US 7,418,504 B2
`Page 3
`
`W.Stallings, “New Cryptography and Network Secusity Book”, Jun.
`8, 1998, 3 pages,
`Tasbender,Kesdogan, and Kubitz: “Variable and Scalable Security:
`Protection ofLocation Information in Mebile IP”, IEEE publication,
`1996, pp. 963-967.
`Linux FreeS/WAN Index File, printed fromhlip:“liberly. frocswan.
`org/freeswan trees/frceswan-|.3/do¢/ on Feb. 21, 2002, 3 Pages.
`J. Gilmore, “Swan: Securing the Internet against Wiretapping”,
`printed from http://libertytrecswan.org/freeswan__ trees/freeswan-
`1.3/doc/rationale.html on Feb. 21, 2002, 4 pages.
`Glossary for the Linux FreeS/WAN project, printed from http://
`libertyfreeswan.org/freeswan_—_
`treea/freeswan-13/doc/glossary.
`html on Feb. 21, 2002, 25 pages,
`Alan O, Frier et al., “The SSL Protocol Version 3.0’, Nov. 18, 1996,
`printed from http://;www.netscape.com/eng/ss13/dratt302,txt on Feb,
`4, 2002, 56 pages.
`Search Report (dated Aug. 20, 2002), International Application No.
`PEeT/Us01/04340.
`Search Report (dated. Aug. 23, 2002), Laternational Application No.
`PCT/US01/13266.
`Shree Murthyet al., “Congestion-Oriented Shartest Multipath Rout-
`ing”, Proceedings of IEEE INFOCOM,1596, pp. 1028-1036.
`Jim Jones et al., “Distributed Denial of Service Attacks: Defonges’’,
`Global Integrity Corporation, 2060, pp. 1-14.
`James E. Bellaire, ‘New Statoment of Rules—Naming Internet
`Domains", Internet Newsgroup, Jul. 30, 1995, 1 page.
`D. Clark, “LIS Calls for Private Domain-Name System’’, Computer,
`IEEE Computer Society, Aug. 1, 1998, pp. 22-24.
`August Bequai, “Balancing Legal Concerns Over Crime and Security
`in Cyberspace”, Computer & Security, vol. 17, No, 4, 1998, pp.
`293-298.
`Rich Winkel, “CAQ: Networkinig With Spuoks: The NET & The
`Control Of Information”, Internet Newsgroup, Jun. 21, 1997, 4
`pages.
`
`Search Report (dated Oct, 7, 2002), International Application No.
`PCT/US01/1326 1,
`
`I, Halsall, “Data Communications, Computer Networks And Open
`Systems”, Chapter 4, Protocot Basics, 1996, pp. 198-203.
`Reiter, Michael K. and Rubin, Aviel D. (AlecLabs—Research),
`“Crowds: Anonymity for Web Transmissoins”, pp. 1-23,
`Dolev, Shlomi and Ostrovsky, Rafil, “Efficient Anonymous Multicast
`and Reception”(Extended Abstract), 16 pages.
`Rubin, Aviel D., Greer, Danicl, and Ranum, Marcus J. (Wiley Com-
`puter Publishing), “Web Security Sourcebook”, pp. §2-94.
`Fasbender, Kesdogan, and Kubitz: “Variable and Scalable Security”
`Protection of Location Information in Mobile IP, IEEE publication,
`1996, pp. 963-967.
`Eastlake, D. E., “Domain Name System Security Extensions’,
`Internet Draft, Apr. 1998, XP002 199931, Sections 1, 2.3 and 2.4,
`RFC 2401 (dated Nov, 1998) Security Architecture for the Intemet
`Protocol (RTP).
`RFC 2543-SIP (dated Mar. 1999): Session Initiation Pratocol (SIP or
`SIPS).
`Search Report, IPER (dataed Nov. 13, 2002), International Applica-
`tion No. PCT/US01/04340.
`Search Repoat, [PER (dated Feb. 6, 2002), Intemational Application
`No. PCT/US61/13261.
`
`Search Report, [PER (dated Jan. 14, 2003), Intemational Application
`No. PCT/LJS0 1/13260.
`
`Shankur, A.U. “Averified sliding window protoco! with variable flow
`control”, Proceedings of ACM SIGCOMM conference on Commu-
`nications architectures & protocols. pp. $4-91, ACM Press, NY, NY
`1986.
`
`W. Stallings, “Crytography and Network Security”, 2nd, Edition,
`Chapter 13, IP Security, Jun. 8, 1998, pp. 399-440.
`
`Copy provided by USPTO from the PIRS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1940
`PXO10_000004
`
`VX00056855
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1940
`
`
`Page 3
`
`W.Stallings, “New Cryptography and Network Secusity Book”, Jun.
`8, 1998, 3 pages,
`Tasbender,Kesdogan, and Kubitz: “Variable and Scalable Security:
`Protection ofLocation Information in Mebile IP”, IEEE publication,
`1996, pp. 963-967.
`Linux FreeS/WAN Index File, printed fromhlip:“liberly. frocswan.
`org/freeswan trees/frceswan-|.3/do¢/ on Feb. 21, 2002, 3 Pages.
`J. Gilmore, “Swan: Securing the Internet against Wiretapping”,
`printed from http://libertytrecswan.org/freeswan__ trees/freeswan-
`1.3/doc/rationale.html on Feb. 21, 2002, 4 pages.
`Glossary for the Linux FreeS/WAN project, printed from http://
`libertyfreeswan.org/freeswan_—_
`treea/freeswan-13/doc/glossary.
`html on Feb. 21, 2002, 25 pages,
`Alan O, Frier et al., “The SSL Protocol Version 3.0’, Nov. 18, 1996,
`printed from http://;www.netscape.com/eng/ss13/dratt302,txt on Feb,
`4, 2002, 56 pages.
`Search Report (dated Aug. 20, 2002), International Application No.
`PEeT/Us01/04340.
`Search Report (dated. Aug. 23, 2002), Laternational Application No.
`PCT/US01/13266.
`Shree Murthyet al., “Congestion-Oriented Shartest Multipath Rout-
`ing”, Proceedings of IEEE INFOCOM,1596, pp. 1028-1036.
`Jim Jones et al., “Distributed Denial of Service Attacks: Defonges’’,
`Global Integrity Corporation, 2060, pp. 1-14.
`James E. Bellaire, ‘New Statoment of Rules—Naming Internet
`Domains", Internet Newsgroup, Jul. 30, 1995, 1 page.
`D. Clark, “LIS Calls for Private Domain-Name System’’, Computer,
`IEEE Computer Society, Aug. 1, 1998, pp. 22-24.
`August Bequai, “Balancing Legal Concerns Over Crime and Security
`in Cyberspace”, Computer & Security, vol. 17, No, 4, 1998, pp.
`293-298.
`Rich Winkel, “CAQ: Networkinig With Spuoks: The NET & The
`Control Of Information”, Internet Newsgroup, Jun. 21, 1997, 4
`pages.
`
`Search Report (dated Oct, 7, 2002), International Application No.
`PCT/US01/1326 1,
`
`I, Halsall, “Data Communications, Computer Networks And Open
`Systems”, Chapter 4, Protocot Basics, 1996, pp. 198-203.
`Reiter, Michael K. and Rubin, Aviel D. (AlecLabs—Research),
`“Crowds: Anonymity for Web Transmissoins”, pp. 1-23,
`Dolev, Shlomi and Ostrovsky, Rafil, “Efficient Anonymous Multicast
`and Reception”(Extended Abstract), 16 pages.
`Rubin, Aviel D., Greer, Danicl, and Ranum, Marcus J. (Wiley Com-
`puter Publishing), “Web Security Sourcebook”, pp. §2-94.
`Fasbender, Kesdogan, and Kubitz: “Variable and Scalable Security”
`Protection of Location Information in Mobile IP, IEEE publication,
`1996, pp. 963-967.
`Eastlake, D. E., “Domain Name System Security Extensions’,
`Internet Draft, Apr. 1998, XP002 199931, Sections 1, 2.3 and 2.4,
`RFC 2401 (dated Nov, 1998) Security Architecture for the Intemet
`Protocol (RTP).
`RFC 2543-SIP (dated Mar. 1999): Session Initiation Pratocol (SIP or
`SIPS).
`Search Report, IPER (dataed Nov. 13, 2002), International Applica-
`tion No. PCT/US01/04340.
`Search Repoat, [PER (dated Feb. 6, 2002), Intemational Application
`No. PCT/US61/13261.
`
`Search Report, [PER (dated Jan. 14, 2003), Intemational Application
`No. PCT/LJS0 1/13260.
`
`Shankur, A.U. “Averified sliding window protoco! with variable flow
`control”, Proceedings of ACM SIGCOMM conference on Commu-
`nications architectures & protocols. pp. $4-91, ACM Press, NY, NY
`1986.
`
`W. Stallings, “Crytography and Network Security”, 2nd, Edition,
`Chapter 13, IP Security, Jun. 8, 1998, pp. 399-440.
`
`Copy provided by USPTO from the PIRS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1940
`PXO10_000004
`
`VX00056855
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1940
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 1 of 40
`
`US 7,418,504 B2
`
`ORIGINATING
`TERMINAL
`
`iP ROUTER
`22
`
`IP ROUTER
`34
`
`IP ROUTER
`
`IP ROUTER
`
`100
`
`
`
`
`
`
`
`IP ROUTER
`IP ROUTER
`a B
`
`INTERNET
`
`IP ROUTER
`2
`
`IP ROUTER
`28
`
`FIG. 1
`
`t
`
`Gopv provided by USPTO from the PIRS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1941
`Px010_000005
`
`VX00056856
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1941
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 2 of 40
`
`US 7,418,504 B2
`
`TARP
`TERMINAL
`
`100
`
`FIG. 2
`
`Gopy provided by USPTO from the PIRS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1942
`Px010_000006
`
`VX00056857
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1942
`
`
`
`
`
`U.S. Patent
`
`Aug.26, 2008
`
`Sheet 3 of 40
`
`US 7,418,504 B2
`
`“390 INTERLEAVED
`PAYLOAD DATA
`
`
`
`\g00 DATA STREAM
`
`
`
`
`
`
`~"~330 SESSION-KEY-ENCRYPTED
`PAYLOAD DATA
`“340 TARP PACKET WITH
`ENCRYPTED PAYLOADS
`“360 LINK-KEY-ENCRYPTED
`TARP PACKETS
`
`~*~ 360 IP PACKETS Wi
`ENCRYPTED TARP
`PACKETS AS PAYLOAD
`
`Copy provided by USPTO trom the PIRS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1943
`PX010000007
`
`VX00056858
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1943
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 4 of 40
`
`US 7,418,504 B2
`
`id ee a80 DATA STREAM
`207c
`207b
`207a
`Soo
`PlPp,|p, [~| [4 $*r-
`
`
`PE) “520 BLOCK-ENCRYPTED
`SESSION-KEY} PAYLOAD
`EQUENCE
`82:9] “599 ENCRYPTED BLOCK
`DIVIDED INTO PAYLOADS
`
`
`
`69°] 693 ENCRYPTED BLOCK
`DIVIDED INTO PAYLOADS
`INTERLEAVED
`
`SESS] “599 ENCRYPTED BLOCK
`DIVIDED INTO PAYLOADS
`INTERLEAVED
` EES] “\340 TARP PACKETS WITH
`ENCRYPTED PAYLOADS
`
`Copy provided by USPTO trom the PIRS Image Database on 03/28/2011
`
`pxo10ooodegtitioner Apple Inc. - Exhibit 1002, p. 1944
`
`VX00056859
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1944
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 5 of 40
`
`US 7,418,504 B2
`
`TARP TRANSCEIVER
`405.
`
`410
`
` NETWORK(IP) LAYER
`
`OTHER ALTERNATIVE
`TO COMBE
`TARP PROCESSING
`WITH D.L PROCESSOR
`(e.9., BURNSHINTOBOARD
`
`DATALINK LAYER
`430.
`
`ONE ALTERNATIVE TO
`
`TARP PROCESSING
`PROCESSOR
`
`WITH O/S IP
`
`DATA LINK
`PROTOCOL WRAPPER
`
`Copy provided by USPTO from the PIRS Imaqe Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1945
`Px010000009
`
`VX00056860
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1945
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 6 of 40
`
`US 7,418,504 B2
`
`
`
`
`BACKGROUND LOOP- DECOY
`GENERATION
`
`OUTER LAYER DECRYPTION
`TARP PACKET US
`=Q@
`
`DUMP DECOY
`
`CHECK FOR DECOY AND
`INCREMENT PERISHABLE
`DECOY COUNTER AS
`
`APPROPRIATE
`
`TRANSMIT DECOY?
`
`YES
`
`DECREMENT
`TILTTL> 0?
`
`$5
`
`aT
`
`
`
`AUTHENTICATE TARP
`PACKET
`
`
` Oo“TN
`_ =EP a£2 mi-—<
`
`
`
`
`DETERMINE DESTINATION
`TARP ADDRESS AND STORE
`LINK KEY AND IP ADDRESS
`
`
`
`
`
`
`GENERATE NEXT-HOP TARP
`ADDRESS AND STORELINK
`KEY AND iP ADDRESS
`
`GENERATE NEXT-HOP TARP
`ADDRESS AND STORE LINK
`KEYAND IP ADDRESS
`
`
`
`
`
`
`FIG. 5
`
`GENERATEIP HEADER
`AND TRANSMIT
`
`Copy provided by USPTOfrom the PIRS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1946
`Pxa10_000010
`
`VX00056861
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1946
`
`
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 7 of 40
`
`US 7,418,504 B2
`
`TRANSMIT
`
`BACKGROUNDLOOP - DECOY
`GENERATION
`
`GROUP RECEIVED IP PACKETS
`INTO INTERLEAVE WINDOW
`
`DETERMINE DESTINATION TARP
`ADDRESS,INITIALIZE TTL, STORE
`IN TARP HEADER
`
`RECORD WINDOW SEQ. NOS, AND
`INTERLEAVE SEQ. NOS. IN TARP
`HEADERS
`
`CHOOSE FIRST HOP TARP
`ROUTER, LOOK UP IPADDRESS
`AND STORE IN CLEAR IP HEADER,
`OUTER LAYER ENCRYPT
`
`INSTALL CLEARIP HEADER AND
`
`FIG. 6
`
`Copy provided by USPTO irom the PIRS Imanae Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1947
`Px010000011
`
`VX00056862
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1947
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 8 of 40
`
`US 7,418,504 B2
`
`
`
`DIVIDE BLOCK INTO PACKETS
`USING WINDOW SEQUENCE
`DATA, ADD CLEAR IP HEADERS
`GENERATED FROM TARP
`HEADERS
`
`[gag
`
`HAND COMPLETED IP PACKETS
`TO IP LAYER PROCESS
`
`$50
`
`BACKGROUND LOOP - DECOY
`
`GENERATION
`
`S40
`
`$42
`
`AUTHENTICATE TARP PACKET|
`RECEIVED
`
`DECRYPT OUTER LAYER
`ENCRYPTION WITH LINK KEY
`
`343
`
`INCREMENT PERISHABLE
`COUNTER IF DECOY
`
`544
`
`THROW AWAY DECOY OR KEEP
`IN RESPONSE TO ALGORITHM
`
`345
`
`CACHE TARP PACKETS UNTIL
`WINDOW IS ASSEMBLED
`
`346
`
`DEINTERLEAVE PACKETS
`FORMING WINDOW
`
`DECRYPTBLOCK
`
`447
`
`sis
`
`FIG. 7
`
`Copy provided by USPTO Trom the PIRS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1948
`Pxo010000012
`
`VX00056863
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1948
`
`
`
`U.S. Patent
`
`Aug, 26, 2008
`
`Sheet 9 of 40
`
`US 7,418,504 B2
`
`TERMINAL
`804
`
`SSYN
`
`PACKET
`
`synACK
`SSACKET
`
`SSYNACK
`ACK PACKET
`
`a 823 824
`
`INITIATION ACK
`
`SECURESESSION
`FIG. 8
`
`SECURE SESSION
`
`INITIATION
`
`Copy provided by USPTO from the PIRS Imade Database an 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1949
`Px010_000013
`
`VX00056864
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1949
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 10 of 40
`
`US 7,418,504 B2
`
`TRANSMIT TABLE
`921
`
`RECEIVE TABLE
`924
`aN
`
`134.218.204.983 ©=131.218.204.65 131.218.204.98 » 131.218.204.685
`
`
`
`
`
`131.218.204.224 ©==131.218.204.97 131.218.204.221 «© 131.218.204.97
`
`
`
`131.218.204.139 ©=131.248.204.186© 134,218.204,.186 131.218.204.139
`
`
`
`
`
`134.218.204.12 ©=131.218,204.55 131.218.204.12 © 131.218.204.55
`
`
`
`RECEIVE TABLE
`TRANSMIT TABLE
`922
`923
`NN
`
`131.218.204.161 ©—131.218.204.89 ©=131.218.204.89131.218.204.161
`
`
`
`
`131.218.204.66 ©=134.248.204.212 ©=134.218.204.212131.218.204.66
`
`
`
`131.218.204.201 e=131.218.204.127 131.218.204.201 © 134.218.204.127
`
`
`
`
`131.218.204.119 *=131.218.204.49 e=134.218.204.49131.218.204.119
`
`
`Copy provided by USPTO from the PIRS Imade Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1950
`Pxo10_000014
`
`VX00056865
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1950
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 11 of 40
`
`US 7,418,504 B2
`
`1001
`
` CLIENT
`
`FIG. 10
`
`Copy provided by USPTO from the PIAS Imaae Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1951
`Px010_000015
`
`VX00056866
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1951
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 12 of 40
`
`US 7,418,504 B2
`
`ou
`
`GEOL
`
`fal
`CHOVOTAYdL#OWOTAYd
`0914OSH
`
`__COSYHSQVSHL3NoVddi
`JOHedi
`aeTTWUOSrf
`
`veotySSRIOGYal30uN0Scoll
`aFhSSHUCQYdl1830
`11SSRRCQYdleeZ0HN
`QV}|OHIO|d68‘SSIHCGVMH'L$30
`
`
`USCV3HSAVYLSNH3HL4
`69SSSHOCYMH“DHS
`_b(SHWIHOSIC
`GbSSdUCYdl“L830
`
`c#OWOTAVd
`
`Lah
`
`Copy provided by USPTO from the PIRS Imace Database on 03/28/2011
`
`Petitioner A
`PXO10_000016
`
`pple Inc. - Exhibit 1002, p. 1952
`
`VX00056867
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1952
`
`
`
`
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 13 of 40
`
`US 7,418,504 B2
`
`OSTYdOHMH|COTYdOKMH
`ometalmeNOILWONdd¥
`Xu)XL)
`VOWdOHd!|POWdOHdl
`
`Yas
`
`=
`
`aa
`
`Ql) JOTWSOHMH|FOVdO!VOWdhl
`
`¥cl
`ols
`
`OZ)
`
`bet
`
`QOWdOHMH
`
`600xe021
`
`Copy provided by USPTO trom the PIRS Image Database on 03/28/2011
`
`Petitioner A
`PxX010.000017
`
`pple Inc. - Exhibit 1002, p. 1953
`
`VX00056868
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1953
`
`
`
`
`
`U.S. Patent
`
`Aug.26, 2008
`
`Sheet 14 of 40
`
`US 7,418,504 B2
`
`
`
`
`
`
`
`
`1, PROMISCUOUS
`
`2. PROMSCLOUS
`
`ER VPN
`
`
`
`ORCOMPLETELY
`
`CANBEVARIED
`
`CANBEVARIED
`
`
`
`CANgeSiRIeD
`
`CAN BE
`
`VARIED
`
`
`FIXED FOR EACH VPN IN SYNC
`
`
`
`
`3. HARDWARE
`HOPPING
`
`CAN BE VARIED
`IN SYNC
`
`CANBENGRIED
`
`cayReJRleD
`
`FIG. 12B
`
`Copy provided by USPTO from the PIAS Image Datahase on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1954
`Pxo010000018
`
`VX00056869
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1954
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 15 of 40
`
`US 7,418,504 B2
`
`poet
`
`Eth
`
`elt}
`
`Oe
`
`€INSN9
`
`VINI)
`
`$$300Ud
`
`LaHOVd
`
`SA
`
`We
`|
`
`quvasid
`
`LayOyd
`
`LON
`
`€)Old
`
`
`ONASGANIENOD
`dAdO307
`
`(NOLNOdSLVAld)
`
`(NOLHOdINN)
`
`ANTWAONAS
`FWAONAS
`
`BOE}
`
`
`
`SSIUCCYJONNOSal
`
`
`
`SSSHOOY'1$30dl
`
`‘DIVONG
`
`OLE}
`
`ZOE)
`
`ADIN
`
`(ALdAMONS
`
`QVONAYd
`
`Sth
`
`OE}
`
`Copy provided by USPTO trom the PIAS Imade Database on 03/28/2011
`
`Petitioner A
`PXO10_000019
`
`pple Inc. - Exhibit 1002, p. 1955
`
`VX00056870
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1955
`
`
`
`
`
`
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 16 of 40
`
`US 7,418,504 B2
`
`CURRENTIP PAIR ~*-~__
`
`IP PAIR 1
`IP PAIR 2
`
`o s
`
`IP PAIR W
`
`ckpt_r
`RECEIVER
`
`CURRENTIP PAIR
`ckpt_o
`
`TRANSMITTER
`
`
`
`ckpt_r
`
`TRANSMITTER
`
`WINDOW
`
`IP PAIR 4
`iP PAIR 2
`
`:
`IP PAIR W
`
`RECEIVER
`
`RECIPIENT'S {SP
`SENDER'S ISP
`
`KEPTIN SYNC FOR SENDER TO RECIPIENT SYNCHRONIZER ~+----
`
`KEPT IN SYNC FOR RECIPIENT TO SENDER SYNCHRONIZER <————_-—_—______>-
`
`ew eee ee ee eee »
`
`FIG. 14
`
`Copy provided by USPTO trom the PIRS Imaqe Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1956
`PX010.000020
`
`VX000563871
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1956
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet £7 of 40
`
`US 7,418,504 B2
`
`@
`
`@ WHEN SYNCHRONIZATION
`BEGINS TRANSMIT (RETRANSMIT
`PERICDICALLY UNTIL ACKed)
`SYNC_REQ USING NEW
`TRANSMITTER CHECKPOINT IP
`PAIR ckpt_n AND GENERATE
`NEW RECEIVER RESPONSE
`CHECKPOINTckpt_r
`
`# WHEN SYNC_ACK
`ARRIVES WITH INCOMING
`HEADER= ckpt_r:
`GENERATE NEW
`CHECKPOINTIP PAIR
`ckpt_n IN TRANSMITTER
`
`SYNC_REQ
`
`I
`
` * WHEN SYNC_REQ ARRIVES
`
`W
`
`WITH INCOMING HEADER =
`RECEIVER'S ckpt_n:
`“UPDATE WINDOW
`GENERATE NEW
`CHECKPOINT IP PAIR
`ckpt_n IN RECEIVER
`«GENERATE NEW
`CHECKPOINT IP PAIR
`ckpt_rIN TRANSMITTER
`“TRANSMIT SYNC_ACK
`USING NEW CHECKPOINT
`IP PAIR ckpt_r
`
`FIG. 15
`
`Copy provided by USPTO from the PIRS Imaqe Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1957
`PX010000024
`
`VX00056872
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1957
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 18 of 40
`
`US 7,418,504 B2
`
`
`
`FIG. 16
`
`|
`
`Gopy provided by USPTO from the PIRS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1958
`PX010000022
`
`VX00056873
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1958
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 19 of 40
`
`US 7,418,504 B2
`
`000
`
`WINDOW_SIZE VASSSDLffff)
`
`WINDOW_SIZE
`
`INACTIVE
`
`ACTIVE
`ee USEO
`
`I
`
`Copy provided by USPTO trom the PIRS Image Database on 03/28/2014
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1959
`Pxo10000023
`
`VX00056874
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1959
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 20 of 40
`
`US 7,418,504 B2
`
`|_| INACTIVE
`WINDOW.SIZE
`V/\ ACTIVE
`3] USED
`
`O00
`
`WINDOW_SIZE
`
`|
`
`Copy provided by USPTO trom the PIAS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1960
`Px010000024
`
`VX00056875
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1960
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 21 of 40
`
`US 7,418,504 B2
`
`|| INACTIVE
`MNDOWSLES CLSDZZ
`7) ACTNE
`IDIIDLAAT
`VIDIDIDLIAID)
`VIDIPIPILLA)
`VIDPPDAPIALD?)
`
`eu] USED
`
`Qo0
`
`WINDOW_SI2E
`
` Copy provided by USPTO trom the PIRS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1961
`Px010_000025
`
`VX00056876
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1961
`
`
`
`US 7,418,504 B2
`
`20" FIG.20
`
`U.S. Patent
`
`ooao3—™
`
`2005
`
`Sheet 22 of 40
`
`COMPUTER(=m)
`
` Aug. 26, 2008
`
`
`
`Copy provided by USPTO from the PIRS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1962
`PxX010_000026
`
`VX00056877
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1962
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 23 of 40
`
`US 7,418,504 B2
`
`AD TABLE
`
`P|
`
`
`
`
`
`iz ce 21m—aa 2102
`
`
`AFTABLE—
`
`
`}
`BDTABLE
`
`
`BE TABLE=
`
`
`00” —— 2107aTABLE
`
`
`
`
`
`
`CFTABLEct
`
`LINK DOWN
`
`21083
`
`2104
`
`2105
`
`2106
`
`2108
`
`2109
`
`FIG, 21
`
` Copy provided by USPTO from the PIRS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1963
`PXx010000027
`
`VX00056878
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1963
`
`
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 24 of 40
`
`US 7,418,504 B2
`
`
` MEASURE
`
`QUALITY OF
`TRANSMISSION
`
`MORE THAN
`ONE TRANSMITTER
`TURNED ON?
`
`SET WEIGHT
`TO MIN. VALUE
`
`
`
`PATH X
`
`
`
`
`
` PATH X
`WEIGHT LESS THAN
`STEADY SIATE
`
`DECREASE WEIGHT
`FOR PATH X
`
`INCREASE
`WEIGHT FOR PATH X
`TOWARD STEADY
`STATE VALUE
`
`ADJUST WEIGHTS
`FOR REMAINING
`PATHS SO THAT
`WEIGHTS EQUAL ONE
`
`
`
`
`FIG. 22A
`
`Copy provided by USPTO from the PIRS image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1964
`PX010000028
`
`VX00056879
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1964
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 25 of 40
`
`US 7,418,504 B2
`
`
`
`
`(EVENT) TRANSMITTER
`FOR PATH X
`TURNS OFF
`
`
`
`
`
`
` ADJUST WEIGHTS
`
`
`DROP ALL PACKETS
`AT LEAST
`
`
`ONE TRANSMITTER
`UNTIL A TRANSMITTER
`
`
`TURNED ON?
`TURNS ON
`
`
`
`
`
`SET WEIGHT
`TO ZERO
`
`FOR REMAINING PATHS
`SO THAT WEIGHTS
`EQUAL ONE
`
`FIG. 22B
`
`Copy provided by USPTO trom the PIRS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1965
`Px010000025
`
`VX00056880
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1965
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 26 of 40
`
`US 7,418,504 B2
`
`
`
`
`2308
`
`PACKET
`TRANSMITTER
`
`TRANSMIT TABLE
`
`
`
`
`PACKET
`
`RECEIVER
`
`
`
`
`
`
`
`
`LINK QUALITY
`WEIGHT
`
`
`
`MEASUREMENT
`ADJUSTMENT
`
`
`FUNCTION
`FUNCTION
`
`
`
`FIG. 23
`
`|
`
`Copy provided by USPTO trom the PIAS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1966
`PX010_000030
`
`VX000563881
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1966
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 27 of 40
`
`US 7,418,504 B2
`
`
`
`2402
`
`COMPUTER
`
`COMPUTER
`
`TeMbis_ MESS T= 24
`
`FIG. 24
`
`[
`
`Copy provided by USPTO from the PIAS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1967
`PXx010000034
`
`VX00056882
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1967
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 28 of 40
`
`US 7,418,504 B2
`
`2902
`
`
`
`DNS RESP
`
`
`
`
`
`PAGE REQ
`
`TARGET
`WEBSITE PAGE RESP
`
`
`2501
`
`2564
`
`__WEB
`
`BROWSER DNS REQ
`
`FIG. 25
`(PRIOR ART)
`
`Copy provided by USPTO from the PIRS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1968
`PX010000032
`
`VX00056883
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1968
`
`
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 29 of 40
`
`US 7,418,504 B2
`
`WEB
`
`BROWSER
`
`
`
`
`
`
`HOPPING|[RULES 2603
`
`
`HOPPING
`.
`
` GATE KEEPER
`
`
`
`UNSEGURE
`TARGET
`SITE
`
`FIG. 26
`
`2611
`
` Copy provided by USPTO from the PIRS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1969
`Px010000033
`
`VX00056884
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1969
`
`
`
`U.S. Patent
`
`Aug, 26, 2008
`
`Sheet 30 of 40
`
`US 7,418,504 B2
`
`
` CEIVE
`DNS REQUEST
`FOR TARGET SITE
`
`2704
`
`
`
`
`ACCESS TO
`
`SECURESITE
`REQUESTED?
`
`
`PASS THRU
`REQUEST TO
`DNS SERVER
`
`
`
`ERROR
`
`USER
`AUTHORIZED TO
`CONNECT?
`
`RETURN
`"HOST UNKNOWN"
`
`
`
`ESTABLISH
`VPN WITH
`TARGET SITE
`
`
`FIG. 27
`
`|
`
`Copy provided by USPTO from tha PIRS image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1970
`Px010000034
`
`VX00056885
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1970
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 31 of 40
`
`US 7,418,504 B2
`
`2803
`
`HOST
`COMPUTER #1
`
`
`
`
`
`
`2804
`
`HOST
`COMPUTER #2
`
`FIG. 28
`
`Copy provided by USPTO from the PIRS Image Database on 03/26/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1971
`Px010000035
`
`VX00056886
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1971
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 32 of 40
`
`US 7,418,504 B2
`
`2901
`
`EDGE
`ROUTER
`
` HOST COMPUTER #1
`
`
`FLOODIP
` COMPUTER
`TX 100-200
`
`
`
`FIG, 29
`
`Copy provided by USPTO from the PIS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1972
`Px010_000036
`
`VX00056887
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1972
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 33 of 40
`
`US 7,418,504 B2
`
`S$300ud
`
`Wydya
`
`(YOV-ONAS)
`
`pons| Jie¥LXL
`
`SLYHSNSS
`
`YSAI3034
`
`YSLUIWSNVYL
`
`OeOld
`
`Araa
`
`gqnogas-=Beaalvy
`
`JEYUINI9
`
`Copy provided by USPTO from the PIRS Image Database on 03/29/2011
`
`Petitioner A
`Px010000037
`
`pple Inc. - Exhibit 1002, p. 1973
`
`VX00056888
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1973
`
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 34 of 40
`
`US 7,418,504 B2
`
`3101
`
`3103
`
`
`CLIENT #1
`
`
`
`
`repo
`
`
`
`3106
`3106-
`
`
`
`CLIENT #2
`
`
`
`
`
`
` 3208=3209'S
`HACKER
`3210
`3105
`
`
`FIG. 31
`
`t
`
`Copy provided by USPTO from the PIRS Imade Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1974
`PxX010_000038
`
`VX00056889
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1974
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 35 of 40
`
`US 7,418,504 B2
`
`CLIENT
`
`SERVER
`
`SEND DATA PACKET
`USING ckpt_n
`CKPT_O=ckpt_n
`GENERATE NEW ckpt_n
`sunTIMER, SHUTTRANSMITTER
`
`IF CKPT_OIN SYNC_ACK
`MATCHES TRANSMITTER'S
`cholo
`UPORTE RECEIVER'S
`tPLT
`KiLL TIMER, TURN
`TRANSMITTER ON
`
`SEND DATAPACKET
`USING ckpt_n
`ckpt_o=ckpt_n
`GENERATE NEW ckpl_n
`omTIMER, SHUTTRANSMITTER
`
`WHENTIMER EXPIRES
`TRANSMIT SYNC_REQ
`USING TRANSMITTERS
`chot_o, START TIMER
`
`IF ckpt_o IN SYNC_ACK
`MATCHES TRANSMITTER'S
`cKpLo
`UPDATE RECEIVER'S
`ckpLr
`KILL TIMER, TURN
`TRANSMITTER ON
`
`
`
`SYNC_REQ
`
`FIG. 32
`
`PASS DATAUP STACK
`ckpt_o=ckpt_n
`GENERATE NEWckpt_n
`GENERATE NEW ckpt_rFOR
`TRANSMITTERSIDE
`TRANSMIT SYNC_ACK
`CONTAINING ckpt_o
`
`ckpt_o=ckot_n
`GENERATENEW ckpt_h
`GENERATE NEW ckpt_r FOR
`TRANSMITTERSIDE
`TRANSMIT SYNC_ACK
`CONTAINING ckpt_o
`
`Capy provided by USPTO from the PIRS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1975
`PX010_000039
`
`VX00056890
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1975
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 36 of 40
`
`US 7,418,504 B2
`
`
`wee~|WainyHetWNL
`Oefibd
`——_—”
`
`
`
`gleeLeegeeSleeHiteeeOF‘Ol4a][nwo][we][aw][ase][oe
`
`
`
`
`
`
`
`Get
`
`SJuNOIS
`
`cet
`
`Pi
`
`ALISESM
`
`gqce
`
`EOE
`
`Onee
`
`YaSMOUE
`
`Gopy provided by USPTO from the PIRS Image Databaees on 03/28/2011
`
`Petitioner A
`PxX010.000040
`
`pple Inc. - Exhibit 1002, p. 1976
`
`VX00056891
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1976
`
`
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 37 of 40
`
`US 7,418,504 B2
`
`3400
`
`START
`
`3401
`
`DISPLAY WEB PAGE
`CONTAINING GO
`SECURE HYPERLINK
`
`LAUNCH LINK TO
`COM SITE
`
`DOWNLOAD AND
`INSTALL PLUG-IN
`
`3404
`
`3405
`
`4408
`
`
`
`
`
`M3402
`
`
`
`CLOSE CONNECTION
`
`AUTOMATIC REPLACEMENT OF TOP-LEVEL
`DOMAIN NAMEWITHSECURE TOPAEVEL1.407|yap]_DISPLAY "SECURE" ICON
`
`ACCESS SECURE PORTALAND
`SECURE NETWORKAND SECUREDNS
`
`|
`
`OBTAIN SECURE COMPUTERNETWORK
`DRESS
`FOR SECURE WEB SITE
`
`ACCESS GATE KEEPER AND RECEIVE
`PARAMETERS FOR ESTABLISHING VPN
`WITH SECURE WEBSITE
`
`[~3408
`
`08
`
`ut0
`
`sid
`
`44157]
`
`Sno
`
`
`
`3413
`
`TERME
`CONNECTION
`YES
`REPLACE SECURE TOP-LEVEL
`DOMAIN NAME WITH NON-SECURE
`TOP-LEVEL DOMAIN NAME
`
`DISPLAY “GO SECURE” HYPERLINK
`
`CONNECT TO SECURE WEBSITE
`USING VPN BASED ON PARAMETERSCEND»)
`ESTABLISHED BY GATE KEEPER
`3411
`
`FIG. 34
`
`Capy provided by USPTO from the PIRS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1977
`Px010_000041
`
`VX00056892
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1977
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 38 of 40
`
`US 7,418,504 B2
`
`3500
`
`
`
`REQUESTOR ACCESSES WEBSITE
`DOMAIN NAME REGISTRY SERVICE
`
`REQUESTER COMPLETES ONLINE
`REGISTRATION FORM
`
`
`
`
`
`
`QUERY STANDARD DOMAIN NAME
`
`SERVICE REGARDING OWNERSHIP
`
`
`OF EQUIVALENT NON-SECURE
`
`DOMAIN NAME
`
`
`
`
`RECEIVE REPLY FROM STANDARD
`DOMAIN NAME REGISTRY
`
`
`INFORM REQUESTOR
`OF CONFLICT
`
`
`
`
`
`
`NO
`
`VERIFY INFORMATION AND
`ENTER PAYMENT INFORMATION
`
`
`
`REGISTER SECURE DOMAIN NAME
`
`FIG. 35
`
`Copy provided by USPTO trom the PIRS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1978
`PxX010.000047
`
`VX00056893
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1978
`
`
`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 39 of 40
`
`US 7,418,504 B2
`
`3600 COMPUTER NETWORK
`
`CLIENT COMPUTER
`
`3604
`
`FIG. 36
`
`
`
` L Copy provided by USPTO from the PIRS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1979
`Px010000043
`
`VX00056894
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1979
`
`
`
`U.S. Patent
`
`Aug.26, 2008
`
`Sheet 40 of 40
`
`US 7,418,504 B2
`
`3700
`
`GENERATE MESSAGE PACKETS
`
`3701
`
`MODIFY MESSAGE PACKETS WITH PRIVATE
`CONNECTION DATA AT AN APPLICATION LAYER
`
`3702
`
`SEND TO HOST COMPUTER
`THROUGH FIREWALL
`
`RECEIVE PACKETS AND AUTHENTICATE
`AT KERNEL LAYER OF HOST COMPUTER
`
`RESPOND TO RECEIVED MESSAGE
`PACKETS AND GENERATE REPLY
`MESSAGE PACKETS
`
`MODIFY REPLY MESSAGE PACKETS WITH
`PRIVATE CONNECTION DATAAT A
`KERNEL LAYER
`
`SEND PACKETS TO CLIENT COMPUTER
`THRGUGH FIREWIRE
`
`RECEIVE PACKETS AT CLIENT
`COMPUTER AND AUTHENTICATE AT
`APPLICATION LAYER
`
`FIG. 37
`
`3703
`
`3704
`
`3705
`
`3706
`
`3707
`
`3708
`
`Copy provided by USPTO from the PIRS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1980
`Pxo10000044
`
`VX00056895
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1980
`
`
`
`US 7,418,504 B2
`
`1
`AGILE NETWORK PROTOCGL FOR SECURE
`COMMUNICATIONS USING SECURE
`DOMAIN NAMES
`
`CROSS-RELERENCE FO RELATED
`APPLICATIONS
`
`This application claims priority from and is a continuation
`patent application of U.S. application Ser. No. G9/558,210,
`filed Apr. 26, 2000 now abandoneed, which is a continuation-
`in-part patent application ofpreviously-filed U.S. application
`Ser, No. 09/504,783, filed on Feb. 15, 2000, now US. Pat. No.
`6,502,135, issued Dec. 31, 2002, which claims priority from
`and is a continuation-in-part patent application ofpreviously-
`filed U.S. application Ser, No. 09/429,643, filed on Oct. 29,
`1999 now U.S. Pat. No. 7,010,604, The subject matter of U.S.
`application Ser. No, 09/429,643, which is bodily incurporaied
`herein, derives from provisional U.S. application Nos.
`60/106,261 (filed Get. 30, 1998) and 60/137,704(filed Jun.7,
`1999). The present applicationis also related to U.S. appli-
`cation Ser. No. 09/558,209, filed Apr. 26, 2000, «and which is
`incorporated by reference herein.
`
`GOVERNMENTCONTRACT RIGHTS
`
`This invention was made with Government support under
`Contract No. 360000-1999-000000-QC-000-000 awarded by
`the Central Intelligence Agency, The Governmenthas certain
`tights in the invention.
`
`BACKGROUND OF TIL INVENTION
`
`A tremendous variety of methods have been proposed and
`implemented to provide security and anonymity for commu-
`nications over the Internet, ‘lhe variety steme, in part, fromthe
`different needs of different Internet users, A basic heuristic
`framework to aid in discussing these different security tech-
`niques is illustrated in FIG. 1. Two tenninals, an originating
`terminal 100 and a destination terminal 110 are in communi-
`cation over the Internct, It is desired for the communications
`to be secure, that is, immune to eavesdropping. For example,
`terminal 100 may transmit scerct information to terminal 119
`over the Intemet 107. Also, it may be desired to prevent an
`eavesdropper from discovering that terminal 100 is in com-
`munication with tenninal 110. For cxample,ifterminal 100 is
`a user and terminal 110 hosts a web site, terminal 1007s user
`may not want anyone in the intervening networks to know
`what web sites he is “visiting.” Anonymity would thus he an
`issue, for example, for companies that want to keep their
`market rescarch interests private and thus would prefer to
`prevent outsiders from knowing which web-sites or other
`Internet resources they are “visiting.” These two security
`issues may be called data security and snonymily, respec-
`tively.
`Data security is usually tackled using some form of data
`encryption. An encryption key 48 is known at both the origi-
`nating and terminating terminals 100 and 110. The keys may
`be private and public at the originating and destination termi-
`nals 100 and 116, respectively or they may be symmetrical
`keys (the same key is used by both partics to enerypt and
`decrypt). Many encryption methods are knowa and usable in
`this context.
`To hide traffic from a local administrator or ISP, a user can
`employ a local proxy server in communicating over an
`cnerypted channel with an outside proxy such that the local
`adnrinistrator or ISP only secs the encrypted traffic. Proxy
`servers prevent destination servers from determining the
`
`20
`
`a5
`
`30
`
`35
`
`40
`
`45
`
`33
`
`60
`
`65
`
`2
`identities of the originating clients. This system employs an
`intermediate server interposed between client and destination
`server. The destination server sees only the Internet Protocol
`(IP) address ofthe proxy server and not the originating client.
`The target server only sces the address of the outside proxy.
`This scheme relies on 4 trusted outside proxy server. Also,
`proxy schemes are vulnerable to traffic analysis methods of
`determining identities yf transmitters and reveivers, Another
`iraportant limitation ofproxy servers is that the server knows
`the identities of both calling and called parties. In many
`instances, an originating terminal, sich as terminal A, would
`prefer iu keep its identity concealed From the proxy, for
`example, ifthe proxy server is provided by an Intemet service
`provider (ISP).
`To defeat Waffic analysis, a scheme called Chaum’s mixes
`employs a proxy server that transmits and receives fixed
`length messages, including dummy messazes. Multiple oriyi-
`nating terminals arc conticeted through a mix (a server) to
`multiple target servers. It is difficult to tell which of the
`originating terminals are communicating to which ofthe con-
`nevled targel servers, and the dummy messayes conluse
`eavesdroppers’ efforts to detect communicating pairs by ana-
`lyzing traffic. A drawback is that there is a risk that the mix
`server could be compromised, One way to deal with this risk
`is to spread the trust umonp multiple mixes. If one mix is
`compromised, the identities of the originating and targetter-
`minals may remain concealed. This strategy requires a num-
`ber of alternative mixesso that the intermediate servers inter-
`posed between the originating, and target terminals are not
`determinable except by compromising more than one mix.
`The strategy wraps the message with multiple layers of
`encrypted addresses. The first mix in a sequence can decrypt
`only the outer layer of the message to reveal the next desti-
`nation mix in sequence, The secund mix can decrypl the
`message to reveal the next mix and so on. The target server
`reccives the message and, optionally, a multi-layer encrypted
`payload containing return information to send data back in
`the same fashion. The only way to defeat such a mix scheme
`is to collude among mixes. [f the packets are all fixed-length
`and intermixed with dummy packets, there is no way to do
`any kind of traffic analysis.
`Still another anonymity technique, called ‘crowds,’ pro-
`tects the identity of the originating terminal from the inter-
`mediate proxics by providing that originating terminals
`belong to groups ofproxies called crowds. The crowd proxies
`are interposed between originating and target terminals. Each
`proxy through which the message is sentis randomly chosen
`by an upstream proxy. Each intermediate proxy can send the
`message eittter to another randomly chosen proxy in the
`“crowd”of to the destination. Thus, even crowd members
`cannot detennine ifa preceding proxy is the originator ofthe
`message or if it was simply passed from another proxy.
`ZKS (Zero-Knowledge Systems) Anonymous IP Protocol
`allows users to select up to any of five different pscudooyms,
`while desktop sollware encrypts outgoing traffic and wrapsit
`in User Dutagram Protocol (UDP) packets. Thefirst server in
`‘a 2+-hop system gota the UDP packets, strips off one layer of
`encryption to add anoiher, then sends the traffic to the next
`server, which strips olf yet another layer of encryption and
`adds a new one. The user is permilted to control (ue number of
`hops. At the final server, traffic is decrypted with an untrace-
`able IP address. The technique is called onion-routing. This
`method can be defeated using traffic analysis. For a simple
`example, bursts ofpackets from, a user ducing low-duty peri-
`ods can reveal the identities of sender and receiver.
`Firewalls attempt to protect LANs from unauthorized
`access and hostile exploitation or damage to computers con-
`
`Gopy provided by USPTO trom the PIAS Image Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1981
`Px010_000045
`
`VX00056896
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1981
`
`
`
`US 7,418,504 B2
`
`3
`nected to the LAN.Firewalls provide a server through which
`all access to the LAN must pass. Firewalls are centralized
`systems that require administrative overhead to maintain.
`‘They can be compromised by virtual-machine applications
`C“applets’’). They instill a false sense ofsecurity that leads to
`security breaches for example by users sending sensitive
`information to servers outside the firewall or encouraging use
`of modems to sidestep the firewall security. Firewalls are not
`useful for distributed systems such as business travelers,
`extranets, small teams,eic,
`
`SUMMARY OF THE INVENTION
`
`Asecure mechanism lor communicating over the iniemet,
`including uy protovelreferred to as the TunneledAgile Routing
`Protocal (TARP), uses a unique two-layer encryption format
`and special TARP routers. TARP routers are similar in func-
`tion to regular IP routers. Hach "LAKP router has one or more
`TP addresses and uses normal IP protocol Lo send IP packet
`messages
`(“packcts” or “datagrams”). The IP packets
`exchanged between TARP terminals via TARP routers are
`actually encrypted packets whose true destination address is
`concealed except to TARP routers and servers. The normal or
`“clear” or “outside” IP header attached to TARP IP packets
`contains only the address of a next hop router or destination
`server, That is, instead of indicating a final destination in the
`destination field of the IP header,
`the TARP packei*s IP
`header always points to a next-hop in a series ofVARI router
`hops, or fe the final destination. This means there is no overt
`indication from an intercepted TARP packet of the true des-
`tination of the TARP packet since the destination could
`always be next-hop TAR
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
