`
`
`
`Paper No. 1
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`____________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`____________________
`
`
`APPLE INC.
`Petitioner,
`
`v.
`
`VIRNETX, INC. AND SCIENCE APPLICATION INTERNATIONAL
`CORPORATION,
`Patent Owner.
`
`Patent No. 8,868,705
`Issued: October 21, 2014
`Filed: September 13, 2012
`Inventors: Victor Larson, et al.
`Title: AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS
`USING SECURE DOMAIN NAMES
`
`____________________
`
`Inter Partes Review No. IPR2015-00811
`__________________________________________________________________
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,868,705
`
`
`
`
`
`
`

`

`
`
`I.
`
`Table of Contents
`
`Introduction .................................................................................................... 1
`A. Certification the ’705 Patent May Be Contested by Petitioner ....... 1
`B.
`Fee for Inter Partes Review (§ 42.15(a)) ........................................... 1
`C. Mandatory Notices (37 CFR § 42.8(b)) ............................................. 1
`1.
`Real Party in Interest (§ 42.8(b)(1)) ............................................ 1
`2.
`Other Proceedings (§ 42.8(b)(2)) ................................................ 2
`3.
`Lead and Backup Lead Counsel (§ 42.8(b)(3)) .......................... 2
`4.
`Service Information (§ 42.8(b)(4)) ............................................. 2
`5.
`Proof of Service (§§ 42.6(e) and 42.105(a)) ............................... 2
`
`II.
`
`Identification of Claims Being Challenged (§ 42.104(b)) ........................... 2
`
`B.
`C.
`D.
`E.
`
`III. Relevant Information Concerning the Contested Patent .......................... 3
`A. Overview of the ’705 Patent ............................................................... 3
`1.
`The ’705 Patent Specification ..................................................... 3
`2.
`Representative Claims ................................................................ 5
`Patent Owner’s Contentions About Related Patents ....................... 6
`Effective Filing Date ............................................................................ 6
`The Person of Ordinary Skill in the Art ........................................... 8
`Claim Construction ............................................................................. 8
`1.
`“intercept[ing] . . . a request” ...................................................... 9
`2.
`“domain name” ......................................................................... 10
`3.
`“secure domain name” .............................................................. 11
`4.
`“provisioning information” ....................................................... 11
`5.
`“modulated transmission link” /
`“unmodulated transmission link” .............................................. 13
`“phone” ..................................................................................... 14
`
`6.
`
`IV. Analysis of the Patentability of the ’705 Patent ........................................ 14
`A.
`Summary of Prior Art to the ‘705 Patent ....................................... 15
`ii
`
`

`

`
`
`B.
`
`1.
`
`2.
`
`3.
`
`Overview of Aventail (Ex. 1009), Aventail User’s Guide (Ex.
`1010) and Aventail Extranet Guide (Ex. 1011) ........................ 15
`a)
`Nature of the Aventail Documents ................................. 15
`b)
`Components of the Aventail scheme .............................. 17
`c)
`Incorporation of Aventail Into A Client Computer ........ 18
`d)
`Handling Requests .......................................................... 18
`e)
`Establishing a Secure Connection .................................. 20
`f)
`Using Multiple Proxies ................................................... 22
`g)
`Secure Extranet Explorer ................................................ 23
`h)
`The End-User’s Viewpoint ............................................. 24
`Overview of RFC 2401 (Ex. 1008) ........................................... 24
`2.
`Overview of RFC 2543 (Ex. 1013) ........................................... 26
`3.
`Overview of U.S. Patent Number 5,237,566 (Brand) (Ex. 1012)27
`4.
`Aventail (Ex. 1009) in View of RFC 2401 (Ex. 1008) Would Have
`Rendered Obvious Claims 1-3, 6, 14, 16-25, 28, 31, 33 and 34 ...... 27
`1.
`Aventail Describes or, with RFC 2401, Suggests Every Element
`of Independent Claims 1 and 21 ............................................... 28
`a)
`Claim Preambles ............................................................. 29
`b)
`“intercepting . . . a request to look up an [] IP address
`corresponding to a domain name associated with the
`target . . .” ....................................................................... 31
`“determining whether the request . . . corresponds to a
`device that accepts an encrypted channel connection” .. 33
`In response to step (2) “provid[ing] provisioning
`information required to initiate . . . [an] encrypted
`communications channel” ............................................... 35
`“the client device being a device at which a user accesses
`the encrypted communications channel” ........................ 38
`The Distinctions Between the Claimed Methods and Systems
`Would Have Been Obvious Based on Aventail in View of RFC
`2401 ........................................................................................... 39
`Claim 2 Would Have Been Obvious ......................................... 43
`
`c)
`
`d)
`
`e)
`
`
`
`iii
`
`

`

`
`
`4.
`Claims 3 and 25 Would Have Been Obvious ........................... 44
`Claims 6 and 28 Would Have Been Obvious ........................... 46
`5.
`Claims 14 and 31 Would Have Been Obvious ......................... 47
`6.
`Claims 16 and 33 Would Have Been Obvious ......................... 48
`7.
`Claims 17 and 34 Would Have Been Obvious ......................... 48
`8.
`Claims 18 and 22 Would Have Been Obvious ......................... 49
`9.
`10. Claims 19 and 23 Would Have Been Obvious ......................... 50
`11. Claims 20 and 24 Would Have Been Obvious ......................... 50
`C. Aventail in View of RFC 2401 in Further View of RFC 2543
`Would Have Rendered Claims 8-10, 12, 15, 30 and 32 Obvious .. 51
`1.
`Claims 8, 15, 30 and 32 Would Have Been Obvious ............... 51
`2.
`Claims 9 Would Have Been Obvious ....................................... 54
`3.
`Claim 10 Would Have Been Obvious ....................................... 55
`4.
`Claim 12 Would Have Been Obvious ....................................... 55
`D. Aventail in View of RFC 2401 in Further View of Brand Would
`Have Rendered Claims 4, 5, 7, 26, 27 and 29 Obvious .................. 55
`1.
`Claims 4 and 26 Would Have Been Obvious ........................... 55
`2.
`Claims 5 and 27 Would Have Been Obvious ........................... 56
`3.
`Claims 7 and 29 Would Have Been Obvious ........................... 57
`Aventail in View of RFC 2401 in Further View of RFC 2543 and
`Brand Would Have Rendered Claims 11 and 13 Obvious ............ 58
`1.
`Claim 11 Would Have Been Obvious ....................................... 58
`2.
`Claim 13 Would Have Been Obvious ....................................... 59
`No Secondary Considerations Exist ................................................ 59
`
`E.
`
`F.
`
`V. Conclusion .................................................................................................... 60
`
`
`
`iv
`
`

`

`Petition in IPR2015-00811
`
`I.
`
`Introduction
`A. Certification the ’705 Patent May Be Contested by Petitioner
`Petitioner certifies that U.S. Patent No. 8,868,705 (Ex. 1001) (the ’705
`
`patent) is available for inter partes review. Petitioner also certifies it is not barred
`
`or estopped from requesting inter partes review of the claims of the ’705 patent.
`
`Neither Petitioner, nor any party in privity with Petitioner, has filed a civil action
`
`challenging the validity of any claim of the ’705 patent. The ’705 patent has not
`
`been the subject of a prior inter partes review by Petitioner or a privy of Petitioner.
`
`Petitioner also certifies this petition for inter partes review is timely filed as
`
`it has never been asserted against Petitioner in litigation. Thus, because there is no
`
`patent owner’s action, this petition complies with 35 U.S.C. § 315(b). Petitioner
`
`also notes that the timing provisions of 35 U.S.C. § 311(c) and 37 C.F.R. §
`
`42.102(a) do not apply to the ’705 patent, as it pre-dates the first-to-file system.
`
`See Pub. L. 112-274 § 1(n), 126 Stat. 2456 (Jan. 14, 2013).
`
`Fee for Inter Partes Review (§ 42.15(a))
`
`B.
`The Director is authorized to charge the fee specified by 37 CFR § 42.15(a)
`
`to Deposit Account No. 50-1597.
`
`C. Mandatory Notices (37 CFR § 42.8(b))
`1.
`Real Party in Interest (§ 42.8(b)(1))
`The real party in interest of this petition pursuant to § 42.8(b)(1) is Apple
`
`Inc. (“Apple”) located at One Infinite Loop, Cupertino, CA 95014.
`
`1
`
`

`

`Petition in IPR2015-00811
`
`2. Other Proceedings (§ 42.8(b)(2))
`IPR2015-00810 filed concurrently also involves the ’705 patent. Each
`
`petition advances unique grounds and are based on different primary references.
`
`Each petition presents a unique correlation of the claims to the prior art, and
`
`warrants independent institution of trial. Petitioner respectfully requests the Board
`
`institute each petition, as each presents distinct and non-redundant grounds.
`
`Lead and Backup Lead Counsel (§ 42.8(b)(3))
`
`3.
`Lead Counsel is: Jeffrey P. Kushan (Reg. No. 43,401), jkushan@sidley.com,
`
`(202) 736-8914. Back-Up Lead Counsel are: Scott Border (pro hac to be
`
`requested), sborder@sidley.com, (202) 736-8818; and Thomas A. Broughan III
`
`(Reg. No. 66,001), tbroughan@sidley.com, (202) 736-8314.
`
`Service Information (§ 42.8(b)(4))
`
`4.
`Service on Petitioner may be made by e-mail (iprnotices@sidley.com), mail
`
`or hand delivery to: Sidley Austin LLP, 1501 K Street, N.W., Washington, D.C.
`
`20005. The fax number for lead and backup lead counsel is (202) 736-8711.
`
`Proof of Service (§§ 42.6(e) and 42.105(a))
`
`5.
`Proof of service of this petition is provided in Attachment A.
`
`II.
`
`Identification of Claims Being Challenged (§ 42.104(b))
`
`Claims 1-34 of the ’705 patent are unpatentable as obvious under 35 U.S.C.
`
`§ 103. Specifically: (i) Claims 1-3, 6, 14, 16-25, 28, 31, 33 and 34 are obvious
`
`based on Aventail Connect v3.01/v2.51 Administrator’s Guide (“Aventail”) (Ex.
`
`
`
`2
`
`

`

`Petition in IPR2015-00811
`
`1009) in view of RFC 2401, “Security Architecture for the Internet Protocol”
`
`(“RFC 2401”) (Ex. 1008); (ii) claims 8-10, 12, 15, 30 and 32 are obvious based on
`
`Aventail in view of RFC 2401 in further view of RFC 2543 “SIP: Session
`
`Initiation Protocol” (“RFC 2543”) (Ex. 1013); (iii) claims 4, 5, 7, 26, 27 and 29
`
`are obvious based on Aventail in view of RFC 2401 in further view of U.S. Patent
`
`No. 5,237,566 (Brand) (Ex. 1012); and (iv) claims 11 and 13 and obvious based on
`
`Aventail in view of RFC 2401 in further view of RFC 2543 and Brand.
`
`Attachment B lists the evidence relied upon in support of this petition.
`
`III. Relevant Information Concerning the Contested Patent
`A. Overview of the ’705 Patent
`1.
`The ’705 Patent Specification
`The ’705 patent is a member of a family of patents issued to Larson et al.,
`
`including, inter alia, U.S. Patent Nos. 6,502,135 (“ ’135 patent”), 7,188,180
`
`(“ ’180 patent”), 7,418,504 (“ ’504 patent”), 7,490,151 (“ ’151 patent”), 7,921,211
`
`(“ ’211 patent”), 7,987,274 (“ ’274 patent”), 8,051,181 (“ ’181 patent”), 8,504,697
`
`(“ ’697 patent”), and 8,850,009 (“ ’009 patent”).1
`
`The ’705 patent disclosure, like other members of this patent family, is
`
`largely focused on techniques for securely communicating over the Internet based
`
`on a protocol called the “Tunneled Agile Routing Protocol” or “TARP.” Ex. 1001
`
`
`1
`
`
`
`IPR2015-00812 and -00813 filed concurrently involve the ’009 patent.
`
`3
`
`

`

`Petition in IPR2015-00811
`
`at 3:16-19. According to the ’705 specification, TARP allows for secure and
`
`anonymous communications by using tunneling, an IP address hopping scheme
`
`where the IP addresses of the end devices and routers participating in the system
`
`can change over time, and a variety of other security techniques. Ex. 1001 at 1:35-
`
`38, 3:16-6:9. Two short sections of the ’705 specification – spanning primarily
`
`columns 39 to 42 and 49 to 53 – are directed to a different concept, namely,
`
`techniques for establishing secure communications in response to DNS requests
`
`specifying a secure destination. See Ex. 1001 at 38:62-41:53, 48:63-55:36. This
`
`material was added in a continuation-in-part application filed in February 2000. In
`
`proceedings involving related patents, Patent Owner has asserted that these short
`
`passages provide written description support for claim terms involving domain
`
`names, DNS requests, requests to look up network addresses, and DNS servers.
`
`These portions of the ’705 specification describe a “conventional DNS
`
`server” that purportedly is modified to include additional functionality that allows
`
`it to support creating virtual private networks. See Ex. 1001 at 39:58-40:19.
`
`According to the ’705 specification, the “modified DNS server” (id. at 39:62-64)
`
`receives a request to look up a network address associated with a domain name,
`
`determines whether a secure site has been requested (for example, by checking an
`
`internal table of sites), and then performs additional steps to support establishing a
`
`“virtual private network” with the secure site. See Ex. 1001 at 38:65-67, 39:41-51,
`
`
`
`4
`
`

`

`Petition in IPR2015-00811
`
`40:1-19, 40:59-41:9, 51:29-35. This process can include conventional devices
`
`such as personal computers running web browsers, proxy servers, intermediate
`
`routers, and web servers. Ex. 1001 at 39:58-67, 49:10-20, 52:20-26.
`
`The ’705 specification describes several optional features of this system,
`
`such as using “IP hopblocks” to create a VPN or incorporating user authentication.
`
`Ex. 1001 at 39:47-51, 39:56-57, 41:2-9, 51:43-56. It also describes several
`
`optional configurations of the “modified DNS system,” including a standalone
`
`DNS server and a system incorporating a DNS server, a DNS proxy server, and a
`
`gatekeeper. Ex. 1001 at 40:30-42.
`
`Representative Claims
`
`2.
`Independent claims 1 and 21 of the ’705 patent define a method and a
`
`system, respectively, but recite the same operative steps. See Ex. 1001 at 55:43-
`
`67, 56:58-57:15. Claim 1 is representative, specifying a method of creating an
`
`encrypted communications channel between a client device and a target device by:
`
`(1) intercepting a request from the client device to look up an Internet Protocol (IP)
`
`address corresponding to a domain name associated with the target device; (2)
`
`determining whether the request corresponds to a device that accepts an encrypted
`
`channel connection with the client device; and (3) in response to the determination
`
`in step (2), providing provisioning information required to initiate the creation of
`
`the encrypted communications channel between the client device and the target
`
`
`
`5
`
`

`

`Petition in IPR2015-00811
`
`device, the client device being a device at which a user accesses the encrypted
`
`communications channel.
`
`Patent Owner’s Contentions About Related Patents
`
`B.
`Patent Owner has asserted varying sets of claims of its patents in this family
`
`against Petitioner and other entities in numerous lawsuits. In August of 2010,
`
`Patent Owner sued Petitioner and five other entities (the “2010 Litigation”)
`
`asserting claims from the ’135, ’151, ’504, and ’211 patents. In November 2011,
`
`Patent Owner filed a lawsuit accusing Petitioner of infringing claims of the ’181
`
`patent. In December 2012, Patent Owner served a new complaint on Petitioner
`
`asserting infringement of numerous claims of the ’135, ’151, ’504, and ’211
`
`patents (the “2012 Litigation”). In August 2013, Patent Owner served an amended
`
`complaint adding the ’697 patent to the 2012 Litigation. Patent Owner also
`
`asserted patents from this family against Microsoft and others in separate lawsuits
`
`filed in February 2007, March 2010, and April 2013, and against numerous other
`
`defendants in actions filed in 2010 and 2011.
`
`C. Effective Filing Date
`The ’705 patent issued from U.S. Appl. No. 13/615,557 (“the ’557
`
`application”). The ’557 application claims the benefit as a continuation of the
`
`following applications: 13/049,552 (issued as U.S. Patent No. 8,572,247);
`
`11/840,560 (issued as the ’211 patent); 10/714,849 (issued as the ’504 patent); and
`
`
`
`6
`
`

`

`Petition in IPR2015-00811
`
`09/558,210, filed April 26, 2000, and now abandoned. It also is designated a
`
`continuation-in-part of 09/504,783, filed on February 15, 2000 (“the ’783
`
`application”), which is a continuation-in-part of 09/429,643, filed on October 29,
`
`1999. The ’210, ’783 and ’643 applications also claim priority to 60/106,261, filed
`
`October 30, 1998 and 60/137,704, filed June 7, 1998.
`
`Claims 1 and 21 of the ’705 patent are independent claims. Claims 2-20
`
`depend directly or indirectly from claim 1, and claims 22-34 depend directly or
`
`indirectly from claim 21. Claims 2-20 and 22-34 cannot enjoy an effective filing
`
`date earlier than that of claims 1 and 21, respectively, from which they depend.
`
`Claims 1 and 21 of the ’705 patent rely on information found only in the
`
`’783 application. For example, claim 1 of the ’705 patent specifies “intercepting
`
`… a request to look up an Internet Protocol (IP) address corresponding to a
`
`domain name ….” (emphasis added). Claim 21 specifies “[a] system … including
`
`… a server configuration arranged to: intercept … a request to look up an Internet
`
`Protocol (IP) address corresponding to a domain name … .” (emphasis added).
`
`No application filed prior to the ’783 application mentions the term “domain
`
`name,” much less provide a written description of systems or processes
`
`corresponding to the ’705 patent claims. In proceedings involving the related ’135,
`
`’504, ’151, ’211, ’274 and ’697 patents, Patent Owner has not disputed that claims
`
`reciting a “domain name” are not entitled to an effective filing date prior to
`
`
`
`7
`
`

`

`Petition in IPR2015-00811
`
`February 15, 2000. See, e.g., Patent Owner Preliminary Oppositions in IPR2013-
`
`00348, -00349, -00354, -00375 to -00378, -00393, -00394, -00397, and -00398, as
`
`well as IPR2014-00237, -00238, -00403, -00404, and -00610; see also Inter Partes
`
`Reexamination Nos. 95/001,682, 95/001,679, 95/001,697, 95/001,714, 95/001,788,
`
`and 95/001,789. Accordingly, the effective filing date of the ’705 patent claims is
`
`no earlier than February 15, 2000.
`
`D. The Person of Ordinary Skill in the Art
`A person of ordinary skill in the art in the field of the ’705 patent would
`
`have been someone with a good working knowledge of networking protocols,
`
`including those employing security techniques, as well as computer systems that
`
`support these protocols and techniques. The person also would be very familiar
`
`with Internet standards related to communications and security, and with a variety
`
`of client-server systems and technologies. The person would have gained this
`
`knowledge either through education and training, several years of practical
`
`working experience, or through a combination of these. Ex. 1005 ¶ 110.
`
`E. Claim Construction
`In this proceeding, claims must be given their broadest reasonable
`
`construction in light of the specification. 37 CFR § 42.100(b). The ’705 patent
`
`shares a common disclosure and uses several of the same terms as the ’697, ’274,
`
`’180, ’151, ’504, and ’211 patents with respect to which Patent Owner has
`
`
`
`8
`
`

`

`Petition in IPR2015-00811
`
`advanced constructions. If Patent Owner contends terms in the claims should be
`
`read as having a special meaning, those contentions should be disregarded unless
`
`Patent Owner also amends the claims compliant with 35 U.S.C. § 112 to make
`
`them expressly correspond to those contentions. See 77 Fed. Reg. 48764 at II.B.6
`
`(August 14, 2012); cf. In re Youman, 679 F.3d 1335, 1343 (Fed. Cir. 2012). In the
`
`constructions below, Petitioner identifies representative subject matter within the
`
`scope of the claims, read with their broadest reasonable interpretation. Petitioner
`
`expressly reserves its right to advance different constructions in any district court
`
`litigation, which employs a different claim construction standard.
`
`1.
`“intercept[ing] . . . a request”
`Each independent claim recites the term “intercept[ing] . . . a request.” In a
`
`related proceeding involving the ’697 patent, the Board interpreted the term
`
`“intercepting” as including “receiving a request pertaining to a first entity at
`
`another entity.” IPR2014-00237, Paper 15 at 13 (May 14, 2014). The Board
`
`further explained that “intercepting” a request involves “receiving and acting on” a
`
`request, the request being “intended for” receipt at a destination other than the
`
`destination at which the request is intercepted. Id. at 12. The Board’s construction
`
`is consistent with the ’705 patent specification. Ex. 1005 at ¶ 67.
`
`The ’705 patent does not expressly define the phrase “intercepting . . . a
`
`request,” but uses the term “intercepting” as meaning receiving a request at a
`
`
`
`9
`
`

`

`Petition in IPR2015-00811
`
`device other than the device specified in the request. Ex. 1005 at ¶ 68. For
`
`example, the specification explains that a DNS proxy 2610 “intercepts” all DNS
`
`lookup functions to examine whether access to a secure site has been requested.
`
`Ex. 1001 at 40:1-7, Figs. 26 & 27. The specification also shows the requests are
`
`routed to the DNS proxy instead of a DNS server 2609, which ordinarily would
`
`receive and resolve the domain name in the request. Id. at 39:1-3. Because the
`
`DNS proxy and DNS server as described as separate entities, the ’705 patent uses
`
`the term “intercept” as meaning receipt of a message by a proxy server instead of
`
`the intended destination. Accordingly, the broadest reasonable interpretation of the
`
`term “intercepting . . . a request” includes “receiving a request pertaining to a first
`
`entity at another entity.” Ex. 1005 at ¶ 69.
`
`2.
`“domain name”
`Each independent claim recites a “domain name.” The ’705 patent does not
`
`define “domain name.” A “domain name” would be understood by a person of
`
`ordinary skill to be a hierarchical sequence of words in decreasing order of
`
`specificity that corresponds to a numerical IP address. Ex. 1005 at ¶ 70. A more
`
`general description of “domain name” has been advanced by Patent Owner in other
`
`proceedings; namely, “a name corresponding to an IP address.” See, e.g., Ex. 1042
`
`at 14-15. Both definitions are reasonable; thus the broadest reasonable
`
`interpretation of “domain name” is “a name corresponding to an IP address.”
`
`
`
`10
`
`

`

`Petition in IPR2015-00811
`
`Ex. 1005 at ¶ 70.
`
`3.
`“secure domain name”
`Dependent claims 3 and 10 recite the term “secure domain name,” and
`
`specify a “secure domain name” is a type of “domain name.” In a related
`
`proceeding involving the ’180 patent, the Board found “a ‘secure domain name’ is
`
`a name that corresponds to a secure computer network address.” IPR2015-00481,
`
`Paper 11 at 8 (Sept. 3, 2014). This is consistent with the ’705 patent disclosure.
`
`For example, the specification describes a “secure domain name” as a
`
`domain name that corresponds to the secure network address of a secure server
`
`3320. See Ex. 1001 at 51:6-42. The ’705 patent also describes evaluating domain
`
`names in DNS requests to determine whether access to a secure site has been
`
`requested. Id. at 40:1-7. The disclosure also explains that “[e]ach secure computer
`
`network address is based on a non-standard top-level domain name, such as .scom,
`
`.sorg, .snet, .sedu, .smil and .sint.” Id. at 7:39-42. Accordingly, the broadest
`
`reasonable interpretation of the term “secure domain name” would be “a name
`
`that corresponds to a secure computer network address.” Ex. 1005 at ¶ 73.
`
`4.
`“provisioning information”
`Each independent claim recites the term “provisioning information.” The
`
`’705 patent does not define “provisioning information.” The only discussion in
`
`specification concerning “provisioning” states that “VPN gatekeeper 3314
`
`
`
`11
`
`

`

`Petition in IPR2015-00811
`
`provisions computer 3301 and secure web server computer 3320, or a secure edge
`
`router for server computer 3320, thereby creating the VPN.” Ex. 1001 at 51:32-35
`
`(emphasis added). The ’705 specification also explains that, after a DNS proxy
`
`determines that access a secure site has been requested, it transmits a message to a
`
`gatekeeper requesting creation of a “virtual private network.” Id. at 40:7-10,
`
`40:66-41:2. The gatekeeper returns a resolved IP address and IP address
`
`“hopblocks” to be used by the client computer and the target site to communicate
`
`securely. Id. at 40:9-19; see also Ex. 1005 at ¶ 74.
`
`In IPR2014-00481 involving the ’180 patent, whose claims recite
`
`provisioning information for a “virtual private network” rather than “encrypted
`
`communications channel,” the Board interpreted “provisioning information” as
`
`“information that is provided to enable or to aid in establishing communications to
`
`occur in the VPN.” Paper 11 at 11 (Sept. 3, 2014). The ’705 patent disclosure
`
`only describes use of DNS systems to establish VPN connections between devices,
`
`and it does not describe creating encrypted channels that are isolated from a VPN.
`
`See Ex. 1001 at 38:65-67, 50:53-56, 51:31-35, Fig. 37. Examples of “provisioning
`
`information” in the ’705 patent includes IP address hopblocks or other data that
`
`enables or aids in establishing communications in a VPN where the VPN uses
`
`encryption. Ex. 1001 at 40:7-19; Ex. 1005 at ¶ 75. Therefore, the broadest
`
`reasonable interpretation of the term “provisioning information” in the context of
`
`
`
`12
`
`

`

`Petition in IPR2015-00811
`
`the ’705 claims is “information that enables communication in a virtual private
`
`network, where the virtual private network uses encryption.” Ex. 1005 at ¶ 76.
`
`5.
`
`“modulated transmission link” /
`“unmodulated transmission link”
`Dependent claims 5, 11 and 27 recite the term “unmodulated transmission
`
`link.” Dependent claims 6, 12 and 28 recite the term “modulated transmission
`
`link.” Neither term is defined in the ’705 patent. In IPR2014-00237 involving the
`
`related ’697 patent, the Board interpreted “modulation” to include “the process of
`
`encoding data for transmission over a medium by varying a carrier signal.” Paper
`
`15 at 14 (May 14, 2014). This is consistent with the ’705 patent and the
`
`understanding of a person of ordinary skill in the art. Ex. 1005 at ¶¶ 78-79. For
`
`example, the specification explains that transmission paths may comprise
`
`“logically separate paths contained within a broadband communication medium
`
`(e.g., separate channels in an FDM, TDM, CDMA, or other type of modulated or
`
`unmodulated transmission link).” Ex. 1001 at 34:49-55.
`
`A person of skill would understand “unmodulated” and “modulated” to refer
`
`to whether data is encoded for transmission over a physical medium by varying or
`
`“modulating” a carrier signal. Ex. 1005 at ¶ 80. Any data transmitted via a
`
`modem (i.e., a “modulator-demodulator” device) is modulated. Id. Similarly, any
`
`data transmitted via a cellular network is modulated. Id. Conversely, any data
`
`transmitted via a baseband network is unmodulated. Id. Therefore, the broadest
`
`
`
`13
`
`

`

`Petition in IPR2015-00811
`
`reasonable interpretation of “modulated transmission link” is “a communication
`
`medium for transmitting data that is encoded by varying a carrier signal.”
`
`Ex. 1005 at ¶ 81. The broadest reasonable interpretation of “unmodulated
`
`transmission link” is “a communication medium for transmitting data that is not
`
`encoded by varying a carrier signal.” Id.
`
`6.
`“phone”
`Dependent claims 8, 15, 30, and 32 recite the term “phone.” The ’705
`
`patent does not define or use the term “phone” but states that “telephony” is an
`
`example of an “application program[]” that may be executed on a “computer
`
`node[].” Ex. 1001 at 21:21-28. “Phone” in the context of the ’705 patent
`
`disclosure therefore encompasses a device or component that can provide
`
`telephony functionality. This is consistent with the ordinary meaning of “phone.”
`
`Ex. 1005 at ¶ 82. The broadest reasonable interpretation of “phone” is therefore “a
`
`device or component that can provide telephony functionality.” Ex. 1005 at ¶ 83.
`
`IV. Analysis of the Patentability of the ’705 Patent
`The ’705 patent has two independent claims (claims 1 and 21), each of
`
`which specifies the same operative limitations. See § III.A.2. Claim 1 is
`
`representative, and defines a process for establishing an encrypted communications
`
`channel between a client device and a target device in response to a request to look
`
`up an Internet Protocol (IP) address.
`
`
`
`14
`
`

`

`Petition in IPR2015-00811
`
`Summary of Prior Art to the ‘705 Patent
`
`A.
`Well before 2000, there was an extensive amount of literature and other
`
`prior art describing techniques for establishing secure communication links,
`
`including VPNs. A person of ordinary skill would have been familiar with this
`
`prior art, and would have found it to render obvious the claimed methods for the
`
`reasons set forth below in §§ IV.B - IV.E. A brief overview of the prior art and
`
`what it taught the person of ordinary skill is provided in this section.
`
`1. Overview of Aventail (Ex. 1009), Aventail User’s Guide (Ex.
`1010) and Aventail Extranet Guide (Ex. 1011)
`a)
`The Aventail Connect v3.01/v2.51 Administrator’s Guide (Ex. 1009,
`
`Nature of the Aventail Documents
`
`“Aventail”), Aventail Connect v3.01/v2.51 User’s Guide (Ex. 1010, “Aventail
`
`User’s Guide”), and Aventail ExtraNet Center v3.0 Administrator’s Guide (Ex.
`
`1011, “Aventail Extranet Guide”) are documentation for software (version 3.0 of a
`
`product called Aventail Extranet Center) that were distributed together. Aventail is
`
`a printed publication that was distributed to the public without restriction no later
`
`than January 31, 1999. Enclosed with this request are declarations under 37 CFR §
`
`1.32 from three individuals having personal knowledge that Aventail was publicly
`
`distributed no later than January 31, 1999. The declarations were previously filed
`
`in inter partes reexamination 95/001682. In Exhibit 1023, Christopher Hopen,
`
`formerly of Aventail Corporation, explains that Aventail was distributed with
`
`
`
`15
`
`

`

`Petition in IPR2015-00811
`
`Aventail Extranet Center v3.0, which was announced in August of 1998, and
`
`shipped to customers between December 1998 and January of 1999. He further
`
`explains that Aventail was shipped with the installation discs for the Aventail
`
`Extranet Server v3.0 and Aventail Connect v3.01 software products. In Exhibit
`
`1043, Michael Fratto, Editor of Network World, testifies that he received Aventail
`
`no later than the end of October of 1998. In Exhibit 1022, James Chester, formerly
`
`of IBM, testifies that he received Aventail no later than the end of December of
`
`1998, and subsequently distributed this document to customers and IBM
`
`employees in connection with deployment of VPN solutions to these entities and
`
`individuals in mid-January of 1999. In view of this evidence, the publication date
`
`of Aventail is no later than January 31, 1999, and, accordingly, Aventail is prior art
`
`to the claims of the ’705 patent under 35 U.S.C. § 102(b). An summary of the
`
`scheme disclosed by Aventail can be found in Ex. 1005 ¶¶ 160-273.
`
`Aventail describes the configuration and operation of client and server
`
`components of the Aventail VPN system. See, e.g., Ex. 1005 at ¶¶ 142-45. The
`
`documents cross-reference each other, which is logical as they are describing two
`
`components of a single system that are designed to work together (i.e., the Aventail
`
`Connect client running on the client computer, and the Aventail Extranet Server
`
`running on a server computer). See, e.g., Ex. 1009 at 3, 5, 6, 11, 14, 19, 36-40, 44,
`
`46, 48, 50, 52, 55-56, 57, 61-71, 76-77, 79-83, 92-94, 96, 99, 107-109. Given the
`
`
`
`16
`
`

`

`Petition in IPR2015-00811
`
`close interrelationship between the documents, the fact that were distributed
`
`together i