`
`(12) United States Patent
`Larson et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 7,418,504 B2
`Aug. 26, 2008
`
`(54) AGILE NETWORK PROTOCOL FOR SECURE
`COMMUNICATIONS USING SECURE
`DOMAIN NAMES
`
`(58) Field of Classification Search ............... .. 709/226,
`709/221; 713/201
`See application file for complete search history.
`
`(75)
`
`Inventors: Victor Larson, Fairfax, VA (US);
`Robert Dunham Short, III, Leesburg,
`VA (US); Edmund Colby Munger,
`Crownsville, MD (US); Michael
`Williamson, South Riding, VA (US)
`
`(73) Assignee: VirnetX, Inc., Scotts Valley, CA (US)
`
`( * ) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 646 days.
`
`(21) Appl.No.: 10/714,849
`
`(22) Filed:
`
`Nov. 18, 2003
`
`(65)
`
`Prior Publication Data
`
`US 2004/0098485 A1
`
`May 20, 2004
`
`Related U.S. Application Data
`
`(63)
`
`Continuation of application No. 09/558,210, filed on
`Apr. 26, 2000, now abandoned, which is a continua-
`tion-in-part of application No. 09/504,783, filed on
`Feb. 15, 2000, now Pat. No. 6,502,135, which is a
`continuation-in-part of application No. 09/429,643,
`filed on Oct. 29, 1999, now Pat. No. 7,010,604.
`
`(60)
`
`Provisional application No. 60/137,704, filed on Jun.
`7, 1999, provisional application No. 60/106,261, filed
`on Oct. 30, 1998.
`
`(51)
`
`Int. Cl.
`(2006.01)
`G06F 15/1 73
`.................................................... .. 709/226
`(52) U.S. Cl.
`
`(56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`4,933,846 A
`4,988,990 A
`5,164,988 A
`5,276,735 A
`5,311,593 A
`
`6/1990 Humphrey et al.
`1/1991 Warrior
`11/1992 Matyas et 211.
`1/1994 Boebert et al.
`5/1994 Carmi
`
`(Continued)
`FOREIGN PATENT DOCUMENTS
`
`DE
`
`199 24 575
`
`12/1999
`
`(Continued)
`OTHER PUBLICATIONS
`
`Laurie Wells (Lancasterbibelmail MSN Com); “Subject: Security
`Icon” Usenet Newsgroup, Oct. 19, 1998, XP002200606.
`
`(Continued)
`
`Primary Examiner—Krisna Lim
`(74) Attorney, Agent, or Firm—McDermott Will & Emery,
`LLP
`
`(57)
`
`ABSTRACT
`
`A secure domain name service for a computer network is
`disclosed that includes a portal connected to a computer net-
`work, such as the Internet, and a domain name database
`connected to the computer network through the portal. The
`portal authenticates a query for a secure computer network
`address, and the domain name database stores secure com-
`puter network addresses for the computer network. Each
`secure computer network address is based on a non-standard
`top-level domain name, such as .scom,
`.sorg,
`.snet,
`.snet,
`.sedu, .smil and .sint.
`
`60 Claims, 40 Drawing Sheets
`
`11> ROUTER
`
`E
`
`E
`
`
`IP ROUTER
`
`
`
` IP ROUTER
`
`fl
`
`
`IF ROUTER
`
`DESTINATION
`TERMINAL
`M
`
`A I
`
`P ROUTER
`
`Petitioner Apple Inc. - Exhibit 1001, p. 1
`
`MICROSOFT 1001
`
`1
`
`MICROSOFT 1001
`
`Petitioner Apple Inc. - Exhibit 1001, p. 1
`
`
`
`U.S. PATENT DOCUMENTS
`
`5,329,521 A
`5,341,426 A
`5,367,643 A
`5,559,883 A
`5,561,669 A
`5,588,060 A
`5,625,626 A
`5,654,695 A
`5,682,480 A
`5,639,566 A
`5,740,375 A
`5,7366% 2
`,
`,
`5 790 548 A
`1
`1
`5,796,942 A
`5,805,801 A
`5,842,040 A
`5,845,091 A
`5,867,650 A
`5,870,610 A
`5,878,231 A
`5,892,903 A
`5,898,830 A
`5,905,859 A
`5,918,019 A
`5,996,016 A
`6,006,259 A
`6,006,272 A
`6,016,318 A
`6,016,512 A
`6,041,342 A
`6,052,788 A
`6,055,574 A
`6,061,736 A
`6,079,020 A
`6,092,200 A
`6,101,182 A
`6,119,171 A
`6,119,234 A
`6,147,976 A
`6,157,957 A
`6,158,011 A
`6,168,409 B1
`6,175,867 B1
`6,178,409 B1
`6,178,505 B1
`5,179,102 B1
`5,222,342 B1
`5,225,751 B1
`5,233,513 B1
`5,243,350 B1
`5,243,749 B1
`5,243,754 B1
`6,256,671 B1
`5,253,445 B1
`6,286,047 B1
`6,301,223 B1
`6,308,274 B1
`6,311,207 B1
`6,324,161 B1
`6,330,562 B1
`6,332,158 B1
`6,353,614 B1
`6,425,003 B1
`
`,
`,
`5,487,598 B1
`6,502,135 B1
`6,505,232 B1
`6,510,154 B1
`6,549,516 B1
`
`'
`
`7/1994 W61S11 6161
`8/ 1994 Barney et a1,
`11/ 1994 Chang et a1,
`9/ 1996 W11116111S
`10/ 1996 Lenney et a1,
`12/ 1996 A212 _
`4/ 1997 U11161616
`8/1997 Olnowrch et al.
`10/ 1997 N61<6g6W6
`11/ 1997 Nguyen
`4/ 1998 131111116 6161
`133: i1611i1:16t61
`no
`8/1998 Sistanizadeh et al
`8/ 1998 ESb6nS6n
`9/ 1998 H°11°W6Y 6161
`11/ 1998 Hughes et a1,
`12/ 1998 131111116 6161
`2/ 1999 0St611nan
`2/ 1999 Beyda et a1,
`3/1999 Baehr et al.
`4/1999 Klaus
`4/1999 Wesinger, Jr. et al.
`5/1999 Holloway et al.
`6/1999 Valencia
`11/1999 Thalheimer et al.
`12/1999 Adelman et al.
`12/1999 Aravamudan et al.
`1/2000 Tomoike
`1/2000 Huitema
`3/2000 Yarnaguchi
`4/2000 Wesinger, Jr. et al.
`4/2000 Smorodinsky et al.
`5/2000 Rochberger et al.
`6/2000 Liu
`7/2000 Muniyappa et al.
`8/2000 Sistanizadeh et al.
`9/2000 Alkhatib
`9/2000 Aziz et al.
`11/2000 Shand et al.
`12/2000 Berthaud
`12/2000 Chen et al.
`1/2001 Fare
`1/2001 Taghadoss
`1/2001 Weber et al.
`1/2001 Schneider et al.
`1/2001 Weber 5131,
`4/2001 gasyarr er 31,
`5/2001 Arrow er a1,
`5/2001 gharrrrorr
`5/2001 B35111“,
`5/2001 grrararrrarr er a1,
`5/2001 Guerrrr er a1,
`7/2001 Strentzsch et al.
`7/2001 Bmrrrerrau
`9/2001 Ramanathan et al.
`10/2001 Hrastar et 31.
`10/2001 Swift
`10/2001 Mighdoll et al.
`11/2001 Kirch
`12/2001 Boden et al.
`12/2001 Risley et al.
`3/2002 Borella et al.
`7/2002 Herzog et al.
`€6V16 61 61,
`arter
`1 1/2002 V/61163110161
`12/2002 Munger et al.
`1/2003 Mighdoll et al.
`1/2003 Mayes et al.
`4/2003 Albert et al.
`
`US 7,418,504 B2
`Page 2
`
`)rovino .................... .. 709/227
`4/2003
`6,557,037 B1
`)illon
`5/2003
`6,571,296 B1
`5/2003 Shaio et al.
`6,571,338 B1
`6/2003
`Iirst et al.
`6,581,166 B1
`8/2003
`)evine et al.
`6,606,708 B1
`9/2003 Munger et al.
`6,618,761 B2
`12/2003
`{ruglikov et al.
`6,671,702 B2
`2/2004 Steindl
`6,687,551 B2
`3/2004
`:iveash et al.
`6,714,970 B1
`4/2004
`goden er al,
`6,717,949 B1
`6/2004 Wesinger, Jr. et al.
`6,751,738 B2
`7/2004 Sahlqvist
`6,760,766 131
`11/2004
`narson et al.
`6,826,616 B2
`1/2005
`narson et al.
`6,839,759 B2
`Z"r’§§’S‘§3 E1 @2382 fiunger 61 31'
`,
`,
`unger et al.
`7,188,180 B2
`3/2007
`narson et al.
`7,197,563 B2
`3/2007 Sheymov et al.
`2002/0004898 A1
`1/2002
`)roge
`2003/0196122 A1
`10/2003 Wesinger, Jr. et al.
`2005/0055306 A1
`3/2005 Miller et al.
`2006/0059337 A1
`3/2006
`)olyhonen et al.
`
`FOREIGN PATEI\T DOCUMENTS
`
`DE
`EP
`E1’
`EP
`EP
`EP
`EP
`EP
`GB
`GB
`GB
`WO
`W0
`W0
`W0
`W0
`W0
`W0
`W0
`W0
`
`199 24 575 A1
`0 814 589
`0 814 589 A
`0 838 930
`0 838 930 A
`0 838 930 A2
`836306 A1
`0 858 189
`2 317 792
`2 317 792 A
`2 334 181 A
`9827783 A
`WO 98/27783
`W0 98 55930
`W0 98 59470
`W0 99 38081
`W0 99 48303
`WO 00/17775
`WO 00/70458
`W0 01 50588
`
`12/1999
`12/1997
`12/1997
`4/1998
`4/1998
`4/1998
`4/1998
`8/1998
`4/1998
`4/1998
`8/1999
`6/1998
`6/1998
`12/1998
`12/1998
`7/1999
`9/1999
`3/2000
`11/2000
`7/2001
`
`OTHER PUBLICATIONS
`
`Davila J et al, “Implementatin of Virtual Private Networks at the
`Transport Layer”, Information Security, Second International Work-
`shop, ISW’99. Proceedings (Lecture Springer-Verlag Berlin, Ger-
`many,
`[Online] 1999, pp. 85-102, XP002399276, ISBN 3-540-
`66695-B, retrieved from the Internet: URL: http://www.springerlink.
`conflcontent/4uac0tb0heccma89/fulltext.pdf>(Abstract).
`Donald E. Eastlake, III, “Domain Name System Security Exten-
`Sions”, Internet Draft, Apr, 1998,
`P. Srisuresh, et al., “DNS Extensions to Network Address Transla-
`tors”, Internet Draft, Jul. 1998.
`D.B. Chapman, et a1., “Building Internet Firewalls, chapters 8 and 10
`(parts)”, pp. 278-296 and pp. 351-375.
`Search Report (dated Jun. 18, 2002), International Application No.
`PCT/US01/13260.
`Search Report (dated Jun. 28, 2002), International Application No.
`PCT/US01/13261.
`Donald E. Eastlake, “Domain Name System Security Extensions”,
`DNS Security Working Group. Apr. 1998, 51 pages.
`D. B. Chapman et a1., “Building Internet Firewalls”, Nov. 1995, pp.
`278-297 and pp. 351-375.
`P. Srisuresh et al., “DNS extensions to NetworkAddress Translators”,
`Jul. 1998,27 pages.
`Laurie Wells, “Security Icon”, Oct. 19, 1998, 1 page.
`W. Stallings, “Cryptography And Network Security”, 2“‘1 Edition,
`Chapter 13, IP Security, Jun. 8, 1998, pp. 399-440.
`
`2
`
`Petitioner Apple Inc. - Exhibit 1001, p. 2
`
`2
`
`Petitioner Apple Inc. - Exhibit 1001, p. 2
`
`
`
`US 7,418,504 B2
`Page 3
`
`W. Stallings, “New Cryptography and Network Security Book”, Jun.
`8, 1998, 3 pages.
`Fasbender,Kesdogan, and Kubitz: “Variable and Scalable Security:
`Protection of Location Information in Mobile IP”, IEEE publication,
`1996, pp. 963-967.
`Linux FreeS/WAN Index File, printed from http://liberty.freeswan.
`org/freeswan_ trees/freeswan-1.3/doc/ on Feb. 21, 2002, 3 Pages.
`J. Gilmore, “Swan: Securing the Internet against Wiretapping”,
`printed from http://liberty.freeswan.org/freeswan_ trees/freeswan-
`1.3/doc/rationale.htrnl on Feb. 21, 2002, 4 pages.
`Glossary for the Linux FreeS/WAN project. printed from http://
`1iberty.freeswan.org/freeswan_
`trees/freeswan-1 .3/doc/glossary.
`htrnl on Feb. 21, 2002, 25 pages.
`Alan O. Frier et al., “The SSL Protocol Version 30”, Nov. 18, 1996,
`printed from http://www.netscape.com/eng/ss13/draft302.b<t on Feb.
`4,2002, 56 pages.
`Search Report (dated Aug. 20, 2002), International Application No.
`PCT/US01/04340.
`Search Report (dated Aug. 23, 2002), International Application No.
`PCT/US01/13260.
`Shree Murthy et al., “Congestion-Oriented Shortest Multipath Rout-
`ing”, Proceedings of IEEE INFOCOM, 1996, pp. 1028-1036.
`Jim Jones et al., “Distributed Denial of Service Attacks: Defenses”,
`Global Integrity Corporation, 2000, pp. 1-14.
`James E. Bellaire, “New Statement of Rules—Naming Internet
`Domains”, Internet Newsgroup, Jul. 30, 1995, 1 page.
`D. Clark, “US Calls for Private Domain-Name System”, Computer,
`IEEE Computer Society, Aug. 1, 1998, pp. 22-25.
`August Bequai, “Balancing Legal Concerns Over Crime and Security
`in Cyberspace”, Computer & Security, vol. 17, No. 4, 1998, pp.
`293-298.
`Rich Winkel, “CAQ: Networkinig With Spooks: The NET & The
`Control Of Information”, Internet Newsgroup, Jun. 21, 1997, 4
`pages.
`
`Search Report (dated Oct. 7, 2002), International Application No.
`PCT/US01/13261.
`
`F. Halsall, “Data Communications, Computer Networks And Open
`Systems”, Chapter 4, Protocol Basics, 1996, pp. 198-203.
`Reiter, Michael K. and Rubin, Aviel D. (AT&T Labs—Research),
`“Crowds: Anonymity for Web Transmissoins”, pp. 1-23.
`Dolev, Shlomi and Ostrovsky, Rafil, “Efficient Anonymous Multicast
`and Reception”(Extended Abstract), 16 pages.
`Rubin, Aviel D., Greer, Daniel, and Ranum, Marcus J. (Wiley Com-
`puter Publishing), “Web Security Sourcebook”, pp. 82-94.
`Fasbender, Kesdogan, and Kubitz: “Variable and Scalable Security”
`Protection of Location Information in Mobile IP, IEEE publication,
`1996, pp. 963-967.
`Eastlake, D. E., “Domain Name System Security Extensions”,
`Internet Draft, Apr. 1998, XP002199931, Sections 1, 2.3 and 2.4.
`RFC 2401 (dated Nov. 1998) Security Architecture for the Internet
`Protocol (RTP).
`RFC 2543-SIP (dated Mar. 1999): Session Initiation Protocol (SIP or
`SIPS).
`Search Report, IPER (dataed Nov. 13, 2002), International Applica-
`tion No. PCT/USO 1/04340.
`
`Search Report, IPER (dated Feb. 6, 2002), International Application
`No. PCT/US01/13261.
`
`Search Report, IPER (dated Jan. 14, 2003), International Application
`No. PCT/US01/13260.
`
`Shankur, A.U. “A verified sliding window protocol with variable flow
`control”. Proceedings of ACM SIGCOMM conference on Commu-
`nications architectures & protocols. pp. 84-91, ACM Press, NY, NY
`1986.
`
`W. Stallings, “Crytography and Network Security”, 2nd, Edition,
`Chapter 13, IP Security, Jun. 8, 1998, pp. 399-440.
`
`3
`
`Petitioner Apple Inc. - Exhibit 1001, p. 3
`
`3
`
`Petitioner Apple Inc. - Exhibit 1001, p. 3
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 1 of 40
`
`US 7,418,504 B2
`
`
`
`ORIGINATING
`TERMINAL
`100
`
`
`
`IP PACKET
`
`IP ROUTER
`
`31
`
`IP ROUTER
`22.
`
`IP ROUTER
`
`E
`
`IP ROUTER
`E
`
`IP ROUTER
`A
`
`
`
`IP ROUTER
`.3;
`
`IP ROUTER
`2_8
`
`IP ROUTER
`19-
`
`up RouTER
`g
`
`INTERNET
`1_0_7
`
`
`
`
`
`
`
`
`IP ROUTER
`2_7
`
`IP ROUTER
`
`E
`
` DESTINATION
`48 ENCRYPTION KEY
`TERMINAL
`
`
`
`
`M
`
`FIG. 1
`
`4
`
`Petitioner Apple Inc. - Exhibit 1001, p. 4
`
`4
`
`Petitioner Apple Inc. - Exhibit 1001, p. 4
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 2 of 40
`
`US 7,418,504 B2
`
` TARP
`TERMINAL
`
`
`
`M
`
`
`
`TARP PACKET
`
`IP ROUTER
`M
`
`
`
`
`TARP
`ROUTER
`
`
`ROTJITFER
`
`
`
`
`124
`
`IP ROUTER
`E
`
`IPROUTER
`
`—
`
`'PR$3%TER
`
`ROUTER
`E
`
`O
`IPR UTER
`
`TARP
`
`E
`
`
`
`LINK
`TARP
`KEY
`
`ROUTER 9'“
`R°1U2T;ER
`
`
`1.21 . LINKKEY
`
`
`
`TARP
`
`TERMINAL
`
`M
`
`
`
`TARP PACKET
`
`140
`
`LINK
`KEY
`
`FIG. 2
`
`5
`
`Petitioner Apple Inc. - Exhibit 1001, p. 5
`
`5
`
`Petitioner Apple Inc. - Exhibit 1001, p. 5
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 3 of 40
`
`US 7,418,504 B2
`
`2°73
`
`207b
`
`207c
`
`207d
`
`° ° °
`
`|]i|li|1i— ° ° '
`
`\ 330 SESSION-KEY-ENCRYPTED
`PAYLOAD DATA
`
`‘\ 340 TARP PACKET WITH
`ENCRYPTED PAYLOADS
`
`‘\350 LINK-KEY-ENCRYPTED
`TARP PACKETS
`
`"
`
`'7':
`
`‘\3eo IP PACKETS w/
`ENCRYPTED TARP
`PACKETS AS PAYLOAD
`
`TARP
`DESTINATION
`
`
`
`
`
`
`
`Petitioner Apple Inc. - Exhibit 1001, p. 6
`
`6
`
`Petitioner Apple Inc. - Exhibit 1001, p. 6
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 4 of 40
`
`US 7,418,504 B2
`
`207b
`207a
`A‘
`I]i—fl-I13-‘-2 ‘ ° '
`
`207d
`
`- - 0
`
`/300 DATA STREAM
`
`207c
`
`
`
`'
`
`
`
`‘\520BLOCK-ENCRYPTED
`(SESSION-KEY) PAYLOAD
`SEQUENCE
`‘\522 ENCRYPTED BLOCK
`DIVIDED INTO PAYLOADS
`
`ii
`
` "A
`
`- 3' ‘\523 ENCRYPTED BLOCK
`D|V|DED INTO PAYLOADS
`INTERLEAVED
`
`"::“‘.""'*'3" ‘\523 ENCRYPTED BLOCK
`DIVIDED mm PAYLOADS
`INTERLEAVED
`
` 3' ‘\34o TARP PACKETS WITH
`ENCRYPTED PAYLOADS
`
`7
`
`Petitioner Apple Inc. - Exhibit 1001, p. 7
`
`7
`
`Petitioner Apple Inc. - Exhibit 1001, p. 7
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 5 of 40
`
`US 7,418,504 B2
`
` TARP TRANSCEIVER
`M
`
`NETWORK (IP) LAYER
`M
`
`
`
`A
`
`III
`
`ONE ALTERNATIVE T0
`COMHNE
`TARP PROCESSING
`WITH O/S IP
`PROCESSOR
`
`TARP LAYER
`fl
`
`
`
`DATA LINK LAYER
`fl
`
`OTHERALTERNATIVE
`TO COMBINE
`TARP PROCESSING
`WITH D.L. PROCESSOR
`(e.g., BURN INTO BOARD
`
`PROM)
`
`DATA LINK
`PROTOCOL WRAPPER
`
`FIG. 4
`
`8
`
`Petitioner Apple Inc. - Exhibit 1001, p. 8
`
`8
`
`Petitioner Apple Inc. - Exhibit 1001, p. 8
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 6 of 40
`
`US 7,418,504 B2
`
`S0
`
`S2
`
`93
`
`
`
`BACKGROUND LOOP - DECOY
`GENERATION
`
`AUTHENTICATE TARP
`PACKET
`
`
`
`OUTER LAYER DECRYPTION
`or TARP PACKET USING
`LINK KEY
`
`DUMP DECOY
`
`
`
`
`
`
`
`CHECK FOR DECOY AND
`INCREMENT PERISHABLE
`
`DECOY COUNTER AS
`
`APPROPRIATE
`
`TRANSMIT DECOY?
`
`S5
`
`YES
`
`NO
`
`DECREMENT
`TTL TTL > 0?
`
`YES
`
`DETERMINE DESTINATION
`TARP ADDRESS AND STORE
`LINK KEY AND IP ADDRESS
`
`GENERATE NEXT-HOP TARP
`ADDRESS AND STORE LINK
`KEY AND IF ADDRESS
`
`38
`
`GENERATE NEXT-HOP TARP
`ADDRESSAND STORE LINK
`KEYANDIPADDRESS
`
`GENERATE IP HEADER
`AND TRANSMIT
`
`310
`
`S11
`
`FIG. 5
`
`9
`
`Petitioner Apple Inc. - Exhibit 1001, p. 9
`
`9
`
`Petitioner Apple Inc. - Exhibit 1001, p. 9
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 7 of 40
`
`US 7,418,504 B2
`
`BACKGROUND LOOP - DECOY
`GENERATION
`
`GROUP RECEIVED IP PACKETS
`INTO INTERLEAVE WINDOW
`
`DETERMINE DESTINATION TARP
`ADDRESS, INITIALIZE TTL, STORE
`IN TARP HEADER
`
`RECORD WINDOW SEQ. NOS. AND
`INTERLEAVE SEQ. NOS. IN TARP
`HEADERS
`
`CHOOSE FIRST HOP TARP
`ROUTER, LOOK UP IPADDRESS
`AND STORE IN CLEAR IP HEADER,
`OUTER LAYER ENCRYPT
`
`INSTALL CLEAR IP HEADER AND
`TRANSMIT
`
`FIG. 6
`
`10
`
`Petitioner Apple Inc. - Exhibit 1001, p. 10
`
`10
`
`Petitioner Apple Inc. - Exhibit 1001, p. 10
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 8 of 40
`
`US 7,418,504 B2
`
`BACKGROUND LOOP - DECOY
`GENERATION
`
`AUTHENTICATE TARP PACKET
`RECEIVED
`
`EN'23EF§I},‘§I’5,§’I,IVI15,§LH¢§I(E,§EY
`
`INCREMENT PERISHABLE
`COUNTER IF DECOY
`
`THROW AWAY DECOY OR KEEP
`IN RESPONSE TO ALGORITHM
`
`CACHE TARP PACKETS UNTIL
`WINDOW IS ASSEMBLED
`
`DEINTERLEAVE PACKETS
`FORMING WINDOW
`
`DECRYPT BLOCK
`
`348
`
`DIVIDE BLOCK INTO PACKETS
`
`usme WINDOW SEQUENCE
`DATA, ADD CLEAR IP HEADERS
`GENERATED FROM TARP
`HEADERS"
`
`S49
`
`HAND COMPLETED IP PACKETS
`TO IP LAYER PROCESS
`
`350
`
`FIG. 7
`
`11
`
`Petitioner Apple Inc. - Exhibit 1001, p. 11
`
`11
`
`Petitioner Apple Inc. - Exhibit 1001, p. 11
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 9 of 40
`
`US 7,418,504 B2
`
`TEC}%i\EM\L
`301
`
`SSYN
`
`PA§;2K1ET
`
`SSYN ACK
`
`PACKET
`822
`
`SSYN ACK
`
`ACK PACKET
`823
`
`
`
`825
`SECURE SESSION
`INITIATION ACK
`
`824
`SECURE SESSION
`INITIATION
`
`12
`
`Petitioner Apple Inc. - Exhibit 1001, p. 12
`
`12
`
`Petitioner Apple Inc. - Exhibit 1001, p. 12
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 10 of 40
`
`US 7,418,504 B2
`
`CLIENT 1 /j\ TARP
`
`ROUTER
`
`TRANSMIT TABLE
`RECEIVE TABLE
`921
`924
`?\.____j L92
`
`131.218.204.98
`131.218.204.221
`131.218.204.139
`131.218.204.12
`
`0
`0
`0
`0
`
`131.218.204.65
`131.218.204.97
`131.218.204.186
`131.218.204.55
`
`131.218.204.98
`131.218.204.221
`131.218.204.139
`131.218.204.12
`
`-
`0
`0
`0
`
`131.218.204.65
`131.218.204.97
`131.218.204.186
`131.218.204.55
`
`RECEIVE TABLE
`TRANSM|T TABLE
`922
`923
`:___;j_ _g:_____
`
`131.218.204.181
`131.218.204.66
`131.218.204.201
`131.218.204.119
`
`0
`0
`0
`0
`
`131.218.204.89
`131.218.204.212
`131.218.204.127
`131.218.204.49
`
`131.218.204.161
`131.218.204.66
`131.218.204.201
`131.218.204.119
`
`0
`0
`0
`0
`
`131.218.204.89
`131.218.204.212
`131.218.204.127
`131.218.204.49
`
`13
`
`Petitioner Apple Inc. - Exhibit 1001, p. 13
`
`13
`
`Petitioner Apple Inc. - Exhibit 1001, p. 13
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 11 of 40
`
`US 7,418,504 B2
`
`FIG. 10
`
`14
`
`Petitioner Apple Inc. - Exhibit 1001, p. 14
`
`14
`
`Petitioner Apple Inc. - Exhibit 1001, p. 14
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 12 of 40
`
`US 7,418,504 B2
`
`8:
`
`8:
`
`
`
`$31ms_<m.._EZEIE
`
`
`
`
`
`gearm_2<E52%;;
`
` ._.mv_o<n_n__8”m$%22,:.53s“mafia
`
`>>_._am
`$3:
`
`Q.9%s__§a3”mm§_<n=.5mEEnm$m8<n__M958
`
`293::
`
`<5:
`
`95:
`
`<8:
`
`me:
`
`us:
`
`2:
`
`<8:
`
`ms:
`
`<8:
`
`ms:
`
`us:
`
` E51E05n__8”m$§<>>_._.538_m$En_<
`
`
`>>_._9;
`
`5.285EHm$§<n__.532w$§<n=$58
`Rd.m_.._
`
`
`
`2:zzzosa
`
`15
`
`S.o:
`
`
`
`
`
`$3:EVGEn=
`
`<8:
`
`ms:
`
`08:
`
`2_§a9§§<n=.532Hm$§<n=$58
`25._m_u_
`
`NE3.29%
`
`Petitioner Apple Inc. - Exhibit 1001, p. 15
`
`15
`
`Petitioner Apple Inc. - Exhibit 1001, p. 15
`
`
`
`
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 13 of 40
`
`US 7,418,504 B2
`
`Em:
`
`zo_5_E<
`
`oo._<“.022.oo._<@013:
`
`Hflfifi
`
`Efifi
`
`aiafiEm0:05%
`<o._<Ex.
`
`16
`
`Petitioner Apple Inc. - Exhibit 1001, p. 16
`
`16
`
`Petitioner Apple Inc. - Exhibit 1001, p. 16
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 14 of 40
`
`US 7,418,504 B2
`
`
`
`
`MODE
`OR
`
`HARDWARE
`
`1. PROMISCUOUS
`
`SAME FOR ALL NODES
`
`OR (F3{(mB|bEhgELY
`
`
`
`IP ADDRESSES
`
`DISCRIMINATOR FIELD
`
`CANwB§¥§§'ED
`
`°ANmB§¥,§§'ED
`
`
`
`
`CAN BE VARIED
`IN SYNC
`
`CAN BE VARIED
`IN SYNC
`
`
`
`
`
`2. PROMISCUOUS
`PER VPN
`
`
`
`F'XE°F°REAC“VP”
`
`
`
`CAN BE VARIED
`IN SYNC
`
`3. HARDWARE
`HOPPING
`
`CAN BE VARIED
`IN SYNC
`
`CAN BE VARIED
`IN SYNC
`
`17
`
`Petitioner Apple Inc. - Exhibit 1001, p. 17
`
`17
`
`Petitioner Apple Inc. - Exhibit 1001, p. 17
`
`
`
`U
`
`tHRM
`
`UA
`
`H...
`
`W
`
`7
`
`2
`
`Ezma
`
`S_32.8282
`
`Woz2:
`
`0Examm:2mQz>w$z_ms_80
`
`mace:m;_3<wzm
`EVGE32
`
`009EggMe_§a
`B.M2GE
`
`52
`
`<E8
`
`
`
`m$§<momgomn__
`
`
`
`wfiae.53n__
`
`was,2%
`
`
`
`205.2ozmi
`
`ma;2%
`
`2050..E>_i
`
`an_.
`
`18
`
`82
`
`Petitioner Apple Inc. - Exhibit 1001, p. 18
`
`18
`
`Petitioner Apple Inc. - Exhibit 1001, p. 18
`
`
`
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 16 of 40
`
`US 7,418,504 B2
`
`CURRENT IP PAIR **~~-
`
`ckpt_o «L
`ckpt_n ‘
`ckpt_r
`
`TRANSMITTER
`
`IP PAIR 1
`
`IP PAIR 2
`
`SENDER'S ISP
`
`IP PAIR 1
`
`IP PA|R2
`0
`'
`
`CURRENT IP PAIR
`
`ckpt_o
`ckpt_n
`t_I'
`
`TRANSMITTER
`
`REC|PIENT'S ISP
`
`KEPT IN SYNC FOR SENDER To RECIPIENT SYNCHRONIZER < --------------------- -->
`
`KEPT IN SYNC FOR RECIPIENT T0 SENDER SYNCHRONIZER «T»
`
`FIG. 14
`
`19
`
`Petitioner Apple Inc. - Exhibit 1001, p. 19
`
`19
`
`Petitioner Apple Inc. - Exhibit 1001, p. 19
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 17 of 40
`
`US 7,418,504 B2
`
`@
`
`@ WHEN SYNCHRONIZATION
`BEGINS TRANSMIT IRETRANSMIT
`PERIODICALLY UNTIL ACKed)
`SYNC_REQ USING NEW
`TRANSMITTER CHECKPOINT IP
`PAIR ckpt_n AND GENERATE
`NEW RECEIVER RESPONSE
`CHECKPOINT ckpI_r
`
`#
`
`# WHEN SYNC_ACK
`ARRIVES WITH INCOMING
`II;EI,IEEI,I\T‘E°,If,I’EIg,','
`CHECKPOINTIPPAIR
`ckpt_n IN TRANSMITTER
`
`SYNC_REQ
`
`IW
`
`* WHEN SYNC_REQ ARRIVES
`WITH INCOMING HEADER =
`
`RECE'VE.IfI,S3,§,I§I}Ig”I}V,NDOW
`W
`,GENERATE NEW
`CHECKPOINT IP PAIR
`ckpt_n IN RECEIVER
`-GENERATENEW
`CHECKPOINT IP PAIR
`
`USING NEW CHEC_KPO|NT
`IPPAIR CIPU
`
`FIG. 15
`
`20
`
`Petitioner Apple Inc. - Exhibit 1001, p. 20
`
`20
`
`Petitioner Apple Inc. - Exhibit 1001, p. 20
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 18 of 40
`
`US 7,418,504 B2
`
`FIG. ‘I6
`
`21
`
`Petitioner Apple Inc. - Exhibit 1001, p. 21
`
`21
`
`Petitioner Apple Inc. - Exhibit 1001, p. 21
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 19 of 40
`
`US 7,418,504 B2
`
`000
`
`—V
`
`IIIIIIIIIII
`
`
`
`
`
`O
`
`W|NDOW_SlZE
`
`
`
`
`
`
`WlNDOW_S|ZE
`
`VIIIIIIIIIIIA
`VIIIIIIIIIIIA
`TIIIIIIIIIIA.
`WIIIIIIIIIIA
`WIIIIIIIIIIA
`O
`
`
`
`
`
`VIIIIIIIIIIIA
`VIIIIIIIIIIJ
`VIIIIIIIIIIIA
`
`
`VIIIIIIIIIIIA
`
`FIG. 17
`
`22
`
`Petitioner Apple Inc. - Exhibit 1001, p. 22
`
`22
`
`Petitioner Apple Inc. - Exhibit 1001, p. 22
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 20 of 40
`
`US 7,418,504 B2
`
`—V
`
`IIIIIIIIIIA
`
`WIIIIIIIIIIA
`VIIIIIIIIIIIA
`VIIIIIIIIIIIA
`WIIIIIIIIIIA
`WIIIIIIIIIIA
`
`000
`
`W|NDOW_S|ZE
`
`WINDOWE
`
`O
`
`23
`
`Petitioner Apple Inc. - Exhibit 1001, p. 23
`
`23
`
`Petitioner Apple Inc. - Exhibit 1001, p. 23
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 21 of 40
`
`US 7,418,504 B2
`
`WIIIIIIIIIIA
`C
`
`000
`
`VIIIIIIIIIIA
`VIIIIIIIIIIJ
`Vlllllllllll.
`
`C
`
`W|NDOW_S|ZE
`
`711111111111 EE
`
`WIIIIIIIIIIA
`WIIIIIIIIIIA,
`
`USED
`
`555555555555
`
`
`
`111111111114
`
`FIG. 19
`
`24
`
`Petitioner Apple Inc. - Exhibit 1001, p. 24
`
`24
`
`Petitioner Apple Inc. - Exhibit 1001, p. 24
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 22 of 40
`
`US 7,418,504 B2
`
`
` COMPUTER #2
`
`
`
`
` COMPUTER #1
`
`25
`
`Petitioner Apple Inc. - Exhibit 1001, p. 25
`
`25
`
`Petitioner Apple Inc. - Exhibit 1001, p. 25
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 23 of 40
`
`US 7,418,504 B2
`
`AD TABLE
`
`IP2
`
`IP1
`IP3
`
`
`
`2101
`
`2102
`
`2103
`
`2104
`
`IPA
`
`
`LINK DOWN
`
`BE TABLE
`
`
`DZ
`2105
`
`BF TABLE
`
`2106
`
`2107
`
`2108
`
`2109
`
`26
`
`Petitioner Apple Inc. - Exhibit 1001, p. 26
`
`26
`
`Petitioner Apple Inc. - Exhibit 1001, p. 26
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 24 of 40
`
`US 7,418,504 B2
`
`
`
` MORE THAN
`
`ONE TRANSMITTER
`TURNED ON?
`
`
`
`PATH X
`
`QUALITY < THRESHOLD?
`
`N0
`
`SET WEIGHT
`TO MIN. VALUE
`
`
`
`
`
`PATH X
` DECREASE WEIGHT
`WEIGHT LESS THAN
`FOR PATH X
`STEADY STATE
` 2208
`VALUE?
`
`
`
`INCREASE
`WEIGHT FOR PATH X
`TOWARD STEADY
`STATE VALUE
`
`
`
`ADJUST WEIGHTS
`FOR REMAINING
`PATHS SO THAT
`WEIGHTS EQUAL ONE
`
`FIG. 22A
`
`27
`
`Petitioner Apple Inc. - Exhibit 1001, p. 27
`
`27
`
`Petitioner Apple Inc. - Exhibit 1001, p. 27
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 25 of 40
`
`US 7,418,504 B2
`
`(EVENT) TRANSMITTER
`FOR PATH x
`TURNS OFF
`
`
`
`
`2210
`
`DROP ALL PACKETS
`UNTIL ATRANSMITTER
`TURNS 0N
`
`
`
`
`
`AT LEAST
`ONE TRANSMITTER
`TURNED ON?
`
`
`
`
`
`SET WEIGHT
`TO ZERO
`
`ADJUST WEIGHTS
`FOR REMAINING PATHS
`
`SO THAT WEIGHTS
`EQUAL ONE
`
`FIG. 22B
`
`28
`
`Petitioner Apple Inc. - Exhibit 1001, p. 28
`
`28
`
`Petitioner Apple Inc. - Exhibit 1001, p. 28
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 26 of 40
`
`US 7,418,504 B2
`
`
`
`2302
`
`PATH x1
`
`PATH X2
`
`
`
`2308
`
`TRANSMIT TABLE
`3
`D
`EE'='
`———
`
`
`
`PACKET
`
`TRANSMITTER
`
`PATH X4
`
`
`
`Zfj
`
`2301
`
`
`
`w (X1) = 0.2
`
`w (x2) = 0.1
`
`w (x3) = 0.6
`
`w (x4) = 0.1
`
`
`
`
`
`LINK QUALITY
`MEASUREMENT
`FUNCTION
`
`FIG. 23
`
`29
`
`Petitioner Apple Inc. - Exhibit 1001, p. 29
`
`29
`
`Petitioner Apple Inc. - Exhibit 1001, p. 29
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 27 of 40
`
`US 7,418,504 B2
`
`2403
`
`2404
`
`2402
`
`9 100Mb/s MESST=32 9
`
`
`
`COMPUTER
`
`9 25Mb/s MESS T =8
`
`FIG. 24
`
`
`
`
`COMPUTER
`
`30
`
`Petitioner Apple Inc. - Exhibit 1001, p. 30
`
`30
`
`Petitioner Apple Inc. - Exhibit 1001, p. 30
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 28 of 40
`
`US 7,418,504 B2
`
`2502
`
`
`
`DNS RESP
`
`PAGE REQ
`
`
`
`PAGE RESP
`
`
`
`FIG. 25
`(PRIOR ART)
`
`31
`
`Petitioner Apple Inc. - Exhibit 1001, p. 31
`
`2501
`
`2504
`
`0 WEB
`BROWSER
`
`
`
`31
`
`Petitioner Apple Inc. - Exhibit 1001, p. 31
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 29 of 40
`
`US 7,418,504 B2
`
` DNS
`SERVER
`
`2602
`
`
`
`
`
`WEB
`BROWSER
`
`
`
`GATE KEEPER
`
`-HOPPING —ULES
`
`
`
`UNSECURE
`TARGET
`SITE
`
`2611
`
`FIG. 26
`
`32
`
`Petitioner Apple Inc. - Exhibit 1001, p. 32
`
`32
`
`Petitioner Apple Inc. - Exhibit 1001, p. 32
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 30 of 40
`
`US 7,418,504 B2
`
`
`
` RECEIVE
`DNS REQUEST
`FOR TARGET SITE
`
`
`
`USER
`AUTHORIZED TO
`CONNECT?
`
`
`
`
`RETURN
`"HOST UNKNOWN"
`ERROR
`
`FIG. 27
`
`33
`
`Petitioner Apple Inc. - Exhibit 1001, p. 33
`
`2701
`
`2706
`
`33
`
`Petitioner Apple Inc. - Exhibit 1001, p. 33
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 31 of 40
`
`US 7,418,504 B2
`
`2803
`
`HOST
`
`EDGE
`ROUTER
`
` 2801
`COMPUTER #1
`
`2804
`
`
`
`HOST
`COMPUTER #2
`
`FIG. 28
`
`34
`
`Petitioner Apple Inc. - Exhibit 1001, p. 34
`
`34
`
`Petitioner Apple Inc. - Exhibit 1001, p. 34
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 32 of 40
`
`US 7,418,504 B2
`
` HOSTCOMPUTER#1
`
`EDGE
`ROUTER
`
`
`
`HOSTCOMPUTER#2
`
` TX
`
`RX
`
`2902
`
`2903
`
`FIG. 29
`
`35
`
`Pefifionerflqnflelnc.-EXhflflt1001,p.35
`
`35
`
`Petitioner Apple Inc. - Exhibit 1001, p. 35
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 33 of 40
`
`US 7,418,504 B2
`
`$:_zwzs:
`
`w>_§m
`
`$525
`
`3%
`
`9285
`
`om.®_u_
`
`5%wsmzmo
`
`36
`
`Petitioner Apple Inc. - Exhibit 1001, p. 36
`
`36
`
`Petitioner Apple Inc. - Exhibit 1001, p. 36
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 34 of 40
`
`US 7,418,504 B2
`
`3103
`
`CLIENT #2
`
`HACKER
`
`
`
`3102
`
`3105
`
`TXIRX
`
`TX/RX
`
`TXIRX
`
`
`
`FIG. 31
`
`37
`
`Petitioner Apple Inc. - Exhibit 1001, p. 37
`
`37
`
`Petitioner Apple Inc. - Exhibit 1001, p. 37
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 35 of 40
`
`US 7,418,504 B2
`
`CLIENT
`
`SERVER
`
`SEND DATA PACKET
`
`USING ckpI_n
`CKPT_0=ckpI_n
`GENERATE NEW ckpI_n
`SJTART TIMER, SHUTTRANSMITTER
`
`F
`
`IF CKPT_O IN SYNC_ACK
`MATCHES TRANSMITTER'S
`
`ckpt_o
`UPDATE RECEIVER‘S
`ckpt_r
`KILLTIMER, TURN
`TRANSMITTER ON
`
`SEND DATA PACKET
`USING ckpt_n
`ckpt_o=ckpt_n
`GENERATE NEW ckpI_n
`START TIMER, SHUT TRANSMITTER
`OFF
`
`WHEN TIMER EXPIRES
`TRANSMIT SYNC_REQ
`USING TRANSMITTERS
`
`ckpt_o, START TIMER
`
`IF ckpt_o IN SYNC_ACK
`MATCHES TRANSMITTER'S
`
`ckpt_o
`UPDATE RECEIVER'S
`
`ckpI_r
`KILL TIMER, TURN
`TRANSMITTER ON
`
`SYNC‘REQ
`
`FIG. 32
`
`PASS DATA UP STACK
`ckpI_o=ckpI_n
`GENERATE NEW ckpt_n
`GENERATE NEW ckpt_r FOR
`TRANSMITTER SIDE
`TRANSMIT SYNC_ACK
`CONTAINING ckpt_o
`
`ckpt_o=ckpI_n
`GENERATE NEW ckpI_n
`GENERATE NEW ckpI_r FOR
`TRANSMITTER SIDE
`
`TRANSMIT SYNC_ACK
`CONTAINING ckpt_o
`
`38
`
`Petitioner Apple Inc. - Exhibit 1001, p. 38
`
`38
`
`Petitioner Apple Inc. - Exhibit 1001, p. 38
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 36 of 40
`
`US 7,418,504 B2
`
`III
`
`mz§z_
`
`S8
`
`88
`
`:822
`
`$8
`
`98._<Eo._
`
`mmsam
`
`Ema;
`
`8%
`
`mzaem
`
`
`
`s_ooE.<_._o.__<s_.m_ESE$.me_E5
`
`28
`
`:82828:8
`
`%
`
`gm8.0_u_
`
`>Es_8m.
`
`IL«N8
`
`fimgog
`
`wsaw8
`
`z_.2E
`
`3%
`
`39
`
`Petitioner Apple Inc. - Exhibit 1001, p. 39
`
`39
`
`Petitioner Apple Inc. - Exhibit 1001, p. 39
`
`
`
`
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 37 of 40
`
`US 7,418,504 B2
`
`3400
`
`LAUNCH LINK TO
`.COM SITE
`
`3404
`
`3401
`
`DISPLAY WEB PAGE
`CONTAINING GO
`SECURE HYPERLINK
`
` %
`
`3405
`
`3406
`
`
`
`DOWNLOAD AND
`INSTALL PLUG-IN
`
`CLOSE CONNECTION
`
`AUTOMATIC REPLACEMENT OF TOP-LEVEL
`DOMAIN NAME WITH SECURE TOP-LEVEL
`DOMAIN NAME
`
`3407
`
`3412
`
`DISPLAY "SECURE" ICON
`
`3413
`
`
`
`N0
`
`
`CONNECTION
`
`'
`YES
`REPLACESECURETOHEVEL
`DOMAIN NAME WITH NON-SECURE
`TOP-LEVEL DOMAIN NAME
`
`3414
`
`3415
`
`DISPLAY “G0 SECURE“ HYPERLINK
`
`E1
`
`ACCESS SECURE PORTALAND
`
`SECURE NETWORKANDSECUREDNS
`
`3403
`
`OBTAIN SECURE COMPUTER NETWORK
`ADDRESS FOR SECURE WEB SITE
`
`ACCESS GATE KEEPER AND RECEIVE
`PARAMETERS FOR ESTABLISHING VPN
`WE“ SECURE WEBSITE
`
`CONNECTTOSECUREWEBSITE
`USINGVPN BASEDON PARAMETERS
`ESTABLISHEDBYGATE KEEPER
`
`3409
`
`3410
`
`3411
`
`40
`
`Petitioner Apple Inc. - Exhibit 1001, p. 40
`
`40
`
`Petitioner Apple Inc. - Exhibit 1001, p. 40
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 38 of 40
`
`US 7,418,504 B2
`
`3500
`
`\*
`
`
`REQUESTORACCESSES WEBSITE
`
`AND LOGS INTO SECURE
`DOMAIN NAME REGISTRY SERVICE
`
`3501
`
`REQUESTER COMPLETES ONLINE
`REGISTRATION FORM
`
`
`
`
`QUERY STANDARD DOMAIN NAME
`SERVICE REGARDING OWNERSHIP
`OF EQUIVALENT NON-SECURE
`DOMAIN NAME
`
`RECEIVE REPLY FROM STANDARD
`DOMAIN NAME REGISTRY
`
` 3505
`
`NO
`
`INFORM REQUESTOR
`OF CONFLICT
`
`3506
`
`
`
`VERIFY INFORMATION AND
`ENTER PAYMENT INFORMATION
`
`3507
`
`REGISTER SECURE DOMAIN NAME
`
`
`
`3508
`
`FIG. 35
`
`41
`
`Petitioner Apple Inc. - Exhibit 1001, p. 41
`
`
`
`41
`
`Petitioner Apple Inc. - Exhibit 1001, p. 41
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 39 of 40
`
`US 7,418,504 B2
`
` 3611
` 3610
`
`WEB SERVER
`
`SERVER PROXY
`
`VPN GUARD
`
`
`
`COMPUTER NETWORK
`
`3602
`
`FIREWALL
`
`3601
`
`3600
`
`3606
`
`3605
`
`
`
`| BROWSER I PROXYAPPLICATION I
`
`3607
`
`CLIENT COMPUTER
`
`3604
`
`FIG. 36
`
`42
`
`Petitioner Apple Inc. - Exhibit 1001, p. 42
`
`42
`
`Petitioner Apple Inc. - Exhibit 1001, p. 42
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 40 of 40
`
`US 7,418,504 B2
`
`GENERATE MESSAGE PACKETS
`
`3701
`
`cox:c:O
`
`/
`
`MODIFY MESSAGE PACKETS WITH PRIVATE
`CONNECTION DATA AT AN APPLICATION LAYER
`
`3702
`
`SEND TO HOST COMPUTER
`THROUGH FIREWALL
`
`RECEIVE PACKETS AND AUTHENTICATE
`AT KERNEL LAYER OF HOST COMPUTER
`
`RESPOND TO RECEIVED MESSAGE
`PACKETS AND GENERATE REPLY
`MESSAGE PACKETS
`
`MODIFY REPLY MESSAGE PACKETS WITH
`PRIVATE CONNECTION DATA AT A
`KERNEL LAYER
`
`SEND PACKETS TO CLIENT COMPUTER
`THROUGH FIREWIRE
`
`RECEIVE PACKETS AT CLIENT
`COMPUTER AND AUTHENTICATE AT
`APPLICATION LAYER
`
`FIG. 37
`
`43
`
`3703
`
`3704
`
`3705
`
`3705
`
`3707
`
`3708
`
`Petitioner Apple Inc. - Exhibit 1001, p. 43
`
`43
`
`Petitioner Apple Inc. - Exhibit 1001, p. 43
`
`
`
`US 7,418,504 B2
`
`1
`AGILE NETWORK PROTOCOL FOR SECURE
`COMMUNICATIONS USING SECURE
`DOMAIN NAMES
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`
`This application claims priority from and is a continuation
`patent application of U.S. application Ser. No. 09/558,210,
`filed Apr. 26, 2000 now abandoneed, which is a continuation-
`in-part patent application ofpreviously-filed U.S. application
`Ser. No. 09/504,783, filed on Feb. 15, 2000, now U.S. Pat. No.
`6,502,135, issued Dec. 31, 2002, which claims priority from
`and is a continuation-in-part patent application ofpreviously-
`filed U.S. application Ser. No. 09/429,643, filed on Oct. 29,
`1999 now U.S. Pat. No. 7,010,604. The subject matter ofU.S.
`application Ser. No. 09/429,643, which is bodily incorporated
`herein, derives from provisional U.S. application Nos.
`60/106,261 (filed Oct. 30, 1998) and 60/137,704 (filed Jun. 7,
`1999). The present application is also related to U.S. appli-
`cation Ser. No. 09/558,209, filed Apr. 26, 2000, and which is
`incorporated by reference herein.
`
`GOVERNMENT CONTRACT RIGHTS
`
`This invention was made with Government support under
`Contract No. 360000-1999-000000-QC-000-000 awarded by
`the Central Ir1telliger1ce Agency. The Government l1as certain
`rights in the invention.
`
`BACKGROUND OF THE INVENTION
`
`A tremendous variety of methods have been proposed and
`implemented to provide security and anonymity for commu-
`nications over the Internet. The variety stems, in part, from the
`different needs of different Ir1ten1et users. A basic heuristic
`
`framework to aid in discussing these different security tech-
`niques is illustrated in FIG. 1. Two terminals, an originating
`terminal 100 and a destination terminal 110 are in communi-
`cation over the Internet. It is desired for the communications
`
`to be secure, that is, immune to eavesdropping. For example,
`terminal 100 may transmit secret information to terminal 110
`over the Internet 107. Also, it may be desired to prevent an
`eavesdropper from discovering that terminal 100 is in coin-
`munication with terminal 1 10. For example, ifterminal 1 00 is
`a user and terminal 110 hosts a web site, terminal 100’s user
`may not want anyone in the intervening networks to know
`what web sites he is “visiting.” Anonymity would thus be an
`issue, for example, for companies that want to keep their
`market research interests private and thus would prefer to
`prevent outsiders from knowing which web-sites or other
`Internet resources they are “visiting.” These two security
`issues may be called data security and anonymity, respec-
`tively.
`Data security is usually tackled using some form of data
`encryption. An encryption key 48 is known at both the origi-
`nating and terminating terminals 100 and 110. The keys may
`be private and public at the originating and destination termi-
`nals 100 and 110, respectively or they may be symmetrical
`keys (the smile key is used by botl1 parties to encrypt and
`decrypt). Many encryption methods are known and usable in
`this context.
`To hide trafiic from a local administrator or ISP, a user can
`employ a local proxy server in communicating over an
`encrypted channel with an outside proxy such that the local
`administrator or ISP only sees the encrypted trafiic. Proxy
`servers prevent destination servers from determining the
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`
`identities of the originating clients. This system employs an
`intermediate server interposed between client and destination
`server. The destination server sees only the Internet Protocol
`(IP) address ofthe proxy server and not the originating client.
`The target server only sees the address of the outside proxy.
`This scheme relies on a trusted outside proxy server. Also,
`proxy schemes are vulnerable to trafiic analysis methods of
`determining identities of transmitters and receivers. Another
`important limitation of proxy servers is that the server knows
`the identities of both calling and called parties. In many
`instances, an originating terminal, such as terminal A, would
`prefer to keep its identity concealed from the proxy, for
`example, ifthe proxy server is provided by an Internet service
`provider (ISP).
`To defeat traffic analysis, a scheme called Chaum’s mixes
`employs a proxy server that transmits and receives fixed
`length messages, including dummy messages. Multiple origi-
`nating terminals are connected through a mix (a server) to
`multiple target servers. It is