(12) United States Patent
`DiGiorgio et al.
`
`I 1111111111111111 11111 111111111111111 IIIII IIIII IIIII IIIII IIIIII IIII 11111111
`US006385729Bl
`US 6,385,729 Bl
`May 7, 2002
`
`(10) Patent No.:
`(45) Date of Patent:
`
`(54) SECURE TOKEN DEVICE ACCESS TO
`SERVICES PROVIDED BY AN INTERNET
`SERVICE PROVIDER (ISP)
`
`WO
`
`WO 98/06054
`
`2/1998
`
`OTHER PUBLICATIONS
`
`(75)
`
`Inventors: Rinaldo DiGiorgio, Stony Brook, NY
`(US); Michael S. Bender, Boulder
`Creek, CA (US)
`
`(73) Assignee: Sun Microsystems, Inc., Palo Alto, CA
`(US)
`
`( *) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by O days.
`
`(21) Appl. No.: 09/085,075
`
`(22) Filed:
`
`May 26, 1998
`
`(51)
`(52)
`(58)
`
`Int. Cl.7 ................................................ G06F 12/14
`U.S. Cl. ........................................ 713/201; 713/172
`Field of Search ................................. 713/172, 159,
`713/170, 171, 173, 201; 705/50, 17, 51,
`26, 52, 27, 53, 40, 43, 44, 45; 340/825.31,
`825.34; 348/7
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`12/1996 Turban ........................ 379/58
`5,586,166 A
`9/1997 Newman .................... 235/375
`5,665,951 A
`6,038,367 A * 3/2000 Abecassis .. ... ... ... ... ... .. . 386/46
`
`FOREIGN PATENT DOCUMENTS
`
`EP
`EP
`EP
`WO
`WO
`
`644 513
`0833285 A2 *
`833 285
`WO 93/06546
`WO 97/14118
`
`3/1995
`9/1997
`4/1998
`* 11/1991
`4/1997
`
`Java card Internet, Scott, Guthery, 2 pages, Feb. 1997.*
`Dallas Semicondutor Java Links iButton, 1 page, Aug.
`1997.*
`"Java links ibutton to the internet," Dallas semiconductor
`press releases, Online! (1997) pp 1-3, XP002130009,
`<URL:http://www.dalsemi.com/News_Center/Pr.
`Guthery, "Java card: Internet computing on a smart card,"
`IEEE Internet computing, pp. 57-59 (1997).
`
`* cited by examiner
`
`Primary Examiner-James P. Trammell
`Assistant Examiner-Pierre E Elisca
`(74) Attorney, Agent, or Firm----Lahive & Cockfield, LLP
`
`(57)
`
`ABSTRACT
`
`A secure token device, such as a smart card or an ibutton,
`provides a user with a vehicle for accessing services that are
`provided by an Internet Service Provider (ISP). The user
`places the secure token device in communication with a
`reader that is coupled to a computer system. The computer
`system includes a web browser for accessing the services
`provided by the ISP. The secure token device may perform
`an authentication protocol to authenticate itself to the ISP.
`The ISP may also be required to authenticate itself. The
`secure token device may hold an electronic currency token
`for payment of services rendered by the ISP. The secure
`token device may contain stored personal information about
`the user. The user may stipulate what portions of this
`personal information are provided to the ISP upon request.
`Contextual information regarding sessions with the ISP may
`also be stored on the secure token device and used to restore
`a context of a previous session during a subsequent session.
`
`34 Claims, 10 Drawing Sheets
`
`ACCESS ISP
`
`USER DESIRES TO
`ACCESS SERVICE
`PROVIDED BY ISP
`
`148
`
`ISP ISSUES
`CHALLENGE
`
`_..----- I 50
`
`SECURE TOKEN DEVICE
`RESPONDS
`
`152
`
`154
`IS RESPONSE PROPER? >--_N_O _ _ ~
`
`YES
`CHALLENGE ISSUED ___.-156
`TO ISP
`
`162
`
`ISP SUBMITS RESPONSE
`
`SERVICES YES
`ACCESSED
`
`IS RESPONSE PROPER?
`
`158
`160
`
`164
`
`C RETURN )
`
`PayPal Ex. 1010, p. 1
`PayPal v. IOENGINE
`
`

`

`U.S. Patent
`
`May 7, 2002
`
`Sheet 1 of 10
`
`US 6,385,729 Bl
`
`10
`
`12
`
`14
`
`IG
`
`SECURE
`TOKEN
`DEVICE
`
`REl9DE/2
`
`15
`
`REMOTE
`SYSTEM
`
`R..EMOTE
`SERVE~
`
`FIG. I
`
`/0
`
`/{3
`
`~I~ - -
`FIG.2A
`
`- - 2 2
`
`__,,,,--/0
`
`)
`\._20
`
`FIG. 2B
`
`PayPal Ex. 1010, p. 2
`PayPal v. IOENGINE
`
`

`

`U.S. Patent
`
`May 7, 2002
`
`Sheet 2 of 10
`
`US 6,385,729 Bl
`
`POWE/21 24
`C3£0llNO, 2G
`
`RESET,
`30
`
`CHECk,
`..32-
`
`OPT/ONrtL.,
`..34
`
`JNPUT/OUTPll'l;
`28
`
`OPTIONrlL1
`..36
`'-..__/O
`
`OPJgN/1L1
`
`FIG. 2C
`
`,39
`
`FIG,3
`
`.SECURE TOKEN DEVICE, 10
`
`lv1ICRO-
`PR.OCESS0/2
`
`40
`
`-
`
`STORJlGE 42
`7
`
`J
`
`13PPLETS
`.£SP/JPPLET
`f3r7Nf<ING ,c/PPLET
`USER PROFILE
`Javocord 13P J
`JovoCord VM
`
`FIG.4
`
`v-41
`
`-r----
`
`- r -
`
`~ r-
`
`- t -
`
`-
`
`r---
`
`44
`4G
`46
`60
`52
`
`PayPal Ex. 1010, p. 3
`PayPal v. IOENGINE
`
`

`

`U.S. Patent
`
`May 7, 2002
`
`Sheet 3 of 10
`
`US 6,385,729 Bl
`
`~
`
`CPU
`
`l<eyboorc:I
`.SG
`-
`
`I
`I
`
`I
`I
`Primary
`G.
`~
`5t;orage
`76
`/'lpplications
`'1.
`V-
`OS
`~
`7.:
`'."2----
`web browser
`·...._
`Java V!v1
`74
`open card
`71 ~
`4P/
`
`COMPUTE SCREEN, 14
`
`Video
`Dlsploy
`
`..56
`-
`
`I
`I
`
`Mouse
`GO
`-
`
`I
`7
`
`Secondaty Nerwork
`;:ldaptor
`.Image
`6G
`-
`
`64
`
`Modern
`
`G2.
`-
`
`c aqes, 78 'l
`a
`J, ova Ci rd Pa /.<.
`JOVOlong
`
`_L,.---
`
`60
`
`javacard.fromeworl< -1..---
`
`62
`
`Jovacardx framework L--
`
`cJ4
`
`JOVOCOrdX crypto
`
`- L--
`
`66
`
`JOvacardxcr!Jpt:oEnc _1..---
`
`88
`
`FIG.5
`
`FIG.6
`
`OpenCard 11P f
`
`76
`
`.90
`
`92
`
`94
`
`CardTerrnfnal
`
`Card/9gent"
`
`Card.IO
`
`FIG.
`7A
`
`63
`
`Caret Terrn/nal Factory
`
`85
`
`c}/
`
`Card lerrnina I
`
`Card Term/no/ Reg1st-ry
`
`89
`Cord£D
`
`6719
`
`Sloe
`
`Slot:
`
`FIG. 7B
`
`PayPal Ex. 1010, p. 4
`PayPal v. IOENGINE
`
`

`

`U.S. Patent
`
`May 7, 2002
`
`Sheet 4 of 10
`
`US 6,385,729 Bl
`
`93
`
`Cordrlgent:Foct:o,ry
`
`95
`
`CardrlgenrFact:oryReg1Btr!:f
`
`9/
`
`FIG. 7C
`
`103
`
`Card/2andon7HCCessA!e
`
`99C
`
`CardF1/e
`
`CarciFtle
`
`998
`
`Cord File
`
`99,q
`
`.S177art:Carci 97 FIG. 7D
`
`/00
`
`102
`
`Mondat:-or3 Header
`
`/04
`
`Cornrnoncl 4PDU
`Conci,fional /3ody
`Dara L
`Le Field
`e
`//4
`116
`118
`
`Pl
`
`P2
`
`//0
`
`//2
`
`FIG.BA
`
`/ /0/
`Response 19PDU
`/20 Conditional
`L -
`/5octy
`,D:::r~a field
`/24 ....,/
`
`Mandaro,y
`Trailer
`
`.SW/
`I.ZG J
`
`l2c3 _/
`
`I 511/.Z FIG.BB
`
`~ /22
`
`PayPal Ex. 1010, p. 5
`PayPal v. IOENGINE
`
`

`

`N
`-...,l
`"'(J)
`~
`~
`O'I
`rJ'J.
`
`e
`
`'° ~
`
`i,-
`
`ACCESS
`
`USER DENIED
`
`YES
`
`TRIES BEEN REACHED?
`
`HAVEMAX#OF
`
`RETURN
`
`146
`
`NO
`
`140
`
`PIN ENTERED ?
`
`CORRECT
`
`ACCESS ~
`\NTED I YES
`
`PayPal Ex. 1010, p. 6
`PayPal v. IOENGINE
`
`NO
`
`144
`
`138
`
`STORED ON SERVICE TOKEN DEVICE
`
`PIN IS COMPARED TO THAT
`
`142
`
`'"""' 0
`0 ....,
`Ul
`~ ....
`'JJ. =-~
`
`N
`~-..J
`~
`~
`
`0 s
`
`~ = ......
`~ ......
`~
`•
`r:JJ.
`d •
`
`I
`
`I
`
`136
`
`USER ENTERS PIN V
`
`USER IS PROMPTED ~ 134
`
`TO ENTER PIN
`
`132
`
`INFORMS COMPUTER SYSTEM
`
`TOKEN DEVICE AND
`PRESENCE OF SECURE
`
`READER DETECTS
`
`130
`
`READING BYREADER
`
`DEVICE FOR
`
`SECURE TOKEN
`USER POSITIONS
`
`LOGIN
`
`FIG.9
`
`

`

`U.S. Patent
`
`May 7, 2002
`
`Sheet 6 of 10
`
`US 6,385,729 Bl
`
`ACCESS ISP
`
`USER DESIRES TO
`ACCESS SERVICE
`PROVIDED BY ISP
`
`148
`
`ISP ISSUES
`CHALLENGE
`
`150
`
`SECURE TOKEN DEVICE
`RESPONDS
`
`IS RESPONSE PROPER?
`
`YES
`CHALLENGE ISSUED
`TO ISP
`
`162
`
`ISP SUBMITS RESPONSE
`
`SERVICES
`ACCESSED
`
`YES
`
`IS RESPONSE PROPER?
`
`RETURN
`
`FIG. 10
`
`152
`
`154
`NO
`
`156
`
`158
`
`160
`NO
`
`164
`
`SERVICES NOT
`ACCESSED
`
`PayPal Ex. 1010, p. 7
`PayPal v. IOENGINE
`
`

`

`U.S. Patent
`
`May 7, 2002
`
`Sheet 7 of 10
`
`US 6,385,729 Bl
`
`PERSONAL INFO
`
`ISP REQUESTS
`INFORMATION FROM
`PROFILE
`
`166
`
`PERMISSIONS FOR
`ISP ACCESSED
`
`168
`
`170
`
`172
`
`ISP HA VE PERMISSIONS
`NEEDED?
`
`NO
`
`--------
`
`ISP DENIED
`REQUEST
`
`174
`
`176
`
`YES
`ISP GRANTED REQUEST
`
`ISP USES PERSONAL
`INFORMATION
`
`RETURN
`
`FIG. 11
`
`PayPal Ex. 1010, p. 8
`PayPal v. IOENGINE
`
`

`

`U.S. Patent
`
`May 7, 2002
`
`Sheet 8 of 10
`
`US 6,385,729 Bl
`
`184
`186
`
`188
`
`Profile
`
`Section A
`
`Name 1 =value 1
`-Name2=value2
`
`,,/ V
`
`-- l-----" 178
`
`180
`~
`
`Subsection A2
`Name3=<data> ~
`
`190
`
`Section B
`
`82
`i-----1
`
`-
`
`FIG.12
`
`PayPal Ex. 1010, p. 9
`PayPal v. IOENGINE
`
`

`

`U.S. Patent
`
`May 7, 2002
`
`Sheet 9 of 10
`
`US 6,385,729 Bl
`
`192
`
`194
`
`198
`
`200
`
`CONTEXT
`
`ISP REQUESTS
`CONTEXT FROM
`SECURE TOKEN DEVICE
`
`SECURE TOKEN DEVICE
`PROVIDES CONTEXT
`
`CONTEXT IS
`RESTORED
`
`196
`
`ISP SEEKS TO
`STORE NEW
`CONTEXT WITH
`SECURE TOKEN DEVICE
`
`SECURE TOKEN DEVICE
`STORES NEW CONTEXT
`
`RETURN
`
`FIG.13
`
`PayPal Ex. 1010, p. 10
`PayPal v. IOENGINE
`
`

`

`U.S. Patent
`
`May 7, 2002
`
`Sheet 10 of 10
`
`US 6,385,729 Bl
`
`BILLING
`
`USER SEEKS
`AN
`ISP SERVICE
`
`202
`
`ISP LEVIES CHARGE
`TO ACCESS SERVICE
`
`SECURE TOKEN DEVICE
`RETURNS TOKEN TO ISP
`
`ISP
`DEPOSITS
`TOKEN
`
`ISP GRANTS USER
`ACCESS TO SERVICE
`
`204
`
`206
`
`208
`
`210
`
`RETURN
`
`FIG. 14
`
`PayPal Ex. 1010, p. 11
`PayPal v. IOENGINE
`
`

`

`US 6,385,729 Bl
`
`1
`SECURE TOKEN DEVICE ACCESS TO
`SERVICES PROVIDED BY AN INTERNET
`SERVICE PROVIDER (ISP)
`
`TECHNICAL FIELD OF THE INVENTION
`
`The present invention relates generally to data processing
`systems and more particularly to secure token device access
`to services provided by an Internet Service Provider (ISP).
`
`BACKGROUND OF THE INVENTION
`
`10
`
`2
`the secure token device is of a size, shape and weight that it
`is easily carried by a user. The secure token device may even
`be wearable by a user. When a user wishes to access services
`provided by an ISP, the user puts a secure token device in
`5 communication with a reader. The reader is a device that is
`configured to read and communicate with the secure token
`device. The reader is coupled to a computer system, such as
`a personal digital assistant (PDA), workstation or a personal
`computer (PC). When the user places the secure token
`device in or against the reader (depending on the type of
`reader), the reader recognizes the insertion of the secure
`token device and prompts the computer system to begin
`communicating with the secure token device. The computer
`system may seek to verify that the user is the proper owner
`15 of the secure token device. To that end, the computer system
`may request that the user enter a personal identification
`number (PIN). The user enters a PIN and the PIN is
`compared with a PIN value that is stored on the secure token
`device. If the PIN value entered by the user matches the PIN
`value on the secure token device, the computer system
`verifies that the user is the owner of the secure token device
`and the process of accessing the ISP services may be
`initiated.
`The secure token device may hold identification informa(cid:173)
`tion that is globally unique across geographic and political
`boundaries. This identification information is held securely
`on the secure token device. It is difficult for a party to
`physically access the identification information. The secure
`token device serves as a physical token of authenticity for
`30 the party. In order to fraudulently use the secure token
`device, a party must both physically take the secure token
`device and also be aware of the PIN associated with the user
`of the secure token device. Hence, the use of the secure
`token device helps to decrease the probability of fraud.
`Contextual information (i.e., a context) may be stored on
`the secure token device of the user. The context may, for
`example, identify user preferences and configuration infor(cid:173)
`mation. When a user seeks to access the services of the ISP,
`the context from a previous session may be restored by
`40 retrieving the context from the secure token device. This
`ability to preserve context enhances the services provided to
`the user and eliminates the need for the user to recreate a
`context each time the user accesses ISP services.
`The secure token device may also support various elec-
`45 tronic banking or electronic commerce mechanisms that
`facilitate the exchange of electronic currency. The secure
`token device may be used in realizing payment for services
`provided by ISPs. The user may download currency tokens
`from the secure token device to the ISP to cover expenses
`50 associated with the services provided during a given session.
`This ability to receive payment for services during a session
`with the user enhances the ability of ISPs to tailor pricing
`schemes on a per use basis. An ISP may charge a user for the
`services rendered during a given session as opposed to using
`55 a flat rate scheme over an extended time period, such as a
`month or a year. Thus, users are charged on the basis of the
`resources they consume rather than on a flat rate basis.
`The secure token device of a user may contain personal
`information regarding a user, such as name, address, and
`60 credit card account information. The user has the ability to
`customize what portions of this personal information may be
`accessed by a service provider. Hence, the user may deter(cid:173)
`mine that an ISP should only be given access to the user's
`name and address and should not given access to the user's
`65 credit card account information. For another service
`provider, the user may grant the service provider full access
`to all of the personal information. This approach has the
`
`20
`
`An ISP is a vendor who provides customers with access
`to the Internet. Examples of ISPs include America Online
`(AOL), CompuServe and the Microsoft Network (MSN). In
`addition to providing access to the Internet, ISPs may also
`provide additional services to their customers, including
`chat rooms, news services, electronic mail messaging and
`bulletin board services.
`ISPs provide access to the Internet to customers by
`employing one or more Internet servers. These servers are
`directly connected to the Internet and act as conduits for
`customers to access web pages resident on other servers on
`the Internet. Typically, a customer uses a conventional
`modem to place a call to a designated ISP server. The
`modem need not be a conventional modem but may be 25
`instead, a cable modem or a wireless modem. The ISP server
`answers the call and a connection is established between the
`server and the customer's computer. After this connection is
`established, the customer is prompted to login. In particular,
`the customer is prompted usually to enter a user ID and a
`password. The information entered by the customer is com(cid:173)
`pared to data stored in a database with the ISP to determine
`whether the user is who the user purports to be. If the
`customer provides the proper information and has sufficient
`privileges, the customer is granted access to the Internet.
`There are a number of drawbacks associated with the
`above-described conventional approach to providing Inter(cid:173)
`net access to customers. First, the Internet Protocol (IP) is
`used for messaging addressing on the Internet and the
`protocol is a connectionless protocol. As such, the protocol
`does not support the persistent storage of contextual infor(cid:173)
`mation. Thus, any contextual information associated with
`one customer session on the Internet is not carried forward
`to the next customer session. Each session must start anew
`in creating a context. Second, the conventional approach to
`providing access to the Internet by ISPs is susceptible to
`fraud. If a party can obtain a user ID and password for a user,
`the party can gain access to the Internet via the user's
`account. Third, most ISPs currently provide only one variety
`of service such that all customers are offered this single
`variety of service. For example, all customers may be
`offered full access to a complete range of services provided
`by an ISP and all customers may be charged a flat fee for a
`designated time frame of service ( e.g. for a month of service
`or a year of service). Customers who use the services more
`frequently than other customers are not charged additional
`amounts. Hence, there is a lack of flexibility in the pricing
`and service options available to customers from ISPs in
`conventional systems.
`
`35
`
`SUMMARY OF THE INVENTION
`
`The present invention addresses the limitations of the
`prior art by providing users with secure token device access
`to services offered by ISPs. "Secure-token devices"are
`devices such as smart cards and ibuttons that hold currency
`tokens and other information in a secure fashion. Preferably,
`
`PayPal Ex. 1010, p. 12
`PayPal v. IOENGINE
`
`

`

`US 6,385,729 Bl
`
`5
`
`3
`added benefit of storing personal information more securely
`than instances where the personal information is stored on
`database maintained by an ISP. It should be noted, however,
`that ISPs may store additional information on secure token
`devices that is not readily accessible to users. A further
`benefit of this approach is that it gives the user control over
`what personal information the user grants to respective
`parties. Still, further, the storage of personal information on
`the secure token device facilitates companies to develop
`loyalty marketing programs, such as frequent flier programs.
`The frequent flier miles of a user may be stored on the secure
`token device, added to the storage on the secure token device
`and redeemed from the secure token device.
`BRIEF DESCRIPTION OF THE DRAWINGS
`An illustrative embodiment consistent with the principles
`of the present invention will be described below relative to
`the following drawings.
`FIG. 1 is a block diagram that illustrates hardware com(cid:173)
`ponents used to practice the illustrative embodiment of the
`present invention.
`FIGS. 2A and 2B illustrate the exemplary layout for a
`smart card to be used in the illustrative embodiment of the
`present invention.
`FIG. 2C illustrates the contacts on the smart card of FIG.
`2A in more detail.
`FIG. 3 illustrates an example of an ibutton ring to be used
`in the illustrative embodiment of the present invention.
`FIG. 4 is a block diagram illustrating computing compo(cid:173)
`nents on the secure token device.
`FIG. 5 is a block diagram illustrating components of the 30
`computer system of FIG. 1 in more detail.
`FIG. 6 illustrates the various Java packages that are found
`on the secure token device.
`FIG. 7Aillustrates object classes that are supported by the
`computer system of FIG. 1.
`FIG. 7B illustrates object-classes that are part of the
`CardTerminal component.
`FIG. 7C illustrates object-classes that are part of the
`CardAgent component.
`FIG. 7D illustrates object-classes that are part of the 40
`CardIO component.
`FIG. SA illustrates the logical format of a command
`APDU.
`FIG. SB illustrates the logical format of a response 45
`APDU.
`FIG. 9 is a flow chart that illustrates the steps that are
`performed when a user logs in via a secure token device.
`FIG. 10 is a flow chart illustrating the steps that are
`performed when a user desires to access services provided
`by an ISP.
`FIG. 11 is a flow chart illustrating the steps that are
`performed when an ISP seeks context information from a
`user.
`FIG. 12 illustrates the logical organization of a user 55
`profile.
`FIG. 13 is a flow chart illustrating the steps that are
`performed to restore a context in the illustrative embodiment
`of the present invention.
`FIG. 14 is a flow chart illustrating the steps that are
`performed in billing a customer for services rendered by an
`ISP.
`
`4
`by employing a secure token device, such as a smart card or
`an ibutton (such as produced by Dallas Semiconductor
`Corporation). The secure token device is a secure electronic
`device that holds globally unique identification information
`regarding the user. The user may be required to enter a
`password or PIN to verify that the user is the same party
`whose identification information is stored on the secure
`token device. The secure token device is programmed to
`support two-way verification between the user and the ISP.
`10 Specifically, the user must prove that the user is who the user
`purports to be, and the ISP must prove that the service is
`what it purports to be.
`The secure token device may hold contextual information
`on behalf of the user. The contextual information may
`15 capture the context of a previous session with the ISP. When
`the user again gains access to the services of the ISP, the
`context from the previous session may be restored. For
`example, user preferences and other contextual information
`that were entered in a previous session may be carried
`20 forward into the new session.
`The secure token device may run multiple programs. The
`programs may include code for facilitating access to the
`services of an ISP and code for electronic commerce trans(cid:173)
`actions. These transactions may entail the exchange of
`25 electronic currency in the form of tokens. Thus, when the
`user accesses a web site or other service that requires
`payment for the tendering of goods or services, the user can
`pay for the goods or services using the tokens contained
`services based on the secure token devices. It should be
`appreciated that the ISPs may serve the role of distributor for
`distributing the secure token devices to customer.
`The secure token device may hold information regarding
`the user that is potentially sensitive. The user has control
`35 over dissemination of this information. The user selects what
`portions of this information are available to respective
`requesters. Different requesters may be granted different
`permissions. For example, a first requester may receive a
`first set of personal information and a second requester may
`receive a second set of personal information that differs from
`the first set.
`The use of the secure token device enables ISPs to tailor
`their service offerings and billing options to individual users.
`The users may be offered different service options. For
`example, a first user may be offered a service option where
`the user is only permitted to browse the Internet. A second
`user, in contrast, is offered the ability to browse the Internet
`and to send emails, visit chat rooms and visit news sites. The
`second user may be charged additional amounts for the
`50 expanded service. Other types of expanded service may
`include secure email and authenticated connections with
`other users.
`FIG. 1 is a block diagram that illustrates several of the
`hardware components employed in the illustrative embodi(cid:173)
`ment consistent with the present invention. These compo(cid:173)
`nents include a secure token device 10 that is provided for
`a user. The secure token device 10 may be any secure device
`that is capable of holding electronic currency tokens, iden(cid:173)
`tification information and context information. Preferably,
`60 the secure token device is of an appropriate size, weight and
`shape to be portable and easily carried by a user. Suitable
`secure token devices include smart cards and ibuttons. A
`secure token device is an integrated circuit card that pref(cid:173)
`erably is sized to fit into a user's wallet or purse. Ideally, a
`65 smart card is the size of a credit card. The smart card has
`computer components such as a microprocessor and a stor(cid:173)
`age embedded in it. A smart card that may be used to practice
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`In the illustrative embodiment consistent with the present
`invention, a user gains access to services provided by an ISP
`
`PayPal Ex. 1010, p. 13
`PayPal v. IOENGINE
`
`

`

`US 6,385,729 Bl
`
`10
`
`5
`the present invention may comply with the ISO-7816 stan(cid:173)
`dard or the EMV integrated circuit card specification. For
`purposes of the discussion below, it is assumed that if a
`smart card is used as the secure token device, the smart card
`complies with the JavaCard 2.1 specification as defined by
`Sun Microsystems, Inc. The JavaCard 2.1 specification
`requires that the secure token device be capable of running
`programs written in the Java™ programming language. Java
`is a trademark of Sun Microsystems, Inc. Those skilled in
`the art will appreciate that the programs used to practice the
`present invention may be written in programming language
`other than Java™, including C, C++ and Basic.
`An ibutton is a computer chip that is housed in a cylin(cid:173)
`drical housing (such as a steel canister). The housing is
`designed to withstand the harsh conditions of outdoor envi(cid:173)
`ronments. The ibutton may be incorporated into a ring or
`other wearable item. For instance, ibuttons may be affixed to
`badges, watches, rings key chains and the like. The chip
`within the housing includes a microprocessor and may also
`contain computer memory, a clock or sensors. Such ibuttons 20
`are used by contacting the ibuttons with readers (e.g. "blue
`dot receptors") that are cabled into the serial ports of
`associated computers. A suitable ibutton for practicing the
`illustrative embodiment consistent with the present inven(cid:173)
`tion is the Java™ Ring produced by Dallas Semiconductor 25
`Corporation.
`The hardware components used in the illustrative embodi(cid:173)
`ment consistent with the present invention also include a
`reader 12. The reader 12 is a device for facilitating com(cid:173)
`munications between a computer system 14 and the secure 30
`token device 10. The reader 12 provides a path for applica(cid:173)
`tion programs run on computer system 14 to communicate
`with the secure token device 10. Preferably, when the secure
`token device is a smart card, the reader 12 is compliant with
`the OpenCard standard. The OpenCard standard is a stan- 35
`dard that provides for inter-operability of secure token
`device applications across devices, such as network
`computers, laptop computers, desktop boxes, desktop
`computers, cellular phones and personal digital assistants
`(PDAs). A number of different commercially available card 40
`terminals may be utilized as the reader 12 when the secure
`token device is a smart card. A suitable reader is the IBM
`594A card terminal. When the secure token device 10 is an
`ibutton, a suitable reader is the DS1402 blue dot receptor
`from Dallas Semiconductor Corporation. The reader may
`also be a proximity detector.
`The computer system 14 may be a PDA, a personal
`computer (PC) or a workstation. The configuration of the
`computer system 14 will be described in more detail below.
`The computer system 14 may communicate with a remote 50
`server computer system 16 via a communications link 15.
`The communications link 15 may be, for example, a tele(cid:173)
`phone line connection. More generally, the communication
`link 15 may be a wireless connection, a cable modem
`connection, a satellite connection or a direct connection. The 55
`remote server 16 is controlled by the ISP and provides the
`user with access to the Internet.
`FIGS. 2A and 2B illustrate an exemplary physical layout
`for a smart card to be used as the secure token device 10. The
`secure token device 10 is formed on a plastic substrate 20. 60
`The front of the card (as shown in FIG. 2A) includes a
`number of electrical contacts 16 which facilitate communi(cid:173)
`cations with the smart card. FIG. 2C shows these contacts 16
`in more detail. Contact 24 is used to connect with the power
`source that is provided by the smart card reader. Contact 26
`is to be coupled to a ground connection on the smart card
`reader. Contact 28 is used for input/output of data packets
`
`6
`(described below). Contact 30 is used to reset the smart card,
`and contact 32 is used for a check procedure performed on
`the smart card to ensure that the smart card is operating
`properly. Optional contacts 34, 36 and 38 are also provided.
`5 The front of the smart card may also include an embossing
`area 18 where the user may sign the smart card. The back of
`the smart card (as shown in FIG. 2B) may include a
`magnetic strip 22 for holding information that is magneti(cid:173)
`cally encoded. In some applications, the smart card may be
`used as an ID badge that permits a user access to certain
`locales. The magnetic strip may hold information that per(cid:173)
`mits the user to gain access to a secure area or other locales,
`for example.
`Those skilled in the art will appreciate that the physical
`layout of the smart card shown in FIGS. 2A-2C is intended
`15 to be merely illustrative and not limiting of the present
`invention. The secure token device used to practice the
`present invention may have a different physical configura(cid:173)
`tion with additional components or fewer components than
`shown in FIGS. 2A-2C.
`FIG. 3 depicts an example of the physical layout of a Java
`Ring 35 that is suitable for practicing the present invention.
`The Java™ Ring 35 includes a steel cylindrical housing 37
`that houses an integrated circuit (IC) 41 that contains a
`microprocessor and a storage (i.e. a computer memory). The
`Java™ Ring 35 also includes a ring portion 39 that enable
`a user to wear the whole device like an ordinary ring. As will
`be described in more detail below, the processor and storage
`work in conjunction to runs programs that help facilitate the
`illustrative embodiment of the present invention.
`FIG. 4 shows a block diagram of the computer architec(cid:173)
`ture of the secure token device 10. The computer architec(cid:173)
`ture includes a microprocessor 40 and a storage 42. The
`storage 42 may be formed by different types of devices,
`including random access memory (RAM), read only
`memory (ROM), and electrically erasable programmable
`read only memory (EEPROM) devices. Those skilled in the
`art will appreciate that the storage 42 may also include other
`types of storage devices. The storage 42 holds a number of
`types of data and programs that may execute on the micro(cid:173)
`processor 40. In the illustrative embodiment of the present
`invention, it is assumed that the processor 40 on the secure
`token device 10 is capable of running programs written in
`the Java™ programming language. An "applet" is a special
`type of program that runs inside an applet viewer, a web
`45 browser or a secure token device. The storage 42 holds a
`copy of an ISP applet 44. The ISP applet 44 enables the
`secure token device 10 to communicate with an ISP and to
`receive services from an ISP. Those skilled in the art will
`appreciate that the secure token device may instead run
`programs in programming languages other than Java™.
`The storage 42 also holds a copy of a banking applet 46
`that allows the secure token device 10 to be utilized in
`electronic commerce transactions. As will be described in
`more detail below, in the illustrative embodiment, the bank(cid:173)
`ing applet 46 allows the secure token device to be used with
`a MONDEX system or other type of electronic commerce
`system. The secure token device 10 may hold tokens rep(cid:173)
`resenting units of electronic currency that may be used to
`pay for goods and services. The banking applet provides the
`intelligence for participating in such transactions. The stor(cid:173)
`age 42 may also hold other applets 41.
`The storage 42 holds a copy of a user profile 48. The user
`profile contains personal information regarding a user.
`Preferably, as will be described in more detail below, the
`65 user profile 48 complies with the Open Profiling Standard
`(OPS) and/or the Information & Content Exchange (ICE)
`protocol.
`
`PayPal Ex. 1010, p. 14
`PayPal v. IOENGINE
`
`

`

`US 6,385,729 Bl
`
`10
`
`15
`
`7
`The storage 42 additionally holds the JavaCard API as
`defined in the JavaCard 2.1 specification. In instances where
`the secure token device is not a smart card, other similar API
`sets may be alternatively used. The JavaCard API is an
`application program interface that provides a broad range of 5
`functionality for the secure token device 10. The major
`components of the JavaCard API 50 will be described in
`more detail below. The applets stored on the secure token
`device 10 may instantiate object classes defined in the API
`to realize desired functionality. The storage 42 holds a copy
`of a JavaCard virtual machine (VM) 52. The JavaCard
`virtual machine is like a conventional Java virtual machine
`but is streamlined to operate with the memory and process(cid:173)
`ing restrictions that are found with secure token device 10.
`The JavaCard VM provides platform independence for the
`Java programs that are run on the processor 40.
`Those skilled in the art will appreciate that the secure
`token device 10 may hold additional programs and data that
`differ from that shown in FIG. 4.
`FIG. 5 is a block diagram that shows the components of
`the computer system 14 in more detail. Computer system 14
`includes a central processor unit (CPU) 54 for executing
`instructions. A number of peripheral devices, including a
`keyboard 56, a video display 58, and a mouse 60, may be
`provided as part of the computer system 14. A modem 62
`may be provided to allow the computer system to commu(cid:173)
`nicate over analog telephone lines, and a network adapter 64
`may be provided to facilitate the connection of the computer
`system 14 to a local area network (LAN). As has been
`discussed above, the computer system 14 may also include
`other components, such as a cable modem, for facilitating
`remote communications with the remote server 16.
`The computer system 14 includes both primary storage 68
`and secondary storage 66. The secondary storage 66 may
`include a number of types of persistent storage. For
`example, the secondary storage 66 may include CD-R