..
`
`154652-0004
`
`,·
`A_/(D
`lt(111oc/'
`
`PATENT
`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`-u .
`-n ·
`.......
`.;:.
`~ - IS )
`
`'5:ll!=c::
`<X>
`.
`
`.
`
`--=O',)
`. --==ti)
`
`' l . 0 - .
`<X>--=--
`
`~ New Provisional Patent Application:
`0
`
`Inventor(s)
`
`Kleinrock et al
`
`Filed
`
`For
`
`:
`
`Herewith
`
`AUTOMATIC USER TRACKING
`AND SECURITY IN NETWORKS
`
`)
`)
`)
`)
`)
`)
`)
`)
`)
`)
`)
`
`EXPRESS MAIL LABEL NO.:
`
`EM470204514US
`
`Date of Deposit:
`
`December 8, 1998
`
`----------------
`
`TRANSMITTAL LETTER FOR
`
`PROVISIONAL PATENT APPLICATION
`
`Assistant Commissioner for Patents
`Washington, D. C. 20231
`. Box: Provisional Patent Application
`
`Sir:
`
`Transmitted herewith is the above-noted Provisional patent application, including the
`following:
`
`[SJ
`
`[SJ
`D
`
`[SJ
`
`[SJ
`
`Six (6) pages Specification, including Attachments A-H
`
`Seven (7) sheets of informal Drawings
`
`Verified Statement Claiming Small Entity Status
`
`Check in the amount of $150.00
`
`Return Postcard acknowleging receipt to the documents transmitted
`
`-1-
`
`GUEST TEK EXHIBIT 1022
`Guest Tek v. Nomadix, IPR2019-01191
`
`Page 1 of 16
`
`

`

`154652-0004
`
`The names and addresses of the inventors are:
`
`Leonard Kleinrock, 318 N. Rockingham Ave., Los Angeles, CA 90049
`
`Joel E. Short, 725 S. Barrington #310, Los Angeles, CA 90049
`
`FEE COMPUTATION
`
`Basic Filing Fee ................ $ 150.00
`
`Less Small Entity Reduction ............. - .$
`
`0.00
`
`TOTAL FILING FEE ............... $ 150.00
`
`No additional fees are believed to be due. If an extension of time is required for this paper
`or later filed papers, please consider this a petition for the required extension of time. Please
`charge any required petition fees, and any other fees, except for payment of the issue fee, and
`charge any underpayment or credit any overpayment during the prosecution of this application to
`our deposit account No. 09-0946 for which purpose a duplicate of this paper is enclosed.
`
`Respectfully submitted,
`
`Norman E. Brunell
`Registration No. 26,533
`
`IRELL & MANELLA LLP
`1800 Avenue of the Stars, Suite 900
`Los Angeles, CA 90067
`310-277-1010
`nbrunell@irell.com
`
`96430.01 01
`
`- 2 -
`
`Page 2 of 16
`
`

`

`EXPRESS MAIL LABEL NO. EM470204514US
`Date of Deposit: 12/08/98
`
`Automatic User Tracking & Security
`in Networks
`
`Inventors:
`
`Leonard Kleinrock,
`Joel Short,
`
`Los Angeles, CA 90049
`Los Angeles, CA 90049
`
`Cross Reference to Related Applications
`
`This application is related to US App. Serial No.
`08/816,174, a copy of the disclosure of which is attached
`hereto as attachment H.
`
`BACKGROUND OF THE INVENTION
`
`1.
`
`Field of the Invention:
`
`The present invention is related to network
`communications and, in particular, to improvements in DHCP
`providing for automatic user tracking and security.
`
`2. Description of the Prior Art:
`
`Dynamic Host Configuration Protocol {DHCP}
`
`Dynamic Host Configuration Protocol (DHCP) was developed as
`a means of allowing network administrators to assign TCP/IP
`configuration parameters automatically to the client
`computers in ~u~~~ networks. Because DHCP relieves network
`administrators of the time consuming task of manually
`configuring each computer on the network, it has been well
`received and is currently used in 40 to 60 percent of
`enterprise networks today.
`
`DHCP was designed to assign IP settings to any user joining
`a network, without any user authentication, from a pre(cid:173)
`defined range of IP addresses. Since DHCP assigns IP
`addresses indiscriminately (without, for example, manually
`entering a MAC address for a lease reservation), it does
`not allow for the tracking of individual end-users. This
`can make tracing and diagnosing network problems very
`difficult for the NSP.
`
`96309
`
`Page 3 of 16
`
`

`

`DHCP in the Network Service Provider Network
`Under
`scenario, each NSP deploys
`own DHCP server
`to perform network configuration tasks. Any DHCP client
`can obtain the necessary network configuration settings to
`gain network access from a DHCP server (unless manual
`reservations are employed). Thus, if a DHCP approach is
`employed by the NSP, each user must be authenticated or the
`NSP will not be able to deny access to an unauthorized
`user. DHCP can also create problems with user
`traceability. Since clients are given an IP address from a
`pool of available addresses, the network administrator does
`not know who is using each IP address.
`
`The traceability issue can be solved by binding MAC
`addresses to permanent DHCP leases (e.g., manual
`reservations). Several cable NSPs are using this approach.
`This, however, requires the NSP to manually track each
`user's MAC address. This approach forces the user to call
`a customer service representative at the NSP with his new
`MAC address each time he changes computers or network
`interface cards (NIC). This process of tracking MAC
`addresses requires manual intervention and is burdensome
`for the NSP; it is not a scalable solution for managing
`millions of subscribers.
`
`The DHCP approach generally leads to either lengthy
`customer support calls or worse, on-site visits to the
`subscribers' homes to set configuration parameters. This
`process is not complete once the initial customer
`configuration has been established. The configuration
`process must be repeated each time the subscriber changes
`or upgrades his computer or network interface card. This
`places a substantial and costly customer support burden on
`the NSP trying to roll out residential broadband service.
`
`SUMMARY OF THE PRESENT INVENTION
`
`In accordance with the present invention, automatic user
`tracking and security is provided by detecting a unique
`indicator of the user attempting to access the network,
`such as the MAC address, and then translating subsequent
`packets received from that user in accordance with data
`stored in a server.
`
`In one embodiment of the present invention, the first time
`a subscriber accesses his residential network, the Nomadix
`
`96309
`
`2
`
`Page 4 of 16
`
`

`

`solution has the ability to redirect that user to a sign-in
`page on his browser. Nomadix refers herein to the assignee
`of the present invention. Then, our adaptive networking
`technology creates a database that automatically records
`the user's MAC address once an existing customer database
`or security server (such as RADIUS or TACACS) authenticates
`the user. The Nomadix databases have been built to easily
`integrate with these subscriber access systems. Like a
`router, the Nomadix technology continues to track the IP
`and MAC settings for each user on the network, eliminating
`the need for further sign-ins. This allows the NSP to
`trace network problems and track usage.
`
`In addition, the underlying dynamic NAT approach used to
`translate static IP addresses can create an additional
`layer of security for subscribers, since their private IP
`information never gets transmitted over the public
`Internet.
`
`BRIEF DESCRIPTION OF THE
`DRAWINGS AND ATTACHMENTS.
`
`All Figures and attachments hereto are incorporated herein
`as additional background and disclosure materials.
`
`Fig. 1 is a flow chart diagram of the automatic user
`tracking and security technology of the present invention.
`
`Fig. 2 is a block diagram of the integration of the USG of
`the present invention in an Ethernet over ADSL environment.
`
`Fig. 3 is a block diagram illustration of ATM over ADSL
`using a Bridging Modem.
`
`Fig. 4 is a block diagram illustration of PPP over ATM over
`ADSL using a Routing Modem from a home User to the NSP.
`
`Fig. 5 is a block diagram illustration of PPP over ATM over
`ADSL using a Routing Modem from a home User to a corporate
`server.
`
`Fig. 6 is a block diagram illustration of PPP over Ethernet
`over ADSL using RedBack technology from a home User to the
`NSP.
`
`Fig. 7 is a block diagram illustration of Ethernet over
`ADSL from a user to an Internet Gateway.
`
`96309
`
`3
`
`Page 5 of 16
`
`

`

`Attachment A is a confidential Nomadix document entitled
`"Subscriber Configuration Issues in Residential Broadband
`Deployments", dated December 5, 1998, including 17 pages of
`combined text and drawings, which provides additional
`description of the background of the present invention as
`well as additional disclosure of preferred embodiment of
`the present invention as shown, for example, on page 10 and
`following thereof.
`
`Attachment Bis a Nomadix Document entitled "Universal
`Subscribed Gateway, Subscriber Configuration for ADSL
`Residential Broadband Network Services", including one page
`of combined text and drawing, disclosing one embodiment of
`the USG of the present invention for use with ADSL
`technology.
`
`~ is a Nomadix Document entitled "Universal
`Subscribed Gateway, Subscriber Configuration for Cable
`Residential Broadband Network Services", including one page
`of combined text and drawing, disclosing one embodiment of
`the USG of the present invention for use with cable
`technology.
`
`~ is a Nomadix Document entitled "Universal
`Subscribed Gateway, Subscriber Configuration for Wireless
`Residential Broadband Network Services", including one page
`of combined text and drawing, disclosing one embodiment of
`the USG of the present invention for use with wireless
`technology.
`
`Attachment Eis a Nomadix Document entitled "Universal
`Subscribed Gateway, Broadband Network Service in Hotels and
`Multi-Tenant Buildings", including one page of combined
`text and drawing, disclosing one embodiment of the USG of
`the present invention for use in that environment.
`
`Attachment Fis a Nomadix Document entitled "Cable Modems
`and Nomadix USG", including five pages of combined text and
`drawings, disclosing one embodiment of the USG of the
`present invention for use in that environment.
`
`Attachment G is a Nomadix Document entitled "xDSL
`Technologies", including three pages of text, describing
`various network access.configurations for use with the
`present invention.
`
`96309
`
`4
`
`Page 6 of 16
`
`

`

`~ is a Nomadix patent application entitled
`"NOMADIC TRANSLATOR OR ROUTER", including twenty-nine pages
`of text and thirteen sheets of drawings representing Fig.s
`1-15, disclosing a system in which the present invention is
`applicable.
`
`DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT(S)
`
`Referring now generally to all attachments and
`figures, and in particular to Fig. 1, when a packet is
`received, the MAC address within the packet is compared to
`the store of valid customer MAC address.
`If the packet is
`from a valid MAC address, the user activity is logged. A
`dynamic host configuration protocol (DHCP)is processed by
`looking up the customer's configuration from a previously
`prepared database and assigning the User's configuration to
`the packet which is then processed in the normal manner.
`If no DHCP request is made, the packet is translated or
`redirected as required before normal processing.
`
`If the received packet is does not include a valid MAC
`address, temporary new configuration information is
`provided to the User who is then directed to a Subscription
`login page to create a new account. The User's customer
`configuration is then written into a data base for later
`lookup in response to a DCHP request. A non-new User goes
`through a login validation after which the MAC address is
`stored for later look up.
`
`Referring now to Fig.s 12a-c of Attachment H, the
`above described secure DHCP technique can be provided in an
`alternate embodiment of the Nomadic Router (NR) as shown
`and described with regard to Page 18 of Attachment H.
`
`Whenever a computer generates a packet on the network
`and it is received from the NR as shown in Figure 9 step 4
`of Attachment H, the packet will be checked to see if it is
`coming from a validated MAC address as shown in Fig. 1.
`If
`the valid packet is a DHCP request then option 3 of the
`Host Learning Section on page 20 of Attachment His used,
`otherwise interception and address translation is performed
`as option 1 or 2 of the Host Learning section on Pages 19-
`20 of Attachment H.
`
`One embodiment for performing the step of providing
`any needed translation or redirection, as specified in Fig.
`1, is described in steps 5, 6, and 7 of Figure 9a of
`Attachment H. Similarly, the step of Normal Packet
`
`96309
`
`5
`
`Page 7 of 16
`
`

`

`Processing and Tracking is performed in step 8 of Figure 9a
`of Attachment H.
`
`96309
`
`6
`
`Page 8 of 16
`
`

`

`INIT:
`Packet Received
`
`Store of Valid
`Customer
`MAC
`Addresses
`
`__ Read _
`
`Lookup Source
`Hardware (MAC)
`Address
`
`Read
`
`- -
`
`Customer
`Database or
`Security
`Server
`
`Write
`
`Yes
`
`Log User Activity
`
`No
`
`Provide new
`temporary
`Configuration
`Information
`to User
`
`Yes
`
`Lookup
`Customer's
`Configuration
`Information
`
`Assign User's
`Configuration
`Information
`
`No
`
`Read
`
`Customer's
`Configuration
`Information
`
`Direct User to
`Subscription Login ~ - - - - ,
`Page
`
`Write
`
`Write
`
`Yes
`
`Create New User
`Account
`
`No
`
`No
`
`Check for Valid
`Login
`
`Yes
`
`store Validated
`MAC Address
`
`Perform any
`needed
`Translation or
`Redirection
`
`Normal Packet
`Processing &
`Tracking
`
`Done
`
`r<.;, I
`
`Page 9 of 16
`
`

`

`F,~. 2,
`
`upstream link (OC-3)
`onto a common
`multiple ADSL links
`Ethernet traffic from
`multiplexing of
`Aggregation and
`
`to-OSL modem
`bridge and a Ethemet(cid:173)
`Acts as a learning
`
`Local Server
`
`D
`
`LAN Media
`
`WAN Media
`
`OC-3
`
`ATM
`
`OC-3
`
`ATM
`
`OC-3
`
`ATM
`
`OC-3
`
`ATM
`
`ADSL
`
`10Base-T I ADSL
`
`10Base-T
`
`Ethernet
`
`Ethernet I Ethernet
`
`Ethernet
`
`Ethernet
`
`Ethernet Bridging
`
`IP Routing
`
`IP
`
`TCP/UDP
`
`HTTP I DHCP
`
`IP
`
`TCP/UDP
`
`OHCP
`
`HTTP
`
`IP
`
`TCP
`
`Module
`Add-In
`
`OR
`
`Internet Gateway
`
`WiiW~I
`
`Stand-alone
`
`Device
`
`Nomadix USG
`j
`
`joooo
`
`t
`
`=
`
`DSLAM
`
`-
`
`Modem
`Bridging
`ormrmi
`
`-+
`
`Adapter
`
`!:!
`
`U.$\.\.er's Desktop
`
`JI~
`
`"Ethernet over ADSL" environment
`Integration of the Nomadix USG in an
`
`Page 10 of 16
`
`

`

`F,q 3
`
`t ..
`
`Local Server
`
`z:t=t(cid:157)-\
`
`0 44-
`
`Usage measurement
`User authentication
`IP address assignment (DHCP)
`
`(OC-3)
`common upstream link
`ADSL links onto a
`traffic from multiple
`multiplexing of ATM
`Aggregation and
`
`{broadcast)
`theADSL link
`Occasional flooding of
`ATM
`over ATM or IP over
`No support for PPP
`
`LAN Media
`
`OC-3
`
`OC-3
`
`OC-3
`
`OC-3
`
`ADSL
`
`ADSL
`
`WAN Media
`
`AAL5/ATM
`
`ATM
`
`ATM
`
`ATM
`
`Ethernet
`
`Ethernet
`
`TCP/IP
`
`IP Routing
`
`Server
`Access
`Remote
`
`!11111!
`
`m
`
`ATM Switch
`
`Ill
`
`DSLAM
`
`Modem
`Bridging
`
`-{• -1
`
`Adapter
`Ethernet
`[gJ-
`Ott=a
`
`User's Desktop
`
`IQI
`
`using a Bridging Modem
`
`A TM over ADSL
`
`u
`
`I ....._.,,
`
`Page 11 of 16
`
`

`

`y:' ,c) ,,_(
`
`t -·
`
`Usage measurement
`User authentication
`IP address assignment
`PPP RAS:
`
`I LAN Media I
`
`I WANMedla I
`
`OC-3
`
`ATM
`
`PPP
`
`{ )
`
`I
`
`IP Routing
`
`Local Server
`
`(OC-3)
`common upstream link
`ADSL links onto a
`traffic from multiple
`multiplexing of ATM
`Aggregation and
`
`IP over ATM
`PPP over ATM
`Ethernet over A TM
`Support for:
`
`-
`
`OC-3 I OC-3
`
`-
`
`ADSL I OC-3
`
`-
`
`ATM
`
`ATM
`
`ADSL
`
`Ethernet
`
`Ethernet
`
`ATM
`
`l2TP~
`·····
`
`...........
`
`IP
`
`'• ... :
`. · ..
`
`IP
`
`l2TP
`
`PPP
`
`IP
`
`TCP
`
`Cl
`
`;zj
`
`44
`
`'
`
`Server
`Access
`Remote
`
`PPP
`
`If If If~<~
`
`'1
`
`ATM Switch
`
`I
`
`DSLAM
`
`Modem
`Routing
`l-----,• im::mm
`
`Adapter
`Ethernet
`
`User's Desktop
`
`{Home to NSP)
`
`using a Routing Modem
`PPP over ATM over ADSL
`
`'-"'
`
`I
`
`\
`
`\_,-
`
`Page 12 of 16
`
`

`

`• ... ..
`
`1-tc, c;;,
`
`Usage measurement
`User authentication
`IP address assignment
`PPP RAS;
`
`Frame Relay
`
`IP
`
`L2TP
`
`PPP
`
`IP
`
`TCP
`
`{.)
`
`L2TPTunnel
`Matches ATM's VC with
`
`(OC-3)
`common upstream link
`ADSL links onto a
`traffic from multiple
`multiplexing of A TM
`Aggregation and
`
`IP over ATM
`PPP over ATM
`Ethernet over ATM
`Support for:
`
`FR
`
`FR I
`
`IP
`
`Frame Relay
`
`IP
`
`OC-3
`
`ADSL I OC-3 ~
`
`-~L2TP
`
`ATM
`
`ATM
`
`,-
`
`ADSL
`
`Ethernet
`
`,___
`
`Ethernet
`
`ATM
`
`L2TP~
`
`IP
`
`(_:•••••••n•••••
`
`IP
`
`L2TP
`
`PPP
`
`IP
`
`TCP
`
`Server
`Access
`Remote
`Corporate
`
`1------;Cl
`
`Internet Gateway
`
`OSI.AM
`
`1--1~111111
`
`Modem
`Routing
`
`-;;-=:i...., ___ __j
`
`-jr (cid:127)
`
`(cid:127)
`
`'
`
`I
`
`(Home to Corporate)
`
`using a Routing Modem
`PPP over A TM over ADSL
`
`iJ
`
`Adapter
`Ethernet
`
`t..
`
`User's Desktop
`
`'--'
`
`Page 13 of 16
`
`

`

`r-tc,. ,.
`
`Usage measurement
`User authentication
`IP address assignment
`PPP RAS:
`
`• .. ,
`
`Frame Relay
`
`IP
`
`UDP
`
`L2TP
`
`PPP
`
`IP
`
`TCP
`
`service provider
`the PPP RAS for the
`environment, or acts as
`the corporate
`and, possibly, tunnels to
`Runs the PPPoE protocol
`
`(OC-3)
`common upstream link
`ADSL links onto a
`traffic from multiple
`multiplexing of ATM
`Aggregation and
`
`FR I FR
`
`IP
`
`Frame Relay
`
`OC-3
`
`OC-3 >---
`
`ADSL
`
`-j Ethernet I ADSL
`
`IP
`
`UDP
`
`L2TP
`
`ATM
`
`ATM
`
`Ethernet
`
`PPPoE
`
`;
`/
`* ... _
`
`(_}
`
`PPP
`
`( )
`
`{)
`
`Ethernet
`
`PPPoE
`
`PPP
`
`IP
`
`TCP
`
`Server
`Access
`Remote
`Corporate
`
`,_____, Q
`
`RedBack SMS1000
`
`111111.
`
`DSLAM
`
`~Q@Q@J
`
`+B -~I
`
`Modem
`n ging
`
`Adapter
`Ethernet
`
`J
`
`User's Desktop
`
`(Home to NSP)
`
`PPP over Ethernet over ADSL
`
`Red Back's
`
`\._)
`
`\_.,-
`
`Page 14 of 16
`
`

`

`F1c,, 7.
`
`t ...
`
`Local Server
`
`._)
`
`Usage measurement
`User authentication
`IP address assignment (DHCP)
`
`LAN Media
`
`WAN Media
`
`OC-3
`
`ATM
`
`IP Routing
`
`upstream link (OC-3)
`onto a common
`multiple ADSL links
`Ethernet traffic from
`multiplexing of
`Aggregation and
`
`to-DSL modem
`bridge and a Ethemet(cid:173)
`Acts as a learning
`
`OC-3
`
`ATM
`
`ADSL
`
`ADSL
`
`10Base-T
`
`10Base-T
`
`Ethernet
`
`Ethernet I Ethernet
`
`Ethernet
`
`IP
`
`TCP
`
`. ~---
`1
`
`Internet Gateway
`I"
`
`'1111'
`
`[II~
`
`DSLAM
`""-
`
`+.,;=.1
`
`Modom
`
`Ethom!,
`
`Adapte,
`
`User's Desktop
`
`',
`
`Ethernet over ADSL
`
`;
`
`... _., ..
`
`'
`
`----
`
`Page 15 of 16
`
`

`

`. ..
`--· ..
`
`·.
`PRL,T OF DKAWU.GS
`i½
`-
`,t
`AS ORIGINALLY FILED
`--- --- _ __
`__ · Jies Patent & Trademark Office
`Office of Initial Patent Examination - Scanning Division
`
`.
`
`Application deficiencies were found during scanning:
`D
`D Page(s) _ _ _ _ of l .z. .. \.,,,,-...·k.\.1
`for scanning.
`
`(Document title)
`
`were not present
`
`(cid:143)
`Page(s) _ _ _ _ of _ _ _ _ _ _ _ _ _ _ _ _ were not present
`for scanning.
`(Document title)
`
`(cid:143)
`
`Scanned copy is best available.
`
`Page 16 of 16
`
`