`
`
`
`
`Filed on behalf of: VirnetX Inc.
`By:
`
`Joseph E. Palys
`Paul Hastings LLP
`875 15th Street NW
`Washington, DC 20005
`Telephone: (202) 551-1996
`Facsimile: (202) 551-0496
`E-mail: josephpalys@paulhastings.com
`
`
`
`Paper No.
`Filed: February 5, 2015
`
`Naveen Modi
`Paul Hastings LLP
`875 15th Street NW
`Washington, DC 20005
`Telephone: (202) 551-1990
`Facsimile: (202) 551-0490
`E-mail: naveenmodi@paulhastings.com
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`
`
`
`
`
`
`
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`
`
`
`
`
`
`
`
`
`
`
`APPLE INC.
`Petitioner
`
`v.
`
`VIRNETX INC.
`Patent Owner
`
`
`
`
`
`
`
`Case IPR2014-00238
`Patent 8,504,697
`
`
`
`
`
`
`
`
`
`
`Patent Owner’s Demonstrative Exhibits
`
`
`
`
`
`
`
`
`
`Inter Partes Review of
`
`US. Patent No. 8,504,697
`
`Oral Hearing: February 9, 2015
`
`Case No. IPR2014-00237
`
`Case No. IPR2014-00238
`
`
`
`Background
`
`
`
`‘; United States Patent
`[Irma « ll.
`\\3 3| fi‘ll \II IIIIIIIDNHIVH‘l- \\
`“v“! \| lhufll I'll I (II "I“ ‘ll III
`I "\I‘Il \II |
`‘\ l’IIV. ”I I .0.
`III“ ll‘ \ nl|\
`“an.“ x.
`mm \LI-lu
`MnMIl-hn’t-nlll lumn
`'. w n Mum“ an 5-..."
`"‘vw'l’.‘ u mm “a,“
`mun". u.” .m, aw \\
`mm x.
`\ltM\ I... (“an
`“L... .y ....
`n...
`Jud-\ll .t. I'
`t .
`w x.
`my», .,_.,.,
`1.. p... t .4”...
`nu... |..
`.uuu
`L": '-- Hung?
`0 AM
`Ihv :OJIH
`I‘m: Minn-- IM-
`.4 u
`m :-
`:n ,
`
`’697 Patent
`
`1" Jump:
`
`."1 .
`
`we": I A, mknttn Du.
`lulu-Jim” .1 um \-
`.‘HI ulul v
`'HI 1'
`-.‘t
`II All ntl
`- \
`‘II on”. m... t...
`|
`~ tuv uh.
`t. M. n
`l I ‘IH INCH-At
`t.._
`-..-o
`u u-a
`~|
`. Hal
`"fl-Jun \. "-1..
`ll - D‘d ‘n‘ ~Mun“
`ru u a
`t‘v
`ud "u
`.--
`u. nun "my...“ ry'tll . ~-
`n.‘,..m -,
`,
`
`.t “dud-u “an
`.n I»: an:
`I'“
`
`I Silifflhd‘fl
`
`l 5 8.504137 BI
`‘ “1‘ ti. 1M 3
`
`t n. Put-I \t:
`4 . Dale ul‘ Pltelt'
`up u.“
`1.“! I‘m
`I"
`I a II
`4.
`,m
`”dbl! hum-cu. wan!
`m
`y. “M
`.
`'H “nun. h
`WIN-(«l hr!
`.u xxx x
`\ |‘\.I‘-t
`ru.
`1....”
`v
`|\.\‘
`a...“
`~ num-
`vm-nmt-uvn u. NI\.
`
`\
`m'
`nu \
`
`-.
`
`» ”um
`llllrlH 71';
`a Ul.l‘\\
`l‘rt.-~‘\-l\~w-~ I-"
`.Umvv u...
`n It
`V
`-, nus-L
`k'lull m
`.nnv. . ub- ..
`._,.
`. 4, mm“
`n,“‘
`II?
`t
`nut-w I
`u.
`«an “-v‘ u'
`.‘I
`I “Jen u I
`'4‘
`lxrulnlmtkfi.
`(h VIIIJIIJI‘LH.
`llll Lll.‘
`m h
`. «(me
`-
`nu." .‘
`p' t .A n s
`um..- I
`,
`n va Aw.
`m. .t .n.»\
`n. n...n .m.
`" I In!
`\Ilu r. II In ‘\»'M “"0
`n<unl
`H . “Wuhan. .
`~vf?‘>.\' I!-
`p
`tl‘"l¥’vIlN
`.
`«A II. In ul-
`n
`mn Ir- I'p-Iw: 4~~ulvrn d. ulvhvmwu I v-v
`
`wt bun u "Huh: an“
`
`
`
`Ex. 1001, ’697 Patent
`
`/ RH
`NHIEESTU ‘\ no
`“Calif 51E / *
`R41!5'EU 1,-
`was
`
`IE3
`EHLMEEH.
`
`'31"? *EU‘EH
`
`MLPFHSI
`
`5:31:55
`
`I
`
`mega;
`nus RE' £51
`rcemm:
`'sn':
`
`4
`
`FIE-"U53.1%
`mséfien
`
`EH6
`
`‘."-.
`man
`'HIJ 5T UN‘LCW.‘
`ERQIR
`
`.1
`
`
`
`the second network device:
`
`detennining, in response to the request, whether the second
`network device is available fora secure communications
`
`service: and
`
`1. A method of connecting a first network device and a
`second network device, the method comprising:
`intercepting, from the first network device, a request to
`look up an internet protocol (IP) address of the second
`network device based on a domain name associated with
`
`Ex. 1001, ’697 Patent, Claim 1
`
`initiating a secure communication link between the first
`network device and the second network device based on
`
`a determination that the second network device is avail-
`
`able for the secure conununications service;
`wherein the secure communications service uses the secure
`
`conmmnication link to communicate at
`
`least one of
`
`video data and audio data between the first network
`
`device and the second network device.
`
`
`
`16. A system for connecting a first network device and a
`second network device. the system including one or more
`servers configured to:
`intercept. from the first network device. a request to look up
`an intemel protocol (IP) address oi~ the second network
`device based on a domain name associated with the
`
`Ex. 1001, ’697 Patent, Claim 16
`
`wherein the secure communications service uses the secure
`
`communication link to communicate at
`
`least one of
`
`video data and audio data between the first network
`
`device and the second network device.
`
`second network device:
`determine; in response to the request, whether the second
`network device is available for a secure connmmieations
`
`service; and
`
`initiate a secure communication link between the first net-
`
`work device and the second network device based on a
`
`detemiination that the second network device is avail-
`
`able for the secure connnunications service.
`
`
`
`- IPR2014-00237
`
`— Claims 1-11, 14-25, and 28-30 are anticipated by
`
`Beser
`
`— Claims 1-11, 14-25, and 28-30 are obvious over
`
`Beser in View of RFC 2401
`
`in View of RFC 2543
`
`— Claims 4-7 and 18-21 are obvious over Wesinger
`
`- IPR2014-00238
`
`— Claims 1-3, 8-11, 14-17, 22-25, and 28-30 are
`
`anticipated by Wesinger
`
`
`
`Claim Construction
`
`
`
`link that provides data
`security through
`encryption
`
`which computers
`privately and directly
`communicate with each
`
`other on insecure paths
`between the computers
`where the communication
`
`is both secure and
`
`anonymous, and where
`the data transferred may
`or may not be encrypted
`
`A transmission path that
`restricts access to data,
`
`hide information on the
`
`path, including, but not
`limited to, one or more of
`
`authentication,
`encryption, or address
`hopping
`
`Patent Owner’s Proposed
`Construction
`
`Apple’ 5 Proposed
`Construction
`
`Board’s Preliminary
`Construction
`
`A direct communication
`
`A communication link in
`
`Patent Owner Response at 10
`
`addresses , or other
`information on the path,
`generally using
`obfuscation methods to
`
`
`
`0 Decision
`
`Based on the foregoing. using a plain and ordinary construction in light of
`
`the ‘69’ Patent. the broadest reasonable construction of the term "secru‘e
`
`conmnmication link" is a transmission path that restricts access to data. addresses.
`
`or other information on the path. generally using div”literati-mt :ntflhmtt. to hide
`
`information on the path. including. but not limited to. one or more of
`
`.nut’jlmn‘c inclining encryption. 01‘ zmtfilrtrmm Whipping;
`
`Decision at 10
`
`Patent Owner Response at 11
`
`- Patent Owner’s Response
`
`The Decisions construction is also technically flawed.—
`
`— (Ex 2025 at 11. r 15.
`
`Monrose Decl-) The other techniques alone do not provide the claimed security.
`
`
`
`- Prosecution History: Patent Owner’s Response
`to Office Action of Dec. 29 2011
`
`Petition at 10 n.2 in IPR2014—00237
`
`- Apple’s Petition
`
`Ex. 1056 at 25, Patent Owner’s Response
`
`to Office Action of Dec. 29, 2011
`
`2
`
`In the grandparent of the present patent (1a, the ”504 patent),-
`
`- See Ex- 1056 at 25.
`
`
`
`In light of VimetX’s Notice of Non-Opposition to Defendant‘s Motion for
`
`Trial IPR2014—00237
`
`Case 6:10«cv—00417—LED Document 541
`
`Filed 1W12 Page I 01 I PagelD it 19045
`
`IN THE I'NTIED STATES DISTRICT COURT
`FOR THE EASTERN DISTRICT OF TEXAS
`TYLER DIVISIO)"
`
`§
`§
`§
`
`§§
`
`urcx'trx INC.
`.
`.
`mum.
`
`TS.
`
`asc-osmmsm-....L
`Defendants.
`
`Before the Court IS Defn
`
`mimcmcm -
`In light of Virnetx‘s
`
`ReconsidaationGJOdeINo. 42:)
`(Docket No 366) The Inn:
`‘
`
`Reconsideration (Docket No- 424), the Court GRANTS Defendants" Motion for Reconsideration
`
`(Docket No. 366). The term “secure cormmmication link is construed to mean “a direct
`
`communication link that provides data security through encryption.”
`
`connnimcation link that gum-ides data security through encryption."
`
`So ORDERED and SIGNED this 4th day of October, 2012,
`
`LEONARD DAVIS
`UNITED STATES DISTRICT JUDGE
`
`no: I ol 1
`
`VIRNETX EXHIBIT 200.)
`Apple v. VimetX
`
`
`
`Receiving a request
`pertaining to a first entity
`at another entity
`
`establishing a secure
`communicationlink
`
`Patent Owner’s Proposed Apple’s Proposed
`Construction
`Construction
`
`Board’s Preliminary
`Construction
`
`A proxy computer or
`No construction
`device receiving and
`necessary; alternatively,
`receiving a request to look acting on a request sent
`up an internet protocol
`by a first computer that
`address and: apart from
`was intended for another
`resolving it into an
`computer
`address, performing an
`evaluation on it related to
`
`Patent Owner Response at 23
`
`
`
`However, the ”697 patent goes on to explain that the claimed embodiments
`
`differ from conventional DNS- in part, because they apply an au'tc’hticpmil mtg/Q!
`
`<:-'i’
`
`’ijuurz‘mmi? fry to a request to look up a network address beyond merely resolving it
`
`- Patent Owner’s Response
`
`Patent Owner Response at 25
`
`and returning the network address-
`
`(Ex- 2025 at 17, 1] 24, Monrose Decl.) For
`
`
`
`Patent Owner’s Proposed Apple’sProposed
`Construction
`Construction
`
`Board’s Preliminary
`Constmction
`
`No construction proposed No construction proposed Includes determining one
`or more of 1) whether the
`device is listed with a
`
`Patent Owner Response at 27
`
`public internet addres s,
`and if so, allocating a
`private address for the
`second network device, or
`
`2) some indication ofthe
`relative permission level
`or security privileges of
`the requester
`
`
`
`0 Decision
`
`Based on the record. "determining. in response to the request. whether the second
`
`network device is available for a secru'e conmnmications.“ includes determining.
`
`Decision at 15
`
`one or more of l) 's‘vft‘rffitr'r' {the nitrite?) t3 Ittfmtl with 2:7. [putdt’tc :"tu‘aztrtrfl :zifii‘l’dkmss) :sm‘él :iii’.’
`
`:30), (’silll'ch-azttt .3 at '{Jr‘ix'mfr‘z Holding: I’ifcair'ijlr: satirzcmdi, inirz‘mvc):rfk tile-vim; 01' 2) some
`
`indication of the relative permission level or secmity privileges of the requester.
`
`
`
`’697 Patent
`
`According to one embodiment. DNS proxy 2610 intercepts
`all DNS looku functions from client 2605 and_
`.. _ .[faccessto
`
`Ex. 1001 at 40:31-37, ’697 Patent
`
`a secure site has been requested (as determined. for example.
`by a domain name extension. or by reference to an internal
`table of such sites). DNS proxy 2610 determines Whether the
`user has sufficient security privileges to access the site.
`
`
`
`- Decision
`
`Based on the record. "determining. in response to the request. whether the second
`
`network device is available for a secure connmmications.“ includes determining.
`
`one or more of 1) whether the device is listed with a public internet address. and if
`
`Decision at 15
`
`so. allocating a private address for the second network device. or 2) sic-mm
`
`i’nnirilix:r.‘c'mn cczififtrr: ';|z:;“i?:'.‘t"rw1 'rrzmvii-xsimm Emil {or :srmwg'fsy ‘5)ri'rxviilirwrx: mi" 3051?: itrrqizrrai‘mr’.
`
`
`
`0 Patent Owner’s Response
`
`The—
`
`—[Ex. 1001, claims 1 and 16, “whether the second network
`
`Patent Owner Response at 29-30
`
`device is available for a secure communications service," emphasis added). so the
`
`determining phrase need not be limited to the Decision’s determining
`
`“permission level or securityr privileges of the requester.”
`
`
`
`Patent Owner’s Proposed Apple’s Proposed
`Construction
`Constmction
`
`Board’s Preliminary
`Construction
`
`No construction proposed No construction proposed A secure communication
`link with the additional
`
`Patent Owner Response at 19
`
`requirement that the link
`includes a portion ofa
`public network
`
`
`
`Patent Owner’s Proposed Apple’sProposed
`Construction
`Construction
`
`Board’sPreliminary
`Construction
`
`The process ofencoding
`The process ofencoding
`No construction
`data for transmission over data for transmission
`necessary; alternatively,
`a physical or
`the process ofencoding
`data for transmission over electromagnetic medium
`a medium by varying a
`by varying a carrier signal
`carrier signal
`
`Decision at 14
`
`Preliminary Response at 28
`
`
`
`Patent Owner’s Proposed Apple’sProposed
`Construction
`Construction
`
`The functional
`
`The functional
`
`Board’s Preliminary
`Construction
`
`The functional
`
`configuration ofa
`configuration ofa
`configuration ofa
`computer that enables it to network device that
`network device that
`enables it to participate in participate in a secure
`enables it to participate in
`a secure communications
`communications link with a secure communications
`
`Decision at 14
`
`link with another network another computer
`device
`
`link with another network
`device
`
`Preliminary Response at 28
`
`
`
`Instituted Grounds
`
`(IPR2014-0023 7)
`
`
`
`- 35 U.S.C. § 102
`
`Beser
`
`- 35 U.S.C. § 103
`
`— Claims 1-11, 14-25, and 28-30 are anticipated by
`
`Beser in View of RFC 2401
`
`— Claims 1-11, 14-25, and 28-30 are obvious over
`
`
`
`Ex. 1009, Fig. 1
`
`PRNATE
`NETWORK
`
`
`
`ORIGINATING
`TELEPHONY
`DEVICE
`g
`
`TRUSTED-
`THIRD-PARTY
`NETWORK
`DEVICE
`
`TERMINATING
`TELEPHONY
`DEVICE
`25
`
`Ex. 1009, Fig. 6
`
`SECOND
`NETWORK
`DEVICE
`1!
`
`
`
`TRUSTED-
`THIRD-PARTY
`NETWORK
`DEVICE
`E
`
`SELECT FIRST
`PRIVATE IP
`moasss
`____________ .6151 - _ _ _ _
`
`EX. 1009, Fig. 9
`
`SELECT
`SECOND
`PRIVATE IP
`ADDRESS
`
`THIRD PACKET 191
`
`
`
`TRUSTEE)-
`THIRD-PARTY
`NETWORK
`
`SECOND
`NETWORK
`DEVICE
`1!
`
`Ex. 1009, Fig. 14
`
`SELECT
`SECOND
`PRIVATE IP
`ADDRESS
`
`SELECT FIRST
`PRIVATE IP
`ADDRESS
`
`
`
`- 35 U.S.C. § 102
`
`Beser
`
`— Claims 1-11, 14-25, and 28-30 are anticipated by
`
`Decision at 33
`
`
`
`the second network device:
`
`(letennining. in response to the request. whether the second
`network device is available fora secure communications
`
`service: and
`
`l. A method of connecting a first network device and a
`second network device. the method comprising:
`intercepting. from the first network device. a request to
`look up an internet protocol (1P) address of the second
`network device based on a domain name associated with
`
`Ex. 1001, ’697 Patent, Claim 1
`
`initiating a secure communication link between the first
`network device and the second network device based on
`
`a detemiination that the second network device is avail-
`
`able for the secure conununications service:
`
`wherein the secure communications service uses the secure
`
`conununication link to connnunicate at
`
`least one ol’
`
`video data and audio data between the first network
`
`device and the second network device.
`
`
`
`Receiving a request
`pertaining to a first entity
`at another entity
`
`establishing a secure
`communicationlink
`
`Patent Owner’s Proposed Apple’s Proposed
`Construction
`Construction
`
`Board’s Preliminary
`Construction
`
`A proxy computer or
`No construction
`device receiving and
`necessary; alternatively,
`receiving a request to look acting on a request sent
`up an internet protocol
`by a first computer that
`address and: apart from
`was intended for another
`resolving it into an
`computer
`address, performing an
`evaluation on it related to
`
`Patent Owner Response at 23
`
`
`
`- Decision
`
`domain name associated with the second network device." According to Mr.
`
`mm.—
`— See Ex. 1003 1i 355. According further to Mr. Pratto. a router
`
`Decision at 20-21
`
`evaluates all traffic flowing through it. and if a packet contains a request for
`
`initiating an IP tunnel. it will send the request to misted-third-paity network defice
`
`30.
`
`
`
`connection") A *Lu‘gpttwfi \"m mn’mt‘re 7:1 munching}; racictuuc'mm, even if it happens to
`
`include a domain name in some embodiments.
`
`v
`
`wzuqntua”; ': ”RD Ffi'm‘ momma]. "'Htachtrm' (to) Nola-15a 229;; an: ’m‘ceuul jp)r:)"(omc3l Z( 39;) :1tdko‘lm:1:s 'cy'i’flitc.‘
`
`Patent Owner’s Response
`
`Patent Owner Response at 37
`
`zmrmuo‘l wra‘wxom'k {stow/tram,
`
`as recited in claim 1.
`
`(Ex. 2025 at 25. ‘40. Monrose
`
`Decl.) Whether the request
`
`includes a domain name or some other type of
`
`
`
`Ex. 1009 at Fig. 5
`
`NEGOTIATE A FIRST PRIVATE NETWORK
`ADDRESS ON THE FIRST NETWORK
`DEVICE AND A SECOND PRIVATE
`NETWORK ADDRESS ON THE SECOND
`NETWORK DEVICE THROUGH THE
`PUBLIC NETWORK
`
`INFORM A TRUSTED-THIRD-PARTY
`NETWORK DEVICE OF THE REQUEST ON
`A PUBLIC NETWORK
`
`INFORM A TRUSTED-THIRD-PARTY
`NETWORK DEVICE OF THE REQUEST ON
`A PUBLIC NETWORK
`
`ASSOCIATE A PUBLIC NETWORK
`ADDRESS FOR A SECOND NETWORK
`DEVICE ON THE TRUSTED-THIRD—PARTY
`NETWORK DEVICE
`
`ASSOCIATE A PUBLIC IP ADDRESS FOR A
`SECOND NETWORK DEVICE ON THE
`TRUSTEDoTHIRD-PARTY NETWORK
`DEVICE
`
`NEGOTIATE A FIRST PRIVATE IP
`ADDRESS ON THE FIRST NETWORK
`DEVICE AND A SECOND PRIVATE IP
`ADDRESS ON THE SECOND NETWORK
`DEVICE THROUGH THE PUBLIC
`NETWORK
`
`
`
`- Decision
`
`Mr. Fratto and Petitioner alternatively reason that—
`
`Decision at 21
`
`18—19; Ex. 1003 m 305—306. 357—358. Pursuant to the request.—
`— in pan by lookmg up a public
`
`_ because the request includes a unique identifier.
`
`including a domain name. that identifies the terminating end 26. or second network
`
`device. of the tunneling association. instead of the tmsted-third-pany. See Pet.
`
`internet address based on the domain name associated with “second network
`
`device“ 26. as claim 1 requires.
`
`
`
`Device 30 Does Not Translate Domain Names to IP Addresses
`
`- Patent Owner’s Response
`
`Moreover. the tnisted-third—partjy' network device 30 does not perform any
`
`translation into an IP address of the domain name of the terminating device 26.
`
`(Ex. 2025 at 25-26. " 41. Monrose Decl.) After being informed of the request.
`
`Ex. 1009 at 11:26-32
`
`A public IP 58 address for a second network device 16 is
`associated with the unique identifier for the terminating
`telephony device 26 at Step 116. The second network device
`16 is associated with the terminating telephony device 26.
`This association of the public IP 58 address for the second
`network device 16 with the unique identifier is made on the
`trusted-third-party network device 30. In one exemplary
`
`trusted—third-pany network device 30 associates an identifier (e.g.. a domain name)
`
`of terminating device 26 with a public IP address of a second network device 16.
`
`Patent Owner Response at 37
`
`
`
`START
`
`COMMUNICATE THE FIRST PRIVATE
`NETWORK ADDRESS FROM THE FIRST
`NETWORK DEVICE TO THE SECOND
`NETWORK DEVICE THROUGH THE
`PUBLIC NETWORK
`
`Ex. 1009 at Fig. 7
`
`COMMUNICATE THE SECOND PRIVATE
`NETWORK ADDRESS FROM THE
`SECOND NETWORK DEVICE TO THE
`FIRST NETWORK DEVICE THROUGH THE
`PUBLIC NETWORK
`
`
`
`l. A method of connecting a first network device and a
`second network device. the method comprising:
`intercepting. from the first network device. a request to
`look up an internet protocol (IP) address of the second
`network device based on a domain name associated with
`
`Ex. 1001, ’697 Patent, Claim 1
`
`the second network device:
`
`initiating a seetir" communication link between the first
`network device and the second network device based on
`
`a dctemiination that the second network device is avail-
`
`able for the secure conununications service:
`
`wherein the secure communications service uses the secure
`
`conmumication link to conununicate at
`
`least one ol
`
`video data and audio data between the first network
`
`device and the second network device.
`
`
`
`Patent Owner’s Proposed Apple’sProposed
`Construction
`Construction
`
`Board’s Preliminary
`Constmction
`
`No construction proposed No construction proposed Includes determining one
`or more of 1) whether the
`device is listed with a
`
`Patent Owner Response at 27
`
`public internet addres s,
`and if so, allocating a
`private address for the
`second network device, or
`
`2) some indication ofthe
`relative permission level
`or security privileges of
`the requester
`
`
`
`“determining, in response to the request, Whether the
`
`second network device is available for a secure communications service”
`
`- Apple’s Petition
`
`Consequently.
`
`Decision at 23
`
`outlined above in the claim construction section. determining the availability of
`
`when methods shown in Beser are performed. they will necessarily determine if a
`
`second network device is available for secm‘e connnunications.
`
`- Decision
`
`Petition at 21
`
`On this record. Beser’s system satisfies the determining step. because as
`
`second network device 26 for secure commtmication service reasonably includes
`
`determining that the device has a private internet address assigned to it, and that
`
`the originating device. device 24, has authorization to communicate. or a private
`
`network address assigned to it, or both. See Pet. 19—2 1: Ex. 1003 ‘N 363—371.
`
`
`
`- Apple’s Petition
`
`Consequently.
`
`when methods shown in Beser are pelfomled.—
`
`Petition at 21
`
`
`
`- Patent Owner’s Response
`
`—in which "a domain name in a request is recognized by the
`
`Patent Owner Response at 42
`
`trusted-thiId-part}r network device but does not map to a device requifing
`
`negotiation of an [P tunnel.“ (£12025- at 28, $45: Monrose Decl.) -
`
`
`
`- Decision
`
`On this record, Beser’s system satisfies the determining step, because as
`
`outlined above in the claim construction section. determining the availability of
`
`second network device 26 for secure communication service reasonably includes
`
`Decision at 23
`
`_ See Pet- 19—21: Ex- 1003 W 363—371-
`
`
`
`START
`
`COMMUNICATE THE FIRST PRIVATE
`NETWORK ADDRESS FROM THE FIRST
`NETWORK DEVICE TO THE SECOND
`NETWORK DEVICE THROUGH THE
`PUBLIC NETWORK
`
`Ex. 1009 at Fig. 7
`
`COMMUNICATE THE SECOND PRIVATE
`NETWORK ADDRESS FROM THE
`SECOND NETWORK DEVICE TO THE
`FIRST NETWORK DEVICE THROUGH THE
`PUBLIC NETWORK
`
`
`
`In particular, Beser‘s Mel-establishment process occurs in response to
`
`Beser's request to initiate a tunnel. but that request is not a “DNS" request that
`
`might result in a domain name server performing Mr. Fratto's ‘known DNS
`
`- Patent Owner’s Response
`
`Patent Owner Response at 46-47
`
`operations." (Ex. 2025 at 31-32. 1] 50, Monrose Decl.) Beser provides no teaching
`
`on this issue. Also,—
`
`— (Id-J
`
`
`
`- Patent Owner’s Response
`
`Citing Ex. 2025 at 1] 50, Monrose Dec].
`
`Patent Owner Response at 47,
`
`less be capable of caxrying out Eater’s flannel-establishment process-
`
`(1d,)
`
`
`
`- Decision
`
`On this record, Beser’s system satisfies the determining step. because as
`
`outlined above in the claim construction section, determining the availability of
`
`second network device 26 for secure commtmication service reasonably includes
`
`Decision at 23
`
`— See Pet. 19—21; Ex. 1003 w 363—371.
`
`
`
`- Patent Owner’s Response
`
`Beser discloses two items sent from first network device 24, but neither
`
`pertains to authorization.
`
`(Ex- 2.025 at 32-33, 11 52- Monrose Decl.)-
`
`—<i-e~~ the identifier indicating the end
`
`device with which the requesting device wishes to communicate)—
`
`Ex. 1009 at 1024-6
`
`Step 112. The first network device 14 is asmciated with the
`originating telephony device 24, and the request includes a
`_1n
`
`- (See, e.g.. Ex. 1009 at 10:4-6: Ex. 2025 at 32—33. 11 52, Monrose Decl-)
`
`Patent Owner Response at 48
`
`
`
`The second is a bit sequence from device 24 that “indicates to the tunnelling
`
`application that it should examine the informing message for its content and not
`
`ignore the datagram" (Ex. 1009 at 8235-931; Ex. 2025 at 32-33. ‘J 52. Monrose
`
`Decl.)
`
`It says nothing about device 245 authorization.
`
`Patent Owner Response at 48
`
`The Bit Sequence Does Not Indicate Authorization of Device 24
`
`- Patent Owner’s Response
`
`Ex. 1009 at 8:37—43
`
`higher layer. For example, the indicator may be a distinctive
`sequence of hits at the beginning of a datagram that has been
`passed up from the network and transport layers. liy meth-
`eds known to those skilled in the art,
`the distinctive
`sequence of bits indicates to the tunneling application that it
`should examine the request message [or its content and not
`ignore the datagram. However, the higher layer may be other
`
`
`
`Beser Does Not Disclose “initiating a secure communication link .
`
`.
`
`. .”
`
`the second network device;
`
`detennining, in response to the request. whether the second
`network device is avai Iahlc fora secure et‘tmmunicatit‘ms
`
`service: and
`
`l. A method of connecting a first network device and a
`second network device. the method comprising:
`intercepting. from the first network device. a request to
`look up an internet protocol (IP) address of the second
`network device based on a domain name associated with
`
`Ex. 1001, ’697 Patent, Claim 1
`
`initiating a secure cmnmunication link between the first
`network device and the second network device based on
`
`a detemtination that the second network device is avail-
`
`able for the secure conununications service:
`
`wherein the secure communications service uses the secure
`
`conununication link to connnunicate at
`
`least one of
`
`video data and audio data between the first network
`
`device and the second network device.
`
`
`
`link that provides data
`security through
`encryption
`
`which computers
`privately and directly
`communicate with each
`
`other on insecure paths
`between the computers
`where the communication
`
`is both secure and
`
`anonymous, and where
`the data transferred may
`or may not be encrypted
`
`A transmission path that
`restricts access to data,
`
`hide information on the
`
`path, including, but not
`limited to, one or more of
`
`authentication,
`encryption, or address
`hopping
`
`Patent Owner’s Proposed
`Construction
`
`Apple’ 5 Proposed
`Construction
`
`Board’s Preliminary
`Construction
`
`A direct communication
`
`A communication link in
`
`Patent Owner Response at 10
`
`addresses , or other
`information on the path,
`generally using
`obfuscation methods to
`
`
`
`- Apple s Petltlon
`
`7
`
`.
`
`.
`
`Decision at 23
`
`between first and second network devices 24 and 26.—
`— or
`
`tunnel based on the results of that evaluation. Ex. 1003 at M 302-309. Besei'
`
`explainsm...—
`
`—(i.e.. under the IPsec protocol). and that
`
`encryption of the tunneling connection occ1us automatically. Ex. 1003 at W 268-
`Petition at 22
`
`0 Decision
`
`Based on the this determination of availability that involves negotiating
`
`both- satisfying the last two clauses of claim 1 and similar clauses in claim 16.
`
`
`
`- Apple 3 Pet1t1on
`
`,
`
`.
`
`.
`
`tunnel based on the results of that evaluation. Ex. 1003 at M 302-309. Beser
`
`—(i.e.. under the IPsec protocol). and that
`
`encryption of the tunneling connection OCClll'S automatically. Ex. 1003 at 111] 268-
`
`explainsmar—
`
`Petition at 22
`
`
`
`- Apple’s Previous Admission Regarding Beser
`
`A person ofordinary skill in the an would have relied on [gent to
`being sent in IP tunnels between a first and
`second network device in the 1P tunneling procedures being described in Beser,_
`Accordingly. Beser in View of @t
`would have rendered obvious claim 1 under 35 U.S.C. § 103.
`
`See also P0 Response at 51
`
`Ex. 2029 at 2, Apple’s Request for Inter Partes
`
`Reexamination in Control No. 95/001,682
`
`
`
`Given Beser’s extensive teaching away from encryption and its
`
`associated computational burdens. Beser never discloses using encryption or other
`
`similarly burdensome techniques for transmitting data through its tunnels.
`
`BACKGROUND 01'" THE INVENTION
`
`Ex. 2025 at 1} 56, Monrose Decl.
`
`Beser Teaches Away from Using Encryption
`
`- Dr. Monrose’s Declaration
`
`Ex. 1009 at 2:12—17
`
`packet that is transmitted on the public network. The tun-
`neled IP packets, however, may need to be encrypted before
`the encapsulation in order to hide the source IP address.
`Once again, due to computer power limitations, this form of
`tunneling may be inappropriate for the transmission of
`multimedia or VoIP packets.
`
`
`
`- Decision
`
`Based on the this determination of availability that involves negotiating
`
`both. satisfving the last two clauses of claim 1 and similar clauses in claim 16.
`
`between first and second network devices 24 and 26,—
`— or
`
`Decision at 23
`
`
`
`In the first cited passage. Beser discloses that—
`
`—to ensme that the unique identifier cannot be
`
`- Patent Owner’s Response
`
`Patent Owner Response at 52-53
`
`read on the public network." (Ex. 1009 at 11:22-25-) These packets, however. are
`
`not communicated between device 24 and device 26 (Le. ovet the tunnel).
`
`(Ex. 2025 at 3536.11 58. Monrose Decl.) Rather.—
`
`-—not over the tunnel after it is established.
`
`(See Ex. 1009 at 1129-25: FIG.
`
`6. 114 "INFORM": Ex. 2025 at 35-36. 1% 58. Monrose Decl.)—
`
`
`
`Beser Does Not Teach Encryption of Audio/Video 0n the Tunnel
`
`130
`
`TERIINATING
`TELEPHONY
`DEVICE
`29
`
`SECOND
`NETWORK
`DEVICE
`1!
`
`At Step 114. a trusted-third-party network device 30 is
`informed of the request on the public network 12. The
`informing step may include one or multiple transfer of IP 58
`packets across the public network 12. 'Ihe public network 12
`may include the Internet. For each transfer of a packet from
`the first network device 14 to the trusted-third-party network
`device 30, the first network device 14 constructs an IP 58
`packet. The header 82 of the IP58 packet includes the public
`network 12 address of the tmste‘d-third-party network device
`30 in the destination address field 90 and the public network
`12 address of the first network device 14 in the source
`
`Ex. 1009, Fig. 6
`
`ORIGINATING
`TELEPHONY
`
`TRUSTED-
`THIRD-PARTY
`NETWORK
`
`address field 88. At least one of the IP 58 packets includes
`the unique identifier for the terminating telephony device 26
`that had been included in the request message. The IP 58
`packets may require encryption or authentication to ensure
`that
`the unique identifier cannot be read on the public
`network 12.
`
`EX. 1009 at 11:9-25
`
`
`
`Of course,
`
`However, accumulating all the packets from one
`source address may provide the hacker with sufiicient infor-
`mation to decrypt the message. Moreover, encryption at the
`source and decryption at the destination may be infeasible
`for certain data formats. For example, streaming data flows,
`such as multimedia or Voice-over-Internet-Protocol
`
`Ex. 1009 at 1:40-67
`
`("VOW”), may require a great deal of computing power to
`encrypt or decrypt the IP packets on the fly. The increased
`strain on computer power may result in jitter, delay, or the
`loss of some packets. The expense of added computer power
`might also dampen the customer’s desire to invest in VoIP
`equipment.
`
`
`
`Patent Owner Response at 54
`
`_—
`
`- Patent Owner’s Response
`
`First, even if Boxer had incorporated IPsec by reference,
`
`This explains why Beser never
`
`mentions using [Psec or encryption for any data on its tunnels-
`
`Second—
`
`— ”To incorporate matter by reference. a host document.
`
`must contain language ‘clearly identifying the subject matter which is incorporated
`
`and Where it is to be found‘; a “mere reference to another application. or patent or
`
`publication is not an incorporation of anything therein.w Callmvay Golf Co. v.
`
`Acuslmet Ca, 576 F.3d 1331. 1346 (Fed. Cir. 2009) (emphasis original).
`
`
`
`2. The method ofclaim It wherein at least one of the video
`
`data and the audio data is encrypted over the secure commu-
`nication link.
`
`Ex. 1001, ’697 Patent, Claim 24
`
`24. The system of claim 16, wherein at least one of the
`video data and the audio data is encrypted over the secure
`communication link.
`
`Ex. 1001, ’697 Patent, Claim 2
`
`
`
`- Apple’s Previous Admission Regarding Beser
`
`A person ofordinary skill in the art would have relied on KLnt to
`being sent in IP tunnels between a first and
`second network device in the IP tunneling procedures being described in Boson—
`Accordingly. Beser in View of @
`would have rendered obvious claim 1 under 35 U.S.C. § 103.
`
`See also PO Response at 51
`
`Ex. 2029 at 2, Apple’s Request for Inter Partes
`
`Reexamination in Control No. 95/001,682.
`
`
`
`Beser Teaches Away from Using Encryption
`
`- Dr. Monrose’s Declaration
`
`Given Beser’s extensive teaching away from encryption and its
`
`associated computational burdens. Beser never discloses using encryption or other
`
`similarly burdensome techniques for transmitting data through its tuimels.
`
`BACKGROUND OF THE, INVENTION
`
`Ex. 2025 at 1} 56, Monrose Decl.
`
`Ex. 1009 at 2:12-17
`
`packet that is transmitted on the public network. The tun-
`neled IP packets, however, may need to be encrypted before
`the encapsulation in order to hide the source IP address.
`Once again, due to computer power limitations, this form of
`tunneling may be inappropriate for the transmission of
`multimedia or VoIP packets.
`
`
`
`In the first cited passage. Beser discloses that—
`
`—to ensme that the unique identifier cannot be
`
`- Patent Owner’s Response
`
`Patent Owner Response at 52-53
`
`read on the public network." (Ex. 1009 at 11:22-25-) These packets, however. are
`
`not communicated between device 24 and device 26 (Le. ovet the tunnel).
`
`(Ex. 2025 at 3536.11 58. Monrose Decl.) Rather.—
`
`-—not over the tunnel after it is established.
`
`(See Ex. 1009 at 1129-25: FIG.
`
`6. 114 "INFORM": Ex. 2025 at 35-36. 1% 58. Monrose Decl.)—
`
`
`
`Beser Does Not Teach Encryption of Audio/Video 0n the Tunnel
`
`130
`
`TERIINATING
`TELEPHONY
`DEVICE
`29
`
`SECOND
`NETWORK
`DEVICE
`1!
`
`At Step 114. a trusted-third-party network device 30 is
`informed of the request on the public network 12. The
`informing step may include one or multiple transfer of IP 58
`packets across the public network 12. 'Ihe public network 12
`may include the Internet. For each transfer of a packet from
`the first network device 14 to the trusted-third-party network
`device 30, the first network device 14 constructs an IP 58
`packet. The header 82 of the IP58 packet includes the public
`network 12 address of the tmste‘d-third-party network device
`30 in the destination address field 90 and the public network
`12 address of the first network device 14 in the source
`
`Ex. 1009, Fig. 6
`
`ORIGINATING
`TELEPHONY
`
`TRUSTED-
`THIRD-PARTY
`NETWORK
`
`address field 88. At least one of the IP 58 packets includes
`the unique identifier for the terminating telephony device 26
`that had been included in the request message. The IP 58
`packets may require encryption or authentication to ensure
`t