`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`___________________
`
`
`APPLE INC.
`Petitioner,
`
`v.
`
`VIRNETX, INC. AND SCIENCE APPLICATION INTERNATIONAL
`CORPORATION,
`Patent Owner
`
`Patent No. 7,188,180
`Issued: March 6, 2007
`Filed: November 7, 2003
`Inventors: Victor Larson, et al.
`Title: METHOD FOR ESTABLISHING SECURE COMMUNICATION LINK
`BETWEEN COMPUTERS OF VIRTUAL PRIVATE NETWORK
`____________________
`
`Inter Partes Review No. IPR2014-00481
`__________________________________________________________________
`
`PETITION FOR INTER PARTES REVIEW
`
`
`
`
`
`
`Page 1 of 65
`
`VIRNETX EXHIBIT 2031
`Microsoft v. VirnetX
`Trial IPR2014-00403
`
`
`
`I.
`
`II.
`
`TABLE OF CONTENTS
`COMPLIANCE WITH REQUIREMENTS FOR A PETITION FOR
`INTER PARTES REVIEW ............................................................................ 1
`A.
`Certification the ’180 Patent May Be Contested by Petitioner ............ 1
`B.
`Fee for Inter Partes Review (§ 42.15(a)) .............................................. 1
`C. Mandatory Notices (37 CFR § 42.8(b)) ............................................... 1
`1.
`Real Party in Interest (§ 42.8(b)(1)) ........................................... 1
`2.
`Related Matters (§ 42.8(b)(2)) ................................................... 1
`3.
`Designation of Lead and Backup Counsel ................................. 3
`4.
`Service Information (§ 42.8(b)(4)) ............................................ 3
`Proof of Service (§§ 42.6(e) and 42.105(a)) ........................................ 3
`D.
`IDENTIFICATION OF CLAIMS BEING CHALLENGED
`(§ 42.104(B)) .................................................................................................. 3
`III. RELEVANT INFORMATION CONCERNING THE CONTESTED
`PATENT ......................................................................................................... 4
`A.
`Effective Filing Date and Prosecution History of the ’180 patent ....... 4
`B.
`Person of Ordinary Skill in the Art ...................................................... 5
`C.
`Construction of Terms Used in the Claims .......................................... 5
`IV. PRECISE REASONS FOR RELIEF REQUESTED ................................... 14
`A.
`[GROUND 1] – Provino Anticipates Claims 1, 10, 12-15, 17,
`26, 28-31, and 33 ................................................................................ 15
`[GROUND 2] – Provino in view of Guillen and Kosiur renders
`obvious claims 4, 6, 20, 22, 35 and 37 ............................................... 35
`[GROUND 3] – RFC 2543 Anticipates Claims 1, 4, 6, 10, 12-
`15, 17, 20, 22, 26, 28-31, 33, 35 and 37 of the 180 Patent ................ 40
`1.
`RFC 2543 Anticipates Claims 1, 17 and 33............................. 41
`2.
`RFC 2543 Anticipates Claims 4, 6, 20, 22, 35 and 37 ............ 47
`3.
`RFC 2543 Anticipates Claims 10 and 26 ................................. 49
`4.
`RFC 2543 Anticipates Claims 12 and 28 ................................. 49
`5.
`RFC 2543 Anticipates Claims 13 and 29 ................................. 50
`6.
`RFC 2543 Anticipates Claims 14 and 30 ................................. 51
`
`C.
`
`B.
`
`Page 2 of 65
`
`
`
`7.
`RFC 2543 Anticipates Claim 15 and 31 .................................. 52
`[GROUND 4] RFC 2543 In View of RFC 2327, RFC 1889, and
`RFC 2401 Renders Obvious Claims 1, 4, 6, 10, 12-15, 17, 20,
`22, 26, 28-31, 33, 35, and 37 .............................................................. 52
`CONCLUSION ............................................................................................. 54
`
`V.
`
`Attachment A. Proof of Service of the Petition
`Attachment B. List of Evidence and Exhibits Relied Upon in Petition
`
`
`D.
`
`
`
`Page 3 of 65
`
`
`
`I.
`
`COMPLIANCE WITH REQUIREMENTS FOR A PETITION FOR
`INTER PARTES REVIEW
`A. Certification the ’180 Patent May Be Contested by Petitioner
`Petitioner certifies that U.S. Patent No. 7,188,180 (the ’180 patent) (Ex.
`
`1001) is available for inter partes review. Petitioner certifies that it is not barred or
`
`estopped from requesting inter partes review of the claims of the ’180 patent on
`
`the grounds identified in this Petition. Neither Petitioner, nor any party in privity
`
`with Petitioner, has filed a civil action challenging the validity of any claim of the
`
`’180 patent. The ’180 patent has not been the subject of a prior inter partes review
`
`by Petitioner or a privy of Petitioner. Petitioner also certifies that it has not been
`
`served with a complaint alleging infringement of the ’180 patent.
`
`Fee for Inter Partes Review (§ 42.15(a))
`
`B.
`The Director is authorized to charge the fee specified by 37 CFR § 42.15(a)
`
`to Deposit Account No. 50-1597.
`
`C. Mandatory Notices (37 CFR § 42.8(b))
`Real Party in Interest (§ 42.8(b)(1))
`1.
`The real party of interest of this petition pursuant to § 42.8(b)(1) is Apple
`
`Inc. (“Apple”) located at One Infinite Loop, Cupertino, CA 95014.
`
`2.
`
`Related Matters (§ 42.8(b)(2))
`
`Page 4 of 65
`
`
`
`The ’180 patent is the subject of at least two other IPR proceedings,
`
`IPR2014-00401 and IPR2014-00405, and Grounds (i) through (ii) below are
`
`substantially similar to the grounds presented in IPR2014-00401.
`
`Concurrently with this petition, Apple is filing another petition for IPR of
`
`the ’180 patent. See IPR2014-00481. Apple has also filed petitions for IPR of
`
`claims of two other patents in the same family, namely U.S. Patent Nos. 7,987,274
`
`(“the ’274 Patent”), see IPR2014-00483 and -00484, and 8,051,181 (“the ’181
`
`patent”), see IPR2014-00485 and -00486. The ’181 patent is a continuation of the
`
`’180 patent, and the ’274 patent is a continuation of a continuation of the ’181
`
`Patent, and thus, all three patents share a similar specification. Apple is not aware
`
`of any terminal disclaimers for the ’180 Patent.
`
`The ’180 Patent is presently involved in three pending litigations (“the
`
`Litigations”), one of which names Microsoft as a defendant: VirnetX Inc. et al. v.
`
`Microsoft Corp, Docket No. 6:13cv351 (E.D. Tex.) (“2013 VirnetX Litigation”);
`
`VirnetX Inc. v. Cisco Systems, Inc. et al., Docket No. 6:10cv417 (E.D. Tex.); and
`
`VirnetX Inc. v. Apple Inc., Docket No. 6:13cv211 (E.D. Tex.). The ’180 patent is
`
`also subject to co-pending inter partes reexamination control number 95/001,792,
`
`which is currently at appeal to the Patent Trial and Appeal Board, and the ’180
`
`Patent was earlier involved in an inter partes reexamination, identified by control
`
`Page 5 of 65
`
`
`
`number 97/001,270, for which a reexamination certificate was issued on June 7,
`
`2011.
`
`Designation of Lead and Backup Counsel
`
`3.
`Lead Counsel
`Jeffrey P. Kushan
`Reg. No. 43,401
`jkushan@sidley.com
`(202) 736-8914
`4.
`Service on Petitioner may be made by e-mail, mail or hand delivery to:
`
`Backup Lead Counsel
`Joseph A. Micallef
`Reg. No. 39,772
`jmicallef@sidley.com
`(202) 736-8492
`Service Information (§ 42.8(b)(4))
`
`Sidley Austin LLP, 1501 K Street, N.W., Washington, D.C. 20005. The fax
`
`number for lead and backup counsel is (202) 736-8711.
`
`Proof of Service (§§ 42.6(e) and 42.105(a))
`D.
`Proof of service of this petition is provided in Attachment A.
`
`II.
`
`Identification of Claims Being Challenged (§ 42.104(b))
`Claims 1, 4, 6, 10, 12-15, 17, 20, 22, 26, 28-31, 33, 35, and 37 of the ’180
`
`patent are unpatentable as being anticipated under 35 U.S.C. § 102 (b) & (e),
`
`and/or for being obvious over the prior art under 35 U.S.C. § 103. Specifically:
`
`(i)
`
`Claims 1, 10, 12-15, 17, 26, 28-31, and 33 are anticipated under
`§ 102(e) by U.S. Patent No. to Provino (“Provino”) (Ex. 1003).
`
`(ii) Claims 4, 6, 20, 22, 35 and 37 are obvious under § 103 based on
`Provino (Ex. 1003) in view of Guillen (Ex. 1005) and Kosiur (Ex.
`1006)
`
`(iii) Claims 1, 4, 6, 10, 12-15, 17, 20, 22, 26, 28-31, 33, 35, and 37 are
`anticipated under § 102(b) by RFC 2453 (Ex. 1033);
`
`Page 6 of 65
`
`
`
`(iv) Claims 1, 4, 6, 10, 12-15, 17, 20, 22, 26, 28-31, 33, 35, and 37 are
`anticipated under § 103 Based on RFC 2543 in View of RFC 1889
`(Ex. 1034), RFC 2327 (Ex. 1035), and RFC 2401 (Ex. 1032).
`
`Petitioner’s proposed construction of the contested claims, the evidence relied
`
`upon, and the precise reasons why the claims are unpatentable are provided in
`
`§ IV, below. The evidence relied upon in support of this petition is listed in
`
`Attachment B.
`
`III. Relevant Information Concerning the Contested Patent
`A. Effective Filing Date and Prosecution History of the ’180 patent
`The ’180 patent issued from a string of applications dating back to an
`
`original application filed on October 30, 1998. Though the ’180 patent claims
`
`priority as far back as Provisional Application no. 60/106,261, filed on October 30,
`
`1998, but the effective priority date of independent claims 1, 17, and 33 (and, by
`
`dependency, all of the other claims) is April 26, 2000 at the earliest. VirnetX
`
`acknowledged the priority date of the ’180 patent during the ’270 reexamination.
`
`Ex. 1023 at 232 (“Further, the closeness of proximity of the alleged publication
`
`date of Aventail to the April 26, 2000 priority date of the ’180 Patent raises further
`
`doubt as to the availability of Aventail as prior art”).
`
`Provino is as prior art under 35 U.S.C § 102(e), as it was filed on May 29,
`
`1998, and issued on April 29, 2003. Kosiur is prior art under 35 U.S.C § 102(b), as
`
`it was published at the latest on September 1, 1998. Guillen is prior art under 35
`
`U.S.C. § 102(b) as it was published in October 1993. RFC 2543 is prior art under
`
`Page 7 of 65
`
`
`
`35 U.S.C § 102(b) as it was published in March 1999. RFC 2401 is prior art under
`
`35 U.S.C § 102(b) as it was published in November 1998. RFCs 1889 and 2327
`
`are prior art under 35 U.S.C § 102(b) as they were published in January 1996 and
`
`April 1998, respectively.
`
`Person of Ordinary Skill in the Art
`
`B.
`A person of ordinary skill in the art in the field of the ’180 patent would
`
`have been someone with a good working knowledge of networking protocols,
`
`including those employing security techniques, as well as computer systems that
`
`support these protocols and techniques. The person also would be very familiar
`
`with Internet standards related to communications and security, and with a variety
`
`of client-server systems and technologies. The person would have gained this
`
`knowledge either through education and training, several years of practical
`
`working experience, or through a combination of these. Ex. 1029 at ¶ 58.
`
`C. Construction of Terms Used in the Claims
`In this proceeding, claims must be given their broadest reasonable
`
`interpretation in light of the specification. 37 CFR § 42.100(b). The broadest
`
`reasonable interpretation should take account of Patent Owner’s contentions as to
`
`what the claims literally encompass and constructions Patent Owner has advanced
`
`in litigation. The ’180 patent shares a common disclosure and uses several of the
`
`same terms as the ’697, ’135, ’151, ’504 and ’211 patents, in respect of which
`
`Page 8 of 65
`
`
`
`Patent Owner has previously advanced constructions during litigation. Also, if
`
`Patent Owner contends terms in the claims should be read as having a special
`
`meaning, those contentions should be disregarded unless Patent Owner also
`
`amends the claims compliant with 35 U.S.C. § 112 to make them expressly
`
`correspond to those contentions. See 77 Fed. Reg. 48764 at II.B.6 (August 14,
`
`2012); cf. In re Youman, 679 F.3d 1335, 1343 (Fed. Cir. 2012). In the
`
`constructions below, Petitioner identifies representative subject matter within the
`
`scope of the claims, read with their broadest reasonable interpretation. Petitioner
`
`expressly reserves its right to advance different constructions in district court
`
`litigation, which employs a different claim construction standard.
`
`Accordingly, for purposes of this proceeding only, Apple submits
`
`constructions for the following terms. All remaining terms should be given their
`
`plain meaning. Under the law applicable to claim construction in IPR proceedings,
`
`the following claim terms should be construed applying the broadest reasonable
`
`interpretation to be broad enough to be covered by the corresponding definition:
`
`Claim Term
`
`Definition Encompassed by Broadest
`Reasonable Interpretation
`“virtual private network” a network of computers that privately com municate
`with each other by encrypting traffic on insecure
`communication paths between the computers
`any communication link between two end points in
`a virtual private network
`
`“virtual private network
`communication link”
`
`Page 9 of 65
`
`
`
`“secure computer network
`address”
`
`a network address that requires authorization for
`access and is associated with a computer configured
`to be accessed through a virtual private network
`
`“secure domain name”
`
`a non-standard domain name that corresponds to a
`secure computer network address and cannot be
`resolved by a conventional domain name service
`(DNS)
`a service that can resolve secure computer network
`addresses for a secure domain name for which a
`conventional domain name service cannot resolve
`addresses
`“provisioning information” Information that enables communications in a
`virtual private network
`
`“secure domain name
`service”
`
`
`
`1.
`
` “Virtual Private Network” and “Virtual Private Network
`Communication Link”
`
`The ’180 patent does not provide an explicit definition for “virtual private
`
`network.” However, the specification states, “[i]f the user is not authorized to
`
`access the secure site, then a ‘host unknown’ message is returned (step 2705). If
`
`the user has sufficient security privileges, then in step 2706 a secure VPN is
`
`established between the user’s computer and the secure target site.” Ex 1001 at
`
`39:21-25. This excerpt shows how a “virtual private network” establishes a secure
`
`connection between nodes where security may not otherwise exist. Ex. 1016 at 5.
`
`Similarly, the ’180 patent does not provide an explicit definition for
`
`“communication link.” However, the specification refers to “software module
`
`3309 access[ing] secure server 3320 through VPN communication link 3321.” Ex.
`
`Page 10 of 65
`
`
`
`1001 at 52:55-56. In FIG. 33, the communication link 3321 is illustrated as only
`
`the portion of the path between computer 3301 and server 3320 that is over
`
`network 3302. In the currently pending Inter Partes Reexamination No.
`
`95/001,792 (“the ’792 Reexamination”), VirnetX has not proposed a specific
`
`definition for a virtual private network or a virtual private network communication
`
`link. Instead, VirnetX simply argued that messages sent before a communication
`
`link has been established cannot be sent using that same communication link. Ex.
`
`1024 at 314-316. Similarly, the Examiner did not provide an explicit definition,
`
`though the Examiner asserted that “the claim term ‘private’ modifies the claim
`
`term ‘network’ and as such, [a reference] must teach the ‘privacy’ of the ‘network’
`
`and not just the privacy of the ‘communication link’ to anticipate the claims.” Ex.
`
`1024 at 225.
`
`In VirnetX Inc. v. Microsoft Corp., Docket No. 6:07CV80 (the 2007
`
`VirnetX litigation), VirnetX contended that “virtual private network” means “a
`
`network of computers capable of privately communicating with each other by
`
`encrypting traffic on insecure communication paths between the computers, and
`
`which is capable of expanding to include additional computers and communication
`
`paths.” Ex. 1016 at 4. However, the Court more broadly construed “virtual private
`
`network” to mean “a network of computers which privately communicate with
`
`each other by encrypting traffic on insecure communication paths between the
`
`Page 11 of 65
`
`
`
`computers.” Id. The Court clarified that “[t]he Court’s construction does not limit
`
`a ‘virtual private network’ to any particular number of computers or
`
`communication paths. Thus, VirnetX’s proposed language [regarding expansion to
`
`include additional computers] is superfluous.” Ex. 1016 at n.3.
`
`In light of the specification’s lack of a definition, the ’792 reexamination,
`
`and the Court’s explanation of why it rejected VirnetX’s proposed construction,
`
`Apple submits that the broadest reasonable interpretation of the term “virtual
`
`private network” should at least be as broad as the Court’s construction from the
`
`2007 VirnetX litigation: “a network of computers that privately communicate
`
`with each other by encrypting traffic on insecure communication paths between
`
`the computers.” The same Court determined that the term “communication link,”
`
`while not requiring specific construction, should not be limited to “the entire
`
`communication path between computers in a virtual private network.” Ex. 1016 at
`
`26. Thus, Apple submits that the broadest reasonable interpretation of the term
`
`“virtual private network communication link” should be broad enough to
`
`encompass “any communication link between two end points in a virtual private
`
`network.” These constructions are not inconsistent with the ’274 patent’s
`
`specification, as well as the ’792 reexamination and the 2007 VirnetX litigation.
`
`Ex. 1011 at ¶¶ 19-21.
`
`2.
`
`“Secure Network Address”
`
`Page 12 of 65
`
`
`
`The ’180 patent does not provide an explicit definition for “secure network
`
`address.” The specification simply states that “SDNS 3313 stores a computer
`
`network address corresponding to the secure domain name.” Ex. 1001 at 47:17-19.
`
`In a reexamination of the ’180 patent, VirnetX suggested that a computer having a
`
`“secure network address” requires authorization for access or communication. Ex.
`
`1023 at 230. This was preceded, in the 2007 VirnetX litigation, by VirnetX
`
`suggesting that “secure computer network address” means “a network address
`
`associated with a computer capable of virtual private network communications.”
`
`Ex. 1016 at 28. With no clear definition presented by the ’180 patent specification,
`
`Microsoft submits that the broadest reasonable interpretation (for this proceeding)
`
`of the term “secure computer network address” should encompass the features
`
`referenced by VirnetX in each proceeding. As such, Apple submits that the
`
`broadest reasonable interpretation of “secure network address” should be broad
`
`enough to encompass “a network address that requires authorization for access
`
`and is associated with a computer configured to support virtual private network
`
`communications,” as this is not inconsistent with the ’180 patent’s specification
`
`and the scope that VirnetX has advanced during both reexamination and litigation.
`
`Ex. 1011 at ¶ 22.
`
`3.
`
`“Secure Domain Name”
`
`Page 13 of 65
`
`
`
`The ’180 patent describes a “secure domain name” as a domain name that
`
`corresponds to a secure computer 3320. Ex. 1001 at 47:48-51. The ’180 patent
`
`explains that, “[b]ecause the secure top-level domain name is a non-standard
`
`domain name, a query to a standard domain name service (DNS) will return a
`
`message indicating that the universal resource locator (URL) is unknown.” Ex.
`
`1001, 46:41-44.
`
`In Inter Partes Reexamination No. 95/001,270 (“‘270 Reexamination”),
`
`VirnetX asserted that a “secure domain name” is a name that “cannot be resolved
`
`by a conventional domain name service.” Ex. 1023 at 230. Accepting VirnetX’s
`
`arguments, the Examiner in the ’270 Reexamination asserted that “a secure domain
`
`name is a nonstandard domain name and that querying a convention domain name
`
`server using a secure domain name will result in a return message indicating that
`
`the URL is unknown.” Ex. 1023 at 119.
`
`Accordingly, Apple submits that the broadest reasonable interpretation of
`
`the term “secure domain name” should be broad enough to encompass “a non-
`
`standard domain name that corresponds to a secure computer network address
`
`and cannot be resolved by a conventional DNS,” as this is not inconsistent with
`
`the ’180 patent’s specification and the scope that VirnetX has advanced during
`
`both reexamination and litigation. Ex. 1011 at ¶ 23. In fact, this interpretation is
`
`Page 14 of 65
`
`
`
`identical to the construction to which VirnetX agreed in the VirnetX Inc. vs. Cisco
`
`Systems, Inc. litigation numbered 6:10-CV-417. Ex. 1017 at 19-20.
`
`“Secure Domain (Name) Service”
`
`4.
`The ’180 patent explains that, “for each secure domain name, SDNS 3313
`
`stores a computer network address corresponding to the secure domain name.” Ex.
`
`1001 at 47:17-19. Accordingly, “[a]n entity can register a secure domain name in
`
`SDNS 3313 so that a user who desires a secure communication link to the website
`
`of the entity can automatically obtain the secure computer network address for the
`
`secure website.” Ex. 1001 at 47:19-22.
`
`In the ’270 Reexamination, VirnetX argued that the claim term “secure
`
`domain name service” should be understood to refer to something “different from a
`
`conventional domain name service.” Ex. 1023 at 232. In making this argument,
`
`VirnetX noted that “the ’180 Patent explicitly states that a secure domain name
`
`service can resolve addresses for a secure domain name; whereas, a conventional
`
`domain name service cannot resolve addresses for a secure domain name.” Id. at
`
`7. The Examiner in the ’270 Reexamination agreed with VirnetX, finding that “the
`
`’180 patent explains that a secure domain name service can resolve addresses for a
`
`secure domain name whereas a conventional domain name service cannot resolve
`
`addresses for a secure domain name.” Ex. 1023 at 119.
`
`Page 15 of 65
`
`
`
`In the 2007 VirnetX litigation, VirnetX asserted that a “secure domain name
`
`service” is “a service that receives requests for secure computer network addresses
`
`corresponding to secure domain names, and is capable of providing trustworthy
`
`responses.” Ex 1016 at 31. The Court adopted a similar construction, construing a
`
`“secure domain name service” as “a lookup service that returns a secure network
`
`address for a requested secure domain name.” Id.
`
`Apple submits that the broadest reasonable interpretation of the term “secure
`
`domain name service” in the patent should be broad enough to encompass “a
`
`service that can resolve secure computer network addresses for a secure domain
`
`name for which a conventional domain name service cannot resolve addresses,”
`
`as this is not inconsistent with the ’180 patent’s specification and the scope that
`
`VirnetX has advanced during both reexamination and litigation. Ex. 1011 at ¶ 24.
`
`Provisioning Information
`
`5.
`The ’180 patent does not provide an explicit definition for “provisioning
`
`information.” The specification simply states that “VPN gatekeeper 3314
`
`provisions computer 3301 and secure web server computer 3320, or a secure edge
`
`router for server computer 3320, thereby creating the VPN.” Ex. 1001, 52:30-33
`
`(emphasis added), 52:6-8. The term “provisioning information” was not defined
`
`by VirnetX in the original prosecution of the ’180 patent or the reexaminations
`
`involving the ’180 patent. Moreover, no parties proposed constructions of the term
`
`Page 16 of 65
`
`
`
`“provisioning information” in the litigations involving the ’180 patent in which
`
`claim construction orders have been issued (i.e., VirnetX Inc. v. Microsoft Corp.,
`
`Docket Nos. 6:07CV80 (E.D. Tex.) and VirnetX Inc. v. Cisco Systems, Inc. et al.,
`
`Docket No. 6:10cv417 (E.D. Tex.)).
`
`Accordingly, Apple submits that the broadest reasonable interpretation of
`
`the term “provisioning information” should be broad enough to encompass
`
`“information that enables communication in a virtual private network,” as this is
`
`not inconsistent with the ’180 patent’s specification. See Ex. 1011, ¶ 25.
`
`While the broadest reasonable interpretations may encompass more than the
`
`features set forth in the constructions above, Apple submits that the broadest
`
`reasonable interpretations of the terms “secure domain name,” “secure domain
`
`name service,” “secure computer network address,” and “virtual private network
`
`communication link” are broad enough to be covered by these features. As will be
`
`described below, Provino describes these features of a “virtual private network,” a
`
`“virtual private network communication link,” a “secure computer network
`
`address,” a “secure domain name,” a “secure domain name service,” and
`
`“provisioning information.”
`
`IV. Precise Reasons for Relief Requested
`
`Page 17 of 65
`
`
`
`A.
`
`[GROUND 1] – Provino Anticipates Claims 1, 10, 12-15, 17, 26,
`28-31, and 33
`
`The features of claims 1, 10, 12-15, 17, 26, 28-31, and 33 of the ’180 patent
`
`are anticipated by Provino, rendering each of these claims unpatentable under 35
`
`U.S.C. § 102(e).
`
`Provino describes “systems and methods of easing communications between
`
`devices connected to public networks such as the Internet and devices connected to
`
`private networks.” Ex. 1003 at 1:14-16; see Ex. 1011 at ¶ 26. In particular,
`
`Provino describes a system that facilitates communications between a client device
`
`12(m) connected to ISP 11 and a server 31(s) located within virtual private
`
`network (VPN 15. See Ex. 1003 at 9:32-10:33; Ex. 1011 at ¶ 27. An example of
`
`the architecture of Provino’s system is illustrated in Figure 1 of Provino. Id.
`
`For a device 12(m) external to VPN 15 to communicate with a server 31(s)
`
`within VPN 15, Provino describes a two phase process for establishing
`
`communications. See Ex. 1003 at 12:1-2; Ex. 1011 at ¶ 27. In the first phase
`
`described by Provino, the device 12(m) is securely connected to the VPN 15 via
`
`the Internet 14. See Ex. 1003 at 12:2-4; Ex. 1011 at ¶¶ 27-28. As shown in
`
`Annotation 1 below, the creation of the secure tunnel between device 12(m) and
`
`VPN 15 effectively extends the VPN to include the device 12(m) via Internet 14.
`
`Ex. 1011 at ¶ 28.
`
`Page 18 of 65
`
`
`
`(Annotation 1)
`
`
`
`
`
`After creating a secure tunnel between device 12(m) and VPN 15, Provino
`
`describes a second phase in which “the device 12(m) can use the information
`
`provided during the first phase in connection with generating and transferring
`
`message packets to one or more servers 31(s) in the virtual private network 15, in
`
`the process obtaining resolution [of] human-readable Internet addresses to integer
`
`Internet addresses as necessary from the nameserver 32 that was identified by the
`
`firewall 30 during the first phase.” Ex. 1003 at 12:8-16; see Ex. 1011 at ¶ 29.
`
`
`
`In particular, in the second phase of Provino, a user of client device 12(m)
`
`may instigate communications with a server 31(s) within VPN 15 by providing a
`
`human-readable Internet address to the client device 12(m). See Ex. 1003 at 13:31-
`
`40; Ex. 1011 at ¶ 29. The client device 12(m) receives the human-readable
`
`Page 19 of 65
`
`
`
`Internet address and ultimately uses nameserver 32 to resolve the human-readable
`
`Internet address to an integer Internet address, which the client device 12(m) uses
`
`to communicate with server 31(s). See Ex. 1003 at 10:45-67; Ex. 1011 at ¶ 30.
`
`
`
`Below, in Annotation 2 of FIG. 1, the client’s exchange with nameserver 32
`
`is highlighted. See Ex. 1011 at ¶ 30. Specifically, in response to nameserver 32
`
`receiving a human-readable Internet address from client device 12(m) (1), the
`
`integer Internet address for server 31(s) is provided by nameserver 32 to client
`
`device 12(m) (2). See Ex. 1011 at ¶¶ 31-32.
`
`(Annotation 2)
`
`
`
`
`
`In Annotation 3 of FIG. 1, which follows, server 31(s) is within VPN 15 and
`
`firewall 30 limits access to server 31(s) by computer outside VPN 15. See Ex.
`
`1003 at 9:6-27; Ex. 1011 at ¶ 33, 35. Thus, the server 31(s) is a secure computer.
`
`Page 20 of 65
`
`
`
`The human-readable Internet address and integer Internet address of the server
`
`31(s) therefore each correspond to a secure computer, with nameserver 32 (within
`
`the VPN, identified by the firewall 30 in phase 1) being used to resolve the integer
`
`Internet address of server 31(s) from the human-readable Internet address.
`
`(Annotation 3)
`
`
`
`Before creation of the secure tunnel, the firewall 30 must authenticate the
`
`device 12(m) by determining whether it is authorized to access a server 31(s)
`
`within the VPN 15. See Ex. 1003 at 9:56-60. Thus, in order for the device 12(m) to
`
`access the server 31(s), the device 12(m) must be authorized to do so. See Ex. 1011
`
`a t¶¶ 28, 33. Moreover, as described above, the secure tunnel effectively extends
`
`the VPN 15 to include device 12(m), such that the device 12(m) accesses server
`
`31(s) through the extended VPN 15. See Ex. 1011 at ¶ 28. Accordingly, the integer
`
`Page 21 of 65
`
`
`
`Internet address of the server 31(s) is a secure computer network address, under
`
`that term’s broadest reasonable interpretation. See Ex. 1011 at ¶¶ 33-34.
`
`As described above, the broadest reasonable interpretation of the claimed
`
`“secure domain name” includes a non-standard domain name that corresponds to a
`
`secure computer network address and cannot be resolved by a conventional DNS.
`
`The human-readable Internet address of server 31(s), as described by Provino, is
`
`such a secure domain name. See Ex .1011, ¶ 34. To this point, according to
`
`Provino, the human-readable network addresses may be “any form of secondary or
`
`informal network address arrangements.” Ex. 1003 at 16:12-17. Moreover, when
`
`seeking to resolve the human-readable Internet address of server 31(s), Provino
`
`describes that the device 12(m) will first contact a conventional nameserver 17. Ex.
`
`1003 at 11:5-10. Nameserver 17 is the DNS server associated with the client
`
`device’s ISP 11. Ex. 1003 at 7:37-43. However, “[s]ince nameserver 17 is outside
`
`of the virtual private network 15 . . . [, it] will not have the information requested
`
`by the device 12(m).” Ex. 1003 at 11:10-12. Instead, Provino describes that the
`
`client device 12(m) must thereafter query the nameserver 32, which exclusively
`
`services the VPN 15, in order to resolve the human-readable Internet address of
`
`server 31(s). Ex. 1003 at 12:8-16. In other words, the human-readable Internet
`
`address of server 31(s) is a non-standard domain name that cannot be resolved by a
`
`conventional DNS service, such as nameserver 17. See Ex. 1011 at ¶ 34.
`
`Page 22 of 65
`
`
`
`Accordingly, the human-readable Internet address of server 31(s) is a secure
`
`domain name under that terms broadest reasonable construction.
`
`Relatedly, the nameserver 32 described by Provino is a “secure domain
`
`name service,” as recited in the claims. As described above, the broadest
`
`reasonable interpretation of a secure domain name service includes a service that
`
`can resolve secure network addresses for a secure domain name for which a
`
`conventional domain name service cannot resolve addresses. As illustrated below
`
`in Annotation 4 of FIG. 1, Provino describes positioning the nameserver 32 within
`
`VPN 15, behind firewall 30. See Ex. 1003 at FIG. 1 (reproduced above), 6:15-19;
`
`Ex. 1011 at ¶ 35.
`
`(Annotation 4)
`
`
`
`Page 23 of 65
`
`
`
`Functionally, “the nameserver 32 serves to resolve human-readable Internet
`
`addresses for servers 31(s) internal to the virtual private network 15 to respective
`
`integer Internet addresses.” Ex. 1003 at 9:2-5. By resolving human-readable
`
`Internet addresses for servers 31(s) inside of VPN 15 (i.e., secure domain names,
`
`as detailed in the paragraph above) to respective integer Internet addresses,
`
`nameserver 32 functions as a secure domain name service. See Ex. 1011 at ¶ 35.
`
`To resolve the human-readable Internet address using nameserver 32, the
`
`“device 12(m) will thereafter generate a request message packet for transmission to
`
`the nameserver 32 through the firewall 30 and over the secure tunnel”. Ex. 1003 at
`
`11:13-16. This process is illustrated in Annotation 5 of FIG. 1, which shows the
`
`device 12(m) sending a query message (i.e., the request message packet) to a
`
`secure domain name service (i.e., nameserver 32), to request (from the secure
`
`domain name service, nameserver 32) a secure computer network address (i.e., the
`
`integer Internet address corresponding to server 31(s), a secure computer)
`
`corresponding to the secure domain name (i.e., the human-readable Internet
`
`addresses of a server 31(s)). See Ex. 1011 at ¶¶ 31-32.
`
`Page 24 of 65
`
`
`
`(Annotation 5)
`
`
`
`As a result of this query, Provino describes that the device 12(m) receives
`
`the integer Internet address for server 31(s) in a message packet transmitted from
`
`nameserver 32 via firew