`
`I I
`
`I CentmI Ne; 95..»‘001fi88
`I
`I
`I
`
`{heap Art Unit: 3993
`
`In re {may Ferries Reexammatien I‘II‘:
`
`Victor Larsen. et III.
`
`US. Patent Ne. 73.4} 3,504
`
`Issuesj: Angus: 26, 2998
`
`I
`I
`For: AGIIE NETWORK. PRGTGC()I.. FOR SECURE )
`CUMRI‘IIINIC‘A‘I‘IONS USING SECURE
`)
`DOMAIN NAMES
`)
`
`Examiner: IIelancI Fens-Ia
`
`{Lieufimmtien N0; 5823
`
`Mai} Smp Imer Perms Reexam
`Commissimler fer Patents
`PIT}. Bax 1450
`
`Alexandria. \A 223 I 3~I 450
`
`’Beeiaratitm 0f Anaeies I). Kemmvtis. 1111.1).
`
`I deeIat‘e that the fifllewing statements are true to the best efmy knewIedge, infermatinm, {MEI
`
`beiief, formed after reasonable inquiry under the circumstances.
`
`I ANGEL-0S I). KEROIVIYTIS, decIare as IOIIOWS:
`
`I.
`
`I have beer} retained. by Vimei‘X Inc.
`
`(”6131:3191”)
`
`fer
`
`the abm'ewreferenced
`
`reexamination proceeding.
`
`1 unfierstaud that this :‘eexeminetien Invelves IS Patent No, 7,4I8.5I)4
`
`{“Ihe “504 patent”).
`
`I. further understand that the ’504 patent is assigned m Vimetx and that it is part
`
`of a {@321in {If paients (”Hunger patent family”) that steme Rem US. provisia'maI appiicatien nos.
`
`fixOx’IIjfijéI
`
`(“file ’26} application”),
`
`filed en Camber 30., 1998. and 605331704 (“the "RM
`
`appIieatien‘”), fiIetI on, June ’7. I999.
`
`I l’mdersmnd that the ’504 patent is a continuance ef US.
`
`appiicatien rm. OQIEESQIU (“the "RIO applieatief}. IIIed April 26. 21390 {new abandoned). which is.
`
`a continuation—In~part of US. application m3. 09.504.7wa {new US. Patent No. 6.502.135, “the "I35
`
`pa.tent""‘}.
`
`I 3150 understand that the ’135 patent is a enminumion41%me 0f 1.3.3. appiiemion 1m.
`
`093‘429.6£I3 {new US. Patent No. 1010.604}. winch cIaims prImin I0 the 32361 and ‘1704 arpplicaticms.
`
`Petitioner Apple - EX. 1052, p. 1
`
`Petitioner Apple - Ex. 1052, p. 1
`
`
`
`Contra} N0: 953’001 .7388
`Declaration cfAttgetm 'D. Kermttytis, Phi).
`
`I.
`
`RESOHRCES { HAVE. CONSEL’I‘ED
`
`2,
`
`E have review-«3d the ’504 patent. incittdittg claims L60.
`
`I have. 3.150 retiewed a.
`
`Request}: for .Ftttct’ Parts; Reexaminatitm ttf the ”504 patent flied by Apple Inc. with the US. Patant
`
`and Trademark Office. 011 flcmbet 18., 20M {“Raquest” or “Reqf‘m as wail as;
`
`its asc-z‘mtpa’tttying
`
`exhibits} Additmnttfly. I have reviewed an. Order Granting Request tbr [mar Pm‘ffl‘? Reexamination
`
`of the ’504 patent {'“the Order”) and an Office Action (“the Office Action”). bath mailed mt
`
`Decatttber 39. 201 1.2
`
`3.
`
`K have also studied. the fhltowtng documents cited in anti inciuded with the. Request
`
`audio: affine Action: E. Spittna at 3]., “Fiexibie {Emmet Secure Ttttmactitms Based on Ctfiiahttrative
`
`Domains,” Lecture News in Cmnputer Science, wt. 1.3.61? at 3'?~51 {1997} {“z‘s’oigzttta”); {.S Patent
`
`Np. 655?,03? m Proving {"‘F’rttt.sit2(f’}; LES. Patent No. ($396.86? to Besm‘ et at.
`
`(“Rees-er"); R.
`
`Atkinson.
`
`IET’F RFC 223G. “Kex Exchange. Delegation Recent. for the DNS.” Rim-ember $997
`
`(“RFC 2230"}; D. Eastlake at 233.. 1151‘? RFC 13:338., “Stating Certificatas in the Dammit} Name. System
`
`{ENS}? March 1999 (“RFC 253 8”}; S. Kent at at, {RTE RFC: 240‘; _. “Security Architecture for the
`
`Imemet Pretocot,“ Ntwetttbet 1.998 (“RFC 2401“}; D. Eastittke et 33.. {STE RFC 2065, “Don‘t-(tin
`
`N31121:: Systgm SEE’M‘it}! Extensigng.“ January :99? (“RFC 2065”); 3, Pasta} et 31., {EYE RFC 920.
`
`“Bantam Requirements.“ October 1984 (“RFC 920“}; E.. Gunman at. 211.. {EFF RFC 2594. ""LE‘setrs’
`
`Security I—iandhook.” Fisherman? 3999 (“RFC 3504”); M. Reed. at
`
`211.. “Proxies fitt‘ shtottytnmta
`
`Ranting.” 2:31 Mutual Computer Seetlrity Applicatiens (Immense, San Diegtt, CA. {December 9—
`
`33} {‘Yi’tz'mzf’}; {:i'oidschlag at at... “Hiding Routing infatmationf’ Workshop tm htfotfmatittn Hiding,
`
`Cambridge, UK, May 3996 (“Gutdschlag”); P. Mockapettis, IETF RFC 3035. “Domain Names
`
`Imp}etnenttttiott and Speci‘fiuatiottf Nmrember £98“? (“REC i035“); R. Braden, {EYE REE? 1123,
`
`“Requirementt for ttttemet Heats _. Appiiatttions and Support,“ October 3.989 (“RFC 3.1.2.3”);
`
`R. ,sflstkinson. BET??? RFC 182:3, “Security Architecture for the interact Protncei.” August 3.995 {“RFC
`
`3325”}; R. Hotts’iey at 31., IE'I'E RFC 2459, “fittiet‘ttet K509 Pubiit: Key infrastructure Certifimt‘e and
`
`£5338!" Farms Reexaminatmtt as “the Request” and,
`for
`to the. Request
`refer
`I
`l
`mttespomdittgiy, E Witt refer to Appie tnc. as “the Rmttesttzt‘.”
`3 The CttTfice Actitm iHCGI‘pratES Hearty ail ofthe Request by rethrettce. For that teaser}.
`when i sometimes refer to “the Request,“ i am aisc: referring to the Office Actimt.
`
`Petitioner Apple - EX. 1052, p. 2
`
`Petitioner Apple - Ex. 1052, p. 2
`
`
`
`Contra} No: 953’001 388
`Declaration cfAitigelcs l3. Kermnytis, Phi).
`
`CRL Profile)“ $311111.er 1999 {KRFCI 2459’"); and P. lxl'lnekapen‘is, lE’l’F RFC if)“, “"Dnnmin Names m
`
`Concepie and Faeiiiizies,” Ncwember l9‘8’? (“RFC 1133:19‘}.3
`
`4.
`
`i am familiar with {lie level of etclinei‘y skili in the an. with respect in the inventions
`
`cf‘ibe ’504 patent as of .Fehmnry 'l 5 3000. when the eppiicaiinn for the parent 7135? patent was filed.
`
`Specificeliy. based on my review cf the techncli'igy, the educational ievei of active workers in the
`
`fieicll and drawing on my lawn experience, I bellies-“e e pEX‘SQfl of ordinary skill in an: in ihni: time
`
`would have had a masterls degree in. ccmputer science 01‘ computer engineering. as well as two years
`
`of experience in cnmputei networking with some accompanying exposure to iiei‘wci‘l: eecniiiy.
`
`5,
`
`i have been asiieci to consider new one 0f ci‘diiiai‘y Skill
`
`in the all would have
`
`nmiersmnd the refiercnccs meniiened nbm‘e. My findings are set forth belew.
`
`} I.
`
`Q I}ALIFKTATIGNS
`
`(i.
`
`i. have a great deal inexperience and finniliarity with cempnier and. iiem-‘ci‘k security.
`
`and. have been working in {his field Since 1993.
`
`if,
`
`i am currentiy an Associate inc-lessor of Computer Science 3?; Cclumbie University,
`
`as well as Director of the University’s New-=ci‘k. Securiiy Li boi‘atcify.
`
`.i joineii Celnmbin in 2891 in;
`
`an Aesisinnt Pi‘ci‘essm‘, after receiving my MSC. and Phi}. degrees in Compute? Science, Both lien}.
`
`the University of Pennsylvania. M3, Phi). dissertaticn work was en the topic of secure access
`
`control for distributed systems and. in particular. an the .im-inagement cfimst in distributed. computer
`
`lietwciike.
`
`8.
`
`I received my SEC. in Computer Science from the Unieersiiy cf Crete, in Greece. in
`
`1996. During my undergraduate studies. i worked as system administraim in the Computing Center
`
`at the University Of (Reta. Fi‘iilcwing that.
`
`l marked as Hem-mi; engineer at the first: cmnmerciei
`
`lniemet Service Pros-rider (“181?") in Greece, FOR‘I‘Hnei SA, where i was exposed to many network
`
`security issues.
`
`9.
`
`i have actively participated in the intemet Engineering Task Farce (“IE-TF7}? a
`
`staiidaidsxsening Lindy for the interest, since i 995.
`
`in the late 19985 and eai'ly 29005, my work with
`
`the BET? wee prinmrily within me lntemet Prcicccl Security {"‘ifPsec‘? Working Group.
`
`in addition
`
`3 Although I listed dates in these citations, 1 am not testifying in whether an}? cfiiiese
`references were actualiy pubiiciy distributed en the date listed
`
`Petitioner Apple - EX. 1052, p. 3
`
`Petitioner Apple - Ex. 1052, p. 3
`
`
`
`Contra} No: 953’00l 388
`Declaration ofArtgeloe 'D. Keromytis, Phi).
`
`re contributing to the specificatien of the tPsec standards 1' wrote the first implementaticn of the
`
`Photurt‘e key marrsgetrlent pretoce}, {120w RFC 2522}.
`
`1 also crmtribrrted to the first epen-souree
`
`implementation of the iiKSr-‘tMl’fliKE key management protocol for the epen-seuree BSD operating
`
`system (new RFC: 2409}, and developer} the first such implementation for the Linux operating
`
`system. Mr Linux, Unplementstiorr named Plum was adopted by the Netienztl institute of Standards
`
`and technology {\l‘sl} in £999.
`
`in addition, my implementation of It’s-ex: fer the epen—scurce
`
`BSD operating system. is currently used by many companies and. gmerttments around. the. worltl, and
`
`serves as the basis for several cemmereial products that employ cwptogrephic communicattirms.
`
`in
`
`1999,
`
`I arehitecterl and.
`
`implemented the first open—source framework for supporting hardware
`
`cryptographic accelerators.
`
`This fremewerlt
`
`is used in the open~sorrrce ClpenBSD, NetBSf)?
`
`FreeiBSD,‘ and Linux, operating systems. My work in implementing firewalls and other cryptographic
`
`and network protocols has *resuitecl in cortmrerclal systems and publications in refereed technical
`
`conferences and. academic journals
`
`I. served as Working Group Secretary fer the. IETF l’Psec
`
`“jerking Group (2003 9005} anti as Securrty Area Adviser to the Bill“ at: large (2003 {2038:}.
`
`to,
`
`In my current position at Ce‘lurrrble. University; I work w 1th a large group of graduate
`
`and postgraduate students in the area of eylnereecttrtty. My pest students new work in this field as
`
`university professors, as {eclmlcrrl
`
`researchers for research laboratories? or as engineers for
`
`tel‘ecommtmicetiens companies.
`
`I have received federal, state, and corporate sponsorship to conduct
`
`eybersecurity research from the Department of Defense, the National Security Agency the Defense
`
`Advanced Research Protects Agency {“DARPA"_}, the National Science Foundatrorr, [he Departmetrt
`
`ot‘Hemeland Security; the Air Force, the Office for Naval Research the Army Research Office, the
`
`Depamnem of the. interior, the s Eatienei Reconnaissance Office? New York State, (Boogie, Intel,
`
`(item, and others.
`
`In my teen years as a professor, I have received over 36 million {tellers to support
`
`my research in cybersecurity.
`
`I also regularly teach ccurses on cybersecurity, in addition to more
`
`general courses in, computer science.
`
`ll.
`
`3 have published over 200 technical papers in refereed journals, cottfieremces, and
`
`workshops, all of which are directed} to varlcus areas of cybersecurity.
`
`l have else autherefi a break,
`
`coauthored another book and centrrbrtted chapters for many other bunks that relate to cyberseeurity,
`
`Between 1999 and 20m, it have rh‘efteri or (so-drafted eight Standards documents that: were pulrlishetl
`
`as Request fer Comments (“RFCs”); Several of these RFCs are directly related to: it? security. For
`
`example, RFC 6(342 relates to transport layer security; RFC 5708, RFC 2792, and. RFC 2"?04 relate to
`
`key signature and encoding for trust management; and RFC 3586 relates to 1P security pelicy
`
`Petitioner Apple - EX. 1052, p. 4
`
`Petitioner Apple - Ex. 1052, p. 4
`
`
`
`Central N0: 953’001 .388
`Declaration efA1t1geloe'D. Kemmytis, Phi).
`
`requirements. Additionally, l am e ceinvenm: an melee issued US. patents, and have several other
`
`applicanens pending. Most pf these patents ancl pending applicatinne are (elated 11) network and
`
`systems 36211111}:
`
`l2.
`
`’3, have chairefi
`
`several
`
`international
`
`technical eenferenees and \1»'0:1:l<sl10ps
`
`in
`
`cyltaersecuri 13:. including. for example, the lntematirme'i Conlemnee on Financial Cryptography and
`
`Data Security {EC}. ABM (211111111116: and Cennnun101210011 Security (C(38). and the New Security
`
`Parafiigms kashep (\SPW}.
`
`l have also served in. ever eighty technical. prognnfn committees. fer
`
`such events. me 2004—2010, I served :13 Ansnciate E11110: fer the premier 1eclmieeijnnrna} n11
`
`cy-rbe‘rseemity -----------the ACM 'l‘raIISMIions
`
`on
`
`Infm‘mailen
`
`and Systems Seenrity
`
`{’l‘lSSEC).
`
`Additionally.
`
`l have semen on general advisory weekshops to the United. States Govemment en
`
`cyltaersecuri 13:.
`
`including. among others,
`
`the Office of the Dime-tn:
`
`11f Natianal
`
`laielligenee
`
`(fjlflNllx‘Netieml Security Agency {NSA} Invitational Workshop on (30111131113110:er Cybereeeurliy in
`
`Cemprmnised Em-‘imnments (GEE) {20! i}, the O‘ffiee ef‘Néwel Research {ENE} Workehep C111 Hes:
`
`Computer Seculfiy (2010},
`
`[he Intelllgenee C(nnmumty ‘l‘eclnncai Exchange 1:111 Mox-‘lng Target
`
`{2010), Lockheed Martin Future Security 'l‘ln‘ems Workshop {2009), and 1‘31eAROHFS‘l‘C Workshop
`
`1m inside: Atteek em? Cyber Security.
`
`l3
`
`3111 21131316111} '10 this; wmk,
`
`l have cp'fimnded two companies in 1:}1'l18‘rseC11rily. Cline
`
`company. SteclcSafe inc.
`
`(forn’lerly Revive Systems lac-J, was
`
`a. provider el‘ 3 virmafized
`
`prepmduenon staging environment. that includes 11111011111526 testing, analysis. and reporting fer ET
`
`operatlene teams.
`
`l was with this Cuimlpany from its {banding in 2005 until 2009. The second
`
`company. Allure Security 'I‘echnnlegien (founded in 2.010}, develnps deception—based. 5121111011115 for
`
`(lemming and mitigating the malicious cyber—rlnslder threat, 1:11:11111ercializl11g teelnmlngy developed at
`
`Columbia tl‘n‘nugh DHS and DARPA grams and a DARPA SBIR 121111113111.
`
`M.
`
`My Curriculum vitae, which is appended to this declaration, details my background
`
`and tee £1111 eel quallfi eatiens. Altlnmgh I. am being cmnpensated :11 my Standard rate 11f $500.:‘he11r fer
`
`my work an {his declaration, the cmnpermation in 111': 11-1111: ell‘ects the statements in this decimation.
`
`I11.
`
`BACKGROUND OF THE ’50:: PATENT
`
`lfi.
`
`Befme mming to a discussion. of the references relied. en in the Request and. the
`
`(")l‘fiee Actlen, l 51111111131121? my imilmewnding ulcenaén e111b0ciiments diseleeed in the ’504 patent.
`
`Generally speaking.
`
`the ""504 patent discloses, ameng other things, systems and methods fer
`
`1311.319113ng 11 domain name service {0‘13“} fer establishing a secure {311111111 unitafien link.
`
`Petitioner Apple - EX. 1052, p. 5
`
`Petitioner Apple - Ex. 1052, p. 5
`
`
`
`Contra} N0: 953’001 388
`'Dec’im‘ation 017Amt1ge¥0$ 13. Kemmytis, Phi).
`
`16.
`
`U}
`The ‘504 patent disc1ose 5mm mnbsdiments of a domain name sewice system fur
`
`establisl'xing a secure 80111111unicatiml link, such as a virtual mix-ma Hem-wk (“SPF“) cmmnumcaiinn
`
`11211;.
`
`In am: such emhudimenn a move}, specialized DNS Server receives a. iraditionai DNS request,
`
`and the DNS server automaticaliy :“acilitates the estab‘iishment (If a. secure mnmtmmicaflou fink, such
`
`as a VPN link, between a target made and a user.
`
`(504 patent. 39:46-37 .1.) This speciaiized DNS
`
`server 13 diffemm Steal a can\-'emio113} DNS server knew-1.1 at {be time of invention for 31' least the
`
`reason that the. specialized DNS server 3113131313113 the. extabfishjmnt of a. secure. communication fink
`
`bs-zyand merely returning a. requested IP‘ address or pubfic key
`
`1?,
`
`For exampia in the. exemplarsé 0f FIGS. 26 and 2“? 0f the ’5114 patent, reproduced
`
`beiov, a DNS server 2602 induding a DNS proxy 261.0 supports establishing a VPN fink between a
`
`cumpuier 2601 and a same target site 2604. {Id 3139:6l41159.)
`
`
`
`18
`
`in me embodiment, the DNS server 3603 receives a; DNS request for a target site
`
`frmn cm‘npuizer 2603..
`
`(113’. 3140:4942.) The DNS ‘pmxy 26H} detarmirms w'imther the iargei site- is a
`
`secure site.
`
`{1121 at: 40:13—15, d0:-‘19—56.}
`
`If access 11:: a secure: 3116 has been requested, the DNS proxy
`
`2.611} detennings whether the camputer 261.11 is authurjzed 113 access the. site, {Id 21:40:51.593 ‘ifsoi
`
`the DNS pmxy 263,0 'iranm‘ni'is a n'mssage to gatekaeper 2603 m faci'iitam 1116: cmafim‘; mfg: VPN 117111:
`
`hem-"€313 cmnputer 26301, and secure target site 2604.
`
`(Id.
`
`211 40:18—24.) D\S waxy 2610 than
`
`responds to the computerk 2601 DNS request with em addres3 received from the gatekeeper 2604.
`
`(Ed. at 41): 19%?) A secure VPN link is {111m established between the computer 260.1 and the secure
`
`~61»
`
`Petitioner Apple - EX. 1052, p. 6
`
`Petitioner Apple - Ex. 1052, p. 6
`
`
`
`Centre} N0: 953’001 388
`Declaration efArigeioe 'D. Keromytis, Phi).
`
`target site 2504.
`
`(Id. at “5—8) As eliewn in this example the epeciaiized DNS‘ server supperts
`
`creating a secure certtnrenieetiea fink, er, in other words, dries more than a. eemterrtienai DNS setter
`
`at the time of irweritiorr
`
`139.
`
`in fact. the 304 patent highlights this distinction between the speciaiizeti DNS server
`
`disclosed in its specification and a cmwentionai DNS scheme which merely returns a. requested I?
`
`address or pubiie key:
`
`meentienai Domain Name Sen-“em {DNSS} preride a iookvup flirtation that returns
`the EP address of a requested emriputer or hast. For example, when a cemputer riser
`types in the weir nitrite “‘r'ehooepnif the user‘s web browser tr‘a‘ttsrtrits a request tit a
`DNS, which comerts the name irite a feet—part if) address that is returned to the user’s
`bruit-Ger. ‘
`t
`‘
`
`(Line centrentieriei scheme that prerides secure virtuei private REWJOI‘RS ever the
`internet prim-rides the ENS server with the public keys; 0f the machines that the {)NS
`server has the addresses for. This ai’lows bests 1c: retrieve autemeticelly the public keys;
`0f a host that the host is: m communicate with so that the host can set up a VPN Withflut
`liaising the user enter the pubiic key of the tiestinatien hast. One impiemematien pf
`this standard is pt‘esen’tiy being develeped at: part of the FreeSEWAN project {RFC
`gears).
`
`The eerwentitina] scheme settlers than certain dram-”hedge. Fer exampte, any user can
`pattern} a DNS request. Moreover, DNS requests resrrive t0 the same value for ail
`USER‘S‘
`
`According to certain aspects of the int-emigre a speciaiized DNS server traps ENS
`requests andfi it the request is item a special. type of user {eg one for which secure
`cumitiuriieatioe sen-“ices are defined}, the server fines not return the true Ii) address of
`the target node, but instead, automatically sete up a rirtuat private network between the
`target node and the user.
`
`(Id, at 39:7»53 ‘} Compared with a conventional DNS knewn. at the time. of the tiling {3f the ’SCN
`
`patent,
`
`the speeiaiized DNS disclosed in the
`
`”504 patent
`
`supperts egtabtisiiiag a
`
`secure
`
`catninunieatioe iiulr.
`
`'I’he eiaime ot’tite ”504 patent are 21350 directed to a domain flank," service for
`
`eetablishing a secure communicatipn link.
`
`(See, erg. ’5’34 patent. 55:49—56? 57:48-58Y (’38:.3—i4}.
`
`IV.
`
`REFERENCES CITE-I) AGAiNST CLAIMS I 363a AND {if}
`
`A.
`
`Sabine
`
`20.
`
`Generally, 30me diseieses e, deirrain—beseéi
`
`security architecture for
`
`Internet
`
`transectimis.
`
`(Serum: Abstract, Fig;
`
`.1.) Regarding Fig L t‘eprridueeri imiew, Sit/’riiiri diaeieses that.
`
`the architecture includes a directory service {DR} that binds domains to their piliitie keys and 3.
`
`Petitioner Apple - EX. 1052, p. 7
`
`Petitioner Apple - Ex. 1052, p. 7
`
`
`
`Contra} N0: 953’001 .388
`Declaration OfAI‘ngIOS I). Kemmytis, Phi).
`
`Inca} authentication database (“LAD”) that IIIcIudes the public keys for each primeipa‘fi within a
`
`domain.
`
`(Id at: 43 .) Suimm discieses that each security domain IIIcIudeSa deIzIaiII he} holds:
`
`(“LIKE") that stores the key ring of domain ptlbiicfpt‘ivate key pairs and e dOIIIinI.I ‘hmfier system
`
`("BBS”) that. perf’emtzs varieue tasks I‘eIated to inter—donmin coilaimmtioe.
`
`(I'd. at. 43—44.}
`
`SI‘JMI‘M‘
`
`SISLI dISSISSeS IIIIII‘IIIIII naming infemmtien I“Us’SIIIthat IS IISed to deSIguaIe 130th domains; and
`
`principals within domaInS.
`
`(Id. at 43.} The UNI may be “a eomnmn name, an E—IIISII address, Dr S
`
`netwmk afidtess (id.‘1
`
`
`es
`_
`
`w xxbmfiwm: Sumo:
`{Danna Naming Nmmew
`
`Lace: Aezmsammw bum
`Ly
`
`‘:
`.‘swhxéam; m.- zrmwvhirmxi
`
`
`
`Rm Kc} mm:
`R
`L: gawk-mwrote SSW-Sun
`
`$me am ‘r‘jaxm:
`5385:
`
`
`
`,Hr”,1“.,.,.,~,mm.,.~”.w...m.md
`
`
`
`II
`
`II II‘
`
`W
`
`21%.
`
`Solmm discioSeS two ItltematiS-ee Ihr LIIIIIIIIIIIIIL‘atitIg between an initiamt in a SGIII'CL’
`
`demain and a, I'espmtdet in a destination domain.
`
`(Id. at Figs. 2a and 2b, below.) In the configuration.
`
`reiating to Fig. 2a the initiator sends a communicatien II to a souxce IJBS {'“SS—I‘JBS‘ 3.
`
`(Id. at 45A}
`
`The cemmuuicatinn itlcludesa heme: that contains a SSSSII‘III km and IIIIIIOI‘I‘II naming II).'"IIIII‘ITIEIIIUT1
`
`(“UNI“) for the responder, and iS encrypIed with a public key {If the warm dmnejn. {III} ’I'he S—
`
`UBS 1::
`
`es the anmumcatzon decrvptg the heads: using its pmme ILL-3.} ILEIICI‘VIBIS the same
`
`header using the pubiic key (If the desI‘iIIaI'imI domain, and SEE‘IIIIS the trIIIISIIetien It) {be destination
`
`DBS (“D-D88”).
`
`{1:23. at 45—46.} The D—DBS liken-SSE extracts the headet, finds; the Intel public key
`
`(If the respmder in, the 14.4.1), re~enctypt5 the same header with the respender local. pubiic key, and.
`
`I'III‘WEII'IIS the transaction In the responder. {'Ia’. 211146.}
`
`Petitioner Apple - EX. 1052, p. 8
`
`Petitioner Apple - Ex. 1052, p. 8
`
`
`
`Contra} Nd: 953’001 .7388
`Declaration efmtigeioe 'D. Kemmytis, Phi).
`
`
`
`22.
`
`in the cenfigumtiou reiaiing {a Fig. 3b. the initiator sends a simiiar connexmicaiien
`
`directly to the responder that incmdes the same header as in the ecsnfigumtion 0f Fig. 23, except that
`
`the header is encrypted with “the desiinetien domain pubiic key.
`
`{led at 4546,} The respeuder
`
`forwarde the header to the D—DBSe and, the 'D—DBE: sends the header back this time ens-minted. with
`
`the respoader Race! public keV.
`
`{151. 4‘
`
`1.
`
`Srmflme dues not disclose a dammit: name service system configured to
`store a piuraiity 0f damaiu names and correspunding network addresses.
`
`2'3
`
`it is my meim} that Sm’tma does; not dischse a domain name service system.
`
`configured. to store a. 'piurality of domain names and eerrespending network addresses. as recited in
`
`various eiaims 0f the ’504 patent”. The Uffice Action, by inem'pm'eting page 4'2 ef the Requeei,
`
`asserts thai Seiena’s Unilbrm Naming Infiwmwfian (“UNI”), which may be mihlished in. a direcimy
`
`service (“BS”), ineiudes both demam names and cerrespending network addresses.
`
`ii disagree for the
`
`fidiowing magma.
`
`24.
`
`First. Sofam doee not diedese that the D8 stares a. pl'umiity ef domain names and
`
`corresponding new-wk addresses.
`
`Instead. Shim-m mereb' discloses that the DS stares “naming
`
`infennation and .
`
`.
`
`. eeriificelee that seemeiybind dummies 1'0 their public has {.Sbimm 4‘3.) Thus,
`
`ifatnything Shifcmd’s DS stares mulling ieformatien for domains and CWT-€5penciirzg pubfic keg-*5 fer
`
`the domains. But Shims: dees net disciose that the US stores a plurality of domain names and.
`
`correspmdieg Heft-my}: addresses.
`
`25.
`
`Second, the “naming iisz'rmaire‘m” stored in Smmm’s 33 also daee net .inciude both
`
`domain names and cm-respemfing newer}: mfdremext.
`
`Selma explains
`
`that
`
`the “naming
`
`infexmxatien” is stored in the DS in the fm‘m UFUNES which may include “a commend name, an E~
`
`men address. or a Mime}: address.” (See id. ,enmhasis added} Thus, the UN} diseiesed by Sokma
`
`dees net inciude but}: a domain name and a corresponding mete-fork address.
`
`_. 9 _,
`
`Petitioner Apple - EX. 1052, p. 9
`
`Petitioner Apple - Ex. 1052, p. 9
`
`
`
`Centre} N0: 953’001 388
`'Decieratien efAitigeioe i3. Keromytis, Phi).
`
`26.
`
`Furthen in Fig i. reproduced in part below, 50mm discloses iii greater deteii ‘Iiow
`
`UNiis and om‘resimritiing keys iriay aiso be stared toge‘ii‘iei‘ in the LAX), another database separate
`
`from the D8. But the LAD also does not store domain names and corresponding netwmk addresses:
`
`
`
`
` x‘.
`I/Mo
`
`‘
`J
`“w“,‘wfi
`‘
`\\\\\~'
`ar\x Q
`
`\‘3‘
`
`I
`5
`
`Inf/lit:‘tttitl/‘i-‘I‘IMO’JIWIMIIMMW
`
`{1d} The UNIr’PubK iaiiies in Fig.
`
`E Show haw the LAD associates a UNI iii a particuiar principal
`
`with it3 public. key.
`
`(Id. at 43—44.) As Shawn. the UN} “LES for a principai iii the source domain
`
`correeponds to public. key “asdfgiiif’ am? the UNI “arbttxfiiT-ri)” for a prirxeipai in the destination domain
`
`currespenrie to public key “zxevhir,” (Id. at Fig. 1.} Bart again. {he UNI itseifdoes moi: inciride both a
`
`domain name and a. con'espendiiig network address.
`
`(19’. at 43.) Moreoven the UN} stored in the
`
`LAD is associated with a pubiic key, and not with a network address. {It}. at Fig, 1.}
`
`27.
`
`Third, we of erdinirry ekiii in the art would not have understand Shier-28‘s D5 to he a
`
`domain name service system. As discussed. Katrina’s 38 stores naming information (UNis) for
`
`tionmins and certificates that himi these domains; to pubiie keys But .S‘oiiiriii does not disciose that
`
`the DS 'i‘eSOiVES damain names;-------i‘ec‘ioiving domain. names into i? addresses is outside the scope of
`
`Shimm.
`
`3.
`
`591mm does not disclose a domain name service system configurefi to
`receive a query for a netwerk address.
`
`.28.
`
`it is also my opioion that S‘rzilrri'rar times not. tiiseios *
`
`{:1 domain name eervice systeiin.
`
`configured. in receive a Query fer a. network address. The Office Action adopted pages 42—44 of the
`
`Request, which asserts that this cieim feature is disciosed in three different. figures ofS‘rflana. For the
`
`foiiowing reasons, i dieegree with this aeeertioir.
`
`39,
`
`First, centraiy to the Request’s assertions, Figure l
`
`times not disclose a domain name
`
`service system configured to receive a qoeiy for a network address. The Request asserts that. seizure
`
`“explains that its SECURE DNS eyeiems are designed to haitidie the ‘geiireric iiitemet transaction"
`
`which .
`
`.
`
`. is generated by requests initiated by the two 'pr'inei'eais-r-r-iiie “initiator” and the ‘i‘espoiider.m
`
`(Reg. at 43.) "i‘he Request continues: “[ijn Figure L the initiator and the responder entities are shown
`
`as making requests that are acted open by the DNS system to estabiieit Eli] authenticated and
`
`encrypted ciiaririei efcermmmieaitioiis.“ Uzi.) 1 disagree.
`
`— 10—
`
`Petitioner Apple - EX. 1052, p. 10
`
`Petitioner Apple - Ex. 1052, p. 10
`
`
`
`Contra} No: 953’001 388
`Declaration ofArrgeios 'D. Keromyris, Phi).
`
`30.
`
`Nothing in Selene suggests that the identified requests in Sufism; inchrcie a query for a
`
`network afiic'ircssr To {he cannery, the “requests” semi. from the initiarcr and responder, discussed in
`
`greater detail beiow with respect to figs. 23 and 2b, are queries for rem srored in rise [)3 or the LAX).
`
`(See genes-chirs id. at $15-46 {“The initiator .
`
`.
`
`. iscues a ‘DS query m chem? {he desrinmion cinema
`
`przhi’fc fie}? emphasis added)
`
`Indeed, Fig.
`
`2 cf Seismic; disclcses an esrc-I‘rirccrurc that distributes
`
`public keys used to eerebiish authenticated enrifor encrypted charrrreis ----------- not an architecture that
`
`receives queries for netwcrk addresses.
`
`3i.
`
`Second, contrary to the Requesfs zrsserr‘irms;~ Figure 23 in Serena does not: dieciose a
`
`domain name service system configured 1:: receive a query for e. nerwerk address. With respect to
`
`Fig. 23, the Request asserts that “the DNS system acts on. requests rc derermirre network scirirecscs of
`
`the initiator and respcrlcier principals"
`
`(Ii-i at £14.}
`
`"I‘he Request eisc points to the three
`
`communicetirme shcwrr in, fig '23 and expieined on pages- 45—46 cf Scrum as a‘ilegedly disciosi'ng
`
`these “requests to determine nerwcrk addresses of‘rhe initiator and. respcnrier principaisf’
`
`(id, err. 43*
`
`46%.} Again 1 disagree.
`
`32,
`
`Serene discioees that the first commrmicenon in Fig. 2a is sent from the source
`
`domain to the 3988 and inciudcs “a header containing the. session key anti rhe UNI of the
`
`responcier" and a payioad cm‘rrairring encrypted data (depicted in Fig. 2a 215 “iEvrlDATA'fl.
`
`(Soiarm
`
`45.) Nothing in Safer-re describes or suggests that the communication includes a request fer a
`
`nerwcrk address. Mercer-er, the remaining two communicatinns shown in Fig. 2a merely invoice
`
`forwarding the communication from the S-DBS to the {Ii-DES and than .i'i‘om the Ill—DES to the
`
`responder
`
`(Id. at 45—46.} Each of these communicarions includes the same header containing the
`
`same seesicn key and UNI cf‘thc responderwrhe only difference being than the header is encwptcd
`
`with the puhiic hey efthe recipient riurirzg each c-ormrrcnicerich (ices. the public key ci‘ihc decimation
`
`domain (hiring ccmmcnication 2 and the public key cf'rhe responder during corrminniceticn 3}, Uzi.)
`
`33.
`
`Frmher, Figure 2a fines not discicse a denizens name sen-ice sycrem configured tn
`
`receive a query for? a ircrwcrh addrese” because what the Request a‘ileges is the claimed domain were
`
`service system (Sriiarra’s DS) does not receive {he aiieged query fer a Hem-or}: ariiiress. Schism
`
`discloses the: the ccnfigureticn oi‘Fig, Re is panicuiarly ccnvcniem for principals racking access m
`
`a global BS.” {14:17. 23146.} In other wcrds, the D3 ------the elieged dcmain heme service system-------is not
`
`involved, in the method discloseci in Fig 321.
`
`34.
`
`Third; contrary is} the Requesr‘s assertions Figure Eb (zines nor. disclose a domain
`
`name service system ccnfigured to receive a query 1111* a network address For excmpie, Scrum
`
`qr-
`
`Petitioner Apple - EX. 1052, p. 11
`
`Petitioner Apple - Ex. 1052, p. 11
`
`
`
`Centre} N0: QSa’OOl 388
`Declaration oprgelos l3. Keromptis, Phi).
`
`explains that the first communicatinn in Fig 2b includes the initiator generating the same header as
`
`in the first: commmioatlml in Fig. 2a {Id} Them the lilliiaifil‘ issues a “US quew to ohmin the
`
`desrinaiimr don-mi}: public £133th headereecr;rg_r_1!itn-t,” (3:1,, emphasis added.) Thus, the only query
`
`issued by the hritismr is a query fer a public keV and. not a query for a hetwerk address, {id}
`
`3.
`
`Selena does not discluse “a domain name service system mmfigured .
`comprise an indication that the domain pantie
`service system suppurts establishing a secure cemmunicaflou link.”
`
`.
`
`. to
`
`35,
`
`it is else my epinroh that Sfliflfifl else fails to teaeh or suggest “a domain name.
`
`service system configured tn _
`
`a
`
`. comprise an indie-atlas that the demah: same service system
`
`supports estebhslfiog a secure eon'n'nunleashes link," as required by, for example claim } ef the 3334
`
`patent The Request asserts that Salami-1r teaches this limitation because: (1} lS’ehe-uzt teaches that its
`
`system includes ”a Domain Key Holder {BER} and a Domain Border System {BBS} that manage
`
`and use keys-tentficaies to hemdle authentication and encryption lhtsetthms”; and {:2} “the 'pateti’i
`
`owner has asserted that
`
`the use of certificates in connection with establishment of seizure
`
`cmmmmieation links emnprises
`
`an
`
`"hrdieahen’
`
`that a DNS system can supper:
`
`secure
`
`cum{Implications."‘ {‘Req, at 45.] l disagree with these asserthrms.
`
`36.
`
`The Request suggests that the keys and certificates in Salons are indications that: the
`
`DS, BIKE, and .088 of Swarm support establishing the alleged. secure commanieafleu link. Bat 1m
`
`cemhination Uféi'olemr‘s D8 DKl-L or DES can he the recited danish} name service system because
`
`none of these components are mall gmfed to {l} store a plurality ofdemain names and corresponding
`
`netwerh addresses or (2} receive a query for a nets-tori. address as required by some ofthe claims of
`
`the ’30-'11 parent. Moreover, one pl? ordinary skill in the art: at: the {rule of‘ihe application for the ’504
`
`patent would not: have understeed the DES; DKH, or BBS to be a. domain name service system. As I
`
`discussed above: the D3 described by Salem does no: store a plurality of demain names and
`
`cm‘respending network addresses or receive a query for a network address.
`
`Indeed, the Request: and
`
`the Office Action do not Show lens the. DKH and {ABS disclosed by Sailors; include these features.
`
`Nor could they, in the eyes of one pf ordinary skill in the am he considered a domain name sewiee
`
`sys tem .
`
`
`
`3?,
`
`in additien, it is irrelevant whether
`
`as the Request and Office Action assenm‘“the
`
`patent owner has asserted that the use of certificates in cortntreetion with establishment: of secure
`
`Ctmmmtttitattion
`
`links cmnprises
`
`£1171
`
`‘lndicafion’
`
`that
`
`a DNS system can suppm‘t
`
`secure
`
`commonleafless.” {'Io’.) The certificates and keys disclosed by Selena land relied upon by the Office
`
`Action are distributed by systems that are not domain same service systems.
`
`43..
`
`Petitioner Apple - EX. 1052, p. 12
`
`Petitioner Apple - Ex. 1052, p. 12
`
`
`
`Centre} N0: 953’001 388
`Decietatieh efAtigeioe 'D. Kerminytis, PhD.
`
`3.
`
`5613113 in View Of RFC 2534
`
`33.
`
`it is my opinieh that eemhittittg RFC 2504 with Saturn: still does that remedy the
`
`defieietteies 1 identified above with respect to Shit-with The Request tehes on RFC .2504 as- dise’iosing
`
`an indication that the domain name service system suppm’ts estahhshing a secure epitiimimicetien
`
`hath:
`
`1' disagree.
`
`39.
`
`RFC 2504‘
`
`is a document
`
`that “*pt‘evities guidance to the end-users of computer
`
`Systems and netwothg {them what they can do w keep their data and cemmtmieetion mix-"ate“ (RFC
`
`2504 at 2;} 1&5 such, RFC 2504's thaws is with endqiser fiihctimiality and steps that: endmsers can
`
`take te prOt3C£ their network 00mmunicetiene
`
`(See id.) RFC ZSM doee mt discuss D’NS
`
`ftinctionaiity Moreover, RFC 2504 does net disciose storing domain. names and teorrespenthng
`
`netwetk adéireeses or receiving, a query for a mtwet‘h address. Because RFC 250% does net dieciese
`
`a dettteiu name service system, it does not disclose an indication that the definite mime service system
`
`supports estahiishing a secure communication link;
`
`4t}.
`
`The Request and the Office Actien also assert
`
`that RFC 250