`US007490151B2
`
`c12) United States Patent
`Munger et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 7,490,151 B2
`Feb.10,2009
`
`(54) ESTABLISHMENT OF A SECURE
`COMMUNICATION LINK BASED ON A
`DOMAIN NAME SERVICE (DNS) REQUEST
`
`(75)
`
`Inventors: Edward Colby Munger, Crownsville,
`MD (US); Robert Dunham Short, III,
`Leesburg, VA (US); Victor Larson,
`Fairfax, VA (US); Michael Williamson,
`South Riding, VA (US)
`
`(73) Assignee: Virnetx Inc., Scotts Valley Drive, CA
`(US)
`
`( *) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 818 days.
`
`(21) Appl. No.: 10/259,494
`
`(22) Filed:
`
`Sep.30,2002
`
`(65)
`
`Prior Publication Data
`
`US 2003/0037142 Al
`
`Feb.20,2003
`
`Related U.S. Application Data
`
`(60) Division of application No. 09/504,783, filed on Feb.
`15, 2000, now Pat. No. 6,502,135, which is a continu(cid:173)
`ation-in-part of application No. 09/429,643, filed on
`Oct. 29, 1999, now Pat. No. 7,010,604.
`
`(60) Provisional application No. 60/137,704, filed on Jun.
`7, 1999, provisional application No. 60/106,261, filed
`on Oct. 30, 1998.
`
`(51)
`
`Int. Cl.
`G06F 151173
`(2006.01)
`(52) U.S. Cl. ....................................... 709/225; 709/229
`(58) Field of Classification Search ......... 709/217-225,
`709/229; 713/201
`See application file for complete search history.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`4,933,846 A
`
`6/1990 Humphrey eta!.
`
`(Continued)
`
`FOREIGN PATENT DOCUMENTS
`
`DE
`
`199 24 575
`
`12/1999
`
`(Continued)
`
`OTHER PUBLICATIONS
`
`Search Report (dated Aug. 23, 2002), International Application No.
`PCT/USOl/13260.
`
`(Continued)
`
`Primary Examiner-Krisna Lim
`(74) Attorney, Agent, or Firm-McDermott Will & Emery
`
`(57)
`
`ABSTRACT
`
`A plurality of computer nodes communicate using seemingly
`random Internet Protocol source and destination addresses.
`Data packets matching criteria defined by a moving window
`of valid addresses are accepted for further processing, while
`those that do not meet the criteria are quickly rejected.
`Improvements to the basic design include (1) a load balancer
`that distributes packets across different transmission paths
`according to transmission path quality; (2) a DNS proxy
`server that transparently creates a virtual private network in
`response to a domain name inquiry; (3) a large-to-small link
`bandwidth management feature that prevents denial-of-ser(cid:173)
`vice attacks at system chokepoints; (4) a traffic limiter that
`regulates incoming packets by limiting the rate at which a
`transmitter can be synchronized with a receiver; and (5) a
`signaling synchronizer that allows a large number of nodes to
`communicate with a central node by partitioning the commu(cid:173)
`nication function between two separate entities.
`
`16 Claims, 35 Drawing Sheets
`
`Petitioner Apple - Ex. 1001, p. 1
`
`
`
`US 7,490,151 B2
`Page 2
`
`U.S. PATENT DOCUMENTS
`
`4,988,990 A
`5,164,986 A *
`5,276,735 A
`5,311,593 A
`5,329,521 A
`5,341,426 A
`5,367,643 A
`5,559,883 A
`5,561,669 A
`5,588,060 A
`5,625,626 A
`5,654,695 A
`5,682,480 A
`5,689,566 A
`5,740,375 A
`5,774,660 A
`5,787,172 A
`5,790,548 A *
`5,796,942 A
`5,805,801 A
`5,842,040 A
`5,845,091 A
`5,867,650 A
`5,870,610 A
`5,878,231 A
`5,892,903 A
`5,898,830 A *
`5,905,859 A
`5,918,019 A
`5,996,016 A
`6,006,259 A
`6,006,272 A
`6,016,318 A
`6,016,512 A
`6,041,342 A
`6,052,788 A
`6,055,574 A
`6,061,736 A
`6,079,020 A *
`6,092,200 A
`6,101,182 A *
`6,119,171 A
`6,119,234 A *
`6,147,976 A
`6,157,957 A
`6,158,011 A
`6,168,409 Bl
`6,175,867 Bl
`6,178,409 Bl
`6,178,505 Bl
`6,179,102 Bl
`6,222,842 Bl
`6,226,751 Bl
`6,233,618 Bl
`6,243,360 Bl
`6,243,749 Bl
`6,243,754 Bl
`6,256,671 Bl *
`6,263,445 Bl
`6,286,047 Bl
`6,301,223 Bl
`6,308,274 Bl
`6,311,207 Bl
`6,324,161 Bl
`6,330,562 Bl
`6,332,158 Bl *
`6,353,614 Bl
`6,425,003 Bl *
`6,430,155 Bl
`6,430,610 Bl
`6,487,598 Bl
`
`111991 Warrior
`1111992 Bright ........................ 380/273
`111994 Boebert et a!.
`5/1994 Carmi
`7/1994 Walsh eta!.
`8/1994 Barney eta!.
`1111994 Chang et al.
`9/1996 Williams
`10/1996 Lenney et a!.
`12/1996 Aziz
`4/1997 Umekita
`8/1997 Olnowich eta!.
`10/1997 Nakagawa
`1111997 Nguyen
`4/1998 Dunne eta!.
`6/1998 Brendel et a!.
`7 I 1998 Arnold
`8/1998 Sistanizadeh eta!. ....... 370/401
`8/1998 Esbensen
`9/1998 Holloway eta!.
`1111998 Hughes eta!.
`12/1998 Dunne eta!.
`211999 Osterman
`2/1999 Beyda eta!.
`3/1999 Baehr eta!.
`4/1999 Klaus
`4/1999 Wesinger et al ............... 726/15
`5/1999 Holloway eta!.
`6/1999 Valencia
`1111999 Thalheimer eta!.
`12/1999 Adelman et al.
`12/1999 Aravamudan eta!.
`112000 Tomoike
`112000 Huitema
`3/2000 Yamaguchi
`4/2000 Wesinger, Jr. eta!.
`4/2000 Smorodinsky et al.
`5/2000 Rochberger eta!.
`6/2000 Liu ............................ 713/201
`7/2000 Muniyappa eta!.
`8/2000 Sistanizadeh eta!. ....... 370/352
`9/2000 Alkhatib
`. ................. 713/201
`9/2000 Aziz et al.
`1112000 Shand et a!.
`12/2000 Berthaud
`12/2000 Chen eta!.
`112001 Fare
`112001 Taghadoss
`112001 Weber et al.
`112001 Schneider et a!.
`112001 Weber et al.
`4/2001 Sasyan et a!.
`5/2001 Arrow et al.
`5/2001 Shannon
`6/2001 Basilico
`6/2001 Sitaraman et al.
`6/2001 Guerin eta!.
`7/2001 Strentzsch eta!. .......... 709/227
`7/2001 Blumenau
`9/2001 Ramanathan et a!.
`10/2001 Hrastar et al.
`10/2001 Swift
`10/2001 Mighdoll et al.
`1112001 Kirch
`12/2001 Boden et al.
`12/2001 Risley eta!. ................ 709/219
`3/2002 Borella et al.
`7/2002 Herzog et al ................ 709/223
`8/2002 Davie et al.
`8/2002 Carter
`1112002 Valencia
`
`6,502,135 Bl *
`6,505,232 Bl
`6,510,154 Bl
`6,549,516 Bl
`6,557,037 Bl
`6,571,296 Bl
`6,571,338 Bl
`6,581,166 Bl
`6,606,708 Bl *
`6,618,761 B2
`6,671,702 B2
`6,687,551 B2
`6,714,970 Bl
`6,717,949 Bl
`6,751,738 B2 *
`6,760,766 Bl
`6,826,616 B2
`6,839,759 B2
`7,010,604 Bl
`7,133,930 B2
`7,188,180 B2
`7,197,563 B2
`2002/0004898 Al
`2003/0196122 Al *
`2005/0055306 Al
`2006/0059337 AI*
`
`12/2002 Munger eta!. .............. 709/225
`112003 Mighdoll eta!.
`112003 Mayes eta!.
`4/2003 Albert et al.
`4/2003 Provino
`5/2003 Dillon
`5/2003 Shaio eta!.
`6/2003 Hirst eta!.
`8/2003 Devine et a!. ............... 713/201
`9/2003 Munger et a!.
`12/2003 Kruglikov et al.
`2/2004 Steindl
`3/2004 Fiveash et a!.
`4/2004 Boden eta!.
`6/2004 Wesinger eta!. ............ 713/201
`7/2004 Sahlqvist
`1112004 Larson et a!.
`112005 Larson et a!.
`3/2006 Munger et a!.
`1112006 Munger et a!.
`3/2007 Larson et a!.
`3/2007 Sheymov eta!.
`112002 Droge
`10/2003 Wesinger eta!. ............ 713/201
`3/2005 Miller et a!.
`3/2006 Poyhonen eta!. ........... 713/165
`
`FOREIGN PATENT DOCUMENTS
`
`EP
`EP
`EP
`EP
`EP
`EP
`GB
`GB
`GB
`GB
`wo
`wo
`wo
`wo
`wo
`wo
`wo
`wo
`wo
`wo
`
`0 814 589
`0 814 589 A
`0 838 930
`0 838 930 A
`836306 Al
`0 858 189
`2 317 792
`2317792 A
`2 334 181 A
`2334181 A
`9827783 A
`wo 98/27783
`W09827783 A
`wo 98 55930
`wo 98 59470
`wo 99 38081
`wo 99 48303
`wo 00/17775
`wo 00/70458
`wo 01 50688
`
`12/1997
`12/1997
`4/1998
`4/1998
`4/1998
`8/1998
`4/1998
`4/1998
`8/1999
`8/1999
`6/1998
`6/1998
`6/1998
`12/1998
`12/1998
`7/1999
`9/1999
`3/2000
`1112000
`7/2001
`
`OTHER PUBLICATIONS
`
`Donald E. Eastlake, 3'd, "Domain Name System Security Exten(cid:173)
`sions", Internet Draft, Apr. 1998, pp. 1-51.
`D. B. Chapman et al., "Building Internet Firewalls", Nov. 1995, pp.
`278-375.
`P. Srisuresh et al., "DNA extensions to Network address Translators
`(DNS_ALG)", Internet Draft, Jul. 1998, pp. 1-27.
`James E. Bellaire, "New Statement of Rules-Naming Internet
`Domains", Internet Newsgroup, Jul. 30, 1995, 1 page.
`D. Clark, "US Calls for Private Domain-Name System", Computer
`Society, Aug. 1, 1998, pp. 22-25.
`August Bequai, "Balancing Legal Concerns Over Crime and Security
`in Cyberspace", Computer & Security, vol. 17, No.4, 1998, pp.
`293-298.
`Rich Winkel, "CAQ: Networking With Spooks: The NET & The
`Control Of Information", Internet Newsgroup, Jun. 21, 1997, 4
`pages.
`Search Report (dated Jun. 18, 2002), International Application No.
`PCT/US01113260.
`Search Report (dated Jun. 28, 2002), International Application No.
`PCT/US01113261.
`Donald E. Eastlake, "Domain Name System Security Extensions",
`DNS Security Working Group, Apr. 1998, 51 pages.
`
`Petitioner Apple - Ex. 1001, p. 2
`
`
`
`US 7,490,151 B2
`Page 3
`
`D. B. Chapman eta!., "Building Internet Firewalls", Nov. 1995, pp.
`278-297 andpp. 351-375.
`P. Srisuresh eta!., "DNS extensions to Network Address Translators",
`Jul. 1998, 27 pages.
`Laurie Wells, "Security Icon", Oct. 19, 1998, 1 page.
`W. Stallings, "Cryptography And Network Security", 2nd Edition,
`Chapter 13, IP Security, Jun. 8, 1998, pp. 399-440.
`W. Stallings, "New Cryptography and Network Security Book", Jun.
`8, 1998, 3 pages.
`Search Report (dated Aug. 20, 2002), International Application No.
`PCT/USOl/04340.
`Shree Murthy et a!., "Congestion -Oriented Shortest Multi path Rout(cid:173)
`ing", Proceedings ofiEEE Infocom, 1996, pp. 1028-1036.
`Jim Jones eta!., "Distributed Denial of Service Attacks: Defenses",
`Global Integrity Corporation, 2000, pp. 1-14.
`Fasbender, Kesdogan, and Kubitz: "Variable and Scalable Security:
`Protection of Location Information in Mobile IP", IEEE publication,
`1996, pp. 963-967.
`Laurie Wells (Lancasterbibelmail MSN COM); "Subject: Security
`Icon" Usenet Newsgroup, Oct. 19, 1998, XP002200606.
`Davila Jet a!, "Implementation of Virtual Private Networks at the
`Transport Layer", Information Security, Second International Work(cid:173)
`shop, ISW '99. Proceedings (Lecture Springer-Verlag Berlin, Ger(cid:173)
`many, [Online] 1999, pp. 85-102, XP002399276, ISBN 3-540-
`66695-B, retrieved from the Internet: URL: http:/ /www.springerlink.
`com/ content/ 4uac0tb0heccma89 /full text. pdf> (Abstract).
`Alan 0. Frier eta!., "The SSL Protocol Version 3.0", Nov. 18, 1996,
`printed from http://www.netscape.com/eng/ssll3/ draft302.txt on
`Feb. 4, 2002, 56 pages.
`Davila Jet a!, "Implementation of Virtual Private Networks at the
`Transport Layer", Information Security, Second International Work(cid:173)
`shop, ISW'99. Proceedings (Lecture Springer-Verlag Berlin, Ger-
`
`many, [Online] 1999, pp. 85-102, XP002399276, ISBN 3-540-
`66695-B, retrieved from the Internet: URL: http://www. springerlink.
`com/content/4uac0tb0hecoma89/fulltext.pdf>.
`Do lev, Shlomi and Ostrovsky, Rafil, Efficient Anonymous Multicast
`and Reception (Extended Abstract), 16 pages.
`F. Halsall, "Data Communications, Computer Networks and Open
`Systems", Chapter 4, Protocol Basics, 1996, pp. 198-203.
`Glossary for the Linux FreeS/WAN project, printed from http://
`liberty.freeswan.org/freeswan_trees/freeswan-1.3/
`doc/ glossary.
`htrnl on Feb. 21, 2002, 25 pages.
`J. Gilmore, "Swan: Securing the Internet against Wiretapping",
`printed from http:/ /liberty.freeswan.org/freeswan_trees/freeswan-1.
`3.doc/rationale.html on Feb. 21, 2002, 4 pages.
`Linux FreeS/WAN Index File, printed from http://liberty.freewan.
`org/freeswan trees/freeswan-1.3/doc/ on Feb. 21, 2002, 3 pages.
`Reiter, Michael K. and Rubin, Aviel D. (AT&T Labs-Research),
`Crowds: Anonymity for Web Transactions, pp. 1-23.
`RFC 240 !-Security Architecture for the Internet Protocol (RTP).
`RFC 2543-SIP: Session Initiation Protocol (SIP or SIPS).
`Rubin, Aviel D., Geer, Daniel, and Ranum, Marcus J. (Wiley Com(cid:173)
`puter Publishing), "Web Security Sourcebook", pp. 82-94.
`Search Report, IPER (dataed Nov. 13, 2002), International Applica(cid:173)
`tion No. PCT/USOl/04340.
`Search Report, IPER (dated Feb. 6, 2002), International Application
`No. PCT/USOl/13261.
`Search Report, IPER (dated Jan. 14, 2003), International Application
`No. PCT/USOl/13260.
`Shankar, A.U. "A verified sliding window protocol with variable flow
`control". Proceedings of ACM SIGCOMM conference on Commu(cid:173)
`nications architectures & protocols. pp. 84-91, ACM Press, NY,NY
`1986.
`* cited by examiner
`
`Petitioner Apple - Ex. 1001, p. 3
`
`
`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 1 of 35
`
`US 7,490,151 B2
`
`100
`
`ORIGINATING
`TERMINAL
`
`ENCRYPTION KEY
`
`110
`
`FIG. 1
`
`Petitioner Apple - Ex. 1001, p. 4
`
`
`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 2 of 35
`
`US 7,490,151 B2
`
`100
`
`TARP
`TERMINAL
`
`TARP
`ROUTER
`
`SESSION KEY
`
`110
`
`FIG. 2
`
`Petitioner Apple - Ex. 1001, p. 5
`
`
`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 3 of 35
`
`US 7,490,151 B2
`
`• • •
`
`INTERLEAVED
`PAYLOAD DATA
`320
`
`y
`INTERLEAVE WINDOW 320
`
`SESSION-KEY-ENCRYPTED
`PAYLOAD DATA 330
`
`TARP PACKET WITH
`ENCRYPTED PAYLOADS 340
`
`LINK-KEY-ENCRYPTED
`TARP PACKETS 350
`
`:_::: /·.:Xt:.:_::.:::·.:·;:
`IP
`~...:....:......~~.....:...J L-~~:..,;......:...~ C .. · .. ::.-_::.·.:::·::.:.·,
`
`IP PACKETS WI ENCRYPTED
`TARPPACKETSAS
`PAYLOAD 360
`
`TARP
`DESTINATION
`
`FIG.3A
`
`Petitioner Apple - Ex. 1001, p. 6
`
`
`
`207d •••
`
`DATA STREAM 300
`
`• • •
`
`DUMMY BLOCKS OR DATA
`MAYBE ADDED
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`
`?' ....
`
`~0
`N
`0
`0
`\0
`
`.: 1 ... ;·. 4. :.:t-. 7 '':.1 F2 ·.{·5·-:::·t·:a· ·'J 1·: 3 ·:r·· 6 ···~·· 9 :.
`:: . · :r:· .. :'.1::
`'::. L..:..:.:r:
`.::,::
`.': j _:: . · :r:· ...... , .. : .'::
`\..
`A
`B
`C
`_;
`
`ENCRYPTED BLOCK DIVIDED
`INTO PAYLOADS INTERLEAVED 523
`
`f....,...,...,../'/:,.,...,....,....··/~.....,.......,.:::,:;; . ...,..__,·;.:,:·::l
`
`INTERLEAVE WINDOW 517
`[·?:::,\~:):'(\)
`
`r···:::, · ·:.:::·.: ,.
`:·:·:.::· .. :: ·. G ·: ·::·:: ... :·
`
`1
`
`ENCRYPTED BLOCK DIVIDED
`INTO PAYLOADS INTERLEAVED 523
`
`TARP PACKETS WITH
`ENCRYPTED PAYLOADS 340
`
`FIG. 38
`
`rJ1 =(cid:173)
`......
`.j;o.
`
`('D
`('D
`
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 7
`
`
`
`TARP TRANSCEIVER 405
`
`NETWORK (IP) LAYER 410
`t
`415
`I
`
`I IP I
`
`J
`
`OTHER ALTERNATIVE
`TO COMBINE TARP
`PROCESSING
`WITH D.L. PROCESSOR
`(E.G., BURN INTO BOARD
`PROM)
`
`TARP LAYER 420
`t
`.
`f.·
`. ... . . ·.j
`IPc : .. ·.-· .:. :·::.=-:·.A.:':··::.:.::.:::·
`.... : .. ·. ·.: ·:: ...... · ... :: ~ :·: : .
`I
`
`DATA LINK LAYER 430
`
`ONE ALTERNATIVE TO
`COMBINE
`TARP PROCESSING
`WITH 0/S IP
`PROCESSOR
`
`I
`I
`• ..... _. .. · ...... ·: .. " . · I
`I
`I
`'-------------------~----
`
`r-----i:;~;~~~~~~~~=i:;-1
`______ .J IIPc l·: _.· .. ·.-:.:.·:A··:.· .... ··.:·.: J
`' ' ' ' ' I
`DATA LINK PROTOCOL
`WRAPPER450
`
`FIG. 4
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`"'f'j
`('D
`?'
`......
`~0
`N
`0
`0
`\0
`
`('D
`('D
`
`rJ1 =(cid:173)
`......
`Ul
`0 ......
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 8
`
`
`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 6 of 35
`
`US 7,490,151 B2
`
`'
`
`BACKGROUND LOOP-DECOY 1'--
`GENERATION
`
`so
`
`AUTHENTICATE TARP PACKET
`
`['\_ S2
`
`OUTER LAYER DECRYPTION OF ['\_
`S3
`TARP PACKET USING LINK KEY
`
`CHECK FOR DECOY AND
`INCREMENT PERISHABLE DECOY \._ S4
`COUNTER AS APPROPRIATE
`
`NO
`
`NO
`
`TRANSMIT DECOY?
`
`YES
`
`DECREMENT
`TIL TTL>O?
`
`YES
`
`S5
`
`S7
`
`S6
`/
`
`DUMP DECOY
`
`)9
`
`DETERMINE DESTINATION TARP
`ADDRESS AND STORE LINK KEY
`AND IP ADDRESS
`
`GENERATE NEXT-HOP TARP
`ADDRESS AND STORE LINK KEY \._
`S8
`AND IP ADDRESS
`
`GENERATE NEXT-HOP TARP
`ADDRESS AND STORE LINK KEY \..
`S10
`AND IP ADDRESS
`
`GENERATE IP HEADER
`AND TRANSMIT
`
`\._
`S11
`
`FIG. 5
`
`Petitioner Apple - Ex. 1001, p. 9
`
`
`
`U.S. Patent
`
`Feb. 10,2009
`
`Sheet 7 of 35
`
`US 7,490,151 B2
`
`BACKGROUND LOOP-DECOY
`GENERATION
`
`~ S20
`
`r
`GROUP RECEIVED IP PACKETS
`INTO INTERLEAVE WINDOW
`
`i\..
`S21
`
`r
`DETERMINE DESTINATION TARP
`ADDRESS, INITIALIZE TTL, STORE
`IN TARP HEADER
`
`i\_
`S22
`
`RECORD WINDOW SEQ. NOS. AND
`INTERLEAVE SEQ. NOS IN TARP
`HEADERS
`
`~
`S23
`
`CHOOSE FIRST HOP TARP
`ROUTER, LOOK UP IP ADDRESS ~
`S24
`AND STORE IN CLEAR IP HEADER,
`OUTER LAYER ENCRYPT
`
`INSTALL CLEAR IP HEADER
`AND TRANSMIT
`
`~
`S25
`
`FIG. 6
`
`Petitioner Apple - Ex. 1001, p. 10
`
`
`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 8 of 35
`
`US 7,490,151 B2
`
`S49
`/
`DIVIDE BLOCK INTO PACKETS
`USING WINDOW SEQUENCE DATA,
`ADD CLEAR IP HEADERS
`GENERATED FROM TARP
`HEADERS
`
`HAND COMPLETED IP PACKETS
`TO IP LAYER PROCESS
`
`S40
`)
`BACKGROUND LOOP-DECOY
`GENERATION
`
`S42
`/
`AUTHENTICATE TARP PACKET
`RECEIVED
`
`DECRYPT OUTER LAYER
`ENCRYPTION WITH LINK KEY
`S44
`)
`INCREMENT PERISHABLE
`COUNTER IF DECOY
`
`S45
`/
`THROW AWAY DECOY OR KEEP
`IN RESPONSE TO ALGORITHM
`S46
`)
`CACHE TARP PACKETS UNTIL
`WINDOW IS ASSEMBLED
`
`DEINTERLEAVE PACKETS
`FORMING WINDOW
`
`DECRYPT BLOCK
`
`FIG. 7
`
`Petitioner Apple - Ex. 1001, p. 11
`
`
`
`CLIENT TERMINAL
`801
`
`SSYN PACKET 821
`
`SSYN ACK PACKET 822
`
`SSYN ACK ACK PACKET 823
`
`SECURE SESSION INITIATION 824
`
`SECURE SESSION INITIATION ACK 825
`
`FIG. 8
`
`-------/\
`------- ~
`
`..:{
`
`/
`
`TARP
`ROUTER
`811 -
`
`/
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`?'
`....
`
`~0
`N
`0
`0
`\0
`
`('D
`
`rJ1 =-('D
`.....
`\0
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 12
`
`
`
`CLIENT 1
`901
`
`TRANSMIT TABLE 921
`
`131.218.204.98
`131.218.204.221
`131.218.204.139
`131.218.204.12
`
`131.218.204.65
`131.218.204.97
`131.218.204.186
`131.218.204.55
`
`RECEIVE TABLE 922
`
`131.218.204.161
`131.218.204.66
`131.218.204.201
`131.218.204.119
`
`131.218.204.89
`131.218.204.212
`131.218.204.127
`131.218.204.49
`
`RECEIVE TABLE 924
`
`131.218.204.98
`131.218.204.221
`131.218.204.139
`131.218.204.12
`
`I
`
`I
`
`I
`
`131.218.204.65
`131.218.204.97
`131.218.204.186
`131.218.204.55
`
`TRANSMIT TABLE 923
`
`131.218.204.161
`131.218.204.66
`131.218.204.201
`131.218.204.119
`
`131.218.204.89
`131.218.204.212
`131.218.204.127
`131.218.204.49
`
`FIG. 9
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`"'f'j
`('D
`?'
`......
`~0
`N
`0
`0
`\0
`
`('D
`('D
`
`rJ1 =(cid:173)
`......
`......
`0
`0 ......
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""'"' u.
`""'"' = N
`
`Petitioner Apple - Ex. 1001, p. 13
`
`
`
`CLIENT
`
`1001
`
`1022
`
`FIG. 10
`
`1011
`
`1012
`
`1013
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`
`?' ....
`
`~0
`N
`0
`0
`\0
`
`('D
`('D
`
`rJ1 =(cid:173)
`.....
`....
`....
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 14
`
`
`
`1160-.
`
`ETHERNET FRAME
`HEADER
`SRC. HW ADDRESS: 53
`DE ST. HW ADDRESS: 88
`IP PACKET
`HEADER
`SOURCE IP ADDRESS: 71
`DEST. IP ADDRESS: 91
`DISCRIM FIELD: 45
`
`PAYLOAD #3
`
`>1104
`
`>1105
`
`IP3
`
`1150-.
`
`11 01-<
`
`-
`
`1102-<
`
`IP1
`
`1103-<
`
`IP2
`
`ETHERNET FRAME
`HEADER
`SRC. HW ADDRESS: 53
`DEST. HW ADDRESS: 88
`IP PACKET
`HEADER
`SOURCE IPADDRESS: 10
`DEST.IPADDRESS: 14
`DISCRIM FIELD: 77
`
`PAYLOAD#1
`
`IP PACKET
`HEADER
`SOURCE IP ADDRESS: 13
`DEST. IP ADDRESS: 15
`DISCRIM FIELD: 13
`
`PAYLOAD #2
`
`~
`
`1101A
`1101B
`
`1102A
`1102B
`1102C
`
`1110
`
`.
`
`1104A
`1104B
`
`1105A
`1105B
`1105C
`
`1113
`
`...,__
`1103A
`1103B
`1103C
`
`1112
`
`FIG. 11
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`"'f'j
`('D
`?'
`.....
`~0
`N
`0
`0
`\0
`
`('D
`('D
`
`rJ1 =(cid:173)
`......
`.....
`N
`0 ......
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`"""" u.
`"""" = N
`
`Petitioner Apple - Ex. 1001, p. 15
`
`
`
`1201
`
`1202
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`1204
`\
`
`1205
`\
`
`....l...
`
`12\
`USER
`APPLICATION
`
`ISO
`-
`STACK _,
`yzx,..----- 121~~
`1208X
`121~X
`\
`IPHOP ALGA I IPHOP ALG B HWHOP ALG C I HWHOP ALG D I
`(TX)
`(TX)
`(RX)
`(RX)
`S 0 OS
`S 0 OS
`S D
`S 0
`10 14 77
`57 98 40
`3 40
`53 88
`13 15 13
`71 91 45
`72 51
`31 56
`19 18 19
`89 6 82
`15 53
`14 17
`22 6 98
`81 62 5
`99 45
`87 49
`28 36 12
`18 14 26
`59 98
`60 19
`4 29 20
`22 86 62
`37 3
`51 91
`J
`J
`~
`~
`\
`\
`(
`(
`1208
`1209
`1211
`1210
`
`W1
`
`'t- W2
`
`FIG. 12A
`
`1206 1207
`\
`\
`00
`
`ETHERNET
`\
`
`1215 1214
`J ;
`CffiD
`
`1216
`)
`rL
`
`1217
`;
`
`1218
`;
`USER
`ISO
`STACK r-- APPLICATION
`
`r ......
`122~X /122~X~ 1224X
`\
`IPHOP ALG B I IPHOP ALGA
`HWHOP ALG D I HWHOP ALG C I
`(TX)
`(TX)
`(RX)
`(RX)
`S 0
`S D
`S 0 OS
`S D DS
`53 88
`3 40
`71 91 45
`57 98 40
`10 14 77
`3 40
`53 88
`89 6 82
`31 56
`72 51
`13 15 13
`81 62 5
`18 14 26 r 19 18 19
`14 17
`15 53
`99 45
`22 86 62
`22 6 98
`87 49
`59 98
`76 10 8
`28 36 12
`60 19
`J
`J
`~
`~
`\
`\
`(
`(
`1223
`1224
`1221
`1222
`
`1--....._
`
`t- W4
`
`W3
`
`""f'j
`('D
`
`?' ....
`
`~0
`N
`0
`0
`\0
`
`('D
`('D
`
`rJ1 =(cid:173)
`.....
`....
`0 .....
`(.H
`Ul
`
`(.H
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 16
`
`
`
`MODE
`OR
`EMBODIMENT
`
`1. PROMISCUOUS
`
`2. PROMISCUOUS
`PERVPN
`
`3. HARDWARE
`HOPPING
`
`HARDWARE
`ADDRESSES
`
`SAME FOR ALL NODES
`OR COMPLETELY
`RANDOM
`
`FIXED FOR EACH VPN
`
`CAN BE VARIED
`IN SYNC
`
`IP ADDRESSES
`
`CAN BE VARIED
`IN SYNC
`
`CAN BE VARIED
`IN SYNC
`
`CAN BE VARIED
`IN SYNC
`
`DISCRIMINATOR FIELD
`VALUES
`
`CAN BE VARIED
`IN SYNC
`
`CAN BE VARIED
`IN SYNC
`
`CAN BE VARIED
`IN SYNC
`
`- -
`
`·- ..
`
`-
`
`FIG. 128
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`
`?' ....
`
`~0
`N
`0
`0
`\0
`
`('D
`('D
`
`rJ1 =(cid:173)
`.....
`....
`0 .....
`(.H
`Ul
`
`,j;o,.
`
`d
`rJl
`-....l
`~
`\C
`-..=
`"""" u.
`"""" = N
`
`Petitioner Apple - Ex. 1001, p. 17
`
`
`
`
`
`
`
`zg1s1‘0617‘LSn9;J091wells6002‘0I‘cm11191134‘Sn
`
`1304
`
`CLIENTB
`
`
`IP SOURCE ADDRESS
`
`IP DEST. ADDRESS
`
`SYNC VALUE
`(PUBLIC PORTION)
`
`
` 1305
`
`
`YES
`
`PROCESS
`PACKET
`
`— S
`
`1311
`
`YNC VALUE
`(PRIVATE PORTION)
`
`PACKET
`
`FIG. 13
`
`Petitioner Apple - EX. 1001, p. 18
`
`Petitioner Apple - Ex. 1001, p. 18
`
`
`
`CURRENT IP PAIR~--- __
`ckpt_o ~-----
`ckpt n ~--- ------
`-----
`-
`ckpt_r
`
`TRANSMITIER
`
`--------------------
`---
`---------- -- _....._ WINDOW
`-----
`------------
`_
`----
`---------------~:-------
`------- -- --
`
`.
`
`IP PAIR 1
`IP PAIR 2
`•
`•
`IP PAIR W _.~
`---------.. ckpt o
`-----------. . ckp(n
`ckpt_r
`RECEIVER
`
`1
`
`I I
`
`I
`
`r IP PAIR 1 )
`I
`IPPAIR2
`
`WINDOW --<
`
`~ ~
`
`CURRENT IP PAIR
`
`• • •
`IP PAIR W )
`~~~~ :: _____ :_ ------------------------------~--~------:~~~~~
`
`RECEIVER
`
`SENDER'S ISP
`
`TRANSMITIER
`
`RECIPIENTS ISP
`
`KEPT IN SYNC FOR SENDER TO RECIPIENT SYNCHRONIZER
`KEPT IN SYNC FOR RECIPIENT TO SENDER SYNCHRONIZER
`
`-4------------------------+-
`
`FIG. 14
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`
`?' ....
`
`~0
`N
`0
`0
`\0
`
`('D
`('D
`
`rJ1 =(cid:173)
`.....
`....
`0\
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 19
`
`
`
`@
`
`@WHEN SYNCHRONIZATION
`BEGINS TRANSMIT (RETRANSMIT
`PERIODICALLY UNTILACKed)
`SYNC_REQ USING NEW
`TRANSMITIER CHECKPOINT IP
`PAIR ckpt_n AND GENERATE
`NEW RECEIVER RESPONSE
`CHECKPOINT ckpt_r
`
`#
`
`#WHEN SYNC_ACK
`ARRIVES WITH INCOMING
`HEADER = ckpt_r:
`GENERATE NEW
`CHECKPOINT IP PAIR
`ckpt_n IN TRANSMITIER
`
`......_!w
`
`I - . . . -
`
`"t
`
`t
`
`*WHEN SYNC_REQ ARRIVES
`WITH INCOMING HEADER=
`RECEIVER·s ckpt_n:
`W
`• UPDATE WINDOW
`I GENERATE NEW
`CHECKPOINT IP PAIR
`ckpt_n IN RECEIVER
`• GENERATE NEW
`CHECKPOINT IP PAIR
`ckpt_r IN TRANSMITTER
`• TRANSMIT SYNC ACK
`USING NEW CHECKPOINT
`IP PAIR ckpt_r
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`?'
`....
`
`~0
`N
`0
`0
`\0
`
`g
`:
`~
`:
`u.
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`FIG. 15
`
`Petitioner Apple - Ex. 1001, p. 20
`
`
`
`U.S. Patent
`
`Feb. 10,2009
`
`Sheet 18 of 35
`
`US 7,490,151 B2
`
`00
`
`(j)
`~ u
`0
`__J co
`en en
`
`LU
`0::::
`0
`0
`<C
`<C
`0
`~
`:z:
`:5
`t-w
`:z:
`0:::: w
`:r:
`t-
`~
`
`LO
`0')
`CJ
`-.;;f"
`
`<0
`
`~
`
`(9
`LL
`
`Petitioner Apple - Ex. 1001, p. 21
`
`
`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 19 of 35
`
`US 7,490,151 B2
`
`INACTIVE
`ACTIVE
`USED
`
`OoO
`
`WINDOW_SIZE
`
`WINDOW_SIZE
`
`•
`•
`•
`
`•
`•
`•
`
`•
`•
`•
`
`FIG. 17
`
`Petitioner Apple - Ex. 1001, p. 22
`
`
`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 20 of 35
`
`US 7,490,151 B2
`
`INACTIVE
`ACTIVE
`USED
`
`OoO
`
`WINDOW_SIZE
`
`WINDOW_SIZE
`
`•
`•
`•
`
`•
`•
`•
`
`•
`•
`•
`
`FIG. 18
`
`Petitioner Apple - Ex. 1001, p. 23
`
`
`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 21 of 35
`
`US 7,490,151 B2
`
`OoO
`
`WINDOW_SIZE
`
`WINDOW_SIZE
`
`•
`
`•
`•
`•
`
`•
`•
`•
`
`FIG. 19
`
`INACTIVE
`ACTIVE
`USED
`
`OoO
`
`Petitioner Apple - Ex. 1001, p. 24
`
`
`
`2005
`
`2008
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`
`?' ....
`
`~0
`N
`0
`0
`\0
`
`2011
`FIG. 20
`
`('D
`('D
`
`rJ1 =(cid:173)
`.....
`N
`N
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 25
`
`
`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 23 of 35
`
`US 7,490,151 B2
`
`2101
`
`2102
`
`2103
`
`2104
`
`2105
`
`2106
`
`2107
`
`2108
`
`2109
`
`AD TABLE
`IP1
`IP2
`IP3
`IP4
`
`AETABLE
`
`AFTABLE
`
`BDTABLE
`
`BE TABLE
`
`BFTABLE
`
`CD TABLE
`
`CETABLE
`
`CFTABLE
`
`FIG. 21
`
`LINK DOWN
`
`2100/
`
`Petitioner Apple - Ex. 1001, p. 26
`
`
`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 24 of 35
`
`US 7,490,151 B2
`
`2201
`
`2202
`
`2203
`
`NO
`
`2205
`
`2206
`
`MEASURE
`QUALITY OF
`TRANSMISSION
`PATH X
`
`YES
`
`INCREASE WEIGHT
`FOR PATH X
`TOWARD STEADY
`STATE VALUE
`
`ADJUST WEIGHTS
`FOR REMAINING
`PATHS SO THAT
`WEIGHTS EQUAL ONE
`
`2209
`
`NO
`
`SET WEIGHT
`TO MIN. VALUE
`
`YES
`
`2208
`
`DECREASE
`WEIGHT FOR
`PATH X
`
`FIG. 22A
`
`Petitioner Apple - Ex. 1001, p. 27
`
`
`
`U.S. Patent
`
`Feb. 10, 2009
`
`Sheet 25 of 35
`
`US 7,490,151 B2
`
`2210
`
`(EVENT) TRANSMITIER
`FOR PATH X
`TURNS OFF
`
`2211
`
`2212
`
`2213
`
`2214
`
`2215
`
`DROP ALL PACKETS
`>---~ UNTIL A TRANSMITTER
`TURNS ON
`
`YES
`
`SET WEIGHT
`TO ZERO
`
`ADJUST WEIGHTS
`FOR REMAINING
`PATHS SO THAT
`WEIGHTS EQUAL ONE
`
`DONE
`
`FIG. 228
`
`Petitioner Apple - Ex. 1001, p. 28
`
`
`
`2307
`
`I
`I
`I
`I
`I
`I
`I
`I
`
`I
`
`I
`
`PATH X1
`
`PATH X2
`
`PATH X3
`
`PATH X4
`
`2302
`I
`PACKET
`TRANSMITTER
`
`PACKET r 2303
`·I RECEIVER
`
`I W(X1) = 0.2
`W(X2) = 0.1
`W(X3) = 0.6
`W(X4) = 0.1
`
`I~
`
`>- 2306
`
`.....
`
`v2301
`
`2305
`
`2308
`
`\
`
`TRANSMIT TABLE
`S D
`
`RECEIVE TABLE
`S D L
`w~_l_lll I
`!
`
`2309
`
`LINK QUALITY H WEIGHT
`
`2304 "'\..] MEASUREMENT
`FUNCTION
`
`I _,
`ADJUSTMENT V
`FUNCTION
`
`FIG. 23
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`"'f'j
`('D
`?'
`....
`
`~0
`N
`0
`0
`\0
`
`('D
`('D
`
`rJ1 =(cid:173)
`.....
`N
`0\
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 29
`
`
`
`2403
`
`2404
`
`2401
`
`COMPUTER 1 - - - - -1
`
`1 00 Mb/s MESS T = 32
`
`75 Mb/s MESS T = 24
`
`25 Mb/s MESS T = 8
`
`FIG. 24
`
`/~ "
`f f.'"":\...._,
`\ ~ I
`
`nl"\1 1,..,..,...
`
`\
`
`2402
`
`I COMPUTER
`I
`
`I
`
`I
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`?'
`....
`
`~0
`N
`0
`0
`\0
`
`('D
`
`rJ1 =-('D
`.....
`N
`-....l
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 30
`
`
`
`2501
`
`2504
`
`2505
`
`I //._\_ ___ I
`
`2506
`
`WEB
`BROWSER
`
`IP
`STACK
`
`I
`
`2502
`
`I
`
`I
`I
`
`2503
`
`DNS
`
`TARGET
`WEB SITE
`
`FIG. 25
`(PRIOR ART)
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`
`?' ....
`
`~0
`N
`0
`0
`\0
`
`('D
`('D
`
`rJ1 =(cid:173)
`.....
`N
`QO
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 31
`
`
`
`2601
`
`2605
`
`2606
`
`WEB
`BROWSER
`
`2607
`
`DNS
`SERVER
`
`DNS
`PROXY
`
`2602
`
`GATE KEEPER
`I HOPPING I I RULES I
`
`2603
`
`SECURE TARGET SITE
`
`liP HOPPING r- 2608
`
`1
`
`/
`
`2604
`
`UNSECURE
`TARGET SITE
`
`~2611
`
`FIG. 26
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`
`?' ....
`
`~0
`N
`0
`0
`\0
`
`('D
`('D
`
`rJ1 =(cid:173)
`.....
`N
`\0
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 32
`
`
`
`U.S. Patent
`
`Feb. 10,2009
`
`Sheet 30 of 35
`
`US 7,490,151 B2
`
`2701
`
`RECEIVE DNS
`REQUEST FOR
`TARGET SITE
`
`2702
`
`2704
`
`2706
`
`2703
`
`NO
`
`PASS THRU
`REQUEST TO
`DNS SERVER
`
`2705
`
`NO
`
`RETURN
`"HOST UNKNOWN"
`ERROR
`
`YES
`
`ESTABLISH
`VPNWITH
`TARGET SITE
`
`FIG. 27
`
`Petitioner Apple - Ex. 1001, p. 33
`
`
`
`2801
`
`2802
`\
`
`HOST
`COMPUTER #1
`
`I
`
`(
`
`EDGE
`ROUTER
`
`\
`
`\
`
`I
`
`I
`
`I
`
`2803
`
`lrAiEI
`
`2810
`
`2804
`
`HOST LJ
`
`COMPUTER~
`
`\.__
`
`FIG. 28
`
`ISP
`
`I
`
`I
`
`LINK
`GUARD
`
`2805
`_ l..llr.l-l 0\M
`
`_J_
`
`INTERNET
`
`I........
`
`5
`
`~
`00 .
`
`~
`~
`~
`~
`
`= ~
`
`""f'j
`('D
`?'
`....
`
`~0
`N
`0
`0
`\0
`
`('D
`
`(.H
`
`rJ1 =-('D
`.....
`....
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`= N
`""""'
`
`Petitioner Apple - Ex. 1001, p. 34
`
`
`
`HOST COMPUTER #1
`
`I
`
`2904
`
`I
`
`ISP
`
`I
`
`2909 ...._J
`
`, v, 1
`
`I
`
`I
`
`, "
`I
`
`I
`
`I
`I
`
`I
`
`1 LINK ~£~11
`GUARD
`
`T_X- .BL I
`
`'-..._../
`
`'
`
`LOWBW
`
`I RX I TX'
`
`.1. 2910
`
`I
`
`.....-2901
`
`2900
`
`2905
`
`2906
`
`2907
`
`2908
`
`VHIGHBW
`
`HOST COMPUTER #2
`
`I ~00-200 r
`
`2902---.. I
`
`I
`
`(
`
`-
`
`-
`
`INTERNET
`
`)
`
`TX
`
`RX
`
`I /~
`
`2912
`
`2913
`
`2903
`
`HACKER COMPUTER
`
`:/{ooo IP TX 100-200
`
`FIG. 29
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`"'f'j
`('D
`?'
`....
`
`~0
`N
`0
`0
`\0
`
`('D
`
`rJ1 =-('D
`.....
`(.H
`N
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`"""' u.
`"""' = N
`
`Petitioner Apple - Ex. 1001, p. 35
`
`
`
`\
`N
`
`TRANSMITIER
`
`RECEIVER
`
`RECEIVE v3oo4
`SYNC_REQ
`
`;o6
`
`RXTABLE
`
`y
`
`DUPLICATE?
`
`DISCARD
`
`TXTABLE
`
`3005
`
`I
`
`3007
`
`w
`N
`
`!
`3002
`
`3000
`
`N
`
`,08
`EXC~ DELAY
`~ SECONDS
`I
`
`RATE R?
`N
`
`GENERATE v3oog
`CKPT_N
`
`W-'1
`
`!
`3003
`
`FIG. 30
`
`3001
`
`3010
`/
`GENERATE
`SYNC_REQ
`
`3011
`L
`PROCESS
`CKPT_N
`(SYNC_ACKr
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`?'
`....
`
`~0
`N
`0
`0
`\0
`
`rJ1 =(cid:173)
`.....
`
`('D
`('D
`
`(.H
`(.H
`
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 36
`
`
`
`3101
`
`CKPT N
`CKPT 0
`CKPT R
`
`CKPT_N
`CKPT 0
`CKPT R
`
`3112
`
`3102
`
`TX/RX TX/RX TX/RX
`
`3111
`
`3114
`
`CLIENT#1
`
`3103
`
`CKPT N
`CKPT 0
`CKPT_R
`
`CLIENT#2
`
`3104
`
`3208
`
`3209
`
`3210
`
`HACKER
`
`3105
`
`FIG. 31
`
`~
`00 .
`
`~
`~
`~
`
`~ = ~
`
`""f'j
`('D
`
`?' ....
`
`~0
`N
`0
`0
`\0
`
`rJ1 =(cid:173)
`.....
`
`('D
`('D
`
`(.H
`.j;o.
`
`0 .....
`(.H
`Ul
`
`d
`rJl
`-....l
`~
`\C
`-..=
`""""' u.
`""""' = N
`
`Petitioner Apple - Ex. 1001, p. 37
`
`
`
`U.S. Patent
`
`Feb.10,2009
`
`Sheet 35 of 35
`
`US 7,490,151 B2
`
`CLIENT
`
`SEND DATA PACKET
`USING CKPT N
`CKPT O=CKPT N
`GENERATE NEW CKPT N
`START TIMER, SHUT -
`TRANSMITTER OFF
`IF CKPT 0 IN SYNC ACK
`MATCHES TRANSMITTER'S
`CKPT 0
`UPDATE RECEIVER'S
`CKPT R
`KILL TIMER, TURN
`TRANSMITIER ON
`
`SEND DATA PACKET
`USING CKPT N
`CKPT O=CKPT N
`GENERATE NEW CKPT N
`START TIMER, SHUT -
`TRANSMITTER OFF
`
`WHEN TIMER EXPIRES
`TRANSMIT SYNC REO
`USING TRANSMITTERS
`CKPT_O, START TIMER
`
`IF CKPT 0 IN SYNC ACK
`MATCHES TRANSMITTER'S
`CKPT 0
`UPDATE RECEIVER'S
`CKPT R
`KILL TIMER, TURN
`TRANSMITTER ON
`
`SERVER
`
`PASS DATA UP STACK
`CKPT O=CKPT N
`GENERATE NEW CKPT N
`GENERATE NEW CKPf R
`FOR TRANSMITTER SIDE
`TRANSMIT SYNC ACK
`CONTAINING CKPT_O
`
`X
`
`CKPT O=CKPT N
`GENERATE NEW CKPT N
`GENERATE NEW CKPT-R
`FOR TRANSMITTER SIDE
`TRANSMIT SYNC ACK
`CONTAINING CKPT_O
`
`FIG. 32
`
`Petitioner Apple - Ex. 1001, p. 38
`
`
`
`US 7,490,151 B2
`
`1
`ESTABLISHMENT OF A SECURE
`COMMUNICATION LINK BASED ON A
`DOMAIN NAME SERVICE (DNS) REQUEST
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`
`This application is a divisional application of 09/504,783
`(filed Feb. 15, 2000), now U.S. Pat. No. 6,502,135, issued
`Dec. 31, 2002, which claims priority from and is a continua(cid:173)
`tion-in-part of previously filed U.S. application Ser. No.
`09/429,643 (filed Oct. 29, 1999) now U.S. Pat. No. 7,010,604.
`The subject matter of the '643 application, which is bodily
`incorporated herein, derives from provisional U.S. applica(cid:173)
`tion No. 60/106,261 (filed Oct. 30, 1998) and 60/137,704
`(filed Jun. 7, 1999).
`
`GOVERNMENT CONTRACT RIGHTS
`
`This invention was made with Government support under
`Contract No. 360000-1999-000000-QC-000-000 awarded by
`the Central Intelligence Agency. The Government has certain
`rights in the invention.
`
`BACKGROUND OF THE INVENTION
`
`A tremendous variety of methods have been proposed and
`implemented to provide security and anonymity for commu(cid:173)
`nications over the Internet. The variety stems, in part, from the
`different needs of different Internet users. A basic heuristic
`framework to aid in discussing these different security tech(cid:173)
`niques is illustrated in FIG. 1. Two terminals, an originating
`terminal! 00 and a destination terminal11 0 are in communi(cid:173)
`cation over the Internet. It is desired for the communications
`to be secure, that is, immune to eavesdropping. For example,
`terminal! 00 may transmit secret information to terminal11 0
`over the Internet 107. Also, it may be desired to prevent an
`eavesdropper from discovering that terminallOO is in com(cid:173)
`munication with terminal110. For example, ifterminallOO is
`a user and terminal110 hosts a web site, terminallOO's user
`may not want anyone in the intervening networks to know
`what web sites he is "visiting." Anonymity would thus be an
`issue, for example, for companies that want to keep their
`market research interests private and thus would prefer to
`prevent outsiders from knowing which web-sites or other
`Internet resources they are "visiting." These two security
`issues may be called data security and anonymity, respec(cid:173)
`tively.
`Data security is usually tackled using some form of data
`encryption. An encryption key 48 is known at both the origi(cid:173)
`nating and terminating terminals 100 and 110. The keys may
`be private and public at the originating and destination termi(cid:173)
`nals 100 and 110, respectively or they may be symmetrical
`keys (the same key is used by both parties to encrypt and
`decrypt). Many encryption methods are known and usable in
`this con