L´ ogicas temporales

1999 K Street, N.W., Suite 600 Washington, DC 20006

McKool 857145v3

UNITED STATES INTERNATIONAL TRADE COMMISSION WASHINGTON, D.C.

Before the Honorable E. James Gildea Administrative Law Judge

In the Matter of

CERTAIN DEVICES WITH SECURE COMMUNICATION CAPABILITIES,

COMPONENTS THEREOF, AND PRODUCTS CONTAINING THE SAME

Investigation No. 337-TA-858

JOINT TECHNOLOGY STIPULATION

BACKGROUND TECHNOLOGY

1. The technology in this case generally relates to secure communications, such as secure communications over public networks, such as the Internet.

2. A computer network is a group of two or more computers that are connected to one another. Companies often create their own private networks so that employees can share information and devices. For example, fictional company, National Bank, may create a private network on the corporate campus of one of its branch offices. Computers on this network can share information such as messages from one employee to another

3. The Internet is a global, public computer network. The Internet is “public” because access to it is generally unrestricted.

4. National Bank may have more than one private network, and its private networks may be geographically separated. It would be desirable for National Bank to connect its own private networks without having to build its own third private network between them. National

McKool 857145v3

2

Bank would like to be able to use the public Internet to connect its own private networks--as long as communications sent over the public Internet would be protected.

5. Routers are devices that direct communications, within the Internet. Firewalls are devices or software that protect networks from unauthorized communications.

6. Information is transmitted over the Internet in packets. An IP packet has multiple parts, most notably a header and a payload. The header contains the address of the packet source as well as the address of the packet’s destination.

7. An IP address consists of four numbers separated by periods. For example, the IP address of a computer in National’s West branch network could be 207.41.16.68 and a computer in National’s East branch network could be 112.9.23.1.

8. The payload of an IP packet may contain at least a piece of a message to be transmitted. A single message, however, might be divided among several packets, and each packet might follow a different path to its destination, depending upon such factors as network traffic. Transmitting IP packets over the Internet is similar to that of the postal service, in which an envelope has a destination address and return address on its front, and a message (i.e., a payload) inside.

9. The process of routing the packets over the Internet is called “packet switching.” To make efficient use of the network, packet switching allows a message, such as “approve Mr. Smith’s loan,” to be divided into three pieces and placed into three packets. The individual packets are then sent over the network from a source computer to a destination computer through intermediate devices, such as routers, of the Internet. The payload of the packets is reassembled at the destination computer, to recreate the original message.

McKool 857145v3

3

10. In addition to IP addresses, communications on the Internet also utilize port numbers.

11. A device may have at least one IP address that is used to route messages and other data over the Internet. Domain names, such as www.google.com make it to where users do not have to remember IP addresses. For example, a computer on National’s West Branch with IP address 104.51.12.112 may be reached using the domain name www.west.national.com while the computer on National’s East Branch with IP address 112.9.23.1 may be reached using the domain name www.east.national.com.

12. A domain name system (DNS) makes it easy for users to obtain a target’s IP address. World Wide Web users can access web pages by typing in domain names; the typed-in names are sent to a domain name server that contains lookup tables that relate an IP address to a particular domain name. DNS’s are used because computers and routers on the Internet only know how to send packets using IP addresses, not domain names.

13. A user can use the domain name system to access a web page associated with a particular domain name. First, the user types information that contains a domain name into a browser’s address bar. For example, the user wants to access the webpage for National Bank East and types in www.east.national.com. This domain name is sent to a DNS server, and the DNS server looks up the domain name www.eastnational.com. The DNS server then returns the IP address for www.east.national.com – 112.9.23.1 – to the user’s computer. Using that IP address, a request for the web page is sent from the user’s computer to the computer at National Bank East having the address 112.9.23.1. The computer at National Bank East responds with the requested web page. Finally, the browser displays National Bank East’s website on the user’s computer.

McKool 857145v3

4

14. Publicly accessible networks, such as the Internet, may allow the security of the communications between two computers to be compromised in that strangers can “eavesdrop” on communications. For example, if National Bank’s East Network communicates with National Bank’s West Network over the Internet and no special precautions are taken, an eavesdropper can read the information contained in the packets. Encryption is a security measure that protects the payload of IP packets, making them secure from eavesdropping. For example, financial information sent over the Internet between a computer at National West and a computer at National East may be encrypted so that even if it is intercepted, it cannot be deciphered. However, the header information of the packet – including the identity information, or IP addresses, of the communicating computers – may still be visible.

15. Security measures can be employed to protect the identity of two communicating computers. For example, the header information may be altered so that someone who intercepts a packet between a computer at National West and a computer at National East will not be able to tell the actual source or destination of the packet. National bank may wish to ensure anonymity if, for example, they do not want third parties to know about increased communications between computers on their branches before a potential acquisition or financial disclosure.

THE PATENT-IN-SUIT

16. The Asserted Patent in this Investigation is U.S. Patent No. 8,051,181 (“the ‘181 patent”).

17. The ‘181 patent is a continuation of U.S. Patent No. 7,188,180. See Ex. 5 [App. Data Sheet] at 2. U.S. Patent No. 7,188,180 is a division of application No. 09/558,209, filed on April 26, 2000, now abandoned, which is a continuation-in-part of application No. 09/504,783,

McKool 857145v3

5

filed on February 15, 2000, now U.S. Patent No. 6,502,135, which is a continuation-in-part of application No. 09/429,643, filed on October 29, 1999, now U.S. Patent No. 7,010,604. See Ex. 1 [‘181 patent]. U.S. Patent No. 7,010,604 claims priority to provisional application No. 60/106,261, filed October 30, 1998, and provisional application No. 60/137,704, filed June 7, 1999. See Ex. 1 [‘181 patent].

18. The ‘181 patent is entitled “METHOD FOR ESTABLISHING SECURE COMMUNICATION LINK BETWEEN COMPUTERS OF VIRTUAL PRIVATE NETWORK.”

19. The ‘181 patent is directed to a system that facilitates the transparent creation of a secure communication link between two devices communicating over the Internet.

20. The '181 patent teaches a method for establishing a secure communication link between a first computer and a second computer over a computer network, such as the Internet.

21. In one embodiment, a secure communication mode is enabled at a first computer without a user entering any cryptographic information for establishing the secure communication mode of communication, preferably by merely selecting an icon displayed on the first computer. Alternatively, the secure communication mode of communication can be enabled by entering a command into the first computer.

22. When the first computer enters the secure communication mode, in one scenario the first computer sends a query to a secure domain name service (SDNS) requesting a network address associated with a secure domain name associated with the second device.

23. In this same scenario, the SDNS can contain a database of secure domain names and their corresponding network addresses. In an embodiment described in the specification of the ‘181 patent, the SDNS determines the network address for the secure domain name of the

McKool 857145v3

6

second computer and sends the network address to the first computer. See, for example, the ‘181 patent, 51:26-29.

24. By further example, a secure communication link is provisioned between the first and second computers, at the network address returned by the SDNS. In an embodiment described in the specification of the ‘181 patent, the SDNS, which may include gatekeeper functionality, determines the network address of the secure domain name. In this same embodiment, the gatekeeper functionality provisions a secure communications link between the first and second computers.

25. The specification of the ‘181 patent describes an embodiment in which the secure communication link is implemented as a VPN.

Dated: February 19, 2013 Respectfully submitted,

MCKOOL SMITH, P.C.

By: /s/ Benjamin Levi Douglas Cawley

Mark Mathie Ivan Wang

Stacie L. Greskowiak MCKOOL SMITH P.C.

300 Crescent Court, Suite 1500 Dallas, TX 75201 Telephone: (214) 978-4000 Telecopier: (214) 978-4044 [email protected] Benjamin Levi Robert A. Auchter Kent Stevens Brandon Jordan MCKOOL SMITH P.C. 1999 K Street, N.W., Suite 600 Washington DC 20006 Telephone: (202) 370-8300 Telecopier: (202) 370-8344 [email protected]

McKool 857145v3 7 /s/ Jason Cassady ____ Bradley W. Caldwell Jason D. Cassady J. Austin Curry

Caldwell, Cassady & Curry

17 SEVENTEEN McKinney, Suite 700

Dallas, TX 75202

Telephone: (214) 810-4705

[email protected] Counsel for Complainant VirnetX, Inc. By: /s/ Donald Urrabazo ____

Donald Urrabazo Arturo Padilla Joon Song

Ronald Wielkopolski URRABAZO LAW,P.C.

2029 Century Park East, 14th Floor Los Angeles, CA 90067 Direct: (310) 388-9099 Telecopier: (310) 388-9088 Email: [email protected] [email protected] [email protected]

Counsel for Complainant Science Applications International Corporation By: /s/ Marcia Sundeen ______

Marcia H. Sundeen

KENYON &KENYON LLP

1500 K Street, N.W. Washington, DC 20005 Telephone: (202) 220-4200 Fax: (202) 220-4201 Email: [email protected] [email protected] Megan Olesek Michelle McLeod Kenyon & Kenyon LLP

1801 Page Mill Road, Suite 210 Palo Alto, CA 94304-1216 Telephone: (650) 384-4700 Fax: (650) 384-4701

McKool 857145v3 8 Danny L. Williams Terry D. Morgan Ruben S. Bains Christopher N. Cravey Kyung Kim Scott Woloson Richard Groseclose

Williams, Morgan & Amerson, P.C. 10333 Richmond, Suite 1100 Houston, TX 77042

Telephone: (713) 934-7000 Fax: (713) 934-7011

Email: [email protected] Counsel for Respondent Apple Inc.

McKool 857145v3

CERTIFICATE OF SERVICE

I hereby certify that a copy of the foregoing was served as indicated, to the parties listed below, on February 19, 2013:

The Honorable Lisa R. Barton Acting Secretary

U.S. INTERNATIONAL TRADE COMMISSION 500 E Street, S.W., Room 112-A

Washington, D.C. 20436 (VIA ELECTRONIC FILING)

The Honorable E. James Gildea Administrative Law Judge

U.S. INTERNATIONAL TRADE COMMISSION 500 E. Street, S.W. Room 317-E

Washington, D.C. 20436

(VIA HAND DELIVERY – 2 copies)

Sarah Zimmerman

Kenneth Schopfer

Attorney Advisors to Honorable E. James Gildea [email protected]

[email protected] (VIA EMAIL)

Counsel for Complainant Science Applications International Corporation

Donald Urrabazo Arturo Padilla Joon Song

Ronald Wielkopolski URRABAZO LAW, P.C.

2029 Century Park East, 14th Floor Los Angeles, CA 90067 Direct: (310) 388-9099 Telecopier: (310) 388-9088 Email: [email protected] [email protected] [email protected] (VIA EMAIL)

Counsel for Respondent, Apple Inc.

Marcia H. Sundeen KENYON & KENYON LLP 1500 K Street, N.W. Washington, DC 20005 Telephone: (202) 220-4200 Telecopier: (202) 220-4201 Email: [email protected] [email protected] [email protected] (VIA EMAIL) /s/ Kathryn Reinke Kathryn Reinke Paralegal MCKOOL SMITH P.C. 1999 K Street, N.W., Suite 600 Washington, DC 20006