`
`PTO/SB/05 (05-03)
`Approved for use through 04/30/2003. OMB 0651-0032
`US. Patent and Trademark Office. US. DEPARTMENT OF COMMERCE
`PTO
`Under the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it displays a valid OMB control number.
`
`
`unuw _—.‘
`
`
`PATENT APPLICATION
`voorooono
`
`
` Method For Establishing Secure Communication Link Between
`TRANSMITTAL
`
`Computers Of Virtual Private Network
`
`
`
`
`Express Mail Label No.
`(Only for new nonprovisional applications under 37 OF. R. 1.53(b))
`
`
`Commissioner for Patents
`
`
`APPLICATION ELEMENTS
`Mail Stop Patent Application
`,
`
`
`ADDRESS TO-
`P.o. Box1450
`See MPEP chapter 600 concerning utility patent application contents.
`Alexandria VA 22313-1450
`
`
`
`7. D CD-ROM or CD-R in duplicate, large table or
`
`Computer Program (Appendix)
`8. Nucleotide and/or Amino Acid Sequence Submission
`
`(if applicable, all necessary)
`a.
`[:1 Computer Readable Form (CRF)
`
`b. Specification Sequence Listing on:
`i. D CD-ROM or CD-R (2 copies); or
`
`ii. El paper
`
`in- identit of above co-ies
`c. E] Statements veri
`
`ACCOMPANYING APPLICATIONS PARTS
`
`
`
`9. E Assignment Papers (cover sheet & document(s))
`10. El
`37 CFR. 3.7303) Statement
`[:1 Power of
`(when there is an assignee)
`Attorney
`
`Fee Transmittal Form (e.g., PTO/SB/17)
`
`
`(Submit an original and a duplicate for fee processing)
`2. E]
`Applicant claims small entity status
`
`See 37 CFR 1.27.
`3. IX
`Specification
`[Total Pages LEI I
`
`(preferred arrangement set forth below)
`- Descriptive title of the Invention
`
`- Cross Reference to Related Applications
`- Statement Regarding Fed sponsored R & D
`
`- Reference to sequence listing. a table,
`
`or a computer program listing appendix
`
`- Background of the Invention
`
`- Brief Summary of the Invention
`- Brief Description of the Drawings ( if filed)
`
`- Detailed Description
`
`- Claim(s)
`
`- Abstract of the Disclosure
`
`4. E Drawing(s) (35 U. 8. 0.113)
`E Formal El
`Informal
`[Total Sheets El]
`5. Oath or Declaration
`3. E Newly executed (original or copy)
`b.
`[:1 Copy from a prior application (37 CFR 1.63 (d))
`(for a continuation/divisional with Box 18 completed)
`i. I] DELETION OF INVENTORtSi
`Signed statement attached deleting inventor(s)
`named in the prior application, see 37 CFR
`1.63(d)(2) and 1.33m).
`'
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Preliminary Amendment
`
`
`
`
`
`Return Receipt Postcard (MPEP 503)
`
`(Should be specifically itemized)
`
`
`
`Certified Copy of Priority Document(s)
`
`
`(if foreign priority is claimed)
`
`
`Nonpublication Request under 35 U.S.C. 122
`
`
`
`(b)(2)(B)(i). Applicant must attach form PTO/SB/35
`
`
`
`or its equivalent.
`
`
`
`Other:
`
`
`
` 18. If a CONTINUING APPLICATION, check appropriate box, and supply the requisite information below and in a preliminary amendment,
`
`
`or in an Application Data Sheet under 37 CFR 1. 76:
`El Continuation
`E Divisional
`III Continuation-in-part (CIP)
`of prior application No: fll 558 209
`
`
`Prior application information:
`Examiner Krisna Lim
`Art Unit: M
`For CONTINUATION or DIVISIONAL APPS only: The entire disclosure of the prior application, from which an oath or declaration Is supplied
`
`
`under Box 5b, is considered a part of the disclosure of the accompanying or divisional application and is hereby incorporated by reference.
`The incorporation can only be relied upon when a portion has been inadvertently omitted from the submitted application parts.
`
`11. El
`
`English Translation Document (if applicable)
`
`[Total Sheetslll
`
`]
`
`12. X Information Disclosure
`Statement (IDS)/PTO-1449
`
`[I Copies of IDS
`Citations
`
`13. [:1
`14.
`
`15. [:1
`
`16. [:1
`
`6. fl Application Data Sheet. See 37 CFR 1.76
`
`
`
`
`
`
`
`Address
`
`
`
` Name (Print/Type)
`
`Ross A. Dannenberg
`
`Registration No. (Attomey/Agent)
`
`“rm
`
`
`
`
`This collection of information is required by 37 CFR 1.53(b). The information isW to obtain or retain a benefit by the public which is to file (and by the
`USPTO to process) an application. Confidentiality is governed by 35 U.S.C. 12
`=
`- 37 CFR 1.14. This collection is estimated to take 12 minutes to complete.
`including gathering, preparing, and submitting the completed application form to the USPTO. Time will vary depending upon the individual case. Any comments on
`the amount of time you require to complete this form and/or suggestions for reducing this burden, should be sent to the Chief Information Officer. US. Patent and
`Trademark Office, US. Department of Commerce. PO. Box 1450, Alexandria. VA 22313—1450. DO NOT SEND FEES OR COMPLETED FORMS TO THIS
`ADDRESS. SEND TO: Mail Stop Patent Application, Commissloner for Patents, PO. Box 1450, Alexandria. VA 22313-1450.
`
`November 7. 2003
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1
`
`
`
`90201iililiiilllllilliliiiiiiililli Ti“3381
`
`:- nuiuuiii (um)
`Approved for use through 07310015. OMB 0651 -0032
`US. Patent and Trademark Office: U S DEPARTMENT OF COMMERCE
`Under the Paperwork Reduction Act oi 1995, no persons are required to respond to a collection of information unless it displays a valid OMB control number.
`
`Filing Date
`Furs: Named Inventor
`
`November 7 2003
`
`
`
`
`FEE TRANSMITTAL
`
`fo r FY 2004
`
`
`Effective 10/01/2003. Patent fees are subject to annual revision.
`
`
`
`—
`
`
`E] Applicant claims small entity status. See 37 CFR 1.27 _nUnit
`
`
`roTALAmoumoF PAYMENT
`(5)
`882
`
`METHOD OF PAYMENT (check all that apply)
`FEE CALCULATION (continued)
`
`
`3. ADDITIONAL FEES
`
`DCheck
`El Credit card
`[1 Money [I Other [I None
`
`Order
`
`8 Deposit Account:
`
`
`2229
`if,"
`Fee Description
`Fee Paid
`
`2051
`65
`Surcharge - late filing fee or oath
`
`
`2052
`25
`Surcharge - late provisional filing fee
`or cover sheet.
`
`
`
`
`
`.
`
`1053
`1812
`1804
`
`1805
`
`2251
`2252
`
`2253
`2254
`
`2255
`2401
`2402
`2403
`1451
`
`2452
`2453
`2501
`2502
`2503
`1460
`1807
`1806
`
`8021
`
`2809
`
`2810
`
`130
`2.520
`920'
`
`55
`210
`
`475
`740
`
`1005
`165
`165
`145
`1,510
`
`Non-English specification
`For filing a request for reexamination
`Requesting publication of SIR prior to
`Examiner action
`1.840' Requesting publication of SIR after
`Examiner action
`Extension for reply within first month
`Extension for reply within second
`month
`Extension for reply within third month
`Extension for reply within fourth
`month
`Extension for reply within fifth month
`Notice of Appeal
`Filing a brief in support of an appeal
`Request for oral hearing
`Petition to institute a public use
`proceeding
`Petition to revive — unavoidable
`Petition to revive — unintentional
`Utility issue fee (or reissue)
`Design issue fee
`Plant issue fee
`Petitions to the Commissioner
`Processing fee under 37 CFR 1.17 (q)
`Submission of information Disclosure
`Stmt
`Recording each patent assignment
`per property (times number of
`properties)
`Filing a submission after final rejection
`(37 CFR § 1.129(a))
`For each additional invention to be
`exa"1"“?“(37 CFR § 112903))
`
`55
`665
`665
`240
`320
`130
`50
`180
`
`40
`
`385
`
`385
`
`2801
`1802
`
`385 Request for Continued Examination (RCE)
`900
`Requestfor expedited examination
`°f a “5'9” ap""°a"°”
`
`
`
`
`
`
`
`
`
`
`
`Other fee (specify) _
`
`.
`Deposit
`Banner & WltCOff' LTD'
`ngnt
`The Director is authorized to: (check all that apply)
`E Chargefee(s) indicated below E Credit any overpayments
`
`
`CI Charge any additional fee(s) during the pendency of this application
`
`
`
`Cl Charge fee(s) indicated below. except for the filing fee
`to the above-identified de-osit account.
`FEE CALCULATION
`
`1.
`BASIC FILING FEE
`
`
`
`Fee Descrl
`tlon
`
`
`Utility filing fee
`
`Design filing fee
`
`Plant filing fee
`
`
`Reissue filing fee
`
`
`Provisional filling fee
`2005
`80
`
`SUBTOTAL (1)
`
`2. EXTRA CLAIM FEES FOR UTILITY AND REISSUE
`
`
`
`Fee
`Extra
`Fee from
`
`
`otalClaims _ -20"
`
`independent
`..
`Claims
`'3
`
`Deposit
`Account
`Number
`
`19-0733
`
`
`
`
`
`C—laims Xbelow P-aid
`= _
`
`BE:
`
` Fee Fee Fee Fee
`
`
`
`Code
`(5)
`Code
`is)
`1202
`18
`2202
`9
`1201
`as
`2201
`43
`
`—L
`F” ”5°" "°"
`Claims in excess of 20
`independent claims in excess of 3
`
`1203
`1204
`1205
`
`290
`35
`18
`
`2203
`2204
`2205
`
`145
`43
`9
`
`Multiple dependent claim. If not paid
`“ Reissue inde endent claims over
`original patent p
`'1 Reissue claims in excess of 20 and
`over original patent
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
` “or number reviousl 'Reduced by Basic Filing Fee Paid SUBTOTAL (3)-aid, if
`creater; For Reissues, see above
`
`
`SUBMITTED BY
`
`
`
`
`
`
`
`(S) 40
`
`Name (Print/Type)
`
`»‘.A Dannen-kg
`
`Registration No
`(Attorney/Agent)
`
`43024
`
`Telephone
`
`
`_liaza=!—
`
`
`
`
`
`(202) 824-3153
`
`
`November 7. 2003
`
`
`information on this form may - Wredit card information should not be
`WARNING:
`included on this form Provide credit card information and authorization on PTO-2038.
`This collection of informationis required by 37 CFR 1 17 and 1.27. The informationIS required to obtain or retain a benefit by the public which is to file (and by the USPTO to process) an
`application Confidentialityis governed by 35 US. C 122 and 37 CFR 1.14 This collectionis estimated to take 12 minutes to complete, including gathering preparing. and submitting the
`completed application form to the USPTO Time will vary depending upon the individual case Any comments on the amount of time you require to complete this form and/or suggestions
`for reducing this burden should be sent to the Chief information Officer, U. S. Patent and Trademark Office U S. Department of Commerce. P. O. Box 1450. Alexandria, VA 22313-1450.
`DO NOT SEND FEES 0R COMPLETED FORMS TO THIS ADDRESS. SEND TO: Commissioner for Patents, P.O. Box 1450, Alexandria. VA 22313-1450
`If you need assistance in completing this form, call 1-Boo—PTO-9199 (1-800-786-9199) and select option 2,
`
`
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2
`
`
`
`10/702486
`
`PTO/SB/05 (05-03)
`Approved for use through 04/30/2003. OMB 0651-0032
`US. Patent and Trademark Office. US. DEPARTMENT OF COMMERCE
`PTO
`Under the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it displays a valid OMB control number.
`
`
`unuw _—.‘
`
`
`PATENT APPLICATION
`voorooono
`
`
` Method For Establishing Secure Communication Link Between
`TRANSMITTAL
`
`Computers Of Virtual Private Network
`
`
`
`
`Express Mail Label No.
`(Only for new nonprovisional applications under 37 OF. R. 1.53(b))
`
`
`Commissioner for Patents
`
`
`APPLICATION ELEMENTS
`Mail Stop Patent Application
`,
`
`
`ADDRESS TO-
`P.o. Box1450
`See MPEP chapter 600 concerning utility patent application contents.
`Alexandria VA 22313-1450
`
`
`
`7. D CD-ROM or CD-R in duplicate, large table or
`
`Computer Program (Appendix)
`8. Nucleotide and/or Amino Acid Sequence Submission
`
`(if applicable, all necessary)
`a.
`[:1 Computer Readable Form (CRF)
`
`b. Specification Sequence Listing on:
`i. D CD-ROM or CD-R (2 copies); or
`
`ii. El paper
`
`in- identit of above co-ies
`c. E] Statements veri
`
`ACCOMPANYING APPLICATIONS PARTS
`
`
`
`9. E Assignment Papers (cover sheet & document(s))
`10. El
`37 CFR. 3.7303) Statement
`[:1 Power of
`(when there is an assignee)
`Attorney
`
`Fee Transmittal Form (e.g., PTO/SB/17)
`
`
`(Submit an original and a duplicate for fee processing)
`2. E]
`Applicant claims small entity status
`
`See 37 CFR 1.27.
`3. IX
`Specification
`[Total Pages LEI I
`
`(preferred arrangement set forth below)
`- Descriptive title of the Invention
`
`- Cross Reference to Related Applications
`- Statement Regarding Fed sponsored R & D
`
`- Reference to sequence listing. a table,
`
`or a computer program listing appendix
`
`- Background of the Invention
`
`- Brief Summary of the Invention
`- Brief Description of the Drawings ( if filed)
`
`- Detailed Description
`
`- Claim(s)
`
`- Abstract of the Disclosure
`
`4. E Drawing(s) (35 U. 8. 0.113)
`E Formal El
`Informal
`[Total Sheets El]
`5. Oath or Declaration
`3. E Newly executed (original or copy)
`b.
`[:1 Copy from a prior application (37 CFR 1.63 (d))
`(for a continuation/divisional with Box 18 completed)
`i. I] DELETION OF INVENTORtSi
`Signed statement attached deleting inventor(s)
`named in the prior application, see 37 CFR
`1.63(d)(2) and 1.33m).
`'
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Preliminary Amendment
`
`
`
`
`
`Return Receipt Postcard (MPEP 503)
`
`(Should be specifically itemized)
`
`
`
`Certified Copy of Priority Document(s)
`
`
`(if foreign priority is claimed)
`
`
`Nonpublication Request under 35 U.S.C. 122
`
`
`
`(b)(2)(B)(i). Applicant must attach form PTO/SB/35
`
`
`
`or its equivalent.
`
`
`
`Other:
`
`
`
` 18. If a CONTINUING APPLICATION, check appropriate box, and supply the requisite information below and in a preliminary amendment,
`
`
`or in an Application Data Sheet under 37 CFR 1. 76:
`El Continuation
`E Divisional
`III Continuation-in-part (CIP)
`of prior application No: fll 558 209
`
`
`Prior application information:
`Examiner Krisna Lim
`Art Unit: M
`For CONTINUATION or DIVISIONAL APPS only: The entire disclosure of the prior application, from which an oath or declaration Is supplied
`
`
`under Box 5b, is considered a part of the disclosure of the accompanying or divisional application and is hereby incorporated by reference.
`The incorporation can only be relied upon when a portion has been inadvertently omitted from the submitted application parts.
`
`11. El
`
`English Translation Document (if applicable)
`
`[Total Sheetslll
`
`]
`
`12. X Information Disclosure
`Statement (IDS)/PTO-1449
`
`[I Copies of IDS
`Citations
`
`13. [:1
`14.
`
`15. [:1
`
`16. [:1
`
`6. fl Application Data Sheet. See 37 CFR 1.76
`
`
`
`
`
`
`
`Address
`
`
`
` Name (Print/Type)
`
`Ross A. Dannenberg
`
`Registration No. (Attomey/Agent)
`
`“rm
`
`
`
`
`This collection of information is required by 37 CFR 1.53(b). The information isW to obtain or retain a benefit by the public which is to file (and by the
`USPTO to process) an application. Confidentiality is governed by 35 U.S.C. 12
`=
`- 37 CFR 1.14. This collection is estimated to take 12 minutes to complete.
`including gathering, preparing, and submitting the completed application form to the USPTO. Time will vary depending upon the individual case. Any comments on
`the amount of time you require to complete this form and/or suggestions for reducing this burden, should be sent to the Chief Information Officer. US. Patent and
`Trademark Office, US. Department of Commerce. PO. Box 1450, Alexandria. VA 22313—1450. DO NOT SEND FEES OR COMPLETED FORMS TO THIS
`ADDRESS. SEND TO: Mail Stop Patent Application, Commissloner for Patents, PO. Box 1450, Alexandria. VA 22313-1450.
`
`November 7. 2003
`
`Petitioner Apple Inc. - Exhibit 1002, p. 3
`
`Petitioner Apple Inc. - Exhibit 1002, p. 3
`
`
`
`90201iililiiilllllilliliiiiiiililli Ti“3381
`
`:- nuiuuiii (um)
`Approved for use through 07310015. OMB 0651 -0032
`US. Patent and Trademark Office: U S DEPARTMENT OF COMMERCE
`Under the Paperwork Reduction Act oi 1995, no persons are required to respond to a collection of information unless it displays a valid OMB control number.
`
`Filing Date
`Furs: Named Inventor
`
`November 7 2003
`
`
`
`
`FEE TRANSMITTAL
`
`fo r FY 2004
`
`
`Effective 10/01/2003. Patent fees are subject to annual revision.
`
`
`
`—
`
`
`E] Applicant claims small entity status. See 37 CFR 1.27 _nUnit
`
`
`roTALAmoumoF PAYMENT
`(5)
`882
`
`METHOD OF PAYMENT (check all that apply)
`FEE CALCULATION (continued)
`
`
`3. ADDITIONAL FEES
`
`DCheck
`El Credit card
`[1 Money [I Other [I None
`
`Order
`
`8 Deposit Account:
`
`
`2229
`if,"
`Fee Description
`Fee Paid
`
`2051
`65
`Surcharge - late filing fee or oath
`
`
`2052
`25
`Surcharge - late provisional filing fee
`or cover sheet.
`
`
`
`
`
`.
`
`1053
`1812
`1804
`
`1805
`
`2251
`2252
`
`2253
`2254
`
`2255
`2401
`2402
`2403
`1451
`
`2452
`2453
`2501
`2502
`2503
`1460
`1807
`1806
`
`8021
`
`2809
`
`2810
`
`130
`2.520
`920'
`
`55
`210
`
`475
`740
`
`1005
`165
`165
`145
`1,510
`
`Non-English specification
`For filing a request for reexamination
`Requesting publication of SIR prior to
`Examiner action
`1.840' Requesting publication of SIR after
`Examiner action
`Extension for reply within first month
`Extension for reply within second
`month
`Extension for reply within third month
`Extension for reply within fourth
`month
`Extension for reply within fifth month
`Notice of Appeal
`Filing a brief in support of an appeal
`Request for oral hearing
`Petition to institute a public use
`proceeding
`Petition to revive — unavoidable
`Petition to revive — unintentional
`Utility issue fee (or reissue)
`Design issue fee
`Plant issue fee
`Petitions to the Commissioner
`Processing fee under 37 CFR 1.17 (q)
`Submission of information Disclosure
`Stmt
`Recording each patent assignment
`per property (times number of
`properties)
`Filing a submission after final rejection
`(37 CFR § 1.129(a))
`For each additional invention to be
`exa"1"“?“(37 CFR § 112903))
`
`55
`665
`665
`240
`320
`130
`50
`180
`
`40
`
`385
`
`385
`
`2801
`1802
`
`385 Request for Continued Examination (RCE)
`900
`Requestfor expedited examination
`°f a “5'9” ap""°a"°”
`
`
`
`
`
`
`
`
`
`
`
`Other fee (specify) _
`
`.
`Deposit
`Banner & WltCOff' LTD'
`ngnt
`The Director is authorized to: (check all that apply)
`E Chargefee(s) indicated below E Credit any overpayments
`
`
`CI Charge any additional fee(s) during the pendency of this application
`
`
`
`Cl Charge fee(s) indicated below. except for the filing fee
`to the above-identified de-osit account.
`FEE CALCULATION
`
`1.
`BASIC FILING FEE
`
`
`
`Fee Descrl
`tlon
`
`
`Utility filing fee
`
`Design filing fee
`
`Plant filing fee
`
`
`Reissue filing fee
`
`
`Provisional filling fee
`2005
`80
`
`SUBTOTAL (1)
`
`2. EXTRA CLAIM FEES FOR UTILITY AND REISSUE
`
`
`
`Fee
`Extra
`Fee from
`
`
`otalClaims _ -20"
`
`independent
`..
`Claims
`'3
`
`Deposit
`Account
`Number
`
`19-0733
`
`
`
`
`
`C—laims Xbelow P-aid
`= _
`
`BE:
`
` Fee Fee Fee Fee
`
`
`
`Code
`(5)
`Code
`is)
`1202
`18
`2202
`9
`1201
`as
`2201
`43
`
`—L
`F” ”5°" "°"
`Claims in excess of 20
`independent claims in excess of 3
`
`1203
`1204
`1205
`
`290
`35
`18
`
`2203
`2204
`2205
`
`145
`43
`9
`
`Multiple dependent claim. If not paid
`“ Reissue inde endent claims over
`original patent p
`'1 Reissue claims in excess of 20 and
`over original patent
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
` “or number reviousl 'Reduced by Basic Filing Fee Paid SUBTOTAL (3)-aid, if
`creater; For Reissues, see above
`
`
`SUBMITTED BY
`
`
`
`
`
`
`
`(S) 40
`
`Name (Print/Type)
`
`»‘.A Dannen-kg
`
`Registration No
`(Attorney/Agent)
`
`43024
`
`Telephone
`
`
`_liaza=!—
`
`
`
`
`
`(202) 824-3153
`
`
`November 7. 2003
`
`
`information on this form may - Wredit card information should not be
`WARNING:
`included on this form Provide credit card information and authorization on PTO-2038.
`This collection of informationis required by 37 CFR 1 17 and 1.27. The informationIS required to obtain or retain a benefit by the public which is to file (and by the USPTO to process) an
`application Confidentialityis governed by 35 US. C 122 and 37 CFR 1.14 This collectionis estimated to take 12 minutes to complete, including gathering preparing. and submitting the
`completed application form to the USPTO Time will vary depending upon the individual case Any comments on the amount of time you require to complete this form and/or suggestions
`for reducing this burden should be sent to the Chief information Officer, U. S. Patent and Trademark Office U S. Department of Commerce. P. O. Box 1450. Alexandria, VA 22313-1450.
`DO NOT SEND FEES 0R COMPLETED FORMS TO THIS ADDRESS. SEND TO: Commissioner for Patents, P.O. Box 1450, Alexandria. VA 22313-1450
`If you need assistance in completing this form, call 1-Boo—PTO-9199 (1-800-786-9199) and select option 2,
`
`
`
`Petitioner Apple Inc. - Exhibit 1002, p. 4
`
`Petitioner Apple Inc. - Exhibit 1002, p. 4
`
`
`
`Docket No. 000479.00112
`
`METHOD FOR ESTABLISHING SECURE COMMUNICATION LINK BETWEEN
`COMPUTERS OF VIRTUAL PRIVATE NETWORK
`
`CROSS-REFERENCE TO RELATED APPLICATIONS
`
`This application claims priority from and is a divisional patent application of co—pending
`
`U.S. application serial number 09/558,209, filed April 26, 2000, which is a continuation-in-part
`
`patent application of previously-filed U.S. application serial number 09/504,783, filed on
`
`February 15, 2000, now U.S. Pat. No. 6,502,135, issued December 31, 2002, which claims
`
`priority from and is a continuation-in-part patent application of previously-filed U.S. application
`serial number 09/429,643, filed on October 29, 1999. The subject matter of U.S. application
`
`serial number 09/429,643, which is bodily incorporated herein, derives from provisional U.S.
`
`application numbers 60/106,261 (filed October 30, 1998) and 60/137,704 (filed June 7, 1999).
`
`The present application is also related to U.S. application serial number 09/558,210, filed April
`
`26, 2000, and which is incorporated by reference herein.
`
`BACKGROUND OF THE INVENTION
`
`A tremendous variety of methods have been proposed and implemented to provide
`
`security and anonymity for communications over the Internet. The variety stems, in part, from
`
`the different needs of different Internet users. A basic heuristic framework to aid in discussing
`
`these different security techniques is illustrated in FIG. 1. Two terminals, an originating terminal
`
`100 and a destination terminal 110 are in communication over the Internet. It is desired for the
`
`communications to be secure, that is, immune to eavesdropping. For example, terminal 100 may
`
`transmit secret information to terminal 110 over the Internet 107. Also, it may be desired to
`
`prevent an eavesdropper from discovering that terminal 100 is in communication with terminal
`
`110. For example, if terminal 100 is a user and terminal 110 hosts a web site, terminal 100’s user
`
`may not want anyone in the intervening networks to know what web sites he is "visiting."
`
`Anonymity would thus be an issue, for example, for companies that want to keep their market
`
`research interests private and thus would prefer to prevent outsiders from knowing which web-
`
`sites or other Internet resources they are “visiting.” These two security issues may be called data
`
`security and anonymity, respectively.
`
`Data security is usually tackled using some form of data encryption. An encryption key
`
`48 is known at both the originating and terminating terminals 100 and 110. The keys may be
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5
`
`
`
`Docket No. 000479.001 12
`
`private and public at the originating and destination terminals 100 and 110, respectively or they
`
`may be symmetrical keys (the same key is used by both parties to encrypt and decrypt). Many
`
`encryption methods are known and usable in this context.
`
`To hide traffic from a local administrator or ISP, a user can employ a local proxy server
`
`in communicating over an encrypted channel with an outside proxy such that
`
`the local
`
`administrator or ISP only sees the encrypted traffic. Proxy servers prevent destination servers
`
`from determining the identities of the originating clients. This system employs an intermediate
`
`server interposed between client and destination server. The destination server sees only the
`
`Internet Protocol (IP) address of the proxy server and not the originating client. The target server
`
`only sees the address of the outside proxy. This scheme relies on a trusted outside proxy server.
`
`Also, proxy schemes are vulnerable to traffic analysis methods of determining identities of
`
`transmitters and receivers. Another important limitation of proxy servers is that the server knows
`
`the identities of both calling and called parties. In many instances, an originating terminal, such
`
`as terminal A, would prefer to keep its identity concealed from the proxy, for example, if the
`
`proxy server is provided by an Internet service provider (ISP).
`
`To defeat traffic analysis, a scheme called Chaum’s mixes employs a proxy server that
`
`transmits and receives fixed length messages, including dummy messages. Multiple originating
`
`terminals are connected through a mix (a server) to multiple target servers. It is difficult to tell
`
`which of the originating terminals are communicating to which of the connected target servers,
`
`and the dummy messages confuse eavesdroppers’ efforts to detect communicating pairs by
`
`analyzing traffic. A drawback is that there is a risk that the mix server could be compromised.
`
`One way to deal with this risk is to spread the trust among multiple mixes. If one mix is
`
`compromised, the identities of the originating and target terminals may remain concealed. This
`
`strategy requires a number of alternative mixes so that the intermediate servers interposed
`
`between the originating and target terminals are not determinable except by compromising more
`
`than one mix. The strategy wraps the message with multiple layers of encrypted addresses. The
`
`first mix in a sequence can decrypt only the outer layer of the message to reveal the next
`
`destination mix in sequence. The second mix can decrypt the message to reveal the next mix and
`
`so on. The target server receives the message and, optionally, a multi-layer encrypted payload
`
`containing return information to send data back in the same fashion. The only way to defeat such
`
`Petitioner Apple Inc. - Exhibit 1002, p. 6
`
`Petitioner Apple Inc. - Exhibit 1002, p. 6
`
`
`
`Docket No. 000479.00112
`
`a mix scheme is to collude among mixes. If the packets are all fixed-length and intermixed with
`
`dummy packets, there is no way to do any kind of traffic analysis.
`
`Still another anonymity technique, called ‘crowds,’ protects the identity of the originating
`
`terminal from the intermediate proxies by providing that originating terminals belong to groups
`
`of proxies called crowds. The crowd proxies are interposed between originating and target
`
`terminals. Each proxy through which the message is sent is randomly chosen by an upstream
`
`proxy. Each intermediate proxy can send the message either to another randomly chosen proxy
`
`in the “crowd” or to the destination. Thus, even crowd members cannot determine if a preceding
`
`proxy is the originator of the message or if it was simply passed from another proxy.
`
`ZKS (Zero-Knowledge Systems) Anonymous IP Protocol allows users to select up to any
`
`of five different pseudonyms, while desktop software encrypts outgoing traffic and wraps it in
`
`User Datagram Protocol (UDP) packets. The first server in a 2+-hop system gets the UDP
`
`packets, strips off one 1
`
`ayer of encryption to add another, then sends the traffic to the next
`
`server, which strips off yet another layer of encryption and adds a new one. The user is permitted
`
`to control the number of hops. At the final server, traffic is decrypted with an untraceable IP
`
`address. The technique is called onion-routing. This method can be defeated using traffic
`
`analysis. For a simple example, bursts of packets from a user during low-duty periods can reveal
`
`the identities of sender and receiver.
`
`Firewalls attempt to protect LANs from unauthorized access and hostile exploitation or
`
`damage to computers connected to the LAN. Firewalls provide a server through which all access
`
`to the LAN must pass. Firewalls are centralized systems that require administrative overhead to
`
`maintain. They can be compromised by virtual-machine applications (“applets”). They instill a
`
`false sense of security that leads to security breaches for example by users sending sensitive
`
`information to servers outside the firewall or encouraging use of modems to sidestep the firewall
`
`security. Firewalls are not useful for distributed systems such as business travelers, extranets,
`
`small teams, etc.
`
`SUMMARY OF THE INVENTION
`
`A secure mechanism for communicating over the intemet, including a protocol referred
`
`to as the Tunneled Agile Routing Protocol (TARP), uses a unique two-layer encryption format
`
`and special TARP routers. TARP routers are similar in function to regular IP routers. Each
`
`TARP router has one or more IP addresses and uses normal IP protocol to send IP packet
`
`Petitioner Apple Inc. - Exhibit 1002, p. 7
`
`Petitioner Apple Inc. - Exhibit 1002, p. 7
`
`
`
`Docket No. 000479.001 12
`
`messages (“packets” or “datagrams”). The IP packets exchanged between TARP terminals via
`
`TARP routers are actually encrypted packets whose true destination address is concealed except
`
`to TARP routers and servers. The normal or “clear” or “outside” 1P header attached to TARP IP
`
`packets contains only the address of a next hop router or destination server. That is, instead of
`
`indicating a final destination in the destination field of the IP header, the TARP packet’s [P
`
`header always points to a next-hop in a series of TARP router hops, or to the final destination.
`
`This means there is no overt indication from an intercepted TARP packet of the true destination
`
`of the TARP packet since the destination could always be next-hop TARP router as well as the
`
`final destination.
`
`Each TARP packet’s true destination is concealed behind a layer of encryption generated
`
`using a link key. The link key is the encryption key used for encrypted communication between
`
`the hops intervening between an originating TARP terminal and a destination TARP terminal.
`
`Each TARP router can remove the outer layer of encryption to reveal the destination router for
`
`each TARP packet. To identify the link key needed to decrypt the outer layer of encryption of a
`
`TARP packet, a receiving TARP or routing terminal may identify the transmitting terminal by
`
`the sender/receiver IP numbers in the cleartext [P header.
`
`Once the outer layer of encryption is removed, the TARP router determines the final
`
`destination. Each TARP packet 140 undergoes a minimum number of hops to help foil traffic
`
`analysis. The hops may be chosen at random or by a fixed value. As a result, each TARP packet
`
`may make random trips among a number of geographically disparate routers before reaching its
`
`destination. Each trip is highly likely to be different for each packet composing a given message
`
`because each trip is independently randomly determined. This feature is called agile routing. The
`
`fact that different packets take different routes provides distinct advantages by making it difficult
`
`for an interloper to obtain all the packets forming an entire multi-packet message. The associated
`
`advantages have to do with the inner layer of encryption discussed below. Agile routing is
`
`combined with another feature that furthers this purpose; a feature that ensures that any message
`
`is broken into multiple packets.
`
`The IP address of a TARP router can be changed, a feature called 1P agility. Each TARP
`
`router, independently or under direction from another TARP terminal or router, can change its IP
`
`address. A separate, unchangeable identifier or address is also defined. This address, called the
`
`TARP address, is known only to TARP routers and terminals and may be correlated at any time
`
`Petitioner Apple Inc. - Exhibit 1002, p. 8
`
`Petitioner Apple Inc. - Exhibit 1002, p. 8
`
`
`
`Docket No. 000479.001 12
`
`by a TARP router or a TARP terminal using a Lookup Table (LUT). When a TARP router or
`
`terminal changes its IP address, it updates the other TARP routers and terminals which in turn
`
`' update their respective LUTs.
`
`The message payload is hidden behind an inner layer of encryption in the TARP packet
`
`that can only be unlocked using a session key. The session key is not available to any of the
`
`intervening TARP routers. The session key is used to decrypt the payloads of the TARP packets
`
`permitting the data stream to be reconstructed.
`
`Communication may be made private using link and session keys, which in turn may be
`
`shared and used according to any desired method. For example, public/private keys or symmetric
`
`keys may be used.
`
`To transmit a data stream, a TARP originating terminal constructs a series of TARP
`
`packets from a series of IP packets generated by a network (IP) layer process. (Note that the
`
`terms “network layer,” “data link layer,” “application layer,” etc. used in this specification
`
`correspond to the Open Systems Interconnection (OSI) network terminology.) The payloads of
`
`these packets are assembled into a block and chain-block encrypted using the session key. This
`
`assumes, of course, that all the IP packets are destined for the same TARP terminal. The block is
`
`then interleaved and the interleaved encrypted block is broken into a series of payloads, one for
`
`each TARP packet to be generated. Special TARP headers IPT are then added to each payload
`
`using the [P headers from the data stream packets. The TARP headers can be identical to normal
`
`IP headers or customized in some way. They should contain a formula or data for deinterleaving
`
`the data at the destination TARP terminal, a time-to-live (TTL) parameter to indicate the number
`
`of hops still to be executed, a data type identifier which indicates whether the payload contains,
`
`for example, TCP or UDP data, the sender’s TARP address, the destination TARP address, and
`
`an indicator as to whether the packet contains real or decoy data or a formula for filtering out
`
`decoy data if decoy data is spread in some way through