IPR2015-00811
`
`
`
`Paper No. 29
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________________
`
`
`
`APPLE INC.,
`Petitioner
`
`v.
`
`VIRNETX INC.,
`Patent Owner.
`___________________
`
`Case IPR2015-00811
`Patent 8,868,705
`____________________
`
`
`Before KARL D. EASTHOM, JENNIFER S. BISK, and
`GREGG I. ANDERSON, Administrative Patent Judges.
`
`__________________________________________________________________
`
`
`
`PETITIONER’S REPLY
`
`
`
`
`
`
`

`
`IPR2015-00811
`
`Petitioner’s Reply (Paper 29)
`
`Table of Contents
`
`I.
`
`Introduction .................................................................................................... i
`
`II. Claim Construction ....................................................................................... 1
`
`A.
`
`The Reexamination Prosecution Histories and Specification Do
`Not Contain the Alleged Disclaimers of Claim Scope ...................... 1
`
`B.
`
`The Board Should Maintain Its Claim Constructions ..................... 2
`
`1.
`
`2.
`
`3.
`
`4.
`
`“Secure Domain Name” ................................................................ 2
`
`“Encrypted Communications Channel” ........................................ 3
`
`“Provisioning Information” .......................................................... 4
`
`“Intercepting” ................................................................................ 4
`
`III. Obviousness Over Aventail in view of RFC 2401 ....................................... 4
`
`A. Aventail and RFC 2401 Teach Claim 1 and 21’s “Determining
`Whether the Request to Look Up the IP Address [Intercepted] in
`Step (1) . . . Corresponds to a Device that Accepts an Encrypted
`Channel Connection” Step ................................................................. 4
`
`1. Patent Owner’s Analysis of the “Determining” Step Addresses
`the Wrong “Intercept[ions]” ................................................................. 5
`
`2. Patent Owner Ignores the Plain Language of the Claims, the
`Evidence, and the Combination with RFC 2401 .................................. 8
`
`3. Patent Owner’s Analysis Ignores the Aventail Configuration
`Described in the Petition ...................................................................... 9
`
`B.
`
`Aventail and RFC 2401 Teach Claim 1 and 21’s “Encrypted
`Communications Channel Between the Client Device and the
`Target Device” ................................................................................... 10
`
`C. Aventail and RFC 2401 Teach Claim 1 and 21’s “In Response to
`Determining . . . Providing Provisioning Information” ................. 12
`
`D. Aventail and RFC 2401 Renders Claims 2, 16, and 33 Obvious. .. 14
`
`ii
`
`

`
`IPR2015-00811
`
`Petitioner’s Reply (Paper 29)
`
`E.
`
`F.
`
`Aventail and RFC 2401 Renders Claims 3 and 25 Obvious. ......... 15
`
`Aventail in view of RFC 2401 Renders Claims 17 and 34 Obvious.
` ............................................................................................................. 16
`
`G. Not-Separately Argued Claims and Grounds ................................ 17
`
`IV. Dr. Tamassia’s Testimony Is Probative ..................................................... 18
`
`V. Aventail and the RFC References Are Conclusively Prior Art .............. 20
`
`VI. Conclusion .................................................................................................... 25
`
`
`
`iii
`
`
`
`

`
`IPR2015-00811
`
`Petitioner’s Reply (Paper 29)
`
`TABLE OF AUTHORITIES
`
`
`CASES
`Arthrocare Corp. v. Smith & Nephew, Inc.,
`406 F.3d 1365 (Fed. Cir. 2005) .................................................................... 10, 12
`
`Page(s)
`
`Belden Inc. v. Berk-Tek LLC,
`805 F.3d 1064 (Fed. Cir. 2015) .................................................................... 19, 20
`
`Brand v. Miller,
`487 F.3d 862 (Fed. Cir. 2007) .................................................................. 1, 17, 19
`
`Deere & Co. v. Bush Hog, LLC,
`703 F.3d 1349 (Fed. Cir. 2012) .......................................................................... 17
`
`Interactive Gift Express, Inc. v. Compuserve Inc.,
`256 F.3d 1323 (Fed. Cir. 2001) .......................................................................... 16
`
`Kyocera Wireless Corp. v. Int'l Trade Comm’n,
`545 F.3d 1340 (2008) .......................................................................................... 21
`
`Ohio Willow Wood Co. v. Alps S., LLC,
`735 F.3d 1333 (Fed. Cir. 2013) .......................................................................... 21
`
`Poole ex rel. Elliott v. Textron, Inc.,
`192 F.R.D. 494 (D. Md. 2000) ........................................................................... 25
`
`Schumer v. Lab. Computer Sys., Inc.,
`308 F.3d 134 (Fed. Cir 2002) ............................................................................. 18
`
`Sundance, Inc. v. Demonte Fabricating Ltd,
`550 F.3d 1356 (Fed. Cir. 2008) .......................................................................... 18
`
`Tempo Lighting Inc. v. Tivoli, LLC,
`742 F.3d 973 (Fed. Cir. 2014) .......................................................................... 1, 2
`
`Titanium Metals Corp. of America v. Banner,
`778 F.2d 775 (Fed. Cir. 1985) ............................................................................ 20
`
`U.S. v. Taylor,
`166 F.R.D. 356 (M.D.N.C.) aff'd, 166 F.R.D. 367 (M.D.N.C. 1996) ................ 25
`
`iv
`
`

`
`IPR2015-00811
`
`Petitioner’s Reply (Paper 29)
`
`Ultratec, Inc. v. Sorenson Commc'ns, Inc.,
`No. 13-CV-346, 2014 WL 4829173 (W.D. Wis. Sept. 29, 2014) ...................... 25
`
`Vivid Techs., Inc. v. Am. Sci. & Eng’g, Inc.,
`200 F.3d 795 (Fed. Cir. 1999) .......................................................................... 3, 4
`
`Guangdong Xinbao Elec. Appliances Holdings v. Adrian Rivera,
`IPR2014-00042, Paper 50 at 22-23 (Feb. 6, 2015) ............................................ 24
`
`LG Display Co., Ltd, v. Innovative Display Techs. LLC, IPR2014-
`01362, Paper 32 at 15-16 (Feb. 8, 2016) ........................................................... 25
`
`
`
`STATUTES
`
`35 U.S.C. § 6 ............................................................................................................ 20
`
`35 U.S.C. § 102(a) ................................................................................................... 20
`
`OTHER AUTHORITIES
`
`37 C.F.R. § 42.65(a) ................................................................................................. 20
`
`Fed. R. Evid. 702 ..................................................................................................... 18
`
`
`
`
`
`v
`
`

`
`IPR2015-00811
`
`I.
`
`Introduction
`
`Petitioner’s Reply (Paper 29)
`
`The Board correctly found claims 1-3, 6, 14, 16-25, 28, 31, and 33-34 would
`
`have been obvious over Aventail and RFC 2401. Paper 8 (“Dec.”) at 12-21. It also
`
`correctly found Aventail, RFC 2401, and RFC 2543 to render claims 8-10, 12, 15,
`
`30, and 32 obvious, id. at 21-22, Aventail, RFC 2401, and Brand to render claims
`
`4, 5, 7, 26, 27, and 29 obvious, id. at 23, and Aventail, RFC 2401, RFC 2543 and
`
`Brand to render claims 11 and 13 obvious. These initial findings are supported by
`
`more than substantial evidence and should be maintained.
`
`II. Claim Construction
`
`Patent Owner initially challenges the Board’s use of the broadest reasonable
`
`interpretation standard (“BRI”) because its ability to amend the claims is “severely
`
`restricted,” Patent Owner Response, Paper 25 (“Resp.”) at 2, though it never
`
`sought to amend its claims. Patent Owner’s challenge to BRI is instead a
`
`transparent attempt to import unclaimed limitations into its claims.
`
`A. The Reexamination Prosecution Histories and Specification Do
`Not Contain the Alleged Disclaimers of Claim Scope
`
`For several claim terms, Patent Owner contends prosecution disclaimers
`
`limit those terms’ scope, Resp. at 5-7, but fails to establish the requirements for an
`
`effective disclaimer. The putative disclaimers are based on statements made during
`
`reexamination proceedings—some still pending—and none was accompanied by a
`
`claim amendment. Under Tempo Lighting Inc. v. Tivoli, LLC, 742 F.3d 973 (Fed.
`
`
`
`

`
`IPR2015-00811
`
`Petitioner’s Reply (Paper 29)
`
`Cir. 2014), this means these statements have no disclaiming effect before the PTO.
`
`Id. at 978 (“no obligation to accept a claim construction proffered as a prosecution
`
`history disclaimer.”). The Tempo Court affirmed the Board’s finding of a
`
`disclaimer, but only because it was in conjunction with claim amendments made
`
`during the original examination of the patent. Id. at 977. Tempo thus confirms the
`
`irrelevance of such statements, particularly one made during reexamination,
`
`without being accompanied by a claim amendment. Id. Relying on Tempo, the
`
`Board previously found (in a Final Written Decision) that Patent Owner did not
`
`disclaim claim scope. IPR2014-00481, Paper 35 at 10 (Aug. 24, 2015) (“Patent
`
`Owner cannot now rely on any alleged claim disavowals after it characterized them
`
`[in district court] as unclear.”).
`
`B.
`
`The Board Should Maintain Its Claim Constructions
`
`1.
`
`“Secure Domain Name”
`
`In a Final Written Decision involving a related patent, the Board construed
`
`“secure domain name” to mean “a name that corresponds to a secure computer
`
`network address.” IPR2015-00481, Paper 35 at 13-14 (Aug. 24, 2015). It rejected
`
`the same construction Patent Owner proposes here, explaining Patent Owner did
`
`not “demonstrate[] that the Specification requires a secure domain name to be
`
`‘non-standard’ and fails to explain what the term ‘non-standard’ means,” and noted
`
`that Patent Owner conceded in district court that “the ‘non-standard’ distinction ‘is
`
`2
`
`

`
`IPR2015-00811
`
`Petitioner’s Reply (Paper 29)
`
`not supported by the specification or the prosecution history.” Id. at 13. Patent
`
`Owner provides no basis for the Board to depart from its previous, correct finding.
`
`2.
`
`“Encrypted Communications Channel”
`
`Patent Owner asserts that an “encrypted communications channel” should
`
`be construed to mean “a direct communications channel that is encrypted.” Resp.
`
`at 8-10. The improper additional limitation Patent Owner seeks—that the
`
`encrypted communications channel be “direct”—has previously been rejected by
`
`the Board as unsupported by the prosecution history and Patent Owner’s own
`
`statements, see IPR2014-00481, Paper 35 at 10, or because it was not necessary to
`
`resolve the case, see IPR2014-00482, Paper 34 at 4.
`
`Nothing in the ’705 patent requires “direct” communication. Instead, the
`
`’705 specification describes secure communication links that traverse firewalls,
`
`edge routers, and proxies between end devices in a connection. Ex. 1001 at 33:42-
`
`35:6, 49:10-14, 53:9-50, 55:25-37. Nevertheless, as explained below, the Aventail
`
`reference itself describes its network connection as “direct.” Consistent with its
`
`previous finding, the Board should not read a nebulous “direct” limitation into the
`
`claims in these proceedings, so no further construction of “encrypted
`
`communications channel” is necessary. Vivid Techs., Inc. v. Am. Sci. & Eng’g,
`
`Inc., 200 F.3d 795, 803 (Fed. Cir. 1999) (claim terms need only be construed to the
`
`extent necessary to resolve the case).
`
`3
`
`

`
`IPR2015-00811
`
`Petitioner’s Reply (Paper 29)
`
`3.
`
`“Provisioning Information”
`
`The Board construed “provisioning information” to be “information that is
`
`provided to enable or aid in establishing a secure communications channel,”
`
`Dec. at 9, which essentially is identical to the construction it previously adopted in
`
`related IPR2014-00481, Paper 11 at 10-11. The Board’s construction is correct and
`
`Patent Owner offers no basis to depart from it aside from asserting it is
`
`“unreasonably broad,” Resp. at 11. But the Board need not address that assertion
`
`because, as explained below, Aventail and RFC 2401 still satisfy those
`
`constructions under any proposed interpretation.
`
`4.
`
`“Intercepting”
`
`In a Final Written Decision involving a related patent, the Board interpreted
`
`the phrase “intercepting” to mean “receiving a request pertaining to a first entity
`
`at another entity.” IPR2015-00237, Paper 41 at 10-12. Although Patent Owner
`
`challenges the Board’s construction, Resp. at 13-15, Patent Owner neither disputes
`
`that Aventail and RFC 2401 teach that term nor that Aventail and RFC 2401
`
`satisfy the claimed step that encompasses the term, so its construction is not
`
`relevant to this proceeding. Vivid Techs., Inc., 200 F.3d at 803.
`
`III. Obviousness Over Aventail in view of RFC 2401
`
`A.
`
`Aventail and RFC 2401 Teach Claim 1 and 21’s “Determining
`Whether the Request to Look Up the IP Address [Intercepted] in
`Step (1) . . . Corresponds to a Device that Accepts an Encrypted
`Channel Connection” Step
`
`4
`
`

`
`IPR2015-00811
`
`Petitioner’s Reply (Paper 29)
`
`The Board correctly determined that Aventail and RFC 2401 likely disclose
`
`“determining whether the request to look up the IP address [intercepted]1 in Step
`
`(1) . . . corresponds to a device that accepts an encrypted channel connection.”
`
`Dec. at 16-19, 21; see also Pet. at 33-34; Ex. 1005 at ¶ 237. In response, Patent
`
`Owner challenges that finding on three bases: (1) “a domain name is never
`
`specified in the connection request,” i.e., the “alleged ‘intercepted DNS
`
`request,’” Resp. at 17-20, (2) Aventail alone does not disclose a remote host that
`
`“accepts an encrypted connection,” id. at 20-21, and (3) determining whether a
`
`hostname “matches a redirection rule for a destination” is not the same as the
`
`claimed “determination,” id. at 21-23. Each argument lacks merit.
`
`1.
`
`Patent Owner’s Analysis of the “Determining” Step
`Addresses the Wrong “Intercept[ions]”
`
`Rather than address the Board’s initial findings, the Petition, or Dr.
`
`Tamassia’s Declaration, Patent Owner instead misconstrues two lines2 from Dr.
`
`
`1 Patent Owner asserts claims 1 and 21 of the ’705 patent incorrectly include the
`
`word “transmitted” instead of “intercepted,” Prelim. Resp. at 29, n.3; Order, Paper
`
`24 at 2-3. Patent Owner was authorized to request a certificate of correction after
`
`stipulating that the change was not of patentable significance. Id.
`
`2 Patent Owner appears to assert Petitioner and its expert changed their position
`
`based on the Dr. Tamassia’s statement that : “G is the beginning of step 2. Step 2
`
`5
`
`

`
`IPR2015-00811
`
`Petitioner’s Reply (Paper 29)
`
`Tamassia’s two-hundred and forty-nine page deposition and attacks an argument
`
`that no one has made. Resp. at 17-20. It seizes on Dr. Tamassia’s use of the phrase
`
`“connection request” —a term used in Aventail but not the ’705 claims—to
`
`suggest that he somehow altered what part of Aventail the Petition identifies as the
`
`claimed intercepted “request to look up an [] IP address.” Id.
`
`But Aventail uses the term “connection request” to refer to the broader
`
`process of requesting and establishing a connection that encompasses requests for a
`
`plurality of services (e.g., DNS queries, TCP/IP handshakes), and includes the
`
`initial request by the application on the client computer which occurs before
`
`checking redirection rules, Ex. 1009 at 10 (“When Aventail Connect LSP receives
`
`a connection request, it determines whether or not the connection request needs to
`
`be redirected . . . ). Patent Owner never contested that Aventail makes a
`
`“determination” on this “intercept[ed]” request. Instead, it only discusses the
`
`subsequent request by the application after checking redirection rules. Ex. 1009 at
`
`11 (step 2a); see also Ex. 2015 at 191:21-24 (Dr. Tamassia: “[S]tep 2 identifies a
`
`general connection request that encompasses a plurality of services, while a DNS
`
`request is a request for a unique specific service.”) (emphasis added).
`
`Patent Owner notes that the “determin[ation]” of Step 2 of claims 1 and 21 is
`
`consists of various actions.” Ex. 2015 at 234:8-9. Nothing in this statement
`
`suggests that Dr. Tamassia has modified his opinion. See Ex. 1005 at ¶¶ 219-220.
`
`6
`
`

`
`IPR2015-00811
`
`Petitioner’s Reply (Paper 29)
`
`based on the same “request to look up an []IP address” that is intercepted in Step
`
`(1). Resp. at 38. But it fails to address the two instances in Aventail where the
`
`determination is based on the intercepted “request[s] to look up an []IP address”
`
`that were identified by Petitioner and relied on by the Board. Thus, Patent Owner
`
`never disputes the Board’s findings on this claim element. Dec. at 15-16.
`
`The first “intercept[ion]” in Aventail follows an application’s initial request
`
`to connect to a remote host. Pet. at 31-32; Ex. 1009 at 9-11; Ex. 1005 at ¶¶ 209-20.
`
`Aventail explains the application on the client device executes “a DNS lookup to
`
`convert the hostname” in the request into “an IP address.” Id. This “domain name
`
`conversion request” is “intercepted” by the Aventail Connect software on the client
`
`device. Dec. at 15; Ex. 1005 at ¶¶ 219-220.
`
`Aventail also discloses a second “intercept[ion],” as the Board found,
`
`through the technique of proxying that same “request” to the Aventail Extranet
`
`Server, which receives the request and resolves the hostname into an IP address.
`
`Dec. at 32; Pet at. 32; Ex. 1009 at 12, 61. Patent Owner does not dispute either of
`
`these findings that Aventail discloses the claimed “intercepting.” Dec. at 15-16.
`
`Dr. Monrose, Patent Owner’s expert, never considered the Petition’s actual
`
`analysis, and explained that he had not “look[ed] at all the other claimed analysis”
`
`and “didn’t go through all the pages” of testimony to see if Dr. Tamassia or
`
`Petitioner had “pointed to something else as” fulfilling the claimed “request,”
`
`7
`
`

`
`IPR2015-00811
`
`Petitioner’s Reply (Paper 29)
`
`instead focusing exclusively on a presumed change in position discerned from only
`
`two lines in Dr. Tamassia’s deposition. Ex. 1066 at 14:5-8, 16:22-17:2, 20:14-21:7.
`
`Patent Owner’s failure to address the Petition’s mapping dooms its response.
`
`2.
`
`Patent Owner Ignores the Plain Language of the Claims,
`the Evidence, and the Combination with RFC 2401
`
`Patent Owner argues Aventail alone does not disclose a remote host that
`
`“accepts[] an encrypted connection,” Resp. at 20, but that argument may be
`
`disregarded for several reasons. Initially, nothing in the claim language restricts the
`
`“a device that accepts an encrypted channel connection” to the “target device”— it
`
`expressly need not be. Patent Owner agrees that Aventail’s “system [] determines
`
`whether to encrypt traffic to the SOCK server,” thus conceding Aventail shows
`
`determining whether “a device” accepts an encrypted connection. Resp. at 21.
`
`Patent Owner’s argument must also be disregarded as it is premised on an
`
`unclaimed requirement of end-to-end encryption. The Board correctly accepted the
`
`evidence advanced by Dr. Tamassia that “Aventail Connect will evaluate the
`
`redirection rule to determine if the target host is one for which proxy redirection
`
`(and an encrypted communication) through the Aventail Extranet Server is
`
`required.” Dec. at 19 (citing Ex. 1005 ¶ 237) (emphasis in original); see also Ex.
`
`1009 at 8-11. Thus, the evidence described in the Petition, Pet. at 33-35, and by Dr.
`
`Tamassia, Ex. 1005 ¶¶ 229-237, establishes that Aventail, even if considered alone,
`
`satisfies this step under the broadest reasonable interpretation.
`
`8
`
`

`
`IPR2015-00811
`
`Petitioner’s Reply (Paper 29)
`
`Finally, the Board instituted on obviousness grounds based on Aventail with
`
`RFC 2401, in which the Aventail system is modified to include “end-to-end
`
`encryption,” i.e., “data encrypted on the client remains encrypted as it passes
`
`through firewall or proxy computers until it arrives at the specified host
`
`computer.” Dec. at 17-21, Pet. at 27-28. A determination by the modified Aventail
`
`system that the domain name requires a proxied connection is a determination that
`
`the domain name corresponds to a device that accepts an encrypted channel
`
`connection, even under Patent Owner’s improperly narrow view of the claims.
`
`3.
`
`Patent Owner’s Analysis Ignores the Aventail
`Configuration Described in the Petition
`
`Patent Owner also asserts that “determining whether a domain name . . .
`
`matches a redirection rule for a destination is not the same as determining whether
`
`the remote host will accept an encrypted connection.” Resp. at 21. Patent Owner
`
`appears to rely on the capacity of the Aventail system to be configured to work
`
`differently than the challenged claims specify to incorrectly argue Aventail must
`
`only be configured in such a way. But Patent Owner ignores the configuration
`
`described in Aventail and relied on by Petitioner and the Board—a configuration
`
`where a match of a redirection rule necessarily results in an encrypted
`
`connection. See Dec. at 19, Pet. at 34-35. In that configuration, connections to
`
`internal private networks “require all users to use Aventail Connect to authenticate
`
`and encrypt their sessions before any connection to the internal private
`
`9
`
`

`
`IPR2015-00811
`
`Petitioner’s Reply (Paper 29)
`
`network(s). For this example, the Aventail ExtraNet Server encrypts all sessions
`
`with SSL.” Ex. 1009 at 73 (emphasis added); Ex. 1005 at ¶¶ 229-37. This
`
`“determin[ation]” in Aventail thus occurs in virtually the same way described in
`
`the ’705 patent. Pet. at 34 (citing Ex. 1001 at 40:1-7, 40:46:57). Patent Owner’s
`
`reliance on alternative ways to configure the Aventail system are irrelevant—
`
`obviousness does not require every embodiment of a prior art reference to satisfy
`
`the claims. See Arthrocare Corp. v. Smith & Nephew, Inc., 406 F.3d 1365, 1372
`
`(Fed. Cir. 2005) (error “to limit the disclosure of the prior art reference to a
`
`preferred embodiment”).
`
`B.
`
`Aventail and RFC 2401 Teach Claim 1 and 21’s “Encrypted
`Communications Channel Between the Client Device and the
`Target Device”
`
`The Board correctly determined that Aventail in view of RFC 2401 likely
`
`discloses an “encrypted communications channel between the client device and the
`
`target device.” Dec. at 17-21; see also Pet. at 35-38; Ex. 1005 at ¶¶ 381-382; Ex.
`
`2015 at 199:6-18. In response, Patent Owner asserts that the claimed “encrypted
`
`communications channel” requires a “direct communications channel,” which it
`
`contends Aventail does not show. Response at 23-24. Patent Owner is incorrect.
`
`First, as explained in § II.B.2, supra, the Board should not read a “direct”
`
`limitation into this claim term. If Patent Owner believed its claims should be
`
`limited to a particular type of encrypted communication channel, it should have
`
`10
`
`

`
`IPR2015-00811
`
`Petitioner’s Reply (Paper 29)
`
`presented a claim amendment. It did not, so its arguments can be disregarded.
`
`Second, neither Patent Owner nor its expert have attempted to explain what
`
`is required by “direct[ness].” Resp. at 8-10, 23-24. To the extent the term itself is
`
`informative, Aventail describes the “network connections” that are proxied
`
`between client computers and those on the private network as “direct network
`
`connections.” Ex. 1009 at 72 (“[N]o direct network connections between the
`
`public LAN and the private LAN can be created without being securely proxied
`
`through the Aventail ExtraNet Server.”)
`
`Patent Owner also ignores that Aventail discloses configurations in which
`
`client computers proxy their communications into a private network but
`
`communicate directly with target computers as though they were on the same
`
`private network. See Pet. at 23-24, 42-43; Ex. 1009 at 29, 60, 63 (figure), 90-101;
`
`Ex. 1005 ¶¶ 266-272, 382. For example, Aventail shows remote client computers
`
`accessing private network resources via the “Extranet Neighborhood” feature. Pet.
`
`at 23-24. Using that functionality, a user can browse individual hosts (computers)
`
`on a private network, access or modify files on those hosts, and have other forms
`
`of “direct communications” with those hosts. Ex. 1009 at 29. Patent Owner’s only
`
`response is to challenge the mechanics of the underlying encrypted connection,
`
`Resp. at 23-24, but those mechanics are not relevant to the actual claim language
`
`or Patent Owner’s additional requirement of “direct” communications.
`
`11
`
`

`
`IPR2015-00811
`
`Petitioner’s Reply (Paper 29)
`
`C.
`
`Aventail and RFC 2401 Teach Claim 1 and 21’s “In Response to
`Determining . . . Providing Provisioning Information”
`
`In its Preliminary Response, Patent Owner “concede[d] that Petitioner cites
`
`to instances where Aventail Connect disclosed what Patent Owner contends are
`
`‘provisioning information.’” Prelim. Resp. 20-21. In finding Aventail likely shows
`
`this claim element, the Board found Patent Owner’s concession persuasive. Now,
`
`Patent Owner challenges whether Aventail’s provisioning information is “required
`
`to create an encrypted connection” or whether it is “provided in response to the
`
`claimed ‘determination,’” as specified by the claims. Resp. at 25-26. Patent
`
`Owner’s assertions are without merit.
`
`HOSTENT: Patent Owner asserts that HOSTENT is not “required to
`
`initiate” an encrypted communications channel because it claims to have identified
`
`a configuration in Aventail in which “an encrypted connection” can be created
`
`without its use. Resp. at 27-29. Once again, Patent Owner’s reliance on an
`
`alternative configuration, instead of the configuration actually relied on in the
`
`Petition, is irrelevant. Pet. at 33-34; see Arthrocare, 406 F.3d at 1372. The petition
`
`described a configuration where all hostnames requiring redirection also require
`
`encryption of all communications, see Pet. at 34; Ex. 1009 at 73; Dec. at 16, so the
`
`HOSTENT returned by Aventail Connect is “required” to establish an encrypted
`
`communication. It thus “enable[s] or aid[s] in establishing a secure
`
`communications channel.” Dec. at 9.
`
`12
`
`

`
`IPR2015-00811
`
`Petitioner’s Reply (Paper 29)
`
`Patent Owner also asserts that the Petition fails to disclose a “relationship”
`
`between HOSTENT and the “encrypted connection.” Resp. at 29-30. This new
`
`requirement proposed by Patent Owner does not appear anywhere in its proposed
`
`construction, id. at 11-12, nor does it identify anything in the claims or
`
`specification for support for this undefined “relationship,” see id. at 29-30. Instead,
`
`it points only to its expert, id. (citing Ex. 2016 ¶ 47), who in turn cites to no
`
`support, see, e.g., Ex. 2016 ¶47. These assertions must therefore be rejected.
`
`TCP Sequence Numbers: With respect to the TCP sequence numbers,
`
`Patent Owner repeats the same lack of “relationship” arguments as it did above.
`
`Resp. at 30-31. For the same reasons above, Patent Owner’s assertions fail. Patent
`
`Owner’s other argument—that “no encrypted connection exists to the remote host
`
`in Aventail [] and hence, the TCP numbers cannot be required,” Resp. at 30-31—
`
`fails to consider Aventail as modified by RFC 2401, which indisputably shows an
`
`encrypted connection to the remote host.
`
`Selection of Encryption Method & Certificate Exchange: Patent Owner’s
`
`only challenge to the “selection of encryption method and certificate exchange” is
`
`that Aventail alone does not show the encryption of communications between the
`
`client device and the remote host. That assertion is irrelevant, as it fails to consider
`
`the actual grounds in this trial—the Aventail in view of RFC 2401.
`
`SOCKS Exchanges: Patent Owner asserts “SOCKS” negotiations cannot
`
`13
`
`

`
`IPR2015-00811
`
`Petitioner’s Reply (Paper 29)
`
`be the claimed “provisioning information” for two reasons, neither of which have
`
`merit. First, it argues the SOCKS negotiations “do not initiate the creation of the
`
`encrypted communications….,” but it fails to apply the proper claim language,
`
`which states “provisioning information required to initiate the creation….” Ex.
`
`1001 at 55:61-62. Put another way, and as the Board already determined, the
`
`provisioning information must only “enable or aid” in the creation, it need not
`
`actually create. See Dec. at 9.
`
`Patent Owner’s second argument—that Petitioner need to have identified a
`
`“particular message”—is inconsistent with the claim language, which simply
`
`requires “information.” Nevertheless, the Petition identified specific messages
`
`exchanged during the SOCKS negotiation, including “a ‘succeeded’ response to
`
`the client that provides the network address and network port of the server to
`
`which the client computer should send its encrypted communications.” Pet. at 37;
`
`Ex. 1009 at 12; Ex. 1018 at 5-6; Ex. 1005 ¶¶ 241-243.
`
`D. Aventail and RFC 2401 Renders Claims 2, 16, and 33 Obvious.
`
`Dependent claims 2, 16, and 33 recite determining that the target device
`
`“accepts an encrypted channel connection” or “is a device with which” such a
`
`channel “can be established.” Patent Owner presents the same arguments against
`
`these claims as it did against the “determining” step of claims 1 and 21. Resp. at
`
`34-35. As shown in the Petition and above (see § A.1), Aventail with RFC 2401
`
`14
`
`

`
`IPR2015-00811
`
`Petitioner’s Reply (Paper 29)
`
`renders the “determining” step obvious, see Pet. at 33-38, and renders claims 2, 16,
`
`and 33 obvious for the same reasons, see Pet. at 43-44, 48.
`
`E. Aventail and RFC 2401 Renders Claims 3 and 25 Obvious.
`
`Dependent claims 3 and 25 recite that “the domain name is a secure domain
`
`name.” Aventail in view of RFC 2401 renders this feature obvious for two
`
`reasons. First, Aventail relies on a private DNS server that would resolve domain
`
`names unable to be resolved by a public DNS. Pet. at 44-45; Ex. 1005 at ¶¶ 224,
`
`243. Patent Owner argues that Aventail does not disclose that the domain name
`
`submitted to the SOCKS server for resolution is resolved by the private DNS,
`
`Resp. at 36-37, but Aventail explains that when DNS requests are being proxied,
`
`“the SOCKS server performs the hostname resolution,” Ex. 1009 at 12, and shows
`
`a private DNS server to allow for hostname resolution on the private network, id.
`
`at 72. Dr. Tamassia testified that the domain names of servers on the private
`
`network would be resolved via the private DNS server, Ex. 1005 at ¶ 273, and Dr.
`
`Monrose and Patent Owner fail to point to any other resolution mechanism for how
`
`the SOCKS server “performs the hostname resolution,” see Ex. 2016 at ¶ 62.
`
`Second, Patent Owner’s other argument relates to its flawed construction of
`
`“secure domain name” that would require it to be “non-standard.” Resp. at 37. As
`
`explained above, see § II.B.1, Patent Owner’s construction was already rejected
`
`and has no basis in the specification or the understanding of one of ordinary skill.
`
`15
`
`

`
`IPR2015-00811
`
`Petitioner’s Reply (Paper 29)
`
`F. Aventail in view of RFC 2401 Renders Claims 17 and 34 Obvious.
`
`Dependent claims 17 and 34 recite that the “intercept[ion]”occurs on a
`
`device “separate from the client device.” Aventail “intercept[s]” the request to look
`
`up an IP address in two distinct ways: (1) on the client via Aventail Connect, and
`
`(2) on the Aventail Extranet Server. See § A.1, above; Pet. at 31-32; Ex. 1009 at
`
`11-12; Ex. 1005 at ¶¶ 209-256. In this second case, the “intercept[ion]” occurs
`
`within a device “separate from the client device.” Pet. at 48; Ex. 1009 at 72.
`
`Patent Owner argues that the “determining” step of claims 1 and 21 must
`
`necessarily occur after the “intercepting” step. See Resp. 39-40. There is no basis
`
`for this requirement in the plain language of the claim. “Unless the steps of a
`
`method [claim] actually recite an order, the steps are not ordinarily construed to
`
`require one.” Interactive Gift Express, Inc. v. Compuserve Inc., 256 F.3d 1323,
`
`1342 (Fed. Cir. 2001). The claimed “intercepting” (step 1) and “determining”
`
`(step 2) refer to the same transmitted “request,” but the claims make no order
`
`explicit, and Patent Owner cannot dispute that the “domain name” transmitted in
`
`the request before the “determinat[ion]” in Aventail is the same “domain name”
`
`received and resolved by the Aventail Extranet Server. Ex. 2015 at 193:18-22.
`
`Moreover, the reference to “the request to look up the IP address transmitted
`
`in step (1)” serves to indicate the antecedent basis for the request, not introduce
`
`some temporal relationship between the steps. And, the last st