US 7,418,504 B2
`Page 3
`
`W. Stall ings, “New Cryptography and Network Security Book", Jun.
`8. .1998. 3 pages.
`Fasbendcr,Kcsdogan, and. Kubitz: ”Variable and Scalable Security:
`Protection ofLocation Information in Mobile 11"”, IEEE publication,
`1996. pp. 963—967.
`Linux FreeSJWAN Index File, printed Erom httpfllibcrtyfrecswan.
`org/freeswan treesifrccswaanBr’doc." on Feb. 21, 2002, 3 Pages.
`J. Gilmore, “Swan: Securing the Internet against wiretapping”,
`printed from http:fllibcrtyi'recswanorg/fieesmn, trees/fieeswan-
`l.3ldocfrationale.hnnl on Feb. 21, 2002, 4 pages.
`Glossary for the Linux FreeSI'WAN project, printed [from httpsz
`libertyireeswanorg/Ereeswani
`trees/freeswan-l Sfdoca'glossary.
`html on Feb. 21, 2002, 25 pages.
`Alan 0. Frier et at, “The 331.. ProtocolVersion 3.0”, NOV. 18, 1996,
`printedfrom httprwwnetscapecomJeng/ss13Jdrait302.txt onFeb.
`4, 2002, 56 pages.
`Search Report (dated Aug. 20, 2002), International Application No.
`PC‘I‘iUSOli'043-40.
`Search Report (dated Aug. 23, 2002), International Application No.
`PCTIUSOII'13260.
`Shree Murthy et 31., “Congestion-Oriented Shortest Milltipath Rout-
`ing", Proceedings of IEEE INFOCOM, 1996, pp. 1028-1036.
`Jim Jones et al., “Distributed Denial of Service Attacks: Defenses",
`Global Integrity Corporation, 2000,pp. 1-14.
`James E. Bellaire, "New Statement of RulesiNaming Internet
`Domains". Imernet Newsgroup, Jul. 30, 1995, 1 page.
`D. Clark, “US Calls for Private Domain-Name System", Computer,
`IEEE Computer Society, Aug. 1, 1998, pp. 22-25.
`August Bequai, “Balancing Legal Concerns Over Crime and Security
`in Cyberspace”, Computer & Security, vol. 17, No. 4, 1998, pp.
`293 0.98.
`Rich Winkcl, "CAQ: Networkinig With Spooks: The NET & The
`Control Of Information“, Internet Newsgroup, Jun. 21, 1997, 4
`pages.
`
`Search Report (dated Oct. ‘7, 2002), International Application No.
`PCT/11501113261.
`
`F. Halsall, “Data Communications, Computer Networks And Open
`Systems”, Chapter 4, Protocol Basics, 1996, pp. 198-203.
`Reiter, Mchael K. and Rubin, Avicl I). (Al‘és'c'l' Labs—Research),
`“Crowds: Anonymity for Web Transmissoins", pp. 1-23.
`Dolev. Shlomi andOstrovsky, Rafi], “Efficient Anonymous Multicast
`and Reception”(Extended Abstract), 16 pages.
`Rubin. Avie] D.. Greer, Daniel, and Ramon, Mini-cos J. (Wiley Com-
`puter Publishing), “Web Security Sourcebook”, pp. 82—94.
`Fasbondor, Kesdogan, and Kubitz: “Variable and Scalable Security"
`Protection 01‘ Location Information in Mobile IP, IEEE publication.
`1996, pp. 963-967.
`Eastlake, D. E., “Domain Name System Security Extensions”,
`Internet Draft, Apr. 1998, XPUOZ 199931, Sections 1, 2.3 and 2.4.
`RFC 2401 (dated Nov. 1998) Security Architecture for the Internet
`Protocol (RTP).
`RFC 2543—SIP (dated Mar. 1999): Session Initiation Protocol (SIP or
`SIPS).
`Search Report, [PER (clawed Nov. 13, 2002). International Applica-
`tion No. PCTJUSOl/04340.
`Search Report, IPER (dated Feb. 6, 2002), International Application
`No. PCT/USU “13261.
`
`Search Report, IPER (dated. Jan. 14, 2003), International Application
`No. PCTI'USO ”13250.
`
`Shankur, A.U. “Averified sliding winerWprotocoi with variable flow
`control". Proceedings of ACM SIGCOMM conference on Commu —
`nications architectures & protocols. pp. 84-91, ACM Press, NY, NY
`1986.
`
`W. Stallings, “Crytography and Network Security", 2nd, Edition,
`Chapter 13, IP Security, Jun. 3, 1998, pp. 399—440.
`
`Copv provided by USPTO from the PIFIS Imaue Database on 031231201 1
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1940
`PX01 O_OOOOO4
`
`VX00056855
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1940
`
`

`

`US. Patent
`
`Aug. 26, 2008
`
`Sheet 1 of 40
`
`US 7,418,504 B2
`
`ORIGINATING
`TERMINAL
`
`iP ROUTER
`
`3;
`
`IP ROUTER
`a
`
`IP ROUTER
`i
`
`IP ROUTER
`E
`
`'P ROUTER
`33 7
`
`IPROUTER
`a
`
`'NTIEIIET
`”“
`
`IPROUTER
`.3;
`
`IP ROUTER
`fi
`
`
`
`IP ROUTER
`
`21
`
`IP ROUTER
`
`15..
`
`.
`
`fl
` IP R01UTER
`
`
`
`
`
`
`
`
`
`
`
`
`
`48 ENCRYPTION KEY
`
`
`m
`
`
`
`DESTINATION
`TERMINAL
`
`FIG. ‘I
`
`I
`
`Conv nrovlded bv USPTO Tram the PIFIS lmaue Database on 0312812011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1941
`PX01 0_000005
`
`VX00056856
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1941
`
`

`

`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 2 of 40
`
`US 7,418,504 132
`
`TARP
`
`TERMINAL
`
`
`fl
`
`140
`
`
` TARP PACKET
`
`
`
`TARP
`
`
`
`146
`ROUTER
`
`LINK KEY
`12g
`
`
`
`
`IP ROUTER
`jfl
`
`
`
`
`
`TARP
`
`ROUTER
`
`
`
`124
`
`INTERNET
`
`fl
`
`tP ROUTER
`123
`
`TARP
`ROUTER
`
`
`
`
`
`LINK KEY
`
`
`
`
`TARP PACKET
`TARP
`TERMINAL
`
`
`m
`
`FIG. 2
`
`Copy provided by USPTO from the PIHS Image Database on 032812011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1942
`PXO1 0_000006
`
`VX00056857
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1942
`
`

`

`US. Patent
`
`Aug. 26, 2008
`
`Sheet 3 of 40
`
`US 7,418,504 B2
`
`207a
`2m
`207a
`
`
`207d
`
`' ° '
`
`INTERLEAVE WINDOW
`
`
`
` \330 SESSION-KEY—ENCRYPTED
`PAYLOAD DATA
`
`
`
`
`
`\340 TARP PACKET WITH
`ENCRYPTED PAYLOADS
`
`X350 LlNK—KEY—ENCRYPTED
`TARP PACKETS
`
`4“ 360 IP PACKETS WI
`EN CRYPTED TARP
`PACKETS AS PAYLOAD
`
`TARP
`ROUTER b‘
`
`
`
`TARP
`DESTINATION
`
`Copy provided by USPTO tram the PIRS Image Database on 0312812011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1943
`PXO1 0_000007
`
`VX00056858
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1943
`
`

`

`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 4 of 40
`
`US 7,418,504 B2
`
`207a
`
`207k)
`
`207a
`
`207d
`
`- . -
`
`/3fl0 DATASTREAM
`
`fl_m_fl___- “ " "
`
`
`N520 BLOCK-ENCRYPTED
`SESSION-KEY) PAYLOAD
`EQUENCE
`1' \522 ENCRYPTED BLOCK
`DIVIDED INTO PAYLOADS
`
`I
`
`
`
`
`
` ‘
`
`I 3" 3" K523 ENCRYPTED BLOCK
`DIVIDED INTO PAYLOADS
`INTERLEAVED
`
`517
`
` " 33‘ “\523 ENCR‘I’PTED BLOCK
`
`DIVIDED INTO PAYLOADS
`INTERLEAVED
`
` "32?’:EE'=.- x340 TARP PACKETS WITH
`ENCRYPTED PAYLOADS
`
`Copy provided by USPTO from the PIFIS Image Database on 031282011
`
`Pxo1o_ooo£%titi0ner Apple Inc. - Exhibit 1002, p. 1944
`
`VX00056859
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1944
`
`

`

`US. Patent
`
`Aug. 26, 2008
`
`Sheet 5 of 40
`
`Us 7,41 8,504 B2
`
`TARP TRANSCEIVER
`
`m
`
`fl NETWORK (IF) LAYER
`
`ONE ALTERNATIVE TO
`COMRNE
`TARP PROCESSING
`WITH ors IP
`PROCESSOR
`
`OTHERALTERNATIVE
`TO COMBINE
`TARP PROCESSING
`WITH D.L. PROCESSOR
`(9.9.. BURN lNTO BOARD
`PROM)
`
`TARP LAYER
`fl
`
`.-;:.:-:
`
`..
`
`v‘
`
`DATA LINK LAYER
`fl
`
`FIG. 4
`
`450
`DATA LINK
`PROTOCOL WRAPPER
`
`Copy provided by USPTO Irom the PIRS Imaue Database on 0312812011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1945
`PXO1 0_000009
`
`VXOOOSGBGO
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1945
`
`

`

`US. Patent
`
`Aug. 26, 2008
`
`Sheet 6 of 40
`
`US 7,41 8,504 B2
`
`BACKGROUND LOOP - DECOY
`GENERATION
`
`80
`
`AUTHENTICATE TARP
`
`OUTER LAYER DECRYPTION
`0F TARP PACKET USING
`LINK KEY
`
`DUMP DECOY
`
`SE
`
`33
`
`PACKET
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`CHECK FOR DECOY AND
`
`INCREMENT PERISHABLE
`
`DECOY COUNTER AS
`
`APPROPRIATE
`
`TRANSMIT DECOY?
`
`YES
`
`DECREMENT
`TTL TI'L > D?
`
`35
`
`57
`
`
`DETERMINE DESTINATION
`GENERATE NEXT-HOP TARP
`TARP ADDRESS AND STORE
`ADDRESS AND STORE LINK
`
`
`KEY AND IP ADDRESS
`LINK KEY AND IF ADDRESS
`
`
`
`
`GENERATE NEXT-HOP TARP
`ADDRESS AND STORE LINK
`KEYAND IP ADDRESS
`
`GENERATE IP HEADER
`AND TRANSMIT
`
`
`
`S10
`
` S11
`
`FIG. 5
`
`Capv provided hv USPTO from the PIRS lmaae Daiabase on 03128l2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1946
`PXO10_OOOO1 o
`
`VX00056861
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1946
`
`

`

`US. Patent
`
`Aug. 26, 2008
`
`Sheet 7 of 40
`
`US 7,418,504 B2
`
`BACKGROUND LOOP - DECOY
`GENERATION
`
`520
`
`GROUP RECEIVED IP PACKETS
`INTO INTERLEAVE WINDOW
`
`DETERMINE DESTINATION TARP
`ADDRESS, INITIALIZE TIL, STORE
`IN TARP HEADER
`
`RECORD WINDOW SEQ. NOS.AND
`INTERLEAVE SEQ. NOS. IN TARP
`HEADERS
`
`
`
`CHOOSE FIRST HOP TARP
`ROUTERI LOOK UP IP ADDRESS
`AND STORE IN CLEAR IP HEADER.
`OUTER LAYER ENCRYPT
`
`INSTALL CLEAR IP HEADER AND
`TRANSMIT
`
`821
`
`822
`
`823
`
`824
`
`$25
`
`FIG. 6
`
`capy provided by USPTO from the PIHS Jmaae Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1947
`PX01 O_OOOO‘I 1
`
`VX00056862
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1947
`
`

`

`U.S. Patent
`
`Aug. 26,2008
`
`Sheet 8 of 40
`
`US 7,418,504 B2
`
`DIVIDE BLOCK INTO PACKETS
`USING WINDOW SEQUENCE
`DATA, ADD CLEAR lP HEADERS
`GENERATED FROM TARP
`
`HEADERS -
`
`349
`
`HAND COMPLETED IP PACKETS
`TO !P LAYER PROCESS
`
`350
`
`BACKGROUND LOOP - DECOY
`GENERATION
`
`S40
`
`AUTHENTICATE TARP PACKET -
`RECEIVED
`
`S42
`
`DECRYPT OUTER LAYER
`ENCRYPTION WITH LINK KEY
`
`843
`
`INCREMENT PERISHABLE
`COUNTER IF DECOY
`
`S44
`
`THROW AWAY DECOY OR KEEP
`IN RESPONSE TO ALGORITHM
`
`S45
`
`CACHE TARP PACKETS UNTIL
`WINDOW IS ASSEMBLED
`
`S46
`
`DEINTERLEAVE PACKETS
`FORMING WINDOW
`
`S47
`
`DECRYPT BLOCK
`
`545
`
`FIG. 7
`
`Copy provided by USPTO from the PIRS Image Database on 03l23l2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1948
`PXO10_OOOO12
`
`VX00056863
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1948
`
`

`

`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 9 of 40
`
`US 7,418,504 B2
`
`TEFlifilhl‘gL
`801
`
`SSYN
`PAginE-r
`
`SSYN ACK
`PACKET
`822
`
`SSYN ACK
`ACI'C PACKET
`823
`
`
`
`825
`SECURE SESSION
`INITIATION ACK
`
`324
`SECURE SESSION
`INETIATION
`
`F I G. 8
`
`COINI nrovided bV USPTO from the PIRS lrnacle Database on 03l23f2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1949
`PXO10_OOOO1 3
`
`VX00056864
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1949
`
`

`

`US. Patent
`
`Aug. 26, 2008
`
`Sheet 10 of 40
`
`US 7,418,504 B2
`
`CLIENT1 A TARP
`ROUTER
`
`RECEIVE TABLE
`TRANSMIT TABLE
`924
`921
`##— ___A__
`
`131.218.204.98
`131.218.204.221
`131.218.204.139
`131.218.204.12
`
`-
`I
`-
`-
`
`131.218.204.85
`131.218.204.97
`131.218.204.188
`131.218.204.55
`
`131.218.204.98
`131.218.204.221
`131.218.204.139
`131.218.204.12
`
`I
`-
`.
`-
`
`131 .21 8204.85
`131.218.204.97
`131.218.204.185
`131.218.204.55
`
`TRANSMIT TABLE
`RECEIVE TABLE
`923
`922
`__A—_ _.—A__
`
`131.218.204.181
`131.218.204.58
`131.218.204.201
`131.218.204.119
`
`0
`0
`0
`-
`
`131.218.204.89
`131.218.204.212
`131.218.204.127
`131.218.204.49
`
`131.218.204.181
`131.218.204.68
`131218204201
`131.218.204.119
`
`0
`0
`0
`0
`
`131.218.204.89
`131.218.204.212
`131 .21 8204.127
`131.218.204.49
`
`Copv provided bv USPTO from the PIHS Imaae Database on 03I2af2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1950
`PXO10_OOOO1 4
`
`VX00056865
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1950
`
`

`

`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 11 of 40
`
`US 7,418,504 B2
`
`
`
` ISP A
`TARP
`
`ROUTER
`1021
`
`
`
`CLIENT
`1001
`
`
`
` ISP B
`TARP
`
`ROUTER
`
`
`
`1011
`
`1012
`
`1013
`
`FIG. 10
`
`
`Cop? provided by USPTO from the PIFIS lmaae Database on 0312812011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1951
`PXO10_OOOO1 5
`
`VX00056866
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1951
`
`

`

`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 12 of 40
`
`US 7,418,504 B2
`
`8:
`
`a:
`
`mmmfizmzsmmfimxm
`
`
`
`i$31was:52wa
`
`g:
`
`g:
`
`$3531?
`
`
`
`gummga2553
`
`memIBEEg
`
`3“8mmgamma5”mama:n:9me:”wagon:n:momaom
`
`g335m
`
`:.OE
`
`a:2:a2%:
`
`ii?ESQ:55$n:
`
`fix«a:2age:5.5
`
`
`“Hwy—H“Hm”.mm.mmmmonza:.53
`as:mem2am;25%a
`$2M:leg5:
`
`2.momlmmamg:3:
`331221.;a:
`
`
`
`NE£305;
`
`(g:2”magi$588:
`
`we:
`
`‘.2Eur—252a2«$122n=.53
`
`08:S
`
`Com! provided by USPTO from the PIFIS Image Database on 03/28)?!“ 1
`
`Petitioner A
`PXO10_OOOO1 6
`
`pple Inc. - Exhibit 1002, p. 1952
`
`VX00056867
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1952
`
`
`
`
`
`
`
`
`
`
`
`
`

`

`US. Patent
`
`Aug. 26, 2008
`
`Sheet 13 of 40
`
`US 7,418,504 BZ
`
`
`
`
`
`EE034.51%852%gig":$32
`
`%%%EDm
`
`8am
`
`mmgmom
`
`fig
`
`20:52“;
`
`.1!EXZ.
`
`2%
`
`:2
`
`x8:
`
`N3
`
`EM:
`
`8?: xmofi
`
`<NF
`
`0E
`
`FE
`
`CE.
`
`8“—
`
`HEB.
`
`gang
`
`FREE
`
`a.92mama:
`
`
`
`0w._<“5:2,:m3“."Wei5.:meme
`
`maxmckm
`
`Copy provided by USPTO from the PIHS Image Databasa on 03128l2011
`
`Petitioner A
`PXO10_OOOO17
`
`pple Inc. - Exhibit 1002, p. 1953
`
`VX00056868
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1953
`
`

`

`US. Patent
`
`Aug. 26,2008
`
`Sheet 14 of 40
`
`US 7,418,504 B2
`
`MODE
`OR
`EMBODIMENT
`
`HARDWARE
`ADDRESSES
`
`IF ADDRESSES
`
`DISCRIMINATOR FIELD
`VALUES
`
`SAME FOR ALL MODES
`0R CRafiEIEFJELY
`
`CAN BE VARIED
`IN SYNC
`
`”XE” FOR EACH VP”
`
`
`
`CAN BE VARIED
`IN SYNC
`
`CAN BE VARIED
`EN SYNC
`
`CAN BE VARIED
`IN SYNC
`
`FIG. 1 28
`
`CAN BE VARIED
`
`IN SYNC
`
`
`
`CAN BE VAREED
`IN SYNC
`
`
`
`
`CAN BE VARIED
`IN SYNC
`
`
`
`
`
`
`1. PROMISCUOUS
`
`2. PROMI cuous
`PER3PM
`
`3. HARDWARE
`HOPPING
`
`Copy provided by USPTO trom the PIHS Image Daiahase on 031281201 1
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1954
`PXO10_000018
`
`VX00056869
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1954
`
`

`

`U.S. Patent
`
`Mmm,m.A
`
`0
`
`7..
`
`2B4w
`
`:5
`
`m52.5
`
`82use
`
`52
`
`<:58
`
`$595mm;m=2
`
`as:
`
`m‘02
`
`s,5onn95%
`
`32
`
`
`
`92>”$2528
`
`.o._<wzm
`
`2.:
`
`3.QE
`
`SEED
`
`Be
`
`mama:$58a:
`
`
`
`wmmmonz.53E
`
`“3525
`
`20520sz
`
`magi
`
`2059:22ng
`
`E222:
`
`BEEozm
`
`$321
`
`82
`
`82
`
`Copy provided by USPTD from the PIFIS lmaue Database on 03.231201 1
`
`Petitioner A
`PXO10_OOOO1 9
`
`pple Inc. - Exhibit 1002, p. 1955
`
`VX00056870
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1955
`
`
`
`
`
`
`
`
`
`

`

`US. Patent
`
`Aug. 26, 2008
`
`Sheet 16 of 40
`
`US 7,418,504 B2
`
`TRANSMITTER
`
`IP PAIRI
`IP PAIR2
`
`ckar
`RECEIVER
`
`CURRENT IF PAIR
`
`ckao
`clchn
`
`CURRENT IP PAIR “ —- --
`
`IP FAIR 1
`IP PAIR 2
`
`RECEIVER
`
`SENDER'S ISP
`
`RECIPIENT'S ISP
`
`KEPT IN SYNC FOR SENDER TO RECIPIENT SYNCHRONIZER <- ----------------------- IF
`
`
`
`KEPT IN SYNC FOR RECIPIENT T0 SENDER SYNCHRONIZER <--——--———>
`
`FIG. 14
`
`Copy provlded by LISPTO tram the PIHS [mane Database on 03/28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1956
`PX01 O_OOO O2 0
`
`VX00056871
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1956
`
`

`

`
`
`US. Patent
`
`Aug. 26, 2008
`
`Sheet 17 of 40
`
`US 7,418,504 B2
`
`@
`
`@ WHEN SYNCHRUNIZATION
`BEGINS TRANSMIT (RETRANSMH'
`SEfiEDEQES'fisEHE‘HEficm’
`TRANSMIWER CHECKPOINT IP
`
`NEW RECEIVER RESPONSE
`CHECKPOINT ckar
`
`# WHEN SYNC_ACK
`ARRIVES WITH INCOMING
`HEADER = ckpt r:
`GENERATE NEW
`CHECKPOINT IP PAIR
`
`SYNC_REO
`
`:
`5
`a
`
`1W
`
`wfifififlggflfifiRficflgies
`
`w
`
`'UPDATE WINDOW
`.GENERATE NEW
`CHECKPOINT IP PAIR
`ckan IN RECEIVER
`
`ckar IN TRANSMITFER
`-TRANSMIT SYNC_ACK
`USING NEW CHECKPOINT
`IP PAIR ckpt_r
`
`ckpt_n iN TRANSMITTER
`
`FIG. 15
`
`
`Copy provided by USPTO from the PIFIS Image Database on 03/28I2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1957
`PXO1 0_00002 1
`
`VX00056872
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1957
`
`

`

`US. Patent
`
`Aug. 26, 2008
`
`Sheet 18 of 40
`
`US 7,418,504 B2
`
`
`
`FIG. 16
`
`I
`
`Copy provided by USPTO from the PIRS Image Database on 0312812011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1958
`PXO1 0_00002 2
`
`VX00056873
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1958
`
`

`

`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 19 of 40
`
`US 7,418,504 B2
`
`—V
`
`llflflllm
`
`C o
`
`000
`
`Vllll’llllfll INACTIVE
`
`WINDOW_SIZE willllllll‘
`Will/””11
`Willy/[”11
`Winn/[”14
`VIII/III,“
`O
`
`ACTIVE
`USED
`
`fl
`
`WINDOW_SIZE
`
`I
`
`Conv provided by USPTO from the PIFIS lmane Database on camera“
`
`Petitioner Apple Inc.-
`PXO10_000023
`
`Exhibit 1002, p. 1959
`
`VX00056874
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1959
`
`

`

`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 20 of 40
`
`US 7,418,504 B2
`
`W'NDOW-S'ZE
`
`INACTIVE
`
`fl
`
`USED
`
`WIIIIIIIIIA
`VIII/[”1114
`'IIIIII’IIIIIA
`”nu/[”14
`
`O I
`
`—,
`VIIIIIIIIIIA
`
`I ’
`
`000
`
`WIN DOW‘SIZ‘E
`
`l
`
`Copy provided by USPTO tram the PIES Image Daiahase on 0312812011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1960
`PXO1 0_00002 4
`
`VX00056875
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1960
`
`

`

`US. Patent
`
`Aug. 26, 2008
`
`Sheet 21 of 40
`
`US 7,418,504 B2
`
`WIIIIIIIIIJ
`
`I I
`
`’Illlll'fllll
`"”01,”
`VIIIIJHIIA
`
`
`
`INACTIVE
`
`ACTIVE
`fl USED
`
`I a
`
`000
`
`O
`
`Wfllllillll
`Vlllflllnll
`”fill/III”
`VIIIIIIIIIIA
`””0”“
`
`000
`
`WINDOW_SIZE
`
`WINDOW_SIZE
`
`VIII/”I’m
`
`FIG. 19
`
`Copy provided by USPTO from the PIFIS Image Database on 03f231'2n11
`
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1961
`PXO1 0_00002 5
`
`VX00056876
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1961
`
`

`

`US. Patent
`
`Aug. 26, 2008
`
`Sheet 22 of 40
`
`US 7,418,504 B2
`
`COMPUTER.
`
`
`
`oncDN
`
`2005
`
`2011 FIG.20
`
`
`Copy provided by USPTO from the PIFIS Image Database on 03i2812011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1962
`PX01 0_0 0002 6
`
`VX00056877
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1962
`
`

`

`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 23 of 40
`
`US 7,418,504 B2
`
`
`
`AD TABLE
`
`|P1
`
`IPZ
`
`
`
`
`AE TABLE
`
`AF TABLE
`
`
`
`
`
`
`
`
`
`
`2102
`
`2103
`
`2104
`
`2105
`
`2105
`
`2107
`
`2108
`
`BB TABLE
`
`BE TABLE
`
`BF TABLE
`
`LINK DOWN
`
`2100/
`
`CD TABLE
`
`-
`
`CE TABLE
`
`CF TABLE
`
`
`Copy provided by USPTO from the PIHS Image Database on 03i28f201 1
`
`PX010_000027Petitioner Apple Inc. - Exhibit 1002, p. 1963
`
`VX00056878
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1963
`
`

`

`U.S. Patent
`
`Aug. 26,2008
`
`Sheet 24 of 40
`
`US 7,418,504 B2
`
`
`
`
`MEASURE
`
`QUALITY OF
`
`TRANSMISSION
`PATH X
`
`
`
`
`
`
`
`
`
`MORE THAN
`
`
`ONE TRANSMITTER
`
`
`TURNED 0N?
`
`
`
`
`
`PATH X
`
`
`SET WEIGHT
`TO MIN. VALUE
`QUALITY < THRESHOLD?
`
`
`
`
`PATH X
`WEIGHT LESS THAN
`
`STE‘AELVI'JEEATE
`
`
`
`DECREASE WEIGHT
`
`FOR PATH X
`
`
`
`2203
`
`
`
`
`
`
`INCREASE
`WEIGHT FOR PATH X
`TOWARD STEADY
`STATE VALUE
`
`
`ADJUST WEIGHTS
`FOR REMAINING
`PATHS SO THAT
`WEIGHTS EQUAL ONE
`2205
`
`
`
`
`FIG. 22A
`
`
`Copy provided by USPTO from the PIRS image Database on 031281201 1
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1964
`PX01 O_OOO O2 8
`
`VX00056879
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1964
`
`

`

`US. Patent
`
`Aug. 26, 2008
`
`Sheet 25 of 40
`
`US 7,418,504 B2
`
`
`
`
`
`(EVENT) TRANSMITTER
`FOR PATH X
`TURNS OFF
`
`2210
`
`
`
`
`
`DROP ALL PACKETS
`UNTIL ATRANSMITI'ER
`TURNS ON
`
`
`
`
`
`
`AT LEAST
`ONE TRANSMITTER
`TURNED ON?
`
`
`
`
`
`SET WEIGHT
`TO ZERO
`
`
`ADJUST WEIGHTS
`FOR REMAINING PATHS
`SO THAT WEIGHTS
`EQUAL ONE
`
`
`
`
`FIG. 223
`
`
`copy provided by USPTCI from the PIFIS Image Database on 03I2BI2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1965
`PXO1 0_00002 9
`
`VXOOOSGBBO
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1965
`
`

`

`US. Patent
`
`Aug. 26, 2008
`
`Sheet 26 0f 40
`
`US 7,418,504 32
`
`
`
`2308
`\
`
`TRANSMIT TABLE
`2302
`
`
`PACKET
`TRANSMITTER
`
`PATH x1 _
`
`PACKET
`RECEIVER
`
`
`
`
`W (X1) = 0-2
`W(X2)=0.1
`
`
`
`
`
`
`w (x4) = 0.1
`
`2301
`
`
`
`
`WEIGHT
`LINK QUALITY
`
`ADJUSTMENT
`MEASUREMENT
`
`
`FUNCTION
`FUNCTION
`
`
`
`
`FIG. 23
`
`I
`
`Copy provided by USPTO from the PIES Image Dalabase on 03/23J2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1966
`PXO1 O_000030
`
`VX00056881
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1966
`
`

`

`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 27 of 40
`
`US 7,418,504 B2
`
`2402
`
`COMPUTER
`
`75mm MESST=24
`
`COMPUTER
`
`1
`
`Copy provided by USPTO irom the PIFIS Image Dalahase on 0:3!2812011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1967
`PX010_000031
`
`VX00056882
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1967
`
`

`

`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 28 01'40
`
`US 7,418,504 B2
`
`2502
`
`
`
`
`
`
`PAGE RESP
`
`
`DNS REQ
`
`DNS RESP
`
`‘ WEB
`BROWSER
`
`PAGE REQ
`
`FIG. 25
`(PRIOR ART)
`
`'MW
`.1
`Copy provided by USPTO from the PIRS Image Database on 031281201 1
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1968
`PX010_000032
`
`VX00056883
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1968
`
`

`

`US. Patent
`
`Aug. 26,2008
`
`Sheet 29 of 40
`
`US 7,418,504 132
`
`2602
`I SERVER
`
`
`
`
`DNS
`
`
`
`'
`
`DNS
`PROXY
`
` WEB
`
`BROWSER
`
`
`
`
`
`
`HOPPING
`RULES
`
`GATE KEEPER
`
`2603
`
`
`
`UNSECURE
`TARGET
`SITE
`
`2611
`
`FIG. 26
`
`Copy provided by USPTO from the PIFIS Image Database on 03i281201 1
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1969
`PXO10_OOOO33
`
`VX00056884
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1969
`
`

`

`US. Patent
`
`Aug. 26, 2003
`
`Sheet 30 of 40
`
`US 7,418,504 B2
`
`
` RECEIVE
`
`DNS REQUEST
`FOR TARGET SITE
`
`2701
`
`
`
`
`
`
`
`PASS THRU
`ACCESS TO
`
`REQUEST TO
`SECURE SITE
`
`DNS SERVER
`REQUESTED?
`
`
`
`
`
`
`
`USER
`AUTHORIZED TO
`CONNECT?
`
`
`
`
`
`RETURN
`
`"HOST UNKNOWN"
`ERROR
`
`
`2705
`
`
`
`ESTABLISH
`VPN WITH
`TARGET SITE
`
`
`FIG. 27
`
`
`Copy provided by USPTO from than PIFIS Image Database on 03.?28/2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1970
`PXO10_000034
`
`VX00056885
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1970
`
`

`

`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 31 of40
`
`US 7,418,504 32
`
`2803
`
`2301
`
`HOST
`COMPUTER#1
`
`
`
`
`HIGH SW
`
`2804
`
`HOST
`COMPUTER #2
`
`FIG. 28
`
`WW
`Copy provided by USPTO from the PIHS Image Database on 0312312011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1971
`PX01 0_000035
`
`VX00056886
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1971
`
`

`

`US. Patent
`
`Aug. 26, 2008
`
`Sheet 32 of 40
`
`US 7,418,504 B2
`
`
`HOST COMPUTER #1
`
`
` TX
`
`
`
`
`2913 291 2
`
`
`
`2903
`
`COMPUTER
`
`FLOOD IP
`TX 100-200
`
`FIG. 29
`
`Copy provided by USPTO {tom the PIT-IS Image Database on 03282011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1972
`PXO10_000036
`
`VX00056887
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1972
`
`

`

`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 33 of 40
`
`US 7,418,504 B2
`
`330%
`
`8523=Eu
`
`“Ego
`
`8525
`
`SE:5.
`
`EEEmEE.
`
`mzmomm
`
`31.025
`
`Eamumm
`
`om.oE
`
`Emaa
`
`azoamwaE5
`
`5%wémzmo
`
`Copy provided by USPTO from the PIRS Image Database on 0312812011
`
`Petitioner A
`PXO10_000037
`
`pple Inc. - Exhibit 1002, p. 1973
`
`VX00056888
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1973
`
`
`

`

`US. Patent
`
`Aug. 26, 2008
`
`Sheet 34 of 40
`
`US 7,418,504 32
`
`3103
`
`
`CLIENT #1
`
`
`3106
`
`
`
`
`CLIENT #2
`
`
`
` 3208
`3209
`3210
`
`
`3105
`
`HACKER
`
`FIG. 31
`
`Copy provided by USPTO from he PIRS Imaae Database on 0:3!2812011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1974
`PX010_000038
`
`VX00056889
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1974
`
`

`

`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 35 of40
`
`US 7,418,504 B2
`
`CLIENT
`\
`
`SEND DATA PACKET
`
`USING ckan
`CKPT_0=cka_n
`GENERATE NEW ckan
`ELART TIMER, SHUTTRANSMITTER
`
`IF CKPT‘O IN SYNC_ACK
`MATCHES TRANSMITTER‘S
`
`.
`ckao
`UPDATE RECEIVERS
`ckar
`KILL TIMER. TURN
`TRANSMITTER 0N T
`
`SEND DATA PACKET
`USING ckpt_n
`NIpLo=chJLn
`GENERATE NEW ckan
`START TIMER. SHUTTRANSMITTER
`
`WHEN TIMER EXPIRES
`TRANSMIT SYNC_REQ
`USING TRANSMITTERS
`ckpt a START TIMER
`"
`
`IF ckao IN swam:
`MATCHES mmmms
`
`0ka 0
`UPDATE RECEIVERS
`
`ckar
`KILLTIMER. TURN
`TRANSMTTTER 0N
`
`SERVER
`\
`
`PASS DATA UP STACK
`cka_o=ckpl_n
`GENERATE NEW ckan
`GENERATE NEW ckar FOR
`TRANSMITTER SIDE
`TRANSMIT SYNC_ACK
`CONTAINING ckao
`
`
`
`dTpt_u=ckpt_n
`GENERATE NEW ckan
`GENERATE NEW ckar FOR
`TRANSMITTER SIDE
`TRANSMIT SYNCJICK
`CONTAINING thLo
`
`SYNG_REQ
`
`FIG. 32
`
`
`copy provided by USPTO from the PIFIS Image Database on 032812011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1975
`PXO10_OOOO39
`
`VX00056890
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1975
`
`

`

`U.S. Patent
`
`5
`
`2
`
`mu.............HMmasua"2mmmmuman"mm.”
`an”mmmA“28m.“mu............in25::32.
`.pgamma
`
`m225285%is7EE$55a"I,.sas$.52U=222%;.
`MamE$3anin22mm.GE
`
`mEmma
`
`
`
`om%mgDmy&massm
`
`m
`
`asm
`
`Petitioner A
`PXO1 0_OOOO4O
`
`pple Inc. - Exhibit 1002, p. 1976
`
`VX00056891
`
`3%m
`
`
`an
`
`’r
`
`[Ixas
`fig/$395
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1976
`
`
`
`

`

`US. Patent
`
`Aug. 26, 2008
`
`Sheet 37 of 40
`
`US 7,418,504 B2
`
`340\oK
`
`3401
`
` DISPLAY WEB PAGE
`
`CONTAINING GO
`SECURE HYPERLINK
`
`I
`
`
`
`LAUNCH LINK TO
`.COM SITE
`
`DOWNLOADAND
`INSTALL PLUG-IN
`
`CLOSE CONNECTION
`
`3404
`
`3405
`
`3406
`
` S
`
`AI’SNII’ITIIIIRIEPIII‘TIIEIIEEcIJR‘IfTEITEEv‘EEL
`‘
`DOMAIN NAME
`..
`
`3407
`
`3412
`
`.
`
`D|SPLAY SECURE ICON
`
` N0- CONNECTION
`
`
`ACCESS SECURE PORTALAND
`SECURE NETWORKAND SECURE DNS
`
`34%
`
`_
`
`TERMINATE
`SECURE
`
`3413
`
`'
`
`CSlADIg Sfiulgg COMFlgER NETWORK
`RE
`RSEC” EWEB SITE
`
`ACCESS GATE KEEPER AND RECEIVE
`PARAMETERS FOR ESTABLISHING VPN
`W“ SECURE WEBS'TE
`
`3409
`
`3410
`
`3414
`
`3415
`
`YES
`REPLACE SECURE TOP-LEVEL
`DOMAIN NAME WITH NON-SECURE
`TOP—LEVELDOMAIN NAME
`
`7
`
`DISPLAY "GO SECURE“ HYPERLINK
`
`CONNECT T0 SECURE WEBSITE
`USING VPN BASED ON PARAMETERS m
`ESTABLISHED av GATE KEEPER
`3411
`
`FIG. 34
`
`Copy provided by USPTO from the PIHS Image Database on 03128i2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1977
`PXO1 o_000041
`
`VX00056892
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1977
`
`

`

`US. Patent
`
`Aug. 26, 2008
`
`Sheet 33 of 40
`
`US 7,41 8,504 B2
`
`3500
`
`
`
`
`REQUESTOR ACCESSES WEBSITE
`AND LOGS INTO SECURE
`DOMAIN NAME REGISTRY SERVICE
`
`3501
`
`REQUESTER COMPLETES ONLINE
`REGISTRATION FORM
`
`
`
`
`
`QUERY STANDARD DOMAIN NAME
`SERVICE REGARDING OWNERSHIP
`OF EQUIVALENT NON-SECURE
`DOMAIN NAME
`
`RECEIVE REPLY FROM STANDARD
`DOMAIN NAME REGISTRY
`
`3505
`
`NO
`
`VERIFY INFORMATION AND
`ENTER PAYMENT INFORMATION
`
`350T
`
`
`
`
`INFORM REQUESTOR
`OF CONFLICT
`
`3506
`
`
`
`
`
`
`REGISTER SECURE DOMAIN NAME
`
`
`
`3508
`
`FIG. 35
`
`l
`
`Copy provided by USPTO from the PIRS Image Database on 0312812011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1978
`PXO1 0_000042
`
`VX00056893
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1978
`
`

`

`US. Patent
`
`Aug. 26, 2008
`
`Sheet 39 of 40
`
`US 7,418,504 B2
`
`
`
`
`WEB SERVER
`
`SERVER PROXY
`
`3611
`
`
`3610
`
`VPN GUARD
`
`COMPUTER NETWORK
`
`3602
`
`FIREWALL
`
`3603
`
`3600
`
`3605
`
`3505
`
`
`
`
`
`3607
`
`36
`
`04
`
`CLIENT COMPUTER
`
`FIG. 36
`
` L
`
`Copy provided by USPTO from the PIFIS Image Database on 0328112011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1979
`PXO10_000043
`
`VX00056894
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1979
`
`

`

`US. Patent
`
`Aug. 26, 2008
`
`Sheet 40 of 40
`
`US 7,418,504 B2
`
`3700
`
`GENERATE MESSAGE PACKETS
`
`3701
`
`MODIFY MESSAGE PACKETS WITH PRIVATE
`CONNECTION DATA AT AN APPLICATION LAYER
`
`'
`
`3702
`
`SEND TO HOST COMPUTER
`THROUGH FIREWALL
`
`RECEIVE PACKETS AND AUTHENTICATE
`AT KERNEL LAYER OF HOST COMPUTER
`
`RESPOND TO RECEIVED MESSAGE
`PACKETS AND GENERATE REPLY
`MESSAGE PACKETS
`
`MODIFY REPLY MESSAGE PACKETS WITH
`PRIVATE CONNECTION DATA AT A
`KERNEL LAYER
`
`SEND PACKETS TO CLIENT COMPUTER
`THROUGH FIREWIRE
`
`RECEIVE PACKETS AT CLIENT
`COMPUTER AND AUTHENTICATE AT
`APPLICATION LAYER
`
`FIG. 37
`
`3703
`
`3704
`
`3705
`
`3706
`
`3707
`
`3708
`
`I\—__——_———___—_________,_____
`Copy provided by USPTO from he PIRS Image Database on 03:2312011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1980
`PXO10_OOOO44
`
`VX00056895
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1980
`
`

`

`US 7,413,504 132
`
`1
`AGILE NETWORK PROTOCOL FOR SECURE
`CODINIUNICATIONS USING SECURE
`DOMAIN NANIES
`
`CROSS—REFERENCE TO RELATED
`APPLICATIONS
`
`This application claims priority from and is a continuation
`patent application of US. application Ser. No. 09/558,210,
`filed Apr. 26, 2000 now abandoneed, which is a continuation-
`in-part patent application ofpreviously-filed U.S. application
`Ser. No. ($504,783, filed on Feb. 1 5, 2000, nowU.S. Pat. No.
`6,502,135, issued Dec. 3 1, 2002, which claims priority from
`and is a continuation-in-part patent application ofpreviously-
`filed US. application Ser. No. 09/429,643, filed on Oct. 29,
`1999 now U.S. Pat. No . 7,01 0, 604. The subject matter ofU.S.
`application Ser. No. 09/429,643 , which is bodily incorporated
`herein, derives from provisional U.5. application Nos.
`60/106,261 (filed Oct. 30, 1 998) and 602’] 37,704 (filed Jun. 7,
`1999). The present application is also related to U.S. appli-
`cation Ser. No. 09/558,209, filchpr. 26, 2000, and which is
`incorporated by reference herein.
`
`GOVERNLiENT‘ CONTRACT RIGHTS
`
`This invention was made with Government support under
`Contract No. 360000-1 999-000000-QC-000-000 awarded by
`the Central IntelligenccAgency. The Government has certain
`rights in the invention.
`
`BACKGROUND OF THE INVENTION
`
`A tremendous variety of methods have been proposed and
`implemented to provide security and anonymity for commu-
`nications overthe Internet. The variety stems, in part, from the
`different needs of different Internet users. A basic heuristic
`framework to aid in discussing these difi‘erent security tech-
`niques is illustrated in FIG. 1 . Two terminals, an originating
`tenmna] 100 and a destination terminal 110 are in communi-
`cation over the Internet. It is desired for the communications
`to be secure, that is, immune to eavesdropping. For example,
`terminal 100 may transmit secret information to terminal 110
`over the Internet 107. Also, it may be desired to prevent an
`eavesdropper from discovering that terminal 100 is in com-
`munication with terminal 110. For example, ifterminal 100 is
`a user and terminal 110 hosts a web site, terminal 100's user
`may not want anyone in the intervening networks to know
`what web sites he is “visiting.” Anonymity would thus he an
`issue, for example, for companies that want to keep their
`market research interests private and thus would prefer to
`prevent outsiders from knowing which web-sites or other
`Internet resources they are “visiting." These two security
`issues may be called data security and anonymity, respec-
`tivcly.
`Data security is usually tackled using some form of data
`encryption. An encryption key 48 is known at both the origi-
`nating and terminating terminals 100 and 110. The keys may
`be private and public at the originating and destination termi—
`nals 100 and 110, respectively or they may be synunctrical
`keys (the same key is used by both parties to encrypt and
`decrypt). Many encryption methods are known andusable in
`this context.
`To hide traffic from a local administrator or 15?, a user can
`employ a local proxy server in communicating over an
`encrypted channel with an outside proxy such that the local
`administrator or ISP only sees the encrypted tmfiic. Proxy
`servers prevent destination servers from determining the
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`identities of the originating clients. This system employs an
`intermediate server interposed between client and destination
`server. The destination server sees only the Internet Protocol
`(IP) address ofthe proxy server and not the originating client.
`The target server only sees the address of the outside proxy.
`This scheme relies on a trusted outside proxy server. Also,
`proxy schemes are vulnerable to traflic analysis methods of
`detemiining identities of transmitters and receivers. Another
`important limitation ofproxy servers is that the server knows
`the identities of both calling and called parties. In many
`instances, an originating terminal, such as terminal A, would
`prefer to keep its identity concealed from the proxy, for
`example, ifthe proxy server is provided by an Internet service
`provider (ISP).
`To defeat traffic analysis, a scheme called Chaum's mixes
`employs a proxy server that transmits and receives fixed
`lengthmessages, including dummy messages. Multiple origi-
`nating terminals are connected through a mix (a server) to
`multiple target servers. It is diflicult to tell which of the
`originating terminals are communicating to which ofthe con-
`nected target servers, and the dummy messages confuse
`eavesdroppers’ efforts to detect communicating pairs by ana-
`lyzing traffic. A drawback is that there is a risk that the mix
`server could be compromised. One way to deal with this risk
`is to spread the trust among multiple mixes. If one mix is
`compromised, the identifies of the originating and target ter—
`minals may remain concealed. This strategy requires a num-
`ber of alternative mixes so that the intermediate servers inter-
`posed between the originating and target terminals are not
`determinable except by compromising more than one mix.
`The strategy wraps the message with multiple layers of
`encrypted addresses. The first mix in a sequence can decrypt
`only the outer layer of the message to reveal the next'desti-
`nation mix in sequence. The second mix can decrypt the
`message to reveal the next mix and so on. The target server
`receives the message and, optionally, a multi—layer encrypted
`payload coniaining return information to send data back in
`the same fashion. The only way to defeat such a mix scheme
`is to collude among mixes. If the packets are all fixed—length
`and intermixed with dummy packets, there is no way to do
`any kind of traffic analysis.
`Still another anonymity technique, called ‘crowds,’ pro-
`tects the identity of the originating terminal from the inter-
`mediate proxies by providing that originating terminals
`belongto groups ofproxies called crowds. The crowd proxies
`are interposed between originating and target terminals. Each
`proxy through which the message is sent is randomly chosen
`by an upstream proxy. Each intermediate proxy can send the
`message either to another randomly chosen proxy in the
`“crowd" or to the destination. Thus, even crowd members
`cannot determine ifu preceding proxy is the originator ofthe
`message or if it was simply passed from another proxy.
`ZKS (Zero-Knowledge Systems) Anonymous ll? Protocol
`allows users to select up to any of five different pseudonyms,
`while desktop software encrypts outgoing traffic and wraps it
`in User Datagram Protocol (UDP) packets. The first server in
`'a 2+—hop system gets the UDP packets, strips off one layer of
`encryption to add another, then sends the traffic to the next
`server, which strips off yet another layer of encryption and
`adds a new one. The user is permitted to control the number of
`hops. At the final server, traffic is decrypted with an min-ace-
`able IP address. The technique is called onion-routing. This
`method can be defeated using trafl'ic analysis. For a simple
`example, bursts ofpackets fro m. a user during low-duty peri-
`ods can reveal the identities of sender and receiver.
`Firewalls attempt to protect LANs from unauthorized
`access and hostile exploitation or damage to computers con-
`
`Conv provided by USPTO from the PIHS Image Database on 03/232011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1981
`PX010_000045
`
`VX00056896
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1981
`
`

`

`US 7,418,504 BQ
`
`3
`nected to the LAN. Firewalls provide a server through which
`all access to the LAN must pass. Firewalls are centralized
`systems that require administrative overhead to maintain.
`They can be compromised by virtual-machine applications
`(“applets”). They instill a false sense ofsecurity that leads to
`security breaches for example by users sending sensitive
`information to servers outside the firewall or encou