Abstract: A method and corresponding system for multicast provisioning of operating systems (OS) at reduced bandwidth. The method includes providing a computing device on a digital communications network. An OS image is stored in the computing device, with the image including data sets or chunks making up one or more phases of a system image. The method continues with associating a single multicast address with each of the data sets. The computing device broadcasts each of the data sets of the image along with the associated multicast address on the network as a repeating loop. The method includes sending a signal from the computing device to a set of nodes on the network to initiate a process for loading the stored image, and in response, operating the nodes to load a multicast installer that listens for the data sets and buffers received data packets in an image cache.

Abstract: A method and apparatus for providing a Web application framework is provided. The framework includes four main components which are used in combination to create Web servers of varying complexity depending on the needs of the end use. The framework includes a Server object, a Handler object, a Properties object, and a Request object. A Server object is created with an initial set of properties and calls a Hander object. The Handler object defines how URL requests are processed by the Web server. When a request appears at the server, the Request object obtains and formats the request for subsequent processing. The Handler object works with the Properties object to process the request. Multiple Handler objects may be chained together to create a Web application that can perform many operations without being restricted to traditional server designs.

Abstract: The Smart Card URL Programming interface (UPI) builds a local web or card server around a card terminal and the inserted smart card. This server can also support secure object storage, which stores serialized, secure signed, compressed objects (or applications or data) for delivery to the card or for off-loading from the card. The secure object storage is also web addressable. The object storage program stores objects with the option of signing and/or encrypting and retrieves objects which may require cryptographic credentials. If a user desires to run applications on a card that exceeds the memory capacity of the card, information about the applications, including pointers and their digital signatures, is acquired and stored on the card by the card server. The card server manages the applications on a card and their movement on and off the card.

Abstract: Architectures that enable different types of security devices to operate interchangeably in very large network environments for authentication and metered access to services are described. The system relies on a lease-based access to the network services. The leasing model supports a smart card type payment for services allowing for payments to be automatically forwarded from the smart card type device to the service whenever a service is leased. To lease a service, the requesting service must first be authenticated using devices like cellular phones, smart cards, Personal Data Assistants, or similar devices that have processing and memory capabilities and in some instances, wireless communication capabilities. Services may enter or exit the environment at will. Devices and services in this environment have public certificates that are used for authentication. Services may customize access to its products to make them available only to desired services.

Abstract: The present invention comprises a method and apparatus for securely providing billable multicast data. The invention describes a solution that provides an architecture for enabling different types of security devices to operate interchangeably in very large consumer networks, corporate networks, for authentication and metered access to services, as well as payment. An embodiment of the invention comprises a mechanism for ensuring that only authorized parties may obtain access to a particular data stream. For example, the present invention provides a way build a restricted-channel system. In a restricted-channel system, a multicast server transmits encrypted information that can be deciphered by authorized multicast client programs or multicast client programs operating under authorized conditions. Access to the multicast data is allowed when the data is appropriately decrypted or otherwise verified and/or the payment is obtained from a portable device such as a smart card.

Abstract: The present invention is a universal secure token scheme that provides two way authentication, credit, debit, and stored value operations. The invention permits the use of universally available networks to access corporate, private, and proprietary devices. The invention provides strong authentication, offers optional encryption of the established session, and operates without requiring special permission to reconfigure firewalls. One application of the invention provides a universal token scheme that can be used in debit and stored value transactions. In one embodiment, devices and services are treated as URLs and a smart card is configured to perform the necessary HTTP protocol to access the URL.

Abstract: A distributed budgeting and accounting system is designed to operate with secure token devices. The secure token devices serve both as electronic currency purses and as secure vehicles for authorization. The distributed budgeting and accounting system allows a budget to be defined for an organization. The budget is implemented via the secure token devices by transferring electronic currency tokens representing portions of the budgets to secure token devices associated with different portions of the organization. The funds may be transferred down a hierarchical organization by transferring funds between respective pairs of secure token devices. Once the budget has been fully distributed, members of the organization may spend electronic currency tokens on their secure token devices to cover the cost of using resources. Each card holder of the secure token device may only spend up to the amount provided on the associated secure token device.

Abstract: A secure token device, such as a smart card or an ibutton, provides a user with a vehicle for accessing services that are provided by an Internet Service Provider (ISP). The user places the secure token device in communication with a reader that is coupled to a computer system. The computer system includes a web browser for accessing the services provided by the ISP. The secure token device may perform an authentication protocol to authenticate itself to the ISP. The ISP may also be required to authenticate itself. The secure token device may hold an electronic currency token for payment of services rendered by the ISP. The secure token device may contain stored personal information about the user. The user may stipulate what portions of this personal information are provided to the ISP upon request. Contextual information regarding sessions with the ISP may also be stored on the secure token device and used to restore a context of a previous session during a subsequent session.

Abstract: A method and apparatus for accessing devices on a network. A URL (Uniform Resource Locator) is utilized on the internet to specify the application protocol (e.g., http), the domain name (e.g., www.sun.com), and file location (e.g., /users/hcn/index.html). One or more embodiments of the invention provide for accessing devices on a network and the internet by utilizing the URL and HTTP. By specifying the desired device action in the URL, it is unnecessary to create a plug-in or modify the browser for the resource. Each device or resource is connected to the network and is configured with a small amount of computer code that identifies the relevant commands that may be used to control the device. Additionally, the resource is configured to operate upon receiving the specified commands in the URL address that identifies the resource.

Abstract: A method and apparatus for providing modular I/O expansion. Apparatus are provided on a host computing device and an expansion unit to support multiple port types, and multiplexing apparatus are provided to support simultaneous I/O sessions between multiple applications on the host computing device and multiple I/O ports on the expansion unit over a single host I/O port. The expansion unit is equipped with one or more port interface modules that are each configured to support data transmission in accordance with one port type from a set of port types. Apparatus on the expansion unit perform multiplexing and demultiplexing of data transmitted between the host computing device and the port interface modules of the expansion unit. Port interface objects in the host computing device each support data transmission in accordance with one port type from the set of port types.

Abstract: The present invention comprises a distributed display panel that accepts personal computing devices. The personal computing device can drive the distributed display panel so that the combination functions as a computer terminal. The CPU is not in the distributed display panel but in the portable computing device carried by the user. This approach allows the user to effectively carry computer in the user's pocket and use generic services on the computer network. The distributed display panel device consists of memory and an interface to an external port into which the personal computing device can be inserted. Once the personal computing device is inserted the personal computing device is recognized and connections are made to the distributed display panel and to a network. From this point computing is performed on the personal computing device. Since the CPU of the personal computing device is known and trusted (since it belongs to the user) the computing environment is highly trusted.