`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`in re Inter Partes Reexamination ef
`U_S_ PmntN0_ mgflrlsl
`Edmund Colby lviunger: et at
`Issued: February 10, 2089
`For:
`ESTABLISHMENT OF A SECURE
`COMMUNICATION LINK BASED
`ON A DOMAIN NAME SERVICE
`
`(DNS) REQUEST
`
`)
`) Control No.: 95/{]01,7i4!l301,697
`GT0“? A“ Uni“
`3992
`Examiner: Michael J. Yigdail
`)
`g Confinnmn N0" 3433’ 2151
`)
`
`COMMENTS BY THIRD PARTY RE {TESTER PURSUANT TO 37 C‘.F.R.
`
`
`
`
`Mail Stop Inter Partes Reexam
`Commissioner for Patents
`PD. Box 1458
`
`Alexandria, VA 22313-1450
`
`Sir:
`
`On July 20, 2012, Patent Owner filed an everlength response (“Response”) tn the April 28,
`
`2012 Office action (“Office Action”) and a petition under 37 C.F.R. § 1.183 seeking waiver of the
`
`page limit for that response. On September 25, 2012, the Office granted Patent C)wner’s petition,
`
`which set the date for a response by the Requester for 38 days from the date of decision, which fell
`
`on Thursday, October 25, 2012. Third Party Requester believes that no fee is due in connection
`
`with the present response. However, any fee required for entry or consideration of this paper may
`
`be debited from Depesit Account No. 184260.
`
`—
`
`—
`
`A table of contents is provided at pages ii to iv. Requester submits the table of
`
`eentents is net counted against the page limits applicable to this response. Should
`
`the Office deterinine otherwise, the Offiee is requested to disregard the table of
`
`contents.
`
`The response te the Patent Owner Comments begins on page l.
`
`1
`
`MICROSOFT 1027
`
`Petitioner Apple Inc. - Exhibit 1027, p. 1
`
`1
`
`MICROSOFT 1027
`
`Petitioner Apple Inc. - Exhibit 1027, p. 1
`
`
`
`Control No. 951001.714; 95/001,697
`Comments of the Requestor on the Patent Owner Response
`
`TABLE or CONTENTS
`
`I.
`
`11.
`
`Introduction
`
`..........................
`
`....................
`
`.....................................
`
`.......... . 1
`
`Response to Patent Owner Contentions on Status of References as Prior Art. 1
`
`III.
`
`The Rejections Of the Claima Were Proper Ami Should Be Maintained ......
`
`..............3
`
`A. Rwponse to Patent 0wner’s Arguments Regarding the Rejection of Claims 146
`Under 35 U.S.C. § lfl2(b) Based onAventaiI Connect v3.91 (Issue No. I} ................4
`l.
`Independent Claim l (issue No. l) ........................................................................ ..4
`a. Aventail Describes “Determining Whether the intercepted DNS Request
`Corresponds to the Secure Server.” .......................................................................... .. 4
`Independent Claims 7 and 13 {issue No. 1) ........................................................... .. 9
`2.
`3. Dependent Claims 2, 8, and 14 (Issue No. 1) ........................................................ ..9
`4. Dependent Claims 3, 9, and 15 (issue No. I) ...................................................... .. ll
`5. Dependent Claims 4, 10, and l6 (issue No. l) .................................................... .. 12
`6. Dependent Clainls 5 and ll (Issue No. l) ........................................................... .. 12
`7. Dependent Claims 6 and 12 (Issue No. I) ........................................................... .. 13
`
`B. Response to Patent Owner-’s Arguments Regarding the Rejection of Claims 1-16
`Based on Aventai!AutaSOCI(.S' Adininirtratar ’s Guide (Issue No.
`14
`
`C. Response to Patent 0wner’s Arguments Regarding the Rejection of Claims 1-4, 6~
`8, 10, 12, 13 and 18 Based on Beser in View of Kent (Issue 4). ................................ 14
`8.
`Independent Claim l ............................................................................................ .. 14
`b. Borer and Kent Disclose a DNS Proxy Module that Intercepts DNS Requests Sent
`by a
`d. Borer in View of Kent, Renders Obvious Automatically Initiating an Encrypted
`Channel Between the Client and the Secure Server When the Request Corresponds
`to a Secure Server ................................................................................................... .. 19
`
`16
`
`Independent Claim 7 ............................................................................................ .. 2l
`l.
`Independent Claim l3 .......................................................................................... ...2l
`2.
`3. Dependent Claims 2, 8, and 14 ............................................................................ .. 22.
`4. Dependent Claims 4, l0, and I6 .......................................................................... .. 23
`5. Dependent Claims 5 and ll ................................................................................. .. 24
`6. Dependent Claims 6 and 12 ................................................................................. .. 25
`
`D. R ponso to Patent 0wner’s Arguments Regarding the Rejection of Claims ‘l-1.6
`Under 35 U.S.C. §1{i2(a) Based on .BEnG0 (Issue 3)................................................. 25
`l. B;'nG0 Expressly Incorporateg BinG0 EFR ......................................................... 25
`2.
`independent Claim 1 ............................................................................................ .. 26
`3.
`lndepenrlent Claims 7 and l3 .............................................................................. .. 33
`4. Dependent Claims 2, 8, and 14 ............................................................................ .. 34
`5. Dependent Claims 4, 10, zmcl 16 .......................................................................... .. 35
`6. Bopendent Claims 5 and 11 ................................................................................. .. 35
`7. Dependent Claims 6 and 12 ................................................................................... 36
`
`E. There are No Secondary Considerations Linked to the Claims ............................. 36
`F. Conclusions . ............................................................................................................... ..37
`
`ii
`
`2
`
`Petitioner Apple Inc. - Exhibit 1027, p. 2
`
`2
`
`Petitioner Apple Inc. - Exhibit 1027, p. 2
`
`
`
`Attorney Docket No. 4l484-80133
`
`I.
`
`Introduction
`
`For reasons set forth in detail below, Requester urges the Examiner to maintain the
`
`rejections of claims l—i6 set forth in the Office Action.
`
`II.
`
`Response to Patent Owner Contentions on Status of References as Prior Art.
`
`On pages 4-6 of the Response, Patent Owner asserts there is no evidence that the
`
`Aventuil, BinG0, and Kent references are prior art under 35 U.S.C. § lO2(a) or (b). The Patent
`
`Owner’s claims border on the frivolous «- each contested reference is unquestionably a printed
`
`publication, and only by studied ignorance can Patent Owner assert otherwise. Initially, Patent
`
`Owner niisstates Requestofs burden to provide affirmative evidence with the Request proving
`
`the cited publications were publicly disseminated. In reality, all that is required is that Requester
`
`represent that the reference was published.
`
`in fact, 37 (3.F.R. § IL} 8 (the regulation patent
`
`owner cites) states precisely this «~ it provides that the submission of a paper by a party is a
`
`certification that “[t]o the best of the party’s knowledge, information and belief, formed after an
`
`inquiry reasonable under the circumstances... [t]he allegations and other factual contentions
`
`have evidentiary support or, if specifically so identified, are likely to have evidentiary support
`
`after a reasonable opportunity for further investigation or discovery." 3’? CFR ll.l8{b)(2)(iii).
`
`Thus, no authority supports Patent CIwner’s contention that Requester was required to include
`
`aflirmative evidence of dissemination of these printed publications.
`
`Regardless, each ofAvem‘az‘l, BinG0, and Kent was publicly disseminated prior to
`
`February 15, 2000.1 A reference is publicly accessible if it was “disseminated or otherwise made
`
`available to the extent that persons interested and ordinarily skilled in the subj ect matter or art
`
`exercising reasonable diligence can locate it.” Kyocem Wireless Corp. 1:. Int’! Trade Comm ":2,
`
`545 F.3d 1340, 1350 (2008) (internal quotations omitted).
`
`The Avenue‘! publications: were publicly distributed with deployments of Aventail
`
`products no later than August 9, 1999. Submitted with the Request were three separate
`
`declarations, each of which established that the Aventoil publications were available no later than
`
`August 83 1999. Patent Owner contends that there is no corroborative evidence of dissemination,
`
`‘
`
`Patent Owner did not contest Requestefs assertions that the effective filing date of the
`
`‘BI patent is no earlier than February 15, 2000, as set forth on page 9 of the Request.
`
`Patent Owner did not differentiate its challenges to the Aventczil publications, but simply
`2
`contests all three together. Requester accordingly responds in the same manner.
`
`Petitioner Apple Inc. - Exhibit 1027, p. 3
`
`3
`
`Petitioner Apple Inc. - Exhibit 1027, p. 3
`
`
`
`Control No. 95/t)0l,?I4; 95/001,697
`Comments of the Requester on the Patent Owner Response
`
`but that statement ignores the fact that the declarations corroborate each other.
`
`indeed, there is a
`
`remarkable degree of consistency between the statements of Mssrs. Hopen, Fratto, and Chester,
`
`which conclusively establish the circumstances of the public distribution of the Aventaii
`
`documents well before the effective filing date of the ’ l 51 patent.
`
`Patent Owner next asserts that BinG0 was not publicly distributed} Patent Owner is
`
`incorrect «~ BinG0 was published and distributed publicly no later than March 30 I999. The
`
`Bz'rzG0 documents bear markings indicating they were published well before the filing date of
`
`the ’ 1 35 patent. Bingo (JG, for example, bears a March 1999 copyright date, while Bingo EFR
`
`was published one month earlier. Patent Owner contests these dates, asserting they are “merely
`
`evidence of creation, not of publication or dissemination" and that “Without more, this
`
`unsupported assertion of the alleged copyright date of the document as the publication date does
`
`not meet the ‘publication’ standard required for a document to be relied upon as prior art."
`
`Response at 7-8. The “inure” that Patent Owner seeks is readily available on the Internet. As
`
`documented by the Internet Archive (aka, “the Wayback Machine”), the company that published
`
`BirzGO, in fact, distributed the Bz'nG0 documents on the Internet. See http:
`
`ffweb.archive.org/web./l 9990417093944fl1ttp://www.bintec.de/eftpibingohtrnl. Exhibit A
`
`provides an affidavit from the Office Manager of the Internet Archive, who testified that the
`
`numbers evidenced in the “Bingo” URL indicate that both Bingo {JG and Bir2G0 EFR were
`
`publicly available on the Internet no later than April 1?, 1999. Furthermore, the archived
`
`webpage itself indicates that it was “last modified on Tuesday, March 30, 1999” — consistent
`
`with the copyright date on the Bingo UG publications. Section 2128 of the M.P.E.P states that
`
`“[a]n electronic publication, including an on—line database or internet publication, is considered
`
`to be a ‘printed publication’ within the meaning of 35 ’U.S.C. l(}2(a) and (13) provided the
`
`publication was accessible to persons concerned with the art to which the document relates."
`
`Thus, the evidence conclusively establishes that BinG0 was publicly distributed no later than
`
`
`March 30 1999.
`
`Next, Patent Owner challenges the status of several Request for Coniment (RFC)
`
`publications cited in the Request, claiming that “the record is devoid of evidence that any of
`
`Bz‘nG0 consists of the Binflfl Myer Guide (“Bingo UG”) and the BinG0 Extended
`3
`Feature Release (“.BinGO EFR”), which is expressly incorporated by reference in the BinG0
`UG.
`
`Petitioner Apple Inc. - Exhibit 1027, p. 4
`
`4
`
`Petitioner Apple Inc. - Exhibit 1027, p. 4
`
`
`
`Control No. 95/001,714; 95/901,697
`Comments of the Requester on the Patent Owner Response
`
`these references are . . . printed publications as of’ each publication date listed on each RFC.
`
`This is a frivolous challenge. As anyone working in the field of network communications would
`
`know, RFC documents are published and disseminated to the relevant public by the Internet
`
`Engineering Task Force (IETF) pursuant to a transparent and welbknown process. Under these
`
`well-known procedures, RFCs are self—authenticating printed publications — each contains
`
`verifiable information documenting the date of its public distribution. Specifically: (1) each
`
`number assigned to an RFC is unique and is not “re-used” if the subject matter in an RFC is
`
`revised or updated, (ii) the date each RFC is distributed to the public is listed the front page of
`
`the RFC, (iii) RFCs are distributed to the public over the Internet, via numerous protocols, (iv)
`
`each RFC is announced via an email distribution list on the date it is released to the public, and
`
`(V) RFCs are maintained in numerous archives publicly accessible via the Internet.
`
`Id. at 1118-
`
`22. Indeed, Patent Owner cites several RFCs as publications in the ’l5 l disclosure.‘ Given this,
`
`it is remarkable that Patent Owner can even suggest that RFCs are not publicly disseminated.
`
`The evidence, thus, establishes that Aventail, B52160, and Kent are each printed publications
`
`applicable as prior art to the ’ 1 Si patent claims.
`
`III.
`
`The Rejections Of the Claims Were Proper And Should Be Maintained
`
`Claims are given “their broadest reasonable interpretation, consistent with the
`
`specification, in reexamination proceedings.” In re Trans Texas Holding Corp, 498 F.3d 1290,
`
`1298 (Fed. Cir. 2007).
`
`in determining that meaning “it is improper to ‘coniin[e] the claims to
`
`th[e] einbodirnen.ts’ found in the specification.” Id. at 1299 (quoting Phillips v. AWH Corp, 415
`
`F.3d 1303, 1323 (Fed. Cir. 2005) (en banc)). While “the specification [should be used] to
`
`interpret the meaning of a claim,” the PTO cannot “import[] limitations from the specification
`
`into the claim.” In’. “A patentee may act as its own lcxicographer and assign to a term a unique
`
`definition that is different from its ordinary and customary meaning; however, a patentee must
`
`clearly express that intent in the written description.” Helmsderfér 1’. Bobrick Washroom Equip,
`
`Inc, 527 F.3d 1379, 1381 (Fed. Cir. 2008) (emphasis added). No such express definitions of key
`
`claim terms is provided in the ’ l5l patent. Thus, these terms must be given their broadest
`
`reasonable interpretation in these reexamination proceedings.
`
`See, erg, ’l5l Fatent at 3.
`
`Petitioner Apple Inc. - Exhibit 1027, p. 5
`
`5
`
`Petitioner Apple Inc. - Exhibit 1027, p. 5
`
`
`
`Control No. 951081 314; 95/601,697
`Comments of the Requester on the Patent Owner Response
`
`A.
`
`Response to Patent Owner’s Arguments Regarding the Reiection of Claims
`1-16 Under 35 U.S.C. § 1l}2(b) Based on Aventnil Connect‘ v3.01 (Issue No. It)
`
`1.
`
`Independent Claim 1 (Issue No. 1)
`
`As explained in the Request; Avenrail v. 3. {F1 {“Aventai! ”) describes a system which
`
`intercepts DNS requests sent by a client, and if that request specifies a secure destination,
`
`automatically authenticates the client and establishes an encrypted channel between the client
`
`and a secure destination. See, 6. g., Request at 2l«26. Consequently, the Office properly found
`
`that /lventnil describes a system that anticipates claim 1. DA at 6-7. In response, Patent Clwner
`
`asserts Avenroii does not teach a system that: (l) “disclose [s} ‘determining whether the
`
`intercepted DNS request corresponds to a secure server”; or (2) “disclose[s] ‘when the
`
`intercepted DNS request corresponds to the secure server, automatically initiating an encrypted
`
`channel between the client and the secure server?” Response at '7. Each assertion is incorrect.
`
`a.
`
`Aventail Describes “Determining Whether the lntercepted DNS
`Request Corresponds to the Secure Server.”
`
`The Examiner correctly found that Aventaii discloses a system that “dctermin{es] whether
`
`the intercepted DNS request corresponds to a secure server.” ln response, Patent: Owner asserts
`
`that “whether or not a hostname is flagged hy creating a false DNS entry does not indicate
`
`whether the alleged DNS request corresponds to a secure server, as false DNS entries may result
`
`even if a redirection rules is not matched.” Response at 3. Patent Owner seems to believe that
`
`the capacity of the Aventail systems to be configured to not only handle secure and insecure
`
`destinations at the client, but in one implementation, to route all DNS requests for resolution at a
`
`remote server, somehow suggests /lvenrail does not automatically establish authenticated and
`
`secure connections when it determines that a IJNS request specifies a secure destination. Patent
`
`Owner ignores two critical points. First, in the implementation Patent Owner does not discuss,
`
`Avcntail plainly shows that the Aventail Connect client will, if it determines a request matches a
`
`redirection role because it is specifies a secure destination, automatically establish a VPN
`
`between the client computer and the secure destination. Second, Patent Owner fails to point out
`
`where all DNS requests are pro:-tied for resolution to a remote server, that server still will
`
`evaluate the DNS request, and if it specifies a secure destinatiorn will establish a VPN between
`
`Petitioner Apple Inc. - Exhibit 1027, p. 6
`
`6
`
`Petitioner Apple Inc. - Exhibit 1027, p. 6
`
`
`
`Control No. 95:’0(il,7l4; 9Sfi)(}l,69'?
`Comments of the Requestor on the Patent Owner Response
`
`the client computer and the secure destination. Patent Owner’s focus on the mechanics of how
`
`the Aventail systems process DNS requests, thus, is a red herring.
`
`Patent Owner next asserts that the Request “fail [s] to explain why matching a hostnarne
`
`to a redirection rule to ‘re—direct a request’ is the same as determining whether a DNS request
`
`corresponds to a secure server. ” Response at 8‘ Yet, the Request explained that the
`
`specification of the ’ 151 patent discloses that the claimed “detennin[ation]” of whether a DNS
`
`request corresponds to a secure server may be “by reference to an internal table.” Request at 22
`
`(citing "‘ l 51 patent at col.37, ll.60~66). As demonstrated above, the “determin{ation]” in Avemfail
`
`occurs in virtually the same way «— comparing the destination to entries in a lookup table.
`
`Moreover, Patent Ownefs assertion presumes the claims restrict how this determination is to be
`
`made — but the plain language used in the claims imposes no such restrictions.
`
`Patent Qwner also contends that the Request does not show that any particular
`
`component “corresponds to a secure server.” Response at 8. Patent Owner is incorrect «-
`
`Avsntaif expressly teaches that when Aventail Connect “receives a connection requests it
`
`deterrnines whether or not the connection needs to be redirected [to an Aventail ExtraNet Server
`
`andfor encrypted (in SSL]).” Request at 25 (citing Avenrafl Connect v3.0} at l0). The Request
`
`also explains that the Aventail ExtraNet Server would “automatically establish an encrypted
`
`tunnel to the secure destination computer (i.e, a secure server}, provided the client successfully
`
`authenticated with the Extranct Server.” Request at 24. The Avcntail Extranct Server is a
`
`“secure server” within the broadest reasonable construction of the claim 1.
`
`b.
`
`Aventaii Describes “When the intercepted DNS Request
`Corresponds to the Secure Server, Automatically Initiating an
`Encrypted Channel Between the Client and the Secure
`Server.”
`
`The Examiner correctly found that Avsmail discloses a system that “automatically
`
`initiat[es] an encrypted channel between the client and the secure server .
`
`.
`
`. when the intercepted
`
`DNS Request corresponds to the secure server.” in response, Patent Owner contends that
`
`“proxying a connection into a private network based on a ‘security policy’ or server
`
`‘configurationm does not “include [] automatically initiating an encrypted channel when an
`
`intercepted DNS request corresponds to the secure server.” Response at 9. Patent Owner is
`
`again incorrect.
`
`Petitioner Apple Inc. - Exhibit 1027, p. 7
`
`7
`
`Petitioner Apple Inc. - Exhibit 1027, p. 7
`
`
`
`Control No. 95/001,714; 95f00l,697
`Comments of the Requester on the Patent Owner Response
`
`As explained in the Request, the Aventail system worked by automatically authenticating
`
`and encrypting contmunications between a client computer running Aventail Connect and a
`
`secure private network resource via the Aventail Extranet Server. Request at 25~26; Frstto ‘H124-
`
`31. In particular, Aventail Connect worked with applications that communicate via TCP/IP»
`
`such as Web browsersmand was implemented using the existing WinSocl<: functionality in client
`
`computers running Windows. Fratto 1[S7. Thus, Aventail Connect necessarily acted on DNS
`
`requests containing, for example, either hostnaines or IP addresses, Fratto 1194 (“[Aventail
`
`Connect] executes a Domain Name System (DNS) lookup to convert the hostname into an
`
`Internet Protocol (IP) address.” , and evaluated such requests to determine if the request was
`
`seeking access to a destination that required authentication and encryption, such as a secure
`
`website, or access to a non—seeure destination, such as a public website on the lnternet. Fratto
`
`fi[94.
`
`Patent Owner asserts that Aventail shows that the “alleged TCP handshake is results from
`
`the ‘routable IP address,’ not that it is related to the false DNS entry or the alleged DNS
`
`request. ..” Patent Owner is plainly incorrect. Avenraif explains that the IP address of the
`
`Extranet Server is used as the destination for DNS requests specifying a secure destination »~
`
`Averztail also explains that the fake DNS entry is simply used to enable Aventail Connect to
`
`function within ()S—‘oased TCP handling procedures. Similarly, Avenmii shows that the “routahle
`
`address” of a non—secure destination is provided through a conventional DNS lookup «~ which
`
`happens when the request is passed back to the TCPXIP handling procedures of the client
`
`operating system. Request at 25-26.
`
`The Request also explained that “if an encryption module is enabled and selected by the
`
`SOCKS server, Aventail Connect encrypts the data on its way to the server ..." Request at 26
`
`(citing Avcntoi! Cormecr v. 3. 01 at 12). In other words, if Aventail Connect determined that a
`
`DNS request contained a hostname specifying a secure destination, it would automatically and
`
`transparently handle authentication of the user to the private network and automatically
`
`encrypt/decrypt the communications between the client computer, the secure server, and the
`
`private network resource. Request at 25 -26. Specifically, Avcnmil expressly shows that an
`
`encrypted channel is automatically established between a client computer running an Aventail
`
`client and a secure destination computer after it is determined that the connection regucst has
`
`specified a secure resource (i.e., the destination computer) on a private network. If it does, the
`
`Petitioner Apple Inc. - Exhibit 1027, p. 8
`
`8
`
`Petitioner Apple Inc. - Exhibit 1027, p. 8
`
`
`
`Control No. 95;’00l ,7 l 4; 95/001,697
`Comments of the Requestor on the Patent Owner Response
`
`client computer running the Aventail client automatically performs the authentication of the
`
`client with the Aventail Extranet Server, which, if successful, results in the automatic
`
`establishment of an encrypted channel with the destination specified in the DNS request The
`
`encrypted channel facilitates the transport of encrypted network traffic between the client and
`
`secure destination over the lnternet, and the Aventail client automatically encrypts outgoing
`
`trafiic and decrypts incoming traffic from the secure destination. Request at 25-26. By contrast,
`
`if the DNS request specifies a non—secure destination the request is passed to the local operating
`
`system to handle DNS resolution and establishment of the connection. Request at 26. These are
`
`not, as Patent Owner asserts, “unconnected features and embodiments” ofAvemail (Response at
`
`9-10) ~ they are the sequence of events literally and plainly described in Avsnrail.
`
`Indeed, Patent Ownefs remarkable contention that Aventail “does not teach any link
`
`between the alleged DNS request and the encryption, much less that encryption is automatically
`3” ’
`is plainly refuted by
`
`initiated when an ‘intercepted DNS request corresponds to a secure server
`
`the literal explanations in Aventail. See Avemail Connect v3. 01 at I (“Aventail Connect is a
`
`proxy client, but when used with SSL it provides the ability to encrypt inbound or outbound
`
`informationf’); Id at 7 (“Aventail Connect does not require administrators to manually establish
`
`an encrypted tunnel; Aventail Connect can establish an encrypted tunnel automatically”); Id at
`
`42 (“Aventail can establish an encrypted tunnel automatically. . .”).
`
`lndeed, page l2 of Aventail
`
`explains that “step 3” of the process initiated when Aventail Connect determines that a secure
`
`destination is specified in the DNS request is to “transmit and receive data.” in that step, Aventail
`
`states that “[i]f an encryption module is enabled and selected by the SOCKS server, Aventail
`
`Connect encrypts the data on its way to the server on behalf of the application. If data is being
`
`returned, Aventail Connect decrypts it so that the application sees cleartext data.” In’.
`
`Patent Owner next contends that the Request fails to show “that evaluating a connection
`
`request for the presence of a false DNS entry discloses determining that a DNS request
`
`corresponds to a secure server.” As noted above, the redirection rules used by Aventail Connect
`
`dictate if a destination specifies a secure destination; the false DNS entry is simply a flag used by
`
`Aventail Connect to handle a request determined to specify the secure destination.
`
`Next, Patent Owner asserts that Avenrail “does not disclose that the creation of a false
`
`DNS entry automatically initiates a connection, much less an encrypted channel.” Response at
`
`10. Patent t'.)wner again erroneously focuses on the mechanism used to implement the processes
`
`Petitioner Apple Inc. - Exhibit 1027, p. 9
`
`9
`
`Petitioner Apple Inc. - Exhibit 1027, p. 9
`
`
`
`Control No. 95/001,714; 95l00l,69?'
`Comments of the Requestor on the Patent Owner Response
`
`described in Aventail. As explained in the Request, the Aventail Connect client would determine
`
`if a connection request was seeking access to a secure resource or not. If it was, and it contained
`
`a domain name, the Aventail Connect client would create a “false” DNS entry would be used to
`
`flag that connection request as requiring handling according to the policies enforced by the
`
`Aventail ExtraNet Server. Request at 22-25. These policies include, for example, evaluating the
`
`requests to determine if the reg uest was seeking access to a destination that required
`
`authentication and encggmon, such as a secure website, or access to a non—secure destination,
`
`such as a public website on the Internet. Request at 25. Obviously, the flag entered by Aveutail
`
`Connect is simply information ~AvenIai! shows that the Aventail Connect client, working with
`
`the Extral\let Server, caused actions based on evaluation of that information.
`
`Patent Owner also asserts that “the Request improperly mixes and matches the various
`
`separate embodiments ofAvern‘aiI v3.01 by pointing to the inbound access embodiment .
`33
`then turning to the outbound embodiment. Response at 10-11. Patent Owner is incorrect, as it
`
`. and
`
`.
`
`wrongly asserts that Aventai! discloses two distinct embodiments related to outbound and
`
`inbound access. In Averztaii, the characterization of “outbound” and “inbound” access is simply
`
`a function of perspective. Indeed, Aventail describes an end—to-end system that contemplates
`
`outbound requests from a client computer for access to a secure dcstinationmiiom the
`
`perspective of the secure destination, that request and the encrypted channel that follows would,
`
`obviously, be described as an inbound connection. The communications are also plainly bi-
`
`directional. Moreover, the claims do not employ the terms “inbound” or “outboun ” much less
`
`restrict the sequence of steps that comprise the claimed “data processing device.”
`
`Patent Owner also criticizes the Request for relying on multiple sections of Avenrail to
`
`demonstrate that the claims are anticipated. In particular, Patent Owner complains that it does
`
`not understand how “different embodiments and functionalities .
`
`.
`
`. separated by over sixty
`
`pages, can be combined to disclose” the above claim requirement. Response at ll. Patent
`
`Owners assertion is fiivolous. The various sections and passages of Aventail cited in the
`
`Request simply provide varying degrees of detail in the description of the features and operation
`
`of the Aventail systems. The fact that those sections are, like any other technical publication,
`
`separated into different sections or found on different pages of the document is irrelevant.
`
`Consequently, the Exarniner’s determination that claim 1 is anticipated by Aventa-1'1 was proper
`
`and should be maintained.
`
`10
`
`Petitioner Apple Inc. - Exhibit 1027, p. 10
`
`10
`
`Petitioner Apple Inc. - Exhibit 1027, p. 10
`
`
`
`Control No. 95/00 l ,7 l 4; 953001 ,697
`Comments of the Requester on the Patent Owner Response
`
`2.
`
`Independent Claims 7 and 13 (Issue No. 1)
`
`The Examiner correctly found that Aventail describes a system that anticipates claims 7
`
`and 13. In response to the rejection of claim 7, Patent Owner asserts no response distinct front:
`
`its response to the rejection of claim l. Response at ll. Because the Exarninefs rejection of
`
`claim I was proper, its rejection of claim 7 based Avenrail also was proper and should be
`
`maintained.
`
`In response to the rejection of claim I3, Patent Owner contends that the Request has
`
`“ignore[d]” the difference in claim language between claims 1 and 13. Patent Owner is
`
`incorrect. The only distinction identified by Patent Owner is that claim 13 recites “automatically
`
` ,” while claim l recites “automatically .”
`
`Response at ll. The Request plainly identified this distinction, explaining that “claim 13 is
`
`directed to subject matter similar to that recited in clairn l.” Request at 42. Patent Owner
`
`identifies no issue of consequence tied to the different phrases. This is logical because there is
`
`none «~ the difference between “creating a secure channel” and “initiating an encrypted channel”
`
`is immaterial to the Exarnincr’s determination that Aventuil describes a system that anticipates
`
`claim 13.
`
`in fact, as the Examiner recognized, “[i]nitiating an encrypted channel” in claim I is
`
`simply a narrower limitation than claim l3’s “creating a secure channel.” See ’Sl}~'-l AC}? at 33
`
`(explaining that a secure communication link does not require encryption). Because Aventail
`
`describes this element of claim 1 it necessarily describes a broader form of this element in claim
`
`13. Consequently, the Exarninefs rejection of claim l3 based on Aventail was proper and
`
`should be maintained.
`
`3.
`
`Dependent Claims 2, 8, and 14 (Issue No. 1)
`
`The Exarniner correctly found that Avenraii describes a system that anticipates claims 2, 8
`
`and 14. in response to the rejection of the claims, Patent Owner contends that Aventoif does not
`
`disclose the element of“when the client is authorized to access the secure server, sending a
`
`request to the secure server to establish an encrypted channel between the secure server and the
`
`client.” Response at 12. Patent Owner rnisunderstands the Request and teachings ofxlvenrail.
`
`As explained in the Request, a client computer running Av-entail Connect would have to
`
`successfully authenticate before being given access to a secure destination. Request at 27-28.
`
`in particular, Aventoii explains that:
`
`11
`
`Petitioner Apple Inc. - Exhibit 1027, p. 11
`
`11
`
`Petitioner Apple Inc. - Exhibit 1027, p. 11
`
`
`
`Control No. 95/001,714; 95f0tll,697
`Comments of the Requestor on the Patent Owner Response
`
`Depending on the security policy and the Aventail ExtraNet Server
`configuration, Aventail Connect will automatically proxy their allowed
`application traffic into the private network. In this situation, Aventail Connect
`will forward trafiic destined for the private internal network to the Aventail
`Extrahlet Server. Then, based on the security: policy, the Aventail ExtraNet
`Server will proxy; user trafiic into the private network but only those resources
` .” (emphasis added)
`
`Aventaii Connect v.3. 01 at 72-73. Patent Owner does not address this passage -«which
`
`was expressly noted by the Exarninermbecause it plainly shows the embodiment referenced in
`
`these claims.
`
`Patent Owner elects instead to present a convoluted and confused discussion of different
`
`aspects of the Aventaii process. In particular, Patent Owner eonflates