throbber
111111111111111111111111111111111111111111111111111111111111111111111111111
`US007490151B2
`
`c12) United States Patent
`Munger et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 7,490,151 B2
`Feb.10,2009
`
`(54) ESTABLISHMENT OF A SECURE
`COMMUNICATION LINK BASED ON A
`DOMAIN NAME SERVICE (DNS) REQUEST
`
`(75)
`
`Inventors: Edward Colby Munger, Crownsville,
`MD (US); Robert Dunham Short, III,
`Leesburg, VA (US); Victor Larson,
`Fairfax, VA (US); Michael Williamson,
`South Riding, VA (US)
`
`(73) Assignee: Virnetx Inc., Scotts Valley Drive, CA
`(US)
`
`( *) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 818 days.
`
`(21) Appl. No.: 10/259,494
`
`(22) Filed:
`
`Sep.30,2002
`
`(65)
`
`Prior Publication Data
`
`US 2003/0037142 Al
`
`Feb.20,2003
`
`Related U.S. Application Data
`
`(60) Division of application No. 09/504,783, filed on Feb.
`15, 2000, now Pat. No. 6,502,135, which is a continu(cid:173)
`ation-in-part of application No. 09/429,643, filed on
`Oct. 29, 1999, now Pat. No. 7,010,604.
`
`(60) Provisional application No. 60/137,704, filed on Jun.
`7, 1999, provisional application No. 60/106,261, filed
`on Oct. 30, 1998.
`
`(51)
`
`Int. Cl.
`G06F 151173
`(2006.01)
`(52) U.S. Cl. ....................................... 709/225; 709/229
`(58) Field of Classification Search ......... 709/217-225,
`709/229; 713/201
`See application file for complete search history.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`4,933,846 A
`
`6/1990 Humphrey eta!.
`
`(Continued)
`
`FOREIGN PATENT DOCUMENTS
`
`DE
`
`199 24 575
`
`12/1999
`
`(Continued)
`
`OTHER PUBLICATIONS
`
`Search Report (dated Aug. 23, 2002), International Application No.
`PCT/USOl/13260.
`
`(Continued)
`
`Primary Examiner-Krisna Lim
`(74) Attorney, Agent, or Firm-McDermott Will & Emery
`
`(57)
`
`ABSTRACT
`
`A plurality of computer nodes communicate using seemingly
`random Internet Protocol source and destination addresses.
`Data packets matching criteria defined by a moving window
`of valid addresses are accepted for further processing, while
`those that do not meet the criteria are quickly rejected.
`Improvements to the basic design include (1) a load balancer
`that distributes packets across different transmission paths
`according to transmission path quality; (2) a DNS proxy
`server that transparently creates a virtual private network in
`response to a domain name inquiry; (3) a large-to-small link
`bandwidth management feature that prevents denial-of-ser(cid:173)
`vice attacks at system chokepoints; (4) a traffic limiter that
`regulates incoming packets by limiting the rate at which a
`transmitter can be synchronized with a receiver; and (5) a
`signaling synchronizer that allows a large number of nodes to
`communicate with a central node by partitioning the commu(cid:173)
`nication function between two separate entities.
`
`16 Claims, 35 Drawing Sheets
`
`Petitioner Apple - Ex. 1001, p. 1
`
`

`
`US 7,490,151 B2
`Page 2
`
`U.S. PATENT DOCUMENTS
`
`4,988,990 A
`5,164,986 A *
`5,276,735 A
`5,311,593 A
`5,329,521 A
`5,341,426 A
`5,367,643 A
`5,559,883 A
`5,561,669 A
`5,588,060 A
`5,625,626 A
`5,654,695 A
`5,682,480 A
`5,689,566 A
`5,740,375 A
`5,774,660 A
`5,787,172 A
`5,790,548 A *
`5,796,942 A
`5,805,801 A
`5,842,040 A
`5,845,091 A
`5,867,650 A
`5,870,610 A
`5,878,231 A
`5,892,903 A
`5,898,830 A *
`5,905,859 A
`5,918,019 A
`5,996,016 A
`6,006,259 A
`6,006,272 A
`6,016,318 A
`6,016,512 A
`6,041,342 A
`6,052,788 A
`6,055,574 A
`6,061,736 A
`6,079,020 A *
`6,092,200 A
`6,101,182 A *
`6,119,171 A
`6,119,234 A *
`6,147,976 A
`6,157,957 A
`6,158,011 A
`6,168,409 Bl
`6,175,867 Bl
`6,178,409 Bl
`6,178,505 Bl
`6,179,102 Bl
`6,222,842 Bl
`6,226,751 Bl
`6,233,618 Bl
`6,243,360 Bl
`6,243,749 Bl
`6,243,754 Bl
`6,256,671 Bl *
`6,263,445 Bl
`6,286,047 Bl
`6,301,223 Bl
`6,308,274 Bl
`6,311,207 Bl
`6,324,161 Bl
`6,330,562 Bl
`6,332,158 Bl *
`6,353,614 Bl
`6,425,003 Bl *
`6,430,155 Bl
`6,430,610 Bl
`6,487,598 Bl
`
`111991 Warrior
`1111992 Bright ........................ 380/273
`111994 Boebert et a!.
`5/1994 Carmi
`7/1994 Walsh eta!.
`8/1994 Barney eta!.
`1111994 Chang et al.
`9/1996 Williams
`10/1996 Lenney et a!.
`12/1996 Aziz
`4/1997 Umekita
`8/1997 Olnowich eta!.
`10/1997 Nakagawa
`1111997 Nguyen
`4/1998 Dunne eta!.
`6/1998 Brendel et a!.
`7 I 1998 Arnold
`8/1998 Sistanizadeh eta!. ....... 370/401
`8/1998 Esbensen
`9/1998 Holloway eta!.
`1111998 Hughes eta!.
`12/1998 Dunne eta!.
`211999 Osterman
`2/1999 Beyda eta!.
`3/1999 Baehr eta!.
`4/1999 Klaus
`4/1999 Wesinger et al ............... 726/15
`5/1999 Holloway eta!.
`6/1999 Valencia
`1111999 Thalheimer eta!.
`12/1999 Adelman et al.
`12/1999 Aravamudan eta!.
`112000 Tomoike
`112000 Huitema
`3/2000 Yamaguchi
`4/2000 Wesinger, Jr. eta!.
`4/2000 Smorodinsky et al.
`5/2000 Rochberger eta!.
`6/2000 Liu ............................ 713/201
`7/2000 Muniyappa eta!.
`8/2000 Sistanizadeh eta!. ....... 370/352
`9/2000 Alkhatib
`. ................. 713/201
`9/2000 Aziz et al.
`1112000 Shand et a!.
`12/2000 Berthaud
`12/2000 Chen eta!.
`112001 Fare
`112001 Taghadoss
`112001 Weber et al.
`112001 Schneider et a!.
`112001 Weber et al.
`4/2001 Sasyan et a!.
`5/2001 Arrow et al.
`5/2001 Shannon
`6/2001 Basilico
`6/2001 Sitaraman et al.
`6/2001 Guerin eta!.
`7/2001 Strentzsch eta!. .......... 709/227
`7/2001 Blumenau
`9/2001 Ramanathan et a!.
`10/2001 Hrastar et al.
`10/2001 Swift
`10/2001 Mighdoll et al.
`1112001 Kirch
`12/2001 Boden et al.
`12/2001 Risley eta!. ................ 709/219
`3/2002 Borella et al.
`7/2002 Herzog et al ................ 709/223
`8/2002 Davie et al.
`8/2002 Carter
`1112002 Valencia
`
`6,502,135 Bl *
`6,505,232 Bl
`6,510,154 Bl
`6,549,516 Bl
`6,557,037 Bl
`6,571,296 Bl
`6,571,338 Bl
`6,581,166 Bl
`6,606,708 Bl *
`6,618,761 B2
`6,671,702 B2
`6,687,551 B2
`6,714,970 Bl
`6,717,949 Bl
`6,751,738 B2 *
`6,760,766 Bl
`6,826,616 B2
`6,839,759 B2
`7,010,604 Bl
`7,133,930 B2
`7,188,180 B2
`7,197,563 B2
`2002/0004898 Al
`2003/0196122 Al *
`2005/0055306 Al
`2006/0059337 AI*
`
`12/2002 Munger eta!. .............. 709/225
`112003 Mighdoll eta!.
`112003 Mayes eta!.
`4/2003 Albert et al.
`4/2003 Provino
`5/2003 Dillon
`5/2003 Shaio eta!.
`6/2003 Hirst eta!.
`8/2003 Devine et a!. ............... 713/201
`9/2003 Munger et a!.
`12/2003 Kruglikov et al.
`2/2004 Steindl
`3/2004 Fiveash et a!.
`4/2004 Boden eta!.
`6/2004 Wesinger eta!. ............ 713/201
`7/2004 Sahlqvist
`1112004 Larson et a!.
`112005 Larson et a!.
`3/2006 Munger et a!.
`1112006 Munger et a!.
`3/2007 Larson et a!.
`3/2007 Sheymov eta!.
`112002 Droge
`10/2003 Wesinger eta!. ............ 713/201
`3/2005 Miller et a!.
`3/2006 Poyhonen eta!. ........... 713/165
`
`FOREIGN PATENT DOCUMENTS
`
`EP
`EP
`EP
`EP
`EP
`EP
`GB
`GB
`GB
`GB
`wo
`wo
`wo
`wo
`wo
`wo
`wo
`wo
`wo
`wo
`
`0 814 589
`0 814 589 A
`0 838 930
`0 838 930 A
`836306 Al
`0 858 189
`2 317 792
`2317792 A
`2 334 181 A
`2334181 A
`9827783 A
`wo 98/27783
`W09827783 A
`wo 98 55930
`wo 98 59470
`wo 99 38081
`wo 99 48303
`wo 00/17775
`wo 00/70458
`wo 01 50688
`
`12/1997
`12/1997
`4/1998
`4/1998
`4/1998
`8/1998
`4/1998
`4/1998
`8/1999
`8/1999
`6/1998
`6/1998
`6/1998
`12/1998
`12/1998
`7/1999
`9/1999
`3/2000
`1112000
`7/2001
`
`OTHER PUBLICATIONS
`
`Donald E. Eastlake, 3'd, "Domain Name System Security Exten(cid:173)
`sions", Internet Draft, Apr. 1998, pp. 1-51.
`D. B. Chapman et al., "Building Internet Firewalls", Nov. 1995, pp.
`278-375.
`P. Srisuresh et al., "DNA extensions to Network address Translators
`(DNS_ALG)", Internet Draft, Jul. 1998, pp. 1-27.
`James E. Bellaire, "New Statement of Rules-Naming Internet
`Domains", Internet Newsgroup, Jul. 30, 1995, 1 page.
`D. Clark, "US Calls for Private Domain-Name System", Computer
`Society, Aug. 1, 1998, pp. 22-25.
`August Bequai, "Balancing Legal Concerns Over Crime and Security
`in Cyberspace", Computer & Security, vol. 17, No.4, 1998, pp.
`293-298.
`Rich Winkel, "CAQ: Networking With Spooks: The NET & The
`Control Of Information", Internet Newsgroup, Jun. 21, 1997, 4
`pages.
`Search Report (dated Jun. 18, 2002), International Application No.
`PCT/US01113260.
`Search Report (dated Jun. 28, 2002), International Application No.
`PCT/US01113261.
`Donald E. Eastlake, "Domain Name System Security Extensions",
`DNS Security Working Group, Apr. 1998, 51 pages.
`
`Petitioner Apple - Ex. 1001, p. 2
`
`

`
`US 7,490,151 B2
`Page 3
`
`D. B. Chapman eta!., "Building Internet Firewalls", Nov. 1995, pp.
`278-297 andpp. 351-375.
`P. Srisuresh eta!., "DNS extensions to Network Address Translators",
`Jul. 1998, 27 pages.
`Laurie Wells, "Security Icon", Oct. 19, 1998, 1 page.
`W. Stallings, "Cryptography And Network Security", 2nd Edition,
`Chapter 13, IP Security, Jun. 8, 1998, pp. 399-440.
`W. Stallings, "New Cryptography and Network Security Book", Jun.
`8, 1998, 3 pages.
`Search Report (dated Aug. 20, 2002), International Application No.
`PCT/USOl/04340.
`Shree Murthy et a!., "Congestion -Oriented Shortest Multi path Rout(cid:173)
`ing", Proceedings ofiEEE Infocom, 1996, pp. 1028-1036.
`Jim Jones eta!., "Distributed Denial of Service Attacks: Defenses",
`Global Integrity Corporation, 2000, pp. 1-14.
`Fasbender, Kesdogan, and Kubitz: "Variable and Scalable Security:
`Protection of Location Information in Mobile IP", IEEE publication,
`1996, pp. 963-967.
`Laurie Wells (Lancasterbibelmail MSN COM); "Subject: Security
`Icon" Usenet Newsgroup, Oct. 19, 1998, XP002200606.
`Davila Jet a!, "Implementation of Virtual Private Networks at the
`Transport Layer", Information Security, Second International Work(cid:173)
`shop, ISW '99. Proceedings (Lecture Springer-Verlag Berlin, Ger(cid:173)
`many, [Online] 1999, pp. 85-102, XP002399276, ISBN 3-540-
`66695-B, retrieved from the Internet: URL: http:/ /www.springerlink.
`com/ content/ 4uac0tb0heccma89 /full text. pdf> (Abstract).
`Alan 0. Frier eta!., "The SSL Protocol Version 3.0", Nov. 18, 1996,
`printed from http://www.netscape.com/eng/ssll3/ draft302.txt on
`Feb. 4, 2002, 56 pages.
`Davila Jet a!, "Implementation of Virtual Private Networks at the
`Transport Layer", Information Security, Second International Work(cid:173)
`shop, ISW'99. Proceedings (Lecture Springer-Verlag Berlin, Ger-
`
`many, [Online] 1999, pp. 85-102, XP002399276, ISBN 3-540-
`66695-B, retrieved from the Internet: URL: http://www. springerlink.
`com/content/4uac0tb0hecoma89/fulltext.pdf>.
`Do lev, Shlomi and Ostrovsky, Rafil, Efficient Anonymous Multicast
`and Reception (Extended Abstract), 16 pages.
`F. Halsall, "Data Communications, Computer Networks and Open
`Systems", Chapter 4, Protocol Basics, 1996, pp. 198-203.
`Glossary for the Linux FreeS/WAN project, printed from http://
`liberty.freeswan.org/freeswan_trees/freeswan-1.3/
`doc/ glossary.
`htrnl on Feb. 21, 2002, 25 pages.
`J. Gilmore, "Swan: Securing the Internet against Wiretapping",
`printed from http:/ /liberty.freeswan.org/freeswan_trees/freeswan-1.
`3.doc/rationale.html on Feb. 21, 2002, 4 pages.
`Linux FreeS/WAN Index File, printed from http://liberty.freewan.
`org/freeswan trees/freeswan-1.3/doc/ on Feb. 21, 2002, 3 pages.
`Reiter, Michael K. and Rubin, Aviel D. (AT&T Labs-Research),
`Crowds: Anonymity for Web Transactions, pp. 1-23.
`RFC 240 !-Security Architecture for the Internet Protocol (RTP).
`RFC 2543-SIP: Session Initiation Protocol (SIP or SIPS).
`Rubin, Aviel D., Geer, Daniel, and Ranum, Marcus J. (Wiley Com(cid:173)
`puter Publishing), "Web Security Sourcebook", pp. 82-94.
`Search Report, IPER (dataed Nov. 13, 2002), International Applica(cid:173)
`tion No. PCT/USOl/04340.
`Search Report, IPER (dated Feb. 6, 2002), International Application
`No. PCT/USOl/13261.
`Search Report, IPER (dated Jan. 14, 2003), International Application
`No. PCT/USOl/13260.
`Shankar, A.U. "A verified sliding window protocol with variable flow
`control". Proceedings of ACM SIGCOMM conference on Commu(cid:173)
`nications architectures & protocols. pp. 84-91, ACM Press, NY,NY
`1986.
`* cited by examiner
`
`Petitioner Apple - Ex. 1001, p. 3
`
`

`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 1 of 35
`
`US 7,490,151 B2
`
`100
`
`ORIGINATING
`TERMINAL
`
`ENCRYPTION KEY
`
`110
`
`FIG. 1
`
`Petitioner Apple - Ex. 1001, p. 4
`
`

`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 2 of 35
`
`US 7,490,151 B2
`
`100
`
`TARP
`TERMINAL
`
`TARP
`ROUTER
`
`SESSION KEY
`
`110
`
`FIG. 2
`
`Petitioner Apple - Ex. 1001, p. 5
`
`

`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 3 of 35
`
`US 7,490,151 B2
`
`• • •
`
`INTERLEAVED
`PAYLOAD DATA
`320
`
`y
`INTERLEAVE WINDOW 320
`
`SESSION-KEY-ENCRYPTED
`PAYLOAD DATA 330
`
`TARP PACKET WITH
`ENCRYPTED PAYLOADS 340
`
`LINK-KEY-ENCRYPTED
`TARP PACKETS 350
`
`:_::: /·.:Xt:.:_::.:::·.:·;:
`IP
`~...:....:......~~.....:...J L-~~:..,;......:...~ C .. · .. ::.-_::.·.:::·::.:.·,
`
`IP PACKETS WI ENCRYPTED
`TARPPACKETSAS
`PAYLOAD 360
`
`TARP
`DESTINATION
`
`FIG.3A
`
`Petitioner Apple - Ex. 1001, p. 6
`
`

`
`207d •••
`
`DATA STREAM 300
`
`• • •
`
`DUMMY BLOCKS OR DATA
`MAYBE ADDED
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`
`?' ....
`
`~0
`N
`0
`0
`\0
`
`.: 1 ... ;·. 4. :.:t-. 7 '':.1 F2 ·.{·5·-:::·t·:a· ·'J 1·: 3 ·:r·· 6 ···~·· 9 :.
`:: . · :r:· .. :'.1::
`'::. L..:..:.:r:
`.::,::
`.': j _:: . · :r:· ...... , .. : .'::
`\..
`A
`B
`C
`_;
`
`ENCRYPTED BLOCK DIVIDED
`INTO PAYLOADS INTERLEAVED 523
`
`f....,...,...,../'/:,.,...,....,....··/~.....,.......,.:::,:;; . ...,..__,·;.:,:·::l
`
`INTERLEAVE WINDOW 517
`[·?:::,\~:):'(\)
`
`r···:::, · ·:.:::·.: ,.
`:·:·:.::· .. :: ·. G ·: ·::·:: ... :·
`
`1
`
`ENCRYPTED BLOCK DIVIDED
`INTO PAYLOADS INTERLEAVED 523
`
`TARP PACKETS WITH
`ENCRYPTED PAYLOADS 340
`
`FIG. 38
`
`rJ1 =(cid:173)
`......
`.j;o.
`
`('D
`('D
`
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 7
`
`

`
`TARP TRANSCEIVER 405
`
`NETWORK (IP) LAYER 410
`t
`415
`I
`
`I IP I
`
`J
`
`OTHER ALTERNATIVE
`TO COMBINE TARP
`PROCESSING
`WITH D.L. PROCESSOR
`(E.G., BURN INTO BOARD
`PROM)
`
`TARP LAYER 420
`t
`.
`f.·
`. ... . . ·.j
`IPc : .. ·.-· .:. :·::.=-:·.A.:':··::.:.::.:::·
`.... : .. ·. ·.: ·:: ...... · ... :: ~ :·: : .
`I
`
`DATA LINK LAYER 430
`
`ONE ALTERNATIVE TO
`COMBINE
`TARP PROCESSING
`WITH 0/S IP
`PROCESSOR
`
`I
`I
`• ..... _. .. · ...... ·: .. " . · I
`I
`I
`'-------------------~----
`
`r-----i:;~;~~~~~~~~=i:;-1
`______ .J IIPc l·: _.· .. ·.-:.:.·:A··:.· .... ··.:·.: J
`' ' ' ' ' I
`DATA LINK PROTOCOL
`WRAPPER450
`
`FIG. 4
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`"'f'j
`('D
`?'
`......
`~0
`N
`0
`0
`\0
`
`('D
`('D
`
`rJ1 =(cid:173)
`......
`Ul
`0 ......
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 8
`
`

`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 6 of 35
`
`US 7,490,151 B2
`
`'
`
`BACKGROUND LOOP-DECOY 1'--
`GENERATION
`
`so
`
`AUTHENTICATE TARP PACKET
`
`['\_ S2
`
`OUTER LAYER DECRYPTION OF ['\_
`S3
`TARP PACKET USING LINK KEY
`
`CHECK FOR DECOY AND
`INCREMENT PERISHABLE DECOY \._ S4
`COUNTER AS APPROPRIATE
`
`NO
`
`NO
`
`TRANSMIT DECOY?
`
`YES
`
`DECREMENT
`TIL TTL>O?
`
`YES
`
`S5
`
`S7
`
`S6
`/
`
`DUMP DECOY
`
`)9
`
`DETERMINE DESTINATION TARP
`ADDRESS AND STORE LINK KEY
`AND IP ADDRESS
`
`GENERATE NEXT-HOP TARP
`ADDRESS AND STORE LINK KEY \._
`S8
`AND IP ADDRESS
`
`GENERATE NEXT-HOP TARP
`ADDRESS AND STORE LINK KEY \..
`S10
`AND IP ADDRESS
`
`GENERATE IP HEADER
`AND TRANSMIT
`
`\._
`S11
`
`FIG. 5
`
`Petitioner Apple - Ex. 1001, p. 9
`
`

`
`U.S. Patent
`
`Feb. 10,2009
`
`Sheet 7 of 35
`
`US 7,490,151 B2
`
`BACKGROUND LOOP-DECOY
`GENERATION
`
`~ S20
`
`r
`GROUP RECEIVED IP PACKETS
`INTO INTERLEAVE WINDOW
`
`i\..
`S21
`
`r
`DETERMINE DESTINATION TARP
`ADDRESS, INITIALIZE TTL, STORE
`IN TARP HEADER
`
`i\_
`S22
`
`RECORD WINDOW SEQ. NOS. AND
`INTERLEAVE SEQ. NOS IN TARP
`HEADERS
`
`~
`S23
`
`CHOOSE FIRST HOP TARP
`ROUTER, LOOK UP IP ADDRESS ~
`S24
`AND STORE IN CLEAR IP HEADER,
`OUTER LAYER ENCRYPT
`
`INSTALL CLEAR IP HEADER
`AND TRANSMIT
`
`~
`S25
`
`FIG. 6
`
`Petitioner Apple - Ex. 1001, p. 10
`
`

`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 8 of 35
`
`US 7,490,151 B2
`
`S49
`/
`DIVIDE BLOCK INTO PACKETS
`USING WINDOW SEQUENCE DATA,
`ADD CLEAR IP HEADERS
`GENERATED FROM TARP
`HEADERS
`
`HAND COMPLETED IP PACKETS
`TO IP LAYER PROCESS
`
`S40
`)
`BACKGROUND LOOP-DECOY
`GENERATION
`
`S42
`/
`AUTHENTICATE TARP PACKET
`RECEIVED
`
`DECRYPT OUTER LAYER
`ENCRYPTION WITH LINK KEY
`S44
`)
`INCREMENT PERISHABLE
`COUNTER IF DECOY
`
`S45
`/
`THROW AWAY DECOY OR KEEP
`IN RESPONSE TO ALGORITHM
`S46
`)
`CACHE TARP PACKETS UNTIL
`WINDOW IS ASSEMBLED
`
`DEINTERLEAVE PACKETS
`FORMING WINDOW
`
`DECRYPT BLOCK
`
`FIG. 7
`
`Petitioner Apple - Ex. 1001, p. 11
`
`

`
`CLIENT TERMINAL
`801
`
`SSYN PACKET 821
`
`SSYN ACK PACKET 822
`
`SSYN ACK ACK PACKET 823
`
`SECURE SESSION INITIATION 824
`
`SECURE SESSION INITIATION ACK 825
`
`FIG. 8
`
`-------/\
`------- ~
`
`..:{
`
`/
`
`TARP
`ROUTER
`811 -
`
`/
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`?'
`....
`
`~0
`N
`0
`0
`\0
`
`('D
`
`rJ1 =-('D
`.....
`\0
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 12
`
`

`
`CLIENT 1
`901
`
`TRANSMIT TABLE 921
`
`131.218.204.98
`131.218.204.221
`131.218.204.139
`131.218.204.12
`
`131.218.204.65
`131.218.204.97
`131.218.204.186
`131.218.204.55
`
`RECEIVE TABLE 922
`
`131.218.204.161
`131.218.204.66
`131.218.204.201
`131.218.204.119
`
`131.218.204.89
`131.218.204.212
`131.218.204.127
`131.218.204.49
`
`RECEIVE TABLE 924
`
`131.218.204.98
`131.218.204.221
`131.218.204.139
`131.218.204.12
`
`I
`
`I
`
`I
`
`131.218.204.65
`131.218.204.97
`131.218.204.186
`131.218.204.55
`
`TRANSMIT TABLE 923
`
`131.218.204.161
`131.218.204.66
`131.218.204.201
`131.218.204.119
`
`131.218.204.89
`131.218.204.212
`131.218.204.127
`131.218.204.49
`
`FIG. 9
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`"'f'j
`('D
`?'
`......
`~0
`N
`0
`0
`\0
`
`('D
`('D
`
`rJ1 =(cid:173)
`......
`......
`0
`0 ......
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""'"' u.
`""'"' = N
`
`Petitioner Apple - Ex. 1001, p. 13
`
`

`
`CLIENT
`
`1001
`
`1022
`
`FIG. 10
`
`1011
`
`1012
`
`1013
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`
`?' ....
`
`~0
`N
`0
`0
`\0
`
`('D
`('D
`
`rJ1 =(cid:173)
`.....
`....
`....
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 14
`
`

`
`1160-.
`
`ETHERNET FRAME
`HEADER
`SRC. HW ADDRESS: 53
`DE ST. HW ADDRESS: 88
`IP PACKET
`HEADER
`SOURCE IP ADDRESS: 71
`DEST. IP ADDRESS: 91
`DISCRIM FIELD: 45
`
`PAYLOAD #3
`
`>1104
`
`>1105
`
`IP3
`
`1150-.
`
`11 01-<
`
`-
`
`1102-<
`
`IP1
`
`1103-<
`
`IP2
`
`ETHERNET FRAME
`HEADER
`SRC. HW ADDRESS: 53
`DEST. HW ADDRESS: 88
`IP PACKET
`HEADER
`SOURCE IPADDRESS: 10
`DEST.IPADDRESS: 14
`DISCRIM FIELD: 77
`
`PAYLOAD#1
`
`IP PACKET
`HEADER
`SOURCE IP ADDRESS: 13
`DEST. IP ADDRESS: 15
`DISCRIM FIELD: 13
`
`PAYLOAD #2
`
`~
`
`1101A
`1101B
`
`1102A
`1102B
`1102C
`
`1110
`
`.
`
`1104A
`1104B
`
`1105A
`1105B
`1105C
`
`1113
`
`...,__
`1103A
`1103B
`1103C
`
`1112
`
`FIG. 11
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`"'f'j
`('D
`?'
`.....
`~0
`N
`0
`0
`\0
`
`('D
`('D
`
`rJ1 =(cid:173)
`......
`.....
`N
`0 ......
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`"""" u.
`"""" = N
`
`Petitioner Apple - Ex. 1001, p. 15
`
`

`
`1201
`
`1202
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`1204
`\
`
`1205
`\
`
`....l...
`
`12\
`USER
`APPLICATION
`
`ISO
`-
`STACK _,
`yzx,..----- 121~~
`1208X
`121~X
`\
`IPHOP ALGA I IPHOP ALG B HWHOP ALG C I HWHOP ALG D I
`(TX)
`(TX)
`(RX)
`(RX)
`S 0 OS
`S 0 OS
`S D
`S 0
`10 14 77
`57 98 40
`3 40
`53 88
`13 15 13
`71 91 45
`72 51
`31 56
`19 18 19
`89 6 82
`15 53
`14 17
`22 6 98
`81 62 5
`99 45
`87 49
`28 36 12
`18 14 26
`59 98
`60 19
`4 29 20
`22 86 62
`37 3
`51 91
`J
`J
`~
`~
`\
`\
`(
`(
`1208
`1209
`1211
`1210
`
`W1
`
`'t- W2
`
`FIG. 12A
`
`1206 1207
`\
`\
`00
`
`ETHERNET
`\
`
`1215 1214
`J ;
`CffiD
`
`1216
`)
`rL
`
`1217
`;
`
`1218
`;
`USER
`ISO
`STACK r-- APPLICATION
`
`r ......
`122~X /122~X~ 1224X
`\
`IPHOP ALG B I IPHOP ALGA
`HWHOP ALG D I HWHOP ALG C I
`(TX)
`(TX)
`(RX)
`(RX)
`S 0
`S D
`S 0 OS
`S D DS
`53 88
`3 40
`71 91 45
`57 98 40
`10 14 77
`3 40
`53 88
`89 6 82
`31 56
`72 51
`13 15 13
`81 62 5
`18 14 26 r 19 18 19
`14 17
`15 53
`99 45
`22 86 62
`22 6 98
`87 49
`59 98
`76 10 8
`28 36 12
`60 19
`J
`J
`~
`~
`\
`\
`(
`(
`1223
`1224
`1221
`1222
`
`1--....._
`
`t- W4
`
`W3
`
`""f'j
`('D
`
`?' ....
`
`~0
`N
`0
`0
`\0
`
`('D
`('D
`
`rJ1 =(cid:173)
`.....
`....
`0 .....
`(.H
`Ul
`
`(.H
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 16
`
`

`
`MODE
`OR
`EMBODIMENT
`
`1. PROMISCUOUS
`
`2. PROMISCUOUS
`PERVPN
`
`3. HARDWARE
`HOPPING
`
`HARDWARE
`ADDRESSES
`
`SAME FOR ALL NODES
`OR COMPLETELY
`RANDOM
`
`FIXED FOR EACH VPN
`
`CAN BE VARIED
`IN SYNC
`
`IP ADDRESSES
`
`CAN BE VARIED
`IN SYNC
`
`CAN BE VARIED
`IN SYNC
`
`CAN BE VARIED
`IN SYNC
`
`DISCRIMINATOR FIELD
`VALUES
`
`CAN BE VARIED
`IN SYNC
`
`CAN BE VARIED
`IN SYNC
`
`CAN BE VARIED
`IN SYNC
`
`- -
`
`·- ..
`
`-
`
`FIG. 128
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`
`?' ....
`
`~0
`N
`0
`0
`\0
`
`('D
`('D
`
`rJ1 =(cid:173)
`.....
`....
`0 .....
`(.H
`Ul
`
`,j;o,.
`
`d
`rJl
`-....l
`~
`\C
`-..=
`"""" u.
`"""" = N
`
`Petitioner Apple - Ex. 1001, p. 17
`
`

`
`
`
`
`
`zg1s1‘0617‘LSn9;J091wells6002‘0I‘cm11191134‘Sn
`
`1304
`
`CLIENTB
`
`
`IP SOURCE ADDRESS
`
`IP DEST. ADDRESS
`
`SYNC VALUE
`(PUBLIC PORTION)
`
`
` 1305
`
`
`YES
`
`PROCESS
`PACKET
`
`— S
`
`1311
`
`YNC VALUE
`(PRIVATE PORTION)
`
`PACKET
`
`FIG. 13
`
`Petitioner Apple - EX. 1001, p. 18
`
`Petitioner Apple - Ex. 1001, p. 18
`
`

`
`CURRENT IP PAIR~--- __
`ckpt_o ~-----
`ckpt n ~--- ------
`-----
`-
`ckpt_r
`
`TRANSMITIER
`
`--------------------
`---
`---------- -- _....._ WINDOW
`-----
`------------
`_
`----
`---------------~:-------
`------- -- --
`
`.
`
`IP PAIR 1
`IP PAIR 2
`•
`•
`IP PAIR W _.~
`---------.. ckpt o
`-----------. . ckp(n
`ckpt_r
`RECEIVER
`
`1
`
`I I
`
`I
`
`r IP PAIR 1 )
`I
`IPPAIR2
`
`WINDOW --<
`
`~ ~
`
`CURRENT IP PAIR
`
`• • •
`IP PAIR W )
`~~~~ :: _____ :_ ------------------------------~--~------:~~~~~
`
`RECEIVER
`
`SENDER'S ISP
`
`TRANSMITIER
`
`RECIPIENTS ISP
`
`KEPT IN SYNC FOR SENDER TO RECIPIENT SYNCHRONIZER
`KEPT IN SYNC FOR RECIPIENT TO SENDER SYNCHRONIZER
`
`-4------------------------+-
`
`FIG. 14
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`
`?' ....
`
`~0
`N
`0
`0
`\0
`
`('D
`('D
`
`rJ1 =(cid:173)
`.....
`....
`0\
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 19
`
`

`
`@
`
`@WHEN SYNCHRONIZATION
`BEGINS TRANSMIT (RETRANSMIT
`PERIODICALLY UNTILACKed)
`SYNC_REQ USING NEW
`TRANSMITIER CHECKPOINT IP
`PAIR ckpt_n AND GENERATE
`NEW RECEIVER RESPONSE
`CHECKPOINT ckpt_r
`
`#
`
`#WHEN SYNC_ACK
`ARRIVES WITH INCOMING
`HEADER = ckpt_r:
`GENERATE NEW
`CHECKPOINT IP PAIR
`ckpt_n IN TRANSMITIER
`
`......_!w
`
`I - . . . -
`
`"t
`
`t
`
`*WHEN SYNC_REQ ARRIVES
`WITH INCOMING HEADER=
`RECEIVER·s ckpt_n:
`W
`• UPDATE WINDOW
`I GENERATE NEW
`CHECKPOINT IP PAIR
`ckpt_n IN RECEIVER
`• GENERATE NEW
`CHECKPOINT IP PAIR
`ckpt_r IN TRANSMITTER
`• TRANSMIT SYNC ACK
`USING NEW CHECKPOINT
`IP PAIR ckpt_r
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`?'
`....
`
`~0
`N
`0
`0
`\0
`
`g
`:
`~
`:
`u.
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`FIG. 15
`
`Petitioner Apple - Ex. 1001, p. 20
`
`

`
`U.S. Patent
`
`Feb. 10,2009
`
`Sheet 18 of 35
`
`US 7,490,151 B2
`
`00
`
`(j)
`~ u
`0
`__J co
`en en
`
`LU
`0::::
`0
`0
`<C
`<C
`0
`~
`:z:
`:5
`t-w
`:z:
`0:::: w
`:r:
`t-
`~
`
`LO
`0')
`CJ
`-.;;f"
`
`<0
`
`~
`
`(9
`LL
`
`Petitioner Apple - Ex. 1001, p. 21
`
`

`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 19 of 35
`
`US 7,490,151 B2
`
`INACTIVE
`ACTIVE
`USED
`
`OoO
`
`WINDOW_SIZE
`
`WINDOW_SIZE
`
`•
`•
`•
`
`•
`•
`•
`
`•
`•
`•
`
`FIG. 17
`
`Petitioner Apple - Ex. 1001, p. 22
`
`

`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 20 of 35
`
`US 7,490,151 B2
`
`INACTIVE
`ACTIVE
`USED
`
`OoO
`
`WINDOW_SIZE
`
`WINDOW_SIZE
`
`•
`•
`•
`
`•
`•
`•
`
`•
`•
`•
`
`FIG. 18
`
`Petitioner Apple - Ex. 1001, p. 23
`
`

`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 21 of 35
`
`US 7,490,151 B2
`
`OoO
`
`WINDOW_SIZE
`
`WINDOW_SIZE
`
`•
`
`•
`•
`•
`
`•
`•
`•
`
`FIG. 19
`
`INACTIVE
`ACTIVE
`USED
`
`OoO
`
`Petitioner Apple - Ex. 1001, p. 24
`
`

`
`2005
`
`2008
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`
`?' ....
`
`~0
`N
`0
`0
`\0
`
`2011
`FIG. 20
`
`('D
`('D
`
`rJ1 =(cid:173)
`.....
`N
`N
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 25
`
`

`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 23 of 35
`
`US 7,490,151 B2
`
`2101
`
`2102
`
`2103
`
`2104
`
`2105
`
`2106
`
`2107
`
`2108
`
`2109
`
`AD TABLE
`IP1
`IP2
`IP3
`IP4
`
`AETABLE
`
`AFTABLE
`
`BDTABLE
`
`BE TABLE
`
`BFTABLE
`
`CD TABLE
`
`CETABLE
`
`CFTABLE
`
`FIG. 21
`
`LINK DOWN
`
`2100/
`
`Petitioner Apple - Ex. 1001, p. 26
`
`

`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 24 of 35
`
`US 7,490,151 B2
`
`2201
`
`2202
`
`2203
`
`NO
`
`2205
`
`2206
`
`MEASURE
`QUALITY OF
`TRANSMISSION
`PATH X
`
`YES
`
`INCREASE WEIGHT
`FOR PATH X
`TOWARD STEADY
`STATE VALUE
`
`ADJUST WEIGHTS
`FOR REMAINING
`PATHS SO THAT
`WEIGHTS EQUAL ONE
`
`2209
`
`NO
`
`SET WEIGHT
`TO MIN. VALUE
`
`YES
`
`2208
`
`DECREASE
`WEIGHT FOR
`PATH X
`
`FIG. 22A
`
`Petitioner Apple - Ex. 1001, p. 27
`
`

`
`U.S. Patent
`
`Feb. 10, 2009
`
`Sheet 25 of 35
`
`US 7,490,151 B2
`
`2210
`
`(EVENT) TRANSMITIER
`FOR PATH X
`TURNS OFF
`
`2211
`
`2212
`
`2213
`
`2214
`
`2215
`
`DROP ALL PACKETS
`>---~ UNTIL A TRANSMITTER
`TURNS ON
`
`YES
`
`SET WEIGHT
`TO ZERO
`
`ADJUST WEIGHTS
`FOR REMAINING
`PATHS SO THAT
`WEIGHTS EQUAL ONE
`
`DONE
`
`FIG. 228
`
`Petitioner Apple - Ex. 1001, p. 28
`
`

`
`2307
`
`I
`I
`I
`I
`I
`I
`I
`I
`
`I
`
`I
`
`PATH X1
`
`PATH X2
`
`PATH X3
`
`PATH X4
`
`2302
`I
`PACKET
`TRANSMITTER
`
`PACKET r 2303
`·I RECEIVER
`
`I W(X1) = 0.2
`W(X2) = 0.1
`W(X3) = 0.6
`W(X4) = 0.1
`
`I~
`
`>- 2306
`
`.....
`
`v2301
`
`2305
`
`2308
`
`\
`
`TRANSMIT TABLE
`S D
`
`RECEIVE TABLE
`S D L
`w~_l_lll I
`!
`
`2309
`
`LINK QUALITY H WEIGHT
`
`2304 "'\..] MEASUREMENT
`FUNCTION
`
`I _,
`ADJUSTMENT V
`FUNCTION
`
`FIG. 23
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`"'f'j
`('D
`?'
`....
`
`~0
`N
`0
`0
`\0
`
`('D
`('D
`
`rJ1 =(cid:173)
`.....
`N
`0\
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 29
`
`

`
`2403
`
`2404
`
`2401
`
`COMPUTER 1 - - - - -1
`
`1 00 Mb/s MESS T = 32
`
`75 Mb/s MESS T = 24
`
`25 Mb/s MESS T = 8
`
`FIG. 24
`
`/~ "
`f f.'"":\...._,
`\ ~ I
`
`nl"\1 1,..,..,...
`
`\
`
`2402
`
`I COMPUTER
`I
`
`I
`
`I
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`?'
`....
`
`~0
`N
`0
`0
`\0
`
`('D
`
`rJ1 =-('D
`.....
`N
`-....l
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 30
`
`

`
`2501
`
`2504
`
`2505
`
`I //._\_ ___ I
`
`2506
`
`WEB
`BROWSER
`
`IP
`STACK
`
`I
`
`2502
`
`I
`
`I
`I
`
`2503
`
`DNS
`
`TARGET
`WEB SITE
`
`FIG. 25
`(PRIOR ART)
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`
`?' ....
`
`~0
`N
`0
`0
`\0
`
`('D
`('D
`
`rJ1 =(cid:173)
`.....
`N
`QO
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 31
`
`

`
`2601
`
`2605
`
`2606
`
`WEB
`BROWSER
`
`2607
`
`DNS
`SERVER
`
`DNS
`PROXY
`
`2602
`
`GATE KEEPER
`I HOPPING I I RULES I
`
`2603
`
`SECURE TARGET SITE
`
`liP HOPPING r- 2608
`
`1
`
`/
`
`2604
`
`UNSECURE
`TARGET SITE
`
`~2611
`
`FIG. 26
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`
`?' ....
`
`~0
`N
`0
`0
`\0
`
`('D
`('D
`
`rJ1 =(cid:173)
`.....
`N
`\0
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 32
`
`

`
`U.S. Patent
`
`Feb. 10,2009
`
`Sheet 30 of 35
`
`US 7,490,151 B2
`
`2701
`
`RECEIVE DNS
`REQUEST FOR
`TARGET SITE
`
`2702
`
`2704
`
`2706
`
`2703
`
`NO
`
`PASS THRU
`REQUEST TO
`DNS SERVER
`
`2705
`
`NO
`
`RETURN
`"HOST UNKNOWN"
`ERROR
`
`YES
`
`ESTABLISH
`VPNWITH
`TARGET SITE
`
`FIG. 27
`
`Petitioner Apple - Ex. 1001, p. 33
`
`

`
`2801
`
`2802
`\
`
`HOST
`COMPUTER #1
`
`I
`
`(
`
`EDGE
`ROUTER
`
`\
`
`\
`
`I
`
`I
`
`I
`
`2803
`
`lrAiEI
`
`2810
`
`2804
`
`HOST LJ
`
`COMPUTER~
`
`\.__
`
`FIG. 28
`
`ISP
`
`I
`
`I
`
`LINK
`GUARD
`
`2805
`_ l..llr.l-l 0\M
`
`_J_
`
`INTERNET
`
`I........
`
`5
`
`~
`00 .
`
`~
`~
`~
`~
`
`= ~
`
`""f'j
`('D
`?'
`....
`
`~0
`N
`0
`0
`\0
`
`('D
`
`(.H
`
`rJ1 =-('D
`.....
`....
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`= N
`""""'
`
`Petitioner Apple - Ex. 1001, p. 34
`
`

`
`HOST COMPUTER #1
`
`I
`
`2904
`
`I
`
`ISP
`
`I
`
`2909 ...._J
`
`, v, 1
`
`I
`
`I
`
`, "
`I
`
`I
`
`I
`I
`
`I
`
`1 LINK ~£~11
`GUARD
`
`T_X- .BL I
`
`'-..._../
`
`'
`
`LOWBW
`
`I RX I TX'
`
`.1. 2910
`
`I
`
`.....-2901
`
`2900
`
`2905
`
`2906
`
`2907
`
`2908
`
`VHIGHBW
`
`HOST COMPUTER #2
`
`I ~00-200 r
`
`2902---.. I
`
`I
`
`(
`
`-
`
`-
`
`INTERNET
`
`)
`
`TX
`
`RX
`
`I /~
`
`2912
`
`2913
`
`2903
`
`HACKER COMPUTER
`
`:/{ooo IP TX 100-200
`
`FIG. 29
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`"'f'j
`('D
`?'
`....
`
`~0
`N
`0
`0
`\0
`
`('D
`
`rJ1 =-('D
`.....
`(.H
`N
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`"""' u.
`"""' = N
`
`Petitioner Apple - Ex. 1001, p. 35
`
`

`
`\
`N
`
`TRANSMITIER
`
`RECEIVER
`
`RECEIVE v3oo4
`SYNC_REQ
`
`;o6
`
`RXTABLE
`
`y
`
`DUPLICATE?
`
`DISCARD
`
`TXTABLE
`
`3005
`
`I
`
`3007
`
`w
`N
`
`!
`3002
`
`3000
`
`N
`
`,08
`EXC~ DELAY
`~ SECONDS
`I
`
`RATE R?
`N
`
`GENERATE v3oog
`CKPT_N
`
`W-'1
`
`!
`3003
`
`FIG. 30
`
`3001
`
`3010
`/
`GENERATE
`SYNC_REQ
`
`3011
`L
`PROCESS
`CKPT_N
`(SYNC_ACKr
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`?'
`....
`
`~0
`N
`0
`0
`\0
`
`rJ1 =(cid:173)
`.....
`
`('D
`('D
`
`(.H
`(.H
`
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 36
`
`

`
`3101
`
`CKPT N
`CKPT 0
`CKPT R
`
`CKPT_N
`CKPT 0
`CKPT R
`
`3112
`
`3102
`
`TX/RX TX/RX TX/RX
`
`3111
`
`3114
`
`CLIENT#1
`
`3103
`
`CKPT N
`CKPT 0
`CKPT_R
`
`CLIENT#2
`
`3104
`
`3208
`
`3209
`
`3210
`
`HACKER
`
`3105
`
`FIG. 31
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`
`?' ....
`
`~0
`N
`0
`0
`\0
`
`rJ1 =(cid:173)
`.....
`
`('D
`('D
`
`(.H
`.j;o.
`
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 37
`
`

`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 35 of 35
`
`US 7,490,151 B2
`
`CLIENT
`
`SEND DATA PACKET
`USING CKPT N
`CKPT O=CKPT N
`GENERATE NEW CKPT N
`START TIMER, SHUT -
`TRANSMITTER OFF
`IF CKPT 0 IN SYNC ACK
`MATCHES TRANSMITTER'S
`CKPT 0
`UPDATE RECEIVER'S
`CKPT R
`KILL TIMER, TURN
`TRANSMITIER ON
`
`SEND DATA PACKET
`USING CKPT N
`CKPT O=CKPT N
`GENERATE NEW CKPT N
`START TIMER, SHUT -
`TRANSMITTER OFF
`
`WHEN TIMER EXPIRES
`TRANSMIT SYNC REO
`USING TRANSMITTERS
`CKPT_O, START TIMER
`
`IF CKPT 0 IN SYNC ACK
`MATCHES TRANSMITTER'S
`CKPT 0
`UPDATE RECEIVER'S
`CKPT R
`KILL TIMER, TURN
`TRANSMITTER ON
`
`SERVER
`
`PASS DATA UP STACK
`CKPT O=CKPT N
`GENERATE NEW CKPT N
`GENERATE NEW CKPf R
`FOR TRANSMITTER SIDE
`TRANSMIT SYNC ACK
`CONTAINING CKPT_O
`
`X
`
`CKPT O=CKPT N
`GENERATE NEW CKPT N
`GENERATE NEW CKPT-R
`FOR TRANSMITTER SIDE
`TRANSMIT SYNC ACK
`CONTAINING CKPT_O
`
`FIG. 32
`
`Petitioner Apple - Ex. 1001, p. 38
`
`

`
`US 7,490,151 B2
`
`1
`ESTABLISHMENT OF A SECURE
`COMMUNICATION LINK BASED ON A
`DOMAIN NAME SERVICE (DNS) REQUEST
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`
`This application is a divisional application of 09/504,783
`(filed Feb. 15, 2000), now U.S. Pat. No. 6,502,135, issued
`Dec. 31, 2002, which claims priority from and is a continua(cid:173)
`tion-in-part of previously filed U.S. application Ser. No.
`09/429,643 (filed Oct. 29, 1999) now U.S. Pat. No. 7,010,604.
`The subject matter of the '643 application, which is bodily
`incorporated herein, derives from provisional U.S. applica(cid:173)
`tion No. 60/106,261 (filed Oct. 30, 1998) and 60/137,704
`(filed Jun. 7, 1999).
`
`GOVERNMENT CONTRACT RIGHTS
`
`This invention was made with Government support under
`Contract No. 360000-1999-000000-QC-000-000 awarded by
`the Central Intelligence Agency. The Government has certain
`rights in the invention.
`
`BACKGROUND OF THE INVENTION
`
`A tremendous variety of methods have been proposed and
`implemented to provide security and anonymity for commu(cid:173)
`nications over the Internet. The variety stems, in part, from the
`different needs of different Internet users. A basic heuristic
`framework to aid in discussing these different security tech(cid:173)
`niques is illustrated in FIG. 1. Two terminals, an originating
`terminal! 00 and a destination terminal11 0 are in communi(cid:173)
`cation over the Internet. It is desired for the communications
`to be secure, that is, immune to eavesdropping. For example,
`terminal! 00 may transmit secret information to terminal11 0
`over the Internet 107. Also, it may be desired to prevent an
`eavesdropper from discovering that terminallOO is in com(cid:173)
`munication with terminal110. For example, ifterminallOO is
`a user and terminal110 hosts a web site, terminallOO's user
`may not want anyone in the intervening networks to know
`what web sites he is "visiting." Anonymity would thus be an
`issue, for example, for companies that want to keep their
`market research interests private and thus would prefer to
`prevent outsiders from knowing which web-sites or other
`Internet resources they are "visiting." These two security
`issues may be called data security and anonymity, respec(cid:173)
`tively.
`Data security is usually tackled using some form of data
`encryption. An encryption key 48 is known at both the origi(cid:173)
`nating and terminating terminals 100 and 110. The keys may
`be private and public at the originating and destination termi(cid:173)
`nals 100 and 110, respectively or they may be symmetrical
`keys (the same key is used by both parties to encrypt and
`decrypt). Many encryption methods are known and usable in
`this con

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket