`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`GUEST TEK INTERACTIVE ENTERTAINMENT LTD.,
`Petitioner,
`
`v.
`
`NOMADIX, INC.,
`Patent Owner.
`
`Case IPR2019-01191
`Patent 8,606,917
`
`DECLARATION OF STUART G. STUBBLEBINE, PH.D.
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`1.
`
`I, Stuart G. Stubblebine, Ph.D., am making this declaration at the
`
`request of Nomadix in the matter of IPR2019-01191 before the Patent Trial and
`
`Appeal Board (PTAB) of the United States Patent and Trademark Office, which
`
`involves Guest Tek Interactive Entertainment Ltd.’s petition for inter partes review
`
`of U.S. Patent No. 8,606,917 (“the ’917 patent”).
`
`2.
`
`I am being compensated for my work in this matter on an hourly-fee
`
`basis. My compensation does not depend in any way on the outcome of this
`
`proceeding.
`
`3.
`
`In this declaration, I will use the following abbreviations for the
`
`following documents, which I have reviewed and considered:
`
`
`
`- 1 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`Short Name
`’917 patent
`Dordal Decl.
`’060 application
`
`Trudeau
`Whyte
`
`Fuh
`NIST
`
`’890 provisional
`
`Petition
`
`
`
`Record Citation
`Reference
`Exhibit 1001
`U.S. Patent No. 8,606,917
`Declaration of Dr. Peter Dordal Exhibit 1002
`U.S. Patent Application
`Exhibit 1003
`09/693,060
`U.S. Patent No. 8,046,578
`David Whyte et al., DNS-based
`Detection of Scanning Worms in
`an Enterprise Network,
`Proceedings of the 12th Annual
`Network and Distributed
`System Security Symposium,
`San Diego, USA (Feb. 3-4,
`2005)
`U.S. Patent No. 6,463,474
`John Wack et al., Keeping Your
`Site Comfortably Secure: An
`Introduction to Internet
`Firewalls, NIST Special
`Publication 800-10 (Dec. 1994)
`U.S. Patent Application
`60/160,890
`Petition for Inter Partes Review
`of U.S. Patent No. 8,606,917
`
`Exhibit 1021
`
`Paper 1
`
`Exhibit 1004
`Exhibit 1005
`
`Exhibit 1006
`Exhibit 1007
`
`I. PROFESSIONAL BACKGROUND
`
`4.
`
`I have over 30 years of experience studying, researching, and working
`
`with computers, computer programming, and networks. I received a Bachelor of
`
`Science degree in Computer Science and Mathematics in 1983 from Vanderbilt
`
`University, a Master of Science degree in Electrical Engineering in 1988 from the
`
`University of Arizona, and a Ph.D. degree in Electrical Engineering in 1992 from
`
`the University of Maryland.
`
`
`
`- 2 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`5.
`
`I served in the U.S. Army from 1984 to 1987, focusing on
`
`telecommunications. From 1985 to 1987, I was an instructor at the City Colleges of
`
`Chicago,
`
`teaching undergraduate computer science courses
`
`relating
`
`to
`
`programming and system analysis and design. Then, in 1988, as a Research
`
`Assistant in the Electrical and Computer Engineering Department at the University
`
`of Arizona, I worked on a video, telecommunication, and distributed computer
`
`architecture for conferencing. Among other things, I optimized the network design
`
`and communication protocols for the system.
`
`6.
`
`From 1989 to 1990, I was the Director of Secure Systems Engineering
`
`at Commcrypt, where I led research and development in several security-related
`
`areas, including network and file server architectures, automated cryptographic key
`
`management, and secure e-mail. At Commcrypt, I also worked with the National
`
`Institute of Standards and Technology to establish national standards for secure
`
`programming.
`
`7.
`
`From 1990 to 1991, while conducting my doctoral research at the
`
`University of Maryland, I also taught a laboratory component of an upper division
`
`computer engineering course. From 1991 to 1992, while continuing my doctoral
`
`research, I worked as a Computer Scientist and consultant in the Federal Systems
`
`Division of IBM. In that capacity, I analyzed the security of certain network
`
`architectures and distributed computing systems and identified significant
`
`- 3 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`vulnerabilities in Privacy-Enhanced Electronic Mail and the Kerberos network
`
`authentication service.
`
`8.
`
`After receiving my Ph.D. in 1992, I had a joint appointment at the
`
`University of Southern California as a Research Assistant Professor in the
`
`Computer Science Department and as a Computer Scientist with the Information
`
`Sciences Institute, from 1992 to 1994. I continued on at USC for the next four
`
`years as an adjunct faculty member in the Computer Science department. During
`
`my time at USC, among several other responsibilities, I advised students on
`
`research in computer networks and security. I also conducted research relating to
`
`minimizing delay and bandwidth for protecting traffic flow confidentiality in
`
`networks and contributed to the design of the Real-Time Transport Protocol.
`
`9.
`
`During part of my time at USC, from 1994 to 1998, I was also a
`
`researcher at AT&T Bell Labs (later AT&T Labs – Research), performing research
`
`in computer and network security technology. While at Bell Labs, I worked on
`
`numerous projects, including projects involving research into secure Internet
`
`telephony, attacks on the IPSEC protocol and security for e-commerce services.
`
`10. From 1998 to 2001, I was a Vice President and Cryptographer at
`
`CertCo, Inc., conducting research, design, and analysis of public key infrastructure
`
`protocols and related risk management services. Beginning in 2001, I formed
`
`Stubblebine Consulting and Stubblebine Research Labs, and began my affiliation
`
`
`
`- 4 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`as a professional researcher with the Computer Science department at the
`
`University of California, Davis.
`
`11.
`
`I was an Associate Editor of Association for Computing Machinery
`
`(ACM) Transactions on Information and System Security, the premier academic
`
`journal in the area of network and computer security, and a member of its editorial
`
`board from January 2000 to April 2007. I was an invited editor for the Special
`
`Issue on Software Engineering and Security for ACM Transactions on Software
`
`Engineering and Methodology in 2000.
`
`12.
`
`I was a member of the Program Committee, ACM Conference on
`
`Computer and Communications Security in 1996, 1997, 2002, and 2003. I was also
`
`a member of the Program Committee, Formal Methods in Security Engineering
`
`(FMSE) in 2003 and 2004. I served on the Program Committee for Financial
`
`Cryptography in 2001 and 2006. I was the Tutorial Chair, ACM Conference on
`
`Computer and Communications Security in 2000, and a Session Chair for that
`
`conference in 2000 and 2003. I was on the Program Committee for the Institute of
`
`Electrical and Electronics Engineers (IEEE) Computer Security Symposium on
`
`Research in Security and Privacy in 1994, 1996, 1997, and 1998, and a Session
`
`Chair for that Symposium in 1994 and 1998. I was on the Program Committee,
`
`European Symposium on Research in Computer Security in 1998, and the
`
`Publications Chair, ACM Conference on Computer and Communications Security,
`
`
`
`- 5 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`also in 1998. I served as a Session Chair, 1997 DIMACS Workshop on Design and
`
`Formal Verification of Security Protocols, and also served on the Program
`
`Committee for the National Computer Security Conference in 1993 and 1994.
`
`13. As a research scientist with Stubblebine Research Labs, I performed
`
`research sponsored by the National Science Foundation into security and privacy
`
`technology. Currently, as a principal of Stubblebine Consulting, I provide
`
`consultation services in the fields of computer and network security. Furthermore, I
`
`am an inventor on 12 United States patents, all of which relate to computer and
`
`network security.
`
`II. SCOPE OF ANALYSIS
`
`14.
`
`I understand that this PTAB proceeding involves subjects related to
`
`the patentability of claims 1 and 11 of the ’917 patent. I understand that my
`
`analysis in this proceeding is limited in scope, and that I have been asked to offer
`
`analysis regarding the particular obviousness theories set forth in the Petition. I
`
`have therefore limited my analysis to whether, Trudeau in view of Whyte
`
`(Ground 1), Trudeau in view of Whyte and Fuh (Ground 2), and Fuh in view of
`
`NIST (Ground 3) would render the challenged claims of the ’917 patent obvious to
`
`one of ordinary skill in the art at the time of the invention. The specific topics
`
`within this question that I have been asked to address, and my analysis thereof, are
`
`set forth in the section of this declaration labeled “SUBSTANTIVE ANALYSIS.”
`
`
`
`- 6 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`15. With respect to the present PTAB proceeding, I have neither analyzed
`
`nor expressed any opinion about any subject that is not expressly included in the
`
`section labeled “SUBSTANTIVE ANALYSIS.”
`
`III. LEGAL STANDARDS
`
`16. At the outset, I want to clarify that all of my analysis and opinions in
`
`this declaration are from the perspective of a person of ordinary skill in the art at
`
`the time of invention. In the interest of conciseness, some portions of this
`
`declaration do not expressly include language indicating that the analysis is from
`
`the perspective of a person of ordinary skill in the art at the time of invention. It
`
`should be understood, however, that my analysis and opinions are from the
`
`perspective of a person of ordinary skill in the art at the time of invention. For
`
`example, my opinion that a reference does not disclose or teach a claim limitation
`
`should be understood to mean that, in my opinion, a person of ordinary skill in the
`
`art at the time of invention would interpret the reference as not disclosing the
`
`limitation.
`
`17.
`
`I will not offer opinions of law as I am not an attorney. The opinions I
`
`am expressing in this declaration involve the application of my knowledge and
`
`experience to the evaluation of the ’917 patent and certain art with respect to the
`
`’917 patent. The paragraphs below express my understanding of how I must apply
`
`current principles related to patentability to my analysis.
`
`
`
`- 7 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`18.
`
`I understand that a claim is unpatentable under 35 U.S.C. § 103 if the
`
`differences between the claimed subject matter and the prior art are such that the
`
`claimed subject matter as a whole would have been obvious to a person of ordinary
`
`skill in the art at the time of the invention. I also understand that an obviousness
`
`analysis is based on the scope and content of the prior art, the differences between
`
`the claimed subject matter and the prior art, the level of ordinary skill in the
`
`pertinent art at the time of the invention, and objective indicia of nonobviousness,
`
`such as commercial success, industry praise, and unexpected results.
`
`19.
`
`It is my further understanding that, to find a claimed invention
`
`obvious in light of a combination of prior-art references, a person of ordinary skill
`
`in the art at the time of the invention must have had reason to combine the
`
`teachings of the prior-art references to achieve the claimed invention, and that the
`
`person of ordinary skill must have had a reasonable expectation of succeeding in
`
`combining the teachings to arrive at the claimed invention. I further understand
`
`that a reason to combine or expectation of success is undermined if the
`
`combination or modification of the technology disclosed in the prior art would
`
`interfere with an objective of the technology disclosed in the prior art or if the prior
`
`art teaches away from making the combination or modification.
`
`20.
`
`I understand that an assessment of what a reference discloses or
`
`teaches—for purposes of an obviousness analysis—must be conducted from the
`
`
`
`- 8 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`perspective of a person of ordinary skill in the art at the time of the invention. In
`
`other words, a reference discloses or teaches a claim limitation only if a person of
`
`ordinary skill in the art would, at the relevant time, interpret the reference as
`
`disclosing the claim limitation.
`
`21.
`
`I understand that a patent must contain a written description of the
`
`limitations recited in the claims. To satisfy the written description requirement, the
`
`patent specification must describe each and every limitation of a patent claim, in
`
`sufficient detail, although the exact words found in the claim need not be used. I
`
`understand the written description requirement is satisfied if persons of ordinary
`
`skill in the field of the invention would recognize, from reading the patent
`
`specification, that the inventor possessed the subject matter finally claimed in the
`
`patent. The written description requirement is satisfied if the specification shows
`
`that the inventor possessed his or her invention as of the effective filing date of the
`
`claimed invention, even though the claims themselves may have been changed or
`
`new claims added since that time.
`
`22.
`
`I understand it is unnecessary to spell out every detail of the invention
`
`in the specification, and specific examples are not required; only enough must be
`
`included in the specification to convince persons of ordinary skill in the art that the
`
`inventor possessed the full scope of the invention. In evaluating whether the
`
`specification has provided an adequate written description, I have considered such
`
`
`
`- 9 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`factors as 1) the nature and scope of the patent claims; 2) the complexity,
`
`predictability, and maturity of the technology at issue; 3) the existing knowledge in
`
`the relevant field; and 4) the scope and content of the prior art.
`
`IV. SUBSTANTIVE ANALYSIS
`
`23.
`
`I reiterate that all of my analysis and opinions in this declaration are
`
`from the perspective of a person of ordinary skill in the art at the time of invention,
`
`though I may not expressly repeat this every time I articulate my analysis or
`
`conclusions.
`
`A. Level of Ordinary Skill in the Art
`
`24.
`
`I understand that factors that may be considered in determining the
`
`level of ordinary skill in the art include: the type of problems encountered in the
`
`art; prior-art solutions to those problems; the rapidity with which innovations are
`
`made; the sophistication of the technology; and the educational level of active
`
`workers in the field. I understand that not all such factors may apply to or be
`
`present in every case and that one or more factors may predominate in a particular
`
`case. Moreover, I understand that inventors often possess extraordinary rather than
`
`merely ordinary skill in the art.
`
`25. Petitioner contends the following on the level of ordinary skill in the
`
`art:
`
`
`
`- 10 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`A person of ordinary skill in the art at the time of the alleged inventions of
`
`claims 1 and 11 (“POSITA”) would have had (1) either a formal degree in
`
`computer science or a related subject, or commensurate informal education
`
`in computer programming and designing computer networks, and (2) at least
`
`2 years of experience in designing or programming computer networks.
`
`Pet. at 19.
`
`26.
`
`I do not necessarily agree with Petitioner’s assertions regarding the
`
`pertinent art or level of ordinary skill, but even if I were to apply Petitioner’s
`
`proposed level of skill to my analysis, my analysis and opinions below would not
`
`materially change. I reserve the right to opine on the level of ordinary skill at a
`
`later date in this proceeding.
`
`B. Analysis of Grounds 1 and 2
`
`1.
`
`The ’060 application provides support for all of the limitations of
`Claims 1 and 11
`
`27.
`
`I understand that Petitioner contends that claims 1 and 11 are
`
`unpatentable based, at least in part, on Trudeau in view of Whyte (Grounds 1
`
`and 2). I understand Petitioner argues that the ’060 patent does not provide written
`
`description support for claims 1 and 11, thereby making Trudeau and Whyte prior
`
`art to those claims. In my opinion, the ’060 application provides written
`
`description support for claims 1 and 11.
`
`28. Claim 1 recites:
`
`
`
`- 11 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`1. A method for granting access to a computer network,
`
`comprising:
`
`[1.A] receiving at an access controller a request to access the
`
`network from a source computer, the request including a transmission
`
`control protocol (TCP) connection request having a source IP address
`
`and a destination IP address;
`
`[1.B] determining by the access controller whether the source
`
`computer must login to access the network, including:
`
`[1.C] comparing the source IP address with profiles of
`
`authorized source devices, each profile including an IP address,
`
`wherein if the source IP address is included in a profile of an
`
`authorized source device, the source device is granted access
`
`without further authorization, and
`
`[1.D] if the source IP address is not included in a profile
`
`associated with an authorized source device, then determining
`
`whether the destination IP address is included in a plurality of
`
`destination IP addresses associated with the access controller,
`
`wherein if the destination IP address is included in the plurality
`
`of destination IP addresses, the source device is granted access
`
`without further authorization, and
`
`[1.E] if the destination IP address is not included in the
`
`plurality of destination IP addresses, then the access controller
`
`determines the source device must be authorized to access the
`
`network and provides the source device with a login page;
`
`- 12 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`[1.F] using the access controller to authenticate credentials
`
`provided from the source device via the login page; and
`
`[1.G] authorizing the source device access to the network if the
`
`provided credentials are authenticated.
`
`Ex. 1001 at 131:18-49.
`
`29. Claim 11 recites:
`
`11. A system for providing network access to a source device
`
`comprising:
`
`[11.A] an access controller configured to receive a request to
`
`access the network from the source device, the request including a
`
`transmission control protocol (TCP) connection request having a
`
`source IP address and a destination IP address,
`
`[11.B] the access controller further configured to redirect the
`
`source device to a login page if it is determined that authentication is
`
`required prior to network access being granted, the authentication
`
`based on
`
`[11.C] comparing the source IP address with profiles of
`
`authorized source devices, each profile including an IP address,
`
`wherein if the source IP address is included in a profile of an
`
`authorized source device, the source device is granted access without
`
`further authorization, and
`
`[11.D] if the source IP address is not included in a profile
`
`associated with an authorized device, then determining whether the
`
`destination IP address is included in a plurality of destination IP
`
`
`
`- 13 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`addresses associated with the access controller, wherein if the
`
`destination IP address is included in the plurality of destination IP
`
`addresses, the source device is granted access without further
`
`authorization, and
`
`[11.E] if the destination IP address is not included in the
`
`plurality of destination IP addresses, then the access controller
`
`authorizes network access
`
`to
`
`the computing device after
`
`authenticating user credentials received from the source device via the
`
`login page have been authenticated.
`
`Id. at 132:13-43.
`
`
`
`- 14 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`30. The ’060 application includes a flowchart that illustrates of a method
`
`of providing network access to a source device:
`
`
`
`Ex. 1003 at 8. The flowchart describes receiving a request from a source computer
`
`at step 200, and authenticating the source based on an attribute associated with the
`
`source at step 210. Id. Step 220 then shows determining authorization of the source
`
`based on 1) an attribute associated with the source, 2) destination, or 3) content. Id.
`
`
`
`- 15 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`31. The ’060 application describes in numerous places the step of
`
`identifying in a packet an attribute associated with the source, and using that
`
`attribute with a source profile database to determine access rights:
`
`The method includes receiving at the gateway device a request from
`
`the source computer for access to the network, identifying an
`
`attribute associated with the source based upon a packet transmitted
`
`from the source computer and received by the gateway device, and
`
`accessing a source profile corresponding to the source and stored in a
`
`source profile database, wherein the source profile is accessed based
`
`upon the attribute, and wherein the source profile database is located
`
`external to the gateway device and in communication with the
`
`gateway device. The method also includes determining the access
`
`rights of the source based upon the source profile, wherein access
`
`rights define the rights of the source to access the network.
`
`According to one aspect of the invention, determining the access
`
`rights of the source based upon the source profile includes
`
`determining the access rights of the source based upon the source
`
`profile, wherein the access rights define the rights of the source to
`
`access a requested network destination. According to another aspect
`
`of the invention, the method includes assigning a location identifier
`
`to the location from which requests for access to the network are
`
`transmitted, and the location identifier is the attribute associated
`
`with the source.
`
`Id. at 13:5-20.
`
`
`
`- 16 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`The system includes a gateway device for receiving a request from the
`
`source for access to the network, and a source profile database in
`
`communication with the gateway device and located external to the
`
`gateway device, wherein the source profile database stores access
`
`information identifiable by an attribute associated with the source,
`
`and wherein the attribute is identified based upon a data packet
`
`transmitted from the source computer and received by the gateway
`
`device.
`
`Id. at 14:5-11.)
`
`Upon a source’s attempt to access a network via the gateway device
`
`12, the AAA server 30 attempts to authenticate the source by
`
`comparing stored source profiles in the source profile database with
`
`the attributes received from the gateway device 12 or source to
`
`determine the source identity.
`
`Id. at 21:3-6.
`
`According to one aspect of the invention, the AAA server 30 can
`
`identify the source in communication with the gateway device in a
`
`manner that is transparent to computer users. That is, according to one
`
`aspect of the invention, a user will not be required to input
`
`identification
`
`information, reconfigure
`
`the source computer or
`
`otherwise change the source computer's primary network settings.
`
`Furthermore, no additional configuration software will have to be
`
`added to the source computer. After a packet is received by the
`
`gateway device, attributes identified by the data packet can be
`
`compared with the data contained in the source profile database.
`
`
`
`- 17 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`Therefore, in addition to not requiring the reconfiguration of
`
`computers accessing the network, AAA servers of the present
`
`invention have the ability to authenticate sources without requiring
`
`interactive steps by the computer user, such as the entering of a user
`
`ID. For instance, the AAA server 30 may automatically identify the
`
`source based upon a MAC address, so that authorization of the source
`
`can be readily determined. Therefore, it will be appreciated that the
`
`AAA server 30 can determine the user, computer, or location from
`
`which access is requested by comparing the attributes associated
`
`with the received data packet (such as in a header of the data
`
`packet) with data drawn from the source profile database. As will be
`
`described below, the access rights associated with the source may also
`
`be stored within the source profile database so that the system and
`
`method of the present invention can dynamically authorize access to
`
`particular services or destinations.
`
`Id. at 22:16-23:3. Each of these examples provide support for comparing attributes
`
`from a source with source profiles in a source profile database.
`
`32. The ’060 application lists in various places examples of packet
`
`attributes that may be used to authenticate the source:
`
`Upon receiving a packet transmitted to the AAA server 30, the AAA
`
`server 30 examines the packet to determine the identity of the source
`
`(block 210). The attributes transmitted via the packet are temporarily
`
`stored in the source profile database so that the data can be
`
`examined for use in determining authorization rights of the source.
`
`The attributes contained in the packet can include network
`
`
`
`- 18 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`information, source IP address, source port, link layer information,
`
`source MAC address, VLAN tag, circuit ID, destination IP address,
`
`destination port, protocol type, packet type, and the like. After this
`
`information is identified and stored, access requested from a source is
`
`matched against the authorization of that source (block 230).
`
`Id. at 25:22-26:2.
`
`According to yet another aspect of the invention, the method includes
`
`updating the source profile database when a new source accesses the
`
`network. Additionally, the method can include maintaining in the
`
`source profile database a historical log of the source’s access to the
`
`network. Moreover, the attribute associated with the source can be
`
`based upon a MAC address, User ID or VLAN ID associated with
`
`the source computer from which the request for access to the network
`
`was transmitted. According to yet another aspect of the invention,
`
`receiving at the gateway device a request from a source for access can
`
`include the step of receiving a destination address from the source.
`
`Id. at 13:24-31.
`
`33. Petitioner argues that the ’060 application does not disclose
`
`“(i) comparing the source IP address of incoming packets with profiles of
`
`authorized source devices; (ii) that each profile includes an IP address; or (iii) that
`
`the source device is granted access without further authorization if its IP address is
`
`included in a profile.” Pet. at 13.
`
`
`
`- 19 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`34.
`
`I disagree. The ’060 application describes in numerous places
`
`(including the examples I quote above in ¶ 311) the comparison of attributes of
`
`incoming packets with profiles of authorized source devices, that each profile
`
`includes an attribute, and that the source device is granted access without further
`
`authorization if the attribute is included in the profile. The ’060 application also
`
`describes the types of attributes used for authorization (including the examples I
`
`quote above in ¶ 322). The attributes disclosed in the ’060 application specifically
`
`include the packet source IP address and packet destination IP address. In my
`
`opinion, persons of ordinary skill in the field of the invention would recognize,
`
`from reading the patent specification, that the inventor possessed the subject matter
`
`of claims 1 and 11, including comparison of the source IP address of incoming
`
`packets with profiles of authorized source devices, that the profile includes the
`
`source IP address, and that the source device is granted access without further
`
`authorization if the source IP address is included in the profile.
`
`35.
`
`Petitioner argues
`
`that prior applications fail
`
`to disclose “(i)
`
`‘comparing’ the destination IP address against a ‘plurality of authorized destination
`
`IP addresses’; or (ii) any destination IP address ‘associated with the access
`
`controller,’ ‘determining whether the destination IP address is included in a
`
`plurality of destination IP addresses associated with the access controller.’” Pet.
`
`at 15. Petitioner, however, acknowledges that the ’890 provisional application,
`
`- 20 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`which is incorporated by reference in the ’060 application, “attaches a ‘User
`
`Guide’ for a ‘Universal Subscriber Gateway’
`
`that
`
`instructs
`
`that, during
`
`configuration, the system prompts the administrator for ‘pass-through IP
`
`addresses . . . that allow users to ‘pass through’ the [gateway] and access
`
`predetermined services . . . even if they are not currently subscribing . . . for
`
`access.’” Id., citing Ex. A to Ex. 1021 at 45. Petitioner and its declarant argue that
`
`this fails to disclose “that the gateway allows a user to pass through the gateway
`
`specifically by comparing a destination IP address in a TCP connection request
`
`against a list of the pass-through IP addresses.” Id. at 15-16.
`
`36.
`
`I disagree. The ’060 application specifically discloses “receiving at
`
`the gateway device a request from a source for access can include the step of
`
`receiving a destination address from the source.” Ex. 1003 at 13:24-31. The ’060
`
`application also specifically discloses that the “attributes transmitted via the packet
`
`are temporarily stored in the source profile database so that the data can be
`
`examined for use in determining authorization rights of the source. The attributes
`
`contained in the packet can include . . . destination IP address, destination
`
`port, . . . and the like.” Ex. 1003 at 25:24-30. The ’060 application explains that
`
`the “destination can be a destination port, Internet address, TCP port, network, or
`
`the like.” Id. at 24:29-30; see also id. at 12:18-21.
`
`
`
`- 21 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`37. As mentioned, the ’060 application incorporates by reference the ’890
`
`provisional in its entirety. Id. at 9:15, 9:28. Accordingly, the disclosure in the
`
`’890 provisional is part of the ’060 application. The ’890 provisional also
`
`describes using four “pass-through IP addresses” that “allow users to ‘pass
`
`through’ the USG 1000 and access predetermined services (for example, the
`
`redirected home page) at the solution provider’s discretion, even though they may
`
`not have subscribed to the broadband Internet service.” Ex. 1021 at 66; see also id.
`
`at 67-71. A POSITA would understand that the pass-through IP addresses do not
`
`require further authorization. The User Guide incorporated by reference in the
`
`’890 provisional application also includes a glossary that explains related terms:
`
`“Internet Protocol: The global standard used to regulate data
`
`transmissions between computers and the Internet. Data is broken up
`
`into packets which are then sent over the network. By using IP
`
`addressing, Internet Protocol ensures that the data reaches its
`
`destination, even though different packets may pass through different
`
`networks to get to the same location. See also, Internet and IP
`
`Address.” Id. at 153.
`
`“IP Address: The numeric address of a device, in the format used on
`
`the Internet. The actual numeric value takes the form of a 32-bit
`
`binary number broken up into four 8-bit groups, with each group
`
`separated by a period (for example, 198.43.7.85). To make it easier
`
`for the user, the IP address is mapped to a meaningful domain name.
`
`IP addresses can be static (permanent) or dynamic (assigned each time
`
`
`
`- 22 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`you connect). See also, Domain Name, Dynamic IP Address, Internet
`
`Protocol, and Static IP Address.” Id.
`
`“TCP: (Transmission Control Protocol) Manages data