Case 5:19-cv-00036-RWS Document 442-4 Filed 07/24/20 Page 1 of 14 PageID #: 24425
`Case 5:19-cv-00036—RWS Document 442-4 Filed 07/24/20 Page 1 of 14 PageID #: 24425
`
`EXHIBIT 3
`
`EXHIBIT 3
`
`

`

`Case 5:19-cv-00036-RWS Document 442-4 Filed 07/24/20 Page 2 of 14 PageID #: 24426
`
`APL-MAXELL_00718017
`
`(19) United States
`(12) Patent Application Publication (10) Pub. No.: US 2006/0041746A1
`Kirkup et al.
`(43) Pub. Date:
`Feb. 23, 2006
`
`US 20060041746A1
`
`(54) METHOD, SYSTEM AND DEVICE FOR
`AUTHENTICATING A USER
`
`(75) Inventors: Michael G. Kirkup, Waterloo (CA);
`Michael K. Brown, Kitchener (CA);
`Michael S. Brown, Waterloo (CA);
`Neil P. Adams, Waterloo (CA);
`Herbert A. Little, Waterloo (CA)
`
`SERESKINSER
`40 KING STREET WEST
`BOX 401
`TORONTO, ON M5H3Y2 (CA)
`(73) Assignee: Research In Motion Limited, Waterloo
`(CA)
`
`(21) Appl. No.:
`
`10/919,320
`
`(22) Filed:
`
`Aug. 17, 2004
`
`Publication Classification
`
`(51) Int. Cl.
`(2006.01)
`H04L 9/00
`(52) U.S. Cl. .............................................................. 713/168
`
`(57)
`
`ABSTRACT
`
`Preferred embodiments of the invention relate to a method
`and device for authenticating a user of a computer and a
`split R the that device. E.
`evice is a handheld electronic device having accessible
`thereto a first authentication code of the user. The handheld
`electronic device requires a Second authentication code for
`enabling use thereof. In order to authenticate the user to the
`computer, the handheld electronic device is configured to
`transmit the first authentication code to the computer over a
`communication link between the computer and the handheld
`electronic device.
`
`
`
`205
`
`Authentication
`initiation
`
`ls communication
`link established?
`
`
`
`
`
`Error
`message
`
`215
`
`
`
`
`
`
`
`Yes
`
`
`
`Request authorization
`input
`
`Walidate authorization
`input
`
`ls authorization
`input valid?
`
`Yes
`
`30 2
`
`Access user
`authentication code
`
`235
`
`
`
`200
`
`Transmit authentication
`code to PC
`
`

`

`Case 5:19-cv-00036-RWS Document 442-4 Filed 07/24/20 Page 3 of 14 PageID #: 24427
`
`APL-MAXELL_00718018
`
`Patent Application Publication Feb. 23, 2006 Sheet 1 of 4
`
`US 2006/0041746A1
`
`1 OOA
`
`130
`
`120
`
`125
`
`Figure 1A
`
`
`
`1OOB
`
`130
`
`120
`
`120
`
`Figure 1B
`
`110
`
`100C
`
`1
`
`PC
`
`HED
`
`115
`
`Figure 1C
`
`

`

`Case 5:19-cv-00036-RWS Document 442-4 Filed 07/24/20 Page 4 of 14 PageID #: 24428
`
`APL-MAXELL_00718019
`
`Patent Application Publication Feb. 23, 2006 Sheet 2 of 4
`
`US 2006/0041746A1
`
`
`
`110
`
`12O
`
`130
`
`Fi igure 1D
`
`1OOD
`
`O
`11
`
`PC
`
`145
`
`S
`1-\uly
`
`120
`
`HED
`
`Figure 1E
`
`r
`1 OOE
`
`110
`
`PC
`
`115
`
`120
`
`HED
`
`
`
`150
`
`Token
`Generator
`
`-
`1 OOF
`
`Figure 1 F
`
`manual input
`
`

`

`Case 5:19-cv-00036-RWS Document 442-4 Filed 07/24/20 Page 5 of 14 PageID #: 24429
`
`APL-MAXELL_00718020
`
`Patent Application Publication Feb. 23, 2006 Sheet 3 of 4
`
`US 2006/0041746A1
`
`Authentication
`Initiation
`
`205
`
`
`
`
`
`ls Communication
`link established?
`
`Error
`message
`
`215
`
`Yes
`
`
`
`Request authorization
`input
`
`Validate authorization
`input
`
`
`
`
`
`ls authorization
`input valid?
`
`
`
`Yes
`
`230
`
`ACCeSS user
`authentication Code
`
`235
`
`200
`
`Transmit authentication
`Code to PC
`
`Figure 2
`
`

`

`Case 5:19-cv-00036-RWS Document 442-4 Filed 07/24/20 Page 6 of 14 PageID #: 24430
`
`APL-MAXELL_00718021
`
`Patent Application Publication Feb. 23, 2006 Sheet 4 of 4
`
`US 2006/0041746A1
`
`322
`
`332
`
`Display
`
`Keyboard
`
`120
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Serial port
`
`330
`
`
`
`
`
`Microprocessor
`
`326
`
`
`
`311
`
`318
`
`316
`
`SM
`
`Short-range
`Communications
`
`340
`
`328
`
`Aux. I/O
`
`Non
`volatile
`memory
`
`324
`
`
`
`
`
`1.
`
`350
`
`Smart-card
`
`r
`
`130
`
`Speaker/
`
`336
`
`Figure 3
`
`

`

`Case 5:19-cv-00036-RWS Document 442-4 Filed 07/24/20 Page 7 of 14 PageID #: 24431
`
`APL-MAXELL_00718022
`
`US 2006/0041746 A1
`
`Feb. 23, 2006
`
`METHOD, SYSTEMAND DEVICE FOR
`AUTHENTICATING A USER
`
`FIELD OF THE INVENTION
`0001. The invention relates generally to methods, sys
`tems and devices for authenticating a user of a computer by
`using a handheld electronic device.
`
`BACKGROUND OF THE INVENTION
`0002 Currently, some organizations require their person
`nel to authenticate themselves by use of a Smart-card in
`order to gain access to a computer within the organization.
`Further, Some of these organizations require that any hand
`held electronic devices used by the perSonnel in addition to
`a desktop computer be Subject to Similar authentication
`requirements. Thus, the Smart-card may be required to
`unlock the desktop computer as well as the handheld elec
`tronic device.
`0.003 Commonly, once the Smart-card is removed from
`the card reader associated with the desktop computer or
`handheld electronic device, the computer or handheld elec
`tronic device becomes locked. Thus, if a user wishes to
`unlock his desktop computer upon entering his office, he can
`withdraw his Smart-card from his handheld electronic device
`and place it in a card reader associated with the desktop
`computer. However, withdrawal of the Smart-card from the
`handheld electronic device may cause it to be locked, thus
`preventing the user from accessing his handheld electronic
`device at the same time as accessing his desktop computer.
`0004.
`It is desired to address or ameliorate one or more
`drawbacks or disadvantages associated with existing ways
`of authenticating a user of a computer.
`
`SUMMARY OF THE INVENTION
`0005 One aspect of the invention relates to a method of
`authenticating a user of a computer, comprising:
`0006 providing a handheld electronic device having
`accessible thereto a first authentication code of the user, the
`handheld electronic device requiring a Second authentication
`code for use thereof; and
`0007 transmitting the first authentication code from the
`handheld electronic device to the computer over a commu
`nication link therebetween to authenticate the user.
`0008. In one embodiment, the first authentication code is
`Stored on a Smart-card received by the handheld electronic
`device. In an alternative embodiment, the first authentication
`code is Stored in a memory of the handheld electronic
`device. In a further alternative embodiment, the first authen
`tication code is stored in a subscriber identity module (SIM)
`card received by the handheld electronic device.
`0009. Another aspect of the invention relates to a hand
`held electronic device having:
`0.010
`a first authentication code stored on a memory
`accessible by the handheld electronic device;
`0.011) means for receiving a second authentication code
`of the user;
`0012 communication means for communicating between
`the handheld electronic device and a computer; and
`
`0013 processor means configured to authenticate the
`Second authentication code and provide the first authentica
`tion code to the computer via the communication means to
`authenticate the user.
`0014 Provision of the first authentication code may be in
`immediate response to, or Some time after, authentication of
`the Second authentication code.
`0015. A further aspect of the invention relates to com
`puter readable Storage having Stored thereon computer pro
`gram instructions which, when executed by a computer
`processor of a handheld electronic device, cause the hand
`held electronic device to perform a method for authenticat
`ing a user of a computer, wherein the handheld electronic
`device has an authentication code accessible thereto and the
`method comprises:
`receiving a personal identification code of the user;
`0016
`authenticating the personal identification code;
`0017)
`0018 establishing a communication link between the
`handheld electronic device and the computer; and
`0019 providing the authentication code for the handheld
`electronic device to the computer over the communication
`link to authenticate the user.
`0020. A further aspect of the invention relates to a system
`for authenticating a user of a computer comprising:
`0021 a handheld electronic device having an authentica
`tion code accessible thereto and means for receiving a
`personal identification code of the user; and
`0022 a communication link between the handheld elec
`tronic device and the computer;
`0023 wherein the handheld electronic device is config
`ured to receive the personal identification code, authenticate
`the personal identification code and provide the authentica
`tion code to the computer over the communication link to
`authenticate the user.
`0024.
`In one embodiment of this aspect, the means for
`receiving comprises a user interface of the handheld elec
`tronic device.
`0025. In another embodiment of this aspect, the means
`for receiving comprises a communication port of the hand
`held electronic device and the personal identification code is
`received from the personal computer over the communica
`tion link.
`0026. Another aspect the invention relates to a method
`for authenticating a user of a personal computer by provision
`of an authentication code to the personal computer, the
`method comprising:
`0027 providing a handheld electronic device having the
`authentication code accessible thereto receiving an identifi
`cation code of the user;
`authenticating the identification code,
`0028)
`0029 accessing the authentication code based on the
`authenticated identification code,
`0030) establishing a communication link between the
`handheld electronic device and the personal computer; and
`
`

`

`Case 5:19-cv-00036-RWS Document 442-4 Filed 07/24/20 Page 8 of 14 PageID #: 24432
`
`APL-MAXELL_00718023
`
`US 2006/0041746 A1
`
`Feb. 23, 2006
`
`providing the authentication code from the hand
`0.031
`held electronic device to the personal computer over the
`communication link to authenticate the user.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`0.032
`FIG. 1A is a block diagram of a system for
`authenticating a user of a computer, according to one
`embodiment for the invention;
`0033 FIG. 1B is a block diagram of a system for
`authenticating a user of a computer, according to another
`embodiment of the invention;
`0034 FIG. 1C is a block diagram of a system for
`authenticating a user of a computer, according to another
`embodiment of the invention;
`0035 FIG. 1D is a block diagram of a system for
`authenticating a user of a computer, according to another
`embodiment of the invention;
`0036 FIG. 1E is a block diagram of a system for
`authenticating a user of a computer, according to another
`embodiment of the invention;
`0037 FIG. 1F is a block diagram of a system for
`authenticating a user of a computer, according to another
`embodiment of the invention;
`0.038
`FIG. 2 is a process flow diagram illustrating a
`method of authenticating a user of a computer, according to
`another embodiment of the invention; and
`0039 FIG. 3 is a block diagram of a handheld electronic
`device for use in authenticating a user, according to another
`embodiment of the invention.
`
`DETAILED DESCRIPTION OF EMBODIMENTS
`OF THE INVENTION
`0040 Embodiments of the invention generally relate to
`authenticating a user of a computer using a handheld elec
`tronic device having an authentication code Stored thereon
`or otherwise accessible thereto. The handheld electronic
`device is configured to transmit the authentication code to
`the computer So as to enable the user to unlock the desktop
`of the computer and thus gain access to the computer
`functions.
`0041 Advantageously, arrangements of the handheld
`electronic device and the computer may be Such that if the
`handheld electronic device is itself unlocked, the user need
`do nothing more than enable it to communicate with the
`computer, in order to unlock the computer also. This
`requires that the handheld electronic device Store, or have
`access to, an authentication code Suitable for authenticating
`the user's identity to the computer.
`0.042
`Alternatively, if greater security is desired, the
`handheld electronic device can be configured to require
`entry of a user code, Such as a personal identification number
`(PIN) or other form of authorization, to initiate release of the
`authentication code for transmission to the computer. Thus,
`for example, where the Smart-card is received in a slot of the
`handheld electronic device (which effectively acts like a
`Smart-card reader), the user is authenticated to the handheld
`electronic device by the Smart-card received therein and
`becomes authenticated to the computer once the handheld
`electronic device transmits the authentication code read
`
`from the Smart-card to the computer. Alternative arrange
`ments, involving different levels of Security and physical
`Set-ups can be employed and Some of these are described
`below in relation to the drawings.
`0043 Referring now to FIG. 1A, there is shown a system
`100A for authenticating a user of a computer, according to
`one embodiment of the invention. The system 100A includes
`a handheld electronic device (HED) 120 in communication
`with a personal computer (PC) 110 through a communica
`tion link 115. The handheld electronic device 120 has a
`Smart-card (SC) 130 received in a smart-card slot (for
`example, such as is shown in FIG. 3 and designated by
`reference numeral 350). The handheld electronic device 120
`is received in a cradle 125, which in turn connects to
`communication link 115 through internal electrical connec
`tions (not shown) in the cradle 125.
`0044) The communication link 115 is preferably estab
`lished through a Suitable connection cable (not specifically
`shown) for Serial communication between a Serial port (not
`shown) of the PC 110 and a serial port (shown in FIG.3 and
`designated by reference numeral 330) of the handheld
`electronic device 120 (via cradle 125). The connection cable
`may be a Universal Serial Bus (USB) cable, for example.
`004.5 The handheld electronic device may be a dual
`mode (data and voice) communication device and personal
`digital assistant device, Such as is described in further detail
`below in relation to FIG. 3. Alternatively, the handheld
`electronic device may be a single mode (data) communica
`tion device. The handheld electronic device 120 requires the
`user to authenticate himself/herself by providing a password
`or PIN code to unlock the user interface of the handheld
`electronic device 120 and enable use thereof.
`0046) The handheld electronic device 120 has electrical
`contacts (not shown) exposed on an outer casing thereof for
`forming an electrical connection with corresponding con
`tacts located on cradle 125. The electrical contacts on cradle
`125 are electrically connected to a fixed or removeably
`connectable cable to form communication link 115.
`0047 PC 110 may be of any kind of computer, such as a
`normal desktop computer, laptop or other portable or fixed
`computer System which may require authentication of the
`user identity prior to enabling use thereof. Accordingly,
`while the computer is described as a PC 110, it should be
`understood that it need not be a personal computer or be of
`a particular type. Likewise, performance of the invention
`can be achieved whether the computer runs a Windows
`based operating System, Unix based operating System or
`other type of operating System.
`0048 PC 110 includes normal peripherals such as a
`display Screen, a keyboard, mouse, etc. for enabling user
`interaction there with. Thus, for example, when the user
`wishes to use PC 110, he or she may perform an activation
`action, Such as typing on the keyboard or moving the mouse,
`whereupon the user may be requested to provide a user
`identification code (either to the PC 110 or the handheld
`electronic device 120) to unlock the PC desktop and enable
`use thereof. The user identification code, which may be a
`PIN code or another code, is compared with a stored access
`code and, if the user identification code is valid, the authen
`tication code Stored on the Smart-card is accessed and
`provided to PC 110.
`
`

`

`Case 5:19-cv-00036-RWS Document 442-4 Filed 07/24/20 Page 9 of 14 PageID #: 24433
`
`APL-MAXELL_00718024
`
`US 2006/0041746 A1
`
`Feb. 23, 2006
`
`0049 PC 110 is preferably configured to automatically
`Seek the authentication code from handheld electronic
`device 120 over communication link 115 in response to
`activation. Depending on the configuration of the handheld
`electronic device 120, receipt of a communication from PC
`110 may trigger automatic retrieval of the authentication
`code from Smart-card 130 or it may cause the handheld
`electronic device 120 to request user authentication before
`retrieving the authentication code and communicating it to
`PC 110 (or authorization). Alternatively, PC 110 may simply
`await input of the authentication code from handheld elec
`tronic device 120 over communication link 115.
`0050. The communication protocol used between the PC
`110 and the handheld electronic device 120 depends on the
`form of connection established therebetween. Example con
`nections include a Serial connection, a USB connection and
`a Bluetooth connection. Other Suitable communication pro
`tocols may employed instead.
`0051 Generally, embodiments which require the user to
`positively authorize release of the authentication code from
`the Smart-card involve user input into the user interface of
`the handheld electronic device 120. However, in an alter
`native embodiment, PC 110 may be configured to request the
`user to enter an authentication code for the handheld elec
`tronic device 120, for example where the PC 110 has
`detected the presence of handheld electronic device 120
`through communication link 115.
`0.052 Once the user enters the authentication code of the
`handheld electronic device 120 through PC 110, this is
`transmitted to the handheld electronic device 120 by com
`munication link 115 for authentication. If the entered
`authentication code is correct, the handheld electronic
`device 120 then provides the authentication code for the PC
`110 (as extracted from Smart-card 130) across communica
`tion link 115, thereby authenticating the user and unlocking
`the desktop of PC 110.
`0.053
`Advantageously, the described arrangements gen
`erally allow a user to unlock both the PC 110 and the
`handheld electronic device 120 by simply inputting one
`authorization code, namely that for the handheld electronic
`device 120. Advantageously, the PIN code or other unlock
`ing code for the handheld electronic device 120 may be
`entered either into a user interface of the handheld electronic
`device 120 or that of the PC 110 So as to unlock handheld
`electronic device 120 (if it is not already unlocked) and PC
`110. If the PIN code or other unlocking code for the
`handheld electronic device 120 is entered into PC 110, the
`PC 110 communicates with handheld electronic device 120
`to retrieve the necessary authentication code from Smart
`card 130. Otherwise, if the user interfaces directly with
`handheld electronic device 120 then, upon authentication of
`the user (if required), the authentication code for PC 110 is
`extracted from Smart-card 130 and provided to PC 110 over
`communication link 115.
`0054) The user identification code may be a PIN code or
`may be an alphanumeric or alphabetic password, for
`example. Depending on the configuration of the handheld
`electronic device 120, the user may be required to input the
`password in order to unlock the user interface of the hand
`held electronic device 120, and Subsequently input the PIN
`code in order to authorize access to the authentication code
`Stored on the Smart-card. Alternatively, once the handheld
`
`electronic device 120 is unlocked by entry of an appropriate
`PIN code or password, it may be configured to not require
`Subsequent entry of any further user identification code in
`order to access the authentication code on the Smart-card.
`0055) If the handheld electronic device 120 is configured
`So as to require entry of a user identification code prior to
`enabling access to the authentication code on the Smart-card,
`the user identification code thus required may be set So as to
`be the same code as that required for unlocking the handheld
`electronic device 120, so that the user does not have to
`remember Separate codes.
`0056. If a user identification code is required to enable
`access to the authentication code on the Smart-card, then
`upon receipt of the user identification code, it is compared
`with an appropriate access code Stored on the Smart-card.
`The acceSS code is compared with the inputted user identi
`fication code and, if they match, the user identity is effec
`tively authenticated to the Smart-card, which then enables
`access of the authentication code for transmission thereof to
`the computer.
`0057 Where the handheld electronic device 120 is con
`figured So as not to require entry of a user identification code
`prior to access of the authentication code on the Smart-card,
`the authentication code may be provided to the PC 110
`automatically upon establishment of communication link
`115 or in response to a simple authorization action per
`formed by the user. For example, the authorization action
`may be responding “yes” or “ok' to a question in a dialog
`box on the user interface asking "ok to provide authorization
`code'?”. While such an authorization action by the user
`provides more Security than allowing automatic access to the
`authorization code on the Smart-card, it is not as Secure as
`providing a proper user identification code, Such as a PIN
`code or password.
`0.058
`Referring now to FIG. 1B, an alternative embodi
`ment of the invention is shown, in the form of system 100B.
`System 100B is similar to system 100A, except that it does
`not require a cradle 125. Rather, in system 100B, PC 110 and
`handheld electronic device 120 are directly connected
`through communication link 115, for example by a commu
`nication cable connecting respective Serial input/output
`(I/O) ports of PC 110 and handheld electronic device 120.
`Apart from the absence of cradle 125, system 100B other
`wise operates in a similar manner to System 100A, as
`described in relation to FIG. 1A.
`0059 Referring now to FIG. 1C, a further alternative
`embodiment of the invention is shown, in the form of system
`100C. System 100C is similar to system 100A and system
`100B, except that it does not have a separate Smart-card
`received in a slot of the handheld electronic device 120.
`Instead, the handheld electronic device 120 includes a
`subscriber identity module (SIM) card (shown in FIG.3 and
`designated by reference numeral 316), Such as those which
`are commonly used in the Global System for Mobile Com
`munication (GSM) and General Packet Radio Services
`(GPRS) telecommunication standards. The SIM card is thus
`a form of Smart-card, having an authentication code Stored
`thereon for authenticating a user's identity to the network or
`as otherwise required.
`0060. The SIM card is received within the handheld
`electronic device in a fixed, but removable, manner and thus
`
`

`

`Case 5:19-cv-00036-RWS Document 442-4 Filed 07/24/20 Page 10 of 14 PageID #: 24434
`
`APL-MAXELL_00718025
`
`US 2006/0041746 A1
`
`Feb. 23, 2006
`
`system 100C does not require a slot in the handheld elec
`tronic device 120 for receiving Smart-card 130, nor does it
`require use of a cradle 125. As with system 100B, PC 110
`and handheld electronic device 120 are directly connected
`through communication link 115, for example by a commu
`nication cable connecting the serial I/O ports of PC 110 and
`handheld electronic device 120. Apart from the differences
`noted, system 100C otherwise operates as described in
`relation to systems 100A, 100B, FIG. 1A and FIG. 1B.
`0061. In an alternative embodiment of system 100C,
`instead of a SIM card disposed in the handheld electronic
`device 120, a non-volatile memory of the handheld elec
`tronic device 120 may be used to store the authentication
`code of the user. This may be appropriate where the hand
`held electronic device is not compatible with the GSM or
`GPRS standards and is thus not Suited to use with a SIM
`card. The non-volatile memory used to Store the authenti
`cation code should be Suitably Secure So as to prevent
`unauthorized access thereto.
`0062) Referring now to FIG. 1D, a further alternative
`embodiment of the invention is shown, in the form of system
`100D. System 100D is similar to system 100A, except that
`it does not require the handheld electronic device 120 to be
`received in cradle 125. Rather, in system 100D, a smart-card
`reader 132 may directly receive Smart-card 130 and the
`handheld electronic device 120 communicates with the
`Smart-card reader 132 over a communication link 135 to
`access the authentication code stored in the memory of
`Smart-card 130.
`0063 Communication link 135 may be established
`through a Suitable cable interconnecting Smart-card reader
`132 and an auxiliary input/output port (Such as is shown in
`FIG. 3 and designated by reference numeral 328) of hand
`held electronic device 120.
`0064 Communication link 115 in system 100D is formed
`in the same way as described in relation to systems 100B and
`100C. System 100D is different from system 100A in that
`the card reading function of Smart-card 130 is not performed
`by the handheld electronic device 120, but is instead per
`formed by card reader 132 as a separate component of
`system 100D.
`0065 System 100D further differs from system 100A in
`that it employs a direct communication link between PC 110
`and handheld electronic device 120, rather than indirectly
`through cradle 125. Apart from the noted differences, system
`100D otherwise operates in a similar manner to system
`100A, as described in relation to FIG. 1A.
`0.066
`Referring now to FIG. 1E, a further alternative
`embodiment of the invention is shown, in the form of system
`100E. System 100E is similar to system 100C, except that
`communication link 115 is replaced by a wireleSS commu
`nication link 145 between PC 110 and handheld electronic
`device 120.
`0067. Wireless communication link 145 may, for
`example, be established by infrared communications or
`Short-range radio frequency communications, Such as those
`specified by the Bluetooth or 802.11 standards. Such wire
`leSS communications require PC 110 to have corresponding
`hardware input/output functionality and Software for execut
`ing that communication functionality. Other short-range
`
`wireleSS communications media and/or protocols may be
`used to provide communication link 145.
`0068 Wireless communication link 145 may be
`employed in place of communication link 115 in any of the
`embodiments of systems 100A, 100B, 100C, 100D and
`100F (described hereinafter). Advantageously, providing
`wireleSS communication link 145 enables a user to approach
`PC 110, activate the PC 110 and have it communicate
`automatically and wirelessly, for example using the Blue
`tooth Short-range communication Specification, with hand
`held electronic device 120 to access the user's authentication
`code (stored on the Smart-card, SIM card or memory of the
`handheld electronic device) and authenticate the user. This
`example is particularly applicable to Systems embodiments
`100B and 100C (if using wireless communication link 145)
`and 100E, where the user is not required to provide a user
`identification code to release the authentication code (i.e.
`because the handheld electronic device has already received
`Such a code and is already unlocked).
`0069. Referring now to FIG. 1F, a further alternative
`embodiment of the invention is shown, in the form of system
`100F. System 100F is similar to system 100C, except that it
`involves a separate token generator 150 (for example, Such
`as a SecuriDAuthenticator by RSA) and handheld electronic
`device 120 in system 100F includes a software module for
`authenticating a user identification code generated by the
`token generator 150. System 100F involves the use of token
`generator 150 to generate a Secure identification token based
`on an objective criterion (Such as the time or date, for
`example). The token thus generated is displayed on display
`155 of token generator 150 for the user to read.
`0070. In order for the user to enable the authentication
`code to be provided to PC 110, the user must enter the token
`displayed on token generator 150 into handheld electronic
`device 120. Handheld electronic device 120 has software to
`generate an access code using the Same algorithms used by
`token generator 150 to generate the token, and compares the
`access code to the user identification code (i.e. the generated
`token) input by the user. If the access code generated by the
`handheld electronic device 120 matches the manually input
`ted token, the authentication code becomes accessible for
`communication to PC 110.
`0071. The use of token generator 150 may be applied in
`relation to any of systems 100A to 100E as a secure means
`for authenticating the user to the handheld electronic device
`120, where the memory accessible thereto has the authen
`tication code. Apart from the use of token generator 150 for
`providing the user identification code, system 100F other
`wise operates in a similar manner to any of systems 100A to
`100E, as described in relation to FIGS. 1A to 1E.
`0072 In an alternative embodiment (not shown), similar
`to system 100F, the function of token generator 150 may be
`incorporated into handheld electronic device 120 and,
`instead of the user manually inputting the token into hand
`held electronic device 120, the token is automatically gen
`erated by the handheld electronic device 120 as an authen
`tication code in response to an authenticated user
`identification code. The token generated in this way is then
`transmitted to PC 110 over communication link 115 (or 145)
`for comparison with a token generated locally on PC 110
`according to the same algorithm and objective criterion used
`to generate the token on handheld electronic device 120.
`
`

`

`Case 5:19-cv-00036-RWS Document 442-4 Filed 07/24/20 Page 11 of 14 PageID #: 24435
`
`APL-MAXELL_00718026
`
`US 2006/0041746 A1
`
`Feb. 23, 2006
`
`0.073 Thus, the secure token generator may be used by
`the user to authenticate the user to the handheld electronic
`device 120 or by the handheld electronic device 120 to
`authenticate itself to PC 110, using an encrypted token.
`0.074
`Each of the embodiments, and variations thereof,
`of Systems for authenticating a user described above is
`generally related by the provision of a handheld electronic
`device 120 having an authentication code accessible thereto.
`When the authentication code is provided to PC 110 over a
`communication link 115 or 145, the user can be authenti
`cated as an authorized user of the PC 110. It should be
`understood that Such functional requirements can be
`achieved in a number of ways, at least Some of which have
`been described. Further embodiments of the invention may
`be arrived at through combinations of features or functions
`described in relation to the various embodiments, and all
`Such combinations are, if useful, within the Scope of the
`invention.
`0075 Referring now to FIG. 2, there is shown a process
`flow diagram of a method of authenticating a user of a
`computer, such as PC 110, the method being designated
`generally by reference numeral 200. Method 200 begins
`with an authentication initiation step 205, at which the user
`indicates her desire to be authenticated as an authorized user
`of PC 110.
`0.076
`Authentication initiation may begin at either the PC
`110 or the handheld electronic device 120. At handheld
`electronic device 120, authentication initiation may begin by
`Selection of a menu item from a menu provided by the user
`interface or by pressing certain keys. Alternatively, the
`handheld electronic device 120 may be configured to auto
`matically check whether authentication is to be initiated by
`periodically polling the Serial I/O port.
`0077. At PC 110, authentication initiation may begin by
`pressing a key on the keyboard on PC 110, moving the
`mouse or otherwise attempting to provide input to PC 110
`when it is in its locked State. Usually, a computer will
`become locked after it is idle for a predetermined period of
`time, for example in the order of 15 to 30 minutes.
`0078. At step 210, the handheld electronic device 120 (or
`PC 110, depending on whether authentication initiation
`occurred at the handheld electronic device 120 or PC 110)
`checks whether communication link 115 has been estab
`lished. If the communication link 115 has not been estab
`lished, an error message is provided to the user at Step 215
`either on the user interface of handheld electronic device
`120 or on the