, the host 12 will recognize
`the key 10 and execute select applications or functions
`provided by the software 20 of the key 10.
`
`[0029] The host 12 is preferably configured to access
`various servers 14 over the network 16 upon executing
`applications or functions of the key 10. These servers 14
`
`PayPal Ex. 1009, p. 9
`PayPal v. IOENGINE
`
`

`

`US 2002/0147912 Al
`
`Oct. 10, 2002
`
`3
`
`may be configured in any number of ways. The servers 14
`may be traditional application servers facilitating the func(cid:173)
`tion of the host 12, or may be web servers capable of
`downloading markup language content upon request from a
`browser running on the host 12.
`
`[0030] The server 14 will typically include a CPU 40
`having memory 42 with the requisite software 44 and data
`46 to facilitate operation. The server 14 will typically
`include a user interface 48 and a network interface 50
`cooperating with the CPU 40. The user interface 48 allows
`a direct interface with the server 14, wherein the network
`interface 50 facilitates interaction with any number of net(cid:173)
`work devices, including other servers 14 and hosts 12.
`
`[0031] Turning now to FIGS. 2A-2C, the key 10 may take
`on any number of configurations. The preferred embodiment
`is shown in FIG. 2A wherein the key 10 takes the form of
`a physical key-like device lOA capable of being plugged
`into a USE port or other readily accessible port on the host
`12. Preferably, the key lOA is light and portable enough to
`be carried on a key chain or the like. FIG. 2B represents a
`smart card lOB capable of carrying out the concepts of the
`present invention. The smart card l0B may be a contact(cid:173)
`based or a contactless (wireless) smart card lOB capable of
`interacting with the host 12 as described above. FIG. 2C
`depicts a wireless communication device l0C, such as a
`transponder, capable of facilitating wireless communica(cid:173)
`tions with the host 12. Whereas a physical connection with
`a key 10 may implement the Windows plug-and-play inter(cid:173)
`face, a wireless device l0C may incorporate an automatic
`detection or sensing technology, such as the discovery
`process used by Bluetooth, which is well documented and
`available to those skilled in the art. The key 10 may also be
`implemented in a wireless personal digital assistant (PDA),
`mobile terminal, such as a mobile telephone, or like portable
`computing device. The applications or functions stored on
`the key 10 and capable of executing on the host 12 are
`referred to in general as key lets. As discussed below, keylets
`may also reside on a host system itself, depending on the
`security level associated with that host 12. Typically, keylets
`are assigned a class indicating the basic functionality of the
`keylet, and preferably a security level corresponding to the
`functionality of the keylet. The keylets are preferably Java
`applets, but may incorporate any software technology facili(cid:173)
`tating ready execution on a host 12. The key lets may provide
`any number of functions, several of which are discussed in
`detail below.
`
`[0032] A generic process providing multiple functions is
`outlined in the flowchart of FIGS. 3A and 3B, wherein user
`authentication is required before a certain function or inter(cid:173)
`action is allowed by the host 12. Further, upon completion
`or termination of the interaction or function, remnants
`indicative of the user's interaction are removed from the
`host 12 to facilitate privacy.
`
`[0033] The process begins when the key 10 is inserted into
`or placed within communication range of the host 12 (block
`100). Preferably, the key 10 is identified (block 102) and the
`communication interface is configured to facilitate interac(cid:173)
`tion (block 104). One of the keylets may be programmed to
`configure the user's desktop and basic interface features. For
`example, the user may have a keylet configured to set
`preferred color schemes for the desktop, provide a select
`screen saver after a certain period of dormancy, or activate
`
`a particular application. For example, the user may want a
`light green desktop with a screen saver using a favorite
`wallpaper after ten minutes of dormancy. Further, the user
`may have the keylet automatically configure Microsoft
`Outlook to check e-mail from a select pop email server, as
`well as launch Microsoft Word and Excel. The keylet may
`launch Word and Excel to have the user's favorite toolbars
`and settings. Internet Explorer or other browser may be
`launched with bookmarks stored on the portable device. This
`type of functionality is available on any host 12 capable of
`interacting with the key 10. Preferably, the key 10 is
`configured to be readily operable with any number of
`computing devices acting as host 12.
`
`[0034] Regardless of the function provided, a specific
`keylet is typically configured to initially execute on the host
`12 (block 106). Generally, the initial keylet to execute is a
`basic keylet requiring little or no security to execute. The
`execution of the key let may require access to data stored on
`the key (block 108).
`[0035]
`In this example, the initial keylet runs an authen(cid:173)
`tication routine to ensure that the holder of the key 10 is
`authorized to use the key 10 in association with the host 12
`(block 110). Typically, the authentication routine will pro(cid:173)
`vide a user authentication interface (block 112) requiring a
`password, logon information, or biometric indicia from a
`biometric reader (not shown) associated with the host 12. In
`response, the user will provide authentication indicia to the
`host 12. The authentication routine, which is running on the
`host 12, will receive the authentication indicia from the user
`(block 114), and determine if the user is authenticated (block
`116).
`
`[0036]
`If the authentication indicia does not match that
`stored on the key 10 or otherwise associated with the
`authentication routine (block 116), the keylet may have the
`user re-enter the authentication data, or may simply end the
`process (block 118). If the user is authenticated (block 116),
`one or more additional keylets based on the user authenti(cid:173)
`cation are executed according to the interaction of the user
`(block 120). Notably, as will be discussed in further detail
`below, the keylets available for use may be based on a
`security level corresponding to the authentication.
`
`[0037] During execution of any of the key lets, data may be
`accessed from the key 10 as necessary based on the keylet
`and the authentication or security level (block 122). Further,
`the data 22 stored on the key 10 may be updated based on
`the user interaction as desired (block 124). The user may
`also be queried to update data 22 on the key 10. Alterna(cid:173)
`tively, key lets may be configured to automatically update the
`key 10 without informing the user. Those skilled in the art
`will recognize the various options capable of being provided
`to the user.
`
`[0038] Depending on the keylet being executed, the user
`may indicate a desire to end the session, wherein the keylets
`or data involved in the interaction may be updated as
`necessary. Throughout this process, one or more of the
`keylets may monitor for the insertion or loss of presence of
`the key 10 (block 126). If the key 10 is not removed (block
`128), the process will repeat. If the key has been removed
`(block 128), one or more of the keylets will preferably
`continue to run on the host to clean any residue left from the
`user interaction (block 130). Cleansing the residue from the
`host 12 will preferably include removing any cookies,
`
`PayPal Ex. 1009, p. 10
`PayPal v. IOENGINE
`
`

`

`US 2002/0147912 Al
`
`Oct. 10, 2002
`
`4
`
`histories, information in cache, or other memory indicative
`of the user's interaction. Such a cleansing is also preferable
`upon a scheduled termination of the session, wherein the
`cleansing will occur upon the user signaling for an end of the
`interaction. The automatic cleansing upon removal of the
`key 10 is a safeguard for those forgetting to properly end the
`session and simply removing the key 10 without providing
`the host 12 forewarning.
`
`In the preferred embodiment, the key 10 will
`[0039]
`include multiple keylets providing various functions. The
`keylets may have access to common data files or select,
`corresponding data files. An exemplary architecture is pro(cid:173)
`vided in FIG. 4 for the key 10 and a server 14 configured to
`interact with select ones of the key lets while operating on the
`host 12. For purposes of illustration, three keylets are
`illustrated: auxiliary keylets 52, core keylets 54, and web
`keylets 56. Each of the keylets preferably interacts with a
`key manager (KM) application 58 capable of managing
`interaction among keylets and between keylets and associ(cid:173)
`ated data files: auxiliary data files 60, core data files 62, and
`web data files 64. Depending on the functionality of the
`keylets and the business models for marketing keys 10
`having the various keylets, the core key lets may be provided
`by the provider or manufacturer of the key 10. The web
`keylets 56 are particularly configured for interaction with
`one or more servers 14 when the keylets are executed on the
`host 12.
`
`[0040] As illustrated, the server architecture may include
`web servlets 66 configured to facilitate interaction between
`the web key lets 56 and the web servlets 66 running on server
`14 via the network 16. Notably, servlets 66 are similar to
`keylets, with the exception that they are stored and run on
`the server 14. Notably, any of the keylets 52, 54, 56 may
`provide any type of functionality, and are only illustrated as
`being different for the purposes of description. As such, the
`auxiliary keylets 52 may be provided by business partners
`associated with the providers or makers of the key 10. The
`core keylets 54 may provide functionality basic to the core
`elements of the key 10, wherein the auxiliary key lets 52 may
`provide functionality corresponding to a particular function
`associated with the given business. The auxiliary, core, and
`web data files 60, 62, 64 are preferably used to store data
`used or provided by the auxiliary, core, and web keylets 52,
`54, 56, respectively. Preferably, the keylets use compression
`and encryption techniques to minimize the impact on
`memory as well as to provide secure transfer of data between
`the executing keylets and the various data files 22 stored on
`the key 10.
`
`[0041] The key manager 58 may also provide various
`levels of security for keylets and data files. For example, an
`initial security level may allow access only to select data
`files and keylets, whereas an authorization corresponding to
`a higher-level security may provide access to all of the data
`files and use of all of the keylets. Further examples of
`security levels and use of security are described in greater
`detail below in association with particular keylets.
`
`[0042] The server architecture may include any number of
`servlets or services, such as the core services 68 or third
`party services 70. The core services 68 may correspond to
`the basic functionality of key interaction and use, wherein
`the third party services 70 may correspond to a business
`partner's application configured to run in association with
`
`the use of a key 10. Typically, the key manager 58 will
`interact with the various keylets using a key manager
`application program interface (API) 72, wherein the servlets
`and services may interact with each other through an
`extended API 74. The types of keylets available are limited
`only to the types of functionality required of the key 10.
`Further, multiple functions may be provided in a single
`keylet, or provided in a corresponding number of keylets,
`wherein one function corresponds to one keylet. The fol(cid:173)
`lowing outlines numerous functions that may be provided by
`keylets individually or in combination.
`
`[0043] The authentication function is a security feature
`that provides for user authentication when accessing a host
`12 or services on the host 12. To access the authentication
`function, the user must engage the key 10 with the host 12
`by actually plugging the key 10 into the host 12, or by
`placing the key 10 within a certain proximity to the host 12
`(wireless). Once the host 12 recognizes the key 10 and
`executes a keylet providing the authentication function, the
`user is preferably queried to enter a user name and password.
`Once entered, the keylet will confirm or deny the user name
`and password entered by the user with information stored,
`and preferably encrypted, on the key 10. Assuming that the
`user name and password are authenticated, access to at least
`a portion of the services provided by the key 10, and perhaps
`by the host 12, are authorized. Different passwords and user
`names may be used in various combinations to access
`various levels of security and may be provided by the key
`10. The authentication function is particularly useful when
`combined with other functions provided in the same or
`different keylets.
`
`[0044] A second function made possible by the present
`invention relates to private and secure Internet access on
`multiple hosts 12. When a user normally accesses the
`Internet from a public or shared host system, the host's web
`browser does not contain the user's normal setup and
`preferences found on the user's home PC, but rather those of
`the host 12 being used. In addition, shared access may
`compromise the privacy of the owner of the host system as
`well as that of the user.
`
`[0045] With the present function, upon interaction of the
`key 10 with the host 12, a "private" web browser is launched
`from the host 12 upon execution of the keylet providing the
`function. Preferably, the keylet launches the web browser on
`the host and causes the web browser to fetch select infor(cid:173)
`mation relating to desired settings, preferences, bookmarks,
`and the like, from the key 10, thereby protecting the security
`and privacy of both the owner and the user of the system,
`while allowing the user to apply his preferences and infor(cid:173)
`ma