US007418504B2
`
`(12) United States Patent
`Larson et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 7,418,504 B2
`Aug. 26, 2008
`
`(54) AGILE NETWORK PROTOCOL FOR SECURE
`COMMUNICATIONS USING SECURE
`DOMAIN NAMES
`
`(58) Field of Classification Search ............... .. 709/226,
`709/221; 713/201
`See application file for complete search history.
`
`(75)
`
`Inventors: Victor Larson, Fairfax, VA (US);
`Robert Dunham Short, III, Leesburg,
`VA (US); Edmund Colby Munger,
`Crownsville, MD (US); Michael
`Williamson, South Riding, VA (US)
`
`(73) Assignee: VirnetX, Inc., Scotts Valley, CA (US)
`
`( * ) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 646 days.
`
`(21) Appl.No.: 10/714,849
`
`(22) Filed:
`
`Nov. 18, 2003
`
`(65)
`
`Prior Publication Data
`
`US 2004/0098485 A1
`
`May 20, 2004
`
`Related U.S. Application Data
`
`(63)
`
`Continuation of application No. 09/558,210, filed on
`Apr. 26, 2000, now abandoned, which is a continua-
`tion-in-part of application No. 09/504,783, filed on
`Feb. 15, 2000, now Pat. No. 6,502,135, which is a
`continuation-in-part of application No. 09/429,643,
`filed on Oct. 29, 1999, now Pat. No. 7,010,604.
`
`(60)
`
`Provisional application No. 60/137,704, filed on Jun.
`7, 1999, provisional application No. 60/106,261, filed
`on Oct. 30, 1998.
`
`(51)
`
`Int. Cl.
`(2006.01)
`G06F 15/1 73
`.................................................... .. 709/226
`(52) U.S. Cl.
`
`(56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`4,933,846 A
`4,988,990 A
`5,164,988 A
`5,276,735 A
`5,311,593 A
`
`6/1990 Humphrey et al.
`1/1991 Warrior
`11/1992 Matyas et 211.
`1/1994 Boebert et al.
`5/1994 Carmi
`
`(Continued)
`FOREIGN PATENT DOCUMENTS
`
`DE
`
`199 24 575
`
`12/1999
`
`(Continued)
`OTHER PUBLICATIONS
`
`Laurie Wells (Lancasterbibelmail MSN Com); “Subject: Security
`Icon” Usenet Newsgroup, Oct. 19, 1998, XP002200606.
`
`(Continued)
`
`Primary Examiner—Krisna Lim
`(74) Attorney, Agent, or Firm—McDermott Will & Emery,
`LLP
`
`(57)
`
`ABSTRACT
`
`A secure domain name service for a computer network is
`disclosed that includes a portal connected to a computer net-
`work, such as the Internet, and a domain name database
`connected to the computer network through the portal. The
`portal authenticates a query for a secure computer network
`address, and the domain name database stores secure com-
`puter network addresses for the computer network. Each
`secure computer network address is based on a non-standard
`top-level domain name, such as .scom,
`.sorg,
`.snet,
`.snet,
`.sedu, .smil and .sint.
`
`60 Claims, 40 Drawing Sheets
`
`11> ROUTER
`
`E
`
`E
`
`
`IP ROUTER
`
`
`
` IP ROUTER
`
`fl
`
`
`IF ROUTER
`
`DESTINATION
`TERMINAL
`M
`
`A I
`
`P ROUTER
`
`Petitioner Apple Inc. - Exhibit 1001, p. 1
`
`MICROSOFT 1001
`
`1
`
`MICROSOFT 1001
`
`Petitioner Apple Inc. - Exhibit 1001, p. 1
`
`
`
`(12) United States Patent
`Larson et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 7,418,504 B2
`Aug. 26, 2008
`
`(54) AGILE NETWORK PROTOCOL FOR SECURE
`COMMUNICATIONS USING SECURE
`DOMAIN NAMES
`
`(58) Field of Classification Search ............... .. 709/226,
`709/221; 713/201
`See application file for complete search history.
`
`(75)
`
`Inventors: Victor Larson, Fairfax, VA (US);
`Robert Dunham Short, III, Leesburg,
`VA (US); Edmund Colby Munger,
`Crownsville, MD (US); Michael
`Williamson, South Riding, VA (US)
`
`(73) Assignee: VirnetX, Inc., Scotts Valley, CA (US)
`
`( * ) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 646 days.
`
`(21) Appl.No.: 10/714,849
`
`(22) Filed:
`
`Nov. 18, 2003
`
`(65)
`
`Prior Publication Data
`
`US 2004/0098485 A1
`
`May 20, 2004
`
`Related U.S. Application Data
`
`(63)
`
`Continuation of application No. 09/558,210, filed on
`Apr. 26, 2000, now abandoned, which is a continua-
`tion-in-part of application No. 09/504,783, filed on
`Feb. 15, 2000, now Pat. No. 6,502,135, which is a
`continuation-in-part of application No. 09/429,643,
`filed on Oct. 29, 1999, now Pat. No. 7,010,604.
`
`(60)
`
`Provisional application No. 60/137,704, filed on Jun.
`7, 1999, provisional application No. 60/106,261, filed
`on Oct. 30, 1998.
`
`(51)
`
`Int. Cl.
`(2006.01)
`G06F 15/1 73
`.................................................... .. 709/226
`(52) U.S. Cl.
`
`(56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`4,933,846 A
`4,988,990 A
`5,164,988 A
`5,276,735 A
`5,311,593 A
`
`6/1990 Humphrey et al.
`1/1991 Warrior
`11/1992 Matyas et 211.
`1/1994 Boebert et al.
`5/1994 Carmi
`
`(Continued)
`FOREIGN PATENT DOCUMENTS
`
`DE
`
`199 24 575
`
`12/1999
`
`(Continued)
`OTHER PUBLICATIONS
`
`Laurie Wells (Lancasterbibelmail MSN Com); “Subject: Security
`Icon” Usenet Newsgroup, Oct. 19, 1998, XP002200606.
`
`(Continued)
`
`Primary Examiner—Krisna Lim
`(74) Attorney, Agent, or Firm—McDermott Will & Emery,
`LLP
`
`(57)
`
`ABSTRACT
`
`A secure domain name service for a computer network is
`disclosed that includes a portal connected to a computer net-
`work, such as the Internet, and a domain name database
`connected to the computer network through the portal. The
`portal authenticates a query for a secure computer network
`address, and the domain name database stores secure com-
`puter network addresses for the computer network. Each
`secure computer network address is based on a non-standard
`top-level domain name, such as .scom,
`.sorg,
`.snet,
`.snet,
`.sedu, .smil and .sint.
`
`60 Claims, 40 Drawing Sheets
`
`11> ROUTER
`
`E
`
`E
`
`
`IP ROUTER
`
`
`
` IP ROUTER
`
`fl
`
`
`IF ROUTER
`
`DESTINATION
`TERMINAL
`M
`
`A I
`
`P ROUTER
`
`Petitioner Apple Inc. - Exhibit 1001, p. 1
`
`MICROSOFT 1001
`
`1
`
`MICROSOFT 1001
`
`Petitioner Apple Inc. - Exhibit 1001, p. 1
`
`
`
`U.S. PATENT DOCUMENTS
`
`5,329,521 A
`5,341,426 A
`5,367,643 A
`5,559,883 A
`5,561,669 A
`5,588,060 A
`5,625,626 A
`5,654,695 A
`5,682,480 A
`5,639,566 A
`5,740,375 A
`5,7366% 2
`,
`,
`5 790 548 A
`1
`1
`5,796,942 A
`5,805,801 A
`5,842,040 A
`5,845,091 A
`5,867,650 A
`5,870,610 A
`5,878,231 A
`5,892,903 A
`5,898,830 A
`5,905,859 A
`5,918,019 A
`5,996,016 A
`6,006,259 A
`6,006,272 A
`6,016,318 A
`6,016,512 A
`6,041,342 A
`6,052,788 A
`6,055,574 A
`6,061,736 A
`6,079,020 A
`6,092,200 A
`6,101,182 A
`6,119,171 A
`6,119,234 A
`6,147,976 A
`6,157,957 A
`6,158,011 A
`6,168,409 B1
`6,175,867 B1
`6,178,409 B1
`6,178,505 B1
`5,179,102 B1
`5,222,342 B1
`5,225,751 B1
`5,233,513 B1
`5,243,350 B1
`5,243,749 B1
`5,243,754 B1
`6,256,671 B1
`5,253,445 B1
`6,286,047 B1
`6,301,223 B1
`6,308,274 B1
`6,311,207 B1
`6,324,161 B1
`6,330,562 B1
`6,332,158 B1
`6,353,614 B1
`6,425,003 B1
`
`,
`,
`5,487,598 B1
`6,502,135 B1
`6,505,232 B1
`6,510,154 B1
`6,549,516 B1
`
`'
`
`7/1994 W61S11 6161
`8/ 1994 Barney et a1,
`11/ 1994 Chang et a1,
`9/ 1996 W11116111S
`10/ 1996 Lenney et a1,
`12/ 1996 A212 _
`4/ 1997 U11161616
`8/1997 Olnowrch et al.
`10/ 1997 N61<6g6W6
`11/ 1997 Nguyen
`4/ 1998 131111116 6161
`133: i1611i1:16t61
`no
`8/1998 Sistanizadeh et al
`8/ 1998 ESb6nS6n
`9/ 1998 H°11°W6Y 6161
`11/ 1998 Hughes et a1,
`12/ 1998 131111116 6161
`2/ 1999 0St611nan
`2/ 1999 Beyda et a1,
`3/1999 Baehr et al.
`4/1999 Klaus
`4/1999 Wesinger, Jr. et al.
`5/1999 Holloway et al.
`6/1999 Valencia
`11/1999 Thalheimer et al.
`12/1999 Adelman et al.
`12/1999 Aravamudan et al.
`1/2000 Tomoike
`1/2000 Huitema
`3/2000 Yarnaguchi
`4/2000 Wesinger, Jr. et al.
`4/2000 Smorodinsky et al.
`5/2000 Rochberger et al.
`6/2000 Liu
`7/2000 Muniyappa et al.
`8/2000 Sistanizadeh et al.
`9/2000 Alkhatib
`9/2000 Aziz et al.
`11/2000 Shand et al.
`12/2000 Berthaud
`12/2000 Chen et al.
`1/2001 Fare
`1/2001 Taghadoss
`1/2001 Weber et al.
`1/2001 Schneider et al.
`1/2001 Weber 5131,
`4/2001 gasyarr er 31,
`5/2001 Arrow er a1,
`5/2001 gharrrrorr
`5/2001 B35111“,
`5/2001 grrararrrarr er a1,
`5/2001 Guerrrr er a1,
`7/2001 Strentzsch et al.
`7/2001 Bmrrrerrau
`9/2001 Ramanathan et al.
`10/2001 Hrastar et 31.
`10/2001 Swift
`10/2001 Mighdoll et al.
`11/2001 Kirch
`12/2001 Boden et al.
`12/2001 Risley et al.
`3/2002 Borella et al.
`7/2002 Herzog et al.
`€6V16 61 61,
`arter
`1 1/2002 V/61163110161
`12/2002 Munger et al.
`1/2003 Mighdoll et al.
`1/2003 Mayes et al.
`4/2003 Albert et al.
`
`US 7,418,504 B2
`Page 2
`
`)rovino .................... .. 709/227
`4/2003
`6,557,037 B1
`)illon
`5/2003
`6,571,296 B1
`5/2003 Shaio et al.
`6,571,338 B1
`6/2003
`Iirst et al.
`6,581,166 B1
`8/2003
`)evine et al.
`6,606,708 B1
`9/2003 Munger et al.
`6,618,761 B2
`12/2003
`{ruglikov et al.
`6,671,702 B2
`2/2004 Steindl
`6,687,551 B2
`3/2004
`:iveash et al.
`6,714,970 B1
`4/2004
`goden er al,
`6,717,949 B1
`6/2004 Wesinger, Jr. et al.
`6,751,738 B2
`7/2004 Sahlqvist
`6,760,766 131
`11/2004
`narson et al.
`6,826,616 B2
`1/2005
`narson et al.
`6,839,759 B2
`Z"r’§§’S‘§3 E1 @2382 fiunger 61 31'
`,
`,
`unger et al.
`7,188,180 B2
`3/2007
`narson et al.
`7,197,563 B2
`3/2007 Sheymov et al.
`2002/0004898 A1
`1/2002
`)roge
`2003/0196122 A1
`10/2003 Wesinger, Jr. et al.
`2005/0055306 A1
`3/2005 Miller et al.
`2006/0059337 A1
`3/2006
`)olyhonen et al.
`
`FOREIGN PATEI\T DOCUMENTS
`
`DE
`EP
`E1’
`EP
`EP
`EP
`EP
`EP
`GB
`GB
`GB
`WO
`W0
`W0
`W0
`W0
`W0
`W0
`W0
`W0
`
`199 24 575 A1
`0 814 589
`0 814 589 A
`0 838 930
`0 838 930 A
`0 838 930 A2
`836306 A1
`0 858 189
`2 317 792
`2 317 792 A
`2 334 181 A
`9827783 A
`WO 98/27783
`W0 98 55930
`W0 98 59470
`W0 99 38081
`W0 99 48303
`WO 00/17775
`WO 00/70458
`W0 01 50588
`
`12/1999
`12/1997
`12/1997
`4/1998
`4/1998
`4/1998
`4/1998
`8/1998
`4/1998
`4/1998
`8/1999
`6/1998
`6/1998
`12/1998
`12/1998
`7/1999
`9/1999
`3/2000
`11/2000
`7/2001
`
`OTHER PUBLICATIONS
`
`Davila J et al, “Implementatin of Virtual Private Networks at the
`Transport Layer”, Information Security, Second International Work-
`shop, ISW’99. Proceedings (Lecture Springer-Verlag Berlin, Ger-
`many,
`[Online] 1999, pp. 85-102, XP002399276, ISBN 3-540-
`66695-B, retrieved from the Internet: URL: http://www.springerlink.
`conflcontent/4uac0tb0heccma89/fulltext.pdf>(Abstract).
`Donald E. Eastlake, III, “Domain Name System Security Exten-
`Sions”, Internet Draft, Apr, 1998,
`P. Srisuresh, et al., “DNS Extensions to Network Address Transla-
`tors”, Internet Draft, Jul. 1998.
`D.B. Chapman, et a1., “Building Internet Firewalls, chapters 8 and 10
`(parts)”, pp. 278-296 and pp. 351-375.
`Search Report (dated Jun. 18, 2002), International Application No.
`PCT/US01/13260.
`Search Report (dated Jun. 28, 2002), International Application No.
`PCT/US01/13261.
`Donald E. Eastlake, “Domain Name System Security Extensions”,
`DNS Security Working Group. Apr. 1998, 51 pages.
`D. B. Chapman et a1., “Building Internet Firewalls”, Nov. 1995, pp.
`278-297 and pp. 351-375.
`P. Srisuresh et al., “DNS extensions to NetworkAddress Translators”,
`Jul. 1998,27 pages.
`Laurie Wells, “Security Icon”, Oct. 19, 1998, 1 page.
`W. Stallings, “Cryptography And Network Security”, 2“‘1 Edition,
`Chapter 13, IP Security, Jun. 8, 1998, pp. 399-440.
`
`2
`
`Petitioner Apple Inc. - Exhibit 1001, p. 2
`
`2
`
`Petitioner Apple Inc. - Exhibit 1001, p. 2
`
`
`
`US 7,418,504 B2
`Page 3
`
`W. Stallings, “New Cryptography and Network Security Book”, Jun.
`8, 1998, 3 pages.
`Fasbender,Kesdogan, and Kubitz: “Variable and Scalable Security:
`Protection of Location Information in Mobile IP”, IEEE publication,
`1996, pp. 963-967.
`Linux FreeS/WAN Index File, printed from http://liberty.freeswan.
`org/freeswan_ trees/freeswan-1.3/doc/ on Feb. 21, 2002, 3 Pages.
`J. Gilmore, “Swan: Securing the Internet against Wiretapping”,
`printed from http://liberty.freeswan.org/freeswan_ trees/freeswan-
`1.3/doc/rationale.htrnl on Feb. 21, 2002, 4 pages.
`Glossary for the Linux FreeS/WAN project. printed from http://
`1iberty.freeswan.org/freeswan_
`trees/freeswan-1 .3/doc/glossary.
`htrnl on Feb. 21, 2002, 25 pages.
`Alan O. Frier et al., “The SSL Protocol Version 30”, Nov. 18, 1996,
`printed from http://www.netscape.com/eng/ss13/draft302.b<t on Feb.
`4,2002, 56 pages.
`Search Report (dated Aug. 20, 2002), International Application No.
`PCT/US01/04340.
`Search Report (dated Aug. 23, 2002), International Application No.
`PCT/US01/13260.
`Shree Murthy et al., “Congestion-Oriented Shortest Multipath Rout-
`ing”, Proceedings of IEEE INFOCOM, 1996, pp. 1028-1036.
`Jim Jones et al., “Distributed Denial of Service Attacks: Defenses”,
`Global Integrity Corporation, 2000, pp. 1-14.
`James E. Bellaire, “New Statement of Rules—Naming Internet
`Domains”, Internet Newsgroup, Jul. 30, 1995, 1 page.
`D. Clark, “US Calls for Private Domain-Name System”, Computer,
`IEEE Computer Society, Aug. 1, 1998, pp. 22-25.
`August Bequai, “Balancing Legal Concerns Over Crime and Security
`in Cyberspace”, Computer & Security, vol. 17, No. 4, 1998, pp.
`293-298.
`Rich Winkel, “CAQ: Networkinig With Spooks: The NET & The
`Control Of Information”, Internet Newsgroup, Jun. 21, 1997, 4
`pages.
`
`Search Report (dated Oct. 7, 2002), International Application No.
`PCT/US01/13261.
`
`F. Halsall, “Data Communications, Computer Networks And Open
`Systems”, Chapter 4, Protocol Basics, 1996, pp. 198-203.
`Reiter, Michael K. and Rubin, Aviel D. (AT&T Labs—Research),
`“Crowds: Anonymity for Web Transmissoins”, pp. 1-23.
`Dolev, Shlomi and Ostrovsky, Rafil, “Efficient Anonymous Multicast
`and Reception”(Extended Abstract), 16 pages.
`Rubin, Aviel D., Greer, Daniel, and Ranum, Marcus J. (Wiley Com-
`puter Publishing), “Web Security Sourcebook”, pp. 82-94.
`Fasbender, Kesdogan, and Kubitz: “Variable and Scalable Security”
`Protection of Location Information in Mobile IP, IEEE publication,
`1996, pp. 963-967.
`Eastlake, D. E., “Domain Name System Security Extensions”,
`Internet Draft, Apr. 1998, XP002199931, Sections 1, 2.3 and 2.4.
`RFC 2401 (dated Nov. 1998) Security Architecture for the Internet
`Protocol (RTP).
`RFC 2543-SIP (dated Mar. 1999): Session Initiation Protocol (SIP or
`SIPS).
`Search Report, IPER (dataed Nov. 13, 2002), International Applica-
`tion No. PCT/USO 1/04340.
`
`Search Report, IPER (dated Feb. 6, 2002), International Application
`No. PCT/US01/13261.
`
`Search Report, IPER (dated Jan. 14, 2003), International Application
`No. PCT/US01/13260.
`
`Shankur, A.U. “A verified sliding window protocol with variable flow
`control”. Proceedings of ACM SIGCOMM conference on Commu-
`nications architectures & protocols. pp. 84-91, ACM Press, NY, NY
`1986.
`
`W. Stallings, “Crytography and Network Security”, 2nd, Edition,
`Chapter 13, IP Security, Jun. 8, 1998, pp. 399-440.
`
`3
`
`Petitioner Apple Inc. - Exhibit 1001, p. 3
`
`3
`
`Petitioner Apple Inc. - Exhibit 1001, p. 3
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 1 of 40
`
`US 7,418,504 B2
`
`
`
`ORIGINATING
`TERMINAL
`100
`
`
`
`IP PACKET
`
`IP ROUTER
`
`31
`
`IP ROUTER
`22.
`
`IP ROUTER
`
`E
`
`IP ROUTER
`E
`
`IP ROUTER
`A
`
`
`
`IP ROUTER
`.3;
`
`IP ROUTER
`2_8
`
`IP ROUTER
`19-
`
`up RouTER
`g
`
`INTERNET
`1_0_7
`
`
`
`
`
`
`
`
`IP ROUTER
`2_7
`
`IP ROUTER
`
`E
`
` DESTINATION
`48 ENCRYPTION KEY
`TERMINAL
`
`
`
`
`M
`
`FIG. 1
`
`4
`
`Petitioner Apple Inc. - Exhibit 1001, p. 4
`
`4
`
`Petitioner Apple Inc. - Exhibit 1001, p. 4
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 2 of 40
`
`US 7,418,504 B2
`
` TARP
`TERMINAL
`
`
`
`M
`
`
`
`TARP PACKET
`
`IP ROUTER
`M
`
`
`
`
`TARP
`ROUTER
`
`
`ROTJITFER
`
`
`
`
`124
`
`IP ROUTER
`E
`
`IPROUTER
`
`—
`
`'PR$3%TER
`
`ROUTER
`E
`
`O
`IPR UTER
`
`TARP
`
`E
`
`
`
`LINK
`TARP
`KEY
`
`ROUTER 9'“
`R°1U2T;ER
`
`
`1.21 . LINKKEY
`
`
`
`TARP
`
`TERMINAL
`
`M
`
`
`
`TARP PACKET
`
`140
`
`LINK
`KEY
`
`FIG. 2
`
`5
`
`Petitioner Apple Inc. - Exhibit 1001, p. 5
`
`5
`
`Petitioner Apple Inc. - Exhibit 1001, p. 5
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 3 of 40
`
`US 7,418,504 B2
`
`2°73
`
`207b
`
`207c
`
`207d
`
`° ° °
`
`|]i|li|1i— ° ° '
`
`\ 330 SESSION-KEY-ENCRYPTED
`PAYLOAD DATA
`
`‘\ 340 TARP PACKET WITH
`ENCRYPTED PAYLOADS
`
`‘\350 LINK-KEY-ENCRYPTED
`TARP PACKETS
`
`"
`
`'7':
`
`‘\3eo IP PACKETS w/
`ENCRYPTED TARP
`PACKETS AS PAYLOAD
`
`TARP
`DESTINATION
`
`
`
`
`
`
`
`Petitioner Apple Inc. - Exhibit 1001, p. 6
`
`6
`
`Petitioner Apple Inc. - Exhibit 1001, p. 6
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 4 of 40
`
`US 7,418,504 B2
`
`207b
`207a
`A‘
`I]i—fl-I13-‘-2 ‘ ° '
`
`207d
`
`- - 0
`
`/300 DATA STREAM
`
`207c
`
`
`
`'
`
`
`
`‘\520BLOCK-ENCRYPTED
`(SESSION-KEY) PAYLOAD
`SEQUENCE
`‘\522 ENCRYPTED BLOCK
`DIVIDED INTO PAYLOADS
`
`ii
`
` "A
`
`- 3' ‘\523 ENCRYPTED BLOCK
`D|V|DED INTO PAYLOADS
`INTERLEAVED
`
`"::“‘.""'*'3" ‘\523 ENCRYPTED BLOCK
`DIVIDED mm PAYLOADS
`INTERLEAVED
`
` 3' ‘\34o TARP PACKETS WITH
`ENCRYPTED PAYLOADS
`
`7
`
`Petitioner Apple Inc. - Exhibit 1001, p. 7
`
`7
`
`Petitioner Apple Inc. - Exhibit 1001, p. 7
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 5 of 40
`
`US 7,418,504 B2
`
` TARP TRANSCEIVER
`M
`
`NETWORK (IP) LAYER
`M
`
`
`
`A
`
`III
`
`ONE ALTERNATIVE T0
`COMHNE
`TARP PROCESSING
`WITH O/S IP
`PROCESSOR
`
`TARP LAYER
`fl
`
`
`
`DATA LINK LAYER
`fl
`
`OTHERALTERNATIVE
`TO COMBINE
`TARP PROCESSING
`WITH D.L. PROCESSOR
`(e.g., BURN INTO BOARD
`
`PROM)
`
`DATA LINK
`PROTOCOL WRAPPER
`
`FIG. 4
`
`8
`
`Petitioner Apple Inc. - Exhibit 1001, p. 8
`
`8
`
`Petitioner Apple Inc. - Exhibit 1001, p. 8
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 6 of 40
`
`US 7,418,504 B2
`
`S0
`
`S2
`
`93
`
`
`
`BACKGROUND LOOP - DECOY
`GENERATION
`
`AUTHENTICATE TARP
`PACKET
`
`
`
`OUTER LAYER DECRYPTION
`or TARP PACKET USING
`LINK KEY
`
`DUMP DECOY
`
`
`
`
`
`
`
`CHECK FOR DECOY AND
`INCREMENT PERISHABLE
`
`DECOY COUNTER AS
`
`APPROPRIATE
`
`TRANSMIT DECOY?
`
`S5
`
`YES
`
`NO
`
`DECREMENT
`TTL TTL > 0?
`
`YES
`
`DETERMINE DESTINATION
`TARP ADDRESS AND STORE
`LINK KEY AND IP ADDRESS
`
`GENERATE NEXT-HOP TARP
`ADDRESS AND STORE LINK
`KEY AND IF ADDRESS
`
`38
`
`GENERATE NEXT-HOP TARP
`ADDRESSAND STORE LINK
`KEYANDIPADDRESS
`
`GENERATE IP HEADER
`AND TRANSMIT
`
`310
`
`S11
`
`FIG. 5
`
`9
`
`Petitioner Apple Inc. - Exhibit 1001, p. 9
`
`9
`
`Petitioner Apple Inc. - Exhibit 1001, p. 9
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 7 of 40
`
`US 7,418,504 B2
`
`BACKGROUND LOOP - DECOY
`GENERATION
`
`GROUP RECEIVED IP PACKETS
`INTO INTERLEAVE WINDOW
`
`DETERMINE DESTINATION TARP
`ADDRESS, INITIALIZE TTL, STORE
`IN TARP HEADER
`
`RECORD WINDOW SEQ. NOS. AND
`INTERLEAVE SEQ. NOS. IN TARP
`HEADERS
`
`CHOOSE FIRST HOP TARP
`ROUTER, LOOK UP IPADDRESS
`AND STORE IN CLEAR IP HEADER,
`OUTER LAYER ENCRYPT
`
`INSTALL CLEAR IP HEADER AND
`TRANSMIT
`
`FIG. 6
`
`10
`
`Petitioner Apple Inc. - Exhibit 1001, p. 10
`
`10
`
`Petitioner Apple Inc. - Exhibit 1001, p. 10
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 8 of 40
`
`US 7,418,504 B2
`
`BACKGROUND LOOP - DECOY
`GENERATION
`
`AUTHENTICATE TARP PACKET
`RECEIVED
`
`EN'23EF§I},‘§I’5,§’I,IVI15,§LH¢§I(E,§EY
`
`INCREMENT PERISHABLE
`COUNTER IF DECOY
`
`THROW AWAY DECOY OR KEEP
`IN RESPONSE TO ALGORITHM
`
`CACHE TARP PACKETS UNTIL
`WINDOW IS ASSEMBLED
`
`DEINTERLEAVE PACKETS
`FORMING WINDOW
`
`DECRYPT BLOCK
`
`348
`
`DIVIDE BLOCK INTO PACKETS
`
`usme WINDOW SEQUENCE
`DATA, ADD CLEAR IP HEADERS
`GENERATED FROM TARP
`HEADERS"
`
`S49
`
`HAND COMPLETED IP PACKETS
`TO IP LAYER PROCESS
`
`350
`
`FIG. 7
`
`11
`
`Petitioner Apple Inc. - Exhibit 1001, p. 11
`
`11
`
`Petitioner Apple Inc. - Exhibit 1001, p. 11
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 9 of 40
`
`US 7,418,504 B2
`
`TEC}%i\EM\L
`301
`
`SSYN
`
`PA§;2K1ET
`
`SSYN ACK
`
`PACKET
`822
`
`SSYN ACK
`
`ACK PACKET
`823
`
`
`
`825
`SECURE SESSION
`INITIATION ACK
`
`824
`SECURE SESSION
`INITIATION
`
`12
`
`Petitioner Apple Inc. - Exhibit 1001, p. 12
`
`12
`
`Petitioner Apple Inc. - Exhibit 1001, p. 12
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 10 of 40
`
`US 7,418,504 B2
`
`CLIENT 1 /j\ TARP
`
`ROUTER
`
`TRANSMIT TABLE
`RECEIVE TABLE
`921
`924
`?\.____j L92
`
`131.218.204.98
`131.218.204.221
`131.218.204.139
`131.218.204.12
`
`0
`0
`0
`0
`
`131.218.204.65
`131.218.204.97
`131.218.204.186
`131.218.204.55
`
`131.218.204.98
`131.218.204.221
`131.218.204.139
`131.218.204.12
`
`-
`0
`0
`0
`
`131.218.204.65
`131.218.204.97
`131.218.204.186
`131.218.204.55
`
`RECEIVE TABLE
`TRANSM|T TABLE
`922
`923
`:___;j_ _g:_____
`
`131.218.204.181
`131.218.204.66
`131.218.204.201
`131.218.204.119
`
`0
`0
`0
`0
`
`131.218.204.89
`131.218.204.212
`131.218.204.127
`131.218.204.49
`
`131.218.204.161
`131.218.204.66
`131.218.204.201
`131.218.204.119
`
`0
`0
`0
`0
`
`131.218.204.89
`131.218.204.212
`131.218.204.127
`131.218.204.49
`
`13
`
`Petitioner Apple Inc. - Exhibit 1001, p. 13
`
`13
`
`Petitioner Apple Inc. - Exhibit 1001, p. 13
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 11 of 40
`
`US 7,418,504 B2
`
`FIG. 10
`
`14
`
`Petitioner Apple Inc. - Exhibit 1001, p. 14
`
`14
`
`Petitioner Apple Inc. - Exhibit 1001, p. 14
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 12 of 40
`
`US 7,418,504 B2
`
`8:
`
`8:
`
`
`
`$31ms_<m.._EZEIE
`
`
`
`
`
`gearm_2<E52%;;
`
` ._.mv_o<n_n__8”m$%22,:.53s“mafia
`
`>>_._am
`$3:
`
`Q.9%s__§a3”mm§_<n=.5mEEnm$m8<n__M958
`
`293::
`
`<5:
`
`95:
`
`<8:
`
`me:
`
`us:
`
`2:
`
`<8:
`
`ms:
`
`<8:
`
`ms:
`
`us:
`
` E51E05n__8”m$§<>>_._.538_m$En_<
`
`
`>>_._9;
`
`5.285EHm$§<n__.532w$§<n=$58
`Rd.m_.._
`
`
`
`2:zzzosa
`
`15
`
`S.o:
`
`
`
`
`
`$3:EVGEn=
`
`<8:
`
`ms:
`
`08:
`
`2_§a9§§<n=.532Hm$§<n=$58
`25._m_u_
`
`NE3.29%
`
`Petitioner Apple Inc. - Exhibit 1001, p. 15
`
`15
`
`Petitioner Apple Inc. - Exhibit 1001, p. 15
`
`
`
`
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 13 of 40
`
`US 7,418,504 B2
`
`Em:
`
`zo_5_E<
`
`oo._<“.022.oo._<@013:
`
`Hflfifi
`
`Efifi
`
`aiafiEm0:05%
`<o._<Ex.
`
`16
`
`Petitioner Apple Inc. - Exhibit 1001, p. 16
`
`16
`
`Petitioner Apple Inc. - Exhibit 1001, p. 16
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 14 of 40
`
`US 7,418,504 B2
`
`
`
`
`MODE
`OR
`
`HARDWARE
`
`1. PROMISCUOUS
`
`SAME FOR ALL NODES
`
`OR (F3{(mB|bEhgELY
`
`
`
`IP ADDRESSES
`
`DISCRIMINATOR FIELD
`
`CANwB§¥§§'ED
`
`°ANmB§¥,§§'ED
`
`
`
`
`CAN BE VARIED
`IN SYNC
`
`CAN BE VARIED
`IN SYNC
`
`
`
`
`
`2. PROMISCUOUS
`PER VPN
`
`
`
`F'XE°F°REAC“VP”
`
`
`
`CAN BE VARIED
`IN SYNC
`
`3. HARDWARE
`HOPPING
`
`CAN BE VARIED
`IN SYNC
`
`CAN BE VARIED
`IN SYNC
`
`17
`
`Petitioner Apple Inc. - Exhibit 1001, p. 17
`
`17
`
`Petitioner Apple Inc. - Exhibit 1001, p. 17
`
`
`
`U
`
`tHRM
`
`UA
`
`H...
`
`W
`
`7
`
`2
`
`Ezma
`
`S_32.8282
`
`Woz2:
`
`0Examm:2mQz>w$z_ms_80
`
`mace:m;_3<wzm
`EVGE32
`
`009EggMe_§a
`B.M2GE
`
`52
`
`<E8
`
`
`
`m$§<momgomn__
`
`
`
`wfiae.53n__
`
`was,2%
`
`
`
`205.2ozmi
`
`ma;2%
`
`2050..E>_i
`
`an_.
`
`18
`
`82
`
`Petitioner Apple Inc. - Exhibit 1001, p. 18
`
`18
`
`Petitioner Apple Inc. - Exhibit 1001, p. 18
`
`
`
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 16 of 40
`
`US 7,418,504 B2
`
`CURRENT IP PAIR **~~-
`
`ckpt_o «L
`ckpt_n ‘
`ckpt_r
`
`TRANSMITTER
`
`IP PAIR 1
`
`IP PAIR 2
`
`SENDER'S ISP
`
`IP PAIR 1
`
`IP PA|R2
`0
`'
`
`CURRENT IP PAIR
`
`ckpt_o
`ckpt_n
`t_I'
`
`TRANSMITTER
`
`REC|PIENT'S ISP
`
`KEPT IN SYNC FOR SENDER To RECIPIENT SYNCHRONIZER < --------------------- -->
`
`KEPT IN SYNC FOR RECIPIENT T0 SENDER SYNCHRONIZER «T»
`
`FIG. 14
`
`19
`
`Petitioner Apple Inc. - Exhibit 1001, p. 19
`
`19
`
`Petitioner Apple Inc. - Exhibit 1001, p. 19
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 17 of 40
`
`US 7,418,504 B2
`
`@
`
`@ WHEN SYNCHRONIZATION
`BEGINS TRANSMIT IRETRANSMIT
`PERIODICALLY UNTIL ACKed)
`SYNC_REQ USING NEW
`TRANSMITTER CHECKPOINT IP
`PAIR ckpt_n AND GENERATE
`NEW RECEIVER RESPONSE
`CHECKPOINT ckpI_r
`
`#
`
`# WHEN SYNC_ACK
`ARRIVES WITH INCOMING
`II;EI,IEEI,I\T‘E°,If,I’EIg,','
`CHECKPOINTIPPAIR
`ckpt_n IN TRANSMITTER
`
`SYNC_REQ
`
`IW
`
`* WHEN SYNC_REQ ARRIVES
`WITH INCOMING HEADER =
`
`RECE'VE.IfI,S3,§,I§I}Ig”I}V,NDOW
`W
`,GENERATE NEW
`CHECKPOINT IP PAIR
`ckpt_n IN RECEIVER
`-GENERATENEW
`CHECKPOINT IP PAIR
`
`USING NEW CHEC_KPO|NT
`IPPAIR CIPU
`
`FIG. 15
`
`20
`
`Petitioner Apple Inc. - Exhibit 1001, p. 20
`
`20
`
`Petitioner Apple Inc. - Exhibit 1001, p. 20
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 18 of 40
`
`US 7,418,504 B2
`
`FIG. ‘I6
`
`21
`
`Petitioner Apple Inc. - Exhibit 1001, p. 21
`
`21
`
`Petitioner Apple Inc. - Exhibit 1001, p. 21
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 19 of 40
`
`US 7,418,504 B2
`
`000
`
`—V
`
`IIIIIIIIIII
`
`
`
`
`
`O
`
`W|NDOW_SlZE
`
`
`
`
`
`
`WlNDOW_S|ZE
`
`VIIIIIIIIIIIA
`VIIIIIIIIIIIA
`TIIIIIIIIIIA.
`WIIIIIIIIIIA
`WIIIIIIIIIIA
`O
`
`
`
`
`
`VIIIIIIIIIIIA
`VIIIIIIIIIIJ
`VIIIIIIIIIIIA
`
`
`VIIIIIIIIIIIA
`
`FIG. 17
`
`22
`
`Petitioner Apple Inc. - Exhibit 1001, p. 22
`
`22
`
`Petitioner Apple Inc. - Exhibit 1001, p. 22
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 20 of 40
`
`US 7,418,504 B2
`
`—V
`
`IIIIIIIIIIA
`
`WIIIIIIIIIIA
`VIIIIIIIIIIIA
`VIIIIIIIIIIIA
`WIIIIIIIIIIA
`WIIIIIIIIIIA
`
`000
`
`W|NDOW_S|ZE
`
`WINDOWE
`
`O
`
`23
`
`Petitioner Apple Inc. - Exhibit 1001, p. 23
`
`23
`
`Petitioner Apple Inc. - Exhibit 1001, p. 23
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 21 of 40
`
`US 7,418,504 B2
`
`WIIIIIIIIIIA
`C
`
`000
`
`VIIIIIIIIIIA
`VIIIIIIIIIIJ
`Vlllllllllll.
`
`C
`
`W|NDOW_S|ZE
`
`711111111111 EE
`
`WIIIIIIIIIIA
`WIIIIIIIIIIA,
`
`USED
`
`555555555555
`
`
`
`111111111114
`
`FIG. 19
`
`24
`
`Petitioner Apple Inc. - Exhibit 1001, p. 24
`
`24
`
`Petitioner Apple Inc. - Exhibit 1001, p. 24
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 22 of 40
`
`US 7,418,504 B2
`
`
` COMPUTER #2
`
`
`
`
` COMPUTER #1
`
`25
`
`Petitioner Apple Inc. - Exhibit 1001, p. 25
`
`25
`
`Petitioner Apple Inc. - Exhibit 1001, p. 25
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 23 of 40
`
`US 7,418,504 B2
`
`AD TABLE
`
`IP2
`
`IP1
`IP3
`
`
`
`2101
`
`2102
`
`2103
`
`2104
`
`IPA
`
`
`LINK DOWN
`
`BE TABLE
`
`
`DZ
`2105
`
`BF TABLE
`
`2106
`
`2107
`
`2108
`
`2109
`
`26
`
`Petitioner Apple Inc. - Exhibit 1001, p. 26
`
`26
`
`Petitioner Apple Inc. - Exhibit 1001, p. 26
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 24 of 40
`
`US 7,418,504 B2
`
`
`
` MORE THAN
`
`ONE TRANSMITTER
`TURNED ON?
`
`
`
`PATH X
`
`QUALITY < THRESHOLD?
`
`N0
`
`SET WEIGHT
`TO MIN. VALUE
`
`
`
`
`
`PATH X
` DECREASE WEIGHT
`WEIGHT LESS THAN
`FOR PATH X
`STEADY STATE
` 2208
`VALUE?
`
`
`
`INCREASE
`WEIGHT FOR PATH X
`TOWARD STEADY
`STATE VALUE
`
`
`
`ADJUST WEIGHTS
`FOR REMAINING
`PATHS SO THAT
`WEIGHTS EQUAL ONE
`
`FIG. 22A
`
`27
`
`Petitioner Apple Inc. - Exhibit 1001, p. 27
`
`27
`
`Petitioner Apple Inc. - Exhibit 1001, p. 27
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 25 of 40
`
`US 7,418,504 B2
`
`(EVENT) TRANSMITTER
`FOR PATH x
`TURNS OFF
`
`
`
`
`2210
`
`DROP ALL PACKETS
`UNTIL ATRANSMITTER
`TURNS 0N
`
`
`
`
`
`AT LEAST
`ONE TRANSMITTER
`TURNED ON?
`
`
`
`
`
`SET WEIGHT
`TO ZERO
`
`ADJUST WEIGHTS
`FOR REMAINING PATHS
`
`SO THAT WEIGHTS
`EQUAL ONE
`
`FIG. 22B
`
`28
`
`Petitioner Apple Inc. - Exhibit 1001, p. 28
`
`28
`
`Petitioner Apple Inc. - Exhibit 1001, p. 28
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 26 of 40
`
`US 7,418,504 B2
`
`
`
`2302
`
`PATH x1
`
`PATH X2
`
`
`
`2308
`
`TRANSMIT TABLE
`3
`D
`EE'='
`———
`
`
`
`PACKET
`
`TRANSMITTER
`
`PATH X4
`
`
`
`Zfj
`
`2301
`
`
`
`w (X1) = 0.2
`
`w (x2) = 0.1
`
`w (x3) = 0.6
`
`w (x4) = 0.1
`
`
`
`
`
`LINK QUALITY
`MEASUREMENT
`FUNCTION
`
`FIG. 23
`
`29
`
`Petitioner Apple Inc. - Exhibit 1001, p. 29
`
`29
`
`Petitioner Apple Inc. - Exhibit 1001, p. 29
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 27 of 40
`
`US 7,418,504 B2
`
`2403
`
`2404
`
`2402
`
`9 100Mb/s MESST=32 9
`
`
`
`COMPUTER
`
`9 25Mb/s MESS T =8
`
`FIG. 24
`
`
`
`
`COMPUTER
`
`30
`
`Petitioner Apple Inc. - Exhibit 1001, p. 30
`
`30
`
`Petitioner Apple Inc. - Exhibit 1001, p. 30
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 28 of 40
`
`US 7,418,504 B2
`
`2502
`
`
`
`DNS RESP
`
`PAGE REQ
`
`
`
`PAGE RESP
`
`
`
`FIG. 25
`(PRIOR ART)
`
`31
`
`Petitioner Apple Inc. - Exhibit 1001, p. 31
`
`2501
`
`2504
`
`0 WEB
`BROWSER
`
`
`
`31
`
`Petitioner Apple Inc. - Exhibit 1001, p. 31
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 29 of 40
`
`US 7,418,504 B2
`
` DNS
`SERVER
`
`2602
`
`
`
`
`
`WEB
`BROWSER
`
`
`
`GATE KEEPER
`
`-HOPPING —ULES
`
`
`
`UNSECURE
`TARGET
`SITE
`
`2611
`
`FIG. 26
`
`32
`
`Petitioner Apple Inc. - Exhibit 1001, p. 32
`
`32
`
`Petitioner Apple Inc. - Exhibit 1001, p. 32
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 30 of 40
`
`US 7,418,504 B2
`
`
`
` RECEIVE
`DNS REQUEST
`FOR TARGET SITE
`
`
`
`USER
`AUTHORIZED TO
`CONNECT?
`
`
`
`
`RETURN
`"HOST UNKNOWN"
`ERROR
`
`FIG. 27
`
`33
`
`Petitioner Apple Inc. - Exhibit 1001, p. 33
`
`2701
`
`2706
`
`33
`
`Petitioner Apple Inc. - Exhibit 1001, p. 33
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 31 of 40
`
`US 7,418,504 B2
`
`2803
`
`HOST
`
`EDGE
`ROUTER
`
` 2801
`COMPUTER #1
`
`2804
`
`
`
`HOST
`COMPUTER #2
`
`FIG. 28
`
`34
`
`Petitioner Apple Inc. - Exhibit 1001, p. 34
`
`34
`
`Petitioner Apple Inc. - Exhibit 1001, p. 34
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 32 of 40
`
`US 7,418,504 B2
`
` HOSTCOMPUTER#1
`
`EDGE
`ROUTER
`
`
`
`HOSTCOMPUTER#2
`
` TX
`
`RX
`
`2902
`
`2903
`
`FIG. 29
`
`35
`
`Pefifionerflqnflelnc.-EXhflflt1001,p.35
`
`35
`
`Petitioner Apple Inc. - Exhibit 1001, p. 35
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 33 of 40
`
`US 7,418,504 B2
`
`$:_zwzs:
`
`w>_§m
`
`$525
`
`3%
`
`9285
`
`om.®_u_
`
`5%wsmzmo
`
`36
`
`Petitioner Apple Inc. - Exhibit 1001, p. 36
`
`36
`
`Petitioner Apple Inc. - Exhibit 1001, p. 36
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 34 of 40
`
`US 7,418,504 B2
`
`3103
`
`CLIENT #2
`
`HACKER
`
`
`
`3102
`
`3105
`
`TXIRX
`
`TX/RX
`
`TXIRX
`
`
`
`FIG. 31
`
`37
`
`Petitioner Apple Inc. - Exhibit 1001, p. 37
`
`37
`
`Petitioner Apple Inc. - Exhibit 1001, p. 37
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 35 of 40
`
`US 7,418,504 B2
`
`CLIENT
`
`SERVER
`
`SEND DATA PACKET
`
`USING ckpI_n
`CKPT_0=ckpI_n
`GENERATE NEW ckpI_n
`SJTART TIMER, SHUTTRANSMITTER
`
`F
`
`IF CKPT_O IN SYNC_ACK
`MATCHES TRANSMITTER'S
`
`ckpt_o
`UPDATE RECEIVER‘S
`ckpt_r
`KILLTIMER, TURN
`TRANSMITTER ON
`
`SEND DATA PACKET
`USING ckpt_n
`ckpt_o=ckpt_n
`GENERATE NEW ckpI_n
`START TIMER, SHUT TRANSMITTER
`OFF
`
`WHEN TIMER EXPIRES
`TRANSMIT SYNC_REQ
`USING TRANSMITTERS
`
`ckpt_o, START TIMER
`
`IF ckpt_o IN SYNC_ACK
`MATCHES TRANSMITTER'S
`
`ckpt_o
`UPDATE RECEIVER'S
`
`ckpI_r
`KILL TIMER, TURN
`TRANSMITTER ON
`
`SYNC‘REQ
`
`FIG. 32
`
`PASS DATA UP STACK
`ckpI_o=ckpI_n
`GENERATE NEW ckpt_n
`GENERATE NEW ckpt_r FOR
`TRANSMITTER SIDE
`TRANSMIT SYNC_ACK
`CONTAINING ckpt_o
`
`ckpt_o=ckpI_n
`GENERATE NEW ckpI_n
`GENERATE NEW ckpI_r FOR
`TRANSMITTER SIDE
`
`TRANSMIT SYNC_ACK
`CONTAINING ckpt_o
`
`38
`
`Petitioner Apple Inc. - Exhibit 1001, p. 38
`
`38
`
`Petitioner Apple Inc. - Exhibit 1001, p. 38
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 36 of 40
`
`US 7,418,504 B2
`
`III
`
`mz§z_
`
`S8
`
`88
`
`:822
`
`$8
`
`98._<Eo._
`
`mmsam
`
`Ema;
`
`8%
`
`mzaem
`
`
`
`s_ooE.<_._o.__<s_.m_ESE$.me_E5
`
`28
`
`:82828:8
`
`%
`
`gm8.0_u_
`
`>Es_8m.
`
`IL«N8
`
`fimgog
`
`wsaw8
`
`z_.2E
`
`3%
`
`39
`
`Petitioner Apple Inc. - Exhibit 1001, p. 39
`
`39
`
`Petitioner Apple Inc. - Exhibit 1001, p. 39
`
`
`
`
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 37 of 40
`
`US 7,418,504 B2
`
`3400
`
`LAUNCH LINK TO
`.COM SITE
`
`3404
`
`3401
`
`DISPLAY WEB PAGE
`CONTAINING GO
`SECURE HYPERLINK
`
` %
`
`3405
`
`3406
`
`
`
`DOWNLOAD AND
`INSTALL PLUG-IN
`
`CLOSE CONNECTION
`
`AUTOMATIC REPLACEMENT OF TOP-LEVEL
`DOMAIN NAME WITH SECURE TOP-LEVEL
`DOMAIN NAME
`
`3407
`
`3412
`
`DISPLAY "SECURE" ICON
`
`3413
`
`
`
`N0
`
`
`CONNECTION
`
`'
`YES
`REPLACESECURETOHEVEL
`DOMAIN NAME WITH NON-SECURE
`TOP-LEVEL DOMAIN NAME
`
`3414
`
`3415
`
`DISPLAY “G0 SECURE“ HYPERLINK
`
`E1
`
`ACCESS SECURE PORTALAND
`
`SECURE NETWORKANDSECUREDNS
`
`3403
`
`OBTAIN SECURE COMPUTER NETWORK
`ADDRESS FOR SECURE WEB SITE
`
`ACCESS GATE KEEPER AND RECEIVE
`PARAMETERS FOR ESTABLISHING VPN
`WE“ SECURE WEBSITE
`
`CONNECTTOSECUREWEBSITE
`USINGVPN BASEDON PARAMETERS
`ESTABLISHEDBYGATE KEEPER
`
`3409
`
`3410
`
`3411
`
`40
`
`Petitioner Apple Inc. - Exhibit 1001, p. 40
`
`40
`
`Petitioner Apple Inc. - Exhibit 1001, p. 40
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 38 of 40
`
`US 7,418,504 B2
`
`3500
`
`\*
`
`
`REQUESTORACCESSES WEBSITE
`
`AND LOGS INTO SECURE
`DOMAIN NAME REGISTRY SERVICE
`
`3501
`
`REQUESTER COMPLETES ONLINE
`REGISTRATION FORM
`
`
`
`
`QUERY STANDARD DOMAIN NAME
`SERVICE REGARDING OWNERSHIP
`OF EQUIVALENT NON-SECURE
`DOMAIN NAME
`
`RECEIVE REPLY FROM STANDARD
`DOMAIN NAME REGISTRY
`
` 3505
`
`NO
`
`INFORM REQUESTOR
`OF CONFLICT
`
`3506
`
`
`
`VERIFY INFORMATION AND
`ENTER PAYMENT INFORMATION
`
`3507
`
`REGISTER SECURE DOMAIN NAME
`
`
`
`3508
`
`FIG. 35
`
`41
`
`Petitioner Apple Inc. - Exhibit 1001, p. 41
`
`
`
`41
`
`Petitioner Apple Inc. - Exhibit 1001, p. 41
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 39 of 40
`
`US 7,418,504 B2
`
` 3611
` 3610
`
`WEB SERVER
`
`SERVER PROXY
`
`VPN GUARD
`
`
`
`COMPUTER NETWORK
`
`3602
`
`FIREWALL
`
`3601
`
`3600
`
`3606
`
`3605
`
`
`
`| BROWSER I PROXYAPPLICATION I
`
`3607
`
`CLIENT COMPUTER
`
`3604
`
`FIG. 36
`
`42
`
`Petitioner Apple Inc. - Exhibit 1001, p. 42
`
`42
`
`Petitioner Apple Inc. - Exhibit 1001, p. 42
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 40 of 40
`
`US 7,418,504 B2
`
`GENERATE MESSAGE PACKETS
`
`3701
`
`cox:c:O
`
`/
`
`MODIFY MESSAGE PACKETS WITH PRIVATE
`CONNECTION DATA AT AN APPLICATION LAYER
`
`3702
`
`SEND TO HOST COMPUTER
`THROUGH FIREWALL
`
`RECEIVE PACKETS AND AUTHENTICATE
`AT KERNEL LAYER OF HOST COMPUTER
`
`RESPOND TO RECEIVED MESSAGE
`PACKETS AND GENERATE REPLY
`MESSAGE PACKETS
`
`MODIFY REPLY MESSAGE PACKETS WITH
`PRIVATE CONNECTION DATA AT A
`KERNEL LAYER
`
`SEND PACKETS TO CLIENT COMPUTER
`THROUGH FIREWIRE
`
`RECEIVE PACKETS AT CLIENT
`COMPUTER AND AUTHENTICATE AT
`APPLICATION LAYER
`
`FIG. 37
`
`43
`
`3703
`
`3704
`
`3705
`
`3705
`
`3707
`
`3708
`
`Petitioner Apple Inc. - Exhibit 1001, p. 43
`
`43
`
`Petitioner Apple Inc. - Exhibit 1001, p. 43
`
`
`
`US 7,418,504 B2
`
`1
`AGILE NETWORK PROTOCOL FOR SECURE
`COMMUNICATIONS USING SECURE
`DOMAIN NAMES
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`
`This application claims priority from and is a continuation
`patent application of U.S. application Ser. No. 09/558,210,
`filed Apr. 26, 2000 now abandoneed, which is a continuation-
`in-part patent application ofpreviously-filed U.S. application
`Ser. No. 09/504,783, filed on Feb. 15, 2000, now U.S. Pat. No.
`6,502,135, issued Dec. 31, 2002, which claims priority from
`and is a continuation-in-part patent application ofpreviously-
`filed U.S. application Ser. No. 09/429,643, filed on Oct. 29,
`1999 now U.S. Pat. No. 7,010,604. The subject matter ofU.S.
`application Ser. No. 09/429,643, which is bodily incorporated
`herein, derives from provisional U.S. application Nos.
`60/106,261 (filed Oct. 30, 1998) and 60/137,704 (filed Jun. 7,
`1999). The present application is also related to U.S. appli-
`cation Ser. No. 09/558,209, filed Apr. 26, 2000, and which is
`incorporated by reference herein.
`
`GOVERNMENT CONTRACT RIGHTS
`
`This invention was made with Government support under
`Contract No. 360000-1999-000000-QC-000-000 awarded by
`the Central Ir1telliger1ce Agency. The Government l1as certain
`rights in the invention.
`
`BACKGROUND OF THE INVENTION
`
`A tremendous variety of methods have been proposed and
`implemented to provide security and anonymity for commu-
`nications over the Internet. The variety stems, in part, from the
`different needs of different Ir1ten1et users. A basic heuristic
`
`framework to aid in discussing these different security tech-
`niques is illustrated in FIG. 1. Two terminals, an originating
`terminal 100 and a destination terminal 110 are in communi-
`cation over the Internet. It is desired for the communications
`
`to be secure, that is, immune to eavesdropping. For example,
`terminal 100 may transmit secret information to terminal 110
`over the Internet 107. Also, it may be desired to prevent an
`eavesdropper from discovering that terminal 100 is in coin-
`munication with terminal 1 10. For example, ifterminal 1 00 is
`a user and terminal 110 hosts a web site, terminal 100’s user
`may not want anyone in the intervening networks to know
`what web sites he is “visiting.” Anonymity would thus be an
`issue, for example, for companies that want to keep their
`market research interests private and thus would prefer to
`prevent outsiders from knowing which web-sites or other
`Internet resources they are “visiting.” These two security
`issues may be called data security and anonymity, respec-
`tively.
`Data security is usually tackled using some form of data
`encryption. An encryption key 48 is known at both the origi-
`nating and terminating terminals 100 and 110. The keys may
`be private and public at the originating and destination termi-
`nals 100 and 110, respectively or they may be symmetrical
`keys (the smile key is used by botl1 parties to encrypt and
`decrypt). Many encryption methods are known and usable in
`this context.
`To hide trafiic from a local administrator or ISP, a user can
`employ a local proxy server in communicating over an
`encrypted channel with an outside proxy such that the local
`administrator or ISP only sees the encrypted trafiic. Proxy
`servers prevent destination servers from determining the
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`
`identities of the originating clients. This system employs an
`intermediate server interposed between client and destination
`server. The destination server sees only the Internet Protocol
`(IP) address ofthe proxy server and not the originating client.
`The target server only sees the address of the outside proxy.
`This scheme relies on a trusted outside proxy server. Also,
`proxy schemes are vulnerable to trafiic analysis methods of
`determining identities of transmitters and receivers. Another
`important limitation of proxy servers is that the server knows
`the identities of both calling and called parties. In many
`instances, an originating terminal, such as terminal A, would
`prefer to keep its identity concealed from the proxy, for
`example, ifthe proxy server is provided by an Internet service
`provider (ISP).
`To defeat traffic analysis, a scheme called Chaum’s mixes
`employs a proxy server that transmits and receives fixed
`length messages, including dummy messages. Multiple origi-
`nating terminals are connected through a mix (a server) to
`multiple target servers. It is
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
