DECLARATION OF DR. ATUL PRAKASH IN SUPPORT OF PETITION
`FOR INTER PARTES REVIEW OF U.S. PATENT NO. 8,544,078 IN VIEW
`OF YADAV AND FREUND REFERENCES
`
`McAfee, Inc. Exhibit 1004 Page 1
`
`

`
`TABLE OF CONTENTS
`
`
`Page
`
`
`I.
`
`INTRODUCTION AND SUMMARY OF TESTIMONY ............................ 1
`A. Qualifications ....................................................................................... 1
`B. Other Matters ........................................................................................ 5
`C.
`Compensation ....................................................................................... 6
`D. Materials Reviewed .............................................................................. 6
`E.
`Level of Ordinary Skill in the Art ........................................................ 8
`II. OVERVIEW/TUTORIAL REGARDING TECHNOLOGY ......................... 9
`A.
`Priority Date ......................................................................................... 9
`B.
`Computer Networking .......................................................................... 9
`1.
`Protocols ................................................................................... 10
`2.
`Ports.......................................................................................... 11
`3.
`Client-Server Communication using TCP ............................... 13
`4.
`Client-Server Communication using UDP .............................. 19
`Firewalls ............................................................................................. 19
`1.
`Firewalls in operating systems ................................................. 20
`2.
`Firewall rules ............................................................................ 20
`Stateful firewalls/Dynamic firewalls/Flexible firewalls .................... 24
`1.
`Stateful firewalls ...................................................................... 24
`2.
`Dynamic or flexible firewalls .................................................. 25
`Hooking .............................................................................................. 28
`E.
`III. THE CHALLENGED ’078 PATENT .......................................................... 28
`A.
`Background and General Description of the ’078 Patent .................. 28
`1.
`Purpose of the Invention .......................................................... 28
`2.
`Internal Permitted Program Storage ........................................ 32
`3.
`Firewall Flexible Device .......................................................... 33
`
`C.
`
`D.
`
`
`
`-i-
`
`
`
`McAfee, Inc. Exhibit 1004 Page 2
`
`

`
`TABLE OF CONTENTS
`(continued)
`
`Page
`
`
`
`Internal Permitted Port Storage ................................................ 37
`4.
`Bypassing the Firewall ............................................................. 40
`5.
`File History of the ’078 Patent ........................................................... 41
`97. First office action (Sep. 11, 2009). .......................................... 41
`100. Second office action (June 8, 2010). ........................................ 42
`102. Third office action (Feb. 15, 2011). ......................................... 42
`107. Fourth office action (July 19, 2011). ....................................... 44
`113. Notice of allowance (Aug. 15, 2013). ...................................... 45
`Claim Construction ............................................................................ 46
`1.
`internal permitted program storage .......................................... 48
`2.
`list of programs ........................................................................ 50
`3.
`internal permitted port storage ................................................. 51
`4.
`server port ................................................................................ 54
`5.
`a port of a packet of inbound traffic ........................................ 57
`6.
`firewall flexible device ............................................................ 58
`IV. OVERVIEW OF THE PRIOR ART ............................................................ 60
`A.
`Invalidity Standard ............................................................................. 60
`B.
`Background on Yadav (US Pat. No. 7,174,566) ................................ 62
`1.
`General overview of Yadav ..................................................... 62
`2.
`Yadav’s application rules are a list of permitted programs ..... 65
`3.
`Yadav included an internal permitted program storage ........... 69
`4.
`Yadav’s Network Traffic Enforcer (NTE) included an in-
`ternal permitted port list ........................................................... 73
`Summary of Yadav .................................................................. 80
`5.
`Background on Freund (US. Pat. 5,987,611) ..................................... 81
`
`B.
`
`C.
`
`C.
`
`
`
`-ii-
`
`McAfee, Inc. Exhibit 1004 Page 3
`
`

`
`TABLE OF CONTENTS
`(continued)
`
`Page
`
`
`
`V.
`
`General overview of Freund .................................................... 81
`1.
`Defining Application Rules ..................................................... 85
`2.
`Application-specific rule database ........................................... 92
`3.
`4. Monitoring application network requests ................................ 93
`D. Motivation to combine Yadav with Freund ....................................... 96
`CLAIM 1-5 WERE OBVIOUS OVER YADAV IN VIEW OF
`FREUND .................................................................................................... 104
`A. Yadav in view of Freund rendered claim 1 obvious ........................ 104
`1.
`Claim 1, preamble .................................................................. 104
`2.
`Claim 1, element A: a port monitoring unit… ....................... 106
`3.
`Claim 1, element B: an internal permitted program stor-
`age… ...................................................................................... 125
`Claim 1, element C: the internal permitted program stor-
`age adds a program to the list… ............................................ 137
`Claim 1, element D: a firewall flexible device determin-
`ing… ....................................................................................... 150
`Claim 1, element E: wherein the firewall flexible device
`automatically stores the extracted information… .................. 153
`Claim 1, element F: wherein the firewall flexible device
`further determines… .............................................................. 163
`B. Yadav in view of Freund rendered claim 2 obvious ........................ 165
`1.
`Yadav disclosed information about the program that in-
`cludes information about a program name, an entire path
`of the program and a program hash value .............................. 165
`Freund also disclosed that information about a program
`includes information about both a program name and a
`hash value ............................................................................... 168
`C. Yadav in view of Freund rendered claim 3 obvious ........................ 169
`
`4.
`
`5.
`
`6.
`
`7.
`
`2.
`
`
`
`-iii-
`
`McAfee, Inc. Exhibit 1004 Page 4
`
`

`
`TABLE OF CONTENTS
`(continued)
`
`Page
`
`
`
`D. Yadav in view of Freund rendered claim 4 obvious ........................ 170
`E.
`Yadav in view of Freund rendered claim 5 obvious ........................ 174
`1.
`Yadav disclosed the additional elements of claim 5 .............. 175
`2.
`Freund also disclosed the additional elements of claim 5 ..... 176
`VI. CLAIMS 7-11 WERE RENDERED OBVIOUS OVER YADAV IN
`VIEW OF FREUND ................................................................................... 178
`A.
`Claim 7 ............................................................................................. 178
`B.
`Claim 8 ............................................................................................. 180
`C.
`Claim 9 ............................................................................................. 181
`D.
`Claim 10 ........................................................................................... 181
`E.
`Claim 11 ........................................................................................... 181
`VII. CLAIM 13-15 WERE RENDERED OBVIOUS OVER YADAV IN
`VIEW OF FREUND ................................................................................... 182
`A.
`Claim 13 ........................................................................................... 182
`B.
`Claim 14 ........................................................................................... 187
`C.
`Claim 15 ........................................................................................... 187
`VIII. CLAIM 16, 18-20 WERE RENDERED OBVIOUS OVER YADAV
`IN VIEW OF FREUND ............................................................................. 192
`A.
`Claim 16 ........................................................................................... 192
`B.
`Claim 18 ........................................................................................... 194
`C.
`Claim 19 ........................................................................................... 195
`D.
`Claim 20 ........................................................................................... 195
`IX. CLAIM 21, 23-25 WERE RENDERED OBVIOUS BY YADAV IN
`VIEW OF FREUND ................................................................................... 195
`A.
`Claim 21 ........................................................................................... 195
`B.
`Claim 23 ........................................................................................... 197
`
`
`
`-iv-
`
`McAfee, Inc. Exhibit 1004 Page 5
`
`

`
`TABLE OF CONTENTS
`(continued)
`
`Page
`
`
`
`Claim 24 ........................................................................................... 197
`C.
`Claim 25 ........................................................................................... 198
`D.
`CONCLUSION ........................................................................................... 198
`X.
`APPENDIX I. CHALLENGED CLAIMS ........................................................... 200
`A.
`Independent claim 1 and dependent claims 2-5 ............................... 200
`B.
`Independent claim 7 and dependent claims 8-11 ............................. 202
`C.
`Independent claim 13 and dependent claims 14-15 ......................... 203
`D.
`Independent claim 16 and dependent claims 18-20 ......................... 205
`E.
`Independent claim 21 and dependent claims 23-25 ......................... 206
`
`
`
`
`
`-v-
`
`McAfee, Inc. Exhibit 1004 Page 6
`
`

`
`
`
`I. Introduction and summary of testimony
`
`
`1.
`
`My name is Atul Prakash. I have been retained in the above-
`
`referenced inter partes review proceeding by McAfee, Inc. (“Petitioner”) to evalu-
`
`ate United States Patent No. 8,544,078 (“the ’078 Patent”) against certain refer-
`
`ences that predate December 31,2003, the claimed priority date of the ’078 Patent.
`
`The ’078 Patent is attached as Exhibit 1001 to the Petitioner’s petitions for Inter
`
`Partes Review of U.S. Patent No. 8,544,078 based on the Yadav and Freund Ref-
`
`erences. I am informed that Petitioner seeks review of the ’078 Patent’s method
`
`and computer readable medium claims, 7-11, 13-15, 21, and 23-25 in one petition
`
`and of the ’078 Patent’s system claims, 1-5, 16, and 18-20, in a second petition
`
`(collectively, the “challenged claims” in the “Petitions”). As detailed in this decla-
`
`ration, it is my opinion that each of the challenged claims is anticipated or rendered
`
`obvious by prior art references that predate the claimed priority date of the ’078
`
`Patent. If requested by the Patent Trial and Appeal Board (“PTAB” or “Board”), I
`
`am prepared to testify about my opinions expressed herein.
`
`A. Qualifications
`
`
`2.
`
`I am an expert in the field of computer and network security, and I
`
`have been a researcher in security-related fields since at least 1986. I earned my
`
`Masters of Science and Doctorate from the Department of Electrical Engineering
`
`and Computer Science at the University of California, Berkeley, in 1984 and 1989,
`
`
`
`- 1 -
`
`McAfee, Inc. Exhibit 1004 Page 7
`
`

`
`
`
`respectively. I earned my undergraduate degree, a B. Tech. in Electrical Engineer-
`
`ing, from the Indian Institute of Technology, Delhi in 1982.
`
`
`3.
`
`I have been a faculty member at the University of Michigan since
`
`1989, where I regularly conduct research and teach courses. I am a founding mem-
`
`ber of the Software Systems Research Laboratory in the EECS Department at the
`
`University of Michigan. I have also served as the director of the Software Systems
`
`Research Laboratory.
`
`
`4.
`
`During my time at the University of Michigan, I have conducted re-
`
`search in areas that include subjects such as: computer and network security, ac-
`
`cess control, security and privacy policies, distributed systems, computer networks,
`
`operating systems, and software engineering. I have also taught courses that in-
`
`clude subjects of computer and network security, operating systems, databases, and
`
`software engineering. I consider myself to be an expert in these technical subjects,
`
`and, more broadly, in the computer science field.
`
`
`5.
`
`Based on my research, I authored or co-authored numerous articles in
`
`peer-reviewed journals and conferences related to the technical areas I listed above.
`
`They are listed in my CV in the Appendix. More specifically, my research has
`
`spanned topics related to firewalls, web security, security policies, host security,
`
`network security, client-server systems, distributed systems, and software systems
`
`in general. For example, in one project around 1995-1999 with my student, Trent
`
`
`
`- 2 -
`
`McAfee, Inc. Exhibit 1004 Page 8
`
`

`
`
`
`Jaeger, and researchers at IBM, I worked on mechanisms for controlling the possi-
`
`ble set of behaviors of downloaded programs so that they cannot do certain harm-
`
`ful actions on a computer (the work appeared in ACM Transactions on Information
`
`and System Security, 1999). I also worked on a secure group communication sys-
`
`tem and policies for defining requirements for secure communication among mul-
`
`tiple parties. That work appeared at the Usenix Security Symposium in August
`
`1999, DARPA Information Survivability Conference in 2001, and at the 2002
`
`IEEE Symposium on Security and Privacy.
`
`
`6.
`
`In addition to giving presentations on peer-reviewed papers that have
`
`been accepted at conferences, I have given invited talks at conferences. For exam-
`
`ple, I gave the keynote presentation at the International Conference on Information
`
`Systems and Security in 2007 and at the 8th International Conference on Security
`
`and Privacy in Communication Networks in 2012.
`
`
`7.
`
`In addition to research, I often work on committees for conferences in
`
`my field. For example, I was a Program Committee Member at the IEEE Oakland
`
`Symposium on Security and Privacy in 2008 and a Program Committee Member of
`
`IEEE Symposium on Reliable Distributed Systems in 2011. I have also co-chaired
`
`the program committees of several security conferences, including the Internation-
`
`al Conference on Information Security and Systems (2009 and 2014) and the IEEE
`
`Symposium on Reliable Distributed Systems (2010).
`
`
`
`- 3 -
`
`McAfee, Inc. Exhibit 1004 Page 9
`
`

`
`
`
`
`8.
`
`In addition to serving on program committees of conferences, I have
`
`served in an editorial role for a journal in the area of computer and information se-
`
`curity. Specifically, I have served as an Associate Editor of IEEE Transactions on
`
`Secure and Dependable Systems.
`
`
`9.
`
`I have served on the Ph.D. committees of several graduates from my
`
`department at the University of Michigan in the area of computer and information
`
`security, and also served as the Ph.D. thesis advisor for several graduate students in
`
`security-related areas. I have also been teaching graduate and advanced undergrad-
`
`uate courses at the University of Michigan since 1989 that have included the areas
`
`of computer and network security, operating systems, and database systems.
`
`
`10.
`
`In addition to my academic work, I often collaborate on research with
`
`companies in the private sector. For example, I was a Visiting Research Scientist
`
`at the IBM TJ Watson Research Center in Yorktown Heights, New York. I also
`
`advised a startup, Aereous (also known as Indigo Security), in the area of computer
`
`and information security.
`
`
`11.
`
`I am an inventor on U.S. Patent Nos. 6,425,016 and 6,988,270, both
`
`entitled “System and Method for Providing Collaborative Replicated Objects for
`
`Synchronous Distributed Groupware Application(s).” These patents generally re-
`
`late to technology for supporting collaborative work over a computer network.
`
`
`
`- 4 -
`
`McAfee, Inc. Exhibit 1004 Page 10
`
`

`
`
`
`
`12.
`
`In 1997, I received the Research Excellence Award from the Depart-
`
`ment of EECS at the University of Michigan. In 1998, a research project done by
`
`my team was one of the finalists for the Computerworld Smithsonian Award for
`
`the best science project. This honor was for my team’s work on the Upper Atmos-
`
`pheric Research Collaboratory, one of the earliest systems to support distributed
`
`team science over the Internet, and involved technologies related to networking,
`
`distributed computing, and security. This project was selected for inclusion in the
`
`Smithsonian Permanent Collection.
`
`
`13.
`
`Based on my academic and practical experience in the areas of com-
`
`puter and network security, distributed systems, operating systems, software engi-
`
`neering, and multimedia systems, I have a strong understanding of the subject mat-
`
`ters of the ’078 Patent. I am familiar with the knowledge of a person having ordi-
`
`nary skill in the art in 2003.
`
` My Curriculum Vitae, which provides a comprehensive description of
`14.
`
`my relevant experience, including academic and employment history, publications,
`
`conference participation, and U.S. patents, is attached as Exhibit 1011.
`
`B. Other Matters
`
`
`15.
`
`Below are other legal matters in which I have testified as an expert at
`
`trial or by deposition within the preceding four years:
`
`
`
`- 5 -
`
`McAfee, Inc. Exhibit 1004 Page 11
`
`

`
`
`
`
`16.
`
`Deposition: retained on behalf of Trend Micro in Intellectual Ventures
`
`I LLC v. Symantec Corporation, et al; Intellectual Ventures I LLC v. Trend Micro
`
`Incorporated, et al., Case Nos. 10-1067-LPS; 12-1581-LPS.
`
`
`17.
`
`Deposition: retained on behalf of Apple in Apple vs. ContentGuard
`
`Holdings, Inc. in Case No. 2:13-CV-01112-JRG; retained on behalf of Apple.
`
`C. Compensation
`
`
`18.
`
`In connection with my work as an expert, I am being compensated at a
`
`rate of $400 per hour for consulting services including time spent testifying at any
`
`hearing that may be held. I am also being reimbursed for reasonable and customary
`
`expenses associated with my work in this case. I receive no other forms of com-
`
`pensation related to this case. No portion of my compensation is dependent or oth-
`
`erwise contingent upon the results of this proceeding or the specifics of my testi-
`
`mony.
`
`D. Materials Reviewed
`
`19.
`
`
`
`In formulating my opinions in this matter, I have reviewed the ’078
`
`Patent and its prosecution history. I have also reviewed:
`
`Ex. 1002
`Ex. 1003
`Ex. 1012
`
`Ex. 1013
`
`U.S. Patent No. 7,174,566 to Satyendra Yadav (“Yadav”)
`U.S. Patent No. 5,987,611 to Gregor Freund (“Freund”)
`W. Richard Stevens, Unix Network Programming, vol. 1,
`2nd ed. (1998) (“Stevens”)
`William R. Cheswick and Steven M. Bellovin, “Chapter 3:
`
`
`
`- 6 -
`
`McAfee, Inc. Exhibit 1004 Page 12
`
`

`
`
`
`Ex. 1014
`
`Ex. 1015
`Ex. 1016
`Ex. 1017
`
`Ex. 1018
`
`Ex. 1019
`
`Ex. 1020
`
`Ex. 1021
`
`Firewall Gateways,” Firewalls and Internet Security, Ad-
`dison-Wesley (1994) (“Cheswick”)
`U.S. Patent Application Publication No. 2003/0149887 A1
`(“Yadav ’887”)
`“TCPServerChannel,” Microsoft .Net documentation
`“TCP Channel,” Cornell University
`“New program stops Windows 2000/NT/98 security weak-
`nesses and Trojans for free,” InfoWorld, Feb 7, 2000
`“Server Lockdown Locks Out End Users,” Computer-
`world, April 23, 2001
`Excerpts from Teri Bidwell et al., Hack Proofing Your
`Identity in the Information Age, Syngress Publishing
`(2002)
`Excerpts from Jones, Network Programming for Microsoft
`Windows, Microsoft Press (2nd ed., 2002)
`Excerpts from Windows Sockets: An Open Interface for
`Network Programming under Microsoft Windows (v1.1,
`Jan. 20, 1993)
`
`I also refer to my CV, which is attached as Ex. 1011.
`
`Ex. 1011
`
`Curriculum Vitae of Dr. Atul Prakash
`
`
`20.
`
`In connection with live testimony in this proceeding, should I be
`
`asked to provide it, I may use as exhibits various documents that refer to or relate
`
`to the matters contained within this declaration, or which are derived from the re-
`
`sults and analyses discussed in this declaration. Additionally, I may create or su-
`
`
`
`- 7 -
`
`McAfee, Inc. Exhibit 1004 Page 13
`
`

`
`
`
`pervise the creation of certain demonstrative exhibits to assist me in testifying.
`
`
`21.
`
` I am prepared to use any or all of the above-referenced documents,
`
`and supplemental charts, models, and other representations based on those docu-
`
`ments, to support my live testimony in this proceeding regarding my opinions cov-
`
`ering the ’078 Patent. If called upon to do so, I will offer live testimony regarding
`
`the opinions in this declaration.
`
`E. Level of Ordinary Skill in the Art
`
`22.
`
`
`
`I am told that the claims of a patent are reviewed from the point of
`
`view of a hypothetical person of ordinary skill in the art at the time the patent ap-
`
`plication at issue was first filed. In my opinion, for the purposes of the ’078 Pa-
`
`tent, a person of ordinary skill in the art, at the December 31, 2003 priority date for
`
`the ’078 Patent, would have held at least a Master’s degree in computer science,
`
`computer engineering, electrical engineering or equivalent degree from an accred-
`
`ited university program; or a Bachelor’s degree in computer science, computer en-
`
`gineering, electrical engineering or equivalent degree from an accredited university
`
`program and at least two years of relevant work experience in a field directly relat-
`
`ed to networking communications, firewalls, systems programming, and operating
`
`systems; or at least four years of relevant work experience in a field directly related
`
`to networking communications, firewalls, systems programming, and operating
`
`systems. I am told that the claims of a patent are generally reviewed from the point
`
`
`
`- 8 -
`
`McAfee, Inc. Exhibit 1004 Page 14
`
`

`
`
`
`of view of a hypothetical person of ordinary skill in the art at the time the patent
`
`application at issue was first filed.
`
`II. Overview/tutorial regarding technology
`
`A. Priority Date
`
`
`23.
`
`The ’078 Patent was filed on December 27, 2004 and issued on Sep-
`
`tember 24, 2013. I am told that it claims priority back to the Korean Patent 10-
`
`2003-0101775, which has a priority date of December 31, 2003. (See Ex. 1001.) I
`
`express no opinion on the correct priority date, and will use December 31, 2003 as
`
`the priority date only for the purpose of this declaration and for the overview of the
`
`related technology below.
`
`24.
`
`
`
`The ’078 Patent is generally related to ways to restrict network traffic
`
`to a computer by using a firewall. Below I briefly describe the state of the art in
`
`2003 as it related to computer networking and firewalls.
`
`B. Computer Networking
`
`
`25.
`
`Beginning well before the priority date of the ’078 Patent, two or
`
`more computers could communicate over a network. Programs running on a com-
`
`puter (called processes) could send segments of data (called packets) over a net-
`
`work of interconnected devices. I will explain below how the network could de-
`
`termine which computer a packet belonged to, and how a computer could tell
`
`
`
`- 9 -
`
`McAfee, Inc. Exhibit 1004 Page 15
`
`

`
`
`
`which process a packet belonged to.
`
`1. Protocols
`
`
`26.
`
`Processes communicated over a network by using standard protocols
`
`like TCP, UDP, and IP. Some protocols, like IP, managed the connection from one
`
`computer to another, while others, like TCP and UDP, managed the exchange of
`
`data between processes running on the computers.
`
`
`27.
`
`IP, or Internet Protocol, was a widely used protocol that enabled com-
`
`puter-to-computer communication, and continues to be widely used today. The IP
`
`protocol used an IP address to identify each computer on a network. IP addresses
`
`at the time of the ’078 Patent were 32 bits long and were often written using four
`
`numbers, separated by periods (e.g., 141.213.4.4). Packets (i.e., segments of data
`
`communicated over a network) would include the IP address of both the sender and
`
`the intended recipient, so that the network devices would know where to route the
`
`packet, and so the recipient would know where it came from.
`
` While IP helped route packets from one computer to another, TCP and
`28.
`
`UDP each defined a standard for message exchange between two processes run-
`
`ning on a computer. Because computers could have multiple processes that com-
`
`municated over a network (like an email server and a web server), another protocol
`
`was needed to allow communication between processes. That was where TCP
`
`(Transport Control Protocol) and UDP (User Datagram Protocol) came in. Both
`
`
`
`- 10 -
`
`McAfee, Inc. Exhibit 1004 Page 16
`
`

`
`
`
`TCP and UDP used a port to allow a process on one computer to communicate to a
`
`specific process on a different computer.
`
`2. Ports
`
`
`29.
`
`TCP and UDP define protocols for communication between processes
`
`on two computers. Both used a number between 0 and 65535, called a port, to
`
`identify a process on a given computer (while the IP address was used to identify
`
`the computer it ran on). Although “port” sounds like a physical interface, it was a
`
`virtual structure, implemented in software; it was not a physical port. Although a
`
`process can by associated with any port number (or even multiple ones), certain
`
`ports had become standardized or well-known over time. For example, port 80 was
`
`conventionally assigned to a web server, and port 25 to an email server.
`
`
`30.
`
`In order to communicate over a network, a computer would include
`
`the port number of the intended recipient process, along with the IP address of the
`
`recipient computer. For example, in order to retrieve a web page from the Univer-
`
`sity of Michigan web server at www.umich.edu, a computer would first determine
`
`that the IP address of the www.umich.edu computer was 141.213.4.4. Next, the
`
`computer would send a packet that included that number as the destination IP ad-
`
`dress, and 80 (used for web servers by convention) as the destination port. Once it
`
`reached the destination computer at www.umich.edu, the operating system on that
`
`computer would examine the packet, see that the packet had port 80 as its destina-
`
`
`
`- 11 -
`
`McAfee, Inc. Exhibit 1004 Page 17
`
`

`
`
`
`tion port, and use that information to deliver the traffic to the process that was as-
`
`signed to port 80—in this case, a web server. The operating system maintained a
`
`binding between a process and a port so that the packet arriving at a port could be
`
`delivered to the correct process.
`
`
`31.
`
`The packet would also include a “source IP address” and “source
`
`port,” identifying the source computer and process. From our example above, the
`
`web server at www.umich.edu would retrieve this information from the packet it
`
`received, and send the reply packets (the web page) to that IP address and port.
`
`Therefore, the source IP address and port of a packet becomes the destination IP
`
`address and port on reply.
`
`
`32.
`
`The TCP protocol supported reliable and ordered delivery of packets.
`
`In TCP, a connection was first established between the two parties wishing to
`
`communicate, followed by a two-way exchange of data. Finally, when the parties
`
`were done, they would request closing of the connection. The TCP protocol was
`
`widely used because of its reliability and ordered delivery of data. For example, the
`
`web traffic and email was transmitted using the TCP protocol.
`
`
`33.
`
`In the UDP protocol, in contrast, the sender simply sent a packet, with
`
`the header containing the destination IP address and port. No advance connection
`
`set-up was required. However, unlike TCP, it did not guarantee reliable or ordered
`
`delivery of packets. When packets were dropped (or lost) during transit over the
`
`
`
`- 12 -
`
`McAfee, Inc. Exhibit 1004 Page 18
`
`

`
`
`
`network, they would not automatically be resent, and the packets could also arrive
`
`in a different order than they were sent.
`
`3. Client-Server Communication using TCP
`
`
`34.
`
`A typical mode of communication on the Internet was called client-
`
`server communication, where a server would “listen” (wait) for clients to make a
`
`request to the server, usually at a well-known IP address and port. For example, the
`
`University of Michigan web server discussed above listened on port 80.
`
`
`
`
`
`- 13 -
`
`McAfee, Inc. Exhibit 1004 Page 19
`
`

`
`
`
`Process B 
`(web browser) 
`
`Process A 
`(web server) 
`
`
`
`(Stevens, Ex. 1012, Fig. 4.1, p. 86, colored labels added)
`
`
`35.
`
`I will now explain in detail how a “server” worked with respect to
`
`
`
`- 14 -
`
`McAfee, Inc. Exhibit 1004 Page 20
`
`

`
`
`
`network communication. The Figure 4.1 above from Unix Network Programming,
`
`Ex. 10121 illustrated a sequence of TCP operations from the perspective of a TCP
`
`server and a TCP client. For example, suppose that a user executed a web server
`
`program on a computer with IP address 141.211.243.44, resulting in process A (re-
`
`call that a “process” is simply an executing program, ¶ 25 above). To serve web
`
`requests, process A would first create a TCP
`
`socket object and assign or “bind” it to port 80,
`
`which was the standard port for web traffic. A
`
`socket was simply a software structure within
`
`the operating system that kept track of the state
`
`of a network connection, including the comput-
`
`er’s IP address and the assigned port number.
`
`(See Stevens, Ex. 1012, Fig. 3.5, pg. 63 (a visu-
`
`al depiction of Fig. 3.1).) Thus, the operating
`
`system “knew” that port 80 was now associated
`
`with process A. Next, process A would perform a listen() operation on the socket
`
`
`1 W. Richard Stevens, Unix Network Programming, vol. 1, 2nd ed. (1998) is a book
`that experts in the field would reasonably rely on. This book has been cited over
`3,000 times in scholarly works. (See https://goo.gl/mBqjdX, which lists from
`scholarly works to Stevens in Google Scholar as of August 30, 2015.)
`
`
`
`- 15 -
`
`McAfee, Inc. Exhibit 1004 Page 21
`
`

`
`
`
`to “open” the port, telling the operating system that the program was ready to re-
`
`ceive and serve incoming connection requests on port 80 from client computers
`
`around the world. Process A would be a TCP server. (See the description of a port
`
`being passive opened as a result of a listen operation in Stevens, p. 35).
`
`36.
`
`
`
`A web browser on another computer, running as process B, could now
`
`connect to the above web server to establish a network connection, by performing
`
`the following steps. First, Process B (a TCP client) created a socket. Next, it sent a
`
`connection request to the destination IP address 141.211.243.44 at port 80 using
`
`network packets. That request typically also “bound” the socket to an available lo-
`
`cal port, thus “opening” that port. Also see the description of a port being actively
`
`opened as a result of a connect operation in Stevens, p. 35 and Fig. 2.5 on p. 39.
`
`This local port for outbound connections was also referred to as an ephemeral port
`
`because it can be an arbitrary available port number and was short-lived for the du-
`
`ration of the connection. (Id. at p. 42.) In the packets that the TCP client sends, it
`
`always included its own IP address as well as its ephemeral port number so that the
`
`TCP server could send back reply packets, much like a letter includes a return ad-
`
`dress.
`
`37.
`
`
`
`Once the TCP server (process A) at 141.211.243.44 received the con-
`
`nection request from a TCP client (process B), it normally accepted the request. At
`
`this point, a connection was “established” between this client and the server, with
`
`
`
`- 16 -
`
`McAfee, Inc. Exhibit 1004 Page 22
`
`

`
`
`
`both the