(Corrected) Request for Inter Partes Reexamination
`U.S. Patent No. 6,779,118
`
`us 6779118
`
`Exhibit DD
`
`Prior Art Analysis"'
`mechanisms.
`
`(He, 17: 19-27.)
`
`[ 16.4] wherein the redirection
`server is configured to allow
`modification of at least a portion
`of the rule set as a function of
`some combination of time, data
`transmitted to or from the user, or
`location the user accesses; and
`
`He's database tool is "automated" as required by the claim.
`Thus, the system of He is "configured to allow automated
`modification of at least a portion of the rule set correlated to
`the temporarily assigned network address" as recited in the
`claim.
`
`Requester notes that in a previous reexamination of the
`'118 patent, the Patent Office interpreted "automated'' as
`requiring the "use of automation, not the absence of any
`human intervention." (Board Decision at 7.)
`
`He teaches that passwords and authentications should have
`a defined lifetime, and that a limited number of log-in
`attempts should be permitted:
`
`Each record of a user account generally
`comprises the following information:
`
`to
`information
`(5) Other administrative
`enhance the effectiveness of the network
`security mechanisms. The
`infonnation
`includes, but not limited to,
`
`the minimum length of the password,
`
`required
`the
`characters,
`
`variation
`
`of
`
`password
`
`the expiration date or the lifetime of the
`password since creation,
`
`maximum
`the
`authentication, and
`
`lifetime
`
`of
`
`each
`
`failed
`of
`number
`the maximum
`authentication attempts
`that 1s allowed
`before the account is brought to the attention
`to
`the system security administrator for
`examination
`or
`1s
`simply
`disabled
`temporarily pending such an examination.
`
`24
`
`Panasonic-1014
`Page 1351 of 1980
`
`

`

`(Corrected) Request for Inter Partes Reexamination
`U.S. Patent No. 6,779,118
`
`us 6779118
`
`Exhibit DD
`
`Prior Art Analysis"'
`
`(He, 16:52-53 & 17:6-18 (emphasis added).)
`
`Thus, at the end of an authentication's lifetime, it would
`have been obvious for the gateway server to modify its
`behavior to cease allowing access to network resources
`until the user re-authenticates. Similarly, it would have
`been obvious to refuse access to a user using an expired
`password. Thus, He teaches modifying a user's credentials
`as a function of time.
`
`A failed authentication attempt is "data transmitted to or
`from the user." Thus, He teaches modifying a user's
`credentials (for example, by flagging for administrative
`review or by disabling the account) as a function of "data
`transmitted to or from the user."
`
`Furthermore, blocking a website based on some
`combination of the recited bases-time, data transmitted to
`or from the user, or location the user accesses-would have
`been obvious to one of skill in the art. For example, it
`would have been obvious in a workplace setting to block a
`website for a user after discovering inappropriate
`communications between the user and the website or after
`discovering the user spends excessive time at the site
`unrelated to work. Similarly in a school environment, it
`would have been obvious in a workplace setting to block a
`website for a user after discovering inappropriate
`communications between the user and the website or after
`discovering the user spends excessive time at the site
`unrelated to school. Thus, although an initial rule set might
`be pennissi ve, it would be obvious to modify the rules for a
`particular user at a later time after it is found that the user's
`data transmissions or locations accessed are unproductive
`or inappropriate.
`
`Thus, the cited prior art references in combination with the
`Admitted Prior Art render obvious "modification of at least
`a portion of the rule set as a function of some combination
`of time, data transmitted to or from the user, or location the
`user access" as recited in the claim.
`
`Accordingly, Requester has provided an independent
`explanation of the pertinence and manner of applying the
`
`25
`
`Panasonic-1014
`Page 1352 of 1980
`
`

`

`us 6779118
`
`f 16.5] wherein the redirection
`server is configured to allow
`modification of at least a portion
`of the rule set as a function of
`time.
`[ 17 .01 A system comprising:
`f 17 .1] a redirection server
`programmed with a user's rule set
`correlated to a temporarily
`assigned network address;
`fl7.2] wherein the rule set
`contains at least one of a plurality
`of functions used to control
`passing between the user and a
`public network;
`f17.3] wherein the redirection
`server is configured to allow
`automated modification of at least
`a pmtion of the rule set correlated
`to the temporarily assigned
`network address;
`[ 17.41 wherein the redirection
`server is configured to allow
`modification of at least a portion
`of the rule set as a function of
`some combination of time, data
`transmitted to or from the user, or
`location the user accesses; and
`f17.5] wherein the redirection
`server is configured to allow
`modification of at least a portion
`of the rule set as a function of the
`data transmitted to or from the
`user.
`[ 18.01 A system comprising:
`[ 18 .1] a redirection server
`programmed with a user's rule set
`correlated to a temporarily
`assigned network address;
`
`(Corrected) Request for Inter Partes Reexamination
`U.S. Patent No. 6,779,118
`
`Exhibit DD
`
`Prior Art Analysis"'
`prior art to this claim limitation. Requester notes that the
`Board similarly found that this limitation would have been
`obvious to one of skill in the art. (See Board Decision at
`10.)
`
`As shown above in the analysis of portion f 16.4], He
`teaches modifying a user's credentials as a function of time.
`Additionally, as explained in portion [16.4], modifying a
`rule set as a function of time would have been obvious.
`
`See analysis of portion [ 1.01.
`See analysis of portions [1.3] and fl.61.
`
`See analysis of portion [ 16.2].
`
`See analysis of portion [16.3].
`
`See analysis of portion [ 16.41.
`
`As shown in the analysis of portion [16.4], He teaches
`modifying a user's credentials as a function of data
`transmitted to or from the user. Additionally, as explained
`in portion f16.4], modifying a rule set as a function of data
`transmitted to or from the user would have been obvious.
`
`See analysis of portion [ 1.01.
`See analysis of po1tions [1.31 and [1.6].
`
`26
`
`Panasonic-1014
`Page 1353 of 1980
`
`

`

`us 6779118
`[18.2] wherein the rule set
`contains at least one of a plurality
`of functions used to control
`passing between the user and a
`public network;
`[18.3] wherein the redirection
`server is configured to allow
`automated modification of at least
`a p01tion of the rule set correlated
`to the temporarily assigned
`network address:
`[18.4] wherein the redirection
`server is configured to allow
`modification of at least a portion
`of the rule set as a function of
`some combination of time, data
`transmitted to or from the user, or
`location the user accesses; and
`[18.5] wherein the redirection
`server is configured to allow
`modification of at least a portion
`of the rule set as a function of the
`location or locations the user
`accesses.
`[19.01 A system comprising:
`[ 19 .1] a redirection server
`programmed with a user's rule set
`correlated to a temporarily
`assigned network address;
`[19.2] wherein the rule set
`contains at least one of a plurality
`of functions used to control
`passing between the user and a
`public network;
`[19.3] wherein the redirection
`server is configured to allow
`automated modification of at least
`a p01tion of the rule set correlated
`to the temporarily assigned
`network address:
`[19.41 wherein the redirection
`server is configured to allow
`modification of at least a portion
`of the rule set as a function of
`
`(Corrected) Request for Inter Partes Reexamination
`U.S. Patent No. 6,779,118
`
`Exhibit DD
`
`Prior Art Analysis"'
`See analysis of portion [16.2].
`
`See analysis of portion [16.3].
`
`See analysis of portion [ 16.4].
`
`See analysis of portion [16.4]. It would have been obvious
`to modify a user's credentials as a function of the location
`or locations the user accesses.
`
`See analysis of portion [ 1.0].
`See analysis of portions [1.31 and [ 1.6].
`
`See analysis of portion [16.2].
`
`See analysis of portion [16.3].
`
`See analysis of portion [16.4].
`
`27
`
`Panasonic-1014
`Page 1354 of 1980
`
`

`

`us 6779118
`some combination of time, data
`transmitted to or from the user, or
`location the user accesses; and
`[19.5] wherein the redirection
`server is configured to allow the
`removal or reinstatement of at
`least a portion of the rule set as a
`function of time.
`[20.0] A system comprising:
`[20.1] a redirection server
`programmed with a user's rule set
`correlated to a temporarily
`assigned network address:
`[20.21 wherein the rule set
`contains at least one of a plurality
`of functions used to control
`passing between the user and a
`public network:
`[20.31 wherein the redirection
`server is configured to allow
`automated modification of at least
`a portion of the rule set correlated
`to the temporarily assigned
`network address;
`[20.4] wherein the redirection
`server is configured to allow
`modification of at least a portion
`of the rule set as a function of
`some combination of time, data
`transmitted to or from the user, or
`location the user accesses; and
`[20.51 wherein the redirection
`server is configured to allow the
`removal or reinstatement of at
`least a portion of the rule set as a
`function of the data transmitted to
`or from the user.
`[21.0] A system comprising:
`[21.11 a redirection server
`programmed with a user's rule set
`cmTelated to a temporarily
`assigned network address:
`[21.21 wherein the rule set
`contains at least one of a plurality
`
`(Corrected) Request for Inter Partes Reexamination
`U.S. Patent No. 6,779,118
`
`Exhibit DD
`
`Prior Art Analysis"'
`
`See analysis of po1tions [16.3], [16.4] and [16.5]. He's
`teaching that an administrator may create or delete any
`portion of a user account con-esponds to the "removal or
`reinstatement of at least a portion of the rule set."
`
`See analysis of portion [1.0].
`See analysis of portions [1.3] and [1.6].
`
`See analysis of portion [16.2].
`
`See analysis of portion [ 16.3].
`
`See analysis of portion [16.4].
`
`See analysis of portions [16.3], [16.4] and [17.5]. He
`teaches removing a portion of a user's rule set, for example,
`by disabling a user's account after a given number of
`authentication failures.
`
`See analysis of portion [1.0].
`See analysis of portions [1.3] and [1.6].
`
`See analysis of portion [16.2].
`
`28
`
`Panasonic-1014
`Page 1355 of 1980
`
`

`

`us 6779118
`of functions used to control
`passing between the user and a
`public network;
`[21.3] wherein the redirection
`server is configured to allow
`automated modification of at least
`a portion of the rule set correlated
`to the temporarily assigned
`network address;
`[21.4] wherein the redirection
`server is configured to allow
`modification of at least a portion
`of the rule set as a function of
`some combination of time, data
`transmitted to or from the user, or
`location the user accesses; and
`[21.5] wherein the redirection
`server is configured to allow the
`removal or reinstatement of at
`least a portion of the rule set as a
`function of the location or
`locations the user accesses.
`
`[22.0] A system comprising:
`[22.11 a redirection server
`programmed with a user's rule set
`cmTelated to a temporarily
`assigned network address;
`[22.21 wherein the rule set
`contains at least one of a plurality
`of functions used to control
`passing between the user and a
`public network;
`[22.31 wherein the redirection
`server is configured to allow
`automated modification of at least
`a portion of the rule set correlated
`to the temporarily assigned
`network address;
`[22.4] wherein the redirection
`server is configured to allow
`
`(Corrected) Request for Inter Partes Reexamination
`U.S. Patent No. 6,779,118
`
`Exhibit DD
`
`Prior Art Analysis"'
`
`See analysis of po1tion [16.3].
`
`See analysis of portion [16.4].
`
`See analysis of po1tions [16.4] and [18.5]. Based on He's
`teaching of removing a portion of a user's rule set, for
`example, by disabling a user's account after a given number
`of authentication failures, it would have been obvious to
`remove or reinstate at least a portion of the rule set as a
`function of the location the user accesses. For example, it
`would have been obvious to disable a user's account if the
`user made repeated attempts to access an unauthorized
`resource.
`
`See analysis of portion [ 1.0].
`See analysis of portions [1.3] and [1.6].
`
`See analysis of portion [ 16.21.
`
`See analysis of portion [16.3].
`
`See analysis of portion [16.4].
`
`29
`
`Panasonic-1014
`Page 1356 of 1980
`
`

`

`us 6779118
`modification of at least a portion
`of the rule set as a function of
`some combination of time, data
`transmitted to or from the user, or
`location the user accesses: and
`f22.5] wherein the redirection
`server is configured to allow the
`removal or reinstatement of at
`least a p01tion of the rule set as a
`function of some combination of
`time, data transmitted to or from
`the user, or location or locations
`the user accesses.
`f23.0] A system comprising:
`[23.11 a redirection server
`programmed with a user's rule set
`cmTelated to a temporarily
`assigned network address:
`[23.21 wherein the rule set
`contains at least one of a plurality
`of functions used to control
`passing between the user and a
`public network;
`[23.31 wherein the redirection
`server is configured to allow
`automated modification of at least
`a portion of the rule set correlated
`to the temporarily assigned
`network address;
`f23.4] wherein the redirection
`server is configured to allow
`modification of at least a portion
`of the rule set as a function of
`some combination of time, data
`transmitted to or from the user, or
`location the user accesses; and
`[23.51 wherein the redirection
`server has a user side that is
`connected to a computer using the
`temporarily assigned network
`address and a network side
`connected to a computer network
`and wherein the computer using
`the temporarily assigned network
`
`(Corrected) Request for Inter Partes Reexamination
`U.S. Patent No. 6,779,118
`
`Exhibit DD
`
`Prior Art Analysis"'
`
`See analysis of portions [16.3], f 16.41 and f18.5].
`
`See analysis of portion [ 1.0].
`See analysis of portions [1.3] and [1.6].
`
`See analysis of portion [ 16.21.
`
`See analysis of portion [ 16.3].
`
`See analysis of portion [16.4].
`
`Fortinsky teaches that the gateway server ("redirection
`server") includes a "user side" connected to a client
`computer via network N 1 and a "network side" connected
`to a remote resource via network N2:
`
`30
`
`Panasonic-1014
`Page 1357 of 1980
`
`

`

`us 6779118
`address is connected to the
`computer network through the
`redirection server.
`
`(Corrected) Request for Inter Partes Reexamination
`U.S. Patent No. 6,779,118
`
`Exhibit DD
`
`Prior Art Analysis"'
`
`-r 1;{ lf.N1
`
`I
`fos
`
`1··1 5EClJRJTY
`! SEflVEi-l
`
`i
`
`I,
`
`,
`
`i
`
`t DS
`--Nl
`
`-LISR
`
`FIG. 2
`
`SA
`J
`
`SECURIIY
`BUNTIME
`
`REGISTRY
`
`Sl1 i
`
`........................................................................ "'C' ....................................................
`
`API
`I
`XPAG APl
`FUNCTIONS
`
`EXTENDED
`REBISTRY
`
`PAM
`J
`l ATTfiIBUTE
`I
`MNIAGER
`I
`.....
`I\ TTRHlUTE
`HANDLffiS
`
`~TGS
`
`' PAM
`
`- .WPUCATifJtl
`
`SfRVf.R
`
`sw.mm
`Ai.INTI ME
`
`--svri
`
`f OS
`
`------r
`SECUflITY
`HUNTIME
`
`srnvrn
`
`PAM l
`SR l
`i :1 GMEWAY
`__________ _..._ ___ _.... ___ .......
`......... l ............ .
`--Ni: ~---
`
`flE1'!Cff
`HESOl.:WJ
`
`::,,::',.
`
`SECUHl [Y
`fllJ:'!TlME
`
`_.. flS
`
`Fortinsky further discloses that the user's client computer is
`connected to the non-DEC network through the gateway
`(redirection) server:
`
`The extensions provided by the present
`invention are described fm1her below, in the
`context of a network N 1 as
`shown
`diagrammatically in FIG. 2, in which a DCE
`network also includes a gateway server GS
`
`31
`
`Panasonic-1014
`Page 1358 of 1980
`
`

`

`us 6779118
`
`(Corrected) Request for Inter Partes Reexamination
`U.S. Patent No. 6,779,118
`
`Exhibit DD
`
`Prior Art Anal 'Sis"'
`through which is accessible a non-DEC
`server RS, possibly by a secondary non(cid:173)
`DEC network N2 as shown or possibly
`located in the same machine.
`
`(Fortinsky, 5: 14-20.)
`
`He illustrates in Fig. 10 that the dial-up server 1002 and
`authentication server 202 are both connected to a common
`network 106:
`
`Notably, Fortinsky illustrates in Fig. 2 that the gateway
`server's "user side'' (Nl) is on a common network with the
`security (authentication) server and client computer. He
`illustrates that the authentication server 202, end user 102,
`and dial-up server 1002 are on a common network 106.
`
`Thus, it would have been obvious to connect Fortinsky's
`gateway server to He's network 106. In making such a
`connection, He's network 106 generally corresponds to
`Fortinsky's network Nl. Thus, it would have been obvious
`for the gateway server ("redirection server") to have a "user
`side" connected to the dial-up server via network 106. The
`gateway server further has a "network side'' connected to a
`remote resource via network N2.
`
`Thus, the prior art renders obvious that "redirection server
`has a user side that is connected to a computer using the
`temporarily assigned network address and a network side
`
`32
`
`Panasonic-1014
`Page 1359 of 1980
`
`

`

`us 6779118
`
`f24.0] The system of claim 23
`wherein instructions to the
`redirection server to modify the
`rnle set are received by one or
`more of the user side of the
`redirection server and the network
`side of the redirection server.
`
`[25.0] In a system comp1ising
`f 25 .1] a redirection server
`containing a user's rule set
`correlated to a temporarily
`assigned network address
`f25.2] wherein the user's rule set
`contains at least one of a plurality
`of functions used to control data
`passing between the user and a
`public network;
`[25.31 the method comprising the
`step of:
`f25.4] modifying at least a portion
`of the user's rule set while the
`user's rule set remains correlated
`to the temporarily assigned
`network address in the redirection
`server; and
`
`[25.5] and wherein the redirection
`server has a user side that is
`connected to a computer using the
`temporarily assigned network
`address and a network address and
`a network side connected to a
`computer network and
`
`(Corrected) Request for Inter Partes Reexamination
`U.S. Patent No. 6,779,118
`
`Exhibit DD
`
`Prior Art Analysis"'
`connected to a computer network and wherein the computer
`using the temporarily assigned network address is
`connected to the computer network through the redirection
`server'' as recited in the claim.
`
`As illustrated in Fortinsky' s Fig. 2, the gateway server has
`only two sides (the "user side" and the "network side").
`Thus, instructions to modify a rule set must be received at
`either the user side or the network side.
`
`Further, As analyzed above in portion [16.31, He teaches a
`network administrator modifying a user's credentials. An
`network administrator is also a user. Accordingly, a
`network administrator's instructions originating at user
`computer 102 proceed would reach the gateway server via
`the ''user side."
`
`See analysis of portion [ 1.0].
`See analysis of portion fl.3] and [1.5].
`
`See analysis of portion fl.2].
`
`See analysis of portion [8.41.
`
`See analysis of portion [16.3].
`
`See analysis of portion [23.5].
`
`33
`
`Panasonic-1014
`Page 1360 of 1980
`
`

`

`us 6779118
`[25.6] wherein the computer using
`the temporarily assigned network
`address is connected to the
`computer network through the
`redirection server and
`[25.7] the method further includes
`the step of receiving instructions
`by the redirection server to modify
`at least a portion of the user's rule
`set through one or more of the user
`side of the redirection server and
`the network side of the redirection
`server.
`[26.0] The method of claim 25,
`further including the step of
`modifying at least a p011ion of the
`user's rule set as a function of one
`or more of: time, data transmitted
`to or from the user, and location or
`locations the user accesses.
`
`[27 .0] The method of claim 25,
`further including the step of
`removing or reinstating at least a
`p011ion of the user's rule set as a
`function of one or more of: time,
`the data transmitted to or from the
`user and a location or locations the
`user accesses.
`
`[28.0] The system of claim 1,
`wherein the individualized rule set
`includes at least one rule as a
`function of a type of IP (Internet
`Protocol) service.
`
`(Corrected) Request for Inter Partes Reexamination
`U.S. Patent No. 6,779,118
`
`Exhibit DD
`
`Prior Art Analysis"'
`See analysis of portion [23.5].
`
`See analysis of portion [24.0].
`
`See analysis of portion [ 16.4].
`
`See analysis of p011ion [ 16.4].
`
`The Admitted Prior Art teaches filtering rules based on the
`type of IP service:
`
`Filtering packets at the Internet Protocol
`(IP) layer has been possible using a firewall
`device or other packet filte,ing device for
`several years. Although packet filtering is
`most often used to filter packets coming into
`a private network for security purposes, once
`properly programed, they can filter outgoing
`packets sent from users
`to a specific
`destination as well. Packet filtering can
`distinguish, and filter based on, the type of
`IP service contained within an IP packet.
`
`34
`
`Panasonic-1014
`Page 1361 of 1980
`
`

`

`us 6779118
`
`(Corrected) Request for Inter Partes Reexamination
`U.S. Patent No. 6,779,118
`
`Exhibit DD
`
`Prior Art Analysis"'
`For example, the packet filter can determine
`if the packet contains FTP (file transfer
`\VV./W data, or Telnet
`protocol) data,
`session data.
`
`(' 118 Patent, 2:1-11 (emphasis added).)
`
`[29.0] The system of claim 1,
`wherein the individualized rule set
`includes an initial temporary rule
`set and a standard rule set, and
`
`Zenchelsky teaches both global filtering rules that apply to
`all users and local filtering rules that are specific to each
`user:
`
`The global pre-rule se 701 usually comprises
`general rules that apply to all hosts behind
`the firewall, and are most efficiently applied
`before any local rules. An example of a
`global pre-rule 1s that no telnet (remote
`login) requests are allowed past the firewall.
`
`The local rule base 702 comprises the set of
`peer rule bases loaded into the filter for
`authenticated peers. These rule pertain to
`specific hosts. An example of a local rule is
`that host A may not receive e-mail from
`beyond of the firewall.
`
`(Zenchelsky, 5:66-6:8.)
`
`The global rules are a "temporary rule set," and the local
`rules are a "standard rule set."
`
`In addition, He teaches that there exist multiple users, each
`with individualized credentials. Thus, a first user's
`credentials correspond to an "initial temporary rule set'' and
`a second user's credentials correspond to a "standard rule
`set."
`
`Furthermore, it would have been obvious to apply a
`temporary set of rules before a user is authenticated. For
`example, Fort:insky teaches that a user must present
`credentials including a whole user profile to gain access to
`the external resource via the gateway server:
`
`Server 2 1s a server providing gateway
`access to external resources. To access these
`
`35
`
`Panasonic-1014
`Page 1362 of 1980
`
`

`

`us 6779118
`
`[29 .1] wherein the redirection
`server is configured to utilize the
`temporary rule set for an initial
`period of time and to thereafter
`utilize the standard rule set.
`
`(Corrected) Request for Inter Partes Reexamination
`U.S. Patent No. 6,779,118
`
`Exhibit DD
`
`Prior Art Analysis"'
`resources, a client must present a complex
`attribute that contains a whole user profile
`(including userid's, group list, and other
`security data).
`
`(Fortinsky, 8:55-58.)
`
`It would have been obvious to apply a "temporary rule set"
`to govern the gateway server's response when the user fails
`to provide the required credentials. For example, it would
`have been obvious to deny access or to redirect the user. In
`this instance, the user's actual credentials ( which, when
`provided, permit access) are a "standard rule set."
`
`Zenchelsky teaches that the global filtering rules (a
`"temporary rule set") are always applied even before a user
`authenticates. After authentication, the user's "standard"
`rules are applied until the user disconnects:
`
`The global pre-rule se 701 usually comprises
`general rules that apply to all hosts behind
`the firewall, and are most efficiently applied
`before any local rules.
`
`(Zenchelsky, 5:66-6: 1.)
`
`In accordance with the present invention,
`each indi victual peer is authenticated upon
`requesting network access. The peer's local
`rule base is then loaded into the filter of the
`present invention, either from the peer itself,
`or from another user, host or peer. When the
`peer is no longer authenticated to the POP
`(e.g., the peer loses connectivity or logs off
`from the POP), the peer's local rule base is
`ejected ( deleted)from the filter.
`
`(Zenchelsky, 5:17-24.)
`
`The local rule base 702 is the set of all per
`user rule bases that are dynamically loaded
`upon authentication and ejected upon loss of
`authentication in accordance with the present
`invention.
`
`36
`
`Panasonic-1014
`Page 1363 of 1980
`
`

`

`(Corrected) Request for Inter Partes Reexamination
`U.S. Patent No. 6,779,118
`
`us 6779118
`
`Exhibit DD
`
`Prior Art Analysis"'
`
`[30.0] The system of claim 1,
`wherein the individualized rule set
`includes at least one rule allowing
`access based on a request type and
`a destination address.
`
`This rule base architecture advantageously
`retains the functionality of known filters. For
`example, if there are rules in the global pre(cid:173)
`or post-rule base only, the filter behaves the
`same as known filters. If there are only rules
`in the local rule base, the filter has all of the
`new and innovative features of the present
`invention without having global rules.
`
`(Zenchelsky, 6:36-39 & 6:54-59.)
`
`It would have been obvious to incorporate these features of
`Zenchelsky into the gateway server of Fortinsky.
`
`Zenchelsky teaches filtering rules allowing access based on
`a request type, such as a port number or protocol version,
`and a destination address:
`
`SOURCE
`Address, Port
`
`DESTIN1~HON
`Address, Port
`
`VERSION ACTION
`
`A,21
`}\.;22
`G,11
`C,9
`
`G,32
`H,19
`A.64
`I,23
`
`4
`3
`4
`4
`
`PASS
`DROP
`DROP
`PASS
`
`(Zenchelsky, 3:6-13.)
`
`In addition, the Admitted Prior Art teaches filtering rules
`allowing access based on a request type and a destination
`address:
`
`filtering devices allow network
`Packet
`administrators to filter packets based on the
`source and/or destination infonnation. as
`well as on
`the
`type of service being
`transmitted within each IP packet.
`
`('118 Patent, 2:14-18.)
`
`[31.0] The system of claim 1,
`wherein the individualized rule set
`includes at least one rule
`redirecting the data to a new
`
`As analyzed above in portion [1.3], it would have been
`obvious to combine the system of He, Zenchelsky, and
`Fortinsky with the known technique of redirection.
`
`37
`
`Panasonic-1014
`Page 1364 of 1980
`
`

`

`us 6779118
`destination address based on a
`request type and an attempted
`destination address.
`
`f32.0] The method of claim 8,
`wherein the individualized rule set
`includes at least one rule as a
`function of a type of IP (Internet
`Protocol) service.
`[33.0] The method of claim 8,
`wherein the individualized rule set
`includes an initial temporary rule
`set and a standard rule set, and
`[33.1] wherein the redirection
`server is configured to utilize the
`temporary rule set for an initial
`period of time and to thereafter
`utilize the standard rule set.
`[34.0] The method of claim 8,
`wherein the individualized rule set
`includes at least one rule allowing
`access based on a request type and
`
`(Corrected) Request for Inter Partes Reexamination
`U.S. Patent No. 6,779,118
`
`Exhibit DD
`
`Prior Art Analysis"'
`The Admitted Prior Art further teaches an example of
`redirecting a user's request based on an a request type (for
`example, communications protocol or specific web page
`identification) and destination address (for example, the
`Internet domain name or IP address):
`
`First, the user instructs the WW\V browser
`(typically software running on the user's PC)
`to access a page on a remote WWW server
`by typing in the URL (universal resource
`locator) or clicking on a URL link. Note that
`a URL provides
`infonnation about
`the
`communications protocol, the location of
`the server (typically an Internet domain
`name or IP address), and the location of the
`page on the remote server. The browser
`next sends a request to the server requesting
`the page. In response to the user's request,
`the web server sends the requested page to
`the browser. The page, however, contains
`html code instructing the browser to request
`other WW\V
`page--hence
`the
`some
`redirection of the user begins.
`
`(' 118 Patent, 1 :46-58 (emphasis added).)
`
`See analysis of portion f28.0].
`
`See analysis of portion [29.0].
`
`See analysis of portion [29.1].
`
`See analysis of portion [30.0].
`
`38
`
`Panasonic-1014
`Page 1365 of 1980
`
`

`

`us 6779118
`a destination address.
`[35.01 The method of claim 8,
`wherein the individualized rule set
`includes at least one rnle
`redirecting the data to a new
`destination address based on a
`request type and an attempted
`destination address.
`[36.0] A system comprising:
`[36.1] a redirection server
`programmed with a user's rule set
`correlated to a temporarily
`assigned network address:
`[36.2] wherein the rule set
`contains at least one of a plurality
`of functions used to control
`passing between the user and a
`public network:
`[36.3] wherein the redirection
`server is configured to allow
`automated modification of at least
`a portion of the rule set correlated
`to the temporarily assigned
`network address;
`[36.4] wherein the redirection
`server is configured to allow
`modification of at least a portion
`of the rule set as a function of
`some combination of time, data
`transmitted to or from the user, or
`location the user accesses; and
`[36.5] wherein the modified rule
`set includes at least one rule as a
`function of a type of IP (Internet
`Protocol) service.
`[37 .0] A system comprising:
`[37 .1] a redirection server
`programmed with a user's rule set
`correlated to a temporarily
`assigned network address;
`[37.2] wherein the rule set
`contains at least one of a plurality
`of functions used to control
`passing between the user and a
`
`(Corrected) Request for Inter Partes Reexamination
`U.S. Patent No. 6,779,118
`
`Exhibit DD
`
`Prior Art Analysis"'
`
`See analysis of portion [31.01.
`
`See analysis of portion [1.0].
`See analysis of portions [1.3] and [1.6].
`
`See analysis of portion [16.2].
`
`See analysis of portion [ 16.3].
`
`See analysis of portion [16.4].
`
`See analysis of portion [28.0].
`
`See analysis of portion [ 1.0].
`See analysis of portions [1.3] and [ 1.6].
`
`See analysis of portion [16.2].
`
`39
`
`Panasonic-1014
`Page 1366 of 1980
`
`

`

`(Corrected) Request for Inter Partes Reexamination
`U.S. Patent No. 6,779,118
`
`us 6779118
`public network:
`[37.31 wherein the redirection
`server is configured to allow
`automated modification of at least
`a portion of the rule set correlated
`to the tempora1ily assigned
`network address;
`[37.4] wherein the redirection
`server is configured to allow
`modification of at least a portion
`of the rule set as a function of
`some combination of time, data
`transmitted to or from the user, or
`location the user accesses; and
`[37.51 wherein the modified rule
`set includes an initial temporary
`rnle set and a standard rule set,
`and
`[37.61 wherein the redirection
`server is configured to utilize the
`temporary rule set for an initial
`period of time and to thereafter
`utilize the standard rule set.
`[38.0] A system comprising:
`[38.1] a redirection server
`programmed with a user's rule set
`correlated to a temporarily
`assigned network address;
`[38.2] wherein the rule set
`contains at least one of a plurality
`of functions used to control
`passing between the user and a
`public network;
`[38.3] wherein the redirection
`server is configured to allow
`automated modification of at least
`a p01tion of the rule set correlated
`to the temporarily assigned
`network address:
`[38.4] wherein the redirection
`server is configured to allow
`modification of at least a portion
`of the rule set as a function of
`some combination of time, data
`
`Exhibit DD
`
`Prior Art Analysis"'
`
`See analysis of portion [ 16.31.
`
`See analysis of portion [16.4].
`
`See analysis of