`
`
`
`Apple v. VirnetX, IPR2015-00870, Petitioner Apple Inc. - Exhibit 1065, p. 2
`
`
`
`liaarllrarl --- inside tire nttvmrlr matltina . lllarlr Eiltht
`
`IP SECURITY: KEEPING YOUR BUSINESS PRIVATE
`(ESP) heatler.
`The Authentication Header defines
`which parameters will be used for
`authenticating the originator of data.
`checks integrity and protects the ses-
`sion horn protocol replay. Protocol
`replay is a technique For breaking into
`systems by recording and replayiog an
`exchange or data.
`‘the ESP header specifies ent:ty'p-
`tion methods and offers limited traflic
`now confidentiality. It partially hides
`thedetailsofhowntanypeclreof
`what size are flowing in which direc-
`tlon.This is important, as tralfic flow
`information can be used to break en-
`cryption schemes. It also specifies the
`encryption and authentication keys
`anddietimefianieforurlalchtliclnejvs
`arcvalid.
`These two headers combined are
`called the Security Association, which
`describes what are referred to as the
`“transl'ormatitn1s" to be applied to the
`pafld rlatagram.
`rlsocurityflssoclatlon ntafhc static,
`Cflrluthiirig data that is never changed
`bythetra.nst‘orn1ation:or dynamic,cort-
`raining data that is maintained by the
`transit:-rrnation and changed whenever
`a datagiarn is handled. For example.
`
`W ithout secure con1rnLu-rica-
`done. much of the corrunen
`chlpotential orthelnternet will never
`he realized because. whether you trite
`itornot.lhetettrepl.'0plto'IJlthete
`who want
`to know what you are
`doing. some new just be curious. while
`others may want to bann you or your
`buslncssin so
`way.
`_-
`In response to this. wo‘\-1: seen the
`cntergenceofallsonsoiprotocolsde
`signed toenhance
`sc'cuI'll]rofII'l't¢l’-
`net co-ntrnurtica
`. For ettample. Se-
`cure i-ITTP is sophisticated a.nd capri-
`bit: of providing fine-grained access
`Control, but It is too comp] for net-
`work aclrttinistrators.
`'l1;iday. the ntajorlty of secure ‘Web
`u-alfic is protected by Secure Sockets
`Layer(S5l,).5SLc-anbetised with other
`protocols.
`such as File 'l'i-ansfer
`Protocol ('Fl'P).Wltii~c SS1. worltswell, it
`applies only to data transmitted at the
`socket
`level. And worst of all. 551.
`reqtzhtestheclientandtheservertobc
`SSL-await.
`A more generic solution to secure
`data exchang:
`is being defined by
`another protocol. IP Security (IPSec).
`IPS-cc is quite arnbltiotts. It defines
`encryption, authentication and key
`
`management to create, in effect. a vir-
`tual private network (VPN) session for
`every connection. In the structure of
`the Open Systems interconnection
`model. IPSec operates at the network
`layer and doesn't require that applia-
`tions be . so all commtu1.i-
`cations are seemed.
`Grossly simplifying. you could sum
`up IPSec's operation as two corn-
`puters exchanglng X509 certificates
`ibrauthe-ntication and then creating an
`encrypted tunnel for data transfer.
`The t1i.fl'erenoc between regular [F
`packets and IPSvt'c packets is the addi-
`tion of an ertten-Iron header and the
`ctlcryptlon of the payload d-'tlll.ThCt'e
`are two parts to the IPS-cc extension
`headctwtltehuthenticntlon Header and
`the Encapsulating Security Payload
`
`serial ntunber-based replay prevention
`and sophisticated encryption systerns
`that change -over the course of multi-
`ple transactions involve dynamic data.
`in either ca.-se,to begin a secure ses-
`sion both computers need to deter-
`mine how they are going to “talk” to
`each other.
`The protocol used to set up the con-
`nections is the Internet Key Ihtchange,
`yet another Internet Englnccriitg Task
`Force protocol working its way toward
`finall:-ation.
`lfyIou‘regettin3'their.lea thatthisis
`cornplitated. you’re ti_g1tt.'I'hi5 is why
`moving IP5cc to a stanthrvd will take
`time. And lPSoc has processing and
`rnanagement overhead. so it will have
`to be deployed with care.
`IPS-ecisthebcstsolutlonorithe
`horizon. It will become the secure
`-lI.'liIll.'I'I.]]‘.I|.|.l'|.iCli.'l.lC|l'IIS standard.
`See the IETF documents RFC 2401
`"securltguliithltectute for the Internet
`Protoeol":u wvvvitictiiorg./rfclrfczélll.
`out and RFC 2411 "IP Security Docu-
`ment Roa-dmap' at wvvw. ietfiorgfr-l'cf
`rfcltil 1.i::ltt.
`""'~.--y...
`
`securely
`Communicate
`geari:endogioimcom.
`
`to
`
`weelt) or take the survey
`yoursclfat:
`Doc.F‘r'n.rfer.'2029
`
`The rloctrtt is in
`Shaun Kelly, ou.r very own
`kindly Career Doctor (any
`rescntblanectomar-cus\'£-’elb3r
`is purely coincidental) holds
`office hours this week to
`answer your pressing career
`questions.
`You can post them pub-
`licly or send them to him
`confidentially
`via
`e-mail.
`Certification remains a big
`topic.
`Plus, download a digest of
`his answers to questions
`from his last session.
`Docfifuder: 2032
`
`Arttispem
`Last Week. Nemvort I-Flmld
`columnist James Kobielu.-3
`blasted the "cyber=McCarthy-
`ism" of agroup that main-
`of I$PS it.
`
`some
`says condone spam.
`readers beg to differ. What
`do you think? Read their
`comments (plus Kobielus‘
`column. ifyou missed it) and
`then add yours.
`.Dot:Fi‘mt!er: 2028
`
`ll merits the spot
`Remember all
`the atten-
`tion Java used to get? Now
`the Extensible Ma.rl-zup lan-
`guage (xii-ll.) gets all the ink
`(well, what's left over from
`Linux, at any rate). But what
`do you do with it? A number
`of tools are beginning to
`emerge that make xtu. more
`than just another threedetter
`acronym in search of some
`venture funrilng.
`from
`One such product
`V¢1'w:tl.oglcl.sKMLP1'o 1.2.3
`graphical development
`tool
`that helps Web designers
`make the transition from
`rm-u. to XML It features
`XML validation. wizards to
`
`hm create XML elements
`
`and attributes. and a docu-
`ruertt-tree outline view. Plus
`its validation engine lets you
`do your DTDS (Data. Type
`Definitions) in your BVDs.
`XML Pro 1.2 supports the
`XML 1.0 specification and
`runs on 32-bit Windows
`platforms.
`Download an evaluation
`
`copy of ?Cl'tiL Pro and other
`Jlltll. editing tools from our
`Download area at:
`DocFr'r.'tder: 2030
`
`Too litilrttoo Into?
`This weeir, ‘Wired Win-
`dows" excorlates Oracle for
`its directory strata.-gy.Wl1atdo
`you thlnlt? If directories are
`the future of networking (are
`th£y?), has Oracle blown it?
`Read the column and dis-
`cuss it or ]list browse a.
`library of directory-related
`articles . and
`links
`from
`Network '|l5bn'd' and else-
`where on the Internet.
`Docfinder 203!
`
`As we sear-up for-our spe-
`out You issue in July — a
`whole ‘latte devoted to you.
`our raiders -- we're begin-
`ning to poll
`folks online
`about everything front how
`much coflbe they drink in a
`week to what
`their dream
`job would be.
`Early returns show that
`networlt professionals seem
`
`'-lwtorktlteydojustfine.
`sure. we've got some mal-
`conlcnts who say
`their
`dltamjoh wouldbeworklng
`for lilarliados Airlines — in
`Barbados — but most
`respondents last week said
`they'd just as soon keep
`working in networking. at.
`oh,M:lr:ro5oft orltlovell.
`Get last week's results (in
`addition to dream jobs, we
`asked network professionals
`about hours worlred each
`
`: _.§__"'__"'_'_:‘_f"_f’_'._“_""'_°"f_'“_“_'“‘_ ”."Ag1s%).I”eT"vt"/'.".‘:_V'lf“'t_lé_’[3C I__PR2_015-00870, Petitioner Apple Inc. — Exhibit 1065, p. 3
`
`Apple v. VirnetX, IPR2015-00870, Petitioner Apple Inc. - Exhibit 1065, p. 3