`
`(12) United States Patent
`(10) Patent No.:
`US 7,921,211 B2
`
`Larson et a].
`(45) Date of Patent:
`*Apr. 5, 2011
`
`(75)
`
`(54) AGILE NETWORK PROTOCOL FOR SECURE
`COMMUNICATIONS USING SECURE
`DOMAIN NAMES
`Inventors: Victor Larson, Fairfax, VA (US):
`Robert Dunham Short, III, Lccsburg,
`VA (US); Edmund Colby Munger,
`Crownsville, MD (US); Michael
`Williamson, South Riding, VA (US)
`‘
`‘
`a
`-
`‘
`‘
`(73) Ass1gnee. VlrnetX, Inc., Scotts Valley, (.A (US)
`( * ) Notice:
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U,S,C, 15403) by 701 days.
`This patent is subject to a terminal dis-
`clailner.
`
`(21) Appl.No.: 11/840,560
`
`(22)
`
`Filed:
`
`Aug. 17, 2007
`
`(65)
`
`Prior Publication Data
`
`Us 2008/0040792 A1
`
`Feb. 14, 2008
`
`Related US. Application Data
`(63) Continuation of application No. 10/714,849, filed on
`Nov. 18, 2003, now Pat. No. 7,418,504, which is a
`continuation of application No. 09/558,210, filed on
`Apr.
`26,
`2000,
`now abandoned, which is
`a
`continuation-in-part of application No. 09/504,783,
`filed on Feb. 15, 2000, now Pat. No. 6,502,135, which
`is
`a
`continuation-in—part
`of
`application No.
`09/429 643 filed on Oct. 29 1999 now Pat. No.
`7 010 604 ‘
`‘
`’
`’
`’
`'
`Provisional application No. 60/106,261, filed on Oct.
`30, 1998, provisional application No. 60/ 137,704,
`filed on Jun. 7, 1999.
`
`(60)
`
`(51)
`
`Int. Cl.
`GIMF 15/173
`
`(2006.01)
`
`....................................................... 709/226
`(52) US. Cl.
`(58) Field of Classification Search .................. 709/226,
`709/221, 726/15
`See application file for complete search history.
`.
`References Clted
`
`(56)
`
`US PATENT DOCUMENTS
`2,895,502 A
`7/1959 Roper et all
`5,303,302 A
`4/1994 Burrows
`5,311,593 A
`5/1994 Carmi
`(Continued)
`
`EP
`
`FOREIGN PATENT DOCUMENTS
`0838930
`_ 4/1988
`(Continued)
`
`OTHER PUBLICATIONS
`Baumgartner et a1, “Differentiated Services: A New Approach for
`Quality of Service in the Internet.” International Conference on High
`Performance Networking, 255-273 (1998).
`
`(Commued)
`
`Primary Examiner i Krisna Lim
`(74) Attorney, Agent, or Firm 7 McDermott Will & Emery
`LLP
`
`ABSTRACT
`(57)
`A secure domain name service for a computer network is
`disclosed that includes a portal connected to a computer net—
`work, such as the Internet, and a domain name database
`
`comlected to the computer network through the portal. The
`portal authenticates a query for a secure computer network
`address, and the domain name database stores secure com-
`
`puter network addresses for the computer network. Each
`secure compllter network address is based on a non-standard
`top-level domain name, such as .scom,
`.sorg,
`.snet,
`.snet,
`.sedu, .smil and .sint.
`
`60 Claims, 40 Drawing Sheets
`
`
`my
`
`
`
`2601
`
`IP
`2507/ HOPPlNG
`
`
`2605
`2605
`\
`x / ail
`ZStD—l/
`WEB
`1P
`‘
`
`BROWSER
`STACK
`1
`
`GATEKEEPER
`
`
`
`
`
`HOFPINGT
`RULES
`\2503
`
`
`
`
`
`
`
`
`
`i
`
`\2002
`
`
`
`
`SECURE
`TARGET
`SITE
`
`HOPPlNG
`
`
`UNSECURE
`TARGET
`
`SITE
`
`
`2511
`
`New Bay Capital, LLC
`Ex. 1001
`
`New Bay Capital, LLC
`Ex. 1001
`
`
`
`US 7,921,211 B2
`
`Page2
`
`U.S. PATENT DOCUMENTS
`
`5,3 84,848 A
`5,511,122 A
`5,629,984 A
`5,764,906 A
`5,771,239 A
`5,805,803 A
`5,822,434 A
`5,864,666 A *
`5,870,610 A
`5,898,830 A
`5,950,195 A
`6,052,788 A
`6,055,574 A
`6,061,346 A
`6,079,020 A
`6,081,900 A *
`6,101,182 A
`6,119,171 A
`6,173,399 B1
`6,199,112 Bl
`6,202,081 B1
`6,223,287 B1
`6,226,748 B1
`6,226,751 B1
`6,246,670 B1
`6,262,987 B1
`6,298,341 B1
`6,314,463 B1
`6,333,272 B1
`6,338,082 B1
`6,502,135 B1
`6,557,037 B1
`6,687,746 B1
`6,701,437 B1
`6,752,166 B2
`6,757,740 B1
`6,937,597 Bl
`7,039,713 B1
`7,072,964 B1
`7,167,904 B1
`7,188,175 B1
`7,353,841 B2
`7,461,334 B1
`7,490,151 B2
`7,493,403 B2
`2001/0049741 A1
`2004/0199493 A1
`2004/0199520 A1
`2004/0199608 A1
`2004/0199620 A1
`2007/0208869 A1
`2007/0214284 A1
`2007/0266141 A1
`2008/0235507 Al
`
`........ 726/19
`
`1/1995 Kikuchi
`4/1996 Atkinson
`5/l997 McManis
`6/1998 Edelstein et al.
`6/1998 Moroney et a1.
`9/1998 Birrell etal.
`10/1998 Caronni et al.
`1/1999 Shrader ........................... 726/15
`2/1999 Beyda et a1.
`4/1999 W'esinger, Jr. et a1.
`9/1999 Stockwell et al.
`4/2000 W'esinger et al.
`4/2000 Smorodinsky et al.
`5/2000 Nordman
`6/2000 Liu
`6/2000 Subramaniam et al.
`8/2000 Sismnizadeh et 211.
`9/2000 Alkhatib
`1/2001 Gilbrech
`3/2001 Wilson
`3/2001 Naudus
`4/2001 Douglas et al.
`5/2001 Bots et al.
`5/2001 Arrow et al.
`6/2001 Karlsson et a1.
`7/2001 Mogul
`10/2001 Mann et :11.
`11/2001 Abbott et a1.
`12/2001 McMillin et a1.
`1/2002 Schneider
`12/2002 Munger et a1.
`4/2003 Provino
`2/2004 Shuster et al.
`3/2004 Hoke et a1.
`6/2004 Lull et a1.
`6/2004 Parkh et a1.
`8/2005 Rosenberg et al.
`5/2006 Van Gunter et a1.
`7/2006 Whittle et al.
`1/2007 Devarajan et a1.
`3/2007 McKeeth
`4/2008 Keno et a1.
`12/2008 Lu et al.
`2/2009 Munger et a1.
`2/2009 Shull et a1.
`12/2001 Skene et al.
`10/2004 Ruiz et al.
`10/2004 Ruiz et al.
`10/2004 Rechterman et a1.
`10/2004 Ruiz et al.
`9/2007 Adelman et al.
`9/2007 King et a1.
`1 1/2007 Norton
`9/2008 Ishikawa et al.
`
`EP
`GB
`GB
`GB
`JP
`JP
`JP
`JP
`WO
`WO
`WO
`WO
`WO
`
`FOREIGN PATENT DOCUMENTS
`0814589
`12/1997
`2317792
`4/1998
`2334181
`8/1999
`2340702
`2/2000
`62-214744
`9/1987
`04-363941
`12/1992
`09-018492
`1/1997
`10-070531
`3/1998
`WO98/27783
`6/1998
`WO99/11019
`3/1999
`VVO 00/17775
`3/2000
`VVO 00/70458
`11/2000
`VVO 01/16766
`3/2001
`
`OTHER PUBLICATIONS
`
`Chapman et a1., “Domain Name System (DNS),” 278-296 (1995).
`Davila et a1., “Implementation of Virtual Private Networks at the
`Transport Layer,” M. Mambo, Y. Zheng (Eds), Information Security
`(Second International) Workshop, ISW’ 99. Lecture Notes in Com-
`puter Science (LNCS), vol. 1729; 85-102 (1999).
`De Raadt et a1., “Cryptography in OpenBSD,” 10 pages (1999).
`
`Eastlake, “Domain Name System Security Extensions,” Internet
`Citation, Retrieved from the Internet: URsztp://ftp.inet.no/pub/ietf/
`intemet-drafts/draft-ietf-dnssec-secext2-05txt (I998).
`Gunter et al., “An Architecture for Managing QOS-Enabled VRNs
`Over the Internet,” Proceedings 24th Conference on Local Computer
`Networks. LCN’ 99 IEEE Comput. Soc Los Alamitos, CA, pp. 122-
`131 (1999).
`Shimizu, “Special Feature Mastering the Internet with Windows
`2000”, Internet Magazine, 63:296-307 (2000).
`Stallings, “Cryptography and Network Security,” Principals and
`Practice, 2nd Edition, pp. 399-440 (1999).
`Takata, “U.S. Vendors Take Serious Action to Act Against Crack-
`ersiA Tracking T001 and a Highly Safe DNS Software are
`Released”, Nikkei Communications, 257:87(1997).
`Wells, Email (Lancasterb1be@mail.msn.com), Subject: “Security
`Icon,” (1998).
`Fasbender, A., et a1., Variable and Scalable Security: Protection of
`Location Information in Mobile IP, IEEE VTS, 46th, 1996, 5 pp.
`DNS-related correspondence dated Sep. 7. 1993 to Sep. 20, 1993.
`(Pre KX, KX Records).
`M. Handley, II. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Dec. 2, 1996). (RFC 2543 Internet Draft 1).
`Aventail Corp., “AutoSOCKS v. 2.1 Datasheet,” available at http://
`www.archive.0rg/web/19970212013409/www.aventai1.c0m/prod/
`autosk2ds.htm1 (1997). (AutoSOCKS, Aventail).
`Aventail Corp., “Socks Version 5,” Aventail Whitepaper, available at
`http://web.ai'chive.org/Web/19970620030312/www.aventail.corn/
`educate/whitepaper/soc kswp.html (1997). (Socks, Aventail).
`M. Handley, I. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Intemet Draft, (Mar. 27. 1997). (RFC 2543 Internet Draft 2).
`M. Handley, I. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Jul. 31, 1997). (RFC 2543 Internet Draft 3).
`M. Handley, I. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Nov. 11. 1997). (RFC 2543 Internet Draft 4).
`M. Handley, I. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (May 14, 1998). (RFC 2543 Internet Draft 5).
`M. Handley, I. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Jun. 17, 1998). (RFC 2543 Internet Draft 6).
`M. Handley. I. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Jul. 16, 1998). (RFC 2543 Internet Draft 7).
`M. Handley, I. Schulzrinne, F.. Schooler, Internet Engineering Task
`Force, Internet Draft, (Aug. 7, 1998). (RFC 2543 Internet Draft 8).
`M. Handley, I. Schulzrinne, E. Schooler, Internet Engineering Task
`Force. Internet Draft. (Sep. 18. 1998). (RFC 2543 Internet Draft 9).
`M. Handley, I. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Nov. 12, 1998). (RFC 2543 Internet Draft 10).
`M. Handley, I. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Dec. 15, 1998). (RFC 2543 Internet Draft 11).
`Aventail Cor3., “Aventail Connect 3.1/2.6Administrat0r’s Guide,”
`(1999). (Aventail Administrator 3.1, Aventail).
`Aventail Cor3., “Aventail Connect 3.1,/2.6 User’s Guide,” (1999).
`(Aventail User 3 . 1, Aventail).
`Aventail Corp., “Aventail ExtraWeb Server v3.2 Administrator’s
`Guide,” (1999). (Aventail ExtraWeb 3 .2, Aventail).
`Check Point Software Technologies Ltd.
`(1999) (Check Point,
`Checkpoint FW).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Intemet Draft, (Jan. 15, 1999). (RFC 2543 Internet Draft 12).
`Goncalves, et a1. Check Point ”rel/Valli] Administration Guide,
`McGraw-IIill Companies (2000). (Goncalves, Checkpoint FW).
`Assured Digital Products. (Assured Digital).
`F-Secure, F—Secure Evaluation Kit
`(May 1999)
`00000003) (Evaluation Kit 3).
`F-Secure, F—Secure Evaluation Kit
`00000009) (Evaluation Kit 9).
`IRS, Inc., SafeNeflSofl—PK Version 4 (Mar. 28, 2000) (Soft-PK Ver-
`sion 4).
`IRE/SafeNet Inc., VPN Technologies Overview (Mar. 28, 2000)
`(Safenet VPN Overview).
`IRE, Inc., SafeNet/VPNPolicy A/Ianager Quick Start Guide Version 1
`(1999) (SafeNet VPN Policy Manager).
`Information Assurance/KAI Labs, Dynamic Virtual Private Net—
`works Presentation v.3 (2000).
`
`(FSECURE
`
`1998)
`
`(FSECURE
`
`
`
`(Sep.
`
`
`
`New Bay Capital, LLC
`Ex. 1001
`
`New Bay Capital, LLC
`Ex. 1001
`
`
`
`US 7,921,211 B2
`
`Page3
`
`U.S. Appl. No. 60/134,547, filed May 17, 1999,Victor Sheymov.
`U.S. Appl. No. 60/151,563, filed Aug. 31, 1999, Bryan Whittles.
`U.S. Appl. No. 09/399,753, filed Sep. 22. 1998, Graig Miller et a1.
`Microsoft Corporation’s Fourth Amended Invalidity Contentions
`dated Jan. 5, 2009, WrnetX Inc. and Science Applications Interna—
`tional Corp. V. Illicrosoft Corporation.
`Appendix A of the Microsoft Corporation’s Fourth Amended Inval-
`idity Contentions dated Jan. 5, 2009.
`Concordance Table for the References Cited in Tables on pp. 6-15.
`71-80 and 116-124 of the Microsoft Corporation’s Fourth Amended
`Invalidity Contentions dated Jan. 5, 2009.
`1. P. Mockapetris. “DNS Encoding of Network Names and Other
`Types,”Network Working Group, RFC 1101 (Apr. 1989)(RFC1101.
`DNS SRV).
`R. Atkinson, “An Internetwork Authentication Architecture,” Naval
`Research Laboratory, Center for High Assurance Computing Sys-
`tems (Aug. 5, 1993). (Atkinson NRL, KX Records).
`Henning Schulzrirme, Personal r\/Iobilityfor Multimedia Services In
`The Internet, Proceedings of the Interactive Distributed Multimedia
`Systems
`and Services European Workshop at
`143
`(1996).
`(Schulzrinne 96).
`Microsoft Corp., Alicrosoft VirtualPrivate Networking: Using Point—
`to—Point Tunneling Protocol for Low—Cost, Secure, Remote Access
`Across the Internet (1996) (printed from 1998 PDC DVD-ROM).
`(Point to Point, Microsoft Prior Art VPN Technology).
`“Safe Surfing: How to Build a Secure World Wide Web Connection,”
`IBM Technical Support Organization, (Mar. 1996). (Safe Surfing.
`Website Art).
`Goldschlag, et al., “Hiding Routing Information,” Workshop on
`Information Hiding, Cambridge, UK (May 1996). (Goldschlag II.
`Onion Routing).
`“IPSec Minutes From Montreal”, IPSEC Working Group Meeting
`Notes,
`http://www.sandleman.ca/ipsec/1996/08/msg00018.html
`(Jun. 1996). (IPSec Minutes, FreeS/WAN).
`J. M. Galvin, “Public Key Distribution with Secure DNS.” Proceed-
`ings of the Sixth USENIX UNIX Security Symposium. San Jose.
`California, Jul. 1996. (Galvin, DNSSEC).
`J. Gilmore. et al. “Re: Key Management. anyone? (DNS Keying).”
`IPSec Working Group Mailing List Archives (Aug. 1996). (Gilmore
`DNS, FreeS/WAN).
`H. Orman, et a1. “Re: ’Re: DNS? was Re: Key Management, any-
`one?” IETF IPSec Working Group Mailing List Archive (Aug. 1996-
`Sep. 1996). (Orman DNS. FreeS/WAN).
`Arnt Gulbrandsen & Paul Vixie, A DNSRRfor specifying the location
`ofservices (DNS SRV), IETF RFC 2052 (Oct. 1996). (RFC 2052.
`DNS SRV).
`Freier, et al. “The SSL Protocol Version 3.0,” Transport Layer Secu-
`rity Working Group (Nov. 18, 1996). (SSL, Underlying Security
`Technology).
`MG. Reed, et a1. “Proxies for Anonymous Routing,” 12th Annual
`Computer Security Applications Conference, San Diego, CA, Dec.
`9—13, 1996. (Reed, Onion Routing).
`Kenneth F. Alden & Edward P. Wobber, 1 heAlta Vista Tunnel: Using
`the Internet to Extend Corporate Networks, Digital Technical Journal
`(1997) (Alden, AltaVista.
`Automative Industry Action Group, “ANX Release 1 Document Pub-
`lication,” AIAG (1997). (AIAG, ANX).
`Automative Industry Action Group, “ANX Release 1 Draft Docu-
`ment Publication,” AIAG Publications (1997).
`(AIAG Release.
`ANX).
`Aventail Corp. “Aventail VPN Data Sheet," available at http://www.
`archive .org/web/ 199702 120 1 3043/www.aventail .com/prod/
`vpndata.html (1997).(Data Sheet, Aventail).
`Aventail Corp., “Directed VPN Vs. Tunnel,” available at 11ttp://web.
`archive .org/web/ 1997062003 0312/www.aventail.com/educate/
`directvpn.htmI (1997). (Directed VPN, Aventail).
`Aventail Corp., “Managing Corporate Access to the Internet,”
`Aventail AutoSOCKS White Paper available at http://web.archive.
`org/web/ 199706200303 12/www.ave11tail.cormeducate/whitepaper/
`ipmwp.html (1997). (Corporate Access, Aventail).
`Aventail Corp., “VPN Server V2.0 Administration Guide,” (1997).
`(VPN, Aventail).
`
`Goldschlag, et al. “Privacy on the Internet,” Naval Research Labo-
`ratory, Center for High Assurance Computer Systems (1997).
`(Goldschlag I, Onion Routing).
`Microsoft Corp.. Installing Configuring and Using PPTP with
`AIicrosoft Clients and Servers (1997). (Using PPTP, Microsoft Prior
`Art VPN Technology).
`Microsoft Corp., IP Securityfor Microsoft Windows N1 'Server 5.0
`(1997) (printed from 1998 PDC DVD-ROM). (IP Security, Microsoft
`Prior Art VPN Technology).
`Microsoft Corp., Microsoft Windows NTActive Directory: An Intro—
`duction to the Next Generation Directory Services (1997) (printed
`from 1998 PDC DVD-ROM). (Directory. Microsoft Prior Art VPN
`Technology).
`Microsoft Corp., Routing and Remote Access Servicefor Windows
`NT Sen/er NewOpportunities Today and Loola'ng Ahead (1997)
`(printed from 1998 PDC DVD-ROM).(Routing, Microsoft PriorArt
`VPN Technology).
`Microsoft Corp., Understanding Point—to—Point Tunneling Protocol
`PPTP (1997) (printed from 1998 PDC DVD—ROM). (Understanding
`PP I'P, Microsoft Prior Art VPN Technology).
`J. Mark Smith et.al., Protecting a Private Network: The Alta Wsta
`Firewall, Digital Technical Journal (1997). (Smith, AltaVista).
`Naganand Doraswamy Implementation of Virtual Private Networks
`(VPNs) with IPSecurity, <draft—ietf-ipsec—vpn-00.txt> (Mar. 12,
`1997). (Doraswamy).
`Aventail Corp., “Aventail, and Cybersafe to Provide Secure Authen-
`tication For Internet and Intranet Communication,” Press Release,
`Apr. 3, 1997. (Secure Authentication, Aventail).
`D. Wagner, et a1. “Analysis ofthe SSL 3 .0 Protocol.” (Apr. 15, 1997).
`(Analysis. Underlying Security Technologies).
`Automotive Industry Action Group, “ANXO Certification Authority
`Service and Directory Service Definition for ANX Release 1,” AIAG
`Telecommunications Project Team and Bellcore (May 9, 1997).
`(AIAG Defintion, ANX).
`Automotive Industry Action Group, “ANXO Certification Process
`and ANX Registration Process Definition for ANX Release 1,”AIAG
`Telecommunications Project Team and Bellcore (May 9, 1997).
`(AIAG Certification. ANX).
`Aventail Corp., “Avenmil Announces the First VPN Solution to
`Assure Interoperability Across Emerging Security Protocols,” Jun. 2,
`1997. (First VPN, Aventail).
`Syverson, et a1. “Private Web Browsing,” Naval Research Laboratory,
`Center for High 8 Assurance Computer Systems (Jun. 2. 1997).
`(Syverson, Onion Routing).
`Bellcore, “Metrics, Criteria, and Measurement Technique Require-
`ments for ANX Release 1," AIAG Telecommunications Project Team
`and Bellcore (Jun. 16, 1997). (AIAG Requirements, ANX).
`R. Atkinson, “Key Exchange Delegation Record for the DNS,” Net-
`work Working Group, RFC 2230 (Nov. 1997). (RFC 2230, KX
`Records).
`1998 Microsoft Professional Developers Conference DVD (“1998
`PDC DVD-ROM”) (including screenshots captured therefrom and
`produced
`as MSF'I'VX 00018827-00018832).
`(Conference,
`Microsoft Prior Art VPN Technology).
`Microsoft Corp., Virtual Private Networking An Overview (1998)
`(printed from 1998 PDC DVD-ROM) (Overview, Micro soft PriorArt
`VPN Technology).
`Microsoft Corp., Windows NT 5.0 Beta Has Public Premiere at
`Seattle A/Iini—Camp Seminar attendees getfirst look at the perfor—
`mance and capabilities of Windows NT 5.0 (1998) (available at hap
`//VWWV.microsoft.com’presspass/features/l998/10-19nt5.
`mspxpftrue).(NT Beta, Microsoft Prior Art VPN Technology).
`“What ports does SSL use” available at stason.org/TULARC/secu-
`rity/ssl-talk/3-4-W11at-p01ts-does-ssl-use.html (1998). (Ports, DNS
`SRV).
`Aventail Corp., “Aventail VPN V2.6 Includes Support for More Than
`Ten Authentication Methods Making Extranet VPN Development
`Secure and Simple.” Press Release, Jan. 19, 1998. (VPN V2.6,
`Aventail).
`R. G. Moskowitz, “Network Address Translation Issues with IPsec,”
`Internet Draft,
`Internet Engineering Task Force, Feb. 6, 1998.
`(Moskowitz).
`
`New Bay Capital, LLC
`Ex. 1001
`
`New Bay Capital, LLC
`Ex. 1001
`
`
`
`US 7,921,211 B2
`
`Page4
`
`H. Schulzrinne, et a1, “Internet Telephony Gateway Location,” Pro-
`ceedings of IEEE INfocom ’98, The Conference on Computer Com-
`munications, V01. 2 ( Mar. 29-Apr. 2. 1998). (Gateway, Schulzrinne).
`C. Huitema. 45 a1. “Simple Gateway Control Protocol.” Version 1.0
`(May 5, 1998). (SGCP).
`DISA “Secret Internet Protocol Router Network,” SIPRNET Pro-
`gram Management Office (D3 1 13) DISN Networks, D1SI\ Transmis-
`sion Services (May 8, 1998). (DISA, SIPRNET).
`D. McDonald, et al. “PFiKEY Key Management API, Version 2,”
`Network Working Group. RFC 2367 (Jul. 1998). (RFC 2367).
`Microsoft Corp.. Company Focuses on Quality and Customer Feed—
`back (Aug. 18, 1998). (Focus, Microsoft PriorArtVPN Technology).
`Atkinson. et a1. “Security Architecture for the Internet Protocol,”
`Network Working Group, RFC 2401 (Nov. 1998). (RFC 2401.
`Underlying Security Technologies).
`Donald Eastlake, Domain Name System Security Extensions, IETF
`DNS Security Working Group (Dec. 1998). (DNSSEC-7).
`Kaufman et a1, “Implementing IPsec,” (Copyright 1999). (Imple-
`menting IPSEC, VPN References).
`Network Solutions,
`Inc. “Enabling SSL,” NSI Registry (1999).
`(Enabling SSL, Underlying Security Technologies).
`C. Scott, et a1. Virtual Private Networks, O’Reilly and Associates.
`Inc; 2nd ed. (Jan. 1999). (Scott VPNs).
`Goldschlag, et a1., “Onion Routing for Anonymous and Private
`Internet Connections,” Naval Research Laboratory, Center for High
`Assurance Computer Systems (Jan. 28, 1999). (Goldschlag III.
`Onion Routing).
`II. Schulzrinne, “Internet Telephony: architecture and protocolsian
`IETF perspective,” Computer Networks, vol. 31, No. 3 (Feb. 1999).
`(Telephony, Schulzrinne).
`M. Handley, et a1. “SIP: Session Initiation Protocol,” Network Work-
`ing Group, RFC 2543 and Internet Drafts (Dec. 1996-Mar. 1999).
`(Handley. RFC 2543).
`FreeSM/AN Project, LinuxFreeS/WAtN Compatibility Guide (Mar. 4.
`1999). (FreeS/WAN Compatibility Guide, FreeS/WAN).
`Telcordia Technologies, “ANX Release 1 Document Corrections,”
`AIAG (May 11, 1999). (Telcordia, ANX).
`Ken Hornstein & Jeffrey Altman, Distributing Kerberos KDC and
`Realm Information with DNS <draft-eitf-cat-krb-dns-locate-oo.txt>
`(Jun. 21, 1999). (Hornstein, DNS SRV).
`Bhattacharya et. al. “An LDAP Schema for Configuration and
`Administration of IPSec Based Virtual Private Networks (VPNs)”,
`IETF Internet Draft (Oct. 1999). (Bhattcharya LDAP VPN)
`R. Patel, et a]. “DHCP Configuration of IPSEC Tunnel Mode,”
`IPSEC Working Group. Internet Draft 02 (Oct. 15, 1999). (Patel).
`“Building a Microsoft VPN: A Comprehensive Collection of
`Microsoft Resources,” FirstVPN, (Jan. 2000). (FirstVPN Microsoft).
`Gulbrandsen, Vixie, & Esibov, A DNS RRfor specifi/ing the location
`ofservices (DNS SRV), IETF RFC 2782 (Feb. 2000). (RFC 2782.
`DNS SRV).
`Mitre Organization, “Technical Description,” Collaborative Opera-
`tions in Joint Expeditionary Force Experiment (JEFX) 99 (Feb.
`2000). (MITRE, SIPRNET).
`H. Schulzrinne, et al. “Application-Layer Mobility Using SIP,”
`Mobile Computing and Communications Review, vol. 4, No. 3. pp.
`47—57 (Jul. 2000). (Application, SIP).
`Kindred et al, “Dynamic VPN Communities: Implementation and
`Experience,” DARPA Information Survivability Conference and
`Exposition II (Jun. 2001). (DARPA. VPN Systems).
`ANX 101: Basic ANX Service Outline. (Outline, ANX).
`ANX 201: Advanced ANX Service. (Advanced, ANX).
`Appendix A: Certificate Profile for ANX IPsec Certificates. (Appen-
`dix, ANX).
`Aventail Corp., “Aventail AutoSOC KS the Client Key to Network
`Security," Aventail Corporation White Paper. (Network Security.
`Aventail).
`Cindy Moran, “DISN Data Networks: Secret Internet Protocol
`Router Network (SIPRNet).” (Moran, SIPRNET).
`Data Fellows F-Secure VPN+ (F-Secure VPN+).
`Interim Operational Systems Doctrine for the Remote Access Secu-
`rity Program (RASP) Secret Dial-In Solution. (RASP, SIPRNET).
`
`FreeS/WAN
`to
`(FreeS/WAN emails,
`
`Onion Routing, “Investigation ofRoute Selection Algorithms,” avail-
`able
`at
`http://www. onion-router.net/Archives/Route/index.html.
`(Route Selection, Onion Routing).
`Secure Computing. “Bullet-Proofing an Army Net." Washington
`Technology. (Secure, SIPRNET).
`Sparta “Dynamic Virtual Private Network.” (Sparta, VPN Systems).
`Standard Operation Procedure for Lsing the 1910 Secure Modems.
`(Standard, SIPRNET).
`relating
`emails
`Publically
`available
`(MSFTVXOOO18833-MSFTVX00019206).
`FreeS/WAN).
`Kaufman et a1., “Implementing IPsec,” (Copyright 1999) (Imple-
`menting IPsec).
`Network Associates Gauntlet Firewall For Unix User ’s Guide Ver—
`sion 5.0 (1999). (Gauntlet User’s GuideiUnix, Firewall Products).
`Network Associates Gauntlet Firewall for Windows NT Getting
`Started Guide Version 5. 0 (1999) (Gauntlet Getting Started Guidei
`NT, Firewall Products).
`Network Associates Gauntlet Firewall for Unix Getting Started
`Guide Version 5.0 (1999) (Gauntlet Unix Getting Started Guide,
`Firewall Products).
`Network Associates Release Notes Gauntlet Firewall for Unix 5.0
`(Mar. 19, 1999) (Gauntlet Unix Release Notes. Firewall Products).
`Network Associates Gauntlet Firewall For Windows NTAdministra—
`tor ’s Guide Version 5. 0 (1999) (Gauntlet NT Administrator’s Guide,
`Firewall Products).
`Inc. Gauntlet Internet Firewall
`Trusted Information Systems,
`Firewall—to—Firewall Encryption Guide Version 3.1 (1996) (Gauntlet
`Firewall-to-Firewall, Firewall Products).
`Network Associates Gauntlet Firewall Global Virtual Private Net—
`work User ’s Guidefor Windows NT Version 5. 0 ( 1999) (Gauntlet NT
`GVPN, GVPN).
`Network Associates GauntletFirewall For UNIX Global Virtual Pri—
`vate Network User’s Guide Version 5.0 (1999) (Gauntlet Unix
`GVPN, GVPN).
`Dan Sterne Dynamic Virtual Private Networks (May 23, 2000)
`(Sterne DVPN, DVPN).
`Darrell Kindred Dynamic Virtual Private Networks (DVPN) (Dec.
`21. 1999) (Kindred DVPN, DVPN).
`Dan Sterne etal. TlS Dynamic Security Perimeter Research Project
`Demonstration (Mar. 9.
`1998)
`(Dynamic Security Perimeter,
`DVPN).
`Darrell Kindred Dynamic Virtual Private Networks Capability
`Description (Jan. 5, 2000) (Kindred DVPN Capability, DVPN) 11.
`Oct.
`7,
`and 28,
`1997 email
`from Domenic
`J. Turchi
`Jr.
`(SPARTA00001712-1714,
`1808-1811)
`(Turchi DVPN email,
`DVPN).
`James Just & Dan Sterne Security Quickstart Task Update (Feb. 5,
`1997) (Security Quickstart, DVPN).
`Virtual Private Network Demonstration dated Mar. 21. 1998
`(SPARTA00001844-54) (DVPN Demonstration, DVPN).
`GTE Internetworking & BBN Technologies DARPA Information
`Assurance Program Integrated Feasibility Demonstration (IFD) 1.]
`Plan (Mar. 10, 1998) (IFD 1.1, DVPN).
`Microsoft Corp. Windows NT Server Product Documentation:
`Administration Guide%onnection Point Services. available at
`http://www.microsoft.com/technet/archive/winntas/proddocs/
`inetconctservice/cpsops.mspx
`(Connection
`Point
`Services)
`(Although undated, this reference refers to the operation of prior art
`versions of Microsoft Windows. Accordingly, upon information and
`belief, this reference is prior art to the patents-insuit.)
`Microsoft Corp. Windows NT Server Product Documentation:
`Administration Kit Guide%onnection Manager, available at http://
`www.microsoft .com/technet/archive/winntas/proddocs/
`(Although
`inetconctservice/cmak.mspx (Connection Manager)
`undated, this reference refers to the operation of prior art versions of
`Microsoft \Vindows such as Windows NT 4.0. Accordingly, upon
`information and belief, this reference is prior art to the patents-in-
`suit.).
`Microsoft Corp. Autodial Heuristics, available at http://support.
`microsoft.com/kb/164249 (Autodial Heuristics) (Although undated,
`this reference refers to the operation ofprior art versions of Microsoft
`
`New Bay Capital, LLC
`Ex. 1001
`
`New Bay Capital, LLC
`Ex. 1001
`
`
`
`US 7,921,211 B2
`Page 5
`
`Windows such as Windows NT 4.0. Accordingly, upon information
`and belief, this reference is prior art to the patents-in-suit.).
`Microsoft Corp, Cariplo: Distributed Component Object Model,
`(1996)
`available
`at
`http://msdn2.microsoft.com/en-us/library/
`ms809332(printer).aspx (Cariplo I).
`Marc Levy, COM Internet Services (Apr. 23, 1999), available at
`http://msdn2.microsoft.com/en-us/library/m3809302(printer).aspx
`(Levy).
`Markus Horstrnann and Mary Kirtland, DCOM Architecture (Jul. 23.
`1997),
`available
`at
`http://msdn2.microsoft.com/en-us/library/
`ms809311(printer).aspx (Horstrnann).
`Microsoft Corp.. DCOM: A Business Overview (Apr. 1997), avail-
`able
`at
`http://msdn2.microsoft.com/en-us/library/
`ms809320(printer).aspx (DCOM Business Overview I).
`Microsoft Corp., DCOM Technical Overview (Nov. 1996), available
`at
`http://msdn2.rnicrosoft.com/en-us/library/ms809340(printer).
`aspx (DCOM Technical Overview I).
`Microsoft C orp., DCOM Architecture \Vhite Paper (1998) available
`in PDC DVD-ROM (DCOM Architecture).
`Microsoft Corp, DCOMiThe Distributed Component Object
`Model, A Business Overview White Paper (Microsoft 1997) avail-
`able in PDC DVD-ROM (DCOM Business Overview II).
`Microsoft C orp., DC0M4ariplo Home Banking Over The Internet
`White Paper (Microsoft 1996) available in PDC DVD-ROM (Cariplo
`II).
`Microsoft Corp., DCOM Solutions in Action White Paper (Microsoft
`1996) available in PDC DVD-ROM (DCOM Solutions in Action).
`Microsoft Corp., DCOM Technical Overview White Paper
`(Microsoft 1996) available 12 in PDC DVD-ROM (DCOM Technical
`Overview II).
`Scott Suhy & Glenn Wood, DNS and Microsoft Windows NT 4.0.
`(1996)
`available
`at
`http://msdn2.microsofl.com/en-us/library/
`ms810277(printer).aspx (Suhy).
`Aaron Skonnard, Essential Winlnet 3 13-423 (Addison Wesley Long-
`man 1998) (Essential Winlnct).
`Microsoft Corp.
`Installing, Configuring, and Using PPTP with
`Microsoft Clients and Servers, (1998) available at http://msdn2.
`microsoft.com’enus/library/ms811078(printer).aspx (Using PPTP).
`Microsoft Corp.. Internet Connection Services for MS RAS. Stan-
`dard Edition, http://www.microsoft.com/technet/archive/winntas/
`proddocs/inetconctserVice/bcgstartmspx (Internet Connection Ser-
`vices 1).
`Microsoft Corp., Internet Connection Services for RAS, Commercial
`Edition.
`available
`athttp://wwwmicrosoft.convtechnet/archive/
`winntas/proddocs/inetconctservice/bcgstrtc.mspx (Internet Connec-
`tion Services II).
`Microsoft Corp., Internet Explorer 5 Corporate Deployment Guidei
`Appendix BzEnabling Connections with the Connection Manager
`Administration Kit, available at http://www.microsoft.com/techneb’
`prodtechnol/
`ie/deploy/deployS/appendb.mspx
`(IE5 Corporate
`Development).
`Mark Minasi, Mastering Windows NT Server 4 1359-1442 (6th ed..
`Jan. 15, 1999)(Mastering Windows NT Server).
`Hands On. Selijaced Trainingfor Supporting Version 4.0 371-473
`(Microsoft Press 1998) (Hands On).
`Microsoft Corp, MS Point-to-Point Tlmneling Protocol (Windows
`NT 4.0), available at http://wwwmicrosoft.convtechnet/archive/
`winntas/maintain/featusability/pptpwp3 .mspx (MS PPTP).
`Kenneth Gregg, et al., Microsoft WindowsN] ServerAdministrator ’s
`Bible 173-206, 883-911, 974-1076 (IDG Books Worldwide 1999)
`(Gregg)-
`Microsoft Corp., Remote Access (Windows), available at http://
`msdn2 .microsoft.com/en-us/library/bb545687(VS. 85,printer).aspx
`(Remote Access).
`Microsoft Corp, Understanding PPTP (Windows NT 4.0), available
`at
`http://www.microsoft.com/technet/archive/winntas/plan/
`pptpudst.mspx (Understanding PPTP NT 4) (Although undated, this
`reference refers to the operation of prior art versions of Microsoft
`Windows such as Windows NT 4.0. Accordingly, upon information
`and belief, this reference is prior art to the patents-in-suit.).
`Microsoft Corp., Windows NT 4 .0 : Virtual Private Networking, avail-
`able at http://www.microsoft.com/technet/archive/winntas/ deploy/
`confcab’vpntwk.mspx (NT4 VPN) (Although undated, this reference
`
`refers to the operation of prior art versions of Microsoft Windows
`such as Windows NT 4.0. Accordingly, upon information and belief,
`this reference is prior art to the patents-in-suit)
`Anthony Northrup, NT Network Plumbing: Routers, Proxies, and
`Web Services 299-399 (IDG Books \Vorldwide 1998) (Network
`Plumbing).
`Microsoft Corp., Chapter liIntroduction to Windows NT Routing
`with Routing and Remote Access Service, Available at http://www.
`microsoft.confltechnet/archive/winntas/proddocs/
`rras40/rrasch01.
`mspx (Intro to RRAS) (Although undated, this reference refers to the
`operation of prior art versions of Microsoft Windows such as Win-
`dows NT 4.0. Accordingly, upon information and belief, this refer-
`ence is prior art to the patents-in-suit.) 13.
`Microsoft Corp., Windows NT Server Product Documentation:
`Chapter 5
`Planning for Large-Scale Configurations, available at
`http://www.microsoft.com/technet/archive/winntas/proddocs/
`rras40/rrasch05.mspx (Large-Scale Configurations)
`(Although
`undated, this reference refers to the operation of prior art versions of
`Microsoft Windows such as Windows NT 4.0. Accordingly, upon
`information and belief, this reference is prior art to the patents-in—
`suit.).
`F-Secure, F—Secure NameSuifer (May 1999) (from FSECURE
`00000003) (NameSurfer 3).
`F-Secure, F—Secure VPN Administrator ’s Guide (May 1999) (from
`FSECURE 00000003) (F-Secure VPN 3).
`F-Secure, F—Secure SSH User’s & Administrator’s Guide (May
`1999) (from FSECURE 00000003) (SSH Guide 3).
`F-Secure, F—Secure SSH2.0for Windows NT and 95 (May 1999)
`(from FSECURE 00000003) (SSH 2.0 Guide 3).
`F-Sccurc, F—Secure VPN+ Administrator’s Guide (May 1999) (from
`Fsecure 00000003) (VPN+ Guide 3).
`F-Secure, F—Secure VPN+ 4.1 (1999) (from Fsecure 00000006)
`(VPN+ 4.1 Guide 6).
`F-Secure, F—Secure SSH (1996) (from Fsecure 00000006) (F-Secure
`SSH 6).
`F-Secure, F—Secure SSH 2.0 for Windows NT and 95 (1998) (from
`Fsecure 00000006) (F-Secure SSH 2.0 Guide 6).
`F-Secure, F—Secure SSH User’s & Administrator’s Guide (Sep.
`1998) (from Fsecure 00000009) (SSH Guide 9).
`F-Secure, F—Securie SSH 2.0for Windows NT and 95 (Sep. 1998)
`(from Fsecure 00000009) (F-Secure SSH 20 Guide 9).
`F-Secure, F—Secure VPN+ (Sep. 1998) (from Fsecure 00000009)
`(VPN+ Guide 9).
`F-Secure. F—Secure Management Tools, Administrator ’s Guide
`(1999) (from Fsecure 00000003) (F-Secure Management Tools).
`F-Secure, F—Secure Desktop, User’s Guide (1997) (from Fsecure
`00000009) (FSecure Desktop User’s Guide).
`Sa eNet, Inc., VPN Policy Manager (Jan. 2000) (VPN Policy Man-
`ager).
`T-Secure, F-Secure VPN+ forWindows NT 4.0 (1998) (from Fsecure
`00000009) (FSecure VPN+).
`IRE, Inc., SafeNet / Security Center Technical Reference Addendum
`(Jun. 22, 1999) (Safenet Addendum).
`le, Inc., System Descriptionfor VPN Policy Manager and SafeNet/
`SoftPK (Mar. 30, 2000) (VPN Policy Manager System Description).
`IRE, Inc., About SafeNet / VPN Policy Manager (1999) (About
`Sa enet VPN Policy Manager).
`Inc., Gauntlet Internet Firewall,
`Trusted Information Systems,
`Firewall Product Functional Summary (Jul. 22, 1996) (Gauntlet
`Tunctional Summary).
`Trusted Information Systems, Inc., Running the Gauntlet Internet
`Firewall, An Administrator ’s Guide to Gauntlet Version 3.0 (May31,
`1995) (Running the Gauntlet Internet Firewall).
`Ted Harwood, Windows NT Terminal Server and Citrix Metajrame
`(New Riders 1999) (Windows NT Haiwood) 79.
`Todd W. Matehrs and Shawn P. Genoway, Windows NT Thing Client
`Solutions: Implemetning Terminal Server and Citrix MetaFrame
`(Macmillan Technial Publishing 1999) (Windows NT Mathers).
`Bernard Aboba et al., Securing LZTP using IPSEC (Feb. 2, 1999).
`Finding Your Wa