`
`
`
`
`Filed on behalf of: VirnetX Inc.
`By:
`
`Joseph E. Palys
`Paul Hastings LLP
`875 15th Street NW
`Washington, DC 20005
`Telephone: (202) 551-1996
`Facsimile: (202) 551-0496
`E-mail: josephpalys@paulhastings.com
`
`
`
`Paper No.
`Filed: February 5, 2015
`
`Naveen Modi
`Paul Hastings LLP
`875 15th Street NW
`Washington, DC 20005
`Telephone: (202) 551-1990
`Facsimile: (202) 551-0490
`E-mail: naveenmodi@paulhastings.com
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`
`
`
`
`
`
`
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`
`
`
`
`
`
`
`
`
`
`
`APPLE INC.
`Petitioner
`
`v.
`
`VIRNETX INC.
`Patent Owner
`
`
`
`
`
`
`
`Case IPR2014-00237
`Patent 8,504,697
`
`
`
`
`
`
`
`
`
`
`Patent Owner’s Demonstrative Exhibits
`
`
`
`
`
`
`
`
`
`Inter Partes Review of
`
`U.S. Patent No. 8,504,697
`
`Case No. IPR2014-00237
`
`Case No. IPR2014-00238
`
`
`
`Background
`
`Background
`
`
`
`.; United States Patent
`I.ursmI (4 II.
`\\a 3| §\ll \II IlIllI||\lHlV|l\l. \\
`Moll! \| IKUMA PS1! I fill NM ‘II III
`I ulllfl \N l
`‘I l’ul\1. MI I II.
`III“ II\ \ \\II\
`IA'v\ an s.
`....a. uni.’
`u.:uuIn-nnamnnuu :...:-n
`-. w ~. n..u-mu -In >5..."
`‘..,....y.- u w\ xnquq
`\hIIAuo-u. um um, ‘-\\
`\\
`‘ikx ‘-1
`\luv¢\ I-u. /.4’.
`‘.1.-. .r ....
`Ivan
`\-
`.-......x. .L.
`\ .
`x
`\-
`-4.1.».-..-...
`1.. ,.....
`. ..-..-.
`xnulsn 1..
`.1;u.v
`I I-u1.:!|T
`ID-1 ll. EIH
`Pom hi-Inna Ibu-
`1'\ JYILNM .4 u
`m :- zu ,
`
`Mama I .x, ughmn nu.
`n.:nn.n.v.. n um \.
`an 1» _u\l -nu V
`-_,‘
`u .4: ml
`- \
`’.'*1In..m
`I
`‘ any Ink. 4 ‘m.
`4 sun nun...
`
`.‘ um...” 4:~\(I
`um nu:
`I--v
`
`Ilrln.nu|\. u-l_.
`u . u-4 ~..‘
`‘I-Hhdnl
`u"-
`I’-N ,..m...uI nun . \-
`vm...m ‘y
`»
`
`I S.(l!5DIur?1
`
`l S 8.S4N.m7 B1
`‘ \D:‘ GI. 10! .1
`
`‘
`
`.-1»
`I"
`pm
`
`in hit: \a.:
`; . Dale III‘ Patel!‘
`|u.IL
`mu um
`I
`.~ 1|
`.9
`Mtllrll Iuulnuq \rUI‘I
`\4\
`\. “..,
`. 'r| mu’:-. ..
`llvlvvnanl hr!
`.u xxx \
`\ I‘\.I‘-l
`raw
`up...‘
`V
`|\.\‘
`-.»...u
`- num-
`v[ll'lv\"\1lIIIl uI\.
`
`W \
`-.24 \
`
`-.
`
`. mum
`1Il|,I|(71’x u unnx
`:.m....“.:\....
`n.....
`numvv lAfl~
`n I4
`v
`-. noun
`ivlunl n.
`.-mu. . -..- ».
`‘~-
`. 4,
`‘Hrvm
`up.‘
`II?
`x
`\I\lIM I
`u.
`no-1|‘-v‘ ..-
`.—l
`In-4:1! u .
`1‘.
`...,u.n.n..¢x;. nu .uI.uuzuuu.
`nu ..n.I
`I-I
`V:
`<V( -mus.
`-
`-
`up...
`.‘
`>- 1 .A n s
`v:\\u.'
`I
`v
`n ,L\'.'c mu;
`um cl I“I'\
`I}: run! 904:-
`»; v nu
`-.-nu -. an In ..\»-nu u.-~->
`n<uu
`..
`.
`...g.....»|. .
`. ~.(V*>.\'u.
`..~-u.p.un
`.
`4. n. u.
`..u-
`n
`-..n |r- .«.m..- «aura u. .p..-»..,~w. - -(Iv
`
`DH Ion» ll lvu-nu: Hum»
`
`
`
`2-:tr:_.us
`was no ;.E$T
`r-zemu; vane
`
`$3 "”"r‘a
`c«§ 9;-jt‘{EH
`
`-.
`
`I
`
`%“5f
`K?-"‘* ""“""‘-"""‘“]
`FETLF}-‘
`‘H3 ST U|NuC\‘R.'
`ERBIR
`
`'.'.‘~\F_ *-EEPER
`
`-.._
`
`
`
`1. A n1etl1od of connecting a first network device and a
`second network device, the method comprising:
`intercepting, from the first network device, a request to
`look up an internet protocol (IP) address of the second
`network device based on a domain name associated with
`
`the second network device:
`
`deterniining, in response to the request, whether the second
`network device is available fora secure communications
`
`service; and
`
`initiating a secure communication link between the first
`network device and the second network device based on
`
`a determination that the second network device is avail-
`
`able for the secure connnunications service;
`wherein the secure comnlunications service uses the secure
`
`
`
`16. A system for connecting a first network device and a
`second network device. the systetn including one or more
`servers configured to:
`intercept. from the first network device. a request to look up
`an intemel protocol (IP) address oi" the second network
`device based on a domain name associated with the
`
`second network device:
`determine, in response to the request, whether the second
`network device is available for a secure contmtuiieations
`
`service; and
`
`initiate a secure communication link between the first net-
`
`work device and the second network device based on a
`
`detemiination that the second network device is avail-
`
`able for the secure conmiunications service.
`
`
`
`- IPR2014-00237
`
`— Claims 1-11, 14-25, and 28-30 are anticipated by
`
`Beser
`
`— Claims 1-11, 14-25, and 28-30 are obvious over
`
`Beser in View of RFC 2401
`
`- IPR2014-00238
`
`— Claims 1-3, 8-11, 14-17, 22-25, and 28-30 are
`
`anticipated by Wesinger
`
`
`
`Claim Construction
`
`Claim Construction
`
`
`
`Patent 0wner’s Proposed
`Constmction
`
`Apple’ .s Proposed
`Construction
`
`Board’s Preliminary
`Construction
`
`A direct communication
`
`A communication link in
`
`link that provides data
`security through
`encryption
`
`which computers
`privately and directly
`communicate with each
`
`other on insecure paths
`between the computers
`where the communication
`
`is both secure and
`
`anonymous, and where
`the data transferred may
`or may not be encrypted
`
`A transmission path that
`restricts access to data,
`
`addresses , or other
`information on the path,
`generally using
`obfuscation methods to
`
`hide information on the
`
`path, including, but not
`limited to, one or more of
`
`authentication,
`encryption, or address
`hopping
`
`Patent Owner Response at 10
`
`
`
`- Dec1s1on
`
`Based on the foregoing. using a plain and ordinary construction in light of
`
`the ‘69’ Patent. the broadest reasonable construction of the term "sec:iu‘e
`
`comniunication link" is a transmission path that restricts access to data. addresses.
`
`or other information on the path. generally using 'C1:‘0>l§UlIl"‘§il.’.l'-It‘)l1'.fTI7§i3hIC)fCt. to hide
`
`information on the path. including. but not limited to. one or more of
`
`.:IuE'}lr:tt‘t ir;:I1'irmt, el1Cl'y])li0ll. 01' ;:1:;lrfkr::~:::;', Ihioiyipinr 3
`
`Decision at 10
`
`- Patent Owner’s Response
`
`The Decisions construction is also technically flawed.—
`
`
`
`- Prosecution History: Patent Owner’s Response
`to Office Action of Dec. 29, 2011
`
`Ex. 1056 at 25, Patent Owner’s Response
`
`to Office Action of Dec. 29, 2011
`
`- Apple ’ s Petition
`
`*3
`
`In the grandparent of the present patent (11e., the "504 patent),-
`
`
`
`Case 6210-01-00417-l.ED Document 541
`
`Filed 10104112 Page I 01 I Pa9eID it 19045
`
`IN THE YNITED STATES DISTRICT COIJRT
`FOR THE EASTERN DISTRICT 0}’ TEX-XS
`TYLER DI\'ISIO.V
`
`In M of VimetX’s Notice of Non-Opposition to Defendanfs Motion for
`
`§
`§
`§
`
`§§
`
`I
`
`Reconsideration (Docket No- 424), the Court GRANTS Defendants" Motion foe Reconsideration
`
`\‘IR_N'IZTX INC.
`.
`.
`nmun.
`
`"S.
`
`asc—osmms.n-c-....t.
`
`Defendants.
`
`Befnte the Court IsDef
`
`,,,,,,.m.,,,C.,.,,,,,.,,,m,,,
`
`-
`
`(Docket No. 366). The tum “secure comimmication
`
`is construed to mean “a dinect
`
`(Docket No. 366). The lam:
`
`‘
`
`communication link that provides data secuiity through
`
`communcalion lmk that provides data secunty through enLx_vpnon."
`
`so ORDERED and SIGNED this all clay‘ of October, 2012.
`
`LEONARD DAVIS
`
`
`
`Patent 0wner’s Proposed Apple’s Proposed
`Construction
`Construction
`
`Board’s Preliminary
`Constmction
`
`Receiving a request
`pertaining to a first entity
`at another entity
`
`A proxy computer or
`No construction
`device receiving and
`necessary; alternatively,
`receiving a request to look acting on a request sent
`up an internet protocol
`by a first computer that
`address and, apart from
`was intended for another
`resolving it into an
`computer
`address, performing an
`evaluation on it related to
`
`establishing a secure
`communicationlink
`
`Patent Owner Response at 23
`
`
`
`- Patent Owner’s Response
`
`However, the ’697 patent goes on to explain that the claimed embodiments
`
`differ from conventional DNS- in part, because they apply an -=1<.Ec'{'I'c'L~:)u-.13 at-,;m <:-'i"
`
`"i_‘uuv:"r.c).:<1Ywty to a request to look up a network address beyond merely resolving it
`
`and retuming the network address-
`
`(Ex- 2025 at 17, 11 24, Monrose Decl.) For
`
`Patent Owner Response at 25
`
`
`
`Patent Owner’s Proposed Apple’sProposed
`Construction
`Construction
`
`Board’s Preliminary
`Construction
`
`No construction proposed No construction proposed Includes determining one
`or more of 1) whether the
`device is listed with a
`
`public internet addres s,
`and if so, allocating a
`private address for the
`second network device, or
`
`2) some indication ofthe
`relative permission level
`or security privileges of
`the requester
`
`Patent Owner Response at 27
`
`
`
`- Decision
`
`Based on the record. "determining. in response to the request. whether the second
`
`netvvork device is available for a sectue connmmications.“ includes determining.
`
`one or more of 1) '.~rv3t‘c>?F.‘ttr';r' 1'ttt~:.'v§b:>.<¢i::r:
`
`IL’i.*;’r:r§l xw,i'ch 2:1 .[.»1u'1:»;l‘;'r«‘; :"ruk:1:rtr$. ::‘.«i'l'dk:-'=:a.s, ssrmi-I :ii’:','
`
`.2 oz, ;=ilIl.cxc;::‘t't mg; .-:1 '{.):"i=.'(sL”~.w‘: ;:1'dl€h-.*.:.'-§.:€
`
`."ifc=:ir'.T;'-h-“.2 mrirzcartdl un1::‘t-we) :_‘E<_ 1:’ lrwi ifv.::_, or 2) so111e
`
`indication of the relative permission level or sectuity privileges of the requester.
`
`Decision at 15
`
`
`
`’697 Patent
`
`According to one embodiment. DNS proxy 2610 intercept s
`all DNS looku functions from client 2605 and—
`. . .[faccessto
`
`a secure site has been requested (as determined. for example.
`by a domain name extension. or by reference to an internal
`table of such sites). DNS proxy 2610 determines whether the
`user has sufficient security privileges to access the site.
`
`Ex. 1001 at 40:31-37, ’697 Patent
`
`
`
`- Decision
`
`Based on the record. "determining. in response to the request. whether the second
`
`network device is available fora secure connnunications.“ includes determining.
`
`one or more of 1) whether the device is listed with a public intemet address. and if
`
`so. allocating a private address for the second network device. or -
`
`..
`v
`i’nm_rIi1;:::'.‘c ‘mm .:c:«"n"iI‘ttr: ';uz:;“kr:'.‘c"r»w‘~‘ '.’-1=.:urwm?i::::imm ‘i’-.*\:.sm?l :c;sr ::.zr'r<)LI1.:'f.*-y ;r.>I'i'r~.<riiIi'='§‘;;:’I.-‘: =w.'I" i-W1‘: it-*rqp_:r:‘:;‘.«m;
`
`Decision at 15
`
`
`
`- Patent Owner’s Response
`
`'Ihe_
`
`—(Ex. 1001, claims 1 and 16, “whether the second network
`
`device is available for a secure communications service,” emphasis added). so the
`
`
`
`
`
`“detenmmng.' '
`
`phrase need not be limited to the Decision’s determre’mn'g
`
`“permission level or security privileges of the requester.”
`
`
`
`Patent Owners Proposed Apple’s Proposed
`Construction
`Constmction
`
`Board’s Preliminary
`Construction
`
`No construction proposed No construction proposed A secure communication
`link with the additional
`
`requirement that the link
`includes a portion ofa
`public network
`
`Patent Owner Response at 19
`
`
`
`Patent Owner"s Proposed Apple’sPropos_ed
`Construction
`Construction
`
`Board’sPreliminary
`Construction
`
`The process ofencoding
`The process ofencoding
`No construction
`data for transmission over data for transmission
`necessary; alternatively,
`a physical or
`the process ofencoding
`data for transmission over electromagnetic medium
`a medium by varying a
`by varying a carrier signal
`carrier signal
`
`Preliminary Response at 28
`Decision at 14
`
`
`
`Patent 0wner’s Proposed Apple’sProposed
`Construction
`Construction
`
`Board’s Preliminary
`Construction
`
`The functional
`
`The functional
`
`The functional
`
`configuration ofa
`configuration ofa
`configuration ofa
`computer that enables it to network device that
`network device that
`enables it to participate in participate in a secure
`enables it to participate in
`a secure communications
`communications link with a secure communications
`
`link with another network another computer
`device
`
`link with another network
`device
`
`Preliminary Response at 28
`Decision at 14
`
`
`
`Instituted Grounds
`
`(IPRZOI4-0023 7)
`
`
`
`- 35 U.S.C. § 102
`
`— Claims 1-11, 14-25, and 28-30 are anticipated by
`
`Beser
`
`- 35 U.S.C. § 103
`
`— Claims 1-11, 14-25, and 28-30 are obvious over
`
`Beser in View of RFC 2401
`
`
`
`PRNATE
`NETWORK
`
`PRNATE
`NETWORK
`
`
`
`ORIGINATING
`TELEPHONY
`DEVICE
`E
`
`TRUSTED-
`THIRD-PARTY
`NETWORK
`DEVICE
`
`TERMINATING
`TELEPHONY
`DEVICE
`25
`
`SECOND
`NETWORK
`DEVICE
`1!
`
`
`
`TRUSTED-
`THIRD-PARTY
`NETWORK
`DEVICE
`E
`
`SELECT FIRST
`PRIVATE IP
`TRUSTED-
`ADDRES: - - _ - - - — - - ---‘C:-151--—-_
`THIRD-PARTY
`NETWORK
`DEVICE
`E
`
`SELECT FIRST
`PRIVATE IP
`SELECT
`ADDRES: - - _ - - - — - - ---‘C:-151--—-_
`SECOND
`PRIVATE IP
`ADDRESS
`
`THIRD PACKET 191
`
`SELECT
`SECOND
`PRIVATE IP
`ADDRESS
`
`
`
`TRUSTEE)-
`THIRD-PARTY
`NETWORK
`
`SECOND
`NETWORK
`DEVICE
`1!
`
`SELECT FIRST
`PRIVATE IP
`ADDRESS
`
`SELECT
`SECOND
`PRIVATE IP
`ADDRESS
`
`
`
`- 35 U.S.C. § 102
`
`— Claims 1-11, 14-25, and 28-30 are anticipated by
`
`Beser
`
`
`
`1. A method of connecting a first network device zmd a
`second network device. the tnethod comprising:
`intercepting. from the first network device. a request to
`look up an internet protocol (IP) address of the second
`network device based on a domain name associated with
`
`the second network device:
`
`determining, in response to the request. whether the second
`network device is avai lablc fora secure communications
`
`service: and
`
`initiating a secure communication link between the first
`network device and the second network device based on
`
`a dctemiination that the second network device is avail-
`
`able for the secure communications service:
`
`wherein the secure communications service uses the secure
`
`
`
`Patent 0wner’s Proposed Apple’s Proposed
`Construction
`Construction
`
`Board’s Preliminary
`Constmction
`
`Receiving a request
`pertaining to a first entity
`at another entity
`
`A proxy computer or
`No construction
`device receiving and
`necessary; alternatively,
`receiving a request to look acting on a request sent
`up an internet protocol
`by a first computer that
`address and, apart from
`was intended for another
`resolving it into an
`computer
`address, performing an
`evaluation on it related to
`
`establishing a secure
`communicationlink
`
`Patent Owner Response at 23
`
`
`
`- Decision
`
`domain name associated with the second network device." According to Mr.
`
`Fr:-no-
`— See Ex. 1003 1i 355. According further to Mr. Fratto. a router
`
`evaluates all traffic flowing through it. and if a packet contains a request for
`
`initiating an IP numel. it will send the request to tiusted-third-party network deiice
`
`30.
`
`Decision at 20-21
`
`
`
`Patent Owner’s Response
`
`connection")
`
`,(‘}\‘L2“gp:r:1:a"t\"u'c> »m'.';m"r: tn ?.~uuut~.~I:‘n;,-5 .’;‘.':)cm:1c'atc»)u, even if it happens to
`
`include a domain name in some embodiments. -.613‘:-Ls
`
`'n«:11 -.r:‘o):m'uzf'.
`
`‘»3'u:~ rm-a~ra'f:~;;;
`
`u«:-‘1o,|_I!:1:3"L' ‘I ~f(c:~ Ffiirq C .~.wnm'1. '3 rr:z<_}Irr.':a”c (‘ca-> "IE:-;.c-J5: -.299; .-mt ‘I|1Y‘~:'.IIQ1j9)1’:§I0ItJC3l 1( 35);) ;-.t<a'Eo‘lz:.1:1.-5 '::-'1" x’I’:rc.‘
`
`t:m'r2m1-5l "Ii2‘r~'.‘J(o)I'k -.6b.<n1'c:.i,
`
`as recited in claim 1.
`
`(Ex. 2025 at 25. "40. Monrose
`
`Decl.) Whether the request
`
`includes a domain name or some other type of
`
`Patent Owner Response at 37
`
`
`
`INFORM A TRUSTED-THIRD-PARTY
`NETWORK DEVICE OF THE REQUEST ON
`A PUBLIC NETWORK
`
`INFORM A TRUSTED-THIRD-PARTY
`NETWORK DEVICE OF THE REQUEST ON
`A PUBLIC NETWORK
`
`ASSOCIATE A PUBLIC NETWORK
`ADDRESS FOR A SECOND NETWORK
`DEVICE ON THE TRUSTED-THIRD-PARTY
`NETWORK DEVICE
`INFORM A TRUSTED-THIRD-PARTY
`NETWORK DEVICE OF THE REQUEST ON
`A PUBLIC NETWORK
`
`ASSOCIATE A PUBLIC IP ADDRESS FOR A
`SECOND NETWORK DEVICE ON THE
`TRUSTED-THIRD-PARTY NETWORK
`DEVICE
`INFORM A TRUSTED-THIRD-PARTY
`NETWORK DEVICE OF THE REQUEST ON
`A PUBLIC NETWORK
`
`NEGOTIATE A FIRST PRIVATE NETWORK
`ADDRESS ON THE FIRST NETWORK
`DEVICE AND A SECOND PRIVATE
`ASSOCIATE A PUBLIC NETWORK
`NETWORK ADDRESS ON THE SECOND
`ADDRESS FOR A SECOND NETWORK
`NETWORK DEVICE THROUGH THE
`DEVICE ON THE TRUSTED-THIRD-PARTY
`PUBLIC NETWORK
`NETWORK DEVICE
`
`NEGOTIATE A FIRST PRIVATE IP
`ADDRESS ON THE FIRST NETWORK
`DEVICE AND A SECOND PRIVATE IP
`ASSOCIATE A PUBLIC IP ADDRESS FOR A
`ADDRESS ON THE SECOND NETWORK
`SECOND NETWORK DEVICE ON THE
`DEVICE THROUGH THE PUBLIC
`TRUSTED-THIRD-PARTY NETWORK
`NETWORK
`DEVICE
`
`NEGOTIATE A FIRST PRIVATE NETWORK
`ADDRESS ON THE FIRST NETWORK
`DEVICE AND A SECOND PRIVATE
`
`NEGOTIATE A FIRST PRIVATE IP
`ADDRESS ON THE FIRST NETWORK
`DEVICE AND A SECOND PRIVATE IP
`
`
`
`- Decision
`
`Mr. Fratto and Petitioner alternatively reason that—
`
` because the request includes a unique identifier.
`
`including a domain name. that identifies t11e teiminating end 26. or second network
`
`device. of the ttumeling association. instead of the ttusted-third-patty. See Pet.
`
`18-19; Ex. 1003 mi 305-306. 357-353. Pursuant to the request.—
`— in pan by looking up a public
`
`internet address based on the domain name associated with "second network
`
`device“ 26. as claim 1 requires.
`
`
`
`Device 30 Does Not Translate Domain Names to IP Addresses
`
`- Patent Owner’s Response
`
`Moreover. the trusted-third—party network device 30 does not perform any
`
`translation into an IP address of the domain name of the terminating device 26.
`
`(Ex. 2025 at 25-26. " 41. Monrose Decl.) After being informed of the request.
`
`trusted—third-party network device 30 associates an identifier (e.g.. a domain name)
`
`of terminating device 26 with a public IP address of a second network device 16.
`
`Patent Owner Response at 37
`
`A public IP 58 address for a second network device 16 is
`associated with the unique identifier for the terminating
`telephony device 26 at Step 116. The second network device
`
`
`
`START
`
`START
`
`COMMUNICATE THE FIRST PRIVATE
`NETWORK ADDRESS FROM THE FIRST
`NETWORK DEVICE TO THE SECOND
`NETWORK DEVICE THROUGH THE
`PUBLIC NETWORK
`
`COMMUNICATE THE FIRST PRIVATE
`NETWORK ADDRESS FROM THE FIRST
`NETWORK DEVICE TO THE SECOND
`NETWORK DEVICE THROUGH THE
`PUBLIC NETWORK
`
`COMMUNICATE THE SECOND PRIVATE
`NETWORK ADDRESS FROM THE
`SECOND NETWORK DEVICE TO THE
`FIRST NETWORK DEVICE THROUGH THE
`PUBLIC NETWORK
`
`COMMUNICATE THE SECOND PRIVATE
`Ex. 1009 at Fig. 7
`NETWORK ADDRESS FROM THE
`SECOND NETWORK DEVICE TO THE
`FIRST NETWORK DEVICE THROUGH THE
`
`
`
`1. A method of connecting a first network device and a
`second network device. the method comprising:
`intercepting. from the first network device. a request to
`look up an internet protocol (IP) address of the second
`network device based on a domain name associated with
`
`the second network device:
`
`initiating a secure connnunication link between the first
`network device and the second network device based on
`
`a detemiination that the second network device is avail-
`
`able for the secure conununications service:
`
`
`
`Patent Owner’s Proposed Apple’sProposed
`Construction
`Construction
`
`Board’s Preliminary
`Construction
`
`No construction proposed No construction proposed Includes determining one
`or more of 1) whether the
`device is listed with a
`
`public internet addres s,
`and if so, allocating a
`private address for the
`second network device, or
`
`2) some indication ofthe
`relative permission level
`or security privileges of
`the requester
`
`Patent Owner Response at 27
`
`
`
`“determining, in response to the request, Whether the
`
`second network device is available for a secure communications service”
`
`- Apple’s Petition
`
`Consequently.
`
`when methods shown in Beser are perfonned. they will necessarily determine if a
`
`second network device is available for sec1u'e communications.
`
`- Decision
`
`Petition at 21
`
`On this record. Beser’s system satisfies the determining step. because as
`
`outlined above in the claim construction section. determining the availability of
`
`second network device 26 for secure connnunication service reasonably includes
`
`detennining that the device has a private intemet address assigned to it, and that
`
`
`
`- App1e’s Petition
`
`when methods shown in Beser are pe1“fonned.
`
`Consequently.
`
`Petition at 21
`
`
`
`- Patent Owner’s Response
`
`_in which "a domain name in a request is recognized by the
`
`trusted-third-party network device but does not map to a device requiring
`
`negotiation of an 11> tunnel.” (Ex. 2025 at 23, 145, Monrose Decl.) -
`
`
`
`- Decision
`
`On this record, Beser’s system satisfies the determining step, because as
`
`outlined above in the claim construction section, determining the availability of
`
`second network device 26 for secure communication service reasonably includes
`
`— See Pet 19—2l: Ex. I003 ‘W 363-371-
`
`Decision at 23
`
`
`
`START
`
`START
`
`COMMUNICATE THE FIRST PRIVATE
`NETWORK ADDRESS FROM THE FIRST
`NETWORK DEVICE TO THE SECOND
`NETWORK DEVICE THROUGH THE
`PUBLIC NETWORK
`
`COMMUNICATE THE FIRST PRIVATE
`NETWORK ADDRESS FROM THE FIRST
`NETWORK DEVICE TO THE SECOND
`NETWORK DEVICE THROUGH THE
`PUBLIC NETWORK
`
`COMMUNICATE THE SECOND PRIVATE
`NETWORK ADDRESS FROM THE
`SECOND NETWORK DEVICE TO THE
`FIRST NETWORK DEVICE THROUGH THE
`PUBLIC NETWORK
`
`COMMUNICATE THE SECOND PRIVATE
`Ex. 1009 at Fig. 7
`NETWORK ADDRESS FROM THE
`SECOND NETWORK DEVICE TO THE
`FIRST NETWORK DEVICE THROUGH THE
`
`
`
`- Patent Owner’s Response
`
`In particular, Besefs tunnel-establishment process occurs in response to
`
`Besefs request to initiate a tunnel. but that request is not a “DNS" request that
`
`might result in a domain name server performing Mr. I-‘ratto's ‘hlown DNS
`
`operations." (Ex. 2025 at 31-32. 1] 50, Monrose Decl.) Beser provides no teaching
`
`on as issue.Also.
`
`— (Id)
`
`
`
`- Patent Owner’s Response
`
`less be capable of caxrying out Be.*;er‘s ttmnel-establishment process.
`
`(Id.)
`
`Patent Owner Response at 47,
`
`
`
`- Decision
`
`On this record, Beser’s system satisfies the detennining step. because as
`
`outlined above in the claim construction section, determining the availability of
`
`second network device 26 for secure commtmication service reasonably includes
`
`— See Pet. 19-21; Ex. 1003 W11 363-371.
`
`Decision at 23
`
`
`
`- Patent Owner’s Response
`
`Beser discloses two items sent from first network device 24, but neither
`
`pertains to authorization.
`
`(Ex- 2.025 at 32-33. 11 52- Monrose Decl.)_
`
`—<ie~~ die identifier indicating the end
`
`device with which the requesting device wishes to communicate).-
`
`— (See, e.g.. Ex. 1009 at 10:4-6: Ex. 2025 at 32.33.11 52, Monrose Decl-)
`
`Patent Owner Response at 48
`
`
`
`The Bit Sequence Does Not Indicate Authorization of Device 24
`
`- Patent Owner’s Response
`
`The second is a bit sequence from device 24 that “indicates to the tunnelling
`
`application that it should examine the informing message for its content and not
`
`ignore the datagranl" (Ex. 1009 at 8:35-9:1; Ex. 2025 at 32-33. ‘J 52. Monrose
`
`Decl_)
`
`It says nothing about device 24's authorization.
`
`Patent Owner Response at 48
`
`higher layer. For example, the indicator may be a distinctive
`sequence of hits at the beginning of a datagrarn that has been
`passed up from the network and transport layers. lly meth-
`ods known to those skilled in the art,
`the distinctive
`
`
`
`Beser Does Not Disclose “initiating a secure communication link .
`
`.
`
`. .”
`
`1. A method of connecting a first network device and a
`second network dev ice. the method comprising:
`intercepting. from the first network device. a request to
`look up an internet protocol (IP) address of the second
`network device based on a domain name associated with
`
`the second network device:
`
`cletennining. in response to the request. whether the second
`network device is ax-“ai Iablc fora secure communications
`
`service: and
`
`initiating a secure communication link between the first
`network device and the second network device based on
`
`a dctcmiination that the second network device is avail-
`
`able for the secure conununications service:
`
`
`
`Patent 0wner’s Proposed
`Constmction
`
`Apple’ .s Proposed
`Construction
`
`Board’s Preliminary
`Construction
`
`A direct communication
`
`A communication link in
`
`link that provides data
`security through
`encryption
`
`which computers
`privately and directly
`communicate with each
`
`other on insecure paths
`between the computers
`where the communication
`
`is both secure and
`
`anonymous, and where
`the data transferred may
`or may not be encrypted
`
`A transmission path that
`restricts access to data,
`
`addresses , or other
`information on the path,
`generally using
`obfuscation methods to
`
`hide information on the
`
`path, including, but not
`limited to, one or more of
`
`authentication,
`encryption, or address
`hopping
`
`Patent Owner Response at 10
`
`
`
`- Apple s Petition
`
`,
`
`.
`
`.
`
`tunnel based on the results of that evaluation. Ex. 1003 at M 302-309. Beser
`
`explainsthat
`
` (i.e.. u11der the IPsec protocol). and that
`
`encryption of the tunneling connection 0CClll'S automatically. Ex. 1003 at 1111 268-
`Petition at 22
`
`- Decision
`
`Based on the this determination of availability that involves negotiating
`
`between first and second network devices 24 and 26.—
`
`
`
`- Apple s Pet1t1on
`
`,
`
`.
`
`.
`
`tunnel based on tl1e results of that evaluation. Ex. 1003 at M 302-309. Beser
`
`explainsthat
`
` (i.e.. under the IPsec protocol). and that
`
`encryption of the tunneling co1mection OCClll'S automatically. Ex. 1003 at 1111 268-
`Petition at 22
`
`
`
`- App1e’s Previous Admission Regarding Beser
`
`A person ofordinary skill in the an would have relied on K_ent to
`being sent in IP tunnels between a first and
`second network device in the [P tunneling procedures being described in Beser,-
`Accordingly. Beser in View of gm
`would have rendered obvious claim 1 under 35 U.S.C. § 103.
`
`Ex. 2029 at 2, Apple’s Request for Inter Partes
`
`Reexamination in Control No. 95/001,682
`
`See also PO Response at 51
`
`
`
`Beser Teaches Away from Using Encryption
`
`- Dr. Monrose’s Declaration
`
`Given Be.s’er’s extensive teaching away from encryption a11d its
`
`associated coinputational burdens. Beser ne\'er discloses using enciyption or other
`
`si111ila1'1y burdeiisoine tecliniques fo1't1'ansn1itting data througli its tuimels.
`
`BACKGROUND 01* THE INVENTION
`
`Ex. 2025 at 1] 56, Monrose Decl.
`
`packet that is transmitted on the public net.work. The tun-
`neled IP packets, however, may need to be encrypted before
`the encapsulation in order to hide the source IP address.
`
`
`
`- Decision
`
`Based on the this determination of availability that involves negotiating
`
`between first and second network devices 24 and 26,—
` or
`
`both. satisfving the last two clauses of claim 1 and similar clauses in claim 16.
`
`Decision at 23
`
`
`
`- Patent Owner’s Response
`
`In the first cited passage. Beser discloses that_
`
` o ensute that the unique identifier cannot be
`
`read on the public network." (Ex. 1009 at 11:22-25.) These packets, however. are
`
`not communicated between device 24 and device 26 (i.e-. ovet the tunnel).
`
`(Ex. 2025 at 35-3641 58. Monrose Decl.) Rame:.—
`
`-—not over the tunnel after it is established.
`
`(See Ex. 1009 at 11:9-25: FIG.
`
`
`
`Beser Does Not Teach Encryption of Audio/Video on the Tunnel
`
`At Step 114. a tmsted-third-party network device 30 is
`informed of the request on the public network 12. The
`informing step may include one or multiple transfer of IP 58
`packets across the public network 12. 'lhe public network 12
`may include the Internet. For each transfer of a packet from
`the first network device 14 to the trusted-third-party network
`device 30, the first network device 14 constructs an IP 58
`packet. The header 82 of the [P58 packet includes the public
`network 12 address of the trusted-third-party network device
`30 in the destination address field 90 and the public network
`12 address of the first network device 14 in the source
`
`address field 88. At least one of the IP 58 packets includes
`the unique identifier for the terminating telephony device 26
`that had been included in the request message. The IP 58
`packets may require encryption or authentication to ensure
`
`ORIGINATING
`TELEPHONY
`
`TRU$TED-
`THIRD-PARTY
`NETWORK
`
`TERIINATING
`TELEPHONY
`DEVICE
`29
`
`SECOND
`NETWORK
`DEVICE
`1E
`
`
`
`However, accumulating all the packets from one
`source address may provide the hacker with sutlicient infor-
`mation to decrypt the message. Moreover, encryption at the
`source and decryption at the destination may be infeasible
`for certain data formats. For example, streaming data flows,
`such as multimedia or Voice-over—Internet-Protocol
`
`("VolP”), may require a great deal of computing power to
`encrypt or decrypt the IP packets on the fly. The increased
`strain on computer power may result in jitter, delay, or the
`
`
`
`- Patent Owner’s Response
`
`First, even if Bayer had incorporated IPsec by reference,
`
`
`
`— This explains why Beser never
`
`mentions using IPsec or encryption for any data on its tunnels-
`
`Second
`
` ‘To incorporate matter by reference. a host document
`
`must contain language ‘clearly identifying the subject matter which is incorporated
`
`and where it is to be found‘; a ‘mere reference to another application. or patent. or
`
`
`
`2. The metllod ofclaim 1. wherein at least (me of the video
`
`data and the audio data is encrypted over the secure co111n1u-
`nication link.
`
`Ex. 1001, ’697 Patent, Claim 2
`
`24. The systeni ofclaim 16, wherein at least one of the
`video data and the audio data is encrypted over the secure
`C0l11Il1l_lI1iCaIiCtIl link.
`
`Ex. 1001, ’697 Patent, Claim 24
`
`
`
`- Apple’s Previous Admission Regarding Beser
`
`A person ofordinary skill in the art would have relied on Kit to
`being sent in IP tunnels between a first and
`second network device in the IP tunneling procedures being described in Bcscr,—
`Accordingly. Beser in view of @
`would have rendered obvious claim 1 under 35 U.S.C. § 103.
`
`Ex. 2029 at 2, Apple’s Request for Inter Partes
`
`Reexamination in Control No. 95/001,682.
`
`See also PO Response at 51
`
`
`
`Beser Teaches Away from Using Encryption
`
`- Dr. Monrose’s Declaration
`
`Given Be.s’er’s extensive teaching away from encryption a11d its
`
`associated coinputational burdens. Beser ne\'er discloses using encryption or other
`
`siinilarly burdeiisoine tecliniques fo1't1'ansn1itting data tlirough its tuimels.
`
`BACKGROUND OF THE. INVENTION
`
`Ex. 2025 at 1] 56, Monrose Decl.
`
`packet that is transmitted on the public network. The tun-
`neled IP packets, however, may need to be encrypted before
`the encapsulation in order to hide the source IP address.
`
`
`
`- Patent Owner’s Response
`
`In the first cited passage. Beser discloses that_
`
` o ensute that the unique identifier cannot be
`
`read on the public network." (Ex. 1009 at 11:22-25.) These packets, however. are
`
`not communicated between device 24 and device 26 (i.e-. ovet the tunnel).
`
`(Ex. 2025 at 35-3641 58. Monrose Decl.) Rame:.—
`
`-—not over the tunnel after it is established.
`
`(See Ex. 1009 at 11:9-25: FIG.
`
`
`
`Beser Does Not Teach Encryption of Audio/Video on the Tunnel
`
`At Step 114. a tmsted-third-party network device 30 is
`informed of the request on the public network 12. The
`informing step may include one or multiple transfer of IP 58
`packets across the public network 12. 'lhe public network 12
`may include the Internet. For each transfer of a packet from
`the first network device 14 to the trusted-third-party network
`device 30, the first network device 14 constructs an IP 58
`packet. The header 82 of the [P58 packet includes the public
`network 12 address of the trusted-third-party network device
`30 in the destination address field 90 and the public network
`12 address of the first network device 14 in the source
`
`address field 88. At least one of the IP 58 packets includes
`the unique identifier for the terminating telephony device 26
`that had been included in the request message. The IP 58
`packets may require encryption or authentication to ensure
`
`ORIGINATING
`TELEPHONY
`
`TRU$TED-
`THIRD-PARTY
`NETWORK
`
`TERIINATING
`TELEPHONY
`DEVICE
`29
`
`SECOND
`NETWORK
`DEVICE
`1E
`
`
`
`However, accumulating all the packets from one
`source address may provide the hacker with sutlicient infor-
`mation to decrypt the message. Moreover, encryption at the
`source and decryption at the destination may be infeasible
`for certain data formats. For example, streaming data flows,
`such as multimedia or Voice-over—Internet-Protocol
`
`("VolP”), may require a great deal of computing power to
`encrypt or decrypt the IP packets on the fly. The increased
`strain on computer power may result in jitter, delay, or the
`
`
`
`- Patent Owner’s Response
`
`First, even if Bayer had incorporated IPsec by reference,
`
`
`
`— This explains why Beser never
`
`mentions using IPsec or encryption for any data on its tunnels-
`
`Second
`
` ‘To incorporate matter by reference. a host document
`
`must contain language ‘clearly identifying the subject matter which is incorporated
`
`and where it is to be found‘; a ‘mere reference to another application. or patent. or
`
`
`
`3. The method ofclaim ‘l , wherein the secure c:0n1munica-
`
`lion link is a virtual rivate network comnlunjcation link.
`
`Ex. 1001, ’697 Patent, Claim 3
`
`
`
`Beser Criticizes VPNs
`
`BACKGROUND OF THE INVENTION
`
`One method of thwarting the hacker is to establish a Virtual
`Private Network (“VPN'") by initiating a tunneling connec-
`tion between edge routers on the public network. For
`example. tunneling packets between two end-points over a
`public network is accomplished by encapsulating the IP
`packet to be tunneled within the payload field for another
`packet that is transmitted on the public network. The tun-
`neled IP packets, however, may need to be encrypted before
`the encapsulation in order to hide the source IP address.
`Once again, due to computer power limitations, this form of
`tunneling may be inappropriate for the transmission of
`
`
`
`<44‘ ‘=4 r
`
`1
`
`- 35 U.S.C. § 103
`
`— Claims 1-11, 14-25, and 28-30 are obvious over
`
`Beser in View of RFC 2401
`
`Decision at 33
`
`
`
`- Dr. Monrose’s Declaration
`
`- Beser acknowledges the existence of the [Psec protocol. but then recognizes
`
`its problems for
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
