Unified Patents Inc. v. Plano Encryption Technologies, LLC, IPR2016-01644, Paper 1 (Aug. 31, 2016) (Petition)

Paper No.
__
Filed: August 31, 2016
Filed on behalf of Unified Patents Inc.

By:
P. Andrew Riley
James D. Stein
Finnegan, Henderson,
Farabow, Garrett & Dunner, L.L.P.
901 New York Avenue, NW
Washington, DC 200014413
Telephone: 202-408-4266
Facsimile: 202-408-440
Email: Plano983IPR@finnegan.com
Jonathan Stroud
Unified Patents Inc.
1875 Connecticut Ave. NW, Floor 10
Washington, D.C., 20009
Telephone: 650-999-0899
UNITED STATES PATENT AND TRADEMARK OFFICE
BEFORE THE PATENT TRIAL AND APPEAL BOARD
UNIFIED PATENTS INC.,

Petitioner
v.
PLANO ENCRYPTION TECHNOLOGIES, LLC,
Patent Owner
IPR2016-01644
U.S. Patent 6,466,983 B1
SYSTEMS AND METHODS FOR CONTROLLING ACCESS
TO DATA MAINTAINED IN A REPOSITORY
PETITION FOR INTER PARTES REVIEW
OF CLAIMS 1-4, 6, 7, 9, and 10
UNDER 35 U.S.C. 312 AND 37 C.F.R. 42.104
U.S. Patent 6,466,983 B1

IPR2016-01644, Petition for Inter Partes Review
Table of Contents
I. MANDATORY NOTICES .................................................................................1
A. Real Party-in-Interest........................................................................................1
B. Related Matters .................................................................................................1
C. Counsel .............................................................................................................1
D. Service Information, Email, Hand Delivery, and Postal ..................................1
II. Certification of Grounds for Standing .................................................................2
III.
Overview of Challenge and Relief Requested .................................................2
A. Prior Art Patents and Printed Publications .......................................................2

B. Grounds for Challenge .....................................................................................3
IV.
Technology Background ..................................................................................3
V. Overview of 983 patent ......................................................................................7

A. Summary of the Alleged Invention ..................................................................7
B. Level of Ordinary Skill in the Art ..................................................................11
C. Prosecution History ........................................................................................12
VI.
Claim Construction .........................................................................................14
A. Forresta........................................................................................................14
B. Fragment[s] .................................................................................................15
C. means for allowing access to a repository of data by a plurality of clients
over at least one communications link connected to said computer systems
[claim 1] ................................................................................................................16
D. Claims 1-4, 6, and 7 Means-Plus-Function Constructions .............................17
E. means for organizing data into groups of one or more elements through a
user interface based on criteria established by the designer of the repository
[claim 9] ................................................................................................................18
F. Claims 9 and 10 Means Plus Function Constructions ....................................19
VII. Specific Grounds for Petition .........................................................................19
U.S. Patent 6,466,983 B1

A. Ground 1: Claim 1 is rendered obvious over Shannon (EX1006) in view of
He 451 (EX1003).................................................................................................19
1. Shannon (EX1006) ......................................................................................19
2. He 451 (EX1003) .......................................................................................21
3. Motivation to combine He 451 (EX1003) and Shannon (EX1006) ..........22
4. Chart for claim 1: Shannon in view of He 451. See Cohen Decl. (EX1002)
at 46) ...............................................................................................................28
B. Ground 2: Claims 2-4, 6, 7, 9, and 10 are rendered obvious by Shannon in
view of He 451, further view of Cragun .............................................................36
1. Cragun .........................................................................................................36
2. Motivation to combine Cragun with He 451 and Shannon .......................36
3. Chart for claims 2-4, 6, 7, 9, and 10: Shannon in view of He 451, further
in view of Cragun (see Cohen Decl. (EX1002) at 57) ...................................40
VIII. Conclusion ......................................................................................................60
ii
U.S. Patent 6,466,983 B1

I.
MANDATORY NOTICES
A. Real Party-in-Interest
Pursuant to 37 C.F.R. 42.8(b)(1), Unified Patents Inc. (Unified or
Petitioner) certifies that Unified is the real party-in-interest, and further certifies
that no other party exercised control or could exercise control over Unifieds
participation in this proceeding, the filing of this petition, or the conduct of any
ensuing trial. In this regard, Unified has submitted voluntary discovery. See
EX1011 (Unified Patents Inc.s Voluntary Interrogatories).
B. Related Matters
U.S. Pat. No. 6,466,983 (983 patent (EX1001)) is owned by Plano
Encryption Technologies, LLC (Plano or Patent Owner) according to the
assignment records of the United States Patent and Trademark Office.
C. Counsel
P. Andrew Riley will act as lead counsel; Jonathan Stroud and James Stein
will act as backup counsel.
D. Service Information, Email, Hand Delivery, and Postal
Petitioner consents to electronic service, and request patent owners do the
same.
Petitioner
can
be
served
at
Plano983IPR@finnegan.com
and
jonathan@unifiedpatents.com. P. Andrew Riley and James D. Stein can be reached

at Finnegan, Henderson, Farabow, Garrett & Dunner, L.L.P., 901 New York
U.S. Patent 6,466,983 B1

Avenue, NW, Washington, DC 200014413, and can be reached by telephone at
202-408-4266 or fax at 202-408-4400. Jonathan Stroud can be reached at Unified
Patents Inc., 1875 Connecticut Ave. NW, Floor 10, Washington, D.C., 20009, at
650-999-0455.
II.
CERTIFICATION OF GROUNDS FOR STANDING

Petitioner certifies pursuant to Rule 42.104(a) that the patent for which
review is sought is available for inter partes review and that Petitioner is not
barred or estopped from requesting an inter partes review challenging the patent
claims on the grounds identified in this Petition.
III.
OVERVIEW OF CHALLENGE AND RELIEF REQUESTED

Pursuant to Rules 42.22(a)(1) and 42.104(b)(1)(2), Petitioner challenges
claims 1-4, 6, 7, 9, and 10 of the 983 Patent.

A. Prior Art Patents and Printed Publications
The following references are pertinent to the grounds of unpatentability
explained below1:
U.S. No. 6,088,451 (filed on Jun. 28, 1996; published on Jul. 11, 2000) (He
451) (EX1003)), which is prior art under 35 U.S.C. 102(a)
The 983 patent issued from a patent application filed prior to enactment of the
America Invents Act (AIA). Accordingly, pre-AIA statutory framework applies.
U.S. Patent 6,466,983 B1

U.S. No. 5,832,212 (filed on Apr. 19, 1996; published on Nov. 3, 1998)
(Cragun or (EX1004)), which is prior art under 35 U.S.C. 102(a)
U.S. No. 6,233,618 (filed on Mar. 31, 1998; published on May 15, 2001)
(Shannon) (EX1006)), which is prior art under 35 U.S.C. 102(a)
B. Grounds for Challenge
This Petition, supported by the expert declaration of Herbert Cohen, requests
cancellation of challenged claims 1-4, 6, 7, 9, and 10 as unpatentable under 35
U.S.C. 103. See 35 U.S.C. 314(a).
IV.
TECHNOLOGY BACKGROUND
Well before the application for the 983 patent, the widespread use and
sharing of electronic data storage devices led to a desire for better security and
control over access to information. He 451 (EX1003) at 1:79, 1:3037; Shannon
(EX1006) at 1:44-48, 3:46-50. Prior art developers created software and hardware
systems to regulate who gets to view and access what information on a network.
He 451(EX1003) at Abstract; Shannon (EX1006) at 3:3558; see generally U.S.
Pat. No. 7,756,986 B2 to Blumenau (EX1005) at Abstract; U.S. Pat. No. 7,062,489
B1 to Gebauer (EX1007) at Abstract; U.S. Pat. No. 5,982,891 to Ginter (EX1009)
at Abstract.
U.S. Patent 6,466,983 B1

To protect information and regulate access, these prior systems and methods
generally had three steps: (1) identifying a user, (2) limiting access, and (3)
disseminating data. He 451 (EX1003) at 8:359:61; Shannon (EX1006) at Fig. 2;
Blumenau (EX1005) at Abstract; Gebauer (EX1007) at Abstract; Ginter (EX1009)
at Abstract.
Systems that control user access to information must identify the users
seeking the information. The system can then determine whether the user may
view the information, and to what extent the user may access, download, or
manipulate the information. See Shannon (EX1006) at 6:4860. A school
administrator, for example, might want to prevent the frivolous access of certain
websites during school hours. Id. Websites which direct students to on-line games
could distract from the learning process. Id.The same administer, however, may
not wish to regulate a chess clubs access to those same sites, depending on the
time of day. Id.
In this example from Shannon, the system would be required to identify the
student (EX1006 at 7:2640), the requested data (see id. at 8:2467), the location
from where the request was made (see id. at 7:2640), and the time and date the
request was made (id. at 6:48-60; 7:5712; Table 2). The system would then
compare these parameters with acceptable access parameters. Id. at 6:28-47, 8:2467; Papierniak (EX1008) at 10:1063; FIG. 7.
U.S. Patent 6,466,983 B1

Papierniak (EX1008) at FIG. 7

This second step would regulate whether the user, a student in the proposed
example, could access the desired site, and to what extent access should be
granted. Shannon (EX1006) at 6:4860, 7:5712, Table 2. Though the student may
be allowed access to a chess website, the system would deny access to the pay-toplay section of the same website. Id. Alternatively, an administrator may wish his
students to have access to certain educational websites, but may also wish to limit
the extent to which a student can access certain parts of the sites. Id.
U.S. Patent 6,466,983 B1

In another example, a company may wish for its employees to be able to
access certain corporate records while also wanting to restrict which employees
can access what records. See He 451 (EX1003) at 4:545:3. A human resources
employee, for example, may need access to all employee records, but an IT
employee should probably not have the same level of access. Some systems would
then issue a ticket or code for each session (or attempt to access the information),
which sets the limits of access for that session. See He 451 (EX1003) at 27:4450.
Finally, after determining the extent to which the identified user can access
the requested information, the system would provide the appropriate access. In
doing so, the system should provide no more and no less information than that
authorized for the particular user. Whether restricted informationinformation the
user does not have access tois redacted, replaced, or removed is up to the
systems designer. Cragun (EX1004) at 7:658:15, FIG. 7.
Cragun (EX1004) at FIG. 7.
U.S. Patent 6,466,983 B1

Determining whether a person should have access to information requires a
certain level of cognition. Systems, at the time of 983 patents filing, would
primarily use key words or categorization to determine the type of information
being requested. See EX1006 at 7:57-12, Table 2. The information type could be
compared to the users access rights and the restricted information could thus be
blocked. Id.
V.
OVERVIEW OF 983 PATENT

A. Summary of the Alleged Invention
The 983 patent describes a number of ways the prior art is used to protect
data and how some of these methods are flawed. The background focuses primarily
on the well-known techniques it calls the cookie approach (983 patent at 1:65),
the re-direction method (id. at 2:19) and data censure (id. at 2:29). The patent
treats these data access methods as similar but mutually exclusive solutions. Id. at
2:5153. It describes the singular problem with the prior art as the attribute that
regulated content is assembled into a fixed form prior to its availability. Id.
Specifically, the patent claims the prior methods required duplication of many
elements used to implement the content since no mechanism exist[ed] to
dynamically replace only the sensitive portion at the time of the request. Id. at
2:56-58.
U.S. Patent 6,466,983 B1

Despite this characterization of the prior art, the 983 patent does not
primarily address this alleged deficiency. Instead, the 983 patent addresses a
method to identify the user, create a unique session for said user, and to regulate
the extent of the data shared in each session. EX1002 (Cohen Decl.) at 12-13.
The 983 patent relies on the fractured packet nature of internet protocols to
accomplish this last part. The method simply blocks and replaces the restricted
packets based on the users access. EX1001 at 19:39; EX1002 (Cohen Decl.) at
13.
The 983 patent specification devotes the remaining portion of the detailed
description of the invention to describe how the system determines the level of
access for the user. The 983 patent primarily relies on identifiers intrinsic to the
user. EX1002 (Cohen Decl.) at 14. The invention describes using this user data to
create a unique session for the user which will control the users access to a data
repository. An access module 300 creates a session node 1000. See EX1001 at
FIG. 10.
U.S. Patent 6,466,983 B1

Figure 10 of 983 patent (EX1001).

The session node acts as the systems access ticket, determining the level of
access the user has from his location at the time of his request. EX1001 at 18:119:52, Figs. 7, 10 & 11; EX1002 (Cohen Decl.) at 15. The system disclosed in the
983 patent then uses the session node to compare the users allowed data to the
requested data. See id., see also id. at FIG. 5; EX1002 (Cohen Decl.) at 15.
U.S. Patent 6,466,983 B1


If the requested data contains data which the user is not authorized to access,
it can be redacted or replaced with a phrase of the designers choosing. See
EX1001 at 18:28-19:40, FIG. 7; EX1002 (Cohen Decl.) at 16. Finally the data is
compiled into a readable format and presented to the user. EX1001 at 19:41-52.;
EX1002 (Cohen Decl.) at 16.
10
U.S. Patent 6,466,983 B1


B. Level of Ordinary Skill in the Art
A person of ordinary skill in the art (POSA) at the time of filing the
provisional application for the 983 patent, i.e., September 30, 1999, would be
familiar with network security and have at least the equivalent of a Bachelor of
Science degree in electrical or computer engineering, with multiple years (two or
more) of experience in the field of software design, development, or evaluation.
EX1002 (Cohen Decl.) at 17. A higher level of education may make up for less
experience. (Id.)
11
U.S. Patent 6,466,983 B1

C. Prosecution History
On September 30, 1999, Stephen Strazza filed application number
09/406,196, titled Systems and methods for controlling access to data maintained
in a repository. See EX1012 (983 file history) at 8. The original application
included 23 claims. Id. at 4249.
On April 8, 2002, Examiner Young Won issued a non-final office action,
objecting to the drawings and the specification and rejecting claims 19, 20, and 22
as anticipated by U.S. Patent 6,088,728 to Bellemore et al. (Bellmore), claims 17,
13, 14, 1618, 21, and 22 as obvious in light of Bollemore in view of U.S. Patent
6,009,442 to Chen et al. (Chen), and claim 23 as obvious in light of Bellmore in
view of Chen and U.S. Patent 5,850,490 to Johnson (Johnson). See EX1012 (983
file history) at 98100, 100108, 108110. While they were objected to as
depending from a rejected claim, the Examiner indicated that claims 8, 9, 1012,
and 15 would be allowable if written in independent form, because neither
Bellemore nor Chen taught the recited language. Id. at 110113.
Two months later on June 27, 2002, Mr. Strazza, and his attorney Thomas
M. Marshall met and conferred with Examiner Won and Examiner Wons
supervisor primary examiner. Id. at 145. In that conference, Mr. Strazza was
asked to further describe in claim language applicants forresta identity. Id. at
145.
12
U.S. Patent 6,466,983 B1

Complying, Mr. Strazza filed amended claims on July 6, 2016, id. at 119,
adding language from the specification directly into claim 19. See id. at 145. He
then rewrote allowable claims 9, 10, and 15 in independent form, and rewrote
claims 19, 20, and 22 to include further limitations. Id. In addition, Mr. Strazza
acknowledged that the feature he was basing his patentability arguments on was
the uniquely named forresta element. Id. at 145.
Further, Mr. Strazza stated that [a]s presently claimed, this invention is
based on the forresta identity being assigned by the data access control means or
method steps to the transmission itself wholly independent from and unrelated to
the identity or operational state of the user. Id. at 146.
By this amendment, Mr. Strazza also sought to distinguish Chatterjee et al.
(U.S. Pat. No. 6,024,375), Peterson et al. (U.S. Pat. No. 6,303,179), Kullick et al.
(U.S. Pat. No. 5,751,997), Ferguson et al. (U.S. Pat. No. 6,237,011), and Anglin
(U.S. Pat. No. 6,260,069). Id. at 14748.
Two months later on August 8, 2002, Examiner Won issued an examiners
amendment cancelling claims 25-31 and allowing the patent. Id. at 209. The
examiner did not indicate any reasons for allowability. Id. at 209211.
On November 7, 2014, the patent expired because the maintenance fees were
not paid. Id. at 217. On May 6, 2015, the 983 patent was assigned to Plano
Encryption Technologies, along with U.S. Patent 6,587,858. The assignment is
13
U.S. Patent 6,466,983 B1

recorded at Reel/Frame 035583/0938. The two patents have very similar subject
matter, and were filed on the same day by the same inventor, but are not formally
linked and were examined by different patent examiners.
VI.
CLAIM CONSTRUCTION
[T]he Boards review of the claims of an expired patent is similar to that of
a district courts review. In re Rambus, Inc., 694 F.3d 42, 46 (Fed. Cir. 201 2).
Under Phillips v. AWH Corp. 41 5 F.3d 1303, 131213 (Fed. Cir. 2005) (en banc),
claim terms are given their ordinary and customary meanings as would be
understood by a person of ordinary skill in the art at the time of the invention,
having taken into consideration the language of the claims, the specification, and
the prosecution history of record. See, e.g., Cisco Systems, Inc., v. AIP Acquisition,
LLC, IPR2014-00247, Paper No. 20 at 23 (July 10, 2014).
Any claim terms not included in the discussion below should be given their
ordinary and customary meanings in light of the specification, as commonly
understood by those of ordinary skill in the art.
A. Forresta
After a diligent search, the word Forresta was not found in any known
Romantic or Germanic language, and one of ordinary skill in the art would be
unfamiliar with its use. EX1002 (Cohen Decl.) at 20. Thus, it has no ordinary
meaning in the common parlance or by persons of skill in the pertinent art. See
14
U.S. Patent 6,466,983 B1

Advanced Ground Information Systems, Inc. v. Life360, Inc., No. 2015-1732 (Fed.
Cir. July 28, 2016) (slip op.).
Based on its use, context, and all available evidence, a POSA reading the
specification would understand the term forresta here to mean any passive data
which can be used to identify the users level of access to a repository of data. This
would include, for example, the users IP address, the geographic location of
request, or any other indictor which may identify the user. EX1002 (Cohen Decl.)
at 21.
For example, the specification states forresta is passive information
included within the users request. See 983 patent at 3:3134. The specification
also uses the terms like forresta value (id. at 4:23; 6:43; 12:14; 12:17; 12:19) and
forresta argument (id. at 6:42; 6:46; 7:16; 12:12). These variations of the term
forresta are not clearly defined by the specification. EX1002 (Cohen Decl.) at
21. Nor, however, are these variations used in the claims. Id. A POSA would
understand the use of forresta in these terms is intended to indicate the value as
been influenced by the forresta information. Id.
B. Fragment[s]
Fragments is defined in the specification as files. EX1001 at 7:2026. A
POSA would understand the term to include data that can be compartmentalized
based on the designers parameters, allowing him to exclude any data he or she
15
U.S. Patent 6,466,983 B1

may wish. EX1002 (Cohen Decl.) at 22-23. This data could include the use of
specific phrases, images, links, or objects found on the requested site. See EX1001
at FIG. 4; EX1002 (Cohen Decl.) at 22-23.
Figure 4 of 983 patent.

C. means for allowing access to a repository of data by a plurality of
clients over at least one communications link connected to said
computer systems [claim 1]
Challenged claim 1 recites means for allowing access to a repository of
data by a plurality of clients over at least one communications link connected to
said computer systems. EX1001 at 20:39-42. In determining whether a particular
limitation should be construed under 35 U.S.C. 112, 6th paragraph/(f) as meansplus-function language, the essential inquiry is not merely the presence or
absence of the word means but whether the words of the claim are understood by
persons of ordinary skill in the art to have a sufficiently definite meaning as the
16
U.S. Patent 6,466,983 B1

name for structure. Williamson v. Citrix Online, LLC 792 F.3d 1339, 1348 (Fed.
Cir. 2015). Here, Petitioner submits that this claim term should be construed as
means-plus-function limitation because the surrounding claim language does not
provide sufficient structure to perform the claimed function.
Construing a means-plus function claim term is a two-step process. The
court must first identify the claimed function. . . . Then, the court must determine
what structure, if any, disclosed in the specification corresponds to the claimed
function. Williamson, 792 F.3d 1339, 1351 (Fed. Cir. 2015).
The claim itself identifies the claimed function: allowing access to a
repository of data by a plurality of clients over at least one communications link
connected to said computer systems. The 983 patent identifies the relevant
structure as server computer 102 contains . . . the data access control (DAC)
process 106 of the present invention. Id. at 4:60-67, FIGs. 1 and 2; see EX1002
(Cohen Decl.) at 25.
D. Claims 1-4, 6, and 7 Means-Plus-Function Constructions
The preamble to challenged claim 1 recites means for allowing access to a
repository of data by a plurality of clients over at least one communications link
connected to said computer systems, data access control means comprising...
EX1001 at 20:3942. The remaining limitations in claim 1 and dependent claims
2-8, only contain additional means for limitations that further define the claimed
17
U.S. Patent 6,466,983 B1

data access control means of claim 1. EX1002 (Cohen Decl.) at 26. Therefore,
the means for limitations found claims 1-4, 6, and 7 all have the same
corresponding structure as the claimed data access control meansnamely,
server computer 102 contains . . . the data access control (DAC) process 106 of
the present invention. Id. at 4:6067, FIGs. 1 and 2.
E. means for organizing data into groups of one or more elements
through a user interface based on criteria established by the
designer of the repository [claim 9]
Challenged claim 9 recites means for organizing data into groups of one or
more elements through a user interface based on criteria established by the
designer of the repository. EX1001 at 22:5254. This claim term should be
construed as means-plus-function limitation because the surrounding claim
language does not provide sufficient structure to perform the claimed function.
EX1002 (Cohen Decl.) at 27. The claim identifies the claimed function:
organizing data into groups of one or more elements through a user interface
based on criteria established by the designer of the repository. The 983 patent
identifies the relevant structure as reference tool 500, which is a process of the
current invention that is executed by the designer as a standalone method. It is
typically executed on a computer that is not the server 102 (Fig. 1). Id. at 7:57
8:5, Fig. 5; see also id. at 8:667; EX1002 (Cohen Decl.) at 27
18
U.S. Patent 6,466,983 B1

F. Claims 9 and 10 Means Plus Function Constructions
Claims 9 and 10 contain a number of means plus function limitations. Id. at
22:5325:8. These claim terms should be construed as means-plus-function
limitations because the surrounding claim language does not provide sufficient
structure to perform the claimed functions. EX1002 (Cohen Decl.) at 28. The
structure disclosed in the specification for performing these claimed functions is
the server computer 102 [that] contains . . . the data access control (DAC)
process 106 of the present invention. Id. at 4:6067, FIGS. 1 and 2; EX1002
(Cohen Decl.) at 28.
VII.
SPECIFIC GROUNDS FOR PETITION

A. Ground 1: Claim 1 is rendered obvious over Shannon
(EX1006) in view of He 451 (EX1003)
1. Shannon (EX1006)
Shannon is directed to an Access control of network data. Shannon
(EX1006) at Title. Shannon describes An access control technique to limit access

to information content such as available on the Internet. Id. at Abstract. The
system and methods disclosed in Shannon provide[] access control not based only
upon content, but rather, based primarily upon the identity of the computers or
users making the requests. Id. The access control disclosed in Shannon may be
determined by comparing client source information against a database of Uniform
19
U.S. Patent 6,466,983 B1

2. He 451 (EX1003)
He 451 is directed to a Security System and Method for Network Element
Access. He 451 (EX1003) at Title. He 451 describes connecting a network
security server to a network to control access to the network elements and protect
network resources and information. Id. at Abstract. This network is illustrated in
Figure 2.
He 451 (EX1003) at Fig. 2

He 451 discloses a network security server (NSS; also called the master
server) 208 that includes a network authentication 202, user credential control
204 and network element access control 206. Id. at 11:3440.
21
U.S. Patent 6,466,983 B1

3. Motivation to combine He 451 (EX1003) and Shannon (EX1006)
Both He 451 and Shannon are concerned with the unauthorized access to
information over a network. He 451 (EX1003) at 1:3033; Shannon (EX1006) at
1:4448. Both offer solutions that allow access to data from a repository based on
the identity of the user. See e.g., He 451 (EX1003) at 2:2430; Shannon (EX1006)
at 7:1113, 7:2134; EX1002 (Cohen Decl.) at 37. Additionally, both references
provide a centralized access control component that separate from the user
component and the server component to which the user component is requesting
access. EX1002 (Cohen Decl.) at 37. This feature makes their systems more
efficient and difficult to circumvent, and it also makes the two systems compatible
with one another. Id.
Shannon criticizes prior art access control systems that restrict access
primarily upon content and do so at either the server or the client, and provides
a solution that instead restricts access based upon the requests made by whom, at
what times, and according to different categories of subject matter. EX1006 at
4:26-31; EX1002 (Cohen Decl.) at 37. To do so, Shannon creates a system in
which the identity of the user can by confirmed using passive information, like logon identity and geographic location. See, e.g., Shannon (EX1006) at 6:48, 7:11
13, 7:2134; EX1002 (Cohen Decl.) at 37.
22
U.S. Patent 6,466,983 B1

Shannon provides a centralized gateway, located at an Internet service
provider (ISP) for example, that monitor[s] the data communications that pass
between clients connected to the LAN 40 and servers connected to the WAN 45.
Shannon (EX1006) at 6:410. By locating the access control decisions in neither
the server nor client computers 5056, but rather, within network device [gateway]
100, web page and data access for all clients 50 through 53 may be controlled as a
group, without any separate client or server configuration required from the
administrator who operates the network device 100. Id. at 6:121. Additionally, a
centralized gateway is typically isolated from physical and login access by users,
[so] a trusted systems administrator can be responsible for administering an access
control policy which is more difficult to circumvent than when left up to the users
of the clients or servers. Id. at 6:2127; EX1002 (Cohen Decl.) at 38.
Shannons gateway makes access control decisions for clients based on an
examination of the content of the specific requests in comparison with access
control data stored in databases 203, 204 and 208. Id. at 6:1215; EX1002 (Cohen
Decl.) at 39. This can include [a] person[]s responsibilities within the
organization that is using the system of this invention. Id. at 6:2847. If a user is
in a particular group, the invention can further limit access control to, for example,
web pages, data, programs, files or documents for that group at certain times, while
not limiting access at other times. Id. at 6:3842. Thus, the gateway can restrict
23
U.S. Patent 6,466,983 B1

access based on the categories or types of data to be accessed, on groups of users,
and on the time during which access is requested. Id. at 6:4547; EX1002 (Cohen
Decl.) at 39.
He 451 also provides a centralized access control technique where the
network element access server 206 is separate from the user element 102 and the
network element(s) 104 to which the user element 102 is seeking access. He 451
(EX1003) at 13:4314:8, FIG. 2; EX1002 (Cohen Decl.) at 40. Similar to
Shannon, in He 451, the centralized network element access server 206 . . .
serves to consolidate the administration and management of element-level access
control from users to network elements, meaning that costly and lengthy
administration, management and synchronization of such access control in
individual network elements can be avoided. He 451 (EX1003) at 13:6414:3;
EX1002 (Cohen Decl.) at 40. [T]his component 206 not only serves its
distinctive and unique functions in the access control to network elements, but also
greatly enhances the effectiveness and efficiency of user and system administration
and management, Shannon (EX1006) at 14:39, because it relieves th[e]
administrative burden because it is designated as the sole place where essential
user network authentication information is stored for the entire network 106 Id. at
12:5661. EX1002 (Cohen Decl.) at 40.
24
U.S. Patent 6,466,983 B1

Thus, the architectures of Shannons and He 451s access control systems
are similar because both provide a centralized access control solution separate from
the client and content server being accessed. Id. at 41. Additionally, both systems
are similar in the way they restrict access: in part, based on the user requesting
access. Id. Because these similarities, one of ordinary skill in the art would have
been able to add functions of He 451s centralized network element access server
206 to Shannons gateway or network device 100 to improve it. Id.
Shannon may not disclose an efficient way to permit continued
request/access by the client computer once the user has been authenticated. Id. at
42. The process of Shannons figure 4including the step 202 of determined up
the group of the user and the step 205 of determining the active categories for the
users groupmust be performed for each request, even if the same user is
requesting access to the same content server. Shannon (EX1006) at 13:1815:4;
EX1002 (Cohen Decl.) at 42. For example, Shannons process would
authenticate the user a second time if the user seeks to access a second web page
on the same server or another resource on another server. Id. This wastes computer
resources. Id. So, while Shannon is concerned with providing a robust data access
filtering system that provides access control based on users, categories and times of
use and not purely on content of data being accessed, Shannon (EX1006) at 15:5
25
U.S. Patent 6,466,983 B1

11, Shannon does not focus on the efficiency of the filtering process itself. Cohen
Decl. (EX1002) at 42.
One of ordinary skill in the art looking at Shannon would have recognized
the inefficiency in re-authenticating the same user for each access request. Id. at
43. One of ordinary skill in the art would have further recognized that, while the
URL to which the user requests access should be checked against the users
categories for each request, it is unnecessary to recheck the same user itself each
time that user makes an access request. Id.
Moreover, He 451 discloses way to make Shannons filtering technique
more efficient in this regard. Id. at 44. In particular, once a user is authenticated,
He 451 creates a unique session node which determines the amount of access
permitted to the user based on his identity. He 451 (EX1003) at 2:3639, 27:44
50; EX1002 (Cohen Decl.) at 44. In particular, the network security server 208
generates a general ticket that facilitates continued access by the user element:
The NSS 208 then generates a general ticket to be used by the user
element for future network element access requests. After ID and
password authentication has been completed, the general ticket is
encrypted using a secrete key assigned by, and only know to, the NSS
208 so that future access requests by the same user element can be
quickly authenticated by the NSS 208. This avoids the NSS 208
having to verify the ID and password each time the user element
26
U.S. Patent 6,466,983 B1

makes an access request. The NSS 208 keeps the only copy of the
encryption key for the general ticket so that only the NSS 208 can
decrypt the general ticket. This helps prevent unauthorized access
requests by others posing as a preauthorized user element. The
generation of the general ticket is shown at a state 610. The network
security server 208 then transmits the access list to the user's local
access control system, along with the general ticket, as shown at a
state 612.
He 451 (EX1003) at 27:2339. By creating a general ticket that is used to
quickly verify the users future access requests during a session, the NSS 208
create[s] a unique session node as recited in claim 1 of the 983 patent. Cohen
Decl. (EX1002) at 44.
A person having ordinary skill in the art would have sought to incorporate
He 451s unique session node into Shannons gateway so that the system could
quickly and efficiently confirm the identity of the user in future access requests
after the user has initially been authenticated. Id. at 45. This modification would
have made Shannons system more efficient because it would not need to repeat
the full user authentication process each time the user makes a request during a
session. Id. By omitting the full authentication process for future access requests,
the combined system would use less computing resources than Shannons system.
Id. It would also have a quicker request/response time than Shannons system,
because it could return the requested web page or other resource without first
27
U.S. Patent 6,466,983 B1

made from clients to servers, such as, for example, web
page, news server, or FTP data or application download
requests.)
[1.01] means for

interpreting
the
format of a data
transmission
occurring between
said
computer
system and each of
said clients wherein
the
transmission
itself contains and
Shannon (EX1006) at FIG. 1 at 5053, 5456; 6:48 (The

network device 100 can, for example, detect requests from
web pages, files or other data from any of clients 50
through 53 to servers 54 through 56.).
EX1006 at 7:2126 (Each group will have one or more
associated client addresses (i.e., sources) and/or usernames
identifying which user (via which client computers) are in
which group. Column 2 in Table 1 associates each source
client computer to a group.).
29
U.S. Patent 6,466,983 B1

is identified by one
or more forresta
identities
EX1006 at 13:34-41 (During this monitoring process, in

step 200, the network device 100 receives and detects a
packet containing, in this example, an HTTP request in data
field 304 of the packet. The detection can be done, for
example, using an application programming interface (API)
that allows the network device 100 to screen any selected
packet field for information, such as addresses and data in
all outgoing packets.).
EX1006 at 13:52-66 (In the web access example, once a
web page request is detected in a packet, in step 201, the
source address of the packet in field 302 is examined. The
source address may be an IP address, or a MAC address, or
an address/username combination. Then, step 202 matches
the source address and data with the group/source database
203 (i.e., Table 1) in order to determine the group in Table
1 to which the packet containing the HTTP request belongs.
In other words, the packet came from one of clients 50
through 53. Hence, step 202 matches packet information to
group information such as that shown in Table 1, in order to
determine which client and/or user on LAN 40 is sending
this particular web page request packet and determine what
group that machine or machine/username combination is in
within database 203.).
30
U.S. Patent 6,466,983 B1

[1.02] each of said
forresta identities
may be acted upon
independently;
Shannon (EX1006) a 6:4348 (Still further, this invention

provides the ability to limit access control to web pages or
data provided by servers that fall into many different
categories. That is, access control is provided based on the
categories or types of data to be accessed, on groups of
users, and on the time during which access is requested.).
[1.03] and each of

which is unique and
unrelated to any
means used to
identify the parties
receiving
or
sending
such
He 451 (EX1003) at 2:36-55 (A general ticket is provided

to each user element at log on to facilitate future access
requests. The general ticket is presented to the network
security server each time the user element initiates a
communication session. The general ticket is used by the
network security server to authenticate access requests
without having to verify user credentials for each access
31
U.S. Patent 6,466,983 B1

transmission;
[1.04] means for

creating
said
forresta identity as
an
n-byte
character
sequence having no
conflicting meaning
within the coding
constructs of a
transmission;
request. If upon initiation of a communication session the

general ticket is authenticated, the network security server
generates a session ticket and provides the user element
with the session ticket and a unique session encryption key.
The session ticket is used by the user element to
communicate with the selected network element.
The session ticket includes a unique session encryption key
to be used by the user element for encrypting data for
communication to the network element and by the network
element for decrypting that data. The session ticket itself is
encrypted using the a key derived from the password of the
selected network element so that only the selected network
element can verify the session ticket and successfully
retrieve the session encryption key.).
EX1006 at 7:11-26 (In the example shown in Table 1,
client computer numbers are used. In a preferred
embodiment, the computer numbers used by the
group/source database 203 are preferably machine address
(i.e., Internet Protocol (IP) or Media Access Control
(MAC) addresses, as will be described below) to identify
sources, or sources may be broken down even further to the
username level, such that no matter which client computer a
specific user logs in at, that user will always be associated
with his or her respective group. In such a case, groups
would have sources containing usernames, instead of
hostnames, or sources may be username/hostname pairs. As
will be explained, the group/source database 203 will be
used to determine who is requesting the information over
the network, such as web page data for example, and what
their level of access is.).
One of ordinary skill in the art would have understood that
the IP address or other forresta identity in Shannon has no
conflicting meaning within Shannons system. If it did, the
system would not work as Shannon describes. For example,
Shannon teaches that the forresta identity is used to
identify sources, or sources may be broken down even
further to the username level, such that no matter which
32
U.S. Patent 6,466,983 B1

[1.05] means for

creating a unique
session
node
managed by the
data access control
method,
wherein
said session node
exists to identify
and
validate
recognized forresta
identities contained
within each such
transmission and;
client computer a specific user logs in at, that user will

always be associated with his or her respective group.
Shannon (EX1006) at 7:31-34. If the forresta identity had a
conflicting meaning within the system, the system would be
unable to identify the group of the user or would
malfunction entirely. See Cohen Decl. (EX1002) at 46
(chart for claim [1.04]).
He 451 (EX1003) at 2:3655 (A general ticket is provided
to each user element at log on to facilitate future access
equests. The general ticket is presented to the network
security server each time the user element initiates a
communication session. The general ticket is used by the
network security server to authenticate access requests
without having to verify user credentials for each access
request. If upon initiation of a communication session the
general ticket is authenticated, the network security server
generates a session ticket and provides the user element
with the session ticket and a unique session encryption key.
The session ticket is used by the user element to
communicate with the selected network element.).
EX1003 at 27:23-56 (The NSS 208 then generates a
general ticket to be used by the user element for future
network element access requests. After ID and password
authentification has been completed, the general ticket is
encrypted using a secrete key assigned by, and only know
to, the NSS 208 so that future access requests by the same
user element can be quickly authenticated by the NSS 208.
This avoids the NSS 208 having to verify the ID and
password each time the user element makes an access
request. The NSS 208 keeps the only copy of the encryption
key for the general ticket so that only the NSS 208 can
decrypt the general ticket. This helps prevent unauthorized
access requests by others posing as a preauthorized user
element. The generation of the general ticket is shown at a
state 610. The network security server 208 then transmits
the access list to the user's local access control system,
along with the general ticket, as shown at a state 612.).
33
U.S. Patent 6,466,983 B1

Shannon (EX1006) at 6:4247 (Still further, this invention
provides the ability to limit access control to web pages or
data provided by servers that fall into many different
categories. That is, access control is provided based on the
categories or types of data to be accessed, on groups of
users, and on the time during which access is requested.).
[1.06] means for

creating
a
construction
sequence for each
new transmission,
said
sequence
identifying
the
components and
forresta identities
used to form the
transmission
and
where
said
sequence
results
from
interpreting
forresta identities.
Shannon (EX1006) at 7:2734 (In a preferred

embodiment, the computer numbers used by the
group/source database 203 are preferably machine address
(i.e., Internet Protocol (IP) or Media Access Control
(MAC) addresses, as will be described below) to identify
sources, or sources may be broken down even further to the
username level, such that no matter which client computer a
specific user logs in at, that user will always be associated
with his or her respective group.).
Shannon (EX1006) at 8:2425 (The third database used by
network device 100 for access control is the
category/restricted destination database 208.).
EX1006 at FIG. 1 at 5053, 5456; 6:48 (The network
device 100 can, for example, detect requests from web
pages, files or other data from any of clients 50 through 53
to servers 54 through 56.).
EX1006 at 7:2126 (Each group will have one or more
identifying which user (via which client computers) are in
which group. Column 2 in Table 1 associates each source
client computer to a group.).
34
U.S. Patent 6,466,983 B1


35
U.S. Patent 6,466,983 B1

B. Ground 2: Claims 2-4, 6, 7, 9, and 10 are rendered obvious by
Shannon in view of He 451, further view of Cragun
1. Cragun
Cragun discloses a way to tailor objectionable content in real time to make it
unobjectionable. Cohen Decl. (EX1002) at 50. In particular, Cragun is direct to a
[c]ensoring browser method and apparatus for internet viewing. EX1004 at Title.
The system and method disclosed in Cragun allows the user to select censoring
parameters, including words and word fragments, user selected categories, and
user selected super categories. Id. at 2:3538. Cragun teaches that before any text
is displayed, the system searches for and marks any words and words containing
any word fragments on a userdefined unwantedword list stored in a user
profile. Id. at 3:5558. Any words on the user censoring list are [t]hen the
marked censored words are removed and replaced by user selected substitutes for
display of the processed text in accordance with user selected censoring rules
stored in the user profile. Id. at 3:5861.
2. Motivation to combine Cragun with He 451 and Shannon
A POSA would have sought to combine He 451 and Shannon. He 451
(EX1003), Cragun (EX1004) and Shannon (EX1006) restrict access to data using a
table of certain data to determine the extent of a users access. Shannon discloses
restricting access to the content when certain keywords appear on the requested
36
U.S. Patent 6,466,983 B1

page. Shannon (EX1006) at 3:28-35. Cragun uses a similar table or list but
replaces the offending words or phrases with alternatives selected ahead of time by
the systems designer or administrator. Id. at Abstract.
For example, Craguns figure 14 shows an interface 1400 to receive
selections form the administrator for a manage word list. EX1004 at 7:658:15;
Cohen Decl. (EX1002) at 53.
FIG. 14 of Cragun (EX1004)

The interface 1400 allows the administrator to enter a replacement word
712 which is the word to be substituted for the unwanted word. Cragun (EX1004)
at 8:46. A POSA would be motivated to combine these two references, as Cragun
(EX1004) extends the potential applications of Shannon (EX1006) while
employing a similar strategy during the access limitation analysis. Shannon
suggests filter[ing] the content of only web pages based . . . upon objectionable
37
U.S. Patent 6,466,983 B1

words. Shannon (EX1006) at Abstract; Cohen Decl. (EX1002) at 54. But an allor-nothing keyword approach would block a site entirely when instead it could
selectively censor information to be reviewed to make it unobjectionable as
disclosed by Cragun. Cragun (EX1004) at 2:34; Cohen Decl. (EX1002) at 54.
Adding Craguns substitution technique to Shannon would make the access control
more flexible and granular in its ability to restrict or grant access to content. Cohen
Decl. (EX1002) at 54. For example, instead of blocking access to a web site
entirely, only certain objectionable words would be censored and replaced with
content that is not objectionable and then presented to the user. Id. This would be
beneficial because some sites have both content with merit (e.g., educational value)
and objectionable content without merit, depending on the particular user. Id;
Shannon (EX1004) at 1:6164 (Yet, some sites with valid content have
potentially objectionable language. By blocking the site, one misses the valuable
content when the real problem is only one portion of the content.) Accordingly,
one of ordinary skill in the art would have sought to add Craguns wordsubstitution functionality to the ShannonHe 451 combination. Cohen Decl.
(EX1002) at 54.
Although Craguns functionality is implemented on the user computer 102,
one of ordinary skill in the art could have implemented it on Shannons centralized
network device [gateway] 100. Cohen Decl. (EX1002) at 55. In Shannon, there is
38
U.S. Patent 6,466,983 B1

an administrator who operates the network device [or gateway] 100 and is a
trusted systems administrator . . . responsible for administering an access control
policy. Shannon (EX1006) at 6:2128. This same trusted administrator could
manage Craguns word list interface 1400 now running on Shannons gateway 100
in the combined system. Cohen Decl. (EX1002) at 55.
Shannon teaches that the gateway 100 can be located at an Internet Service
Provider (ISP). Shannon (EX1006) at 5:63-67 (Such a gateway may be located at
an Internet service provider (ISP) wherein the clients are connected to the LAN via
dial-up modems, or within a corporate or other institutional environment, between
the LAN and an Internet connection.); Cohen Decl. (EX1002) at 56. Thus, all
communications to the client already go through the gateway 100. Shannon
(EX1006) at 5:61-63 (The network device 100 serves as the gateway through
which all data communications must pass between the two networks 40 and 45.).
Thus, one of ordinary skill in the art would recognize that Shannons gateway has
the opportunity and ability to implement Craguns manage word list and substitute
objectionable content with unobjectionable content before it is provided to the
client. Cohen Decl. (EX1002) at 5776.
39
U.S. Patent 6,466,983 B1

3. Chart for claims 2-4, 6, 7, 9, and 10: Shannon in view of He 451,
further in view of Cragun (see Cohen Decl. (EX1002) at 57)
Limitations
Citations to Shannon (EX1006), He 451 (EX1003), and

Cragun (EX1004)
[2.0] The system See supra Claim 1.
of
claim
1,
wherein said data
access
control
means
further
includes:
[2.01] means for Shannon (EX1006) at 8:2425 (The third database used by
recognizing a part network device 100 for access control is the category/restricted
of
each destination database 208.).
transmission
as
being a unique EX1006 at FIG. 1 at 5053, 5456; 6:48 (The network device
forresta identity, 100 can, for example, detect requests from web pages, files or
which recognition other data from any of clients 50 through 53 to servers 54
means connects to through 56.).
further means for
parsing
and EX1006 at 7:2126 (Each group will have one or more
substituting
construct that are identifying which user (via which client computers) are in
components of which group. Column 2 in Table 1 associates each source client
computer to a group.).
fragment files;
40
U.S. Patent 6,466,983 B1

EX1006 at 13:34-41 (During this monitoring process, in step

200, the network device 100 receives and detects a packet
containing, in this example, an HTTP request in data field 304
of the packet. The detection can be done, for example, using an
application programming interface (API) that allows the
network device 100 to screen any selected packet field for
information, such as addresses and data in all outgoing
packets.).
EX1006 at 13:52-66 (In the web access example, once a web
page request is detected in a packet, in step 201, the source
address of the packet in field 302 is examined. The source
address may be an IP address, or a MAC address, or an
address/username combination. Then, step 202 matches the
source address and data with the group/source database 203
(i.e., Table 1) in order to determine the group in Table 1 to
which the packet containing the HTTP request belongs. In other
words, the packet came from one of clients 50 through 53.
Hence, step 202 matches packet information to group
information such as that shown in Table 1, in order to determine
which client and/or user on LAN 40 is sending this particular
web page request packet and determine what group that
machine or machine/username combination is in within
database 203.).
Cragun (EX1004) at 2:3538 (In accordance with features of
the invention, the user selected censoring parameters includes
user selected censored words and word fragments, user selected
categories, and user selected super categories.).
[2.02] means for Cragun (EX1004) at FIG. 14; 2:3841 (Compared word and
accessing
a word fragments matching user selected censored words and
word fragments can be removed and selectively replaced with
substitution
table containing a predefined characters or acceptable substitute words.).
set of substitution
records,
said EX1004 at 6:54-7:3 (The removal and substitution censoring
function includes a variable number of options, for example, as
substitution
records including shown. First, if process equals substitution is true at a decision
one each of a block 518 and a substitute exists is true at a decision block 520,
41
U.S. Patent 6,466,983 B1

parse phrase, a
substitution index
and a substitution
phrase; means for
examining
the
content
of
a
fragment
file,
each said parse
phrase
being
compared with
the content of the
fragment file to
identify
constructs;
then the marked unwanted word is replaced with a socially

acceptable substitute at a block 522. Otherwise, when a
substitute exists is false at decision block 520, then processing
is set to the missing substitute censor level for the category at a
block 524.)
Referring to FIG. 5B, if process equals substitution is false at
decision block 518, checking whether process equals hide is
true is provided at a decision block 526. If process equals hide
is true at decision block 526, then an empty string is outputted
for the unwanted word or word fragment as indicated at a block
528 so that the removal of the unwanted word or word fragment
is removed from the displayed text.).
EX1004 at 7:65-8:15 (Referring to FIG. 7, an exemplary word
list record structure 700 in accordance with the present
invention is shown. Referring also to FIG. 14, the illustrated
manage word list dialog 1400 is provided to receive user
selections. The word list record structure includes a text field
702, a flag field 704, a category field 706, a weight change 708 ,
and a replacement word pointer 710 to a replacement word 712
which is the word to be substituted for the unwanted word. The
text field 702 comprises the unwanted word or word fragment to
be censored. The flag field 704 indicates whether the word list
record defines a word or a word fragment, where a word
fragment is represented by zero and a word is represented by
one. The category field 706 comprises an integer index value to
the category table index of FIG. 8A. For example, having
reference also to FIG. 8A, the category field 706 being set to 2
indicates animal slang, while the category field 706 being set to
5 indicates food slang.).
42
U.S. Patent 6,466,983 B1

EX1004 at 8:40-9:30 (Referring to FIG. 9, sequential steps to

mark censored or delimited words and to tally or add weights
for internet viewing of the present invention are shown. The
mark delimited word and add weights process is entered at a
block 900 with the starting and ending position to mark given
by the calling process from blocks 422 and 416 in FIG. 4. The
sequential steps begin with checking if the category default
censor level equals no mark is true as indicated at a decision
block 902. If the category default censor level equals no mark is
true, then the pointer is updated to the end of the word as
indicated at a block 903. Then the category current tally is
increased by the category base weight 810 plus any word weight
change 708 as indicated at a block 904. Next found is set to true
as indicated at a block 905. Then the sequential operation
returns as indicated at a block 906 to routine block 418 in FIG.
4 to get the previous word list record. If the category default
censor level is not no mark, then a mark is built. A start tag is
put into a holding string MRKSTR as indicated at a block 908.
Then packet text from the given start to the given end is added
to the MRKSTR as indicated at a block 910 for handing partial
fragments, words, and word combinations. Next a tag delimiter
is added to MRKSTR as indicated at a block 912. Then
checking if substitute exists is provided as indicated at a
decision block 916. If substitute exists is true, a substitute word
is added to MRKSTR, as indicated at a block 918. If substitute
43
U.S. Patent 6,466,983 B1

exists is false or after the substitute is added to MRKSTR, a tag
delimiter is added to MRKSTR as indicated at a block 918.
Next, category name, or information about the censored word, is
added to MRKSTR as indicated at a block 920. Next, a tag end
is added to MRKSTR as indicated at a block 922. Next the text
from given start to given end is replaced with the contents of
MRKSTR as indicated at a block 924. Then the pointer is
updated to the end of the mark as indicated at a block 926. Then
the category tally is increased at block 904 and found is set to
true at block 905. Then the sequential operations return to
routine block 418 in FIG. 4 to get a previous word list record.)
[2.03]
means
wherein
said
substitution index
is paired with the
object of the
construct,
said
object being a
reference
to
tangible data held
by the repository
and
contained
within the syntax
of the construct,
said pairing used
as
the
placeholder
value for the
syntax of said
construct; and
[2.04]
means
wherein
said
means
for
identifying
placeholders said
substitution
phrase is used as a
replacement for a
Cragun (EX1004) at 3:5558 (In accordance with the present

invention, a censoring browser method and apparatus for
internet viewing are provided which, before any text is
displayed, searches for and marks any words and words
containing any word fragments on a userdefined unwanted
word list stored in a user profile.).
See supra, claim element [2.03] (EX1004 at 6:54-7:33, 7:658:15, 8:40-9:30, FIG. 14).
Cragun (EX1004) at 3:5861 (Then the marked censored

words are removed and replaced by user selected substitutes for
display of the processed text in accordance with user selected
censoring rules stored in the user profile.).
44
U.S. Patent 6,466,983 B1

substitution index
and object pair
[3.0] The system
of claim 2, further
including means
for assigning a
specific attribute
value
to
the
fragment
file
when the content
of said fragment
file contains a
construct
that
indicates that the
viewable area of
the client display
device should be
subdivided into
separate areas of
information
display.
See supra Claims 1 and 2.

Cragun (EX1004) at Abstract (Data packets are received and
compared with the user selected censoring parameters.
Responsive to the comparison, the received data packet contents
are processed and selectively displayed responsive to the user
selected censoring parameters.).
Additionally, one of ordinary skill in the art would understand
that Shannons web page would be subdivided into separate
areas of information display, as claimed. Shannon teaches that
the requested web page content can be described in the
Hypertext Markup Language (HTML) that is used to actually
create and format the data which comprises an actual web
page. Shannon (EX1006) at 10:49-51. In particular, one of
ordinary skill in the art would have known that HTML frames
allow authors to present documents in multiple views, which
may be independent windows or subwindows. Multiple views
offer designers a way to keep certain information visible, while
other views are scrolled or replaced. For example, within the
same window, one frame might display a static banner, a second
a navigation menu, and a third the main document that can be
scrolled though or replaced by navigating in the second frame.
See EX1012; Cohen Declaration (EX1002) 57 (claim element
[3.0]).
45
U.S. Patent 6,466,983 B1

[4.0] The system
of claim 2, further
including means
for constructing a
response
page
table
that
contains a unique
entry for each
fragment list,
See supra Claims 1 and 2.

See Cragun (EX1004) at Table 3; 9:3236 (the category
database 208 may be provided to the network device using a
protocol, such as the Simple Network Management Protocol
(SNMP), which may use an agent running locally on the
network device 100 to control network device configuration and
database content).
[4.01] said list to

be used as the
template
for
selecting
and
assembling data
held
by
the
repository into a
transmission
response as a
result of receiving
a forresta identity
associated with a
separate
transmission; and
further including:
He 451 (EX1003) at FIG 8.A; id. at 8:1621 (FIGS. 8A and

8B are charts respectively illustrating a category structure 800
and a super category structure 802 in accordance with the
present invention.).
See Shannon (EX1006) at 14:2633 (In step 209, if either the
IP address, the URL or any segment of the URL matches to any
restricted destination information (i.e., column 2, 3, or 4 of
Table 3) for any of the categories obtained in step 205, then step
210 is executed which denies access to the requested web page,
data, service or content requested in the packet received [f]rom
the client at the network device 100.).
Shannon (EX1006) at 6:4-27 (As a gateway, the network
device 100 according to this invention is configured also to
monitor the data communications that pass between clients
connected to the LAN 40 and servers connected to the WAN 45.
The network device 100 can, for example, detect requests for
web pages, files or other data from any of clients 50 through 53
to servers 54 through 56. The network device 100 then either
allows or denies the detected web page or information requests
based on an examination of the content of the specific requests
in comparison with access control data stored in databases 203,
204 and 208.
By locating the access control decisions in neither the server nor
client computers 50-56, but rather, within network device 100,
web page and data access for all clients 50 through 53 may be
46
U.S. Patent 6,466,983 B1

controlled as a group, without any separate client or server
configuration required from the administrator who operates the
network device 100. Also, since a firewall, bridge, router or
gateway to the Internet, for example, is typically isolated from
physical and login access by users, a trusted systems
administrator can be responsible for administering an access
control policy which is more difficult to circumvent than when
left up to the users of the clients or servers.).
EX1006 at 14:60-15:11 (Step 212 then begins to receive the
web page or other content data packets and step 213, which may
be optional, can filter the incoming data in the returned data
packets for objectionable data, such as profanity occurring in
the text of web pages or news groups or other objectionable
content as may be defined. That is, content filtering may also be
incorporated into the invention as data is returned from the
servers. This is beneficial and overcomes the problems of the
prior art content filtering systems since in this invention, the
content filtering can be centralized at the network device 100,
rather that administering many separate clients that each contain
their own content filtering database.
In this manner, the present invention provides a robust data
access filtering system that provides access control based on
users, categories and times of use and not purely on content of
data being accessed. This is beneficial since content filtering
alone often overlooks objectionable material such as
pornographic images, which contain no words to content filter
upon.).
See Cragun (EX1004) at 3:59-62 (Then the marked censored
censoring rules stored in a user profile.).
47
U.S. Patent 6,466,983 B1

[4.02] means for
constructing
a
reference
map
table for each
said fragment file
list
contained
within
the
response
page
table,
See Shannon (EX1006) at Table 3 (8:35-48); see also id. at

8:49-9:14 (In Table 3, each category is listed as a number,
along with its name indicating the subject matter associated
with that category. There are only two categories shown in this
example for ease of description. The categories are matched in
Table 3, and in database 208, with the server address including
document locations (e.g., locations of web pages via URLs) and
IP address which are to be restricted for a group having those
categories. For instance, category 1 is alcohol. In columns 2, 3
and 4 of this category, URLs and segments of URLs and IP
addresses are listed which indicate which addresses of files,
documents, web pages, web sites and other information on the
network, Internet, or world wide web that are restricted for
access within that category. For instance, under the category
alcohol, no access is allowed to the web site in column 2 listed
as alcohol.com, and no access is allowed for requests to the IP
address 213.56.3.12, which may correspond, for example, to the
home page of a bar, brewery, or other drinking establishment.),
14:26-33 (In step 209, if either the IP address, the URL or any
segment of the URL matches to any restricted destination
information (i.e., column 2, 3, or 4 of Table 3) for any of the
categories obtained in step 205, then step 210 is executed which
denies access to the requested web page, data, service or content
requested in the packet received [f]rom the client at the network
device 100.).
[4.03]
said See supra, claim element [2.03] (EX1004 at 6:54-7:33, 7:65reference
map 8:15, 8:40-9:30, FIG. 14).
table containing
an entry for each
placeholder found
within fragment
files identified by
the list,
48
U.S. Patent 6,466,983 B1

[4.04] said entry
containing
a
position
field
whose
value
describes
the
relative
offset
position of the
placeholder to
other
place
holders within the
content of the
fragment file,
See Cragun (EX1004) at supra Claim [4.03]; id. at Fig. 14

(Weight Change).
See EX1004 at 8:40-48 (Referring to FIG. 9, sequential steps

to mark censored or delimited words and to tally or add weights
for internet viewing of the present invention are shown. The
mark delimited word and add weights process is entered at a
block 900 with the starting and ending position to mark given
by the calling process from blocks 422 and 416 in FIG. 4. The
sequential steps begin with checking if the category default
censor level equals no mark is true as indicated at a decision
block 902. If the category default censor level equals no mark is
true, then the pointer is updated to the end of the word as
indicated at a block 903. Then the category current tally is
increased by the category base weight 810 plus any word weight
change 708 as indicated at a block 904.)
[4.05] a parse See Cragun (EX1004) at claim [4.03]; id. at Fig. 14
index field whose (Replacement word).
value
is
the
substitution index
of the placeholder
and a target field,
whose
value
identifies the data
held
by
the
repository,
49
U.S. Patent 6,466,983 B1

[6.0] The system
of claim 4, further
including means
for permitting a
repository
designer through
a user interface
means to assign a
permission value
to each and every
fragment file and
response
table
entry
See supra Claim 4.

See Shannon (EX1006) at Table 3; 8:4951 (In Table 3, each
category is listed as a number, along with its name indicating
the subject matter associated with that category).
Cragun (EX1004) at 5:19-24 (Responsive to a change censor
level user selection at function selection block 302, the current
data packet contents are processed and displayed according to
the changed selection censoring rules and other format rules as
indicated at a block 328 as illustrated and described with respect
to FIG. 5);
EX1004 at 6:16-27 (By locating the access control decisions in
neither the server nor client computers 50-56, but rather, within
network device 100, web page and data access for all clients 50
through 53 may be controlled as a group, without any separate
client or server configuration required from the administrator
who operates the network device 100. Also, since a firewall,
bridge, router or gateway to the Internet, for example, is
typically isolated from physical and login access by users, a
trusted systems administrator can be responsible for
administering an access control policy which is more difficult to
circumvent than when left up to the users of the clients or
servers.).
Cragun (EX1004) at FIG. 2; id. at 4:1216 (Then the selected
user profile is edited responsive to user selections to add and/or
delete words and word fragments, to add and/or delete
categories, to add and/or delete super categories, to set weights,
to set preferences, to set actions and to set thresholds as
indicated at a block 210.).
50
U.S. Patent 6,466,983 B1

[7.0] The system
of claim 4, further
including means
for permitting a
repository
designer through
a user interface to
select zero or
more
alternatives, each
said
alternative
being
a
representation of
either
of
a
fragment file or
response
page
table entry, and
for
permitting
said
repository
designer to assign
each said alternate
as an alternative
choice to the
original object of
a placeholder.
See supra Claim 4.

user selected censored words, and word fragments, user selected
categories, and user selected super categories.);
Cragun (EX1004) at 5:1924 (Responsive to a change censor
level user selection at function selection block 302, the current
data packet are processed and displayed according to the
changed selection censoring rules and other format rules as
indicated at a block 328 as illustrated and described with respect
to FIG 5.).
Cragun (EX1004) at 7:65-8:15 (Referring to FIG. 7, an

exemplary word list record structure 700 in accordance with the
present invention is shown. Referring also to FIG. 14, the
illustrated manage word list dialog 1400 is provided to receive
user selections. The word list record structure includes a text
field 702, a flag field 704, a category field 706, a weight change
708 , and a replacement word pointer 710 to a replacement word
712 which is the word to be substituted for the unwanted word.
The text field 702 comprises the unwanted word or word
fragment to be censored. The flag field 704 indicates whether
the word list record defines a word or a word fragment, where a
word fragment is represented by zero and a word is represented
by one. The category field 706 comprises an integer index value
to the category table index of FIG. 8A. For example, having
[9.0]
In
a See supra Claim 1 at [1.0].
computer system
allowing access to
a repository of
data
wherein
access of the
repository by a
plurality of clients
51
U.S. Patent 6,466,983 B1

is permitted over
a
network
communications
link that may be
connected to a
server computer
that
is
the
custodian of the
data repository,
comprising
in
combination:
[9.01] a source of
data
that
comprises
the
content of the
repository,
See supra Claims 2-4.
Shannon (EX1006) at Fig 1. (54 through 56); 5:813 (The

networked computer environment 30 includes a first or Local
Area Network (LAN) 40 composed of client computer hosts
('clients') 50 through 53, a second or Wide Area Network
(WAN) 45 including server computer hosts (servers) 54
through 56, and a network device 100 having access control
data bases 230, 204 and 208.).
[9.02] said data See supra Claims 2-4.
being eligible to
be returned to a Shannon (EX1006) at 5:1318 (The network device 100, is
client as a result connected to permit data communication between Local Area
of
an
access Network 40 and Wide Area Network 45, and is in particular
request made by configured according to the present invention to provide an
access control mechanism for all data information requests
the client;
made from clients to servers).
EX1006 at 6:8-14 (The network device 100 can, for example,
detect requests for web pages, files or other data from any of
clients 50 through 53 to servers 54 through 56. The network
device 100 then either allows or denies the detected web page or
information requests based on an examination of the content of
the specific requests in comparison with access control data
stored in databases 203, 204 and 208.).
EX1006 at 13:13-18 (In the example shown, the data field 304
contains the request in the form of a full Uniform Resource
52
U.S. Patent 6,466,983 B1

Locator (URL) for a web page. A URL serves as the indicator of
the request from the client for a specific web page stored one of
the servers, and can be detected by network device 100.).
EX1006 at 13:34-41 (During this monitoring process, in step
200, the network device 100 receives and detects a packet
containing, in this example, an HTTP request in data field 304
of the packet. The detection can be done, for example, using an
application programming interface (API) that allows the
network device 100 to screen any selected packet field for
information, such as addresses and data in all outgoing
packets.)
[9.03] means for
organizing data
into groups of one
or more elements
through a user
interface based
on
criteria
established by the
designer of the
repository;
See supra Claims 6, 7.

Shannon (EX1006) at Table 3; 8:4951 (In Table 3, each
category is listed as a number, along with its name indicating
the subject matter associated with that category).
EX1006 (As shown in Table 2, data contained in the
group/category database 204 associates each group with the
restricted categories for that group and other access attributes
such as the time of day during which those groups are restricted.
For instance, a user of a client computer who is in the faculty
group will be restricted from viewing web pages that fall into
categories 1, 9, 18 and 24 from 8 am to 11:59 am (i.e., morning
work hours) and from 1 pm to 4 pm (i.e., afternoon working
hours) during every Monday through Friday (i.e., workdays).
The principal of the school, however, is allowed to access all
internet servers, web sites, and data at all hours except from 2 to
4 am and 6 to 11 pm. As will be explained shortly, each
category is associated with a specific topic, such as sex,
violence, drugs, and so forth. In one embodiment of this
invention, there are thirty different categories. Thus, if a user of
a client computer is excluded from certain categories, when they
make a request for a web page or a server location or a data file
having an Internet access address that appears in one of those
categories in the category/destination database 208 (to be
explained), that user will be denied access to that data, file,
53
U.S. Patent 6,466,983 B1

applet, web page, and so forth.).
Cragun (EX1004) at FIG.; id. at 4:1216 (Then the selected
user profile is edited responsive to user selections to add and/or
delete words and word fragments, to add and/or delete
categories, to add and/or delete super categories, to set weights,
to set preferences, to set actions and to set thresholds as
indicated at a block 210.).
EX1004 at 7:65-8:15 (Referring to FIG. 7, an exemplary word
list record structure 700 in accordance with the present
invention is shown. Referring also to FIG. 14, the illustrated
manage word list dialog 1400 is provided to receive user
selections. The word list record structure includes a text field
702, a flag field 704, a category field 706, a weight change 708 ,
and a replacement word pointer 710 to a replacement word 712
which is the word to be substituted for the unwanted word. The
text field 702 comprises the unwanted word or word fragment to
be censored. The flag field 704 indicates whether the word list
record defines a word or a word fragment, where a word
fragment is represented by zero and a word is represented by
one. The category field 706 comprises an integer index value to
the category table index of FIG. 8A. For example, having
[9.04] means for See supra Claims 2-4.
using
said
Shannon (EX1006) at Table 3; 8:2434 (The third database
groups
individually or in used by network device 100 for access control is the
combination
in category/restricted destination database 208. This database is a
the formation of a key element of the invention, and provides a list of the Uniform
response to a Resource Locator (URLs) including URL segments, and IP
client based on addresses, for servers containing restricted files, applets,
the access made documents, web pages, news groups, Multicast sessions or other
content, for each category. The size of the database 208 can
by the client;
vary and may be very large in some instances. An abbreviated
example of the contents of the category/restricted destination is
given in Table 3.).
54
U.S. Patent 6,466,983 B1

See Cragun (EX1004) at 3:59-62 (Then the marked censored

censoring rules stored in a user profile.).
[9.05] means for
controlling
an
access that may
be executed by a
client, said access
being included as
a component of
group content;
See supra Claims 1-3.

user selected censoring words and word fragments, user selected
categories, and user selected super categories).
Shannon (EX1006) at 8:6-12 (Thus, if a user of a client

computer is excluded from certain categories, when they make a
request for a web page or a server location or a data file having
an Internet access address that appears in one of those
applet, web page, and so forth.)
[9.06] means for See supra Claims 6, 7.
the
selective
assignment
of Shannon (EX1006) at 6:3334 (The access control data defines
permission value which clients can access which web pages or data from remote
to said group servers at what times and under what conditions).
through a user
interface,
said EX1006 (As shown in Table 2, data contained in the
permission value group/category database 204 associates each group with the
specifying
the restricted categories for that group and other access attributes
access
and such as the time of day during which those groups are restricted.
For instance, a user of a client computer who is in the faculty
combination
scope
of
the group will be restricted from viewing web pages that fall into
group to which it categories 1, 9, 18 and 24 from 8 am to 11:59 am (i.e., morning
work hours) and from 1 pm to 4 pm (i.e., afternoon working
is assigned;
hours) during every Monday through Friday (i.e., workdays).
The principal of the school, however, is allowed to access all
55
U.S. Patent 6,466,983 B1

internet servers, web sites, and data at all hours except from 2 to
4 am and 6 to 11 pm. As will be explained shortly, each
category is associated with a specific topic, such as sex,
violence, drugs, and so forth. In one embodiment of this
invention, there are thirty different categories. Thus, if a user of
a client computer is excluded from certain categories, when they
make a request for a web page or a server location or a data file
having an Internet access address that appears in one of those
applet, web page, and so forth.).
Cragun (EX1004) at Fig. 5, 5:1624 (Multiple different levels
of censorship can be selected by the user and the data packet is
processed and displayed according to the user selected censor
level. Responsive to a change censor level user selection at
function selection block 302, the current data packet contents
are processed and displayed according to the changed selection
censoring rules and other format rules as indicated at block 328
as illustrated and described with respect to Fig. 5.).
[9.07] means for See Cragun (EX1004) at 4:1920 (Response to a connect user
determining when selection, a user profile is selected and loaded as indicated at a
the intent of an block 212.); see also id. at Fig. 2.
access
is
to
retrieve data held See also supra Claims 1-3.
by the repository
[9.08] means for See Cragun (EX1004) at 4:2023 (If the user password fails,
determining when then the sequential operations return to block 202 to receive a
an
access
or user function selection.); see also id. at Fig. 2.
sequence
of
accesses
is See also supra Claims 1-3.
invalid for the
repository;
56
U.S. Patent 6,466,983 B1

[9.09] means for
control
of
accesses that may
be executed by a
client,
said
accesses
being
components of a
named data input
stream,
comprising means
for examining the
content
of
a
fragment file to
identify
embedded
constructions that
act as an access of
data held by the
repository when
said constructs are
executed by a
client;
[9.10] means for
identifying
the
data that is the
object of the
access;
display
means by which
the content of
fragment files is
presented to the
repository
designer with said
constructs
displayed
uniquely
from
other
content;
means
for
permitting
the
See supra Claim 2 at [2.02] (Compared); see also supra

Claims 1-3.
See supra Claim 6 at [6.0] (response table entry); see also

supra Claim 7.
57
U.S. Patent 6,466,983 B1

retention,
deletion
or
alteration of said
constructs by the
repository
designer through
a user interface;
[9.11] and means
for
substituting
said
constructs
with
a
placeholder
value;
[9.12] means for
parsing
and
substituting
constructs that are
components
of
fragment
files;
further including
means
for
accessing
a
substitution
table containing a
set of substitution
records,
said
substitution
records including
one each of a
parse phrase, a
substitution index
and a substitution
phrase;
[9.13] means for
examining
the
content of a
fragment
file,
said parse phrase
See id.
See supra Claim 2.

See Cragun (EX1004) at 2:3841 (Compared word and
fragments matching user selected censored words and
fragments matching user selected censored words and
fragments can be removed and selectively replaced
predefined characters or acceptable substitute words.);
See id.
58
word
word
word
with
U.S. Patent 6,466,983 B1

are
used
in
comparison with
the content of the
fragment file to
identify
constructs;
[9.14]
means See supra Claim 2 at [2.03] (said pairing used as the
wherein
said placeholder value).
substitution index
is paired with the
object of the
construct,
said
object being a
reference
to
tangible data held
by the repository
and
contained
within the syntax
of the construct,
said pairing used
as
the
placeholder
value for the
syntax of said
construct; and
[9.15]
means See supra Claim 2 at [2.04] (replacement).
wherein
said
means
for
identifying
placeholders said
substitution
phrase is used as a
replacement for a
substitution index
and object pair
59
U.S. Patent 6,466,983 B1

[10.0] The system See supra Claim 9;
of claim 9, further
including means See supra Claim 3 (client display device should be subfor assigning a divided).
specific attribute
value
to
the
fragment file if
the content of said
fragment
file
contains
a
construct
that
indicates that the
viewable area of
the client display
device should be
sub-divided into
separate areas of
information
display.
VIII.
CONCLUSION
Based on the foregoing, challenged claims 1-4, 6, 7, 9, and 10 of the 983
Patent recite subject matter that is unpatentable. The Petitioner requests institution
of an inter partes review to cancel these claims.
60
U.S. Patent 6,466,983 B1

Respectfully submitted,
By: /P. Andrew Riley/
P. Andrew Riley
Reg. No. 66,290
Finnegan, Henderson, Farabow, Garrett &
Dunner, LLP
901 New York Avenue, NW
Washington, DC 20001-4413
Telephone: 202-408-4266
Facsimile: 202-408-4400
E-mail: Plano983IPR@finnegan.com
Jonathan Stroud
Reg. No. 72,518
Unified Patents Inc.
1875 Connecticut Ave. NW, Floor 10
Telephone: 650) 999-0899
Facsimile: 650-887-0349
E-mail: jonathan@unifiedpatents.com
61
U.S. Patent 6,466,983 B1

CERTIFICATE OF COMPLIANCE
Under the provisions of 37 C.F.R. 42.24(d), the undersigned hereby
certifies that the word count for the foregoing Petition for Inter Partes Review
totals 13,770, which is less than the 14,000 words allowed under 37 C.F.R.
42.24(a)(1)(i).
By: /P. Andrew Riley/
P. Andrew Riley
Finnegan, Henderson, Farabow,
Garrett & Dunner, LLP
U.S. Patent 6,466,983 B1

CERTIFICATE OF SERVICE
The undersigned certifies that the foregoing Petition for Inter Partes
Review and the associated Exhibits 1001 through 1012 were served on August
31, 2016, by Overnight Express Mail at the following address of record for the
subject patent.
Steven P. Strazza
16117 Asa Drive
Spencerville, Maryland 20868
Bradley David Liddle
Plano Encryption Technologies LLC
903 East 18th St., Suite #224
Plano, Texas 75074
Dated: August 31, 2016
Respectfully submitted,
By: /Lauren K. Young/
Lauren K. Young
Legal Assistant
Finnegan, Henderson, Farabow,
Garrett & Dunner, LLP

Unified Patents Inc. v. Plano Encryption Technologies, LLC, IPR2016-01644, Paper 1 (Aug. 31, 2016) (Petition)

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Unified Patents Inc. v. Plano Encryption Technologies, LLC, IPR2016-01644, Paper 1 (Aug. 31, 2016) (Petition)

Uploaded by

Copyright:

Available Formats

Paper No.

Filed on behalf of Unified Patents Inc.

UNITED STATES PATENT AND TRADEMARK OFFICE

BEFORE THE PATENT TRIAL AND APPEAL BOARD

UNIFIED PATENTS INC.,

U.S. Patent 6,466,983 B1

Overview of Challenge and Relief Requested .................................................2

A. Prior Art Patents and Printed Publications .......................................................2

Technology Background ..................................................................................3

V. Overview of 983 patent ......................................................................................7

Claim Construction .........................................................................................14

U.S. Patent 6,466,983 B1

U.S. Patent 6,466,983 B1

jonathan@unifiedpatents.com. P. Andrew Riley and James D. Stein can be reached

U.S. Patent 6,466,983 B1

CERTIFICATION OF GROUNDS FOR STANDING

OVERVIEW OF CHALLENGE AND RELIEF REQUESTED

claims 1-4, 6, 7, 9, and 10 of the 983 Patent.

America Invents Act (AIA). Accordingly, pre-AIA statutory framework applies.

U.S. Patent 6,466,983 B1

U.S. Patent 6,466,983 B1

U.S. Patent 6,466,983 B1

Papierniak (EX1008) at FIG. 7

U.S. Patent 6,466,983 B1

Cragun (EX1004) at FIG. 7.

U.S. Patent 6,466,983 B1

OVERVIEW OF 983 PATENT

U.S. Patent 6,466,983 B1

U.S. Patent 6,466,983 B1

Figure 10 of 983 patent (EX1001).

U.S. Patent 6,466,983 B1

Figure 5 of 983 patent (EX1001).

U.S. Patent 6,466,983 B1

Figure 7 of 983 patent (EX1001).

U.S. Patent 6,466,983 B1

U.S. Patent 6,466,983 B1

U.S. Patent 6,466,983 B1

U.S. Patent 6,466,983 B1

U.S. Patent 6,466,983 B1

Figure 4 of 983 patent.

U.S. Patent 6,466,983 B1

U.S. Patent 6,466,983 B1

U.S. Patent 6,466,983 B1

SPECIFIC GROUNDS FOR PETITION

(EX1006) at Title. Shannon describes An access control technique to limit access

U.S. Patent 6,466,983 B1

He 451 (EX1003) at Fig. 2

U.S. Patent 6,466,983 B1

U.S. Patent 6,466,983 B1

U.S. Patent 6,466,983 B1

U.S. Patent 6,466,983 B1

U.S. Patent 6,466,983 B1

U.S. Patent 6,466,983 B1

U.S. Patent 6,466,983 B1

[1.01] means for

Shannon (EX1006) at FIG. 1 at 5053, 5456; 6:48 (The

U.S. Patent 6,466,983 B1

EX1006 at 13:34-41 (During this monitoring process, in

U.S. Patent 6,466,983 B1

Shannon (EX1006) a 6:4348 (Still further, this invention

[1.03] and each of

He 451 (EX1003) at 2:36-55 (A general ticket is provided

U.S. Patent 6,466,983 B1

[1.04] means for