`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`____________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`____________________
`
`
`
`APPLE INC.
`Petitioner,
`
`v.
`
`VIRNETX, INC. AND SCIENCE APPLICATION INTERNATIONAL
`CORPORATION,
`Patent Owner.
`
`Patent No. 8,850,009
`Issued: September 30, 2014
`Filed: June 6, 2013
`Inventors: Victor Larson, et al.
`Title: SYSTEM AND METHOD EMPLOYING AN AGILE NETWORK
`PROTOCOL FOR SECURE COMMUNICATIONS USING SECURE DOMAIN
`NAMES
`
`____________________
`
`Inter Partes Review No. IPR2015-00813
`__________________________________________________________________
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,850,009
`
`
`
`
`
`
`
`
`
`
`I.
`
`Table of Contents
`
`Introduction .................................................................................................... 1
`A. Certification the ’009 Patent May Be Contested by Petitioner ....... 1
`B.
`Fee for Inter Partes Review (§ 42.15(a)) ........................................... 1
`C. Mandatory Notices (37 CFR § 42.8(b)) ............................................. 1
`1.
`Real Party in Interest (§ 42.8(b)(1)) ............................................ 1
`1.
`Other Proceedings (§ 42.8(b)(2)) ................................................ 2
`2.
`Lead and Backup Lead Counsel (§ 42.8(b)(3)) .......................... 2
`3.
`Proof of Service (§§ 42.6(e) and 42.105(a)) ............................... 2
`
`II.
`
`Identification of Claims Being Challenged (§ 42.104(b)) ........................... 2
`
`B.
`C.
`D.
`E.
`
`III. Relevant Information Concerning the Contested Patent .......................... 3
`A. Overview of the ’009 Patent ............................................................... 3
`1.
`The ’009 Patent Specification ..................................................... 3
`2.
`Representative Claims ................................................................ 5
`Patent Owner’s Contentions About Related Patents ....................... 5
`Effective Filing Date ............................................................................ 6
`The Person of Ordinary Skill in the Art ........................................... 8
`Claim Construction ............................................................................. 8
`1.
`“domain name service (DNS) request” ....................................... 9
`2.
`“interception of the DNS request” .............................................. 9
`3.
`“encrypted communication link” .............................................. 11
`4.
`“provisioning information” ....................................................... 12
`5.
`“secure communications service” ............................................. 14
`6.
`“indication” ............................................................................... 15
`7.
`“virtual private network communication link” ......................... 16
`8.
`“domain name” ......................................................................... 17
`9.
`“modulation” ............................................................................. 17
`
`ii
`
`
`
`
`
`B.
`
`IV. Analysis of the Patentability of the ’009 Patent ........................................ 18
`A.
`Summary of Prior Art to the ’009 Patent ....................................... 18
`1.
`Overview of Aventail (Ex. 1009), Aventail User’s Guide (Ex.
`1010) and Aventail Extranet Guide (Ex. 1011) ........................ 19
`a)
`Nature of the Aventail Documents ................................. 19
`b)
`Components of the Aventail scheme .............................. 21
`c)
`Incorporation of Aventail Into A Client Computer ........ 22
`d)
`Handling Requests .......................................................... 22
`e)
`Establishing a Secure Connection .................................. 24
`f)
`Using Multiple Proxies ................................................... 26
`g)
`Secure Extranet Explorer ................................................ 27
`Overview of RFC 2401 (Ex. 1008) ........................................... 28
`2.
`Overview of RFC 2543 (Ex. 1013) ........................................... 30
`3.
`Aventail (Ex. 1009) in View of RFC 2401 (Ex. 1008) Would Have
`Rendered Claims 1, 6-14, 19-20 and 22-25 Obvious ...................... 31
`1.
`Aventail Describes or, with RFC 2401, Suggests Every Element
`of Independent Claims 1 and 14 ............................................... 32
`a)
`Claim 1 Preamble: “a network device” ......................... 32
`b)
`“storage device storing an application program …” and
`“processor configured to execute the application program
`…” ................................................................................... 33
`Claim 14 Preamble: a “method executed by a first device
`for communicating with a second network device” ....... 34
`“sending . . . a domain name service (DNS) request to
`look up a network address . . . based on an identifier” ... 34
`The “receiving” step ....................................................... 35
`“connecting . . . over the encrypted communication link,
`using the received network address . . . and the
`provisioning information . . .” ........................................ 44
`“communicating data . . . using the secure
`communications service via the encrypted
`communication link” ...................................................... 45
`
`c)
`
`d)
`
`e)
`f)
`
`g)
`
`
`
`iii
`
`
`
`
`
`2.
`
`h)
`
`“the first network device being a device at which a user
`uses the secure communications service to access the
`encrypted communication link”...................................... 46
`The Distinctions Between the Claimed Methods and Systems
`Would Have Been Obvious Based on Aventail in View of RFC
`2401 ........................................................................................... 47
`Claims 6 and 19 Would Have Been Obvious ........................... 51
`3.
`Claims 7 and 20 Would Have Been Obvious ........................... 51
`4.
`Claim 8 Would Have Been Obvious ......................................... 52
`5.
`Claims 10 and 22 Would Have Been Obvious ......................... 53
`6.
`Claims 11 and 23 Would Have Been Obvious ......................... 54
`7.
`Claims 12 and 24 Would Have Been Obvious ......................... 54
`8.
`Claims 13 and 25 Would Have Been Obvious ......................... 55
`9.
`C. Aventail in view of RFC 2401 in Further View of RFC 2543
`Would Have Rendered Claims 2-5 and 15-18 Obvious ................. 55
`1.
`Claims 2, 3, 15 and 16 Would Have Been Obvious ................. 55
`2.
`Claims 4, 5, 17, and 18 Would Have Been Obvious ................ 58
`D. No Secondary Considerations Exist ................................................ 59
`
`V. Conclusion .................................................................................................... 59
`
`
`
`iv
`
`
`
`Petition in IPR2015-00813
`
`I.
`
` Introduction
`A. Certification the ’009 Patent May Be Contested by Petitioner
`Petitioner certifies that U.S. Patent No. 8,850,009 (Ex. 1003) (the ’009
`
`patent) is available for inter partes review. Petitioner also certifies it is not barred
`
`or estopped from requesting inter partes review of the claims of the ’009 patent.
`
`Neither Petitioner, nor any party in privity with Petitioner, has filed a civil action
`
`challenging the validity of any claim of the ’009 patent. The ’009 patent has not
`
`been the subject of a prior inter partes review by Petitioner or a privy of Petitioner.
`
`Petitioner also certifies this petition for inter partes review is timely filed as
`
`it has never been asserted against Petitioner in litigation. Thus, because there is no
`
`patent owner’s action, this petition complies with 35 U.S.C. § 315(b). Petitioner
`
`also notes that the timing provisions of 35 U.S.C. § 311(c) and 37 C.F.R.
`
`§ 42.102(a) do not apply to the ’009 patent, as it pre-dates the first-to-file system.
`
`See Pub. L. 112-274 § 1(n), 126 Stat. 2456 (Jan. 14, 2013).
`
`Fee for Inter Partes Review (§ 42.15(a))
`
`B.
`The Director is authorized to charge the fee specified by 37 CFR § 42.15(a)
`
`to Deposit Account No. 50-1597.
`
`C. Mandatory Notices (37 CFR § 42.8(b))
`1.
`Real Party in Interest (§ 42.8(b)(1))
`The real party in interest of this petition pursuant to § 42.8(b)(1) is Apple
`
`Inc. (“Apple”) located at One Infinite Loop, Cupertino, CA 95014.
`
`1
`
`
`
`Petition in IPR2015-00813
`
`1. Other Proceedings (§ 42.8(b)(2))
`IPR2015-00812 filed concurrently also involves the ’009 patent. Each
`
`petition advances unique grounds and is based on different primary references.
`
`Each petition presents a unique correlation of the claims to the prior art, and
`
`warrants independent institution of trial. Petitioner respectfully requests the Board
`
`institute each petition, as each presents distinct and non-redundant grounds.
`
`Lead and Backup Lead Counsel (§ 42.8(b)(3))
`
`2.
`Lead Counsel is: Jeffrey P. Kushan (Reg. No. 43,401), jkushan@sidley.com,
`
`(202) 736-8914. Back-Up Lead Counsel are: Scott Border (pro hac to be
`
`requested), sborder@sidley.com, (202) 736-8818; and Thomas A. Broughan III
`
`(Reg. No. 66,001), tbroughan@sidley.com, (202) 736-8314.
`
`Proof of Service (§§ 42.6(e) and 42.105(a))
`
`3.
`Proof of service of this petition is provided in Attachment A.
`
`II.
`
`Identification of Claims Being Challenged (§ 42.104(b))
`Claims 1-8, 10-20, and 22-25 of the ’009 patent are unpatentable as obvious
`
`under 35 U.S.C. § 103. Specifically: (i) claims 1, 6-8, 10-14, 19-20, and 22-25
`
`would have been obvious based on Aventail Connect v3.01/v2.51 Administrator’s
`
`Guide (“Aventail”) (Ex. 1009) in view of RFC 2401, “Security Architecture for the
`
`Internet Protocol” (“RFC 2401”) (Ex. 1008); and claims 2-5 and 15-18 are obvious
`
`based on Aventail in view of RFC 2401 in further view of RFC 2543 “SIP: Session
`
`Initiation Protocol” (“RFC 2543”) (Ex. 1013).
`
`2
`
`
`
`Petition in IPR2015-00813
`
`Attachment B lists the evidence relied upon in support of this petition.
`
`III. Relevant Information Concerning the Contested Patent
`A. Overview of the ’009 Patent
`1.
`The ’009 Patent Specification
`The ’009 patent is a member of a family of patents issued to Larson et al.,
`
`including, inter alia, U.S. Patent Nos. 6,502,135 (“ ’135 patent”), 7,188,180
`
`(“ ’180 patent”), 7,418,504 (“ ’504 patent”), 7,490,151 (“ ’151 patent”), 7,921,211
`
`(“ ’211 patent”), 7,987,274 (“ ’274 patent”), 8,051,181 (“ ’181 patent”), 8,504,697
`
`(“ ’697 patent”), and 8,868,705 (“ ’705 patent”).1
`
`The ’009 patent disclosure, like other members of this patent family, is
`
`largely focused on techniques for securely communicating over the Internet based
`
`on a protocol called the “Tunneled Agile Routing Protocol” or “TARP.” Ex. 1003
`
`at 3:20-23. According to the ’009 specification, TARP allows for secure and
`
`anonymous communications by using tunneling, an IP address hopping scheme
`
`where the IP addresses of the end devices and routers participating in the system
`
`can change over time, and a variety of other security techniques. Ex. 1003 at 1:38-
`
`40, 3:20-6:13. Two short sections of the ’009 specification – spanning primarily
`
`columns 39 to 42 and 49 to 53 – are directed to a different concept, namely,
`
`techniques for establishing secure communications in response to DNS requests
`
`
`1
`
`
`
`IPR2015-00810 and -00811 filed concurrently involve the ’705 patent.
`
`3
`
`
`
`Petition in IPR2015-00813
`
`specifying a secure destination. See Ex. 1003 at 39:36-42:29, 49:41-53:49. This
`
`material was added in a continuation-in-part application filed in February 2000. In
`
`proceedings involving related patents, Patent Owner has asserted that these short
`
`passages provide written description support for claim terms involving domain
`
`names, DNS requests, requests to look up network addresses, and DNS servers.
`
`These portions of the ’009 specification describe a “conventional DNS
`
`server” that purportedly is modified to include additional functionality that allows
`
`it to support the creation of virtual private networks. See Ex. 1003 at 40:29-57.
`
`According to the ’009 specification, the “modified DNS server” (id. at 40:33-34)
`
`receives a request to look up a network address associated with a domain name,
`
`determines whether a secure site has been requested (for example, by checking an
`
`internal table of sites), and then performs additional steps to support establishing a
`
`“virtual private network” with the secure site. See Ex. 1003 at 39:33-38, 40:11-28,
`
`40:39-57, 41:31-49, 52:7-13. This process can include conventional devices such
`
`as personal computers running web browsers, proxy servers, intermediate routers,
`
`and web servers. Ex. 1003 at 40:29-38, 49:55-65, 52:65-53:4.
`
`The ’009 specification describes several optional features of this system,
`
`such as using “IP hopblocks” to create a VPN or incorporating user authentication.
`
`Ex. 1003 at 40:18-22, 40:27-28, 41:42-49, 52:21-34. It also describes several
`
`optional configurations of the “modified DNS server,” including a standalone DNS
`
`
`
`4
`
`
`
`Petition in IPR2015-00813
`
`server and a system incorporating a DNS server, a DNS proxy server, and a
`
`gatekeeper. Ex. 1003 at 41:1-14.
`
`Representative Claims
`
`2.
`Independent claims 1 and 14 of the ’009 patent define a network device and
`
`a method, respectively, but recite the same operative steps. See Ex. 1003 at 56:22-
`
`48, 57:22-58:3. Claim 14 is representative, specifying a method executed by a first
`
`network device for communicating with a second network device by: (1) sending a
`
`request to look up a network address of the second network device; (2) receiving,
`
`following interception of the request, (i) an indication that the second network
`
`device is available for a secure communications service; (ii) the requested network
`
`address; and (iii) provisioning information for an encrypted communication link;
`
`(3) connecting to the second network device over the encrypted communication
`
`link; and (4) communicating data using the secure communications service via the
`
`encrypted communication link, the first network device being a device at which a
`
`user uses the secure communications service to access the encrypted
`
`communication link.
`
`Patent Owner’s Contentions About Related Patents
`
`B.
`Patent Owner has asserted varying sets of claims of its patents in this family
`
`against Petitioner and other entities in numerous lawsuits. In August of 2010,
`
`Patent Owner sued Petitioner and five other entities (the “2010 Litigation”)
`
`
`
`5
`
`
`
`Petition in IPR2015-00813
`
`asserting claims from the ’135, ’151, ’504, and ’211 patents. In November 2011,
`
`Patent Owner filed a lawsuit accusing Petitioner of infringing claims of the ’181
`
`patent. In December 2012, Patent Owner served a new complaint on Petitioner
`
`asserting infringement of numerous claims of the ’135, ’151, ’504, and ’211
`
`patents (the “2012 Litigation”). In August 2013, Patent Owner served an amended
`
`complaint adding the ’697 patent to the 2012 Litigation. Patent Owner also
`
`asserted patents from this family against Microsoft and others in separate lawsuits
`
`filed in February 2007, March 2010, and April 2013, and against numerous other
`
`defendants in actions filed in 2010 and 2011.
`
`C. Effective Filing Date
`The ’009 patent issued from U.S. Appl. No. 13/911,792 (“the ’792
`
`application”). The ’792 application claims the benefit as a continuation of the
`
`following applications: 13/903,788, filed May 28, 2013; 13/336,790 (issued as
`
`U.S. Patent No. 8,458,341); 13/049,552 (issued as U.S. Patent No. 8,572,247);
`
`11/840,560 (issued as the ’211 patent); 10/714,849 (issued as the ’504 patent); and
`
`09/558,210, filed April 26, 2000, and now abandoned. It also is designated a
`
`continuation-in-part of 09/504,783, filed on February 15, 2000 (“the ’783
`
`application”), which is a continuation-in-part of 09/429,643, filed on October 29,
`
`1999. The ’210, ’783 and ’643 applications also claim priority to 60/106,261, filed
`
`October 30, 1998 and 60/137,704, filed June 7, 1998.
`
`
`
`6
`
`
`
`Petition in IPR2015-00813
`
`Claims 1 and 14 of the ’009 patent are independent claims. Claims 2-8 and
`
`10-13 depend directly or indirectly from claim 1, and claims 15-20 and 22-25
`
`depend directly or indirectly from claim 14. Claims 2-8, 10-13, 15-20 and 22-25
`
`cannot enjoy an effective filing date earlier than that of claims 1 and 14,
`
`respectively, from which they depend.
`
`Claims 1 and 14 of the ’009 patent rely on information found only in the
`
`’783 application. For example, claim 1 of the ’009 patent specifies a network
`
`device comprising at least one processor configured to execute an application
`
`program to enable the network device to “send a domain name service (DNS)
`
`request…” and “receive, following interception of the DNS request…” (emphasis
`
`added). Claim 14 specifies a method executed by a first network device
`
`comprising “sending a domain name service (DNS) request…” and “receiving,
`
`following interception of the DNS request…” (emphasis added). No application
`
`filed prior to the ’783 application mentions the terms “domain name,” “domain
`
`name service” or “DNS request,” much less provide a written description of
`
`devices or methods corresponding to the ’009 patent claims. In proceedings
`
`involving the related ’135, ’504, ’151, ’211, ’274 and ’697 patents, Patent Owner
`
`has not disputed that claims reciting a “domain name” or “domain name service”
`
`are not entitled to an effective filing date prior to February 15, 2000. See, e.g.,
`
`Patent Owner Preliminary Oppositions in IPR2013-00348, -00349, -00354, -00375
`
`
`
`7
`
`
`
`Petition in IPR2015-00813
`
`to -00378, -00393, -00394, -00397, and -00398, as well as IPR2014-00237, -
`
`00238, -00403, -00404, and -00610; see also Inter Partes Reexamination Nos.
`
`95/001,682, 95/001,679, 95/001,697, 95/001,714, 95/001,788, and 95/001,789.
`
`Accordingly, the effective filing date of the ’009 patent claims is no earlier
`
`than February 15, 2000.
`
`D. The Person of Ordinary Skill in the Art
`A person of ordinary skill in the art in the field of the ’009 patent would
`
`have been someone with a good working knowledge of networking protocols,
`
`including those employing security techniques, as well as computer systems that
`
`support these protocols and techniques. The person also would be very familiar
`
`with Internet standards related to communications and security, and with a variety
`
`of client-server systems and technologies. The person would have gained this
`
`knowledge either through education and training, several years of practical
`
`working experience, or through a combination of these. Ex. 1005 ¶ 110.
`
`E. Claim Construction
`In this proceeding, claims must be given their broadest reasonable
`
`construction in light of the specification. 37 CFR § 42.100(b). The ’009 patent
`
`shares a common disclosure and uses several of the same terms as the ’697, ’274,
`
`’180, ’151, ’504, and ’211 patents with respect to which Patent Owner has
`
`advanced constructions. Also, if Patent Owner contends terms in the claims should
`
`
`
`8
`
`
`
`Petition in IPR2015-00813
`
`be read as having a special meaning, those contentions should be disregarded
`
`unless Patent Owner also amends the claims compliant with 35 U.S.C. § 112 to
`
`make them expressly correspond to those contentions. See 77 Fed. Reg. 48764 at
`
`II.B.6 (August 14, 2012); cf. In re Youman, 679 F.3d 1335, 1343 (Fed. Cir. 2012).
`
`In the constructions below, Petitioner identifies representative subject matter
`
`within the scope of the claims, read with their broadest reasonable interpretation.
`
`Petitioner expressly reserves its right to advance different constructions in any
`
`district court litigation, which employs a different claim construction standard.
`
`1.
`“domain name service (DNS) request”
`Each independent claim recites the term “domain name service (DNS)
`
`request.” The ’009 patent does not define the term “domain name service (DNS)
`
`request. In IPR2014-00610 involving the related ’151 patent, the Board has
`
`interpreted “DNS request” to mean “a request for a resource corresponding to a
`
`domain name.” Paper 9 at 6 (Oct. 15, 2014). This is consistent with the ’009
`
`patent specification, which provides examples of DNS requests seeking to obtain a
`
`network address corresponding to a “web name” or “domain name.” Ex. 1003 at
`
`39:39-45, 40:52-58; see also Ex. 1005 at ¶ 85. Accordingly, the broadest
`
`reasonable interpretation of “domain name service (DNS) request” is “a request
`
`for a resource corresponding to a domain name.” Ex. 1005 at ¶ 85.
`
`2.
`
`“interception of the DNS request”
`
`
`
`9
`
`
`
`Petition in IPR2015-00813
`
`Each independent claim requires “interception of a DNS request.” In a
`
`related proceeding involving the ’697 patent, the Board interpreted the phrase
`
`“intercepting . . . a request” as including “receiving a request pertaining to a first
`
`entity at another entity.” IPR2014-00237, Paper 15 at 13 (May 14, 2014). The
`
`Board further explained that “intercepting” a request involves “receiving and
`
`acting on” a request, the request being “intended for” receipt at a destination other
`
`than the destination at which the request is intercepted. Id. at 12. The Board’s
`
`construction is consistent with the ’009 patent specification. Ex. 1005 at ¶ 67.
`
`The ’009 patent does not expressly define “interception” of a DNS request,
`
`but uses the term “intercepting” as meaning receiving a request at a device other
`
`than the device specified in the request. Ex. 1005 at ¶ 68, 86. For example, the
`
`specification explains that a DNS proxy 2610 “intercepts” all DNS lookup
`
`functions to examine whether access to a secure site has been requested. Ex. 1003
`
`at 40:39-45, Figs. 26 & 27. The specification also shows the requests are routed to
`
`the DNS proxy instead of a DNS server 2609, which ordinarily would receive and
`
`resolve the domain name in the request. Id. at 39:39-41. Because the DNS proxy
`
`and DNS server as described as separate entities, the ’009 patent uses the term
`
`“intercept” as meaning receipt of a message by a proxy server instead of the
`
`intended destination. Accordingly, the broadest reasonable interpretation of the
`
`term “interception of the DNS request” includes “receiving a DNS request
`
`
`
`10
`
`
`
`Petition in IPR2015-00813
`
`pertaining to a first entity at another entity.” Ex. 1005 at ¶ 86.
`
`3.
`“encrypted communication link”
`Each independent claim recites the term “encrypted communication link.”
`
`The ’009 patent does not define “encrypted communication link.” The Board has
`
`not interpreted this term in proceedings involving related patents, but has construed
`
`the terms “secure communication link” and “virtual private network
`
`communication link.” Specifically, in IPR2014-00237 involving the related ’697
`
`patent, the Board interpreted “secure communication link” to mean “a transmission
`
`path that restricts access to data, addresses, or other information on the path,
`
`generally using obfuscation methods to hide information on the path, including, but
`
`not limited to, one or more of authentication, encryption, or address hopping.”
`
`Paper 15 at 10 (May 4, 2014). Also, in IPR2014-00481 involving the related ’180
`
`patent, the Board interpreted “virtual private network communication link” to
`
`mean “a transmission path between two devices that restricts access to data,
`
`addresses, or other information on the path, generally using obfuscation methods to
`
`hide information on the path, including, but not limited to, one or more of
`
`authentication, encryption, or address hopping.” Paper 11 at 6-7 (Sept. 3, 2014).
`
`Like the ’697 and ’180 patent claims, the ’009 patent claims require
`
`communication over a “communication link,” but the ’009 claims specify that the
`
`link is “encrypted.” All three patents generally claim DNS-based methods and
`
`
`
`11
`
`
`
`Petition in IPR2015-00813
`
`systems for establishing secure communications or VPNs. The common
`
`specification explains that the DNS-based VPN scheme permits computers to
`
`privately communicate with each other over a public network by protecting their
`
`anonymity. See Ex. 1003 at 39:56-65. In other words, the “communication link”
`
`resulting from implementation of the claimed DNS-based methods and systems
`
`must be “a transmission path that restricts access to data, addresses, or other
`
`information on the path, including, but not limited to, one or more of
`
`authentication, encryption, or address hopping.” Ex. 1005 at ¶¶ 88-90; see also
`
`IPR2014-00237, Paper 15 at 10 (May 4, 2014); IPR2014-00481, Paper 11 at 6-7
`
`(Sept. 3, 2014). Thus, an “encrypted communication link” is a type of secure
`
`communication link that uses encryption. Ex. 1005 at ¶ 90. The broadest
`
`reasonable interpretation of “encrypted communication link” in the context of the
`
`’009 claims is “a transmission path that restricts access to data, addresses, or
`
`other information on the path at least by using encryption.” Ex. 1005 at ¶ 91.
`
`4.
`“provisioning information”
`Each independent claim recites the term “provisioning information.” The
`
`’009 patent does not define “provisioning information.” The only discussion in
`
`specification concerning “provisioning” states that “VPN gatekeeper 3314
`
`provisions computer 3301 and secure web server computer 3320, or a secure edge
`
`router for server computer 3320, thereby creating the VPN.” Ex. 1003 at 52:10-13
`
`
`
`12
`
`
`
`Petition in IPR2015-00813
`
`(emphasis added). The ’009 specification also explains that, after a DNS proxy
`
`determines that access a secure site has been requested, it transmits a message to a
`
`gatekeeper requesting creation of a “virtual private network.” Id. at 40:45-48,
`
`41:39-42. The gatekeeper returns a resolved IP address and IP address
`
`“hopblocks” to be used by the client computer and the target site to communicate
`
`securely. Id. at 40:48-57; see also Ex. 1005 at ¶ 74.
`
`In IPR2014-00481 involving the ’180 patent, whose claims recite
`
`provisioning information for a “virtual private network” rather than “encrypted
`
`communications channel,” the Board interpreted “provisioning information” as
`
`“information that is provided to enable or to aid in establishing communications to
`
`occur in the VPN.” Paper 11 at 11 (Sept. 3, 2014). The ’009 patent disclosure
`
`only describes use of DNS systems to establish VPN connections between devices,
`
`and it does not describe creating encrypted channels that are isolated from a VPN.
`
`See Ex. 1003 at 39:36-38, 51:31-33, 52:9-10, Fig. 37. Examples of “provisioning
`
`information” in the ’009 patent includes IP address hopblocks or other data that
`
`enables or to aids in establishing communications in a VPN where the VPN uses
`
`encryption. Ex. 1003 at 40:45-57: Ex. 1005 at ¶ 75. Therefore, the broadest
`
`reasonable interpretation of the term “provisioning information” in the context of
`
`the ’009 claims is “information that enables communication in a virtual private
`
`network, where the virtual private network uses encryption.” Ex. 1005 at ¶ 92.
`
`
`
`13
`
`
`
`Petition in IPR2015-00813
`
`5.
`“secure communications service”
`Each independent claim recites the term “secure communications service.”
`
`The ’009 patent does not expressly define this term. In IPR2014-00237 involving
`
`the related ’697 patent, the Board interpreted the term “secure communications
`
`service” as “the functional configuration of a network device that enables it to
`
`participate in a secure communication link with another network device.” Paper 15
`
`at 10 (May 14, 2014). “Secure communication link” in turn has been interpreted
`
`by the Board to mean “a transmission path that restricts access to data, addresses,
`
`or other information on the path, including, but not limited to, one or more of
`
`authentication, encryption, or address hopping.” IPR2014-00237, Paper 15 at 10
`
`(May 4, 2014).
`
`This is consistent with the ’009 patent specification, which uses the phrase
`
`“secure communications service” in a manner that indicates the term simply refers
`
`to the capacity of two computers to participate in a secure communications link.
`
`Ex. 1005 at ¶ 95. For example, the ’009 patent explains that a first network device
`
`“communicat[es] at least one of video data and audio data with the second network
`
`device using the secure communications service via the secure communication
`
`link.” Ex. 1003 at 8:28-31, 8:45-48. Therefore, the broadest reasonable
`
`construction of the term “secure communications service” should encompass “the
`
`functional configuration of a network device that enables it to participate in a
`
`
`
`14
`
`
`
`Petition in IPR2015-00813
`
`secure communications link with another computer or device.” Ex. 1005 at ¶ 96.
`
`“indication”
`
`6.
`Each independent claim requires the first network device to receive “an
`
`indication” that the second network device is available for the secure
`
`communications service. The ’009 specification does not define the term
`
`“indication.” In IPR2014-00614 involving the related ’504 patent, the Board
`
`interpreted the term “indication” to mean “something that shows the probable
`
`presence or existence or nature of.” Paper 9 at 12-13 (Oct. 15, 2014); see also
`
`IPR2014-00615, Paper 9 (Oct. 15, 2014) (involving the related ’211 patent).
`
`This is consistent with the ’009 specification, which explains that, after a
`
`DNS proxy determines access to a secure site has been requested and forwards the
`
`request to a gatekeeper, the client receives a “resolved” address and is provisioned
`
`information such as “hopblocks” to be used for secure communication with the
`
`secure target site. Ex. 1003 at 40:39-57; Ex. 1005 at ¶ 99. In some scenarios, the
`
`DNS proxy may return a “host unknown” error message, such as if the user lacks
`
`appropriate credentials. Ex. 1003 at 40:62-65. Although a web browser may show
`
`an icon indicating a secure connection has been established (id. at 52:37-40), the
`
`’009 specification contains no discussion of a client receiving a message explicitly
`
`confirming that the secure target site is available for secure communications.
`
`Ex. 1005 at ¶ 100. Accordingly, the broadest reasonable interpretation of the term
`
`
`
`15
`
`
`
`Petition in IPR2015-00813
`
`“indication” should encompass “something that shows the probable presence or
`
`existence or nature of.” Ex. 1005 at ¶ 101.
`
`“virtual private network communication link”
`
`7.
`Dependent claims 8 and 21 specify that the encrypted communication link
`
`“is part of a virtual private network communication link.” The ’009 patent does
`
`not provide an explicit definition for “virtual private network communication link.”
`
`In IPR2014-00481 involving the related ’180 patent, the Board interpreted “virtual
`
`private network communication link” to mean “a transmission path between two
`
`devices that restricts access to data, addresses, or other information on the path,
`
`generally using obfuscation methods to hide information on the path, including, but
`
`not limited to, one or more of authentication, encryption, or address hopping.”
`
`Paper 11 at 6-7 (Sept. 3, 2014). The Board also read the ’180 patent as employing
`
`various levels of security in a VPN that do not require encryption, such as
`
`authentication, or information or address hopping. Id. at 7.
`
`This is consistent with the ’009 specification, which explains that “software
`
`module 3309 accesses secure server 3320 through VPN communication link 3321”
`
`and the communication link 3321 is shown as only the portion of the path between
`
`computer 3301 and server 3320 that is over network 3302. Ex. 1003 at 52:35-36,
`
`Fig. 33; Ex. 1005 at ¶ 104. Accordingly, the broadest reasonable interpretation of
`
`“virtual private network communication link” is “a transmission path between two
`
`
`
`16
`
`
`
`Petition in IPR2015-00813
`
`devices that restricts access to data, addresses, or other information on the path,
`
`generally using obfuscation methods to hide information on the path, including,
`
`but not limited to, one or more of authentication, encryption, or address
`
`hopping.” Ex. 1005 at ¶ 105.
`
`8.
`“domain name”
`Dependent claims 7 and 20 recite the term “domain name.” The ’009 patent
`
`does not define “domain name.” A “domain name” would be understood by a
`
`person of ordinary skill to be a hierarchical sequence of words in decreasing order
`
`of specificity that corresponds to a numerical IP address. Ex. 1005 at ¶ 70. A
`
`more general description of “dom