`Approved for use through 11/30/2011. 0MB 0651-0035
`lJ S. Patent and Trademarl< O!f,ce; US DEPARTMENT OF COMMERC[
`Under the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it displays a valid 0MB control number
`
`POWER OF ATTORNEY TO PROSECUTE APPLICATIONS BEFORE THE USPTO
`
`[
`
`I hereby revoke all previous powers of attorney given in the application identified in the attached statement under
`37 CFR 3.73(b).
`I hereby appoint:
`
`OR
`
`89441
`
`0 Practitioners associated with the Customer Number: I
`I
`□ Practitioner(s) named below (if more than ten patent practitioners are to be named, then a customer number must be used):
`
`Name
`
`Registration
`Number
`
`Name
`
`Registration
`Number
`
`as attorney(s) or agent(s) to represent the undersigned before the United States Patent and Trademark Office (US PTO) in connection with
`any and all patent applications assigned .QJJ!y_ to the undersigned according to the USPTO assignment records or assignment documents
`attached to this form in accordance with 37 CFR 3.73(b}.
`
`Please change the correspondence address for the application identified in the attached statement under 37 CFR 3.73(b) to:
`
`The address associated with Customer Number:
`
`[Z1
`OR LJ Finn or
`
`Individual Name
`Address
`
`City
`
`Country
`
`Telephone
`
`Assignee Name and Address:
`Research In Motion Limited
`295 Phillip Street
`Waterloo, Ontario, Canada N2L 3W8
`
`89441
`
`I
`
`I
`
`I State
`
`I Zip
`
`I Email
`
`A copy.of this form, together with a statement under 37 CFR 3.73(b) (Form PTO/SB/96 or equivalent) is required to be
`filed In each application in which this form is used. The statement under 37 CFR 3.73(b) may be completed by one of
`the practitioners appointed in this form if the appointed practitioner is authorized to act on behalf of the assignee,
`and must identify the application in which this Power of Attorney is to be filed.
`
`Signature
`
`Name
`
`SIGNATURE of Assignee of Record
`
`The it1\lividual wJwsc signature and title is supplied below is authorized tn acl nn behalf of the assignee
`Date o cJ ~/0°)
`!/i
`.... -.-,......£/ ·1-..,..
`.~ / / I
`Telephone 31 C\ _ S: ~s-T-l(r,'_~
`(/ , J ·n,1 t56'1 I ~ I 11 { -c.
`r .,,, - rr-' t~;
`
`Title
`This collecbon of 1nformat1on 1s requ,red by 37 CFR 1.31, 1.32 and 1.33. The 1nformalton ,s requ,red to obtain or retain a benefil by the puohc wh:ch 1s ;o f::e (anc
`by the USPTO to process; an application. Confidentiality is governed by 35 U.S.C 122 and 37 CFR 1.11 and 1.14 This colleclion is estimated to take 3 minutes
`to complete, 1nclud1ng gathering, preparlng, and submitting the completed application form to the USPTO. Time will vary dependirig upon the and1vidual case. Any
`comments on the amount of time you require to complete t11is form and/or suggestions for reducing this burden, should be sent to the Chief information Officer.
`U.S. Patent and Trademark Office. U.S. Department of Commerce, P.O. Box 1450, Alexandria. VA 22313-1450. DO NOT SEND FEES OR COMPLETED
`FORMS TO THIS ADDRESS SEND TO: Commissioner for Patents, P .0. Box 1450, Alexandria, VA 22313-1450.
`
`If you need assistance in completing the form. call 1-800-PTO-9199 and select option 2.
`
`i\
`fl
`~
`n ;J
`ijV-
`
`MOBILEIRON, INC. - EXHIBIT 1003
`Page 001
`
`
`
`PTO/SB/96 (07-09)
`Approved for use through 07/31/2012. 0MB 0651-0031
`U.S. Patent and Trademark Office; U.S. DEPARTMENT OF COMMERCE
`Under the Paperwork Reduction Act of 1995, no persons are reQuired to respond to a collection of information unless it displays a valid 0MB control number.
`
`STATEMENT UNDER 37 CFR 3.73(b)
`
`ApplicanUPatent Owner: Neil P. Adams, et al.
`-----------------------------------------
`---------------- Filed/Issue Date: February 25, 2005
`App Ii cation No./Patent No.: 11/065,901
`System and Method for Configuring Devices for Secure Operations
`
`Ti tied:
`
`Research In Motion Limited
`_____________________ ,a Corporation
`(Type of Assignee, e.g., corporation, partnership, university, government agency, etc.
`(Name of Assignee)
`
`states that it is:
`
`1.
`
`[gj
`
`the assignee of the entire right, title, and interest in;
`
`2. □ an assignee of less than the entire right, title, and interest in
`(The extent (by percentage) of its ownership interest is ____ %);or
`
`the assignee of an undivided interest in the entirety of (a complete assignment from one of the joint inventors was made)
`
`3. 0
`the patent application/patent identified above, by virtue of either:
`[g] An assignment from the inventor(s) of the patent application/patent identified above. The assignment was recorded in
`, Frame 0265
`, or for which a
`the United States Patent and Trademark Office at Reel 016864
`copy therefore is attached.
`
`A.
`
`OR
`B. 0
`
`1. From:
`
`A chain of title from the inventor(s), of the patent application/patent identified above, to the current assignee as follows:
`To: --------------------
`The document was recorded in the United States Patent and Trademark Office at
`Reel ________ Frame________ or for which a copy thereof is attached.
`
`2. From:
`
`3. From:
`
`To:
`
`The document was recorded in the United States Patent and Trademark Office at
`Frame _______ _
`
`Reel
`
`or for which a copy thereof is attached.
`
`To: --------------------
`The document was recorded in the United States Patent and Trademark Office at
`Frame _______ _
`
`or for which a copy thereof is attached.
`
`Reel
`
`0
`
`Additional documents in the chain of title are listed on a supplemental sheet(s).
`
`As required by 37 CFR 3.73(b)(1 )(i), the documentary evidence of the chain of title from the original owner to the assignee was,
`or concurrently is being, submitted for recordation pursuant to 37 CFR 3.11.
`
`[NOTE: A separate copy (i.e., a true copy of the original assignment document(s)) must be submitted to Assignment Division in
`accordance with 37 CFR Part 3, to record the assignment in the records of the USPTO. See MPEP 302.08]
`
`The undersigned (whose title is supplied below) is authorized to act on behalf of the assignee.
`
`/Matthew W. Johnson/
`
`Signature
`
`Matthew W. Johnson
`
`July 14, 2011
`Date
`
`Attorney (Agent)
`
`Title
`Printed or Typed Name
`This collection of information is required by 37 CFR 3.73(b). The information is required to obtain or retain a benefrt by the public which is to file (and by the USPTO to
`process) an application. Confidentialijy is governed by 35 U.S.C. 122 and 37 CFR 1.11 and 1.14. This collection is estimated to take 12 minutes to complete, including
`gathering, preparing, and submitting the completed application form to the USPTO. Time will vary depending upon the individual case. Any comments on the amount of time
`you require to complete this form and/or suggestions for reducing this burden, should be sent to the Chief Information Officer, U.S. Patent and Trademark Office, U.S.
`Department of Commerce, P.O. Box 1450, Alexandria, VA 22313-1450. DO NOT SEND FEES OR COMPLETED FORMS TO THIS ADDRESS. SEND TO: Commissioner
`for Patents, P.O. Box 1450, Alexandria, VA 22313-1450.
`
`If you need assistance in completing the form, call 1-B0O-PTO-g199 and select option 2.
`
`MOBILEIRON, INC. - EXHIBIT 1003
`Page 002
`
`
`
`PTOISB/08a (01-10)
`Doc code: IDS
`Approved for use through 07/31/2012. 0MB 0651-0031
`Doc description: Information Disclosure Statement (IDS) Filed
`U.S. Patent and Trademark Office; U.S. DEPARTMENT OF COMMERCE
`Under the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it contains a valid 0MB control number.
`
`INFORMATION DISCLOSURE
`STATEMENT BY APPLICANT
`( Not for submission under 37 CFR 1.99)
`
`Application Number
`
`Filing Date
`
`First Named Inventor
`
`I Neil P. Adams
`
`Art Unit
`
`Examiner Name
`
`I
`Attorney Docket Number
`
`555255-013133
`
`Examiner Cite
`Initial*
`No
`
`Patent Number
`
`Kind
`Code1 Issue Date
`
`Name of Patentee or Applicant
`of cited Document
`
`Pages,Columns,Lines where
`Relevant Passages or Relevant
`Figures Appear
`
`U.S.PATENTS
`
`Remove
`
`1
`
`5935248
`
`1999-08-00
`
`Kuroda, Yasutsugu
`
`2
`
`6202157
`
`2001-03-13
`
`Brownlie et al
`
`3
`
`6732168
`
`2004-05-04
`
`Bearden et al
`
`4
`
`6775536
`
`2004-08-00
`
`Geiger et al
`
`5
`
`7131003
`
`2006-10-00
`
`Lord et al
`
`6
`
`7317699
`
`2008-01-00
`
`Godfrey et al
`
`If you wish to add additional U.S. Patent citation information please click the Add button.
`
`U.S.PATENT APPLICATION PUBLICATIONS
`
`Add
`
`Remove
`
`Examiner
`Initial*
`
`Cite No
`
`Publication
`Number
`
`Kind Publication
`Code1 Date
`
`Name of Patentee or Applicant
`of cited Document
`
`Pages,Columns,Lines where
`Relevant Passages or Relevant
`Figures Appear
`
`EFSWeb2.1.17
`
`MOBILEIRON, INC. - EXHIBIT 1003
`Page 003
`
`
`
`INFORMATION DISCLOSURE
`STATEMENT BY APPLICANT
`( Not for submission under 37 CFR 1.99)
`
`Application Number
`
`Filing Date
`
`First Named Inventor
`
`I Neil P. Adams
`
`Art Unit
`
`Examiner Name
`
`I
`Attorney Docket Number
`
`555255-013133
`
`1
`
`20020165912
`
`2002-11-00
`
`Wenocur et al
`
`2
`
`3
`
`4
`
`5
`
`6
`
`20020186845
`
`2002-12-00
`
`Dutta et al
`
`20030204722
`
`2003-10-00
`
`Schoen et al
`
`20040019807
`
`2004-01-00
`
`Freund. Gregor P.
`
`20050183138
`
`2005-08-00
`
`Phillips et al
`
`20050190764
`
`2005-09-00
`
`Shell et al
`
`If you wish to add additional U.S. Published Application citation information please click the Add button. Add
`Remove
`
`FOREIGN PATENT DOCUMENTS
`
`Examiner Cite Foreign Document
`Initial*
`No Number3
`
`Country
`Code2 i
`
`Kind Publication
`Code4 Date
`
`Name of Patentee or
`Applicant of cited
`Document
`
`Pages,Columns,Lines
`where Relevant
`Passages or Relevant
`Figures Appear
`
`T5
`
`1
`
`0069120
`
`WO
`
`A1
`
`2000-11-16
`
`□
`
`If you wish to add additional Foreign Patent Document citation information please click the Add button
`
`NON-PATENT LITERATURE DOCUMENTS
`
`Add
`
`Remove
`
`Examiner Cite
`Initials* No
`
`Include name of the author (in CAPITAL LETTERS), title of the article (when appropriate), title of the item
`(book, magazine, journal, serial, symposium, catalog, etc), date, pages(s), volume-issue number(s),
`publisher, city and/or country where published.
`
`T5
`
`EFSWeb2.1.17
`
`MOBILEIRON, INC. - EXHIBIT 1003
`Page 004
`
`
`
`INFORMATION DISCLOSURE
`STATEMENT BY APPLICANT
`( Not for submission under 37 CFR 1.99)
`
`Application Number
`
`Filing Date
`
`First Named Inventor
`
`I Neil P. Adams
`
`Art Unit
`
`Examiner Name
`
`I
`Attorney Docket Number
`
`555255-013133
`
`1
`
`Sems, Marty, "Verifying Identity in a Digital World", August 2000.
`
`2
`
`3
`
`4
`
`S. Gavrila, et al., "Assigning and Enforcing Security Policies on Handheld Devices", Canadian Information Technology
`Security Symposium, May 17, 2002, Pages 0-7, XP002440113.
`
`International Search Report of Application No. PCT/CA2005/000294, date of mailing June 20, 2005, 11 pages.
`
`Supplementary European Search Report, Issued July 11, 2007 by European Patent Office, for European Patent
`Application No. 05714536.
`
`If you wish to add additional non-patent literature document citation information please click the Add button Add
`
`EXAMINER SIGNATURE
`
`□
`
`□
`
`□
`
`□
`
`Examiner Signature I
`
`I
`*EXAMINER: Initial if reference considered, whether or not citation is in conformance with MPEP 609. Draw line through a
`citation if not in conformance and not considered. Include copy of this form with next communication to applicant.
`
`I Date Considered
`
`1 See Kind Codes of USPTO Patent Documents at www.USPTO.GOV or MPEP 901.04. 2 Enter office that issued the document, by the two-letter code (WIPO
`Standard ST.3). 3 For Japanese patent documents, the indication of the year of the reign of the Emperor must precede the serial number of the patent document.
`4 Kind of document by the appropriate symbols as indicated on the document under WIPO Standard ST.16 if possible. 5 Applicant is to place a check mark here i
`English language translation is attached.
`
`EFSWeb2.1.17
`
`MOBILEIRON, INC. - EXHIBIT 1003
`Page 005
`
`
`
`INFORMATION DISCLOSURE
`STATEMENT BY APPLICANT
`( Not for submission under 37 CFR 1.99)
`
`Application Number
`
`Filing Date
`
`First Named Inventor
`
`I Neil P. Adams
`
`Art Unit
`
`Examiner Name
`
`I
`Attorney Docket Number
`
`555255-013133
`
`Please see 37 CFR 1.97 and 1.98 to make the appropriate selection(s):
`
`CERTIFICATION STATEMENT
`
`That each item of information contained in the information disclosure statement was first cited in any communication
`D from a foreign patent office in a counterpart foreign application not more than three months prior to the filing of the
`information disclosure statement. See 37 CFR 1.97(e)(1 ).
`
`OR
`
`That no item of information contained in the information disclosure statement was cited in a communication from a
`foreign patent office in a counterpart foreign application, and, to the knowledge of the person signing the certification
`after making reasonable inquiry, no item of information contained in the information disclosure statement was known to
`D any individual designated in 37 CFR 1.56(c) more than three months prior to the filing of the information disclosure
`statement. See 37 CFR 1.97(e)(2).
`
`D See attached certification statement.
`D The fee set forth in 37 CFR 1.17 (p) has been submitted herewith.
`~ A certification statement is not submitted herewith.
`
`SIGNATURE
`A signature of the applicant or representative is required in accordance with CFR 1.33, 10.18. Please see CFR 1.4(d) for the
`form of the signature.
`
`Signature
`
`Name/Print
`
`/Matthew W. Johnson/
`
`Matthew W. Johnson
`
`Date (YYYY-MM-DD)
`
`2011-07-14
`
`Registration Number
`
`59,108
`
`This collection of information is required by 37 CFR 1.97 and 1.98. The information is required to obtain or retain a benefit by the
`public which is to file (and by the USPTO to process) an application. Confidentiality is governed by 35 U.S.C. 122 and 37 CFR
`1.14. This collection is estimated to take 1 hour to complete, including gathering, preparing and submitting the completed
`application form to the USPTO. Time will vary depending upon the individual case. Any comments on the amount of time you
`require to complete this form and/or suggestions for reducing this burden, should be sent to the Chief Information Officer, U.S.
`Patent and Trademark Office, U.S. Department of Commerce, P.O. Box 1450, Alexandria, VA 22313-1450. DO NOT SEND
`FEES OR COMPLETED FORMS TO THIS ADDRESS. SEND TO: Commissioner for Patents, P.O. Box 1450, Alexandria,
`VA 22313-1450.
`
`EFSWeb2.1.17
`
`MOBILEIRON, INC. - EXHIBIT 1003
`Page 006
`
`
`
`Privacy Act Statement
`
`The Privacy Act of 1974 (P.L. 93-579) requires that you be given certain information in connection with your submission of the
`attached form related to a patent application or patent. Accordingly, pursuant to the requirements of the Act, please be advised
`that: (1) the general authority for the collection of this information is 35 U.S.C. 2(b)(2); (2) furnishing of the information solicited
`is voluntary; and (3) the principal purpose for which the information is used by the U.S. Patent and Trademark Office is to
`process and/or examine your submission related to a patent application or patent. If you do not furnish the requested
`information, the U.S. Patent and Trademark Office may not be able to process and/or examine your submission, which may
`result in termination of proceedings or abandonment of the application or expiration of the patent.
`
`The information provided by you in this form will be subject to the following routine uses:
`
`1.
`
`2.
`
`3.
`
`4.
`
`5.
`
`6.
`
`7.
`
`8.
`
`The information on this form will be treated confidentially to the extent allowed under the Freedom of Information Act
`(5 U.S.C. 552) and the Privacy Act (5 U.S.C. 552a). Records from this system of records may be disclosed to the
`Department of Justice to determine whether the Freedom of Information Act requires disclosure of these records.
`
`A record from this system of records may be disclosed, as a routine use, in the course of presenting evidence to a
`court, magistrate, or administrative tribunal, including disclosures to opposing counsel in the course of settlement
`negotiations.
`
`A record in this system of records may be disclosed, as a routine use, to a Member of Congress submitting a
`request involving an individual, to whom the record pertains, when the individual has requested assistance from the
`Member with respect to the subject matter of the record.
`
`A record in this system of records may be disclosed, as a routine use, to a contractor of the Agency having need for
`the information in order to perform a contract. Recipients of information shall be required to comply with the
`requirements of the Privacy Act of 1974, as amended, pursuant to 5 U.S.C. 552a(m).
`
`A record related to an International Application filed under the Patent Cooperation Treaty in this system of records
`may be disclosed, as a routine use, to the International Bureau of the World Intellectual Property Organization, pursuant
`to the Patent Cooperation Treaty.
`
`A record in this system of records may be disclosed, as a routine use, to another federal agency for purposes of
`National Security review (35 U.S.C. 181) and for review pursuant to the Atomic Energy Act (42 U.S.C. 218(c)).
`
`A record from this system of records may be disclosed, as a routine use, to the Administrator, General Services, or
`his/her designee, during an inspection of records conducted by GSA as part of that agency's responsibility to
`recommend improvements in records management practices and programs, under authority of 44 U.S.C. 2904 and
`2906. Such disclosure shall be made in accordance with the GSA regulations governing inspection of records for this
`purpose, and any other relevant (i.e., GSA or Commerce) directive. Such disclosure shall not be used to make
`determinations about individuals.
`
`A record from this system of records may be disclosed, as a routine use, to the public after either publication of
`the application pursuant to 35 U.S.C. 122(b) or issuance of a patent pursuant to 35 U.S.C. 151. Further, a record
`may be disclosed, subject to the limitations of 37 CFR 1.14, as a routine use, to the public if the record was filed in
`an application which became abandoned or in which the proceedings were terminated and which application is
`referenced by either a published application, an application open to public inspections or an issued patent.
`
`9.
`
`A record from this system of records may be disclosed, as a routine use, to a Federal, State, or local law
`enforcement agency, if the USPTO becomes aware of a violation or potential violation of law or regulation.
`
`EFSWeb2.1.17
`
`MOBILEIRON, INC. - EXHIBIT 1003
`Page 007
`
`
`
`WO0069120
`
`Publication Title:
`
`MANAGING MULTIPLE NETWORK SECURITY DEVICES FROM A MANAGER
`DEVICE
`
`Abstract:
`
`The present invention is directed to a facility for using a security policy manager
`device to remotely manage multiple network security devices (NSDs). The
`manager device can also use one or more intermediate supervisor devices to
`assit in the management. Security for the communication of information between
`various devices can be provided in a variety of ways. The system allows the
`manager device to create a consistent security policy for the multiple NSDs by
`distributing a copy of a security policy template to each of the NSDs and by then
`configuring each copy of the template with NSD-specific information. For
`example, the manager device can distribute the template to multiple NSDs by
`sending a single copy of the template to a supervisor device associated with the
`NSDs and by then having the supervisor device update each of the NSDs with a
`copy of the template.; Other information useful for implementing security policies
`can also be distributed to the NSDs in a similar manner. The system also allows
`a manager device to retrieve, analyze and display all of the network security
`information gathered by the various NSDs while implementing security policies.
`Each NSD can forward its network security information to a supervisor device
`currently associated with the NSD, and the manager device can retrieve network
`security information of interest from the one or more supervisor devices which
`store portions of the information and then aggregate the retrieved information in
`an appropriate manner.
`
`Courtesy of http://worldwide.espacenet.com
`
`This Patent PDF Generated by Patent Fetcher(Rj, a service of Stroke of Coior, Inc.
`
`MOBILEIRON, INC. - EXHIBIT 1003
`Page 008
`
`
`
`PCT
`INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT)
`WO 00/69120
`
`WORLD INTELLECTUAL PROPERTY ORGANIZATION
`International Bureau
`
`(51) International Patent Classification 7 :
`H04L 12/24, 29/06
`
`(11) International Publication Number:
`
`Al
`
`(43) International Publication Date:
`
`16 November 2000 (16.11.00)
`
`(21) International Application Number:
`
`PCT/US00/09942
`
`(22) International Filing Date:
`
`13 April 2000 (13.04.00)
`
`(30) Priority Data:
`09/307,332
`
`6 May 1999 (06.05.99)
`
`us
`
`(71) Applicant (for all designated States except US): WATCH(cid:173)
`GUARD TECHNOLOGIES, INC. [US/US]; Suite 200, 316
`Occidental Avenue South, Seattle, WA 98104 (US).
`
`(72) Inventors; and
`(75) Inventors/Applicants (for US only): ROTHERMEL, Peter,
`M. [US/US]; 3635 175th Court N.E., Redmond, WA
`98052 (US). BONN, David, Wayne [US/US]; 12324 5th
`Place West, Everett, WA 98204 (US). MARV AIS, Nick,
`T. [US/US]; 18524 Linden Avenue N., Apartment 306,
`Shoreline, WA 98133 (US).
`
`(74) Agents: WHITE, James, A., D. et al.; Perkins Coie LLP, 1201
`Third Avenue, Suite 4800, Seattle, WA 98101-3099 (US).
`
`(81) Designated States: AE, AL, AM, AT, AU, AZ, BA, BB, BG,
`BR, BY, CA, CH, CN, CU, CZ, DE, DK, EE, ES, FI, GB,
`GE, GH, GM, HR, HU, ID, IL, IN, IS, JP, KE, KG, KP,
`KR, KZ, LC, LK, LR, LS, LT, LU, LV, MD, MG, MK,
`MN, MW, MX, NO, NZ, PL, PT, RO, RU, SD, SE, SG,
`SI, SK, SL, TJ, TM, TR, TT, UA, UG, US, UZ, VN, YU,
`ZA, ZW, ARIPO patent (GH, GM, KE, LS, MW, SD, SL,
`SZ, TZ, UG, ZW), Eurasian patent (AM, AZ, BY, KG, KZ,
`MD, RU, TJ, TM), European patent (AT, BE, CH, CY, DE,
`DK, ES, FI, FR, GB, GR, IE, IT, LU, MC, NL, PT, SE),
`OAPI patent (BF, BJ, CF, CG, CI, CM, GA, GN, GW, ML,
`MR, NE, SN, TD, TG).
`
`Published
`With international search report.
`Before the expiration of the time limit for amending the
`claims and to be republished in the event of the receipt of
`amendments.
`
`(54) Title: MANAGING MULTIPLE NETWORK SECURITY DEVICES FROM A MANAGER DEVICE
`
`(57) Abstract
`
`The present invention is directed to a facility for using a security policy manager device to remotely manage multiple network security
`devices (NSDs). The manager device can also use one or more intermediate supervisor devices to assit in the management. Security for
`the communication of information between various devices can be provided in a variety of ways. The system allows the manager device to
`create a consistent security policy for the multiple NSDs by distributing a copy of a security policy template to each of the NSDs and by
`then configuring each copy of the template with NSD-specific information. For example, the manager device can distribute the template to
`multiple NSDs by sending a single copy of the template to a supervisor device associated with the NSDs and by then having the supervisor
`device update each of the NSDs with a copy of the template. Other information useful for implementing security policies can also be
`distributed to the NSDs in a similar manner. The system also allows a manager device to retrieve, analyze and display all of the network
`security information gathered by the various NSDs while implementing security policies. Each NSD can forward its network security
`information to a supervisor device currently associated with the NSD, and the manager device can retrieve network security information of
`interest from the one or more supervisor devices which store portions of the information and then aggregate the retrieved information in an
`appropriate manner.
`
`MOBILEIRON, INC. - EXHIBIT 1003
`Page 009
`
`
`
`Codes used to identify States party to the PCT on the front pages of pamphlets publishing international applications under the PCT.
`
`FOR THE PURPOSES OF INFORMATION ONLY
`
`AL
`AM
`AT
`AU
`AZ
`BA
`BB
`BE
`BF
`BG
`BJ
`BR
`BY
`CA
`CF
`CG
`CH
`CI
`CM
`CN
`cu
`CZ
`DE
`DK
`EE
`
`Albania
`Armenia
`Austria
`Australia
`Azerbaijan
`Bosnia and Herzegovina
`Barbados
`Belgium
`Burkina Faso
`Bulgaria
`Benin
`Brazil
`Belarus
`Canada
`Central African Republic
`Congo
`Switzerland
`Cote d'Ivoire
`Cameroon
`China
`Cuba
`Czech Republic
`Germany
`Denmark
`Estonia
`
`ES
`FI
`FR
`GA
`GB
`GE
`GH
`GN
`GR
`HU
`IE
`IL
`IS
`IT
`JP
`KE
`KG
`KP
`
`KR
`KZ
`LC
`LI
`LK
`LR
`
`Spain
`Finland
`France
`Gabon
`United Kingdom
`Georgia
`Ghana
`Guinea
`Greece
`Hungary
`Ireland
`Israel
`Iceland
`Italy
`Japan
`Kenya
`Kyrgyzstan
`Democratic People's
`Republic of Korea
`Republic of Korea
`Kazakstan
`Saint Lucia
`Liechtenstein
`Sri Lanka
`Liberia
`
`LS
`LT
`LU
`LV
`MC
`MD
`MG
`MK
`
`ML
`MN
`MR
`MW
`MX
`NE
`NL
`NO
`NZ
`PL
`PT
`RO
`RU
`SD
`SE
`SG
`
`Lesotho
`Lithuania
`Luxembourg
`Latvia
`Monaco
`Republic of Moldova
`Madagascar
`The former Yugoslav
`Republic of Macedonia
`Mali
`Mongolia
`Mauritania
`Malawi
`Mexico
`Niger
`Netherlands
`Norway
`New Zealand
`Poland
`Portugal
`Romania
`Russian Federation
`Sudan
`Sweden
`Singapore
`
`SI
`SK
`SN
`sz
`TD
`TG
`TJ
`TM
`TR
`TT
`UA
`UG
`us
`uz
`VN
`YU
`zw
`
`Slovenia
`Slovakia
`Senegal
`Swaziland
`Chad
`Togo
`Tajikistan
`Turkmenistan
`Turkey
`Trinidad and Tobago
`Ukraine
`Uganda
`United States of America
`Uzbekistan
`Viet Nam
`Yugoslavia
`Zimbabwe
`
`MOBILEIRON, INC. - EXHIBIT 1003
`Page 010
`
`
`
`WO00/69120
`
`PCT/US00/09942
`
`MANAGING MULTIPLE NETWORK SECURITY DEVICES
`
`FROM A MANAGER DEVICE
`
`TECHNICAL FIELD
`
`The present invention relates generally to communicating information
`
`5
`
`between computers, and more particularly to using a manager device to remotely manage
`
`multiple network security devices.
`
`BACKGROUND OF THE INVENTION
`
`As computer systems and other network devices (e.g., printers, modems,
`
`and scanners) have become increasingly interconnected, it is increasingly important to
`
`IO
`
`protect sensitive information (e.g., confidential business data, access information such as
`
`passwords, or any type of data stored on certain devices) stored on one network device
`
`from unauthorized retrieval by other network devices. The prevalence of the Internet and
`
`the growth of the World Wide Web have only exacerbated this issue.
`
`One way to address this issue involves the use of network security devices
`
`15
`
`("NSDs") which attempt to control the spread of sensitive information so that only
`
`authorized users or devices can retrieve such information. Some types of NSDs, such as
`
`firewalls and security appliances, have a group of one or more trusted network devices ( or
`
`networks consisting of trusted network devices) which the NSD attempts to protect from
`
`unauthorized external access. These NSDs monitor network information passing between
`
`20
`
`external network devices and the devices in their group of trusted or internal devices. In
`
`addition, these NSDs typically implement a specified security policy by preventing the
`
`passage of unauthorized network information between the external and the trusted devices.
`
`Those skilled in the art will appreciate that network information can be
`
`transmitted in a variety of formats. For example, network information is often transmitted
`
`25
`
`as a series of individual packets of information, such as TCP/IP (Transfer Control
`
`Protocol/Internet Protocol) packets. While such packets will typically include the network
`
`MOBILEIRON, INC. - EXHIBIT 1003
`Page 011
`
`
`
`WO 00/69120
`
`PCT/US00/09942
`
`2
`
`address (e.g., IP address) of the device to receive the information, other data about the
`
`network information (e.g., the specific type of information being requested or sent) may be
`
`difficult to ascertain.
`
`While a properly configured NSD can protect information stored on or
`
`5
`
`accessible from trusted devices, it can be difficult to configure NSDs so that they correctly
`
`implement the desired security policies. One source of difficulty in configuring NSDs
`
`arises from the large number of types of network information which may be encountered.
`
`For example, there are a large number of network services and protocols which external
`
`devices may attempt to provide to trusted devices or access from trµsted devices.
`
`IO
`
`Such network services and protocols include, but are not limited to, Archie,
`
`auth (ident), DCE-RPC (Distributed Computing Environment Remote Procedure Call),
`
`DHCP (Dynamic Host Configuration Protocol) Client and Server, DNS (Domain Name
`
`Service), finger, FTP (File Transfer Protocol), gopher, H.323, HTTP (HyperText Transfer
`
`Protocol), Filtered-HTTP, Proxied-HTTP, ICMP (Internet Control Message Protocol),
`
`15 NNTP (Network News Transfer Protocol), NTP (Network Time Protocol), ping, POP (Post
`
`Office Protocol) 2 and 3, RealNetworks, rlogin, rsh (Remote SHell), SMB (Simple Block
`
`Messaging), SMTP
`
`(Simple Mail Transfer Protocol), SNMP
`
`(Simple Network
`
`Management Protocol), syslog, ssh (Secure SHell), StreamWorks, TCP/IP, telnet, Time,
`
`traceroute, UDP (User Datagram Protocol), VDOLive, WAIS (Wide Area Information
`
`20 Services), who is, and other device-specific services. Those skilled in the art will appreciate
`
`the uses and details of these services and protocols, including the device ports typically
`
`used with the services and protocols and the specified format for such information (e.g., the
`
`TCP/IP packet definition).
`
`Another source of difficulty in configuring NSDs arises from the variety of
`
`25 ways to handle network information of different types. For example, for each type of
`
`service or protocol, a NSD may wish to take different actions for (e.g., allow passage of,
`
`deny passage of, or otherwise manipulate) the corresponding network information of that
`
`service or protocol. The decision to take these different actions can also be based on
`
`MOBILEIRON, INC. - EXHIBIT 1003
`Page 012
`
`
`
`WO 00/69120
`
`PCT/US00/09942
`
`3
`
`additional factors such as the direction of information flow (i.e., whether the network
`
`information is passing from a trusted device or to a trusted device) or on the basis of the
`
`sender or the intended recipient of the information (e.g., whether the network information
`
`is passing from or to specific network devices or is passing from or to any network device
`
`5
`
`of a specified class, such as any external device).
`
`The types of actions to be taken for the monitored network information
`
`(based on the various factors such as the services and protocols being used, the direction of
`
`the information flow, and the classes of devices of the sender and the intended recipient)
`
`provide an initial incomplete security policy. Various device-.specific information is
`
`10
`
`necessary to configure a particular NSD with a specific security policy that can be
`
`implemented by the device. The device-specific information which must typically be
`
`specified to create a specific security policy includes, for example, the network address of
`
`the NSD and the network addresses of some or all of the trusted devices. If a particular
`
`network service is to be provided to external devices by a trusted device, such as FTP
`
`15
`
`access, information about the trusted FTP server must also be available to the NSD.
`
`A user such as a system administrator typically defines the specific security
`
`policy for a NSD by determining the services and protocols of interest and then configuring
`
`the NSD to protect the trusted devices as appropriate. However, configuring an NSD can
`
`be time-consuming, and any mistakes in the configuration (e.g., failure to define how a
`
`20
`
`particular service should be handled, or allowing default behaviors to allow passage of
`
`network information) can compromise the ability of the NSD to protect sensitive
`
`information. Thus, the need for system administrators to configure each NSD can cause
`
`various problems.
`
`When it is necessary to configure large numbers of NSDs, such problems
`
`25
`
`are only exacerbated. If the security policies across some or all of the NSDs should be
`
`consistent (e.g., multiple devices in use by a single company), the likelihood of mistakes
`
`increases. If the system administrator merely copies the specific security policy from one
`
`NSD to another, mistakes may occur in re-specifying
`
`the various NSD-specific
`
`MOBILEIRON, INC. - EXHIBIT 1003
`Page 013
`
`
`
`WO00/69120
`
`PCT/US00/09942
`
`4
`
`configuration information. Alternately, if the system administrator attempts to re-create the
`
`general security policy