`By:
`
`Joseph E. Palys
`Paul Hastings LLP
`875 15th Street NW
`Washington, DC 20005
`Telephone: (202) 551-1996
`Facsimile: (202) 551-0496
`E-mail: josephpalys@paulhastings.com
`
`
`
`Paper No. ___
`Filed: June 6, 2016
`
`Naveen Modi
`Paul Hastings LLP
`875 15th Street NW
`Washington, DC 20005
`Telephone: (202) 551-1990
`Facsimile: (202) 551-0490
`E-mail: naveenmodi@paulhastings.com
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`
`
`
`
`
`
`
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`
`
`
`
`
`
`
`
`
`
`
`APPLE INC.,
`Petitioner
`
`v.
`
`VIRNETX INC.
`Patent Owner
`
`
`
`
`
`
`
`Case IPR2015-00810
`Patent No. 8,868,705
`
`
`
`
`
`
`
`
`
`
`PATENT OWNER’S DEMONSTRATIVE EXHIBITS
`
`
`
`Inter Partes Review of
`U.S. Patent No. 8,868,705
`U.S. Patent No. 8,850,009
`
`Case Nos. IPR2015-00810,
`IPR2015-00811, and IPR2015-00812
`
`Oral Hearing: June 8, 2016
`
`
`
`Instituted Grounds
`IPR2015-00810 (U.S. Patent No. 8,868,705)
`– Claims 1-4, 6-10, 12-26, and 28-34 as obvious over Beser and RFC
`2401
`– Claims 5, 11, and 27 as obvious over Beser, RFC 2401, and Brand
`
`
`IPR2015-00811 (U.S. Patent No. 8,868,705)
`– Claims 1-3, 6, 14, 16-25, 28, 31, 33, and 34 as obvious over Aventail
`Connect and RFC 2401
`– Claims 8-10, 12, 15, 30, and 32 as obvious over Aventail Connect,
`RFC 2401, and RFC 2543
`– Claims 4, 5, 7, 26, 27, and 29 as obvious over Aventail Connect, RFC
`2401, and Brand
`– Claims 11 and 13 as obvious over Aventail Connect, RFC 2401, RFC
`2543, and Brand
`
`IPR2015-00812 (U.S. Patent No. 8,850,009)
`– Claims 1-8, 10-20, and 22-25 as obvious over Beser and RFC 2401
`
`•
`
`•
`
`•
`
`IPR2015-00810, Inst. Dec. at 23; IPR2015-00811, Inst. Dec. at 24; IPR2015-00812, Inst. Dec. at 14
`
`2
`2
`
`
`
`IPR2015-00810
`U.S. Patent No. 8,868,705
`
`3
`
`
`
`Beser’s Tunneling Method
`
`IPR2015-00810, Ex. 1007 at Figs. 1, 6; P.O. Resp. at 17-21
`
`4
`4
`
`
`
`Beser’s Tunneling Method
`Apple’s expert:
`
`IPR2015-00810, Ex. 2015 at 110:9-11; P.O. Resp. at 22
`
`5 5
`
`
`
`Independent Claim 1 of the ’705 Patent
`
`1. A method of transparently creating an encrypted communications channel
`between a client device and a target device, each device being configured to allow
`secure data communications between the client device and the target device over
`the encrypted communications channel once the encrypted communications
`channel is created, the method comprising:
`
`(1) intercepting from the client device a request to look up an Internet Protocol (IP)
`address corresponding to a domain name associated with the target device;
`
`(2) determining whether the request to look up the IP address [[transmitted]]
`intercepted in step (1) corresponds to a device that accepts an encrypted channel
`connection with the client device; and
`
`(3) in response to determining, in step (2), that the request to look up the IP address
`in step (2) corresponds to a device that accepts an encrypted communications
`channel connection with the client device, providing provisioning information
`required to initiate the creation of the encrypted communications channel between
`the client device and the target device such that the encrypted communications
`channel supports secure data communications transmitted between the two
`devices, the client device being a device at which a user accesses the encrypted
`communications channel.
`
`IPR2015-00810, Ex. 1001, claim 1
`
`6
`6
`
`
`
`The “Intercepting” Feature
`Apple’s Petition:
`
`IPR2015-00810, Pet. at 11
`
`7
`7
`
`
`
`The “Intercepting” Feature
`Apple’s expert:
`
`IPR2015-00810, Ex. 2015 at 80:3-13; P.O. Resp. at 11-13, 23-25
`
`8 8
`
`
`
`The “Intercepting” Feature
`Apple’s Reply:
`
`IPR2015-00810, Reply at 14-15
`
`9 9
`
`
`
`The “Intercepting” Feature
`Apple’s Petition:
`
`IPR2015-00810, Pet. at 33
`
`10
`10
`
`
`
`The Alleged Request in Beser Is Not “Intercept[ed]”
`
`
`
`
`
`IPR2015-00810, Ex. 1007 at 11:15-20, Fig. 6; P.O. Resp. at 25
`
`11 11
`
`
`
`The Alleged Request in Beser Is Not “Intercept[ed]”
`
`
`
`
`
`IPR2015-00810, Ex. 1007 at 11:15-20, Fig. 6; P.O. Resp. at 26-27
`
`12 12
`
`
`
`The Alleged Request in Beser Is Not “Intercept[ed]”
`
`
`
`
`
`IPR2015-00810, Ex. 1007 at 11:15-20, Fig. 6; P.O. Resp. at 26-27
`
`13 13
`
`
`
`Claims 14 and 31 of the ’705 Patent
`Claims 14 and 31:
`14. The method of claim 1, wherein the target device is a
`server.
`31. The system according to claim 21, wherein the target
`device is a server.
`
`Apple’s Petition:
`
`IPR2015-00810, Ex. 1001, claims 14 and 31; Pet. at 46
`
`14 14
`
`
`
`Claims 14 and 31 of the ’705 Patent
`Apple’s expert:
`
`IPR2015-00810, Ex. 1005 at ¶ 289; P.O. Resp. at 35-37
`
`15
`15
`
`
`
`Claims 14 and 31 of the ’705 Patent
`Apple’s Petition:
`
`IPR2015-00810, Pet. at 46-47
`
`16
`16
`
`
`
`Claims 14 and 31 of the ’705 Patent
`Apple’s expert:
`
`IPR2015-00810, Ex. 1005 at ¶ 126; P.O. Resp. at 35-37
`
`17
`17
`
`
`
`IPR2015-00812
`U.S. Patent No. 8,850,009
`
`18
`
`
`
`Independent Claim 1 of the ’009 Patent
`
`1. A network device, comprising: a storage device storing an application program for a
`secure communications service; and
`
`at least one processor configured to execute the application program for the secure
`communications service so as to enable the network device to:
`
`send a domain name service (DNS) request to look up a network address of a second
`network device based on an identifier associated with the second network device;
`
`receive, following interception of the DNS request and a determination that the second
`network device is available for the secure communications service: (1) an indication that
`the second network device is available for the secure communications service, (2) the
`requested network address of the second network device, and (3) provisioning
`information for an encrypted communication link;
`
`connect to the second network device over the encrypted communication link, using the
`received network address of the second network device and the provisioning information
`for the encrypted communication link; and
`
`communicate data with the second network device using the secure communications
`service via the encrypted communication link,
`
`the network device being a device at which a user uses the secure communications
`service to access the encrypted communication link.
`
`IPR2015-00812, Ex. 1003, claim 1
`
`19
`19
`
`
`
`The “Domain Name Service (DNS) Request” Feature
`Apple’s expert:
`
`IPR2015-00812, Ex. 2015 at 102:9-13; P.O. Resp. at 28
`
`20 20
`
`
`
`The “Domain Name Service (DNS) Request” Feature
`Apple’s Reply:
`
`
`
`Apple’s expert:
`
`IPR2015-00812, Reply at 10; Ex. 1005 at ¶ 306
`
`21 21
`
`
`
`IPR2015-00811
`U.S. Patent No. 8,868,705
`
`22
`
`
`
`Basic Configuration for Aventail
`• Application->Aventail Connect->SOCKS server
`->Remote Host
`
`• Aventail Connect
`– Checks redirection rule for the hostname of a remote
`(step 1)
`– Checks a connection request by application (step 2a)
`
`
`• SOCKS server
`– Negotiates authentication method with Aventail
`Connect (step 2b)
`– If encryption option selected by SOCKS server, data is
`encrypted to the SOCKS server (step 3)
`
`IPR2015-00811, P.O. Resp. at 15-17
`
`23 23
`
`
`
`Basic Configuration for Aventail
`
`IPR2015-00811, Ex. 1009 at 11-12; P.O. Resp. at 15-17
`
`24 24
`
`
`
`Basic Configuration for Aventail
`
`IPR2015-00811, Ex. 1009 at 11-12; P.O. Resp. at 15-17
`
`25 25
`
`
`
`Basic Configuration for Aventail
`
`IPR2015-00811, Ex. 1009 at 11-12; P.O. Resp. at 15-17
`
`26 26
`
`
`
`Independent Claim 1 of the ’705 Patent
`
`1. A method of transparently creating an encrypted communications channel
`between a client device and a target device, each device being configured to allow
`secure data communications between the client device and the target device over
`the encrypted communications channel once the encrypted communications
`channel is created, the method comprising:
`
`(1) intercepting from the client device a request to look up an Internet Protocol (IP)
`address corresponding to a domain name associated with the target device;
`
`(2) determining whether the request to look up the IP address [[transmitted]]
`intercepted in step (1) corresponds to a device that accepts an encrypted
`channel connection with the client device; and
`
`(3) in response to determining, in step (2), that the request to look up the IP address
`in step (2) corresponds to a device that accepts an encrypted communications
`channel connection with the client device, providing provisioning information
`required to initiate the creation of the encrypted communications channel between
`the client device and the target device such that the encrypted communications
`channel supports secure data communications transmitted between the two
`devices, the client device being a device at which a user accesses the encrypted
`communications channel.
`
`IPR2015-00811, Ex. 1001, claim 1
`
`27
`27
`
`
`
`Aventail Does Not Disclose the “Determining” Feature
`
` Apple’s Petition:
`
`
`IPR2015-00811, Pet. at 34
`
`28 28
`
`
`
`Aventail Does Not Disclose the “Determining” Feature
`
`
`
`Patent Owner’s Response:
`
`IPR2015-00811, P.O. Resp. at 17-23
`
`29 29
`
`
`
`Aventail Does Not Disclose the “Determining” Feature
`
`
`
`Patent Owner’s Response:
`
`IPR2015-00811, P.O. Resp. at 20
`
`30 30
`
`
`
`Aventail Does Not Disclose the “Determining” Feature
`
`• Aventail’s redirection rule:
`
`
`IPR2015-00811, Ex. 1009 at 40; P.O. Resp. at 21-22
`
`31 31
`
`
`
`Apple’s Reply
`
`IPR2015-00811, Reply at 8
`
`32 32
`
`
`
`Apple’s Reply
`
`IPR2015-00811, Reply at 8
`
`33 33
`
`
`
`Apple’s Reply
`
`IPR2015-00811, Reply at 9
`
`34 34
`
`
`
`Apple’s Reply
`
`IPR2015-00811, Reply at 9
`
`35 35
`
`
`
`Independent Claim 1 of the ’705 Patent
`
`1. A method of transparently creating an encrypted communications channel
`between a client device and a target device, each device being configured to allow
`secure data communications between the client device and the target device over
`the encrypted communications channel once the encrypted communications
`channel is created, the method comprising:
`
`(1) intercepting from the client device a request to look up an Internet Protocol (IP)
`address corresponding to a domain name associated with the target device;
`
`(2) determining whether the request to look up the IP address [[transmitted]]
`intercepted in step (1) corresponds to a device that accepts an encrypted channel
`connection with the client device; and
`
`(3) in response to determining, in step (2), that the request to look up the IP
`address in step (2) corresponds to a device that accepts an encrypted
`communications channel connection with the client device, providing
`provisioning information required to initiate the creation of the encrypted
`communications channel between the client device and the target device such
`that the encrypted communications channel supports secure data communications
`transmitted between the two devices, the client device being a device at which a
`user accesses the encrypted communications channel.
`
`IPR2015-00811, Ex. 1001, claim 1
`
`36
`36
`
`
`
`“Provisioning Information” Feature
`
`Patent Owner’s Response:
`
`IPR2015-00811, P.O. Resp. at 25-26
`
`37 37
`
`
`
`“Provisioning Information” Feature
`
`Patent Owner’s Response:
`
`IPR2015-00811, P.O. Resp. at 26
`
`38 38
`
`
`
`HOSTENT
`
`IPR2015-00811, P.O. Resp. at 26-29
`
`39 39
`
`
`
`TCP Sequence Numbers
`
`Patent Owner’s Response:
`
`IPR2015-00811, P.O. Resp. at 30-31
`
`40 40
`
`
`
`“Selection of Encryption Method”
`
`Patent Owner’s Response:
`
`IPR2015-00811, P.O. Resp. at 31-32
`
`41 41
`
`
`
`“SOCKS Exchanges”
`
`Patent Owner’s Response:
`
`IPR2015-00811, P.O. Resp. at 32-33
`
`42 42
`
`
`
`Claims 2, 16, and 33 of the ’705 Patent
`
`
`
`Claim 2:
`2. The method of claim 1, wherein providing the provisioning information required to initiate
`the encrypted communications channel is based on a determination that the target
`device is a device with which an encrypted communications channel can be
`established when the IP address request corresponds to a target device identified in an
`network address lookup.
`
`
`
`Apple’s Petition:
`
`
`
`IPR2015-00811, Ex. 1001, claim 2; Pet. at 44; P.O. Resp. at 34-36
`
`43 43
`
`
`
`Claims 3 and 25 of the ’705 Patent
`Claims 3 and 25:
`
`3. The method of claim 1, wherein the domain name is a
`secure domain name.
`
`25. The system according to claim 21, wherein the domain
`name is a secure domain name.
`
`
`IPR2015-00811, Ex. 1001, claims 3 and 25
`
`44 44
`
`
`
`Claims 3 and 25 of the ’705 Patent
`Apple’s Petition:
`
`
`
`
`IPR2015-00811, Pet. at 44-45, P.O. Resp. at 36-37
`
`45 45
`
`
`
`Claims 3 and 25 of the ’705 Patent
`Patent Owner’s Response:
`
`
`
`Patent Owner’s Response:
`
`
`IPR2015-00811, P.O. Resp. at 36-37
`
`46 46
`
`
`
`Claims 3 and 25 of the ’705 Patent
`Apple’s Reply:
`
`IPR2015-00811, Reply at 15
`
`47
`47
`
`
`
`Claims 17 and 34 of the ’705 Patent
`1. A method of transparently creating an encrypted communications
`channel between a client device and a target device . . . :
`
`(1) intercepting from the client device a request to look up an Internet
`Protocol (IP) address corresponding to a domain name associated with
`the target device;
`
`(2) determining whether the request to look up the IP address
`[[transmitted]] intercepted in step (1) corresponds to a device that
`accepts an encrypted channel connection with the client device; and
`
`. . . .
`
`17. The method according to claim 1, wherein the intercepting the
`request occurs within another device that is separate from the client
`device.
`
`
`IPR2015-00811, Ex. 1001, claims 1 and 17; P.O. Resp. at 38-40
`
`48 48
`
`
`
`Claims 17 and 34 of the ’705 Patent
`Apple’s Petition:
`
`
`
`
`
`IPR2015-00811, Pet. at 48; P.O. Resp. at 38-40
`
`49 49
`
`
`
`Aventail Not Shown As a Printed Publication
`Apple’s Petition:
`
`
`IPR2015-00811, Pet. at 15; P.O. Resp. at 46-51
`
`50 50
`
`
`
`Hopen Declaration
`• The version of Aventail Extranet Center relevant here is
`AEC v3.0, which allegedly included Aventail Connect
`v3.01/2.51. It was allegedly announced in Fall of 1998.
`
`
`
`IPR2015-00811, Ex. 1023 at 2; P.O. Resp. at 48-50
`
`51 51
`
`
`
`Hopen Declaration
`
`
`
`
`
`
`
`
`
`
`
`
`IPR2015-00811, Ex. 1023 at 2-3; P.O. Resp. at 48-49
`
`52 52
`
`
`
`Chester Declaration
`
`Apple’s Petition:
`
`
`
`
`
`
`
`IPR2015-00811, Pet. at 16
`
`53 53
`
`
`
`Chester Declaration
`
`
`
`
`
`
`
`
`
`
`
`IPR2015-00811, Ex. 1002 at 3; P.O. Resp. at 50
`
`54 54
`
`
`
`Appendix
`
`
`
`Claim 1 of the ’705 Patent
`1. A method of transparently creating an encrypted communications channel
`between a client device and a target device, each device being configured to
`allow secure data communications between the client device and the target
`device over the encrypted communications channel once the encrypted
`communications channel is created, the method comprising:(1) intercepting from
`the client device a request to look up an Internet Protocol (IP) address
`corresponding to a domain name associated with the target device;
`(2) determining whether the request to look up the IP address [[transmitted]]
`intercepted in step (1) corresponds to a device that accepts an encrypted
`channel connection with the client device; and
`(3) in response to determining, in step (2), that the request to look up the IP
`address in step (2) corresponds to a device that accepts an encrypted
`communications channel connection with the client device, providing provisioning
`information required to initiate the creation of the encrypted communications
`channel between the client device and the target device such that the encrypted
`communications channel supports secure data communications transmitted
`between the two devices, the client device being a device at which a user
`accesses the encrypted communications channel.
`
`IPR2015-00810, -00811, Ex. 1001, claim 1
`
`56 56
`
`
`
`Claims 2-6 of the ’705 Patent
`2. The method of claim 1, wherein providing the provisioning information required
`to initiate the encrypted communications channel is based on a determination
`that the target device is a device with which an encrypted communications
`channel can be established when the IP address request corresponds to a target
`device identified in an network address lookup.
`
`3. The method of claim 1, wherein the domain name is a secure domain name.
`
`4. The method of claim 1, wherein the encrypted communications channel is a
`broadband connection.
`
`5. The method of claim 1, wherein the encrypted communications channel is an
`unmodulated transmission link.
`
`6. The method of claim 1, wherein the encrypted communications channel is a
`modulated transmission link.
`
`IPR2015-00810, -00811, Ex. 1001, claims 2-6
`
`57 57
`
`
`
`Claims 7-11 of the ’705 Patent
`7. The method of claim 1, wherein the encrypted communications channel
`supports at least one of the following: FDM, TDM and CDMA.
`
`8. The method of claim 1, wherein the client device is a phone.
`
`9. The method of claim 8, wherein providing the provisioning information required
`to initiate the encrypted communications channel is based on a determination
`that the target device is a device with which an encrypted communications
`channel can be established when the IP address request corresponds to a target
`device identified in an network address lookup.
`
`10. The method of claim 8, wherein the domain name is a secure domain name.
`
`11. The method of claim 8, wherein the encrypted communications channel is an
`unmodulated transmission link.
`
`IPR2015-00810, -00811, Ex. 1001, claims 7-11
`
`58 58
`
`
`
`Claims 12-17 of the ’705 Patent
`12. The method of claim 8, wherein the encrypted communications channel is a
`modulated transmission link.
`
`13. The method of claim 8, wherein the encrypted communications channel
`supports at least one of the following: FDM, TDM and CDMA.
`
`14. The method of claim 1, wherein the target device is a server.
`
`15. The method of claim 1, wherein the target device is a phone.
`
`16. The method according to claim 1, wherein intercepting the request consists of
`receiving the request to determine whether the target device accepts an
`encrypted channel connection with the client device.
`
`17. The method according to claim 1, wherein the intercepting the request occurs
`within another device that is separate from the client device.
`
`IPR2015-00810, -00811, Ex. 1001, claims 12-17
`
`59 59
`
`
`
`Claims 18-20 of the ’705 Patent
`18. The method according to claim 1, wherein the encrypted communications
`channel supports a plurality of services.
`
`19. The method according to claim 18, wherein the plurality of services
`comprises a plurality of communication protocols, a plurality of application
`programs, multiple sessions, or a combination thereof.
`
`20. The method according to claim 19, wherein the plurality of other application
`programs comprises at least one of the following: e-mail, a word processing
`program, and telephony.
`
`
`
`IPR2015-00810, -00811, Ex. 1001, claims 18-20
`
`60 60
`
`
`
`Claim 21 of the ’705 Patent
`21. A system for transparently creating an encrypted communications channel
`between a client device and a target device, each device being configured to
`allow secure data communications therebetween over an encrypted
`communications channel once the encrypted communications channel is created,
`the system including a memory storing instructions, and a server configuration
`arranged to:(1) intercept from the client device a request to look up an Internet
`Protcol (IP) address corresponding to a domain name associated with the target
`device;
`(2) determine whether the request to look up the IP address [[transmitted]]
`intercepted in step (1) corresponds to a device that accepts an encrypted
`channel connection with the client device; and
`(3) in response to determining, in step (2), that the request to look up the IP
`address corresponds to a device that accepts an encrypted communications
`channel connection with the client device, provide provisioning information
`required to initiate the creation of the encrypted communications channel
`between the client device and the target device such that the encrypted
`communications channel supports secure data communications transmitted
`between the two devices, the client device being a device at which a user
`accesses the encrypted communications channel.
`
`IPR2015-00810, -00811, Ex. 1001, claim 21
`
`61 61
`
`
`
`Claims 22-26 of the ’705 Patent
`22. A system according to claim 21, wherein the encrypted communications
`channel supports a plurality of services.
`
`23. The system according to claim 21, wherein the plurality of services comprises
`a plurality of communication protocols, a plurality of application programs,
`multiple sessions, or a combination thereof.
`
`24. The system according to claim 23, wherein the plurality of other application
`programs comprises at least one of the following: e-mail, a word processing
`program, and telephony.
`
`25. The system according to claim 21, wherein the domain name is a secure
`domain name.
`
`26. The system according to claim 21, wherein the encrypted communications
`channel is a broadband connection.
`
`IPR2015-00810, -00811, Ex. 1001, claims 22-26
`
`62 62
`
`
`
`Claims 27-32 of the ’705 Patent
`27. The system according to claim 21, wherein the encrypted communications
`channel is an unmodulated transmission link.
`
`28. The system according to claim 21, wherein the encrypted communications
`channel is a modulated transmission link.
`
`29. The system according to claim 21, wherein the encrypted communications
`channel supports at least one of the following: FDM, TDM and CDMA.
`
`30. The system according to claim 21, wherein the client device is a phone.
`
`31. The system according to claim 21, wherein the target device is a server.
`
`32. The system according to claim 21, wherein the target device is a phone.
`
`IPR2015-00810, -00811, Ex. 1001, claims 27-32
`
`63 63
`
`
`
`Claims 33-34 of the ’705 Patent
`33. The system according to claim 21, wherein intercepting the request consists
`of the system receiving the request to determine whether the target device
`accepts an encrypted channel connection with the client device.
`
`34. The system according to claim 21, wherein intercepting the request occurs
`within another device that is separate from the client device.
`
`IPR2015-00810, -00811, Ex. 1001, claims 33-34
`
`64 64
`
`
`
`Claim 1 of the ’009 Patent
`1. A network device, comprising: a storage device storing an application program
`for a secure communications service; and
`at least one processor configured to execute the application program for the
`secure communications service so as to enable the network device to:
`send a domain name service (DNS) request to look up a network address of a
`second network device based on an identifier associated with the second
`network device;
`receive, following interception of the DNS request and a determination that the
`second network device is available for the secure communications service: (1) an
`indication that the second network device is available for the secure
`communications service, (2) the requested network address of the second
`network device, and (3) provisioning information for an encrypted communication
`link;
`connect to the second network device over the encrypted communication link,
`using the received network address of the second network device and the
`provisioning information for the encrypted communication link; and
`communicate data with the second network device using the secure
`communications service via the encrypted communication link,
`the network device being a device at which a user uses the secure
`communications service to access the encrypted communication link.
`IPR2015-00812, Ex. 1003, claim 1
`
`65 65
`
`
`
`Claims 2-6 of the ’009 Patent
`2. The network device of claim 1, wherein the secure communications service
`includes an audio-video conferencing service, and the at least one processor is
`configured to execute the application program to communicate at least one of
`encrypted video data and audio data with the second network device via the
`encrypted communication link using the secure communications service.
`
`3. The network device of claim 1, wherein the secure communications service
`includes a telephony service.
`
`4. The system of claim 3, wherein the telephony service uses modulation.
`
`5. The network device of claim 4, wherein the modulation is based on one of
`frequency-division multiplexing (FDM), time-division multiplexing (TDM), or code
`division multiple access (CDMA).
`
`6. The network device of claim 1, wherein the network device is a mobile device.
`
`IPR2015-00812, Ex. 1003, claims 2-6
`
`66 66
`
`
`
`Claims 7-10 of the ’009 Patent
`7. The network device of claim 1, wherein the identifier associated with the
`second network device is a domain name.
`
`8. The network device of claim 1, wherein the encrypted communication link is
`part of a virtual private network communication link.
`
`9. The network device of claim 1, wherein the virtual private network
`communication link is based on inserting into each data packet communicated
`over the virtual private network communication link one or more data values that
`vary according to a pseudo-random sequence.
`
`10. The network device of claim 1, wherein the indication that the second
`network device is available for the secure communications service is a function of
`the result of a domain name lookup.
`
`IPR2015-00812, Ex. 1003, claims 7-10
`
`67 67
`
`
`
`Claims 11-13 of the ’009 Patent
`11. The network device of claim 1, wherein the encrypted communication link is
`an end-to-end link extending from the network device to the second network
`device.
`
`12. The network device of claim 1, wherein the interception of the DNS request
`consists of receiving the DNS request to determine that the second network
`device is available for the secure communications service.
`
`13. The network device of claim 1, wherein the interception of the DNS request
`occurs at another network device that is separate from the network device.
`
`IPR2015-00812, Ex. 1003, claims 11-13
`
`68 68
`
`
`
`Claim 14 of the ’009 Patent
`14. A method executed by a first network device for communicating with a
`second network device, the method comprising:sending a domain name service
`(DNS) request to look up a network address of a second network device based
`on an identifier associated with the second network device;
`receiving, following interception of the DNS request and a determination that the
`second network device is available for a secure communications service: (1) an
`indication that the second network device is available for the secure
`communications service, (2) the requested network address of the second
`network device, and (3) provisioning information for an encrypted communication
`link;
`connecting to the second network device over the encrypted communication link,
`using the received network address of the second network device and the
`provisioning information for the encrypted communication link; and
`communicating data with the second network device using the secure
`communications service via the encrypted communication link,
`the first network device being a device at which a user uses the secure
`communications service to access the encrypted communication link.
`
`IPR2015-00812, Ex. 1003, claim 14
`
`69 69
`
`
`
`Claims 15-19 of the ’009 Patent
`15. The method of claim 14, wherein the secure communications service
`includes a video conferencing service, and communicating includes
`communicating at least one of encrypted video data and audio data with the
`second network device via the encrypted communication link using the secure
`communications service.
`
`16. The method of claim 14, wherein the secure communications service
`includes a telephony service.
`
`17. The method of claim 14, wherein the telephony service uses modulation.
`
`18. The method of claim 17, wherein the modulation is based on one of
`frequency-division multiplexing (FDM), time-division multiplexing (TDM), or code
`division multiple access (CDMA).
`
`19. The method of claim 14, wherein the network device is a mobile device.
`
`IPR2015-00812, Ex. 1003, claims 15-19
`
`70 70
`
`
`
`Claims 20-23 of the ’009 Patent
`20. The method of claim 14, wherein the identifier associated with the second
`network device is a domain name.
`
`21. The method of claim 14, wherein the encrypted communication link is part of
`a virtual private network communication link, and communicating with the second
`network device using the secure communications service includes inserting into
`data packets communicated over the virtual private network communication link
`one or more data values that vary according to a pseudo-random sequence.
`
`22. The method of claim 14, wherein the indication that the second network
`device is available for a secure communications service is a function of a domain
`name lookup.
`
`23. The method of claim 14, wherein the encrypted communication link is an end-
`to-end link extending from the first network device to the second network device.
`
`IPR2015-00812, Ex. 1003, claims 20-23
`
`71 71
`
`
`
`Claims 24-25 of the ’009 Patent
`24. The method of claim 14, wherein the intercepting the DNS request consists of
`receiving the DNS request to determine that the second network device is
`available for the secure communications service.
`
`25. The method of claim 14, wherein the intercepting the DNS request occurs at
`another network device that is separate from the first network device.
`
`IPR2015-00812, Ex. 1003, claims 24-25
`
`72 72
`
`
`
`
`
`Case No. IPR2015-00810
`Patent No. 8,868,705
`
`CERTIFICATE OF SERVICE
`
`I hereby certify that on this 6th day of June 2016, a copy of the foregoing
`
`Patent Owner’s Demonstrative Exhibits was served electronically, pursuant to
`
`agreement, upon the following:
`
`Counsel for Apple Inc.:
`
`
`
`iprnotices@sidley.com
`Sidley Austin LLP
`1501 K Street NW
`Washington, DC 20005
`
`
`
`
`Respectfully submitted,
`
`By: /Joseph E. Palys/
`Joseph E. Palys
`Reg. No. 46,508
`Counsel for VirnetX Inc.
`
`Dated: June 6, 2016