`571-272-7822
`
`
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`_____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`APPLE INC.
`Petitioner
`
`v.
`
`VIRNETX INC.
`Patent Owner
`____________
`
`Case IPR2014-00238
`Patent 8,504,697 B2
`____________
`
`Before MICHAEL P. TIERNEY, KARL D. EASTHOM, and STEPHEN C. SIU,
`Administrative Patent Judges.
`
`SIU, Administrative Patent Judge.
`
`
`Paper 15
`Date: May 14, 2014
`
`DECISION
`Institution of Inter Partes Review
`37 C.F.R. § 42.108
`
`
`
`
`
`
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`I.
`
`BACKGROUND
`
`
`
`
`
`
`Background
`A.
`Apple, Inc. (“Petitioner”) requests inter partes review of claims 1-11, 14-25,
`and 28-30 of U.S. Patent No. 8,504,697 B2 (“’697 Patent,” Ex. 1001) pursuant to
`35 U.S.C. §§ 311-319. VirnetX Inc. (“Patent Owner”) filed a Preliminary
`Response (“Prelim. Resp.”) on March 6, 2014. Paper No. 12.
`We have jurisdiction under 35 U.S.C. § 314. The standard for instituting
`inter partes review is set forth in 35 U.S.C. § 314 (a) which provides:
`THRESHOLD The Director may not authorize an inter partes review to
`be instituted unless the Director determines that the information
`presented in the petition filed under section 311 and any response
`filed under section 313 shows that there is a reasonable likelihood that
`the petitioner would prevail with respect to at least 1 of the claims
`challenged in the petition.
`
`We determine, based on the record, that Petitioner has demonstrated, under
`35 U.S.C. § 314(a), that there is a reasonable likelihood of unpatentability with
`respect to at least one of the challenged claims.
`Petitioner relies on the following prior art:
`US 5,898,830 (Wesinger)
`Apr. 27, 1999
`
`Aventail Connect 3.01/2.51 Administrator’s Guide, 1996-1999 (Ex.
`1007 – “Aventail”).
`
`Takahiro Kiuchi and Shigekoto Kaihara, “C-HTTP – The
`Development of a Secure, Closed HTTP-based Network on the Internet,”
`PROCEEDINGS OF THE SYMPOSIUM ON NETWORK AND DISTRIBUTED SYSTEM
`SECURITY, IEEE (1996) (Ex. 1011 – “Kiuchi”).
`
`
`(Ex. 1008)
`
`
`
`2
`
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`
`H. Handley, H. Schulzrinne, E. Schooler, and J. Rosenberg, “SIP:
`Session Initiation Protocol,” NETWORK WORKING GROUP, REQUEST FOR
`COMMENTS: 2543 (March 1999) (Ex. 1012 – “RFC 2543”).
`
`
`
`Petitioner contends that the challenged claims are unpatentable under
`35 U.S.C. § 102 and § 103 based on the following specific grounds (Pet. 4, 15-60):
`
`Reference(s)
`
`Basis
`
`Claims challenged
`
`
`
`Wesinger
`
`Wesinger and RFC 2543
`Aventail
`
`Aventail and RFC 2543
`Kiuchi
`
`§ 102
`
`§ 103
`§ 102
`
`§ 103
`§ 102
`
`
`
`
`1-3, 8-11, 14-17, 22-25,
`and 28-301
`4-7 and 18-21
`1-3, 8-11, 14-17, 22-25,
`and 28-302
`4-7 and 18-21
`1-3, 8-11, 14-17, 22-25,
`and 28-30
`
`The Invention
`B.
`The ’697 patent describes a system and method for establishing a secure
`communication link between a first computer and a second computer over a
`computer network. Ex. 1001, 6:42-45, 49:30-32. The user obtains a URL for a
`secure top-level domain name by querying a secure domain name service that
`contains a cross-reference database of secure domain names and corresponding
`secure network addresses. Ex. 1001, 50:66 – 51:2, 51:37-38. When the user
`
`1 Petitioner lists claims 1-3, 8-11, 14-25, and 28-30 as anticipated by either
`Wesinger or Aventail (Pet. 4) but provides arguments for only claims 1-3, 8-11,
`14-17, 22-25, and 28-30. Pet. 15-60. We assume that Petitioner intends to apply
`this proposed ground of unpatentability under 35 U.S.C. § 102 to claims 1-3, 8-11,
`14-17, 22-25, and 28-30 only.
`2 See note 1.
`
`3
`
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`
`queries the secure domain name service for a secure computer network address, the
`secure domain name service determines the particular secure computer network
`address and returns the network address corresponding to the request. Ex. 1001,
`40:7-11, 39:44-47, 51:54-59.
`Claim 1 of the ’697 patent is reproduced below:
`
`
`1. A method of connecting a first network device and a
`second network device, the method comprising:
`intercepting, from the first network device, a request to look up
`an internet protocol (IP) address of the second network device based
`on a domain name associated with the second network device;
`determining, in response to the request, whether the second network
`device is available for a secure communications service; and
`initiating a secure communication link between the first network
`device and the second network device based on a determination that the
`second network device is available for the secure communications service;
`wherein the secure communications service uses the secure
`communication link to communicate at least one of video data and audio
`data between the first network device and the second network device.
`
`We note that the ’697 patent is not subject to other proceedings. See Pet. 2.
`
`
`
`
`Claim Interpretation
`C.
`Consistent with the statute and the legislative history of the Leahy-Smith
`America Invents Act, Pub. L. No. 112-29, 125 Stat. 284, 329 (Sept. 16, 2011)
`(“AIA”), the Board interprets claim terms by applying the broadest reasonable
`construction in the context of the specification in which the claims reside. 37
`C.F.R. § 42.100(b); see Office Patent Trial Practice Guide, 77 Fed. Reg. 48,756,
`48,766 (Aug. 14, 2012.)
`Under the broadest reasonable interpretation standard, claim terms are given
`their ordinary and customary meaning as would be understood by one of ordinary
`
`4
`
`
`
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`skill in the art in the context of the entire disclosure. In re Translogic Tech., Inc.,
`504 F.3d 1249, 1257 (Fed. Cir. 2007). Any special definition for a claim term
`must be set forth in the specification with reasonable clarity, deliberateness, and
`precision. In re Paulsen, 30 F.3d 1475, 1480 (Fed. Cir. 1994). In this regard,
`however, we are careful not to read a particular embodiment appearing in the
`written description into the claim if the claim language is broader than the
`embodiment. In re Van Geuns, 988 F.2d 1181, 1184 (Fed. Cir. 1993).
`In assessing the merit of Petitioner’s arguments, we have construed the
`following claim terms in light of the Specification of the ’697 patent.
`
`“secure communication link”
`1.
`Claim 1, for example, recites initiating a “secure communication link”
`between devices. Petitioner argues that the term “secure communication link”
`should be construed to include “[a] communication link in which computers
`privately and directly communicate with each other on insecure paths between the
`computers where the communication is both secure and anonymous, and where the
`data transferred may or may not be encrypted.” Pet. 9. Patent Owner argues that
`the term should be construed to mean “[a] direct communication link that provides
`data security through encryption.” Prelim. Resp. 20.
`As described above, Petitioner argues that the “secure communication link,”
`as recited, for example, in claim 1, should include the features of computers
`“privately and directly” communicating with each other “on insecure paths” and
`that the “communication is both secure and anonymous.” Petitioner has not
`demonstrated sufficiently that the Specification supports the contention that a
`“secure communication link” must include each of the proposed limitations.
`Therefore, we are not persuaded by Petitioner’s arguments that a broad but
`
`5
`
`
`
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`reasonable construction of the term must include providing “private” and “direct”
`communication “on insecure paths . . . where the communication is both secure
`and anonymous.”
`As described above, Patent Owner argues that the broadest, reasonable
`construction of the term “secure communication link” must include the feature that
`the link “provides data security through encryption.” We disagree with Patent
`Owner that a broadest, reasonable construction of the term “secure communication
`link” must include a feature that is not required by the claim language (i.e., the
`specific mode of providing a secure communication link must be by encryption
`only).
`Patent Owner argues that a claim term may be limited to certain features
`“[b]ased on the patent specification and its prosecution history.” Prelim. Resp. 25.
`However, as Petitioner explains, and as explained further below, the Specification
`does not appear to require encryption as the only method of providing a “secure
`communication link.” See Pet. 7-9. Nor does Patent Owner specify particular
`citations from the Specification that would indicate a requirement that a “secure
`communication link,” as recited in claim 1, for example, must require encryption.
`Patent Owner’s prosecution history arguments also do not redound to an
`implicit encryption limitation. Prelim. Resp. 21–22 (citing Ex. 1056, 25 (Rexam.
`Control No. 95/001,788)). The relied-upon citation refers to an ongoing
`reexamination of a patent from which the ’697 Patent claims continuity, U.S.
`Patent No. 7,418,504. Patent Owner fails to explain persuasively how such an
`ongoing proceeding limits the claim term. See Tempo Lighting, Inc. v. Tivoli,
`LLC, 742 F.3d 973, 978 (Fed. Cir. 2014) (“This court also observes that the PTO is
`under no obligation to accept a claim construction proffered as a prosecution
`
`6
`
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`
`history disclaimer, which generally only binds the patent owner.”).3 Moreover, the
`examiner in that proceeding explicitly determined that a “secure communication
`link” does not require encryption. See Reexam. Control No. 95/001,788, Action
`Closing Prosecution 33 (Sept. 26, 2012).
`Patent Owner argues that the ’697 patent “stems from a continuation –in-part
`application and explains that . . . later-discussed . . . embodiments can incorporate
`the earlier-described principles of encryption” and “can be employed using . . .
`aforementioned principles.” Prelim. Resp. 22-23. Even if the Specification states
`that embodiments described therein “can incorporate” previously described
`embodiments, or “can be employed” using previously described features, Patent
`Owner does not demonstrate persuasively that the Specification discloses that a
`“secure communication link” must be implemented with encryption only.
`Therefore, even if the disclosed “DNS-based VPN scheme” “can” include
`encryption, it need not. See Pet. 7–9, n.1; Prelim. Resp. 22; Ex. 1001, 39:28–
`42:16. The ’697 Patent states that “[a]ddress hopping provides security and
`privacy.” Id. at 25:54–56. It also states that “[s]ecure hosts such as site 2604 are
`assumed to be equipped with a secure communication function such as an IP
`hopping function 2608.” Id. at 40:66–68.
`According to Patent Owner, “[a] link that prevents others from
`understanding the communications sent over it may still be considered ‘secure’
`even if the communicating parties do not enjoy any anonymity.” Prelim. Resp. 25.
`
`3 If the proceeding is ongoing, the “prosecution history” is not complete. In any
`event, “while the prosecution history can inform whether the inventor limited the
`claim scope in the course of prosecution, it often produces ambiguities created by
`ongoing negotiations between the inventor and the PTO. Therefore, the doctrine of
`prosecution disclaimer only applies to unambiguous disavowals.” Grober v. Mako
`Prods., Inc., 686 F.3d 1335, 1341 (Fed. Cir. 2012) (citing Abbott Labs. v. Sandoz,
`Inc., 566 F.3d 1282, 1289 (Fed. Cir. 2009)).
`7
`
`
`
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`According to one technical dictionary, the term “secure,” in the context of
`communications, carries a broad meaning, and supports Patent Owner’s statement.
`For example, “security” is “[t]he existence and enforcement of techniques which
`restrict access to data, and the conditions under which data may be obtained.”
`MCGRAW-HILL DICTIONARY OF SCIENTIFIC AND TECHNICAL TERMS 1780 (5th ed.
`1994). Another technical source provides the following, similar broad meaning:
`security service (1) A service, provided by a layer of communicating
`open systems, that ensures adequate security of the systems or of data
`transfers. . . .
`(2) The capability of the system to ensure the security of system
`resources or data transfers. Access controls, authentication,
`data confidentiality, data integrity, and nonrepudiation
`are traditional data communications security services.
`IEEE 100, THE AUTHORITATIVE DICTIONARY OF IEEE STANDARDS TERMS 1016
`(7th ed. 2000), available at
`http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4116807.
`Based on the foregoing, using a plain and ordinary construction in light of
`the ’697 Patent, the term “secure communication link” constitutes a transmission
`path that restricts access to data, addresses, or other information on the path,
`generally using obfuscation methods to hide information on the path, including, but
`not limited to, one or more of authentication, encryption, or address hopping.
`
`“secure communication service”
`2.
`Petitioner argues that the term “secure communication service” should be
`construed to include the “functional configuration of a computer that enables it to
`participate in a secure communication link with another computer.” Pet. 11.
`Patent Owner argues that the term should be construed to mean the “functional
`configuration of a network device that enables it to participate in a secure
`
`8
`
`
`
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`communication link with another network device.” Prelim. Resp. 26. Claim 1,
`which is similar to claim 16, recites determining whether a “second network device
`is available for [a] secure communications service” and the “secure
`communications service uses the secure communication link to communicate at
`least one of video data and audio data between” the first and second network
`devices.
`Petitioner and Patent Owner appear to agree generally on the construction of
`the term “secure communication service” with the exception of whether the
`“secure communication service” should include a computer or, more broadly, a
`“network device.” In view of Patent Owner’s explanation that the Specification
`discloses different embodiments in which devices other than computers are used
`(see, e.g., Prelim. Resp. 26-27), and in view of the fact that claim 1, for example,
`does not limit the “secure communication service” to a computer, we adopt Patent
`Owner’s construction of the term “secure communication service.”
`
`3. “virtual private network (VPN)”
`Dependent claims 3 and 17 recite “wherein the secure communication link is
`a virtual private network communication link.” Similar to the disagreement over
`the “secure communication service,” Petitioner and Patent Owner disagree over
`whether a VPN requires encryption. See Pet. 7–9, n.1; Prelim. Resp. 20–26. For
`similar reasons, Petitioner’s contention that it does not is more persuasive. Patent
`Owner and Petitioner do not argue a clear distinction exists between a VPN and a
`“secure communication service.” The ’697 patent explains a “secure
`communication link” is “a virtual private communication link over the computer
`network.” Ex. 1001, 6:63–65.
`
`9
`
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`
`
`
`Petitioner provides evidence that in 1998, the term VPN had “myriad
`definitions,” but it did not require encryption. See Ex. 1073, 1; Pet. 7–9, n.1 (citing
`Ex. 1073, 2). One simple definition follows, although other definitions, with more
`stringent requirements, exist: “a VPN is a private network constructed within a
`public network.” Ex. 1073, 5. In some contexts, “private,” as compared to
`“public,” implies restricted access by a defined set of entities, and hence, security.
`See id. at 2.
`Petitioner’s declarant, Mr. Fratto, cites another source that states that “[a]
`VPN can be built using tunnels or encryption . . . or both,” and also shows that a
`VPN requires “segregation of communications to a closed community of interest.”
`Ex. 1003 at ¶ 209 (quoting Ex. 1024 at 16-17) (emphasis by Mr. Fratto omitted).
`Mr. Fratto refers to the ‘’697 Patent Specification as employing hiding or
`obfuscation techniques, and not necessarily encryption, to create private, secure
`communications. Id. ¶ 210 (discussing Ex. 1001 at 1:57–58; 2:44–54).
`On this record, a VPN is interpreted to mean a “secure communication link”
`with the additional requirement that the link includes a portion of a public network.
`
`“intercepting a request”
`4.
`Petitioner argues that the term “intercepting,” as recited in claim 1, which is
`similar to claim 16, should be construed to include “a proxy computer or device
`receiving and acting on a request sent by a first computer that was intended for
`another computer.” Pet. 11. Patent Owner disagrees with Petitioner’s construction
`of the term and argues the term should be construed as “receiving a request to look
`up an internet protocol address and, apart from resolving it into an address,
`performing an evaluation on it related to establishing a secure communication
`
`10
`
`
`
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`link.” Prelim. Resp. 28. Claim 1, for example, recites “intercepting . . . a request
`to look up an internet protocol (IP) address of the second network device.”
`Neither Petitioner nor Patent Owner points to an explicit definition of the
`term “intercepting” in the Specification. In the absence of a specialized definition
`provided in the Specification, we generally agree with Petitioner that one of
`ordinary skill in the art would have understood that “intercepting” a request would
`require “receiving and acting on” a request, the request being “intended for”
`receipt at a destination other than the destination at which the request is
`intercepted. On the other hand, Patent Owner’s addition of various claim
`limitations and other features into the construction of the term “intercepting” does
`not redound to the broadest reasonable interpretation.
`For example, to the extent that “resolving [the request] into an address”
`would include “look[ing] up an internet protocol (IP) address of the second
`network device,” as recited in claim 1, Patent Owner does not explain adequately
`why incorporating an explicitly recited claim requirement into the construction of
`the term “intercepting” is warranted. That claim requirement defines the “request,”
`not the “intercepting”––i.e., “a request to look up an internet protocol (IP)
`address.”
`Patent Owner also argues that the Specification explicitly discloses an
`example in which a device (i.e., “DNS proxy 2610”) “intercepts” a request that is
`“intended for” another device (i.e., “DNS server 2609”) but that “DNS proxy
`2610” and “DNS server 2609” “might be on the same computer 2602”. Prelim.
`Resp. 28. Based on this embodiment, Patent Owner argues that “intercepting,” as
`recited in claim 1, for example, need not be accomplished by “another computer”
`(or device).
`
`11
`
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`
`
`
`The Specification discloses that “DNS Server 2609” and “DNS proxy 2610”
`are located on the same “computer 2602,” but that “DNS Server 2609” and “DNS
`proxy 2610” apparently are disclosed as distinguishable entities. See Prelim. Resp.
`29 (discussing Ex. 1001, Fig. 26). Hence, on the record at this preliminary stage of
`the proceedings, we modify Petitioner’s proposed construction of “intercepting a
`request” to accommodate the specific embodiment as described by Patent Owner,
`so that “intercepting a request” includes “receiving a request pertaining to a first
`entity at another entity.”
`Patent Owner also argues that “intercepting a request” does not require
`“illicitly” receiving a request or “perform[ance] by a specific hardware apparatus.”
`Prelim. Resp. 29, 31. Petitioner’s definition does not mandate these requirements.
`Based on the foregoing discussion, the term “intercepting” means “receiving a
`request pertaining to a first entity at another entity.”
`
`“modulation”
`5.
`Claims 6 and 20 recite “wherein the telephony service uses modulation.”
`Petitioner argues that the term “modulation” should be construed to include “the
`process of encoding data for transmission over a physical or electromagnetic
`medium by varying a carrier signal.” Pet. 15. Patent Owner argues that the term
`need not be construed, or that the term should be construed to include “the process
`of encoding data for transmission over a medium by varying a carrier signal.”
`Prelim. Resp. 32.
`Petitioner and Patent Owner appear generally to agree that “modulation”
`includes “encoding data for transmission.” On this record at this preliminary stage
`of the proceeding, we adopt the parties’ broad but reasonable construction of the
`term “modulation” to include “the process of encoding data for transmission.”
`
`12
`
`
`
`
`
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`
`
`
`II. ANALYSIS
`A.
`Preliminary Arguments
`
`Patent Owner maintains that the Petition is defective because 1) it presents
`redundant grounds, 2) the examiner, in the underlying examination of the ’697
`Patent, considered at least one of the references in an Information Disclosure
`Statement, 3) the Petition “proposes unreasonable claim constructions,” 4) the
`Petition cites almost exclusively to a declaration instead of the prior art references,
`and 5) the Petition effectively circumvents the page requirements by using that
`citation style. See Prelim. Resp. 1–5.
`The Board has discretion not to go forward on redundant grounds in the
`interests of expediency. See 37 C.F.R. §§ 42.5 (a), 42.108(a). Patent Owner does
`not specify why the Board may or may not consider prior art cited during
`prosecution. Cf. 35 U.S.C. § 315 (d) (discretion to consider current proceedings
`before the office). The Board may not institute unless there are “[s]ufficient
`grounds.” See 37 C.F.R. §42.108(c). In the Petition, citing to testimony, which
`only indirectly cites to prior art evidence, raises the risk that the Board will not
`consider the evidence. See 37 C.F.R. § 42.104 (b) (5) (petition must include “[t[he
`exhibit number of the supporting evidence relied upon”). Notwithstanding Patent
`Owner’s assertions, we determine, based on the record, that Petitioner establishes
`“sufficient grounds” within the prescribed page limits.
`
`
`13
`
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`B.
`
`
`Cited References
`
`1) Overview of Wesinger
`
`
`
`
`
`
`
`Wesinger discloses networks “in communication with each other . . . through
`the Internet.” Ex. 1008, 7:31-32. The system includes “a distributed database
`system [“DNS”] that translates host names to IP addresses,” stores “translations . . .
`in DNS tables,” and “is designed to translate and forward queries and responses.”
`Id. at 8:25-32.
`A “client” “asks its local DNS server for . . . information” and the local DNS
`server “find[s] the IP address for [a domain name].” Id. at 8:35-36, 43-44. The
`“client C tries to initiate a connection to host D using the name of D,” the “DNS
`server for D returns the network address of D . . . on the firewall,” and the “virtual
`host on the firewall . . . returns its network address . . . to client C.” Id. at 9:16, 19-
`20, 22-24.
`The “firewall selectively allows and denies connections to implement a
`network security policy” wherein “[a]ll access rules must be satisfied in order to
`gain access to a virtual host.” Id. at 15:3-4, 54-55. In one embodiment, “access
`may be allowed from 1am to 12 pm . . . [or] may be denied from 12 pm to 1 am.”
`Id. at 15:48-50. For example, “[w]hen a connection request is received . . . [the
`system will] determine . . . whether the connection is to be allowed.” Id. at 16:22,
`27-28. In this example, “the virtual host for which a connection is requested” is
`identified, the “host requesting the connection [i.e., “remote host”]” is
`authenticated, and “the Allow and Deny databases for the virtual host” are
`analyzed, and if “all the rules are satisfied, then the connection is allowed.” Id. at
`16:29-31, 49, 59-60, 66-67.
`
`
`
`14
`
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`2) Overview of RFC 2543
`
`
`
`
`
`
`
`Anticipation by Wesinger
`
`RFC 2543 discloses “an application–layer control (signal) protocol for
`crating, modifying and terminating sessions with one or more participants” in
`which the sessions include “Internet multimedia conferences, Internet telephone
`calls, and multimedia distribution.” Ex. 1012, 1.
`
`
`
`C.
`
`Petitioner asserts that claims 1-3, 8-11, 14-17, 22-25, and 28-30 are
`anticipated under 35 U.S.C. § 102 by Wesinger. Pet. 15-29. In support of this
`asserted ground of unpatentability, Petitioner provides explanations as to how each
`claim limitation recited in claims 1-3, 8-11, 14-17, 22-25, and 28-30 is disclosed
`by Wesinger. Upon consideration of Petitioner’s analysis and supporting evidence,
`and taking into account Patent Owner’s preliminary response, we are persuaded
`that Petitioner has demonstrated there is a reasonable likelihood that it would
`prevail with respect to anticipation of claims 1-3, 8-11, 14-17, 22-25, and 28-30
`over Wesinger.
`Claim 1 recites intercepting a request to look up an internet protocol (IP)
`address of a device based on a domain name associated with the device. Claim 16
`recites a similar feature. Petitioner argues that Wesinger discloses a client that
`“will send out a request to establish a connection” that “contains the domain name
`of the destination” and is “intercepted by a firewall.” Pet. 16-17 (citing Ex. 1003
`¶¶ 265-268, 279, 282-298, 331-337; Ex. 1008 at 3:8-13; 4:12-16, 31-38; 6:58 –
`7:5; 8:29-33; 8:63 – 9:25; 9:36-51; 10:13-16, 24-28, 39-45, 48-65; 14:21-23, 45-
`52; 15:8-13, 54-57; 16:19-24; Figs. 1 and 2). We note that Wesinger discloses that
`
`15
`
`
`
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`a user “will first enter the name of a firewall that the user wishes to connect
`through” and that the “firewall will then prompt the user for the name of the
`remote host the user wishes to connect to.” Ex. 1008, 3:10-13. In other words, the
`firewall of Wesinger receives from the user a request pertaining to a first entity
`(i.e., pertaining to “the remote host the user wishes to connect to”) at another entity
`(i.e., the firewall). Therefore, Wesinger discloses “intercepting a request.”
`Claim 1 recites determining whether the device is available for a secure
`communications service. Claim 16 recites a similar feature. Petitioner argues that
`Wesinger discloses that “[i]f the destination is available and the configuration file
`specifies that traffic should be encrypted, the firewall determines that the remote
`host is available for a secure communications service.” Pet. 19 (citing Ex. 1003
`¶¶ 282-285, 299-303, 305-308, 339-343; citing Ex. 1008 at 3:55-60; 8:9-11, 25-33;
`9:15-51, 55-60; 10:10-16, 24-28, 39-45; 11:36-60; 12:5-28, 65-66; 14:45-54, 14:66
`– 15:13; 15:8-13, 41-45, 54-57; 16:19-24). We note that Wesinger discloses that
`“[n]o traffic can pass through the firewall unless the firewall has established an
`envoy for that traffic,” and that “[e]stablishment of an envoy may be subjected to a
`myriad of tests to ‘qualify’ . . . the requested communication.” Ex. 1008, 3:54-55,
`58-60. Based on the results of the “myriad of tests,” it is determined “whether
`such a connection will be allowed or disallowed.” Ex. 1008, 9:59-60. In one
`example, the host is “configured so as to allow only a connection from a specified
`secure client.” Ex. 1008, 10:15-16. Petitioner presumably contends that
`determining whether a specifically requested connection should be allowed (or
`disallowed) between a user and a host (as disclosed by Wesinger) constitutes
`determining whether a device (or host) is available for connection with a user, as
`recited in claim 1, for example. Hence, Wesinger discloses determining whether a
`
`16
`
`
`
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`device is available for a connection, the determining based on whether the
`connection should be allowed or disallowed.
`Claim 1 recites initiating a secure communication link between a first device
`and a second device based on a determination that the second device is available
`for the secure communications service. Claim 16 recites a similar feature.
`Petitioner argues that Wesinger discloses “establishing a connection [between a
`client and host] and loading the configuration file” that “serves to initiate the
`secure communication link.” Pet. 20 (citing Ex. 1003 ¶¶ 272, 286-287, 299-308,
`345-348; Ex. 1008, 3:55-60; 6:5-60; 8:9-11, 29-33; 9:25-51, 55-60; 10:10-16, 24-
`28, 39-45; 11:36-60; 12:5-30, 38-47; 14:45-54; 14:66 – 15:4; 15:5-12, 41-45, 54-
`57). As previously noted, Wesinger discloses a firewall that determines whether a
`connection should be allowed or disallowed between a user and a host device.
`Wesinger also discloses that “the firewall will automatically encrypt any data sent
`through the connection.” Pet. 24. Presumably, if Wesinger determines that a
`connection should be allowed prior to initiating a connection where data is
`encrypted, the connection will be made (or initiated) between the devices –
`initiating a transmission path (or link) that restricts access to data (i.e., initiating a
`connection only if the connection is determined to be allowed) and generally using
`obfuscation methods (e.g., encryption) to hide information on the path, as recited
`in claim 1.
`Claim 1 recites that the secure communications service uses the secure
`communication link to communicate at least one of video data and audio data
`between the first and second devices. Claim 16 recites a similar feature. Petitioner
`argues that Wesinger discloses that “channel processing can include image and
`sound enhancement” and “encryption of audio and video data sent between a client
`and a remote host.” Pet. 20-21 (citing Ex. 1003 ¶¶ 350-354; Ex. 1008, 3:55-60;
`
`17
`
`
`
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`6:5-60; 8:29-33; 9:19-21, 25-51, 55-60; 10:10-15; 11:36-60; 12:5-30, 38-47;
`14:45-54; 14:66 – 15:4; 15:5-12, 41-45). Wesinger discloses processing data on a
`channel with “standard modules [that] may include MPEG, JPEG, LZ-based
`algorithms, etc.” Ex. 1008, 10:56-57. Petitioner presumably contends that such
`“standard modules” process audio or video data. One of ordinary skill in the art
`would have understood that if data is being processed by modules that process
`audio or video data, the data being processed may be audio or video data.
`Claim 2 recites that data is encrypted over the secure communication link.
`Claim 24 recites a similar feature. Petitioner argues that Wesinger discloses that
`“the firewall will automatically encrypt any data sent through the connection.”
`Pet. 24 (citing Ex. 1003 ¶¶ 299-308, 356-360; Ex. 1008, 3:55-60; 6:5-60; 8:29-33;
`9:19-21, 25-51, 55-60; 10:10-15; 11:36-60; 12:5-30, 38-47; 14:45-54; 14:66 –
`15:4; 15:5-12, 19-21, 41-45). Wesinger discloses “encryption and decryption.”
`Ex. 1008, 11:52-53, 54. Hence, Wesinger discloses that data is encrypted, as
`recited in claim 2.
`Claim 3 recites that the secure communication link is a virtual private
`network communication link. Claim 17 recites a similar feature. Petitioner argues
`that Wesinger discloses “the creation of virtual private networks.” Pet. 24 (citing
`Ex. 1008, 12:23-27; Ex. 1003 ¶¶ 361-363 (citing Ex. 1008 at 4:47-52; 6:58 – 7:5;
`12:23-27. As Petitioner explains, Wesinger discloses “the creation of virtual
`private networks - networks in which two remote machines communicate securely
`through cyberspace in the same manner as if the machines were on the same local
`area network.” Ex. 1008, 12:24-27. Hence, Wesinger discloses a virtual private
`network communication link.
`Claim 8 recites that at least one of the first and second device is a mobile
`device. Claim 22 recites a similar feature. Petitioner argues that Wesinger
`
`18
`
`
`
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`discloses that “the first network device can be any device that supports IP
`communications” that may “include laptop computers, PDAs, and WAP-enabled
`mobile phones.” Pet