throbber
Claim
`No.
`
`Claim language
`
`Corresponding features disclosed by Coss et al.
`in view of admitted prior art (APA)
`added]
`
`However, Coss et al. do not explicitly disclose that
`
`the modified rule set includes at least one rule as a
`
`function of a type of IP service.
`
`It would have been obvious that the modified rule
`
`set includes at least one rule as a function of a type
`
`ofIP service. For example, applying a known
`
`technique (dynamic rule modification) to a known
`
`device (firewall 211 programmed with at least one
`
`rule as a function of a type of IP service) yields
`
`predictable results that the modified rule set may
`
`also include at least one rule as a function of a type
`
`of IP service.
`
`37.
`
`A system comprising:
`
`Coss et al. illustrate a system in Figure 2
`
`a redirection server
`
`Coss et al. disclose firewall 211 is programmed
`
`programmed with a user's rule
`
`with a user's rule set correlated to an assigned
`
`set correlated to a temporarily
`
`network address. Firewall 211 is also connected
`
`assigned network address;
`
`between the user's computer (at user site 201) and
`
`the Internet 105, and controls the user's access to
`
`the Internet 105 by utilizing redirection
`
`functionality.
`
`For instance, Coss et al. disclose:
`
`"FIG. 2 shows a user site 201 connected to the
`
`Internet 105 via a firewall processor 211." [3:53-
`
`54]
`
`Request for ex parte reexamination of U.S. Patent No. 6,779,118
`Page 418 of 484
`
`Panasonic-1012
`Page 1335 of 1408
`
`

`

`Claim
`No.
`
`Claim language
`
`Corresponding features disclosed by Coss et al.
`in view of admitted prior art (APA)
`"With a capability for supporting multiple security
`
`domains, a single firewall can su1mort multiple
`
`users~ each with a separate securitv policy."
`
`[3:31-33, emphasis added]
`
`The security policies can be represented by sets of
`
`access rules which are represented in tabular
`
`form and which are loaded into the firewall by a
`
`firewall administrator. As illustrated in FIG. 3, such
`
`a table can provide for categories including rule
`
`number, designations of source and destination
`
`hosts, a designation of a special service which can
`
`be called for in a packet, and a specification of an
`
`action to be taken on a packet.
`
`"Source host group identifier or IP address" [ 4:39,
`
`emphasis added]
`
`"Destination host group identifier or IP address"
`
`[4:40, emphasis added]
`
`"This invention relates to the prevention of
`
`unauthorized access in computer networks and,
`
`more particularly, to firewall protection within
`
`computer networks." [1 :6-8, emphasis added]
`
`"Dynamic rules are rules which are included with
`
`the access rules as a need arises, for processing
`
`along with the access rules, e.g., by a rule
`
`processing engine. Dynamic rules can include
`
`unique, current information such as, for example,
`
`specific source and destination port numbers. They
`
`Request for ex parte reexamination of U.S. Patent No. 6,779,118
`Page 419 of 484
`
`Panasonic-1012
`Page 1336 of 1408
`
`

`

`Claim
`No.
`
`Claim language
`
`Corresponding features disclosed by Coss et al.
`in view of admitted prior art (APA)
`can be loaded at any time by trusted parties~ e.g.~
`
`a trusted application~ remote proxy or firewall
`
`administrator~ to authorize specific network
`
`sessions." [8 :24-31, emphasis added]
`
`"To unburden the firewall of application proxies,
`
`the firewall can be enabled to redirect a network
`
`session to a separate server for processing."
`
`[Abstract, emphasis added]
`
`"Proxy reflection in accordance with the present
`
`invention involves redirecting a network session to
`
`another, "remote" proxy server for processing, and
`
`then later passing it back via the firewall to the
`
`intended destination. When a new session enters the
`
`firewall, a decision is made to determine whether
`
`service by a proxy server is required. If so, the
`
`firewall replaces the destination address in the
`
`packet with the host address of the proxy
`
`application and~ if necessary~ it can also change
`
`the service port." [Coss et al., col. 8, lines 56-65,
`
`emphasis added]
`
`However, Coss et al. do not explicitly disclose the
`
`firewall 211 is programmed with a user's rule set
`
`correlated to a temporarily assigned network
`
`address.
`
`It is well known that dial-up users are often
`
`provided with a temporarily assigned IP address.
`
`For example, admitted prior art (APA) systems are
`
`Request for ex parte reexamination of U.S. Patent No. 6,779,118
`Page 420 of 484
`
`Panasonic-1012
`Page 1337 of 1408
`
`

`

`Claim
`No.
`
`Claim language
`
`Corresponding features disclosed by Coss et al.
`in view of admitted prior art (APA)
`described in the '118 patent as follows:
`
`"In prior art systems as shown in FIG. 1 when an
`
`Internet user establishes a connection with an
`
`Internet Service Provider (ISP), the user first makes
`
`a physical connection between their computer 100
`
`and a dial-up networking server 102, the user
`
`provides to the dial-up networking server their user
`
`ID and password. The dial-up networking server
`
`then passes the user ID and password, along with a
`
`temuorary Internet Protocol (IP) address for use
`
`by the user to the ISP's authentication and
`
`accounting server 104. A detailed description of the
`
`IP communications protocol is discussed in
`
`Internetworking with TCP/IP, 3rd ed., Douglas
`
`Comer, Prentice Hall, 1995, which is fully
`
`incorporated herein by reference. The
`
`authentication and accounting server, upon
`
`verification of the user ID and password using a
`
`database 106 would send an authorization message
`
`to the dial-up networking server 102 to allow the
`
`user to use the temuorary IP address assigned to
`
`that user by the dial-uu networking server and
`
`then logs the connection and assigned IP address.
`
`For the duration of that session, whenever the user
`
`would make a request to the Internet 110 via a
`
`gateway 108, the end user would be identified by
`
`the temuorarily assigned IP address." [' 118
`patent, 1st paragraph of Background of the
`
`Request for ex parte reexamination of U.S. Patent No. 6,779,118
`Page 421 of 484
`
`Panasonic-1012
`Page 1338 of 1408
`
`

`

`Claim
`No.
`
`Claim language
`
`Corresponding features disclosed by Coss et al.
`in view of admitted prior art (APA)
`Invention section, emphasis added]
`
`Firewall 211 is programmed with a user's rule set
`
`correlated to an IP address. It would have been
`
`obvious that this IP address may be temporarily
`
`assigned. A first reason is this is simply combining
`
`prior art elements ( temporary IP addresses) to
`
`known methods ( assigning a user with an IP
`
`address) to yield predictable results. A second
`
`reason is this would allow dial-up users to
`
`temporarily connect their computers to the user site
`
`201, as suggested by the AP A systems.
`
`wherein the rule set contains at Coss et al. disclose the rule set contains at least one
`
`least one of a plurality of
`
`of a plurality of functions used to control data
`
`functions used to control data
`
`passing between the user and a public network.
`
`passing between the user and a
`
`public network;
`
`For instance, the rule set (rule table of Figure 3)
`
`contains at least one (Rule No. 20) of a plurality of
`
`functions ( categories listed in column 4, line 35 to
`
`column 5, line 35) used to control (action=DROP in
`
`this example) data passing between the user (Source
`
`host=" A") and a public network ( destination
`
`host="*" which includes all hosts on the Internet
`
`105).
`
`wherein the redirection server is Coss et al. disclose the firewall 211 is configured to
`
`configured to allow automated
`
`allow automated modification of at least a portion
`
`modification of at least a
`
`of the rule set correlated to the assigned network
`
`portion of the rule set correlated address:
`
`to the temporarily assigned
`
`Request for ex parte reexamination of U.S. Patent No. 6,779,118
`Page 422 of 484
`
`Panasonic-1012
`Page 1339 of 1408
`
`

`

`Claim
`No.
`
`Claim language
`
`network address;
`
`Corresponding features disclosed by Coss et al.
`in view of admitted prior art (APA)
`"Dynamic rules can include unique, current
`
`information such as, for example, specific source
`
`and destination port numbers. They can be loaded at
`
`any time by trusted parties, e.g., a trusted
`
`application, remote proxy or firewall administrator,
`
`to authorize specific network sessions." [8:26-31]
`
`"The dynamic rules allow a given rule set to be
`
`modified based on events happening in the network
`
`without requiring that the entire rule set be
`
`reloaded." [8:34-36, emphasis added]
`
`"Source host group identifier or IP address" [ 4:39,
`
`emphasis added]
`
`"Destination host group identifier or IP address"
`
`[4:40, emphasis added]
`
`However, Coss et al. do not explicitly disclose the
`
`firewall 211 is configured to allow automated
`
`modification of at least a portion of the rule set
`
`correlated to the temporarily assigned network
`
`address.
`
`Firewall 211 is programmed with a user's rule set
`
`correlated to an IP address. As explained above, it
`
`would have been obvious that this IP address may
`
`be temporarily assigned. A first reason is this is
`
`simply combining prior art elements (temporary IP
`
`addresses) to known methods ( assigning a user with
`
`an IP address) to yield predictable results. A second
`
`reason is this would allow dial-up users to
`
`Request for ex parte reexamination of U.S. Patent No. 6,779,118
`Page 423 of 484
`
`Panasonic-1012
`Page 1340 of 1408
`
`

`

`Claim
`No.
`
`Claim language
`
`Corresponding features disclosed by Coss et al.
`in view of admitted prior art (APA)
`temporarily connect their computers to the user site
`
`201, as suggested by the AP A systems.
`
`wherein the redirection server is Coss et al. disclose the firewall 211 is configured to
`
`configured to allow automated
`
`allow automated modification of at least a portion
`
`modification of at least a
`
`of the rule set as a function of some combination of
`
`portion of the rule set as a
`
`time, data transmitted to or from the user, or
`
`function of some combination
`
`location the user accesses:
`
`of time, data transmitted to or
`
`from the user, or location the
`
`user accesses; and
`
`"In accordance with a fourth aspect of the
`
`invention, a computer network firewall may make
`
`use of dynamic rules which are added to a set of
`
`access rules for processing packets. The dynamic
`
`rules allow a given rule set to be modified based
`
`on events ha1mening in the network without
`
`reguiring that the entire rule set be reloaded.
`
`Exemplary dynamic rules include a "one-time"
`
`rule which is only used for a single session, a
`
`time-limited rule which is used only for a
`
`specified time period, and a threshold rule which
`
`is used only when certain conditions are
`
`satisfied. Other types of dynamic rules include
`
`rules which define a host group, such that the host
`
`group can be modified to add or drop different
`
`hosts without altering other aspects of the access
`
`rule set." [2:29-41, emphasis added]
`
`"Dynamic rules can include unique, current
`
`information such as, for example, specific source
`
`and destination port numbers. They can be loaded at
`
`any time by trusted parties, e.g., a trusted
`
`Request for ex parte reexamination of U.S. Patent No. 6,779,118
`Page 424 of 484
`
`Panasonic-1012
`Page 1341 of 1408
`
`

`

`Claim
`No.
`
`Claim language
`
`Corresponding features disclosed by Coss et al.
`in view of admitted prior art (APA)
`application, remote proxy or firewall administrator,
`
`to authorize specific network sessions." [8:26-31]
`
`"For example, an FTP proxy application could
`
`use a dynamic rule to authorize establishment of an
`
`FTP data channel in response to a data request. The
`
`dynamic rule in this example would typically not be
`
`loaded until a data reguest is made over the FTP
`
`control session, and could be limited to one use
`
`and made active for only a limited time period."
`
`[8:48-52, emphasis added]
`
`wherein the modified rule set
`
`Coss et al. disclose that the rule set includes an
`
`includes an initial temporary
`
`initial temporary rule set and a standard rule set,
`
`rule set and a standard rule set,
`
`and wherein the redirection server is configured to
`
`and wherein the redirection
`
`utilize the temporary rule set for an initial period of
`
`server is configured to utilize
`
`time and to thereafter utilize the standard rule set.
`
`the temporary rule set for an
`
`initial period of time and to
`
`thereafter utilize the standard
`
`rule set.
`
`For instance, Coss et al. disclose:
`
`"Exemplary dynamic rules include a 'one-time' rule
`
`which is only used for a single session, a time-
`
`limited rule which is used only for a specified
`
`time period, and a threshold rule which is used
`
`only when certain conditions are satisfied." [8:37-
`
`40, emphasis added]
`
`Accordingly, Coss et al. disclose utilizing an initial
`
`rule set being a set of rules including the time-
`
`limited rule before the specified time period has
`
`expired, and utilizing a standard rule set being the
`
`Request for ex parte reexamination of U.S. Patent No. 6,779,118
`Page 425 of 484
`
`Panasonic-1012
`Page 1342 of 1408
`
`

`

`Claim
`No.
`
`Claim language
`
`Corresponding features disclosed by Coss et al.
`in view of admitted prior art (APA)
`set of rules not including the time-limited rule after
`
`the specified time period has expired.
`
`However, Coss et al. do not explicitly disclose that
`
`the modified rule set includes an initial temporary
`
`rule set and a standard rule set, and wherein the
`
`redirection server is configured to utilize the
`
`temporary rule set for an initial period of time and
`
`to thereafter utilize the standard rule set.
`
`It would have been obvious that the modified rule
`
`set includes an initial temporary rule set and a
`
`standard rule set, and wherein the redirection server
`
`is configured to utilize the temporary rule set for an
`
`initial period of time and to thereafter utilize the
`
`standard rule set. For example, applying a known
`
`technique (dynamic rule modification) to a known
`
`device (firewall 211 programmed to utilize the
`
`temporary rule set for an initial period of time and
`
`to thereafter utilize the standard rule set) yields
`
`predictable results that the modified rule set may
`
`also cause the firewall 211 to utilize the temporary
`
`rule set for an initial period of time and to thereafter
`
`utilize the standard rule set.
`
`38.
`
`A system comprising:
`
`Coss et al. illustrate a system in Figure 2
`
`a redirection server
`
`Coss et al. disclose firewall 211 is programmed
`
`programmed with a user's rule
`
`with a user's rule set correlated to an assigned
`
`set correlated to a temporarily
`
`network address. Firewall 211 is also connected
`
`between the user's computer (at user site 201) and
`
`Request for ex parte reexamination of U.S. Patent No. 6,779,118
`Page 426 of 484
`
`Panasonic-1012
`Page 1343 of 1408
`
`

`

`Claim
`No.
`
`Claim language
`
`assigned network address;
`
`Corresponding features disclosed by Coss et al.
`in view of admitted prior art (APA)
`the Internet 105, and controls the user's access to
`
`the Internet 105 by utilizing redirection
`
`functionality.
`
`For instance, Coss et al. disclose:
`
`"FIG. 2 shows a user site 201 connected to the
`
`Internet 105 via a firewall processor 211." [3:53-
`
`54]
`
`"With a capability for supporting multiple security
`
`domains, a single firewall can su1mort multi_ule
`
`users~ each with a se_uarate securitv _uolic:y."
`
`[3:31-33, emphasis added]
`
`The security policies can be represented by sets of
`
`access rules which are re_uresented in tabular
`
`form and which are loaded into the firewall by a
`
`firewall administrator. As illustrated in FIG. 3, such
`
`a table can provide for categories including rule
`
`number, designations of source and destination
`
`hosts, a designation of a special service which can
`
`be called for in a packet, and a specification of an
`
`action to be taken on a packet.
`
`"Source host group identifier or IP address" [ 4:39,
`
`emphasis added]
`
`"Destination host group identifier or IP address"
`
`[4:40, emphasis added]
`
`"This invention relates to the _urevention of
`
`Request for ex parte reexamination of U.S. Patent No. 6,779,118
`Page 427 of 484
`
`Panasonic-1012
`Page 1344 of 1408
`
`

`

`Claim
`No.
`
`Claim language
`
`Corresponding features disclosed by Coss et al.
`in view of admitted prior art (APA)
`unauthorized access in com_uuter networks and,
`
`more particularly, to firewall protection within
`
`computer networks." [1 :6-8, emphasis added]
`
`"Dynamic rules are rules which are included with
`
`the access rules as a need arises, for processing
`
`along with the access rules, e.g., by a rule
`
`processing engine. Dynamic rules can include
`
`unique, current information such as, for example,
`
`specific source and destination port numbers. They
`
`can be loaded at any time by trusted _uarties~ e.g.~
`
`a trusted a_u_ulication~ remote _uroxy or firewall
`
`administrator~ to authorize s_uecific network
`
`sessions." [8 :24-31, emphasis added]
`
`"To unburden the firewall of application proxies,
`
`the firewall can be enabled to redirect a network
`
`session to a separate server for processing."
`
`[Abstract, emphasis added]
`
`"Proxy reflection in accordance with the present
`
`invention involves redirecting a network session to
`
`another, "remote" proxy server for processing, and
`
`then later passing it back via the firewall to the
`
`intended destination. When a new session enters the
`
`firewall, a decision is made to determine whether
`
`service by a proxy server is required. If so, the
`
`firewall re_ulaces the destination address in the
`
`_uacket with the host address of the _uroxy
`
`a_u_ulication and~ if necessary~ it can also change
`
`the service _uort." [Coss et al., col. 8, lines 56-65,
`
`Request for ex parte reexamination of U.S. Patent No. 6,779,118
`Page 428 of 484
`
`Panasonic-1012
`Page 1345 of 1408
`
`

`

`Claim
`No.
`
`Claim language
`
`Corresponding features disclosed by Coss et al.
`in view of admitted prior art (APA)
`emphasis added]
`
`However, Coss et al. do not explicitly disclose the
`
`firewall 211 is programmed with a user's rule set
`
`correlated to a temporarily assigned network
`
`address.
`
`It is well known that dial-up users are often
`
`provided with a temporarily assigned IP address.
`
`For example, admitted prior art (APA) systems are
`
`described in the '118 patent as follows:
`
`"In prior art systems as shown in FIG. 1 when an
`
`Internet user establishes a connection with an
`
`Internet Service Provider (ISP), the user first makes
`
`a physical connection between their computer 100
`
`and a dial-up networking server 102, the user
`
`provides to the dial-up networking server their user
`
`ID and password. The dial-up networking server
`
`then passes the user ID and password, along with a
`
`temuorary Internet Protocol (IP) address for use
`
`by the user to the ISP's authentication and
`
`accounting server 104. A detailed description of the
`
`IP communications protocol is discussed in
`
`Internetworking with TCP/IP, 3rd ed., Douglas
`
`Comer, Prentice Hall, 1995, which is fully
`
`incorporated herein by reference. The
`
`authentication and accounting server, upon
`
`verification of the user ID and password using a
`
`database 106 would send an authorization message
`
`to the dial-up networking server 102 to allow the
`
`Request for ex parte reexamination of U.S. Patent No. 6,779,118
`Page 429 of 484
`
`Panasonic-1012
`Page 1346 of 1408
`
`

`

`Claim
`No.
`
`Claim language
`
`Corresponding features disclosed by Coss et al.
`in view of admitted prior art (APA)
`user to use the temuorary IP address assigned to
`
`that user by the dial-uu networking server and
`
`then logs the connection and assigned IP address.
`
`For the duration of that session, whenever the user
`
`would make a request to the Internet 110 via a
`
`gateway 108, the end user would be identified by
`
`the temuorarily assigned IP address." [' 118
`patent, 1st paragraph of Background of the
`
`Invention section, emphasis added]
`
`Firewall 211 is programmed with a user's rule set
`
`correlated to an IP address. It would have been
`
`obvious that this IP address may be temporarily
`
`assigned. A first reason is this is simply combining
`
`prior art elements ( temporary IP addresses) to
`
`known methods ( assigning a user with an IP
`
`address) to yield predictable results. A second
`
`reason is this would allow dial-up users to
`
`temporarily connect their computers to the user site
`
`201, as suggested by the AP A systems.
`
`wherein the rule set contains at Coss et al. disclose the rule set contains at least one
`
`least one of a plurality of
`
`of a plurality of functions used to control data
`
`functions used to control data
`
`passing between the user and a public network.
`
`passing between the user and a
`
`public network;
`
`For instance, the rule set (rule table of Figure 3)
`
`contains at least one (Rule No. 20) of a plurality of
`
`functions ( categories listed in column 4, line 35 to
`
`column 5, line 35) used to control (action=DROP in
`
`this example) data passing between the user (Source
`
`host=" A") and a public network ( destination
`
`Request for ex parte reexamination of U.S. Patent No. 6,779,118
`Page 430 of 484
`
`Panasonic-1012
`Page 1347 of 1408
`
`

`

`Claim
`No.
`
`Claim language
`
`Corresponding features disclosed by Coss et al.
`in view of admitted prior art (APA)
`host="*" which includes all hosts on the Internet
`
`105).
`
`wherein the redirection server is Coss et al. disclose the firewall 211 is configured to
`
`configured to allow automated
`
`allow automated modification of at least a portion
`
`modification of at least a
`
`of the rule set correlated to the assigned network
`
`portion of the rule set correlated address:
`
`to the temporarily assigned
`
`network address;
`
`"Dynamic rules can include unique, current
`
`information such as, for example, specific source
`
`and destination port numbers. They can be loaded at
`
`any time by trusted parties, e.g., a trusted
`
`application, remote proxy or firewall administrator,
`
`to authorize specific network sessions." [8:26-31]
`
`"The dynamic rules allow a given rule set to be
`
`modified based on events happening in the network
`
`without requiring that the entire rule set be
`
`reloaded." [8:34-36, emphasis added]
`
`"Source host group identifier or IP address" [ 4:39,
`
`emphasis added]
`
`"Destination host group identifier or IP address"
`
`[4:40, emphasis added]
`
`However, Coss et al. do not explicitly disclose the
`
`firewall 211 is configured to allow automated
`
`modification of at least a portion of the rule set
`
`correlated to the temporarily assigned network
`
`address.
`
`Request for ex parte reexamination of U.S. Patent No. 6,779,118
`Page 431 of 484
`
`Panasonic-1012
`Page 1348 of 1408
`
`

`

`Claim
`No.
`
`Claim language
`
`Corresponding features disclosed by Coss et al.
`in view of admitted prior art (APA)
`Firewall 211 is programmed with a user's rule set
`
`correlated to an IP address. As explained above, it
`
`would have been obvious that this IP address may
`
`be temporarily assigned. A first reason is this is
`
`simply combining prior art elements (temporary IP
`
`addresses) to known methods ( assigning a user with
`
`an IP address) to yield predictable results. A second
`
`reason is this would allow dial-up users to
`
`temporarily connect their computers to the user site
`
`201, as suggested by the AP A systems.
`
`wherein the redirection server is Coss et al. disclose the firewall 211 is configured to
`
`configured to allow automated
`
`allow automated modification of at least a portion
`
`modification of at least a
`
`of the rule set as a function of some combination of
`
`portion of the rule set as a
`
`time, data transmitted to or from the user, or
`
`function of some combination
`
`location the user accesses:
`
`of time, data transmitted to or
`
`from the user, or location the
`
`user accesses; and
`
`"In accordance with a fourth aspect of the
`
`invention, a computer network firewall may make
`
`use of dynamic rules which are added to a set of
`
`access rules for processing packets. The dynamic
`
`rules allow a given rule set to be modified based
`
`on events ha1mening in the network without
`
`reguiring that the entire rule set be reloaded.
`
`Exemplary dynamic rules include a "one-time"
`
`rule which is only used for a single session, a
`
`time-limited rule which is used only for a
`
`specified time period, and a threshold rule which
`
`is used only when certain conditions are
`
`satisfied. Other types of dynamic rules include
`
`Request for ex parte reexamination of U.S. Patent No. 6,779,118
`Page 432 of 484
`
`Panasonic-1012
`Page 1349 of 1408
`
`

`

`Claim
`No.
`
`Claim language
`
`Corresponding features disclosed by Coss et al.
`in view of admitted prior art (APA)
`rules which define a host group, such that the host
`
`grou_u can be modified to add or dro_u different
`
`hosts without altering other aspects of the access
`
`rule set." [2:29-41, emphasis added]
`
`"Dynamic rules can include unique, current
`
`information such as, for example, specific source
`
`and destination port numbers. They can be loaded at
`
`any time by trusted parties, e.g., a trusted
`
`application, remote proxy or firewall administrator,
`
`to authorize specific network sessions." [8:26-31]
`
`"For example, an FTP _uroxy a_u_ulication could
`
`use a dynamic rule to authorize establishment of an
`
`FTP data channel in response to a data request. The
`
`dynamic rule in this example would typically not be
`
`loaded until a data reguest is made over the FTP
`
`control session, and could be limited to one use
`
`and made active for only a limited time _ueriod."
`
`[8:48-52, emphasis added]
`
`wherein the modified rule set
`
`Coss et al. disclose that the rule set includes at least
`
`includes at least one rule
`
`one rule allowing access based on a request type
`
`allowing access based on a
`
`and a destination address.
`
`request type and a destination
`
`address.
`
`For instance, Coss et al. disclose:
`
`Rule No. 40 in Figure 3 allowing access (i.e., action
`
`= "PASS") based on a request type of "MAIL" and
`
`a destination host of "D".
`
`"In FIG. 3, the categories "Source Host,"
`
`Request for ex parte reexamination of U.S. Patent No. 6,779,118
`Page 433 of 484
`
`Panasonic-1012
`Page 1350 of 1408
`
`

`

`Claim
`No.
`
`Claim language
`
`Corresponding features disclosed by Coss et al.
`in view of admitted prior art (APA)
`"Destination Host" and "Service" impose conditions
`
`which must be satisfied by data included in a packet
`
`for the specified action to be taken on that packet."
`
`[4:2-11, emphasis added]
`
`However, Coss et al. do not explicitly disclose that
`
`the modified rule set includes at least one rule
`
`allowing access based on a request type and a
`
`destination address
`
`It would have been obvious that the modified rule
`
`set includes at least one rule allowing access based
`
`on a request type and a destination address. For
`
`example, applying a known technique ( dynamic
`
`rule modification) to a known device (firewall 211
`
`programmed with rule set including at least one rule
`
`allowing access based on a request type and a
`
`destination address) yields predictable results that
`
`the firewall is programmed with a modified rule set
`
`including at least one rule allowing access based on
`
`a request type and a destination address.
`
`39.
`
`A system comprising:
`
`Coss et al. illustrate a system in Figure 2
`
`a redirection server
`
`Coss et al. disclose firewall 211 is programmed
`
`programmed with a user's rule
`
`with a user's rule set correlated to an assigned
`
`set correlated to a temporarily
`
`network address. Firewall 211 is also connected
`
`assigned network address;
`
`between the user's computer (at user site 201) and
`
`the Internet 105, and controls the user's access to
`
`the Internet 105 by utilizing redirection
`
`Request for ex parte reexamination of U.S. Patent No. 6,779,118
`Page 434 of 484
`
`Panasonic-1012
`Page 1351 of 1408
`
`

`

`Claim
`No.
`
`Claim language
`
`Corresponding features disclosed by Coss et al.
`in view of admitted prior art (APA)
`functionality.
`
`For instance, Coss et al. disclose:
`
`"FIG. 2 shows a user site 201 connected to the
`
`Internet 105 via a firewall processor 211." [3:53-
`
`54]
`
`"With a capability for supporting multiple security
`
`domains, a single firewall can su1mort multiple
`
`users~ each with a separate securitv policy."
`
`[3:31-33, emphasis added]
`
`The security policies can be represented by sets of
`
`access rules which are represented in tabular
`
`form and which are loaded into the firewall by a
`
`firewall administrator. As illustrated in FIG. 3, such
`
`a table can provide for categories including rule
`
`number, designations of source and destination
`
`hosts, a designation of a special service which can
`
`be called for in a packet, and a specification of an
`
`action to be taken on a packet.
`
`"Source host group identifier or IP address" [ 4:39,
`
`emphasis added]
`
`"Destination host group identifier or IP address"
`
`[4:40, emphasis added]
`
`"This invention relates to the prevention of
`
`unauthorized access in computer networks and,
`
`more particularly, to firewall protection within
`
`Request for ex parte reexamination of U.S. Patent No. 6,779,118
`Page 435 of 484
`
`Panasonic-1012
`Page 1352 of 1408
`
`

`

`Claim
`No.
`
`Claim language
`
`Corresponding features disclosed by Coss et al.
`in view of admitted prior art (APA)
`computer networks." [1 :6-8, emphasis added]
`
`"Dynamic rules are rules which are included with
`
`the access rules as a need arises, for processing
`
`along with the access rules, e.g., by a rule
`
`processing engine. Dynamic rules can include
`
`unique, current information such as, for example,
`
`specific source and destination port numbers. They
`
`can be loaded at any time by trusted _uarties~ e.g.~
`
`a trusted a_u_ulication~ remote _uroxy or firewall
`
`administrator~ to authorize s_uecific network
`
`sessions." [8 :24-31, emphasis added]
`
`"To unburden the firewall of application proxies,
`
`the firewall can be enabled to redirect a network
`
`session to a separate server for processing."
`
`[Abstract, emphasis added]
`
`"Proxy reflection in accordance with the present
`
`invention involves redirecting a network session to
`
`another, "remote" proxy server for processing, and
`
`then later passing it back via the firewall to the
`
`intended destination. When a new session enters the
`
`firewall, a decision is made to determine whether
`
`service by a proxy server is required. If so, the
`
`firewall re_ulaces the destination address in the
`
`_uacket with the host address of the _uroxy
`
`a_u_ulication and~ if necessary~ it can also change
`
`the service _uort." [Coss et al., col. 8, lines 56-65,
`
`emphasis added]
`
`Request for ex parte reexamination of U.S. Patent No. 6,779,118
`Page 436 of 484
`
`Panasonic-1012
`Page 1353 of 1408
`
`

`

`Claim
`No.
`
`Claim language
`
`Corresponding features disclosed by Coss et al.
`in view of admitted prior art (APA)
`However, Coss et al. do not explicitly disclose the
`
`firewall 211 is programmed with a user's rule set
`
`correlated to a temporarily assigned network
`
`address.
`
`It is well known that dial-up users are often
`
`provided with a temporarily assigned IP address.
`
`For example, admitted prior art (APA) systems are
`
`described in the '118 patent as follows:
`
`"In prior art systems as shown in FIG. 1 when an
`
`Internet user establishes a connection with an
`
`Internet Service Provider (ISP), the user first makes
`
`a physical connection between their computer 100
`
`and a dial-up networking server 102, the user
`
`provides to the dial-up networking server their user
`
`ID and password. The dial-up networking server
`
`then passes the user ID and password, along with a
`
`temuorary Internet Protocol (IP) address for use
`
`by the user to the ISP's authentication and
`
`accounting server 104. A detailed description of the
`
`IP communications protocol is discussed in
`
`Internetworking with TCP/IP, 3rd ed., Douglas
`
`Comer, Prentice Hall, 1995, which is fully
`
`incorporated herein by reference. The
`
`authentication and accounting server, upon
`
`verification of the user ID and password using a
`
`database 106 would send an authorization message
`
`to the dial-up networking server 102 to allow the
`
`user to use the temuorary IP address assigned to
`
`Request for ex parte reexamination of U.S. Patent No. 6,779,118
`Page 437 of 484
`
`Panasonic-1012
`Page 1354 of 1408
`
`

`

`Claim
`No.
`
`Claim language
`
`Corresponding features disclosed by Coss et al.
`in view of admitted prior art (APA)
`that user by the dial-u_u networking server and
`
`then logs the connection and assigned IP address.
`
`For the duration of that session, whenever the user
`
`would make a request to the Internet 110 via a
`
`gateway 108, the end user would be identified by
`
`the tem_uorar

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket