Petition for Inter Partes Review of U.S. Patent No. 7,490,151
`
`
`
`Paper No. _______
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`____________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`___________________
`
`
`
`Apple Inc.,
`Petitioner,
`v.
`
`
`
`VirnetX, Inc. and Science Application International Corporation,
`Patent Owner
`
`
`
`
`Patent No. 7,490,151
`Issued: Feb. 10, 2009
`Filed: Sep. 30, 2002
`Inventors: Edmund C. Munger, et al
`Title: Establishment of a Secure Communication Link Based Domain Name
`Service (DNS) Request
`____________________
`
`Inter Partes Review No. IPR2013-00354
`__________________________________________________________________
`
`PETITION FOR INTER PARTES REVIEW
`
`
`
`
`
`

`

`Petition for Inter Partes Review of U.S. Patent No. 7,490,151
`
`TABLE OF CONTENTS
`
`Compliance With Requirements For A Petition For Inter
`
`I.
`Partes Review ...................................................................................................... 1
`A. Certification the ’151 Patent May Be Contested by Petitioner ....... 1
`B.
`Fee for Inter Partes Review (§ 42.15(a)) ........................................... 3
`II. Mandatory Notices (37 CFR § 42.8(b)) ........................................................ 3
`A. Real Party in Interest (§ 42.8(b)(1)) ................................................... 3
`B. Other Proceedings (§ 42.8(b)(2)) ........................................................ 3
`C. Designation of Lead and Backup Counsel ........................................ 4
`D.
`Service Information (§42.8(b)(4)) ...................................................... 4
`E.
`Proof of Service (§§ 42.6(e) and 42.105(a)) ....................................... 5
`III.
`Identification of Claims Being Challenged (§ 42.104(b)) ..................... 5
`IV. Relevant Information Concerning the Contested Patent ...................... 6
`A.
`Effective Filing Date and Prosecution History of the ’151 patent .. 6
`B.
`Person of Ordinary Skill in the Art ................................................... 7
`C. Construction of Terms Used in the Claims ....................................... 8
`1.
`Domain Name (Claims 1-16) ...................................................... 8
`2.
`Domain Name Server (Claims 1-16) .......................................... 9
`3.
`Domain Name Server (DNS) Proxy Module (Claims 1, 7) ........ 9
`4.
`Secure Server (Claims 1-16) ..................................................... 10
`5.
`IP Address Hopping Scheme (Claims 5 and 11) ...................... 10
`Precise Reasons for Relief Requested ...................................................... 11
`A. Claims 1-16 Are Anticipated By Aventail (Ex. 1007) .................... 11
`1.
`Aventail Anticipates Claim 1 .................................................... 11
`2.
`Aventail Anticipates Claim 7 .................................................... 14
`3.
`Aventail Anticipates Claim 13 .................................................. 18
`4.
`Aventail Anticipates Claim 2, 8 and 14 .................................... 19
`
`V.
`
`i
`
`

`

`Petition for Inter Partes Review of U.S. Patent No. 7,490,151
`
`Aventail Anticipates Claim 3, 9 and 15 .................................... 20
`5.
`Aventail Anticipates Claims 4, 10 and 16 ................................ 22
`6.
`Aventail Anticipates Claim 5 and 11 ........................................ 22
`7.
`Aventail Anticipates Claim 6 and 12 ........................................ 23
`8.
`B.
`Aventail and RFC 1035 Render Claims 3, 9 and 15 Obvious ....... 23
`C. Aventail In View of Reed I Renders Claims 5 and 11 Obvious .... 25
`D. Claims 1-16 Are Anticipated By BinGO (Ex. 1008). ...................... 27
`1.
`BinGO Anticipates Claim 1 ...................................................... 27
`2.
`BinGO Anticipates Claim 7 ...................................................... 30
`3.
`BinGO Anticipates Claim 13 .................................................... 33
`4.
`BinGO Anticipates Claims 2, 8 and 14 ..................................... 34
`5.
`BinGO Anticipates Claims 3, 9 and 15 ..................................... 35
`6.
`BinGO Anticipates Claim 4, 10, and 16 ................................... 36
`7.
`BinGO Anticipates Claim 5 and 11 .......................................... 36
`8.
`BinGO Anticipates Claims 6 and 12 ......................................... 37
`BinGO In View of Reed Renders Claims 5 and 11 Obvious ......... 38
` 39
`1.
`Beser Anticipates Claim 1 ........................................................ 39
`2.
`Beser Anticipates Claim 7 ........................................................ 41
`3.
`Beser Anticipates Claim 13 ...................................................... 43
`4.
`Beser Anticipates Claims 2, 8, and 14 ...................................... 44
`5.
`Beser anticipates Claims 3, 9, and 15 ....................................... 46
`6.
`Beser Anticipates Claims 4, 10 and 16 ..................................... 47
`7.
`Beser Anticipates Claims 5 and 11 ........................................... 47
`8.
`Beser Anticipates Claims 6 and 12 ........................................... 48
`Beser Considered with RFC 2401 Renders Obvious Claims 1-16 49
`1.
`Claims 1, 7, and 13 Would Have Been Obvious ...................... 50
`2.
`Dependent Claims 2-6, 8-12, and 14-16 ................................... 52
`
`Claims 1-16 Are Anticipated by U.S. Patent No. 6,496,867 (Beser)
`
`E.
`F.
`
`G.
`
`ii
`
`

`

`Dependent Claims 5 and 11 ...................................................... 53
`3.
`Beser in View of Blum Renders Obvious Claims 1-16 ................... 54
`H.
`1.
`Claims 1, 7, and 13 Would Have Been Obvious ...................... 54
`2.
`Claims 2-6, 8-12, and 14-16 Would Have Been Obvious ........ 56
`Beser in view of Hoke Renders Claims 1-16 Obvious .................... 57
`I.
`1.
`Claims 1, 7, and 13 Would Have Been Obvious ...................... 57
`2.
`Claims 2-6, 8-12, and 14-16 Would Have Been Obvious ........ 58
`J.
`Claims 1-16 Obvious ......................................................................... 59
`K.
`Claims 1-16 Obvious ......................................................................... 60
`CONCLUSION ..................................................................................................... 60
`
`Beser in View of RFC 2401, and Further in View of Blum Renders
`
`Beser in View of Hoke, and Further in View of Blum Renders
`
`Petition for Inter Partes Review of U.S. Patent No. 7,490,151
`
`VI.
`
`
`
`Attachment A. Proof of Service of the Petition
`
`Attachment B. List of Evidence and Exhibits Relied Upon in Petition
`
`
`
`
`
`iii
`
`

`

`Petition for Inter Partes Review of U.S. Patent No. 7,490,151
`
`I.
`
`Compliance With Requirements For A Petition For Inter Partes Review
`A. Certification the ’151 Patent May Be Contested by Petitioner
`Petitioner certifies it is not barred or estopped from requesting inter partes
`
`review of U.S. Patent No. 7,490,151 (the ’151 patent) (Ex. 1001). Neither
`
`Petitioner, nor any party in privity with Petitioner, has filed a civil action
`
`challenging the validity of any claim of the ’151 patent. The ’151 patent has not
`
`been the subject of a prior inter partes review by Petitioner or a privy of Petitioner.
`
`Petitioner also certifies this petition for inter partes review is filed within
`
`one year of the date of service of a complaint alleging infringement of a patent.
`
`Petitioner was served with a complaint alleging infringement of the ’151 patent on
`
`December 31, 2012, which led to Civil Action No. 6:12-cv-00855-LED in the
`
`Eastern District of Texas. Ex. 1050. Because the date of this petition is less than
`
`one year from December 31, 2012, this petition complies with 35 U.S.C. § 315(b).
`
`Petitioner notes it was previously served with a complaint asserting
`
`infringement of the ’151 patent in August of 2010, which led to Civil Action No:
`
`6:10-cv-417. During that action, the District Court established an additional civil
`
`action, Civil Action No. 6:13-cv-00211-LED, on February 26, 2013 (also pending
`
`in the Eastern District of Texas). The August 2010 complaint does not foreclose
`
`the present petition, as Patent Owner served a new complaint on Petitioner
`
`asserting infringement of the ’151 patent in December of 2012.
`
`
`
`

`

`Petition for Inter Partes Review of U.S. Patent No. 7,490,151
`
`Petitioner submits this conclusion is compelled by the plain language of
`
`§ 315(b). Notably, § 315(b) does not specify a one-year deadline that runs from
`
`the date of the first complaint served on a petitioner. Rather, it states “[a]n inter
`
`partes review may not be instituted if the petition requesting the proceeding is filed
`
`more than 1 year after the date on which the petitioner, real party in interest, or
`
`privy of the petitioner is served with a complaint alleging infringement of the
`
`patent.” Thus, a petition filed within 1 year of the date any complaint alleging
`
`infringement of the patent is served on a petitioner is timely under the plain
`
`statutory language of § 315(b). This is also the only reading of § 315(b) consistent
`
`with the statutory design. Congress designed the IPR authority to be option to
`
`contest validity of a patent concurrently with district court proceedings involving
`
`the same patent. A timely filed IPR proceeding in any action a patent owner elects
`
`to commence is perfectly consistent with this statutory design.
`
`Reading § 315(b) in this manner also is the only way to effectively foreclose
`
`gaming of the system by a Patent Owner. Indeed, if § 315(b) were read to
`
`foreclose IPR proceedings in a second, independent action for infringement a
`
`patent owner elected to commence, it would unfairly foreclose use of the IPR
`
`system. For example, a patent owner could assert irrelevant claims in a first action,
`
`wait a year, and then assert different claims in a new action that do present risks to
`
`a third party. In this scenario, the patent owner would foreclose legitimate use of
`
`2
`
`

`

`Petition for Inter Partes Review of U.S. Patent No. 7,490,151
`
`an IPR to contest validity of the patent claims asserted in the second action based
`
`on the third party’s reasonable business decision to not dispute validity of
`
`irrelevant claims in the first action. Rather than attempting to decipher which
`
`scenarios would be improper, the Board should follow the plain meaning of
`
`§ 315(b), and find a petition timely if it is filed within 1 year of the date any
`
`complaint alleging infringement of the patent is served on a Petitioner.
`
`Finally, reading §315(b) to foreclose this petition based on the August 2010
`
`complaint would be particularly unjust in this case. The 1-year period following
`
`service of the August 2010 complaint expired before it was possible to submit an
`
`IPR petition – petitions could only be filed on or after September 16, 2012.
`
`Fee for Inter Partes Review (§ 42.15(a))
`
`B.
`The Director is authorized to charge the fee specified by 37 CFR § 42.15(a)
`
`to Deposit Account No. 50-1597.
`
`II. Mandatory Notices (37 CFR § 42.8(b))
`A. Real Party in Interest (§ 42.8(b)(1))
`The real party of interest of this petition pursuant to § 42.8(b)(1) is Apple
`
`Inc. (“Apple”) located at One Infinite Loop, Cupertino, CA 95014.
`
`B. Other Proceedings (§ 42.8(b)(2))
`The ’151 patent is the subject of a number of civil actions including: (i) Civ.
`
`Act. No. 6:13-cv-00211-LED (E.D. Tex.), filed February 26, 2013; (ii) Civ. Act.
`
`No. 6:12-cv-00855-LED (E.D. Tex.), filed November 6, 2012; (iii) Civ. Act. No.
`
`3
`
`

`

`Petition for Inter Partes Review of U.S. Patent No. 7,490,151
`
`6:10-cv-00417-LED (E.D. Tex.), filed August 11, 2010 (the “2010 litigation), (iv)
`
`Civ. Act. No. 6:13-cv-00351-LED (E.D. Tex), filed April 22, 2013. Actions (i) to
`
`(iii) name Petitioner as a defendant.
`
`The ’151 patent is also the subject of merged inter partes reexamination
`
`Nos. 95/001,697 and 95/001,714. Petitioner is the real party of interest in the ’697
`
`proceeding. In the merged proceedings, the Office issued a Non-Final Action on
`
`April 20, 2012 rejecting all 16 claims of the ‘151 patent, including rejections based
`
`on several prior art references relied upon in this Petition. In sum, the Office has
`
`rejected each of claims 1-16 as being anticipated or obvious based on Ex. 1007
`
`(Aventail), Ex. 1008 (BinGO), and Ex. 1009 (Beser), as well as over several other
`
`prior art references. Petitioner recognizes it is appropriate for the Panel to merge,
`
`join or take other steps to manage these proceedings.
`
`C. Designation of Lead and Backup Counsel
`
`Lead Counsel
`Jeffrey P. Kushan
`Reg. No. 43,401
`jkushan@sidley.com
`(202) 736-8914
`D.
`Service on Petitioner may be made by mail or hand delivery to: Sidley
`
`Backup Lead Counsel
`Joseph A. Micallef
`Reg. No. 39,772
`jmicallef@sidley.com
`(202) 736-8492
`
`Service Information (§42.8(b)(4))
`
`Austin LLP, 1501 K Street, N.W., Washington, D.C. 20005. The fax number for
`
`lead and backup counsel is (202) 736-8711.
`
`4
`
`

`

`Petition for Inter Partes Review of U.S. Patent No. 7,490,151
`
`E.
`Proof of Service (§§ 42.6(e) and 42.105(a))
`Proof of service of this petition is provided in Attachment A.
`
`III.
`
`Identification of Claims Being Challenged (§ 42.104(b))
`Claims 1-16 of the ’151 patent are unpatentable for the following reasons:
`
`(i)
`
`Claims 1-16 are anticipated under § 102(b) by Aventail (Ex. 1007);
`
`(ii) Claims 3, 9 and 15 are obvious under § 103 based on Aventail (Ex.
`1007) in view of RFC 1035 (Ex. 1017);
`
`(iii) Claims 5 and 11 are obvious under § 103 based on Aventail (Ex.
`1007) in view of Reed (Ex. 1014);
`
`(iv) Claims 1-16 are anticipated under § 102(a) by BinGO (Ex. 1008);
`
`(v) Claims 5 and 11 are obvious under § 103 based on BinGO (Ex. 1008)
`in view of Reed I (Ex. 1014);
`
`(vi) Claims 1-16 are anticipated under § 102(e) by Beser (Ex. 1009);
`
`(vii) Claims 1-16 are obvious under § 103 based on Beser (Ex. 1009) in
`view of RFC 2401 (Ex. 1010);
`
`(viii) Claims 1-16 are obvious under § 103 based on Beser (Ex. 1009) in
`view of Blum (Ex. 1011);
`
`(ix) Claims 1-16 are obvious under § 103 based on Beser (Ex. 1009) in
`view Hoke (Ex. 1012);
`
`(x) Claims 1-16 are obvious under § 103 based on Beser (Ex. 1009) in
`view of RFC 2401 (Ex. 1010), further in view of Blum (Ex. 1011);
`
`(xi) Claims 1-16 are obvious under § 103 based on Beser (Ex. 1009) in
`view of Hoke (Ex. 1012), further in view of Blum (Ex. 1011).
`
`5
`
`

`

`Petition for Inter Partes Review of U.S. Patent No. 7,490,151
`
`Petitioner’s proposed construction of the contested claims, the evidence relied
`
`upon, and the precise reasons why the claims are unpatentable are provided in
`
`§ IV, below. The evidence relied upon in support of this petition is listed in
`
`Attachment B.
`
`IV. Relevant Information Concerning the Contested Patent
`A. Effective Filing Date and Prosecution History of the ’151 patent
`The ’151 patent issued from U.S. Application No. 10/259,494, filed
`
`September 30, 2002. The ’494 application is a division of U.S. Application No.
`
`09/504,783, filed on February 15, 2000, now U.S. Patent No. 6,502,135, which is a
`
`continuation-in-part of U.S. Application No. 09/429,653, filed on October 29,
`
`1999, now U.S. Patent No. 7,010,604. The ’494, ’783 and ’653 applications each
`
`claim priority under 35 U.S.C. 119(e) to Provisional Application Nos. 60/106,261,
`
`filed October 30, 1998 and 60/137,704, filed June 7, 1998.
`
`Claims 1, 7 and 13 of the ’151 patent are independent claims. Claims 2-6
`
`depend from claim 1, claims 8-12 depend from claim 7, and claims 14-16 depend
`
`from claim 13. Consequently, claims 2-6, 8-12, and 14-16 cannot enjoy an
`
`effective filing date earlier than that of claims 1, 7 and 13, respectively, from
`
`which they depend.
`
`Claims 1, 7 and 13 of the ’151 patent rely on information first presented in
`
`the ‘783 application. For example, claim 1 of the ’151 patent specifies
`
`6
`
`

`

`Petition for Inter Partes Review of U.S. Patent No. 7,490,151
`
`“determining whether the intercepted DNS request corresponds to a secure server”
`
`and subsequent steps involving the DNS request. Similarly, claims 7 and 13
`
`include limitations involving DNS requests (e.g., “intercepting a DNS request
`
`sent by a client . . .” and “determining whether the intercepted DNS request
`
`corresponds to a secure server . . .”, respectively). The first application that even
`
`recited the term “DNS” was the ’783 application. Because none of the ’653, ’261
`
`application or ’704 applications disclose or even suggest use in any manner of
`
`DNS requests or proxy servers, these earlier filed applications do not describe or
`
`enable the subject matter defined by at least claims 1, 7 and 13 of the ’151 patent.
`
`Accordingly, the effective filing date of claims 1-16 of the ’151 patent is no earlier
`
`than February 15, 2000.
`
`Person of Ordinary Skill in the Art
`
`B.
`A person of ordinary skill in the art in the field of the ’151 patent would
`
`have been someone with a good working knowledge of networking protocols,
`
`including those employing security techniques, as well as computer systems that
`
`support these protocols and techniques. The person also would be very familiar
`
`with Internet standards related to communications and security, and with a variety
`
`of client-server systems and technologies. The person would have gained this
`
`knowledge either through education and training, several years of practical
`
`working experience, or through a combination of these. Ex. 1003 at ¶66.
`
`7
`
`

`

`Petition for Inter Partes Review of U.S. Patent No. 7,490,151
`
`C. Construction of Terms Used in the Claims
`In this proceeding, claims must be given their broadest reasonable
`
`construction in light of the specification. 37 CFR 42.100(b). The broadest
`
`reasonable construction should encompass subject matter that Patent Owner
`
`contends infringes the claims, and should reflect constructions proposed by Patent
`
`Owner in past or concurrent litigation. Also, if Patent Owner contends terms in the
`
`claims should be read to have a special meaning in this proceeding, those
`
`contentions should be disregarded unless Patent Owner amends the claims
`
`compliant with 35 U.S.C. § 112 to make them expressly correspond to those
`
`contentions. See 77 Fed. Reg. 48764 at II.B.6 (August 14, 2012). Cf., In re
`
`Youman, 679 F.3d 1335, 1343 (Fed. Cir. 2012). In the proposed constructions
`
`below, Petitioner identifies subject matter which falls within the scope of the
`
`claims, read in their broadest reasonable construction, which Petitioner submits is
`
`sufficient for the purposes of this proceeding.
`
`Domain Name (Claims 1-16)
`
`1.
`The ’151 patent does not explicitly define the term “domain name.” Patent
`
`Owner has asserted a “domain name” means “a name corresponding to an IP
`
`address.” Ex. 1046 at 14-15. The broadest reasonable construction of this
`
`“domain name” should include Patent Owner’s proposed definition.
`
`8
`
`

`

`Petition for Inter Partes Review of U.S. Patent No. 7,490,151
`
`2.
`Domain Name Server (Claims 1-16)
`The ’151 patent does not explicitly define the term “Domain Name
`
`Server.” The ’151 patent indicates that when this term is used, it is being used
`
`generally as a “server” that returns an IP address in response to a request
`
`containing a domain name. See Ex. 1003 at ¶¶195-197. A domain name server
`
`performs domain name resolution according to Internet standards, namely, RFC
`
`1034 (Ex. 1016 ) and RFC 1035 (Ex. 1017). Pursuant to those standards, a domain
`
`name server will not always return an IP address – an error also may be returned.
`
`Ex. 1003 at ¶¶114-123. The broadest reasonable construction of “Domain Name
`
`Server” thus includes “a computer or computer-based process that will return an IP
`
`address or an error code in response to a domain name resolution request.”
`
`3.
`Domain Name Server (DNS) Proxy Module (Claims 1, 7)
`The ‘151 patent does not define the term “DNS Proxy Module.” Indeed,
`
`only claims 1, 7 and 13 recite this term. The disclosure does discuss features of a
`
`“DNS Proxy.” For example, it explains a DNS proxy may distribute its functions
`
`across multiple computers and processes. See Ex. 1003 at ¶202 (citing to Ex. 1001
`
`at 37:60-38:21). Patent Owner also has asserted a “DNS proxy server” means “a
`
`computer or program that responds to a domain name inquiry in place of a DNS.”
`
`Ex. 1046 at 16-17. Given the absence of any description of a “DNS proxy
`
`module” in the ’151 disclosure, this term appears to be indisguishable from a
`
`9
`
`

`

`Petition for Inter Partes Review of U.S. Patent No. 7,490,151
`
`“DNS proxy server.” The broadest reasonable construction of a “DNS Proxy
`
`Module” thus includes “one or more computers or processes that individually or
`
`collectively respond to a domain name inquiry in place of a DNS server.”
`
`4.
`Secure Server (Claims 1-16)
`The ’151 patent does not define the term “secure server.” Patent Owner has
`
`asserted that a “secure server” means “a server that requires authorization for
`
`access and that can communicate in an encrypted channel.” Ex. 1046 at 24. The
`
`broadest reasonable construction of these terms should include Patent Owner’s
`
`proposed constructions for this term. Also, several claims recite a “secure sewer.”
`
`While Petitioner believes this is a typographical error, Patent Owner has not, as of
`
`the date of this petition, corrected this error in the claims.
`
`IP Address Hopping Scheme (Claims 5 and 11)
`
`5.
`The ’151 patent does not define the term “IP address hopping scheme.” It
`
`does refer to a variety of schemes that route traffic through intermediary network
`
`devices according to a pre-defined scheme as “IP hopping schemes.” See, e.g., Ex.
`
`1001 at 5:36-6:3, 14:39-63. These schemes use a wide variety of routing concepts
`
`and strategies. Based on this, the broadest reasonable construction of “IP address
`
`hopping scheme” encompasses any type of scheme for routing IP traffic from a
`
`client to a destination through intermediary devices. Also, claim 5 recites an “IF”
`
`10
`
`

`

`Petition for Inter Partes Review of U.S. Patent No. 7,490,151
`
`hopping scheme, which the Petitioner understands to be a typographical error.
`
`Patent Owner has not, as of the date of this petition, corrected this error.
`
`V.
`
`Precise Reasons for Relief Requested
`A. Claims 1-16 Are Anticipated By Aventail (Ex. 1007)
`Aventail (Ex. 1007) is a printed publication that was publicly distributed no
`
`later than January 31, 1999. Ex. 1003 at ¶¶ 215-222; Ex. 1005 at ¶¶ 11-36; Ex.
`
`1006 at ¶¶ 11-24. Aventail is prior art to the ’151 patent at least under 35 U.S.C.
`
`§§ 102(a) and (b). A concise summary of the systems and processes described in
`
`Aventail is provided at ¶¶ 262 to 356 of Ex. 1003 and at ¶¶14 to 78 of Ex. 1005.
`
`Aventail Anticipates Claim 1
`
`1.
`Aventail shows a client computer running Aventail Connect will intercept
`
`each connection request made on the client. Ex. 1003 at ¶¶ 266-272, 276. This is
`
`the same technique described in the ’151 patent. See Ex. 1001 at 37:60-38:10; see
`
`also Ex. 1007 (Aventail) at ¶ 277. The request can be evaluated at the client
`
`computer or at a DNS proxy server (e.g., the Aventail Extranet Server or “AES”).
`
`Ex. 1003 at ¶¶ 267, 272, 280-287 (client computer); ¶¶ 286-287, 296-297 (Extranet
`
`Server). For example, the client computer could be configured to proxy all
`
`connection requests to a DNS proxy server for handling and resolution by enabling
`
`the “DNS Proxy Option” in the Aventail Connect client. Ex. 1003 at ¶¶ 286-287,
`
`296-297, 303, 311, 315, 321. The Aventail Connect client also could evaluate
`
`connection requests locally. Ex. 1003 at ¶¶ 279-284, 289-295, 307. A “DNS
`
`11
`
`

`

`Petition for Inter Partes Review of U.S. Patent No. 7,490,151
`
`Proxy Module” per claim 1 can reside on the same or a different computer as the
`
`one where the DNS request originates. See § IV.C.3. It also can be a “process”
`
`performed on a single computer or by computers working together. Id. Thus, a
`
`client computer running Aventail Connect, the server computer running AES, or
`
`both, comprise “a DNS proxy module.” Aventail thus describes “[a] data
`
`processing device, comprising memory storing a domain name server (DNS) proxy
`
`module that intercepts DNS requests sent by a client and, for each intercepted DNS
`
`request, performs the steps.” Ex. 1003 at ¶¶ 357-360; see id. at ¶¶75-78.
`
`Aventail explains redirection rules are used to identify DNS requests made
`
`on a client computer containing a domain name or IP address on a private network
`
`requiring secure communications. Ex. 1003 at ¶¶ 267-268, 274, 279-282, 284-287,
`
`303-317, 321. If a domain name in a request matches a domain name in a
`
`redirection rule, Aventail Connect would flag that request to be proxied to the
`
`proxy server for handling. Ex. 1003 at ¶¶ 267-268, 274, 279-282, 284-287, 303-
`
`317, 321. Aventail thus describes a data processing device that performs the step
`
`of “determining whether the intercepted DNS request corresponds to a secure
`
`server.” Ex. 1003 at ¶¶ 361-370.
`
`Aventail shows that if a DNS request containing a domain name or an IP
`
`address does not match a local name resolution rule or a redirection rule, it will be
`
`handed off to client operating system for handling, which will perform a DNS
`
`12
`
`

`

`Petition for Inter Partes Review of U.S. Patent No. 7,490,151
`
`lookup and returns the IP address “as if Aventail Connect were not running.” Ex.
`
`1003 at ¶ 267, 272-273, 283-281, 314. Domain names and IP addresses that match
`
`a redirection rule are “secure” destinations (e.g., hosts on a private network), while
`
`other domains are “non-secure” (e.g., public websites). Ex. 1003 at ¶ 313.
`
`Aventail also shows Aventail Connect can be configured to perform local name
`
`resolution on domain names in a request. Ex. 1003 at ¶¶ 279-284, 289-295, 307.
`
`Locally resolved domain name are not secure destinations because requests
`
`containing them will not be forwarded to the proxy server (AES). Ex. 1003 at ¶¶
`
`279-284, 289-295, 307. Aventail thus shows a data processing device that
`
`performs the step of “(ii) when the intercepted DNS request does not correspond to
`
`a secure server, forwarding the DNS request to a DNS function that returns an IP
`
`address of a nonsecure computer, and.” Ex. 1003 at ¶¶ 371-377.
`
`In the Aventail systems, if an intercepted DNS request contained a domain
`
`name that matched a redirection rule, the request would trigger a sequence of steps
`
`that would establish a VPN between the client computer and the secure destination.
`
`Ex. 1003 at ¶¶ 263, 267-269, 274, 304, 317-318, 322, 323, 343-350. Specifically,
`
`the request would flagged for special handling by by the Aventail Connect client
`
`by inserting a false entry (“HOSTENT”) into it. Ex. 1003 at ¶¶ 278-279, 303, 311-
`
`313. Then, after the name resolution step, the request would be evaluated – if it
`
`contained the false entry or an IP address matching a redirection rule, the client
`
`13
`
`

`

`Petition for Inter Partes Review of U.S. Patent No. 7,490,151
`
`would know the request would have to be sent (“proxied”) to the proxy server
`
`(AES) specified in the redirection rule for that domain name or IP address. Ex.
`
`1003 at ¶¶ 267-268, 274, 278-287, 296-299, 303-317, 321. To do that, the client
`
`computer would open a connection to the proxy server and authenticate the user.
`
`Ex. 1003 at ¶¶ 264, 267, 269, 271-273, 286, 300, 302, 307, 319, 320, 323-332. If
`
`authentication was successful, the original request would be sent to the server, and
`
`communications would proceed. Id. Aventail explains that communications
`
`between the client and the private network are automatically encrypted/decrypted.
`
`Ex. 1003 at ¶¶ 263, 267-269, 274, 304, 317-318, 322, 323, 343-350. Aventail thus
`
`shows a data processing device wherein “(iii) when the intercepted DNS request
`
`corresponds to a secure server, automatically initiating an encrypted channel
`
`between the client and the secure server.” Because it describes a device having all
`
`the elements in claim 1, Aventail anticipates claim 1. Ex. 1003 at ¶¶ 378-379.
`
`Aventail Anticipates Claim 7
`
`2.
`Claim 7 is closely analogous to claim 1, and consequently Aventail
`
`anticipates claim 7 for essentially the same reasons it anticipates claim 1. See §1,
`
`above. Aventail explains that Aventail Connect and Aventail Extranet Server are
`
`software products that run on client or server computers. Ex. 1003 at ¶ 263.
`
`Aventail thus describes “a computer readable medium… comprised of computer
`
`14
`
`

`

`Petition for Inter Partes Review of U.S. Patent No. 7,490,151
`
`readable instructions that, when executed cause a data processing device to
`
`perform the steps” specified by the software. Ex. 1003 at ¶¶ 434-440.
`
`Aventail shows a client computer running Aventail Connect will intercept
`
`each connection request made on that client. Ex. 1003 at ¶¶ 266-272, 276. This is
`
`the same technique described in the ‘151 patent. See Ex. 1001 at 37:60-38:10; See
`
`also Ex. 1007 (Aventail) at ¶ 277. The request can be evaluated at the client
`
`computer or at a DNS proxy server (e.g., the AES). Ex. 1003 at ¶¶ 267, 272, 280-
`
`287 (client computer); ¶¶ 286-287, 296-297 (Extranet Server). A “DNS Proxy
`
`Module” per claim 1 can reside on the same or a different computer as the one
`
`where the DNS request originates, and can be a “process” performed on a single
`
`computer or by computers working together. See § IV.C.3. A client computer
`
`running Aventail Connect, a server computer running AES or both may comprise
`
`“a DNS proxy module.” Ex. 1003 at ¶¶ 286-287, 296-297, 303, 311, 315, 321
`
`Aventail thus describes a computer readable medium comprising instructions that
`
`will cause a computer to perform the step of “(i) intercepting a DNS request sent
`
`by a client.” Ex. 1003 at ¶¶ 441-442.
`
`Aventail explains redirection rules are used to identify DNS requests made
`
`on a client computer containing a domain name or IP address on a private network
`
`requiring secure communications. Ex. 1003 at ¶¶ 267-268, 274, 279-282, 284-287,
`
`303-317, 321. If a domain name in a request matches a domain name in a
`
`15
`
`

`

`Petition for Inter Partes Review of U.S. Patent No. 7,490,151
`
`redirection rule, Aventail Connect would flag that request to be proxied to the
`
`proxy server for handling. Ex. 1003 at ¶¶ 267-268, 274, 279-282, 284-287, 303-
`
`317, 321. Aventail thus describes a data processing device that performs the step
`
`of “determining whether the intercepted DNS request corresponds to a secure
`
`server.” Ex. 1003 at ¶¶ 443-452.
`
`Aventail shows that if a DNS request containing a domain name or an IP
`
`address does not match a local name resolution rule or a redirection rule, it will be
`
`handed off to client operating system for handling, which will perform a DNS
`
`lookup and returns the IP address “as if Aventail Connect were not running.” Ex.
`
`1003 at ¶¶ 267, 272-273, 283-281, 314. Domain names and IP addresses that
`
`match a redirection rule are “secure” destinations (e.g., hosts on a private network),
`
`while other domains are “non-secure” (e.g., public websites). Ex. 1003 at ¶ 313.
`
`Aventail also shows Aventail Connect can be configured to perform local name
`
`resolution on domain names in a request. Ex. 1003 at ¶¶ 279-284, 289-295, 307.
`
`Locally resolved domain name are not secure destinations because requests
`
`containing them will not be forwarded to the proxy server (AES). Id. Aventail
`
`thus shows a data processing device that performs the step of “(ii) when the
`
`intercepted DNS request does not correspond to a secure server, forwarding the
`
`DNS request to a DNS function that returns an IP address of a nonsecure
`
`computer.” Ex. 1003 at ¶¶ 453-454.
`
`16
`
`

`

`Petition for Inter Partes Review of U.S. Patent No. 7,490,151
`
`In the Aventail systems, if an intercepted DNS request contained a domain
`
`name that matched a redirection rule, the request would trigger a sequence of steps
`
`that would establish a VPN between the client computer and the secure destination.
`
`Ex. 1003 at ¶¶ 263, 267-269, 274, 304, 317-318, 322, 323, 343-350. Specifically,
`
`the request would flagged for special handling by by the Aventail Connect client
`
`by inserting a false entry (“HOSTENT”) into it. Ex. 1003 at ¶¶ 278-279, 303, 311-
`
`313. Then, after the name resolution step, the request would be evaluated – if it
`
`contained the false entry or an I