`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`____________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`____________________
`
`
`
`APPLE INC.
`Petitioner,
`
`v.
`
`VIRNETX, INC. AND SCIENCE APPLICATION INTERNATIONAL
`CORPORATION,
`Patent Owner.
`
`Patent No. 8,560,705
`Issued: October 15, 2013
`Filed: January 3, 2012
`Inventors: Victor Larson, et al.
`Title: SYSTEM AND METHOD EMPLOYING AN AGILE NETWORK
`PROTOCOL FOR SECURE COMMUNICATIONS USING SECURE DOMAIN
`NAMES
`
`____________________
`
`Inter Partes Review No. IPR2015-00870
`__________________________________________________________________
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,560,705
`
`
`
`
`
`
`
`
`
`
`I.
`
`Table of Contents
`
`Introduction .................................................................................................... 1
`A. Certification the ’0705 Patent May Be Contested by Petitioner ..... 1
`B.
`Fee for Inter Partes Review (§ 42.15(a)) ........................................... 1
`C. Mandatory Notices (37 CFR § 42.8(b)) ............................................. 1
`1.
`Real Party in Interest (§ 42.8(b)(1)) ............................................ 1
`2.
`Other Proceedings (§ 42.8(b)(2)) ................................................ 2
`3.
`Lead and Backup Lead Counsel (§ 42.8(b)(3)) .......................... 2
`4.
`Service Information (§ 42.8(b)(4)) ............................................. 2
`5.
`Proof of Service (§§ 42.6(e) and 42.105(a)) ............................... 2
`
`II.
`
`Identification of Claims Being Challenged (§ 42.104(b)) ........................... 2
`
`B.
`C.
`D.
`E.
`
`III. Relevant Information Concerning the Contested Patent .......................... 3
`A. Overview of the ’0705 Patent ............................................................. 3
`1.
`The ’0705 Patent Specification ................................................... 3
`2.
`Representative Claims ................................................................ 5
`Patent Owner’s Assertion of Related Patents ................................... 6
`Effective Filing Date ............................................................................ 6
`The Person of Ordinary Skill in the Art ........................................... 8
`Claim Construction ............................................................................. 9
`1.
`“interception of a request” .......................................................... 9
`2.
`“domain name” ......................................................................... 10
`3.
`“secure communication link” .................................................... 11
`4.
`“phone” ..................................................................................... 12
`5.
`“secure communications service” ............................................. 13
`6.
`“virtual private network link” ................................................... 14
`7.
`“secure domain name” .............................................................. 15
`8.
`“modulated transmission link” /
`“unmodulated transmission link” .............................................. 16
`i
`
`
`
`
`
`2.
`
`c)
`
`IV. Analysis of the Patentability of the ’0705 Patent ...................................... 17
`A. Overview of Beser (Ex. 1007) ........................................................... 17
`a)
`Request Containing a Unique Identifier ......................... 19
`b)
`Negotiation of Private IP Addresses ............................... 22
`B. Overview of RFC 2401 (Ex. 1008) ................................................... 24
`C. Overview of Brand (Ex. 1012) .......................................................... 26
`D.
`Beser (Ex. 1007) In View of RFC 2401 (Ex. 1008) Would Have
`Rendered Obvious Claims 1-23, 25-30 ............................................ 26
`1.
`A Person of Ordinary Skill Would Have Found It Obvious to
`Encrypt IP Traffic in the Beser Scheme Based on the Teachings
`in Beser and RFC 2401 ............................................................. 30
`Independent Claims 1 and 16 Would Have Been Obvious ...... 34
`a)
`Claim 16 Preamble ......................................................... 34
`b)
`“facilitat[e/ing] a connection with the target device over a
`secure communication link” ........................................... 35
`“created based on (i) interception of a request … to look
`up an internet protocol (IP) address . . . based on a
`domain name” ................................................................. 36
`“created based on … (ii) a determination … that… a
`secure communication link can be established” ............. 37
`“allow[ing] participation in audio/video communications
`… over the secure communication link” ........................ 40
`Additional System Elements of Claim 1 ........................ 41
`f)
`Claims 2 and 17 Would Have Been Obvious ........................... 43
`3.
`Claims 3 and 18 Would Have Been Obvious ........................... 43
`4.
`Claims 14 and 29 Would Have Been Obvious ......................... 43
`5.
`Claims 15 and 30 Would Have Been Obvious ......................... 44
`6.
`Claims 4 and 20 Would Have Been Obvious ........................... 44
`7.
`Claims 5 and 19 Would Have Been Obvious ........................... 46
`8.
`Claims 6 and 21 Would Have Been Obvious ........................... 47
`9.
`10. Claims 7 and 22 Would Have Been Obvious ........................... 48
`
`d)
`
`e)
`
`
`
`ii
`
`
`
`
`
`11. Claim 8 Would Have Been Obvious ......................................... 49
`12. Claim 9 and 23 Would Have Been Obvious ............................. 51
`13. Claims 10, 11, 25 and 26 Would Have Been Obvious ............. 51
`14. Claims 12 and 27 Would Have Been Obvious ......................... 53
`15. Claims 13 and 28 Would Have Been Obvious ......................... 53
`Beser In View of RFC 2401 In View of Brand (Ex. 1012) Would
`Have Rendered Obvious Claim 24 ................................................... 54
`No Secondary Considerations Exist ................................................ 56
`
`E.
`
`F.
`
`V. Conclusion .................................................................................................... 56
`
`
`
`iii
`
`
`
`Petition in IPR2015-00870
`
`I.
`
`Introduction
`A. Certification the ’0705 Patent May Be Contested by Petitioner
`Petitioner certifies that U.S. Patent No. 8,560,705 (Ex. 1050) (the ’0705
`
`patent) is available for inter partes review. Petitioner also certifies it is not barred
`
`or estopped from requesting inter partes review of the claims of the ’0705 patent.
`
`Neither Petitioner, nor any party in privity with Petitioner, has filed a civil action
`
`challenging the validity of any claim of the ’0705 patent. The ’0705 patent has not
`
`been the subject of a prior inter partes review by Petitioner or a privy of Petitioner.
`
`Petitioner also certifies this petition for inter partes review is timely filed as
`
`it has never been asserted against Petitioner in litigation. Thus, because there is no
`
`patent owner’s action, this petition complies with 35 U.S.C. § 315(b). Petitioner
`
`also notes that the timing provisions of 35 U.S.C. § 311(c) and 37 C.F.R.
`
`§ 42.102(a) do not apply to the ’0705 patent, as it pre-dates the first-to-file system.
`
`See Pub. L. 112-274 § 1(n), 126 Stat. 2456 (Jan. 14, 2013).
`
`Fee for Inter Partes Review (§ 42.15(a))
`
`B.
`The Director is authorized to charge the fee specified by 37 CFR § 42.15(a)
`
`to Deposit Account No. 50-1597.
`
`C. Mandatory Notices (37 CFR § 42.8(b))
`1.
`Real Party in Interest (§ 42.8(b)(1))
`The real party in interest of this petition pursuant to § 42.8(b)(1) is Apple
`
`Inc. (“Apple”) located at One Infinite Loop, Cupertino, CA 95014.
`
`1
`
`
`
`Petition in IPR2015-00870
`
`2. Other Proceedings (§ 42.8(b)(2))
`IPR2015-00871 filed concurrently also involves the ’0705 patent. Each
`
`petition advances unique grounds and are based on different primary references.
`
`The present petition and IPR2015-00871 present unique correlations of the
`
`challenged ’0705 claims to the prior art, and each warrants independent institution
`
`of trial. Petitioner respectfully requests the Board institute each petition, as each
`
`presents distinct and non-redundant grounds.
`
`Lead and Backup Lead Counsel (§ 42.8(b)(3))
`
`3.
`Lead Counsel is: Jeffrey P. Kushan (Reg. No. 43,401), jkushan@sidley.com,
`
`(202) 736-8914. Back-Up Lead Counsel are: Scott Border (pro hac to be
`
`requested), sborder@sidley.com, (202) 736-8818; and Thomas A. Broughan III
`
`(Reg. No. 66,001), tbroughan@sidley.com, (202) 736-8314.
`
`Service Information (§ 42.8(b)(4))
`
`4.
`Service on Petitioner may be made by e-mail (iprnotices@sidley.com), mail
`
`or hand delivery to: Sidley Austin LLP, 1501 K Street, N.W., Washington, D.C.
`
`20005. The fax number for lead and backup lead counsel is (202) 736-8711.
`
`5.
`Proof of Service (§§ 42.6(e) and 42.105(a))
`Proof of service of this petition is provided in Attachment A.
`
`II.
`
`Identification of Claims Being Challenged (§ 42.104(b))
`Claims 1-30 of the ’0705 patent are unpatentable for being obvious under 35
`
`U.S.C. § 103. Specifically:
`
`
`
`2
`
`
`
`Petition in IPR2015-00870
`
`(i) Claims 1-23 and 25-30 are obvious under 35 U.S.C. § 103 based on
`
`U.S. Patent No. 6,496,867 to Beser (“Beser”) (Ex. 1007) in view of “RFC 2401,
`
`Security Architecture for the Internet Protocol,” (“RFC 2401”) (Ex. 1008) and the
`
`knowledge of a person of ordinary skill in the art; and
`
`(ii) Claim 24 is obvious under 35 U.S.C. § 103 based on Beser in view of
`
`RFC 2401 and further in view U.S. Patent No. 5,237,566 to Brand (“Brand”) (Ex.
`
`1012) and the knowledge of a person of ordinary skill in the art.
`
`Attachment B lists the evidence relied upon in support of this petition.
`
`III. Relevant Information Concerning the Contested Patent
`A. Overview of the ’0705 Patent
`1.
`The ’0705 Patent Specification
`The ’0705 patent is a member of a family of patents issued to Larson et al.,
`
`including, inter alia, U.S. Patent Nos. 6,502,135 (“ ’135 patent”), 7,188,180
`
`(“ ’180 patent”), 7,418,504 (“ ’504 patent”), 7,490,151 (“ ’151 patent”), 7,921,211
`
`(“ ’211 patent”), 7,987,274 (“ ’274 patent”), 8,051,181 (“ ’181 patent”), 8,504,697
`
`(“ ’697 patent”), 8,868,705 (“ ’8705 patent”), 8,850,009 (“’009 patent”), 8,516,131
`
`(“ ’131 patent”), and 8,458,341 (“ ’341 patent).1
`
`The ’0705 patent disclosure, like other members of this patent family, is
`
`
`1
`
`IPR2015-00866, -00867, -00868 and -00869 filed concurrently involve the
`
`’131 and ’341 patents.
`
`
`
`3
`
`
`
`Petition in IPR2015-00870
`
`largely focused on techniques for securely communicating over the Internet based
`
`on a protocol called the “Tunneled Agile Routing Protocol” or “TARP.” Ex. 1050
`
`at 3:16-19. According to the ’0705 specification, TARP allows for secure and
`
`anonymous communications by using tunneling, an IP address hopping scheme
`
`where the IP addresses of the end devices and routers participating in the system
`
`can change over time, and a variety of other security techniques. Ex. 1050 at 1:35-
`
`37, 3:16-6:9. Two short sections of the ’0705 specification – spanning primarily
`
`columns 39 to 41 and 49 to 53 – are directed to a different concept, namely,
`
`techniques for establishing secure communications in response to DNS requests
`
`specifying a secure destination. See Ex. 1050 at 39:4-41:59, 49:5-53:13. This
`
`material was added in a continuation-in-part application filed in February 2000. In
`
`proceedings involving related patents, Patent Owner has asserted that these short
`
`passages provide written description support for claim terms involving domain
`
`names, DNS requests, requests to look up IP addresses, and DNS servers.
`
`These portions of the ’0705 specification describe a “conventional DNS
`
`server” that purportedly is modified to include additional functionality that allows
`
`it to support the creation of virtual private networks. See Ex. 1050 at 39:63-40:25.
`
`According to the ’0705 specification, the “modified DNS server” (id. at 39:67-
`
`40:1) receives a request to look up a network address associated with a domain
`
`name, determines whether a secure site has been requested (for example, by
`
`
`
`4
`
`
`
`Petition in IPR2015-00870
`
`checking an internal table of sites), and then performs additional steps to support
`
`establishing a “virtual private network” with the secure site. See Ex. 1050 at 39:1-
`
`6, 39:46-62, 40:6-25, 40:65-41:15, 51:38-44. This process can include
`
`conventional devices such as personal computers running web browsers, proxy
`
`servers, intermediate routers, and web servers. Ex. 1050 at 39:63-40:5, 49:19-29,
`
`52:31-35.
`
`The ’0705 specification describes several optional features of this system,
`
`such as using “IP hopblocks” to create a VPN or incorporating user authentication.
`
`Ex. 1050 at 39:52-56, 40:16-18, 41:8-15, 51:52-65. It also describes several
`
`optional configurations of the “modified DNS server,” including a standalone DNS
`
`server and a system incorporating a DNS server, a DNS proxy server, and a
`
`gatekeeper. Ex. 1050 at 39:63-40:5.
`
`Representative Claims
`
`2.
`Independent claims 1 and 16 of the ’0705 patent define a network device and
`
`a method, respectively, but recite the same operative steps. See Ex. 1050 at 56:2-
`
`25, 57:4-25. Claim 16 is representative, specifying a method executed by a client
`
`device for communicating with a target device, the method comprising: (a)
`
`facilitating a connection with the target device over a secure communication link
`
`created based on (i) interception of a request, generated by the client device, to
`
`look up an internet protocol (IP) address of the target device based on a domain
`
`
`
`5
`
`
`
`Petition in IPR2015-00870
`
`name associated with the target device, and (ii) a determination as a result of the
`
`request that the target device is a device with which a secure communication link
`
`can be established; and (b) Allowing participation in audio/video communications
`
`with the target device over the secure communication link once the secure
`
`communication link is established.
`
`Patent Owner’s Assertion of Related Patents
`
`B.
`Patent Owner has asserted varying sets of claims of its patents in this family
`
`against Petitioner and other entities in numerous lawsuits. In August of 2010,
`
`Patent Owner sued Petitioner and five other entities (the “2010 Litigation”)
`
`asserting claims from the ’135, ’151, ’504, and ’211 patents. In November 2011,
`
`Patent Owner filed a lawsuit accusing Petitioner of infringing claims of the ’181
`
`patent. In December 2012, Patent Owner served a new complaint on Petitioner
`
`asserting infringement of numerous claims of the ’135, ’151, ’504, and ’211
`
`patents (the “2012 Litigation”). In August 2013, Patent Owner served an amended
`
`complaint adding the ’697 patent to the 2012 Litigation. Patent Owner also
`
`asserted patents from this family against Microsoft and others in separate lawsuits
`
`filed in February 2007, March 2010, and April 2013, and against numerous other
`
`defendants in actions filed in 2010 and 2011.
`
`C. Effective Filing Date
`The ’0705 patent issued from U.S. Appl. No. 13/342,795 (“the ’795
`
`
`
`6
`
`
`
`Petition in IPR2015-00870
`
`application”). The ’795 application claims the benefit as a continuation of the
`
`following applications: 13/049,552 (issued as U.S. Patent No. 8,572,247);
`
`11/840,560 (issued as the ’211 patent); 10/714,849 (issued as the ’504 patent); and
`
`09/558,210, filed April 26, 2000, and now abandoned. It also is designated a
`
`continuation-in-part of 09/504,783, filed on February 15, 2000 (“the ’783
`
`application”), which is a continuation-in-part of 09/429,643, filed on October 29,
`
`1999. The ’210, ’783 and ’643 applications also claim priority to 60/106,261, filed
`
`October 30, 1998 and 60/137,704, filed June 7, 1998.
`
`Claims 1 and 16 of the ’0705 patent are independent claims. Claims 2-15
`
`depend directly or indirectly from claim 1, and claims 17-30 depend directly from
`
`claim 15. Claims 2-15 and 17-30 cannot enjoy an effective filing date earlier than
`
`that of claims 1 and 16, respectively, from which they depend.
`
`Claims 1 and 16 of the ’0705 patent rely on information found only in the
`
`’783 application. For example, claim 1 of the ’0705 patent specifies a client device
`
`comprising a memory configured to facilitate intercepting a request “to look up an
`
`internet protocol (IP) address . . . based on a domain name” (emphasis added).
`
`Claim 16 specifies a method executed by a client device comprising facilitating a
`
`connection based on intercepting a request “to look up an internet protocol (IP)
`
`address . . . based on a domain name” (emphasis added). No application filed
`
`prior to the ’783 application mentions the term “domain name” much less provide
`
`
`
`7
`
`
`
`Petition in IPR2015-00870
`
`a written description of devices or methods corresponding to the ’0705 patent
`
`claims. In proceedings involving the related ’135, ’504, ’151, ’211, ’274 and ’697
`
`patents, Patent Owner has not disputed that claims reciting a “domain name” are
`
`not entitled to an effective filing date prior to February 15, 2000. See, e.g., Patent
`
`Owner Preliminary Oppositions in IPR2013-00348, -00349, -00354, -00375 to -
`
`00378, -00393, -00394, -00397, and -00398, as well as IPR2014-00237, -00238, -
`
`00403, -00404, and -00610; see also Inter Partes Reexamination Nos. 95/001,682,
`
`95/001,679, 95/001,697, 95/001,714, 95/001,788, and 95/001,789. Accordingly,
`
`the effective filing date of the ’0705 patent claims is no earlier than February 15,
`
`2000.
`
`D. The Person of Ordinary Skill in the Art
`A person of ordinary skill in the art in the field of the ’0705 patent would
`
`have been someone with a good working knowledge of networking protocols,
`
`including those employing security techniques, as well as computer systems that
`
`support these protocols and techniques. The person also would be very familiar
`
`with Internet standards related to communications and security, and with a variety
`
`of client-server systems and technologies. The person would have gained this
`
`knowledge either through education and training, several years of practical
`
`working experience, or through a combination of these. Ex. 1005 ¶ 148.
`
`
`
`
`
`
`
`8
`
`
`
`Petition in IPR2015-00870
`
`E. Claim Construction
`In this proceeding, claims must be given their broadest reasonable
`
`construction in light of the specification. 37 CFR § 42.100(b). The ’0705 patent
`
`shares a common disclosure and uses several of the same terms as the ’697, ’274,
`
`’180, ’151, ’504, and ’211 patents with respect to which Patent Owner has
`
`advanced constructions. Also, if Patent Owner contends terms in the claims should
`
`be read as having a special meaning, those contentions should be disregarded
`
`unless Patent Owner also amends the claims compliant with 35 U.S.C. § 112 to
`
`make them expressly correspond to those contentions. See 77 Fed. Reg. 48764 at
`
`II.B.6 (August 14, 2012); cf. In re Youman, 679 F.3d 1335, 1343 (Fed. Cir. 2012).
`
`In the constructions below, Petitioner identifies representative subject matter
`
`within the scope of the claims, read with their broadest reasonable interpretation.
`
`Petitioner expressly reserves its right to advance different constructions in any
`
`district court litigation, which employs a different claim construction standard.
`
`1.
`“interception of a request”
`Each independent claim requires “interception of a request.” In a related
`
`proceeding involving the ’697 patent, the Board interpreted the phrase
`
`“intercepting . . . a request” as including “receiving a request pertaining to a first
`
`entity at another entity.” IPR2014-00237, Paper 15 at 13 (May 14, 2014). The
`
`Board further explained that “intercepting” a request involves “receiving and
`
`
`
`9
`
`
`
`Petition in IPR2015-00870
`
`acting on” a request, the request being “intended for” receipt at a destination other
`
`than the destination at which the request is intercepted. Id. at 12. The Board’s
`
`construction is consistent with the ’0705 patent specification. Ex. 1005 at ¶ 122.
`
`The ’0705 patent does not expressly define “interception” of a request, but
`
`uses the term “intercepting” as meaning receiving a request at a device other than
`
`the device specified in the request. Ex. 1005 at ¶ 123. For example, the
`
`specification explains that a DNS proxy 2610 “intercepts” all DNS lookup
`
`functions to examine whether access to a secure site has been requested. Ex. 1050
`
`at 40:6-13, Figs. 26 & 27. The specification also shows the requests are routed to
`
`the DNS proxy instead of a DNS server 2609, which ordinarily would receive and
`
`resolve the domain name in the request. Id. at 39:7-9. Because the DNS proxy and
`
`DNS server are described as separate entities, the ’0705 patent uses the term
`
`“intercept” as meaning receipt of a message by a proxy server instead of the
`
`intended destination. Accordingly, the broadest reasonable interpretation of the
`
`term “interception of a request” includes “receiving a request pertaining to a first
`
`entity at another entity.” Ex. 1005 at ¶ 124.
`
`2.
`“domain name”
`Each independent claim recites the term “domain name.” The ’0705 patent
`
`does not define “domain name.” A “domain name” would be understood by a
`
`person of ordinary skill to be a hierarchical sequence of words in decreasing order
`
`
`
`10
`
`
`
`Petition in IPR2015-00870
`
`of specificity that corresponds to a numerical IP address. Ex. 1005 at ¶ 125. A
`
`more general description of “domain name” has been advanced by Patent Owner in
`
`other proceedings; namely, “a name corresponding to an IP address.” See, e.g.,
`
`Ex. 1042 at 14-15. Both definitions are reasonable; thus the broadest reasonable
`
`interpretation of “domain name” is “a name corresponding to an IP address.”
`
`Ex. 1005 at ¶ 125.
`
`3.
`“secure communication link”
`Each independent claim recites the term “secure communication link.” The
`
`’0705 patent does not define “secure communication link.” In IPR2014-00237
`
`involving the related ’697 patent, the Board interpreted the term “secure
`
`communications link” as “a transmission path that restricts access to data,
`
`addresses, or other information on the path, generally using obfuscation methods to
`
`hide information on the path, including, but not limited to, one or more of
`
`authentication, encryption, or address hopping.” Paper 15 at 10 (May 14, 2014).
`
`This interpretation is supported by Patent Owner’s own expert, who admitted that
`
`techniques such as “[a]ddress hopping may hide who is talking to whom” and
`
`“provide[] some amount of security,” and that the specification had at best
`
`“opposing views” as to what secure communications means. Deposition of Fabien
`
`Newman Monrose, PhD., IPR2014-00237, Exhibit 1083 at 113:16-114:12, 74:12-
`
`14 (Ex. 1055) (October 23, 2014); but see VirnetX, Inc. v. Cisco Systems, Inc., 767
`
`
`
`11
`
`
`
`Petition in IPR2015-00870
`
`F.3d 1308, 1319 (Fed. Cir. 2014) (construing “secure communication link” as
`
`recited in the ’504 and ’211 patents to require data security and anonymity).
`
`The Board’s prior interpretation is consistent with the ’0705 patent
`
`specification, which uses the phrase “secure communications link” in a manner
`
`that suggests that a “secure communication link” is one that permits computers to
`
`privately communicate with each other over a public network – a communication
`
`link would be “secure” if it protects the anonymity of the computers involved in
`
`the communications. See, e.g., Ex. 1050 at 39:24-33; Ex. 1005 at ¶ 127. The
`
`broadest reasonable interpretation of “secure communication link” in the context of
`
`the ’0705 claims is “a transmission path that restricts access to data, addresses,
`
`or other information on the path, generally using obfuscation methods to hide
`
`information on the path, including, but not limited to, one or more of
`
`authentication, encryption, or address hopping.” Ex. 1005 at ¶ 128.
`
`4.
`“phone”
`Dependent claims 3, 15, 18, and 30 recite the term “phone.” The ’0705
`
`patent does not define or use the term “phone” but states that “telephony” is an
`
`example of an “application program[]” that may be executed on a “computer
`
`node[].” Ex. 1050 at 21:23-30. “Phone” in the context of the ’0705 patent
`
`disclosure therefore encompasses a device or component that can provide
`
`telephony functionality. This is consistent with the ordinary meaning of “phone.”
`
`
`
`12
`
`
`
`Petition in IPR2015-00870
`
`Ex. 1005 at ¶ 129. The broadest reasonable interpretation of “phone” is therefore
`
`“a device or component that can provide telephony functionality.” Ex. 1005 at
`
`¶ 130.
`
`5.
`“secure communications service”
`Dependent claims 5 and 19 recite the term “secure communications
`
`service.” The ’0705 patent does not expressly define this term. In IPR2014-00237
`
`involving the related ’697 patent, the Board interpreted the term “secure
`
`communications service” as “the functional configuration of a network device that
`
`enables it to participate in a secure communication link with another network
`
`device.” Paper 15 at 10 (May 14, 2014). The Board’s prior interpretation is
`
`consistent with the ’0705 patent specification, which uses the phrase “secure
`
`communications service” in a manner that indicates the term simply refers to the
`
`capacity of two computers to participate in a secure communications link.
`
`Ex. 1005 at ¶ 133. For example, the ’0705 patent explains that the system
`
`“automatically sets up a virtual private network” when a request is received “for
`
`which secure communication services are defined.” Ex. 1050 at 39:46-51.
`
`Therefore, the broadest reasonable construction of the term “secure
`
`communications service” should encompass “the functional configuration of a
`
`network device that enables it to participate in a secure communications link
`
`with another computer or device.” Ex. 1005 at ¶ 134.
`
`
`
`13
`
`
`
`Petition in IPR2015-00870
`
`6.
`“virtual private network link”
`Dependent claims 6 and 21 require “a virtual private network link.” The
`
`’0705 patent does not provide an explicit definition for “virtual private network
`
`communication link.” In IPR2014-00481 involving the related ’180 patent, the
`
`Board interpreted “virtual private network communication link” to mean “a
`
`transmission path between two devices that restricts access to data, addresses, or
`
`other information on the path, generally using obfuscation methods to hide
`
`information on the path, including, but not limited to, one or more of
`
`authentication, encryption, or address hopping.” Paper 11 at 6-7 (Sept. 3, 2014).
`
`The Board also read the ’180 patent as employing various levels of security in a
`
`VPN that do not require encryption, such as authentication, or information or
`
`address hopping. Id. at 7.
`
`This is consistent with the ’0705 specification, which explains that “software
`
`module 3309 accesses secure server 3320 through VPN communication link 3321”
`
`and the communication link 3321 is shown as only the portion of the path between
`
`computer 3301 and server 3320 that is over network 3302. Ex. 1050 at 51:66-67,
`
`Fig. 33; Ex. 1005 at ¶ 137. The ’0705 patent uses the terms “VPN communication
`
`link” and “VPN link” interchangeably. See, e.g., Ex. 1003 at 51:66-52:10.
`
`Accordingly, the broadest reasonable interpretation of “virtual private network
`
`link” is “a transmission path between two devices that restricts access to data,
`
`
`
`14
`
`
`
`Petition in IPR2015-00870
`
`addresses, or other information on the path, generally using obfuscation
`
`methods to hide information on the path, including, but not limited to, one or
`
`more of authentication, encryption, or address hopping.” Ex. 1005 at ¶ 138.
`
`7.
`“secure domain name”
`Dependent claims 7 and 22 recite the term “secure domain name,” and
`
`specify a “secure domain name” is a type of “domain name.” In a related
`
`proceeding involving the ’180 patent, the Board found “a ‘secure domain name’ is
`
`a name that corresponds to a secure computer network address.” IPR2015-00481,
`
`Paper 11 at 8 (Sept. 3, 2014). This is consistent with the ’0705 patent disclosure.
`
`For example, the specification describes a “secure domain name” as a
`
`domain name that corresponds to the secure network address of a secure server
`
`3320. See Ex. 1050 at 51:15-51. The ’0705 patent also describes evaluating
`
`domain names in DNS requests to determine whether access to a secure site has
`
`been requested. Id. at 40:6-13. The disclosure also explains that “[e]ach secure
`
`computer network address is based on a non-standard top-level domain name, such
`
`as .scom, .sorg, .snet, .sedu, .smil and .sint.” Id. at 7:39-42. Accordingly, the
`
`broadest reasonable interpretation of the term “secure domain name” would be “a
`
`name that corresponds to a secure computer network address.” Ex. 1005 at
`
`¶ 141.
`
`
`
`
`
`
`
`15
`
`
`
`Petition in IPR2015-00870
`
`8.
`
`“modulated transmission link” /
`“unmodulated transmission link”
`Dependent claim 24 recites the term “unmodulated transmission link.”
`
`Dependent claims 10 and 25 recite the term “modulated transmission link.”
`
`Neither term is defined in the ’0705 patent. In IPR2014-00237 involving the
`
`related ’697 patent, the Board interpreted “modulation” to include “the process of
`
`encoding data for transmission.” Paper 15 at 14 (May 14, 2014). This is
`
`consistent with the ’0705 patent and the understanding of a person of ordinary skill
`
`in the art. Ex. 1005 at ¶¶ 92-94, 144. For example, the specification explains that
`
`transmission paths may comprise “logically separate paths contained within a
`
`broadband communication medium (e.g., separate channels in an FDM, TDM,
`
`CDMA, or other type of modulated or unmodulated transmission link).” Ex. 1050
`
`at 34:53-59.
`
`A person of skill would understand “unmodulated” and “modulated” to refer
`
`to whether data is encoded for transmission over a physical medium by varying or
`
`“modulating” a carrier signal. Ex. 1005 at ¶ 145. Any data transmitted via a
`
`modem (i.e., a “modulator-demodulator” device) is modulated. Id. Similarly, any
`
`data transmitted via a cellular network is modulated. Id. Conversely, any data
`
`transmitted via a baseband network is unmodulated. Id. Therefore, the broadest
`
`reasonable interpretation of “modulated transmission link” is “a communication
`
`medium for transmitting data that is encoded by varying a carrier signal.”
`
`
`
`16
`
`
`
`Petition in IPR2015-00870
`
`Ex. 1005 at ¶ 146. The broadest reasonable interpretation of “unmodulated
`
`transmission link” is “a communication medium for transmitting data that is not
`
`encoded by varying a carrier signal.” Id.
`
`IV. Analysis of the Patentability of the ’0705 Patent
`The ’0705 patent has two independent claims (claims 1 and 16), each of
`
`which specifies the same operative steps. See § III.A.2. Claim 16 is
`
`representative, and defines a client device executed process for facilitating a
`
`connection with a target device over a secure communication link based on
`
`intercepting a request to look up an IP address of the target device.
`
`A. Overview of Beser (Ex. 1007)
`Beser (Ex. 1007) was filed on August 27, 1999, and is prior art to the ’0705
`
`claims under 35 U.S.C. § 102(e). Ex. 1007 at 1. The operation and features of the
`
`Beser system are explained in greater detail in Ex. 1005 at ¶¶ 312-383.
`
`Beser describes methods and systems for establishing an IP tunneling
`
`association between originating (24) and terminating (26) end devices, with the aid
`
`of a first network device (14), a second network device (16), and a trusted-third-
`
`party network device (30). Ex. 1007 at 2:46-67. Fig. 1 provides an illustrative
`
`embodiment for the invention disclosed in Beser:
`
`
`
`17
`
`
`
`Petition in IPR2015-00870
`
`
`
`Id. at Fig. 1.
`
`Beser explains that the originating and terminating end devices can be
`
`telephony devices (including portable “VoIP devices” and “personal computers
`
`running facsimile or audio applications”) or multimedia devices (such as “Web-TV
`
`sets [], interactive video game players, [and] personal computers running
`
`multimedia applications”). Id. at 4:43-52. The first and second network devices
`
`may be edge routers, “gateway” computers, cable modems, or other network
`
`devices. Id. at 4:7-42. Beser further explains that the trusted-third-party network
`
`device can be “a back-end service, a