`
`1111111111111111111111111111111111111111111111111111111111111
`US007418504B2
`
`c12) United States Patent
`Larson et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 7,418,504 B2
`Aug. 26, 2008
`
`(54) AGILE NETWORK PROTOCOL FOR SECURE
`COMMUNICATIONS USING SECURE
`DOMAIN NAMES
`
`(58) Field of Classification Search ................. 709/226,
`709/221; 713/201
`See application file for complete search history.
`
`(75)
`
`Inventors: Victor Larson, Fairfax, VA (US);
`Robert Dunham Short, III, Leesburg,
`VA (US); Edmund Colby Munger,
`Crownsville, MD (US); Michael
`Williamson, South Riding, VA (US)
`
`(73) Assignee: VirnetX, Inc., Scotts Valley, CA (US)
`
`( *) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 646 days.
`
`(21) Appl. No.: 10/714,849
`
`(22) Filed:
`
`Nov. 18, 2003
`
`(65)
`
`Prior Publication Data
`
`US 2004/0098485 AI
`
`May 20,2004
`
`Related U.S. Application Data
`
`(63) Continuation of application No. 09/558,210, filed on
`Apr. 26, 2000, now abandoned, which is a continua(cid:173)
`tion-in-part of application No. 09/504,783, filed on
`Feb. 15, 2000, now Pat. No. 6,502,135, which is a
`continuation-in-part of application No. 09/429,643,
`filed on Oct. 29, 1999, now Pat. No. 7,010,604.
`
`(60) Provisional application No. 60/137,704, filed on Jun.
`7, 1999, provisional application No. 60/106,261, filed
`on Oct. 30, 1998.
`
`(51)
`
`Int. Cl.
`G06F 151173
`(2006.01)
`(52) U.S. Cl. ...................................................... 709/226
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`4,933,846 A
`4,988,990 A
`5,164,988 A
`5,276,735 A
`5,311,593 A
`
`6/1990 Humphrey et a!.
`111991 Warrior
`1111992 Matyas et al.
`111994 Boebert et a!.
`5/1994 Carmi
`
`(Continued)
`
`FOREIGN PATENT DOCUMENTS
`
`DE
`
`199 24 575
`
`12/1999
`
`(Continued)
`
`OTHER PUBLICATIONS
`
`Laurie Wells (Lancasterbibelmail MSN Com); "Subject: Security
`Icon" Usenet Newsgroup, Oct. 19, 1998, XP002200606.
`
`(Continued)
`
`Primary Examiner-Krisna Lim
`(74) Attorney, Agent, or Firm-McDermott Will & Emery,
`LLP
`
`(57)
`
`ABSTRACT
`
`A secure domain name service for a computer network is
`disclosed that includes a portal connected to a computer net(cid:173)
`work, such as the Internet, and a domain name database
`connected to the computer network through the portal. The
`portal authenticates a query for a secure computer network
`address, and the domain name database stores secure com(cid:173)
`puter network addresses for the computer network. Each
`secure computer network address is based on a non-standard
`top-level domain name, such as .scorn, .sorg, .snet, .snet,
`.sedu, .smil and .sint.
`
`60 Claims, 40 Drawing Sheets
`
`Petitioner Apple - Ex. 1001, p. 1
`
`
`
`US 7,418,504 B2
`Page 2
`
`U.S. PATENT DOCUMENTS
`
`5,329,521 A
`5,341,426 A
`5,367,643 A
`5,559,883 A
`5,561,669 A
`5,588,060 A
`5,625,626 A
`5,654,695 A
`5,682,480 A
`5,689,566 A
`5,740,375 A
`5,774,660 A
`5,787,172 A
`5,790,548 A
`5,796,942 A
`5,805,801 A
`5,842,040 A
`5,845,091 A
`5,867,650 A
`5,870,610 A
`5,878,231 A
`5,892,903 A
`5,898,830 A
`5,905,859 A
`5,918,019 A
`5,996,016 A
`6,006,259 A
`6,006,272 A
`6,016,318 A
`6,016,512 A
`6,041,342 A
`6,052,788 A
`6,055,574 A
`6,061,736 A
`6,079,020 A
`6,092,200 A
`6,101,182 A
`6,119,171 A
`6,119,234 A
`6,147,976 A
`6,157,957 A
`6,158,011 A
`6,168,409 Bl
`6,175,867 Bl
`6,178,409 Bl
`6,178,505 Bl
`6,179,102 Bl
`6,222,842 Bl
`6,226,751 Bl
`6,233,618 Bl
`6,243,360 Bl
`6,243,749 Bl
`6,243,754 Bl
`6,256,671 Bl
`6,263,445 Bl
`6,286,047 Bl
`6,301,223 Bl
`6,308,274 Bl
`6,311,207 Bl
`6,324,161 Bl
`6,330,562 Bl
`6,332,158 Bl
`6,353,614 Bl
`6,425,003 Bl
`6,430,155 Bl
`6,430,610 Bl
`6,487,598 Bl
`6,502,135 Bl
`6,505,232 Bl
`6,510,154 Bl
`6,549,516 Bl
`
`7/1994 Walsh eta!.
`8/1994 Barney eta!.
`1111994 Chang et al.
`9/1996 Williams
`10/1996 Lenney eta!.
`12/1996 Aziz
`4/1997 Umekita
`8/1997 Olnowich eta!.
`10/1997 Nakagawa
`1111997 Nguyen
`4/1998 Dunne eta!.
`6/1998 Brendel et a!.
`7/1998 Arnold
`8/1998 Sistanizadeh et a!.
`8/1998 Esbensen
`9/1998 Holloway et a!.
`1111998 Hughes eta!.
`12/1998 Dunne eta!.
`2/1999 Osterman
`2/1999 Beyda eta!.
`3/1999 Baehr eta!.
`4/1999 Klaus
`4/1999 Wesinger, Jr. eta!.
`5/1999 Holloway et a!.
`6/1999 Valencia
`1111999 Thalheimer et a!.
`12/1999 Adelman et al.
`12/1999 Aravamudan et a!.
`112000 Tomoike
`112000 Huitema
`3/2000 Yamaguchi
`4/2000 Wesinger, Jr. eta!.
`4/2000 Smorodinsky et al.
`5/2000 Rochberger et a!.
`6/2000 Liu
`7/2000 Muniyappa et a!.
`8/2000 Sistanizadeh et a!.
`9/2000 Alkhatib
`9/2000 Aziz et al.
`1112000 Shand eta!.
`12/2000 Berthaud
`12/2000 Chen eta!.
`112001 Fare
`112001 Taghadoss
`112001 Weber et al.
`112001 Schneider et a!.
`112001 Weber et al.
`4/2001 Sasyan eta!.
`5/2001 Arrow et al.
`5/2001 Shannon
`6/2001 Basilico
`6/2001 Sitaraman et al.
`6/2001 Guerin eta!.
`7/2001 Strentzsch et a!.
`7/2001 Blumenau
`9/2001 Ramanathan et a!.
`10/2001 Hrastar et al.
`10/2001 Swift
`10/2001 Mighdoll et al.
`1112001 Kirch
`12/2001 Boden et al.
`12/2001 Risley eta!.
`3/2002 Borella et al.
`7/2002 Herzog et al.
`8/2002 Davie et al.
`8/2002 Carter
`1112002 Valencia
`12/2002 Munger eta!.
`112003 Mighdoll et al.
`112003 Mayes eta!.
`4/2003 Albert et al.
`
`6,557,037 Bl
`6,571,296 Bl
`6,571,338 Bl
`6,581,166 Bl
`6,606,708 Bl
`6,618,761 B2
`6,671,702 B2
`6,687,551 B2
`6,714,970 Bl
`6,717,949 Bl
`6,751,738 B2
`6,760,766 Bl
`6,826,616 B2
`6,839,759 B2
`7,010,604 Bl
`7,133,930 B2
`7,188,180 B2
`7,197,563 B2
`2002/0004898 Al
`2003/0196122 Al
`2005/0055306 Al
`2006/0059337 Al
`
`4/2003 Provino ...................... 709/227
`5/2003 Dillon
`5/2003 Shaio eta!.
`6/2003 Hirst eta!.
`8/2003 Devine et a!.
`9/2003 Munger et a!.
`12/2003 Kruglikov et al.
`2/2004 Steindl
`3/2004 Fiveash et a!.
`4/2004 Boden eta!.
`6/2004 Wesinger, Jr. eta!.
`7/2004 Sahlqvist
`1112004 Larson et a!.
`112005 Larson et a!.
`3/2006 Munger et a!.
`1112006 Munger et a!.
`3/2007 Larson et a!.
`3/2007 Sheymov eta!.
`112002 Droge
`10/2003 Wesinger, Jr. eta!.
`3/2005 Miller et a!.
`3/2006 Polyhonen et a!.
`
`FOREIGN PATENT DOCUMENTS
`
`DE
`EP
`EP
`EP
`EP
`EP
`EP
`EP
`GB
`GB
`GB
`wo
`wo
`wo
`wo
`wo
`wo
`wo
`wo
`wo
`
`199 24 575 Al
`0 814 589
`0 814 589 A
`0 838 930
`0 838 930 A
`0 838 930 A2
`836306 Al
`0 858 189
`2 317 792
`2317792 A
`2 334 181 A
`9827783 A
`wo 98/27783
`wo 98 55930
`wo 98 59470
`wo 99 38081
`wo 99 48303
`wo 00/17775
`wo 00/70458
`wo 01 50688
`
`12/1999
`12/1997
`12/1997
`4/1998
`4/1998
`4/1998
`4/1998
`8/1998
`4/1998
`4/1998
`8/1999
`6/1998
`6/1998
`12/1998
`12/1998
`7/1999
`9/1999
`3/2000
`1112000
`7/2001
`
`OTHER PUBLICATIONS
`
`Davila Jet a!, "Implementatin of Virtual Private Networks at the
`Transport Layer", Information Security, Second International Work(cid:173)
`shop, ISW'99. Proceedings (Lecture Springer-Verlag Berlin, Ger(cid:173)
`many, [Online] 1999, pp. 85-102, XP002399276, ISBN 3-540-
`66695-B, retrieved from the Internet: URL: http:/ /www.springerlink.
`corn/ content/4uac0tb0heccma89 I full text. pdf>( Abstract).
`Donald E. Eastlake, III, "Domain Name System Security Exten(cid:173)
`sions", Internet Draft, Apr. 1998.
`P. Srisuresh, eta!., "DNS Extensions to Network Address Transla(cid:173)
`tors", Internet Draft, Jul. 1998.
`D.B. Chapman, et al., "Building Internet Firewalls, chapters 8 and 10
`(parts)", pp. 278-296 andpp. 351-375.
`Search Report (dated Jun. 18, 2002), International Application No.
`PCT/US01113260.
`Search Report (dated Jun. 28, 2002), International Application No.
`PCT/US01113261.
`Donald E. Eastlake, "Domain Name System Security Extensions",
`DNS Security Working Group. Apr. 1998, 51 pages.
`D. B. Chapman et al., "Building Internet Firewalls", Nov. 1995, pp.
`278-297 andpp. 351-375.
`P. Srisuresh eta!., "DNS extensions to Network Address Translators",
`Jul. 1998, 27 pages.
`Laurie Wells, "Security Icon", Oct. 19, 1998, 1 page.
`W. Stallings, "Cryptography And Network Security", 2nd Edition,
`Chapter 13, IP Security, Jun. 8, 1998, pp. 399-440.
`
`Petitioner Apple - Ex. 1001, p. 2
`
`
`
`US 7,418,504 B2
`Page 3
`
`W. Stallings, "New Cryptography and Network Security Book", Jun.
`8, 1998, 3 pages.
`Fasbender,Kesdogan, and Kubitz: "Variable and Scalable Security:
`Protection of Location Information in Mobile IP", IEEE publication,
`1996, pp. 963-967.
`Linux FreeS/WAN Index File, printed from http://liberty.freeswan.
`org/freeswan_ trees/freeswan-1.3/doc/ on Feb. 21, 2002, 3 Pages.
`J. Gilmore, "Swan: Securing the Internet against Wiretapping",
`printed from http:/ /liberty.freeswan.org/freeswan_ trees/freeswan-
`1.3/doc/rationale.htrnl on Feb. 21, 2002, 4 pages.
`Glossary for the Linux FreeS/WAN project, printed from http://
`liberty.freeswan.org/freeswan_
`trees/freeswan-1.3/doc/ glossary.
`htrnl on Feb. 21, 2002, 25 pages.
`Alan 0. Frier eta!., "The SSL Protocol Version 3.0", Nov. 18, 1996,
`printed from http:/ /www.netscape.com/eng/ss 13/draft302. txt on Feb.
`4, 2002, 56 pages.
`Search Report (dated Aug. 20, 2002), International Application No.
`PCT/USOl/04340.
`Search Report (dated Aug. 23, 2002), International Application No.
`PCT/USOl/13260.
`Shree Murthy et a!., "Congestion -Oriented Shortest Multi path Rout(cid:173)
`ing", Proceedings ofiEEE INFOCOM, 1996, pp. 1028-1036.
`Jim Jones eta!., "Distributed Denial of Service Attacks: Defenses",
`Global Integrity Corporation, 2000, pp. 1-14.
`James E. Bellaire, "New Statement of Rules-Naming Internet
`Domains", Internet Newsgroup, Jul. 30, 1995, 1 page.
`D. Clark, "US Calls for Private Domain-Name System", Computer,
`IEEE Computer Society, Aug. 1, 1998, pp. 22-25.
`August Bequai, "Balancing Legal Concerns Over Crime and Security
`in Cyberspace", Computer & Security, vol. 17, No. 4, 1998, pp.
`293-298.
`Rich Winkel, "CAQ: Networkinig With Spooks: The NET & The
`Control Of Information", Internet Newsgroup, Jun. 21, 1997, 4
`pages.
`
`Search Report (dated Oct. 7, 2002), International Application No.
`PCT/USOl/13261.
`F. Halsall, "Data Communications, Computer Networks And Open
`Systems", Chapter 4, Protocol Basics, 1996, pp. 198-203.
`Reiter, Michael K. and Rubin, Aviel D. (AT&T Labs-Research),
`"Crowds: Anonymity for Web Transmissoins", pp. 1-23.
`Do lev, Shlomi and Ostrovsky, Raft!, "Efficient Anonymous Multicast
`and Reception"(Extended Abstract), 16 pages.
`Rubin, Aviel D., Greer, Daniel, and Ranum, Marcus J. (Wiley Com(cid:173)
`puter Publishing), "Web Security Sourcebook", pp. 82-94.
`Fasbender, Kesdogan, and Kubitz: "Variable and Scalable Security"
`Protection of Location Information in Mobile IP, IEEE publication,
`1996, pp. 963-967.
`Eastlake, D. E., "Domain Name System Security Extensions",
`Internet Draft, Apr. 1998, XP002199931, Sections 1, 2.3 and 2.4.
`RFC 2401 (dated Nov. 1998) Security Architecture for the Internet
`Protocol (RTP).
`RFC 2543-SIP (dated Mar. 1999): Session Initiation Protocol (SIP or
`SIPS).
`Search Report, IPER (dataed Nov. 13, 2002), International Applica(cid:173)
`tion No. PCT/USOl/04340.
`Search Report, IPER (dated Feb. 6, 2002), International Application
`No. PCT/USOl/13261.
`Search Report, IPER (dated Jan. 14, 2003), International Application
`No. PCT/USOl/13260.
`Shankur, A.U. "A verified sliding window protocol with variable flow
`control". Proceedings of ACM SIGCOMM conference on Commu(cid:173)
`nications architectures & protocols. pp. 84-91, ACM Press, NY, NY
`1986.
`W. Stallings, "Crytography and Network Security", 2nd, Edition,
`Chapter 13, IP Security, Jun. 8, 1998, pp. 399-440.
`
`Petitioner Apple - Ex. 1001, p. 3
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 1 of 40
`
`US 7,418,504 B2
`
`ORIGINATING
`TERMINAL
`100
`
`IP ROUTER
`~
`
`IP ROUTER
`l§_
`
`IPROUTER
`.R
`
`IP ROUTER
`l!
`
`FIG.1
`
`Petitioner Apple - Ex. 1001, p. 4
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 2 of 40
`
`US 7,418,504 B2
`
`TARP
`TERMINAL
`100
`
`TARP
`ROUTER
`122
`
`IP ROUTER
`129
`
`TARP
`ROUTER
`125
`
`IP ROUTER
`132
`
`IP ROUTER
`128
`
`TARP
`ROUTER
`127
`
`FIG. 2
`
`TARP
`TERMINAL
`.11Q
`
`Petitioner Apple - Ex. 1001, p. 5
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 3 of 40
`
`US 7,418,504 B2
`
`• • •
`
`• • •
`
`L....:.......J.--,--L-;,_j L...;;~....L.........J L.........L~--' ~ 320 INTERLEAVED
`PAYLOAD DATA
`' - - - - - - _____ J
`
`1:.-.::,:::; C ·.:;:·: .\J ~ 330 SESSION-KEY-ENCRYPTED
`PAYLOAD DATA
`~ 340 TARP PACKET WITH
`ENCRYPTED PAYLOADS
`f~L·.::·::.-.::,s:::::'.:;:·:.-::·:] l"<:··.:~·::.·.::,c::.:·:-<::·:.\1 ~350 LINK-KEY-ENCRYPTED
`TARP PACKETS
`
`~....,......,.......,.......,..,.......,...,..,.....,
`
`1>.:-:::::.-.::,A::::·:.-:;:·: ... ;":.)
`
`~ 360 IP PACKETS WI
`ENCRYPTED TARP
`PACKETS AS PAYLOAD
`
`TARP
`DESTINATION
`
`FIG.3A
`
`Petitioner Apple - Ex. 1001, p. 6
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 4 of 40
`
`US 7,418,504 B2
`
`./300 DATA STREAM
`
`• • •
`
`DUMMY
`BLOCKS
`OR DATA
`MAYBE
`ADDED
`
`k><::: :c./)\·:] -.....__ 523 ENCRYPTED BLOCK
`DIVIDED INTO PAYLOADS
`INTERLEAVED
`
`IPr (::~_-::)c.:::_.::-~:;:::. -.....__ 340 TARP PACKETS WITH
`ENCRYPTED PAYLOADS
`
`FIG. 38
`
`Petitioner Apple - Ex. 1001, p. 7
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 5 of 40
`
`US 7,418,504 B2
`
`TARP TRANSCEIVER
`405
`
`liP I
`
`NETWORK (IP) LAYER
`410
`-
`t
`415
`-
`I
`TARP LAYER
`420
`-
`
`I
`
`r
`
`ON E ALTERNATIVE TO
`COMBINE
`/ .. 1 ARP PROCESSING
`WITH O!S IP
`PROCESSOR
`
`OTHER ALTERNATIVE
`TO COMBINE
`TARP PROCESSING
`WITH D.L. PROCESSOR
`(e.g., BURN INTO BOARD
`PROM)
`
`~
`
`t
`IPC 1\/·~·:::·.::/:~: A. f:;/\./.-/J
`I
`
`DATA LINK LAYER
`430
`-
`
`FIG. 4
`
`~-----------------------.
`L=:.·· ............... A ··::::.·: .. ..-·~~
`' l iP
`I
`. c ~·:·/:.:·::-:·,::.:· .. : .. :'::·::'::::·:.:::·:·_ :
`'
`
`I
`-----------------T-----~
`I
`I
`
`450
`DATA LINK
`PROTOCOL WRAPPER
`
`Petitioner Apple - Ex. 1001, p. 8
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 6 of 40
`
`US 7,418,504 B2
`
`BACKGROUND LOOP-DECOY
`GENERATION
`
`SO
`
`AUTHENTICATE TARP
`PACKET
`
`OUTER LAYER DECRYPTION
`OF TARP PACKET USING
`LINK KEY
`
`CHECK FOR DECOY AND
`INCREMENT PERISHABLE
`DECOY COUNTER AS
`APPROPRIATE
`
`S2
`
`S3
`
`S4
`
`S6
`
`DUMP DECOY
`
`NO
`
`NO
`
`S9
`
`DETERMINE DESTINATION
`TARP ADDRESS AND STORE
`LINK KEY AND IP ADDRESS
`
`GENERATE NEXT-HOP TARP
`ADDRESS AND STORE LINK
`KEY AND IP ADDRESS
`
`S8
`
`GENERATE NEXT-HOP TARP
`ADDRESS AND STORE LINK
`KEY AND IP ADDRESS
`
`GENERATE IP HEADER
`AND TRANSMIT
`
`S10
`
`S11
`
`FIG. 5
`
`Petitioner Apple - Ex. 1001, p. 9
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 7 of 40
`
`US 7,418,504 B2
`
`BACKGROUND LOOP· DECOY
`GENERATION
`
`I'-
`
`S20
`
`GROUP RECEIVED IP PACKETS
`INTO INTERLEAVE WINDOW
`
`1'---
`
`S21
`
`DETERMINE DESTINATION TARP
`ADDRESS, INITIALIZE TIL, STORE 1'---
`IN TARP HEADER
`
`S22
`
`RECORD WINDOW SEQ. NOS. AND
`INTERLEAVE SEQ. NOS. IN TARP 1'---
`HEADERS
`
`S23
`
`CHOOSE FIRST HOP TARP
`ROUTER, LOOK UP IP ADDRESS
`AND STORE IN CLEAR IP HEADER,
`OUTER LAYER ENCRYPT
`
`""'--
`
`S24
`
`INSTALL CLEAR IP HEADER AND
`TRANSMIT
`
`""'--S25
`
`FIG. 6
`
`Petitioner Apple - Ex. 1001, p. 10
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 8 of 40
`
`US 7,418,504 B2
`
`+
`DIVIDE BLOCK INTO PACKETS
`USING WINDOW SEQUENCE
`DATA, ADD CLEAR IP HEADERS 1'-
`GENERATED FROM TARP
`HEADERS
`
`S49
`
`HAND COMPLETED IP PACKETS
`TO IP LAYER PROCESS
`
`....._
`S50
`
`BACKGROUND LOOP-DECOY
`GENERATION
`
`....._S40
`
`~
`AUTHENTICATE TARP PACKET
`RECEIVED
`
`i'-S42
`
`~
`DECRYPT OUTER LAYER
`ENCRYPTION WITH LINK KEY l'-s43
`
`~
`INCREMENT PERISHABLE
`COUNTER IF DECOY
`
`....._S44
`
`!
`
`THROW AWAY DECOY OR KEEP
`IN RESPONSE TO ALGORITHM
`
`....._S45
`
`~
`CACHE TARP PACKETS UNTIL
`WINDOW IS ASSEMBLED
`
`1'-s46
`
`~
`DEINTERLEAVE PACKETS
`FORMING WINDOW
`
`~
`DECRYPT BLOCK
`
`I
`
`"-s47
`
`I'-S48
`
`FIG. 7
`
`Petitioner Apple - Ex. 1001, p. 11
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 9 of 40
`
`US 7,418,504 B2
`
`CLIENT
`TERMINAL
`801
`
`SSYN
`PACKET
`821
`
`824
`SECURE SESSION
`INITIATION
`
`825
`SECURE SESSION
`INITIATION ACK
`FIG. 8
`
`Petitioner Apple - Ex. 1001, p. 12
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 10 of 40
`
`US 7,418,504 B2
`
`CLIENT 1
`901
`
`TRANSMIT TABLE
`921
`
`RECEIVE TABLE
`924
`
`131.218.204.98
`131.218.204.221
`131.218.204.139
`131.218.204.12
`•
`•
`•
`
`•
`•
`•
`•
`
`131.218.204.65
`131.218.204.97
`131.218.204.186
`131.218.204.55
`•
`•
`•
`
`131.218.204.98
`131.218.204.221
`131.218.204.139
`131.218.204.12
`•
`•
`•
`
`•
`•
`•
`•
`
`131.218.204.65
`131.218.204.97
`131.218.204.186
`131.218.204.55
`•
`•
`•
`
`RECEIVE TABLE
`922
`
`TRANSMIT TABLE
`923
`
`131.218.204.161
`131.218.204.66
`131.218.204.201
`131.218.204.119
`•
`•
`•
`
`•
`•
`•
`•
`
`131.218.204.89
`131.218.204.212
`131.218.204.127
`131.218.204.49
`•
`•
`•
`
`131.218.204.161
`131.218.204.66
`131.218.204.201
`131.218.204.119
`•
`•
`•
`
`•
`•
`•
`•
`
`131.218.204.89
`131.218.204.212
`131.218.204.127
`131.218.204.49
`•
`•
`•
`
`FIG. 9
`
`Petitioner Apple - Ex. 1001, p. 13
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 11 of 40
`
`US 7,418,504 B2
`
`CLIENT
`1001
`
`FIG. 10
`
`1011
`
`1012
`
`1013
`
`Petitioner Apple - Ex. 1001, p. 14
`
`
`
`""""' 00 u. = ~ = N
`
`~
`-....l
`rJl
`d
`
`0
`.j;o.
`0 ......
`N
`.....
`......
`rFJ =(cid:173)
`
`('D
`('D
`
`QO
`0
`0
`N
`~Cl\
`N
`~
`~
`
`~ = ~
`
`~
`~
`~
`•
`00
`~
`
`FIG. 11
`
`I
`
`I
`
`I
`
`I
`
`1112
`
`....
`
`1103C
`1103B
`1103A
`
`PAYLOAD#2
`
`DISCRIM FIELD: 13
`
`DEST. IP ADDRESS: 15
`SOURCE IP ADDRESS: 13
`
`1103
`
`IP2
`
`.....
`
`IP PACKET HEADER
`
`IP3
`
`1105
`
`ILo4
`
`PAYLOAD#3
`
`DISCRIM FIELD: 45
`DEST. IP ADDRESS: 91
`SOURCE IP ADDRESS: 71
`
`IP PACKET HEADER
`
`DEST. HW ADDRESS: 88
`SRC. HW ADDRESS: 53
`
`ETHERNET FRAME HEADER
`
`1113
`
`............. 1110
`
`1105C
`1105B
`1105A
`
`1102C
`1102B
`1102A
`
`.............
`
`.............
`
`.............
`
`.
`
`1104B
`1104A
`
`1101B
`1101A
`
`.............
`
`.............
`
`-
`
`\
`
`1160
`
`PAYLOAD#1
`
`DISCRIM FIELD: 77
`
`DEST.IP ADDRESS: 14
`SOURCE IP ADDRESS: 10
`
`IP PACKET HEADER
`
`.
`
`IP1
`
`1102
`
`1101 ~ ETHERNET FRAME HEADER
`
`DEST. HW ADDRESS: 88
`SRC. HW ADDRESS: 53
`
`\
`
`1150
`
`Petitioner Apple - Ex. 1001, p. 15
`
`
`
`""""' 00 u. = ~ = N
`
`~
`-....l
`rJl
`d
`
`0
`.j;o.
`0 .....
`....
`.....
`rFJ =(cid:173)
`
`('D
`('D
`
`(.H
`
`QO
`0
`0
`N
`~Cl\
`N
`~
`~
`
`~ = ~
`
`~
`~
`~
`•
`00
`~
`
`W4
`
`:-
`
`1224
`'\
`
`\
`59
`98
`99
`45
`15
`53
`72
`51
`53
`88
`3
`40
`s 0
`(RX)
`
`1223
`'\
`
`\
`60
`19
`87
`49
`14
`17
`31
`56
`3 40
`53
`88
`s D
`(TX)
`HWHOP ALG 0 I HWHOP ALG C I
`
`IPHOP ALG B I IPHOP ALGA
`
`(TX)
`
`\
`1221X
`
`(RX)
`
`76 10 8 W3 28 36 12
`22 86 62 1 22 6 98
`19 18 19
`18 14 26
`81 62 5
`13 15 13
`10 14 77
`89 6 82
`71 91
`45
`57 98 40
`S 0 OS
`S 0 OS
`
`FIG. 12A
`
`1222
`(
`j
`
`1221
`(
`j
`
`\
`12~X~ 1224X
`.....,...,._
`
`IPHOP ALGA I IPHOP ALG B HWHOP ALG C I HWHOP ALG 0 I
`
`r---W2
`
`1211
`'\
`
`\
`51
`91
`19
`60
`49
`87
`14
`17
`56
`31
`3
`40
`s 0
`(RX)
`
`1210
`'\
`
`\
`37 3
`59
`98
`99
`45
`15
`53
`72
`51
`53
`88
`s 0
`(TX)
`
`4 29 20 W1 22 86 62
`28 36 12 1 18 14 26
`81 62 5
`22 6 98
`89 6 82
`19 18 19
`71 91 45
`13 15 13
`57 98 40
`10 14 77
`S 0 OS
`S 0 OS
`
`1209
`(
`j
`
`1208
`(
`j
`
`(RX)
`
`(TX)
`
`\
`\
`1208X ~2~X 1211X
`
`~
`
`APPLICATION
`
`USER
`\
`1218
`
`-
`
`STACK
`ISO
`\
`1217
`
`00 ETHERNET ~ ,...L
`\
`\
`1206 1207
`
`\
`1216
`
`\
`1215 1214
`
`\
`
`\
`
`_L
`\
`1205
`
`STACK
`ISO
`\
`1204
`
`APPLICATION -
`
`USER
`\
`1203
`
`1202
`
`1201
`
`Petitioner Apple - Ex. 1001, p. 16
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 14 of 40
`
`US 7,418,504 B2
`
`MODE
`OR
`EMBODIMENT
`
`1. PROMISCUOUS
`
`HARDWARE
`ADDRESSES
`
`IP ADDRESSES
`
`DISCRIMINATOR FIELD
`VALUES
`
`SAME FOR ALL NODES
`OR COMPLETELY
`RANDOM
`
`CAN BE VARIED
`IN SYNC
`
`CAN BE VARIED
`IN SYNC
`
`2. PROMISCUOUS
`PERVPN
`
`FIXED FOR EACH VPN
`
`CAN BE VARIED
`IN SYNC
`
`CAN BE VARIED
`IN SYNC
`
`3. HARDWARE
`HOPPING
`
`CAN BE VARIED
`IN SYNC
`
`CAN BE VARIED
`IN SYNC
`
`CAN BE VARIED
`IN SYNC
`
`FIG. 128
`
`Petitioner Apple - Ex. 1001, p. 17
`
`
`
`""""' 00 u. = ~ = N
`
`~
`-....l
`rJl
`d
`
`0
`.j;o.
`0 ......
`Ul
`......
`......
`rFJ =(cid:173)
`
`('D
`('D
`
`QO
`0
`0
`N
`~Cl\
`N
`
`> = ~
`
`~ = ~
`
`~
`~
`~
`•
`00
`~
`
`PACKET
`DISCARD
`
`FIG. 13
`
`~ PACKET
`PROCESS
`
`~ ~-
`
`1310
`
`RNGALG.
`
`COMBINED SYNC
`
`1307
`
`DECRYPT
`
`1309
`
`1308
`
`PAYLOAD
`ENCRYPTED
`LINK-KEY
`
`(PRIVATE PORTION)
`
`SYNC VALUE
`
`(PUBLIC PORTION)
`
`SYNC VALUE
`
`IP DEST. ADDRESS
`IP SOURCE ADDRESS
`
`1306
`
`1305
`
`I
`
`CLIENT B
`
`.I
`
`.\ ISP#2 )
`
`"\ ISP #1 )
`
`I
`
`CLIENT A I
`
`1304 .
`
`1303
`
`1302
`
`1301
`
`Petitioner Apple - Ex. 1001, p. 18
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 16 of 40
`
`US 7,418,504 B2
`
`---------
`
`IP PAIR 1
`
`TRANSMITTER
`
`CURRENT IP PAIR~---- --
`IP PAIR2 • • •
`ckpt_o ~---
`ckpt_n ~---:-------- __
`--- -- -._WINDOW
`--. --
`ckpt_r ~-------- __ ----------
`r-----:: -- ---::::::---._ ckpt_o
`.,.___
`IPPAIRW
`r--
`----
`---
`r-~---__ ---._ ckpt_n
`I
`----..._ckpt_r
`RECEIVER
`
`WINDOW
`
`IP PAIR 1
`IPPAIR2
`•
`:
`IP PAIR W
`ckpt_o
`ckpt_n-
`ckpt_r ------ -- ------
`RECEIVER
`
`SENDER'S ISP
`
`--.- CURRENT IP PAIR
`ckpt_o
`... ckpt_n
`_______ -----~ckpt_r
`
`TRANSMITTER
`
`RECIPIENT'S ISP
`
`KEPT IN SYNC FOR SENDER TO RECIPIENT SYNCHRONIZER •-----------------------.-
`KEPT IN SYNC FOR RECIPIENT TO SENDER SYNCHRONIZER
`....__ ______ ___.._
`
`FIG.14
`
`Petitioner Apple - Ex. 1001, p. 19
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 17 of 40
`
`US 7,418,504 B2
`
`@
`@ WHEN SYNCHRONIZATION
`BEGINS TRANSMIT (RETRANSMIT
`PERIODICALLY UNTIL ACKed)
`SYNC REQ USING NEW
`TRANSMITTER CHECKPOINT IP
`PAIR ckpt_n AND GENERATE
`NEW RECEIVER RESPONSE
`CHECKPOINT ckpt_r
`
`#
`
`1-----,•.---
`
`T
`
`# WHEN SYNC ACK
`ARRIVES WITH INCOMING
`HEADER= ckpt_r:
`GENERATE NEW
`CHECKPOINT IP PAIR
`ckpt_n IN TRANSMITTER
`
`FIG.15
`
`W
`
`t
`
`* WHEN SYNC REQ ARRIVES
`WITH INCOMING HEADER=
`RECEIVER'S ckpt_n:
`•UPDATE WINDOW
`•GENERATENEW
`CHECKPOINT IP PAIR
`ckpt_n IN RECEIVER
`•GENERATE NEW
`CHECKPOINT IP PAIR
`ckpt_r IN TRANSMITTER
`• TRANSMIT SYNC_ACK
`USING NEW CHECKPOINT
`IP PAIR ckpt_r
`
`Petitioner Apple - Ex. 1001, p. 20
`
`
`
`U.S. Patent
`US. Patent
`
`Aug. 26, 2008
`Aug. 26, 2008
`
`Sheet 18 0f 40
`Sheet 18 of 40
`
`US 7,418,504 B2
`US 7,418,504 B2
`
`0
`
`4095 0
`
`4095
`
`0
`
`4095 0
`
`4095
`
`
`
`FIG.16
`
`Petitioner Apple - EX. 1001, p. 21
`
`Petitioner Apple - Ex. 1001, p. 21
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 19 of 40
`
`US 7,418,504 B2
`
`OoO
`
`WINDOW_SIZE
`
`WINDOW_SIZE
`
`• • •
`
`• • •
`
`• • •
`
`FIG. 17
`
`INACTIVE
`ACTIVE
`USED
`
`Petitioner Apple - Ex. 1001, p. 22
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 20 of 40
`
`US 7,418,504 B2
`
`OoO
`
`WINDOW_SIZE
`
`WINDOW_SIZE
`
`• • •
`
`• • •
`
`• • •
`
`INACTIVE
`ACTIVE
`USED
`
`. · . - . · - : · ._ . · : :
`
`•• • • • • • • • • · · : •
`
`: .··.: .·:· . . · .. · .. :.;:.=.· :' ... ::·:·-:.=.::-::-:::.:: =·.--::·:.~.=.:.
`
`• • • • • • • 0
`
`• .. · : : · • • · ; • • • • . , .
`
`FIG. 18
`
`Petitioner Apple - Ex. 1001, p. 23
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 21 of 40
`
`US 7,418,504 B2
`
`OoO
`
`WINDOW_SIZE
`
`WINDOW_SIZE
`
`INACTIVE
`ACTIVE
`USED
`
`OoO
`
`• • •
`
`• • •
`
`FIG. 19
`
`Petitioner Apple - Ex. 1001, p. 24
`
`
`
`""""' 00 u. = ~ = N
`
`~
`-....l
`rJl
`d
`
`0
`.j;o.
`0 .....
`N
`N
`.....
`rFJ =(cid:173)
`
`('D
`('D
`
`QO
`0
`0
`N
`~Cl\
`N
`~
`~
`
`~ = ~
`
`~
`~
`~
`•
`00
`~
`
`US. Patent
`
`Aug. 26, 2008
`
`Sheet 22 of 40
`
`US 7,418,504 B2
`
`
` COMPUTER #2
`
`FIG. 20
`
`2011 FIG.20
`
`
`
`2008
`
`2005
`
`2005
`
`
`
` COMPUTER #1
`
`Petitioner Apple - Ex. 1001, p. 25
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 23 of 40
`
`US 7,418,504 B2
`
`2101
`
`2102
`
`2103
`
`2104
`
`2105
`
`2106
`
`2107
`
`2108
`
`2109
`
`AD TABLE
`IP1
`IP2
`IP3
`IP4
`
`AE TABLE
`
`AF TABLE
`
`BD TABLE
`
`BE TABLE
`
`BF TABLE
`
`CD TABLE
`
`CE TABLE
`
`CFTABLE
`
`FIG. 21
`
`LINK DOWN
`
`2100/
`
`Petitioner Apple - Ex. 1001, p. 26
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 24 of 40
`
`US 7,418,504 B2
`
`MEASURE
`QUALITY OF
`TRANSMISSION
`PATH X
`
`2201
`
`2209
`
`SET WEIGHT
`TO MIN. VALUE
`
`DECREASE WEIGHT
`FOR PATH X
`
`2208
`
`INCREASE
`WEIGHT FOR PATH X
`TOWARD STEADY
`STATE VALUE
`
`ADJUST WEIGHTS
`FOR REMAINING
`PATHS SO THAT
`WEIGHTS EQUAL ONE
`
`2205
`
`2206
`
`FIG. 22A
`
`Petitioner Apple - Ex. 1001, p. 27
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 25 of 40
`
`US 7,418,504 B2
`
`(EVENT) TRANSMITIER
`FOR PATH X
`TURNS OFF
`
`2210
`
`2215
`
`NO
`
`DROP ALL PACKETS
`UNTIL A TRANSMITIER
`TURNS ON
`
`YES
`
`SET WEIGHT
`TO ZERO
`
`2212
`
`ADJUST WEIGHTS
`FOR REMAINING PATHS
`SO THAT WEIGHTS
`EQUAL ONE
`
`DONE
`
`2213
`
`2214
`
`FIG. 228
`
`Petitioner Apple - Ex. 1001, p. 28
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 26 of 40
`
`US 7,418,504 B2
`
`2308
`
`\
`
`TRANSMIT TABLE
`S D
`
`RECEIVE TABLE
`S D L
`
`'W .v
`
`!
`
`2309
`
`2302
`\
`
`PACKET
`TRANSMITTER
`
`PACKET
`RECEIVER
`
`I
`2303
`
`--
`
`-
`-
`
`-
`-
`-
`-
`
`2306
`
`PATH X1
`
`PATH X2
`
`PATH X3
`
`PATH X4
`
`f'-2301
`
`2307
`\
`- I
`
`I
`
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`
`W (X1) = 0.2
`w (X2) = 0.1
`W (X3) = 0.6
`W (X4) = 0.1
`
`LINK QUALilY
`MEASUREMENT r---
`FUNCTION
`I
`2304
`
`WEIGHT
`ADJUSTMENT
`FUNCTION
`I
`2305
`
`FIG. 23
`
`Petitioner Apple - Ex. 1001, p. 29
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 27 of 40
`
`US 7,418,504 B2
`
`2401
`
`COMPUTER
`
`2403
`
`2404
`
`100Mb/s MESS T = 32
`
`75Mb/s MESS T = 24
`
`25Mb/s MESS T = 8
`
`FIG. 24
`
`2402
`
`COMPUTER
`
`Petitioner Apple - Ex. 1001, p. 30
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 28 of 40
`
`US 7,418,504 B2
`
`2502
`
`DNS
`
`2503
`
`TARGET
`WEBSITE
`
`2501
`
`2504
`
`WEB
`BROWSER
`
`2506
`
`FIG. 25
`(PRIOR ART)
`
`Petitioner Apple - Ex. 1001, p. 31
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 29 of 40
`
`US 7,418,504 B2
`
`2601
`
`2605
`
`WEB
`BROWSER
`
`2607
`
`IP
`HOPPING
`
`DNS
`SERVER
`
`2609
`
`2602
`
`DNS
`PROXY
`
`GATE KEEPER
`I HOPPING I I RULES I
`
`2603
`
`UN SECURE
`TARGET
`SITE
`
`2611
`
`FIG. 26
`
`Petitioner Apple - Ex. 1001, p. 32
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 30 of 40
`
`US 7,418,504 B2
`
`2701
`
`RECEIVE
`DNS REQUEST
`FOR TARGET SITE
`
`ACCESS TO
`SECURE SITE
`REQUESTED?
`
`NO
`
`2703
`
`PASSTHRU
`REQUEST TO
`DNS SERVER
`
`2705
`
`NO
`
`RETURN
`"HOST UNKNOWN"
`ERROR
`
`YES
`
`2706
`
`ESTABLISH
`VPN WITH
`TARGET SITE
`
`FIG. 27
`
`Petitioner Apple - Ex. 1001, p. 33
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 31 of 40
`
`US 7,418,504 B2
`
`2801
`
`HOST
`COMPUTER#1
`
`2802
`
`EDGE
`ROUTER
`
`2803
`
`ISP
`
`LINK
`GUARD
`
`2805
`
`RX
`TABLE
`
`2810
`
`INTERNET
`
`2804
`
`HOST
`COMPUTER#2
`
`FIG. 28
`
`Petitioner Apple - Ex. 1001, p. 34
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 32 of 40
`
`US 7,418,504 B2
`
`HOST COMPUTER #1
`
`2901
`
`ISP
`
`2911
`
`2912
`
`2913
`
`2903
`
`HACKER
`COMPUTER
`
`~
`
`FLOOD IP
`TX 100·200
`
`FIG. 29
`
`Petitioner Apple - Ex. 1001, p. 35
`
`
`
`""""' 00 u. = ~ = N
`
`~
`-....l
`rJl
`d
`
`0
`.j;o.
`0 .....
`
`(.H
`(.H
`
`.....
`rFJ =(cid:173)
`
`('D
`('D
`
`QO
`0
`0
`N
`~Cl\
`N
`~
`~
`
`~ = ~
`
`~
`~
`~
`•
`00
`~
`
`(SYNC-ACK)
`
`ckpt_n
`
`PROCESS
`\
`3011
`
`SYNC_REQ
`GENERATE
`_\
`3010
`
`FIG. 30
`
`\
`3001
`
`!
`
`3003
`
`TXT ABLE
`
`w_....,...
`
`TRANSMITIER
`
`N
`I
`
`~SECONDS
`
`DELAY
`\
`3008
`
`DISCARD
`\
`3006
`
`GENERATE
`
`ckpt_n
`
`3009../
`
`3007
`
`y
`
`N
`
`RATER?
`EXCEEDS
`
`3005
`DUPLICATE? y
`
`\
`3000
`
`!
`
`3002
`
`w../
`
`RXTABLE
`
`SYNC-REQ
`RECEIVE
`
`3004./
`
`RECEIVER
`
`Petitioner Apple - Ex. 1001, p. 36
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 34 of 40
`
`US 7,418,504 B2
`
`3101
`
`3111
`
`3106
`
`3107
`
`ckpt_n
`ckpt_o
`ckpt_p
`
`ckpt_n
`ckpt_o
`ckpt_r
`
`3112
`
`3103
`
`CLIENT#1
`
`/
`3106
`
`ckpt_n
`ckpt_o
`ckpt_r
`
`CLIENT #2
`
`TX/RX
`
`TX/RX
`
`TX/RX
`
`3102
`
`3208
`
`3209
`
`3210
`
`3105
`
`HACKER
`
`FIG. 31
`
`Petitioner Apple - Ex. 1001, p. 37
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 35 of 40
`
`US 7,418,504 B2
`
`CLIENT
`
`\
`
`SEND DATA PACKET
`USING ckpl_n
`CKPT_ O=ckpt_n
`GENERATE NEW ckpl_n
`START TIMER, SHUT TRANSMITTER
`OFF
`
`IF CKPT 0 IN SYNC ACK
`MATCHES TRANSMITTER'S
`ckpt_o
`UPDATE RECEIVER'S
`ckpt_r
`KILL TIMER, TURN
`TRANSMITTER ON
`
`SEND DATA PACKET
`USING ckpt_n
`ckpt_ o=ckpt_n
`GENERATE NEW ckpt_n
`START TIMER, SHUT TRANSMITTER
`OFF
`
`WHEN TIMER EXPIRES
`TRANSMIT SYNC_REQ
`USING TRANSMITTERS
`ckpt_o, STARTTIMER
`
`IF ckpt_o IN SYNC_ACK
`MATCHES TRANSMITTER'S
`ckpt_o
`UPDATE RECEIVER'S
`ckpt_r
`KILL TIMER, TURN
`TRANSMITTER ON
`
`SERVER
`
`\
`
`PASS DATA UP STACK
`ckpt_ o=ckpt_ n
`GENERATE NEW ckp!_n
`GENERATE NEW ckpt_r FOR
`TRANSMITTER SIDE
`TRANSMIT SYNC_ACK
`CONTAINING ckpt_o
`
`ckpt_ o=ckpt_n
`GENERATE NEW ckpt_n
`GENERATE NEW ckpt_r FOR
`TRANSMITTER SIDE
`TRANSMIT SYNC_ACK
`CONTAINING ckpt_o
`
`DATA
`
`SYNC_ACK
`
`DATA
`
`X
`
`SYNC_REQ
`
`FIG. 32
`
`Petitioner Apple - Ex. 1001, p. 38
`
`
`
`""""' 00 u. = ~ = N
`
`~
`-....l
`rJl
`d
`
`0
`.j;o.
`0 .....
`Cl\
`(.H
`.....
`rFJ =(cid:173)
`
`('D
`('D
`
`QO
`0
`0
`N
`~Cl\
`N
`
`> = ~
`
`~ = ~
`
`~
`~
`~
`•
`00
`~
`
`3318
`
`3317
`
`3316
`
`3315
`
`3314
`
`3313
`
`FIG. 33
`
`3311
`
`3304
`
`3320
`
`I :
`
`: I
`
`,.......__ \
`
`~ 'l'l'>'l-
`
`\\
`
`I
`
`T
`
`3301
`
`L_
`
`~
`
`~~~[
`'
`
`A
`
`r
`
`\
`
`3300
`
`3309.-y-I
`3306 ..y-I I GO SECURE I I I
`I
`
`PC
`
`PLUG-IN
`
`BROWSER
`
`I
`
`I
`
`Petitioner Apple - Ex. 1001, p. 39
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 37 of 40
`
`US 7,418,504 B2
`
`3400
`\
`
`3401
`
`START
`
`DISPLAY WEB PAGE
`CONTAINING GO
`SECURE HYPERLINK
`
`NO
`
`3402
`
`NO
`
`3403
`
`LAUNCH LINK TO
`.COM SITE
`
`DOWNLOAD AND
`INSTALL PLUG-IN
`
`3404
`
`3405
`
`3406
`
`AUTOMATIC REPLACEMENT OF TOP-LEVEL
`DOMAIN NAME WITH SECURE TOP-LEVEL
`DOMAIN NAME
`
`3407
`
`3412
`
`DISPLAY "SECURE" ICON
`
`ACCESSSECUREPORTALAND
`SECURE NETWORK AND SECURE DNS
`
`OBTAIN SECURE COMPUTER NETWORK
`ADDRESS FOR SECURE WEB SITE
`
`ACCESS GATE KEEPER AND RECEIVE
`PARAMETERS FOR ESTABLISHING VPN
`WITH SECURE WEBSITE
`
`CONNECT TO SECURE WEBSITE
`USING VPN BASED ON PARAMETERS
`ESTABLISHED BY GATE KEEPER
`
`3408
`
`3409
`
`3410
`
`3411
`
`REPLACE SECURE TOP-LEVEL
`DOMAIN NAME WITH NON-SECURE
`TOP-LEVEL DOMAIN NAME
`
`DISPLAY "GO SECURE" HYPERLINK
`
`3414
`
`3415
`
`FIG. 34
`
`Petitioner Apple - Ex. 1001, p. 40
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 38 of 40
`
`US 7,418,504 B2
`
`3500
`\
`
`REQUESTOR ACCESSES WEBSITE
`AND LOGS INTO SECURE
`DOMAIN NAME REGISTRY SERVICE
`
`'-3501
`
`REQUESTER COMPLETES ONLINE
`REGISTRATION FORM
`
`""-3502
`
`QUERY STANDARD DOMAIN NAME
`SERVICE REGARDING OWNERSHIP
`OF EQUIVALENT NON-SECURE
`DOMAIN NAME
`
`'-3503
`
`RECEIVE REPLY FROM STANDARD
`DOMAIN NAME REGISTRY
`
`""-3504
`
`CONFLICT
`?
`
`NO
`
`YES
`>------1
`3505
`
`INFORM REQUESTOR
`OF CONFLICT
`I
`3506
`
`VERIFY INFORMATION AND
`ENTER PAYMENT INFORMATION
`
`'-3507
`
`REGISTER SECURE DOMAIN NAME
`
`i'-3508
`
`FIG. 35
`
`Petitioner Apple - Ex. 1001, p. 41
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 39 of 40
`
`US 7,418,504 B2
`
`WEB SERVER
`
`SERVER PROXY
`
`VPN GUARD
`
`WEBSITE
`
`COMPUTER NETWORK
`
`3602
`
`FIREWALL
`
`3603
`
`3601
`
`BROWSER
`
`PROXY APPLICATION
`
`OS
`
`CLIENT COMPUTER
`
`FIG. 36
`
`3607
`
`3604
`
`3600
`\
`
`3606
`
`3605
`
`Petitioner Apple - Ex. 1001, p. 42
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 40 of 40
`
`US 7,418,504 B2
`
`3700
`\
`
`GENERATE MESSAGE PACKETS
`
`~
`MODIFY MESSAGE PACKETS WITH PRIVATE
`CONNECTION DATA AT AN APPLICATION LAYER
`~
`SEND TO HOST COMPUTER
`THROUGH FIREWALL
`
`1'-3701
`
`1'-
`
`3702
`
`1'-
`
`3703
`
`1'--
`
`3704
`
`+
`RECEIVE PACKETS AND AUTHENTICATE
`AT KERNEL LAYER OF HOST COMPUTER
`~
`RESPOND TO RECEIVED MESSAGE
`PACKETS AND GENERATE REPLY
`MESSAGE PACKETS
`~
`MODIFY REPLY MESSAGE PACKETS WITH
`PRIVATE CONNECTION DATA AT A ~
`3706
`KERNEL LAYER
`
`1'--
`
`3705
`
`+
`SEND PACKETS TO CLIENT COMPUTER
`THROUGH FIREWIRE
`
`l
`
`RECEIVE PACKETS AT CLIENT
`COMPUTER AND AUTHENTICATE AT
`APPLICATION LAYER
`
`1'-3707
`
`1'-
`
`3708
`
`FIG. 37
`
`Petitioner Apple - Ex. 1001, p. 43
`
`
`
`US 7,418,504 B2
`
`1
`AGILE NETWORK PROTOCOL FOR SECURE
`COMMUNICATIONS USING SECURE
`DOMAIN NAMES
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`
`2
`identities of the originating clients. This system employs an
`intermediate server interposed between client and destination
`server. The destination server sees only the Internet Protocol
`(IP) address of the proxy server and not the originating client.
`The target server only sees the address of the outside proxy.
`This scheme relies on a trusted outside proxy server. Also,
`proxy schemes are vulnerable to traffic analysis methods of
`determining identities of transmitters and receivers. Another
`important limitation of proxy servers is that the server knows
`10 the identities of both calling and called parties. In many
`instances, an originating terminal, such as terminal A, would
`prefer to keep its identity concealed from the proxy, for
`example, if the proxy server is provided by an Internet service
`provider (ISP).
`To defeat traffic analysis, a scheme called Chaum's mixes
`employs a proxy server that transmits and receives fixed
`length messages, including dummy messages. Multiple origi(cid:173)
`nating terminals are connected through a mix (a server) to
`multiple target servers. It is difficult to tell which of the
`20 originating terminals are communicating to which of the con(cid:173)
`nected target servers, and the dummy messages confuse
`eavesdroppers' efforts to detect communicating pairs by ana(cid:173)
`lyzing traffic. A drawback is that there is a risk that the mix
`server could be compromised. One way to deal with this risk
`25 is to spread the trust among multiple mixes. If one mix is
`compromised, the identities of the originating and target ter(cid:173)
`minals may remain concealed. This strategy requires anum(cid:173)
`ber of alt