`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`UNITED STATES DEPARTMENT OF COMMERCE
`United States Patent and Trademark Office
`Address: COMMISSIONER FOR PATENTS
`PO. Box 1450
`Alexandria, Virginia 22313-1450
`www.uspio.gov
`
`APPLICATION NO.
`
`FILING DATE
`
`FIRST NAMED [NVENTOR
`
`ATTORNEY DOCKET NO.
`
`CONFIRMATION NO.
`
`95/001,269
`
`12/08/2009
`
`6502135
`
`37551 19
`
`2038
`
`01/15/2010
`7590
`23630
`MCDERMOTT WILL&EMERYLLP
`28 STATE STREET
`
`BOSTON, MA 02109-1775
`
`NALVEN, ANDREW L
`
`ART UNIT
`
`3992
`
`MAIL DATE
`
`01/15/2010
`
`PAPER NUMBER
`
`DELIVERY MODE
`
`PAPER
`
`Please find below and/or attached an Office communication concerning this application or proceeding.
`
`The time period for reply, if any, is set in the attached communication.
`
`PTOL-90A (Rev. 04/07)
`
`Petitioner Apple - EX. 1055, p. 1
`
`Petitioner Apple - Ex. 1055, p. 1
`
`

`

`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`Commissioner for Patents
`United States Patents and Trademark Office
`P.O.Box I450
`Alexandria, VA 223134450
`www.uspto.gov
`
`DO NOT USE IN PALM PRINTER
`
`THIRD PARTY REQUESTER'S CORRESPONDENCE ADDRESS
`
`Date:
`
`MAELED
`
`ROTHWELL, FIGG, ERNST & MANBECK, P.C.
`1425 K STREET N.W.
`SUITE 800
`
`WASHINGTON, DC.
`
`JAN 1 5 2010
`
`CENTRAL REEXAMINATlON umr
`
`Transmittal of Communication to Third Party Requester
`Inter Partes Reexamination
`
`REEXAMINATION CONTROL NO. : 95001269
`
`PATENT NO. : 6502135
`
`TECHNOLOGY CENTER : 3999
`
`ART UNIT : 3992
`
`Enclosed is a copy of the latest communication from the United States Patent and Trademark
`Office in the above identified Reexamination proceeding. 37 CFR 1.903.
`
`Prior to the filing of a Notice of Appeal, each time the patent owner responds to this
`communication, the third party requester of the inter partes reexamination may once file
`written comments within a period of 30 days from the date of service of the patent owner's
`response. This 30-day time period is statutory (35 U.S.C. 314(b)(2)), and, as such, it cannot
`be extended. See also 37 CFR 1.947.
`
`If an ex parte reexamination has been merged with the inter partes reexamination, no
`responsive submission by any ex parte third party requester is permitted.
`
`All correspondence relating to this inter partes reexamination proceeding should be directed
`to the Central Reexamination Unit at the mail, FAX, or hand-carry addresses given at the end
`of the communication enclosed with this transmittal.
`
`PTOL—2070lRev.07—O4)
`
`Petitioner Apple - EX. 1055, p. 2
`
`Petitioner Apple - Ex. 1055, p. 2
`
`

`

`Control No.
`
`Patent Under Reexamination
`
`
`
`
`
`OFFICE ACTION IN INTER PARTES
`
`REEXA MINA TION
`
`
`
`
`-- The MAILING DA TE of this communication appears on the cover sheet with the correspondence address. --
`
`95/001,269
`Examiner
`
`6502135
`Art Unit
`
`ANDREW L. NALVEN
`
`3992
`
`Patent Owner on
`
`Third Party(ies) on 12/8/09
`
`
`
`
`
`
` Responsive to the communication(s) filed by:
`
`
`
`RESPONSE TIMES ARE SET TO EXPIRE AS FOLLOWS:
`
`
`For Patent Owner's Response:
`
`2 MONTH(S) from the mailing date of this action. 37 CFR 1.945. EXTENSIONS OF TIME ARE
`
`GOVERNED BY 37 CFR 1.956.
`
`
`
`
`
`I This action is not an Action Closing Prosecution under 37 CFR 1.949, nor is it a Right of Appeal Notice under
`37 CFR 1.953.
`'
`‘
`
`
`
`PART I. THE FOLLOWING ATTACHMENT(S) ARE PART OF THIS ACTION:
`
`
`
`
`
`
`
`
`
`
`
`
`
`For Third Party Requester's Comments on the Patent Owner Response:
`30 DAYS from the date of service of any patent owner's response. 37 CFR 1.947. NO EXTENSIONS
`OF TIME ARE PERMITTED. 35 U.S.C. 314(b)(2).
`
`
`
`
`
`All correspondence relating to this inter partes reexamination proceeding should be directed to the Central
`Reexamination Unit at the mail, FAX, or hand-carry addresses given at the end of this Office action.
`
`1:! Notice of References Cited by Examiner, PTO-892
`2C] Information Disclosure Citation, PTO/SB/08
`
`3:]
`
`PART II. SUMMARY OF ACTION:
`
`1a. & Claims 1—10 and 12 are subject to reexamination.
`
`1b. DICIaims
`are not subject to reexamination.
`2. CI Claims __ have been canceled.
`E] Claims __ are confirmed. [Unamended patent claims]'
`[I Claims _ are patentable. [Amended or new claims]
`
`IE Claims 1 3 4 6-10 and 12 are rejected.
`
` SOQNP’WPW
`
`
`
`
`
`
`IE Claims 2" and 5 are objected to.
`[I are not acceptable.
`[:1 are acceptable
`D The drawings filed on __
`I: The drawing correction request filed on __ is:
`El approved.
`|:| disapproved.
`[:1 Acknowledgment is made of the claim for priority under 35 U.S.C. 119 (a)-(d). The certified copy has:
`I] been received.
`l:| not been received.
`[I been filed in Application/Control No 95001269.
`
`
`
`
`
`10. [I Other
`
`US. Patent and Trademark Office
`PTOL-2064 (08/06)
`
`Paper No. 20100105
`
`Petitioner Apple - EX. 1055, p. 3
`
`Petitioner Apple - Ex. 1055, p. 3
`
`

`

`Application/Control Number: 95/001 ,269
`
`Page 2
`
`Art Unit: 3992
`
`Inter Partes Reexamination Office Action
`
`Third Party Requester (“Requester”) requested reexamination of claims 1-10 and 12 of
`
`US Patent No. 6,502,135 (hereafter “the ‘ 135 patent”) issued to Munger et al based upon the
`
`following prior art patents and publications:
`
`1. Aventail Administrator’s Guide (hereafter “Aventail”) that was published
`
`between 1996 and 1999. Aventail was not considered in a prior examination and
`
`qualifies as prior art under §102(a).
`
`2. Gauntlet Firewall for Windows NT, Administrator’s Guide (hereafter “Gauntlet”)
`
`that was published no later than 1999. Gauntlet was not considered in a prior
`
`examination and qualifies as prior art under §102(a).
`
`3. “Building and Managing Virtual Private Networks” that was published by David
`
`Kosiur in 1998 (hereafter “Kosiur”). Kosiur was not considered in a prior
`
`examination and qualifies as prior art under §102(b).
`
`4. Building a Microsoft VPN: A Comprehensive Collection of Microsoft Resources
`
`(hereafter “Microsoft VPN”) that was published on January 1, 2000. Microsoft
`
`VPN was not considered in a prior examination and qualifies as prior art under
`
`§102(a).
`
`5. Microsoft Windows NT Server, Virtual Private Networking: An Overview
`
`(hereafter “VPN Overview”) that was published in 1998. VPN Overview was not
`
`considered in a prior examination and qualifies as prior art under §102(b)..
`
`Petitioner Apple - Ex. 1055, p. 4.
`
`Petitioner Apple - Ex. 1055, p. 4
`
`

`

`Application/Control Number: 95/001,269
`
`Page 3
`
`Art Unit: 3992
`
`6. RFC 1035 that was published in 1987. RFC 1035 was not considered in a prior
`
`examination and qualifies as prior art under §102(b).
`
`The order granting reexamination mailed on April 30, 2009 found a substantial new
`
`’
`
`question of patentability raised by the following proposed rejections:
`
`Issue 1 - Claims 1-10 and 12 are anticipated by Aventail under 35 USC. §102(a).
`
`Issue 3 - Claims l-10 and 12 are anticipated by Kosiur under 35 USC. §102(b).
`
`Issue 7 - Claims 3, 6, and 8 are rendered obvious by VPN Overview in view of Aventail
`
`under 35 USC. §103(a).
`
`Issues 2 and 4-6 were not found to have raised a substantial new question of patentability
`
`and thus any discussion of thOse issues is omitted from this office action.
`
`Claim Rejections - 35 USC § 1 02 and 103
`
`The following is a quotation of the appropriate paragraphs of 35 USC. 102 that form the
`
`basis for the rejections under this section made in this Office action:
`
`A person shall be entitled to a patent unless ~
`
`(a) the invention was known or used by others in this country, or patented or described in a printed publication in this
`or a foreign country, before the invention thereof by the applicant for a patent.
`
`(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on
`sale in this country, more than one year prior to the date of application for patent in the United States.
`*
`
`(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed
`in the United States before the invention by the applicant for patent or (2) a patent granted on an application for
`patent by another filed in the United States before the invention by the applicant for patent, except that an
`international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this
`
`Petitioner Apple - Ex. 1055, p. 5
`
`Petitioner Apple - Ex. 1055, p. 5
`
`

`

`Application/Control Number: 95/001 ,269
`Art Unit: 3992
`‘
`
`Page 4
`
`'
`
`subsection of an application filed in the United States only if the international application designated the United
`States and was published under Article 21(2) of such treaty in the English language.
`
`The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all
`
`obviousness rejections set forth in this Office action:
`
`(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in
`section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are
`such that the subject matter as a whole would have been obvious at the time the invention was made to a person
`having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the
`manner in which the invention was made.
`
`Issue 1
`
`Requester proposed rejections of Claims 1-10 and 12 as anticipated by Aventail under 35
`
`U.S.C. §102(a). These proposed rejections are adopted in part.
`
`Claims 1, 3, 4, 6-10 and 12 are rejected under 35 U.S.C. 102(a) as being anticipated by
`
`Aventail. This rejection for claims 1, 3, 4, 6-10 and 12 is adopted for the reasons set forth in- the
`
`December 8, 2009 request for reexamination, on pages 11-17 and as presented in Exhibit A,
`
`which is incorporated by reference. In addition, a rejection of claims 1, 3, 4, 6-10 and 12 in view
`
`of Aventail is provided below whichutilizes citations to Aventail provided in the request and
`
`provided by Examiner.
`
`With regards to claim 1, Aventail teaches a method of transparently creating a virtual
`
`private network (VPN) between a client computer and a target computer (Aventail, Pages 4 and
`
`7 — Aventail is designed to run transparently in the background; Page 66 — authenticated,
`
`encrypted, and controlled connection to your internal network; Page 7 —Aventail can establish
`
`an encrypted tunnel automatically),
`
`Petitioner Apple - EX. 1055, p. 6
`
`Petitioner Apple - Ex. 1055, p. 6
`
`

`

`Application/Control Number: 95/001 ,269
`
`,
`
`Page 5
`
`Art Unit: 3992
`
`comprising the steps of (1) generating from the client computer a Domain Name Service
`
`(DNS) request that requests an IP address corresponding to a domain name associated with the
`
`target computer (Aventail, Page 8 — application generates a DNS lookup to convert the hostname
`
`into an IP address; Page 12 — Application requests connection to remote host);
`
`(2) determining whether the DNS request transmitted in step (1) is requesting access to a
`
`secure web site (Aventail, Page 12 — Aventail Connect checks the connection request, Ifthe
`
`destination hostname matches. a redirection rule create afalse DNS entry, Ifthe'destination
`
`hostname matches a redirection rule... the host is a part ofa domain we are proxying traffic to;
`
`Page 29 — configuration files determine how network connections will be routed and which
`
`authentication protocols are enabled);
`and (3) in response to determining that the DNS request in step (2) is requesting access to
`
`a secure target web site, automatically initiating the VPN between the client computer and the
`
`target computer (Aventail, Page 77- Depending on the security policy and the Aventail ExtraNet
`
`Server configuration, Aventail Connect will automatically proxy their allowed application traffic
`
`into the private network. In this situation, Aventail Connect willforward traffic destinedfor the
`
`private internal network to the Aventail ExtraNet Server. Then, based on the security policy, the
`
`Aventail ExtraNet Server will proxy mobile user traffic into the private network but only to those
`
`resources allowed; Page 7 — Aventail can establish an encrypted tunnel automatically).
`
`With regards to claim 3, Aventail teaches the step of: (4) in response to determining that
`
`the DNS request in step (2) is not requesting access to a seCure target web site, resolving the IP
`
`address for the domain name and returning the IP address to the client computer (A ventail, Page
`
`11 — Ifthe hostname matches a local domain string or does not match a redirection rule,
`
`Petitioner Apple - EX. 1055, p. 7
`
`Petitioner Apple - Ex. 1055, p. 7
`
`

`

`Application/Control Number: 95/001,269
`
`.
`
`Page 6
`
`Art Unit: 3992
`
`Aventail Connect passes .‘the name resolution query through to the TCP/IP stack on the local
`
`workstation. The TCP/IP stack performs the lookup as ifAventail Connect were not running).
`
`With regards to claim 4, Aventail teaches the step of, prior to automatically initiating
`
`the VPN between the client computer and the target computer, determining whether the client
`
`computer is authorized to establish a VPN with the target computer and, if not so authorized,
`
`returning an error from the DNS request (Aventail, Page 46: SOCKS v5 servers often require
`
`user authentication before allowing access. Aventail Connect authentication modules display
`
`dialog boxes that prompt users to enter username and password information as well as other
`
`authentication credentials).
`
`With regards to claim 6, Aventail teaches establishing the VPN by creating an IP
`
`address hopping scheme between the client computer and the target computer (A ventail, Page
`
`62: Once servers and destinations are defined you can direct SOCKS traffic through successive
`
`extranet (SOCKS) servers; Page 68: The Aventail MultiProxyfeature allows Aventail Connect to
`
`traverse multiple firewalls by making connections through successive proxy servers. Aventail
`
`Connect makes a connection with each proxy server individually. Each proxy serverforms a link
`
`in a chain that connects Aventail Connect to the final destination. Any or all ofthe proxy servers
`
`can apply authentication and access control rules).
`
`With regards to claim 7, Aventail teaches the step of using a gatekeeper computer that
`
`allocates VPN resources for communicating between the client computer and the target computer
`
`(Aventail, Page 68: To gain access to your extranet, users may need to traverse multiple
`
`firewalls. In the simplest case, this involves an employee at a partner company gaining access to
`
`the Internet via an outbound proxy server at the partner company, and having an authenticated,
`
`Petitioner Apple - EX. 1055, p. 8
`
`Petitioner Apple - Ex. 1055, p. 8
`
`

`

`Application/Control Number: 95/001,269
`
`Page 7
`
`Art Unit: 3992
`
`encrypted, and controlled connection to your internal network via an Aventail ExtraNet Server.
`
`The Aventail MultiProxyfeature allows Aventail Connect to traverse multiplefirewalls by
`
`making connections through successive proxy servers. Aventail Connect makes a connection with
`
`each proxy server individually. Each proxy serverforms a link in a chain that connects Aventail
`
`Connect to the final destination. Any or all ofthe proxy servers can apply authentication and
`
`access control rules).
`
`With regards to claim 8, Aventail teaches step (2) is performed in a DNS proxy server
`
`that passes through the request to a DNS server if it is determined in step (3) that access is not
`
`being requested to a secure target web site (Aventail, Pages 11-12, DNS lookup is passed
`
`through ifthe destination hostname does not match a local address or a redirection rule; Page
`
`10 - When the Aventail Connect LSP receives a connection request, it determines whether or not
`
`the connection needs to be redirected to an Aventail ExtraNet Server and/or encrypted. When
`
`redirection and encryption are not necessary, Aventail Connect simply passes the connection
`
`request, and any subsequent transmitted data, to the TCP/IP stack).
`
`With regards to claim 9, Aventail teaches the step of transmitting a message to the
`
`Client computer to determine whether the client computer is authorized to establish the VPN
`
`target computer (Aventail, Page 48 — Servers may require authentication - Aventail prompts
`
`users to enter authentication credentials; Page 61- Aventail Connect will be promptedfor a file
`
`(or smart card) containing certificate information only when the SOCKS server requests client
`
`authentication using a certificate).
`
`With regards to claim 10, Aventail teaches a system that transparently creates a virtual
`
`private network (VPN) between a client computer and a secure target computer (Aventail, Pages
`
`Petitioner Apple - Ex. 10%, p. 9
`
`Petitioner Apple - Ex. 1055, p. 9
`
`

`

`Application/Control Number: 95/001,269
`
`Page 8
`
`Art Unit: 3992
`
`4 and 7 — Aventail is designed to run transparently in the background; Page 66 —— authenticated,
`
`encrypted, and controlled connection to your internal network; Page 7 — Aventail can establish
`
`an encrypted tunnel automatically),
`
`comprising: a DNS proxy server that receives a request from the client computer to look
`
`up an IP address for a domain name, wherein the DNS proxy server returns the IP address for the
`
`requested domain name if it is determined that access to a non-secure web site has been
`
`requested (Aventail, Page 8 — application generates a DNS lookup to convert the hostname into
`
`an IP address; Pages 11-12, DNS lookup is passed through ifthe destination hostname does not
`
`match a local address or a redirection rule; Page 10 - When the Aventail Connect LSP receives
`
`a'connection request, it determines whether or not the connection needs to be redirected to an
`
`Aventail ExtraNet Server and/or encrypted. When redirection and encryption are not necessary,
`
`Aventail Connect simply passes the connection request, and any subsequent transmitted data, to
`
`the TCP/IP stack),
`
`and wherein the DNS proxy server generates a request to create the VPN between the
`
`client computer and the secure target computer if it is determined that access to a secure web site
`
`has been requested (Aventail, Page 77- Depending on the securitypolicy and the Aventail
`
`ExtraNet Server configuration, Aventail Connect will automatically proxy their allowed
`
`application traflic into the private network. In this situation, Aventail Connect willforward
`
`traffic destinedfor the private internal network to the Aventail ExtraNet Server. Then, based on
`
`the security policy, the Aventail ExtraNet Server will proxy mobile user traffic into the private
`
`network but only to those resources allowed; Page 7 — Aventail can establish an encrypted
`
`tunnel automatically);
`
`Petitioner Apple - Ex. 1055, p. 10
`
`Petitioner Apple - Ex. 1055, p. 10
`
`

`

`Application/Control Number: 95/001,269
`Art Unit: 3992
`
`Page 9
`
`‘
`
`and a gatekeeper computer that allocates resources for the VPN between the client
`
`computer and the secure web computer in response to the request by the DNS proxy server
`
`(Aventail, Page 68: To gain access to your extranet, users may need to traverse multiple
`
`firewalls. In the simplest case, this involves an employee at a partner company gaining access to
`
`the Internet via an outbound proxy server at the partner company, and having an authenticated,
`
`encrypted, and controlled connection to your internal network via an Aventail'ExtraNet Server.
`
`The Aventail MultiProxyfeature allows Aventail Connect to traverse multiple firewalls by
`
`making connections through successive proxy servers. Aventail Connect makes a connection with
`
`' each proxy server individually. Each proxy serverforms a link in a chain that connects Aventail
`
`Connect to the final destination. Any or all ofthe proxy servers can apply authentication and
`
`access control rules).
`
`With regards to claim 12, Aventail teaches the gatekeeper computer determines whether
`
`the client computer has sufficient security privileges to create the VPN and, if the client
`
`computer lacks sufficient security privileges, rejecting the request to create the VPN (Aventail,
`
`Page 48 — Servers may require authentication - Aventail prompts users to enter authentication
`
`credentials; Page 61- Aventail Connect will be promptedfor a file (or smart card) containing
`
`certificate information only when the SOCKS server requests client authentication using a
`
`certificate).
`
`The rejections of claims 2 and 5 as anticipated by Aventail, as proposed in the request,
`
`is not adopted for the following reasons.
`
`Petitioner Apple - EX. 1055, p. 11
`
`Petitioner Apple - Ex. 1055, p. 11
`
`

`

`Application/Control Number: 95/001,269
`
`Page 10
`
`Art Unit: 3992
`
`With regards to claim 2, claim 2 further limits parent claim 1 by requiring that steps (2)
`
`and (3) of claim 1 be performed at a DNS server that is separate from the client computer. Steps
`
`(2) and (3) require determining whether the DNS request transmitted in step (1) is requesting
`
`access to a secure web site and in response to determining that the DNS request in step (2) is
`
`requesting access to a secure target web site, automatically initiating the VPN between the client
`
`computer and the target computer. Aventail fails to teach these steps being performed at a DNS
`
`server that is separate from the client computer. Instead, Aventail teaches these limitations being
`
`performed at the client
`
`The Aventail Connect client is an application that is resident on a client computer and
`
`provides additional services to applications requesting access to a remote network (Aventail,
`
`Page 7 — Aventail Connect is the client component. You can use Aventail Connect as a simple
`
`proxy clientfor managed outbound access; see also Pages 9-10). When teaching the steps of (2)
`
`determining whether the DNS request transmitted in step (1) is requesting access to a secure web
`
`site and (3) in response to determining that the DNS request in step (2) is requesting access to a
`
`secure target web site, automatically initiating the VPN between the client computer and the
`
`target computer, Aventail clearly discloses the steps being performed by the Aventail Connect
`
`client (Aventail, Pages 11-12 — Aventail Connect does the followings). Thus, Aventail makes
`
`clear that steps (2) and (3) are performed at a client computer and not at a separate DNS server.
`
`Aventail does teach the use of a separate DNS server by disclosing that a DNS lookup
`
`must be proxied to a SOCKS server if the DNS proxy option is enabled and the domain cannot
`
`be looked up (Aventail, Page 11). However, while the DNS lookup is proxied to a separate
`
`DNS server, the step of determining whether the DNS request transmitted in step (1) is
`
`Petitioner Apple - EX. 1055, p. 12
`
`Petitioner Apple - Ex. 1055, p. 12
`
`

`

`Application/Control Number: 95/001,269
`
`Page 11
`
`Art Unit: 3992
`
`requesting access to a secure web site is still performed by the Aventail Connect client that is
`
`resident on the client machine (Aventail, Page 12 — Aventail Connect checks the connection
`
`request, Ifthe destination hostname matches a redirection rule create a false DNS entry, Ifthe
`
`destination hostname matches a redirection rule... the host is a part ofa domain we are proxying
`
`traflic to; Page 29 — configuration files determine how network connections will be routed and
`
`which authentication protocols are enabled). Further, the step of automatically initiating the
`
`VPN between the client computer and the target computer is still performed by the Aventail
`
`Connect client resident on the client machine (Aventail, Page 77- Depending on the security
`
`policy and the Aventail ExtraNet Server configuration, Aventail Connect will automatically
`
`proxy their allowed application traffic into the private network). Thus, Aventail fails to
`
`anticipate claim 2.
`
`With regards to claim 5, claim 5 further limits parent claim 1 by requiring the step of,
`
`prior to automatically initiating the VPN between the client computer and the target computer,
`
`determining whether the client computer is authorized to resolve addresses of non secure target
`
`computers and, if not so authorized, returning an error from the DNS request. Aventail fails to
`
`teach this limitation.
`
`Aventail teaches that SOCKS v5 servers often require user authentication before allowing
`
`access (Aventail, Pages 46-50). When authentication is required, Aventail Connect
`
`authentication modules display dialog boxes that prompt users to enter username and password
`
`information as well as other authentication credentials (Aventail, Page 46). Thus, it is agreed
`
`that Aventail provides disclosures related to user authentication. However, Aventail is silent as.
`
`to authentication being required in order to resolve addresses of non-secure target computers (see
`
`Petitioner Apple - EX. 1055, p. 13
`
`Petitioner Apple - Ex. 1055, p. 13
`
`

`

`Application/Control Number: 95/001 ,269
`
`Page 12
`
`Art Unit: 3992
`
`Aventail, Pages 1 1-1 2 for resolving addresses). Instead, Aventail teaches that authentication is
`
`required in order to gain access to private networks (Aventail, Page 77." Depending on the
`
`security policy and the Aventail ExtraNet Server configuration, Aventail Connect will
`
`automatically proxy their allowed application traffic into the private network). Thus, Aventail
`
`fails to anticipate claim 5.
`
`,
`
`Issue 3
`
`Requester proposed rejections of Claims 1-10 and 12 as anticipated by Kosiur under 35
`
`U.S.C. §102(b). These proposed rejections are not adopted.
`
`Kosiur describes the operation, the implementation, and management of virtual private
`
`networks for use in business on the Internet. In describing the operation of VPNs, Kosiur
`
`describes the use of DNS to resolve Internet addresses. However, Kosiur fails to disclose each
`
`and every limitation of claims 1-10 and 12 and thus fails to anticipate the claims.
`
`Kosiur teaches generating from the client computer a Domain Name Service (DNS)
`
`request that requests an IP address corresponding to a domain name associated with the target
`
`computer (Kosiur, Page 36 - Domain name requests are handled by a hierarchy ofDNS servers.
`
`Requests are sentfirst to the local nameserver in the network hierarchy, with the IP address of
`
`this nameserver typically configured in each workstation ’s TCP/IP software). Kosiur teaches the
`
`limitation by disclosing the use of DNS requests to resolve the Internet address of a target
`
`computer to allow that target computer to be reachable by a requesting computer.
`
`Petitioner Apple - EX. 1055, p. 14
`
`Petitioner Apple - Ex. 1055, p. 14
`
`

`

`Application/Control Number: 95/001,269
`
`‘7
`
`Page 13
`
`Art Unit: 3992
`
`Kosiur further teaches determining whether the DNS request transmitted in step (1) is
`
`requesting access to a secure web site (Kosiur, pages 293-295). Kosiur teaches this limitation by
`
`teaching the installation of two corporate DNS servers where the internal DNS server lists the set
`
`of “secure” hosts that only your internal network users will be able to find (Kosiur, pages 293-
`
`295). When a DNS lookup is sought, the lookup is passed to an external DNS server if the
`
`hostname is not kept in the internal DNS server. Thus, if the internal DNS server can resolve the
`
`hostname, it is determined that the DNS request was for a secure web site because the internal
`
`DNS server contains the list of “secure” hosts.
`
`However, Kosiur fails to teach Claim 1’s step of "in response to determining that the
`
`DNS request in step (2) is requesting access to a secure target web site, automatically initiating
`
`the VPN between the client computer and the target computer.” While Kosiur teaches that VPN
`
`connections are created dynamically (Kosiur, Page 40 — Dynamic Tunnels - connection is
`
`created between two sites when it’s needed), Kosiur never specifically discloses that the dynamic
`
`creation of the VPN connection is automatically initiated in response to determining that the
`
`DNS request is requesting access to a secure target website. At most, Kosiur suggests that the
`
`client initiates the creation of the tunnel/VPN (Kosiur, Page 41 — the client initiates the creation
`
`ofthe tunnel) or that a network access switch and a RADIUS authentication server assist in
`
`setting up a VPN when a user attempts to log on remotely (Kosiur, Page 4 7 - When a user
`
`attempts to log on remotely, the network access switch queries the RADIUS server to obtain that
`
`user’s profile for authentication and authorization. A proxy RADIUS capability lets the RADIUS
`server at a service provider access an organization ’s RADIUS server to obtain any necessary
`
`user information, which is necessary to secure Internet-based VPNs). However, Kosiur’s
`
`Petitioner Apple - EX. 1055, p. 15
`
`Petitioner Apple - Ex. 1055, p. 15
`
`

`

`Application/Control Number: 95/001 ,269
`Art Unit: 3992
`
`'
`
`Page 14
`
`disclosure never expressly ties the automatic initiation of the VPN to a step of determining that a
`
`DNS request is requesting access to a secure target website. Instead, the disclosure merely ties
`
`the automatic initiation of the VPN to a request by a client to log on.
`
`Accordingly, Kosiur fails toanticipate each and every limitation of claim 1 and thus the
`
`proposed rejection of claims 1-9 is not adopted. For the same reasons, the proposed rejections of
`
`claims 10 and 12 are not adopted.
`
`Issue 7
`
`Requester proposed rejections of claims 3, 6, and 8 as obvious over VPN Overview in
`
`view of Aventail under §103(a). These proposed rejections are not adopted.
`
`Claims 3, 6, and 8 each depend from claim 1 and thus incorporate all of the limitations of
`
`claim 1. The proposed rejections of claims 3, 6, and 8 cite VPN Overview in view of Aventail
`
`and rely upon VPN overview to teach the limitations of claim 1 (see Requestfor Inter Partes
`Reexamination, Page 38). The proposed rejection relies upon VPN Overview to teach each and
`
`every limitation of claim 1. However, as set forth in the order granting reexamination, VPN
`
`Overview fails to teach each and every limitation of claim 1 thus rendering the rejections of
`
`claim 1’s dependent claims moot (see Order Granting Reexamination — mailed 12/31/2009,
`
`Pages 10-12). Accordingly, the proposed rejection of claims 3, 6, and 8 fails to establish a prima
`
`facie case of obviousness and‘ are not adopted.
`
`CORRESPONDENCE
`
`Petitioner Apple - EX. 1055, p. 16
`
`Petitioner Apple - Ex. 1055, p. 16
`
`

`

`Application/Control Number: 95/001 ,269
`
`Page 15
`
`Art Unit: 3992
`
`. All correspondence relating to this inter partes reexamination proceeding should be
`
`directed:
`
`By EFS:
`
`Registered users may submit via the electronic filing system EFS-Web, at
`https://sportal.uspto.gov/authenticate/authenticateuserlocalepf.html.
`
`By Mail to:
`
`Mail Stop Inter Partes Reexam
`Central Reexamination Unit
`
`Commissioner for Patents
`
`United States Patent & Trademark Office
`
`PO. Box 1450
`
`Alexandria, VA 22313-1450
`
`By FAX to:
`
`(571) 273-9900
`Central Reexamination Unit
`
`By hand:
`
`Customer Service Window
`Randolph Building
`401 Dulany Street
`Alexandria, VA 22314
`
`For EFS-Web transmissions, 37 CFR 1.8(a)(1)(i) (C) and (ii) states that correspondence (except
`
`for a request for reexamination and a corrected or replacement request for reexamination) will be
`
`considered timely filed if (a) it is transmitted via the Office's electronic filing system in
`
`accordance with 37 CFR 1.6(a)(4), and (b) includes a certificate of transmission for each piece of
`
`correspondence stating the date of transmission, which is prior to the expiration of the set period
`
`of time in the Office action.
`
`Petitioner Apple - Ex. 1055, p. 17
`
`Petitioner Apple - Ex. 1055, p. 17
`
`

`

`Application/Control Number: 95/001,269
`
`Page 16
`
`Art Unit: 3992
`
`Any inquiry concerning this communication or earlier communications from the Examiner, or as
`
`to the status of this proceeding, should be directed to the Central Reexamination Unit at
`
`telephone number (571) 272—7705.
`
`Signed:
`
`/Andrew Nalven/
`
`Andrew Nalven
`
`CRU Examiner
`
`GAU 3992
`
`(571) 272-3839
`
`Conferee: 53K
`, Conferee: AN
`
`Petitioner Apple - Ex. 1055, p. 18
`
`Petitioner Apple - Ex. 1055, p. 18
`
`