`
`Attorney Docket No. 41484-80120
`
`In re Inter Parres Reexamination of
`
`)
`
`3 Com“ N05 95’001582
`US. Patent No. 6,502,135
`) Group An Umt:
`3992
`Edmund Colby Munger et al.
`g
`Examiner: Behzad Pe'km]
`Issued: December 31, 2002
`For: AGILE NETWORK PROTOCOL FOR )
`confumatm NO-i 1074
`SECURE COMIVTUNICATIONS
`)
`WITH ASSURED SYSTEM
`
`AVAILABILI ] Y
`
`COMIVIENTS BY TI-I[RD PARTY RE UESTER PURSUANT TO 37 C.F.R.
`
`1.947
`
`Mail Stop Inter Partes Reexam
`Commissioner for Patents
`
`PO. Box 1450
`
`Alexandria, VA 22313-1450
`
`Sir:
`
`On May 14, 20102, Patent Owner filed an overlength response (“Response”) to the
`
`February 15, 2012 Office action (“Office Action”) and a petition under 3? C.F.R. § 1.183 seeking
`
`waiver of the page limit for that response. On September 18, 2012, the Office granted Patent
`
`Owner’s petition. This response is timely filed within the 30-day period set by the decision on the
`
`petition. Third Party Requester believes that no fee is due in connection with the present response.
`
`However, any fee determined to be required for entry or consideration of this paper may be debited
`
`from Deposit Account No. 18- 1260.
`
`-
`
`-
`
`A table of contents is provided at pages ii to iv. Requester submits the table of
`
`contents is not counted against the page limits applicable to this response. Should
`
`the Office determine otherwise, the Office is requested to disregard the table of
`
`contents.
`
`The response to the Patent Owner Comments begins on page 1.
`
`Petitioner Apple - EX. 1065, p. 1
`
`Petitioner Apple - Ex. 1065, p. 1
`
`
`
`Control No. 95,001,682
`Comments of the Requestor on the Patent Owner Response
`
`Table of Contents
`
`I.
`
`Introduction ............................................................................................................................... 1
`
`II. Response to Patent Owner Contentions on Status of References as Prior Art. .................. 1
`
`III. The Rejections 0f the Claims Were Proper And Should Be Maintained ............................ 3
`A. Response to Patent Owner’s Arguments Regarding the Rejection of Claims 1, 3, 4, 6—10 and
`12—14 Under 35 U. S.C. § 102(a) Based on Aveniuii Connect v3.1/2.6 Administrator’s Guide
`(Issue No. 1) ..................................................................................................................................... 4
`1.
`Independent Claim 1 (Issue No. 1)....
`..
`..4
`a.Ave111‘111'1T Describes A System Ali'angedIn the SameManner”as Reclted1n"the Claim"
`...4
`b.
`Aventuil Discloses a VPN..
`...5
`c.
`Aventuil Discloses the “Automatically Inltiatmg a”VPN”Step-r:
`...?
`2. Dependent Claims 3, 7, 12 (Issue No. l) .................................................................................. 9
`3. Dependent Claim 4 (Issue No. l)
`10
`4. Dependent Claim 6 (Issue No. l)
`10
`5. Dependent Claim 8 (Issue No. l)...
`11
`6.
`Independent Claim 10 (Issue No.1)::11
`a.
`Aventuil Discloses a DNS Proxy Server that Returnsan[PAddressfor DNSReqiiestsNot"
`Specifying Secure Destinations"
`Aventuil Discloses a DNS Proxy ServerthatAutomatically Estabhshes VPNswith Secure
`..12
`Destinations...
`Aventuil Disclosesa Gatekeeper Computer that Alldcates Resources for theVPN Betweenthe
`Client Computer and the Secure Web Computer...
`..13
`
`12
`
`b.
`
`c.
`
`..13
`Independent Claim 13 (Issue No. 1)....
`'1'.
`8. Dependent Claim 14 (Issue No. 1) ......................................................................................... 14
`B. Response to Patent Owner’s Arguments Regalding the Rejection of Claims 1,3, 4, (p10 and
`12—14 Under 35 US. C. § 102(b) Based on Aventuil Connect v3. 0112.51 Administrator’s Guide
`(Issue No.2) 14
`C. Response to Patent Owner’s Arguments Regarding the Rejection of Claims 1, 3, 4, (p10 and
`13 Under 35 U.S.C. § 102(b) Based on Aventuil AuioSOC'KS Administrator’s Guide (Issue No.
`
`D. Response to Patent Owner’s Arguments Regarding the Rejection oI Claim 11 Based on
`Aveniuil v3.1, in View oI Reed and Goldschlug (Issue No.4) 15
`1. Reed Discloses an “[P Address Hopping Regime” ................................................................ 15
`2. A Person of Ordinaiy Skill Would Find Motivation in Aventail to Modify the VPN Processes
`Disclosed Therein to Incorporate Reed...
`..16
`3. Aventail 113.1, in View of Reed, in FurtherView of Goldschiag, RendeisClaim ---1-1Obvious
`(Issue No.4)...
`..16
`E. Response to PatentOwneis"Argiiriients Regarding the RejectlonoIClann lmlUnder35
`US. C. 103 Based on Aventuil v3. 01'In View of Reed (Issue 5) .................................................. 1'?
`F. Response to Patent Owner’s Arguments Regarding the Rejection oI Claim 11, 14, & 15
`17
`Under 35 U.S.C. 103 Based on AutoSOCKS in View oI Reed (Issue 6)
`l. Dependent Claim11 17
`2. Dependent Claim 14..
`18
`3. Dependent Claim 15..
`.. 19
`G. Response to Patent Owneis"Argiiriients Regarding the RejectlonoIClann 16Under35
`US. C. 103 Based on Aventuil v3.1in View of Baden (Issue ’7) .................................................. 20
`H. Response to Patent Owner’s Arguments Regarding the Rejection oI Claim 16 Based on
`Aveniuil v3. 01 (01' AutoSOCES) in View of Baden (Issue 8) ...................................................... 20
`Response to Patent Owner’s Arguments Regarding the Rejection oI Claim 1'? Under 35
`U.S.C. 103 Based on Aventuil 113.1 in View of Weiss (Issue 10)21
`a.
`The Non-Predictable Codes of Weiss Periodically Change21
`
`I.
`
`11
`
`Petitioner Apple - EX. 1065, p. 2
`
`Petitioner Apple - Ex. 1065, p. 2
`
`
`
`Control No. 951001,682
`Comments of the Requestor on the Patent Owner Response
`
`The Non-Predictable Codes of Weiss Would be “Known" by the Client and Server Computerle
`b.
`J. Response to Patent Owner’s Arguments Regarding the Rejection of Claim 17 Based On
`Avem‘at'l v3. 01 (01' AutoSOCKS) in View of Weiss (Issue 11) .................................................... 22
`K. Response to Patent Owner’s Arguments Regarding the Rejection of Claims 1, 2, 4—7, 9, 10,
`12, 13, and 18 Under 35 U.S.C. 103 Based on Wang (Issue 13) ................................................ 22
`1.
`Independent Claim 1 Is Anticipated By Wang ....................................................................... 22
`a. Wang Discloses the “Generating" Step ofClaim123
`b. Wang Discloses the “Determining" Step of Claim 1 ................................................................... 23
`c. Wang Discloses the “Automatically Initiating the VPN” Step24
`
`2. Dependent Claim 4 Is Anticipated byWang25
`3. Dependent ClaimS IsAnticipated by Wang... 25
`4. DependentClaim6IsAnticipated by Wang... 26
`5. Dependent Claims 2, 7, and 9 Are Anticipated by Wang 26
`6.
`Independent Claim 10 Is Anticipated ByWang26
`7. Dependent Claim 12 Is Anticipated byWang28
`8.
`Independent Claim 13 Is Anticipated by Wang... 28
`9.
`Independent Claim 18 Is Anticipated by Wang....
`..29
`L. Response to Patent Owne1"s Arguments Regarding the RejectlonoIClanns 3 and 8 Based
`on Wang'1n View of Aventatl and AutoSOCKS.
`.29
`M. Response to Patent Owner’s Arguments Regarding the Rejection oI Claims 1—4, 6-8, ll], 12,
`13 and 18 Based on Beser in View of Kent (Issue19)3l]
`....30
`1.
`Independent Claim 1..
`...30
`a.
`A Person of Ordinary Skill1n"theArt Would Combinethe Teachings ofBeserandKeiit
`b.
`Beser, in View ofKent, Makes Obvious Initiating a VPNm Response to Determining thata
`.....32
`DNS Request15 Requesting Access to a Secure Target Web Site"
`c. BeserIn View ofKent Renders Obvious Generating from the ClieiitComputer3"Domain Name
`..33
`Sewice (DNS) Request That Requests an IP Address Corresponding to a Domain Name“
`
`........34
`
`P‘P‘P‘P’E"
`
`Beser in View ofKent, Renders ObviousDetermining Whetherthe DNS Request is Requesting
`d.
`Access to a Secure Web Site...
`Dependent Claims 2, 6 and 7 (Issue 19)
`35
`Dependent Claim 3 (Issue19)
`35
`Dependent C1aim4 (Issue19)
`...36
`Dependent Claim 8 (Issue 19)...
`...
`Independent Claim 10 (Issue No" 19)....
`...36
`..36
`a. BeserIn View ofKent Discloses a DNS Proxy Server...
`b. BeserIn View ofKent Discloses Returning an IP Addressfora Requested DomamName IfItls
`...37
`Determined That Access to a Non-secure Website Has Been Requested...
`c. BeserIn View ofKent Discloses Receiving a Request fi'om a Client Computer toLookUp an IP
`...37
`Address for a Domain Name...
`"..37
`7. Dependent Claim 12 (Issue No. 19)".....................................................................................
`Response to Patent Owne1"s Arguments Regarding the Rejection oI Claims 3, 5,8, 9, 18
`.38
`Based on Beser, in View oIKem‘, in Fm'ther View of Blue: (Issue 21]).
`38
`1. Dependent Claim 3 (Issue No. 20)
`38
`2.
`Independent Claim 5 (Issue No.20)
`39
`3.
`Independent Claim 8 (Issue No.20)
`4_
`...39
`Independent Claim 9 (Issue No. 20)....
`5.
`..40
`Independent Claim 18 (Issue No.20)
`Response to Patent Owne1"s Arguments Regai'dingthe RejectlonoIClaims 3,5,8,9aiid 18
`Under 35 US.C. §103 Based on Beser, in View oIKem‘, and Further in View oIAutoSOC'KS
`(Issue21)40
`Response to Patent Owner’s Arguments Regarding the Rejection oI Claim 11 Based on
`Beser in View oIKem‘, and Further in View oIReed (Issue 22).40
`
`iii
`
`Petitioner Apple - EX. 1065, p. 3
`
`Petitioner Apple - Ex. 1065, p. 3
`
`
`
`Control No. 951001,682
`Comments of the Requestor on the Patent Owner Response
`
`Response to Patent Owner’s Arguments Regarding the Rejection of Claims 1—10, 12—15 and
`18 Under 35 U.S.C. §102(a) Based on BinG-O! (Issue 23) .......................................................... 40
`1.
`BinGO.’ Discloses All Limitations of Claim 1. ...................................................................... 40
`
`11.
`b.
`c.
`
`311160! Discloses a VPN Between Client and Target Con1puters...............................................41
`BinGO.’ Discloses the “Detennining” Step ofClaim 143
`BinGO.’ Describes Automatic VPN Establishment ...................................................................... 43
`
`2.
`311160.“ Discloses All Limitations ofDependent Claims 2-10 and 1245
`3.
`BinGO.’ Discloses All Limitations ofClaim 13..
`47
`4.311160! Discloses All Limitations of Dependent Claims 14,15 and 18..
`.....48
`Response to Patent Owner’s Arguments Regalding the Rejection of Claim 11 Undei 35
`U.S. C. §103 Based on BinGO. in View of Reed (IssueiNo. 24) .................................................. 49
`Response to Patent Owner’s Arguments Regarding the Rejection of Claim 16 Under 35
`U.S.C. §103 Based on BinGO! in View of Baden (Issue No. 25)49
`Response to Patent Owner’s Arguments Regarding the Rejection of Claim 1'? Under 35
`U.S.C. §103 Based on BinGO! in View of Weiss (Issue No. 26)49
`There are No Secondary Considerations Linked to the Claims49
`
`iv
`
`Petitioner Apple - EX. 1065, p. 4
`
`Petitioner Apple - Ex. 1065, p. 4
`
`
`
`Control No. 95,001,682
`Comments of the Requestor on the Patent Owner Response
`
`I.
`
`Introduction
`
`Requestor urges the Examiner to maintain the rejections of claims 1-18 set forth in the
`
`Office Action dated 15 February 2012 (the “Office Action”).
`
`II.
`
`Response to Patent Owner Contentions on Status of References as Prior Art.
`
`On pages 5-18 of the Response, Patent Owner asserts there is “no evidence” that the
`
`Avenmfl, BinGOI, Kent, Reed, Wang and “RFCs” are prior an under 35 U.S.C. § 102(a) or (b).
`
`Patent Owner’s claims border on the frivolous — each reference is unquestionably a printed
`
`publication, and only by studied ignorance of the facts can Patent Owner assert otherwise.
`
`Initially, Patent Owner grossly misstates Requestor’s burden to provide evidence
`
`establishing that the documents are printed publications. According to Patent Owner, Requestor
`
`was required to provide “a showing” with “evidence proving” the date each reference was made
`
`publically available. Response at 6. This is incorrect — all that is required is that Requester
`
`represent that the reference was, in fact, published. Indeed, the submission of a paper by a party is
`
`a certification that “[t]o the best of the party’s knowledge, information and belief, formed after an
`
`inquiry reasonable under the circumstances... [t]he allegations and other factual contentions have
`
`evidentiary support or, if specifically so identified, are likely to have evidentiary support after a
`
`reasonable opportunity for further investigation or discovery.” 37 CFR 11.18(b)(2)(iii). Moreover,
`
`In re Wyer, 655 F.2d 221 (C .C.P.A. 1980) (cited by Patent Owner) holds only that “sufficient
`
`proof” as to the publication date must exist. Id. at 226-22. No authority supports Patent Owner’s
`
`contention that Requestor was required to present evidence of the date of public availability of
`
`each reference with the Request. Regardless, evidence was presented with the Request that
`
`unequivocally establishes that each ofAventail, BinGO!, Kent, Reed, Wang and the RFC
`
`documents was publicly disseminated before February 15, 2000, and is thus prior art to the ‘ 135
`
`patent.1
`
`The three Avenrail publications were publicly disseminated with deployments of Aventail
`
`products no later than August 9, 1999. Submitted with the Request were three separate
`
`declarations, each of which documented how each Avenrail publication was made available to the
`
`public, and demonstrated that each had been made available no later than August 9, 1999. Patent
`
`Owner ignores this evidence, contending there is no “corroborative evidence” demonstrating public
`
`1
`
`Patent Owner does not contest Requester’s assertions on page 10 of the Request that the
`
`effective filing date of the ’135 patent was no earlier than February 15, 2000.
`
`1
`
`Petitioner Apple - EX. 1065, p. 5
`
`Petitioner Apple - Ex. 1065, p. 5
`
`
`
`Control No. 95,001,682
`Comments of the Requestor on the Patent Owner Response
`
`availability. Patent Owner, however, ignores the fact that the declarations corroborate themselves.
`
`Indeed, there is remarkable consistency in the testimony of Mssrs. Hopen, Fratto, and Chester
`
`about the dates when the Aveniail publications were publicly disseminated which conclusively
`
`establishes that the Aveniaii publications were publicly disseminated before February 15, 2000.
`
`The BinGO.’ publication (i.e., the BinGO.’ User Guide (“BinGOf UG”) and
`
`Bin GOIExiended Feature Reiease (“Bin GO! EFR”)) was publicly disseminated no later than Arlil
`
`
`17 1999. As explained in the Request, these documents on their face disclose publication dates
`
`well before February 15, 2000. Bin GO! UG, for example, has a March 1999 copyright date, and
`
`Bin GO! EFR indicates it was published one month earlier. Despite this, Patent Owner asseIts that
`
`these dates are “merely evidence of creation, not of publication or dissemination” and “Without
`
`more, this unsupported assertion of the alleged copyright date of the document as the publication
`
`date does not meet the ‘publication’ standard required for a document to be relied upon as prior
`
`art.” Response at "i-S. As established in Exhibit A (Affidavit of Christopher Butler), the BinGO!
`
`documents were distributed on the Internet no later than April 1?, 1999, which is shown, inter alia,
`
`by entries in the Internet Archive (“the Wayback Machine”) of that date. As provided in M.P.E.P.
`
`§ 2128, “[a]n electronic publication, including an on—line database or Internet publication, is
`
`considered to be a ‘printed publication’ within the meaning of 35 U.S.C. 102(a) and (b) provided
`
`the publication was accessible to persons concerned with the art to which the document relates.”
`
`The Reed paper was formally published as part of a compilation of technical papers that
`
`were originally presented to conferences of experts in network and security techniques.
`
`Specifically, Reed indicates that it was distributed to the public at the 12th Annual Computer
`
`Security Applications Conference (ACSA) as early as December 1996, and was subsequently
`
`published in “ACSAC ’96 Proceedings of the 12th Annual Computer Security Applications
`
`Conference” (ISBN:0—8186—7606—X). Patent Owner does not seriously contest these facts.
`
`Instead, Patent Owner simply contends Requester did not present additional evidence with the
`
`RfllLSt proving these statements were true. Requester had no such burden. Nonetheless,
`
`Requester presents additional evidence in the Second Declaration of Michael Fratto (“Fratto 2d”)
`
`establishing that Reed was formally published and distributed well before February 15, 2000. See,
`
`e.g., Fratto 2d at W 8-13. Thus, Reed is a printed publication that was made publicly available no
`
`later than December of 1996. See e.g., In re Bayer, 568 F.2d 1357, 1361 (CC. P.A.19?8).
`
`Wang indicates on its face that it was made publicly available as of Sgptember 16, 1999.
`
`According to the document, Broadband Technical Reports “may be copied, downloaded, stored on
`
`2
`
`Petitioner Apple - EX. 1065, p. 6
`
`Petitioner Apple - Ex. 1065, p. 6
`
`
`
`Control No. 951001,682
`Comments of the Requestor on the Patent Owner Response
`
`a sewer or otherwise re—distributed in their entirety. . .” Wang at 2. As Mr. Fratto explains, the
`
`Broadband Forum maintains public access to technical reports via their website, including
`
`documents dating back to 1996. Fratto 2d at 1114. Thus, Wang is a printed publication that was
`
`made publically available before February 15, 2000.
`
`Patent Owner next challenges the status of the Request for Comment (RFC) documents
`
`cited in the Request, claiming that “the record is devoid of evidence that any of these references are
`
`... printed publications as of” each publication date listed on each RFC. This is a frivolous
`
`challenge — RFC documents are published and disseminated to the public by the Internet
`
`Engineering Task Force (lETF) pursuant to transparent and well-known procedures. Specifically:
`
`(i) each number assigned to an RFC is unique and is not “re-used” if the subject matter in an RFC
`
`is revised or updated, (ii) the date each RFC is distributed to the public is listed the front page of
`
`the RFC, (iii) RFCs are distributed to the public over the Internet, via numerous protocols, (iv)
`
`each RFC is announced via an email distribution list on the date it is released to the public, and (v)
`
`RFCs are maintained in numerous archives publicly accessible via the Internet. See Fratto 2d at
`
`1118-22. In fact, Patent Owner itself cites several RFCs as “printed publications” in the ‘ 135 patent.
`
`Patent Owner thus cannot seriously contend that RFCs are not publicly disseminated.2
`
`]]I.
`
`The Rejections Of the Claims Were Proper And Should Be Maintained
`
`Claims are given “their broadest reasonable interpretation, consistent with the specification,
`
`in reexamination proceedings.” In re Trans Texas Holding Corp, 498 F.3d 1290, 1298 (Fed. Cir.
`
`200?). In determining that meaning “it is improper to ‘confm[e] the claims to th[e] embodiments’
`
`found in the specification." Id. at 1299 (quoting Phillips v. AWH Corp, 415 F.3d 1303, 1323 (Fed.
`
`Cir. 2005) (en banc)). While “the specification [should be used] to interpret the meaning of a
`
`claim,” the PTO cannot “irnport[] limitations from the specification into the claim.” Id. “A
`
`patentee may act as its own lexicographer and assign to a term a unique definition that is different
`
`from its ordinary and customary meaning; however, a patentee must clearly express that intent in
`
`the written description.” Helmsderfer v. Bobrick Washroom Equal, Inc, 527 F.3d 1379, 1381
`
`(Fed. Cir. 2008) (emphasis added). No such express definitions of key claim terms is provided in
`
`the ’ 135 patent (e.g, “virtual private network,” “transparently creating a virtual private network,"
`)7 (I'-
`
`“domain name service,
`
`secure web site,” “determining,” or “between.”) Thus, these terms must
`
`be given their broadest reasonable interpretation in these reexamination proceedings.
`
`2
`
`See, e.g., ’135 Reexarn Certificate at 5.
`
`3
`
`Petitioner Apple - Ex. 1065, p. 7
`
`Petitioner Apple - Ex. 1065, p. 7
`
`
`
`Control No. 95,001,682
`Comments of the Requestor on the Patent Owner Response
`
`A.
`
`Response to Patent Owner’s Arguments Regarding the Rejection of Claims 1,
`3, 4, 6-10 and 12-14 Under 35 U.S.C. § 102(a) Based on Aventail Cannect
`
`v3. 172.6 Administrator ’5 Guide (Issue No. 1)
`
`1.
`
`Independent Claim 1 (Issue No. 1)
`
`As explained in the Request, Avemail describes a system that automatically establishes a
`
`Virtual Private Network (“VPN”) in response to a determination that a DNS request made on a
`
`client computer is requesting access to a secure target computer. Request at 38-51 Consequently,
`
`the Office properly found that Aventail describes a system that anticipates claim 1. 0A at 9. In
`
`response, Patent Owner asserts Avemail does not teach a system that is: (1) “arranged or combined
`
`in the same way as recited in the claim”; (2) “disclose[s] a VPN” or (3) “automatically initiat[es] a
`
`VPN in response to determining that a DNS request is requesting access to a secure target web
`
`site.” Response at 25. Each of these is incorrect.
`
`a.
`
`Avenfail Describes A System Arranged In the Same Manner as
`Recited in the Claim.
`
`As explained in the Request, Aventail describes a system that “generat[es] from the client
`
`computer a Domain Name Service (DNS) request,” “determin[es] whether the DNS request .
`
`.
`
`. is
`
`requesting access to a secure web site”; and “automatically intiat[es] the VPN between the client
`
`computer and the target computer.” See, e.g., Request at 38-57. In response, Patent Owner asserts
`
`that even if these elements are disclosed in Avenrail, they are not “arranged or combined in the
`
`same was as recited in the claim.” 3 Response at 19-20. Patent Owner’s response should be
`
`disregarded for the simple fact that claim 1 simply recites a process “comprising” a number of
`
`recited steps — it does not impose the strict order imagined by the Patent Owner.
`
`More importantly, however, Aventail does describe a system that performs the steps recited
`
`in the order they are recited in claim 1 to automatically establishes a VPN in response to a
`
`determination that a DNS request is requesting access to a secure website. Specifically, Avenrail
`
`shows systems that intercept and evaluate DNS requests, determine if they are requesting access to
`
`a secure destination, and, if so, automatically authenticate and encrypt communications between
`
`the client computer and a private network resource via a VPN server called the Aventail Extranet
`
`Server. Fratto at 1187. Aventail Connect worked with applications that communicate via TCPHP—
`
`Patent Owner incorrectly asserts that Avemail distinguishes between “outbound” and
`“inboun ” access. The two terms are simply a function of perspective — an “outboun ” request
`fi'om a client computer for access to a secure target computer would, fi'om the perspective of
`the secure target computer, be an “inbound” connection.
`4
`
`Petitioner Apple - EX. 1065, p. 8
`
`Petitioner Apple - Ex. 1065, p. 8
`
`
`
`Control No. 951001,682
`Comments of the Requestor' on the Patent Owner Response
`
`such as Web browsers—and was implemented using the existing WinSock functionality in client
`
`computers running Windows. Fratto at 1189. Thus, Aventail Connect necessarily acted on DNS
`
`requests containing, for example, either hostnarnes or IP address. Id. (“[Aventail Connect]
`
`executes a Domain Name System (DNS) lookup to convert the hostname into an Internet Protocol
`
`(IP) address”), and evaluated such requests to determine if the request was seeking access to a
`
`destination that required authentication and encryption, such as a secure website, or access to a
`
`non-secure destination, such as a public website on the Internet. Fratto at 1191. If Aventail Connect
`
`determined that a DNS request contained a hostname specifying a secure destination inside a
`
`private network, it would automatically and transparently (i) handle authentication of the user to
`
`the private network and (ii) encrypt the communications between the client computer and the
`
`private network resource, thereby establishing a VPN. Fratto at 1191. Thus, as described in the
`
`’135 patent, Aventafl discloses a system that automatically establishes a Virtual Private Network
`
`(“VPN”) in response to a determination that a DNS request made on a client computer is
`
`requesting access to a secure computer.
`
`In response, Patent Owner argues (incorrectly) “the Request casually moves between and
`
`picks certain features fi'om various different embodiments in an attempt to satisfy the elements of
`
`claim 1.” Response at 20. Patent Owner‘s stylistic criticism is irrelevant, and its substantive
`
`comments are simply wrong. In fact, it is Patent Owner that misrepresents key teachings of
`
`Avemail. For example, Patent Owner incorrectly states that the Request “briefly refers to an
`
`embodiment ofAventail v3. 1 dealing with inbound connections to show that web pages behind an
`
`Aventail ExtraNet server may be accessed by a web browser,” and then “refers back to the
`
`originally cited outbound embodiment.” Response at 19. Yet, the section to which Patent Owner
`
`refers unambiguously describes configuring a web browser on a client computer so that Aventail
`
`Connect can appropriately redirect “connections through the outbound proxy.” Aventail Connect
`
`v3.1 at 74 (emphasis added). Thus, Avenraii shows configuring Aventail Connect for use with a
`
`web browser to appropriately route outbound traffic destined for “those sites that are protected in
`
`the secure extranet.” Id.
`
`b.
`
`Avenfail Discloses a VPN
`
`The Examiner correctly found that Avemail discloses “automatically initiating the VPN
`
`between the client computer and target computer.” In response, Patent Owner asserts that Aventail
`
`does not disclose a VPN because “[o]ther than an unreferenced drawing of a ‘VPN server,’ the
`
`Petitioner Apple - Ex. 1065, p. 9
`
`Petitioner Apple - Ex. 1065, p. 9
`
`
`
`Control No. 951001,682
`Comments of the Requestor' on the Patent Owner Response
`
`term ‘VPN’ is not used in Avenmtf 123.1 to describe any connection.” Response at 21. Patent
`
`Owner assertions are incorrect.
`
`As Patent Owner readily admits (Response at 21), Aventail explicitly discloses a “VPN
`
`Server.” The VPN Server in Avenrar'! (i.e., the Aventail ExtraNet Server) is described as working
`
`in conjunction with Aventail Connect client to establish encrypted communications over the
`
`Internet between a client computer and a secure destination on a private network. See, e.g., Request
`
`at 42. A person of ordinary skill would plainly understand from this description that Aventaz'l is
`
`describing a VPN. See Fratto 11116-118 (“[P]eople used ‘VPN’ to refer to a group of networking
`
`protocols and techniques that enabled a remote user to securely gain access to one or more
`
`resources available on a private network via a public network, such as the Internet”).
`
`The Patent Owner contends that Aventail does not disclose a VPN because the encrypted
`
`communication tunnel disclosed inAventail fails to satisfy the definition of a VPN according to
`
`testimony from its expert in a prior reexamination. Response at 21 -22. That expert —Jason Nieh —
`
`asserted that (1) “Aventail v3.1 has not been shown to demonstrate that computers connected via
`
`the Aventail system are able to communicate with each other as though they were on the same
`
`network," (2) “Aventail Connect’s fundamental operation is incompatible with users transmitting
`
`data that is sensitive to network information,” and (3) “computers connected according to Aventail
`
`v3.1 do not communicate directly with each other.” Response at 21-23. Patent Owner’s analysis
`
`and its expert’s dated declaration are legally irrelevant and factually incorrect.
`
`Contrary to Patent Owner’s assertions, the claims do not require the specified
`
`functionalities. Specifically, the term “virtual private networ ” is not expressly defined in the
`
`claims or the specification to require these functionalities. Thus, the claims do not require a VPN
`
`that enables computers to communicate “as though they were on the same network” or computers
`
`that are “communicating directly with each other.” Patent Owner also provides nothing to support
`
`its assertions that the “fundamental operation” of the Aventail systems is “incompatible with users
`
`transmitting data that is sensitive to network information.” To the contrary, Avenraii plainly shows
`
`systems that securely transmit — using encryption and other techniques — information to enable
`
`remote users to securely access secure resources on a private network.
`
`Patent Owner’s assertion about the functionality of the Aventafl systems also is incorrect.
`
`For example, Aventail plainly shows remote users being able to access private network resources
`
`using the “Extranet Neighborhood” fimctionality of the Avemail system. See Avenrail at 28-30, 95-
`
`100. Thus, Avenraii does describe systems where remote users can communicate “as if they were
`
`6
`
`Petitioner Apple - Ex. 1065, p. 10
`
`Petitioner Apple - Ex. 1065, p. 10
`
`
`
`Control No. 95,001,682
`Comments of the Requestor on the Patent Owner Response
`
`on the same network” and can communicate “directly with other users” on the network. Similarly,
`
`Patent Owner’s incorrectly describes how the Aventail Connect client functions, claiming that the
`
`“false DNS response” returned by the Aventail Connect client if a DNS request is determined to
`
`specify a secure destination will “prevent the correct transfer of data.” Response at 22. In fact, as
`
`Avenmfl clearly explains, the Aventail Connect client uses the “false DNS entry” to simply mg
`
`DNS requests specifying secure destinations (i.e., hostnames matching a redirection rule). Once
`
`flagged, those requests are redirected to the Extranet Server, which performs the required
`
`authentication and encryption steps, and establishes the VPN. Fratto at 11 63. The false network
`
`information is never used as an actual network destination, a conclusion that is inescapable fi'om
`
`the description in Avemaii. Thus, contrary to Patent Owner’s assertion, the “false DNS response”
`
`is used to facilitate, not prevent, the secure transfer of data through a VPN.
`
`c.
`
`Avenfail Discloses the “Automatically Initiating a VPN” Step
`
`The Examiner correctly found that the Avenraii publications disclose a system that
`
`“automatically initiat[es] a VPN in Response to Determining that a DNS request is determined to
`
`be requesting access to a secure web site.” As the Request explains, Aventail shows that a client
`
`computer running Aventail Connect will determine if a DNS request transmitted by an application
`
`on the client computer is requesting access to a destination requiring a VPN. Avenraii Connect at
`
`10 (“When the Aventail Connect [] receives a connection request, it determines whether or not the
`
`connection needs to be redirected (to an Aventail ExtraNet Server) andx'or encrypted (in SSL).
`
`When redirection and encryption are not necessary, Aventail Connect simply passes the connection
`
`request, and any subsequent transmitted data, to the TCPflP stack”).
`
`In response, Patent Owner contends that “the Request does not say how a DNS request is
`
`determined to be requesting access to a secure website.” This response simply ignores the contents
`
`ofAventail, which clearly explains that if a client computer running Aventail Connect determined
`
`that a DNS request matched a redirection rule requiring a VPN (e.g., if the hostname in the request
`
`is identified as “part of a domain we are proxying traffic to”), the computer running Aventail
`
`Connect initiates the steps necessary to automatically establish a VPN to access the secure
`
`destination located on the specified private network. Request at 40-41; see also Fratto 11 61-70.
`
`These steps include determining if the connection request specified a destination on a pre—defined
`
`list of secure destinations, and if so, depending on the configuration of the client, sending the
`
`connection request to Aventail ExtraNet Server, which would authenticate the user, define the
`
`Petitioner Apple - Ex. 1065, p. 11
`
`Petitioner Apple - Ex. 1065, p. 11
`
`
`
`Control No. 95,001,682
`Comments of the Requestor on the Patent Owner Response
`
`encryption technique to be used, and otherwise determine whether and how traffic destined for a
`
`private network resource will be proxied. Request at 40-42; see also Fratto 11 100-101.
`
`Notably, the Patent Owner and its expert do not argue that the sequence of steps shown in
`
`Avenmi‘! do not meet the requirements of the claim. Instead, their response claims that each step
`
`considered in isolation does not anticipate the claims (i.e., none of the steps individually constitute
`
`the “determination” step of the claims). For example, Patent Owner argues that “the mere
`
`existence of a ‘security policy” or ‘configuration’ of a server inAvenraz'l v3.1 does not involving
`
`detemiining whether any request, must less the claimed DNS request, is requesting access to a
`
`secure web site, as recited in claim 1.” Response at 23. The Request did not contend that the
`
`configuration files on the Ex