(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT)
`
`9
`
`(l
`
`1
`) Wo,ld
`
`",~::~:~0~n;:,::.:';;, o,....n;wtion •
`
`I IIII IIIIIII II IIIII IIIII IIIII IIIII IIII I II Ill lllll lllll lllll lllll lllll llll 1111111111111111111
`
`(43) International Publication Date
`26 April 2007 (26.04.2007)
`
`PCT
`
`(10) International Publication Number
`WO 2007/046706 Al
`
`(51) International Patent Classification:
`H04L 9100 (2006.01)
`G06F 21122 (2006.01)
`G06F 21100 (2006.01)
`H04L 9132 (2006.01)
`
`(21) International Application Number:
`PCT /N02006/0003 25
`
`(22) International Filing Date:
`22 September 2006 (22.09.2006)
`
`(25) Filing Language:
`
`(26) Publication Language:
`
`English
`
`English
`
`(30) Priority Data:
`20054840
`
`22 September 2005 (22.09.2005) NO
`
`(71) Applicant (for all designated States except US): BIRD(cid:173)
`STEP TECHNOLOGY ASA [NO/NO]; Bryggegata 7,
`N-0250 Oslo (NO).
`
`(72) Inventors; and
`(75) Inventors/Applicants (for US only): BECKMANN
`NILSEN, Frode [NO/NO]; Leil.3069, Assiden Terrasse
`18, N-1160 Oslo (NO). HORSTEN, Thomas [DK/GB];
`
`73 Church Lane, Girton, Cambridge CB3 OJW (GB).
`LUNDE, Trond [NO/NO]; Sannergata 19, N-0557 Oslo
`(NO). ROSTAND, Otto, Andreas [NO/NO]; Tordenski(cid:173)
`olds g 51 A, N-3044 Drammen (NO). BRYHNI, Haakon
`[NO/NO]; Skjerstadveien 4B, N-0378 Oslo (NO).
`(74) Agent: WESMANN, Johan, F.; Zacco Norway AS, P.O.
`Box 2003, Vika, N-0125 Oslo (NO).
`(81) Designated States (unless otherwise indicated, for every
`kind of national protection available): AE, AG, AL, AM,
`AT, AU, AZ, BA, BB, BG, BR, BW, BY, BZ, CA, CH, CN,
`CO, CR, CU, CZ, DE, DK, DM, DZ, EC, EE, EG, ES, Fl,
`GB, GD, GE, GH, GM, HN, HR, HU, ID, IL, IN, IS, JP,
`KE, KG, KM, KN, KP, KR, KZ, LA, LC, LK, LR, LS, LT,
`LU, LV, LY, MA, MD, MG, MK, MN, MW, MX, MY, MZ,
`NA, NG, NI, NO, NZ, OM, PG, PH, PL, PT, RO, RS, RU,
`SC, SD, SE, SG, SK, SL, SM, SV, SY, TJ, TM, TN, TR,
`TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, ZW.
`(84) Designated States (unless otherwise indicated, for every
`kind of regional protection available): ARIPO (BW, GH,
`GM, KE, LS, MW, MZ, NA, SD, SL, SZ, TZ, UG, ZM,
`ZW), Eurasian (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM),
`European (AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, Fl,
`
`---iiiiiiii
`
`iiiiiiii
`iiiiiiii
`!!!!!!!!
`
`iiiiiiii
`!!!!!!!!
`
`iiiiiiii --
`
`[Continued on next page}
`----------------------------------------------
`(54) Title: METHOD AND ARRANGEMENT FOR AUTOMATIC PROVISIONING, LICENSING AND CONFIGURATION
`OF CLIENT SOFTWARE
`
`iiiiiiii
`!!!!!!!!
`
`!!!!!!!!
`iiiiiiii
`
`iiiiiiii ----
`
`10
`
`10
`
`102
`
`101
`
`15
`
`,///25
`
`,,,/';< 20
`
`100
`
`25
`
`20
`
`:
`
`:
`
`' ' G
`
`0 user may use the client together with any user specific ervice provider. The system is managed using a standard web interface
`
`: , available to a management PC (105). Note that the service concept can be considered in a generalized context. The client can
`;;, receive licenses from one entity and service from another entity. For an overview of the system, see the attached Figure 1.
`
`(57) Abstract: The present invention
`enables secure and automatic config(cid:173)
`uration of a user-specific service, such
`as a service built around the a mobile
`terminal (100) with a client software such
`as Mobile IP, to work specifically with
`a corresponding back-end infrastructure
`(101, 102) by means of a provisioning
`server (103). The overall design objective
`is ease-of-use.
`The secondary design
`objective is
`to minimize the required
`adaptions on the client leaving as much
`control as possible to the server side.
`The service is designed to work with any
`client-platform. The overall assumption
`is that the client is by default bound
`to the user spesific service at software
`installation.
`There is a configurable
`number of days free-of-charge trial period
`for this service after initial activation.
`After the trial period expires, the user is
`directed to a payment service (104) where
`he/she is given the option to continue the
`service by accepting a fee, paid by credit
`card or by other means. By paying the
`user also acquire a full software license.
`Equipped with a full software license the
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1033, p. 1
`
`

`

`WO 2007 / 046 7 06 A 1
`
`I IIIIIIIIIIIII II IIIIII IIIII IIIII IIIII IIII I II Ill lllll llllllllll lllll lllllllll lllllll 111111111111
`
`FR, GB, GR, HU, IE, IS, IT, LT, LU, LV, MC, NL, PL, PT,
`RO, SE, SI, SK, TR), OAPI (BF, BJ, CF, CG, CI, CM, GA,
`GN, GQ, GW, ML, MR, NE, SN, TD, TG).
`
`before the expiration of the time limit for amending the
`claims and to be republished in the event of receipt of
`amendments
`
`Published:
`-
`with international search report
`
`For two-letter codes and other abbreviations, refer to the "Guid-
`ance Notes on Codes and Abbreviations" appearing at the begin-
`ning of each regular issue of the PCT Gazette.
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1033, p. 2
`
`

`

`WO 2007/046706
`
`PCT/N02006/000325
`
`Method and arrangement for automatic provisioning, licensing and configuration
`of client software
`
`1
`
`Introduction
`
`The present invention (see figure 1 for an overview) enables a user-spesific service,
`such as a service built around a mobile terminal (100) with a client software (such as
`Mobile IP), to work specifically with a corresponding back-end infrastructure (101,
`102) by means of a provisioning server (103). The overall design objective is ease-of(cid:173)
`use. The secondary design objective is to minimize the required adaptions on the client
`leaving as much control as possible to the server side. The service is designed to work
`with any client operating system platform.
`
`The overall assumption is that the client is by default bound to the user spesific service
`at software installation. There is a configurable number of days free-of-charge trial
`period for this service after initial activation. After the trial period expires, the user is
`directed to a payment service (104) where he/she is given the option to continue the
`service by accepting a fee, paid by credit card or by other means. By paying the user
`also acquire a full software license. Equipped with a full software license the user may
`use the client together with any user specific ervice provider.
`
`The system is managed using a standard web interface available to a management PC
`(105).
`
`Note that the service concept can be considered in a generalized context. The client can
`receive licenses from one entity and service provisioning from another entity.
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1033, p. 3
`
`

`

`WO 2007/046706
`
`PCT/N02006/000325
`
`License policy
`
`2
`
`The design of the user-specific service depends on the licensing policy for the service.
`The policy of choice is based on the following three fundamentals:
`
`1. A client software license is always associated with a service subscription. In the trial
`period there is a 1:1 correspondence, ie. the client can only be used with the User(cid:173)
`specific service. If the subscription is carried forward by payment, and a full
`software license is granted, there is a 1 :n correspondence. le. the client can be used
`with any service provider. However, the client is still linked to the user-specific
`service concerning license management. If the user re-installs the client software, on
`the same device or a different device, the locally stored license information will
`default to an unknown license. The user must in this case re-activate once with the
`user-specific service to unlock the client to restore the original configuration and
`regain his full license rights.
`
`2. A service subscription, and hence a software license, is registered with a unique
`device but may be moved between devices. The user may use the license from only
`one device at a time, however. The user-specific configuration system will
`automatically detect a license transfer and then change the registered device
`association accordingly. The software installation on the original device will still
`work according to the full license rights, however. Hence, the one-at-a-time
`restriction must be embedded as a legal provision in the license text.
`
`3. A service subscription, and hence a software license, can be activated for trial only
`once from a given device. The user may re-activate from the same device under the
`same account name in order to restore lost service configuration data. Any attempts
`to repeatedly sign up from the same device under a different account name will be
`blocked by the user-specific service system. Detection of abuse can be done on the
`server side by monitoring the number of license moves, which can then be
`subsequently blocked by the server.
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1033, p. 4
`
`

`

`WO 2007/046706
`
`PCT/N02006/000325
`
`System Overview
`
`3
`
`Using Mobile IP as the user-specific service example, called SmartRoaming for the
`remainder of the document, the system consists of five different components:
`
`100 Mobile IP Client
`101 Mobile IP Home Agent
`102 AAA server ( e.g. RADIUS based)
`103
`Provisioning server
`104 Credit card payment server (hosted by payment provider)
`
`Figure 1 describes the logics of the component interaction. The client interacts with the
`mobile IP agent according to the usual IETF standards over the standard interfaces
`marked with 10 in the figure. The key to system operation is how the client
`communicates with the provisioning server over the proprietary interfaces 20 described
`in the present disclosure. Note that the communication paths marked with 15
`corresponds to service traffic flow, and paths marked with 25 corresponds to service
`control flow.
`
`Communication between the client and the provisioning server is implemented as a
`proprietary interface over http(s). The native web-browser in the client terminal (100) is
`used to request, display and download information. All logic is implemented on the
`server side (103). Every transaction starts with the client sending a request to the server.
`The server determines the current status for the client and generates a series of re-directs
`corresponding to the different steps in each transaction that is scheduled for the client.
`Some transactions will trigger a http(s) download as the final step. The content is
`marked (using the Content-Type header) as a specific MIME application type
`(application/xxxx). The client software will register itself at installation to handle such
`content e.g. by means of a browser plugin to avoid the file download dialog for the
`configuration information, normally provided by the browser.
`
`The interaction between the client (100) and the provisioning server (103) depends on
`one or more of the following key conditions:
`
`1
`
`The client (100) initiates a request to the server (103) in situations such as i)
`If the client does not have a valid configuration, (ii) If the user selects "My
`Account" from the client user interface, or (iii) whenever the client
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1033, p. 5
`
`

`

`WO 2007/046706
`
`PCT/N02006/000325
`
`4
`
`experiences Mobile IP error 131 (authentication error) from the Home Agent
`(101). The latter can be provoked by the server to get the attention of the
`client. See section "Common aspects of the service" for a full list of
`situations that can trigger sending of the request.
`
`Note that the request always start with the client sending a solicit request
`message to the server and receive key information such as the address of the
`appropriate provisioning server, a security token (challenge) and a pre(cid:173)
`formulated request string to be used by the subsequent request. In this way,
`multiple provisioning servers can be hosted and server migration and load
`balancing can be obtained.
`
`A software lock in the client that can represent three states, (i) the initial state
`corresponding to a fresh installation and no previous activations attempts (ii)
`the locked state corresponding to the in-trial phase and (iii) the unlocked
`state corresponding to full license rights.
`
`A capability in the client to recognize SmartRoaming profiles among the set
`of all profiles. Morover, the ability to work specifically with the
`SmartRoaming service for such profiles. The profile is classified as a
`SmartRoaming profile if and only if the profile GUID matches the one stored
`in the provider account and its hash is stored in the Provider Account
`Information.
`
`The configuration sent from the server to the client is signed by the
`configuration server, to avoid wrong configuration information and Denial of
`Service attacks by bogus configuration information.
`
`2
`
`3
`
`4
`
`5
`
`The most important transactions over the provisioning interface are:
`
`1
`2
`3
`
`initial service activation
`license activation after expiring the trial-period
`service renewal at the end of every subscription period.
`
`Note that a service activation is a pre-requisite for a license activation. Moreover, the
`initial service activation must originate from the target device that will receive the
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1033, p. 6
`
`

`

`WO 2007/046706
`
`PCT/N02006/000325
`
`5
`
`configuration data and run the mobile IP client. Other service related tasks, like license
`activation, service renewal, etc. can originate either from the target device or from a
`different device (typically a PC) via the separate account management WEB interface.
`The interaction between the client and the provisioning server is further governed by a
`security model based on the following:
`
`1
`
`2
`
`3
`
`4
`
`Service configuration data stored on the client are signed by the provisioning
`server, hence making such data tamper-proof.
`Critical data (like user credentials and keys) are stored on the client in an
`encrypted format.
`The client-server communication is signed and encrypted, hence preventing
`spoofing attempts from malicious clients.
`Key management is secure, hence preventing key material to be
`compromised.
`
`Common aspects of the service
`
`The following sub-sections describe the system aspects that are common to both the
`client and the server. More detailed information on the client and the server-side
`components, respectively, are given in later sections.
`
`Command-loop
`
`The client must have as little embedded intelligence as possible. The overall control
`must be at the server side. The rationale is to simplify the client implementation and to
`have a design that is flexible for change also after client software deployment.
`
`The command-loop has two phases; the first phase (called solicit phase) is initiated
`directly by the client (not via the browser) and the returning document, having a very
`simple structure, as shown in the example in Table 1. This document is parsed by the
`client and the information is used in the subsequent phase that is executed via the
`browser. The solicit phase returns info like bypass addresses, URLs to used, and
`challenge values. Note that the challenge value is valid only for a short time, e.g. a few
`minutes to provide replay protection.
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1033, p. 7
`
`

`

`WO 2007/046706
`
`PCT/N02006/000325
`
`6
`
`\ip~bypass·~-. ·-··
`:so.239.s2.s2
`!80.239.52.103
`!service con url:
`lhttps://se~er.com/?device id=$DEV ID$&device model=$DEVICE MODEL$&cli
`;ent ver=$CLI VER$&os platform=$08 PLAT$&lang=$LANG$&reason=$REASON$
`
`Table 1: Example solicit response
`
`The solicit phase is done as the first transaction in the requests from the client to the
`provisioning server, and enable the service provider to control the IP addresses used by
`the service, and formulate the master URL used for subsequent requests. In this way,
`new servers can be introduced, and service migration can be performed with no changes
`to the client.
`
`Note that the client only opens one URL (termed the solicit URL), which can be opened
`in an named or unnamed mode. The server responds with a single URL (which contains
`tokens that the client will parse and replace, e.g. device id (320), usemame, challenge,
`signature, client version, reason for request), and then launches the browser with the
`resulting URL. From that point on the client does not interact with the server,
`everything is done in the browser (until the time that the browser, if required, receives a
`new configuration, or the Mobile IP connection is restarted).
`
`The http(s) interface between the client and the provisioning server is based on always
`requesting the same base URL. Two different sets of parameters can be appended
`depending on the type ofrequest, such as anonymous or named, as explained below).
`The server handles requests in a designated entry-point in the WEB server. The server
`will determine the current client state and schedule the appropriate transaction. The
`server will respond with (a series of) re-directs, each with a more specific URLs,
`depending on the derived transaction type. Every transaction may end with a http
`download if the client configuration needs to be updated. The client will issue a request
`again only at certain conditions as described below.
`
`A requests from a client can be either (i) anonymous or (ii) named. The former is used
`when the client has either no previous configuration data, typically at a fresh
`installation, or that the configuration data has been modified, e.g. in case of a failed
`signature check. In this case no account ids can be appended to the request (hence
`anonymous). The latter corresponds to the case when the client has a set of valid
`configuration data for a given SmartRoaming service account. In this case the ids
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1033, p. 8
`
`

`

`WO 2007/046706
`
`PCT/N02006/000325
`
`7
`
`associated with the account will be appended to the request (hence named). A named
`request will be triggered (i) If the client does not have a valid configuration, (ii) If the
`user selects "My Account" from the client user interface, (iii) the Client version is
`different than the configuration version, or (iv) whenever the client experiences Mobile
`IP error 131 (authentication error) which signals the client during operation to get its
`attention.
`
`The provisioning server will do this by temporarily invalidating the authentication
`credentials stored in the AAA server (102) for the user account in question. The server
`can schedule a set of actions for the client before the client is notified. Once notified, the
`client sends a request to the server, and executes the required transaction . The more
`detailed chain of events will be as follows:
`
`1. The server needs (wants) the attention of the client, eg. to notify about an
`expired trial period.
`2. The server temporarily changes the authentication credentials in the AAA server
`(102) to a bogus value that does not match with the corresponding profile setting
`at the client.
`3. At the next re-registration from the client an error code 131, according to the
`Mobile IP protocol defined in IETF RFC3344, is provoked
`4. The client takes an error 131 for a SmartRoaming profile to be a signal that the
`server wants its attention, hence the client sends a named request
`5. The server determines which transaction to start (eg. an expired trial-period) and
`send a chain of re-directs accordingly
`6. The transaction is completed.
`7. The client continues with normal Mobile IP operation.
`8. The client may itself initiate contact with the server upon certain criterias as
`previously described.
`
`To ensure timely response via the command loop in case of error 131 it is a key
`assumption that the agent does not cache credentials but always retrieve these directly
`from the AAA server (102). Moreover, the AAA server infrastructure must scale along
`with the agent infrastructure (101) to ensure rapid response in the communication
`between these two components.
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1033, p. 9
`
`

`

`WO 2007/046706
`
`PCT/N02006/000325
`
`Redirection to a service provider site
`
`8
`
`When the user starts a network-dependent application and selects the Mobile IP
`connection, the Mobile IP client may need to redirect the user to a Mobile IP service
`provider site. If so, the client displays a message, asking the user whether or not he
`wants to accept the redirection. The message to be displayed should vary according to
`the reason for redirection. The table below represents all the possible reasons for
`redirection.
`
`Provider License
`(account)
`
`Missing 1
`Invalid 2
`N/A
`Other
`
`3
`4
`N/A
`
`Version
`Error Wrong
`Profile
`(service) 131
`Device mismatc
`ID
`h
`N/A
`N/A
`N/A
`N/A
`8
`9
`
`N/A
`N/A
`7
`
`5
`6
`N/A
`
`Assistance
`needed
`
`N/A
`N/A
`10
`
`Table 2: Possible reasons for redirection
`
`The action taken by the client and the message displayed in each of the above cases is as
`follows. Note that these conditions should be handled by the client in the listed order.
`
`1. Client automatically creates a default provider entry. Therefore redirection is not
`required and no message is displayed.
`2. Client either automatically creates a default provider entry (when hard-coded) or
`displays the following redirection message:
`[The <provfder_>_ cont.a-ct .. data is invalid
`fDo you want to restore it?
`
`3. Client displays the following message:
`
`[Mobile IP is not acti vatecC on-your -device . -
`iDo you want to activate it at <default-provider>?
`
`4. Client displays the following message:
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1033, p. 10
`
`

`

`WO 2007/046706
`
`PCT/N02006/000325
`
`--~-- -----c--~---
`i Your Mobile IP license is invalid
`\Do you want to r~store it from <provide~>J
`
`9
`
`5. Client displays the following message:
`;You don It have a profile ..
`!Do you want to get one from_ <p!"oyicler>?.
`
`6. Client displays the following message:
`
`:Your active profile is invalid
`/Do you w~nt to restore it from <provider>?
`
`7. Client displays the following message:
`
`[Your <provider> account is suspended
`\r>o yo11_\'J.cl.I1t resume operc'l_t.:L_<:>ri?.
`
`8. Client displays the following message:
`
`/Your Mob.iiejp license is invalid
`'Do you want to r.estore it from <provid~r>?
`
`9. Client displays the following message:
`
`iYour account data does not match your Mobile IP client version
`!Do you want to upgrade your account to the correct version?
`
`10. Client displays the following message:
`
`iYou have a ·vailcf <provider> profile but the· terminal is unable to
`!reach the home agent. You are beging redirected to <provider> for
`/troubleshooting assistance.
`
`In all the above message texts <provider> is a placeholder for the provider name
`(SmartRoaming.com, for example).
`
`An important point about how to provoke 131; the sever must use a (bogus) key to
`provoke 131. However, this bogous key must also be known by the client. We simply
`uses the encrypted password as the bogus key. The rational here is that the client must
`be able to verify the MJP authenticator of the Mobile JP RRP message giving error code
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1033, p. 11
`
`

`

`WO 2007/046706
`
`PCT/N02006/000325
`
`131, hence to verify that it comes from the home agent as spected. This is to avoid that
`the client becomes vulnerable to DoS attacks.
`
`10
`
`Service activation
`
`Service activation refers to the process of creating a new subscription and starting a trial
`period. The sign-up is immediately followed by downloading SmartRoaming
`configuration data. The term re-activation is used when the configuration data from a
`previous activation has been lost or modified on the device. A request may then be sent
`to the server resulting in a re-download. The process of unlocking the client by
`continuing the service subscription beyond the trial phase is referred to as license
`activation and is discussed in a later section.
`
`When activation is started the client will launch the default browser in the terminal
`(100) and be directed to a sign-up page requesting (among other things) a
`usemame/password combination.
`
`If the provisioning server (103) determines that no account with the given device_id
`already exists, a new account must be created and a new set of configuration data must
`be downloaded. This corresponds to initial activation and starts the trial period. Account
`creation must however be conditioned on a check that the lock state of the requesting
`client does not indicate that the client is already in the trial-phase under a different
`name.
`
`The server side (103) must record the creation of each account and keep track of elapsed
`time subsequently. If the name exists and the password matches, a re-activation of an
`existing account is in progress. The same configuration data downloaded at the original
`activation must then be downloaded again and overwrite the local copy. This represents
`a continuation of the trial period. The initial activation time must be kept.
`
`If the user exists and the password does not match, it must be considered to be a non(cid:173)
`unique user name. The user must then be asked to select a different name. The server
`should offer some alternatives that are unique but still close to the user's original
`proposal.
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1033, p. 12
`
`

`

`WO 2007/046706
`
`PCT/N02006/000325
`
`11
`
`In the case of a SmartRoaming re-activation request the server must check if the user
`account in question is a trial account or a fully licensed service account. In the latter
`case the server must verify the lock state reported by the client. In case of a mismatch,
`the client must initiate a request to the server to change its lock state.
`
`Signaling for service activation via an anonymous request is described in the figure 2.
`Note that 200 denote the service provider responsibility, while 210 denote the credit
`card company. The initial request represents the solicitation phase, and enable the
`service provider to formulate the request URL subsequently used by the client, as well
`as server addresses and a token used to avoid Denial of Service attacs. When the solicit
`response is received, the client will generate a request to the server, which will provide
`a redirect to the trial activation page. After completing this page an account is created.
`Another redirect is then returned for the client to finally retrieve the resulting
`configuration data.
`
`The following sequence is illustrated in figure 2:
`
`201 Solicit request from the client software
`202 Solicit response to the client software
`203 Anonymous request from the client default browser
`204 Redirect
`205 Trial activation page
`206 Update AAA account
`207 Redirect
`208 Configuration request
`209 Configuration download (browser will automatically engage client software)
`
`License activation
`
`The command loop will catch the situation when an active SmartRoaming subscription
`has expired beyond its trial phase. When this happens the clientwill be re-directed to a
`licensing page. The already existing usemame values associated with the existing
`SmartRoaming profile will be sent directly in a named request. By accepting the terms
`and conditions and provide his payment details, the user can continue the service
`subscription and acquire a full software license. The usemame is the link between the
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1033, p. 13
`
`

`

`WO 2007/046706
`
`PCT/N02006/000325
`
`12
`
`payment transaction and the service subscription. After payment the server must be
`updated with the new account status and the new value of the license lock will be
`downloaded. Note that no new profile download need to happen at this point. The user
`may continue to use the already installed software and SmartRoaming profile.
`
`If the user rejects to pay he has no rights to continue to use the software and his service
`subscription will be invalidated. The service account will not be removed, however. The
`user may at any time trigger the license activation process to continue his service(cid:173)
`subscription and acquire a full software license.
`
`Signaling for license activation is described in figure 3. Assuming that this happens
`during Mobile IP operation, the provisioning server (103) will invalidate the account in
`the AAA a server (102) and at the next Mobile IP registration request the client will
`experience an error 131. In response to this the client will send a named request.
`Assuming that the server determines that the trial period has expired, the client (100)
`will be re-direct to a license activation page. After completing the credit card transaction
`with the credit card broker (104) and updating the account in the AAA server (102), a
`new re-direct is generated before the client downloads updated configuration data.
`
`The following sequence is illustrated in figure 3:
`
`220 MIP reg req
`221 AAAreq
`222 AAA resp
`223 MIP reg response (131)
`224 Solicit request from the client software
`225 Solicit response to the client software
`226 Named request from the default browser in the client
`227 Redirect
`228 License activation page
`229 Credit card transaction
`230 Transaction ok
`231 Update AAA account
`232 Redirect
`232 Configuration download request
`233 Configuration download (browser will automatically engage client software)
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1033, p. 14
`
`

`

`WO 2007/046706
`
`PCT/N02006/000325
`
`13
`
`Service renewal
`
`The command loop mechanism will catch the situation also when an active
`SmartRoaming subscription has expired. When this happens the client will experience
`an Mobile IP error 131, client request will be initiated and the terminal web browser
`will be re-directed to a payment page to continue his/her subscription. Note that this
`page will be different from the licensing activation page since the user has already
`acquired a license. The user will continue to use the same installed software and
`SmartRoaming configuration, hence no new data will be downloaded at this stage.
`The sequence diagram is very similar to the license activation transaction.
`
`Data-flow and security model
`
`The communication between the client (100) and the server (103) is secured by https.
`The provisioning server must install a WEB server certificate issued by a well-known
`certificate authority. The client must only communicate with the provisioning server if it
`holds a valid certificate for the name smartroaming.com.
`
`A device id (320) that uniquely identifies the client installation must always be added to
`the request. This applies to both anonymous and named requests. The device id can be
`taken from any source in the platform. For a Symbian device it might be the IMEi
`value. For a PC platform it may be the processor serial number. The formatting of the
`device id parameter must be completely open, ie. it must be considered as variable(cid:173)
`length text string. The Service Provider section is signed. T~e Service Activation URL
`is embedded in this section and hence signed. So it could be a non-HTTPS URL. If it is
`a https URL, however, it will get checked that it has a certificate that matches the URL
`requested (issued by a CA whose root certificate is present on the device). Other
`information elements that must be always appended as parameters in any request are:
`
`1. Client (Mobile IP) software version
`2. Client OS platform and version
`3. Client device id
`4. Client device_ model
`5. Preferred language
`6. Reason for the request
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1033, p. 15
`
`

`

`WO 2007/046706
`
`PCT/N02006/000325
`
`14
`
`The effect of passing the device id (320) in an anonymous request is that the server can
`determine the exact licensing state. By comparing the received device id with the
`database of registered device id, and in addition considering the usemame provided
`during the sub-sequent sign-up step, the server can distinguish between the most usual
`scenarios numbered 1 to 4 in the table below (see table 2 for a comprehensive
`overview):
`
`New user name (321)
`
`Existing user name (321)
`
`New device id (320)
`
`1: Initial activation
`
`3: License transfer (allow)
`
`Existing device id (320)
`
`2: Repeated sign-up (block) 4: client reinstall or
`configuration restore.
`
`Table 3: Most usual scenarios
`
`A named request always starts with the solicit phace, implementing a challenge(cid:173)
`response part of named request. A challenge from the solicit phase must be included in
`the subsequence http request, this preventing replay attacks
`
`A named request contains the user name in addition to the device id. In contrast to the
`anonymous case the request