Case 5:19-cv-00036-RWS Document 442-3 Filed 07/24/20 Page 1 of 7 PageID #: 24418
`Case 5:19-cv-00036—RWS Document 442-3 Filed 07/24/20 Page 1 of 7 PageID #: 24418
`
`EXHIBIT 2
`
`EXHIBIT 2
`
`

`

`Case 5:19-cv-00036-RWS Document 442-3 Filed 07/24/20 Page 2 of 7 PageID #: 24419
`
`APL-MAXELL_00718687
`
`(12) United States Patent
`Schiffer
`
`USOO6871063B1
`(10) Patent No.:
`US 6,871,063 B1
`(45) Date of Patent:
`Mar. 22, 2005
`
`(54) METHOD AND APPARATUS FOR
`CONTROLLING ACCESS TO A COMPUTER
`SYSTEM
`
`(75) Inventor: Jeffrey L. Schiffer, Palo Alto, CA (US)
`(73) Assignee: Intel Corporation, Santa Clara, CA
`(US)
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 319 days.
`
`(*) Notice:
`
`(21) Appl. No.: 09/607,804
`1-1.
`(22) Filed:
`Jun. 30, 2000
`(51) Int. Cl. ................................................. H04M 1/66
`(52) U.S. Cl. ....................... 455/410; 455/419; 455/411;
`455/424; 455/426.1; 455/269; 455/418;
`455/420
`(58) Field of Search ................................. 455/419,411,
`455/129, 269, 410, 418, 420
`
`56
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`6,223,029 B1
`4/2001 Stenman et al. ............ 455/420
`
`6,405,027 B1
`
`6/2002 Bell ........................... 455/403
`
`FOREIGN PATENT DOCUMENTS
`
`WO OO/31608
`WO
`cited by examiner
`
`sk -
`
`* 6/2000
`
`Primary Examiner Erika Gary
`Assistant Examiner David Nguyen
`(74) Attorney, Agent, or Firm-David N. Tran
`(57)
`ABSTRACT
`For one embodiment, a short-range, wireleSS communica
`tion link, Such as a Bluetooth link, is established between a
`mobile phone and a computer System. The mobile phone
`transmits an access code Via the link to the computer System.
`The access code is generated using data stored in the
`subscriber identity module (SIM) in the mobile phone.
`Access to the computer System is granted in response to
`receiving the access code. In this manner, the SIM is used
`not only to identify the user during cellular phone calls (or
`other long-range, wireless communication) but also to
`authenticate the user and to gain access to a computer
`9.
`p
`SVStem.
`y
`
`16 Claims, 2 Drawing Sheets
`
`MA
`
`N Mobile Phone 100
`Short-Range
`Long-Range
`Transceiver
`Transceiver
`Circuit
`Circuit
`102
`
`
`
`Computer System
`110
`
`Short
`Range
`Transceiver
`Circuit
`111
`
`Processor
`112
`
`
`
`121
`
`

`

`Case 5:19-cv-00036-RWS Document 442-3 Filed 07/24/20 Page 3 of 7 PageID #: 24420
`
`APL-MAXELL_00718688
`
`U.S. Patent
`
`Mar. 22, 2005
`
`Sheet 1 of 2
`
`US 6,871,063 B1
`
`
`
`
`
`
`
`-N Mobile Phone 100
`
`Long-Range
`Transceiver
`Circuit
`102
`
`Short-Range
`Transceiver
`Circuit
`103
`
`Computer System
`110
`
`Short
`Range
`Transceiver
`Circuit
`111
`
`Processor
`112
`
`Figure 1
`
`

`

`Case 5:19-cv-00036-RWS Document 442-3 Filed 07/24/20 Page 4 of 7 PageID #: 24421
`
`APL-MAXELL_00718689
`
`U.S. Patent
`
`Mar. 22, 2005
`
`Sheet 2 of 2
`
`US 6,871,063 B1
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`User enters into the Bluetooth
`communication range of a computer
`system while carrying a mobile phone.
`200
`
`A Bluetooth link is automatically
`established between the computer
`system and the mobile phone.
`205
`
`An access Code is transmitted from
`the mobile phone to the computer
`System.
`210
`
`
`
`The computer system verifies the
`access code and grants the user
`access in response to receiving the
`access COCle.
`215
`
`Figure 2
`
`

`

`Case 5:19-cv-00036-RWS Document 442-3 Filed 07/24/20 Page 5 of 7 PageID #: 24422
`
`APL-MAXELL_00718690
`
`1
`METHOD AND APPARATUS FOR
`CONTROLLING ACCESS TO A COMPUTER
`SYSTEM
`
`The present invention relates to computer Systems and
`more particularly to controlling access to a computer System
`by granting access to a user having a device that wirelessly
`transmits an access code.
`
`BACKGROUND
`Computer Systems, from Small handheld electronic
`devices to medium-sized mobile and desktop Systems to
`large Servers and WorkStations, are becoming increasingly
`pervasive in our Society. AS Such, people are becoming more
`reliant on computer Systems to Store and access information,
`much of which may be confidential. To maintain the confi
`dentiality of this information, Some computer Systems may
`be voluntarily “locked” or “secured by a user. When a
`computer System is locked, access to the computer System
`may be limited. This not only serves to maintain the confi
`dentiality of information Stored on the computer System but
`also deters theft of the computer System.
`One way in which access to a computer System may be
`limited is by password-protecting the System. In a password
`protected computer System, access to the System is only
`granted to a user that enters a proper password. One advan
`tage to this type of protection mechanism is that the user
`need not carry Special Security devices, Such as keys or
`cards, to gain access to the computer System. The user need
`only remember a password. Another advantage to this type
`of protection is that different levels of access may be granted
`according to the password entered.
`Unfortunately, password-protected computer Systems
`may not be Secure. There are a number of ways to crack a
`password-protected computer System. For example, a thief
`or Spy may Surreptitiously observe a user when the user
`enters their password. Later, the thief may simply Steal the
`computer System, confident in the knowledge that the SyS
`tem can be unlocked by the thief by entering the observed
`password. This Security problem is particularly of concern to
`mobile computer users. Alternatively, the Spy may log onto
`the computer System in the user's absence using the
`observed password. The Spy may then access confidential
`information without the user knowing that their Security has
`ever been compromised.
`The present invention addresses this and other problems
`asSociated with the prior art.
`BRIEF DESCRIPTION OF THE DRAWINGS
`The present invention is illustrated by way of example
`and not limitation in the accompanying figures in which like
`references indicate similar elements and in which:
`FIG. 1 is a system formed in accordance with an embodi
`ment of the present invention; and
`FIG. 2 is a flow chart showing a method of the present
`invention;
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`DETAILED DESCRIPTION
`In accordance with an embodiment of the present
`invention, the subscriber identity module (SIM) in a user's
`mobile phone is used to gain access to a locked computer
`System. Initially, access to the computer System is limited.
`When a user with a mobile phone comes into short-range,
`wireleSS communication range of the computer System, a
`Short-range, wireleSS communication link is automatically
`
`60
`
`65
`
`US 6,871,063 B1
`
`2
`established (i.e. established without user intervention). This
`Short-range, wireleSS communication link may be a Blue
`tooth link. (Trademarks and trade names are the property
`of their respective owners.)
`For one embodiment, the computer System transmits
`information to the mobile phone via the wireless link to
`indicate that access to the computer System is limited. In
`response, the mobile phone transmits an access code back to
`the computer System via the link. This access code is
`generated using data Stored in the SIM in the mobile phone.
`After the computer System verifies the acceSS code, access to
`the computer System is granted in response to receiving the
`acceSS code.
`In this manner, the SIM is used not only to identify the
`user during cellular phone calls (or other long-range, wire
`less communication) but also to authenticate the user to the
`computer System. Note that for one embodiment, the user
`may authenticate himself or herself to the mobile phone by,
`for example, entering a password into the mobile phone.
`A more detailed description of embodiments of the
`present invention, including various configurations and
`implementations, is provided below.
`FIG. 1 is a system formed in accordance with an embodi
`ment of the present invention. Mobile phone 100 includes
`long-range transceiver circuit 102 along with short-range
`transceiver circuit 103, both coupled to SIM 101. Keypad
`105 is also coupled to SIM 101. Computer system 110
`includes short-range transceiver circuit 111, coupled to pro
`cessor 112, which is coupled to memory 113.
`Mobile phone 100 of FIG. 1 may be any mobile phone
`capable of long-range communication. For example, for one
`embodiment, mobile phone 100 is a cellular phone, in which
`case long-range transceiver circuit 102 may communicate
`with a cell base. For another embodiment, mobile phone 100
`is a Satellite phone, in which case long-range transceiver
`circuit 102 may communicate with a Satellite or relay
`Station.
`SIM 101 of FIG. 1 includes a protected memory region
`having data Stored therein. A protected memory region is a
`memory region that is not generally modifiable by typical
`users. Thus, important information may be Securely Stored in
`the protected memory region of SIM 101 with a low risk of
`being compromised. The data Stored in the protected
`memory region of SIM 101 includes the subscriber identity
`number associated with the user of mobile phone 100. This
`Subscriber identity number may be Securely programmed
`into SIM 101 by the manufacturer or distributor of mobile
`phone 100.
`The Subscriber identity number may be unique to each
`mobile phone or mobile phone account holder. This number
`is used to uniquely identify the mobile phone Subscriber
`when a mobile phone call (e.g. a cellular phone call) is
`placed via long-range transceiver circuit 102 of FIG.1. The
`Subscriber identity number is wirelessly communicated,
`along with the user's voice/data communication, via long
`range transceiver circuit 102. The phone company then uses
`this subscriber identity number to bill the proper account
`holder.
`AS described in more detail below, in accordance with an
`embodiment of the present invention, data Stored in the
`protected memory region of SIM 101 of FIG. 1, including
`the Subscriber identity number, is used to wirelessly authen
`ticate the user to computer System 110 by transmitting an
`acceSS code. Once the acceSS code is verified, authentication
`is complete, and computer System 110 grants access to the
`user. Thus, the data in SIM 101 that is already used by the
`
`

`

`Case 5:19-cv-00036-RWS Document 442-3 Filed 07/24/20 Page 6 of 7 PageID #: 24423
`
`APL-MAXELL_00718691
`
`3
`phone company to provide Subscriber identity may addition
`ally be used to provide wireleSS authentication to gain acceSS
`to the computer System. This reduces the need to establish an
`entirely new and Separate protocol and Standard to provide
`wireleSS authentication for a user.
`In addition, because a user naturally re-charges the battery
`of their mobile phone as a matter of course, the battery of the
`mobile phone may be used to reliably enable the wireless
`authentication. This reduces the battery power drainage
`problem asSociated with other authentication methods, Such
`as Security badges, that require independent battery power
`that must be separately replaced or recharged.
`The operation of the system of FIG.1 may be understood
`in light of the flow chart of FIG. 2 showing a method of the
`present invention. Note that a method of the present inven
`tion may be implemented by a computer System pro
`grammed to execute various Steps of the method. Such a
`program may reside on any computer readable medium Such
`as a magnetic disk (e.g. a hard drive or floppy disk), an
`optical disk (e.g. a CD or DVD), a semiconductor device
`(e.g. Flash, EPROM, or RAM), or carrier wave, all of which
`are collectively represented by memory 113 of FIG. 1.
`In accordance with one embodiment of the present
`invention, before step 200 of FIG. 2 a user may authenticate
`him or herself to their mobile phone. Authentication of a
`user to the mobile phone may be accomplished by, for
`example, the user entering a password onto keypad 105 of
`mobile phone 100 of FIG. 1. This password may then be
`compared to information Stored in the protected memory
`region of SIM 101 to verify the password. If the password
`is verified, mobile phone 100 may then be unlocked.
`Unlocking the phone enables the phone to Send and receive
`calls via long-range transceiver circuit 102, exchange infor
`mation via short-range transceiver circuit 103, and allows
`the user to modify phone settings via keypad 105.
`Alternatively, authentication of the user by the mobile phone
`may include performing voice recognition of the user.
`After authentication between the user and the mobile
`phone has taken place, at step 200 of FIG. 2 the user enters
`40
`into the short-range, wireleSS communication range of com
`puter system 110 while carrying mobile phone 100 of FIG.
`1. Consequently, a short-range, wireleSS communication
`link, 121, is established between computer system 110 and
`mobile phone 100, according to step 205. In accordance with
`one embodiment of the present invention, this short-range,
`wireleSS communication link is a Bluetooth link, and the
`Short-range, wireleSS communication range is the range of
`the Bluetooth wireless network. (See, e.g., Bluetooth
`Specification, Version 1.0A, released Jul. 24, 1999.) For an
`alternate embodiment of the present invention, an alternate,
`Short-range, wireleSS communication link is established,
`Such as a HomeRF link described in the Shared Wireless
`Access Protocol (SWAP) Specification 1.0, released Jan. 5,
`1999. (Trademarks and trade names are the property of
`their respective owners.)
`Alternatively, other Short-range, wireleSS communication
`links may be established in accordance with alternate
`embodiments of the present invention. It may be found
`advantageous for the range of the Short-range, wireleSS
`communication to be less than approximately 100 feet while
`the range of the long-range, wireleSS communication may be
`greater than approximately 1000 feet.
`For one embodiment of the present invention, the short
`range, wireless communication link is established
`automatically, in response to bringing mobile phone 100 of
`FIG. 1 within the Short-range, wireleSS communication
`
`35
`
`45
`
`50
`
`55
`
`60
`
`65
`
`US 6,871,063 B1
`
`15
`
`25
`
`4
`range of computer System 110. In other words, no user
`intervention is required to establish the wireleSS communi
`cation link beyond entering the wireleSS communication
`range of the computer System while carrying the mobile
`phone. For an alternate embodiment, the Short-range, wire
`leSS communication link is not established automatically but
`rather is established in response to the user pressing a button
`or otherwise entering information into the mobile phone or
`the computer System.
`At step 210 of FIG. 2, an access code is transmitted from
`short-range transceiver circuit 103 of mobile phone 100 to
`short-range transceiver circuit 111 of computer system 110
`via link 121 of FIG. 1. In accordance with one embodiment
`of the present invention, this transmission is made in
`response to computer System 110 transmitting information
`to mobile phone 100, via link 121, to indicate that access to
`the computer System is limited. For one embodiment, com
`puter System 110 may specifically request an access code
`from mobile phone 100 via link 121. For another
`embodiment, mobile phone 100 may automatically transmit
`the access code on a regular, intermittent basis without first
`being prompted for the code by computer system 110.
`The access code transmitted from mobile phone 100 to
`computer System 110 via Short-range, wireleSS communica
`tion link 121 of FIG. 1 is generated by mobile phone 100
`using data stored in SIM 101. For one embodiment of the
`present invention, this data includes the Subscriber identity
`number stored in the protected memory region of SIM 101.
`For added Security, the acceSS code may be encrypted by
`mobile phone 100 before being transmitted. The algorithm
`used to encrypt the access code may use data Stored in SIM
`101. For one embodiment, the access code is all or some
`portion of the Subscriber identity number itself. For another
`embodiment, the acceSS code may be an alternate value that
`may be encrypted using all or Some portion of the Subscriber
`identity number as an encryption key.
`Once the access code is received via link 121 by short
`range transceiver circuit 111 of computer system 110 of FIG.
`1, processor 112 may verify the access code at step 215 of
`FIG. 2. For one embodiment of the present invention, the
`acceSS code may be decrypted by computer System 110
`before being Verified. Verification may include comparing
`the access code to a previously Stored value to detect a match
`or other predetermined relationship. The previously Stored
`value may be Stored in a protected memory region of
`memory 113, such as the BIOS. This previously stored value
`may be entered by the user upon initially Setting up an
`authentication System in accordance with the present inven
`tion. This previously Stored value may include, for example,
`the Subscriber identity number, or Some portion thereof, or
`other Security code.
`Once the access code has been verified by computer
`system 110 of FIG. 1, the computer system grants the user
`access to the system at step 215 of FIG. 2. If the access code
`is not verified, i.e. no acceSS code is received or the wrong
`acceSS code is received, access to the computer System
`remains limited.
`This invention has been described with reference to
`Specific exemplary embodiments thereof. It will, however,
`be evident to persons having the benefit of this disclosure
`that various modifications and changes may be made to
`these embodiments without departing from the broader Spirit
`and Scope of the invention. The Specification and drawings
`are, accordingly, to be regarded in an illustrative rather than
`a restrictive Sense.
`
`

`

`Case 5:19-cv-00036-RWS Document 442-3 Filed 07/24/20 Page 7 of 7 PageID #: 24424
`
`APL-MAXELL_00718692
`
`US 6,871,063 B1
`
`S
`
`What is claimed is:
`1. A method of accessing a computer System comprising:
`authenticating a user to a mobile phone, wherein authen
`ticating comprises receiving a password from the user,
`and comparing the password to information Stored in a
`protected memory region in the mobile phone, wherein
`authenticating the user includes performing voice rec
`ognition of the user's voice;
`when the user is authenticated, establishing a short-range,
`wireless communication link between the mobile
`phone and the computer System;
`transmitting information from the computer System to the
`mobile phone via the wireleSS communication link to
`indicate the computer System having a limited access,
`automatically transmitting an acceSS code from the mobile
`phone to the computer System via the link, the access
`code generated using data Stored in the protected
`memory region in the mobile phone; and
`granting the user further access to the computer System in
`response to receiving the acceSS code.
`2. The method of claim 1, wherein establishing the link is
`performed in response to bringing the mobile phone within
`a wireleSS communication range of the computer System.
`3. The method of claim 2, wherein establishing the link is
`performed automatically without user intervention.
`4. The method of claim 1, wherein establishing the link
`includes establishing a Bluetooth link.
`5. The method of claim 1, wherein the access code is
`generated using data Stored in a Subscriber identity module
`(SIM) in the mobile phone, the data including a subscriber
`identity number.
`6. The method of claim 5, wherein the access code is
`encrypted before being transmitted, and wherein the acceSS
`code is verified by the computer system before further
`acceSS is granted.
`7. A computer-readable medium comprising a plurality of
`instructions readable therefrom, the instructions, when
`executed by a computer System, cause the computer System
`to perform operations comprising:
`establishing a short-range, wireleSS communication link
`with a mobile device, wherein Said establishing
`includes authenticating a user of the mobile device
`using voice recognition, wherein the user of the mobile
`device is authenticated by comparing a password from
`the user with data stored in a subscriber identity module
`(SIM) of the mobile device;
`transmitting information to the mobile device, via the
`link, indicating that access to the computer System is
`limited;
`receiving an access code automatically transmitted by the
`mobile device via the link, wherein data used to gen
`erate the access code is stored in the SIM;
`
`1O
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`6
`and granting the user further access to the computer
`System in response to receiving the access code.
`8. The medium of claim 7, wherein the operations further
`comprise verifying the access code after receiving the access
`code and before granting the user further access to the
`computer System.
`9. The medium of claim 8, wherein the operations further
`comprise decrypting the acceSS code after receiving the
`acceSS code and before verifying the access code.
`10. The medium of claim 7, wherein establishing the link
`includes establishing a Bluetooth link.
`11. A method, comprising:
`from a mobile device, authenticating a user to the mobile
`device, wherein authenticating comprises receiving a
`password from the user, and comparing the password to
`information Stored in a protected memory region in the
`mobile device, wherein Said authenticating includes
`authenticating the user of the mobile device using voice
`recognition;
`when the user is authenticated, establishing a short-range,
`wireless communication link between the mobile
`device and a computer System;
`from the computer System and via the wireleSS commu
`nication link, transmitting information to the mobile
`device indicating access to the computer System is
`limited;
`from the mobile device, automatically transmitting an
`acceSS code to the computer System via the wireleSS
`communication link, and
`from the computer System, Verifying the access code
`received from the mobile device, and when the access
`code is verified granting the user further access to the
`computer System.
`12. The method of claim 11, wherein the wireless com
`munication link is established automatically when the
`mobile device is within a communication range of the
`computer System.
`13. The method of claim 11, wherein the wireless com
`munication link is established in response to a command
`when the mobile device is within a communication range of
`the computer System.
`14. The method of claim 11, wherein the access to the
`computer System is limited before receiving the acceSS code
`from the mobile device.
`15. The method of claim 11, wherein the mobile device
`automatically transmits the acceSS code to the computer
`System on an intermittent basis.
`16. The method of claim 11, wherein data associated with
`the acceSS code is Stored in a Subscriber identity module
`(SIM) in the mobile device.
`
`k
`
`k
`
`k
`
`k
`
`k
`
`