USOO7921211B2
`
`(12) Unlted States Patent
`(10) Patent No.:
`US 7,921,211 B2
`
`Larson et al.
`(45) Date of Patent:
`*Apr. 5, 2011
`
`(75)
`
`(54) AGILE NETWORK PROTOCOL FOR SECURE
`COMMUNICATIONS USING SECURE
`DOMAIN NAMES
`Inventors: Victor Larson, Fairfax, VA (US);
`Robert Dunham Short, III, Leesburg,
`VA (US); Edmund Colby Munger,
`Crownsville, MD (US); Michael
`Williamson, South Riding, VA (US)
`-
`.
`-
`(73) A551gnee. VlrnetX, Inc., Scotts Valley, CA (US)
`( * ) Notice:
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(1)) by 701 days.
`This patent is subject to a terminal dis-
`claimer.
`
`(21) Appl. No.: 11/840,560
`
`(22)
`
`Filed:
`
`Aug. 17, 2007
`
`(65)
`
`Prior Publication Data
`
`US 2008/0040792 A1
`
`Feb. 14, 2008
`
`Related US. Application Data
`(63) Continuation of application No. 10/714,849, filed on
`Nov. 18, 2003, now Pat. No. 7,418,504, which is a
`continuation of application No. 09/558,210, filed on
`Apr.
`26,
`2000,
`now abandoned, which is
`a
`continuation-in-part of application No. 09/504,783,
`filed on Feb. 15, 2000, now Pat. No. 6,502,135, which
`is
`a
`continuation-in-part
`of
`application No.
`09/429,643, filed on Oct. 29, 1999, now Pat. No.
`7,010,604.
`
`(60) Provisional application No. 60/106,261, filed on Oct.
`30, 1998, provisional application No. 60/ 137,704,
`filed on Jun. 7, 1999.
`
`(51)
`
`Int. Cl.
`G06F 15/173
`
`(2006.01)
`
`....................................................... 709/226
`(52) US. Cl.
`(58) Field of Classification Search .................. 709/226,
`709/221, 726/15
`See application file for complete search history.
`.
`References Clted
`
`(56)
`
`US PATENT DOCUMENTS
`2,895,502 A
`7/1959 Roper et a1.
`5,303,302 A
`4/1994 Burrows
`5,311,593 A
`5/1994 Carmi
`(Continued)
`
`EP
`
`FOREIGN PATENT DOCUMENTS
`0838930
`. 4/1988
`(Continued)
`
`OTHER PUBLICATIONS
`Baumgartner et a1, “Differentiated Services: A New Approach for
`Quality of Service in the Internet,” International Conference on High
`Performance Networking, 255-273 (1998).
`
`(Commued)
`
`Primary Examiner i Krisna Lim
`(74) Attorney, Agent, or Firm 7 McDermott Will & Emery
`LLP
`
`(57)
`
`ABSTRACT
`
`A secure domain name service for a computer network is
`disclosed that includes a portal connected to a computer net-
`work, such as the Internet, and a domain name database
`connected to the computer network through the portal. The
`portal authenticates a query for a secure computer network
`address, and the domain name database stores secure com-
`puter network addresses for the computer network. Each
`secure computer network address is based on a non-standard
`top-level domain name, such as .scom,
`.sorg,
`.snet,
`.snet,
`.sedu, .smil and .sint.
`
`60 Claims, 40 Drawing Sheets
`
`
`2601
`
`IP
`2607/ HOPPING
`
`
`
`
`
`my gloss
`
`
`i
`
`\2602
`
`\ / anmy
`
`
`
`
`
`STE IF
`
`
`
`2505
`2605
`
`\
`WEB
`
`BROWSER
`
`GATE KEEPER
`
`
`
`
`
`HOPPINGI
`RULES
`\2503
`
`
`IP
`STACK
`
`
`,
`
`SECURE
`TARGET
`
`HOPPING
`
`1
`
`MICROSOFT 1001
`
`1
`
`MICROSOFT 1001
`
`

`

`US 7,921,211 B2
`
`Page 2
`
`U.S. PATENT DOCUMENTS
`
`5,384,848 A
`5,511,122 A
`5,629,984 A
`5,764,906 A
`5,771,239 A
`5,805,803 A
`5,822,434 A
`5,864,666 A *
`5,870,610 A
`5,898,830 A
`5,950,195 A
`6,052,788 A
`6,055,574 A
`6,061,346 A
`6,079,020 A
`6,081,900 A *
`6,101,182 A
`6,119,171 A
`6,173,399 B1
`6,199,112 B1
`6,202,081 B1
`6,223,287 B1
`6,226,748 B1
`6,226,751 B1
`6,246,670 B1
`6,262,987 B1
`6,298,341 B1
`6,314,463 B1
`6,333,272 B1
`6,338,082 B1
`6,502,135 B1
`6,557,037 B1
`6,687,746 B1
`6,701,437 B1
`6,752,166 B2
`6,757,740 B1
`6,937,597 B1
`7,039,713 B1
`7,072,964 B1
`7,167,904 B1
`7,188,175 B1
`7,353,841 B2
`7,461,334 B1
`7,490,151 B2
`7,493,403 B2
`2001/0049741 A1
`2004/0199493 A1
`2004/0199520 A1
`2004/0199608 A1
`2004/0199620 A1
`2007/0208869 A1
`2007/0214284 A1
`2007/0266141 A1
`2008/0235507 A1
`
`........ 726/19
`
`1/1995 Kikuchi
`4/1996 Atkinson
`5/1997 McManis
`6/1998 Edelstein et al.
`6/1998 Moroney et al.
`9/1998 Birrellet al.
`10/1998 Caronniet al.
`1/1999 Shrader ........................... 726/15
`2/1999 Beydaetal.
`4/1999 Wesinger, Jr. et al.
`9/1999 Stockwellet al.
`4/2000 Wesinger et al.
`4/2000 Smorodinsky et al.
`5/2000 Nordman
`6/2000 Liu
`6/2000 Subramaniam et al.
`8/2000 Sistanizadeh et al.
`9/2000 Alkhatib
`1/2001 Gilbrech
`3/2001 Wilson
`3/2001 Naudus
`4/2001 Douglas et al.
`5/2001 Bots et al.
`5/2001 Arrowet al.
`6/2001 Karlsson et al.
`7/2001 Mogul
`10/2001 Mann etal.
`11/2001 Abbott etal.
`12/2001 McMillin et al.
`1/2002 Schneider
`12/2002 Munger et al.
`4/2003 Provino
`2/2004 Shuster et al.
`3/2004 Hoke et al.
`6/2004 Lullet al.
`6/2004 Parkh et al.
`8/2005 Rosenberg et al.
`5/2006 Van Gunter et al.
`7/2006 Whittle et al.
`1/2007 Devarajan et al.
`3/2007 McKeeth
`4/2008 Kono etal.
`12/2008 Lu et al.
`2/2009 Munger et al.
`2/2009 Shullet al.
`12/2001 Skene et al.
`10/2004 Ruiz et al.
`10/2004 Ruiz et al.
`10/2004 Rechterman et al.
`10/2004 Ruiz et al.
`9/2007 Adelman et al.
`9/2007 King et al.
`11/2007 Norton
`9/2008 Ishikawa et al.
`
`EP
`GB
`GB
`GB
`JP
`JP
`JP
`JP
`WO
`WO
`W0
`W0
`W0
`
`FOREIGN PATENT DOCUMENTS
`0814589
`12/1997
`2317792
`4/1998
`2334181
`8/1999
`2340702
`2/2000
`62-214744
`9/1987
`04-363941
`12/1992
`09-018492
`1/1997
`10-070531
`3/1998
`WO98/27783
`6/1998
`WO99/11019
`3/1999
`WO 00/17775
`3/2000
`WO 00/70458
`11/2000
`WO 01/16766
`3/2001
`
`OTHER PUBLICATIONS
`
`Chapman et al., “Domain Name System (DNS),” 278-296 (1995).
`Davila et al., “Implementation of Virtual Private Networks at the
`Transport Layer,” M. Mambo, Y. Zheng (Eds), Information Security
`(Second International) Workshop, ISW’ 99. Lecture Notes in Com-
`puter Science (LNCS), vol. 1729; 85-102 (1999).
`De Raadt et al., “Cryptography in OpenBSD,” 10 pages (1999).
`
`
`
`Eastlake, “Domain Name System Security Extensions,” Internet
`Citation, Retrieved from the Internet: URL:ftp://ftp.inet.no/pub/ietf/
`internet-drafts/draft-ietf-dnssec-secext2-05.txt (1998).
`Gunter et al., “An Architecture for Managing QoS-Enabled VRNs
`Over the Internet,” Proceedings 24th Conference on Local Computer
`Networks. LCN’ 99 IEEE Comput. Soc Los Alamitos, CA, pp. 122-
`131 (1999).
`Shimizu, “Special Feature: Mastering the Internet with Windows
`2000”, Internet Magazine, 63:296-307 (2000).
`Stallings, “Cryptography and Network Security,” Principals and
`Practice, 2nd Edition, pp. 399-440 (1999).
`Takata, “U.S. Vendors Take Serious Action to Act Against Crack-
`ersiA Tracking Tool and a Highly Safe DNS Software are
`Released”, Nikkei Communications, 257:87(1997).
`Wells, Email (Lancasterb1be@mail.msn.com), Subject: “Security
`Icon,” (1998).
`Fasbender, A., et al., Variable and Scalable Security: Protection of
`Location Information in Mobile IP, IEEE VTS, 46th, 1996, 5 pp.
`DNS-related correspondence dated Sep. 7, 1993 to Sep. 20, 1993.
`(Pre KX, KX Records).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Dec. 2, 1996). (RFC 2543 Internet Draft 1).
`Aventail Corp., “AutoSOCKS v. 2.1 Datasheet,” available at http://
`www.archive.org/web/19970212013409/www.aventail.com/prod/
`autosk2ds.html (1997). (AutoSOCKS, Aventail).
`Aventail Corp., “Socks Version 5,” Aventail Whitepaper, available at
`http://web.archive.org/web/19970620030312/www.aventail.com/
`educate/whitepaper/soc kswp.html (1997). (Socks, Aventail).
`VI. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Mar. 27, 1997). (RFC 2543 Internet Draft 2).
`VI. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Jul. 31, 1997). (RFC 2543 Internet Draft 3).
`VI. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Nov. 11, 1997). (RFC 2543 Internet Draft 4).
`VI. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (May 14, 1998). (RFC 2543 Internet Draft 5).
`VI. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Jun. 17, 1998). (RFC 2543 Internet Draft 6).
`VI. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Jul. 16, 1998). (RFC 2543 Internet Draft 7).
`VI. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Aug. 7, 1998). (RFC 2543 Internet Draft 8).
`VI. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Sep. 18, 1998). (RFC 2543 Internet Draft 9).
`VI. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Nov. 12, 1998). (RFC 2543 Internet Draft 10).
`VI. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Dec. 15, 1998). (RFC 2543 Internet Draft 11).
`Aventail Corp., “Aventail Connect 3.1/2.6Administrator’s Guide,”
`(1999). (Aventail Administrator 3.1, Aventail).
`Aventail Corp., “Aventail Connect 3.1/2.6 User’s Guide,” (1999).
`(Aventail User 3.1, Aventail).
`Aventail Corp., “Aventail ExtraWeb Server v3.2 Administrator’s
`Guide,” (1999). (Aventail ExtraWeb 3.2, Aventail).
`Check Point Software Technologies Ltd.
`(1999) (Check Point,
`Checkpoint FW).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Jan. 15, 1999). (RFC 2543 Internet Draft 12).
`Goncalves, et al. Check Point FireWall71 Administration Guide,
`McGraw-Hill Companies (2000). (Goncalves, Checkpoint FW).
`Assured Digital Products. (Assured Digital).
`F-Secure, F—Secure Evaluation Kit
`(May 1999)
`00000003) (Evaluation Kit 3).
`F-Secure, F—Secure Evaluation Kit
`00000009) (Evaluation Kit 9).
`IRE, Inc., SafeNet/Soft—PK Version 4 (Mar. 28, 2000) (Soft-PK Ver-
`sion 4).
`IRE/SafeNet Inc., VPN Technologies Overview (Mar. 28, 2000)
`(Safenet VPN Overview).
`IRE, Inc., SafeNet/VPNPolicy Manager Quick Start Guide Version 1
`(1999) (SafeNet VPN Policy Manager).
`Information Assurance/NAI Labs, Dynamic Virtual Private Net—
`works Presentation v.3 (2000).
`
`(FSECURE
`
`(Sep.
`
`1998)
`
`(FSECURE
`
`2
`
`

`

`US 7,921,211 B2
`
`Page 3
`
`U.S. Appl. No. 60/134,547, filed May 17, 1999, Victor Sheymov.
`U.S. Appl. No. 60/151,563, filed Aug. 31, 1999, Bryan Whittles.
`U.S. Appl. No. 09/399,753, filed Sep. 22, 1998, Graig Miller et al.
`Microsoft Corporation’s Fourth Amended Invalidity Contentions
`dated Jan. 5, 2009, VzrnetX Inc. and Science Applications Interna—
`tional Corp. V. Microsoft Corporation.
`Appendix A of the Microsoft Corporation’s Fourth Amended Inval-
`idity Contentions dated Jan. 5, 2009.
`Concordance Table for the References Cited in Tables on pp. 6-15,
`71-80 and 116-124 of the Microsoft Corporation’s Fourth Amended
`Invalidity Contentions dated Jan. 5, 2009.
`l. P. Mockapetris, “DNS Encoding of Network Names and Other
`Types,” Network Working Group, RFC 1101 (Apr. 1989)(RFC1101,
`DNS SRV).
`R. Atkinson, “An Internetwork Authentication Architecture,” Naval
`Research Laboratory, Center for High Assurance Computing Sys-
`tems (Aug. 5, 1993). (Atkinson NRL, KX Records).
`Henning Schulzrinne, Personal Mobilityfor Multimedia Services In
`The Internet, Proceedings of the Interactive Distributed Multimedia
`Systems
`and Services European Workshop at
`143
`(1996).
`(Schulzrinne 96).
`Microsoft Corp., Microsoft Virtual PrivateNetworking: Using Point—
`to—Point Tunneling Protocol for Low—Cost, Secure, Remote Access
`Across the Internet (1996) (printed from 1998 PDC DVD-ROM).
`(Point to Point, Microsoft Prior Art VPN Technology).
`“Safe Surfing: How to Build a Secure World Wide Web Connection,”
`IBM Technical Support Organization, (Mar. 1996). (Safe Surfing,
`Website Art).
`Goldschlag, et al., “Hiding Routing Information,” Workshop on
`Information Hiding, Cambridge, UK (May 1996). (Goldschlag II,
`Onion Routing).
`“IPSec Minutes From Montreal”, IPSEC Working Group Meeting
`Notes,
`http://www.sandleman.ca/ipsec/l996/08/msg000 18.html
`(Jun. 1996). (IPSec Minutes, FreeS/WAN).
`J. M. Galvin, “Public Key Distribution with Secure DNS,” Proceed-
`ings of the Sixth USENIX UNIX Security Symposium, San Jose,
`California, Jul. 1996. (Galvin, DNSSEC).
`J. Gilmore, et al. “Re: Key Management, anyone? (DNS Keying),”
`IPSec Working Group Mailing List Archives (Aug. 1996). (Gilmore
`DNS, FreeS/WAN).
`H. Orman, et al. “Re: ’Re: DNS? was Re: Key Management, any-
`one?” IETF IPSec Working Group Mailing List Archive (Aug. 1996-
`Sep. 1996). (Orman DNS, FreeS/WAN).
`Arnt Gulbrandsen & Paul Vixie, A DNSRRfor specifying the location
`ofservices (DNS SRV), IETF RFC 2052 (Oct. 1996). (RFC 2052,
`DNS SRV).
`Freier, et al. “The SSL Protocol Version 3.0,” Transport Layer Secu-
`rity Working Group (Nov. 18, 1996). (SSL, Underlying Security
`Technology).
`M.G. Reed, et al. “Proxies for Anonymous Routing,” 12th Annual
`Computer Security Applications Conference, San Diego, CA, Dec.
`9-13, 1996. (Reed, Onion Routing).
`Kenneth F. Alden & Edward P. Wobber, TheAlta Vista Tunnel: Using
`theInternet to Extend Corporate Networks, Digital Technical Journal
`(1997) (Alden, AltaVista.
`Automative Industry Action Group, “ANX Release 1 Document Pub-
`lication,” AIAG (1997). (AIAG, ANX).
`Automative Industry Action Group, “ANX Release 1 Draft Docu-
`ment Publication,” AIAG Publications (1997).
`(AIAG Release,
`ANX).
`Aventail Corp. “Aventail VPN Data Sheet,” available at http://www.
`archive.org/web/199702l2013043/www.aventail.com/prod/
`vpndata.html (l997).(Data Sheet, Aventail).
`Aventail Corp., “Directed VPN Vs. Tunnel,” available at http://web.
`archive.org/web/ 199706200303 1 2/www.aventail.com/educate/
`directvpn.htmI (1997). (Directed VPN, Aventail).
`Aventail Corp., “Managing Corporate Access to the Internet,”
`Aventail AutoSOCKS White Paper available at http://web.archive.
`org/web/ 199706200303 1 2/www.aventail.com/educate/whitepaper/
`ipmwp.html (1997). (Corporate Access, Aventail).
`Aventail Corp., “VPN Server V2.0 Administration Guide,” (1997).
`(VPN, Aventail).
`
`
`
`Goldschlag, et al. “Privacy on the Internet,” Naval Research Labo-
`ratory, Center for High Assurance Computer Systems (1997).
`(Goldschlag I, Onion Routing).
`VIicrosoft Corp., Installing Configuring and Using PPTP with
`Microsoft Clients and Servers (1997). (Using PPTP, Microsoft Prior
`Art VPN Technology).
`VIicrosoft Corp., IP Securityfor Microsoft Windows NT Server 5.0
`(1997) (printed from 1998 PDC DVD-ROM). (IP Security, Microsoft
`Prior Art VPN Technology).
`VIicrosoft Corp., Microsoft Windows NTActive Directory: An Intro—
`duction to the Next Generation Directory Services (1997) (printed
`from 1998 PDC DVD-ROM). (Directory, Microsoft Prior Art VPN
`Technology).
`VIicrosoft Corp., Routing and Remote Access Service for Windows
`NT Server NewOpportunities Today and Looking Ahead (1997)
`(printed from 1998 PDC DVD-ROM).(Routing, Microsoft Prior Art
`VPN Technology).
`VIicrosoft Corp., Understanding Point—to—Point Tunneling Protocol
`PPTP (1997) (printed from 1998 PDC DVD-ROM). (Understanding
`PPTP, Microsoft Prior Art VPN Technology).
`J. Mark Smith et.al., Protecting a Private Network: The Alta Vista
`Firewall, Digital Technical Journal (1997). (Smith, AltaVista).
`Naganand Doraswamy Implementation of Virtual Private Networks
`(VPNs) with IPSecurity, <draft-ietf-ipsec-vpn-00.txt> (Mar. 12,
`1997). (Doraswamy).
`Aventail Corp., “Aventail, and Cybersafe to Provide Secure Authen-
`tication For Internet and Intranet Communication,” Press Release,
`Apr. 3, 1997. (Secure Authentication, Aventail).
`D. Wagner, et al. “Analysis ofthe SSL 3.0 Protocol,” (Apr. 15, 1997).
`(Analysis, Underlying Security Technologies).
`Automotive Industry Action Group, “ANXO Certification Authority
`Service and Directory Service Definition for ANX Release 1,” AIAG
`Telecommunications Project Team and Bellcore (May 9, 1997).
`(AIAG Defintion, ANX).
`Automotive Industry Action Group, “ANXO Certification Process
`and ANX Registration Process Definition for ANX Release l,”AIAG
`Telecommunications Project Team and Bellcore (May 9, 1997).
`(AIAG Certification, ANX).
`Aventail Corp., “Aventail Announces the First VPN Solution to
`Assure Interoperability Across Emerging Security Protocols,” Jun. 2,
`1997. (First VPN, Aventail).
`Syverson, et al. “Private Web Browsing,” Naval Research Laboratory,
`Center for High 8 Assurance Computer Systems (Jun. 2, 1997).
`(Syverson, Onion Routing).
`Bellcore, “Metrics, Criteria, and Measurement Technique Require-
`ments for ANX Release 1,” AIAG Telecommunications Project Team
`and Bellcore (Jun. 16, 1997). (AIAG Requirements, ANX).
`R. Atkinson, “Key Exchange Delegation Record for the DNS,” Net-
`work Working Group, RFC 2230 (Nov. 1997). (RFC 2230, KX
`Records).
`1998 Microsoft Professional Developers Conference DVD (“1998
`PDC DVD-ROM”) (including screenshots captured therefrom and
`produced
`as MSFTVX 00018827-00018832).
`(Conference,
`Microsoft Prior Art VPN Technology).
`Microsoft Corp., Virtual Private Networking An Overview (1998)
`(printed from 1998 PDC DVD-ROM) (Overview, Micro soft Prior Art
`VPN Technology).
`Microsoft Corp., Windows NT 5.0 Beta Has Public Premiere at
`Seattle Mini—Camp Seminar attendees get first look at the perfor—
`mance and capabilities of Windows NT 5.0 (1998) (available at hap
`//www.microsoft.com/presspass/features/l998/10-l9nt5.
`mspxpftrue).(NT Beta, Microsoft Prior Art VPN Technology).
`“What ports does SSL use” available at stason.org/TULARC/secu-
`rity/ssl-talk/3-4-What-ports-does-ssl-use.html (1998). (Ports, DNS
`SRV).
`Aventail Corp., “Aventail VPN V2.6 Includes Support for More Than
`Ten Authentication Methods Making Extranet VPN Development
`Secure and Simple,” Press Release, Jan. 19, 1998. (VPN V2.6,
`Aventail).
`R. G. Moskowitz, “Network Address Translation Issues with IPsec,”
`Internet Draft,
`Internet Engineering Task Force, Feb. 6, 1998.
`(Moskowitz).
`
`3
`
`

`

`US 7,921,211 B2
`
`Page 4
`
`H. Schulzrinne, et al, “Internet Telephony Gateway Location,” Pro-
`ceedings of IEEE INfocom ’98, The Conference on Computer Com-
`munications, vol. 2 ( Mar. 29-Apr. 2, 1998). (Gateway, Schulzrinne).
`C. Huitema, 45 al. “Simple Gateway Control Protocol,” Version 1.0
`(May 5, 1998). (SGCP).
`DISA “Secret Internet Protocol Router Networ ,” SIPRNET Pro-
`gram Management Office (D31 13) DISN Networks, DISN Transmis-
`sion Services (May 8, 1998). (DISA, SIPRNET).
`D. McDonald, et al. “PFiKEY Key Management API, Version 2,”
`Network Working Group, RFC 2367 (Jul. 1998). (RFC 2367).
`Microsoft Corp., Company Focuses on Quality and Customer Feed—
`back(Aug. 18, 1998). (Focus, Microsoft PriorArtVPN Technology).
`Atkinson, et al. “Security Architecture for the Internet Protocol,”
`Network Working Group, RFC 2401 (Nov. 1998). (RFC 2401,
`Underlying Security Technologies).
`Donald Eastlake, Domain Name System Security Extensions, IETF
`DNS Security Working Group (Dec. 1998). (DNSSEC-7).
`Kaufman et al, “Implementing IPsec,” (Copyright 1999). (Imple-
`menting IPSEC, VPN References).
`Network Solutions,
`Inc. “Enabling SSL,” NSI Registry (1999).
`(Enabling SSL, Underlying Security Technologies).
`C. Scott, et al. Virtual Private Networks, O’Reilly and Associates,
`Inc.; 2nd ed. (Jan. 1999). (Scott VPNs).
`Goldschlag, et al., “Onion Routing for Anonymous and Private
`Internet Connections,” Naval Research Laboratory, Center for High
`Assurance Computer Systems (Jan. 28, 1999). (Goldschlag III,
`Onion Routing).
`H. Schulzrinne, “Internet Telephony: architecture and protocolsian
`IETF perspective,” Computer Networks, vol. 31, No. 3 (Feb. 1999).
`(Telephony, Schulzrinne).
`M. Handley, et al. “SIP: Session Initiation Protocol,” Network Work-
`ing Group, RFC 2543 and Internet Drafts (Dec. 1996-Mar. 1999).
`(Handley, RFC 2543).
`FreeS/WAN Project, LinuxFreeS/WAN Compatibility Guide (Mar. 4,
`1999). (FreeS/WAN Compatibility Guide, FreeS/WAN).
`Telcordia Technologies, “ANX Release 1 Document Corrections,”
`AIAG (May 11, 1999). (Telcordia, ANX).
`Ken Hornstein & Jeffrey Altman, Distributing Kerberos KDC and
`Realm Information with DNS <draft-eitf-cat-krb-dns-locate-oo.txt>
`(Jun. 21, 1999). (Hornstein, DNS SRV).
`Bhattacharya et. al. “An LDAP Schema for Configuration and
`Administration of IPSec Based Virtual Private Networks (VPNs)”,
`IETF Internet Draft (Oct. 1999). (Bhattcharya LDAP VPN).
`B. Patel, et al. “DHCP Configuration of IPSEC Tunnel Mode,”
`IPSEC Working Group, Internet Draft 02 (Oct. 15, 1999). (Patel).
`“Building a Microsoft VPN: A Comprehensive Collection of
`Microsoft Resources,” FirstVPN, (Jan. 2000). (FirstVPN Microsoft).
`Gulbrandsen, Vixie, & Esibov, A DNS RRfor specifying the location
`ofservices (DNS SRV), IETF RFC 2782 (Feb. 2000). (RFC 2782,
`DNS SRV).
`Mitre Organization, “Technical Description,” Collaborative Opera-
`tions in Joint Expeditionary Force Experiment (JEFX) 99 (Feb.
`2000). (MITRE, SIPRNET).
`H. Schulzrinne, et al. “Application-Layer Mobility Using SIP,”
`Mobile Computing and Communications Review, vol. 4, No. 3. pp.
`47-57 (Jul. 2000). (Application, SIP).
`Kindred et al, “Dynamic VPN Communities: Implementation and
`Experience,” DARPA Information Survivability Conference and
`Exposition II (Jun. 2001). (DARPA, VPN Systems).
`ANX 101: Basic ANX Service Outline. (Outline, ANX).
`ANX 201: Advanced ANX Service. (Advanced, ANX).
`Appendix A: Certificate Profile for ANX IPsec Certificates. (Appen-
`dix, ANX).
`Aventail Corp., “Aventail AutoSOCKS the Client Key to Network
`Security,” Aventail Corporation White Paper. (Network Security,
`Aventail).
`Cindy Moran, “DISN Data Networks: Secret Internet Protocol
`Router Network (SIPRNet).” (Moran, SIPRNET).
`Data Fellows F-Secure VPN+ (F-Secure VPN+).
`Interim Operational Systems Doctrine for the Remote Access Secu-
`rity Program (RASP) Secret Dial-In Solution. (RASP, SIPRNET).
`
`FreeS/WAN
`to
`(FreeS/WAN emails,
`
`Onion Routing, “Investigation ofRoute Selection Algorithms,” avail-
`able
`at
`http://www.onion-router.net/Archives/Route/index.html.
`(Route Selection, Onion Routing).
`Secure Computing, “Bullet-Proofing an Army Net,” Washington
`Technology. (Secure, SIPRNET).
`Sparta “Dynamic Virtual Private Network.” (Sparta, VPN Systems).
`Stande Operation Procedure for Using the 1910 Secure Modems.
`(Standard, SIPRNET).
`relating
`emails
`Publically
`available
`(MSFTVX00018833-MSFTVX00019206).
`FreeS/WAN).
`Kaufman et al., “Implementing IPsec,” (Copyright 1999) (Imple-
`menting IPsec).
`Network Associates Gauntlet Firewall For Unix User’s Guide Ver—
`sion 5.0 (1999). (Gauntlet User’s GuideiUnix, Firewall Products).
`Network Associates Gauntlet Firewall for Windows NT Getting
`Started Guide Version 5.0 (1999) (Gauntlet Getting Started Guidei
`NT, Firewall Products).
`Network Associates Gauntlet Firewall for Unix Getting Started
`Guide Version 5.0 (1999) (Gauntlet Unix Getting Started Guide,
`Firewall Products).
`Network Associates Release Notes Gauntlet Firewall for Unix 5.0
`(Mar. 19, 1999) (Gauntlet Unix Release Notes, Firewall Products).
`Network Associates Gauntlet Firewall For Windows NTAdministra—
`tor ’s Guide Version 5. 0 (1999) (Gauntlet NT Administrator’s Guide,
`Firewall Products).
`Inc. Gauntlet Internet Firewall
`Trusted Information Systems,
`Firewall—to—Firewall Encryption Guide Version 3.1 (1996) (Gauntlet
`Firewall-to-Firewall, Firewall Products).
`Network Associates Gauntlet Firewall Global Virtual Private Net—
`work User ’s Guidefor Windows NT Version 5. 0 (1999) (Gauntlet NT
`GVPN, GVPN).
`Network Associates Gauntlet Firewall For UNIX Global Virtual Pri—
`vate Network User’s Guide Version 5.0 (1999) (Gauntlet Unix
`GVPN, GVPN).
`Dan Sterne Dynamic Virtual Private Networks (May 23, 2000)
`(Sterne DVPN, DVPN).
`Darrell Kindred Dynamic Virtual Private Networks (DVPN) (Dec.
`21, 1999) (Kindred DVPN, DVPN).
`Dan Sterne et.al. TIS Dynamic Security Perimeter Research Project
`Demonstration (Mar. 9,
`1998)
`(Dynamic Security Perimeter,
`DVPN).
`Darrell Kindred Dynamic Virtual Private Networks Capability
`Description (Jan. 5, 2000) (Kindred DVPN Capability, DVPN) 11.
`Oct. 7,
`and 28,
`1997 email
`from Domenic
`J. Turchi
`Jr.
`(SPARTA00001712-1714,
`1808-1811)
`(Turchi DVPN email,
`DVPN).
`James Just & Dan Sterne Security Quickstart Task Update (Feb. 5,
`1997) (Security Quickstart, DVPN).
`Virtual Private Network Demonstration dated Mar. 21, 1998
`(SPARTA00001844-54) (DVPN Demonstration, DVPN).
`GTE Internetworking & BBN Technologies DARPA Information
`Assurance Program Integrated Feasibility Demonstration (IFD) 1.]
`Plan (Mar. 10, 1998) (IFD 1.1, DVPN).
`Microsoft Corp. Windows NT Server Product Documentation:
`Administration Guide%onnection Point Services, available at
`http://www.microsoft.com/technet/archive/winntas/proddocs/
`inetconctservice/cpsops.mspx
`(Connection
`Point
`Services)
`(Although undated, this reference refers to the operation of prior art
`versions of Microsoft Windows. Accordingly, upon information and
`belief, this reference is prior art to the patents-insuit.).
`Microsoft Corp. Windows NT Server Product Documentation:
`Administration Kit Guide%onnection Manager, available at http://
`www.microsoft.com/technet/archive/winntas/proddocs/
`(Although
`inetconctservice/cmak.mspx (Connection Manager)
`undated, this reference refers to the operation of prior art versions of
`Microsoft Windows such as Windows NT 4.0. Accordingly, upon
`information and belief, this reference is prior art to the patents-in-
`suit.).
`Microsoft Corp. Autodial Heuristics, available at http://support.
`microsoft.com/kb/ 164249 (Autodial Heuristics) (Although undated,
`this reference refers to the operation ofprior art versions of Microsoft
`
`4
`
`

`

`US 7,921,211 B2
`
`Page 5
`
`
`
`Windows such as Windows NT 4.0. Accordingly, upon information
`and belief, this reference is prior art to the patents-in-suit.).
`VIicrosoft Corp., Cariplo: Distributed Component Object Model,
`(1996)
`available
`at
`http://msdn2.microsoft.com/en-us/library/
`ms809332(printer).aspx (Cariplo I).
`VIarc Levy, COM Internet Services (Apr. 23, 1999), available at
`http://msdn2.microsoft.com/en-us/library/ms809302(printer).aspx
`(Levy).
`VIarkus Horstrnann and Mary Kirtland, DCOM Architecture (Jul. 23,
`1997),
`available
`at
`http://msdn2.microsoft.com/en-us/library/
`ms80931 1(printer).aspx (Horstrnann).
`VIicrosoft Corp., DCOM: A Business Overview (Apr. 1997), avail-
`able
`at
`http://msdn2.microsoft.com/en-us/library/
`ms809320(printer).aspx (DCOM Business Overview I).
`VIicrosoft Corp., DCOM Technical Overview (Nov. 1996), available
`at
`http://msdn2.microsoft.com/en-us/library/ms809340(printer).
`aspx (DCOM Technical Overview I).
`VIicrosoft Corp., DCOM Architecture White Paper (1998) available
`in PDC DVD-ROM (DCOM Architecture).
`VIicrosoft Corp, DCOMiThe Distributed Component Object
`VIodel, A Business Overview White Paper (Microsoft 1997) avail-
`able in PDC DVD-ROM (DCOM Business Overview II).
`VIicrosoft Corp., DCOM%ariplo Home Banking Over The Internet
`White Paper (Microsoft 1996) available in PDC DVD-ROM (Cariplo
`II).
`VIicrosoft Corp., DCOM Solutions in Action White Paper (Microsoft
`1996) available in PDC DVD-ROM (DCOM Solutions in Action).
`VIicrosoft Corp., DCOM Technical Overview White Paper
`(Microsoft 1996) available 12 in PDC DVD-ROM (DCOM Technical
`Overview II).
`Scott Suhy & Glenn Wood, DNS and Microsoft Windows NT 4.0,
`(1996)
`available
`at
`http://msdn2.microsoft.com/en-us/library/
`ms810277(printer).aspx (Suhy).
`Aaron Skonnard, Essential Winlnet313-423 (Addison Wesley Long-
`man 1998) (Essential Winlnet).
`Microsoft Corp. Installing, Configuring, and Using PPTP with
`Microsoft Clients and Servers, (1998) available at http://msdn2.
`microsoft.com/enus/library/ms811078(printer).aspx (Using PPTP).
`Microsoft Corp., Internet Connection Services for MS RAS, Stan-
`dard Edition, http://www.microsoft.com/technet/archive/winntas/
`proddocs/inetconctservice/bcgstart.mspx (Internet Connection Ser-
`vices I).
`Microsoft Corp., Internet Connection Services for RAS, Commercial
`Edition,
`available
`athttp://www.microsoft.com/technet/archive/
`winntas/proddocs/inetconctservice/bcgstrtc.mspx (Internet Connec-
`tion Services II).
`Microsoft Corp., Internet Explorer 5 Corporate Deployment Guidei
`Appendix BzEnabling Connections with the Connection Manager
`Administration Kit, available at http://www.microsoft.com/technet/
`prodtechnol/
`ie/deploy/deploy5/appendb.mspx
`(IE5 Corporate
`Development).
`Mark Minasi, Mastering Windows NT Server 4 1359-1442 (6th ed.,
`Jan. 15, 1999)(Mastering Windows NT Server).
`Hands On, Self—Paced Trainingfor Supporting Version 4.0 371-473
`(Microsoft Press 1998) (Hands On).
`Microsoft Corp., MS Point-to-Point Tunneling Protocol (Windows
`NT 4.0), available at http://www.microsoft.com/technet/archive/
`winntas/maintain/featusability/pptpwp3.mspx (MS PPTP).
`Kenneth Gregg, et al., Microsoft Windows NTServerAdministrator ’s
`Bible 173-206, 883-911, 974-1076 (IDG Books Worldwide 1999)
`(Gregg)
`Microsoft Corp., Remote Access (Windows), available at http://
`msdn2.microsoft.com/en-us/library/bb545687(VS.85,printer).aspx
`(Remote Access).
`Microsoft Corp., Understanding PPTP (Windows NT 4.0), available
`at
`http://www.microsoft.com/technet/archive/winntas/plan/
`pptpudst.mspx (Understanding PPTP NT 4) (Although undated, this
`reference refers to the operation of prior art versions of Microsoft
`Windows such as Windows NT 4.0. Accordingly, upon information
`and belief, this reference is prior art to the patents-in-suit.).
`Microsoft Corp., Windows NT 4 .0 : Virtual Private Networking, avail-
`able at http://www.microsoft.com/technet/archive/winntas/ deploy/
`confeat/vpntwk.mspx (NT4 VPN) (Although undated, this reference
`
`(from FSECURE
`
`refers to the operation of prior art versions of Microsoft Windows
`such as Windows NT 4.0. Accordingly, upon information and belief,
`this reference is prior art to the patents-in-suit.).
`Anthony Northrup, NT Network Plumbing: Routers, Proxies, and
`Web Services 299-399 (IDG Books Worldwide 1998) (Network
`Plumbing).
`Microsoft Corp., Chapter lilntroduction to Windows NT Routing
`with Routing and Remote Access Service, Available at http://www.
`micro soft. com/technet/archive/winntas/proddoc s/
`rras40/rrasch01 .
`mspx (Intro to RRAS) (Although undated, this reference refers to the
`operation of prior art versions of Microsoft Windows such as Win-
`dows NT 4.0. Accordingly, upon information and belief, this refer-
`ence is prior art to the patents-in-suit.) 13.
`Microsoft Corp., Windows NT Server Product Documentation:
`Chapter SiPlanning for Large-Scale Configurations, available at
`http://www.microsoft.com/technet/archive/winntas/proddocs/
`rras40/rrasch05.mspx (Large-Scale Configurations)
`(Although
`undated, this reference refers to the operation of prior art versions of
`Microsoft Windows such as Windows NT 4.0. Accordingly, upon
`information and belief, this reference is prior art to the patents-in-
`suit.).
`F-Secure, F—Secure NameSurfer (May 1999)
`00000003) (NameSurfer 3).
`F-Secure, F—Secure VPN Administrator ’s Guide (May 1999) (from
`FSECURE 00000003) (F-Secure VPN 3).
`F-Secure, F—Secure SSH User’s & Administrator’s Guide (May
`1999) (from FSECURE 00000003) (SSH Guide 3).
`F-Secure, F—Secure SSH2.0 for Windows NT and 95 (May 1999)
`(from FSECURE 00000003) (SSH 2.0 Guide 3).
`F-Secure, F—Secure VPN+ Administrator’s Guide (May 1999) (from
`Fsecure 00000003) (VPN+ Guide 3).
`F-Secure, F—Secure VPN+ 4.1 (1999) (from Fsecure 00000006)
`(VPN+ 4.1 Guide 6).
`F-Secure, F—Secure SSH (1996) (from Fsecure 00000006) (F-Secure
`SSH 6).
`F-Secure, F—Secure SSH 2.0for Windows NT and 95 (1998) (from
`Fsecure 00000006) (F-Secure SSH 2.0 Guide 6).
`F-Secure, F—Secure SSH User’s & Administrator’s Guide (Sep.
`1998) (from Fsecure 00000009) (SSH Guide 9).
`F-Secure, F—Secure SSH 2.0for Windows NT and 95 (Sep. 1998)
`(from Fsecure 00000009) (F-Secure SSH 2.0 Guide 9).
`F-Secure, F—Secure VPN+ (Sep. 1998) (from Fsecure 00000009)
`(VPN+ Guide 9).
`F-Secure, F—Secure Management Tools, Administrator’s Guide
`(1999) (from Fsecure 00000003) (F-Secure Management Tools).
`F-Secure, F—Secure Desktop, User’s Guide (1997) (from Fsecure
`00000009) (FSecure Desktop User’s Guide).
`SafeNet, Inc., VPN Policy Manager (Jan. 2000) (VPN Policy Man-
`ager).
`F-Secure, F-Secure VPN+ forWindows NT 4.0 (1998) (from Fsecure
`00000009) (FSecure VPN+).
`IRE, Inc., SafeNet / Security Center Technical Reference Addendum
`(Jun. 22, 1999) (Safenet Addendum).
`IRE, Inc., System Descriptionfor VPNPolicy Manager and SafeNet/
`SoftPK (Mar. 30, 2000) (VPN Policy Manager System Description).
`IRE, Inc., About SafeNet / VPN Policy Manager (1999) (About
`Safenet VPN Policy Manager).
`Inc., Gauntlet Internet Firewall,
`Trusted Information Systems,
`Firewall Product Functional Summary (Jul. 22, 1996) (Gauntlet
`Functional Summary).
`Trusted Information Systems, Inc., Running the Gauntlet Internet
`Firewall, AnAdministrator ’s Guide to Gauntlet Version 3.0 (May 31,
`1995) (Running the Gauntlet Internet Firewall).
`Ted Harwood, Windows NT Terminal Server and Citrix Metaframe
`(New Riders 1999) (Windows NT Harwood) 79.
`Todd W. Matehrs and Shawn P. Genoway, Windows NT Thing Client
`Solutions: Implemetning Terminal Server and Citrix MetaFrame
`(Macmillan Technial Publishing 1999) (Windows NT Mathers).
`Bernard Aboba et al., Securing L2TP using IPSEC (Feb. 2, 1999).
`Finding Your Way Through the VPN Maze (1999) (“PGP”).
`Linux FreeS/WAN Overview (1999) (Linux FreeS/WAN) Over-
`view).
`TimeStep, TheBusiness Casefor Secure VPNs (1998) (“TimeStep”).
`
`5
`
`

`

`US 7,921,211 B2
`
`Page 6
`
`Inc., Watch Guard Firebox System
`
`WatchGuard Technologies,
`Powerpoint