`
`Summary of Invalidity Analysis of U.S. Patent No. 6,771,646 (“’646 Patent”) in view of
`U.S. Patent No. 6,412,000 (“Riddle”), further in view of WO 92/19054 (“Ferdinand”), further in view of
`U.S. Patent No. 5,740,175 (“Wakeman”), and further in view of U.S. Patent No. 6,625,150 (“Yu”)
`
`U.S. Patent No. 6,412,000, issued on June 25, 2002, qualifies as prior art to the ’646 Patent under at least Pre-AIA 35 U.S.C. §
`102(e) because it was filed on November 23, 1998, before the June 30, 1999 filing date of the provisional application to which the
`’646 Patent claims priority. Riddle further qualifies as prior art to the ’646 Patent under at least Pre-AIA 35 U.S.C. § 102(e) since a
`U.S. patent has an effective prior art date under pre-AIA 35 U.S.C. §102(e) based on the filing date of an earlier-filed patent
`application if the patent’s relevant subject matter is described in the earlier-filed application, and at least one of the patent’s claims is
`supported by the earlier-filed application’s written description in compliance with pre-AIA 35 U.S.C. §112, first paragraph. The
`application that issued as Riddle was filed on November 23, 1998. Riddle claims priority to U.S. Provisional Patent Application No.
`60/066,864 (“’864 Provisional”), which was filed on November 25, 1997.
`Riddle and the related ’864 Provisional incorporate-by-reference the following patent applications in their entirety:
`•
`U.S. Patent Application No. 09/198,051 (“’051 Application”);
`•
`U.S. Patent Application No. 08/762,828, issued as U.S. Patent No. 5,802,106;
`•
`U.S. Patent Application No. 08/977,642 (“Packer Application”), having attorney docket number 17814-5.10, and issued
`as U.S. Patent No. 6,046,980 (“Packer”); and
`U.S. Patent Application No. 08/742,994, issued as U.S. Patent No. 6,038,216.
`
`•
`
`
`
`WO 92/19054 (“Ferdinand”), published on October 29, 1992, qualifies as prior art to the ’646 Patent under at least Pre-AIA 35
`U.S.C. § 102(b) because it was published more than one year before the June 30, 1999 filing date of the provisional application to
`which the ’646 Patent claims priority.
`
`
`U.S. Patent No. 5,740,175 (“Wakeman”), published on April 14, 1998, qualifies as prior art to the ’646 Patent under at least
`Pre-AIA 35 U.S.C. § 102(b) because it was published more than one year before the June 30, 1999 filing date of the provisional
`application to which the ’646 Patent claims priority.
`
`U.S. Patent No. 6,625,150 (“Yu”), issued on September 23, 2003, qualifies as prior art to the ’646 Patent under at least Pre-
`AIA 35 U.S.C. § 102(e) since a U.S. patent has an effective prior art date under pre-AIA 35 U.S.C. §102(e) based on the filing date of
`an earlier-filed patent application if the patent’s relevant subject matter is described in the earlier-filed application, and at least one of
`the patent’s claims is supported by the earlier-filed application’s written description in compliance with pre-AIA 35 U.S.C. §112, first
`
`Packet Intelligence Ex. 2020 Page 1 of 227
`
`
`
`EXHIBIT C7
`
`paragraph. The application that issued as Yu was filed on December 16, 1999. Yu claims priority to U.S. Provisional Patent
`Application No. 60/112,859 (“’859 Provisional”), which was filed on December 17, 1998.
`
`
`
`
`
`
`
`
`2
`
`Packet Intelligence Ex. 2020 Page 2 of 227
`
`
`
`1
`
`Invalidity of U.S. PATENT NO. 6,771,646 in view of Riddle et al.
`CLAIM LANGUAGE
`Exemplary Citations to Riddle et al.
`INDEPENDENT CLAIM 1
`U.S. Patent No. 6,412,000 (“Riddle”) discloses a packet monitor for examining
`packets passing through a connection point on a computer network, each packet
`conforming to one or more protocols.
`
`A packet monitor for examining packets passing
`through a connection point on a computer
`network, each packet conforming to one or more
`protocols, the monitor comprising:
`
`
`
`EXHIBIT C7
`
`For example:
`
`“In a packet communication environment, a method is provided for automatically
`classifying packet flows for use in allocating bandwidth resources by a rule of
`assignment of a service level. The method comprises applying individual instances of
`traffic classification paradigms to packet network flows based on selectable
`information obtained from a plurality of layers of a multi-layered communication
`protocol in order to define a characteristic class, then mapping the flow to the defined
`traffic class. It is useful to note that the automatic classification is sufficiently robust to
`classify a complete enumeration of the possible traffic.” Riddle, Abstract.
`
`“According to the invention, in a packet communication environment, a method is
`provided for automatically classifying packet flows for use in allocating bandwidth
`resources and the like by a rule of assignment of a service level. The method comprises
`applying individual instances of traffic classification paradigms to packet network
`flows based on selectable information obtained from a plurality of layers of a multi-
`layered communication protocol in order to define a characteristic class, then mapping
`the flow to the defined traffic class. It is useful to note that the automatic classification
`is sufficiently robust to classify a complete enumeration of the possible traffic.”
`Riddle, 4:6-17.
`
`“3.2 Automatic Traffic Classification Processing
`FIG. 3 depicts components of a system for automatically classifying traffic according
`to the invention. A traffic tree 302 in which new traffic will be classified under a
`particular member class node. A traffic classifier 304 detects services for incoming
`traffic. Alternatively, the classifier may start with a service and determine the hosts
`using it. A knowledge base 306 contains heuristics for determining traffic classes. The
`knowledge base may be embodied in a file or a relational database. In a particular
`
`
`
`3
`
`Packet Intelligence Ex. 2020 Page 3 of 227
`
`
`
`EXHIBIT C7
`
`embodiment, the knowledge is contained within a data structure resident in memory. A
`plurality of saved lists 308 stores classified traffic pending incorporation into traffic
`tree 302. In select embodiments, entries for each instance of traffic may be kept. In
`alternate embodiments, a copy of an entry and a count of duplicate copies for the entry
`is maintained.” Riddle, 12:27-41.
`
`
`Riddle, Fig. 3.
`“The method for automatically classifying heterogeneous packets in a packet
`telecommunications environment of the present invention is implemented in the C
`programming language and is operational on a computer system such as shown in FIG.
`1A. This invention may be implemented in a client-server environment, but a client-
`server environment is not essential. This figure shows a conventional client-server
`
`
`
`
`
`4
`
`Packet Intelligence Ex. 2020 Page 4 of 227
`
`
`
`EXHIBIT C7
`
`computer system which includes a server 20 and numerous clients, one of which is
`shown as client 25. The use of the term "server' is used in the context of the invention,
`wherein the server receives queries from (typically remote) clients, does substantially
`all the processing necessary to formulate responses to the queries, and provides these
`responses to the clients. However, server 20 may itself act in the capacity of a client
`when it accesses remote databases located at another node acting as a database server.
`The hardware configurations are in general standard and will be described only briefly.
`In accordance with known practice, server 20 includes one or more processors 30
`which communicate with a number of peripheral devices via a bus subsystem 32.
`These peripheral devices typically include a Storage Subsystem 35, comprised of a
`memory subsystem 35a and a file storage subsystem 35b holding computer programs
`(e.g., code or instructions) and data, a set of user interface input and output devices 37,
`and an interface to outside networks, which may employ Ethernet, Token Ring, ATM,
`IEEE 802.3, ITU X.25, Serial Link Internet Protocol (SLIP) or the public switched
`telephone network. This interface is shown schematically as a “Network Interface”
`block 40. It is coupled to corresponding interface devices in client computers via a
`network connection 45.” Riddle, 5:53-6:15.
`
`
`
`5
`
`
`
`Packet Intelligence Ex. 2020 Page 5 of 227
`
`
`
`EXHIBIT C7
`
`Riddle, Fig. 1A.
`
`
`Riddle, Fig. 1B.
`“FIG. 1C is illustrative of the internetworking of a plurality of clients such as client 25
`of FIGS. 1A and 1B and a plurality of servers such as server 20 of FIGS. 1A and 1B as
`described herein above. In FIG. 1C, network 60 is an example of a Token Ring or
`
`
`
`
`
`6
`
`Packet Intelligence Ex. 2020 Page 6 of 227
`
`
`
`EXHIBIT C7
`
`frame oriented network. Network 60 links host 61, such as an IBM RS6000 RISC
`WorkStation, which may be running the AIX operating System, to host 62, which is a
`personal computer, which may be running Windows 95, IBM OS/2 or a DOS operating
`system, and host 63, which may be an IBM AS/400 computer, which may be running
`the OS/400 operating system. Network 60 is internetworked to network 70 via a system
`gateway which is depicted here as router 75, but which may also be a gateway having a
`firewall or a network bridge. Network 70 is an example of an Ethernet network that
`interconnects host 71, which is a SPARC workstation, which may be running SUNOS
`operating system with host 72, which may be a Digital Equipment VAX6000 computer
`which may be running the VMS operating system.
`Router 75 is a network access point (NAP) of network 70 and network 60. Router 75
`employs a Token Ring adapter and Ethernet adapter. This enables router 75 to interface
`with the two heterogeneous networks. Router 75 is also aware of the Inter-network
`Protocols, such as ICMP and RIP, which are described herein below.” Riddle, 7:10-34.
`“8. A system for automatically classifying traffic in a packet telecommunications
`network, said network having any number of flows, including zero, comprising:
`a plurality of network links upon which said traffic is carried;
`a network routing means, and,
`a processor means operative to:
`parse a packet into a first flow specification, wherein said first flow specification
`contains at least one instance of any one of the following:
`a protocol family designation,
`a direction of packet flow designation,
`a protocol type designation,
`a pair of ports,
`in HTTP protocol packets, a pointer to a MIME type; thereupon,
`match the first flow specification of the parsing step to a plurality of classes
`represented by a plurality of said classification tree type nodes, each said
`classification tree type node having a traffic specification and a mask,
`according to the mask; thereupon,
`if a matching classification tree type node was not found in the matching step,
`associating said first flow specification with one or more newly-created
`classification tree type nodes, thereupon, incorporating said newly created
`classification tree type nodes into said plurality of said classification tree type
`nodes.” Riddle, Claim 8.
`
`
`
`7
`
`Packet Intelligence Ex. 2020 Page 7 of 227
`
`
`
`EXHIBIT C7
`
`
`
`Riddle, Fig. 1C.
`“This invention relates to digital packet telecommunications, and particularly to
`management of network bandwidth based on information ascertainable from multiple
`layers of OSI network model. It is particularly useful in conjunction with bandwidth
`allocation mechanisms employing traffic classification in a digitally-switched packet
`telecommunications environment, as well as in monitoring, security and routing.”
`Riddle, 1:54-61.
`“Certain pathological loading conditions can result in instability, over-loading and
`data transfer stoppage. Therefore, it is desirable to provide some mechanism to
`optimize efficiency of data transfer while minimizing the risk of data loss. Early
`indication of the rate of data flow which can or must be supported is imperative. In
`fact, data flow rate capacity information is a key factor for use in resource allocation
`decisions. For example, if a particular path is inadequate to accommodate a high rate
`of data flow, an alternative route can be sought out.” Riddle, 2:4-13.
`“The field of this invention is concerned with network level bandwidth management,
`i.e. policies to assign available bandwidth from a single logical link to network
`
`
`
`8
`
`Packet Intelligence Ex. 2020 Page 8 of 227
`
`
`
`EXHIBIT C7
`
`flows.” Riddle, 2:64-67.
`“According to the invention, in a packet communication environment, a method is
`provided for automatically classifying packet flows for use in allocating bandwidth
`resources and the like by a rule of assignment of a service level. The method
`comprises applying individual instances of traffic classification paradigms to packet
`network flows based on selectable information obtained from a plurality of layers of a
`multi-layered communication protocol in order to define a characteristic class, then
`mapping the flow to the defined traffic class. It is useful to note that the automatic
`classification is sufficiently robust to classify a complete enumeration of the possible
`traffic.
`In the present invention network managers need not know the technical aspects of
`each kind of traffic in order to configure traffic classes and service aggregates bundle
`traffic to provide a convenience to the user, by clarifying processing and enables the
`user to obtain group counts of all parts comprising a service.” Riddle, 4:6-23.
`“FIGS. 2A and 2B depict representative allocations of bandwidth made by a
`hypothetical network manager as an example. In FIG. 2A, the network manager has
`decided to divide her network resources first by allocating bandwidth between
`Departments A and B. FIG. 2A shows the resulting classification tree 201, in which
`Department A bandwidth resources 202 and Department B bandwidth resources 204
`each have their own nodes representing a specific traffic class for that department.
`Each traffic class may have a policy attribute associated with it. For example, in FIG.
`2A, the Department A resources node 202 has the policy attribute Inside Host Subnet
`A associated with it. Next, the network manager has chosen to divide the bandwidth
`resources of Department A among two applications. She allocates an FTP traffic class
`206 and a World Wide Web server traffic class 208. Each of these nodes may have a
`separate policy attribute associated with them. For example, in FIG. 2A, the FTP node
`206 for has an attribute Outside port 20 associated with it. Similarly, the network
`manager has chosen to divide network bandwidth resources of Department B into an
`FTP Server traffic class 210 and a World Wide Web server traffic class 212. Each
`may have their own respective policies.
`FIG. 2B shows a second example 203, wherein the network manager has chosen to
`first divide network band width resource between web traffic and TCP traffic. She
`creates three traffic nodes, a web traffic node 220, a TCP traffic node 224 and a
`default node 225. Next, she divides the web traffic among two organizational
`
`
`
`9
`
`Packet Intelligence Ex. 2020 Page 9 of 227
`
`
`
`EXHIBIT C7
`
`departments by creating a Department A node 226, and a Department B node 228.
`Each may have its own associated policy. Similarly, she divides TCP network
`bandwidth into separate traffic classes by creating a Department. A node 230 and a
`Department B node 232. Each represents a separate traffic class which may have its
`own policy.” Riddle, 10:19-51.
`“What is really needed is a method for analyzing real traffic in a customer's network
`and automatically producing a list of the ‘found traffic.’” Riddle, 3:67-4:2.
`“While these efforts teach methods for solving problems associated with scheduling
`transmissions, automatically determining data flow rate on a TCP connection,
`allocating bandwidth based upon a classification of network traffic and automatically
`determining a policy, respectively, there is no teaching in the prior art of methods for
`automatically classifying packet traffic based upon information gathered from a
`multiple layers in a multi-layer protocol network.” Riddle, 3:32-39.
`“A traffic class may be inferred from determining the identity of the creator of a
`resource used by the traffic class. For example, the identity of traffic using a certain
`connection can be determined by finding the identity of the creator of the connection.
`This method is used to detect Real Time Protocol (RTP) for point-to-point telephony,
`RTP for broad cast streaming, CCITT/ITU H320-telephony over ISDN, H323-
`internet telephony over the internet (bidirectional) and RTSP real time streaming
`protocol for movies (unidirectional).” Riddle, 12:3-12.
`“Flows requiring reserved service with guaranteed information rates, excess
`information rates or unreserved service are reconciled with the available bandwidth
`resources continuously and automatically.” Packer, 4:12-16.
`Riddle discloses this element, for example:
`
`“In a packet communication environment, a method is provided for automatically
`classifying packet flows for use in allocating bandwidth resources by a rule of
`assignment of a service level. The method comprises applying individual instances of
`traffic classification paradigms to packet network flows based on selectable
`information obtained from a plurality of layers of a multi-layered communication
`protocol in order to define a characteristic class, then mapping the flow to the defined
`traffic class. It is useful to note that the automatic classification is sufficiently robust to
`classify a complete enumeration of the possible traffic.” Riddle, Abstract.
`
`
`1a
`
`(a) a packet acquisition device coupled to the
`connection point and configured to receive
`packets passing through the connection point;
`
`
`
`10
`
`Packet Intelligence Ex. 2020 Page 10 of 227
`
`
`
`EXHIBIT C7
`
`“According to the invention, in a packet communication environment, a method is
`provided for automatically classifying packet flows for use in allocating bandwidth
`resources and the like by a rule of assignment of a service level. The method comprises
`applying individual instances of traffic classification paradigms to packet network
`flows based on selectable information obtained from a plurality of layers of a multi-
`layered communication protocol in order to define a characteristic class, then mapping
`the flow to the defined traffic class. It is useful to note that the automatic classification
`is sufficiently robust to classify a complete enumeration of the possible traffic.”
`Riddle, 4:6-17.
`
`“3.2 Automatic Traffic Classification Processing
`FIG. 3 depicts components of a system for automatically classifying traffic according
`to the invention. A traffic tree 302 in which new traffic will be classified under a
`particular member class node. A traffic classifier 304 detects services for incoming
`traffic. Alternatively, the classifier may start with a service and determine the hosts
`using it. A knowledge base 306 contains heuristics for determining traffic classes. The
`knowledge base may be embodied in a file or a relational database. In a particular
`embodiment, the knowledge is contained within a data structure resident in memory. A
`plurality of saved lists 308 stores classified traffic pending incorporation into traffic
`tree 302. In select embodiments, entries for each instance of traffic may be kept. In
`alternate embodiments, a copy of an entry and a count of duplicate copies for the entry
`is maintained.” Riddle, 12:27-41.
`
`
`
`
`11
`
`Packet Intelligence Ex. 2020 Page 11 of 227
`
`
`
`EXHIBIT C7
`
`
`
`Riddle, Fig. 3.
`“The method for automatically classifying heterogeneous packets in a packet
`telecommunications environment of the present invention is implemented in the C
`programming language and is operational on a computer system such as shown in FIG.
`1A. This invention may be implemented in a client-server environment, but a client-
`server environment is not essential. This figure shows a conventional client-server
`computer system which includes a server 20 and numerous clients, one of which is
`shown as client 25. The use of the term "server' is used in the context of the invention,
`wherein the server receives queries from (typically remote) clients, does substantially
`all the processing necessary to formulate responses to the queries, and provides these
`responses to the clients. However, server 20 may itself act in the capacity of a client
`when it accesses remote databases located at another node acting as a database server.
`
`
`
`12
`
`Packet Intelligence Ex. 2020 Page 12 of 227
`
`
`
`EXHIBIT C7
`
`The hardware configurations are in general standard and will be described only briefly.
`In accordance with known practice, server 20 includes one or more processors 30
`which communicate with a number of peripheral devices via a bus subsystem 32.
`These peripheral devices typically include a Storage Subsystem 35, comprised of a
`memory subsystem 35a and a file storage subsystem 35b holding computer programs
`(e.g., code or instructions) and data, a set of user interface input and output devices 37,
`and an interface to outside networks, which may employ Ethernet, Token Ring, ATM,
`IEEE 802.3, ITU X.25, Serial Link Internet Protocol (SLIP) or the public switched
`telephone network. This interface is shown schematically as a “Network Interface”
`block 40. It is coupled to corresponding interface devices in client computers via a
`network connection 45.” Riddle, 5:53-6:15.
`
`Riddle, Fig. 1A.
`
`
`
`
`
`
`13
`
`Packet Intelligence Ex. 2020 Page 13 of 227
`
`
`
`EXHIBIT C7
`
`
`
`Riddle, Fig. 1B.
`“FIG. 1C is illustrative of the internetworking of a plurality of clients such as client 25
`of FIGS. 1A and 1B and a plurality of servers such as server 20 of FIGS. 1A and 1B as
`described herein above. In FIG. 1C, network 60 is an example of a Token Ring or
`frame oriented network. Network 60 links host 61, such as an IBM RS6000 RISC
`WorkStation, which may be running the AIX operating System, to host 62, which is a
`personal computer, which may be running Windows 95, IBM OS/2 or a DOS operating
`
`
`
`14
`
`Packet Intelligence Ex. 2020 Page 14 of 227
`
`
`
`EXHIBIT C7
`
`system, and host 63, which may be an IBM AS/400 computer, which may be running
`the OS/400 operating system. Network 60 is internetworked to network 70 via a system
`gateway which is depicted here as router 75, but which may also be a gateway having a
`firewall or a network bridge. Network 70 is an example of an Ethernet network that
`interconnects host 71, which is a SPARC workstation, which may be running SUNOS
`operating system with host 72, which may be a Digital Equipment VAX6000 computer
`which may be running the VMS operating system.
`Router 75 is a network access point (NAP) of network 70 and network 60. Router 75
`employs a Token Ring adapter and Ethernet adapter. This enables router 75 to interface
`with the two heterogeneous networks. Router 75 is also aware of the Inter-network
`Protocols, such as ICMP and RIP, which are described herein below.” Riddle, 7:10-34.
`“8. A system for automatically classifying traffic in a packet telecommunications
`network, said network having any number of flows, including zero, comprising:
`a plurality of network links upon which said traffic is carried;
`a network routing means, and,
`a processor means operative to:
`parse a packet into a first flow specification, wherein said first flow specification
`contains at least one instance of any one of the following:
`a protocol family designation,
`a direction of packet flow designation,
`a protocol type designation,
`a pair of ports,
`in HTTP protocol packets, a pointer to a MIME type; thereupon,
`match the first flow specification of the parsing step to a plurality of classes
`represented by a plurality of said classification tree type nodes, each said
`classification tree type node having a traffic specification and a mask,
`according to the mask; thereupon,
`if a matching classification tree type node was not found in the matching step,
`associating said first flow specification with one or more newly-created
`classification tree type nodes, thereupon, incorporating said newly created
`classification tree type nodes into said plurality of said classification tree type
`nodes.” Riddle, Claim 8.
`
`
`
`15
`
`Packet Intelligence Ex. 2020 Page 15 of 227
`
`
`
`EXHIBIT C7
`
`
`
`Riddle, Fig. 1C.
`“This invention relates to digital packet telecommunications, and particularly to
`management of network bandwidth based on information ascertainable from multiple
`layers of OSI network model. It is particularly useful in conjunction with bandwidth
`allocation mechanisms employing traffic classification in a digitally-switched packet
`telecommunications environment, as well as in monitoring, security and routing.”
`Riddle, 1:54-61.
`“Certain pathological loading conditions can result in instability, over-loading and
`data transfer stoppage. Therefore, it is desirable to provide some mechanism to
`optimize efficiency of data transfer while minimizing the risk of data loss. Early
`indication of the rate of data flow which can or must be supported is imperative. In
`fact, data flow rate capacity information is a key factor for use in resource allocation
`decisions. For example, if a particular path is inadequate to accommodate a high rate
`of data flow, an alternative route can be sought out.” Riddle, 2:4-13.
`“The field of this invention is concerned with network level bandwidth management,
`i.e. policies to assign available bandwidth from a single logical link to network
`
`
`
`16
`
`Packet Intelligence Ex. 2020 Page 16 of 227
`
`
`
`EXHIBIT C7
`
`flows.” Riddle, 2:64-67.
`“According to the invention, in a packet communication environment, a method is
`provided for automatically classifying packet flows for use in allocating bandwidth
`resources and the like by a rule of assignment of a service level. The method
`comprises applying individual instances of traffic classification paradigms to packet
`network flows based on selectable information obtained from a plurality of layers of a
`multi-layered communication protocol in order to define a characteristic class, then
`mapping the flow to the defined traffic class. It is useful to note that the automatic
`classification is sufficiently robust to classify a complete enumeration of the possible
`traffic.
`In the present invention network managers need not know the technical aspects of
`each kind of traffic in order to configure traffic classes and service aggregates bundle
`traffic to provide a convenience to the user, by clarifying processing and enables the
`user to obtain group counts of all parts comprising a service.” Riddle, 4:6-23.
`“FIGS. 2A and 2B depict representative allocations of bandwidth made by a
`hypothetical network manager as an example. In FIG. 2A, the network manager has
`decided to divide her network resources first by allocating bandwidth between
`Departments A and B. FIG. 2A shows the resulting classification tree 201, in which
`Department A bandwidth resources 202 and Department B bandwidth resources 204
`each have their own nodes representing a specific traffic class for that department.
`Each traffic class may have a policy attribute associated with it. For example, in FIG.
`2A, the Department A resources node 202 has the policy attribute Inside Host Subnet
`A associated with it. Next, the network manager has chosen to divide the bandwidth
`resources of Department A among two applications. She allocates an FTP traffic class
`206 and a World Wide Web server traffic class 208. Each of these nodes may have a
`separate policy attribute associated with them. For example, in FIG. 2A, the FTP node
`206 for has an attribute Outside port 20 associated with it. Similarly, the network
`manager has chosen to divide network bandwidth resources of Department B into an
`FTP Server traffic class 210 and a World Wide Web server traffic class 212. Each
`may have their own respective policies.
`FIG. 2B shows a second example 203, wherein the network manager has chosen to
`first divide network band width resource between web traffic and TCP traffic. She
`creates three traffic nodes, a web traffic node 220, a TCP traffic node 224 and a
`default node 225. Next, she divides the web traffic among two organizational
`
`
`
`17
`
`Packet Intelligence Ex. 2020 Page 17 of 227
`
`
`
`EXHIBIT C7
`
`departments by creating a Department A node 226, and a Department B node 228.
`Each may have its own associated policy. Similarly, she divides TCP network
`bandwidth into separate traffic classes by creating a Department. A node 230 and a
`Department B node 232. Each represents a separate traffic class which may have its
`own policy.” Riddle, 10:19-51.
`“What is really needed is a method for analyzing real traffic in a customer's network
`and automatically producing a list of the ‘found traffic.’” Riddle, 3:67-4:2.
`“While these efforts teach methods for solving problems associated with scheduling
`transmissions, automatically determining data flow rate on a TCP connection,
`allocating bandwidth based upon a classification of network traffic and automatically
`determining a policy, respectively, there is no teaching in the prior art of methods for
`automatically classifying packet traffic based upon information gathered from a
`multiple layers in a multi-layer protocol network.” Riddle, 3:32-39.
`“A traffic class may be inferred from determining the identity of the creator of a
`resource used by the traffic class. For example, the identity of traffic using a certain
`connection can be determined by finding the identity of the creator of the connection.
`This method is used to detect Real Time Protocol (RTP) for point-to-point telephony,
`RTP for broad cast streaming, CCITT/ITU H320-telephony over ISDN, H323-
`internet telephony over the internet (bidirectional) and RTSP real time streaming
`protocol for movies (unidirectional).” Riddle, 12:3-12.
`“Flows requiring reserved service with guaranteed information rates, excess
`information rates or unreserved service are reconciled with the available bandwidth
`resources continuously and automatically.” Packer, 4:12-16.
`
`
`Riddle discloses this element, for example:
`
`“The hardware configurations are in general standard and will be described only
`briefly. In accordance with known practice, server 20 includes one or more processors
`30 which communicate with a number of peripheral devices via a bus subsystem 32.
`These peripheral devices typically include a storage subsystem 35, comprised of a
`memory subsystem 35a and a file storage subsystem 35b holding computer programs
`(e.g., code or instructions) and data, a set of user interface input and output devices 37,
`and an interface to outside networks, which may employ Ethernet, Token Ring, ATM,
`IEEE 802.3, ITU X.25, Serial Link Inter-net Protocol (SLIP) or the public switched
`
`1b
`
`(b) a memory for storing a database comprising
`flow-entries for previously encountered
`conversational flows to which a received packet
`may belong, a conversational flow being an
`exchange of one or more packets in any
`direction as a result of an activity corresponding
`to the flow;
`
`
`
`18
`
`Packet Intelligence Ex. 2020 Page 18 of 227
`
`
`
`EXHIBIT C7
`
`telephone network. … Client 25 has the same general configuration, although typically
`with less storage and processing capability. Thus, while the client computer could be a
`terminal or a low-end personal computer, the server computer is generally a high-end
`workstation or mainframe, such as a SUN SPARC server. Corresponding elements and
`subsystems in the client computer are shown with corresponding, but primed, reference
`numerals.” Riddle, 6:1-23.
`
`“FIG. 1B is a functional diagram of a computer system such as that of FIG. 1A. FIG.
`1B depicts a server 20, and a representative client 25 of a plurality of clients which
`may interact with the server 20 via the Internet 45 or any other communications
`method. Blocks to the right of the server are indicative of the processing steps and
`functions which occur in the server's program and data storage indicated by blocks 35a
`and 35b in FIG. A.” Riddle, 6:43-50.
`
`
`
`
`Riddle, Fig. 1A.
`
`
`19
`
`
`
`Packet Intelligence Ex. 2020 Page 19 of 227
`
`
`
`EXHIBIT C7
`
`
`
`Riddle, Fig. 1B.
`
`“3.2 Automatic Traffic Classification Processing
`FIG. 3 depicts components of a system for automatically classifying traffic according
`to the invention. A traffic tree 302 in which new traffic will be classified under a
`particular member class node. A traffic classifier 304 detects services for incoming
`traffic. Alternatively, the classifier may start with a service and determine the hosts
`
`
`
`20
`
`Packet Intelligence E