EXHIBIT B8
`
`Summary of Invalidity Analysis of U.S. Patent No. 6,665,725 (“’725 Patent”) in view of
`U.S. Patent No. 6,412,000 (“Riddle”), further in view of WO 97/23076 (“Baker”),
`and further in view of RFC 1945 - Hypertext Transfer Protocol -- HTTP/1.0 (“RFC1945”)
`
`U.S. Patent No. 6,412,000, issued on June 25, 2002, qualifies as prior art to the ’725 Patent under at least Pre-AIA 35 U.S.C. §
`102(e) because it was filed on November 23, 1998, before the June 30, 1999 filing date of the provisional application to which the
`’725 Patent claims priority. Riddle further qualifies as prior art to the ’725 Patent under at least Pre-AIA 35 U.S.C. § 102(e) since a
`U.S. patent has an effective prior art date under pre-AIA 35 U.S.C. §102(e) based on the filing date of an earlier-filed patent
`application if the patent’s relevant subject matter is described in the earlier-filed application, and at least one of the patent’s claims is
`supported by the earlier-filed application’s written description in compliance with pre-AIA 35 U.S.C. §112, first paragraph. The
`application that issued as Riddle was filed on November 23, 1998. Riddle claims priority to U.S. Provisional Patent Application No.
`60/066,864 (“’864 Provisional”), which was filed on November 25, 1997.
`Riddle and the related ’864 Provisional incorporate-by-reference the following patent applications in their entirety:
`•
`U.S. Patent Application No. 09/198,051 (“’051 Application”);
`•
`U.S. Patent Application No. 08/762,828, issued as U.S. Patent No. 5,802,106;
`•
`U.S. Patent Application No. 08/977,642 (“Packer Application”), having attorney docket number 17814-5.10, and issued
`as U.S. Patent No. 6,046,980 (“Packer”); and
`U.S. Patent Application No. 08/742,994, issued as U.S. Patent No. 6,038,216.
`
`•
`
`
`
`WO 97/23076 (“Baker”), published on June 26, 1997, qualifies as prior art to the ’725 Patent under at least Pre-AIA 35 U.S.C.
`§ 102(b) because it was published more than one year before the June 30, 1999 filing date of the provisional application to which the
`’725 Patent claims priority.
`
`
`RFC 1945 - Hypertext Transfer Protocol -- HTTP/1.0 (“RFC1945”), published in March 1996, qualifies as prior art to the ’725
`Patent under at least Pre-AIA 35 U.S.C. § 102(b) because it was published more than one year before the June 30, 1999 filing date of
`the provisional application to which the ’725 Patent claims priority.
`
`
`
`Packet Intelligence Ex. 2018 Page 1 of 150
`
`

`

`EXHIBIT B8
`
`Invalidity of U.S. PATENT NO. 6,665,725 in view of Riddle et al.
`CLAIM LANGUAGE
`Exemplary Citations to Riddle et al.
`INDEPENDENT CLAIM 10
`U.S. Patent No. 6,412,000 (“Riddle”) discloses a method of performing protocol
`specific operations on a packet passing through a connection point on a computer
`network.
`
`10
`
`A method of performing protocol specific
`operations on a packet passing through a
`connection point on a computer network, the
`method comprising:
`
`
`
`
`
`For example:
`
`“The method for automatically classifying heterogeneous packets in a packet
`telecommunications environment of the present invention is implemented in the C
`programming language and is operational on a computer system such as shown in FIG.
`1A. This invention may be implemented in a client-server environment, but a client-
`server environment is not essential. This figure shows a conventional client-server
`computer system which includes a server 20 and numerous clients, one of which is
`shown as client 25. The use of the term "server' is used in the context of the invention,
`wherein the server receives queries from (typically remote) clients, does substantially
`all the processing necessary to formulate responses to the queries, and provides these
`responses to the clients. However, server 20 may itself act in the capacity of a client
`when it accesses remote databases located at another node acting as a database server.
`The hardware configurations are in general standard and will be described only briefly.
`In accordance with known practice, server 20 includes one or more processors 30
`which communicate with a number of peripheral devices via a bus subsystem 32.
`These peripheral devices typically include a Storage Subsystem 35, comprised of a
`memory subsystem 35a and a file storage subsystem 35b holding computer programs
`(e.g., code or instructions) and data, a set of user interface input and output devices 37,
`and an interface to outside networks, which may employ Ethernet, Token Ring, ATM,
`IEEE 802.3, ITU X.25, Serial Link Internet Protocol (SLIP) or the public switched
`telephone network. This interface is shown schematically as a “Network Interface”
`block 40. It is coupled to corresponding interface devices in client computers via a
`network connection 45.” Riddle, 5:53-6:15.
`
`
`
`2
`
`Packet Intelligence Ex. 2018 Page 2 of 150
`
`

`

`EXHIBIT B8
`
`Riddle, Fig. 1A.
`
`
`
`
`
`
`3
`
`Packet Intelligence Ex. 2018 Page 3 of 150
`
`

`

`EXHIBIT B8
`
`
`
`Riddle, Fig. 1B.
`
`“FIG. 1C is illustrative of the internetworking of a plurality of clients such as client 25
`of FIGS. 1A and 1B and a plurality of servers such as server 20 of FIGS. 1A and 1B as
`described herein above. In FIG. 1C, network 60 is an example of a Token Ring or
`frame oriented network. Network 60 links host 61, such as an IBM RS6000 RISC
`WorkStation, which may be running the AIX operating System, to host 62, which is a
`
`
`
`4
`
`Packet Intelligence Ex. 2018 Page 4 of 150
`
`

`

`EXHIBIT B8
`
`personal computer, which may be running Windows 95, IBM OS/2 or a DOS operating
`system, and host 63, which may be an IBM AS/400 computer, which may be running
`the OS/400 operating system. Network 60 is internetworked to network 70 via a system
`gateway which is depicted here as router 75, but which may also be a gateway having a
`firewall or a network bridge. Network 70 is an example of an Ethernet network that
`interconnects host 71, which is a SPARC workstation, which may be running SUNOS
`operating system with host 72, which may be a Digital Equipment VAX6000 computer
`which may be running the VMS operating system.
`Router 75 is a network access point (NAP) of network 70 and network 60. Router 75
`employs a Token Ring adapter and Ethernet adapter. This enables router 75 to interface
`with the two heterogeneous networks. Router 75 is also aware of the Inter-network
`Protocols, such as ICMP and RIP, which are described herein below.” Riddle, 7:10-34.
`“8. A system for automatically classifying traffic in a packet telecommunications
`network, said network having any number of flows, including zero, comprising:
`a plurality of network links upon which said traffic is carried;
`a network routing means, and,
`a processor means operative to:
`parse a packet into a first flow specification, wherein said first flow specification
`contains at least one instance of any one of the following:
`a protocol family designation,
`a direction of packet flow designation,
`a protocol type designation,
`a pair of ports,
`in HTTP protocol packets, a pointer to a MIME type; thereupon,
`match the first flow specification of the parsing step to a plurality of classes
`represented by a plurality of said classification tree type nodes, each said
`classification tree type node having a traffic specification and a mask,
`according to the mask; thereupon,
`if a matching classification tree type node was not found in the matching step,
`associating said first flow specification with one or more newly-created
`classification tree type nodes, thereupon, incorporating said newly created
`classification tree type nodes into said plurality of said classification tree type
`nodes.” Riddle, Claim 8.
`
`
`
`5
`
`Packet Intelligence Ex. 2018 Page 5 of 150
`
`

`

`EXHIBIT B8
`
`10a
`
`(a) receiving the packet;
`
`
`
`Riddle, Fig. 1C.
`
`Riddle discloses this element, for example:
`
`“In a packet communication environment, a method is provided for automatically
`classifying packet flows for use in allocating bandwidth resources by a rule of
`assignment of a service level. The method comprises applying individual instances of
`traffic classification paradigms to packet network flows base on selectable information
`obtained from a plurality of layers of a multi-layered communication protocol in order
`to define a characteristic class, then mapping the flow to the defined traffic class. It is
`useful to note that the automatic classification is sufficiently robust to classify a
`complete enumeration of the possible traffic class.” Riddle, Abstract.
`
`
`“According to the invention, in a packet communication environment, a method is
`provided for automatically classifying packet flows for use in allocating bandwidth
`resources and the like by a rule of assignment of a service level. The method
`comprises applying individual instances of traffic classification paradigms to packet
`
`
`
`6
`
`Packet Intelligence Ex. 2018 Page 6 of 150
`
`

`

`EXHIBIT B8
`
`network flows based on selectable information obtained from a plurality of layers of a
`multi-layered communication protocol in order to define a characteristic class, then
`mapping the flow to the defined traffic class. It is useful to note that the automatic
`classification is sufficiently robust to classify a complete enumeration of the possible
`traffic.
`In the present invention network managers need not know the technical aspects of
`each kind of traffic in order to configure traffic classes and service aggregates bundle
`traffic to provide a convenience to the user, by clarifying processing and enables the
`user to obtain group counts of all parts comprising a service.” Riddle, 4:6-23.
`
`“1. A method for automatically classifying traffic in a packet communications network,
`said network having any number of flows, including zero, comprising the steps of:
`parsing a packet into a first flow specification, wherein said first flow specification
`contains at least one instance of any one of the following:
`a protocol family designation,
`a direction of packet flow designation,
`a protocol type designation,
`a pair of hosts,
`a pair of ports,
`in HTTP protocol packets, a pointer to a MIME type; thereupon,
`matching the first flow specification of the parsing step to a plurality of classes
`represented by a plurality nodes of a classification tree type, each said
`classification tree type node having a traffic specification; thereupon,
`if a matching classification tree type node was not found in the matching step,
`associating said first flow specification with one or more newly-created
`classification tree type nodes, thereupon,
`incorporating said newly-created classification tree type nodes into said plurality of
`classification tree type nodes.” Riddle, claim 1.
`“8. A system for automatically classifying traffic in a packet telecommunications
`network, said network having any number of flows, including zero, comprising:
`a plurality of network links upon which said traffic is carried;
`a network routing means, and,
`a processor means operative to:
`
`
`
`7
`
`Packet Intelligence Ex. 2018 Page 7 of 150
`
`

`

`EXHIBIT B8
`
`parse a packet into a first flow specification, wherein said first flow specification
`contains at least one instance of any one of the following:
`a protocol family designation,
`a direction of packet flow designation,
`a protocol type designation,
`a pair of ports,
`in HTTP protocol packets, a pointer to a MIME type; thereupon,
`match the first flow specification of the parsing step to a plurality of classes
`represented by a plurality of said classification tree type nodes, each said
`classification tree type node having a traffic specification and a mask,
`according to the mask; thereupon,
`if a matching classification tree type node was not found in the matching step,
`associating said first flow specification with one or more newly-created
`classification tree type nodes, thereupon, incorporating said newly created
`classification tree type nodes into said plurality of said classification tree type
`nodes.” Riddle, Claim 8.
`
`
`
`8
`
`Packet Intelligence Ex. 2018 Page 8 of 150
`
`

`

`EXHIBIT B8
`
`
`
`Riddle, Fig. 4A.
`
`“3.2 Automatic Traffic Classification Processing
`FIG. 3 depicts components of a system for automatically classifying traffic according
`to the invention. A traffic tree 302 in which new traffic will be classified under a
`particular member class node. A traffic classifier 304 detects services for incoming
`traffic. Alternatively, the classifier may start with a service and determine the hosts
`using it. A knowledge base 306 contains heuristics for determining traffic classes. The
`knowledge base may be embodied in a file or a relational database. In a particular
`embodiment, the knowledge is contained within a data structure resident in memory. A
`plurality of saved lists 308 stores classified traffic pending incorporation into traffic
`tree 302. In select embodiments, entries for each instance of traffic may be kept. In
`
`
`
`9
`
`Packet Intelligence Ex. 2018 Page 9 of 150
`
`

`

`EXHIBIT B8
`
`alternate embodiments, a copy of an entry and a count of duplicate copies for the entry
`is maintained.” Riddle, 12:27-41.
`
`
`
`
`Riddle, Fig. 3.
`
`To the extent Riddle does not disclose or render obvious, e.g., receiving network data,
`the combination of Riddle in further view of WO 97/23076 (“Baker”) renders obvious
`these claim elements.
`
`“In one preferred form, the system of the present invention may employ a CPU or other
`hardware implementable method for analyzing data from a network in response to
`selectively programmed parsing, filtering, statistics gathering, and display requests.
`
`
`
`10
`
`Packet Intelligence Ex. 2018 Page 10 of 150
`
`

`

`10b
`
`(b) receiving a set of protocol descriptions for a
`plurality of protocols that conform to a layered
`model, a protocol description for a particular
`protocol at a particular layer level including:
`
`EXHIBIT B8
`
`Moreover, the system of the present invention may be incorporated in a network
`device, such as a network analyzer, bridge, router, or traffic generator, including a CPU
`and a plurality of input devices, storage devices, and output devices, wherein frames of
`network data may be received from an associated network, stored in the storage
`devices, and processed by the CPU based upon one or more programmably
`configurable protocol descriptions also stored in the storage devices.” Baker, 4:22-35.
`Riddle discloses this element, for example:
`
`“This invention relates to digital packet telecommunications, and particularly to
`management of network bandwidth based on information ascertainable from multiple
`layers of OSI network model. It is particularly useful in conjunction with bandwidth
`allocation mechanisms employing traffic classification in a digitally-switched packet
`telecommunications environment, as well as in monitoring, security and routing.”
`Riddle, 1:54-61.
`
`“In a packet communication environment, a method is provided for automatically
`classifying packet flows for use in allocating bandwidth resources by a rule of
`assignment of a service level. The method comprises applying individual instances of
`traffic classification paradigms to packet network flows base on selectable information
`obtained from a plurality of layers of a multi-layered communication protocol in order
`to define a characteristic class, then mapping the flow to the defined traffic class. It is
`useful to note that the automatic classification is sufficiently robust to classify a
`complete enumeration of the possible traffic class.” Riddle, Abstract.
`
`
`“According to the invention, in a packet communication environment, a method is
`provided for automatically classifying packet flows for use in allocating bandwidth
`resources and the like by a rule of assignment of a service level. The method
`comprises applying individual instances of traffic classification paradigms to packet
`network flows based on selectable information obtained from a plurality of layers of
`a multi-layered communication protocol in order to define a characteristic class,
`then mapping the flow to the defined traffic class. It is useful to note that the
`automatic classification is sufficiently robust to classify a complete enumeration of
`the possible traffic.
`In the present invention network managers need not know the technical aspects of
`
`
`
`11
`
`Packet Intelligence Ex. 2018 Page 11 of 150
`
`

`

`EXHIBIT B8
`
`each kind of traffic in order to configure traffic classes and service aggregates bundle
`traffic to provide a convenience to the user, by clarifying processing and enables the
`user to obtain group counts of all parts comprising a service.” Riddle, 4:6-23.
`
`
`
`
`
`
`Riddle, Table 2.
`
`“Table 2 depicts components from which Traffic classes may be built.” Riddle, 9:64-
`65.
`“URI A Universal Resource Identifier is the name of the location field in a web
`reference address. It is also called a URL or Universal Resource Locator” Riddle,
`Table 1.
`
`“Network traffic is automatically classified under existing classes, beginning with the
`broadest classes, an inbound traffic class and an outbound traffic class, in protocol
`layer independent categories. For example, a particular instance of traffic may be
`classified according to its transport layer characteristics, e.g., Internet Protocol port
`
`
`
`12
`
`Packet Intelligence Ex. 2018 Page 12 of 150
`
`

`

`EXHIBIT B8
`
`number, as well as its application layer information, e.g., SMTP. Characteristics such
`as MIME types may also be automatically identified. Standard protocols, such as, IPX,
`SNA, and services, such as, SMTP and FTP are recognized for automatic
`classification. Classification is performed to the most specific level determinable. For
`example, in select embodiments, non-IP traffic, such as SNA, may be classified only
`by protocol, whereas Internet Protocol traffic may be classified to the /etc/services
`level. Classification beyond a terminal classification level is detected and prevented.
`For example, in a select embodiment, a class matching “ipx” or “nntp” will not be
`further automatically classified.” Riddle, 10:59-11:9.
`“8. A system for automatically classifying traffic in a packet telecommunications
`network, said network having any number of flows, including zero, comprising:
`a plurality of network links upon which said traffic is carried;
`a network routing means, and,
`a processor means operative to:
`parse a packet into a first flow specification, wherein said first flow specification
`contains at least one instance of any one of the following:
`a protocol family designation,
`a direction of packet flow designation,
`a protocol type designation,
`a pair of ports,
`in HTTP protocol packets, a pointer to a MIME type; thereupon,
`match the first flow specification of the parsing step to a plurality of classes
`represented by a plurality of said classification tree type nodes, each said
`classification tree type node having a traffic specification and a mask,
`according to the mask; thereupon,
`if a matching classification tree type node was not found in the matching step,
`associating said first flow specification with one or more newly-created
`classification tree type nodes, thereupon, incorporating said newly created
`classification tree type nodes into said plurality of said classification tree type
`nodes.” Riddle, Claim 8.
`“If this is so, then in a step 408, an entry is made in a list of identifying characteristics,
`such as protocol type (SAP), IP protocol number, server port, traffic type if known,
`MIME type, a time of occurrence of the traffic.” Riddle, 12:50-53.
`“The present invention provides techniques to automatically classify a plurality of
`heterogeneous packets in a packet telecommunications system for management of
`
`
`
`13
`
`Packet Intelligence Ex. 2018 Page 13 of 150
`
`

`

`EXHIBIT B8
`
`network bandwidth in systems. Such as a private area network, a wide area network or
`an internetwork. Systems according to the present invention enable network managers
`to: automatically define traffic classes, for which policies may then be created for
`specifying service levels for the traffic classes and isolating bandwidth resources
`associated with certain traffic classes.” Riddle, 4:56-65.
`
`To the extent Riddle does not disclose or render obvious, e.g., protocol descriptions for
`a plurality of protocols, the combination of Riddle in further view of Baker renders
`obvious these claim elements.
`
`For example:
`
`“A network interface system and related methods. A single logic control module,
`which may be implemented in hardware or software, is utilized to perform any of a
`number of data manipulation functions including, for example, parsing, filtering, data
`generation or analysis, based upon one or more programmably configurable protocol
`descriptions which may be stored in and retrieved from an associated memory.”
`Baker, Abstract.
`
`“Summary of Invention
`The present invention is directed to improved systems and methods for parsing,
`filtering, generating and analyzing data (or frames of data) transmitted over a data
`communications network. In one particularly innovative aspect of the present
`invention, a single logic control module, which may be implemented in hardware or
`software, is utilized to perform any of a number of data manipulation functions {for
`example, parsing, filtering, data generation or analysis functions) based upon one or
`more programmably configurable protocol descriptions which may be stored in and
`retrieved from an associated memory.” Baker, 3:32-4:6.
`
`“The use of common control logic (i.e. the use of a single logic control module) and
`programmably configurable protocol descriptions allows changes to existing protocols
`to be made and support for new protocols to be added to a system in accordance with
`the present invention through configuration only--without the need for hardware and/or
`software system modifications. Thus, those skilled in the art will appreciate that a
`
`
`
`14
`
`Packet Intelligence Ex. 2018 Page 14 of 150
`
`

`

`EXHIBIT B8
`
`
`
`network interface in accordance with the present invention may be configured and
`reconfigured, if necessary, in a highly efficient and cost effective manner to implement
`numerous data manipulation functions and to accommodate substantial network
`modifications (for example, the use of different data transmission hardware, protocols
`or protocol suites) without necessitating substantial system changes.” Baker, 4:7-21.
`
`“Moreover, the system of the present invention may be incorporated in a network
`device, such as a network analyzer, bridge, router, or traffic generator, including a
`CPU and a plurality of input devices, storage devices, and output devices, wherein
`frames of network data may be received from an associated network, stored in the
`storage devices, and processed by the CPU based upon one or more programmably
`configurable protocol descriptions also stored in the storage devices.” Baker, 4:26-35.
`
`“The system of the present invention may be employed in any system where it is useful
`to be able to examine and 20 perform various operations on contiguous bit-fields in
`data structures, wherein each data structure is composed of predefined fields of one or
`more contiguous bits.” Baker, 6:18-22.
`
`“In the presently preferred embodiment, each of these protocol description records with
`its associated field, statistics, lookup, and filter record information is also written to a
`protocol specific protocol description file (PDF).” Baker, 19:6-10.
`
`
`“Referring now to Fig. 1, a network interface system in accordance with one form of
`the present invention, generally referred to as 10, may be implemented in a network
`device including input devices 12, data storage devices 14, analysis control logic 16 for
`facilitating the input, storage, retrieval, and analysis of network frames, and output
`devices 18 for forwarding frames or displaying or printing the results of analyses. A
`data storage device 14 may include a data file 20 of network frames having n protocol
`data records, wherein each data record contains data stored in a plurality of predefined
`fields. Protocol description files 22 also may be stored in the data storage device 14.
`The protocol description files 22 may include a protocol control record and n field
`subrecords, which together may describe a subset of a network 25 protocol and include
`rules for analyzing that protocol.
`
`
`
`
`15
`
`Packet Intelligence Ex. 2018 Page 15 of 150
`
`

`

`EXHIBIT B8
`
`The network device control logic 16 is capable of retrieving a subset of network frames
`from the input devices 12 or data files 20 which satisfy one or more criteria based upon
`extracted field values and filtering criteria contained in one or more of the protocol
`description files 22. The network device control logic 16 also includes logic for
`determining frame and protocol header lengths, gathering statistics, verification and
`error checking, determining routes, varying values, and formatting output.” Baker
`10:10-35.
`
`
`Baker, Fig. 1.
`
`
`
`
`
`
`16
`
`Packet Intelligence Ex. 2018 Page 16 of 150
`
`

`

`EXHIBIT B8
`
`
`
`Baker, Fig. 3.
`
`“Referring now to Fig. 3, a protocol description file 22 in accordance with one form of
`the present invention may include a protocol control record, and a plurality (n) of field
`data records. In a particularly preferred embodiment, the protocol control record
`(shown below in Table 1) may define the overall structure of a network protocol and
`reference other information relating to the network protocol.
`
`
`
`
`17
`
`Packet Intelligence Ex. 2018 Page 17 of 150
`
`

`

`EXHIBIT B8
`
`
`The field records referenced at bytes 28-31 in the table above are preferably organized
`as shown in Table 2:
`
`
`
`
`18
`
`Packet Intelligence Ex. 2018 Page 18 of 150
`
`

`

`EXHIBIT B8
`
`
`
`
`The statistics records referenced in Table 2, above, at bytes 24-27 are preferably
`organized as shown in Table 3:
`
`
`
`
`19
`
`Packet Intelligence Ex. 2018 Page 19 of 150
`
`

`

`EXHIBIT B8
`
`
`The next protocol lookup records referenced in the field sub-record table (Table 2) at
`bytes 28-31 are preferably organized as shown in Table 4:
`
`
`
`
`
`
`
`Lookup structures can be used for determining the next protocol control record to use,
`terminating protocol processing on illegal values, branching decisions for variable
`length headers or overlapping fields, and for translation of numeric values to
`mnemonic or written language equivalents. This ability to specify branches on field
`values allows protocols with multiple overlapping structures to be specified and parsed
`dynamically.” Baker, 12:25-15:17, Tables 1, 2, 3, and 4.
`
`“In the presently preferred embodiment, the initialization of the system includes a
`determination of the presence of PDF files and the extraction of the protocol and
`associated control record information from all of the PDF files found. The number of
`PDF files is determined, and a ProtocolList is constructed consisting of a sorted vector
`
`
`
`20
`
`Packet Intelligence Ex. 2018 Page 20 of 150
`
`

`

`EXHIBIT B8
`
`of protocol records at least the size of the number of PDF files found. The name of
`each protocol record found is inserted in the ProtocolList. The PDF files are then read
`to memory in the sequence described above for the PDF file writing. The lookup
`records that indicate a next protocol are associated with the appropriate entries in the
`ProtocolList.” Baker, 20:35-21:11.
`
`“The Ethernet protocol definition described above specifies only one possible upper
`level protocol, the Generic Protocol (GP) which is indicated by placing a hexadecimal
`0x8888 value in the protocol type field.” Baker, 21:32-22:1.
`
`
`
`Baker, Tables 12, 13.
`
`“As shown in the attached Appendix, the analysis control logic 16 may be programmed
`in the C++ language, with abstract data types defined for statistics gathering, value
`verification, next protocol determination, filtering, varying values, checksumming and
`
`
`
`
`
`21
`
`Packet Intelligence Ex. 2018 Page 21 of 150
`
`

`

`EXHIBIT B8
`
`route determination capabilities, and protocol control and field records.” Baker, 11:35-
`12:4.
`
`
`
`“
`
`
`
`
`
`22
`
`Packet Intelligence Ex. 2018 Page 22 of 150
`
`

`

`EXHIBIT B8
`
`if (strcmpiProtocolName, ProtocolList- > opera!or[](i).prot()— > filenameiii - - 0)
`
`tetumiProtocolList- > operatorlliiimrotil);
`
`returnifl);
`
`}
`
`void setup_protocolsi)
`
`{ U
`
`32 number - 0;
`
`find_t iileblock;
`
`H I
`
`
`
`23
`
`}
`
`I Detemine number of protocol definitions that exist by counting files
`ll
`
`
`
`if (_dos_findfirsl(”.pdf", _A_NORMAL, &fileblock) - - U)
`
`+ number;
`
`i +
`
`{ d
`
`o
`
`} while(_dos_findnexti&fileblock) - - 0);
`
`Packet Intelligence Ex. 2018 Page 23 of 150
`
`

`

`EXHIBIT B8
`
`H H
`
`M P
`
`ll
`
`Setup a vector twice the size of the current number with number for the grow size
`
`rotocolList - new WCValSortedVector < protocols > (number'Z, number):
`
`
`
`24
`
`ll Open each protocol definition file; create a protocol definition in memory; insert it into the vector
`I!
`
`32 tmp:
`
`
`
`if (_dos_findfirst("‘.pdf", _A_NORMAL. Sifilebloclt) - - 0)
`
`{ F
`
`( d
`
`o
`
`ILE ‘fp - topenlfileblockname, "rh"l:
`
`il
`
`lift! !- 0) && (fileblock.size > 56))
`
`{ U
`
`Packet Intelligence Ex. 2018 Page 24 of 150
`
`

`

`EXHIBIT B8
`
`fread(&tmp,
`
`sizeofltmp),
`
`1,
`
`fp): I! Get length of protocoi name
`
`88 'pname - (88 ')malloc(tmp|:
`
`fread(pname,
`
`tmp,
`
`1, fpl: I! Get file name
`
`fcloseflp);
`
`pl’OlOCDI ‘proto - new protocoflpname, fileblockmame);
`
`
`
`protocols ptpname, proto):
`
`freetpname);
`
`ProtocolList- > inserttp):
`
`}
`
`} while(_dos_findnext(&fileblock) - - 0);
`
`}
`
`H ? Do we want to do something about duplicate protocol names here?
`
`for (U32 ii-0,jj - 1: ii < PtotocolList- > entries“; ii+ +, ii+ +)
`
`{
`
`ProtocolList- > operatorllfij).prot()- > pnamem - - 0))
`
`ProtocolList- > removeAfljj):
`
`H H
`
`H
`
`M
`
`H
`
`ll
`
`H
`
`}
`
`if ((ii 1- ij) && (strcmpl ProtocolUst- > upelator[l(ii).prot[)- > pnamet),
`
`
`
`
`
`25
`
`Packet Intelligence Ex. 2018 Page 25 of 150
`
`

`

`
`
`
`
`EXHIBIT B8
`
`ll
`
`II Open each protocol definition file; create all required data structures
`
`II
`
`it (_dos__findfirst(".pdf", _A_NORMAL, &fileblock) - - o)
`
`{ F
`
`{ d
`
`o
`
`ILE 'Ip - fopenlfileblockmme, "rb"l:
`
`if
`
`llfp !- 0) 8:8: lfilehlock.size > 56))
`
`{ p
`
`rotocols plfpl, t;
`
`ll Reads name_length and name
`
`if lProtocolList- > lindlp, tI !- FALSE)
`
`t.prot()- > get_from_file(fpl:
`
`Icluselfp);
`
`I
`
`} while(_dos_findnextl&filehlockI - - U);
`
`I
`
`I
`
`protocols datal"DATA", 0), pad("PAD", OI;
`Protocollist- > findldata, DataPtl):
`ProtocoIList- > findlpad, PadPtlI;
`DataPthtr - DataPtI.protlI:
`PadPthtr - PadPtl.protlI:
`
`II PUT THIS IN setup_protocolsll
`ll PUT THIS IN setup_protocolsll
`II PUT THIS IN setup_protocolsll
`II PUT THIS IN setup_protocolsll
`ll PUT THIS IN setup_protocolsl)
`
`Ilsetup_criterial);
`
`I! filter channels are setup - tie criteria to fields
`
`
`
`26
`
`Packet Intelligence Ex. 2018 Page 26 of 150
`
`

`

`EXHIBIT B8
`
`protocol 'setup_newprotocol(88’ stileName)
`
`{ U
`
`32 number-0;
`
`find_t fileblock:
`
`$8 'pname - ($8 ‘)malloc(50);
`
`II
`
`strcpytpname,stileName);
`
`strcpytstrrchrmname, '.'), ")0 ");
`
`strcpytpname, )sttrchdpname, ’H')+ 1));
`
`strcpY(stileName, )strrchr(stileName, '\\')+ 1));
`
`H I
`
`! See if there are any protocols
`
`}
`
`f (_dos_findfirst(".pdf", _A_NORMAL, &fileblock) - - 0)
`
`
`
`+ number;
`
`{ +
`
`} whilel_dos_findnext(&fileblock) - - U);
`
`{ d
`
`o
`
`M i
`
`“””’
`
`
`
`27
`
`Packet Intelligence Ex. 2018 Page 27 of 150
`
`

`

`EXHIBIT B8
`
`
`
`Baker, 126:20-132:24.
`
`28
`
`Packet Intelligence Ex. 2018 Page 28 of 150
`
`

`

`EXHIBIT B8
`
`
`“[E]ach of these protocol description records with its associated field, statistics,
`lookup, and filter record information is also written to a protocol specific protocol
`description file (PDF).” Baker, 19:7-10.
`
`“As the development of additional control logic, whether implemented in hardware or
`software, may be both time consuming and expensive, it would be highly desirable to
`be able to parse all protocols with a single configurable software (or hardware) module
`so that support for additional protocols could be added to a system without requiring
`substantial modification to the system or its control logic.” Baker, 3:1-8.
`
` A
`
` POSITA would have understood that Baker’s PDFs are protocol descriptions
`provided in a protocol description language. This is because, upon initialization, Baker
`teaches that the system is able to “extract[] the protocol and associated control record
`information” from the file, construct a ProtocolList, and read the PDF file into
`memory[.]” See, e.g., Baker, 20:35-21:11. Thus, Baker’s PDFs include commands in a
`high-level language that describe protocols that may be encountered by the monitor
`and, for example, how