`
`
`
`
`Filed on behalf of: VirnetX Inc.
`By:
`
`Joseph E. Palys
`Paul Hastings LLP
`875 15th Street NW
`Washington, DC 20005
`Telephone: (202) 551-1996
`Facsimile: (202) 551-0496
`E-mail: josephpalys@paulhastings.com
`
`
`
`Paper No.
`Filed: February 5, 2015
`
`Naveen Modi
`Paul Hastings LLP
`875 15th Street NW
`Washington, DC 20005
`Telephone: (202) 551-1990
`Facsimile: (202) 551-0490
`E-mail: naveenmodi@paulhastings.com
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`
`
`
`
`
`
`
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`
`
`
`
`
`
`
`
`
`
`
`APPLE INC.
`Petitioner
`
`v.
`
`VIRNETX INC.
`Patent Owner
`
`
`
`
`
`
`
`Case IPR2014-00238
`Patent 8,504,697
`
`
`
`
`
`
`
`
`
`
`Patent Owner’s Demonstrative Exhibits
`
`
`
`
`
`
`
`
`
`Inter Partes Review of
`
`US. Patent No. 8,504,697
`
`Oral Hearing: February 9, 2015
`
`Case No. IPR2014-00237
`
`Case No. IPR2014-00238
`
`
`
`Background
`
`
`
`‘; United States Patent
`[Irma « ll.
`\\3 3| fi‘ll \II IIIIIIIDNHIVH‘l- \\
`“v“! \| lhufll I'll I (II "I“ ‘ll III
`I "\I‘Il \II |
`‘\ l’IIV. ”I I .0.
`III“ ll‘ \ nl|\
`“an.“ x.
`mm \LI-lu
`MnMIl-hn’t-nlll lumn
`'. w n Mum“ an 5-..."
`"‘vw'l’.‘ u mm “a,“
`mun". u.” .m, aw \\
`mm x.
`\ltM\ I... (“an
`“L... .y ....
`n...
`Jud-\ll .t. I'
`t .
`w x.
`my», .,_.,.,
`1.. p... t .4”...
`nu... |..
`.uuu
`L": '-- Hung?
`0 AM
`Ihv :OJIH
`I‘m: Minn-- IM-
`.4 u
`m :-
`:n ,
`
`’697 Patent
`
`1" Jump:
`
`."1 .
`
`we": I A, mknttn Du.
`lulu-Jim” .1 um \-
`.‘HI ulul v
`'HI 1'
`-.‘t
`II All ntl
`- \
`‘II on”. m... t...
`|
`~ tuv uh.
`t. M. n
`l I ‘IH INCH-At
`t.._
`-..-o
`u u-a
`~|
`. Hal
`"fl-Jun \. "-1..
`ll - D‘d ‘n‘ ~Mun“
`ru u a
`t‘v
`ud "u
`.--
`u. nun "my...“ ry'tll . ~-
`n.‘,..m -,
`,
`
`.t “dud-u “an
`.n I»: an:
`I'“
`
`I Silifflhd‘fl
`
`l 5 8.504137 BI
`‘ “1‘ ti. 1M 3
`
`t n. Put-I \t:
`4 . Dale ul‘ Pltelt'
`up u.“
`1.“! I‘m
`I"
`I a II
`4.
`,m
`”dbl! hum-cu. wan!
`m
`y. “M
`.
`'H “nun. h
`WIN-(«l hr!
`.u xxx x
`\ |‘\.I‘-t
`ru.
`1....”
`v
`|\.\‘
`a...“
`~ num-
`vm-nmt-uvn u. NI\.
`
`\
`m'
`nu \
`
`-.
`
`» ”um
`llllrlH 71';
`a Ul.l‘\\
`l‘rt.-~‘\-l\~w-~ I-"
`.Umvv u...
`n It
`V
`-, nus-L
`k'lull m
`.nnv. . ub- ..
`._,.
`. 4, mm“
`n,“‘
`II?
`t
`nut-w I
`u.
`«an “-v‘ u'
`.‘I
`I “Jen u I
`'4‘
`lxrulnlmtkfi.
`(h VIIIJIIJI‘LH.
`llll Lll.‘
`m h
`. «(me
`-
`nu." .‘
`p' t .A n s
`um..- I
`,
`n va Aw.
`m. .t .n.»\
`n. n...n .m.
`" I In!
`\Ilu r. II In ‘\»'M “"0
`n<unl
`H . “Wuhan. .
`~vf?‘>.\' I!-
`p
`tl‘"l¥’vIlN
`.
`«A II. In ul-
`n
`mn Ir- I'p-Iw: 4~~ulvrn d. ulvhvmwu I v-v
`
`wt bun u "Huh: an“
`
`
`
`Ex. 1001, ’697 Patent
`
`/ RH
`NHIEESTU ‘\ no
`“Calif 51E / *
`R41!5'EU 1,-
`was
`
`IE3
`EHLMEEH.
`
`'31"? *EU‘EH
`
`MLPFHSI
`
`5:31:55
`
`I
`
`mega;
`nus RE' £51
`rcemm:
`'sn':
`
`4
`
`FIE-"U53.1%
`mséfien
`
`EH6
`
`‘."-.
`man
`'HIJ 5T UN‘LCW.‘
`ERQIR
`
`.1
`
`
`
`the second network device:
`
`detennining, in response to the request, whether the second
`network device is available fora secure communications
`
`service: and
`
`1. A method of connecting a first network device and a
`second network device, the method comprising:
`intercepting, from the first network device, a request to
`look up an internet protocol (IP) address of the second
`network device based on a domain name associated with
`
`Ex. 1001, ’697 Patent, Claim 1
`
`initiating a secure communication link between the first
`network device and the second network device based on
`
`a determination that the second network device is avail-
`
`able for the secure conununications service;
`wherein the secure communications service uses the secure
`
`conmmnication link to communicate at
`
`least one of
`
`video data and audio data between the first network
`
`device and the second network device.
`
`
`
`16. A system for connecting a first network device and a
`second network device. the system including one or more
`servers configured to:
`intercept. from the first network device. a request to look up
`an intemel protocol (IP) address oi~ the second network
`device based on a domain name associated with the
`
`Ex. 1001, ’697 Patent, Claim 16
`
`wherein the secure communications service uses the secure
`
`communication link to communicate at
`
`least one of
`
`video data and audio data between the first network
`
`device and the second network device.
`
`second network device:
`determine; in response to the request, whether the second
`network device is available for a secure connmmieations
`
`service; and
`
`initiate a secure communication link between the first net-
`
`work device and the second network device based on a
`
`detemiination that the second network device is avail-
`
`able for the secure connnunications service.
`
`
`
`- IPR2014-00237
`
`— Claims 1-11, 14-25, and 28-30 are anticipated by
`
`Beser
`
`— Claims 1-11, 14-25, and 28-30 are obvious over
`
`Beser in View of RFC 2401
`
`in View of RFC 2543
`
`— Claims 4-7 and 18-21 are obvious over Wesinger
`
`- IPR2014-00238
`
`— Claims 1-3, 8-11, 14-17, 22-25, and 28-30 are
`
`anticipated by Wesinger
`
`
`
`Claim Construction
`
`
`
`link that provides data
`security through
`encryption
`
`which computers
`privately and directly
`communicate with each
`
`other on insecure paths
`between the computers
`where the communication
`
`is both secure and
`
`anonymous, and where
`the data transferred may
`or may not be encrypted
`
`A transmission path that
`restricts access to data,
`
`hide information on the
`
`path, including, but not
`limited to, one or more of
`
`authentication,
`encryption, or address
`hopping
`
`Patent Owner’s Proposed
`Construction
`
`Apple’ 5 Proposed
`Construction
`
`Board’s Preliminary
`Construction
`
`A direct communication
`
`A communication link in
`
`Patent Owner Response at 10
`
`addresses , or other
`information on the path,
`generally using
`obfuscation methods to
`
`
`
`0 Decision
`
`Based on the foregoing. using a plain and ordinary construction in light of
`
`the ‘69’ Patent. the broadest reasonable construction of the term "secru‘e
`
`conmnmication link" is a transmission path that restricts access to data. addresses.
`
`or other information on the path. generally using div”literati-mt :ntflhmtt. to hide
`
`information on the path. including. but not limited to. one or more of
`
`.nut’jlmn‘c inclining encryption. 01‘ zmtfilrtrmm Whipping;
`
`Decision at 10
`
`Patent Owner Response at 11
`
`- Patent Owner’s Response
`
`The Decisions construction is also technically flawed.—
`
`— (Ex 2025 at 11. r 15.
`
`Monrose Decl-) The other techniques alone do not provide the claimed security.
`
`
`
`- Prosecution History: Patent Owner’s Response
`to Office Action of Dec. 29 2011
`
`Petition at 10 n.2 in IPR2014—00237
`
`- Apple’s Petition
`
`Ex. 1056 at 25, Patent Owner’s Response
`
`to Office Action of Dec. 29, 2011
`
`2
`
`In the grandparent of the present patent (1a, the ”504 patent),-
`
`- See Ex- 1056 at 25.
`
`
`
`In light of VimetX’s Notice of Non-Opposition to Defendant‘s Motion for
`
`Trial IPR2014—00237
`
`Case 6:10«cv—00417—LED Document 541
`
`Filed 1W12 Page I 01 I PagelD it 19045
`
`IN THE I'NTIED STATES DISTRICT COURT
`FOR THE EASTERN DISTRICT OF TEXAS
`TYLER DIVISIO)"
`
`§
`§
`§
`
`§§
`
`urcx'trx INC.
`.
`.
`mum.
`
`TS.
`
`asc-osmmsm-....L
`Defendants.
`
`Before the Court IS Defn
`
`mimcmcm -
`In light of Virnetx‘s
`
`ReconsidaationGJOdeINo. 42:)
`(Docket No 366) The Inn:
`‘
`
`Reconsideration (Docket No- 424), the Court GRANTS Defendants" Motion for Reconsideration
`
`(Docket No. 366). The term “secure cormmmication link is construed to mean “a direct
`
`communication link that provides data security through encryption.”
`
`connnimcation link that gum-ides data security through encryption."
`
`So ORDERED and SIGNED this 4th day of October, 2012,
`
`LEONARD DAVIS
`UNITED STATES DISTRICT JUDGE
`
`no: I ol 1
`
`VIRNETX EXHIBIT 200.)
`Apple v. VimetX
`
`
`
`Receiving a request
`pertaining to a first entity
`at another entity
`
`establishing a secure
`communicationlink
`
`Patent Owner’s Proposed Apple’s Proposed
`Construction
`Construction
`
`Board’s Preliminary
`Construction
`
`A proxy computer or
`No construction
`device receiving and
`necessary; alternatively,
`receiving a request to look acting on a request sent
`up an internet protocol
`by a first computer that
`address and: apart from
`was intended for another
`resolving it into an
`computer
`address, performing an
`evaluation on it related to
`
`Patent Owner Response at 23
`
`
`
`However, the ”697 patent goes on to explain that the claimed embodiments
`
`differ from conventional DNS- in part, because they apply an au'tc’hticpmil mtg/Q!
`
`<:-'i’
`
`’ijuurz‘mmi? fry to a request to look up a network address beyond merely resolving it
`
`- Patent Owner’s Response
`
`Patent Owner Response at 25
`
`and returning the network address-
`
`(Ex- 2025 at 17, 1] 24, Monrose Decl.) For
`
`
`
`Patent Owner’s Proposed Apple’sProposed
`Construction
`Construction
`
`Board’s Preliminary
`Constmction
`
`No construction proposed No construction proposed Includes determining one
`or more of 1) whether the
`device is listed with a
`
`Patent Owner Response at 27
`
`public internet addres s,
`and if so, allocating a
`private address for the
`second network device, or
`
`2) some indication ofthe
`relative permission level
`or security privileges of
`the requester
`
`
`
`0 Decision
`
`Based on the record. "determining. in response to the request. whether the second
`
`network device is available for a secru'e conmnmications.“ includes determining.
`
`Decision at 15
`
`one or more of l) 's‘vft‘rffitr'r' {the nitrite?) t3 Ittfmtl with 2:7. [putdt’tc :"tu‘aztrtrfl :zifii‘l’dkmss) :sm‘él :iii’.’
`
`:30), (’silll'ch-azttt .3 at '{Jr‘ix'mfr‘z Holding: I’ifcair'ijlr: satirzcmdi, inirz‘mvc):rfk tile-vim; 01' 2) some
`
`indication of the relative permission level or secmity privileges of the requester.
`
`
`
`’697 Patent
`
`According to one embodiment. DNS proxy 2610 intercepts
`all DNS looku functions from client 2605 and_
`.. _ .[faccessto
`
`Ex. 1001 at 40:31-37, ’697 Patent
`
`a secure site has been requested (as determined. for example.
`by a domain name extension. or by reference to an internal
`table of such sites). DNS proxy 2610 determines Whether the
`user has sufficient security privileges to access the site.
`
`
`
`- Decision
`
`Based on the record. "determining. in response to the request. whether the second
`
`network device is available for a secure connmmications.“ includes determining.
`
`one or more of 1) whether the device is listed with a public internet address. and if
`
`Decision at 15
`
`so. allocating a private address for the second network device. or 2) sic-mm
`
`i’nnirilix:r.‘c'mn cczififtrr: ';|z:;“i?:'.‘t"rw1 'rrzmvii-xsimm Emil {or :srmwg'fsy ‘5)ri'rxviilirwrx: mi" 3051?: itrrqizrrai‘mr’.
`
`
`
`0 Patent Owner’s Response
`
`The—
`
`—[Ex. 1001, claims 1 and 16, “whether the second network
`
`Patent Owner Response at 29-30
`
`device is available for a secure communications service," emphasis added). so the
`
`determining phrase need not be limited to the Decision’s determining
`
`“permission level or securityr privileges of the requester.”
`
`
`
`Patent Owner’s Proposed Apple’s Proposed
`Construction
`Constmction
`
`Board’s Preliminary
`Construction
`
`No construction proposed No construction proposed A secure communication
`link with the additional
`
`Patent Owner Response at 19
`
`requirement that the link
`includes a portion ofa
`public network
`
`
`
`Patent Owner’s Proposed Apple’sProposed
`Construction
`Construction
`
`Board’sPreliminary
`Construction
`
`The process ofencoding
`The process ofencoding
`No construction
`data for transmission over data for transmission
`necessary; alternatively,
`a physical or
`the process ofencoding
`data for transmission over electromagnetic medium
`a medium by varying a
`by varying a carrier signal
`carrier signal
`
`Decision at 14
`
`Preliminary Response at 28
`
`
`
`Patent Owner’s Proposed Apple’sProposed
`Construction
`Construction
`
`The functional
`
`The functional
`
`Board’s Preliminary
`Construction
`
`The functional
`
`configuration ofa
`configuration ofa
`configuration ofa
`computer that enables it to network device that
`network device that
`enables it to participate in participate in a secure
`enables it to participate in
`a secure communications
`communications link with a secure communications
`
`Decision at 14
`
`link with another network another computer
`device
`
`link with another network
`device
`
`Preliminary Response at 28
`
`
`
`Instituted Grounds
`
`(IPR2014-0023 7)
`
`
`
`- 35 U.S.C. § 102
`
`Beser
`
`- 35 U.S.C. § 103
`
`— Claims 1-11, 14-25, and 28-30 are anticipated by
`
`Beser in View of RFC 2401
`
`— Claims 1-11, 14-25, and 28-30 are obvious over
`
`
`
`Ex. 1009, Fig. 1
`
`PRNATE
`NETWORK
`
`
`
`ORIGINATING
`TELEPHONY
`DEVICE
`g
`
`TRUSTED-
`THIRD-PARTY
`NETWORK
`DEVICE
`
`TERMINATING
`TELEPHONY
`DEVICE
`25
`
`Ex. 1009, Fig. 6
`
`SECOND
`NETWORK
`DEVICE
`1!
`
`
`
`TRUSTED-
`THIRD-PARTY
`NETWORK
`DEVICE
`E
`
`SELECT FIRST
`PRIVATE IP
`moasss
`____________ .6151 - _ _ _ _
`
`EX. 1009, Fig. 9
`
`SELECT
`SECOND
`PRIVATE IP
`ADDRESS
`
`THIRD PACKET 191
`
`
`
`TRUSTEE)-
`THIRD-PARTY
`NETWORK
`
`SECOND
`NETWORK
`DEVICE
`1!
`
`Ex. 1009, Fig. 14
`
`SELECT
`SECOND
`PRIVATE IP
`ADDRESS
`
`SELECT FIRST
`PRIVATE IP
`ADDRESS
`
`
`
`- 35 U.S.C. § 102
`
`Beser
`
`— Claims 1-11, 14-25, and 28-30 are anticipated by
`
`Decision at 33
`
`
`
`the second network device:
`
`(letennining. in response to the request. whether the second
`network device is available fora secure communications
`
`service: and
`
`l. A method of connecting a first network device and a
`second network device. the method comprising:
`intercepting. from the first network device. a request to
`look up an internet protocol (1P) address of the second
`network device based on a domain name associated with
`
`Ex. 1001, ’697 Patent, Claim 1
`
`initiating a secure communication link between the first
`network device and the second network device based on
`
`a detemiination that the second network device is avail-
`
`able for the secure conununications service:
`
`wherein the secure communications service uses the secure
`
`conununication link to connnunicate at
`
`least one ol’
`
`video data and audio data between the first network
`
`device and the second network device.
`
`
`
`Receiving a request
`pertaining to a first entity
`at another entity
`
`establishing a secure
`communicationlink
`
`Patent Owner’s Proposed Apple’s Proposed
`Construction
`Construction
`
`Board’s Preliminary
`Construction
`
`A proxy computer or
`No construction
`device receiving and
`necessary; alternatively,
`receiving a request to look acting on a request sent
`up an internet protocol
`by a first computer that
`address and: apart from
`was intended for another
`resolving it into an
`computer
`address, performing an
`evaluation on it related to
`
`Patent Owner Response at 23
`
`
`
`- Decision
`
`domain name associated with the second network device." According to Mr.
`
`mm.—
`— See Ex. 1003 1i 355. According further to Mr. Pratto. a router
`
`Decision at 20-21
`
`evaluates all traffic flowing through it. and if a packet contains a request for
`
`initiating an IP tunnel. it will send the request to misted-third-paity network defice
`
`30.
`
`
`
`connection") A *Lu‘gpttwfi \"m mn’mt‘re 7:1 munching}; racictuuc'mm, even if it happens to
`
`include a domain name in some embodiments.
`
`v
`
`wzuqntua”; ': ”RD Ffi'm‘ momma]. "'Htachtrm' (to) Nola-15a 229;; an: ’m‘ceuul jp)r:)"(omc3l Z( 39;) :1tdko‘lm:1:s 'cy'i’flitc.‘
`
`Patent Owner’s Response
`
`Patent Owner Response at 37
`
`zmrmuo‘l wra‘wxom'k {stow/tram,
`
`as recited in claim 1.
`
`(Ex. 2025 at 25. ‘40. Monrose
`
`Decl.) Whether the request
`
`includes a domain name or some other type of
`
`
`
`Ex. 1009 at Fig. 5
`
`NEGOTIATE A FIRST PRIVATE NETWORK
`ADDRESS ON THE FIRST NETWORK
`DEVICE AND A SECOND PRIVATE
`NETWORK ADDRESS ON THE SECOND
`NETWORK DEVICE THROUGH THE
`PUBLIC NETWORK
`
`INFORM A TRUSTED-THIRD-PARTY
`NETWORK DEVICE OF THE REQUEST ON
`A PUBLIC NETWORK
`
`INFORM A TRUSTED-THIRD-PARTY
`NETWORK DEVICE OF THE REQUEST ON
`A PUBLIC NETWORK
`
`ASSOCIATE A PUBLIC NETWORK
`ADDRESS FOR A SECOND NETWORK
`DEVICE ON THE TRUSTED-THIRD—PARTY
`NETWORK DEVICE
`
`ASSOCIATE A PUBLIC IP ADDRESS FOR A
`SECOND NETWORK DEVICE ON THE
`TRUSTEDoTHIRD-PARTY NETWORK
`DEVICE
`
`NEGOTIATE A FIRST PRIVATE IP
`ADDRESS ON THE FIRST NETWORK
`DEVICE AND A SECOND PRIVATE IP
`ADDRESS ON THE SECOND NETWORK
`DEVICE THROUGH THE PUBLIC
`NETWORK
`
`
`
`- Decision
`
`Mr. Fratto and Petitioner alternatively reason that—
`
`Decision at 21
`
`18—19; Ex. 1003 m 305—306. 357—358. Pursuant to the request.—
`— in pan by lookmg up a public
`
`_ because the request includes a unique identifier.
`
`including a domain name. that identifies the terminating end 26. or second network
`
`device. of the tunneling association. instead of the tmsted-third-pany. See Pet.
`
`internet address based on the domain name associated with “second network
`
`device“ 26. as claim 1 requires.
`
`
`
`Device 30 Does Not Translate Domain Names to IP Addresses
`
`- Patent Owner’s Response
`
`Moreover. the tnisted-third—partjy' network device 30 does not perform any
`
`translation into an IP address of the domain name of the terminating device 26.
`
`(Ex. 2025 at 25-26. " 41. Monrose Decl.) After being informed of the request.
`
`Ex. 1009 at 11:26-32
`
`A public IP 58 address for a second network device 16 is
`associated with the unique identifier for the terminating
`telephony device 26 at Step 116. The second network device
`16 is associated with the terminating telephony device 26.
`This association of the public IP 58 address for the second
`network device 16 with the unique identifier is made on the
`trusted-third-party network device 30. In one exemplary
`
`trusted—third-pany network device 30 associates an identifier (e.g.. a domain name)
`
`of terminating device 26 with a public IP address of a second network device 16.
`
`Patent Owner Response at 37
`
`
`
`START
`
`COMMUNICATE THE FIRST PRIVATE
`NETWORK ADDRESS FROM THE FIRST
`NETWORK DEVICE TO THE SECOND
`NETWORK DEVICE THROUGH THE
`PUBLIC NETWORK
`
`Ex. 1009 at Fig. 7
`
`COMMUNICATE THE SECOND PRIVATE
`NETWORK ADDRESS FROM THE
`SECOND NETWORK DEVICE TO THE
`FIRST NETWORK DEVICE THROUGH THE
`PUBLIC NETWORK
`
`
`
`l. A method of connecting a first network device and a
`second network device. the method comprising:
`intercepting. from the first network device. a request to
`look up an internet protocol (IP) address of the second
`network device based on a domain name associated with
`
`Ex. 1001, ’697 Patent, Claim 1
`
`the second network device:
`
`initiating a seetir" communication link between the first
`network device and the second network device based on
`
`a dctemiination that the second network device is avail-
`
`able for the secure conununications service:
`
`wherein the secure communications service uses the secure
`
`conmumication link to conununicate at
`
`least one ol
`
`video data and audio data between the first network
`
`device and the second network device.
`
`
`
`Patent Owner’s Proposed Apple’sProposed
`Construction
`Construction
`
`Board’s Preliminary
`Constmction
`
`No construction proposed No construction proposed Includes determining one
`or more of 1) whether the
`device is listed with a
`
`Patent Owner Response at 27
`
`public internet addres s,
`and if so, allocating a
`private address for the
`second network device, or
`
`2) some indication ofthe
`relative permission level
`or security privileges of
`the requester
`
`
`
`“determining, in response to the request, Whether the
`
`second network device is available for a secure communications service”
`
`- Apple’s Petition
`
`Consequently.
`
`Decision at 23
`
`outlined above in the claim construction section. determining the availability of
`
`when methods shown in Beser are performed. they will necessarily determine if a
`
`second network device is available for secm‘e connnunications.
`
`- Decision
`
`Petition at 21
`
`On this record. Beser’s system satisfies the determining step. because as
`
`second network device 26 for secure commtmication service reasonably includes
`
`determining that the device has a private internet address assigned to it, and that
`
`the originating device. device 24, has authorization to communicate. or a private
`
`network address assigned to it, or both. See Pet. 19—2 1: Ex. 1003 ‘N 363—371.
`
`
`
`- Apple’s Petition
`
`Consequently.
`
`when methods shown in Beser are pelfomled.—
`
`Petition at 21
`
`
`
`- Patent Owner’s Response
`
`—in which "a domain name in a request is recognized by the
`
`Patent Owner Response at 42
`
`trusted-thiId-part}r network device but does not map to a device requifing
`
`negotiation of an [P tunnel.“ (£12025- at 28, $45: Monrose Decl.) -
`
`
`
`- Decision
`
`On this record, Beser’s system satisfies the determining step, because as
`
`outlined above in the claim construction section. determining the availability of
`
`second network device 26 for secure communication service reasonably includes
`
`Decision at 23
`
`_ See Pet- 19—21: Ex- 1003 W 363—371-
`
`
`
`START
`
`COMMUNICATE THE FIRST PRIVATE
`NETWORK ADDRESS FROM THE FIRST
`NETWORK DEVICE TO THE SECOND
`NETWORK DEVICE THROUGH THE
`PUBLIC NETWORK
`
`Ex. 1009 at Fig. 7
`
`COMMUNICATE THE SECOND PRIVATE
`NETWORK ADDRESS FROM THE
`SECOND NETWORK DEVICE TO THE
`FIRST NETWORK DEVICE THROUGH THE
`PUBLIC NETWORK
`
`
`
`In particular, Beser‘s Mel-establishment process occurs in response to
`
`Beser's request to initiate a tunnel. but that request is not a “DNS" request that
`
`might result in a domain name server performing Mr. Fratto's ‘known DNS
`
`- Patent Owner’s Response
`
`Patent Owner Response at 46-47
`
`operations." (Ex. 2025 at 31-32. 1] 50, Monrose Decl.) Beser provides no teaching
`
`on this issue. Also,—
`
`— (Id-J
`
`
`
`- Patent Owner’s Response
`
`Citing Ex. 2025 at 1] 50, Monrose Dec].
`
`Patent Owner Response at 47,
`
`less be capable of caxrying out Eater’s flannel-establishment process-
`
`(1d,)
`
`
`
`- Decision
`
`On this record, Beser’s system satisfies the determining step. because as
`
`outlined above in the claim construction section, determining the availability of
`
`second network device 26 for secure commtmication service reasonably includes
`
`Decision at 23
`
`— See Pet. 19—21; Ex. 1003 w 363—371.
`
`
`
`- Patent Owner’s Response
`
`Beser discloses two items sent from first network device 24, but neither
`
`pertains to authorization.
`
`(Ex- 2.025 at 32-33, 11 52- Monrose Decl.)-
`
`—<i-e~~ the identifier indicating the end
`
`device with which the requesting device wishes to communicate)—
`
`Ex. 1009 at 1024-6
`
`Step 112. The first network device 14 is asmciated with the
`originating telephony device 24, and the request includes a
`_1n
`
`- (See, e.g.. Ex. 1009 at 10:4-6: Ex. 2025 at 32—33. 11 52, Monrose Decl-)
`
`Patent Owner Response at 48
`
`
`
`The second is a bit sequence from device 24 that “indicates to the tunnelling
`
`application that it should examine the informing message for its content and not
`
`ignore the datagram" (Ex. 1009 at 8235-931; Ex. 2025 at 32-33. ‘J 52. Monrose
`
`Decl.)
`
`It says nothing about device 245 authorization.
`
`Patent Owner Response at 48
`
`The Bit Sequence Does Not Indicate Authorization of Device 24
`
`- Patent Owner’s Response
`
`Ex. 1009 at 8:37—43
`
`higher layer. For example, the indicator may be a distinctive
`sequence of hits at the beginning of a datagram that has been
`passed up from the network and transport layers. liy meth-
`eds known to those skilled in the art,
`the distinctive
`sequence of bits indicates to the tunneling application that it
`should examine the request message [or its content and not
`ignore the datagram. However, the higher layer may be other
`
`
`
`Beser Does Not Disclose “initiating a secure communication link .
`
`.
`
`. .”
`
`the second network device;
`
`detennining, in response to the request. whether the second
`network device is avai Iahlc fora secure et‘tmmunicatit‘ms
`
`service: and
`
`l. A method of connecting a first network device and a
`second network device. the method comprising:
`intercepting. from the first network device. a request to
`look up an internet protocol (IP) address of the second
`network device based on a domain name associated with
`
`Ex. 1001, ’697 Patent, Claim 1
`
`initiating a secure cmnmunication link between the first
`network device and the second network device based on
`
`a detemtination that the second network device is avail-
`
`able for the secure conununications service:
`
`wherein the secure communications service uses the secure
`
`conununication link to connnunicate at
`
`least one of
`
`video data and audio data between the first network
`
`device and the second network device.
`
`
`
`link that provides data
`security through
`encryption
`
`which computers
`privately and directly
`communicate with each
`
`other on insecure paths
`between the computers
`where the communication
`
`is both secure and
`
`anonymous, and where
`the data transferred may
`or may not be encrypted
`
`A transmission path that
`restricts access to data,
`
`hide information on the
`
`path, including, but not
`limited to, one or more of
`
`authentication,
`encryption, or address
`hopping
`
`Patent Owner’s Proposed
`Construction
`
`Apple’ 5 Proposed
`Construction
`
`Board’s Preliminary
`Construction
`
`A direct communication
`
`A communication link in
`
`Patent Owner Response at 10
`
`addresses , or other
`information on the path,
`generally using
`obfuscation methods to
`
`
`
`- Apple s Petltlon
`
`7
`
`.
`
`.
`
`Decision at 23
`
`between first and second network devices 24 and 26.—
`— or
`
`tunnel based on the results of that evaluation. Ex. 1003 at M 302-309. Besei'
`
`explainsm...—
`
`—(i.e.. under the IPsec protocol). and that
`
`encryption of the tunneling connection occ1us automatically. Ex. 1003 at W 268-
`Petition at 22
`
`0 Decision
`
`Based on the this determination of availability that involves negotiating
`
`both- satisfying the last two clauses of claim 1 and similar clauses in claim 16.
`
`
`
`- Apple 3 Pet1t1on
`
`,
`
`.
`
`.
`
`tunnel based on the results of that evaluation. Ex. 1003 at M 302-309. Beser
`
`—(i.e.. under the IPsec protocol). and that
`
`encryption of the tunneling connection OCClll'S automatically. Ex. 1003 at 111] 268-
`
`explainsmar—
`
`Petition at 22
`
`
`
`- Apple’s Previous Admission Regarding Beser
`
`A person ofordinary skill in the an would have relied on [gent to
`being sent in IP tunnels between a first and
`second network device in the 1P tunneling procedures being described in Beser,_
`Accordingly. Beser in View of @t
`would have rendered obvious claim 1 under 35 U.S.C. § 103.
`
`See also P0 Response at 51
`
`Ex. 2029 at 2, Apple’s Request for Inter Partes
`
`Reexamination in Control No. 95/001,682
`
`
`
`Given Beser’s extensive teaching away from encryption and its
`
`associated computational burdens. Beser never discloses using encryption or other
`
`similarly burdensome techniques for transmitting data through its tunnels.
`
`BACKGROUND 01'" THE INVENTION
`
`Ex. 2025 at 1} 56, Monrose Decl.
`
`Beser Teaches Away from Using Encryption
`
`- Dr. Monrose’s Declaration
`
`Ex. 1009 at 2:12—17
`
`packet that is transmitted on the public network. The tun-
`neled IP packets, however, may need to be encrypted before
`the encapsulation in order to hide the source IP address.
`Once again, due to computer power limitations, this form of
`tunneling may be inappropriate for the transmission of
`multimedia or VoIP packets.
`
`
`
`- Decision
`
`Based on the this determination of availability that involves negotiating
`
`both. satisfving the last two clauses of claim 1 and similar clauses in claim 16.
`
`between first and second network devices 24 and 26,—
`— or
`
`Decision at 23
`
`
`
`In the first cited passage. Beser discloses that—
`
`—to ensme that the unique identifier cannot be
`
`- Patent Owner’s Response
`
`Patent Owner Response at 52-53
`
`read on the public network." (Ex. 1009 at 11:22-25-) These packets, however. are
`
`not communicated between device 24 and device 26 (Le. ovet the tunnel).
`
`(Ex. 2025 at 3536.11 58. Monrose Decl.) Rather.—
`
`-—not over the tunnel after it is established.
`
`(See Ex. 1009 at 1129-25: FIG.
`
`6. 114 "INFORM": Ex. 2025 at 35-36. 1% 58. Monrose Decl.)—
`
`
`
`Beser Does Not Teach Encryption of Audio/Video 0n the Tunnel
`
`130
`
`TERIINATING
`TELEPHONY
`DEVICE
`29
`
`SECOND
`NETWORK
`DEVICE
`1!
`
`At Step 114. a trusted-third-party network device 30 is
`informed of the request on the public network 12. The
`informing step may include one or multiple transfer of IP 58
`packets across the public network 12. 'Ihe public network 12
`may include the Internet. For each transfer of a packet from
`the first network device 14 to the trusted-third-party network
`device 30, the first network device 14 constructs an IP 58
`packet. The header 82 of the IP58 packet includes the public
`network 12 address of the tmste‘d-third-party network device
`30 in the destination address field 90 and the public network
`12 address of the first network device 14 in the source
`
`Ex. 1009, Fig. 6
`
`ORIGINATING
`TELEPHONY
`
`TRUSTED-
`THIRD-PARTY
`NETWORK
`
`address field 88. At least one of the IP 58 packets includes
`the unique identifier for the terminating telephony device 26
`that had been included in the request message. The IP 58
`packets may require encryption or authentication to ensure
`that
`the unique identifier cannot be read on the public
`network 12.
`
`EX. 1009 at 11:9-25
`
`
`
`Of course,
`
`However, accumulating all the packets from one
`source address may provide the hacker with sufiicient infor-
`mation to decrypt the message. Moreover, encryption at the
`source and decryption at the destination may be infeasible
`for certain data formats. For example, streaming data flows,
`such as multimedia or Voice-over-Internet-Protocol
`
`Ex. 1009 at 1:40-67
`
`("VOW”), may require a great deal of computing power to
`encrypt or decrypt the IP packets on the fly. The increased
`strain on computer power may result in jitter, delay, or the
`loss of some packets. The expense of added computer power
`might also dampen the customer’s desire to invest in VoIP
`equipment.
`
`
`
`Patent Owner Response at 54
`
`_—
`
`- Patent Owner’s Response
`
`First, even if Boxer had incorporated IPsec by reference,
`
`This explains why Beser never
`
`mentions using [Psec or encryption for any data on its tunnels-
`
`Second—
`
`— ”To incorporate matter by reference. a host document.
`
`must contain language ‘clearly identifying the subject matter which is incorporated
`
`and Where it is to be found‘; a “mere reference to another application. or patent or
`
`publication is not an incorporation of anything therein.w Callmvay Golf Co. v.
`
`Acuslmet Ca, 576 F.3d 1331. 1346 (Fed. Cir. 2009) (emphasis original).
`
`
`
`2. The method ofclaim It wherein at least one of the video
`
`data and the audio data is encrypted over the secure commu-
`nication link.
`
`Ex. 1001, ’697 Patent, Claim 24
`
`24. The system of claim 16, wherein at least one of the
`video data and the audio data is encrypted over the secure
`communication link.
`
`Ex. 1001, ’697 Patent, Claim 2
`
`
`
`- Apple’s Previous Admission Regarding Beser
`
`A person ofordinary skill in the art would have relied on KLnt to
`being sent in IP tunnels between a first and
`second network device in the IP tunneling procedures being described in Boson—
`Accordingly. Beser in View of @
`would have rendered obvious claim 1 under 35 U.S.C. § 103.
`
`See also PO Response at 51
`
`Ex. 2029 at 2, Apple’s Request for Inter Partes
`
`Reexamination in Control No. 95/001,682.
`
`
`
`Beser Teaches Away from Using Encryption
`
`- Dr. Monrose’s Declaration
`
`Given Beser’s extensive teaching away from encryption and its
`
`associated computational burdens. Beser never discloses using encryption or other
`
`similarly burdensome techniques for transmitting data through its tuimels.
`
`BACKGROUND OF THE, INVENTION
`
`Ex. 2025 at 1} 56, Monrose Decl.
`
`Ex. 1009 at 2:12-17
`
`packet that is transmitted on the public network. The tun-
`neled IP packets, however, may need to be encrypted before
`the encapsulation in order to hide the source IP address.
`Once again, due to computer power limitations, this form of
`tunneling may be inappropriate for the transmission of
`multimedia or VoIP packets.
`
`
`
`In the first cited passage. Beser discloses that—
`
`—to ensme that the unique identifier cannot be
`
`- Patent Owner’s Response
`
`Patent Owner Response at 52-53
`
`read on the public network." (Ex. 1009 at 11:22-25-) These packets, however. are
`
`not communicated between device 24 and device 26 (Le. ovet the tunnel).
`
`(Ex. 2025 at 3536.11 58. Monrose Decl.) Rather.—
`
`-—not over the tunnel after it is established.
`
`(See Ex. 1009 at 1129-25: FIG.
`
`6. 114 "INFORM": Ex. 2025 at 35-36. 1% 58. Monrose Decl.)—
`
`
`
`Beser Does Not Teach Encryption of Audio/Video 0n the Tunnel
`
`130
`
`TERIINATING
`TELEPHONY
`DEVICE
`29
`
`SECOND
`NETWORK
`DEVICE
`1!
`
`At Step 114. a trusted-third-party network device 30 is
`informed of the request on the public network 12. The
`informing step may include one or multiple transfer of IP 58
`packets across the public network 12. 'Ihe public network 12
`may include the Internet. For each transfer of a packet from
`the first network device 14 to the trusted-third-party network
`device 30, the first network device 14 constructs an IP 58
`packet. The header 82 of the IP58 packet includes the public
`network 12 address of the tmste‘d-third-party network device
`30 in the destination address field 90 and the public network
`12 address of the first network device 14 in the source
`
`Ex. 1009, Fig. 6
`
`ORIGINATING
`TELEPHONY
`
`TRUSTED-
`THIRD-PARTY
`NETWORK
`
`address field 88. At least one of the IP 58 packets includes
`the unique identifier for the terminating telephony device 26
`that had been included in the request message. The IP 58
`packets may require encryption or authentication to ensure
`t
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
