Page 1 of 17
`
`VIRNETX EXHIBIT 2011
`Apple v. VirnetX
`Trial IPR2015-00871
`
`

`
`
`
`Control Number: 95/001,269
`
`REMARKS
`
`Claims 1-10, 12, and 18 are under reexamination, with claims 1, 10, and 18 being
`
`independent. Claims 1. 3, 4., 6-10, and 12 stand rejected. Claims 2 and 5 were found not to be
`
`anticipated by the-documents cited in the Replacement Request for Inter Partes Reexamination
`
`of Patent (“Request”). Therefore, Patent Owner respectfiilly requests confirmation of claims 2'
`and 5 at this time.
`
`Claim 18 has been added. Support for claim 18 may be found, for example,
`
`in the
`
`originally issued claims of the ‘l3'5 Patent at column 47, lines 20-35 and column 47, lines 47-52.
`
`Specifically, claim 18 corresponds to the combination of claims 2 and 5. No new matter has
`been introduced.
`
`Because claim 9 depends from claim 5', which was found not to be anticipated or
`
`otherwise rejected by the cited documents in the Request, it is not und_ersto'od how claim 9 stands
`
`rejected. Nevertheless, the Patent Owner addresses the rejection as provided below.
`
`1.
`
`Patent Owner’s Response to the Rejection
`
`A.
`
`Applicable Standard for Rejection Under 35 U.S.'C. § 102(a)
`
`Claims 1, 3, 4, 6-10, and I2 ofthe ‘I35 Patent S18,-lld rejected under 35 U.S.C. § l02(a) as
`
`being anticipated by Aventail Connect V3.1/V2.6 Administrator's Guide ("Aventa.il”). That
`statutory provision provides that "[s] person shall be entitled to apatent unless - (3.) the invention '
`was known or used by others in this country, or patented or described in a printed publication in
`this or a foreign country, before the invention thereofby the applicant for patent .
`. . ."
`
`With respect to a rejection under 35 U.S.C. § 102, the MPEP states "that “[a] claim is
`
`anticipated only if each and every element as set forth in the claim is found, either expressly or
`
`inhercntiy described, in a single prior art reference.” See MPEP § 2131, citing Verdegaai Bros.
`
`v. Union Oil Col. of Califiamia, 814 F.2d 628, 631, 2 USPQ2d 1051, 1053 (Fed. Cir. 1987). The
`
`above-stated rejection, however-, fails to meet this standard for the following reasons.
`
`B.
`
`Aventail has not been shown to be prior art under'§ 10201)
`
`The Office Action and the Request both fail to demonstrate the actual publication date of
`
`Aventail necessary to establish a prfmafacie showing that Aventail is- prior art. Both the Office
`
`WDC99 1827392-9.077SEfl.00!9
`
`Page 2 of 17
`
`

`
`Control Number‘: 95l00I,269
`
`Action and the Request assert that Aventail was published between 1996 and 1999 without any
`
`stated support. Request at 5; Office Action at 2. The Patent Owner can only presume that this
`
`assertion arises from the copyright date range printed on the face of the reference. See Aventail
`
`at i. This copyright date range is not, however, the publication date of Aventail.
`The distinction between a publication date and, a copyright date is critical. To establish a
`date of publication, the reference must be shown to have “been disseminated or otherwise made
`
`available to the extent that persons interested and ordinarily skilled in the subject matter or art,
`
`exercising reasonable diligence, can locate it."
`
`In‘ re Wyre, 655 F.2d 22.1 (C.C.P.A. 1981).
`
`Aventail, on its face, provides “it?! 19964999 Aventaii Corporation." The copyright date does
`
`not meet this standard. Unlike a
`
`li
`
`ion date, a copyright date merely establishes “the date
`
`that the document was created or printed.” Hilgraeve. Inc. V. Symamec Corp., 271. F. Supp. 2d
`
`964, 975 GED. Mich. 2003).
`
`Presuming the author of the document accurately represented the date the document was
`
`created, this creation date is not evidence of any sort of publication or dissemination. Without
`
`more, this bald assertion of the creation of the document does not meet the "publication"
`
`standard required for a document to be relied upon as prior art.
`
`Further exacerbating matters is the filing date of the ‘135 Patent: February 15, 2000.
`
`Suppose the relied upon sections of the Aventail reference were created on December 31, 1999,
`
`and the copyright date range accordingly amended to read “1996-1999." Under these
`
`circutnstances,
`
`it
`
`is possible that
`
`the document, although created, was not made publicly
`
`"Under these
`available until after the filing date of the ‘B5 Patent, six weeks after creation.
`circumstances, Aventail clearly would not be eligible to be relied upon as prior art to the ‘I35
`Patent.
`
`The party asserting the prior art bears the burden of establishing a date of publication.
`
`See Carclla v. Starlight Archery, 804 F.2d 235 Wed. Cir. 1986) (finding that a mailer did not
`
`qualify as prior art because there was no evidence as to when the mailer was received by any of
`
`the addresses). Yet, neither the Office Action nor the Request even attempt to show that
`
`Aventail was disseminated or made publicly available.
`
`Thus, the Patent Owner respectfully submits that the Office Action has failed to establish
`
`that Aventail is prior art to the rejected claims. Accordingly, the Patent Owner respectfully
`
`wocsg 1am92—9.n17sso.oos9
`
`Page 3 of 17
`
`
`
`R
`
`E
`
`
`
`

`
`Control Number: 95/001,269
`
`requests that the § l02(a) rejection over Aventail be withdrawn, and the rejected claims I and 10,
`
`as well as claims 3, 4, 6-9 and 12 depending thereupon, be confirmed.
`
`C.
`
`The Rejection ofCla.in-is 1, 3, 4, 6-10, and 12 Under 35 U.S.C. § lD2(a)
`
`Claims 1, 3, 4, 6-10, and 12 ofthe ‘I35 Patent stand rejected under 35 U.S.C. § 102(a) as
`
`being anticipated by Aventail. The rejection was based on the reasons given by the Request on
`
`pages 11-17 and Exhibit A and based on additional reasons presented in the Omce Action on
`
`pages 4~9. Assuming Aventafl qualifies as prior art, the Patent Owner respectfiilly traverses this
`
`rejection for the following reasons.
`
`1. Aventail has not been shown to, teach a yjrtual private network ]“VPN"‘1
`
`a) Claim. 1
`
`Claim 1 recites a method of transparently creating a @ between a client computer and
`
`a target computer. As described below, Aventail fails to teach, either explicitiy or inherently, at
`
`least this feature of the claimed invention. The Patent Owner's statements below are supported
`
`by an expert Declaration of Jason Nieh, Ph.D. pursuant to 37 C.F.R. § 1.1.32 (“Nieh Decl.”)
`submitted herewith.
`
`Aventail discloses a system and architecture for transmitting data between two computers
`
`using the SOCKS protocol. Nieh Decl. at 1} 11. The system routes certain,.predefined network
`
`traffic from a Winsoclc (Windows sockets) application to an extranet (SOCKS) server, possibly
`
`through successive servers. Aventail at 7; Nieh Decl. at 1} ll. Upon receipt of the network
`traffic, the SOCKS server then transmits the network traffic to "the Internet or external network.
`
`Aventail at 7; Nieh DecL at 1; 11. Aventeil’s disclosure is limited to. connections created at the
`
`socket layer of the network architecture. Nieh Decl. at 1i 1].
`
`In operation, a component of the Aventail Connect soitware described in the reference
`
`resides between Winsoclc and the underlying TCP/IP stack. See Aventail at 9;- Nieh Decl. at 1]
`
`12. The Avcntail Connect sofiware intercepts all connection. requests from the user, and
`
`determines whether each request matches local, preset criteria for redirection to a SOCKS server.
`
`See Aventail at 10; Nieh Decl. at 1] 12.
`
`If redirection is appropriate, than Aventail Connect
`
`creates a false DNS entry to return to the requesting application. See Aventail at 12; Nieh Decl.
`
`at 11 13. Aventail disclc see that Aventail Connect then forwards the destination hostname to the
`
`WDC99 l82'n'392»9.G'l75E0.00B9
`
`_ Page4 of17
`
`

`
`
`
`nomt
`
`Control Number: 95/001,269
`
`extranet SOCK server over a SOCKS connection. See Aventail at 12; Nieh Decl. at 11 13. The
`
`SOCKS server performs the hostname resolution. Aventail at 12; Nieh Decl. at1[ 14. Once the
`
`hostname is resolved, the user can transmit data over ‘a SOCKS connection to the SOCKS server.
`
`N‘-ich Decl. at1[ 14. The SOCKS server, then, separately relays that transmitted data to the target.
`Nieh Decl. at 11 I4.
`
`The Request also cites to a “Proxy Chaining" and a “IvIu1tiProx3f’ mode disclosed in
`
`Aventail. Request at 12; Aventail at’ 68-73,
`
`In the “Proxy Chaining” mode, Aventail indicates
`
`that a user can communicate with a target via a number of proxies such that each proxy server
`
`acts as a client to the next downstream proxy server. Aventail at 68; Nieh Deal. at 11 16. As
`
`shown below, in this mode, the user does not communicate directiy with the proxy servers other
`
`than the one immediately downstream from it. Aventail at 68, 72; Nieh Dec]. at 11 16.
`
`Htmrr resins:-fies. attest ésnearsaaeusertssereerz.
`
`
`é€.€t>ee
`act;
`simi-
`
`' tawrsull Eaftrafitet .
`
`prz
`
`
`
`fleet same
`
`Aventail at 72.
`
`In the “MoltiProxy” -mode, Aventail indicates that the user, via Aventail
`
`Connect, authenticates with each successive proxy server directly. Aventail at 68; Nieh Decl. at
`
`11 I7. Regardless of the number ofservers or proxies between the ciient and target, at least one is
`
`required and the operation of Aventail Connect does not materially differ between the methods.
`Nieh Deal. at1[ 18.
`
`Aventail has not been shown to disclose the VPN claimed in Claim 1 of the ‘135 Patent
`
`for at least three reasons. Nieh Decl. at 1} 19. First, Avcntail has not been shown to demonstrate
`
`that computers connected via the Aventail system are able to communicate with each other as
`
`though they were on the same network.
`
`Id. at 1] 20. Aventail discloses establishing‘ point-to-
`
`WDC99 1827392-9.0775§0.0G89
`
`Page 5 of 17
`
`

`
`Control Number: 95I0l)1,269
`
`point SOCKS connections between a client computer and a SOCKS server.
`
`Id. The SOCKS
`
`server then relays data received to the intended target.
`
`Id. Aventail does not disclose a VPN,
`
`where data can be addressed to one or more different computers across the network, regardless of
`
`the location of the computer. Id.
`
`For example, suppose two computers, A and B, reside on 2 public network.
`
`.Id. at 1[ 21.
`
`Further, suppose two computers, X and Y, reside on a private network.
`
`Id. If A establishes B.
`
`VPN connection with X and Y's network to address data to X, and B separately establishes a
`
`VPN connection with X and Y’s -network to address data to Y, then A would nevertheless be able
`
`to address data to B, X, and Y without‘ additional set up,
`
`In’. This is true because A, B, X, and Y
`
`would all be a part of the some VPN. Id.
`
`In contrast, suppose, according to.AvenI_ail, which only discloses communications at the
`
`socket layer, A establishes a SOCKS connection with a SOCKS server for relaying data to X,
`
`and B separately establishes a SOCKS connection with the SOCKS server for relaying data to Y.
`
`Id. at 11 22.
`
`In this situation, not only would A be unable to address data to Y without
`
`establishing a separate SOCKS connection (Le. a VPN 8,.COCIl'dlJ1g_ to the Office Action), but A
`
`would be unable to address data to B over a secure connection.
`
`Id. This is one example of how
`
`the cited portions of Aventail fail to disclose a VPN. Id.
`
`Second,
`
`according to Aventail, Aventail Connect’s
`
`fundrunental operation.
`
`is
`
`incompatible with users transmitting data that is sensitive to network information. Id. at fi[ 23.
`As stated above, Aventail discloses that Aventail Connect operates between the Winsock and
`
`TCPIIP layers, as depicted on page 9:
`
`WDC99 1827191-9.0‘l?5BG.0B39
`
`Page 6 of 17
`
`

`
`
`
`Control Number: 95/001,269
`
`Mutnptn Lspu Lmn
`bmns-tolled mm
`twist
`
`—
`
`vvs-.aowe‘rcr>li:= oppI'tc_a‘.'lo:‘I_u.
`_1:u-son Ml-or W)n:‘=I.wnR1 .1 4:?
`V\.dn9uu|g.2)
`
`
`
`Av a_nta_Il -C onnczct
`
`eusvhmo sdrolco srrc-«mar;
`
`
`Flupnimol ruaiwgrk
`
`
`
`Aventail at 9; id. Because Aventail discloses that Aventail Connect operates between these
`
`layers,
`
`it can intercept DNS requests. Nieh Dec. at 1[ 24. Aventail discloses that Avcntail
`
`Connect intercepts certain DNS requests, and returns a false DNS response to the user if the
`
`Id. Accordingly, Aventail
`requested hostname matches a hostname on a user—def1ned list.
`discloses that the user will receive false network information from Avcntafl Connect for these
`
`hostnames.
`
`Id.
`
`If the client computer hopes to transfer to the target data that is sensitive to
`
`network information, Aventaii Connect’s falsification of the network information wouid prevent
`
`I
`
`the correct transfer of data.
`Ia’.
`
`Id. at 11 25. Thus, Aventail has -not been shown to disclose a VPN.
`
`Third, Aventail has not been shown. to disclose a VPN because computers connected
`
`according to Avcntail do not communicate directly with each other.
`
`Id. at fli 26. Avcntail
`
`discloses a system where a client on a pubiic network transmits data to a SOCKS server via a
`
`singular, pcintl-to-point SOCKS connection at the socket layer of the network architecture. Id.
`
`The SOCKS server then relays that data to a target computer on a private network on which the
`
`SOCKS server also resides.
`
`Id. All communications between the client and target stop and start
`
`at the intermediate SOCKS server. Id, The client cannot open a connection with the target itselfi
`
`Therefore, one skilled in the art would not have considered the client and target to be virtually on
`
`the same private network.
`Ia‘.
`Instead, the client computer and target computer are deliberately
`separated by the intermediate SOCKS server.
`‘lo’.
`
`I
`
`WDG99 P817392-9.01‘1S80.00’89
`
`Page 7 of 17
`
`

`
`
`
`Control Number: 95l00l,269
`
`For the reasons stated above, Aventail has not been shown to teach or disclose the
`
`“virtual private network” recited in claim -1.
`
`Id. at 1[ 27. Accordingly, the Patent Owner
`
`respectfully requests that claim 1, as well as rejected claims 3, 4, and 6-9 dependent thereupon,
`be continued.
`
`b) Claim 10
`
`Independent claim 10 recites “a XE between the client‘ computer and the secure target
`
`computer." (emphasis added).
`
`Id. at ‘if 28 For at least the reasons stated in Section I.C.1.a.,
`
`above, Aventaii similarly has not been shown to teach the invention recited in claim 10.
`
`Id.
`
`Accordingly, the Patent Owner respectfully requests that claim 10, as well as rejected claim 12
`
`dependent thereupon, be confirmed.
`
`2. Avental] has not been shown to teach a DNS grog server as in claim 1|]
`
`Claim 10 also recites a “DNS proxy server” that 1)
`
`‘ etun_Ls the IP qddrgs for the
`
`requested domain name if it
`
`is determined that access to a non-secure web site has been
`
`requested" and that 2) also “generates a request to create the VPN. .
`
`. if it is determined that
`
`access to a secure web site has been requested." (emphasis added).
`
`Id. at 1] 30. The Office
`
`Action and Request allege that Aventail Connect is the claimed DNS proxy server.
`
`Ia’. at 1i 3].
`
`Aventail discloses that Aventail Connect
`
`intercepts all DNS requests.
`
`Id. at 1] 32.
`
`“If the
`
`hostname matches _a local domain string or does not match a redirection rule, Aventail Connect
`
`passes the name resolution query through to the TCP/II’ stack on the local workstation. The
`
`TCP/IP stack performs the lookup as if Aventail Connect were not running.” Aventail at 11;
`
`Niel: Decl. at 1} 32. Thus, Aventail discloses that Aventail Connect does not return the IP address
`
`if the DNS request requests the address for a non-secure web site.
`
`Id. As such, Aventall
`
`-Connect is not taught by Aventail to correspond to the DNS proxy server recited in claim 10. Id.
`
`For at least this additional reason, the £’atent Owner respectfillly requests that claim 10,
`
`along with rejected claim 12 that depends thereupon, be confirmed. Id. at 11 33.
`
`WDC99 182'i'J92~9.0'n"n'SB0.0089
`
`Page 8 of 17
`
`

`
`Control Number: 95/001,269
`
`II.
`
`New'CIain-is
`
`New claim 18 corresponds to the combination of claims 2 and 5, which were found not to
`
`be anticipated or otherwise rejected by the cited documents in the Request. Therefore, the Patent
`Owner respectfiilly requests consideration and allowance of claim 18 at this time.
`
`111.
`
`Conclusion
`
`For at least the reasons set forth above, the Examiner’s rejection of claims 1, 3, 4, 6-10,
`
`and 12 should be withdrawn. Reconsideration and prompt confirmation of claims 1, 3. 4. 6-10,
`
`and 12 are respectfiiliy requested. Consideration and allowance of claim 18 is also respectfully
`
`requested.
`
`Please charge our Deposit Account No. 501133 any fees or credit any overcharges
`
`reiating to this Response.
`
`Respectfitlly submitted,
`
`Mc.DERMOTT WILL & EMBRY LLP
`
`[I oby H. Eusmerf
`Toby H. Kusmer, P.C., Reg. No. 26,418
`Matthew E. Le11o,'Reg. No. 41,149
`Hasan M. Rflshid, Reg. No. 62,390
`McDermott Will 8:‘. Emery LLP
`Attorneys for Patent Owner
`
`Please recognize our Customer No. 23630-
`as our correspondence address.
`
`-
`28 State Street
`Bcston, MA 02109—l775
`Telephone: (6£7) 535-4000
`Facsimile: (617)535-3800
`tkusmet-@mwe.com
`Date: April 15, 2010
`
`WDC99 $27392-.9.077530.00B9
`
`9
`
`Page 9 of 17
`
`

`
`APPENDIX A
`
`Listing ofClttims:
`
`This listing of claims wiilreplacc all prior versions, and iistings, of claims in this application:
`
`1.
`
`(Origi'na_l) A method of transparently creating a virtual private network (VPN)
`
`between a client computer and a target computer, comprising the steps of:
`
`(1) generating fi'orn the client computer a Domain Name Service (DNS) request that
`
`requests an IP address corresponding to a domain name associated with the target computer;
`
`(2) determining whether the DNS request transmitted in step (1) is requesting access to a
`
`secure web site; and
`
`(3) in response to determining that the DNS request in step (2) is requesting access to a
`
`secure target web site, automatically initiating the VPN between the ciient computer and the
`
`target computer.
`
`2.
`
`(Original) The method of claim 1, wherein steps (2) and (3) are performed at a DNS
`
`server separate from the client computer.
`
`3.. (Original) The method of claim 1, further comprising the step of: (4) in response to
`
`determining that the DNS request in step (2) is not requesting access to a secure -target web site,
`
`resolving the IP address for the domain name and returning the Ii’ address to the ciicnt computer.
`
`4.
`
`(Original) The method of claim I, wherein step (3) comprises the step of, prior to
`
`automatically initiating the VPN between the client computer and the target computer,
`
`determining whether the client computer is authorized to establish a VPN with the target
`
`computer and, ifnot so authorized, returning an error from the DNS request.
`
`WDC99 182"i'392~9.U"n'7580.0089
`
`Page 10 of1T
`
`

`
`Control Number: 95f001,269
`
`5.
`
`(originai) The method of claim '1, wherein step (3) comprises the step of, prior to
`
`automatically initiating the VPN between the client computer and the target computer,
`
`determining whether the client computer is authorized to resolve addresses of non secure target
`
`computers and, if not so authorized, returning an error from the DNS request.
`
`6. (Original) The method of claim 1, wherein step (3) comprises the step of establishing
`
`the VPN by creating an IP address hopping scheme between the client computer and the target
`
`computer.
`
`7.
`
`(Original) The method of claim 1, wherein step (3) comprises the step of using a
`
`gatekeeper computer that allocates VPN resources for communicating between the client
`
`computer and the target computer.
`
`8.
`
`(Original) The method of claim 1, wherein step (2) is performed in a DNS proxy
`
`server that passes through the request to a DNS server if it is determined in step (3) that access is
`
`not being requested to a secure target web site.
`
`9. (Original) The method of claim 5, wherein step (3) comprises the step of transmitting
`
`a message to the client computer to determine whether the client computer is authorized to
`
`establish the VPN target computer.
`
`WDG99 M21392-9.0T75Bfl.UD89
`
`ll
`
`Page 11 of17
`
`mum2XIOSIV/s
`
`
`
`

`
`Control Number: 95Ii}{)I,269
`
`10.
`
`(Original) A system that transparently creates a virtual private network (VPN)
`
`between a ciient computer and ‘a secure target computer, comprising:
`
`a DNS proxy server that receives a request fi'orn the client computer to look up an IP
`
`I address for a domain name, wherein the DNS proxy server returns the IP address for the
`
`requested domain name if it
`
`is determined that access to a non-secure web site has been
`
`requested, and wherein the DNS proxy server generates a request to create the VPN between the
`
`client computer and the secure target computer if it is determined that access to a secure web site
`
`has been requested; and
`
`a gatekeeper computer that allocates resources for the VPN between the client computer
`
`and the secure web computer
`
`in response to the request by the DNS proxy server.
`
`I1.
`
`(Original) The system of ciairn 10, wherein the gatekeeper computer creates the
`
`VPN "by establishing an IP address hopping regime that is used to pseudorandomly change IP
`
`addresses in packets transmitted between the client computer and the secure target computer.
`
`I2.
`
`(Original) The system of claim 10, wherein the gatekeeper computer determines
`
`whether the client computer has sufficient security privileges to create the VPN and, if-the client
`
`computer lacks sufficient security privileges, rejecting the request to create the VPN.
`
`13.
`
`(Original) A method of establishing communication between one of a. plurality of
`
`client computers and a central computer that maintains a plurality of authentication tables each
`
`corresponding to one ofthe client computers, the method comprising the steps of.
`
`WDC99 1B2'?3§v‘2—9'.077580.0DB9
`
`12
`
`Page 12 of17
`
`
`
`

`
`Control Number: 95/001,269
`
`(1) in the central computer, receiving from one of the plurality of client computers a
`
`request to establish a connection;
`
`(2) authenticating, with reference to one of the plurality of authentication tables, that the
`
`request received in step (I) is from an authorized client;
`
`(3) responsive to a determination that the request is from an authorized ciient, allocating
`
`resources to establish a virtual private link between the client and a second computer; and
`
`(4) communicating between the authorized client and the second computer using the
`
`virtual private link.
`
`14.
`
`(Original) The method of claim 13, wherein step (4) comprises the step of
`
`communicating according to'a scheme by which at least one field in a series of data packets is
`
`periodically changed according to a known sequence.
`
`15.
`
`(Original) The method of claim 14, wherein step (4) comprises the step of
`
`comparing an Internet Protocol (IP) address in a header of each data packet to a table of valid IP
`
`addresses maintained m a table in the second computer.
`
`16.
`
`(Original) The method of claim 15, wherein step (4) comprises the step of
`
`comparing the IP address in the header of each data packet to a -moving window of valid IP
`
`addresses, and rejecting data packets having IP addresses that do not fali within the moving
`
`window.
`
`17.
`
`(Original) The ‘method of claim 13, wherein step (2) comprises the step of using a
`
`wows 1327392-9.n17sto.oos9
`
`13
`
`Page 13 of 17
`
`

`
`
`
`
`
`
`VVV.r::¢:M\\'»w
`
`Control Number: 95lll(31,269
`
`checkpoint data. structure that maintains synchronization of a periodically changing parameter
`
`known by the central computer and the client computer to authenticate the client.
`
`E8.
`
`e
`
`Amet od of trans arentl creatin avittual
`
`rivate network
`
`P ' between
`
`a. client computer and a target comguter, comprising the steps of;
`
`1
`
`enerat’
`
`fron'1ti1e
`
`lient om ter a D main
`
`ame S
`
`ice
`
`NS r uest that
`
`rcguegts an IP address corresponding to 11 domain name associated with the target
`
`§_f.>.1BI3J3L;
`
`(2) determining Whether the DN§ rgguest transmitted in step (11 is reguesting access to a
`secure web site‘ and
`
`[31 in rcsgogge tg deteginjng that the DNS rcguegt in step 121 is reguesting access to a
`
`secure target web mg", automatically initiating -the VPN between the client computer and
`
`the target comgguter, wherein:
`
`steps (2) and [3] are performed at e l)N§ server segarate fiein the client oomguter, and
`
`step (31 comprises the step 0; prior to auiomticailx initiating the VPN between the
`
`client computer and the target Qmputgr, determining whether the c-Iient computer is
`
`authorized to gegglve addresses of non stag target computers and, if not so authorized,
`
`rgtuming an error fiomthe DNS reggest.
`
`woc99 |s2m2—9.o77sso.oos9
`
`14
`
`Page 14 of 17
`
`

`
`
`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`Attorney Docket No. 077580-0089
`
`In the Reexamination of:
`Edmund Munger, at al.
`
`U.S.PatentNo.: 6,502,135
`Filed: February 15. 2000
`Issued: December 31,2002
`
`For: AGILE NETWORK PROTOCOL
`FOR SECURE COMMUNICATIONS
`WITH ASSURE!) SYSTEM
`AVAILABILITY
`
`Reexamination Proceeding
`Control No.: 95I001,269
`flied: December 8, 2009
`
`\_ru.r-.r-.1-_/yrxa-./\_r~4nwgr-.r-..r-..-v
`
`Examiner:
`Andrew L. Nalven
`
`Group Art Unit: 3992
`
`QBRTIFICATE OF SERVICE
`
`WEI HEREBY CERTIFY that. the Response to Office Action in Reexamination. filed with
`United States Patent and Trademark Office on April 15, 2010, was served this 15th day o'fApr1l. 2010 on
`Requester by causing a true copy of same to be deposited as first-ciass mail for delivery to:
`
`William N. Hnghet
`Rothweli, Figg; Ernst & Manbeck. RC.
`1425 K Street N.W.
`Suite 800
`Washingten; IJ.C. 20005
`
`Respectfully submitted.
`McDER'MO'I'1‘ WILL & EMERY LLF
`
`fljobyfl. Kusmerl
`Toby H. Kusmer, P.C.. Reg. No. 26,418
`Matthew E. Leno. Reg. No. 41,149
`Hasan M. Rashid. Reg. No. 62,390
`McDermott Will & Emery LLP
`Attorneys for Patent Owner
`Please recognize our Customer No. 23.630 as
`our correspondence address.
`
`28 State Street
`Boston. MA 02109-1775
`Telephone: (617) 535-4000
`Facsimile: (617)535-3800
`tkusmer@mwe.com.
`mleno@mwe.com
`hr,ashici@mwe.cOm
`Date: April 15, 2010
`115199 164-r92e.1.o77sso.ooa9
`
`Page 15 OM?
`
`

`
`
`
`E
`
`
`-<"5>‘A<<<<<<<4¢s<Awv:<A<A<<2:<z=>»\\v::>>m>'(t/////m<=>Av
`
`
`
`
`(W43V,:xx_xx1,K¢!w)?.1.\\:cr-
`
`
`
`
`
`
`
`
`
`Electronic Acknowledgement Receipt
`
`
`
`
`
`
`
`
`
`
`Title of Invention:
`AGILE NEWll0RK PROTOCOL FORSECURE CUMMUNICAWONS WFFH
`ASSURED SYSTEM AVAILABILITY
`
`
`
`
`
`
`a
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Payment information:
`
`Submitted with Payment
`
`
`
`
`
`
`
`
`
`Pages
`
`
`
`14
`
`_
`Multl
`
`File Slzelflytesll
`
`CfT§ad-lullflfibchdilfllflflfiflilil -
`
`'
`
`File Listing:
`Document
`
`.
`
`.
`
`.
`
`
`
`
`dllfi Respansapdf
`
`
`Page 16 of 17
`
`

`
`
`
`
`
`"
`
`
`
`~\~\~€u—\:V.=i-"tE;s!'/.K$'c'€€€\~—«7-~4-=:--A-«--
`
` :x
`
`5£
`
`3
`)3
`‘E
`
`
`
`Muitipart Descr|ption.'PDF files in .zip description
`
`Document Description
`
`Start
`
`Response. after non-final action-owner timely
`
`Applicant Argumentslfiemarks Made in an Amendment
`
`Warnings:
`
`Wrnings:
`
`Reexam Certificate of Service
`
`Resp_cen.pdf
`
`
`
`This Acknowledgement Receipt evidences receipt on the noted date by the USPTO ofthe indicated documents,
`characterized by the applicant, and Including page counts, whereappiicabie. it serves as evidenceof receipt similar to a
`Post Card, as described in MPEP 503.
`
`Total Files Size (in bytes)
`
`Egg Application; Linger 35 U.S.C.1]'_i
`ifa new application is being fileci and the application includes the necessary components for a filing date (see 37 CFR
`1.53(b)~(ci) and MPEP 506), a Filing‘ Receipt (37 CFR 1.54) will be issued in due courseand the date shown on this
`Acknowledgement Receipt will establish the filing date ofthe application.
`
`e 3
`lica ion
`:1 Internet a a
`iona S a e
`if a timely submission to enter the national stage ofan international application is compliant with the conditions of35'
`U.S.(.'. 311 and other applicable requirements Forrn PCTIDOIEOIBO3 indicating acceptance of the application as a
`national stage submission under 35 U.S.C. 371 will be issued in addition to the Filing Receipt, in due course.
`
`.
`eceivin
`—
`e
`ledw
`on IA licat on
`ew n e
`if a new international application is being filed and the international application includes the necessary components for
`an international filing date {see PCT Article 11 and MPEP 1810), a Notification ofthe international Application Number
`and ofthe international Filing Date (Form PCT(R011 05}wll| be Issued in due course. subject to prescriptions concerning
`national security, and the date shown on this Acknowledgement Receipt will establish the international filing date of
`the application.
`
`Page 17 of 17