`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`
`
`
`
`
`Paper No. 1
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`
`
`
`
`
`APPLE INC.
`Petitioner,
`
`v.
`
`VIRNETX, INC. AND SCIENCE APPLICATION INTERNATIONAL
`CORPORATION,
`Patent Owner
`
`Patent No. 7,418,504
`Issued: Aug. 26, 2008
`Filed: Nov. 18, 2003
`Inventor: Victor Larson, et al.
`AGILE NETWORK PROTOCOL FOR SECURE
`COMMUNICATIONS USING SECURE DOMAIN NAMES
`____________________
`Inter Partes Review No. IPR2015-00188
`
`
`
`
`
`
`
`Title:
`
`PETITION FOR INTER PARTES REVIEW OF U.S. PATENT NO. 7,418,504
`UNDER 35 U.S.C. §§ 311-319 AND 37 C.F.R. § 42.1-.80 & 42.100-.123
`________________________
`
`
`
`
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`TABLE OF CONTENTS
`
`I. MANDATORY NOTICES UNDER 37 C.F.R § 42.8(a)(1) ....................... 1
`A.
`Real Party-In-Interest Under 37 C.F.R. § 42.8(b)(1) ............................ 1
`B.
`Related Matters Under 37 C.F.R. § 42.8(b)(2) ..................................... 1
`C.
`Lead And Back-Up Counsel Under 37 C.F.R. § 42.8(b)(3) ................. 3
`D.
`Service Information ............................................................................... 3
`II.
`PAYMENT OF FEES – 37 C.F.R. § 42.103 ................................................ 3
`III. REQUIREMENTS FOR IPR UNDER 37 C.F.R. § 42.104 ....................... 3
`A. Grounds for Standing Under 37 C.F.R. § 42.104(a) ............................. 3
`B.
`Challenge Under 37 C.F.R. § 42.104(b) and Relief Requested ............ 4
`C.
`Claim Construction under 37 C.F.R. §§ 42.104(b)(3) .......................... 5
`1. Domain Name (Claims 1, 2, 6, 14-17, 19-23, 26-41, 43-47,
`and 50-60) ....................................................................................... 5
`2. Domain Name Service System (Claims 1, 2, 5, 6, 14-17, 19-
`23, 26-41, 43-47, and 50-60) ........................................................... 5
`3. Indication (Claims 1, 2, 6, 14-17, 19-23, 26-41, 43-47, and
`50-60) .............................................................................................. 7
`4. Secure Communication Link (Claims 1, 16-17, 20-23, 26-
`27, 31-32, 35-36, 47, 51, and 60) .................................................... 8
`5. Transparently (Claims 27 and 51) ................................................... 8
`6. Between [A] and [B] (Claims 16, 27, 33, 40, 51, and 57) .............. 9
`IV. SUMMARY OF THE ‘504 PATENT .......................................................... 9
`V. DETAILED DESCRIPTION WHY THE CHALLENGED
`CLAIMS ARE UNPATENTABLE ............................................................ 10
`A.
`19-23, 26-41, 43-47, and 50-60 ........................................................... 10
`1. Provino Anticipates Claims 1 ....................................................... 22
`2. Provino Anticipates Claims 36 ..................................................... 26
`3. Provino Anticipates Claims 60 ..................................................... 28
`
`[GROUND 1] – Provino Anticipates Claims 1, 2, 5, 6, 14-17,
`
`i
`
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`
`[GROUND 2] – Provino In View of RFC 1034 Renders
`
`4. Provino Anticipates Claims 2 and 37 ............................................ 29
`5. Provino Anticipates Claim 6 ......................................................... 30
`6. Provino Anticipates Claims 14 and 38 .......................................... 30
`7. Provino Anticipates Claims 15 and 39 .......................................... 31
`8. Provino Anticipates Claims 16 and 40 .......................................... 32
`9. Provino Anticipates Claims 17 and 41 .......................................... 35
`10. Provino Anticipates Claims 19 and 43 .......................................... 36
`11. Provino Anticipates Claims 20 and 44 .......................................... 36
`12. Provino Anticipates Claims 21 and 45 .......................................... 37
`13. Provino Anticipates Claims 22 and 46 .......................................... 38
`14. Provino Anticipates Claims 23 and 47 .......................................... 39
`15. Provino Anticipates Claims 26 and 50 .......................................... 39
`16. Provino Anticipates Claims 27, 33, 51, and 57............................. 40
`17. Provino Anticipates Claims 28 and 52 .......................................... 42
`18. Provino Anticipates Claims 29 and 53 .......................................... 42
`19. Provino Anticipates Claims 30 and 54 .......................................... 43
`20. Provino Anticipates Claims 31 and 55 .......................................... 44
`21. Provino Anticipates Claims 32 and 56 .......................................... 44
`22. Provino Anticipates Claims 34 and 58 .......................................... 44
`23. Provino Anticipates Claims 35 and 59 .......................................... 45
`Obvious Claims 20, 21, 35, 44, 45, and 59 ......................................... 46
`Claims 29-32 and 53-56 ...................................................................... 47
`Obvious Claims 16, 27, 33, 40, 51, and 57 ......................................... 51
`[GROUND 5] – Provino Anticipates Claim 5 .................................... 54
`Obvious Claim 5 .................................................................................. 55
`
`[GROUND 3] – Provino In View of Kosiur Renders Obvious
`
`B.
`C.
`D.
`E.
`F.
`
`[GROUND 4] – Provino In View of RFC 2660 Renders
`
`[GROUND 6] – Provino In View of RFC 2660 Renders
`
`ii
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`
`VI. CONCLUSION ............................................................................................ 57
`
`
`Attachment A. Proof of Service of the Petition
`
`Attachment B. List of Evidence and Exhibits Relied Upon in Petition
`
`
`
`iii
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`
`Apple Inc. (“Petitioner” or “Apple”) petitions for Inter Partes Review
`
`(“IPR”) of claims 1, 2, 5, 6, 14-17, 19-23, 26-41, 43-47, and 50-60 (“the
`
`Challenged Claims”) of U.S. Patent No. 7,418,504 (“the ‘504 patent”). By its
`
`accompanying Motion for Joinder, Petitioner seeks to join this petition to
`
`IPR2014-00613 (which has been consolidated to IPR2014-00614), a proceeding
`
`instituted on the same patent and the same prior art. This petition presents two
`
`additional grounds relative to IPR2014-00613 establishing that dependent claim 5
`
`is unpatentable. Claim 5 is highly similar to claims 23 and 47 involved in the -
`
`00613 proceeding – each claim specifies “authenticat[ing] the query” with claim 5
`
`further specifying “using a cryptographic technique.” Claim 5 is unpatentable
`
`over the same prior art that the Board has found to show the Challenged Claims
`
`unpatentable. See IPR2014-00613, Paper No. 9 at 21-24. It is submitted that
`
`consideration of these additional grounds on a single claim will not impose a
`
`burden on the Panel given the common prior art and similarity to issues already
`
`being considered in the -00613 proceeding, as explained in the Motion for Joinder.
`
`I. MANDATORY NOTICES UNDER 37 C.F.R § 42.8(a)(1)
`A. Real Party-In-Interest Under 37 C.F.R. § 42.8(b)(1)
`The real party of interest of this petition pursuant to § 42.8(b)(1) is Apple
`
`Inc. (“Apple”) located at One Infinite Loop, Cupertino, CA 95014.
`
`B. Related Matters Under 37 C.F.R. § 42.8(b)(2)
`
`1
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`
`The ‘504 patent is the subject of a number of civil actions including: (i) Civ.
`
`Act. No. 6:13-cv-00211-LED (E.D. Tex.), filed February 26, 2013; (ii) Civ. Act.
`
`No. 6:12-cv-00855-LED (E.D. Tex.), filed November 6, 2012; (iii) Civ. Act. No.
`
`6:10-cv-00417-LED (E.D. Tex.), filed August 11, 2010; (iv) Civ. Act. No. 6:11-cv-
`
`00018-LED (E.D. Tex), (iv) Civ. Act. No. 6:13-cv-00351-LED (E.D. Tex), filed
`
`April 22, 2013 (“the 2013 VirnetX litigation”); (v) Civ. Act. No. 6:13-mc-00037
`
`(E.D. Tex); and (vi) Civ. Act. No. 9:13-mc-80769 (E.D. Fld).
`
`The ’504 patent is also the subject of two inter partes reexamination nos.
`
`95/001,788 and 95/001,851. On May 27, 2014, the Office issued a Right of
`
`Appeal Notice in the ‘788 proceeding, maintaining rejections of all 60 claims in
`
`the ‘504 patent, including rejections based on Provino (Ex. 1008). On May 30,
`
`2014, the Office issued an Action Closing Prosecution in the ‘851 proceeding
`
`maintaining rejections of claims 1-10 and 12-60.
`
`The ’504 patent also is the subject of two inter partes reviews filed by
`
`Microsoft Corporation (IPR2014-00613 & -00614), instituted on October 15, 2014,
`
`and consolidated into IPR2014-00614. The ’504 patent was also the subject of
`
`petitions for inter partes review filed by: New Bay Capital, LLC (IPR2014-00377,
`
`dismissed); Apple, Inc. (IPR2013-00393 & -00394, not instituted); RPX
`
`Corporation (IPR2014-00176 & -00177, not instituted); and Microsoft Corporation
`
`(IPR2014-00612, not instituted).
`
`2
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`
`Concurrently with this petition, Petitioner is filing one other petition for
`
`inter partes review of the ’504 patent, IPR2015-00189.
`
`C. Lead And Back-Up Counsel Under 37 C.F.R. § 42.8(b)(3)
`
`Lead Counsel
`Jeffrey P. Kushan (Reg. No. 43,401)
`jkushan@sidley.com
`(202) 736-8914
`D.
`Service Information
`Service on Petitioner may be made by e-mail, or by mail or hand delivery to:
`
`Backup Lead Counsel
`Joseph A. Micallef (Reg. No. 39,772)
`jmicallef@sidley.com
`(202) 736-8492
`
`Sidley Austin LLP, 1501 K Street, N.W., Washington, D.C. 20005. The fax
`
`number for lead and backup counsel is (202) 736-8711.
`
`II.
`
`PAYMENT OF FEES – 37 C.F.R. § 42.103
`
`The Director is authorized to charge the fee specified by 37 CFR § 42.15(a)
`
`to Deposit Account No. 50-1597.
`
`III. REQUIREMENTS FOR IPR UNDER 37 C.F.R. § 42.104
`A. Grounds for Standing Under 37 C.F.R. § 42.104(a)
`Petitioner certifies the ’504 patent is available for inter partes review by
`
`Petitioner. The Petitioner is not barred or estopped from requesting an inter partes
`
`review challenging the patent claims on the grounds identified in the Petition. The
`
`’504 patent was asserted against Petitioner in proceedings alleging infringement
`
`more than one year ago, but because this petition is accompanied by a motion for
`
`joinder to IPR2014-00613, the one-year period in 35 U.S.C. § 315(b) does not
`
`3
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`
`apply to this petition pursuant to 35 U.S.C. § 315(c). E.g., Dell Inc. v. Network-1
`
`Security Solutions, Inc., IPR2013-00385, Paper 17 at 4-5; Microsoft Corp. v.
`
`Proxyconn, Inc., IPR2013-00109, Paper 15 at 4-5. This petition is presented
`
`within one month of institution of trial in IPR2014-00613 (i.e., on October 15,
`
`2014), as required by § 122(b). For the reasons detailed in the accompanying
`
`Motion for Joinder, proceedings based on this petition should be joined to
`
`IPR2014-00613 and consolidated into IPR2014-00614.
`
`B. Challenge Under 37 C.F.R. § 42.104(b) and Relief Requested
`Petitioner requests review of claims 1, 2, 5, 6, 14-17, 19-23, 26-41, 43-47,
`
`and 50-60 (the “Challenged Claims”) on the grounds set forth below, and that each
`
`of such claims be found unpatentable. The Board has already instituted trial on
`
`Grounds 1-4 below in IPR2014-00613. Petitioner presents the same grounds in
`
`this Petition, plus two new Grounds for one additional claim (Claim 5) based on
`
`the same prior art references used to institute trial on Grounds 1 and 4. A detailed
`
`explanation why Claim 5 is unpatentable is provided below in §§ V.E and V.F.
`
`The ‘504 patent issued from a string of applications allegedly dating back to
`
`an original application filed on October 30, 1998. However, the effective filing
`
`date for the embodiments recited by claims 1, 2, 5, 6, 14-17, 19-23, 26-41, 43-47,
`
`and 50-60 of the ‘504 patent is no earlier than February 15, 2000. Provino (Ex.
`
`1008) is a patent that filed on May 29, 1998 and is prior art to the '504 patent.
`
`4
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`
`RFC 1034 (Ex. 1010) is prior art under 35 U.S.C. § 102(b) as it was published in
`
`November 1987 by the Internet Engineering Task Force (IETF). Kosiur (Ex. 1024)
`
`is prior art under 35 U.S.C § 102(b), as it was published no later than September 1,
`
`1998. RFC 2660 is prior art under 35 U.S.C § 102(b), as draft 01 of RFC 2660
`
`(Ex. 1012) was published in August 1999 by the Internet Engineering Task Force
`
`(IETF).
`
`C. Claim Construction under 37 C.F.R. §§ 42.104(b)(3) 1
`Petitioner proposes use of the same constructions adopted by the Board in
`
`IPR2014-00613 and -00614.
`
`1.
`
` Domain Name (Claims 1, 2, 6, 14-17, 19-23, 26-41, 43-47,
`and 50-60)
`
`Patent Owner has asserted to the PTAB that a “domain name” means “a
`
`name corresponding to a network address.” See Ex. 1019 at 32-33; Ex. 1020 at 28-
`
`29. It is reasonable, for purposes of this proceeding in which the broadest
`
`reasonable construction standard applies, to consider the term “domain name” as
`
`encompassing “a name corresponding to a network address.”
`
`2.
`
` Domain Name Service System (Claims 1, 2, 5, 6, 14-17, 19-
`23, 26-41, 43-47, and 50-60)
`
`
`
`1 Petitioner does not acquiesce to constructions of Patent Owner or the district
`
`court, and reserves its right to dispute or appeal such constructions.
`
`5
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`
`Patent Owner has asserted to the PTAB and in litigation that no construction
`
`of “domain name service system” was necessary.” Ex. 1013 at 24-25; Ex. 1019 at
`
`38-39; Ex. 1020 at 34-35. According to Patent Owner, the claims themselves
`
`define the characteristics of the domain name service system. Id. In view of Patent
`
`Owner’s assertions, it is reasonable, for purposes of this proceeding in which the
`
`broadest reasonable construction standard applies, to consider the term “domain
`
`name service system” as encompassing any system with the characteristics
`
`described by the claims.
`
`Under its broadest reasonable construction, a “system” can include one or
`
`more discrete computers or devices. Ex. 1023 at ¶ 15. This is consistent with the
`
`‘504 patent’s specification at col. 40, lines 35-48. This section describes a domain
`
`name service system that includes a modified DNS server 2602 and a gatekeeper
`
`server 2603, which is shown as being separate from the modified DNS server. Ex.
`
`1001 at col. 4, lines 35-48 and fig. 26. Moreover, this sections states that “although
`
`element 2602 [(the modified DNS server)] is shown as combining the functions of
`
`two servers [(the DNS proxy 2610 and DNS server 2609)], the two servers can be
`
`made to operate independently.” Ex. 1001 at col. 40, lines 46-48. Also, the
`
`Examiner in the ’788 and ‘851 reexamination proceedings concluded that the
`
`broadest reasonable construction of a system encompasses a single or multiple
`
`devices. Ex. 1016 at 19-21 , Ex. 1017 at 23-25 (a “DNS system is reasonably
`
`6
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`
`interpreted as comprising a single device or multiple devices.”).
`
`Accordingly, it is reasonable, in this proceeding in which the broadest
`
`reasonable construction standard applies, to consider the term “domain name
`
`service system” as encompassing any system with the characteristics specified by
`
`the claims, where the system may include one or more devices or computers.
`
`3.
`
` Indication (Claims 1, 2, 6, 14-17, 19-23, 26-41, 43-47, and
`50-60)
`
`Patent Owner has asserted to the PTAB that no construction of “indication”
`
`is necessary. Ex. 1019 at 44-46; Ex. 1020 at 40-42. Similarly, in litigation for the
`
`‘504 patent, Patent Owner asserted no construction of “indication” was necessary,
`
`and the Court also declined to construe the term. Ex. 1013 at 31; Ex. 1015 at 28. In
`
`light of this, we consider the previous reexamination proceedings. In the ’788 and
`
`‘851 reexamination proceedings, the Examiner found that, under the broadest
`
`reasonable construction, the term encompassed:
`
`... the ability of the user to communicate using a secure link after boot-up.”
`If the user attempts to establish a secure communication link using a DNS
`system after booting and is able to do so, then the user has been provided a
`broadly recited and discernible “indication” that the DNS in some manner
`supports establishing a communication link.
`Ex. 1016 at 22; Ex. 1017 at 26 (emphasis original). The Examiner also found,
`
`under its broadest reasonable construction, the term encompassed: “a visible
`
`message or signal to a user that the DNS system supports establishing a secure
`
`7
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`
`communication link." Ex. 1016 at 28, Ex. 1017 at 32 (emphasis original). The
`
`Examiner also found “[n]either the specification nor the claim language provides a
`
`basis for limiting 'indicating' to a visual indicator.” Ex. 1016 at p. 22, Ex. 1017 at
`
`26. The broadest reasonable construction of “indication” should thus encompass a
`
`visible or non-visible message or signal that the DNS system supports establishing
`
`a secure communication link, including the establishment of the secure
`
`communication link itself.
`
`4.
`
`Secure Communication Link (Claims 1, 16-17, 20-23, 26-27,
`31-32, 35-36, 47, 51, and 60)
`
`Patent Owner has asserted to the PTAB that “secure communication link”
`
`should mean a “direct communication link that provides data security through
`
`encryption.” Ex. 1019 at 40-44; Ex. 1020 at 36-40. In view of Patent Owner’s
`
`assertions, it is reasonable, for purposes of this proceeding in which the broadest
`
`reasonable construction standard applies, to consider the term “secure
`
`communication link” as encompassing a “direct communication link that provides
`
`data security through encryption.”
`
`Transparently (Claims 27 and 51)
`
`5.
`Patent Owner has asserted to the PTAB that “transparently” means that “the
`
`user need not be involved in creating the [secure communication link]/[secure
`
`link].” Ex. 1019 at 47; Ex. 1020 at 43. In view of Patent Owner’s assertions, it is
`
`8
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`
`reasonable, for purposes of this proceeding in which the broadest reasonable
`
`construction standard applies, to consider the term “transparently” as
`
`encompassing “the user need not be involved in creating the [secure
`
`communication link]/[secure link].”
`
`Between [A] and [B] (Claims 16, 27, 33, 40, 51, and 57)
`
`6.
`In prior litigation on the ‘504 patent, Patent Owner argued against a
`
`defendant’s construction that “between” should mean “extend from one endpoint
`
`to the other,” and instead stated that “between” should only apply to the “public
`
`communication paths.” Ex. 1014 at 11. Under Patent Owner’s contentions, a secure
`
`communication link is “between” two endpoints where encryption is used on the
`
`public communication paths between the two endpoints, regardless of whether the
`
`encryption extends completely from the first endpoint to the second endpoint. Id.
`
`In view of Patent Owner’s assertions, it is reasonable, for purposes of this
`
`proceeding in which the broadest reasonable construction standard applies, to
`
`consider a secure communication link “between [A] and [B]” to encompass a
`
`secure communication link on the public communication paths between the two
`
`endpoints, regardless of whether that secure communication link fully extends
`
`from the first endpoint to the second endpoint.
`
`IV. SUMMARY OF THE ‘504 PATENT
`Petitioner refers the Board to the Decisions to Institute Trial in IPR2014-
`
`9
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`
`00613 and -00614 at pages 4 to 5 and the Petitions filed in each such proceeding
`
`for a general description of the '504 patent. Paper Nos. 2 at 10-13.
`
`V. DETAILED DESCRIPTION WHY THE CHALLENGED CLAIMS
`ARE UNPATENTABLE
`
`This request shows how the primary references above, alone or in
`
`combination with other references, disclose the limitations of the Challenged
`
`Claims of the ‘504 patent. As detailed below, this request shows a reasonable
`
`likelihood that the Requester will prevail with respect to the Challenged Claims of
`
`the ‘504 patent.
`
`A.
`
`[GROUND 1] – Provino Anticipates Claims 1, 2, 5, 6, 14-17, 19-23,
`26-41, 43-47, and 50-60
`
`Provino has an effective filing date of May 29, 1998, and is prior art under at
`
`least §102(e). During the ‘788 reexamination proceedings, the Examiner
`
`concluded that the ‘504 claims do not include any features that patentably
`
`distinguish the ‘504 patent claims from Provino. Ex. 1016 at 43. The Examiner
`
`noted that “[t]he biggest difference between the [the ‘504 patent] and Provino
`
`teachings discussed above is that, in [the ‘504 patent], the DNS proxy 2610
`
`forwards the message to gatekeeper 2603 while, in Provino, the DNS server 17
`
`provides a network address that the initiator uses to contact firewall 30. However,
`
`whether the DNS request is forwarded or redirected is an unclaimed feature not
`
`necessary for an understanding of the claims.” Id. This continues to be the case
`
`10
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`
`and, as described below, Provino anticipates claims 1, 2, 5, 6, 14-17, 19-23, 26-41,
`
`43-47, and 50-60 of the ‘504 patent.
`
`Overview of Provino
`
`Provino describes “systems and methods for easing communications
`
`between devices connected to public networks such as the Internet and devices
`
`connected to private networks.” Ex. 1008 at 1:14-16; see Ex. 1023 at ¶ ¶ 16. In
`
`particular, Provino describes a system that facilitates communications between a
`
`client device 12(m) connected to ISP 11 and a server 31(s) located within virtual
`
`private network (VPN) 15. See Ex. 1008 at 9:32 to 10:33; Ex. 1023 at ¶ ¶ 16. An
`
`example of the architecture of Provino’s system is illustrated in Figure 1.
`
`For a device 12(m) external to VPN 15 to communicate with a server 31(s)
`
`within VPN 15, Provino describes a two phase process for establishing
`
`communications. See Ex. 1008 at 12:1-2; Ex. 1023 at ¶ ¶ 17. During the first phase
`
`
`
`11
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`
`described by Provino, the device 12(m) establishes a secure tunnel with VPN 15,
`
`via firewall 30, and identifies a VPN name server 32 inside VPN 15. Ex. 1008 at
`
`9:61-65, 10:58-64; Ex. 1023 at ¶ ¶ 17. In particular, during the first phase, the
`
`client device 12(m) obtains an address for the firewall 30 from standard ISP name
`
`server 17 by initiating a request for the address and establishes a secure tunnel with
`
`firewall 30 by exchanging encryption/decryption information. Ex. 1008 at 12:20-
`
`24; Ex. 1023 at ¶ ¶ 17. During the second phase, the client device 12(m) uses the
`
`secure tunnel to send encrypted message packets to VPN 15, via firewall 30. Ex.
`
`1008 at 12:8-16; Ex. 1023 at ¶ ¶ 17. In particular, during the second phase, the
`
`client device 12(m) communicates with VPN name server 32 to obtain addresses
`
`for servers (e.g., server 31(s)) inside the VPN 15, and then uses those addresses to
`
`send encrypted messages to those servers, via firewall 30. Ex. 1008 at 12:8-16; Ex.
`
`1023 at ¶ ¶ 17.
`
`Further details of the first phase are provided next. The client device 12(m)
`
`first locates the firewall 30 by obtaining “an integer Internet address for the
`
`firewall” which, in some cases, is “provided by a the [sic] nameserver 17 after a
`
`human-readable Internet address was provided by the operator or a program.” Ex.
`
`1008 at 12:20-24; Ex. 1023 at ¶ ¶ 19. After the client device 12(m) obtains the
`
`address of firewall 30 from nameserver 17, the device 12(m) sends a message
`
`packet to the firewall 30, requesting establishment of a secure tunnel. Ex. 1008 at
`
`12
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`
`9:47-52; Ex. 1023 at ¶ ¶ 19. If the firewall 30 determines that the client device
`
`12(m) is authorized to access the VPN 15, then the firewall 30 provides the device
`
`12(m) with encryption and decryption information, such as identification of an
`
`encryption/decryption algorithm and associated encryption and decryption keys.
`
`Ex. 1008 at 9:61-65; Ex. 1023 at ¶ ¶ 19. The device 12(m) subsequently uses the
`
`encryption and decryption information to securely communicate with the VPN 15,
`
`thus establishing a secure tunnel through the Internet 14 to the VPN 15. See Ex.
`
`1008 at 12:2-4; Ex. 1023 at ¶ ¶ 19. As shown in Annotation 1 below, the creation
`
`of the secure tunnel between device 12(m) and VPN 15 effectively extends the
`
`VPN to include the device 12(m) via Internet 14. Ex. 1008 at 6:10-15; Ex. 1023 at
`
`¶ ¶ 19. Provino further discloses that, during this first phase, in addition to
`
`encryption and decryption information, the firewall 30 may also provide the device
`
`12(m) with an identification of a VPN nameserver 32 in the VPN 15. Ex. 1008 at
`
`10:58-64; Ex. 1023 at ¶ ¶ 20. Functionally, the VPN nameserver 32 “serves to
`
`resolve human-readable Internet addresses for servers 31(s) internal to the virtual
`
`private network 15 to respective integer Internet addresses.” Ex. 1008 at 9:2-5; Ex.
`
`1023 at ¶ ¶ 20. In particular, the client device 12(m) utilizes the VPN nameserver
`
`32 (in the subsequent second phase) to locate servers inside the VPN by obtaining
`
`“the appropriate integer Internet addresses for the human-readable Internet
`
`addresses which may be provided by the operator of device 12(m).” Ex. 1008 at
`
`13
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`
`10:64-67; Ex. 1023 at ¶ ¶ 20. Provino describes that message packets transferred
`
`over the Internet “conform to that defined by the so-called Internet protocol ‘IP’”
`
`and that, in particular, the integer Internet address of a message packet is an “IP
`
`parameter.” Ex. 1008 at 3:62-65, 7:51-53; Ex. 1023 at ¶ ¶ 20. Provino also
`
`describes that the integer Internet address of the server 31(s) is “in the form of an
`
`‘n’-bit integer (where ‘n’ may be thirty two or 128).” Ex. 1008, 1:45-47; Ex. 1023
`
`at ¶ ¶ 20.
`
`(Annotation 1)
`
`
`
`After creating a secure tunnel to VPN 15 and identifying VPN name server
`
`32, “the device 12(m) can use the information provided during the first phase in
`
`connection with generating and transferring message packets to one or more
`
`servers 31(s) in the virtual private network 15, in the process obtaining resolution
`
`14
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`
`[of] human-readable Internet addresses to integer Internet addresses as necessary
`
`from the nameserver 32 that was identified by the firewall 30 during the first
`
`phase.” Ex. 1008 at 12:8-16; see Ex. 1023 at ¶ ¶ 21.
`
`In particular, in this second phase of Provino, a user of client device 12(m)
`
`may instigate communications with secure servers within VPN 15 (e.g., a server
`
`31(s)) by using a human-readable Internet address that is associated with server
`
`31(s). See Ex. 1008 at 13:31-40; Ex. 1023 at ¶ ¶ 22. Provino describes that, in
`
`general, the client device 12(m) will “initially access the nameserver 17… to
`
`attempt to obtain the integer Internet address associated with the human-readable
`
`Internet address.” Ex. 1008 at 11:6-10; Ex. 1023 at ¶ ¶ 22. If the standard ISP
`
`nameserver 17 cannot resolve the hostname (e.g., because the requested server
`
`31(s) is within a VPN), then the standard ISP nameserver 17 returns a message
`
`indicating that it does not have the integer address for the requested human-
`
`readable address of server 31(s). Ex. 1008 at 11:10-15; Ex. 1023 at ¶ ¶ 22. In this
`
`case, the client device 12(m) sends a request message packet to the VPN
`
`nameserver 32, through the firewall 30, in attempting to identify the integer
`
`address of the server 31(s). Ex. 1008 at 11:10-15; Ex. 1023 at ¶ ¶ 22.
`
`Below, in Annotations 2 and 3 of FIG. 1, the client’s exchange with VPN
`
`nameserver 32 is highlighted. See Ex .1023 at ¶ ¶ 23. In particular, to resolve the
`
`human-readable Internet address using VPN nameserver 32, the device 12(m)
`
`15
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`
`initiates “a request message packet for transmission to the nameserver 32 through
`
`the firewall 30 and over the secure tunnel.” Ex. 1008 at 11:13-16; Ex. 1023 at ¶ ¶
`
`23. This request process is illustrated in Annotation 2 of FIG. 1, which shows the
`
`device 12(m) sending a request message packet to the nameserver 32 (via firewall
`
`30) to request the integer Internet address corresponding to the human-readable
`
`Internet addresses of a server 31(s). See Ex. 1023 at ¶ ¶ 23.
`
`(Annotation 2)
`
`
`
`The VPN nameserver 32 receives the message request packet from the client
`
`device 12(m), via firewall 30, and attempts to resolve the human-readable Internet
`
`address of server 31(s) into an integer Internet address. Ex. 1008 at 11:19-21; Ex.
`
`1023 at ¶ ¶ 24. If a corresponding integer address is found, the VPN name server
`
`32 returns the integer address back to the client device 12(m), via the firewall 30.
`
`Ex. 1008 at 11:21-25; Ex. 1023 at ¶ ¶ 24. Therefore, as a result of the client device
`
`16
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`
`12(m) sending a request message packet to the VPN name server 32, Provino
`
`describes that the device 12(m) receives the integer Internet address for server
`
`31(s) in a message packet transmitted from nameserver 32 via firewall 30, as
`
`illustrated in Annotation 3 of FIG. 1. See Ex. 1008 at 11:16-25; Ex. 1023 at ¶ 24.
`
`(Annotation 3)
`
`
`
`Otherwise, if the nameserver 32 does not have an association between the
`
`requested human-readable Internet address for server 31(s) and an integer Internet
`
`address, “the nameserver 32 can provide a response message packet so indicating.”
`
`Ex. 1008 at 11:50-54; Ex. 1023 at ¶ 25. If the client device 12(m) is unable to
`
`obtain an integer Internet address associated with the human-readable Internet
`
`address from any of the nameservers to which it has access, then the client device
`
`12(m) “may so notify its operator or program which requested the access.” Ex.
`
`1008 at 11:64-65; Ex. 1023 at ¶ 25.
`
`17
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`
`Once the client device 12(m) receives the integer Internet address for server
`
`31(s) from VPN name server 32, the client device 12(m) stores the address in a
`
`local cache, “along with the association of the human readable address thereto,” in
`
`IP parameter store 25. Ex. 1008 at 11:35-39; Ex. 1023 at ¶ 28. The client device
`
`12(m) subsequently uses the stored integer Internet address and associated human
`
`readable address to communicate with server 31(s) by sending messages via the
`
`encrypted tunnel to firewall 30, which forwards the messages to server 31(s). Ex.
`
`1008 at 10:28-32, 11:40-45; Ex. 1023 at ¶ 28. In particular, Provino describes that
`
`“the device [12(m)] can use that integer Internet address in generating message
`
`packets for transmission to the server 31(s) which is associated with the human-
`
`readable Internet address.” Ex. 1008 at 15:27-30; Ex. 1023 at ¶ 28. This
`
`transmission to the server 31(s) is illustrated in Annotation 4 of FIG. 1, below. Ex.
`
`1023 at ¶ 28.
`
`(Annotation 4)
`
`
`
`18
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 7,418,504
`
`
`Provino additionally describes the transfer of information stored on server
`
`31(s) to device 12(m). Ex. 1008 at 9:6-13; Ex. 1023 at ¶ 29. By describing that
`
`device 12(m) generates a message packet for transmission to server 31(s) and
`
`receives information transferred from server 31(s), Provino describes that device
`
`12(m) leverages the resolved secure computer network address (i.e., integer
`
`Internet address) to send access request messages to server 31(s) that contains a
`
`request for information stored on server 31(s). See Ex. 1023 at ¶ 29. Thus, once the
`
`device 12(m) obtains the integer Internet address of server 31(s) from nameserver
`
`32 during the second phase of establishing communications with server 31(s), the
`
`device 12(m) may send access requests to server 31(s) using the secure tunnel
`
`established with the firewall 30 in the first phase of the communication process.
`
`Ex. 1008 at 15:21-30; Ex. 1023 at ¶ 29.
`
`In Annotation 5 of