Illllllllllllllllllllllllll079212l1B2
`||l||||||l||||llllllllllllllllll||l|||||l|
`
`(12) United States Patent
`US 7,921,211 B2
`Larson et al.
`(45) Date of Patent:
`*Apr. 5, 2011
`
`
`(10) Patent No.:
`
`(54) AGILE NETWORK PROTOCOL FOR SECURE
`COMMUNICATIONS USING SECURE
`DOMAIN NAMES
`
`(75)
`
`Inventors: Victor Larson, Fairfax, VA (US);
`Robert Duuham Short, [[1, Leesbuig,
`VA (US); Edmund Colby Munger,
`Crownsville, MD (US); Michael
`Williamson, South Riding, VA (US)
`
`(73) Assignee: Vlrnetx, Inc., Scotts Valley, CA (US)
`
`( * ) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`use. 154(b) by 701 days.
`
`This patent is subject to a terminal dis-
`claimer.
`
`(21) App1.No.: 11/840,560
`
`(22) Filed:
`
`Aug. 17, 2007
`
`(65)
`
`Prior Publication Data
`
`US 2008/0040792 A1
`
`Feb. 14, 2008
`
`Related U.S. Appliction Data
`
`(63) Continuation of application No. 10/714,849, filed on
`Nov. 18, 2003, now Pat. No. 7,418,504, which is a
`continuation of application No. 09/558,210, filed on
`Apr.
`26, 2000, now abandoned, which is
`a
`continuation-in-part of application No. 09/504,783,
`filed on Feb. 15, 2000, now Pat. No. 6,502,135, which
`is
`a
`continuation-in-part
`of
`application No.
`09/429,643, filed on Oct. 29, 1999, now Pat. No.
`7,010,604.
`
`(60) Provisional application No. 60/106,261, filed on Oct.
`30, 1998, provisional application No. 60/137,704,
`filed on Jun. 7, 1999.
`
`(51)
`
`Int. Cl.
`G06F 15/1 73
`
`(2006.01 )
`
`(52) U.S.Cl.
`
`....................................................... 709/226
`
`(58) Field of Classification Search ................ .. 709/226,
`709/221; 726/15
`See application file for complete search history.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`2,895,502 A
`5,303,302 A
`5,311,593 A
`
`7/1959 Roper et al.
`4/1994 Burrows
`5/1994 Carmi
`
`(Continued)
`
`EP
`
`FOREIGN PATENT DOCUMENTS
`0838930
`4/1988
`
`(Continued)
`
`OTHER PUBLICATIONS
`
`Baumgartner et al, “Differentiated Services: A New Approach for
`Quality ofService in the Internet," International Conference on High
`Performance Networking, 255-273 (1998).
`
`(Continued)
`
`Primary Examiner — Krisna Lim
`(74) Attorney, Agent, or Firm — McDermott Will & Emery
`LLP
`
`(57)
`
`ABSTRACT
`
`A secure domain name service for a computer network is
`disclosed that includes a portal connected to a computer net-
`work, such as the lntemet, and a domain name database
`connected to the computer network through the portal. The
`portal authenticates a query for a secure computer network
`address, and the domain name database stores secure com-
`puter network addresses for the computer network. Each
`secure computer network address is based on a non-standard
`top-level domain name, such as .scom,
`.sorg,
`.snet,
`.snet,
`.sedu, .smiI and .sint.
`
`60 Claims, 40 Drawing Sheets
`
`
`
`EXHIBIT 1001
`”" Black Swamp IP, LLC V. VirnetX, Inc.
`IPR of U.S. Patent No. 7,921,211
`
`

`
`US 7,921,211 B2
`Page 2
`
`726/15
`
`726/19
`
`U.S. PATENT DOCUMENTS
`5,384,848 A
`1/1995 Kiknchi
`5,511,122 A
`4/1996 Atkinson
`5,629,984 A
`5/1997 McManis
`5,764,986 A
`6/1998 Edelsteinetal.
`5,771,239 A
`6/1998 Moroneyetal.
`5,885,883 A
`9/1998 Birrelletal.
`5,822,434 A
`18/1998 Caronnietal.
`5,864,666 A *
`1/1999 Shrader
`5,878,618 A
`2/1999 Beyda eta].
`5,898,838 A
`4/1999 Wesinger,Jr.etal.
`5,958,195 A
`9/1999 Stockwelletal.
`6,852,788 A
`4/2888 Wesingeretal.
`6,855,574 A
`4/2888 Smorodinskyetal.
`6,861,346 A
`5/2888 Nordrnan
`6,879,828 A
`6/2888 Liu
`6,881,988 A “'
`6/2888 Subrarnaniamet a1.
`6,181,182 A
`8/2888 Sistanizadehetal.
`6,119,171 A
`9/2888 Alklratib
`5,173,399 B1
`1/2881 Gilbrech
`6,199,112 B1
`3/2881 Wilson
`6,282,881 B1
`3/2881 Naudus
`6,223,287 B1
`4/2881 Douglas etal.
`6,226,748 B1
`5/2881 Bots et 9.1.
`6,726,751 B1
`5/2881 Arrowetal.
`6,246,678 B1
`6/2881 Karlssonetal.
`6,262,987 B1
`7/2881 Mogul
`6,298,341 B1
`18/2881 Mannetal.
`6,314,463 B1
`11/2881 Abbott etal.
`6,333,272 B1
`12/2881 McMillinetal.
`6,338,882 B1
`1/2882 Schneider
`6,582,135 B1
`12/2882 Mungeretal.
`6,557,837 B1
`4/2883 Provino
`6,687,746 B1
`2/2884 Shusteretal.
`6,781,437 B1
`3/2884 Hoke etal.
`6,752,166 B2
`6/2884 Lulletal.
`6,757,748 B1
`6/2884 Parkhetal.
`6,937,597 B1
`8/2885 Rosenbergetal.
`7,839,713 B1
`5/2886 Van Gunteretal.
`7,872,964 B1
`7/2886 Whittle etal.
`7,167,984 B1
`1/2887 Devarajan etal.
`7,188,175 B1
`3/2887 McKeeth
`7,353,841 B2
`4/2888 Kono etal.
`7,461,334 B1
`1212888 Lu etal.
`7,498,151 B2
`2/2889 Mungerdal.
`7,493,483 B2
`2/2889 Shulletal.
`2881/8849741 Al
`1712881 Skeneetal.
`2884/8199493 A1
`18/2884 Ruiz etal.
`2884/8199528 A1
`18/2884 Ruizetal.
`2884/8199688 A1
`18/2884 Rechterrnan et a1.
`2884/8199628 A1
`18/2884 Ruiz etal.
`2887/8288869 A1
`9/2887 Adelrnanetal.
`2887/8214284 A1
`9/2887 King et a1.
`2887/8266141 A1
`11/2887 Norton
`2888/8235587 A1
`9/2888 Ishikawaetal.
`
`EP
`GB
`GB
`GB
`JP
`JP
`JP
`JP
`W0
`WC
`WC
`W0
`W0
`
`FOREIGN PATENT DOCUMENTS
`8814589
`12/1997
`2317792
`4/1998
`2334181
`8/1999
`2348782
`2/2888
`62-214744
`9/1987
`84-363941
`1711992
`89-818492
`1/1997
`18-87853]
`3/1998
`W098/27783
`6/1998
`WI99/11819
`3/1 999
`W0 88/ 17775
`3/2888
`W0 88/78458
`1 1/2888
`WO 81/16766
`3/2881
`
`OTHER PUBLICATIONS
`
`Chapman et al., “Domain Name System (DNS)," 278-296 (1995).
`Davila et al., "Implementation of Virtual Private Networks at the
`Transport Layer," M. Mambo, ‘I Zheng (Eds), Information Security
`(Second International) Workshop, ISW‘ 99. Lecture Notes in Corn-
`puter Science (LNCS), vol. 1729; 85-182 (1999).
`De Raadt et nl., "Cryptography in IpenBSD," 18 pages (1999).
`
`Eastlakc, “Domain Name System Security Extensions," Internet
`Citation, Retrieved from the Internet: URL: ltp://fip.inet.no/pub/iett7
`internet-drafis/drafi-ietf-dnssec-seceutt2-85.txt (1998).
`Gunter et al., “An Architecture for Managing QoS-Enabled VRNs
`Over the Internet," Proceedings 24th Conferenceon Local Computer
`Networks. LCN' 99 IEEE Comput. Soc Los Alarnitos, CA, pp. 122-
`131 (1999).
`Shirrrizu, "Special Feature: Mastering the lntemet with Windows
`znu", Internet Magazine, 63:296-387 (zen).
`Stallings, “Cryptography and Network Security,” Principals and
`Practice, 2nd Edition, pp. 399-448 (1999).
`Takata, “U.S. Vendors Take Serious Action to Act Against Crack-
`ers—A Tracking Tool and a Highly Safe DNS Soflware are
`Released", Nikkei Communications, 257: 87(1997).
`Wells, Email (I.ancasterblbe@mail.msn.corrr), Subject: “Security
`Icon," (1998).
`Fasbender, A., et al., Variable and Scalable Security Protection of
`Location Information in Mobile IP, IEEE VTS, 46th, 1996, 5 pp.
`DNS-related correspondence dated Sep. 7, 1993 to Sep. 28, 1993.
`(Pre KX, KX Records).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Drafi, (Dec. 2, 1996). (RFC 2543 Internet Drafi 1).
`Aventail Corp., “Autos OCKS v. 2.1 Datasheet," available at ht1:p://
`www.archive.org/web/I99782128l3489/www.aventa.il.com-'prod/
`autosk2ds.html (1997). (AutoSOCKS, Aventail).
`Aventail Corp., "Socks Version 5," Aventail Whitepaper, available at
`http://web.archive.org/web/199786288383 l2/www.aventail.corn/
`educate/whitepaper/soc kswp.htrnl (1997). (Socks, Aventail).
`M. Handleg H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Drafi, (Mar. 27, 1997). (RFC 2543 Internet Draft 2).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, lntemet Drafi, (Jul. 31, 1997). (RFC 2543 Internet Draft 3).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Nov. 11, 1997). (RFC 2543 Internet Drafi 4).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (May 14, 1998). (RFC 2543 Internet Draft 5).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Jun. 17, 1998). (RFC 2543 Internet Draft 6).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Jul. 16, 1998). (RFC 2543 Internet Draft 7).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Dmfi, (Aug. 7, 1993). (RFC 2543 Internet Draft 3).
`M. Handle); H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Drafi, (Sep. 18, 1998). (RFC 2543 Internet Drafi 9).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Nov. 12, 1998). (RFC 2543 Internet Draft 18).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Draft, (Dec. 15, 1998). (RFC 2543 Internet Draft 1 1).
`Aventail Corp., “Aventail Connect 3.1/2.6Administrator's Guide,”
`(1999). (Aventail Administrator 3.1, Aventail).
`Aventail Corp., “Aventail Connect 3.1/2.6 User's Guide," (1999).
`(Aventail User 3.1, Aventail).
`Aventail Corp., “Aventail Extraweb Server v3 .2 Administrator's
`Guide," (1999). (Aventail Extraweb 3.2, Aventail).
`Check Point Sofiware Technologies Ltd. (1999) (Check Point,
`Checkpoint PW).
`M. Handley, H. Schulzrinne, E. Schooler, Internet Engineering Task
`Force, Internet Drafi, (Jan. 15, 1999). (RFC 2543 Internet Drafi 12).
`Goncalves, et a1. Check Point F'r'reWrzll—1 Administration Guide,
`McGraw-Hill Companies (2888). (Goncalves, Checkpoint FW).
`Assured Digital Products. (Assured Digital).
`F-Secure, F-Secure Evaluation Kit
`(May 1999)
`88888883) (Evaluation Kit 3).
`ecure, F-Secure Evaluation Kit
`88888889) (Evaluation Kit 9).
`IRE, Inc., SafeNeMS'cft-PK Version 4‘ (Mar. 28, 2888) (Sofi-PK Ver-
`sion 4).
`IRE/SafeNet Inc., VPN Technologies Overview (Mar. 28, 2888)
`(Safenet VPN Overview).
`IRE, Inc ., SafeNe!/VPNPaliL;v Manager Quick Start Guide Version 1'
`(1999) (SafeNet VPN Policy Manager).
`Infonnation Assurance/NAI Labs, Dynamic Virtual Private Ner-
`war/cr Presentation 143 (2888).
`
`(FSECURE
`
`(Sep. 1998)
`
`(FSECURE
`
`

`
`US 7,921,211 B2
`Page 3
`
`
`U.S. Appl. No. 60iI34,S47, filed May 17, 1999, Victor Sheymov.
`U.S. Appl. No. 60/151,563, filed Aug. 31, 1999, Bryan “lhittles.
`U.S. Appl. No. 09f399,753, filed Sep. 22, 1998, Graig Miller et al.
`Microsoft Corporation's Fourth Amended Invalidity Contentions
`dated Jan. 5, 2009, I’irnetX Inc. and Science Applications Interna-
`tional Corp. v. Microsqlt Corporation.
`Appendix A of the Microsofi Corporation's Fourth Amended Inval-
`idity Contentions dated Jan. 5, 2009.
`Concordance Table for the References Cited in Tables on pp. 6-15,
`71-80 and 116-124 of the Microsofi Corporation's Fourth Amended
`Invalidity Contentions dated Jan. 5, 2009.
`1. P. Mockapetris, “DNS Encoding of Network Names and Other
`Types," Networkworlting Group, RFC 1 101 (Apr. 1989) (RFCI I01,
`DNS SRV).
`R. Atkinson, “An Internetwork Authentication Architecture," Naval
`Research Laboratory, Center for High Assurance Computing Sys-
`tems (Aug. 5, 1993). (Atkinson NRL, KX Records).
`Henning Schulzrinne, Personal Mabilityfor Multimedia Services In
`The Internet, Proceedings ofthe Interactive Distributed Multimedia
`Systems and Services European Workshop at
`143 (1996).
`(Schulzrinne 96).
`Microsoft Corp., Microsoft VirtualPrivate Networking: Using Paint-
`to-Point Tunneling Protocolfor Low-Cost. Secure, Remote Access
`Across the Internet (1996) (printed from 1998 PDC DVD-RIM).
`(Point to Point, Microsofi Prior Art VPN Technology).
`"Safe Surfing: I-Iowto Build a Secure World Wide Web Connection,"
`IBM Technical Support Organization, (Mar. 1996). (Safe Surfing,
`Website Art).
`Goldschlag, et al., "Hiding Routing Information," Workshop on
`Information Hiding, Cambridge, UK (May 1996). (Goldschlag II,
`Onion Routing).
`“IPSec Minutes From Montreal", IPSEC Working Group Meeting
`Notes,
`http:/lwww.sandleman.caJipsecll996108/msg00018.html
`(Jun. 1996). (IPSec Minutes, FreeS/WAN).
`J. M. Galvin, “Public Key Distribution with Secure DNS," Proceed-
`ings of the Sixth USENIX UNIX Security Symposium, San Jose,
`California, Jul. 1996. (Galvin, DNSSEC).
`J. Gilmore, et al. "Re: Key Management, anyone? (DNS Key'u1g),"
`IPSec Working Group Mailing List Archives (Aug. 1996). (Gilmore
`DNS. FreeS/WAN).
`H. Or-man, et al. “Re: ‘Re: DNS‘? was Re: Key Management, any-
`one?” IE'I'F IPSec Working Group Mailing List Archive (Aug. 1996-
`Sep. 1996). (On-nan DNS, FreeSlWAN).
`Arnt Gulbrandsen & Paul Vixie, A DN.S'RRflJr specifizingthe location
`ofservices (DNS SRV), IETF RFC 2052 (Oct. 1996). (RFC 2052,
`DNS SRV).
`Freier, et al. “The SSL Protocol Version 3.0," Transport Layer Secu-
`rity Working Group (Nov. 18, 1996). (SSL, Underlying Security
`Technology).
`M.G. Reed, et al. “Proxies for Anonymous Routing," 12th Annual
`Computer Security Applications Conference, San Diego, CA, Dec.
`9-13, 1996. (Reed, Onion Routing).
`Kenneth F. Alden & Edward P. Wobber, Tlrezllta Vista Tunnel: Using
`tlrelnternet to Extend CorporateNetworl:s, Digital Technical Journal
`(1997) (Alden, AltaVista.
`Automative Industry Action Group, “ANX Release 1 Document Pub-
`lication," AIAG (1997). (AIAG. ANX).
`Automative Industry Action Group, “ANX Release 1 Draft Docu-
`ment Publication,” AIAG Publications (1 997). (AIAG Release,
`ANX).
`
`Aventail Corp. “Aventail VPN Data Sheet," available at http:!/www.
`archiveorg/web/19970212013043lwww.aventail.com/prod]
`vpndata.ht:ml (1997).(Data Sheet, Aventail).
`Aventail Corp., “Directed VPN Vs. Tunnel," available at htlp:/lweb.
`archive.org/web/1997062003 0312/www.aventail.com-(educate!
`directvpn.html (1997). (Directed VPN, Aventail).
`Aventail Corp., “Managing Corporate Access to the Internet,"
`Aventail AutoSICK.S White Paper available at http:/Iweb.archive.
`org/web] 199706200303 1 2lwww.aventail.com.’educateJwhitepaperI
`ipmwp.html (1997). (Corporate Access, Aventail).
`Aventail Corp., "VPN Server V2.0 Adnrinistration Guide," (1997).
`(VPN, Aventail).
`
`Goldschlag, et al. “Privacy on the Internet," Naval Research Labo-
`ratory, Center for High Assurance Computer Systems (1997).
`(Goldschlag 1, Onion Routing).
`Microsoft Corp., Installing Configuring and Using PP7P widr
`Microsoft Clients and Servers (1997). (Using PPTI-", Microsofi Prior
`Art VPN Technology).
`Microsolt Corp., IP Securityfor Microsoft Windows NT Seruer 5.0
`(1997) (printed from 199: PDC DVD-ROM). (IP Security, Microsolt
`Prior Art VPN Technology).
`Microfl Corp., Microsoft Windows NTActt've Directory.‘ An Intro-
`duction to the Nert Generation Directory Services (1997) (printed
`from 1998 PDC DVD-ROM). (Directory, Microsott Prior Art VPN
`Technology).
`Microsoft Corp., Routing and Remote Access Servicefor Windows
`NT Server New0pporturrities Today and Loafing Ahead (1997)
`(printed from 1998 PDC DVD-ROM).(Routing, Microsoft Prior Art
`VPN Technology).
`Microsoft Corp., Understanding Paint-to-Point Tunneling Protocol
`PP TP ( l997)(printed from 1998 PDC DVD-ROM). (Understanding
`PPTP, Microsoft Prior Art VPN Technology).
`J. Mark Smith et.al., Protecting a Private Network: The Alta Vista
`Firewall, Digital Technical Journal (1997). (Smith, AltaVista).
`Naganand Doraswamy Implementation of Virtual Private Networiu
`(VPNs) with IP.S'ecurity, <drafl-ietf-ipsec-vpn-00.t:xt> (Mar. 12,
`I997). (Doraswarny).
`Aventail Corp., “Aventail, and Cybersafe to Provide Secure Authen-
`tication For Internet and Intranet Communication," Press Release,
`Apr. 3, 1997. (Secure Authentication, Aventail).
`D. Wagner, et al. “Analysis ofthe SSL 3.0 Protocol," (Apr. 15, 1997).
`(Analysis, Underlying Security Technologies).
`Automotive Industry Action Group, “ANXO Certification Authority
`Service and Directory Service Definition for ANX Release l," AIAG
`Telecommunications Project Team and Bellcore (May 9, I997).
`(AIAG Defintion, ANX).
`Automotive Industry Action Group, “ANXO Certification Process
`and ANX Registration Process Definition for ANX Release 1,"AIAG
`Telecommunications Project Team and Bellcore (May 9, 1997).
`(AIAG Certification, ANX).
`Aventail Corp., “Aventail Announces the First VPN Solution to
`Assure Interoperability Across Emerging Security Protocols," Jun. 2,
`1997. (First VPN, Aventail).
`Syverson, et al. “Private Web Browsing," Naval Research Laboratory,
`Center for High 8 Assurance Computer Systems (Jun. 2, 1997).
`(Syverson, Onion Routing).
`Bellcore, “Metrics, Criteria, and Measurement Technique Require-
`ments forANX Release I," AIAG Te1ecommunicationsProjectTeam
`and Bellcore (Jun. 16, 1997). (AIAG Requirements, ANX).
`R. Atkinson, "Key Exchange Delegation Record for the DNS," Net-
`work Working Group, RFC 2230 (Nov. 1997). (RFC 2230, xx
`Records).
`1998 Microsofl Professional Developers Conference DVD (“I998
`PDC DVD-ROM“) (including screenshots captured therefrom and
`produced
`as MSFIVX 00018827-00018832).
`(Conference,
`Microsofi Prior Art VPN Technology).
`Microsoft Corp., firtual Priwzte Networfing An Overview (1 998)
`(printed from 1998 PDC DVD-RIM) (Overview, Microsoft PriorArt
`VPN Technology).
`Microsoft Corp., Windows NT 5.0 Beta Has Public Premiere at
`Seattle Mini-Camp Seminar attendees getfirst look at the perfor-
`mance and capabilities of Windows NT 5.0 (1998) (available at hap
`I/www.microsoft.corrL’presspassIfeaturesII 998/10-1 9nt5.
`mspxpfi.rue).(NT Beta, Microsofi Prior Art VPN Technology).
`“What ports does SSL use” available at stason.org/'IULARClsecu-
`ritylssl-tal]d3-4-What-ports-does-ssl-use.html (I998). (Ports, DNS
`SRV).
`Aventail Corp., "Aventail VPN V2.6 Includes Support for More Than
`Ten Authentication Methods Making Extsanet VPN Development
`Secure and Simple,” Press Release, Jan. 19, I998. (VPN V2.6,
`Aventail).
`R. G. Moskowitz, “Network Address Translation Issues with IPsec,"
`Internet Drafi,
`Internet Engineering Task Force, Feb. 6,
`I998.
`(Moskowitz).
`
`

`
`US 7,921,211 B2
`Page 4 _
`
`H. Schulzrinne, et al, “Internet Telephony Gateway Location," Pro-
`ceedings of IEEB INfocom '95, The Conference on Computer Com-
`munications, vol. 2 ( Mar. 29-Apr. 2, 1998). (Gateway, Schulzrinne).
`C. Huitema, 45 al. "Simple Gateway Control Protocol," Version [.0
`(May 5, 1998). (SGCP).
`DISA “Secret Internet Protocol Router Network," SIPRNET Pro-
`gram Management Oflice (D31 13) DISN Networks, DISN Transmis-
`sion Services (May 8, 1998). (DISA, SIPRNET).
`D. McDonald, et al. “PF_KEY Key Management API, Version 2,”
`Network Working Group, RFC 2367 (Jul. 1998). (RFC 2367).
`Microsoft Corp., Company Focuses on Quality and Cu.rtomerFeed-
`back(Aug. I8, l998).(Focus, Microsoft PriorArtVPNTechnology).
`Atkinson, et al. "Security Architecture for the Internet Protocol,"
`Network Working Group, RFC 2401 (Nov. 1998). (RFC 2401,
`Underlying Security Technologies).
`Donald Eastlake, Domain Name System Security Extensions, IETF
`DNS Security Working Group (Dec. 1998). (DNSSEC-7).
`Kaufman et al, “Implementing IPsec," (Copyright 1999). (Imple-
`menting IPSEC, VPN References).
`Network Solutions, Inc. "Enabling SSL,” NSI Registry (1999).
`(Enabling SSL, Underlying Security Technologies).
`C. Scott, et al. Virtual Private Networks, O'Reilly and Associates,
`lnc.; 2nd ed. (Jan. l999). (Scott VPNs).
`Goldschlag, et al., “Onion Routing for Anonymous and Private
`Internet Connections," Naval Research Laboratory, Center for High
`Assurance Corrrputer Systems (Jan. 28, 1999). (Goldschlag III,
`Onion Routing).
`H. Schulzrinne, “Intemet Telephony: architecture and protocols—a.rr
`IETF perspective," Computer Networks, vol. 31, No. 3 (Feb. 1999).
`(Telephony, Schulzrinne).
`M. Handley, ct al. “SIP: Session Initiation Protocol," Network Work-
`ing Group, RFC 2543 and lntemet Drafis (Dec. I996-Mar. 1999).
`(I-landley, RFC 2543).
`FreeSfWAN Project, Linux Frees/WANCompatibility Guide (Mar. 4,
`1999). (FreeSfWAN Compatibility Guide, FreeSiWAN).
`Telcordia Technologies, “ANX Release 1 Document Corrections,"
`AIAG (May I 1, 1999). (Telcordia, ANX).
`Ken Homstein & Jeffrey Altman, Distributing Kerberos KDC and
`Realm Information with DNS <drafi-eitf-cat-krb-dns-locate-oo.o<t>
`(Jun. 21, I999). G-Iornstein, DNS SRV).
`Bhattacharya et. al. “An LDAP Schema for Configuration and
`Administration of IPSec Based Virtual Private Networks (VPNs)",
`IETF lntemet Drafi (Oct. 1999). (Bhattcharya LDAP VPN).
`B. Patel, et al. “DHCP Configuration of IPSEC Tunnel Mode,"
`IPSEC Working Group, Internet Drall 02 (Oct. I5, 1999). (Patel).
`“Building a Microsoft VFN: A Comprehensive Collection of
`Microsofi Resources," First)/PN, (Jan. 2000). (FirstVPN Microsofi).
`Gulbrandsen, Vixie, & Esibov, .4 DNS RRjbr rpecirjring the location
`of services (DNS SRV), IETF RFC 2782 (Feb. 2000). (RFC 2782,
`DNS SRV).
`Mitre Organization, “Technical Description," Collaborative Opera-
`tions in Joint Expeditionary Force Experirnent (JEFX) 99 (Feb.
`2000). (MITRE, SIPRNET).
`H. Schulzrinne, et al. “Application-Layer Mobility Using SIP,”
`Mobile Computing and Communications Review, vol. 4, No. 3. pp.
`47-57 (Jul. 2000). (Application, SIP).
`Kindred et al, "Dynamic VPN Communities: Implementation and
`Experience,” DARPA Infomration Survivability Conference and
`Exposition II (Jun. 2001). (DARPA, VPN Systems).
`ANX 101: Basic ANX Service Outline. (Outline, ANX).
`ANX 201: Advanced ANX Service. (Advanced, ANX).
`Appendix A: Certificate Profile forANX IPsec Certificates. (Appen-
`dix, ANX).
`Aventail Corp., “Aventail AutoSOCKS the Client Key to Network
`Security," Aventail Corporation White Paper. (Network Security,
`Aventail).
`Cindy Moran, “DISN Data Networks: Secret Internet Protocol
`Router Network (SIPRNet)." (Moran, SIPRNET).
`Data Fellows F-Secure VPN+ (F-Secure VI-"N+).
`Interim Operational Systems Doctrine for the Remote Access Secu-
`rity Program (RASP) Secret Dial-ln Solution. (RASP, SIPRNET).
`
`Onion Routing, “Investigation ofRoute Selection Algorithms," avail-
`able
`at
`lrttp:/lwww.onion-router.net/Archives/Routelindex.html.
`(Route Selection, Onion Routing).
`Secure Computing, “Bullet-Proofing an Army Net," Washington
`Technology. (Secure, SIPRNET).
`Sparta “Dynamic Virtual Private Network." (Sparta, VPN Systems).
`Standard Operation Procedure for Using the 1910 Secure Modems.
`(Standard, SIPRNE-2'1).
`FreeSfWAN
`to
`relating
`emails
`Publically
`available
`(MSF'IVX000l8833-MSFTVX00019206).
`(FreeS/WAN emails,
`FreeS/WAN).
`Kaufman et al., “Implementing IPsec," (Copyright 1999) (Imple-
`menting IPsec).
`Network Associates Gauntlet Firewall For Unix User’: Guide Ver-
`sion 5.0 (1999). (Gauntlet User's Guide—-Unix, Firewall Products).
`Network Associates Gauntlet Firewall for Windows NT Getting
`Started Guide Fersion 5. 0 (1999) (Gauntlet Getting Started Guide—-
`NT, Firewall Products).
`Network Associates Gauntlet Firewall for Unix Getting Started
`Guide Version 5.0 (1999) (Gauntlet Unix Getting Started Guide,
`Firewall Products).
`Network Associates Release Notes Gauntlet Firewall for Unix 5.0
`(Mar. 19, l999)(Gauntlet Unix Release Notes, Firewall Products).
`Network Associates Gauntlet Firewall For Windows NTAdrninistra-
`tor ’s Guide Version 5.0 (I999) (Gauntlet NT Administrator's Guide,
`Firewall Products).
`Internet Firewall
`Inc. Gauntlet
`Trusted Information Systems,
`Firewall-to-Firewall Encryption Guide Version 3.! (I996) (Gauntlet
`Firewall-to-Firewall, Firewall Products).
`Network Associates Gauntlet Firewall Global Virtual Private Net-
`work User ‘s Guidefirr Windows NT Version 5. 0 (1999) (Gauntlet NT
`GVPN, GVPN).
`Network Associates Gauntlet FirewallFor UNIX Global Virtual Pri-
`vate Network User ‘s Guide Version 5.0 (1999) (Gauntlet Unix
`GVPN, GVPN).
`Dan Sterne Dynamic Virtual Private Networks (May 23, 2000)
`(Sterne DVPN, DVPN).
`Darrell Kindred Dynamic Virtual Private Networlo (DVPN) (Dec.
`21, I999) (Kindred DVPN, DVPN).
`Dan Sterne et.al. 713 Dynamic Security Perimeter Research Project
`Demonstration (Mar. 9,
`1998)
`(Dynamic Security Perimeter,
`DVPN).
`Darrell Kindred Dynamic Virtual Private Networks Capability
`Description (Jan. 5, 2000) (Kindred DVPN Capability, DVPN) 11.
`Oct. 7,
`and 28,
`1997 email
`from Domenic
`J. Turchi
`Jr.
`(SPARTA0000l7l2-I714,
`I808-I311)
`(Turchi DVPN email,
`DVPN).
`James Just & Dan Sterne Security Quickstart Task Update (Feb. 5,
`1997) (Security Quickstart, DVPN).
`Virtual Private Network Demonstration dated Mar. 21, 1998
`(SPARTA0000 1844-54) (DVPN Demonstration, DVPN).
`GTE Intemetworking & BBN Technologies DARPA Information
`Assurance Program Integrated Feasibility Demonstration (IFD) 1.!
`Plan (Mar. 10, 1993) (IFD 1.1, DVPN).
`Microsoft Corp. Windows NT Server Product Documentation:
`Administration Guide-—4Connection Point Services, available at
`htlp:i/www.microsofl.com/technet/archivelwinntas/proddocsr’
`inetconctservicelcpsopsmspx
`(Connection
`Point
`Services)
`(Although undated, this reference refers to the operation ofprior art
`versions of Microsoft ‘Windows. Accordingly, upon information and
`belief, this reference is prior art to the patents-insuit.).
`Microsofi Corp. ‘Wrndows NT Server Product Documentation:
`Administration Kit Guide---Connection Manager, available at lltlp:t't'
`www.microsoft.comlteclrnet/archive/winntas/proddocsf
`(Although
`inetconctservicelcmakmspx (Connection Manager)
`undated, this reference refers to the operation of prior art versions of
`Microsoft Windows such as Windows NT 4.0. Accordingly, upon
`information and belief, this reference is prior art to the patents-in-
`suit.).
`Microsoft Corp. Autodial Heuristics, available at htlpzflsupport.
`microsottcom/kb/164249 (Autodial Heuristics) (Although undated,
`this referencerefers to the operation ofprior art versions ofMicrosoft
`
`

`
`US 7,921,211 B2
`Page 5
`____
`
`Windows such as Mndows NT 4.I. Accordingly, upon information
`and belief, this reference is prior art to the patents-in-suit.).
`Microsoft Corp., Cariplo: Distributed Component Object Model,
`(1996)
`available
`at
`http://rrisdn2.microsofi.corri/en-usllibrary/
`nis8I9332(printer).aspx (Cariplo I).
`Marc Levy, COM Internet Services (Apr. 23, 1999), available at
`http:ifmsdn2.rnicrosoft.com.’en-usflibraryIms8i93 I2(printer).aspx
`(Levy)
`Markus I-Iorstmann and Mary Kirtland, DCOM Architecture (Jul. 23,
`1997),
`available
`at
`http:/lmsdnz.microsofi.corn.’en-us/library/
`ms8I93 1 l(printer).aspx (I-Iorstmann).
`Microsoft Corp., DCOM: A Business Overview (Apr. 1997), avail-
`able
`at
`htlp:/lmsdnl.microsofi.com/en-us/library]
`ms8I932I(printer).aspx (DCOM Business Overview I).
`Microsoft Corp., DCOM Technical Overview (Nov. I996), available
`at
`http:llmsdn2.microsoft.corI1"en-us/library/mssI934I(printer).
`aspx (DCOM Technical Overview I).
`Microsoft Corp., DCOM Architecture White Paper (1998) available
`in PDC DVD-ROM (DCOM Architecture).
`Microsofl Corp, DCOM—'I'lie Distributed Component Obiect
`Model, A Business Overview White Paper (Microsoft 1997) avail-
`able in PDC DVD-ROM (DCOM Business Overview II).
`MicrosoflCorp., DCOM—--Cariplo Home Banking Over The Internet
`White Paper (Microsoft 1996) available in PDC DVD-ROM (Cariplo
`II).
`Microsoft Corp., DCOM Solutions in Actionwhite Paper (Microsoft
`1996) available in PDC DVD-ROM (DCOM Solutions in Action).
`Microsoft Corp., DCOM Technical Overview White Paper
`(Microsoft 1996) available 12 in PDC DVD-ROM (DCOM Technical
`Overview II).
`Scott Suhy & Glenn Wood, DNS and Microsofi Windows NT 4.l,
`(I996)
`available
`at
`http:lfmsdn2.microsofi.com’en-usllibraryl
`rnss l0277(_printer).aspx (SI.ihy).
`Aaron Slconnard, Essential Winlnet 3 I 3-423 (Addison Wesley Long-
`man 1998) (Essential Winlnet).
`Microsofl Corp. Installing, Configuring, and Using PPTP with
`Microsofi Clients and Servers, (1998) available at http:/imsdn2.
`niicrosollcomlenus/librarylmsal II78(printer).aspx (Using PPTP).
`Microsoft Corp., Internet Connection Services for MS RAS, Stan-
`dard Edition, http:/lwwwrnicrosottcornltechnetlarchivelwiiintasl
`proddocslinetconctservice/bcgstart.mspx flnternet Connection Ser-
`vices 1).
`Microsoft Corp., lntemet Connection Services for RAS, Commercial
`Edition,
`available
`athttp:llwww.micnosoft.com’technet/archive/
`winntas/proddocslinetconctservicefbcgsn-tc.mspx (Internet Connec-
`tion Services II).
`Microsofi Corp., Internet Explorer 5 Corporate Deployment Guide-
`Appendix B:Enabling Connections with the Connection Manager
`Administration Kit, available at http:llwww.microsofi.corriftechnet/
`prodtechnoll
`ieldeployldeploy5lappendb.mspx
`(IE5 Corporate
`Development).
`Mark Minasi, Mastering Windows NTServer 4' 1359-1442 (6th ed.,
`Jan. 15, l999)(Mastering Windows NT Server).
`Hands On, Self-Paced Trainingfor Supporting Version 4. 0 371-473
`(Microsoft Press 1998) (Hands On).
`Microsoft Corp., MS Point-to-Point Tunneling Protocol (Windows
`NT 4.0), available at http:/lwwwrnicrosofi.corri.’technet/archive!
`winntas/maintainlfeatusabilityfpptpwplmspx (MS PPTP).
`Keruieth Gregg, et al ., Microsqft WindowsNTServerAdmini.rtrator '5'
`Bible 173-206, 883-911, 974-lI76 (IDG Books Worldwide 1999)
`(Greer)-
`Microsofi Corp., Remote Access (Windows), available at http:Il
`msdn2.microsoft.corn/en-usIlibrarylbb545687(VS.85,printer).aspx
`(Remote Access).
`Microsofi Corp., Understanding PPTP (Windows NT 4.0), available
`at
`http:/lwww.microsoIi.com/technetlarchivelwinntaslplanl
`pptpudstmspx (Understanding PPTP NT 4) (Although undated, this
`reference refers to the operation of prior art versions of Microsoft
`Windows such as Vlfindows NT 4.I. Accordingly, upon information
`and belief, this reference is prior art to the patents-in-suit.).
`Microsoft Corp., Windows NT 4.9: Virtual Private Networking, avail-
`able at http:llwwvnmicrosoft.com.’techriet/archivelwinntas/ deploy!
`confeatlvpntwkmspx (NT4 VPN) (Although undated, this reference
`
`refers to the operation of prior art versions of Microsofi Windows
`such as Windows NT 4.I. Accordingly, upon information and belief,
`this reference is prior art to the patents-in-suit.).
`Anthony Northrup, NT Network Plumbing: Routers, Proxies, and
`Web Services 299-‘J99 (IDG Books Worldwide I998) (Network
`Plumbing).
`Microsofi Corp., Chapter l——Introduction to Windows NT Routing
`with Routing and Remote Access Service, Available at httpzl/www.
`rnicrosoltconi/technet/archivelwinntasiproddocsl n*as4I/rraschl 1 .
`mspx (Intro to RRAS) (Although undated, this reference refers to the
`operation of prior art versions of Microsoft Windows such as Win-
`dows NT 4.I. Accordingly, upon infomration and belief, this refer-
`ence is prior art to the patents-in-suit.) 13.
`Microsoft Corp., Windows NT Server Product Documentation:
`Chapter 5——Planning for Large-Scale Configurations, available at
`http:/fwwwrnicrosoftcorriltechnetlarchivelwirintaslproddocsl
`rras4llrrasch|5.mspx (Large-Scale Configurations)
`(Although
`undated, this reference refers to the operation ofprior art versions of
`Microsofi Vlfindows such as Windows NT 4.l. Accordingly, upon
`information and belief, this reference is prior art to the patents-in-
`suit.).
`F-Secure, F-Secure Namesurfir (May 1999) (from FSECURE
`IIIIIII3) (Namesurfer 3).
`F-Secure, F-Secure VPN Administrator’: Guide (May 1999) (from
`FSECURE IIIIIIIS) (F-Secure VPN 3).
`F-Secure, F-Secure SSH User it & Administrator ‘s Guide (May
`1999) (from FSECURE IIIIIII3) (SSH Guide 3).
`F-Secure, F-Secure SSHZO for Windows NT and 95 (May 1999)
`(from FSECURE nnnns) (SSH 2.0 Guide 3).
`F-Secure, F-Secure I/PN+ Administrator ’s Guide (May 1999) (from
`Fsecure IIIIIIIS) (VPN+ Guide 3).
`F-Secure, F-Secure l’PN+ 4.1 (1999) (from Fsecure IIIIIIO6)
`(VPN+ 4.I Guide 6).
`F-Secure, F-Secure SSH (1 996) (from Fsecure IIIIIII6) (F-Secure
`SSH 6).
`F-Secure, F-Secure SSH 2. 0for Windows NT and 95 (1998) (from
`Fsecure IIIIIOIG) (F-Secure SSH 2.! Guide 6).
`F-Secure, F-Secure SSH User 's & .4dinr‘nistrator ‘s Guide (Sep.
`1993) (from Fsecure nncns) (SSH Guide 9).
`F-Secure, F-Secure SSH 2.0 for Windows NT and 95 (Sep. 1998)
`(from Fsecure IIIIIII9) (F-Secure SSH 2.I Guide 9).
`F-Secure, F-Secure VPN+ (Sep. 199s) (from Fsecure Innns)
`(VPN+ Guide 9).
`.-tdminislrarofs Guide
`F-Secure, F-Secure Management Tools,
`(1999) (from Fsecure OIIIIOI3) (F-Secure Management Tools).
`F-Secure, F-Secure Desiliqtz. User’: Guide (1997) (from Fsecure
`nrnns) (FSecure Desktop User's Guide).
`SafeNet, Inc., PTN Holicy Manager (Jan. 20“) (VPN Policy Man-
`ager).
`F-Secure, F-Secure VPN+ for Windows NT 4.0 (1998) (from Fsecure
`nnIn9) (FSecure VPN+).
`IRE, Inc., SafiNet /Security Center Technical Reference Addendum
`(Jun. 22, I999) (Safenet Addendum).
`IRE, Inc., System Descriptionjor l"PNPalicy Manager andsrfitllerl
`SoflPK (Mar. 3|, 2|") (VPN Policy Manager System Description).
`IRE, Inc., About SafeNet I VPN Policy Manager (1999) (About
`Safenet VPN Policy Manager).
`Inc ., Gauntlet Internet Firewall,
`Trusted Information Systems,
`Firewall Product Functional Summary (Jul. 22, 1996) (Gauntlet
`Functional Summary).
`Trusted Information Systems, Inc., Running the Gauntlet Internet
`Firewall. An.-tdiriinilrtrator ‘s Guide to Gauntlet Version 3. 0 (May3 l ,
`1995) (Running the Gauntlet Internet Firewall).
`Ted Harwood, Windows NT Terminal Senier and Citrlr Metafimne
`(New Riders I999) (Windows NT Harwood) 79.
`Todd W. Matehrs and Shawn P. Genoway, Wndaws NT Thing Client
`Solutions: lmplemetning Terminal Server and Citrix MetaFrame
`(Macmillan Technial Publishing 1999) (Windows NT Mathers).
`Bernard Aboba et al., Securing 1.22?’ using IPSEC (Feb. 2, 1999).
`Finding Ibur Way Through the VPNMaze (I999) (“PGP”).
`Linux FreeS/WAN Overview (1999) (Linux Frees/WAN) Over-
`view).
`Timestep, lire Business Caseforsecure VPNs (I998) ("Tirnestep").
`
`

`
`US 7,921,211 B2
`Page 6_j_j.
`
`Inc., Watch Guard Firebox System
`
`WatchGua.rd Technologies,
`Powerpoint (2000).
`WatchGuard Technologies, 1nc., MSSFirewallSpecifications (1999).
`WatchGuard Technologie