throbber
Filed on behalf of: VirnetX Inc.
`By:
`
`Joseph E. Palys
`Paul Hastings LLP
`875 15th Street NW
`Washington, DC 20005
`Telephone: (202) 551-1996
`Facsimile: (202) 551-0496
`E-mail: josephpalys@paulhastings.com
`
`
`
`Naveen Modi
`Paul Hastings LLP
`875 15th Street NW
`Washington, DC 20005
`Telephone: (202) 551-1990
`Facsimile: (202) 551-0490
`E-mail: naveenmodi@paulhastings.com
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`
`
`
`
`
`
`
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`
`
`
`
`
`
`
`
`APPLE INC.
`Petitioner
`
`v.
`
`VIRNETX INC.
`Patent Owner
`
`
`
`
`
`
`
`Case IPR2015-00866
`Patent 8,458,341
`
`
`
`
`
`
`
`
`
`
`Declaration of Fabian Monrose, Ph.D.
`
`
`
`
`
`
`
`VIRNETX EXHIBIT 2018
`Apple v. VirnetX
`Trial IPR2015-00866
`
`Page 1 of 38
`
`

`
`Case No. IPR2015-00866
`
`Table of Contents
`
`Introduction ...................................................................................................... 1
`
`Resources Consulted ........................................................................................ 2
`
`
`
`I.
`
`II.
`
`III. Background and Qualifications ....................................................................... 2
`
`IV. Level of Ordinary Skill .................................................................................... 7
`
`V.
`
`Claim Terms .................................................................................................... 8
`
`A.
`
`B.
`
`“Provisioning Information” (Claims 1 and 15) ..................................... 8
`
`“Virtual Private Network Communication Link” (Claims 1, 3,
`15, and 17) ...........................................................................................10
`
`1.
`
`2.
`
`3.
`
`4.
`
`5.
`
`A “Virtual Private Network Communication Link”
`Requires a Virtual Private Network ..........................................11
`
`“Authentication” and “Address Hopping” Alone Do Not
`Result in a “Virtual Private Network Communication
`Link” .........................................................................................11
`
`A “Virtual Private Network Communication Link” Must
`Be Direct ...................................................................................14
`
`A “Virtual Private Network Link” Requires a Network ...........15
`
`A “Virtual Private Network Link” Requires Encryption ..........16
`
`C. Other Terms .........................................................................................18
`
`VI. Beser and RFC 2401 ......................................................................................19
`
`A.
`
`B.
`
`Beser’s Disclosure ...............................................................................19
`
`Claims 1 and 15 ...................................................................................23
`
`1.
`
`“Send[ing] a Request to Look Up an Internet Protocol
`(IP) Address of a Second Network Device Based On a
`Domain Name Associated With the Second Network
`Device” ......................................................................................23
`
`i
`
`Page 2 of 38
`
`

`
`Case No. IPR2015-00866
`
`2.
`
`3.
`
`4.
`
`“Interception of the Request”....................................................25
`
`“Virtual Private Network Communication Link” .....................28
`
`Beser and RFC 2401 .................................................................29
`
`C. Dependent Claims ...............................................................................34
`
`1.
`
`2.
`
`Claim 17 ....................................................................................34
`
`Claims 2-11, 14, 16, 18-25, and 28 ...........................................34
`
`VII. Conclusion .....................................................................................................35
`
`
`
`ii
`
`Page 3 of 38
`
`

`
`
`
`I.
`
`Case No. IPR2015-00866
`
`I, FABIAN MONROSE, declare as follows:
`
`Introduction
`I have been retained by VirnetX Inc. (“VirnetX”) for this inter partes
`
`1.
`
`review proceeding. I understand that this proceeding involves U.S. Patent No.
`
`8,458,341 (“the ’341 patent”). I understand the ’341 patent is assigned to VirnetX
`
`and that it is part of a family of patents that stems from U.S. provisional
`
`application nos. 60/106,261 (“the ’261 application”), filed on October 30, 1998,
`
`and 60/137,704 (“the ’704 application”), filed on June 7, 1999. I understand that
`
`the ’341 patent is a continuation of U.S. application no. 13/049,552 filed March 16,
`
`2011 (“the ’552 application”), which is a continuation of U.S. application no.
`
`11/840,560 filed August 17, 2007 (now U.S. Patent No. 7,921,211, “the ’211
`
`patent”), which is a continuation of U.S. application no. 10/714,849 filed
`
`November 18, 2003 (now U.S. Patent No. 7,418,504, “the ’504 patent), which is a
`
`continuation of U.S. application no. 09/558,210 filed April 26, 2000 (“the ’210
`
`application,” abandoned). And I understand the ’210 application is a continuation-
`
`in-part of U.S. application no. 09/504,783 filed February 15, 2000 (now U.S.
`
`Patent 6,502,135, “the ’135 patent”), and that the ’135 patent is a continuation-in-
`
`part of U.S. application no. 09/429,643 filed October 29, 1999 (now U.S. Patent
`
`No. 7,010,604), which claims priority to the ’261 and ’704 applications.
`
`1
`
`Page 4 of 38
`
`

`
`Case No. IPR2015-00866
`
`II. Resources Consulted
`I have reviewed the ’341 patent, including claims 1-28. I have also
`2.
`
`reviewed the Petition for Inter Partes Review (Paper No. 1) filed with the U.S.
`
`Patent and Trademark Office (“Office”) by Apple Inc. on March 17, 2015 (Paper
`
`No. 1, the “Petition”). I have also reviewed the Patent Trial and Appeal Board’s
`
`(“Board”) decision to institute inter partes review (Paper No. 8, the “Decision”) of
`
`October 1, 2015.
`
`3.
`
`I understand that in this proceeding the Board instituted review of the
`
`’341 patent on one ground: (1) obviousness of claims 1–11, 14–25, and 28 over
`
`Beser and RFC 2401. I have reviewed the exhibits and other documentation
`
`supporting the Petition that are relevant to the Decision and the instituted grounds,
`
`and any other material that I reference in this declaration.
`
`III. Background and Qualifications
`I have a great deal of experience and familiarity with computer and
`4.
`
`network security, and have been working in this field since 1993 when I entered
`
`the Ph.D. program at New York University.
`
`5.
`
`I am currently a Professor of Computer Science at the University of
`
`North Carolina at Chapel Hill. I also hold an appointment as the Director of
`
`Computer and Information Security at the Renaissance Computing Institute
`
`(RENCI). RENCI develops and deploys advanced technologies to facilitate
`
`2
`
`Page 5 of 38
`
`

`
`Case No. IPR2015-00866
`
`research discoveries and practical innovations. To that end, RENCI partners with
`
`researchers, policy makers, and technology leaders to solve the challenging
`
`problems that affect North Carolina and our nation as a whole. In my capacity as
`
`Director of Computer and Information Security, I
`
`lead
`
`the design and
`
`implementation of new platforms for enabling access to, and analysis of, large and
`
`sensitive biomedical data sets while ensuring security, privacy, and compliance
`
`with regulatory requirements. At RENCI, we are designing new architectures for
`
`securing access to data (e.g., using virtual private networks and data leakage
`
`prevention technologies) hosted among many different institutions. Additionally, I
`
`serve on RENCI’s Security, Privacy, Ethics, and Regulatory Oversight Committee
`
`(SPOC), which oversees the security and regulatory compliance of technologies,
`
`designed under the newly-formed Data Science Research Program and the Secure
`
`Medical Research Workspace.
`
`6.
`
`I received my B.Sc. in Computer Science from Barry University in
`
`May 1993. I received my MSc. and Ph.D. in Computer Science from the Courant
`
`Institute of Mathematical Sciences at New York University in 1996 and 1999,
`
`respectively. Upon graduating from the Ph.D. program, I joined the Systems
`
`Security Group at Bell Labs, Lucent Technologies. There, my work focused on the
`
`analysis of
`
`Internet Security
`
`technologies
`
`(e.g.,
`
`IPsec and client-side
`
`authentication) and applying
`
`these
`
`technologies
`
`to Lucent’s portfolio of
`
`3
`
`Page 6 of 38
`
`

`
`Case No. IPR2015-00866
`
`commercial products. In 2002, I joined the Johns Hopkins University as Assistant
`
`Professor in the Computer Science department. I also served as a founding
`
`member of the Johns Hopkins University Information Security Institute (JHUISI).
`
`At JHUISI, I served a key role in building a center of excellence in Cyber Security,
`
`leading efforts in research, education, and outreach.
`
`7.
`
`In July of 2008, I joined the Computer Science department at the
`
`University of North Carolina (UNC) Chapel Hill as Associate Professor, and was
`
`promoted to Full Professor four years later. In my current position at UNC Chapel
`
`Hill, I work with a large group of students and research scientists on topics related
`
`to cyber security. My former students now work as engineers at several large
`
`companies, as researchers in labs, or as university professors themselves. Today,
`
`my research focuses on applied areas of computer and communications security,
`
`with a focus on traffic analysis of encrypted communications (e.g., Voice over IP);
`
`Domain Name System (DNS) monitoring for performance and network abuse;
`
`network security architectures for traffic engineering; biometrics and client-to-
`
`client authentication techniques; computer forensics and data provenance; runtime
`
`attacks and defenses for hardening operating system security; and large-scale
`
`empirical analyses of computer security incidents. I also regularly teach courses in
`
`computer and information security.
`
`4
`
`Page 7 of 38
`
`

`
`Case No. IPR2015-00866
`
`8.
`
`I have published over 80 papers in prominent computer and
`
`communications security publications. My research has received numerous
`
`awards, including the Best Student Paper Award (IEEE Symposium on Security &
`
`Privacy, July, 2013), the Outstanding Research in Privacy Enhancing Technologies
`
`Award (July, 2012), the AT&T Best Applied Security Paper Award (NYU-Poly
`
`CSAW, Nov., 2011), and the Best Paper Award (IEEE Symposium on Security &
`
`Privacy, May, 2011), among others. My research has also received corporate
`
`sponsorship, including two Google Faculty Research Awards (2009, 2011) for my
`
`work on network security and computer forensics, as well as an award from
`
`Verisign Inc. (2012) for my work on DNS.
`
`9.
`
`I am the sole inventor or a co-inventor on three issued US patents and
`
`four pending patent applications, nearly all of which relate to network and systems
`
`security. Over the past 12 years, I have been the lead investigator or a
`
`co-investigator on grants totaling nearly nine million US dollars from the National
`
`Science Foundation (NSF), the Department of Homeland Security (DHS), the
`
`Department of Defense (DoD), and industry. In 2014, I was invited to serve on the
`
`Information Science and Technology (ISAT) study group for the Defense
`
`Advanced Research Projects Agency (DARPA). During my
`
`three year
`
`appointment, I will assist DARPA by providing continuing and independent
`
`5
`
`Page 8 of 38
`
`

`
`Case No. IPR2015-00866
`
`assessment of the state of advanced information science and technology as it
`
`relates to the U.S. Department of Defense.
`
`10.
`
`I have chaired several international conferences and workshops,
`
`including for example, the USENIX Security Symposium, which is the premier
`
`systems-security conference for academics and practitioners alike. Additionally, I
`
`have also served as Program Chair for the USENIX Workshop on Hot Topics in
`
`Security, the Program Chair for the USENIX Workshop on Large-Scale Exploits &
`
`Emergent Threats, the local arrangements Chair for the Financial Cryptography
`
`and Data Security Conference, the General Chair of the Symposium on Research in
`
`Attacks and Defenses, and the Co-Chair and Chair for the Symposium on Research
`
`in Attacks and Defenses in 2015 and 2016, respectively. As a leader in the field, I
`
`have also served on numerous technical program committees including the
`
`Symposium on Electronic Crime Research (2016), Research in Attacks, Intrusions,
`
`and Defenses Symposium (2012, 2013), USENIX Security Symposium (2013,
`
`2005-2009), Financial Cryptography and Data Security (2011, 2012), Digital
`
`Forensics Research Conference (2011, 2012), ACM Conference on Computer and
`
`Communications Security (2009-2011, 2013), IEEE Symposium on Security and
`
`Privacy (2007, 2008), ISOC Network & Distributed System Security (2006—
`
`2009), International Conference on Distributed Computing Systems (2005, 2009,
`
`6
`
`Page 9 of 38
`
`

`
`Case No. IPR2015-00866
`
`2010), and USENIX Workshop on Large-scale Exploits and Emergent Threats
`
`(2010-2012).
`
`11. From 2006 to 2009, I served as an Associate Editor for IEEE
`
`Transactions on Information and Systems Security (the leading technical journal
`
`on cyber security), and currently serve on the Steering Committee for the USENIX
`
`Security Symposium.
`
`12. My curriculum vitae, which is appended, details my background and
`
`technical qualifications. Although I am being compensated at my standard rate of
`
`$450/hour for my work in this matter, the compensation in no way affects the
`
`statements in this declaration.
`
`IV. Level of Ordinary Skill
`I am familiar with the level of ordinary skill in the art with respect to
`13.
`
`the inventions of the ’341 patent as of what I understand is the patent’s early-2000
`
`priority date. Specifically, based on my review of the technology, the educational
`
`level of active workers in the field, and drawing on my own experience, I
`
`believe a person of ordinary skill in art at that time would have had a master’s
`
`degree in computer science or computer engineering, as well as two years of
`
`experience in computer networking with some accompanying exposure to network
`
`security. My view is consistent with VirnetX’s view that a person of ordinary skill
`
`in the art requires a master’s degree in computer science or computer engineering
`
`7
`
`Page 10 of 38
`
`

`
`Case No. IPR2015-00866
`
`and approximately two years of experience in computer networking and computer
`
`security. I have been asked to respond to certain opinions offered by Dr. Roberto
`
`Tamassia, consider how one of ordinary skill would have understood certain claim
`
`terms, and consider how one of ordinary skill in the art would have understood the
`
`references mentioned above in relation to the claims of the ’341 patent. My
`
`findings are set forth below.
`
`V. Claim Terms
`I understand that in an inter partes review proceeding, the claims of a
`14.
`
`patent are construed under the broadest reasonable interpretation in light of the
`
`specification. I also understand that the parties have proposed constructions for
`
`certain terms of the ’341 patent. Unless otherwise noted, I have used Patent
`
`Owner’s proposed constructions in my analysis. In my opinion, Patent Owner’s
`
`proposed constructions are consistent with the specification. To the extent Patent
`
`Owner has not proposed a construction for a term, I understand that term to have
`
`its plain and ordinary meaning from the perspective of one of ordinary skill in the
`
`art in light of the specification. I have applied this understanding in my analysis.
`
`
`
`A.
`15.
`
`“Provisioning Information” (Claims 1 and 15)
`
`I understand that the parties and the Board have put forth the following
`
`constructions for purposes of this proceeding:
`
`8
`
`Page 11 of 38
`
`

`
`Case No. IPR2015-00866
`
`Patent Owner’s Proposed
`Construction
`Information that is used to
`establish a virtual private
`network communication link
`
`
`Petitioner’s Proposed
`Construction
`Information that enables
`communication in a virtual
`private network
`
`Decision’s
`Construction
`No construction
`proposed
`
`16.
`
`In my opinion, Patent Owner’s construction is consistent with the
`
`general notion that provisioning refers to setting up or establishing a connection or
`
`service.
`
` One dictionary explains
`
`that provisioning
`
`is “[s]etting up a
`
`telecommunications service for a particular customer,” and that “[c]ommon
`
`carriers provision circuits by programming their computers to switch customer
`
`lines into the appropriate networks.” (Ex. 2007 at 6, McGraw-Hill Computer
`
`Desktop Encyclopedia (9th ed. 2001).) Applying these principles to provisioning
`
`in the context of the ’341 patent, virtual private network communication link
`
`provisioning refers to setting up or establishing a virtual private network
`
`communication link. Thus, in the context of the ’341 patent, the “provisioning
`
`information” is “information that is used to establish a virtual private network
`
`communication link.”
`
`17.
`
`In my opinion, in the context of the ’341 patent, one of ordinary skill in
`
`the art would not understand provisioning information to encompass any and all
`
`information that merely “enables or aids in” communication using a virtual private
`
`network communication link, as that information may have nothing to do with
`
`provisioning. For example, information that simply enabled or aided in
`
`9
`
`Page 12 of 38
`
`

`
`Case No. IPR2015-00866
`
`communication using a virtual private network communication link would
`
`encompass source and destination information for individual packets of data that
`
`are traveling over a pre-existing channel. One of ordinary skill in the art would not
`
`have understood a virtual private network communication link to be provisioned
`
`every time a data packet is sent across it.
`
`B.
`
`“Virtual Private Network Communication Link” (Claims 1, 3, 15,
`and 17)
`
`18.
`
`I understand that the parties and the Board have put forth the following
`
`constructions for purposes of this proceeding:
`
`Patent Owner’s Proposed
`Construction
`A communication path
`between two devices in a
`virtual private network
`
`Decision’s Construction
`
`No construction proposed
`
`Petitioner’s Proposed
`Construction
`A transmission path
`between two devices that
`restricts access to data,
`addresses, or other
`information on the path,
`generally using obfuscation
`methods to hide
`information on the path,
`including, but not limited
`to, one or more of
`authentication, encryption,
`or address hopping
`
`
`
`19. One of ordinary skill in the art would have understood that a “virtual
`
`private network link” (or “VPN communication link”) in view of the specification
`
`is “a communication path between two devices in a virtual private network,” where
`
`a virtual private network is a network of computers which privately and directly
`
`10
`
`Page 13 of 38
`
`

`
`Case No. IPR2015-00866
`
`communicate with each other by encrypting traffic on insecure paths between the
`
`devices where the communication is both secure and anonymous.
`
`1.
`
`A “Virtual Private Network Communication Link”
`Requires a Virtual Private Network
`
`20. One of ordinary skill in the art would have understood that as
`
`explained in the ’341 patent, a VPN communication link requires a virtual private
`
`network. First, the claim term “VPN communication link” expressly requires a
`
`“VPN.” The specification is also consistent. For example, the patent explains that
`
`when a secure domain name service (SDNS) receives a query for a secure network
`
`address, it “accesses VPN gatekeeper 3314 for establishing a VPN communication
`
`link between software module 3309 [at the querying computer 3301] and secure
`
`server 3320.” (Ex. 1001 at 51:54-56.) Then, “VPN gatekeeper 3314 provisions
`
`computer 3301 and secure web server computer 3320 . . . thereby creating the
`
`VPN” between the devices. (Ex. 1001 at 51:57-60.) Secure server 3320 “can only
`
`be accessed through a VPN communication link.” (Ex. 1001 at 51:56-57.) And
`
`“[f]urther communication between computers 3301 and 3320 occurs via the VPN”
`
`through the VPN link. (Ex. 1001 at 52:20-22.)
`
`2.
`
`“Authentication” and “Address Hopping” Alone Do Not
`Result in a “Virtual Private Network Communication Link”
`
`21. Of the obfuscation methods listed in the Petitioner’s proposed
`
`construction—authentication, encryption, and address hopping—only encryption
`
`11
`
`Page 14 of 38
`
`

`
`Case No. IPR2015-00866
`
`restricts access to “data, addresses, or other information on the path,” as required
`
`by the first portion of Petitioner’s construction. (Pet. at 14-15.) Authentication
`
`and address hopping alone do not “hide information on the path,” as Petitioner’s
`
`construction requires. (Id.)
`
`22. One of ordinary skill in the art would have understood that
`
`authentication merely “[e]nsur[es] that a message originated from the expected
`
`sender and has not been altered on route.” (Ex. 2008 at 3, Glossary for the Linux
`
`FreeS/WAN Project.) Authentication alone does not prevent an eavesdropper from
`
`accessing data
`
`transmitted over an unsecure communication
`
`link.
`
` The
`
`specification is consistent with this understanding. For instance, the specification
`
`describes at least one scenario where an authenticated transmission occurs “in the
`
`clear”—i.e., over an unsecured communication link:
`
`SDNS [secure domain name service] 3313 can be accessed
`through secure portal 3310 “in the clear”, that is, without using
`an administrative VPN communication link. In this situation,
`secure portal 3310 preferably authenticates the query using any
`well-known technique, such as a cryptographic technique,
`before allowing the query to proceed to SDNS [3313].
`
`(Ex. 1001 at 52:1-6.) Authentication is not sufficient by itself to “hide information
`
`on the path,” as required by Petitioner’s proposed construction.
`
`12
`
`Page 15 of 38
`
`

`
`Case No. IPR2015-00866
`
`23. One of ordinary skill in the art would also have understood that address
`
`hopping alone also does not hide information, as there is nothing inherent in
`
`moving from address to address that hides information on the path or precludes an
`
`eavesdropper from reading the details of a communication. Consistent with this
`
`understanding, the ’341 patent discloses embodiments that use encryption in
`
`conjunction with address hopping to protect, for example, the next address in a
`
`routing scheme from being viewed by eavesdroppers. (See, e.g., Ex. 1001 at 3:36-
`
`50, stating in part that “[e]ach TARP packet’s true destination is concealed behind
`
`a layer of encryption generated using a link key.”) It is the encryption that hides
`
`information on the path while moving from address to address. (See, e.g., Ex.
`
`1001 at 3:16-4:40.) Address hopping is not sufficient by itself to “hide information
`
`on the path,” as required by Petitioner’s proposed construction.
`
`24.
`
`I understand that Petitioner asserted that I agreed during my cross-
`
`examination in another case that address hopping hides information on the path.
`
`(Pet. at 12, citing Ex. 1055 at 113:16-114:12.) Petitioner’s understanding is
`
`misplaced. I do not agree that address hopping does this. Indeed, as I explained
`
`during that examination, address hopping simply makes it such that “[y]ou may not
`
`be able to determine in isolation who is speaking to whom.” (Ex. 1055 at 114:1-6.)
`
`That is, address hopping may make it more difficult to determine the originating
`
`13
`
`Page 16 of 38
`
`

`
`Case No. IPR2015-00866
`
`and terminating devices, but it alone does not “hide” the addresses. Nor does
`
`authentication.
`
`3.
`
`A “Virtual Private Network Communication Link” Must Be
`Direct
`
`25. The understanding that a VPN communication link is a direct link is
`
`consistent with the specification. For instance, in one embodiment, the ’341 patent
`
`describes the link between an originating TARP terminal and a destination TARP
`
`terminal as direct. (See, e.g., Ex. 1001 at 10:9-18, Fig. 2; see also id. at 34:7-12
`
`(describing a variation of the TARP embodiments as including a direct
`
`communication link); 38:34-37 (describing the embodiment of Figure 24 in which
`
`a first computer and second computer are connected directly).) The ’341 patent
`
`similarly describes direct communications in later embodiments as well. (See, e.g.,
`
`id. at 40:32-35, 41:25-28 (describing a virtual private network as being direct
`
`between a user’s computer and target), 42:32-36, 43:25-29 (describing a load
`
`balancing example in which a virtual private network is direct between a first host
`
`and a second host), 49:8-10, 49:16-31 (describing a secure communication link that
`
`is direct between a first computer and a second computer), Figs. 24, 26, 28, 29,
`
`33.)
`
`26.
`
`In each of these embodiments, the ’341 patent specification discloses
`
`that the link traverses a network (or networks) through which it is simply passed or
`
`14
`
`Page 17 of 38
`
`

`
`Case No. IPR2015-00866
`
`routed via various network devices such as Internet Service Providers, firewalls,
`
`and routers. (See, e.g., id. at Figs. 2, 24, 28, 29, 33.)
`
`27.
`
`I thus agree that a VPN communication link is a direct link.
`
`A “Virtual Private Network Link” Requires a Network
`
`4.
`28. As I noted above, one of ordinary skill in the art would have
`
`understood that the term “VPN link” must exist in a virtual private “network.”
`
`Accordingly, such a link must be between devices in a network. The specification
`
`is consistent with this understanding. For example, in describing a VPN, the ’341
`
`patent refers to the “FreeS/WAN” project, which has a glossary of terms. (Ex.
`
`1001 at 39:62 and bibliographic data showing references cited.) The FreeS/WAN
`
`glossary defines a VPN as “a network which can safely be used as if it were
`
`private, even though some of its communication uses insecure connections. All
`
`traffic on those connections is encrypted.” (Ex. 2008 at 24, Glossary for the Linux
`
`FreeS/WAN Project.) According to this glossary, a VPN includes at least the
`
`requirement of a “network of computers.” (Id.)
`
`29. The specification describes a VPN as including multiple “nodes.”
`
`(See, e.g., Ex. 1001 at 17:31-35, referring to “each node in the network” and
`
`“vastly increasing the number of distinctly addressable nodes,” 22:6, “nodes on the
`
`network”; see also id. 19:56-58, 24:54, 25:23-29 (disclosing an arrangement in
`
`which six nodes are “split up into two private virtual networks such that nodes on
`
`15
`
`Page 18 of 38
`
`

`
`Case No. IPR2015-00866
`
`one VPN can communicate with only the other two nodes of its own VPN”.) The
`
`specification explains that the network allows “[e]ach node . . . to communicate
`
`with other nodes in the network.” (Ex. 1001 at 17:35-37.) So a device within a
`
`VPN is able to communicate with the other devices within that same VPN. In
`
`addition, the specification distinguishes point-to-point queries from those carried
`
`on a VPN communication link, stating that they occur “without using an
`
`administrative VPN communication link.” (See, e.g., Ex. 1001 at 52:1-3, 52:6-9.)
`
`A “Virtual Private Network Link” Requires Encryption
`
`5.
`In my opinion, one of skill would have understood that a “virtual
`
`30.
`
`private network communication link” in the context of the ’341 patent requires
`
`encryption.
`
`31. For instance, the patent specification teaches that “data security is
`
`usually tackled using some form of data encryption,” and it repeatedly discusses
`
`using encryption. (Ex. 1001 at 1:57-58; see also id. at 3:17-19 (“TARP”
`
`embodiments described as using a “unique two-layer encryption format”), 3:36-37
`
`(“[e]ach TARP packet’s true destination address is concealed behind a layer of
`
`encryption”), 4:7-9 (“[t]he message payload is hidden behind an inner layer of
`
`encryption”), 10:28-29, 11:45-52, 34:38-39.)
`
`32.
`
`In addition, as described above, the FreeS/WAN glossary of terms in
`
`the ’341 patent’s prosecution history explains that a VPN is “a network which can
`
`16
`
`Page 19 of 38
`
`

`
`Case No. IPR2015-00866
`
`safely be used as if it were private, even though some of its communication uses
`
`insecure connections. All traffic on those connections is encrypted.” (Ex. 2008 at
`
`24, Glossary for
`
`the Linux FreeS/WAN Project.)
`
` Consistent with
`
`the
`
`specification’s disclosures, a 2001 computing dictionary discloses that “VPNs
`
`enjoy the security of a private network via access control and encryption . . . .”
`
`(Ex. 2007 at 8, McGraw-Hill Computer Desktop Encyclopedia (9th ed. 2001).)
`
`33.
`
`I understand that Petitioner contends that I agreed during cross-
`
`examination for another case that the specification of a related patent has
`
`“opposing views” as to the meaning of secure communication. (Pet. at 12, citing
`
`Ex. 1055 at 113:16-114:12, 74:12-14.) I disagree with Petitioner’s representation.
`
`First, neither of the sections to which Petitioner cites discusses any “opposing
`
`views” of secure communication. (See Ex. 1055 at 113:16-114:12, 74:12-14.)
`
`Further, where I did use the phrase, it was in response to a question as to whether
`
`the specification includes an explicit definition for “secure communication link.”
`
`(Id. at 66:11-17.) In reply, I stated that I believe the parties had “opposing views”
`
`on the term. (Id.) I disagree that the specification of that related patent and the
`
`’341 patent has opposing views as to the meaning of secure communication.
`
`17
`
`Page 20 of 38
`
`

`
`Case No. IPR2015-00866
`
`C. Other Terms
`I understand that the parties and Board have provided the following
`34.
`
`constructions for purposes of this proceeding. I agree that the claim language
`
`encompasses the features described in each of VirnetX’s constructions.
`
`
`
`No construction proposed
`
`“Interception of the Request” (Claims 1, 11, 14, 15, 25, and 28)
`Decision’s Construction
`Patent Owner’s Proposed
`Petitioner’s Proposed
`Construction
`Construction
`No construction
`Receiving a request
`necessary; alternatively,
`pertaining to a first entity
`receiving a request to look
`at another entity
`up an internet protocol
`address and, apart from
`resolving it into an
`address, performing an
`evaluation on it related to
`establishing a virtual
`private network
`communication link
`“Secure Communications Service” (Claims 1, 2, 4, 6, 11, 15, 16, 18, 20, and 25)
`Decision’s Construction
`Patent Owner’s Proposed
`Petitioner’s Proposed
`Construction
`Construction
`The functional
`The functional
`configuration of a
`configuration of a
`network device that
`network device that
`enables it to participate in
`enables it to participate in
`a secure communications
`a secure communications
`link with another network
`link with another
`device
`computer or device
`“Indication” (Claims 1 and 15)
`Decision’s Construction
`Patent Owner’s Proposed
`Petitioner’s Proposed
`Construction
`Construction
`No construction necessary Something that shows the
`probable presence or
`existence or nature of
`“Domain Name” (Claims 1 and 15)
`
`No construction proposed
`
`No construction proposed
`
`18
`
`Page 21 of 38
`
`

`
`Patent Owner’s Proposed
`Construction
`A name corresponding to
`a network address
`
`Case No. IPR2015-00866
`
`Decision’s Construction
`
`No construction proposed
`
`Petitioner’s Proposed
`Construction
`A name corresponding to
`an IP address
`“Modulation” (Claims 7, 8, 21, and 22)
`Decision’s Construction
`Patent Owner’s Proposed
`Petitioner’s Proposed
`Construction
`Construction
`No construction
`The process of encoding
`necessary, alternatively,
`data for transmission over
`the process of encoding
`a medium by varying a
`data for transmission over
`carrier signal
`a medium by varying a
`carrier signal.
`
`VI. Beser and RFC 2401
`A. Beser’s Disclosure
`35. Beser “relates to communications in data networks,” (Ex. 1007 at 1:8–
`
`No construction proposed
`
`9), and the fact that “the Internet is not a very secure network,” (id. at 1:26–27).
`
`Prior art methods attempted to secure communications by “encrypt[ing] the
`
`information inside the IP packets before transmission.” (Id. at 1:54–56.) Beser
`
`teaches that this method is not secure because a determined hacker could
`
`accumulate enough packets from a source to decrypt the message. (Ex. 1007 at
`
`1:56–58.) Nor, as Beser teaches, is this method practicable, especially in the
`
`context of voice and audio data, because encryption at the source and decryption at
`
`the destination are computationally intensive. (Ex. 1007 at 1:58–67, 2:8–17.)
`
`Beser therefore identifies a need for a more secure system that prevents a hacker
`
`19
`
`Page 22 of 38
`
`

`
`Case No. IPR2015-00866
`
`from intercepting media flow without the computational burden associated with
`
`encryption. (Ex. 1007 at 2:36–40.)
`
`36.
`
`Instead of using encryption, Beser teaches a “tunnelin

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket