(12) United States Patent
`Schneider et al.
`
`US006408336B1
`US 6,408,336 B1
`*Jun. 18,2002
`
`(10) Patent N0.:
`(45) Date of Patent:
`
`(54)
`
`(76)
`
`DISTRIBUTED ADMINISTRATION OF
`ACCESS TO INFORMATION
`
`Inventors: David S. Schneider, 5338 Hinton Ave.,
`Woodland Hills, CA (US) 91367;
`Michael B. Ribet, 3525 Cass Ct. #617,
`Oak Brook, IL (US) 60523; Laurence
`R. Lipstone, 22724 Sparrow Dell Dr.,
`Calabasas, CA (US) 91302; Daniel
`Jensen, 6853 Encino Ave., Van Nuys,
`CA (US) 91406
`
`(*)
`
`Notice:
`
`This patent issued on a continued pros
`ecution application ?led under 37 CFR
`1.53(d), and is subject to the tWenty year
`patent term provisions of 35 U.S.C.
`154(a)(2).
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`(21)
`(22)
`
`(60)
`
`(51)
`(52)
`(58)
`
`(56)
`
`Appl. No.: 09/034,507
`Filed:
`Mar. 4, 1998
`
`Related US. Application Data
`Provisional application No. 60/039,542, ?led on Mar. 10,
`1997, and provisional application No. 60/040,262, ?led on
`Mar. 10, 1997.
`
`..... .. G06F 15/16; G06F 9/00
`Int. Cl.7 ................... ..
`
`US. Cl. ................... ..
`................. .. 709/229; 713/201
`
`Field of Search ...... ..
`....................... .. 709/225, 229;
`713/201; 345/335, 969, 741_743
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`_
`Smith .......................... .. 707/1
`Nishikado et al.
`707/8
`707/1
`Janis .............. ..
`711/163
`Janis .... ..
`Janis ___________________________ __ 707/1
`
`9/1990
`4,956,769 A *
`4/1991
`5,012,405 A *
`5,263,157 A
`* 11/1993
`5,263,158 A
`* 11/1993
`5,263,165 A
`* 11/1993
`
`(List continued on neXt page.)
`
`FOREIGN PATENT DOCUMENTS
`
`W0
`
`W0 96 05549 A
`
`2/1996
`
`........... .. G06F/1/00
`
`OTHER PUBLICATIONS
`
`Computer Dictionary, 2d ed., Microsoft Press, Redmond,
`Washington, p. 215, Oct. 1993*
`
`(List continued on neXt page.)
`
`Primary Examiner—Zarni Maung
`Assistant Examiner—AndreW CaldWell
`(74) Attorney, Agent, or Firm—Gordon E. Nelson
`(57)
`ABSTRACT
`
`A scalable access ?lter that is used together With others like
`it in a virtual private netWork to control access by users at
`clients in the netWork to information resources provided by
`servers in the netWork. Each access ?lter use a local copy of
`an access control data base to determine Whether an access
`request made by a user. Changes made by administrators in
`the local copies are propagated to all of the other local
`copies. Each user belongs to one or more user groups and
`each information resource belongs to one or more informa
`tion sets. Access is permitted or denied according to of
`access policies Which de?ne access in terms of the user
`groups and information sets. The rights of administrators are
`similarly determined by administrative policies. Access is
`further permitted only if the trust levels of a mode of
`identi?cation of the user and of the path in the netWork by
`Which the access is made are suf?cient for the sensitivity
`level of the information resource. If necessary, the access
`?lter automatically encrypts the request With an encryption
`method Whose trust level is suf?cient. The ?rst access ?lter
`in the path performs the access check and encrypts and
`authenticates the request; the other access ?lters in the path
`do not repeat the access check.
`
`48 Claims, 31 Drawing Sheets
`
`U.S. PATENT DOCUMENTS
`
`5,652,787 A * 7/1997 O’Kelly .................... .. 379/112
`5,720,033 A * 2/1998 Deo ......................... .. 713/200
`5,787,427 A * 7/1998 Benantar et al. ............. .. 707/9
`5,787,428 A * 7/1998 Hart ............................ .. 707/9
`
`DEFINBEOEJSERS
`
`_
`
`DEggqCEULéSéER
`805
`7*
`
`ADD USERS
`To GBIZ‘SUPS
`
`Q
`
`DEFINE
`RESOURCES
`
`5%
`
`DEFINE
`INFORMATION
`SETS
`B1_1
`
`ADD
`RESOURCES
`TO SETS
`
`5.13
`
`CREATE
`POLICIES
`@?
`
`Petitioner Apple Inc. - Ex. 1020, p. 1
`
`
`Schneider et al.
`
`US006408336B1
`US 6,408,336 B1
`*Jun. 18,2002
`
`(10) Patent N0.:
`(45) Date of Patent:
`
`(54)
`
`(76)
`
`DISTRIBUTED ADMINISTRATION OF
`ACCESS TO INFORMATION
`
`Inventors: David S. Schneider, 5338 Hinton Ave.,
`Woodland Hills, CA (US) 91367;
`Michael B. Ribet, 3525 Cass Ct. #617,
`Oak Brook, IL (US) 60523; Laurence
`R. Lipstone, 22724 Sparrow Dell Dr.,
`Calabasas, CA (US) 91302; Daniel
`Jensen, 6853 Encino Ave., Van Nuys,
`CA (US) 91406
`
`(*)
`
`Notice:
`
`This patent issued on a continued pros
`ecution application ?led under 37 CFR
`1.53(d), and is subject to the tWenty year
`patent term provisions of 35 U.S.C.
`154(a)(2).
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`(21)
`(22)
`
`(60)
`
`(51)
`(52)
`(58)
`
`(56)
`
`Appl. No.: 09/034,507
`Filed:
`Mar. 4, 1998
`
`Related US. Application Data
`Provisional application No. 60/039,542, ?led on Mar. 10,
`1997, and provisional application No. 60/040,262, ?led on
`Mar. 10, 1997.
`
`..... .. G06F 15/16; G06F 9/00
`Int. Cl.7 ................... ..
`
`US. Cl. ................... ..
`................. .. 709/229; 713/201
`
`Field of Search ...... ..
`....................... .. 709/225, 229;
`713/201; 345/335, 969, 741_743
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`_
`Smith .......................... .. 707/1
`Nishikado et al.
`707/8
`707/1
`Janis .............. ..
`711/163
`Janis .... ..
`Janis ___________________________ __ 707/1
`
`9/1990
`4,956,769 A *
`4/1991
`5,012,405 A *
`5,263,157 A
`* 11/1993
`5,263,158 A
`* 11/1993
`5,263,165 A
`* 11/1993
`
`(List continued on neXt page.)
`
`FOREIGN PATENT DOCUMENTS
`
`W0
`
`W0 96 05549 A
`
`2/1996
`
`........... .. G06F/1/00
`
`OTHER PUBLICATIONS
`
`Computer Dictionary, 2d ed., Microsoft Press, Redmond,
`Washington, p. 215, Oct. 1993*
`
`(List continued on neXt page.)
`
`Primary Examiner—Zarni Maung
`Assistant Examiner—AndreW CaldWell
`(74) Attorney, Agent, or Firm—Gordon E. Nelson
`(57)
`ABSTRACT
`
`A scalable access ?lter that is used together With others like
`it in a virtual private netWork to control access by users at
`clients in the netWork to information resources provided by
`servers in the netWork. Each access ?lter use a local copy of
`an access control data base to determine Whether an access
`request made by a user. Changes made by administrators in
`the local copies are propagated to all of the other local
`copies. Each user belongs to one or more user groups and
`each information resource belongs to one or more informa
`tion sets. Access is permitted or denied according to of
`access policies Which de?ne access in terms of the user
`groups and information sets. The rights of administrators are
`similarly determined by administrative policies. Access is
`further permitted only if the trust levels of a mode of
`identi?cation of the user and of the path in the netWork by
`Which the access is made are suf?cient for the sensitivity
`level of the information resource. If necessary, the access
`?lter automatically encrypts the request With an encryption
`method Whose trust level is suf?cient. The ?rst access ?lter
`in the path performs the access check and encrypts and
`authenticates the request; the other access ?lters in the path
`do not repeat the access check.
`
`48 Claims, 31 Drawing Sheets
`
`U.S. PATENT DOCUMENTS
`
`5,652,787 A * 7/1997 O’Kelly .................... .. 379/112
`5,720,033 A * 2/1998 Deo ......................... .. 713/200
`5,787,427 A * 7/1998 Benantar et al. ............. .. 707/9
`5,787,428 A * 7/1998 Hart ............................ .. 707/9
`
`DEFINBEOEJSERS
`
`_
`
`DEggqCEULéSéER
`805
`7*
`
`ADD USERS
`To GBIZ‘SUPS
`
`Q
`
`DEFINE
`RESOURCES
`
`5%
`
`DEFINE
`INFORMATION
`SETS
`B1_1
`
`ADD
`RESOURCES
`TO SETS
`
`5.13
`
`CREATE
`POLICIES
`@?
`
`Petitioner Apple Inc. - Ex. 1020, p. 1
`
`
`
`US 6,408,336 B1
`Page 2
`
`5,796,951 A * 8/1998 Hamner et al- ----------- -- 709/223
`2 i
`éilsepg er 9% ~~~~~~~~~~~~~ ~~
`
`We et a . ............. ..
`
`’
`’
`709/226
`5,859,978 A * 1/1999 Sonderegger et a1.
`5,862,325 A : 1/1999 Reed et a1. ............... .. 709/201
`2 *
`‘bygeigignere’tlg'let a1‘
`5,941,947 A * 8/1999 Brown et a1‘ ~~~~~~~~~~~~~ n 709025
`5,991,807 A * 11/1999 Schmidt et a1.
`709/225
`
`6,085,191 A * 7/2000 Fisher et al. . . . . . .
`
`. . . . .. 707/9
`
`~~~~ " 707/9
`6,105,027 A * 8/2000 Schneider et a1‘
`713/168
`6,178,505 B1 * H2001 Schneider et aL
`6,253,251 B1 * 6/2001 Benantar et a1. __________ __ 709/315
`
`OTHER PUBLICATIONS
`
`Edwards, K., “Policies and Roles in Collaborative Applica
`tions,” Proc. of the ACM 1996 Conf. on Computer Sup
`ported Cooperative Work, pp. 11—20, Nov. 1996.*
`Lampson, B., et al., “Authentication in Distributed Systems:
`Theory and Practice,” Proc. of the 13th ACM Symp. on
`Operating Systems Principles, pp. 165—182, Oct. 1991.*
`Gladney, H., “Access Control for Large Collections,” ACM
`Trans. on Information Systems, vol. 15, No. 2, pp. 154—194,
`Apr. 1997.*
`Shen, H., et al., “Access Control for Collaborative Environ
`ments,” Conf. Proc. on Computer—Supported Collaborative
`Work, ACM, pp. 51—58, Nov. 1992*
`Reiter, M., et al., “Integrating Security in a Group Oriented
`Distributed System,” Proc. of Research in Security & Pri
`vacy, 1992, IEEE, pp. 18—32, May 1992.*
`
`Toy, M., “AT&T’s Electronic Mail Service for Government
`Users—FTS2000MAIL,” Globecom ’92, IEEE, vol. 2, pp.
`
`950—957 D . 1992.*
`’
`66
`Che_fun Yu, Access Control and authorization plan for
`customer control of netWork services, in: IEEE Global
`Telecommunications Conference and exhibition, Conference
`Record, V01- 2, PP- 862—869
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`PCT/US98/04522, Partial international search, With 1nd1ca
`tions of relevance of the references cited above. (PCT/US98/
`04522 has the same Speci?cation as the application in Which
`this IDS is being ?led).
`
`CheckPoint FireWall—1TM White Paper, Version 2.0—Jun.
`1995. http://WWW.integralis.co.uk/checkpnt/?reWall/White.
`Checkpoint FireWall—1, http://WWW.metadigm.co.uk/fWl/.
`1996 Metadigm Ltd.
`
`Commercial FireWalls and Related FW Products, http://
`hp735c.csc.cuhk.hk/?reWall.html. Mar. 23, 1996.
`
`Five Domains of NetWork Security, Technical OvervieW of
`the
`Eagle,
`http://WWW.raptor.com/
`T22NZ.Z56DAM.BF3AQD.F2.
`FireWalls and Security Related Information, http://WWWna
`cisa.nato.int/FWVENDORHTM.
`
`* cited by examiner
`
`Petitioner Apple Inc. - Ex. 1020, p. 2
`
`
`
`US. Patent
`
`S
`
`13f0
`
`3
`
`1B
`
`m:
`
`mm>mmm
`
`-mm:
`
`3%,
`
`5va
`
`333%
`
`258
`
`
`
`2$52as..........ESE$80‘‘‘‘‘‘‘m.9805?.film5.........$82mmmmwmm,158ESE.......E.mom$52mBusmmm52%;;
`
`
`
`
`
`észz.
`
`1IIIaEmoamsgmm5.3.5me
`
`0N:$22as
`
`3|<E2889:
`
`xmm:
`W,EEE4:5;_._n_
`
`E0252.
`
`
`
`4,\lf'lllll/MEmsU3vax5252
`E0252._<zmm:z_
`
`
`
`Petitioner Apple Inc. - EX. 1020, p. 3
`
`Petitioner Apple Inc. - Ex. 1020, p. 3
`
`
`
`
`
`
`US. Patent
`
`Jun. 18, 2002
`
`Sheet 2 0f 31
`
`US 6,408,336 B1
`
`Umom
`
`38w
`
`58m
`
`Amvmom
`
`$5:882E5:88%ESE$82$5:$82
`
`
`E?52mi:102210«.5572
`
`..’i!ll.-m9
`
`mmlll.5N
`
`FltE32
`
`
`
`
`-B-.M.--B-_M.--6-_MI-Fln
`
`
`
`Eonmm5:8maxoé5:8E522
`
`
`
`.M-mEmH.mDmE8NBN8Nema3mgH$2722$233$2232
`
`
`$5:$82mm—mm—cfiwmmEMme
`3%-B-.M---3-.MI.H.M
`
`
`
`AMI
`
`
`
`
`
`...IuEMF-Ewwwoo<
`
`$5:$82
`
`
`
`Pm2va.@MI0_M-
`
`83m.55ZO_._.<SEOH_Z_an
`
`SI
`
`l5
`
`
`
`
`
`
`
`.WIFIN-m-.mW.-.W.N.9“—
`
`Petitioner Apple Inc. - EX. 1020, p. 4
`
`Petitioner Apple Inc. - Ex. 1020, p. 4
`
`
`
`
`
`
`
`
`US. Patent
`
`m
`
`mm.m,
`
`mM3
`
`0004,6SU
`
`1B633,
`
`20E.EIsommEmma
`
`
`
` g>039;wwwoo<
`
`zo_.~<s_mon_z_
`
`a9mm
`
`zO_._.<S_mOn_z_
`
`mmom30mmm
`
`alum
`
`mom>039”.
`
`
`J8““:LIEmoEmw:
`.z__>_o<
`
`Emma
`
`mnSOEO
`
`%
`
`>m<z§mo
`
`EmnSOmo
`
`1mm:
`
`-EfiZmQ
`
`ZO_._.<0
`
`Omz.
`
`wla
`
`>039.
`
`
`
`mmxgz>O_._On_
`
`%>030m
`
`m.mE
`
`\Ill'\f|||||J
`
`mmm:
`
`mnSOmO
`
`m5
`
`Petitioner Apple Inc. - EX. 1020, p. 5
`
`Petitioner Apple Inc. - Ex. 1020, p. 5
`
`
`
`S
`
`1B633,
`
`£5
`
`UIquF2:.
`
`aHn:“u6EQ0Sun...
`8II.......mE.mWEI...
`
`m$5:332
`
`US. Patent
`
`n.HJ
`
`4w
`
`3va
`
`
`
` mmmhdmwmmoo<
`
`
`
`VEO>>>mz
`
`.I--.:“u2.._._..I..”“_._......._8,n1_
`2uflu“_...I.u.-._0.My_a»...0Wm.
`
`%Em?
`
`e55:$83.
`
`f,uu“II..-0_
`
`_.__I.IIn...
`I_l|.._.IflluxI_W»...a_#4.“...
`
`"WUWIII_II-.:I3in”._:.II.?
`.II._IIIII
`
`1.1IIQ_.-.II.I_I"u..rm2.
`
`”FM".”u.IIIIII._
`am"...1x“_
`
`“.INFIII_.II.IomIIIImI
`
`.#1I4v.....
`
`"qua...._I..umIIIJI
`.IIJ.“Fm,».
`
` hm"4.uxh.”THAI".._.IIIIIII_______
`
`IIIIIIIIII%L.
`
`H\\.\\é
`IlIlIl
`
`II.\I1
`
`
`
`my...“mm2<0m
`
`.r1-I._JIM.._mum.--“
`.1\IIu_”‘___.
`
`“.IMIuFIII._.II”Imam...
`
`IIL__JrI
`
`ll—.u___
`
`___NEG_”IIIII.-_I“
`
`WQIIJ_.-I:3._._Ilu_____II..‘_
`__.m..._u"Lana...
`HI.__rIIII
`
`38v
`
` >o_._OmmmhmflzmmmZE
`
`mmmoo<
`
`mm0<z<§
`
`
`
`Qmovmmdoz<m9
`
`
`
`—muSEwmmood
`
`anmo
`
`"we".-..u
`"1....”u——_
`
`—__wall.I...IH."PM...
`
`-fillu-J—_u—an"._:II..._ruu.n.IIII
`
`
`
`“Wu..---n-$4.qu
`_.Pu.
`
`Petitioner Apple Inc. - EX. 1020, p. 6
`
`Petitioner Apple Inc. - Ex. 1020, p. 6
`
`
`
`
`
`US. Patent
`
`Jun. 18, 2002
`
`Sheet 5 0f 31
`
`US 6,408,336 B1
`
`1-..---LL0..1n.u....¢m_uuuuuuEmov_L.-0-.......:.L-WWLW...Ll..LL£00.00...-LL...00...LL0..HL.0..0_.LLLawn--.7-.._LLawn.-.”1|“.mL00-10-.NflumLnnnnnn
`
`
`
`
`.,_.--0.0L..2.0.0....ELLLL......._._ELLL....0.0.0...LLLL--LL11LLLL.LNI...111110”-0th._uuuuuuNah-0._......will...._IIIIII
`
`
`L-...--......L...me00...L010..-.LL...WW-LL10LL..L..0L0L-..-..W..0...0LL.L0L-.-.
`
`
`
`.700..-r:|__.L,u0u..Ill.
`
`
`
`
`_TWNULIL".wfiduc__L""HIEIIcI»»u__|||‘“"_WIVHWIIInIIZIIx:
`
`
`
`
`
`_..-.,.0......flL
`
`_
`
`IIIII:
`
`_
`
`0...“...00.L0710-111-0000--.._...................
`
`
`LM.-:LL?LLL.LL000;._LLILLLamt-LEmmmoo<LL_-mmyzLuLmmmOO<L
`
`
`00mm.0---L............--00000L_.............n-----L
`
`.
`
`L.
`C)
`u)
`
`
`
`
`
`IIIII’1IJUL0.l.In4III._IHIII:NOV.......mm_H—...mnfl.L£90.00...LWML__..0»...00.
`.llllllH.1IJU..
`
`
`-“HQ—04'fil|.__lll“
`
`
`
` "fidnlt1IIIIII‘_0.._._.....IJ._Hum-IV__uHm-n0.Narnia....Lu0'»L.J.0|:0....1.“Iilll.llI0_I._11h.EmsILay-..-.......LLLB----..-L_.-.....L
`
`T"
`9'1“
`
`Petitioner Apple Inc. - EX. 1020, p. 7
`
`_-----------------.----mL-m-o-,Wz-WW,L.....L.....WWL-WLWLNLWLLEL
`
`__._.
`
`
`
`
`
`
`
`
`
`flIlv||a||||IIlIIIIIL>O_.LOn_nLDvLO<mL>O_._OnLmmhm<§Llllllllllllllllllll
`
`[I
`LLl
`'—
`:1LL.
`U)
`(J)
`Lu
`C.)
`
`O<
`
`me>262
`
`$5.:$82LLN$5:$803
`
`-HHHHHHHHmeL-WMLTW----...-........H..H..L-.m-L.L.m-o-z.<2:
`
`
`
`.mmL>L<Om
`
`Petitioner Apple Inc. - Ex. 1020, p. 7
`
`
`
`
`
`U.S. Patent
`
`Jun. 18,2002
`
`Sheet 6 6f 31
`
`US 6,408,336 B1
`
`
`
`00% Kr kr
`
`@ .mE
`
`6% ms 28%8 m5 666m
`6% 6; 25:26 8% 65% 5
`
`9 28;; 216m 22a
`
`262 962 255
`
`m8 wow
`
`
`
`5:835:64. E3252 E2555 E2552 Ema \ 63c.
`
`
`
`
`
`
`
`72,3 252%
`
`Petitioner Apple Inc. - Ex. 1020, p. 8
`
`
`
`US. Patent
`
`Jun. 18, 2002
`
`Sheet 7 0f 31
`
`US 6,408,336 B1
`
`
`
`
`
`a55m$82W-mm+.4._wwmm._mfi.mW-m.w+.4._wmmm.wwm.m
`
`
`
`€952magi!85:6mmduz<
`
`
`
`_2.5:“.mu53E.rimmmszom
`@vam9
`
`.8-.3”Eu
`
`0mELmomaommm9;:.fl.
`
`humomm
`
`>.:>_._._mzww
`
`hum—0mm
`
`'5'
`'1?
`“9-
`MM.“
`II
`17:!
`I
`
`€85-m
`
`mmFL."
`
`
`
`emus—n.wwmoo<
`
`
`
`ImmwW522;m.....Eomwm----.mflh.-%._.4.om_.u.esfi.w532E552
`
`Petitioner Apple Inc. - EX. 1020, p. 9
`
`Petitioner Apple Inc. - Ex. 1020, p. 9
`
`
`
`
`
`
`U.S. Patent
`
`Jun. 18,2002
`
`Sheet 8 0f 31
`
`US 6,408,336 B1
`
`DEF'NE
`RESOURCES
`8Q
`
`I
`DEF'NE
`INFORMATION
`SETS
`81_1
`
`I
`
`ADD
`RESOURCES
`TO SETS
`M
`
`DEFINE USERS
`803
`_
`
`U
`DEFINE
`GROULéSSER
`805
`*
`
`V
`
`ADD USERS
`TO GROUPS
`807
`_
`
`Sol
`
`CREATE
`POLICIES
`5i
`
`Fig. 8
`
`Petitioner Apple Inc. - Ex. 1020, p. 10
`
`
`
`US. Patent
`
`Jun. 18, 2002
`
`Sheet 9 0f 31
`
`US 6,408,336 B1
`
`Eggs.a.
`25%wow299m3850
`285:8.528:282%e262%
`
`
`
`II"mcozEzmoEm:
`
`mBEbEEEgmm
`
`5525@
`
`
`
`"£320.3:
`
`oofioomdomdmv
`
`omfoomdomdm—
`
`mtdomdomdmw
`
`oowdomdomdmr
`
`mmwdomdomdmw
`
`omwdoudcwdmw
`
`vFFrF
`
`a;E30383
`838.08%
`368.03%
`338.08%
`33038.3F636863
` Eflmoi225233&EEEEmoEmEBm>m@-F:ooNcom.9:
`
`
`I-omm
`towmcotmmsmcm
`
`m2Efi
`
`35:5
`
`cozmfimEBoo
`
`
`
`tonqnm:08.
`
`EcodommaemwE.
`
`2959003fl
`
`om
`
`Petitioner Apple Inc. - EX. 1020, p. 11
`
`Petitioner Apple Inc. - Ex. 1020, p. 11
`
`
`
`US. Patent
`
`Jun. 18, 2002
`
`Sheet 10 0f 31
`
`US 6,408,336 B1
`
`
`IIIII.I.III.IIIIIAIIII.III%:5.0!
`3533:98I'll5222:858BE
`
`Hmcgs@%.95EME®
`22mea«2.5::Euse:a3525m
`
`mEmEtmamommh
`223:3”.@20:83W.
`
`
`
`
`
`.mmuhzommmo_nm__m><”3mm350me
`
`IE5%:
`
`E2585;§El
`
`9.mi
`
`Petitioner Apple Inc. - EX. 1020, p. 12
`
`Petitioner Apple Inc. - Ex. 1020, p. 12
`
`
`
`
`US. Patent
`
`uJ
`
`200
`
`11teehS
`
`f
`
`04,6SU
`
`1B63
`
`2,EF/222w>>o=<
`
`n.>55
`8525m3.8::—a95m5525wMBofiszEu.a
`“w60....23:858SE
`03:05Em:
`
`
`E5%;
`
`F2385;5..EI
`
`“SEE.m
`
`
`
`Petitioner Apple Inc. - EX. 1020, p. 13
`
`Petitioner Apple Inc. - Ex. 1020, p. 13
`
`
`
`US. Patent
`
`Jun. 18, 2002
`
`Sheet 12 0f 31
`
`US 6,408,336 B1
`
`i228mm:
`
`
`
` mm2m>53$:3Ommgm>€536m©
`
`E5.52
`
`
`
`
`
`
`
`I’lllllglll’llll’la$33a20.3gE2,852,.2EI
`
`$828:50BEIan.I3839“.285thBEES
`883$28«6:55Eogwwmm993D
`.253.2asm385EEuE
`
`EBEQEEE.8390am:m>_fi:w_c_Eu<
`
`3a2.5FEEBIIII
`
`>325.83552BED
`
`n:SEED
`
`
`
`330E28:0.5:8.68ucwgwmflfimmm
`
`
`
`>o__0n_02D
`
`Petitioner Apple Inc. - EX. 1020, p. 14
`
`Petitioner Apple Inc. - Ex. 1020, p. 14
`
`
`
`
`US. Patent
`
`Jun. 18, 2002
`
`Sheet 13 0f 31
`
`US 6,408,336 B1
`
`fi)
`FIG.
`138
`
`
`
`‘lertDetaiiJ/A
`:
`
`
`’5 AlertDetaiilD
`
`
`
`
`.
`3
`
`«Microsoft Access - [Relationships]
`[i-Eile Edit yiew Beiationships Iools window i_-i_elp
`--—I-[§l
`
`
`
`SmartCardTypeIl
`
`WSmartcardDefID
`
`
`Type
`[#3me
`lSJmarcticardl'EIJJ
`
`We
`ser
`roup
`
`1% Code
`SmartCardDetID
`
`
`
`
`
`
`
`ertificationlD
`UserGrouplD
`
`CertificateDetlD
`
`
`
`
`Organization Unit
`CertificateAuthoritle
`
`External
`Type
`
`KeyType
`
`SignatureType
`
`Expiration
`
`
`
`CertificateDeflD
`
`Common Name
`
`SeriaINumber
`
`
`WC
`
`
`
`
`
`CertificateParamlD
`
`CertificateParamDefII
`:'
`
`Value
`
`Group
`
`User
`
`
`Description
`
`
`IFieady
`
`El.
`
`Petitioner Apple Inc. - EX. 1020, p. 15
`
`Petitioner Apple Inc. - Ex. 1020, p. 15
`
`
`
`U.S. Patent
`
`Jun. 18, 2002
`
`Sheet 14 0f 31
`
`US 6,408,336 B1
`
`‘7
`l
`FFIOMF
`FIG.
`13A}
`r
`1 ,Alert'S‘chedulesQ
`.
`1_-_ AlertSchlD
`.
`UserGrouplD
`1
`Days
`.
`Start Time
`I
`End Time
`
`E
`5
`51 1,1325
`:
`5
`:
`
`_ '2?
`—
`
`A
`1:]
`
`1309
`
`1 1UserGroups%
`—~ UserGrouplD
`Group Name
`Description
`Pre-defined
`\
`‘309
`
`1313
`
`Windowsl0%
`WindowslD
`m UserGrouplD
`r“ WindowsDeflD
`
`1305
`
`1310
`
`1303
`
`1307
`“semen; %
`°° ParentUserGroup
`w ChildUserGroupID }
`k_~__w—_i
`1303
`
`1 ___________________________
`1
`
`1 1
`
`IPRanges7/// lPRangeID
`0°
`I
`UserGrouplD W E
`
`l——l lPRangeDe?D
`
`5
`
`1_30_1
`
`l
`I
`
`|
`
`1
`
`|
`
`|
`
`|
`
`INUMI
`
`a
`F|g.13B
`
`.
`
`D
`
`Petitioner Apple Inc. - Ex. 1020, p. 16
`
`
`
`US. Patent
`
`Jun. 18, 2002
`
`Sheet 15 0f 31
`
`US 6,408,336 B1
`
`926_.§
`
`8:95me
`
`25mm
`
`nmccmuém
`
`3mzo$535
`
`
`
`3wmzo_mE$xmmt:2mmenu<mzmcm
`
`252“2:25
`
`52%56¢
`
`.9562m
`
`cacaoHz
`
`2n_>37.5
`
`geommfix
`
`982:5
`
`3525
`
`um=eEooEnxm
`
`062
`
`022
`
`55298550
`
`3:88?me
`
`coitomoo
`
`92:23
`
`9628
`
`25mm
`
`EEoEumozm
`
`mchweom
`
`95:8
`
`925
`
`SEEEomo2:
`
`__§-m9830
`
`asewmosommmeemm EEmcoEmE
`
`mvcmemmngoémesomwx
`
`
`
`QEoEmmscammm
`
`oaaewmeaommm
`
`oEoemmmgm
`
`2;EmEmm
`
`9850me
`
`o_8_amm
`
`032908.50mmm230
`
`.$82c8292?
`
`Petitioner Apple Inc. - EX. 1020, p. 17
`
`Petitioner Apple Inc. - Ex. 1020, p. 17
`
`
`
`US. Patent
`
`Jun. 18, 2002
`
`Sheet 16 0f 31
`
`US 6,408,336 B1
`
`030C._.§
`
`8:95me
`
`2500
`
`umccmuém
`
`F\\\Ememmgm
`
`
`EEoEumsfi
`
`33EmeE
`
`92m
`
`962mm8
`
`
`
`msmcmmmmzofiEmFxmFmmeuu<
`
`
`
`amwzo.255mV93:.
`
`£59226
`
`EmEmmmszEmmmozotmmFQSEmm
`9255255mF\\\\\\\\\§
`armammqiummUu.Fgwsmm
`
`0.628F
`
`955985.“.\_
`
`._mg.m.2
`
`
`
`
`
`9m:285328HmaEmcoszm26$:3gmfl:
`
`
`
`mafimcoEmE.mmmoo<
`
`
`
`mEmzBEBE
`
`83%56¢
`
`62%2m
`
`
`
`EmEoo._.z
`
`382
`
`zm>mums
`
`390mmme
`
`282:5
`
`_mEch_
`
`8:280:86
`
`052
`
`022
`
`8529853
`
`
`
`muEmmBabocm
`
`tom
`
`ozmomuEmm8
`8:95me
`
`953mm
`
`25mm
`
`\E3
`
`chmzseoimni
`
`
`
`__m_2-m9830
`
`8:95me
`
`258
`
`9893:.
`
`D_Fmouo_>._mm
`
`.6385
`
`2.82
`
`8?
`
`Petitioner Apple Inc. - EX. 1020, p. 18
`
`Petitioner Apple Inc. - Ex. 1020, p. 18
`
`
`
`U.S. Patent
`
`Jun. 18,2002
`
`Sheet 17 0f 31
`
`US 6,408,336 B1
`
`[f6
`J'FIG.
`116B
`
`lkMiorosott Access - [Relationships]
`@503 gm view Belationships Iools window _H_eip
`M16915 molar Ra moPoiiiglxi???viml _
`PoticiesAccess%l
`PolicylD
`UserGroupID
`ResourceGrouplD
`Policy
`Active
`Pre-defined
`Expires
`Status
`Comments
`
`UserGrouptD
`GroupName
`Description
`Pre-deiined
`
`1
`
`[tiserGroupiW i
`UserGrouplD
`Group Name
`Description
`Pre-detined
`k1309
`
`E
`I
`
`PoliciesAdminister
`PolicylD
`UserGrouplD
`SubjectType
`UserGroupiD2
`HesourceGrouplD
`SitelD
`ServeriD
`ServicelD
`f
`1613 /p FtesourcelD
`'
`Policy
`Active
`Pre-defined
`Expires
`Status
`Comments
`
`I
`
`;
`
`E
`:
`‘
`:
`1
`
`PoliciesPolicyMaker
`PolicylD
`UserGrouplD
`HesourceGrouplD
`Policy
`Active
`Pre-deiined
`Expires
`Status
`Comments
`
`:
`E
`
`ResourceGroupII
`Name
`Description
`Pre-deiined
`
`I
`
`l
`
`<11
`[Ready
`m
`
`Fig. 16A
`
`Petitioner Apple Inc. - Ex. 1020, p. 19
`
`
`
`U.S. Patent
`
`Jun. 18,2002
`
`Sheet 18 0f 31
`
`US 6,408,336 B1
`
`7
`ResourceGroupElements?
`I
`ResGroupElementlD
`“1407
`'
`ElementType
`l-i ResourceGrouplD
`ServicelD
`ResourcelD
`
`8
`
`8
`
`ID
`-
`
`Name
`Description
`l
`Details
`Pre-deiined
`l
`Enable Address to
`E lernal DNS Ser
`lniernal DNS Ser
`l
`l
`
`l
`
`Re$°u"¢e$7////////?
`ResourcelD
`Name
`ServicelD
`Type
`Description
`Delails
`TrustDeflD
`1 ‘ MW Hide From intranet
`u §érverS%//////////%
`ServicelD
`Owners E-mail
`ServerlD
`Name
`T\_‘ Description
`1
`\1409
`NT Domain
`ServiceDeilD
`lnlernet Name
`°° ServerlD
`Policy Server
`Delails
`Site Sewer
`Encrypted Service
`internal
`Port
`Inside VPN
`Wildcard
`KeyEscrow
`ExponConlrolled
`NSlD
`MKlD
`CertificateAuthoritylD
`K1417
`
`\
`1413
`
`4 l
`
`I
`
`lNUMl
`
`I
`
`l
`l
`Fig. 165
`
`l
`
`Petitioner Apple Inc. - Ex. 1020, p. 20
`
`
`
`US. Patent
`
`Jun. 18, 2002
`
`Sheet 19 0f 31
`
`US 6,408,336 B1
`
`«Microsoft Access- [Relationships]
`|l-' {file Edit y_iew Relationships_Tools Window Help
`
`Ifo
`. FIG
`[178
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Predefined
`Arguments
`
`
`AttachedNetwork
`ServerlD
`External
`
`Intertace
`IP Address
`Mark
`Bandwidth
`NetworkDetlD
`
`.
`E
`
`DefaultAlert Cond AlertCondition/,
`
`
`AlertCondID
`AIertCondID
`!
`1417
`
`UserGrouplD
`
`matte
`W1 -
`
`
`
`MedSevTh
`LowSevTime
`335;?”
`I
`
`
`
`
`
`MedSevTime
`NT Domain
`MedSevTh
`'
`
`HISevTh
`MedSevTime
`Internet Name
`I
`
`
`
`
`HISeVTh
`HISevTime
`PoIic Server
`'
`
`
`
`Site game,
`HlSevTime
`ConditionID
`I
`
`
`
`Internal
`ConditionlD
`'
`
`
`HoutingTabl- ///A 1
`WSQGPN
`l
`
`
`
`KeyEscrow
`E
`./
`RoutingTabIelD
`
`
`
`R990” /////////A
`ExportControIIed
`ServerID
`ReportID
`NSID
`Numpen
`
`ReportDele
`MKID
`DestInatIon
`
`ServerlD
`CertificateAuthor
`Gateway
`
`DIrectory
`W
`DiskSpaceLimit
`CaptureDataAt
` P
`ArgumentsZ Description
`
`‘
`
`;
`:
`
`Petitioner Apple Inc. - EX. 1020, p. 21
`
`Petitioner Apple Inc. - Ex. 1020, p. 21
`
`
`
`US. Patent
`
`Jun. 18, 2002
`
`Sheet 20 0f 31
`
`US 6,408,336 B1
`
`FROM
`FIG. 17A
`
`lib
`'FlG. 17c
`
`Prox Parameters .
`ProxyParamlD
`ServerlD
`ProxyParamDeflD
`
`1.1.2
`
`
`
`
`
` ServiceID
`Description
`
`ServiceDeilD
`
`ServerlD
`Details
`
`
`
`Encrypted Service
`
`
`
`PointToPointlD
`
`SourceServerlD
`
`
`
`Port
`
`
`Strength
`
`‘
`-
`I
`
`ResourcelD
`Name
`ServicelD
`
`Type
`Description
`Details
`TrustDellD
`Hide From Intranet
`Owners E-mail
`
`1409
`
`ServiceDefinition
`
`SerwceDerID
`Name
`Protocol
`Description
`IP Type
`Port
`Proxied
`
`ProxyDeilD
`Addressable Reso
`
`Encrypted
`Details
`
`Pre-detined
`
`.
`'- --------------------------------------------
`
`:
`
`TrustAuthentications
`AuthenticationlD
`Label
`Authentication
`Strength
`Description
`
`TrustEncryptions 4
`EncryptionlD
`Label
`
`Encryption
`
`Export
`Descri - tion
`
`Fig. 178
`
`i_
`
`Petitioner Apple Inc. - EX. 1020, p. 22
`
`Petitioner Apple Inc. - Ex. 1020, p. 22
`
`
`
`US. Patent
`
`Jun. 18, 2002
`
`Sheet 21 0f 31
`
`US 6,408,336 B1
`
`ProxyParamDetlD
`ProxyDetlD
`Name
`
`Description
`
`Default Value
`Global
`
`Requhed
`
`Prox Definitions
`
`ProxyDetlD
`Name
`
`Description
`Type
`RecordType
`Details
`Pre-deflned
`Parameters Numb
`
`KeyEscrowAgent
`
`g
`
`KeyEscrowAgen A
`
`Petitioner Apple Inc. - EX. 1020, p. 23
`
`Petitioner Apple Inc. - Ex. 1020, p. 23
`
`
`
`US. Patent
`
`Jun. 18, 2002
`
`Sheet22 0f31
`
`US 6,408,336 B1
`
`now_.
`
`we?
`
`:3
`
`mg
`
`mg3gm
`
`528E:2:u“8SEESEB:9:
`
`
`
` 32%EE8I262HatH8228$9:".6205
`
`83:33
`
`
`
`
`
`38:88.93mccmmcaco.2
`
`.325gmmcozmocsoaw
`
`.cozficmEBS
`
`-m mmfi<H4
`mmHmOImDmmm=>>Vmw>>0mm<zA
`6cmm_2:;0%macEm2058%6:$0582-mmgm__<Wm
`
`82$3ma:was;.u--m
`
`32Mags.fl.
`
`
`Egg;-HEwEqua;
`
` -Iwe?)255:555;-E8dogsoxm_§>>.nr-m
`
`.__.Engo.T-II
`
`-E2558226...“
`3:25.--H552$;
`
`mom:
`
`mom_.
`
`Petitioner Apple Inc. - EX. 1020, p. 24
`
`Petitioner Apple Inc. - Ex. 1020, p. 24
`
`
`
`
`US. Patent
`
`Jun. 18, 2002
`
`Sheet 23 0f 31
`
`US 6,408,336 B1
`
`WDB1903(a,i)
`
`WDB1903(a,j)
`
`AF203(a)
`
`MASTER POLICY
`
`MGR. 2i
`
`PCS
`MESSAGES 1909
`
`MDB
`
`1905(a
`
`LDB
`
`1907(a)
`
`PCS MESSAGES 1909
`
`WDB19030,1)
`
`WDB1903(i,j)
`
`2030)
`
`ISDB MGR.
`
`1.9.11
`
`ADMW.
`GUI 1_91_5
`
`O
`
`O
`
`O
`
`O
`
`WORKSTATION
`1m3
`
`
`
`
`o
`
`o
`
`o
`
`0
`
`MDB
`19050)
`
`LDB
`19070)
`
`E
`
`Fig. 19
`
`Petitioner Apple Inc. - EX. 1020, p. 25
`
`Petitioner Apple Inc. - Ex. 1020, p. 25
`
`
`
`US. Patent
`
`Jun. 18, 2002
`
`Sheet 24 0f 31
`
`US 6,408,336 B1
`
`mm_x0mn_
`
`Sow
`
`mmom
`
`mickm2
`
`.ZmEOH
`
`«.3mo_>mmm1-:
`
`asias“;
`
`Fommmwom
`
`
`
`E3:52mosmmmmo
`
`£58523:“.omm<ImEm?do;
`
`
`
`.IOZDEwEoBmmaWWmEonm
`mmm<m<k<o
`
`IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII
`
`$1508
`
`3%m2$52883m#21
`
`
`
`mzoEEmg88'38
`
`
`
`
`
`Zm>\2<>>\._.m_zmm_._.z_mmm>mmw25mHijoz<._.
`CommeowRoomON.0?”-
`
`-m_xm_mm::-n§m_mw5:IETEE
`
`
`n:EInca&lgI%IE28
`
`1-
`
`N
`
`cm.
`
`2.0m
`
`a852
`
`$8m288
`
`Petitioner Apple Inc. - EX. 1020, p. 26
`
`Petitioner Apple Inc. - Ex. 1020, p. 26
`
`
`
`
`
`
`
`US. Patent
`
`Jun. 18,2002
`
`Sheet 25 0f 31
`
`US 6,408,336 B1
`
`POINTER
`
`GROUP
`
`ID LIST
`
`GROUP ID
`
` CMC
`
`
`
`
`
`
`2mg
`
`2_1_1_1
`
`21131
`
`2113InI
`
`
`
`
`
`
`
`DATA
`
`2105
`
`2115
`
`GROUP ID
`
`DB CERTIFICATES BY
`
`USER GROUP FILE 2101
`
`230
`
`Fig. 21
`
`Petitioner Apple Inc. - EX. 1020, p. 27
`
`Petitioner Apple Inc. - Ex. 1020, p. 27
`
`
`
`US. Patent
`
`Jun. 18, 2002
`
`Sheet26 0f31
`
`US 6,408,336 B1
`
`
`
`mammwmm
`
`|8Nm%Imamea.99o:2<axB<§EaEa5x20mzovimmzm0%.5%Ex0%
`
`
`
`mEMSOmommmmofix12mw$0511..56
`
`
`
`
`8mmawn/E:zo_._.<o:.2mIS<5mmmw<wmm2
`
`
`
`mm.5
`
`omEEozm
`
`95:5
`
`Em
`
`
`
`gmo<mmm212m
`
`Petitioner Apple Inc. - EX. 1020, p. 28
`
`2%$3:mmmm
`
`
`
`
`Petitioner Apple Inc. - Ex. 1020, p. 28
`
`
`
`US. Patent
`
`Jun. 18, 2002
`
`Sheet 27 0f 31
`
`US 6,408,336 B1
`
`
`
`MMFFiIeName
`
`
`
`File
`2303
`
`_ Policies, User Groups, and Information Sets
`
`2.3%
`
`
`
`2 07 Describes policy application from the User Group viewpoint.
`DBUsersFile
`
`
`—— Maps each DB UserGrouplD to a list of ResourceGrouple with
`
`
`flags that indicate whether the policy that relates each pair is an
`
`
`allow or deny policy.
`Describes the user groups tree as a flattened array. Maps each
`
`
`DB UserGroup ID to a list of UserGroupiDs for parent user
`groups
`
`Describes policy application from the Resource Group (informa-
`
`tion set) viewpoint. Maps each DB ResourceGroupID to a list
`
`of UserGroupIDs with flags that indicate whether the policy that
`
`
`relates each pair is an allow or deny policy.
`
`
`Describes the resource groups tree as a flattened array. Maps
`
`
`
`each DB ResourceGrouplD to a list of ResourceGrouple for
`
`parent information sets.
`— User Identification Information
`2 11
`
`IP Ranges data. Maps from IPRangeDele to the IP range data.
`DBIPRangesFile
`
`DBDomainsFile
`IP Domain data. Maps from DomainDele to the IP domain data.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`DBUsersTreeFile
`
`
`
`DBResourcesFile
`
`230
`
`(.0
`
`DBResourcesTreeFile
`
`DBCertificatesFile
`
`DBWindowsIDFile
`
`Certificate data. Maps from CertificateDele to the certificate
`data.
`
`Windows ID data. Maps from WindowDele to the windows ID
`data.
`
`DBSmartCardlDFile
`
`Smart card (authentication token) data. Maps from Smartcard-
`Dele to the authentication token data.
`
`DBIPRangesByUserGroup
`File
`
`Relates IP range matching criteria to user groups. Maps from IP
`Range data to UserGroupIDs.
`
`DBDomainsByUserGroup
`File
`
`Relates IP domain matching criteria to user groups. Maps from
`IP Domain data to UserGroupIDs.
`
`DBCertificatesByUserGroup Relates certificates to user groups. Maps from certificate data
`File
`to UserGroupIDs.
`21m
`
`DBWindowsIDByUserGroup Relates Windows IDs to user groups. Maps from Windows ID
`File
`data to UserGroupIDs.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Relates Smart Card (authentication token ) data to user groups.
`DBSmartCardlDByUser
`Maps from authentication token data to UserGrouple
`GroupFile
`
`
`El
`
`Fig. 23A
`
`Petitioner Apple Inc. - EX. 1020, p. 29
`
`Petitioner Apple Inc. - Ex. 1020, p. 29
`
`
`
`US. Patent
`
`Jun. 18, 2002
`
`Sheet 28 0f 31
`
`US 6,408,336 B1
`
` _ Sewers, Services, and information Resources
`
`DBResourcesBySewerlDFiIe
`Relates sewers to resources Maps from SewerIDs2to
`
`
`
`
`ResourceiDs for resources held on the server identified
`by the ServerID.
`
`
`
`Relates sewices to resources. Maps from Sewicele to
`DBResourcesBySewicelDFile
`Resourcele for resources belonging to the service identified
`
`by the SewiceiD.
`
`DBResourcelDBySewicelDFiIe
`
`Relates SBI‘VICGS to theIrIntormatIon resources. Maps from
`SewicelD to ResourcelD.
`
`DBResourcelDByNameFile
`_2__315
`
`Relates thelP names(()URLs of resources to resource IDs
`Maps from URL to resource ID.
`
`
`
`
`DBResourcesByResourcelDFile
`Relates resources to InformatIon sets Maps ResourcelD to
`2__317
`Resource Grouplds
`
`— Sewers, Sewices, IP Information, and Proxies22139
`
`DBServerIDBylPFile
`Relates IP addresses to sewers. Maps IP addresses to
`
`Sewerle.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`DBSewerlDByNameFile
`
`DBlPAndTypeBySewerlDFite
`
`Relates IP names to sewers. Maps the IP FQDN((fully quali-
`
`fied domain name)l)or each sewer to its SewerlD
`
`
`
`Relates sewers to their locations inside or outside to the VPN.
`Maps SewerlD to the sewer‘s IP address and a flag indica-
`
`ting whether the address is inside or outside the VPN.
`
`DBSewicelDByPortFile
`
`Relates sewices to their port numbers. Maps from SewicelD
`to port number.
`
`DBSewicelDBySeweriDFile
`
`Relates sewers to ports for sewices. Maps from SewerlD to
`a list of port numbers.
`
`DBSewicePortToProxyPortFile
`
`Relates sewice ports to the ports for their proxies. Maps from
`sewice port number to proxy port number.
`
`DBProxleBySewerIDFile
`
`Relates sewers to sewice proxies. Maps from SewerlD to
`ProxyDellD.
`
`DBProxyParametersFile
`
`Relates proxies to configuration data for the proxies. Maps
`trom ProxyDetlD to options data
`
`Fig. 233
`
`Petitioner Apple Inc. - EX. 1020, p. 30
`
`Petitioner Apple Inc. - Ex. 1020, p. 30
`
`
`
`US. Patent
`
`Jun. 18, 2002
`
`Sheet 29 0f 31
`
`US 6,408,336 B1
`
`_ Access Filter Information gag
`DBAttachedNetworksByiPFile
`Relates network interfaces in the access filters to information
`for the interfaces. Maps from the interface's iP address to in-
`terface information.
`
`
`
`
`
`
`
`
`
`
`
`DBPointToPointFiie
`Relates a point-to-point description of a network path to data
`for the path. Maps from PointToPointlD for the path to the
`
`associated data.
`
`
`DBTrustTabieFiie
`implements the SEND table. Maps from TrustDefiD, indicating
`
`
`gag
`a trust level, to AuthenticationiDs for user identification tech-
`
`
`niques and EncryptioniDs for encryption techniques.
`
`DBCertificateAuthoritiesFile
`
`
`Relates identifiers for cerfiticate authorities to their data. Maps
`from CertificateAuthoritle to associated data.
`
` DBTrustAuthenticationsFiie
`Relates AuthenticationiDs to information about identification
`
`techniques. Maps from AuthenticationiD to identification
`technique information.
`
` DBTrustEncryptionsFiie
`Relates EncryptioniDs to information about encryption tech-
`niques. Maps from EncryptionlD to encryption type and
`strength information.
`
`
`
`
`
`DBAttachedNetworksByServer
`lDFiIe
`
`Relates access filters to their network interfaces. Maps from
`ServerlD for the access filter to interface information.
`
`DBRoutingTableFiie
`
`Describes the IP routing information for all of the access filters.
`One block of information.
`
`DBRoutingTabieByServerlDFiie
`
`Relates access filters to their iP routing information. Maps
`from ServeriD for the access filter to iP routing information.
`
`DBJavaSiteTabie
`
`Maps from names of locations to LocationiDs.
`
`DBJavaResourceTable
`
`Maps from URLs of resources to their ResourceiDs,
`LocationiDs, and hidden flags.
`
`DBJavaResourcesSetTabie
`
`
`Maps from names of information sets to ResourceGrouple,
`a list of ResourceiDs for all resources contained in the
`information set, and a list of ResourceGroupsiDs for all of the
`information set's parents.
`
`Fig. 23C
`
`Petitioner Apple Inc. - EX. 1020, p. 31
`
`Petitioner Apple Inc. - Ex. 1020, p. 31
`
`
`
`US. Patent
`
`Jun. 18, 2002
`
`Sheet 30 0f 31
`
`US 6,408,336 B1
`
`2410
`
`2411
`
`2423
`
`2421
`
`2419
`
`APPLE
`
`D.___B301
`M 2422
`
`
`WebP - I'm},
`
`"""" 2424 -
`WebS
`
`ACCESS FILTER 203(0)
`
`SERVICES 2425
`
`iSERVICEPROXIES2427
`
`IPFILTER
`
`2417
`
`
`3—1
`
`
`
`
`LOCAL
`ACCESS
`
`FILTER 203(1)
`
`-—- 12425
`”—
`
`lNTRA-MAP
`DlSPLAY
`18°
`
`2403
`
`—‘ 1
`
`LIST
`2431
`
`"
`LAN 213
`
`2409
`o o o o o
`
`O O O O O
`‘ 2413
`415
`
`F 2
`
`WEB BROWSER
`2429
`
`2411
`2401
`__
`
`L
`
`['0A O .4
`
`Fig. 24
`
`Petitioner Apple Inc. - EX. 1020, p. 32
`
`Petitioner Apple Inc. - Ex. 1020, p. 32
`
`
`
`US. Patent
`
`Jun. 18, 2002
`
`Sheet 31 0f 31
`
`US 6,408,336 B1
`
`2503
`
`
`
`SECURWY
`
`OFHCER
`
`USERGROUP
`
`
`
`POUCY
`MAKER
`
`POUCY
`
`2515
`
`
`
`POLICY
`ENGINEER-
`ING ADMIN
`MAKER
`..............
`
`
`POUCYFOR
`
`
`
`ENG.DATA
`
`
`
`gfl
`
`ADMINISTRATIVE
`POLICY: —_..
`
`POLICY MAKER
`POUCY:
`............. _
`
`ACCESS
`POLICY: _____ +
`
`Fig. 25
`
`Petitioner Apple Inc. - EX. 1020, p. 33
`
`Petitioner Apple Inc. - Ex. 1020, p. 33
`
`
`
`US 6,408,336 B1
`
`1
`DISTRIBUTED ADMINISTRATION OF
`ACCESS TO INFORMATION
`
`CROSS REFERENCE TO RELATED PATENT
`APPLICATIONS
`
`The present patent application claims priority from the
`provisional applications No. 60/093,542, Schneider, et al.,
`Distributed Network Security, filed Mar. 10, 1997, and No.
`60/040,262, Schneider, et al., Secure Electronic Network
`Delivery, also filed Mar. 10, 1997. The present patent
`application is further one of four patent applications that
`have the same Detailed Description and assignee as the
`present patent application and are being filed on the same
`date. The four applications are:
`US. Ser. No. 09/034,507, David Schneider, et al., Dis-
`tributed administration of access to information;
`U.S. Ser. No. 09/034,503, David Schneider, et al., User
`interface for accessing information, now abandoned;
`U.S. Ser. No. 09/034,576, David Schneider, et al., Secure
`delivery of information in a network, issued Jan. 23,
`2001 as US. Pat. No. 6,178,505; and
`US. Ser. No. 09/034,587, David Schneider, et al., Scal-
`able access filter, issued Aug. 15, 2000 as U.S. Pat. No.
`6,105,027, David Schneider, et al., Techniques for
`eliminating redundant access checking by access filters.
`
`BACKGROUND OF THE INVENTION
`
`1. Field of the Invention
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`The invention relates generally to control of access to data
`and relates more specifically to control of access to data in
`a distributed environment.
`
`2. Description of Related Art
`The Internet has revolutionized data communications. It
`
`35
`
`has done so by providing protocols and addressing schemes
`which make it possible for any computer system anywhere
`in the world to exchange information with any other com-
`puter system anywhere in the world, regardless of the
`computer system’s physical hardware, the kind of physical
`network it is connected to, or the kinds of physical networks
`that are used to send the information from the one computer
`system to the other computer system. All that is required for
`the two computer systems to exchange information is that
`each computer system have an Internet address and the
`software necessary for the protocols and that there be a route
`between the two machines by way of some combination of
`the many physical networks that may be used to carry
`messages constructed according to the protocols.
`The very ease with which computer systems may
`exchange information via the Internet has, however, caused
`problems. On the one hand, it has made accessing informa-
`tion easier and cheaper than it ever was before; on the other
`hand, it has made it much harder to protect information. The
`Internet has made it harder to protect information in two
`ways:
`It
`is harder to restrict access. If information may be
`accessed at all via the Internet, it is potentially acces-
`sible to anyone with access to the Internet. Once there
`is Internet access to information, blocking skilled
`intruders becomes a difficult technical problem.
`is harder to maintain security en route through the
`Internet. The Internet
`is implemented as a packet
`switching network. It
`is impossible to predict what
`route a message will take through the network. It is
`further impossible to ensure the security of all of the
`
`It
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`switches, or to ensure that the portions of the message,
`including those which specify its source or destination,
`have not been read or altered en route.
`FIG. 1 shows techniques presently used to increase secu-
`rity in networks that are accessible via the Internet. FIG. 1
`shows network 101, which is made up of two separate
`internal networks 103(A) and 103(B) that are connected by
`Internet 111. Networks 103(A) and 103(B) are not generally
`accessible, but are part of the Internet in the sense that
`computer systems in these networks have Internet addresses
`and employ Internet protocols to exchange information. Two
`such computer systems appear in FIG. 1 as requestor 105 in
`network 103(A) and server 113 in network 103(b).
`Requestor 105 is requesting access to data which can be
`provided by server 113. Attached to server 113 is a mass
`storage device 115 that
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
