111111
`
`1111111111111111111111111111111111111111111111111111111111111
`US007921211B2
`
`c12) United States Patent
`Larson et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 7,921,211 B2
`*Apr. 5, 2011
`
`(54) AGILE NETWORK PROTOCOL FOR SECURE
`COMMUNICATIONS USING SECURE
`DOMAIN NAMES
`
`(75)
`
`Inventors: Victor Larson, Fairfax, VA (US);
`Robert Dunham Short, III, Leesburg,
`VA (US); Edmund Colby Munger,
`Crownsville, MD (US); Michael
`Williamson, South Riding, VA (US)
`
`(73) Assignee: VirnetX, Inc., Scotts Valley, CA (US)
`
`( *) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 701 days.
`
`This patent is subject to a terminal dis(cid:173)
`claimer.
`
`(21) Appl. No.: 11/840,560
`
`(22) Filed:
`
`Aug. 17, 2007
`
`(65)
`
`Prior Publication Data
`
`US 2008/0040792 AI
`
`Feb. 14, 2008
`
`Related U.S. Application Data
`
`(63) Continuation of application No. 10/714,849, filed on
`Nov. 18, 2003, now Pat. No. 7,418,504, which is a
`continuation of application No. 09/558,210, filed on
`Apr. 26, 2000, now abandoned, which
`is a
`continuation-in-part of application No. 09/504,783,
`filed on Feb. 15,2000, now Pat. No. 6,502,135, which
`is
`a
`continuation-in-part of application No.
`09/429,643, filed on Oct. 29, 1999, now Pat. No.
`7,010,604.
`
`(60) Provisional application No. 60/106,261, filed on Oct.
`30, 1998, provisional application No. 60/137,704,
`filed on Jun. 7, 1999.
`
`(51)
`
`Int. Cl.
`G06F 151173
`
`(2006.01)
`
`(52) U.S. Cl. ....................................................... 709/226
`(58) Field of Classification Search .................. 709/226,
`709/221; 726/15
`See application file for complete search history.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`2,895,502 A
`7/1959 Roper eta!.
`5,303,302 A
`4/1994 Burrows
`5,311,593 A
`5/1994 Carmi
`(Continued)
`
`EP
`
`FOREIGN PATENT DOCUMENTS
`0838930
`4/1988
`(Continued)
`
`OTHER PUBLICATIONS
`
`Baumgartner eta!, "Differentiated Services: A New Approach for
`Quality of Service in the Internet," International Conference on High
`Performance Networking, 255-273 (1998).
`
`(Continued)
`
`Primary Examiner- Krisna Lim
`(74) Attorney, Agent, or Firm- McDermott Will & Emery
`LLP
`
`ABSTRACT
`(57)
`A secure domain name service for a computer network is
`disclosed that includes a portal connected to a computer net(cid:173)
`work, such as the Internet, and a domain name database
`connected to the computer network through the portal. The
`portal authenticates a query for a secure computer network
`address, and the domain name database stores secure com(cid:173)
`puter network addresses for the computer network. Each
`secure computer network address is based on a non-standard
`top-level domain name, such as .scorn, .sorg, .snet, .snet,
`.sedu, .smil and .sint.
`
`60 Claims, 40 Drawing Sheets
`
`2611
`
`Petitioner Apple - Ex. 1001, p.1
`
`

`
`US 7,921,211 B2
`Page 2
`
`726/15
`
`726/19
`
`U.S. PATENT DOCUMENTS
`5,384,848 A
`111995 Kikuchi
`5,511,122 A
`4/1996 Atkinson
`5,629,984 A
`5/1997 McManis
`5,764,906 A
`6/1998 Edelstein et al.
`5,771,239 A
`6/1998 Moroney et a!.
`5,805,803 A
`9/1998 Birrell et al.
`5,822,434 A
`10/1998 Caronni et a!.
`5,864,666 A *
`111999 Shrader .
`5,870,610 A
`2/1999 Beyda eta!.
`5,898,830 A
`4/1999 Wesinger, Jr. eta!.
`5,950,195 A
`9/1999 Stockwell et a!.
`6,052,788 A
`4/2000 Wesinger et al.
`4/2000 Smorodinsky et al.
`6,055,574 A
`5/2000 Nordman
`6,061,346 A
`6,079,020 A
`6/2000 Liu
`6,081,900 A * 6/2000 Subramaniam et al.
`6,101,182 A
`8/2000 Sistanizadeh et a!.
`6,119,171 A
`9/2000 Alkhatib
`6,173,399 B1
`112001 Gilbrech
`6,199,112 B1
`3/2001 Wilson
`6,202,081 B1
`3/2001 Naudus
`6,223,287 B1
`4/2001 Douglas et al.
`6,226,748 B1
`5/2001 Bots eta!.
`6,226,751 B1
`5/2001 Arrow et al.
`6,246,670 B1
`6/2001 Karlsson et a!.
`6,262,987 B1
`7/2001 Mogul
`6,298,341 B1
`10/2001 Mann eta!.
`6,314,463 B1
`1112001 Abbott eta!.
`6,333,272 B1
`12/2001 McMillin et a!.
`6,338,082 B1
`112002 Schneider
`6,502,135 B1
`12/2002 Munger eta!.
`6,557,037 B1
`4/2003 Provino
`6,687,746 B1
`2/2004 Shuster et al.
`6,701,437 B1
`3/2004 Hoke eta!.
`6,752,166 B2
`6/2004 Lull eta!.
`6,757,740 B1
`6/2004 Parkh eta!.
`6,937,597 B1
`8/2005 Rosenberg et a!.
`7,039,713 B1
`5/2006 Van Gunter et a!.
`7,072,964 B1
`7/2006 Whittle et al.
`7,167,904 B1
`112007 Devaraj an et a!.
`7,188,175 B1
`3/2007 McKeeth
`4/2008 Kono eta!.
`7,353,841 B2
`7,461,334 B1
`12/2008 Lu et al.
`212009 Munger eta!.
`7,490,151 B2
`7,493,403 B2
`212009 Shull eta!.
`200110049741 A1
`12/2001 Skene et al.
`2004/0199493 A1
`10/2004 Ruiz et al.
`2004/0199520 A1
`10/2004 Ruiz et al.
`2004/0199608 A1
`10/2004 Rechterman et a!.
`2004/0199620 A1
`10/2004 Ruiz et al.
`2007/0208869 A1
`9/2007 Adelman et al.
`2007/0214284 A1
`9/2007 King eta!.
`2007/0266141 A1
`1112007 Norton
`2008/0235507 A1
`9/2008 Ishikawa et a!.
`
`EP
`GB
`GB
`GB
`JP
`JP
`JP
`JP
`wo
`wo
`wo
`wo
`wo
`
`FOREIGN PATENT DOCUMENTS
`0814589
`12/1997
`2317792
`4/1998
`2334181
`8/1999
`2340702
`212000
`62-214744
`9/1987
`04-363941
`12/1992
`09-018492
`111997
`10-070531
`3/1998
`W098/27783
`6/1998
`W099/11019
`3/1999
`wo 00/17775
`3/2000
`wo 00/70458
`1112000
`wo 01116766
`3/2001
`OTHER PUBLICATIONS
`
`Chapman eta!., "Domain Name System (DNS)," 278-296 (1995).
`Davila et a!., "Implementation of Virtual Private Networks at the
`Transport Layer," M. Mambo, Y. Zheng (Eds), Information Security
`(Second International) Workshop, ISW' 99. Lecture Notes in Com-
`puter Science (LNCS), vol. 1729; 85-102 (1999).
`De Raadt eta!., "Cryptography in OpenBSD," 10 pages (1999).
`
`Eastlake, "Domain Name System Security Extensions," Internet
`Citation, Retrieved from the Internet: URL:ftp://ftp.inet.no/pub/ietf/
`internet -drafts/ draft -ietf-dnssec-secext2-0 5. txt ( 1998).
`Gunter eta!., "An Architecture for Managing QoS-Enabled VRNs
`Over the Internet," Proceedings 24th Conference on Local Computer
`Networks. LCN' 99 IEEE Comput. Soc Los Alamitos, CA, pp. 122-
`131 (1999).
`Shimizu, "Special Feature: Mastering the Internet with Windows
`2000", Internet Magazine, 63:296-307 (2000).
`Stallings, "Cryptography and Network Security," Principals and
`Practice, 2nd Edition, pp. 399-440 ( 1999).
`Takata, "U.S. Vendors Take Serious Action to Act Against Crack(cid:173)
`ers-A Tracking Tool and a Highly Safe DNS Software are
`Released", Nikkei Communications, 257:87(1997).
`Wells, Email (Lancasterb1be@mail.msn.com), Subject: "Security
`Icon," (1998).
`Fasbender, A., et a!., Variable and Scalable Security: Protection of
`Location Information in Mobile IP, IEEE VTS, 46th, 1996, 5 pp.
`DNS-related correspondence dated Sep. 7, 1993 to Sep. 20, 1993.
`(Pre KX, KX Records).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Dec. 2, 1996). (RFC 2543 Internet Draft 1).
`Aventail Corp., "AutoSOCKS v. 2.1 Datasheet," available at http://
`www.archive.org/web/19970212013409/www.aventail.corn/prod!
`autosk2ds.htrnl (1997). (AutoSOCKS, Aventail).
`Aventail Corp., "Socks Version 5," Aventail Whitepaper, available at
`http:/ /web.archive.org/web/ 19970620030312/www.aventail.com/
`educate/whitepaper/soc kswp.htrnl (1997). (Socks, Aventail).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Mar. 27, 1997). (RFC 2543 Internet Draft 2).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Jul. 31, 1997). (RFC 2543 Internet Draft 3).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Nov. 11, 1997). (RFC 2543 Internet Draft 4).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (May 14, 1998). (RFC 2543 Internet Draft 5).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Jun. 17, 1998). (RFC 2543 Internet Draft 6).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Jul. 16, 1998). (RFC 2543 Internet Draft 7).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Aug. 7, 1998). (RFC 2543 Internet Draft 8).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Sep. 18, 1998). (RFC 2543 Internet Draft 9).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Nov. 12, 1998). (RFC 2543 Internet Draft 10).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Dec. 15, 1998). (RFC 2543 Internet Draft 11).
`Aventail Corp., "Aventail Connect 3.112.6Administrator's Guide,"
`(1999). (Aventail Administrator 3.1, Aventail).
`Aventail Corp., "Aventail Connect 3.112.6 User's Guide," (1999).
`(Aventail User 3.1, Aventail).
`Aventail Corp., "Aventail ExtraWeb Server v3.2 Administrator's
`Guide," (1999). (Aventail Extra Web 3.2, Aventail).
`Check Point Software Technologies Ltd. (1999) (Check Point,
`Checkpoint FW).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Jan. 15, 1999). (RFC 2543 Internet Draft 12).
`Goncalves, et a!. Check Point FireWall-] Administration Guide,
`McGraw-Hill Companies (2000). (Goncalves, Checkpoint FW).
`Assured Digital Products. (Assured Digital).
`F-Secure, F-Secure Evaluation Kit (May 1999) (FSECURE
`00000003) (Evaluation Kit 3).
`F-Secure, F-Secure Evaluation Kit (Sep. 1998) (FSECURE
`00000009) (Evaluation Kit 9).
`IRE, Inc., SafeNet/Soft-PK Version 4 (Mar. 28, 2000) (Soft-PK Ver(cid:173)
`sion 4).
`IRE/SafeNet Inc., VPN Technologies Overview (Mar. 28, 2000)
`(Safenet VPN Overview).
`IRE, Inc., SafeNet/VPN Policy Manager Quick Start Guide Version 1
`(1999) (SafeNetVPN Policy Manager).
`Information Assurance/NAI Labs, Dynamic Virtual Private Net(cid:173)
`works Presentation v.3 (2000).
`
`Petitioner Apple - Ex. 1001, p.2
`
`

`
`US 7,921,211 B2
`Page 3
`
`U.S. Appl. No. 60/134,547, filed May 17, 1999, Victor Sheymov.
`U.S. Appl. No. 60/151,563, filed Aug. 31, 1999, Bryan Whittles.
`U.S. Appl. No. 09/399,753, filed Sep. 22, 1998, Graig Miller eta!.
`Microsoft Corporation's Fourth Amended Invalidity Contentions
`dated Jan. 5, 2009, VirnetX Inc. and Science Applications Interna(cid:173)
`tional Corp. v. Microsoft Corporation.
`Appendix A of the Microsoft Corporation's Fourth Amended Inval(cid:173)
`idity Contentions dated Jan. 5, 2009.
`Concordance Table for the References Cited in Tables on pp. 6-15,
`71-80 and 116-124 of the Microsoft Corporation's Fourth Amended
`Invalidity Contentions dated Jan. 5, 2009.
`1. P. Mockapetris, "DNS Encoding of Network Names and Other
`Types,"NetworkWorking Group, RFC 1101 (Apr. 1989) (RFC1101,
`DNS SRV).
`R. Atkinson, "An Internetwork Authentication Architecture," Naval
`Research Laboratory, Center for High Assurance Computing Sys(cid:173)
`tems (Aug. 5, 1993). (Atkinson NRL, KX Records).
`Henning Schulzrinne, Personal Mobility for Multimedia Services In
`The Internet, Proceedings of the Interactive Distributed Multimedia
`Systems and Services European Workshop at 143
`(1996).
`(Schulzrinne 96).
`Microsoft Corp., Microsoft Virtual Private Networking: Using Point(cid:173)
`to-Point Tunneling Protocol for Low-Cost, Secure, Remote Access
`Across the Internet (1996) (printed from 1998 PDC DVD-ROM).
`(Point to Point, Microsoft Prior Art VPN Technology).
`"Safe Surfing: How to Build a Secure World Wide Web Connection,"
`IBM Technical Support Organization, (Mar. 1996). (Safe Surfing,
`Website Art).
`Goldschlag, et a!., "Hiding Routing Information," Workshop on
`Information Hiding, Cambridge, UK (May 1996). (Goldschlag II,
`Onion Routing).
`"IPSec Minutes From Montreal", IPSEC Working Group Meeting
`Notes,
`http:/ /www.sandleman.ca/ipsec/ 1996/08/msgOOO 18 .htrnl
`(Jun. 1996). (IPSec Minutes, FreeS/WAN).
`J. M. Galvin, "Public Key Distribution with Secure DNS," Proceed(cid:173)
`ings of the Sixth USENIX UNIX Security Symposium, San Jose,
`California, Jul. 1996. (Galvin, DNSSEC).
`J. Gilmore, et a!. "Re: Key Management, anyone? (DNS Keying),"
`IPSec Working Group Mailing List Archives (Aug. 1996). (Gilmore
`DNS, FreeS/WAN).
`H. Orman, et a!. "Re: 'Re: DNS? was Re: Key Management, any(cid:173)
`one?" IETF IPSec Working Group Mailing List Archive (Aug. 1996-
`Sep. 1996). (Orman DNS, FreeS/WAN).
`Arnt Gulbrandsen & Paul Vixie, A DNSRRfor specifYing the location
`of services (DNS SRV), IETF RFC 2052 (Oct. 1996). (RFC 2052,
`DNS SRV).
`Freier, et al. "The SSL Protocol Version 3.0," Transport Layer Secu(cid:173)
`rity Working Group (Nov. 18, 1996). (SSL, Underlying Security
`Technology).
`M.G. Reed, et al. "Proxies for Anonymous Routing," 12th Annual
`Computer Security Applications Conference, San Diego, CA, Dec.
`9-13, 1996. (Reed, Onion Routing).
`Kenneth F. Alden & Edward P. Wobber, The Alta Vista Tunnel: Using
`the Internet to Extend Corporate Networks, Digital Technical Journal
`( 1997) (Alden, Alta Vista.
`Autornative Industry Action Group, "ANX Release 1 Document Pub(cid:173)
`lication," AIAG (1997). (AIAG, ANX).
`Autornative Industry Action Group, "ANX Release 1 Draft Docu(cid:173)
`ment Publication," AIAG Publications (1997). (AIAG Release,
`ANX).
`Aventail Corp. "Aventail VPN Data Sheet," available at http://www.
`archive.org/web/ 199702120 13043/www.aventail.com/prod!
`vpndata.html (1997).(Data Sheet, Aventail).
`Aventail Corp., "Directed VPN V s. Tunnel," available at http:/ /web.
`archive .org/web/ 1997062 003 0312/www.aventail.com/ educate/
`directvpn.htrni (1997). (Directed VPN, Aventail).
`Aventail Corp., "Managing Corporate Access to the Internet,"
`Aventail Auto SOCKS White Paper available at http:/ /web.archive.
`org/web/ 199706 2003 0312/www.aventail.com/ educate/whi tepaper I
`ipmwp.html (1997). (Corporate Access, Aventail).
`Aventail Corp., "VPN Server V2.0 Administration Guide," (1997).
`(VPN, Aventail).
`
`Goldschlag, et al. "Privacy on the Internet," Naval Research Labo(cid:173)
`ratory, Center for High Assurance Computer Systems (1997).
`(Goldschlag I, Onion Routing).
`Microsoft Corp., Installing Configuring and Using PPTP with
`Microsoft Clients and Servers (1997). (Using PPTP, Microsoft Prior
`Art VPN Technology).
`Microsoft Corp., IP Security for Microsoft Windows NT Server 5. 0
`( 1997) (printed from 1998 PDC DVD-ROM). (IP Security, Microsoft
`Prior Art VPN Technology).
`Microsoft Corp., Microsoft Windows NT Active Directory: An Intro(cid:173)
`duction to the Next Generation Directory Services (1997) (printed
`from 1998 PDC DVD-ROM). (Directory, Microsoft Prior Art VPN
`Technology).
`Microsoft Corp., Routing and Remote Access Service for Windows
`NT Server NewOpportunities Today and Looking Ahead (1997)
`(printed from 1998 PDC DVD-ROM).(Routing, Microsoft Prior Art
`VPN Technology).
`Microsoft Corp., Understanding Point-to-Point Tunneling Protocol
`PPTP (1997) (printed from 1998 PDC DVD-ROM). (Understanding
`PPTP, Microsoft Prior Art VPN Technology).
`J. Mark Smith et.al., Protecting a Private Network: The Alta Vista
`Firewall, Digital Technical Journal (1997). (Smith, AltaVista).
`Naganand Doraswamy Implementation of Virtual Private Networks
`(VPNs) with IPSecurity, <draft-ietf-ipsec-vpn-OO.txt> (Mar. 12,
`1997). (Doraswamy).
`Aventail Corp., "Aventail, and Cybersafe to Provide Secure Authen(cid:173)
`tication For Internet and Intranet Communication," Press Release,
`Apr. 3, 1997. (Secure Authentication, Aventail).
`D. Wagner, et al. "Analysis of the SSL 3.0 Protocol," (Apr. 15, 1997).
`(Analysis, Underlying Security Technologies).
`Automotive Industry Action Group, "ANXO Certification Authority
`Service and Directory Service Definition for ANX Release 1 ," AIAG
`Telecommunications Project Team and Bellcore (May 9, 1997).
`(AIAG Defintion, ANX).
`Automotive Industry Action Group, "ANXO Certification Process
`and ANX Registration Process Definition for ANX Release 1 ," AIAG
`Telecommunications Project Team and Bellcore (May 9, 1997).
`(AIAG Certification, ANX).
`Aventail Corp., "Aventail Announces the First VPN Solution to
`Assure Interoperability Across Emerging Security Protocols," Jun. 2,
`1997. (FirstVPN, Aventail).
`Syverson, et al. "Private Web Browsing," Naval Research Laboratory,
`Center for High 8 Assurance Computer Systems (Jun. 2, 1997).
`(Syverson, Onion Routing).
`Bellcore, "Metrics, Criteria, and Measurement Technique Require(cid:173)
`ments for ANX Release 1 ," AIAG Telecommunications Project Team
`and Bellcore (Jun. 16, 1997). (AIAG Requirements, ANX).
`R. Atkinson, "Key Exchange Delegation Record for the DNS," Net(cid:173)
`work Working Group, RFC 2230 (Nov. 1997). (RFC 2230, KX
`Records).
`1998 Microsoft Professional Developers Conference DVD ("1998
`PDC DVD-ROM") (including screenshots captured therefrom and
`produced as MSFTVX 00018827-00018832).
`(Conference,
`Microsoft Prior Art VPN Technology).
`Microsoft Corp., Virtual Private Networking An Overview (1998)
`(printed from 1998 PDC DVD-ROM) (Overview, Microsoft Prior Art
`VPN Technology).
`Microsoft Corp., Windows NT 5.0 Beta Has Public Premiere at
`Seattle Mini-Camp Seminar attendees get first look at the perfor(cid:173)
`mance and capabilities of Windows NT 5.0 (1998) (available at hap
`I /www.microsoft.com/presspass/features/ 1998/1 0-19nt5.
`mspxpftrue).(NT Beta, Microsoft Prior Art VPN Technology).
`"What ports does SSL use" available at stason.org/TULARC/secu(cid:173)
`rity/ssl-talk/3-4-What-ports-does-ssl-use.html (1998). (Ports, DNS
`SRV).
`Aventail Corp., "Aventail VPNV2.6 Includes Support for More Than
`Ten Authentication Methods Making Extranet VPN Development
`Secure and Simple," Press Release, Jan. 19, 1998. (VPN V2.6,
`Aventail).
`R. G. Moskowitz, "Network Address Translation Issues with IPsec,"
`Internet Draft, Internet Engineering Task Force, Feb. 6, 1998.
`(Moskowitz).
`
`Petitioner Apple - Ex. 1001, p.3
`
`

`
`US 7,921,211 B2
`Page 4
`
`H. Schulzrinne, et al, "Internet Telephony Gateway Location," Pro(cid:173)
`ceedings ofiEEE INfocom '98, The Conference on Computer Com(cid:173)
`munications, vol. 2 (Mar. 29-Apr. 2, 1998). (Gateway, Schulzrinne).
`C. Huitema, 45 a!. "Simple Gateway Control Protocol," Version 1.0
`(May 5, 1998). (SGCP).
`DISA "Secret Internet Protocol Router Network," SIPRNET Pro(cid:173)
`gram Management Office (D3113) DISN Networks, DISN Transmis(cid:173)
`sion Services (May 8, 1998). (DISA, SIPRNET).
`D. McDonald, et al. "PF _KEY Key Management API, Version 2,"
`Network Working Group, RFC 2367 (Jul. 1998). (RFC 2367).
`Microsoft Corp., Company Focuses on Quality and Customer Feed(cid:173)
`back(Aug. 18, 1998). (Focus, Microsoft Prior ArtVPNTechnology).
`Atkinson, et al. "Security Architecture for the Internet Protocol,"
`Network Working Group, RFC 2401 (Nov. 1998). (RFC 2401,
`Underlying Security Technologies).
`Donald Eastlake, Domain Name System Security Extensions, IETF
`DNS Security Working Group (Dec. 1998). (DNSSEC-7).
`Kaufman et a!, "Implementing IPsec," (Copyright 1999). (Imple(cid:173)
`menting IPSEC, VPN References).
`Network Solutions, Inc. "Enabling SSL," NSI Registry (1999).
`(Enabling SSL, Underlying Security Technologies).
`C. Scott, et a!. Virtual Private Networks, O'Reilly and Associates,
`Inc.; 2nd ed. (Jan. 1999). (ScottVPNs).
`Goldschlag, et a!., "Onion Routing for Anonymous and Private
`Internet Connections," Naval Research Laboratory, Center for High
`Assurance Computer Systems (Jan. 28, 1999). (Goldschlag III,
`Onion Routing).
`H. Schulzrinne, "Internet Telephony: architecture and protocols-an
`IETF perspective," Computer Networks, vol. 31, No.3 (Feb. 1999).
`(Telephony, Schulzrinne).
`M. Handley, eta!. "SIP: Session Initiation Protocol," Network Work(cid:173)
`ing Group, RFC 2543 and Internet Drafts (Dec. 1996-Mar. 1999).
`(Handley, RFC 2543).
`FreeS/WAN Project, Linux FreeS/WAN Compatibility Guide (Mar. 4,
`1999). (FreeS/WAN Compatibility Guide, FreeS/WAN).
`Telcordia Technologies, "ANX Release 1 Document Corrections,"
`AIAG (May 11, 1999). (Telcordia, ANX).
`Ken Hornstein & Jeffrey Altman, Distributing Kerberos KDC and
`Realm Information with DNS <draft-eitf-cat-krb-dns-locate-oo.txt>
`(Jun. 21, 1999). (Hornstein, DNS SRV).
`Bhattacharya et. al. "An LDAP Schema for Configuration and
`Administration of IPSec Based Virtual Private Networks (VPNs)",
`IETF Internet Draft (Oct. 1999). (Bhattcharya LDAP VPN).
`B. Patel, et al. "DHCP Configuration of IPSEC Tunnel Mode,"
`IPSEC Working Group, Internet Draft 02 (Oct. 15, 1999). (Patel).
`"Building a Microsoft VPN: A Comprehensive Collection of
`Microsoft Resources," FirstVPN, (Jan. 2000). (FirstVPN Microsoft).
`Gulbrandsen, Vixie, & Esibov, A DNS RRfor specifYing the location
`of services (DNS SRV), IETF RFC 2782 (Feb. 2000). (RFC 2782,
`DNS SRV).
`Mitre Organization, "Technical Description," Collaborative Opera(cid:173)
`tions in Joint Expeditionary Force Experiment (JEFX) 99 (Feb.
`2000). (MITRE, SIPRNET).
`H. Schulzrinne, et al. "Application-Layer Mobility Using SIP,"
`Mobile Computing and Communications Review, vol. 4, No. 3. pp.
`47-57 (Jul. 2000). (Application, SIP).
`Kindred et a!, "Dynamic VPN Communities: Implementation and
`Experience," DARPA Information Survivability Conference and
`Exposition II (Jun. 2001). (DARPA, VPN Systems).
`ANX 101: Basic ANX Service Outline. (Outline, ANX).
`ANX 201: AdvancedANX Service. (Advanced, ANX).
`Appendix A: Certificate Profile for ANX IPsec Certificates. (Appen(cid:173)
`dix,ANX).
`Aventail Corp., "Aventail AutoSOCKS the Client Key to Network
`Security," Aventail Corporation White Paper. (Network Security,
`Aventail).
`Cindy Moran, "DISN Data Networks: Secret Internet Protocol
`Router Network (SIPRNet)." (Moran, SIPRNET).
`Data Fellows F -Secure VPN + (F -Secure VPN +).
`Interim Operational Systems Doctrine for the Remote Access Secu(cid:173)
`rity Program (RASP) Secret Dial-In Solution. (RASP, SIPRNET).
`
`Onion Routing, "Investigation ofRoute Selection Algorithms," avail(cid:173)
`able
`at http://www.onion-router.net/ Archives/Route/index.html.
`(Route Selection, Onion Routing).
`Secure Computing, "Bullet-Proofing an Army Net," Washington
`Technology. (Secure, SIPRNET).
`Sparta "Dynamic Virtual Private Network." (Sparta, VPN Systems).
`Standard Operation Procedure for Using the 1910 Secure Modems.
`(Standard, SIPRNET).
`FreeS/WAN
`to
`relating
`emails
`Publically
`available
`(MSFTVXOOO 18833-MSFTVXOOO 19206). (FreeS/WAN emails,
`FreeS/WAN).
`Kaufman et a!., "Implementing IPsec," (Copyright 1999) (Imple(cid:173)
`menting IPsec ).
`Network Associates Gauntlet Firewall For Unix User's Guide Ver(cid:173)
`sion 5.0 (1999). (Gauntlet User's Guide-Unix, Firewall Products).
`Network Associates Gauntlet Firewall for Windows NT Getting
`Started Guide Version 5.0 (1999) (Gauntlet Getting Started Guide(cid:173)
`NT, Firewall Products).
`Network Associates Gauntlet Firewall for Unix Getting Started
`Guide Version 5.0 (1999) (Gauntlet Unix Getting Started Guide,
`Firewall Products).
`Network Associates Release Notes Gauntlet Firewall for Unix 5.0
`(Mar. 19, 1999) (Gauntlet Unix Release Notes, Firewall Products).
`Network Associates Gauntlet Firewall For Windows NT Administra(cid:173)
`tor's Guide Version 5. 0 ( 1999) (Gauntlet NT Administrator's Guide,
`Firewall Products).
`Trusted Information Systems, Inc. Gauntlet Internet Firewall
`Firewall-to-Firewall Encryption Guide Version 3.1 (1996) (Gauntlet
`Firewall-to-Firewall, Firewall Products).
`Network Associates Gauntlet Firewall Global Virtual Private Net(cid:173)
`work User's Guide for Windows NT Version 5. 0 ( 1999) (Gauntlet NT
`GVPN, GVPN).
`Network Associates Gauntlet Firewall For UNIX Global Virtual Pri(cid:173)
`vate Network User's Guide Version 5.0 (1999) (Gauntlet Unix
`GVPN, GVPN).
`Dan Sterne Dynamic Virtual Private Networks (May 23, 2000)
`(Sterne DVPN, DVPN).
`Darrell Kindred Dynamic Virtual Private Networks (DVPN) (Dec.
`21, 1999) (Kindred DVPN, DVPN).
`Dan Sterne et.al. TIS Dynamic Security Perimeter Research Project
`Demonstration (Mar. 9, 1998) (Dynamic Security Perimeter,
`DVPN).
`Darrell Kindred Dynamic Virtual Private Networks Capability
`Description (Jan. 5, 2000) (Kindred DVPN Capability, DVPN) 11.
`Oct. 7, and 28, 1997 email from Domenic J. Turchi Jr.
`(SPARTA00001712-1714, 1808-1811)
`(Turchi DVPN email,
`DVPN).
`James Just & Dan Sterne Security Quickstart Task Update (Feb. 5,
`1997) (Security Quickstart, DVPN).
`Virtual Private Network Demonstration dated Mar. 21, 1998
`(SPARTA00001844-54) (DVPN Demonstration, DVPN).
`GTE Internetworking & BBN Technologies DARPA Information
`Assurance Program Integrated Feasibility Demonstration (IFD) 1.1
`Plan (Mar. 10, 1998) (IFD 1.1, DVPN).
`Microsoft Corp. Windows NT Server Product Documentation:
`Administration Guide--Connection Point Services, available at
`http:/ /www.microsoft.com/technetlarchive/winntas/proddocs/
`inetconctservice/cpsops.mspx
`(Connection
`Point
`Services)
`(Although undated, this reference refers to the operation of prior art
`versions of Microsoft Windows. Accordingly, upon information and
`belief, this reference is prior art to the patents-insuit.).
`Microsoft Corp. Windows NT Server Product Documentation:
`Administration Kit Guide--Connection Manager, available at http:/ I
`www.microsoft.com/technet/archive/winntas/proddocs/
`(Although
`inetconctservice/cmak.mspx
`(Connection Manager)
`undated, this reference refers to the operation of prior art versions of
`Microsoft Windows such as Windows NT 4.0. Accordingly, upon
`information and belief, this reference is prior art to the patents-in(cid:173)
`suit.).
`Microsoft Corp. Autodial Heuristics, available at http:/ /support.
`microsoft.corn/kb/164249 (Autodial Heuristics) (Although undated,
`this reference refers to the operation of prior art versions of Microsoft
`
`Petitioner Apple - Ex. 1001, p.4
`
`

`
`US 7,921,211 B2
`Page 5
`
`Windows such as Windows NT 4.0. Accordingly, upon information
`and belief, this reference is prior art to the patents-in-suit.).
`Microsoft Corp., Cariplo: Distributed Component Object Model,
`( 1996)
`available
`at http:/ /msdn2.microsoft.com/en-us/library/
`ms809332(printer).aspx (Cariplo I).
`Marc Levy, COM Internet Services (Apr. 23, 1999), available at
`http:/ I msdn2 .mi croso ft.com/ en-us/library /ms80930 2(printer) .aspx
`(Levy).
`Markus Horstmann and Mary Kirtland, DCOM Architecture (Jul. 23,
`1997),
`available
`at http://msdn2.microsoft.com/en-us/library/
`ms809311 (printer) .aspx (Horstmann).
`Microsoft Corp., DCOM: A Business Overview (Apr. 1997), avail(cid:173)
`able
`at
`http:/ /msdn2.microsoft.com/en-us/library/
`ms809320(printer).aspx (DCOM Business Overview I).
`Microsoft Corp., DCOM Technical Overview (Nov. 1996), available
`at
`http:/ /msdn2.microsoft.com/en-us/library/ms809340(printer).
`aspx (DCOM Technical Overview I).
`Microsoft Corp., DCOM Architecture White Paper (1998) available
`in PDC DVD-ROM (DCOM Architecture).
`Microsoft Corp, DCOM-The Distributed Component Object
`Model, A Business Overview White Paper (Microsoft 1997) avail(cid:173)
`able in PDC DVD-ROM (DCOM Business Overview II).
`Microsoft Corp., DCOM---Cariplo Home Banking Over The Internet
`White Paper (Microsoft 1996) available in PDC DVD-ROM (Cariplo
`II).
`Microsoft Corp., DCOM Solutions in Action White Paper (Microsoft
`1996) available in PDC DVD-ROM (DCOM Solutions in Action).
`Microsoft Corp., DCOM Technical Overview White Paper
`(Microsoft 1996) available 12 in PDC DVD-ROM (DCOMTechnical
`Overview II).
`Scott Suhy & Glenn Wood, DNS and Microsoft Windows NT 4.0,
`( 1996)
`available
`at http:/ /msdn2.microsoft.com/en-us/library/
`ms810277(printer).aspx (Suhy).
`Aaron Skonnard, Essential Win/net 313-423 (Addison Wesley Long(cid:173)
`man 1998) (Essential Winlnet).
`Microsoft Corp. Installing, Configuring, and Using PPTP with
`Microsoft Clients and Servers, (1998) available at http://msdn2.
`microsoft.com/enus/library/ms811078(printer).aspx (Using PPTP).
`Microsoft Corp., Internet Connection Services for MS RAS, Stan(cid:173)
`dard Edition, http:/ /www.microsoft.com/technetlarchive/winntas/
`proddocs/inetconctservice/bcgstart.mspx (Internet Connection Ser(cid:173)
`vices I).
`Microsoft Corp., Internet Connection Services for RAS, Commercial
`Edition,
`available
`athttp:/ /www.microsoft.com/technetlarchive/
`winntas/proddocs/inetconctservice/bcgstrtc.mspx (Internet Connec(cid:173)
`tion Services II).
`Microsoft Corp., Internet Explorer 5 Corporate Deployment Guide(cid:173)
`Appendix B:Enabling Connections with the Connection Manager
`Administration Kit, available at http://www.microsoft.com/technetl
`prodtechnol/
`ie/deploy/deploy5/appendb.mspx
`(IE5 Corporate
`Development).
`Mark Minasi, Mastering Windows NT Server 4 1359-1442 (6th ed.,
`Jan. 15, 1999)(Mastering Windows NT Server).
`Hands On, Self-Paced Training for Supporting Version 4.0 371-473
`(Microsoft Press 1998) (Hands On).
`Microsoft Corp., MS Point-to-Point Tunneling Protocol (Windows
`NT 4.0), available at http://www.microsoft.com/technetlarchive/
`winntas/maintain/featusability/pptpwp3 .mspx (MS PPTP).
`Kenneth Gregg, et al., Microsoft Windows NT Server Administrator's
`Bible 173-206, 883-911, 974-1076 (IDG Books Worldwide 1999)
`(Gregg).
`Microsoft Corp., Remote Access (Windows), available at http://
`msdn2.microsoft.com/en-us/library/bb545687(VS.85,printer).aspx
`(Remote Access).
`Microsoft Corp., Understanding PPTP (Windows NT 4.0), available
`at
`http:/ /www.microsoft.com/technetlarchive/winntas/plan/
`pptpudst.mspx (Understanding PPTP NT 4) (Although undated, this
`reference refers to the operation of prior art versions of Microsoft
`Windows such as Windows NT 4.0. Accordingly, upon information
`and belief, this reference is prior art to the patents-in-suit.).
`Microsoft Corp., Windows NT 4.0: Virtual Private Networking, avail(cid:173)
`able at http:/ /www.microsoft.com/technetlarchive/winntas/ deploy/
`confeatlvpntwk.mspx (NT 4 VPN) (Although undated, this reference
`
`refers to the operation of prior art versions of Microsoft Windows
`such as Windows NT 4.0. Accordingly, upon information and belief,
`this reference is prior art to the patents-in-suit.).
`Anthony Northrup, NT Network Plumbing: Routers, Proxies, and
`Web Services 299-399 (IDG Books Worldwide 1998) (Network
`Plumbing).
`Microsoft Corp., Chapter !-Introduction to Windows NT Routing
`with Routing and Remote Access Service, Available at http://www.
`microsoft.com/technetl archive/winntas/proddocs/ rras40/rrasch0 1.
`mspx (Intro to RRAS) (Although undated, this reference refers to the
`operation of prior art versions of Microsoft Windows such as Win(cid:173)
`dows NT 4.0. Accordingly, upon information and belief, this refer(cid:173)
`ence is prior art to the patents-in-suit.) 13.
`Microsoft Corp., Windows NT Server Product Documentation:
`Chapter 5-Planning for Large-Scale Configurations, available at
`http:/ /www.microsoft.com/technetlarchive/winntas/proddocs/
`rras40/rrasch05 .mspx
`(Large-Scale Configurations)
`(Although
`undated, this reference refers to the operation of prior art versions of
`Microsoft Windows such as Windows NT 4.0. Accordingly, upon
`information and belief, this reference is prior art to the patents-in(cid:173)
`suit.).
`F-Secure, F-Secure NameSurfer (May 1999) (from FSECURE
`00000003) (NameSurfer 3).
`F-Secure, F-Secure VPN Administrator's Guide (May 1999) (from
`FSECURE 00000003) (F-Secure VPN 3).
`F-Secure, F-Secure SSH User's & Administrator's Guide (May
`1999) (from FSECURE 00000003) (SSH Guide 3).
`F-Secure, F-Secure SSH2.0 for Windows NT and 95 (May 1999)
`(from FSECURE 00000003) (SSH 2.0 Guide 3).
`F-Secure, F-Secure VPN+ Administrator's Guide (May 1999) (from
`Fsecure 00000003) (VPN+ Guide 3).
`F-Secure, F-Secure VPN+ 4.i (1999) (from Fsecure 00000006)
`(VPN+ 4.1 Guide 6).
`F -Secure, F-Secure SSH ( 1996) (from F secure 00000006) (F -Secure
`SSH 6).
`F-Secure, F-Secure SSH 2.0 for Windows NT and 95 (1998) (from
`Fsecure 00000006) (F-Secure SSH 2.0 Guide 6).
`F-Secure, F-Secure SSH User's & Administrator's Guide (Sep.
`1998) (from Fsecure 00000009) (SSH Guide 9).
`F-Secure, F-Secure SSH 2. 0 for Windows NT and 95 (Sep. 1998)
`(from Fsecure 00000009) (F-Secure SSH 2.0 Guide 9).
`F-Secure, F-Secure VPN+ (Sep. 1998) (from Fsecure 00000009)
`(VPN+ Guide 9).
`F-Secure, F-Secure Management Tools, Administrator's Guide
`(1999) (from Fsecure 00000003) (F-Secure Management Tools).
`F-Secure, F-Secure Desktop, User's Guide (1997) (from Fsecure
`00000009) (FSecure Desktop User's Guide).
`SafeNet, Inc., VPN Policy Manager (Jan. 2000) (VPN Policy Man(cid:173)
`ager).
`F-Secure, F-Secure VPN+ for Windows NT 4.0 (1998)(fromFsecure
`00000009) (FSecure VPN+ ).
`IRE, Inc., SafeNet I Security Center Technical Reference Addendum
`(Jun. 22, 1999) (Safenet Addendum).
`IRE, Inc., System Description for VPN Policy Manager and SafeNet/
`SoftPK (Mar. 30, 2000) (VPN P