UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`GUEST TEK INTERACTIVE ENTERTAINMENT LTD.,
`Petitioner,
`
`v.
`
`NOMADIX, INC.,
`Patent Owner.
`
`Case IPR2019-01191
`Patent 8,606,917
`
`DECLARATION OF STUART G. STUBBLEBINE, PH.D.
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`GUEST TEK INTERACTIVE ENTERTAINMENT LTD.,
`Petitioner,
`
`v.
`
`NOMADIX, INC.,
`Patent Owner.
`
`Case IPR2019-01191
`Patent 8,606,917
`
`DECLARATION OF STUART G. STUBBLEBINE, PH.D.
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`1.
`
`I, Stuart G. Stubblebine, Ph.D., am making this declaration at the
`
`request of Nomadix in the matter of IPR2019-01191 before the Patent Trial and
`
`Appeal Board (PTAB) of the United States Patent and Trademark Office, which
`
`involves Guest Tek Interactive Entertainment Ltd.’s petition for inter partes review
`
`of U.S. Patent No. 8,606,917 (“the ’917 patent”).
`
`2.
`
`I am being compensated for my work in this matter on an hourly-fee
`
`basis. My compensation does not depend in any way on the outcome of this
`
`proceeding.
`
`3.
`
`In this declaration, I will use the following abbreviations for the
`
`following documents, which I have reviewed and considered:
`
`
`
`- 1 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`Short Name
`’917 patent
`Dordal Decl.
`’060 application
`
`Trudeau
`Whyte
`
`Fuh
`NIST
`
`’890 provisional
`
`Petition
`
`
`
`Record Citation
`Reference
`Exhibit 1001
`U.S. Patent No. 8,606,917
`Declaration of Dr. Peter Dordal Exhibit 1002
`U.S. Patent Application
`Exhibit 1003
`09/693,060
`U.S. Patent No. 8,046,578
`David Whyte et al., DNS-based
`Detection of Scanning Worms in
`an Enterprise Network,
`Proceedings of the 12th Annual
`Network and Distributed
`System Security Symposium,
`San Diego, USA (Feb. 3-4,
`2005)
`U.S. Patent No. 6,463,474
`John Wack et al., Keeping Your
`Site Comfortably Secure: An
`Introduction to Internet
`Firewalls, NIST Special
`Publication 800-10 (Dec. 1994)
`U.S. Patent Application
`60/160,890
`Petition for Inter Partes Review
`of U.S. Patent No. 8,606,917
`
`Exhibit 1021
`
`Paper 1
`
`Exhibit 1004
`Exhibit 1005
`
`Exhibit 1006
`Exhibit 1007
`
`I. PROFESSIONAL BACKGROUND
`
`4.
`
`I have over 30 years of experience studying, researching, and working
`
`with computers, computer programming, and networks. I received a Bachelor of
`
`Science degree in Computer Science and Mathematics in 1983 from Vanderbilt
`
`University, a Master of Science degree in Electrical Engineering in 1988 from the
`
`University of Arizona, and a Ph.D. degree in Electrical Engineering in 1992 from
`
`the University of Maryland.
`
`
`
`- 2 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`5.
`
`I served in the U.S. Army from 1984 to 1987, focusing on
`
`telecommunications. From 1985 to 1987, I was an instructor at the City Colleges of
`
`Chicago,
`
`teaching undergraduate computer science courses
`
`relating
`
`to
`
`programming and system analysis and design. Then, in 1988, as a Research
`
`Assistant in the Electrical and Computer Engineering Department at the University
`
`of Arizona, I worked on a video, telecommunication, and distributed computer
`
`architecture for conferencing. Among other things, I optimized the network design
`
`and communication protocols for the system.
`
`6.
`
`From 1989 to 1990, I was the Director of Secure Systems Engineering
`
`at Commcrypt, where I led research and development in several security-related
`
`areas, including network and file server architectures, automated cryptographic key
`
`management, and secure e-mail. At Commcrypt, I also worked with the National
`
`Institute of Standards and Technology to establish national standards for secure
`
`programming.
`
`7.
`
`From 1990 to 1991, while conducting my doctoral research at the
`
`University of Maryland, I also taught a laboratory component of an upper division
`
`computer engineering course. From 1991 to 1992, while continuing my doctoral
`
`research, I worked as a Computer Scientist and consultant in the Federal Systems
`
`Division of IBM. In that capacity, I analyzed the security of certain network
`
`architectures and distributed computing systems and identified significant
`
`- 3 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`vulnerabilities in Privacy-Enhanced Electronic Mail and the Kerberos network
`
`authentication service.
`
`8.
`
`After receiving my Ph.D. in 1992, I had a joint appointment at the
`
`University of Southern California as a Research Assistant Professor in the
`
`Computer Science Department and as a Computer Scientist with the Information
`
`Sciences Institute, from 1992 to 1994. I continued on at USC for the next four
`
`years as an adjunct faculty member in the Computer Science department. During
`
`my time at USC, among several other responsibilities, I advised students on
`
`research in computer networks and security. I also conducted research relating to
`
`minimizing delay and bandwidth for protecting traffic flow confidentiality in
`
`networks and contributed to the design of the Real-Time Transport Protocol.
`
`9.
`
`During part of my time at USC, from 1994 to 1998, I was also a
`
`researcher at AT&T Bell Labs (later AT&T Labs – Research), performing research
`
`in computer and network security technology. While at Bell Labs, I worked on
`
`numerous projects, including projects involving research into secure Internet
`
`telephony, attacks on the IPSEC protocol and security for e-commerce services.
`
`10. From 1998 to 2001, I was a Vice President and Cryptographer at
`
`CertCo, Inc., conducting research, design, and analysis of public key infrastructure
`
`protocols and related risk management services. Beginning in 2001, I formed
`
`Stubblebine Consulting and Stubblebine Research Labs, and began my affiliation
`
`
`
`- 4 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`as a professional researcher with the Computer Science department at the
`
`University of California, Davis.
`
`11.
`
`I was an Associate Editor of Association for Computing Machinery
`
`(ACM) Transactions on Information and System Security, the premier academic
`
`journal in the area of network and computer security, and a member of its editorial
`
`board from January 2000 to April 2007. I was an invited editor for the Special
`
`Issue on Software Engineering and Security for ACM Transactions on Software
`
`Engineering and Methodology in 2000.
`
`12.
`
`I was a member of the Program Committee, ACM Conference on
`
`Computer and Communications Security in 1996, 1997, 2002, and 2003. I was also
`
`a member of the Program Committee, Formal Methods in Security Engineering
`
`(FMSE) in 2003 and 2004. I served on the Program Committee for Financial
`
`Cryptography in 2001 and 2006. I was the Tutorial Chair, ACM Conference on
`
`Computer and Communications Security in 2000, and a Session Chair for that
`
`conference in 2000 and 2003. I was on the Program Committee for the Institute of
`
`Electrical and Electronics Engineers (IEEE) Computer Security Symposium on
`
`Research in Security and Privacy in 1994, 1996, 1997, and 1998, and a Session
`
`Chair for that Symposium in 1994 and 1998. I was on the Program Committee,
`
`European Symposium on Research in Computer Security in 1998, and the
`
`Publications Chair, ACM Conference on Computer and Communications Security,
`
`
`
`- 5 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`also in 1998. I served as a Session Chair, 1997 DIMACS Workshop on Design and
`
`Formal Verification of Security Protocols, and also served on the Program
`
`Committee for the National Computer Security Conference in 1993 and 1994.
`
`13. As a research scientist with Stubblebine Research Labs, I performed
`
`research sponsored by the National Science Foundation into security and privacy
`
`technology. Currently, as a principal of Stubblebine Consulting, I provide
`
`consultation services in the fields of computer and network security. Furthermore, I
`
`am an inventor on 12 United States patents, all of which relate to computer and
`
`network security.
`
`II. SCOPE OF ANALYSIS
`
`14.
`
`I understand that this PTAB proceeding involves subjects related to
`
`the patentability of claims 1 and 11 of the ’917 patent. I understand that my
`
`analysis in this proceeding is limited in scope, and that I have been asked to offer
`
`analysis regarding the particular obviousness theories set forth in the Petition. I
`
`have therefore limited my analysis to whether, Trudeau in view of Whyte
`
`(Ground 1), Trudeau in view of Whyte and Fuh (Ground 2), and Fuh in view of
`
`NIST (Ground 3) would render the challenged claims of the ’917 patent obvious to
`
`one of ordinary skill in the art at the time of the invention. The specific topics
`
`within this question that I have been asked to address, and my analysis thereof, are
`
`set forth in the section of this declaration labeled “SUBSTANTIVE ANALYSIS.”
`
`
`
`- 6 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`15. With respect to the present PTAB proceeding, I have neither analyzed
`
`nor expressed any opinion about any subject that is not expressly included in the
`
`section labeled “SUBSTANTIVE ANALYSIS.”
`
`III. LEGAL STANDARDS
`
`16. At the outset, I want to clarify that all of my analysis and opinions in
`
`this declaration are from the perspective of a person of ordinary skill in the art at
`
`the time of invention. In the interest of conciseness, some portions of this
`
`declaration do not expressly include language indicating that the analysis is from
`
`the perspective of a person of ordinary skill in the art at the time of invention. It
`
`should be understood, however, that my analysis and opinions are from the
`
`perspective of a person of ordinary skill in the art at the time of invention. For
`
`example, my opinion that a reference does not disclose or teach a claim limitation
`
`should be understood to mean that, in my opinion, a person of ordinary skill in the
`
`art at the time of invention would interpret the reference as not disclosing the
`
`limitation.
`
`17.
`
`I will not offer opinions of law as I am not an attorney. The opinions I
`
`am expressing in this declaration involve the application of my knowledge and
`
`experience to the evaluation of the ’917 patent and certain art with respect to the
`
`’917 patent. The paragraphs below express my understanding of how I must apply
`
`current principles related to patentability to my analysis.
`
`
`
`- 7 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`18.
`
`I understand that a claim is unpatentable under 35 U.S.C. § 103 if the
`
`differences between the claimed subject matter and the prior art are such that the
`
`claimed subject matter as a whole would have been obvious to a person of ordinary
`
`skill in the art at the time of the invention. I also understand that an obviousness
`
`analysis is based on the scope and content of the prior art, the differences between
`
`the claimed subject matter and the prior art, the level of ordinary skill in the
`
`pertinent art at the time of the invention, and objective indicia of nonobviousness,
`
`such as commercial success, industry praise, and unexpected results.
`
`19.
`
`It is my further understanding that, to find a claimed invention
`
`obvious in light of a combination of prior-art references, a person of ordinary skill
`
`in the art at the time of the invention must have had reason to combine the
`
`teachings of the prior-art references to achieve the claimed invention, and that the
`
`person of ordinary skill must have had a reasonable expectation of succeeding in
`
`combining the teachings to arrive at the claimed invention. I further understand
`
`that a reason to combine or expectation of success is undermined if the
`
`combination or modification of the technology disclosed in the prior art would
`
`interfere with an objective of the technology disclosed in the prior art or if the prior
`
`art teaches away from making the combination or modification.
`
`20.
`
`I understand that an assessment of what a reference discloses or
`
`teaches—for purposes of an obviousness analysis—must be conducted from the
`
`
`
`- 8 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`perspective of a person of ordinary skill in the art at the time of the invention. In
`
`other words, a reference discloses or teaches a claim limitation only if a person of
`
`ordinary skill in the art would, at the relevant time, interpret the reference as
`
`disclosing the claim limitation.
`
`21.
`
`I understand that a patent must contain a written description of the
`
`limitations recited in the claims. To satisfy the written description requirement, the
`
`patent specification must describe each and every limitation of a patent claim, in
`
`sufficient detail, although the exact words found in the claim need not be used. I
`
`understand the written description requirement is satisfied if persons of ordinary
`
`skill in the field of the invention would recognize, from reading the patent
`
`specification, that the inventor possessed the subject matter finally claimed in the
`
`patent. The written description requirement is satisfied if the specification shows
`
`that the inventor possessed his or her invention as of the effective filing date of the
`
`claimed invention, even though the claims themselves may have been changed or
`
`new claims added since that time.
`
`22.
`
`I understand it is unnecessary to spell out every detail of the invention
`
`in the specification, and specific examples are not required; only enough must be
`
`included in the specification to convince persons of ordinary skill in the art that the
`
`inventor possessed the full scope of the invention. In evaluating whether the
`
`specification has provided an adequate written description, I have considered such
`
`
`
`- 9 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`factors as 1) the nature and scope of the patent claims; 2) the complexity,
`
`predictability, and maturity of the technology at issue; 3) the existing knowledge in
`
`the relevant field; and 4) the scope and content of the prior art.
`
`IV. SUBSTANTIVE ANALYSIS
`
`23.
`
`I reiterate that all of my analysis and opinions in this declaration are
`
`from the perspective of a person of ordinary skill in the art at the time of invention,
`
`though I may not expressly repeat this every time I articulate my analysis or
`
`conclusions.
`
`A. Level of Ordinary Skill in the Art
`
`24.
`
`I understand that factors that may be considered in determining the
`
`level of ordinary skill in the art include: the type of problems encountered in the
`
`art; prior-art solutions to those problems; the rapidity with which innovations are
`
`made; the sophistication of the technology; and the educational level of active
`
`workers in the field. I understand that not all such factors may apply to or be
`
`present in every case and that one or more factors may predominate in a particular
`
`case. Moreover, I understand that inventors often possess extraordinary rather than
`
`merely ordinary skill in the art.
`
`25. Petitioner contends the following on the level of ordinary skill in the
`
`art:
`
`
`
`- 10 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`A person of ordinary skill in the art at the time of the alleged inventions of
`
`claims 1 and 11 (“POSITA”) would have had (1) either a formal degree in
`
`computer science or a related subject, or commensurate informal education
`
`in computer programming and designing computer networks, and (2) at least
`
`2 years of experience in designing or programming computer networks.
`
`Pet. at 19.
`
`26.
`
`I do not necessarily agree with Petitioner’s assertions regarding the
`
`pertinent art or level of ordinary skill, but even if I were to apply Petitioner’s
`
`proposed level of skill to my analysis, my analysis and opinions below would not
`
`materially change. I reserve the right to opine on the level of ordinary skill at a
`
`later date in this proceeding.
`
`B. Analysis of Grounds 1 and 2
`
`1.
`
`The ’060 application provides support for all of the limitations of
`Claims 1 and 11
`
`27.
`
`I understand that Petitioner contends that claims 1 and 11 are
`
`unpatentable based, at least in part, on Trudeau in view of Whyte (Grounds 1
`
`and 2). I understand Petitioner argues that the ’060 patent does not provide written
`
`description support for claims 1 and 11, thereby making Trudeau and Whyte prior
`
`art to those claims. In my opinion, the ’060 application provides written
`
`description support for claims 1 and 11.
`
`28. Claim 1 recites:
`
`
`
`- 11 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`1. A method for granting access to a computer network,
`
`comprising:
`
`[1.A] receiving at an access controller a request to access the
`
`network from a source computer, the request including a transmission
`
`control protocol (TCP) connection request having a source IP address
`
`and a destination IP address;
`
`[1.B] determining by the access controller whether the source
`
`computer must login to access the network, including:
`
`[1.C] comparing the source IP address with profiles of
`
`authorized source devices, each profile including an IP address,
`
`wherein if the source IP address is included in a profile of an
`
`authorized source device, the source device is granted access
`
`without further authorization, and
`
`[1.D] if the source IP address is not included in a profile
`
`associated with an authorized source device, then determining
`
`whether the destination IP address is included in a plurality of
`
`destination IP addresses associated with the access controller,
`
`wherein if the destination IP address is included in the plurality
`
`of destination IP addresses, the source device is granted access
`
`without further authorization, and
`
`[1.E] if the destination IP address is not included in the
`
`plurality of destination IP addresses, then the access controller
`
`determines the source device must be authorized to access the
`
`network and provides the source device with a login page;
`
`- 12 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`[1.F] using the access controller to authenticate credentials
`
`provided from the source device via the login page; and
`
`[1.G] authorizing the source device access to the network if the
`
`provided credentials are authenticated.
`
`Ex. 1001 at 131:18-49.
`
`29. Claim 11 recites:
`
`11. A system for providing network access to a source device
`
`comprising:
`
`[11.A] an access controller configured to receive a request to
`
`access the network from the source device, the request including a
`
`transmission control protocol (TCP) connection request having a
`
`source IP address and a destination IP address,
`
`[11.B] the access controller further configured to redirect the
`
`source device to a login page if it is determined that authentication is
`
`required prior to network access being granted, the authentication
`
`based on
`
`[11.C] comparing the source IP address with profiles of
`
`authorized source devices, each profile including an IP address,
`
`wherein if the source IP address is included in a profile of an
`
`authorized source device, the source device is granted access without
`
`further authorization, and
`
`[11.D] if the source IP address is not included in a profile
`
`associated with an authorized device, then determining whether the
`
`destination IP address is included in a plurality of destination IP
`
`
`
`- 13 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`addresses associated with the access controller, wherein if the
`
`destination IP address is included in the plurality of destination IP
`
`addresses, the source device is granted access without further
`
`authorization, and
`
`[11.E] if the destination IP address is not included in the
`
`plurality of destination IP addresses, then the access controller
`
`authorizes network access
`
`to
`
`the computing device after
`
`authenticating user credentials received from the source device via the
`
`login page have been authenticated.
`
`Id. at 132:13-43.
`
`
`
`- 14 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`30. The ’060 application includes a flowchart that illustrates of a method
`
`of providing network access to a source device:
`
`
`
`Ex. 1003 at 8. The flowchart describes receiving a request from a source computer
`
`at step 200, and authenticating the source based on an attribute associated with the
`
`source at step 210. Id. Step 220 then shows determining authorization of the source
`
`based on 1) an attribute associated with the source, 2) destination, or 3) content. Id.
`
`
`
`- 15 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`31. The ’060 application describes in numerous places the step of
`
`identifying in a packet an attribute associated with the source, and using that
`
`attribute with a source profile database to determine access rights:
`
`The method includes receiving at the gateway device a request from
`
`the source computer for access to the network, identifying an
`
`attribute associated with the source based upon a packet transmitted
`
`from the source computer and received by the gateway device, and
`
`accessing a source profile corresponding to the source and stored in a
`
`source profile database, wherein the source profile is accessed based
`
`upon the attribute, and wherein the source profile database is located
`
`external to the gateway device and in communication with the
`
`gateway device. The method also includes determining the access
`
`rights of the source based upon the source profile, wherein access
`
`rights define the rights of the source to access the network.
`
`According to one aspect of the invention, determining the access
`
`rights of the source based upon the source profile includes
`
`determining the access rights of the source based upon the source
`
`profile, wherein the access rights define the rights of the source to
`
`access a requested network destination. According to another aspect
`
`of the invention, the method includes assigning a location identifier
`
`to the location from which requests for access to the network are
`
`transmitted, and the location identifier is the attribute associated
`
`with the source.
`
`Id. at 13:5-20.
`
`
`
`- 16 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`The system includes a gateway device for receiving a request from the
`
`source for access to the network, and a source profile database in
`
`communication with the gateway device and located external to the
`
`gateway device, wherein the source profile database stores access
`
`information identifiable by an attribute associated with the source,
`
`and wherein the attribute is identified based upon a data packet
`
`transmitted from the source computer and received by the gateway
`
`device.
`
`Id. at 14:5-11.)
`
`Upon a source’s attempt to access a network via the gateway device
`
`12, the AAA server 30 attempts to authenticate the source by
`
`comparing stored source profiles in the source profile database with
`
`the attributes received from the gateway device 12 or source to
`
`determine the source identity.
`
`Id. at 21:3-6.
`
`According to one aspect of the invention, the AAA server 30 can
`
`identify the source in communication with the gateway device in a
`
`manner that is transparent to computer users. That is, according to one
`
`aspect of the invention, a user will not be required to input
`
`identification
`
`information, reconfigure
`
`the source computer or
`
`otherwise change the source computer's primary network settings.
`
`Furthermore, no additional configuration software will have to be
`
`added to the source computer. After a packet is received by the
`
`gateway device, attributes identified by the data packet can be
`
`compared with the data contained in the source profile database.
`
`
`
`- 17 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`Therefore, in addition to not requiring the reconfiguration of
`
`computers accessing the network, AAA servers of the present
`
`invention have the ability to authenticate sources without requiring
`
`interactive steps by the computer user, such as the entering of a user
`
`ID. For instance, the AAA server 30 may automatically identify the
`
`source based upon a MAC address, so that authorization of the source
`
`can be readily determined. Therefore, it will be appreciated that the
`
`AAA server 30 can determine the user, computer, or location from
`
`which access is requested by comparing the attributes associated
`
`with the received data packet (such as in a header of the data
`
`packet) with data drawn from the source profile database. As will be
`
`described below, the access rights associated with the source may also
`
`be stored within the source profile database so that the system and
`
`method of the present invention can dynamically authorize access to
`
`particular services or destinations.
`
`Id. at 22:16-23:3. Each of these examples provide support for comparing attributes
`
`from a source with source profiles in a source profile database.
`
`32. The ’060 application lists in various places examples of packet
`
`attributes that may be used to authenticate the source:
`
`Upon receiving a packet transmitted to the AAA server 30, the AAA
`
`server 30 examines the packet to determine the identity of the source
`
`(block 210). The attributes transmitted via the packet are temporarily
`
`stored in the source profile database so that the data can be
`
`examined for use in determining authorization rights of the source.
`
`The attributes contained in the packet can include network
`
`
`
`- 18 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`information, source IP address, source port, link layer information,
`
`source MAC address, VLAN tag, circuit ID, destination IP address,
`
`destination port, protocol type, packet type, and the like. After this
`
`information is identified and stored, access requested from a source is
`
`matched against the authorization of that source (block 230).
`
`Id. at 25:22-26:2.
`
`According to yet another aspect of the invention, the method includes
`
`updating the source profile database when a new source accesses the
`
`network. Additionally, the method can include maintaining in the
`
`source profile database a historical log of the source’s access to the
`
`network. Moreover, the attribute associated with the source can be
`
`based upon a MAC address, User ID or VLAN ID associated with
`
`the source computer from which the request for access to the network
`
`was transmitted. According to yet another aspect of the invention,
`
`receiving at the gateway device a request from a source for access can
`
`include the step of receiving a destination address from the source.
`
`Id. at 13:24-31.
`
`33. Petitioner argues that the ’060 application does not disclose
`
`“(i) comparing the source IP address of incoming packets with profiles of
`
`authorized source devices; (ii) that each profile includes an IP address; or (iii) that
`
`the source device is granted access without further authorization if its IP address is
`
`included in a profile.” Pet. at 13.
`
`
`
`- 19 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`34.
`
`I disagree. The ’060 application describes in numerous places
`
`(including the examples I quote above in ¶ 311) the comparison of attributes of
`
`incoming packets with profiles of authorized source devices, that each profile
`
`includes an attribute, and that the source device is granted access without further
`
`authorization if the attribute is included in the profile. The ’060 application also
`
`describes the types of attributes used for authorization (including the examples I
`
`quote above in ¶ 322). The attributes disclosed in the ’060 application specifically
`
`include the packet source IP address and packet destination IP address. In my
`
`opinion, persons of ordinary skill in the field of the invention would recognize,
`
`from reading the patent specification, that the inventor possessed the subject matter
`
`of claims 1 and 11, including comparison of the source IP address of incoming
`
`packets with profiles of authorized source devices, that the profile includes the
`
`source IP address, and that the source device is granted access without further
`
`authorization if the source IP address is included in the profile.
`
`35.
`
`Petitioner argues
`
`that prior applications fail
`
`to disclose “(i)
`
`‘comparing’ the destination IP address against a ‘plurality of authorized destination
`
`IP addresses’; or (ii) any destination IP address ‘associated with the access
`
`controller,’ ‘determining whether the destination IP address is included in a
`
`plurality of destination IP addresses associated with the access controller.’” Pet.
`
`at 15. Petitioner, however, acknowledges that the ’890 provisional application,
`
`- 20 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`which is incorporated by reference in the ’060 application, “attaches a ‘User
`
`Guide’ for a ‘Universal Subscriber Gateway’
`
`that
`
`instructs
`
`that, during
`
`configuration, the system prompts the administrator for ‘pass-through IP
`
`addresses . . . that allow users to ‘pass through’ the [gateway] and access
`
`predetermined services . . . even if they are not currently subscribing . . . for
`
`access.’” Id., citing Ex. A to Ex. 1021 at 45. Petitioner and its declarant argue that
`
`this fails to disclose “that the gateway allows a user to pass through the gateway
`
`specifically by comparing a destination IP address in a TCP connection request
`
`against a list of the pass-through IP addresses.” Id. at 15-16.
`
`36.
`
`I disagree. The ’060 application specifically discloses “receiving at
`
`the gateway device a request from a source for access can include the step of
`
`receiving a destination address from the source.” Ex. 1003 at 13:24-31. The ’060
`
`application also specifically discloses that the “attributes transmitted via the packet
`
`are temporarily stored in the source profile database so that the data can be
`
`examined for use in determining authorization rights of the source. The attributes
`
`contained in the packet can include . . . destination IP address, destination
`
`port, . . . and the like.” Ex. 1003 at 25:24-30. The ’060 application explains that
`
`the “destination can be a destination port, Internet address, TCP port, network, or
`
`the like.” Id. at 24:29-30; see also id. at 12:18-21.
`
`
`
`- 21 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`37. As mentioned, the ’060 application incorporates by reference the ’890
`
`provisional in its entirety. Id. at 9:15, 9:28. Accordingly, the disclosure in the
`
`’890 provisional is part of the ’060 application. The ’890 provisional also
`
`describes using four “pass-through IP addresses” that “allow users to ‘pass
`
`through’ the USG 1000 and access predetermined services (for example, the
`
`redirected home page) at the solution provider’s discretion, even though they may
`
`not have subscribed to the broadband Internet service.” Ex. 1021 at 66; see also id.
`
`at 67-71. A POSITA would understand that the pass-through IP addresses do not
`
`require further authorization. The User Guide incorporated by reference in the
`
`’890 provisional application also includes a glossary that explains related terms:
`
`“Internet Protocol: The global standard used to regulate data
`
`transmissions between computers and the Internet. Data is broken up
`
`into packets which are then sent over the network. By using IP
`
`addressing, Internet Protocol ensures that the data reaches its
`
`destination, even though different packets may pass through different
`
`networks to get to the same location. See also, Internet and IP
`
`Address.” Id. at 153.
`
`“IP Address: The numeric address of a device, in the format used on
`
`the Internet. The actual numeric value takes the form of a 32-bit
`
`binary number broken up into four 8-bit groups, with each group
`
`separated by a period (for example, 198.43.7.85). To make it easier
`
`for the user, the IP address is mapped to a meaningful domain name.
`
`IP addresses can be static (permanent) or dynamic (assigned each time
`
`
`
`- 22 -
`
`NOMADIX 2006
`Guest Tek v. Nomadix
`IPR2019-01191
`
`
`
`IPR2019-01191
`Patent 8,606,917
`
`you connect). See also, Domain Name, Dynamic IP Address, Internet
`
`Protocol, and Static IP Address.” Id.
`
`“TCP: (Transmission Control Protocol) Manages data
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
