Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`
`
`
`
`
`Paper No. 1
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`
`
`
`
`
`APPLE INC.
`Petitioner,
`
`v.
`
`VIRNETX, INC. AND SCIENCE APPLICATION INTERNATIONAL
`CORPORATION,
`Patent Owner
`
`Patent No. 7,921,211
`Issued: Apr. 5, 2011
`Filed: Aug. 17, 2007
`Inventor: Victor Larson, et al.
`AGILE NETWORK PROTOCOL FOR SECURE
`COMMUNICATIONS USING SECURE DOMAIN NAMES
`____________________
`Inter Partes Review No. IPR2015-00186
`
`
`
`
`
`
`
`Title:
`
`PETITION FOR INTER PARTES REVIEW OF U.S. PATENT NO. 7,921,211
`UNDER 35 U.S.C. §§ 311-319 AND 37 C.F.R. § 42.1-.80 & 42.100-.123
`________________________
`
`
`
`
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`TABLE OF CONTENTS
`
`I. MANDATORY NOTICES UNDER 37 C.F.R § 42.8(a)(1) ....................... 1
`A.
`Real Party-In-Interest Under 37 C.F.R. § 42.8(b)(1) ............................ 1
`B.
`Related Matters Under 37 C.F.R. § 42.8(b)(2) ..................................... 2
`C.
`Lead And Back-Up Counsel Under 37 C.F.R. § 42.8(b)(3) ................. 3
`D.
`Service Information ............................................................................... 3
`II.
`PAYMENT OF FEES – 37 C.F.R. § 42.103 ................................................ 3
`III. REQUIREMENTS FOR IPR UNDER 37 C.F.R. § 42.104 ....................... 3
`A. Grounds for Standing Under 37 C.F.R. § 42.104(a) ............................. 3
`B.
`Challenge Under 37 C.F.R. § 42.104(b) and Relief Requested ............ 4
`C.
`Claim Construction under 37 C.F.R. §§ 42.104(b)(3) .......................... 5
`1. Domain Name (Claims 1, 2, 5, 6, 14-17, 19-23, 26-41, 43-
`47, and 50-60) ................................................................................. 5
`2. Domain Name Service System (Claims 1, 2, 5, 6, 14-17, 19-
`23, 26-41, 43-47, and 50-60) ........................................................... 5
`3. Indicate/Indicating (Claims 1, 2, 5, 6, 14-17, 19-23, 26-41,
`43-47, and 50-60) ............................................................................ 7
`4. Secure Communication Link (Claims 1, 16-17, 20-23, 26-
`27, 31-32, 35-36, 47, 51, and 60) .................................................... 8
`5. Transparently (Claims 27 and 51) ................................................... 8
`6. Between [A] and [B] (Claims 16, 27, 33, 40, 51, and 57) .............. 9
`IV. SUMMARY OF THE ‘211 PATENT .......................................................... 9
`V. DETAILED DESCRIPTION WHY THE CHALLENGED
`CLAIMS ARE UNPATENTABLE ............................................................ 10
`A.
`23, 26-41, 43-47, 50-60 ....................................................................... 10
`1. Provino Anticipates Claims 1 ....................................................... 22
`2. Provino Anticipates Claims 36 ..................................................... 27
`3. Provino Anticipates Claims 60 ..................................................... 29
`
`[GROUND 1] – Provino Anticipates Claims 1, 2, 6, 14-17, 19-
`
`i
`
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`4. Provino Anticipates Claims 2 and 37 ............................................ 31
`5. Provino Anticipates Claim 6 ......................................................... 31
`6. Provino Anticipates Claims 14 and 38 .......................................... 32
`7. Provino Anticipates Claims 15 and 39 .......................................... 32
`8. Provino Anticipates Claims 16 and 40 .......................................... 33
`9. Provino Anticipates Claims 17 and 41 .......................................... 37
`10. Provino Anticipates Claims 19 and 43 .......................................... 39
`11. Provino Anticipates Claims 20 and 44 .......................................... 40
`12. Provino Anticipates Claims 21 and 45 .......................................... 40
`13. Provino Anticipates Claims 22 and 46 .......................................... 41
`14. Provino Anticipates Claims 23 and 47 .......................................... 42
`15. Provino Anticipates Claims 26 and 50 .......................................... 43
`16. Provino Anticipates Claims 27, 33, 51, and 57............................. 43
`17. Provino Anticipates Claims 28 and 52 .......................................... 45
`18. Provino Anticipates Claims 29 and 53 .......................................... 45
`19. Provino Anticipates Claims 30 and 54 .......................................... 46
`20. Provino Anticipates Claims 31 and 55 .......................................... 47
`21. Provino Anticipates Claims 32 and 56 .......................................... 47
`22. Provino Anticipates Claims 34 and 58 .......................................... 48
`23. Provino Anticipates Claims 35 and 59 .......................................... 48
`B.
`Obvious Claims 20, 21, 35, 44, 45, and 59 ......................................... 49
`C.
`Claims 29-32 and 53-56 ...................................................................... 51
`D.
`Obvious Claims 16, 27, 33, 40, 51, and 57 ......................................... 54
`E.
`[GROUND 5] – Provino Anticipates Claim 5 .................................... 57
`F.
`Obvious Claim 5 .................................................................................. 58
`VI. CONCLUSION ............................................................................................ 60
`
`[GROUND 6] – Provino In View of RFC 2660 Renders
`
`ii
`
`[GROUND 2] – Provino In View of RFC 1034 Renders
`
`[GROUND 3] – Provino In View of Kosiur Renders Obvious
`
`[GROUND 4] – Provino In View of RFC 2660 Renders
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`
`Attachment A. Proof of Service of the Petition
`
`Attachment B. List of Evidence and Exhibits Relied Upon in Petition
`
`
`
`iii
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`Apple Inc. (“Petitioner” or “Apple”) petitions for Inter Partes Review
`
`(“IPR”) under 35 U.S.C. §§ 311–319 and 37 C.F.R. § 42 of claims 1, 2, 5, 6, 14-
`
`17, 19-23, 26-41, 43-47, and 50-60 (“the Challenged Claims”) of U.S. Patent No.
`
`7,921,211 (“the ‘211 patent”). By its accompanying Motion for Joinder, Petitioner
`
`seeks to join this petition to IPR2014-00618 (which has been consolidated to
`
`IPR2014-00615), a proceeding instituted on the same patent and the same prior
`
`art. This petition presents two additional grounds relative to IPR2014-00618
`
`establishing that dependent claim 5 is unpatentable. Claim 5 is highly similar to
`
`claims 23 and 47 involved in the -00618 proceeding – each claim specifies
`
`“authenticat[ing] the query” with claim 5 further specifying “using a
`
`cryptographic technique.” Claim 5 is unpatentable over the same prior art that the
`
`Board has found to show the Challenged Claims unpatentable. See IPR2014-
`
`00615, Paper No. 9 at 21-22, 26-27. It is submitted that consideration of these
`
`additional grounds on a single claim will not impose a burden on the Panel given
`
`the common prior art and similarity to issues already being considered in the -
`
`00615 proceeding, as explained in the Motion for Joinder.
`
`I. MANDATORY NOTICES UNDER 37 C.F.R § 42.8(a)(1)
`A. Real Party-In-Interest Under 37 C.F.R. § 42.8(b)(1)
`The real party of interest of this petition pursuant to § 42.8(b)(1) is Apple
`
`Inc. (“Apple”) located at One Infinite Loop, Cupertino, CA 95014.
`
`1
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`B. Related Matters Under 37 C.F.R. § 42.8(b)(2)
`The ‘211 patent is the subject of a number of civil actions including: (i) Civ.
`
`Act. No. 6:13-cv-00211-LED (E.D. Tex.), filed February 26, 2013; (ii) Civ. Act.
`
`No. 6:12-cv-00855-LED (E.D. Tex.), filed November 6, 2012; (iii) Civ. Act. No.
`
`6:10-cv-00417-LED (E.D. Tex.), filed August 11, 2010; (iv) Civ. Act. No. 6:11-cv-
`
`00018-LED (E.D. Tex), (iv) Civ. Act. No. 6:13-cv-00351-LED (E.D. Tex), filed
`
`April 22, 2013 (“the 2013 VirnetX litigation”); (v) Civ. Act. No. 6:13-mc-00037
`
`(E.D. Tex); and (vi) Civ. Act. No. 9:13-mc-80769 (E.D. Fld).
`
`The ‘211 patent is also the subject of two inter partes reexamination nos.
`
`95/001,789 and 95/001,856. On May 23, 2014, the Office issued a Right of Appeal
`
`Notice in the ‘789 proceeding, maintaining rejections of all 60 claims in the ‘211
`
`patent. Similarly, on May 30, 2014, the Office issued a an Action Closing
`
`Prosecution in the ‘856 proceeding maintaining rejections of claims 1-10 and 12-
`
`60 as obvious based on Kiuchi (Ex. 1018).
`
`The ‘211 patent is the subject of two inter partes reviews filed by Microsoft
`
`Corporation (IPR2014-00615 & -00618), both instituted on October 15, 2014. The
`
`‘211 patent was also the subject of petitions for inter partes review filed by New
`
`Bay Capital, LLC (IPR2013-00378, dismissed); Apple, Inc. (IPR2013-00397 & -
`
`00398, not instituted); RPX Corporation (IPR2014-00174 & -00175, not
`
`instituted); and Microsoft Corporation (IPR2014-00616, not instituted).
`
`2
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`Concurrently with this petition, the Petitioner is filing one other petition for
`
`inter partes review of the ‘211 patent, IPR2015-00185.
`
`C. Lead And Back-Up Counsel Under 37 C.F.R. § 42.8(b)(3)
`
`Lead Counsel
`Jeffrey P. Kushan (Reg. No. 43,401)
`jkushan@sidley.com
`(202) 736-8914
`D.
`Service Information
`Service on Petitioner may be made by e-mail, or by mail or hand delivery to:
`
`Backup Lead Counsel
`Joseph A. Micallef (Reg. No. 39,772)
`jmicallef@sidley.com
`(202) 736-8492
`
`Sidley Austin LLP, 1501 K Street, N.W., Washington, D.C. 20005. The fax
`
`number for lead and backup counsel is (202) 736-8711.
`
`II.
`
`PAYMENT OF FEES – 37 C.F.R. § 42.103
`
`The Director is authorized to charge the fee specified by 37 CFR § 42.15(a)
`
`to Deposit Account No. 50-1597.
`
`III. REQUIREMENTS FOR IPR UNDER 37 C.F.R. § 42.104
`A. Grounds for Standing Under 37 C.F.R. § 42.104(a)
`Petitioner certifies that the ’211 patent is available for inter partes review by
`
`Petitioner. The Petitioner is not barred or estopped from requesting an inter
`
`partes review challenging the patent claims on the grounds identified in the
`
`petition. The ’211 patent was asserted against Petitioner in proceedings alleging
`
`infringement more than one year ago, but because this petition is accompanied by a
`
`motion for joinder to IPR2014-00618, the one-year period in 35 U.S.C. § 315(b)
`
`does not apply to this petition pursuant to 35 U.S.C. § 315(c). This petition is
`
`3
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`presented within one month of institution of trial in IPR2014-00618 (i.e., on
`
`October 15, 2014), as required by § 122(b). For the reasons detailed in the
`
`accompanying Motion for Joinder, proceedings based on the petitions should be
`
`joined to IPR2014-00618.
`
`B. Challenge Under 37 C.F.R. § 42.104(b) and Relief Requested
`Petitioner requests an IPR of the Challenged Claims on the grounds set forth
`
`below, and requests that the Challenged Claims be found unpatentable. The Board
`
`has already instituted trial on Grounds 1-4 below in IPR2014-00618. Petitioner
`
`presents the same Grounds in this Petition, plus two new Grounds for one
`
`additional claim (Claim 5) based on the same prior art references used to institute
`
`trial on Grounds 1 and 4. A detailed explanation why Claim 5 is unpatentable is
`
`provided below in §§ V.E and V.F
`
`The ‘211 patent issued from a string of applications allegedly dating back to
`
`an original application filed on October 30, 1998. However, the effective filing
`
`date for the embodiments recited by claims 1, 2, 5, 6, 14-17, 19-23, 26-41, 43-47,
`
`and 50-60 of the ‘211 patent is no earlier than February 15, 2000.
`
`Provino qualifies as prior art under 35 U.S.C. § 102(e). Provino (Ex. 1008)
`
`is a patent that was filed on May 29, 1998 and issued April 29, 2003. Ex. 1008.
`
`RFC 1034 qualifies as prior art under 35 U.S.C. § 102(b). RFC 1034 (Ex. 1010)
`
`was published in November 1987 by the Internet Engineering Task Force (IETF).
`
`4
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`Ex. 1010.Kosiur qualifies as prior art under 35 U.S.C. § 102(b). Kosiur (Ex. 1024)
`
`was published at the latest on September 1, 1998, and therefore qualifies as prior
`
`art under 35 U.S.C. § 102(b). Ex. 1024. RFC 2660 qualifies as prior art under 35
`
`U.S.C. § 102(b). Draft 01 of RFC 2660 (Ex. 1012) was published in August 1999
`
`by the Internet Engineering Task Force (IETF). RFC 2660 was publically
`
`distributed no later than August 1999. Ex. 1012.
`
`C. Claim Construction under 37 C.F.R. §§ 42.104(b)(3)
`Petitioner proposes use of the same constructions adopted by the Board in
`
`IPR2014-00615 and -00618.
`
`1.
`
` Domain Name (Claims 1, 2, 5, 6, 14-17, 19-23, 26-41, 43-47,
`and 50-60)
`
`The Patent Owner has asserted to the PTAB that that a “domain name”
`
`means “a name corresponding to a network address.” See Ex. 1019 at 31-32; Ex.
`
`1020 at 28-29. In view of the Patent Owner’s assertion, it is reasonable, for
`
`purposes of this proceeding in which the broadest reasonable construction standard
`
`applies, to consider the term “domain name” as encompassing “a name
`
`corresponding to a network address.”
`
`2.
`
` Domain Name Service System (Claims 1, 2, 5, 6, 14-17, 19-
`23, 26-41, 43-47, and 50-60)
`
`The Patent Owner has asserted to the PTAB and in litigation that no
`
`construction of “domain name service system” was necessary.” Ex. 1013 at 24-25;
`
`Ex. 1019 at 37-39; Ex. 1020 at 34-36. According to the Patent Owner, the claims
`
`5
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`themselves define the characteristics of the domain name service system. Id. In
`
`view of the Patent Owner’s assertions, it is reasonable, for purposes of this
`
`proceeding in which the broadest reasonable construction standard applies, to
`
`consider the term “domain name service system” as encompassing any system with
`
`the characteristics described by the claims.
`
`In general, under a broadest reasonable construction standard, a “system”
`
`can include one or more discrete computers or devices. Ex. 1023 at 15. This is
`
`consistent with the ‘211 patent’s specification at col. 40, lines 35-48. This section
`
`describes a domain name service system that includes a modified DNS server 2602
`
`and a gatekeeper server 2603, which is shown as being separate from the modified
`
`DNS server. Ex. 1001 at col. 40, lines 35-48 and fig. 26. Moreover, this sections
`
`states that “although element 2602 [(the modified DNS server)] is shown as
`
`combining the functions of two servers [(the DNS proxy 2610 and DNS server
`
`2609)], the two servers can be made to operate independently.” Ex. 1001 at col. 40,
`
`lines 46-48. Also, the Examiner in the ’789 and ‘856 reexamination proceedings
`
`concluded that the broadest reasonable construction of a system encompasses a
`
`single or multiple devices. Ex. 1016 at 17; Ex. 1017 at 23 (a “DNS system is
`
`reasonably interpreted as comprising a single device or multiple devices.”).
`
`It is reasonable, for purposes of this proceeding in which the broadest
`
`reasonable construction standard applies, to consider the term “domain name
`
`6
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`service system” as encompassing any system with the characteristics specified by
`
`the claims, where the system may include one or more devices or computers.
`
`3.
`
`Indicate/Indicating (Claims 1, 2, 5, 6, 14-17, 19-23, 26-41,
`43-47, and 50-60)
`
`The Patent Owner has asserted to the PTAB that no construction of
`
`“indicate” or “indicating” is necessary. Ex. 1019 at 44-46; Ex. 1020 at 41-43.
`
`Similarly, in litigation for the ‘211 patent, the Patent Owner asserted no
`
`construction of “indicate” or “indicating” was necessary, and the Court also
`
`declined to construe the term. Ex. 1013 at 31; Ex. 1015 at 28. In light of this, we
`
`consider the previous reexamination proceedings. In the ’789 and ‘856
`
`reexamination proceedings, the Examiner found that, under the broadest reasonable
`
`construction, the term encompassed:
`
`... the ability of the user to communicate using a secure link after
`boot-up.” If the user attempts to establish a secure communication link using
`a DNS system after booting and is able to do so, then the user has been
`provided a broadly recited and discernible “indication” that the DNS in
`some manner supports establishing a communication link.
`Ex. 1017 at 24 (emphasis original).The Examiner also found that, under the
`
`broadest reasonable construction, the term encompassed:
`
`“a visible message or signal to a user that the DNS system supports
`establishing a secure communication link
`Ex. 1016 at 20; Ex. 1017 at 25 (emphasis original).
`
`The Examiner further concluded that, under the broadest reasonable
`
`7
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`construction, “[n]either the specification nor the claim language provides a basis
`
`for limiting 'indicating' to a visual indicator.” Ex. 1017 at 26. The broadest
`
`reasonable construction of “indicate” or “indicating” should thus encompass a
`
`visible or non-visible message or signal that the DNS system supports establishing
`
`a secure communication link, including the establishment of the secure
`
`communication link itself.
`
`4.
`
`Secure Communication Link (Claims 1, 16-17, 20-23, 26-27,
`31-32, 35-36, 47, 51, and 60)
`
`The Patent Owner has asserted to the PTAB that “secure communication
`
`link” should mean a “direct communication link that provides data security through
`
`encryption.” Ex. 1019 at 40-43; Ex. 1020 at 37-40. In view of the Patent Owner’s
`
`assertions, it is reasonable, for purposes of this proceeding in which the broadest
`
`reasonable construction standard applies, to consider the term “secure
`
`communication link” as encompassing a “direct communication link that provides
`
`data security through encryption.”
`
`Transparently (Claims 27 and 51)
`
`5.
`The Patent Owner has asserted to the PTAB that “transparently” means that
`
`“the user need not be involved in creating the [secure communication link]/[secure
`
`link].” Ex. 1019 at 46-47; Ex. 1020 at 43-44. In view of the Patent Owner’s
`
`assertions, it is reasonable, for purposes of this proceeding in which the broadest
`
`reasonable construction standard applies, to consider the term “transparently” as
`
`8
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`encompassing “the user need not be involved in creating the [secure
`
`communication link]/[secure link].”
`
`Between [A] and [B] (Claims 16, 27, 33, 40, 51, and 57)
`
`6.
`In prior litigation on the ‘211 patent, the Patent Owner argued against a
`
`defendant’s construction that “between” should mean “extend from one endpoint
`
`to the other,” and instead stated that “between” should only apply to the “public
`
`communication paths.” Ex. 1014 at 11. Under the Patent Owner’s contentions, a
`
`secure communication link is “between” two endpoints where encryption is used
`
`on the public communication paths between the two endpoints, regardless of
`
`whether the encryption extends completely from the first endpoint to the second
`
`endpoint. Id. In view of the Patent Owner’s assertions, it is reasonable, for
`
`purposes of this proceeding in which the broadest reasonable construction standard
`
`applies, to consider a secure communication link “between [A] and [B]” to
`
`encompass a secure communication link on the public communication paths
`
`between the two endpoints, regardless of whether that secure communication link
`
`fully extends from the first endpoint to the second endpoint.
`
`IV. SUMMARY OF THE ‘211 PATENT
`Petitioner refers the Board to the Decisions to Institute Trial in IPR2014-
`
`00615 and -00618 at pages 4 to 5 and the Petitions filed in each such proceeding
`
`for a general description of the ’211 patent. Paper Nos. 2 at 10-13.
`
`9
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`V. DETAILED DESCRIPTION WHY THE CHALLENGED CLAIMS
`ARE UNPATENTABLE
`
`This request shows how the primary references above, alone or in
`
`combination with other references, disclose the limitations of the Challenged
`
`Claims. As detailed below, this request shows a reasonable likelihood that the
`
`Requester will prevail with respect the challenged claims of the ‘211 patent.
`
`A.
`[GROUND 1] – Provino Anticipates Claims 1, 2, 6, 14-17, 19-23,
`26-41, 43-47, 50-60
`
`Provino has an effective filing date of May 29, 1998, and is prior art under at
`
`least §102(e). During the ‘789 reexamination proceedings, the Examiner
`
`concluded that the ‘211 claims do not include any features that patentably
`
`distinguish the ‘211 patent claims from Provino. Ex. 1016 at 27. The Examiner
`
`noted that “[t]he biggest structural difference between the [the ‘211 patent] and
`
`Provino teachings discussed above is that, in [the ‘211 patent], the DNS proxy
`
`(server) 2610 forwards the message to gatekeeper 2603 while, in Provino, the DNS
`
`server 17 provides a network address that the initiator uses to contact firewall 30.
`
`However, whether the DNS request is forwarded or redirected is an unclaimed
`
`feature not necessary for an understanding of the claims.” Id. This continues to be
`
`the case and, as described below, Provino anticipates claims 1, 2, 6, 14-17, 19-23,
`
`26-41, 43-47, and 50-60 of the ‘211 patent.
`
`Overview of Provino
`
`10
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`Provino describes “systems and methods for easing communications
`
`between devices connected to public networks such as the Internet and devices
`
`connected to private networks.” Ex. 1008 at 1:14-16; see Ex. 1023 at ¶ 16. In
`
`particular, Provino describes a system that facilitates communications between a
`
`client device 12(m) connected to ISP 11 and a server 31(s) located within virtual
`
`private network (VPN) 15. See Ex. 1008 at 9:32 to 10:33; Ex. 1023 at ¶ 16. An
`
`example of the architecture of Provino’s system is illustrated in Figure 1 of
`
`Provino.
`
`
`
`For a device 12(m) external to VPN 15 to communicate with a server 31(s)
`
`within VPN 15, Provino describes a two phase process for establishing
`
`communications. See Ex. 1008 at 12:1-2; Ex. 1023 at ¶ 17. During the first phase
`
`described by Provino, the device 12(m) establishes a secure tunnel with VPN 15,
`
`11
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`via firewall 30, and identifies a VPN name server 32 inside VPN 15. Ex. 1008 at
`
`9:61-65, 10:58-64; Ex. 1023 at ¶ 17. In particular, during the first phase, the client
`
`device 12(m) obtains an address for the firewall 30 from standard ISP name server
`
`17 by initiating a request for the address and establishes a secure tunnel with
`
`firewall 30 by exchanging encryption/decryption information. Ex. 1008 at 12:20-
`
`24; Ex. 1023 at ¶ 17. During the second phase, the client device 12(m) uses the
`
`secure tunnel to send encrypted message packets to VPN 15, via firewall 30. Ex.
`
`1008 at 12:8-16; Ex. 1023 at ¶ 17. In particular, during the second phase, the client
`
`device 12(m) communicates with VPN name server 32 to obtain addresses for
`
`servers (e.g., server 31(s)) inside the VPN 15, and then uses those addresses to
`
`send encrypted messages to those servers, via firewall 30. Ex. 1008 at 12:8-16; Ex.
`
`1023 at ¶ 17.
`
`Further details of the first phase are provided next. The client device 12(m)
`
`first locates the firewall 30 by obtaining “an integer Internet address for the
`
`firewall” which, in some cases, is “provided by a the [sic] nameserver 17 after a
`
`human-readable Internet address was provided by the operator or a program.” Ex.
`
`1008 at 12:20-24; Ex. 1023 at ¶ 19. After the client device 12(m) obtains the
`
`address of firewall 30 from nameserver 17, the device 12(m) sends a message
`
`packet to the firewall 30, requesting establishment of a secure tunnel. Ex. 1008 at
`
`9:47-52; Ex. 1023 at ¶ 19. If the firewall 30 determines that the client device 12(m)
`
`12
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`is authorized to access the VPN 15, then the firewall 30 provides the device 12(m)
`
`with encryption and decryption information, such as identification of an
`
`encryption/decryption algorithm and associated encryption and decryption keys.
`
`Ex. 1008 at 9:61-65; Ex. 1023 at ¶ 19. The device 12(m) subsequently uses the
`
`encryption and decryption information to securely communicate with the VPN 15,
`
`thus establishing a secure tunnel through the Internet 14 to the VPN 15. See Ex.
`
`1008 at 12:2-4; Ex. 1023 at ¶ 19. As shown in Annotation 1 below, the creation of
`
`the secure tunnel between device 12(m) and VPN 15 effectively extends the VPN
`
`to include the device 12(m) via Internet 14. Ex. 1008 at 6:10-15; Ex. 1023 at ¶ 19.
`
`(Annotation 1)
`
`
`
`Provino further discloses that, during this first phase, in addition to
`
`encryption and decryption information, the firewall 30 may also provide the device
`
`13
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`12(m) with an identification of a VPN nameserver 32 in the VPN 15. Ex. 1008 at
`
`10:58-64; Ex. 1023 at ¶ 20. Functionally, the VPN nameserver 32 “serves to
`
`resolve human-readable Internet addresses for servers 31(s) internal to the virtual
`
`private network 15 to respective integer Internet addresses.” Ex. 1008 at 9:2-5; Ex.
`
`1023 at ¶ 20. In particular, the client device 12(m) utilizes the VPN nameserver 32
`
`(in the subsequent second phase) to locate servers inside the VPN by obtaining
`
`“the appropriate integer Internet addresses for the human-readable Internet
`
`addresses which may be provided by the operator of device 12(m).” Ex. 1008 at
`
`10:64-67; Ex. 1023 at ¶ 20. Provino describes that message packets transferred
`
`over the Internet “conform to that defined by the so-called Internet protocol ‘IP’”
`
`and that, in particular, the integer Internet address of a message packet is an “IP
`
`parameter.” Ex. 1008 at 3:62-65, 7:51-53; Ex. 1023 at ¶ 20. Provino also describes
`
`that the integer Internet address of the server 31(s) is “in the form of an ‘n’-bit
`
`integer (where ‘n’ may be thirty two or 128).” Ex. 1008, 1:45-47; Ex. 1023 at ¶ 20.
`
`Further details of the second phase are provided next. After creating a secure
`
`tunnel to VPN 15 and identifying VPN name server 32, “the device 12(m) can use
`
`the information provided during the first phase in connection with generating and
`
`transferring message packets to one or more servers 31(s) in the virtual private
`
`network 15, in the process obtaining resolution [of] human-readable Internet
`
`addresses to integer Internet addresses as necessary from the nameserver 32 that
`
`14
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`was identified by the firewall 30 during the first phase.” Ex. 1008 at 12:8-16; see
`
`Ex. 1023 at ¶ 21.
`
`In particular, in the second phase of Provino, a user of client device 12(m)
`
`may instigate communications with secure servers within VPN 15 (e.g., a server
`
`31(s)) by using a human-readable Internet address that is associated with server
`
`31(s). See Ex. 1008 at 13:31-40; Ex. 1023 at ¶ 22. Provino describes that, in
`
`general, the client device 12(m) will “initially access the nameserver 17… to
`
`attempt to obtain the integer Internet address associated with the human-readable
`
`Internet address.” Ex. 1008 at 11:6-10; Ex. 1023 at ¶ 22. If the standard ISP
`
`nameserver 17 cannot resolve the hostname (e.g., because the requested server
`
`31(s) is within a VPN), then the standard ISP nameserver 17 returns a message
`
`indicating that it does not have the integer address for the requested human-
`
`readable address of server 31(s). Ex. 1008 at 11:10-15; Ex. 1023 at ¶ 22. In this
`
`case, the client device 12(m) sends a request message packet to the VPN
`
`nameserver 32, through the firewall 30, in attempting to identify the integer
`
`address of the server 31(s). Ex. 1008 at 11:10-15; Ex. 1023 at ¶ 22.
`
`Below, in Annotations 2 and 3 of FIG. 1, the client’s exchange with VPN
`
`nameserver 32 is highlighted. See Ex .1023 at ¶ 23. In particular, to resolve the
`
`human-readable Internet address using VPN nameserver 32, the device 12(m)
`
`initiates “a request message packet for transmission to the nameserver 32 through
`
`15
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`the firewall 30 and over the secure tunnel.” Ex. 1008 at 11:13-16; Ex. 1023 at ¶ 23.
`
`This request process is illustrated in Annotation 2 of FIG. 1, which shows the
`
`device 12(m) sending a request message packet to the nameserver 32 (via firewall
`
`30) to request the integer Internet address corresponding to the human-readable
`
`Internet addresses of a server 31(s). See Ex. 1023 at ¶ 23.
`
`(Annotation 2)
`
`
`
`The VPN nameserver 32 receives the message request packet from the client
`
`device 12(m), via firewall 30, and attempts to resolve the human-readable Internet
`
`address of server 31(s) into an integer Internet address. Ex. 1008 at 11:19-21; Ex.
`
`1023 at ¶ 24. If a corresponding integer address is found, then the VPN name
`
`server 32 returns the integer address back to the client device 12(m), via the
`
`firewall 30. Ex. 1008 at 11:21-25; Ex. 1023 at ¶ 24. Therefore, as a result of the
`
`16
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`client device 12(m) sending a request message packet to the VPN name server 32,
`
`Provino describes that the device 12(m) receives the integer Internet address for
`
`server 31(s) in a message packet transmitted from nameserver 32 via firewall 30,
`
`as illustrated in Annotation 3 of FIG. 1. See Ex. 1008 at 11:16-25; Ex. 1023 at ¶
`
`24.
`
`(Annotation 3)
`
`
`
`Otherwise, if the nameserver 32 does not have an association between the
`
`requested human-readable Internet address for server 31(s) and an integer Internet
`
`address, “the nameserver 32 can provide a response message packet so indicating.”
`
`Ex. 1008 at 11:50-54; Ex. 1023 at ¶ 25. If the client device 12(m) is unable to
`
`obtain an integer Internet address associated with the human-readable Internet
`
`address from any of the nameservers to which it has access, then the client device
`
`17
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`12(m) “may so notify its operator or program which requested the access.” Ex.
`
`1008 at 11:64-65; Ex. 1023 at ¶ 25.
`
`Once the client device 12(m) receives the integer Internet address for server
`
`31(s) from VPN name server 32, the client device 12(m) stores the address in a
`
`local cache, “along with the association of the human readable address thereto,” in
`
`IP parameter store 25. Ex. 1008 at 11:35-39; Ex. 1023 at ¶ 28. The client device
`
`12(m) subsequently uses the stored integer Internet address and associated human
`
`readable address to communicate with server 31(s) by sending messages via the
`
`encrypted tunnel to firewall 30, which forwards the messages to server 31(s). Ex.
`
`1008 at 10:28-32, 11:40-45; Ex. 1023 at ¶ 28. Provino describes that “the device
`
`[12(m)] can use that integer Internet address in generating message packets for
`
`transmission to the server 31(s) which is associated with the human-readable
`
`Internet address.” Ex. 1008 at 15:27-30; Ex. 1023 at ¶ 28. This transmission to the
`
`server 31(s) is illustrated in Annotation 4 of FIG. 1, below. Ex. 1023 at ¶ 28.
`
`
`
`18
`
`

`
`Petition for Inter Partes Review of U.S. Patent No. 7,921,211
`
`(Annotation 4)
`
`Provino additionally describes the transfer of information stored on server
`
`31(s) to device 12(m). Ex. 1008 at 9:6-13; Ex. 1023 at ¶ 29. By describing that
`
`device 12(m) generates a message packet for transmission to server 31(s) and
`
`receives information transferred from server 31(s), Provino describes that device
`
`12(m) leverages the resolved secure computer network address (i.e., integer
`
`Internet address) to send access request messages to server 31(s) that contains a
`
`request for information stored on server 31(s). See Ex. 1023 at ¶ 29. Thus, once the
`
`device 12(m) obtains the integer Internet address of server 31(s) from nameserver
`
`32 during the second phase of establishing communications with server 31(s), the
`
`device 12(m) may send access requests to server 31(s) using the secure tunnel
`
`established with the firewall 30 in the first phase of the communication process.
`
`Ex. 1008 at 15:21-30; Ex. 1023 at ¶ 29.
`
`In Annotation 5 of FIG. 1, which follows, firewall 30 is shown as limiting
`
`access