EWS-001118
`
`Early Warning Services 1011
`IPR of U.S. Pat. No. 8,887,308
`
`

`

`U.S. Patent
`
`Aug. 3, 2010
`
`Sheet 1 of 15
`
`US 7,769,998 B2
`
`100
`
`—\
`
`102
`
`PROCESSOR
`
`INSTRUCTIONS
`
`
`
`
`
`104
`
`124
`
`
`
`
`1 h
`
`STATIC MENDRY
`
`120
`
`NETWORK
`INTERFACE
`
`DEVICE
`
`126
`
`1 10
`
`VIDEO
`DISPLAY
`
`108
`
`112
`
`ALPHA-NUMERIC
`INPUT
`
`DEVICE
`
`114
`
`CURSOR CONTROL
`
`DEVICE
`
`116
`
`MEDIUM
`
`
`
`
`122
`
`124
`
`118
`
`SIGNAL GENERATION
`
`DEVICE
`
`FIG. 1
`
`EWS—OO1 1 19
`
`EWS-001119
`
`

`

`US. Patent
`
`Aug. 3, 2010
`
`Sheet 2 of 15
`
`US 7,769,998 B2
`
`212
`
`208
`
`CLIENT
`
`210
`
`206
`
`I wasCLIENT I
`
`3RD PARTY
`
` 3RD PARTY SERVER
`
`APPLICATION I
`
`228
`
`200
`
`126 \
`
`202
`
`/
`
`
`NETWORK (E.G., INTERNET)
`
`
`
`
`ORK—BASED TRADI
`
`N-
`
`
`
`* 214
`”@15an
`
`f 216 l—
`
`
`CGI SERVER
`CGI SERVER
`WEB SERVER
`API SERVER
`
`
`
`AUTHENTICATION
`(WEB
`(PROGRAMMATIC
`AUTHORIZATION
`
`
` MODULE
`
`INTERFACE)
`INTERFACE)
`MODULE
`
`
`
`
`APPLICATION SERVER(S)
`
`PAYMENT
`APPLICATION(S)
`
`
`MARKETPLACE
`APPLICATION(S)
`
`
`
`222
`
`
`
`21 8
`
`DATABASES)
`
`ADMINISTRATIVE
`APPUCATIONS/
`FUNCTIONS
`
`DATABASE SERVER(S)
`
`EWS-OO1 120
`
`EWS-001120
`
`

`

`U.S. Patent
`
`Aug. 3, 2010
`
`Sheet 3 of 15
`
`US 7,769,998 B2
`
`
`
`MARKETPLACE AND PAYMENT APPLICA110NS
`
`302
`
`304
`
`220-
`
`/—
`FIXED-PRICE
`AUCTION
`APPLICATION(S)
`APPLICATION(S)
`
`
`STORE
`APPLICATION(S)
`
`
`
`APPLICATION(S)
`
`REPUTATION
`APPLICATION(S)
`
`PERSONALIZATION
`APPLICATION(S)
`
`INTERNATIONALIATION
`APPLICATION(S)
`
`NAVIGATION
`APPLICATION(S)
`
`IMAGING
`APPLICATION(S)
`
`LISTING CREATION
`(SELLER)
`APPLICATION(S)
`
`
`
`LISTING MANAGEMENT
`(SELLER)
`APPLICATION(S)
`
`POST-LISTING
`MANAGEMENT
`APPLICATION(S)
`
`DISPUTE RESOLUTION
`APPLICATION(S)
`
`
`
`FRAUD PREVENTION
`APPLICATION(S)
`
`MESSAGING
`APPLICATION(S)
`
`ME RCHANDIZING
`APPLICATION(S)
`
`/_
`LOYALTY/
`PROMOTION
`APPLICATION(S)
`
`AUTHORIZATION AND
`AUTH ENTI CATI ON
`APPLICATION(S)
`
`PUBLICATION
`
`FIG. 3
`
`EWS-OO1 121
`
`EWS-001121
`
`

`

`US. Patent
`
`Aug. 3, 2010
`
`Sheet 4 of 15
`
`US 7,769,998 B2
`
`418
`
`40)
`
`\
`
`‘m
`
`FPMLYTPBE
`
`m-
`
`QFFENLY
`
`TABE
`
`
`
`[BERT/ABE
`
`4C2
`
`BEST/BE
`
`412
`
`414
`
`[TB/STARE
`
`FEEDBACK
`TAB_E
`
`HSTCRYTAE E
`
`410
`
`42
`
`INIEFESTRATE
`TABE
`
`416
`
`4%
`
`403
`
`ATIFIBJIES
`
`TAELE(S)
`
`TPAASOCHCN
`
`FIG4
`
`EWS—OO1 122
`
`EWS-001122
`
`

`

`U.S. Patent
`
`Aug. 3, 2010
`
`Sheet 5 of 15
`
`US 7,769,998 B2
`
`amhum>¢<S=~E
`
`m.mva
`
`-filmmqio:2
`
`3mE<mmmUU<
`
`>K<QZOUHm
`
`aarr—w
`
`EWS—OO1 123
`
`aZO—Eéflbm—Omm
`
`
`E
`
`HZHmZOU
`
`72.205
`
`
`
`a.Him>m<u>=¢mOH.HUE—Qflfl
`
`9:.20—9
`
`fl
`
`SE:Ea532085Ohpom—Emmy.
`
`NW
`
`COI
`
`n L
`
`/‘I
`
`EWS-001123
`
`
`
`
`
`
`
`
`

`

`US. Patent
`
`Aug. 3, 2010
`
`Sheet 6 of 15
`
`US 7,769,998 B2
`
`A USER TO ACCESS A PRIMARY SITE VIA A SECONDARY SITE
`602
`
`REDIRECT THE USER To
`THE PRIMARY SITE FOR
`ADMINISTRATIVE TAKS
`(E.G., SIGN-IN,
`REGISTRATION, AND/OR
`CONSENT AGREEMENT
`SIGNING)
`616
`
`‘ARTIAL TOKEN AT T ‘
`SECONDARY SITE
`ASSOCIATED WITH
`THE USER?
`604
`
`622
`
`THE SECONDARY SITE TO ACCESS APPLICATION PROGRAMMING INTERFACE (API) AT
`THE PRIMARY SITE ON BEHALF OF THE USER TO REQUEST USER ACCESS BY PROVIDING
`THE PARTIAL TOKEN TO THE SECONDARY SITE FOR MATCHING
`606
`
`I OES THE PARTI -
`I KEN FROM THE SECONDA '
`SITE MATCH THE PARTIAL TOKEN
`AT THE PRIMARY SITE?
`608
`
`AUTHENTICATE THE USER TO ACCESS THE PRIMARY SITE VIA THE SECONDARY SITEBY
`RETURNING AN API CALL FROM THE PRIMARY SITE TO THE SECONDARY SITE
`610
`
`AUTHORIZE THE USER TO ACCESS THE PRIMARY SITE VIA THE SECONDARY SITE BY
`RETURNING AN API CALL FROM THE PRIMARY SITE TO THE SECONDARY SITE
`612
`
`ACCESS THE PRIMARY SITE VIA THE SECONDARY SITE
`614
`
`GENERATE A TOKEN, ASSOCIATED WITH THE USER, AT THE PRIMARY STE
`618
`
`SPLIT THE TOKEN INTO TWO (OR MORE) PARTS
`620
`
`TRANSMIT A PART OF THE TOKEN (PARTIAL TOKEN) TO THE SECONDARY SITE VIA AN A '
`CALL
`
`FIG. 6
`
`EWS-OO1 124
`
`EWS-001124
`
`

`

`US. Patent
`
`Aug. 3, 2010
`
`Sheet 7 of 15
`
`US 7,769,998 B2
`
`PARTNERS 71
`
`
`
`GENERAL
`SPECIAL
`
`
`
`SECONDARY SITES
`SECONDARY SITES
`
`
`
`(e.g., MSN, PSP)
`
`
`m
`
`
`
`
`(e.g., PAYPAL)
`m
`
`
` PRIMARY SITE 7 4 U
`
`API/PLATFORM
`
`7.0.6.
`
`SIGN-IN SITE
`
`
`
`- FEDERATED
`(COMMUNITY
`ADAPTERS
`
`
`
`SITE)
`
`
`
`
`m F
`
`EDERATED
`MECHANISM
`CU
`
`m
`ADAPTER
`
`m
`
`
`
` TRANSACTION PLATFORM m
`
`CORPORATE
`TRUST
`
`SOUD
`ENVIRONMENT
`
`
`ADAPTER
`m
`
`
`
`CUSTOMER
`
`SUPPORT 726
`
`ACCOUNTING
`
`
`
`DEPT. m
`
`
`FINANCE
`
`
`DEPT.
`730
`
`
`PLATFORM SERVICES 724
`
`
`FIG. 7
`
`EWS-OO1 125
`
`EWS-001125
`
`

`

`U.S. Patent
`
`Aug. 3, 2010
`
`Sheet 8 of 15
`
`US 7,769,998 B2
`
`
`
`mAASPZm—me—UDMH<_UOmm<
`
`EKOKE<AEE<
`
`an
`
`Ea7:205
`
`w.Uhm
`
`
`
`2m—Z4EUw—ZOmaha—mafia
`
`gm
`
`EWS—OO1 126
`
`Ma
`
`EWS-001126
`
`
`
`

`

`U.S. Patent
`
`Aug. 3, 2010
`
`Sheet 9 of 15
`
`US 7,769,998 B2
`
`205550th00
`
`>E~50mmQ+ZV>EEOFS<
`
`A<~HZQQM¢U
`
`a
`
`@1590:EN
`QZHFZOME
`
`
`
`alga.mmzwfloafiz
`
`a.0:
`
`EWS—OO1 127
`
`Hm<m<h<d
`
`yum—N555
`
`A<~hzmnm~mo
`
`AZV>HEOEHD<
`
`9Ge
`
`x [
`
`/1
`
`EWS-001127
`
`
`
`
`

`

`U
`
`t
`
`f
`
`999,6
`
`
`
`0IIm8:983295»
`
`_mFor
`
`_5_11_
`
`IIII{02669;"£58m
`
`0_m_t_muE2&9S_:2E23_
`
`
`S.c225zmxokA265:588
`
`7,III.III7vmorNNo—W838$838$
`m28SS9932t2285.a2:822:8253223P.2585
`
`3,855200zwxob
`8:385@385868
`0.5moorM.£08
`
`
`23939:|cozwozcmgioomow
`
`
`
`
`83833528;062352
`
`mmm:
`
`mooF
`
`mIs29m
`
`EWS—OO1 128
`
`EWS-001128
`
`
`
`
`

`

`US. Patent
`
`Aug. 3, 2010
`
`Sheet 11 of 15
`
`US 7,769,998 B2
`
`
` RECEIVE A REQUEST FOR USER ACCESS AUTHENTICATION
`1102
`
`
`
`
`RUN THE AUTHENTICATION AUCTION TO PERFORM A CHECK ON
`THE USER
`
`1104
`
`
`
`CHECK WAS SUCCESSFUL?
`1 106
`
`
`
`
`
`STOP AUTHENTICATION
`
`
`AUTHENTICATE THE USER
`
`(AUTHENTICATION FAILED)
`1112
`1 108
`
`
`
`
`
`
`
`
`
`SEND AUTHENTICATION ERROR
`AUTHORIZE THE USER
`
`
`
`1110
`1114
`
`
`
`
`
`
`1116
`
`GENERATE A TOKEN ASSOCIATE WITH THE USER AT THE
`TRANSACTION PLATFORM OF THE PRIMARY SITE
`
`
`TRANSMIT THE TOKEN OR PARTIAL TOKEN TO THE SECONDARY
`
`
`SITE
`
`
`1118
`
`
`
`FIG. 11
`
`EWS-OO1 129
`
`EWS-001129
`
`

`

`U.S. Patent
`
`A
`
`1
`
`9,9679
`
`2B00
`
`So:92$255Rama9:mmwv.Uu83EMEoiwmmm50“0Euuwoe/HNEaanmmmmmis:saaA5m_9vS99hmfimm.8:gm.3flcozgmaom
`mbNOS
`72_5mSanmméU6238332.82:was:5can.6.6369.83c820>
`
`3,«ms:.22eA.555
`mwamiamuca>3225Emma2so
`0A99.$3me.5:thE2208:N;tomsv:33.5Cam2Eng30>=
`
`
`
`
`
`38205:05mu5.8mg_GG399D680EEEQSE5m5288833053£3353223Q_mu_
`
`
`
`9.9555:83D
`
`
`
`4mm5c_m958m"ma8:029.E282
`
`
`
`.74:.929:93w:
`
`SN—
`
`EWS—OO1 130
`
`
`
`
`
`gm:£02.8:85...39>gumgr.5:maSumoD
`
`<2.GE82
`
`EWS-001130
`
`
`

`

`U.S. Patent
`
`Aug. 3, 2010
`
`Sheet 13 of 15
`
`US 7,769,998 B2
`
`
`
`mm.“.GE
`
`
`
`_mm5331.932.mmE_8.5;
`
`@19—382033.393“.E:23me_GG@v9bscam-6
`
`
`
`_ez._§=§=_Emg32a0883333330533353:$232
`
`
`
`22..was.mgcgmu—39>:32:.
`
`332358
`
`mcoznrommu3:33::588D
`635562.8330>.omEmENmm.mcozm3fiacoo
`
`NNNF
`
`cozgmaum>33D 8.9
`.82:EsD!
`
`«>83.3Ema.2m:>2uwusoa8.5.83529.:30>2323as;$323:39m>9:2;>36£3385562So:2330>85w
`
`
`>|Imm332<_162830233”._wamwmmsmsea:33__|m|:m_m_I:358.50E
`mana.So55205meEmQ.3326:50>£3353%gmamaca:9:coucm3288:3333:389:36:03823
`
`
`
`
`
`new:new230:
`
`>33vcmEnSo:can30>
`
`
`
`|E308m{3:33286238:39>«3552.8:32.53
`
`>mmmco
`
`$71]
`
`EWS—OO1 131
`
`EWS-001131
`
`
`
`

`

`U.S. Patent
`
`A
`
`m
`
`0
`
`51f041
`
`U
`
`9,9
`
`2B00
`
`3,ilfiEfilMySoEu_.5:2m_mmmE_95:
`
`1NVNF
`"mmvw_.mvmFmE35:60new354.
`t.%mum:udmsmmumm93«o353momHm
`
`«\huszé;Emeeé26200
`
`
`
`9BEES38..U
`
`EWS—OO1 132
`
`
`
`
`
`.3202SEE9:is69%30>tucmEmEmEmmEmmcou332.29:23m
`
`
`
`
`
`89:Emma.2ms.E8868._.oz=§EozmmmmEma.5m:Ema59
`
`
`
`
`
`“:0099‘wcwmcooSugar—
`
`
`
`
`
`gum—20$5.9m...Eseamwg_GGen.9Dxommfly_5245282.35£2889«Egaoafiasmzag9.22;@_mv_
`
`
`
`
`
`9m:$08$62832>:82E
`
`03GE2%
`
`
`
`
`
`
`
`E0802?Ewmcoo26:5:">mmoE
`
`EWS-001132
`
`
`

`

`U.S. Patent
`
`Aug. 3, 2010
`
`Sheet 15 of 15
`
`US 7,769,998 B2
`
`
`.55Ea|oncm>hamEmv2539.
`.202350>0.200—>mm03:050“00>6:50:000:0022m0.,_0>m000:an:3.cozmctsg05.90%3:000:05.>wmm0200.305E8502ecu—00>>tmn_Emv0.00:02580000:0_00500:00:25
`
`
`
`
`
`
`
`
`
`
`as:082e:0:5.053.Couco>Ban.Emv
`
`
`
`
`
`
`
`0.00:08.25$00900>00.920:5;9s0.200€028“5:00350>09509>8050:85.050.0".
`
`
`:050:03:00>0m>_._Couco>>201Emv05263288E.Aouco>250%.?:2850>coE020002A0000>50Emv=an00>:2:5:20:82>80:02;28658«980m5x0050
`
`
`
`
`90:000:200:80...a9.0:..6.080:5:87=8.25:«0:9..200.82:2.30:.0:8>30>_2>000:08a,mm05E30:90
`
`
`
`
`
`
`
`
`
`103.0000?>032“.Lo0.080030:302mm5000=28>E:020:80.02.000088:00
`
`.60.0308.253E.EE.50>33$.2.0.EW:28>E:0352E0:20005000.00:06:000:25;
`
`
`§>mm005mm:03mm>0__00502.0010055>50Emv5E8:00.800:_
`
`.20....80E0:832.00020:0000Eu:8REm.20.E2_50>__0m200:55£02@500=28>8:00:260057.:E0:E0050
`
`0:12.0068>80>2*000:000.05:20:35qu055030.8%>_E250m_.0500:05.25
`
`>==0§0m_:2:00:00:85
`
`
`
`0502002:90...Icemwmg_GU@D9b0.036.220:3:82000520088203200903053....3202a_nu_
`
`_mm500.6_.mE2.meE_0E0;
`
`mmmF
`
`ON“GE00$
`
`
`
`0.0:$0809:26“.33>gum0E
`
`
`
`2ch>5:00E0:000:330:09:33Eaton.
`
`60020.503%30.0.00020N.
`
`x0380.>5>033“.
`
`ommr
`
`39.60
`A03:500:0023
`
`.5;.0.0020£803_080:.00330055005E
`
`.__$_2:0:.00207.
`
`EWS—OO1 133
`
`EWS-001133
`
`
`
`
`

`

`US 7,769,998 B2
`
`1
`METHOD AND APPARATUS TO
`AUTHENTICATE AND AUTHORIZE USER
`ACCESS TO A SYSTEM
`
`RELATED APPLICATIONS
`
`This application claims the priority benefits of US. Provi-
`sional Applications No. 60/482,963 and 60/482,971, filed
`Jun. 26, 2003, which are incorporated herein by reference.
`BACKGROUND OF THE INVENTION
`
`1. Field of the Invention
`
`Exemplary embodiments of the present invention relate
`generally to the technical field of commerce automation and,
`in one exemplary embodiment, to methods and systems to
`authenticate and authorize user access to a system.
`2. Description of Related Art
`The Internet and the World Wide Web (“Web”) have
`changed the landscape of information delivery and affected
`numerous faculties of life, including electronic commerce
`and entertainment. One area that has benefited from this
`
`technological development is the ability for individuals to buy
`and sell products over the Internet. The growing electronic
`commerce has encouraged many businesses to join hands in
`doing business and in sharing customers and their informa-
`tion. The overlapping businesses, partnerships in conducting
`business, referrals, mutual distribution ofresources, and shar-
`ing of users and user information has created a network of
`applications, servers, and Websites which has created various
`technical challenges, complexities, and insecurities.
`A number of technical challenges exist with respect to
`authorization and authentication ofusers and/or systems. For
`example, conventionally, when a user accesses the primary
`system via a secondary system, much of sensitive and per-
`sonal user information, ranging from passwords to profiles, is
`directly transmitted between the primary and secondary sys-
`tems. Such transmission of data is not only inherently inse-
`cure, but also it is cumbersome, at least, in that it requires a
`separate transmission for each of the secondary systems that
`the user accesses, even if it is to ultimately access the same
`primary system. Furthermore, this and other technological
`challenges also limit the performance of system network
`between primary and secondary systems, in general, and the
`ability of the user to access multiple systems, in particular.
`SUMMARY
`
`A method, apparatus, and system are provided for authen-
`ticating and authorizing user access to a system. According to
`one embodiment, a request for authentication and authoriza-
`tion of a user is received from a secondary site on behalfofthe
`user who is seeking to access a primary site via the secondary
`site via a computer network. The request includes informa-
`tion relating to the user. The user information is then verified
`for authenticity, including determining whether the user sat-
`isfies the criteria for obtaining authentication and authoriza-
`tion as defined by the primary site. If the criteria are satisfied,
`a token, associated with the user, is generated at the primary
`site. A portion ofthe token is transmitted from the primary site
`to the secondary site on behalf ofthe user to permit the user to
`access the primary site via the secondary site, via the com-
`puter network.
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The appended claims set forth the embodiments of the
`present invention with particularity. The embodiments of the
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`
`present invention, together with its advantages, may be best
`understood from the following detailed description taken in
`conjunction with the accompanying drawings of which:
`FIG. 1 is a block diagram illustrating an embodiment of a
`computer system;
`FIG. 2 is a block diagram illustrating an embodiment of a
`network;
`FIG. 3 is a block diagram illustrating an embodiment of
`marketplace and payment applications;
`FIG. 4 is a block diagram illustrating an embodiment of a
`high-level entity-relationship;
`FIG. 5 is a block diagram illustrating an embodiment of an
`authentication and authorization mechanism;
`FIG. 6 is a flow diagram illustrating an embodiment of a
`process for providing user access to a primary site via a
`secondary site;
`FIG. 7 is a flow diagram illustrating an embodiment of an
`authentication and authorization architecture having a trans-
`action platform with a federated mechanism;
`FIG. 8 is a block diagram illustrating an embodiment of a
`federated model;
`FIG. 9 is a block diagram illustrating an embodiment of a
`credential authority system based on a federated mechanism;
`FIG. 10 is a transaction sequence diagram illustrating an
`embodiment of a sequence for determining whether to gen-
`erate a common cookie or a token;
`FIG. 11 is flow diagram illustrating an embodiment of a
`process for generating a token;
`FIG. 12A is an exemplary illustration of a primary site
`sign-in page;
`FIG. 12B is an exemplary illustration of a primary site
`registration completion page;
`FIG. 12C is an exemplary illustration of a primary site
`consent agreement page; and
`FIG. 12D is an exemplary illustration of a primary site
`authorization page for secondary sites.
`
`DETAILED DESCRIPTION
`
`Described below is a system and method for authenticating
`and authorizing user access to a system. Throughout the
`description, for the purposes of explanation, numerous spe-
`cific details are set forth in order to provide a thorough under-
`standing of the embodiments of the present invention. It will
`be apparent, however, to one skilled in the art that the present
`invention may be practiced without some of these specific
`details. In other instances, well-known structures and devices
`are shown in block diagram form to avoid obscuring the
`underlying principles of the present invention.
`In the following description, numerous specific details
`such as logic implementations, opcodes, resource partition-
`ing, resource sharing, and resource duplication implementa-
`tions, types and interrelationships of system components, and
`logic partitioning/integration choices may be set forth in
`order to provide a more thorough understanding of various
`embodiments of the present invention. It will be appreciated,
`however, to one skilled in the art that the embodiments of the
`present invention may be practiced without such specific
`details, based on the disclosure provided. In other instances,
`control structures, gate level circuits and full software instruc-
`tion sequences have not been shown in detail in order not to
`obscure the invention. Those of ordinary skill in the art, with
`the included descriptions, will be able to implement appro-
`priate functionality without undue experimentation.
`Various embodiments of the present invention will be
`described below. The various embodiments may be per-
`formed by hardware components or may be embodied in
`
`EWS-OO1 134
`
`EWS-001134
`
`

`

`US 7,769,998 B2
`
`3
`machine-executable instructions, which may be used to cause
`a general-purpose or special-purpose processor or a machine
`or logic circuits programmed with the instructions to perform
`the various embodiments. Alternatively, the various embodi-
`ments may be performed by a combination of hardware and
`software.
`
`Various embodiments of the present invention may be pro-
`vided as a computer program product, which may include a
`machine-readable medium having stored thereon instruc-
`tions, which may be used to program a computer (or other
`electronic devices) to perform a process according to various
`embodiments ofthe present invention. The machine-readable
`medium may include, but is not limited to, floppy diskette,
`optical disk, compact disk-read-only memory (CD-ROM),
`magneto-optical disk, read-only memory (ROM) random
`access memory (RAM), erasable programmable read-only
`memory (EPROM), electrically erasable programmable
`read-only memory (EEPROM), magnetic or optical card,
`flash memory, or another type of media/machine-readable
`medium suitable for storing electronic instructions. More-
`over, various embodiments of the present invention may also
`be downloaded as a computer program product, wherein the
`program may be transferred from a remote computer to a
`requesting computer.
`FIG. 1 is a block diagram illustrating an embodiment of a
`computer system (system) 100. As illustrated, the system 100
`includes an exemplary machine within which a set of instruc-
`tions, for causing the machine to perform any one or more of
`the methodologies discussed herein, may be executed. The
`system 100 may operate as a standalone device or may be
`connected (e.g., networked) to other machines or systems. In
`a networked deployment, the system 100 could operate in the
`capacity of a server or a client machine in server-client net-
`work environment, or as a peer machine in a peer-to-peer (or
`distributed) network environment. The system 100 may
`include a server computer, a client computer, a personal com-
`puter (PC), a tablet PC, a set-top box (STB), a Personal
`Digital Assistant (PDA), a cellular telephone, a Web appli-
`ance, a network router, switch or bridge, or any machine
`capable of executing a set of instructions (sequential or oth-
`erwise) that specify actions to be taken by that machine.
`Further, while only a single system 100 is illustrated, the term
`“machine” or “system” shall also be taken to include any
`collection of systems or machines that individually or jointly
`execute a set (or multiple sets) of instructions to perform any
`one or more of the methodologies discussed herein.
`The system 100 includes a processor 102 (e.g., a central
`processing unit (CPU), a graphics processing unit (GPU), or
`both), a main memory (memory) 104 and a static memory
`106, which communicate with each other via a bus 108. The
`system 100 further includes a video display unit 110 (e.g., a
`liquid crystal display (LCD) or a cathode ray tube (CRT)).
`The system 100 also includes an alphanumeric input device
`112 (e.g., a keyboard), a cursor control device 114 (e.g., a
`mouse), a disk drive unit 116, a signal generation device 118
`(e. g., a speaker) and a network interface device 120 to connect
`the system 100 with other systems or machines via a network
`(e.g., the Internet) 126.
`The processor 102 may include multiple processors includ-
`ing one or more multi-threaded processors having multiple
`threads or logical processors, and may be capable of process-
`ing multiple instruction sequences concurrently using its
`multiple threads. The processor 102 further includes one or
`more microprocessors, microcontrollers, field programmable
`gate arrays (FPGA), application specific integrated circuits
`(ASIC), central processing units (CPU), programmable logic
`devices (PLD), and similar devices that access instructions
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`
`from system storage (e.g., main memory 104), decode them,
`and execute those instructions by performing arithmetic and
`logical operations. The processor 102 may also include one or
`more internal caches (not shown).
`The bus 108 is known as the host bus or the front side bus,
`and may be used to couple the processors 102 with the system
`interface. The bus 108 may also be coupled with a control bus,
`an address bus, and/or a data bus (not shown). The control
`bus, the address bus, and the data bus may be multidrop
`bi-directional buses, e.g., connected to three or more bus
`agents, as opposed to a point-to-point bus, which may be
`connected only between two bus agents.
`The memory 104 may include a dynamic storage device, a
`random access memory (RAM), or other storage device
`coupled with the bus 108 for storing information and instruc-
`tions 124 to be executed by the processor 102. The memory
`104 is also used for storing temporary variables or other
`intermediate information during execution of instructions
`124 by the processors 102. The static memory 106 may
`include a read only memory (ROM) and/or other static stor-
`age device coupled with the processor 102 via the bus 108 for
`storing static information and instructions for the processor
`102.
`
`The memory 104 includes a wide variety of memory
`devices including read-only memory (ROM), erasable pro-
`grammable read-only memory (EPROM), electrically eras-
`able programmable read-only memory (EEPROM), random
`access memory (RAM), non-volatile random access memory
`(NVRAM), cache memory, flash memory, and other memory
`devices. The memory 104 may also include one or more hard
`disks,
`floppy disks, ZIP disks,
`compact disks
`(e.g.,
`CD-ROM), digital versatile/video disks (DVD), magnetic
`random access memory (MRAM) devices, and other system-
`readable media that store instructions and/or data. The
`
`memory 104 is used to store program modules, such as rou-
`tines, programs, objects, images, data structures, program
`data, and other program modules that perform particular tasks
`or implement particular abstract data types that facilitate sys-
`tem use.
`
`The network interface device 120 may include a modem, a
`network interface card, or other well-known interface
`devices, such as those used for coupling with Ethernet, token
`ring, or other types of physical attachment for purposes of
`providing a communication link to support a local or wide
`area network 126, for example. Stated differently, the system
`100 may be coupled with a number of clients and/or servers
`via a conventional network infrastructure 126, such as a com-
`pany’s Intranet and/or the Internet, for example.
`The disk drive unit 116 may include a machine-readable
`medium 122 on which may be stored one or more sets of
`instructions (e.g., software 124) embodying any one or more
`ofthe methodologies or functions described herein. The soft-
`ware 124 may also reside, completely or at least partially,
`within the memory 104 and/or within the processor 102 dur-
`ing execution thereof by the computer system 100,
`the
`memory 104 and the processor 102 also constituting
`machine-readable media. The software 124 may further be
`transmitted or received over a network 126 via the network
`interface device 120. While the machine-readable medium
`
`122 is illustrated in an exemplary embodiment to be a single
`medium, the term “machine-readable medium” should be
`taken to include a single medium or multiple media (e.g., a
`centralized or distributed database, and/or associated caches
`and servers) that store the one or more sets of instructions.
`The term “machine-readable medium” shall also be taken to
`
`include any medium that is capable of storing, encoding or
`carrying a set of instructions for execution by the machine of
`
`EWS—OO1 135
`
`EWS-001135
`
`

`

`US 7,769,998 B2
`
`5
`the system 100 and that causes the machine to perform any
`one or more of the methodologies of the present invention.
`The term “machine-readable medium” shall accordingly be
`taken to include, but not be limited to, solid-state memories,
`optical and magnetic media.
`While the machine-readable medium 122 is illustrated in
`
`an exemplary embodiment to be a single medium, the term
`“machine-readable medium” should be taken to include a
`
`single medium or multiple media (e.g., a centralized or dis-
`tributed database, and/or associated caches and servers) that
`store the one or more sets of instructions. The term “machine-
`
`readable medium” shall also be taken to include any medium
`that is capable of storing, encoding or carrying a set ofinstruc-
`tions for execution by the machine of the system 100 and that
`causes the machine to perform any one or more of the meth-
`odologies of the present invention. The term “machine-read-
`able medium” shall accordingly be taken to include, but not
`be limited to, solid-state memories, optical and magnetic
`media, and carrier wave signals.
`Furthermore,
`it
`is appreciated that a lesser or more
`equipped computer system than the example described above
`may be desirable for certain implementations. Therefore, the
`configuration of system 100 may vary from implementation
`to implementation depending upon numerous factors, such as
`price constraints, performance requirements, technological
`improvements, and/or other circumstances.
`It should be noted that, while the embodiments described
`herein may be performed under the control of a programmed
`processor, such as the processor 102, in alternative embodi-
`ments, the embodiments may be fully or partially imple-
`mented by any programmable or hardcoded logic, such as
`field programmable gate arrays (FPGAs), Transistor Transis-
`tor Logic (TTL), and application specific integrated circuits
`(ASICs).Additionally, the embodiments ofthe present inven-
`tion may be performed by any combination of programmed
`general-purpose computer components and/or custom hard-
`ware components. Therefore, nothing disclosed herein
`should be construed as limiting the various embodiments of
`the present invention to a particular embodiment wherein the
`recited embodiments may be performed by a specific combi-
`nation of hardware components.
`FIG. 2 is a block diagram illustrating an embodiment of a
`network 200. As illustrated, the network (or architecture) 200
`includes a commerce platform, such as a network-based mar-
`ketplace or trading platform 202, to provide server-side func-
`tionality, via a network 126 (e.g., the Internet) to one or more
`clients, such as client machines 210-212. As illustrated, for
`example, a web client 206 (e. g., a browser, such as the Internet
`Explorer or the Netscape Navigator), and a programmatic
`client 208 may execute on their respective client machines
`210 and 212.
`
`Turning specifically to the network-based marketplace
`202, an application program interface (API) server 214 and a
`web server 21 6 may be coupled to, and provide programmatic
`and web interfaces respectively to, one or more application
`servers 218. The application servers 218 may host one or
`more marketplace applications 220 and payment applications
`222. Furthermore, the application servers 218 are coupled to
`one or more databases servers 224 to facilitate access to one
`or more databases 226.
`
`The marketplace applications 220 provide a number of
`marketplace functions and services to users that access the
`marketplace 202. The payment applications 222, likewise,
`may provide a number of payment services and functions to
`users. The payment applications 222 may allow users to quan-
`tify for, and accumulate, value (e.g., in a commercial cur-
`rency, such as the US. dollar, or a proprietary currency, such
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6
`as “points”) in accounts, and then to redeem the accumulated
`value for products (e.g., goods or services) that are made
`available via the marketplace applications 220. While the
`marketplace and payment applications 220 and 222, as illus-
`trated, both form part of the network-based marketplace 202,
`it will be appreciated that, in alternative embodiments of the
`present invention, the payment applications 222 may form
`part of a payment service that is separate and distinct from the
`marketplace 202.
`Further, while the network 200, as illustrated, may employ
`a client-server architecture, embodiments of the present
`invention are not limited to it, and may equally find applica-
`tions in a distributed, or peer-to-peer, architectures. The vari-
`ous marketplace and payment applications 220 and 222 may
`also be implemented as standalone software programs, which
`do not necessarily have networking capabilities.
`The web client 206, it will be appreciated, may access the
`various marketplace and payment applications 220 and 222
`via the web interface supported by the web server 216. Simi-
`larly, the programmatic client 208 may access the various
`services and functions provided by the marketplace and pay-
`ment applications 220 and 222 via the programmatic inter-
`face provided by the API server 214. The programmatic client
`208 may, for example, be a seller application (e.g., the Tur-
`boLister application developed by eBay Inc., of San Jose,
`Calif.) to enable sellers to author and manage listings on the
`marketplace 202 in an off-line manner, and to perform batch-
`mode communications between the programmatic client 208
`and the network-based marketplace 202.
`The architecture 200 further includes Common Gateway
`Interface (CGI) servers associated with the authorization
`module 232 and the authentication module 234. The authori-
`
`zation module 232 is to perform authorization-related func-
`tions for authorizing users accessing a primary system (e. g., a
`platform-related Website, application, platform, device, tool,
`and site) from a secondary system (e.g., Website, application,
`platform, device, tool, and site). The authorization module
`232 is also for facilitating the user to authorize the secondary
`system to access the primary system and act or perform on
`behalf of the user. The authentication module 234 is to per-
`form authentication-related functions
`for authenticating
`users, prior to authorizing them, to access the primary system
`via the secondary system. Administrative applications/func-
`tions 236 of the architecture 200 are utilized to help perform
`some of the authorization and authentication functions as
`necessitated or desired.
`
`FIG. 3 is a block diagram illustrating an embodiment of
`marketplace and payment applications 220-222. Multiple
`marketplace and payment applications 220-222 are provided
`as part of the network-based marketplace or trading platform
`202, as illustrated and described with respect to FIG. 2. The
`network-based marketplace 202 may provide a number of
`listing and price-setting mechanisms whereby a seller may
`list goods or services for sale, a buyer may express interest in
`or indicate a desire to purchase such goods or services, and a
`price may be set for a transaction pertaining to the goods or
`services. To this end, the marketplace applications 220 may
`include one or more auction applications 302 to support auc-
`tion-format
`listing and price setting mechanisms (e. g.,
`English, Dutch, Vickrey, Chinese, Double, Ascending,
`Reverse and Declining auctions etc.). The various auction
`applications 302 also provide a number of features in support
`of such auction-format listings, such as a reserve price feature
`whereby a seller may specify a reserve price in connection
`with a listing and a proxy-bidding feature whereby a bidder
`may invoke automated proxy bidding.
`
`EWS—OO1 136
`
`EWS-001136
`
`

`

`US 7,769,998 B2
`
`7
`One or more fixed-price applications 304 may support
`fixed-price listing formats (e.g.,
`the traditional classified
`advertisement-type listing or a catalogue listing) and buyout-
`type listings. Specifically, buyout-type listings (e.g., includ-
`ing the Buy-lt-Now (BIN) technology developed by eBay
`lnc., of San Jose, Calif.) may be offered in conjunction with
`an auction-format (or other dynamic pricing format) listing,
`and allow a buyer to purchase goods or services, which are
`also being offered for sale Via an auction, for a fixed-price that
`is typically higher than the starting price of the auction.
`In one embodiment, one or more authorization and authen-
`tication applications 334 are provided to help support the
`authorization and authentication mechanism to authenticate
`
`and authorize users and various systems, applications, and
`tools. The authorization and authentication applications 334
`also perform certain administrative functions to ensure cred-
`ibility, security, reliability, scalability, and availability of the
`system, as a whole, and the process of authorization and
`authentication.
`
`One or more publishing applications 336 are used to pub-
`lish the information relating to auctions, such as the declining
`price auction. For example, in an embodiment where the
`financial instruments are offered for sale over the lntemet, the
`publishing applications 336 may format information about
`the financial instruments in a web page and provide that web
`page over the lntemet to potential buyers. The publishing
`applications 336 may also update the current offer price (e.g.,
`$100) or interest rate (e.g., 10%), as necessary, when the
`current offer price or interest rate is changed using the auction
`applications 302.
`The store applications 306 allow sellers to group their
`listings within a “virtual” store (e.g., a virtual bank), which
`are branded and otherwise personalized by and for the sellers.
`Such a virtual store also offers promotions, incentives and
`features that are specific and personalized to a relevant seller.
`The reputation applications 308 allow parties that transact
`utilizing the network-based marketplace 202 to establish,
`build, and maintain reputations, which are made available and
`published to potential trading partners. Consider that where,
`for example, the network-based marketplace 202 may sup-
`port