US 7,418,504 B2
`Page 3
`
`W. Stall ings, “New Cryptography and Network Security Book", Jun.
`8, 1998, 3 pages.
`Fasbcndcr,Kcsd0gan, and Kubitz: “Variable and Scalable Security:
`Protection ofLocation Information in Mobile IP”, IEEE publication,
`1996, pp. 963-967.
`Linux F1‘eeS.’WAN Index File, printed [torn hLLp:!fliberty.l"recswan.
`org/freeswan trecsifrccswafl.-l.’3fdocr' on Feb. 21, 2002, 3 Pages.
`J. Gilmore, “Swan: Securing the Internet against Wirotapping”,
`printed from-i 1-rttp:2'/libcrty.frecswan.o1'g/freeswan_ trees/fieeswan-
`l.3.v'doc1'rationale.hI:ml on Feb. 21, 2002, 4 pages.
`Glossary for the Linux FreeS."W'AN project, printed from httpzff
`iiber‘ty.£reeswa.n.org/J'.'reesws.n,
`trees/freeswan-1 3!doc.-‘glossary.
`htrnl on Feb. 21, 2002,25 pages.
`Alan 0. Frier et al., “The SSL ProtucolVersi0n 3.0”, Nov. 18, 1996,
`printodfrom http:.v'.fwww.netscape.con1.."eng/ss13.’d.ra.tt302.txt onFeb.
`4, 2002, 56 pages.
`Search Report (dated Aug. 20, 2002), International Application No.
`PC'I‘.’US0l!043-40.
`Search Report (dated Aug. 23, 2002), International Application No.
`PCTiUS0l.v'132-60.
`Shree Murthy et a.l., “Congestion-Oriented Shortest Multipath Rout-
`ing", Proceedings of IEEE INFOCUM, 1995, pp. 1028-1036.
`Jim Jones et a1., “Distributed Denial of Service Attacks: Defenses",
`Global Integrity Corporation, 200D,pp. 1-14.
`James E. Bellaire, "New Statement of Rules—Naming Internet
`Domains". Internet Newsgroup, Jul. 30, 1995, 1 page.
`D. Clark, “US Calls for Private Domain-Narne System", Cornputer,
`IEEE Computer Society, Aug. 1, 1998, pp. 22-25.
`August Bequai, “Balancing Legal Concerns Over Crime and Security
`in Cyberspace”, Computer & Security, vol. 17, No. 4, 1998, pp.
`2.93 -298.
`Rich Winkel, "CAQ: Networldnig With Spooks: The NET & The
`Control Of Information", Internet Newsgroup, Jun. 21,
`I997, 4
`pages.
`
`Search Report (dated Oct. '7, 2002), International Application No.
`PCT/USOI/1326 1.
`
`F. Hnlsall, “Data Conununications, Computer Networks And Open
`Systems”, Chapter 4, Protocol Basics, 1996, pp. 198-203.
`Reiter, hriichael K. and Rubin, Aviel I). (.4l‘l‘&'l' I.ahs—Research),
`“Crowds: Anonymity fo1' Web Tra.nsmissoins", pp. 1-23.
`Dolev. Shlomi audostrovsky, Rafi], “F.'lTIcient Anonymous Mtilticast
`and R.eception”(Extended Abstract), 16 pages.
`Rubin. Avie] D., Greer, Daniel, and Rsnurn, Marcus J. (Wiley Com-
`puter Publishing), “Web Security Sourcebook”, pp. 82-94.
`Fasbonder, Kesdogan, and Kubitz: “Variable and Scalable Security"
`Protection of Location Inforntstion in Mobile IP, IEEE publication.
`1996, pp. 963-967.
`Eastlake, D. E., “Domain Naine System Secu.rit'y Extensions”,
`Internet Draft, Apr. 1998, XPU02 199931, Sections 1, 2.3 and 2.4.
`RFC 2401 (dated Nov. 1998) Security Architecture for the Internet
`Protocol (RTP).
`RFC 2543-SIP (dated Mar. 1999): Session initiation Protocol (SIP or
`SIPS).
`Search Report, {PER (dataed Nov. 13, 2002). International Applica-
`tion No. PCTIUSOI/04340.
`Search Report, IPER (dated Feb. 6, 2002), Intomaiional Application
`No. PCT/'US[}1f13261.
`
`Search Report, IPER (dated. Jan. I4, 2003), International Application
`No. PCTITISO lfl32fi0.
`
`Shankur, A.U. “Averified sliding windowprotocol with variable finw
`control". Proceedings of ACM SIGCOMM conference on Commu -
`nications architectures & protocols. pp. 84-91, ACM Press, NY, NY
`1986.
`
`W. Stallings, “Crytography and Network Security", 2nd., Edition,
`Chapter 13, IP Security, Jun. 3, 1998, pp. 399-440.
`
`Copy provided bv USPTO from the PIFIS lmaue Database on O3.’28:‘2D1 1
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1940
`PXO1 0_OOO0O4
`
`VXCHJO56855
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1940
`
`

`
`US. Patent
`
`Aug. 26, 2008
`
`Sheet 1 of 40
`
`US 7,418,504 B2
`
`ORIGINATING
`TERMINAL
`
`M
` IP ROUTER
`
`iP ROUTER
`£2.
`
`31
`I _
`
`up ROUTER
`A
`
`|P Rowen
`E
`
`up ROUTER
`A
`
`
`
`
`
`‘P ROUTER
`33
`
`IPROUTER
`25
`
`INTERNET
`ml
`
`
`
`
`
`IP ROUTER
`
`.21
`
`IP ROUTER
`E
`
`IP ROUTER
`.3;
`
`up ROUTER
`
`£52.
`
`.
`
`
`
`48 ENCRYPTION KEY
`
`
`M
`
`
`
`DEST|NA'l10N
`TERMINAL
`
`FIG. 1
`
`4
`
`Com! nrovlded bv USPTO from the PIFIS lmaue Database on 0312812011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1941
`PXO10_OOOOO5
`R
`R
`R
`
`VXO0O56856
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1941
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 2 of 40
`
`US 7,418,504 B2
`
` TARP
`TERMINAL
`E
`
`
`
`
`
`TARP
`ROUTER
`
`
`
`
`
` TARP
`ROUTER
`124
`
` TARP
`TERMINAL
`
`
`
`
`m
`
`FIG. 2
`
`copy provided by USPTO from the PIFIS Image Database on 032812011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1942
`PXO10_OOO0O6
`L
`L
`
`VXO0O56857
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1942
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 3 of 40
`
`US 7,418,504 B2
`
`2°73
`
`2071»
`
`207::
`
`201:1
`
`' ° '
`
`INTERLEAVE WINDOW
`
`
`
` ‘\-330 SESSION-KEY-ENCRYPTED
`PAYLOAD DATA
`
`“\a4n TARP PACKET WITH
`ENCRYPTED PAYLOADS
`
`4\‘- 350 LINK-KEY-ENCRYPTED
`TARP PACKETS
`
`4\‘ 360 IP PACKETS WI
`EN CRYPTED TARP
`PACKETS AS PAYLOAD
`
`
`
`
`
`
`
`TARP
`DESTlNATi0N
`
`TARP
`ROUTER B
`
`
`Copy provided by USPTO1ron1 the PIES Image Database on 03l28.v’2011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1943
`P><010_ooooo7
`L
`L
`
`VXOCIO56858
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1943
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 4 of 40
`
`US 7,418,504 B2
`
`207a
`
`207b
`
`207a
`
`2071:!
`
`- - 0
`
`A//3'30 DATASTREAM
`
`I]i—I}i_I]i___: ‘ ‘ "
`
` ‘
`
`I 5 .3" "‘--523 ENCRYPTED BLOCK
`DIVIDED INTO PAYLOADS
`INTERLEAVED
`
`517
`__
`|NTERLEA_.V’aE_ WI >
`_ _
`
`«B7-‘-"-“' ' '4'
`'"1‘ “‘\523 ENCRYPTED BLOCK
`DIVIDED INTO PAYLOADS
`INTERLEAVED
`
`'
`
`'
`
`
`'=:"-""3"-' ""\34o TARP PACKETS WITH
`ENCRYPTED PAYLOADS
`
`Copy pruvided by USPTO from the PIFI5 lmae Database on B3-'28.f2011
`
`PXO10_OOOé;%titi0ne1‘ Apple Inc. — Exhibit 1002, p. 1944
`
`VXO0O5(-3859
`
`“N520 BLOCK-ENCRYPTED
`SESSION-KEY) PAYLOAD
`EQUENCE
`‘‘‘~- 522 ENCRYPTED BLOCK
`DIVIDED mm PAYLOADS
`
`
`
`_
`
`'1'
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1944
`
`

`
`U.S. Patent
`
`Aug. 26, 2003
`
`Sheet 5 of 40
`
`Us 7,41 8,504 B2
`
`TARP TRANSCEIVER
`
`NETWORK (IF) LAYER
`M
`
`fl ONE ALTERNATIVE TO
`
`COMBINE
`TARP PROCESSING
`WITH OIS IP
`PROCESSOR
`
`OTHERALTERNATIVE
`T0 COMBINE
`TARP PROCESSING
`WITH D.L. PROCESSOR
`(e.g.. BURN mo BOARD
`PROM)
`
`TARP LAYER
`
`__
`
`DATA LINK LAYER
`
`FIG. 4
`
`T
`
`‘:1
`
`I
`
`_
`
`--- W-
`
`450
`DATA LINK
`PROTOCOL WRAPPER
`
`copy provided by USPTO irom the PIRS Imaue Daiabase on 0312812011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1945
`PX010_000009
`E
`E
`E
`
`VXO0O5686O
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1945
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 6 of 40
`
`US 7,41 8,504 B2
`
`BACKGROUND LOOP - DECOY
`GENERATION
`
`PACKET
`
`AUTHENTICATE TARP
`
`OUTER LAYER DECRYPTION
`OF TARP PACKET USING
`LINK KEY
`
`DUMP DECOY
`
`
`
`
`
`
`
`
`
`CHECK FOR DECOY AND
`
`INCREMENT PERISHABLE
`
`DECOY COUNTER AS
`
`APPROPRIATE
`
`
`
`
`
`TRANSMIT DECOY?
`
`YES
`
`DECREMENT
`TTL TTL > 0?
`
`35
`
`S7
`
`
`
`DETERMINE DESTFNATION
`GENERATE NEXT-HOP TARP
`TARP ADDRESS AND STORE
`ADDRESS AND STORE LiNK
`
`KEY AND P ADDRESS
`LINK KEY AND IF ADDRESS
`
`
`
`
`GENERATE NEXT-HOP TARP
`ADDRESS AND STORE LINK
`KEYAND IP ADDRESS
`
`GENERATE IP HEADER
`AND TRANSMIT
`
`
`
`S10
`
` S11
`
`FIG. 5
`
`CODV Drflvided hv USPTO from the PIRS Imaae Daiabase on 03!2B.'2011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1946
`PXO10_OOO01 O
`
`VXO0O5(-3861
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1946
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 7 of 40
`
`US 7,418,504 B2
`
`BACKGROUND LOOP - DECOY
`GENERATION
`
`S20
`
`GROUP RECEIVED IP PACKETS
`INTO INTERLEAVE WINDOW
`
`S21
`
`DETERMINE DESTINATION TARP
`ADDRESS, INITIALIZE TIL, STORE
`IN TARP HEADER
`
`S22
`
`RECORD WINDOW SEQ. NOS.AND
`INTERLEAVE SEQ. NOS. IN TARP
`HEADERS
`
`S23
`
`CHOOSE FIRST HOP TARP
`ROUTER, LOOK UP IP ADDRESS
`AND STORE IN CLEAR IP HEADER.
`OUTER LAYER ENCRYPT
`
`S24
`
`INSTALL CLEAR IP HEADER AND
`TRANSMIT
`
`S25
`
`FIG. 6
`
`Copy provided by USPTO from the PIFIS Jmaaa Database on 03/28/2011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1947
`PXO1 0_0OOO‘I ‘I
`
`VXOOO56862
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1947
`
`

`
`U.S. Patent
`
`Aug. 25, 2003
`
`Sheet 8 of 40
`
`US 7,418,504 B2
`
`DIVIDE BLOCK INTO PACKETS
`USING WINDOW SEQUENCE
`DATA, ADD CLEAR IP HEADERS
`GENERATED FROM TARP
`HEADERS '
`
`S49
`
`HAND COMPLETED IP PACKETS
`T0 !P LAYER PROCESS
`
`350
`
`BACKGROUND LOOP - DECOY
`GENERATION
`
`340
`
`AUTHENTICATE TARP PACKET E
`RECEIVED
`
`
`
`s42
`
`DECRYPT OUTER LAYER
`ENCRYPTION wnm LINK KEY
`
`s43
`
`INCREMENT PERISHABLE
`COUNTERIFUECOY
`
`544
`
`THROW AWAY DECOY OR KEEP
`IN RESPONSE TUALGORITHM
`
`s45
`
`CACHE TARP PACKETS um
`WINDOWIS ASSEMBLED
`
`545
`
`DEINTERLEAVE PACKETS
`FORMING wmnow
`
`547
`
`DECRYPT BLOCK
`
`545
`
`FIG. 7
`
`Copy provided by USPTU from the PIFIS Imaae Database on 0312312011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1948
`PXO10_000O12
`E
`E
`E
`
`VXOO056863
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1948
`
`

`
`U.S. Patent
`
`Aug. 25, 2008
`
`Sheet 9 of 40
`
`US 7,418,504 B2
`
`(_‘,|_[ENT
`'[ERM|NA[_
`30-;
`
`SSYN
`PACKET
`321
`
`SSYN ACK
`PACKET
`822
`
`SSYN ACK
`ACK PACKET
`823
`
`
`
`1325
`SECURE SESSION
`INITIATION ACK
`
`B24
`SECURE SESSION
`INETIATION
`
`F I G. 8
`
`CODV nrovided bV USPTO from the PIRS lrnacle Database on 03l2Bf2fl11
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1949
`PXO10_OOOO13
`S
`S
`
`VXO0O56864
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1949
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 10 of 40
`
`US 7,418,504 B2
`
`CLIENT 1 /X TARP
`ROUTER
`
`RECEWE TABLE
`TRANSMIT TABLE
`924
`921
`3 21.42
`
`131.213.204.93
`131.213.204.221
`131.213.204.139
`131.213.204.12
`
`-
`I
`-
`-
`
`131.213.204.35
`131.213.204.97
`131.213.204.133
`131.213.204.55
`
`131.213.204.93
`131.213.204.221
`131.213.204.139
`131.213.204.12
`
`I
`0
`-
`0
`
`131 .213.204.35
`131.213.204.97
`131.213.204.135
`131.213.204.55
`
`TRANSMIT TABLE
`RECEIVE TABLE
`923
`922
`I -
`
`131 .213.204.131
`131.213.204.513
`131.213.204.201
`131.213.204.119
`
`0
`0
`0
`-
`
`131.213.204.39
`131.213.204.212
`131.213.204.127
`131.213.204.49
`
`131.213.204.131
`131.213.204.53
`131.213.204.201
`131.213.204.119
`
`0
`0
`0
`o
`
`131.213.204.139
`131.213.204.212
`131.213.204.127
`131.213.204.49
`
`Copv provided by USPTO from the PIHS lmaae Database on 0312202011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1950
`PXO10_OOOO14
`E
`E
`
`VXO0O56865
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1950
`
`

`
`U.S. Patent
`
`Aug. 26, 2003
`
`Sheet 11 of 40
`
`US 7,418,504 B2
`
`FIG. 10
`
`
`Cow provided by USPTO from {he PIFIS Imaae Database on 03/28/2011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1951
`PXO10_OOOO15
`L
`L
`L
`
`VXO0O56866
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1951
`
`

`
`U.S. Patent
`
`Aug. 26,2008
`
`Sheet 12 of 40
`
`US 7,418,504 B2
`
`E
`
`3:
`
`3:
`
`§mmg§I_..%
`
`aemzGEE.__3$1322:.53
`
`5§§<n__.55E“wagen__sgom
`
`ma9%5__§a
`
`223.5
`
`:.dz
`
`22.ms:__
`
`so::2.Eagaaima
`
`2_m£§_§_._am
`
`$%_E_2&__
`
`Ea_;_§_D
`
`go:as§m%a:_.$_25%..‘
`
`.__mesa
`
`
`
`2:2:5203:
`
`
`
`a%_E§:
`
`
`
`(2:§mg2,__§3m
`
`12§_;_§_._2$32.__E9
`
`NE
`
`Nafi_§><n_
`
`5:
`
`S:
`
`8:
`
`8:
`
`2:
`
`
`
`E3:ass;mzmxm
`
`
`
`$31$5mafia
`
`Com! provided by USPTO from the PIFIS lmana Database an 031283201 1
`
`Petitioner
`PXO10_OOO01 6
`
`Apple Inc. — Exhibit 1002, p. 1952
`
`VXO0O56867
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1952
`
`
`
`
`
`
`
`
`
`
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 13 of 40
`
`US 7,418,504 B2
`
`n_m
`
`§E
`
`fig
`
`fig
`
`ali
`
`5%
`
`zo_E_§
`
`<2
`
`om
`
`Copy provided by USPTO from the PIES Image Database on 03:'28.'2011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1953
`PX010 000017
`0
`0
`0
`
`VXOCIO56868
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1953
`
`

`
`U.S. Patent
`
`Aug. 26,2008
`
`Sheet 14 of 40
`
`US 7,418,504 B2
`
`HARDWARE
`ADDRESSES
`
`‘P A'3”RE3SE3
`
`DISCRIMINATOR FIELD
`VALUES
`
`°“”"E§,}’,§‘§'E°
`
`CAN BE VAREED
`IN sYNc
`
`
`
`
`CAN BE VARIED
`IN SYNC
`
`SAME FOR ALL MODES
`
`OR %(fiE|EFJELY
`
`°““‘,,,,B§,‘,’,,'§*('§'E“
`
`F”‘E'3 FOR EACH VP“
`
`
`
`CAN BE VARIED
`IN SYNC
`
`CAN BE VARIED
`EN sYNc
`
`CAN BE VARIED
`IN SYNC
`
`F I G. 1 2B
`
`EMB0%'fMEm
`
` MODE
`
`1. PROMISCUOUS
`
`
`
`.
`cuous
`2 PRr%r3'§PN
`
`3. HARDWARE
`HOPPING
`
`Copy provided by USPTO from the PIHS Image Daiahase on 031231201 1
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1954
`PXO10_0OOO18
`E
`E
`E
`
`VXOCIO56869
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1954
`
`

`
`U
`
`SM32
`
`82
`
`N2;
`
`tnmaP
`
`0mwm,wm.A
`
`7,
`
`2B4m
`
`E_,m_s
`
`mafiamm;m=2
`
`ESE
`
`mt02
`
`s,EOEM95%
`
`
`
`Dz;az_m_§
`
`.2ea
`
`2.:
`
`.2om
`
`Egg
`
`52
`
`52
`
`<:53
`
`wmmaoamegan__
`
`E52.55n__
`
`magoza
`
`.zo_EEa_:
`
`m_3§z>m
`
`n_s_Eon_E>_~_.__
`
`@_.V__.__a
`
`azézm
`
`ease
`
`32
`
`82
`
`Copy provided by USPTD from the PIFIS lmaua Database on IJ3.f2B:'2o‘l 1
`
`Petitioner
`PXO10_OOO01 9
`
`Apple Inc. — Exhibit 1002, p. 1955
`
`VXO0O5687D
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1955
`
`
`
`
`
`
`
`
`
`

`
`US. Patent
`
`Aug. 26, 2008
`
`Sheet 16 of 40
`
`US 7,418,504 B2
`
`CURRENT IP PAIR "*——-_
`
`IP PAIR1
`IP PAIRZ
`
`TRANSMITTER
`
`CURRENT IF PAIR
`
`c|<pt_u
`c|cpLn
`
`SENDER'S ISP
`
`REC|P|ENT'S1SP
`
`KEPT IN SYNC FOR SENDER T0 RECIPIENT SYNCHRONIZER <- --------------------- -- -*
`
`
`
`KEPT IN SYNC FOR RECIPIENT TO SENDER SYNCHRONIZER <--:---—?—-F
`
`FIG. 14
`
`Copy provided by LISPTO tram the PIFIS [mane Database on 03/28/2011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1956
`PX010_000020
`E
`E
`E
`
`VXOCIO56871
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1956
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 17 of 40
`
`US 7,418,504 B2
`
`@
`
`@ WHEN SYNCHRONIZATION
`BEGINS TRANSMIT (RETRANSMTT
`§$fiE§".¥E3'fis‘$HE‘I5%6‘u°“°”’
`TRAN§Mt1TER CHECKPOINT IP
`
`NEW RECEIVER RESPONSE
`CHECKPOINT ckpt_r
`
`#
`
`# WHEN SYNC_ACK
`ARRIVES WITH JNCOMING
`gEfiE§§T=E°§3§W"
`CHECKPOINTIP PAIR
`ckpt_n iN TRANSMITTER
`
`SYNC_REO
`
`lw
`
`wY¥fiEfl§gflfi-GRfiE$%'E:Es
`
`W
`
`.UpDATE WINDOW
`,GENERATE NEW
`CHECKPOINT IP PAIR
`ckpt_n IN RECEIVER
`&$.E'é$<T=‘%TfifiE“£A.a
`
`USING NEW CHEC—KPO|NT
`‘F’ PM‘ '*P*—'
`
`FIG. 15
`
`
`Copy provided by USPTD from the PIH3 Image Database on 03/28.’2011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1957
`PX010_000021
`E
`E
`E
`
`VXOCIO56872
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1957
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 13 of 40
`
`US 7,418,504 B2
`
`
`
`FIG. 16
`
`I
`
`Copy provided by USPTO from the PIFIS Image Database on 0312812011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1958
`PX010_000022
`L
`L
`
`VXOCIO56873
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1958
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 19 of 40
`
`US 7,418,504 B2
`
`—T
`
`IIIIIIIIIIJ
`C
`
`000
`
`WlNDOW_S|ZE WIIIIIIIIA INACTIVE
`
`-111111110714 0 ’*°T"’E
`E
`'11111.Vr11114
`USED
`711111111114
`%1111111r4
`
`. 0
`
`O
`
`W|NDOW__S|ZE
`
`VIIIIIIIIIIQ
`
`I
`
`Gonv provided by USPTO irorn the PIFIS lmaue Database on o3r2ar2o11
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1959
`PXO10_OOOO23
`L
`L
`L
`
`VXO0O56874
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1959
`
`

`
`U.S. Patent
`
`Aug. 26,2008
`
`Sheet 20 of 40
`
`US 7,418,504 B2
`
`—e
`VIIIIIIII
`
`C C
`
`WIIIIIIIIIIA
`WIIIIIIIIIIA.
`WIIIIIIIIIIA
`TIIIIIIIJIIJ.
`
`E
`
`USED
`
`I C
`
`000
`
`WIN DOW_S|ZE
`
`w'”°°“"S'ZE
`
`Copy provided by USPTO from the PIHS Image Daiahase on 0312812011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1960
`PX010_000024
`L
`L
`
`VXO0O56875
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1960
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 21 of 40
`
`US 7,418,504 B2
`
`INACTIVE
`
`J ACTIVE
`Q usen
`
`F[
`
`WIIIIIIIIIIJ
`
`I I
`
`000
`
`VIIIIIITIIIJ
`UWIIIIIIIIIJ
`VIIIIJIIIE
`
`WINDOW_S|ZE
`
`O
`
`TIIHIIIIIIII
`TIIITIIIIIJ
`TIIIIIIIIIIA
`VIIIIIIIIIIIJ.
`TIAIIIITIIA
`
`WlNDOW_S1ZE
`
`000
`
`
`
`TIIIIJFIIIII
`
`FIG. 19
`
`Copy provided by USPTO from the PIFIS Image Database on 03.’23:'2(|11
`
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1961
`PXO1 0_OOO02 5
`
`VXO0O56876
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1961
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 22 of 40
`
`US 7,418,504 B2
`
`“||||E%|||||"
`COMPUTER
`
`12EC\I
`
` 2005
`
`2011 FIG.20
`
`
`Copy provided by USPTO from the PIFIS Image Database on D3.f2Sl2D11
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1962
`PX01 0_0 0002 6
`
`VXOO056877
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1962
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 23 of 40
`
`US 7,418,504 B2
`
`
`
`
`AD TABLE
`
`IP1
`irfa
`
`IP2
`134
`
`AE TABLE
`
`
`
`AF TABLE -2103
`BB TABLE
`
`
`
`
`
`
`2101
`
`2102
`
`2104
`
`2105
`
`2105
`
`2107
`
`2108
`
`LINK DOWN
`
`BE TABLE
`
`BF TABLE
`
`2100/
`
`cu TABLE %
`
`CE TAB LE
`
`FIG. 21
`
`
`Copy provided by USPTO from the PIFIS Image Database on 03.'28:'201 1
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1963
`PX010_000027
`
`VX00056878
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1963
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 24 of 40
`
`US 7,418,504 B2
`
`
`
`MEASURE
`QUALITY OF
`TRANSMISSION
`PATH X
`
`
`
`MORE THAN
`ONE TRANSMITTER
`TURNED ON?
`
`PATH X
`QUALITY < THRESHOLD?
`
`SET WEIGHT
`NO
`
`T0 MIN. VALUE
`
`2203
`
`
`
`DECREASE WEIGHT
`FOR PATH X
`
`PATH X
`WEIGHT LESS THAN
`STEADY STATE
`VALUE?
`
`
`
`
`
`
`
`
`INCREASE
`WEIGHT FOR PATH X
`TOWARD STEADY
`STATE VALUE
`
`
`
`
`ADJUST WEIGHTS
`FOR REMAINING
`PATHS SO THAT
`WEIGHTS EQUAL ONE
`ms
`
`
`
`FIG. 22A
`
`
`Copy provided by USPTO from the PIRS image Database on 031281201 1
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1964
`PXO1 0_0OO O2 8
`
`VXOCIO56879
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1964
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 25 of 40
`
`US 7,418,504 B2
`
`2210
`
`
`
`(EVENT) TRANSMITTER
`FOR PATH X
`TURNS OFF
`
`
`
`
`
`
`DROP ALL PACKETS
`UNTIL ATRANSMITTER
`
`TURNS ON
`
`AT LEAST
`ONE TRANSMITTER
`TURNED ON?
`
`
`
`SET WEIGHT
`TO ZERO
`
`ADJUST WEIGHTS
`FOR REMAINING PATHS
`SO THAT WEIGHTS
`EQUAL ONE
`
`FIG. 22B
`
`
`Copy provided by IJSPTCI from the PIFIS Image Database on 03l28.»'2011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1965
`PX010_000029
`A
`A
`A
`
`VXOOO5688O
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1965
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 26 of 40
`
`US 7,418,504 B2
`
`2308
`
`PATH x1 _
`
`TRANSMIT TABLE
`3
`D
`
`2302
`
`
`
`
`2301
`
`
`
`LINK QUALITY
`MEASUREMENT
`FUNCTION
`
`FIG. 23
`
`Copy provided by USPTO from the PJHS Image Database on 03/2312011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1966
`PXO1 0_OOOO3O
`
`VXOO056881
`
`
`PACKET
`
` TRANSMITTER
`
`PATH X4
`:1:I11 :1E-:rn —I5F
`
`s
`D
`L
`$==."
`3--
`==='-I
`'w ===|
`===
`/4
`PO(A3ca{D
`
`
`
`
`
`PACKET
`RECHVER
`
`
`
`W (X1) = 0-2
`W(X2)=0-1
`
`w(x4)=o.1
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1966
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 27 of 40
`
`US 7,418,504 B2
`
`2401
`
`COMPUTER
`
`2402
`
`COMPUTER.
`
`1
`
`Copy provided by USPTO {mm the PIFIS Image Dalahase on 0312812011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1967
`PX010_000031
`2
`2
`
`VX00056882
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1967
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 28 of 40
`
`US 7,418,504 B2
`
`2502
`
`2501
`
`2504
`
`V WEB
`BROWSER
`
`
`
`PAGE RESP
`
`
`
`FIG. 25
`(PRIOR ART)
`
`1 Copy provided by USPTO from the PIRS Image Database on 031281201 1
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1968
`PX010_000032
`L
`L
`
`VXOCIO56883
`
`
`DNS RESP
`PAGE REQ
`
`
`
`
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1968
`
`

`
`U.S. Patent
`
`Aug. 26,2008
`
`Sheet 29 of 40
`
`US 7,418,504 B2
`
`
`BROWSER
`
`WEB
`
`
`
`DNS
`SERVER
`
`DNS
`PROXY
`
`I_
`
`2602
`
`2603
`
`
`
`
`
`RULES
`
`GATE KEEPER
`
`HOPPING
`
`
`
`
`UNSECURE
`TARGET
`SITE
`
`2611
`
`FIG. 26
`
` Copy provided by USPTO from the PIFIS Image Database on D3i28!2IJ1 1
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1969
`PXO10_0O0O33
`E
`E
`E
`
`VXOO056884
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1969
`
`

`
`U.S. Patent
`
`Aug. 26, 2003
`
`Sheet 30 of 40
`
`US 7,418,504 B2
`
`
`
` RECEIVE
`DNS REQUEST
`FOR TARGET SITE
`
`3701
`
`
`
`
`
`
`ACCESS TO
`SECURE SITE
`REQUESTED?
`
`PASS THRU
`REQUEST TO
`DNS SERVER
`
` USER
`
`AUTHORIZED TO
`CONNECT?
`
`RETURN
`"HOST UNKNOWN"
`ERROR
`
`2705
`
`ESTABLISH
`VPN WITH
`TARGET SITE
`
`
`
`
`FIG. 27
`
`
`Copy provided by USPT01rom than PIFIS Image Database on 0332812011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1970
`PX01 0_000O34
`
`VXOOO56885
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1970
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 31 of40
`
`Us 7,418,504 B2
`
`2303
`
`2801
`
`HOST
`COMF'UTER#1
`
`
`
`
`2804
`
`HOST
`COMPUTER #2
`
`FIG. 28
`
`
`copy provided by USPTO from the PIFIS Image Database on D3!2BI2o11
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1971
`PX010_000035
`L
`L
`
`VX00056886
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1971
`
`

`
`US. Patent
`
`Aug. 26, 2003
`
`Sheet 32 of 40
`
`US 7,418,504 B2
`
`2901
`
`HOST COMPUTER #1
`
`TX
`
`Rx
`
`5
`
`Copy provided by USPTO from the PIFIS Image Database on 03.’2B}2011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1972
`PX010_000036
`L
`L
`L
`
`VXOOO56887
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1972
`
`

`
`US. Patent
`
`Aug. 26, 2003
`
`Sheet 33 of 40
`
`US 7,418,504 B2
`
`FIG.30
`
` copy provided by USPTO from the PIFIS Image Database on 0312812011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1973
`PX010_000037
`L
`L
`L
`
`VXOOO56888
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1973
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 34 of 40
`
`US 7,418,504 B2
`
`3103
`
`
`
`CLIENT #1
`
`
`3106
`
`
`
`CLIENT #2
`
`HACKER
`
`
`
`Copy provided by USPTO from he PIFIS Imaqe Database on 0Gi2BI2011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1974
`PX010_000038
`
`VX00056889
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1974
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 35 of40
`
`US 7,418,504 B2
`
`CLIENT
`
`SERVER
`
`SEND DATA PACKET
`
`usms ckpt_n
`CKPT.0=ckp1.n
`GENERATENEWckp1_n
`START TIMER, SHUTTRANSMITTER
`OFF
`
`E
`|FCKPT.0 IN SYNCACK
`
`M|$TCHE3TRANSM|T1ER‘S
`
`t 0
`c
`UPDATE REcEwER's
`ckpt_r
`IGLLTIMER. TURN
`TRANSMITTER ON T
`
`SEND DATA PACKET
`usme ckpt_n
`ckpt_omt_n
`GENERATE NEW ckpl_n
`START TIMER. SHUT TRANSMITTER
`OFF
`
`I,';f,?§¥;1%.§';,$fi“§-.513
`“""‘—°'ST"R"'”ER
`
`JF ckpt_o IN SYNC_ACK
`MATCHES TRANSMITI'ER'S
`
`ckpLo
`UPDATE RECEIVERS
`
`ckp1_r
`KILL TIMER. TURN
`TRANSMFFTER ON
`
`PASS DATAUPSTACK
`ckpt_o=ckpl n
`GENERATE-NEW gkp{_n
`GENERATE NEW ckpt_rFOR
`TRANSMITTERSJDE
`TRANSMITSYNC ACK
`
`conmmmg ckpfo
`
`
`
`GENERATENEWckpt_n
`GENERATE NEW ckpt_r FOR
`TRANSMITFER SIDE
`TRANSMIT SYNC_ACK
`CONTAINING L‘kpt_o
`
`FIG. 32
`
`
`copy provided by USPTO from the PIFIS Image Database on 0312312011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1975
`PXO10_0O0O39
`E
`E
`E
`
`VXOO056890
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1975
`
`

`
`U.S. Patent
`
`Aug. 26, 2003
`
`Sheet 36 of 40
`
`US 7,418,504 B2
`
`am
`
`can
`
`mgaw
`
`.§_2
`
`:2
`
`as
`
`22$.
`
`§_§_
`
`88E
`
`T
`
`95em_28E$_o.__§.m
`
`:23E5E5
`
`2%
`
`:8
`
`3%
`
`28in
`
`32_o_u_
`
`ILas
`
`53
`
`53%
`
`E3”8
`
`88
`
`fan.32
`
`Copy provided by USPTO from ihe PIFIS Image Database on 0328/2011
`
`Petitioner A
`PX01 0_oooo4o
`
`pple Inc. — Exhibit 1002, p. 1976
`
`VXOCIO56891
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1976
`
`
`
`

`
`U.S. Patent
`
`Aug. 26,2008
`
`Sheet 37 of 40
`
`US 7,418,504 B2
`
`s4u\o‘
`
`3401
`
` DISPLAY WEB PAGE
`
`CONTAINING G0
`SECURE HYPERLINK
`
`
`
`'
`
`LAUNCH LINK TO
`.CoM SITE
`
`DOWNLOADAND
`INSTALL PLUG-IN
`
`CLOSE CONNECTEON
`
`3404
`
`3405
`
`3406
`
` R
`
`NINIIIIIIIIRIIIIIEIRJSRSIEILE
`‘
`DOMAIN NAME
`U
`
`3407
`
`3412
`
`.
`
`D|SPLAY SECURE ICON
`
`ACCESS SECURE PORTALAND
`SECURE NETWORKAND SECURE DNS
`
`3403
`
` TERMINATE
`SECURE
`
`“'0_ CONNECTION
`
`
`.
`
`3413
`
`'
`
`CSEIN SI1ES%uRE COMPUTER NETWORK
`DEE
`EOE SECURE WEE SEE
`
`ACCESS GATE KEEPER AND RECEIVE
`PARAMETERS FOR ESTABLISHING VPN
`Wm‘ SECURE “"'EE3”E
`
`CONNECT T0 SECURE WEBSITE
`USING VPN BASED ON PARAMETERS
`ESTABLISHED av GATE KEEPER
`
`3409
`
`gm
`
`3411
`
`YES
`REPLACE SECURE TOP-LEVEL
`DOMAIN NAME WITH NON-SECURE
`TOP—LEVEL DOMAIN NAME
`
`T
`
`3414
`
`3415
`
`DISPLAY “GO SECURE“ HYPERLINK
`
`E1’
`
`FIG. 34
`
`Copy provided by USPTO from the PIHS Image Database on 03f28i2011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1977
`PXO10_000O41
`A
`A
`A
`
`VXOO056892
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1977
`
`

`
`U.S. Patent
`
`Aug. 26, 2003
`
`Sheet 33 of 40
`
`US 7,41 8,504 132
`
`3500
`
`\*
`
`
`REQUESTOR ACCESSES WEBSITE
`
`
`AND LOGS mm SECURE
`DOMAIN NAME REGISTRY SERVICE
`
`3501
`
`REQUESTER COMPLETES ONLINE
`REGISTRATION FORM
`
`
`
`QUERY STANDARD DOMAIN NAME
`SERVICE REGARDING OWNERSHIP
`OF EQUIVALENT NON-SECURE
`DOMAIN NAME
`
`RECEIVE REPLY FROM STANDARD
`DOMAIN NAME REGISTRY
`
`
`
`3505
`
`NO
`
`INFORM REOUESTOR
`OF CONFLICT
`
`3506
`
`
`
`VERIFY INFORMATION AND
`ENTER PAYMENT INFORMATION
`
`350?
`
`REGISTER SECURE DOMAIN NAME
`
`
`
`3508
`
`FIG. 35
`
`
`
`1 copy provided by USPTO from the PIFIS Image Database on 0312312011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1978
`PX010_000042
`A
`A
`A
`
`VXOOO56893
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1978
`
`

`
`U.S. Patent
`
`Aug. 26, 2003
`
`Sheet 39 of 40
`
`US 7,418,504 B2
`
`WEB SERVER
`
`SERVER PROXY
`
`3811
`
`
`3610
`
`VPN GUARD
`
`
`
`COMPUTER NETWORK
`
`3502
`
`
`
`
`
`3607
`
`
`
`3603
`
`3601
`
`FIREWALL
`
`‘ BROWSER I PROXYAPPLICATION I
`
`3606
`
`3605
`
`CLIENT COMPUTER
`
`FIG. 36
`
`3604
`
` L
`
`Copy provided by USPTO from the PIFIS Image Database on 03I28/2011
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1979
`PXO10_OOOO43
`R
`R
`R
`
`VX00056894
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1979
`
`

`
`U.S. Patent
`
`Aug. 26, 2008
`
`Sheet 40 of 40
`
`US 7,418,504 B2
`
`3700
`
`GENERATE MESSAGE PACKETS
`
`3701
`
`MODIFY MESSAGE PACKETS WITH PRIVATE
`CONNECTION DATA AT AN APPLICATION LAYER
`
`'
`
`3702
`
`SEND To HOST COMPUTER
`THROUGH FIREWALL
`
`RECEIVE PACKETS AND AUTHENTICATE
`AT KERNEL LAYER OF HOST COMPUTER
`
`RESPOND TO RECEIVED MESSAGE
`PAcKETS AND GENERATE REPLY
`MESSAGE PACKETS
`
`MODIFY REPLY MESSAGE PACKETS WITH
`PRIVATE CONNECTION DATA AT A
`KERNEL LAYER
`
`SEND PACKETS TO CLIENT COMPUTER
`THROUGH FIREWIRE
`
`RECEIVE PACKETS AT CLIENT
`COMPUTER AND AUTHENTICATE AT
`APPLICATION LAYER
`
`FIG. 37
`
`3703
`
`3704
`
`3705
`
`3705
`
`3707
`
`3708
`
`l
`c°PY Provided by USPTO from The PIFIS Image Database on oaT2sx2o11
`
`Petitioner Apple Inc. — Exhibit 1002, p. 1980
`PXO10_0O0O44
`A
`A
`
`VXOO056895
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1980
`
`

`
`US 7,413,504 B2
`
`1
`AGILE NETWORK PROTOCOL FOR SECURE
`COIVINIUNICATIONS USING SECURE
`DOMAIN NAMES
`
`CR()SS—RFi1*'liRE.NCE TO I{ELA'l'liD
`APPLICALTIONS
`
`This application claims priority from and is a continuation
`patent application of US. application Ser. No. 09/558,210,
`filed Apr. 26, 2000 now abandoneed, which is a continuation-
`in-part patent application ofpreviously-filed U.S. application
`Ser. No. 09f504,'?83, filed on lieh. l 5, 2000, 11owU.S. Pat. No.
`6,502,135, issued Dec. 3 1, 2002, which claims priority from
`and is a continuation-in-part patent application ofpreviously-
`filed US. application Scr. No. 09/429,643, filed on Oct. 29,
`1999 now US. Pat. No. 7,010,604. The subject matter ofU.S.
`application Ser. No. 09/429,643 , which is bodily incorporated
`herein, derives from provisional U.5. application Nos.
`60/106,261 (filed Oct. 30, 1 998) and 602'] 37,704 (filed Jun. 7,
`1999). Tl1e present application is also related to U.S. appli-
`cation Ser. No. U9f558,209, l'llodApr. 26, 2000, and which is
`incorporated by reference herein.
`
`GOVERNIVIENT CONTRACT RIGHTS
`
`This invention was made with Government support under
`Contract No. 3600004 999-000000-QC-000-000 awarded by
`the Central Intelligence./kgency. The Government has certain
`rights in the invention.
`
`BACKGROUND OF THE INVENTION
`
`A tremendous variety of methods have been proposed and
`implemented to provide security and anonymity for commu-
`nications overthe Internet. The variety stems, in part, from the
`different needs of different Internet users. A basic heuristic
`framework to aid in discussing these diiferent security tech-
`niqucs is illustrated in FIG. 1 . Two tcrrninals, an originating
`term.ina]100 and a destination tc.rminal110 arc in communi-
`cation over the Internet. It is desired for the communications
`to be secure, that is, immune to eavesdropping. For example,
`terminal 100 may transmit secret information to terminal 110
`over the Internet 107. Also, it may be desired to prevent an
`eavesdropper from discovering that terminal 100 is in com-
`munication with terminal 11!]. For example, ifterminal 100 is
`a user and terminal 110 hosts a web site, terminal 100’s user
`may not want anyone in the intervening networks to know
`what web sites he is “visiting.” Anonymity would thus he an
`issue, for example, for companies that want to keep their
`market research interests private and thus would prefer to
`prevent outsiders from knowing which web-sites or other
`Internet resources they are “visiting.” These two security
`issues may be called data security and anonymity, respec-
`tivcly.
`Data security is usually tackled using some form of data
`encryption. An encryption key 48 is known at both the origi-
`nating and terminating terminals 100 and 110. The keys may
`be private and public at the originating and destination termi-
`nals 100 and 110, respectively or they may he symmetrical
`keys (the sa.u.1e key is used by both parties to encrypt and
`decrypt). Many encryption methods are known andusable in
`this context.
`To hide traffic from a local administrator or ISP, a user can
`employ a local proxy server in communicating over an
`encrypted channel with an outside proxy such that the local
`administrator or ISP only sees the encrypted trafric. Proxy
`servers prevent destination servers from determining the
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`identities of the originating clients. This system employs an
`intermediate server interposed between client and destination
`server. The destination server sees (ally the Internet Protocol
`(IP) address ofthe proxy server and not the originating client.
`The target server only sees the address of the outside proxy.
`This scheme relies on a trusted outside proxy server. Also,
`proxy schemes are vulnerable to traflic analysis methods of
`detemiining identities of transmitters and receivers. Another
`important limitation ofproxy servers is that the server knows
`the identities of both calling and called parties. In many
`instances, a.n originating terminal, such as terrninal A, would
`prefer to keep its identity concealed from the proxy, for
`example, ifthe proxy server is provided by an Internet service
`provider (ISP).
`To defeat Lraflic analysis, a scheme called Cl1aum's mixes
`employs a proxy server that transmits and receives fixed
`]engtl1meSsuges,iru:luding dummy messages. Multiple origi-
`nating terminals are connected through a mix (a server) to
`multiple target servers. It is diflicult to tell which of the
`originating terminals are communicating to which ofthe con-
`nected target servers, and l.l1e durnrny ntessages confuse
`eavesdroppers’ efforts to detect communicating pairs by ana-
`lyzing traffic. A drawback is that there is a risk that the mix
`server could be compromised. One way to deal with this risk
`is to spread the trust among multiple mixes. If one mix is
`compromised, the identifies of the originating and target ter-
`minals may remain concealed. This strategy requires a num-
`ber of alternative mixes so that the intermediate servers inter-
`posed between the originating and target terminals are not
`determinable except by compromising more than one mix.
`The strategy wraps the message with multiple layers of
`encrypted addresses. The first mix in a sequence can decrypt
`only the outer layer of the message to reveal the next'dest:i-
`nation mix in sequence. The second mix can decrypt the
`message to reveal the next mix and so on. The target server
`receives the message and, optionally, a multi-layer encrypted
`payload containing return information to send data back in
`the same fashion. The only way to defeat such a mix scheme
`is to collude among mixes. If the packets are all fixed—length
`and intermixed with dummy packets, there is no way to do
`any kind of traffic analysis.
`Still another anonymity technique, called ‘crowds,’ pro-
`tects the identity of the originating terminal from the inter-
`mediate proxies by providing that originating terminals
`helongto groups ofproxies called crowds. The crowd proxies
`are interposed between originating and target terminals. Each
`proxy through which the message is sent is randomly chosen
`by an upstream proxy. Each intermediate proxy can send the
`message either to another randomly chosen proxy in the
`“crowd" or to the destination. Thus, even crowd members
`cannot determine ifu preceding proxy is the originator ofthe
`message or if it was simply passed from another proxy.
`ZKS (Zero-Knowledge Systems) Anonymous ll? Protocol
`allows users to select up to any of five different pseudonyms,
`while desktop software encrypts outgoing traffic and wraps it
`in User Datagram Protocol (UDP) packets. The first server in
`'a 2+-hop system gets the UDP packets, strips off one layer of
`encryption to add another, then sends the traflic to the next
`server, which strips olf yet another layer of encryption and
`adds a new one. The user is permitted to control the number of
`hops. At the final server, trafiic is decrypted with an unnece-
`able IP address. The technique is called onion-routing. This
`method can be defeated using traflic analysis. For a simple
`example, bursts ofpackets fro m. a user during low-duty peri-
`ods can reveal the identities of sender and receiver.
`Fircwalls attempt to protect LANS from unauthorized
`access and hostile exploitation or damage to computers con-
`
`cern provided by USPTO from the pins Image Database on 0312312011
`
`Petitioner
`PX010_000045
`
`Apple Inc. — Exhibit 1002, p. 1981
`
`VX00O56896
`
`Petitioner Apple Inc. - Exhibit 1002, p. 1981
`
`

`
`US 7,413,504 B2
`
`3
`nected to the LAN. Firewalls provide a server through which
`all access to the LAN must pass. Firewalls are centralized
`systems that require administrative overhead to maintain.
`They can be compromised by virtual-machine applications
`(“applets”). They instill a false sense ofsecurity that leads to
`security breaches for example by users sending sensitive
`information to servers outside the firewall or encouraging use
`of modems to sidestep the firewall security. Firewalls are not
`useful for distributed systems such as business travelers,
`extranets, small teams, etc.
`
`SU'l\fl\«1ARY OF THE INVENTION
`
`A secure mechanism for communicating over the irllctnet,
`including a protocol referred to as the TunncledAgi.le Routing
`Protocol (TARP), uses a unique two—1ay