throbber
IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`PATENT TRIAL & APPEAL BOARD
`
`
`
`
`
`In re Patent of: Scott C. Harris
`U.S. Patent No.: 7,490,348
`Issue Date:
` February 10, 2009
`Appl. No.:
`
`10/800,472
`
`Filing Date:
` March 15, 2004
`Title:
`Wireless Network Having Multiple Communication
`Allowances
`
`
`
`DECLARATION OF PROFESSOR BRUCE McNAIR
`
`
`I, Prof. Bruce McNair, declare as follows:
`
`I.
`
`
`Background and Qualifications
`
`(1.) My name is Bruce McNair. I am a Distinguished Service Professor of
`
`Electrical and Computer Engineering at Stevens Institute of Technology in
`
`Hoboken, NJ. I have studied and practiced in the fields of electrical engineering,
`
`computer engineering, and computer science for over 40 years, and have been a
`
`Professor of Electrical and Computer Engineering since 2002.
`
`(2.)
`
`I received my Masters of Engineering (M.E.) degree in the field of
`
`Electrical Engineering from Stevens Institute of Technology (“Stevens”) in 1974
`
`and my Bachelor of Engineering (B.E.) degree in the field of Electrical
`
`Engineering in 1971 from Stevens as well.
`
`(3.)
`
`I am the Founder and Chief Technology Officer of Novidesic
`
`Communications, LLC, a technology consulting company. Prior to starting
`

`
`1
`
`STARWOOD Ex 1009, page 1
`
`

`
`Novidesic and joining the faculty at Stevens in 2002, I spent 24 years at AT&T
`
`Bell Laboratories (“Bell Labs”). My most recent work there included research into
`
`next generation (4G and beyond) wireless data communications systems, including
`
`high-speed, high-mobility wide area networks as well as range and speed
`
`extensions to IEEE 802.11(a & b) wireless LANs. Before that, my activities
`
`included developing encryption hardware, secure voice architecture studies, high-
`
`speed voice-band modems, and public data network protocols.
`
`(4.) Before joining Bell Labs, I spent seven years developing military
`
`communications systems for the U.S. Army Electronics Command and ITT
`
`Defense Communications Division. My responsibilities included developing
`
`cryptographic and ECCM techniques for portable radio systems, TEMPEST
`
`technology, and state-of-the-art speech compression techniques.
`
`(5.) Since becoming a faculty member at Stevens in 2002 (and even
`
`before) I have published over 20 technical publications in scientific journals or
`
`conferences in the fields of wireless communications and security. I have 24 U.S.
`
`patents in related fields, as well as 16 associated international patents. As part of
`
`my research as a professor, and previously at Bell Labs, I have developed and
`
`implemented many different wireless networks with differentiated classes of
`
`service, similar to that which is described in U.S. Patent No. 7,490,348 (“the ‘348
`
`patent”), and which I explain in more detail below. My graduate teaching at
`

`
`2
`
`STARWOOD Ex 1009, page 2
`
`

`
`Stevens has included courses in Wireless Systems Security and Information
`
`Systems Security, which include treatment of quality of service and mechanisms to
`
`differentiate access. An exemplary list of publications relevant to this topic, which
`
`also highlight my familiarity with the concept of providing differentiated classes of
`
`service across a network (i.e., the basic concept claimed in the ‘348 patent) is
`
`provided below.
`
` Cimini, L., Leung, K., McNair, B., Winters, J. "Outdoor IEEE 802.11b Cellular
`Networks: MAC Protocol Design and Performance," Proc. ICC 2002, New
`York, NY, April 2002.
`
` Clark, M., Leung, K., McNair, B., Kostic, Z., "Outdoor IEEE 802.11b Cellular
`Networks: Radio Link Performance", Proc. ICC 2002, New York, NY, April
`2002.
`
` McNair, B., "Future Directions for Wireless Communications,"
`Supercomm2001, Atlanta, GA, June, 2001.
`
` “Method and apparatus for user identification and verification of data packets in
`a wireless communications network,” EP Patent No. 0,689,316, December 27,
`1995.
`
` Secure Telecommunications," US Patent No. 5,392,357, February 21, 1995.
`
` "System and Method for Granting Access to a Resource," US Patent No.
`5,375,244, December 20, 1994.
`
` D'Angelo, D.M., McNair, B., Wilkes, J.E., "Security in Electronic Messaging
`Systems," AT&T Technical Journal, Volume 73, Number 3, 1994.
`
` "Centralized Security Control System," US Patent No. 5,276,444, January 4,
`1994.
`
`
`3
`
`
`
`
`
`
`
`
`

`
`STARWOOD Ex 1009, page 3
`
`

`
`(6.)
`
` I am personally familiar with the ORiNOCO AP-1000 product
`
`described in Exh. 1006. While I worked for Bell Labs, specifically in the 1999-
`
`2000 timeframe, this access point was the device that was employed to provide in-
`
`house wireless network access in the Bell Labs facility in Middletown, NJ.
`
`Contemporaneously, I used this model of access point to conduct some of my
`
`personal research in IEEE 802.11 wireless networks. Finally, in about the same
`
`time frame, but certainly before leaving Bell Labs in 2002, I personally owned an
`
`ORiNOCO AP-1000 product that I installed in my home wireless network. Using
`
`the two wireless network interface cards (NICs) contained within the AP-1000, I
`
`operated my home network with a secure sub-network as well as an open sub-
`
`network for guests, as described in the documentation for the device.1
`
`(7.)
`
`I am a Senior Member of the IEEE and belong to the Communications
`
`and Signal Processing Societies. I have served as the Secretary of the IEEE
`
`Communications Society Communications Security Committee.
`
`(8.) A copy of my latest curriculum vitae (C.V.) is attached to this
`
`declaration as Appendix A.
`
`
`
`
`
`                                                       
`1 See, e.g., Exh. 1006 at §§ 7-1 – 7-24.
`

`
`4
`
`STARWOOD Ex 1009, page 4
`
`

`
`II. Description of the Relevant Field and the Relevant Timeframe
`
`(9.)
`
`I have carefully reviewed the ‘348 patent as well as the patents and
`
`applications referenced in the section of the ‘348 patent entitled “Related U.S.
`
`Application Data.”
`
`(10.) For convenience, all of the information that I considered in arriving at
`
`my opinions is listed in Appendix B. Based on my review of these materials, I
`
`believe that the relevant field for purposes of the ‘348 patent is basic wired and
`
`wireless network system architecture, as well as access control methodologies
`
`including standard cryptography. I have been informed that the relevant timeframe
`
`is on or before March 17, 2003.
`
`(11.) As described in Section I above and as shown in my CV, I have
`
`extensive experience in Electrical Engineering and Computer Science. Based on
`
`my experience, I have a good understanding of the relevant field in the relevant
`
`timeframe.
`
`III. The Person of Ordinary Skill in the Relevant Field in the Relevant
`Timeframe
`
`
`
`(12.) I have been informed that “a person of ordinary skill in the relevant
`
`field” is a hypothetical person to whom an expert in the relevant field could assign
`
`a routine task with reasonable confidence that the task would be carried out
`
`successfully. I have been informed that the level of skill in the art is evidenced by
`
`prior art references. The prior art discussed herein demonstrates that a person of
`5
`

`
`STARWOOD Ex 1009, page 5
`
`

`
`ordinary skill in the field, at the time the ‘348 patent was effectively filed, was
`
`aware of standard wireless and wired network communication infrastructures,
`
`provisioning network services and resources, and access control methodologies
`
`including standard cryptography.
`
`(13.) Based on my experience, I have an understanding of the capabilities
`
`of a person of ordinary skill in the relevant field. I have supervised and directed
`
`many such persons over the course of my career. Further, I had those capabilities
`
`myself at the time the ‘348 patent was effectively filed.
`
`IV. The ‘348 Patent
`
`(14.) The ‘348 patent describes the basic concept of providing
`
`differentiated classes of wireless network services,2 which has existed for many
`
`years in both wired and wireless networks. As shown in the one and only figure of
`
`the ‘348 patent, the classes differentiate among the access rights provided to users.
`
`For example, classes may be differentiated based on “full file access,” “print &
`
`internet only” service, and “commercial only” internet access.3 The ‘348 patent
`
`discloses that an alternative implementation in which a single network interface
`
`card (NIC) may be used instead of three NICs as shown in Figure 1.4 NICs are
`
`                                                       
`2 See Exh. 1001 at Abstract.
`3 Id. at 1:56-67; 2:6-17; and 2:27-43.
`4 Id. at 2:47-52.
`

`
`6
`
`STARWOOD Ex 1009, page 6
`
`

`
`interfaces to wired and wireless networks including wireless networks governed by
`
`the well-known IEEE 802.11 standard.
`
`
`
`The ‘348 patent describes that users must access the network service or resource
`
`with a credential such as, for example, a password or a cryptographic key.5
`
`V.
`
`Scientific Principles Underlying the ‘348 Patent
`
`(15.) The ‘348 patent represents a simple combination of several well-
`
`known networking concepts: differentiating between classes of services and access
`
`to resources; providing credentials (such as a password or a key) to limit access to
`
`the classes; and placing the services and resources on networks accessible via
`
`different NICs. A brief description of these concepts is provided below.
`
`                                                       
`5 Id. at 1:10-17; 1:41-44; and 2:18-21.
`

`
`7
`
`STARWOOD Ex 1009, page 7
`
`

`
`(16.) The most basic and well-understood concept underlying the ‘348
`
`patent is that not all services have the same requirements. For instance, some
`
`services, like text-based e-mail, have very little requirements for transmission
`
`delay or bandwidth; others, for instance, interactive voice communications, have
`
`stringent delay requirements. Still others, e.g., streaming video or interactive video
`
`communications, have greater bandwidth demands. These differing classes (or
`
`levels) of service have led to the development of different network
`
`implementations, e.g., circuit switching, packet switching, and asynchronous
`
`transfer mode networks.
`
`(17.) Differentiated service and access has existed for many years in these
`
`types wired networks; the International Telecommunication Union first
`
`standardized the concepts of quality of service in 1994 in Recommendation E.800.
`
`Quality of service provides differentiated service assurances based on, for
`
`example, minimum data rate, maximum transmission, maximum error rate, and
`
`minimum likelihood of being able to establish a connection in the presence of
`
`competing traffic.
`
`(18.) Naturally, as wired networks were replaced with wireless networks,
`
`the concept of differentiated classes of service and access carried over into wireless
`
`networks. Differentiated classes of service required mechanisms to establish who
`
`would be using the service, what services they will be allowed to use, and how they
`

`
`8
`
`STARWOOD Ex 1009, page 8
`
`

`
`will be billed for usage. Access control lists, i.e., lists that indicate which users
`
`may access certain services and resources, have been a mainstay of computer
`
`security almost as long as computer systems have existed.
`
`(19.) Access control is based on identifying a user or process and
`
`authenticating that user or process to ensure their identity claim is valid. The
`
`information provided by a user or a process to authenticate their identity is referred
`
`to as a credential. A credential may be, for example, a password, a cryptographic
`
`key, or a network name. Credential-based services (most commonly key-based
`
`services) are selectively provided to credentialed users or classes of users based on
`
`their ability to demonstrate their right to access.
`
`(20.) Passwords and keys have traditionally been used to authenticate a user
`
`to an authority, e.g. the use of a password associated with a user ID assures the
`
`authority that one who presents the user ID is its authorized user. Exposure of
`
`passwords or keys can lead to illicit access to protected services or resources.
`
`(21.) Keys have also been traditionally used with cryptography. For
`
`example, symmetric key cryptography uses the same “secret” key for both
`
`encrypting a message and decrypting the message. Symmetric or secret keys
`
`should be guarded to prevent an imposter from masquerading as an authorized user
`
`and to prevent unauthorized monitoring of encrypted messages.
`

`
`9
`
`STARWOOD Ex 1009, page 9
`
`

`
`(22.)
`
` Since passwords and keys should be kept secret and are not meant to
`
`be simple enough to be guessed, passwords can be used for both authentication and
`
`encryption, and so can keys. For example, a random string could serve the purpose
`
`of both a password and a key. There are a number of prior art key distribution
`
`methods in which the keys are encrypted with another key before distribution.
`
`Stallings, in his 1995 textbook (Network and Internetwork Security), describes
`
`four conventional solutions to the key distribution problem (which I’ve
`
`paraphrased below using a hypothetical key exchange between “Alice” and
`
`“Bob”):
`
`
`
`
`
`
`Alice can generate a key and physically deliver it to Bob;
`A third party Addie can generate a key and physically deliver it to
`Alice and Bob;
`If Alice and Bob already have a key, one party can generate a new key
`and transmit it to the other, encrypted by using the old key; and
`If Alice and Bob each have an encrypted connection to a third party
`Addie, Addie can deliver a key on the encrypted links to Alice and
`Bob.6
`(23.) Another type of cryptography is asymmetric cryptography (or Public
`
`
`
`Key Infrastructure). In asymmetric cryptography, an entity’s private key may be
`
`used to encrypt a message. The entity’s public key (as that term is used with
`
`respect to asymmetric cryptography, which is different from the usage of the term
`
`                                                       
`6 See Exh. 1015 at p. 88.
`

`
`10
`
`STARWOOD Ex 1009, page 10
`
`

`
`public key in the claims of the ‘348 patent, as discussed below), is not kept secret
`
`or hidden, and is used by a recipient of the message to decrypt the message.
`
`Alternatively, an entity’s public key (as that term is used with respect to
`
`asymmetric cryptography) may be used to encrypt a message while their private
`
`key is reserved to decrypt the message. In this manner, one direction of
`
`communications, either from the entity to their correspondent or the reverse, can be
`
`secured. The asymmetric cryptography public key is used in connection with this
`
`encryption/decryption methodology. Like symmetric cryptography, asymmetric
`
`cryptography was well-known long before the priority date of the ‘348 patent.
`
`(24.)
`
`In my opinion, the ‘348 patent specification does not describe
`
`asymmetric cryptography, also known as a public key cryptosystem, let alone how
`
`a practitioner would implement or use this encryption methodology. For this
`
`reason, I have examined how one could reasonably interpret the term “public key”
`
`in the context of the patent specification and in view of the Patentee’s litigation
`
`statements and the District Court’s proposed claim constructions. Thus, a public
`
`key could be the name of the network providing public access (in this context, a
`
`key is a token used to provide access) or a payment key, as discussed in paragraph
`
`11
`
`40.
`
`
`

`
`STARWOOD Ex 1009, page 11
`
`

`
`VI. Claim Interpretation
`
`(25.) In proceedings before the USPTO, I understand that the claims of an
`
`unexpired patent are to be given their broadest reasonable interpretation in view of
`
`the specification from the perspective of one skilled in the art during the relevant
`
`timeframe. I have been informed that the ‘348 patent has not expired. In
`
`comparing the claims of the ‘348 patent to the known prior art, I have carefully
`
`considered the ‘348 patent and the ‘348 patent file history based upon my
`
`experience and knowledge in the relevant field. In my opinion, to the extent that
`
`these terms can be construed, the broadest reasonable interpretations of the claim
`
`terms of the ‘348 patent are generally consistent with the terms’ ordinary and
`
`customary meaning, as one skilled in the relevant field would understand them.
`
`For purposes of this proceeding, I have applied the following interpretations when
`
`analyzing the prior art and the claims. Further, in conducting this analysis, I have
`
`considered the District Court’s proposed claim constructions.
`
`(26.) “Key” – an encryption code or code that allows access. This
`
`construction is consistent with the ‘348 patent’s specification,7 the position
`
`                                                       
`7 Exh. 1001 at Abstract, 1:37-44, 1:58-60, 2:6-11.
`12
`

`
`STARWOOD Ex 1009, page 12
`
`

`
`asserted by the Patentee in the concurrent litigation,8 and the proposed construction
`
`provided by the District Court.9
`
`(27.) “Non-public Encryption Key” - This term is left undefined by the
`
`‘348 patent. For purposes of this petition, this term has been construed to mean an
`
`encryption key that is not available to everyone, which is appropriately directed to
`
`the question of access. Further, in arriving at this construction, I have considered
`
`the construction proposed by the Patentee, which is that the term “non-public”
`
`means “not known to everyone” and the term “public” means “known to
`
`everyone.”10 The Patentee’s construction, however, is unsupported by the
`
`specification and, further, leads to a nonsensical result. The specification of the
`
`‘348 patent only discloses a key that controls access, such as an encryption key or
`
`payment key.11 Such cannot control access while at the same time being known to
`
`everyone and, therefore, cannot correspond to the broadest reasonable construction
`
`of the term public as used in the ‘348 patent.
`
`(28.) “Public Key” - This term is left undefined by the ‘348 patent. For
`
`purposes of this petition, this term has been construed to mean a key that is
`
`available to anyone. This construction is appropriately directed to the question of
`
`                                                       
`8 Exh. 1014 at pp. 18-22.
`9 Exh. 1016 at 1 (“key” construed as a code used to control access via encoding or
`decoding).
`10 Exh. 1014 at 21.
`11 Exh. 1001 at Abstract; 1:37-44, 1:58-60, 2:6-11.
`13
`

`
`STARWOOD Ex 1009, page 13
`
`

`
`access and consistent with the ‘348 patent’s specification’s disclosure (i.e., an
`
`encryption key or payment key that controls access to resources)12. Further, as
`
`addressed above with respect to the term “non-public encryption key,” the
`
`Patentee’s proposed construction is unsupported by the specification and leads to a
`
`nonsensical result.
`
`(29.) “Public Encryption Key” - This term is left undefined by the ‘348
`
`patent and its meaning in view of the ‘348 patent’s claims is unclear. Nonetheless,
`
`I have applied the following construction for the purposes of my analysis: at least
`
`one of the cryptographic codes used for communicating data in an encrypted
`
`message in accordance with an asymmetric cryptographic protocol. One of
`
`ordinary skill generally understands a “public encryption key” to be associated
`
`with asymmetric cryptography and, thus, this construction has been applied for
`
`purposes of this petition even though the ‘348 patent provides no support for this
`
`technical disclosure.
`
`(30.) “Substantially A Same Transmitting Area” - The amount of overlap
`
`required by the ‘348 patent claims is not specified in the ‘348 patent specification.
`
`Consistent with the broadest reasonable interpretation applied in this proceeding, I
`
`                                                       
`12 Id.
`

`
`14
`
`STARWOOD Ex 1009, page 14
`
`

`
`interpret this term to require any amount of overlap as advanced by the Patentee in
`
`the concurrent litigation. 13
`
`VII.
`
`(31.)
`
`Discussion of Relevant Patents and Articles
`
`I have been asked to consider the teachings of the prior art cited in the
`
`accompanying petition in view of the knowledge held by one of ordinary skill, and
`
`whether the skilled practitioner would have combined the references as applied in
`
`the petition.
`
`A. Grounds of unpatentability in view of ORiNOCO
`
`1. ORiNOCO
`
`(32.)
`
`The ORiNOCO user’s manual describes an access point that includes
`
`multiple NICs that connect to multiple networks. As was known by skilled
`
`artisans in the earlier part of 2003, each different network was accessed via a
`
`different NIC, e.g., PC Card A or B; thus, a one-to-one correspondence exists
`
`between a NIC and a network. As such, each of these NICs communicates via
`
`distinct communication streams.
`
`(33.)
`
`Including multiple NICs in a single access point (AP) allows multiple
`
`networks to co-exist in a common geographic area. The NICs transmit
`
`communication streams over “substantially a same transmitting area” because they
`
`                                                       
`13 Exh. 1014 at pp. 23-24 (“Specifically, the larger phrase describes how two
`networks relate to one another in a physical area, but the word ‘substantial’ is not
`intended to have any special or numerical meaning”).
`15
`

`
`STARWOOD Ex 1009, page 15
`
`

`
`transmit from a common access point, and therefore, each has a coverage area that
`
`is centered at and originates from the access point. For this reason, the NICs
`
`necessarily have overlapping coverage areas, e.g., transmitting areas.
`
`(34.)
`
`ORiNOCO describes individually securable NICs, e.g., PC Cards A
`
`and B, that can be secured with different security settings based on a network
`
`administrator’s chosen network design.14 For example, ORiNOCO describes
`
`multiple encryption modes: an enable encryption and deny non-encrypted data
`
`mode; an enable encryption and allow non-encrypted data mode; and an
`
`unencrypted mode.15 The encryption modes involve a Wired Equivalent Privacy
`
`(WEP) data encryption protocol in which the network administrator can “specify
`
`up to 4 different keys to decrypt wireless data, and select one of the specified
`
`decryption key values to encrypt wireless data.”16
`
`(35.)
`
`In a mode allowing communication of encrypted data, WEP keys are
`
`kept secret to prevent an imposter from creating encrypted messages and
`
`masquerading as an authorized user associated with the encryption key.17 Keeping
`
`the WEP keys secret also prevents unauthorized users from monitoring encrypted
`
`messages that are not addressed or meant for them.18 Knowledge of this “secret”
`
`                                                       
`14 Exh. 1006 at §§ 7-3, 7-14.
`15 Id. at § 7-14.
`16 Id. at § 7-14 at p. 118.
`17 See supra ¶ 22.
`18 Id.
`

`
`16
`
`STARWOOD Ex 1009, page 16
`
`

`
`encryption key differentiates authorized users from unauthorized users who do not
`
`know the encryption key and are thus blocked from access to the network.
`
`(36.)
`
`ORiNOCO also describes access control lists that can specify the
`
`lifetime of a granted authorization and an authorization password and in particular,
`
`RADIUS Server Access Control Lists.19 The RADIUS Server is configured with,
`
`for example, a list of MAC addresses and associated Authorization Passwords.20
`
`(37.)
`
`ORiNOCO performs access control by automatically detecting a
`
`user’s credential, e.g., a WEP key or an Authorization Password; control software
`
`operating in the station and in the access point management system and under the
`
`control of their respective operating systems automatically detects the user’s
`
`credential.
`
`2.
`
`Liu
`
`(38.)
`
`U.S. Patent No. 7,177,637 to Liu (“Liu”) describes a differentiated
`
`access system in which users may access “private” and “public” resources through
`
`a wireless local area network (WLAN).21 Liu describes that access to the “private”
`
`and “public” resources may be through an access point with a single
`
`                                                       
`19 Exh. 1006 at § 7-5, p. 113; see also id. at § 7-18, p. 116.
`20 Id. at § 7-19, p. 117.
`21 Exh. 1008 at 3:20-24.
`

`
`17
`
`STARWOOD Ex 1009, page 17
`
`

`
`communication port supporting both modes of access, or through multiple
`
`communication ports, each supporting a different mode, within a single housing.22
`
`(39.)
`
`Access to private mode resources, which includes “full network
`
`access/functionality” (e.g., read, write, and delete permissions to the files residing
`
`on that network), and is described as being limited to only authenticated users that
`
`have possession of a secret key.23 In contrast, access to the public mode resources
`
`may be provided to non-authorized users and includes free and/or pay-per-use
`
`access to certain services.24 Liu describes that free services may include certain
`
`public domain services relevant to the enterprise hosting the WLAN, whereas the
`
`pay-per-use services generally includes a level of access to the Internet.25
`
`(40.) While access to the public resources is provided to non-authorized
`
`users, the access point restricts access to the internet until the system validates a
`
`form of payment.26 Thus, a valid payment credential is required before Internet
`
`access is provided and thus, Liu’s public mode provides two classes of network
`
`services and access to network resources – a first requiring a payment key
`
`credential and a second providing open access. Further, a payment key falls within
`
`the definition of the term public key applied herein, which is an encryption code or
`
`                                                       
`22 Id. at 4:61 – 5:10.
`23 Id. at 3:8-19; 3:25-31.
`24 Id. at 3:45-53.
`25 Id. at 4:4-8; FIG. 2.
`26 Id. at 5:37-52.
`

`
`18
`
`STARWOOD Ex 1009, page 18
`
`

`
`code that allows access and is available to anyone.27 A payment key, which
`
`controls access, is available to any member of the public that pays for the key.
`
`(41.) Moreover, as would have been well understood by one of ordinary
`
`skill in the art, access to the paid-for Internet services of Liu could be controlled
`
`using a simple password.28 Further still, in accordance with the IEEE 802.11
`
`standard, Liu’s system provides for automatic access to the appropriate resource
`
`level by completing “authentication/association handshakes with [the] AP.”29
`
`3.
`
`PAWNs
`
`(42.)
`
`Like Liu, the 2002 article published in IEEE’s Wireless
`
`Communications journal entitled “PAWNs: Satisfying the Need for Ubiquitous
`
`Secure Connectivity and Location Services” (“PAWNs”) discloses a public area
`
`wireless network providing differentiated access to network services and resources
`
`based on a user credential. Just as in Liu, PAWNs describes providing a basic
`
`service model in which access to resources is limited to local intranet services and
`
`a hosting organization’s webpages, and an enhanced service model in which full
`
`Internet access and other services are paid for by the user.30
`
`                                                       
`27 See paragraph 28, supra.
`28 Id. at 2:6-10 (describing the use of a password as a means for providing access
`control).
`29 Id. at 2:14-19.
`30 Exh. 1007 at pp. 41 and 47.
`

`
`19
`
`STARWOOD Ex 1009, page 19
`
`

`
`(43.)
`
`The authors of PAWNs also envisioned providing for differentiated
`
`bandwidth allocation within the enhanced service model such that users may
`
`purchase a desired data rate.31 Packet-based monitoring was employed to allow the
`
`system to monitor actual usage, ensure that any individual user did not consume
`
`more than their allotted share of bandwidth, and thus, unnecessarily burden the
`
`system.32
`
`(44.)
`
`Note that one of ordinary skill would have understood bandwidth to
`
`be synonymous with speed of performance – access speed is controlled by how
`
`much bandwidth one is allotted. Bandwidth is the amount of data that can be sent
`
`over a period of time, usually seconds. Accordingly, the speed at which access is
`
`provided (e.g., 1 megabits of data per second or 5 megabits of data per second) is a
`
`function of bandwidth.
`
`(45.)
`
`PAWNs also supported multiple levels of security provisioning,
`
`ranging from minimum encryption of security tokens, which is a value tagged to
`
`every packet of data, to full key encryption of the entire data packets transmitted
`
`between the user and the network.33
`
`(46.)
`
`In addition, PAWNs utilized an encryption key and ID to “provide a
`
`cryptographic binding between the user and the packet so that the network can
`
`                                                       
`31 Id. at p. 44.
`32 Id.
`33 Id.
`

`
`20
`
`STARWOOD Ex 1009, page 20
`
`

`
`identify the source of the packet and determine the packet’s access rights and
`
`privileges” and, further, to “account[] [and charge] for the amount of bandwidth
`
`used by each user.”34 In this way, detection of a key token pair in PAWNs
`
`indicated that the user had paid for certain services. That is, since the key gives
`
`access to a paid service, the key is only received after payment is made and thus,
`
`possession of the key is an indication of payment for PAWNs enhanced services.
`
`(47.)
`
`Similarly, ORiNOCO describes how users can access an access point
`
`using WEP keys; if a user has a WEP key and the WEP key gives access to a paid
`
`service, the user would only have been provided the key upon payment for the
`
`service. Thus, possession of the key is an indication of payment.
`
`B. Modifying ORiNOCO with Liu and PAWNs
`
`(48.)
`
`A network administrator of ordinary skill would have been motivated
`
`to combine the individually securable NICs, security modes, and credentials taught
`
`by ORiNOCO with the differentiated modes of access control for various network
`
`resources and services taught by Liu. Modifying ORiNOCO with the teachings of
`
`Liu amounts to a number of design choices that would have ordinarily been made
`
`by the network administrator in configuring a wired network, or a wireless network
`
`governed by the IEEE 802.11 standard.
`
`                                                       
`34 Id.
`

`
`21
`
`STARWOOD Ex 1009, page 21
`
`

`
`(49.)
`
`This is because ORiNOCO teaches how and with what credentials to
`
`secure the above-described NICs, and Liu describes which network items these
`
`differing levels of security are protecting; that is, Liu describes the relationship
`
`between a level of security and a level of access or service. Further, Liu describes
`
`credential-based access control in which access is restricted until the user
`
`demonstrates his or her right to access network resources and services with, for
`
`example, a payment key, password, encryption key, or other authentication
`
`mechanism.35
`
`(50.)
`
`ORiNOCO and Liu teach the vast majority of features recited in the
`
`‘348 patent claims. A skilled artisan in March of 2003 would have easily been
`
`able to secure ORiNOCO’s NICs to provide differentiated access to resources
`
`(e.g., as I configured my AP-1000 at home in 2002) and to provide differentiated
`
`classes of service in light of the teachings of Liu. In my opinion, once one
`
`recognizes that two levels of access can directly be provided by the ORiNOCO
`
`AP-1000 product, it would be an obvious step to realize that simple extensions to
`
`the design could provide three, four or more differentiated levels of access.
`
`(51.)
`
`Nevertheless, PAWNs is relied for its explicit disclosure of, for
`
`example, a “third set of permissions of access to resources” that restricts internet
`
`access to only specified sites and providing differentiating bandwidth allocation in
`
`                                                       
`35 See e.g., Exh. 1006 at 1:42-43; and 2:6-9.
`22
`

`
`STARWOOD Ex 1009, page 22
`
`

`
`which users may pay for a specific data rate to fit their individualized needs.36
`
`Like Liu, PAWNs describes which network items are being protected and
`
`therefore, the relationship between a level of security and a level of access or
`
`service. PAWNs also describes credential-based access control in which access is
`
`restricted until the user demonstrates his or her right to access network resources
`
`and services with, for example, demonstrating knowledge of or possession of the
`
`proper credentials.
`
`(52.)
`
`As an exemplary first design choice, a skilled artisan could modify
`
`ORiNOCO to differentiate according to “public” and “non-public” modes of
`
`access described by Liu because the ORiNOCO networks can be secured according
`
`to different levels of security. A network administrator would have been motivated
`
`to secure a NIC with a greater level of sec

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket