`Filed on behalf of: VirnetX Inc.
`By:
`
`Joseph E. Palys
`Paul Hastings LLP
`875 15th Street NW
`Washington, DC 20005
`Telephone: (202) 551-1996
`Facsimile: (202) 551-0496
`E-mail: josephpalys@paulhastings.com
`
`
`
`Naveen Modi
`Paul Hastings LLP
`875 15th Street NW
`Washington, DC 20005
`Telephone: (202) 551-1990
`Facsimile: (202) 551-0490
`E-mail: naveenmodi@paulhastings.com
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`
`
`
`
`
`
`
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`
`
`
`
`
`
`
`
`APPLE INC.
`Petitioner
`
`v.
`
`VIRNETX INC.
`Patent Owner
`
`
`
`
`
`
`
`Case IPR2015-01009
`Patent 8,843,643
`
`
`
`
`
`
`
`
`
`
`Declaration of Fabian Monrose, Ph.D.
`
`
`
`
`
`
`
`VIRNETX EXHIBIT 2015
`Apple v. VirnetX
`Trial IPR2015-01009
`
`Page 1 of 68
`
`

`

`Case No. IPR2015-01009
`
`Table of Contents
`
`Introduction ...................................................................................................... 1
`
`Resources Consulted ........................................................................................ 2
`
`
`
`I.
`
`II.
`
`III. Background and Qualifications ....................................................................... 2
`
`IV. Level of Ordinary Skill .................................................................................... 7
`
`V.
`
`Claim Terms .................................................................................................... 8
`
`A.
`
`B.
`
`“Constructing a Domain Name” (Claims 1, 12, 17, and 27) ................ 8
`
`“Secure Domain Name” / “Non-Secure Domain Name” (Claims
`12 and 27) .............................................................................................. 9
`
`C.
`
`“Secure Domain Name Service” (Claims 7, 8, 22, and 23) ................ 14
`
`D. Other Terms ......................................................................................... 18
`
`VI. Windows Resource Kit ................................................................................... 19
`
`A. Windows Resource Kit’s Disclosure ................................................... 19
`
`B.
`
`Claims 1 and 17 ................................................................................... 21
`
`1.
`
`2.
`
`3.
`
`“Enabl[e/ing at the First Device] . . . a Secure
`Communication Mode Without a User Entering Any
`Cryptographic Information For Establishing the Secure
`Communication Mode” ............................................................. 21
`
`“Establish[ing], Based on a Determination that the
`Secure Communication Mode has Been Enabled, The
`Encrypted Communication Link Between the First
`Device and the Second Device Over the Communication
`Network” ................................................................................... 23
`
`“Initiating Establishment of the Encrypted
`Communication Link Between the First Device and the
`Second Device Over the Communication Network Using
`the at Least One Network Address and Encrypted
`Communication Link Resources Received From a Server
`that is Separate From the First Device” .................................... 27
`
`i
`
`Page 2 of 68
`
`

`

`Case No. IPR2015-01009
`
`C. Dependent Claims ............................................................................... 30
`
`1.
`
`2.
`
`3.
`
`4.
`
`Claims 6 and 21 ......................................................................... 30
`
`Claims 7 and 22 ......................................................................... 33
`
`Claims 12 and 27....................................................................... 36
`
`Claims 2-5, 8, 9, 14, 18-20, 23, 24, and 29 ............................... 38
`
`VII. Windows Resource Kit, IE5 Resource Kit, and Elgamal ............................... 39
`
`A.
`
`B.
`
`C.
`
`D.
`
`E.
`
`IE5 Resource Kit’s Disclosure ............................................................ 39
`
`Elgamal’s Disclosure .......................................................................... 40
`
`Claims 1 and 17 ................................................................................... 40
`
`1.
`
`2.
`
`“Constructing a Domain Name Based on an Identifier
`Associated With the Second Device” ....................................... 40
`
`“Initiating Establishment of the Encrypted
`Communication Link Between the First Device and the
`Second Device Over the Communication Network Using
`the at Least One Network Address and Encrypted
`Communication Link Resources Received From a Server
`that is Separate From the First Device” .................................... 43
`
`Claims 13 and 28 ................................................................................. 45
`
`Claims 15, 16, and 30-32 .................................................................... 47
`
`VIII. Conclusion ..................................................................................................... 47
`
`
`
`ii
`
`Page 3 of 68
`
`

`

`
`
`I.
`
`Case No. IPR2015-01009
`
`I, FABIAN MONROSE, declare as follows:
`
`Introduction
`1.
`I have been retained by VirnetX Inc. (“VirnetX”) for this inter partes
`
`review proceeding. I understand that this proceeding involves U.S. Patent No.
`
`8,843,643 (“the ’643 patent”). I understand the ’643 patent is assigned to VirnetX
`
`and that it is part of a family of patents that stems from U.S. provisional
`
`application nos. 60/106,261 (“the ’261 application”), filed on October 30, 1998,
`
`and 60/137,704 (“the ’704 application”), filed on June 7, 1999. I understand that
`
`the ’643 patent is a continuation of U.S. application no. 13/903,788 filed May 28,
`
`2013 (“the ’788 application”), which is a continuation of U.S. application no.
`
`13/336,790 filed December 23, 2011 (now U.S. Pat. No. 8,458,341, “the ’341
`
`patent”), which is a continuation of U.S. application no. 13/049,552 filed March
`
`16, 2011 (“the ’552 application”), which is a continuation of U.S. application no.
`
`11/840,560 filed August 17, 2007 (now U.S. Patent No. 7,921,211, “the ’211
`
`patent”), which is a continuation of U.S. application no. 10/714,849 filed
`
`November 18, 2003 (now U.S. Patent No. 7,418,504, “the ’504 patent), which is a
`
`continuation of U.S. application no. 09/558,210 filed April 26, 2000 (“the ’210
`
`application,” abandoned). And I understand the ’210 application is a continuation-
`
`in-part of U.S. application no. 09/504,783 filed February 15, 2000 (now U.S.
`
`Patent 6,502,135, “the ’135 patent”), and that the ’135 patent is a continuation-in-
`
`1
`
`Page 4 of 68
`
`

`

`Case No. IPR2015-01009
`
`part of U.S. application no. 09/429,643 filed October 29, 1999 (now U.S. Patent
`
`No. 7,010,604), which claims priority to the ’261 and ’704 applications.
`
`II. Resources Consulted
`2.
`I have reviewed the ’643 patent, including claims 1-32. I have also
`
`reviewed the Petition for Inter Partes Review filed with the U.S. Patent and
`
`Trademark Office (“Office”) by Apple Inc. on April 28, 2015 (Paper No. 1, the
`
`“Petition”). I have also reviewed the Patent Trial and Appeal Board’s (“Board”)
`
`decision to institute inter partes review (Paper No. 9, the “Decision”) of October
`
`29, 2015.
`
`3.
`
`I understand that in this proceeding the Board instituted review of the
`
`’643 patent on the following grounds: (1) anticipation of claims 1-9, 12, 14, 17-24,
`
`27, and 29 over Windows Resource Kit (Ex. 1005); and (2) obviousness of claims
`
`1, 13, 15-17, 28, and 30-32 over Windows Resource Kit (Ex. 1005), IE5 Resource
`
`Kit (Ex. 1006), and Elgamal (Ex. 1007). I have reviewed the exhibits and other
`
`documentation supporting the Petition that are relevant to the Decision and the
`
`instituted grounds, and any other material that I reference in this declaration.
`
`III. Background and Qualifications
`4.
`I have a great deal of experience and familiarity with computer and
`
`network security, and have been working in this field since 1993 when I entered
`
`the Ph.D. program at New York University.
`
`2
`
`Page 5 of 68
`
`

`

`Case No. IPR2015-01009
`
`5.
`
`I am currently a Professor of Computer Science at the University of
`
`North Carolina at Chapel Hill. I also hold an appointment as the Director of
`
`Computer and Information Security at the Renaissance Computing Institute
`
`(RENCI). RENCI develops and deploys advanced technologies to facilitate
`
`research discoveries and practical innovations. To that end, RENCI partners with
`
`researchers, policy makers, and technology leaders to solve the challenging
`
`problems that affect North Carolina and our nation as a whole. In my capacity as
`
`Director of Computer and Information Security, I
`
`lead
`
`the design and
`
`implementation of new platforms for enabling access to, and analysis of, large and
`
`sensitive biomedical data sets while ensuring security, privacy, and compliance
`
`with regulatory requirements. At RENCI, we are designing new architectures for
`
`securing access to data (e.g., using virtual private networks and data leakage
`
`prevention technologies) hosted among many different institutions. Additionally, I
`
`serve on RENCI’s Security, Privacy, Ethics, and Regulatory Oversight Committee
`
`(SPOC), which oversees the security and regulatory compliance of technologies,
`
`designed under the newly-formed Data Science Research Program and the Secure
`
`Medical Research Workspace.
`
`6.
`
`I received my B.Sc. in Computer Science from Barry University in
`
`May 1993. I received my MSc. and Ph.D. in Computer Science from the Courant
`
`Institute of Mathematical Sciences at New York University in 1996 and 1999,
`
`3
`
`Page 6 of 68
`
`

`

`Case No. IPR2015-01009
`
`respectively. Upon graduating from the Ph.D. program, I joined the Systems
`
`Security Group at Bell Labs, Lucent Technologies. There, my work focused on the
`
`analysis of
`
`Internet Security
`
`technologies
`
`(e.g.,
`
`IPsec and client-side
`
`authentication) and applying
`
`these
`
`technologies
`
`to Lucent’s portfolio of
`
`commercial products. In 2002, I joined the Johns Hopkins University as Assistant
`
`Professor in the Computer Science department. I also served as a founding
`
`member of the Johns Hopkins University Information Security Institute (JHUISI).
`
`At JHUISI, I served a key role in building a center of excellence in Cyber Security,
`
`leading efforts in research, education, and outreach.
`
`7.
`
`In July of 2008, I joined the Computer Science department at the
`
`University of North Carolina (UNC) Chapel Hill as Associate Professor, and was
`
`promoted to Full Professor four years later. In my current position at UNC Chapel
`
`Hill, I work with a large group of students and research scientists on topics related
`
`to cyber security. My former students now work as engineers at several large
`
`companies, as researchers in labs, or as university professors themselves. Today,
`
`my research focuses on applied areas of computer and communications security,
`
`with a focus on traffic analysis of encrypted communications (e.g., Voice over IP);
`
`Domain Name System (DNS) monitoring for performance and network abuse;
`
`network security architectures for traffic engineering; biometrics and client-to-
`
`client authentication techniques; computer forensics and data provenance; runtime
`
`4
`
`Page 7 of 68
`
`

`

`Case No. IPR2015-01009
`
`attacks and defenses for hardening operating system security; and large-scale
`
`empirical analyses of computer security incidents. I also regularly teach courses in
`
`computer and information security.
`
`8.
`
`I have published over 80 papers in prominent computer and
`
`communications security publications. My research has received numerous
`
`awards, including the Best Student Paper Award (IEEE Symposium on Security &
`
`Privacy, July, 2013), the Outstanding Research in Privacy Enhancing Technologies
`
`Award (July, 2012), the AT&T Best Applied Security Paper Award (NYU-Poly
`
`CSAW, Nov., 2011), and the Best Paper Award (IEEE Symposium on Security &
`
`Privacy, May, 2011), among others. My research has also received corporate
`
`sponsorship, including two Google Faculty Research Awards (2009, 2011) for my
`
`work on network security and computer forensics, as well as an award from
`
`Verisign Inc. (2012) for my work on DNS.
`
`9.
`
`I am the sole inventor or a co-inventor on three issued US patents and
`
`four pending patent applications, nearly all of which relate to network and systems
`
`security. Over the past 12 years, I have been the lead investigator or a
`
`co-investigator on grants totaling nearly nine million US dollars from the National
`
`Science Foundation (NSF), the Department of Homeland Security (DHS), the
`
`Department of Defense (DoD), and industry. In 2014, I was invited to serve on the
`
`Information Science and Technology (ISAT) study group for the Defense
`
`5
`
`Page 8 of 68
`
`

`

`Case No. IPR2015-01009
`
`Advanced Research Projects Agency (DARPA). During my
`
`three year
`
`appointment, I will assist DARPA by providing continuing and independent
`
`assessment of the state of advanced information science and technology as it
`
`relates to the U.S. Department of Defense.
`
`10.
`
`I have chaired several international conferences and workshops,
`
`including for example, the USENIX Security Symposium, which is the premier
`
`systems-security conference for academics and practitioners alike. Additionally, I
`
`have also served as Program Chair for the USENIX Workshop on Hot Topics in
`
`Security, the Program Chair for the USENIX Workshop on Large-Scale Exploits &
`
`Emergent Threats, the local arrangements Chair for the Financial Cryptography
`
`and Data Security Conference, the General Chair of the Symposium on Research in
`
`Attacks and Defenses, and the Co-Chair and Chair for the Symposium on Research
`
`in Attacks and Defenses in 2015 and 2016, respectively. As a leader in the field, I
`
`have also served on numerous technical program committees including the
`
`Symposium on Electronic Crime Research (2016), Research in Attacks, Intrusions,
`
`and Defenses Symposium (2012, 2013), USENIX Security Symposium (2013,
`
`2005-2009), Financial Cryptography and Data Security (2011, 2012), Digital
`
`Forensics Research Conference (2011, 2012), ACM Conference on Computer and
`
`Communications Security (2009-2011, 2013), IEEE Symposium on Security and
`
`Privacy (2007, 2008), ISOC Network & Distributed System Security (2006—
`
`6
`
`Page 9 of 68
`
`

`

`Case No. IPR2015-01009
`
`2009), International Conference on Distributed Computing Systems (2005, 2009,
`
`2010), and USENIX Workshop on Large-scale Exploits and Emergent Threats
`
`(2010-2012).
`
`11. From 2006 to 2009, I served as an Associate Editor for IEEE
`
`Transactions on Information and Systems Security (the leading technical journal
`
`on cyber security), and currently serve on the Steering Committee for the USENIX
`
`Security Symposium.
`
`12. My curriculum vitae, which is appended, details my background and
`
`technical qualifications. Although I am being compensated at my standard rate of
`
`$450/hour for my work in this matter, the compensation in no way affects the
`
`statements in this declaration.
`
`IV. Level of Ordinary Skill
`13.
`I am familiar with the level of ordinary skill in the art with respect to
`
`the inventions of the ’643 patent as of what I understand is the patent’s early-2000
`
`priority date. Specifically, based on my review of the technology, the educational
`
`level of active workers in the field, and drawing on my own experience, I
`
`believe a person of ordinary skill in art at that time would have had a master’s
`
`degree in computer science or computer engineering, as well as two years of
`
`experience in computer networking with some accompanying exposure to network
`
`security. My view is consistent with VirnetX’s view that a person of ordinary skill
`
`7
`
`Page 10 of 68
`
`

`

`Case No. IPR2015-01009
`
`in the art requires a master’s degree in computer science or computer engineering
`
`and approximately two years of experience in computer networking and computer
`
`security. I have been asked to respond to certain opinions offered by Dr. Roberto
`
`Tamassia, consider how one of ordinary skill would have understood certain claim
`
`terms, and consider how one of ordinary skill in the art would have understood the
`
`references mentioned above in relation to the claims of the ’643 patent. My
`
`findings are set forth below.
`
`V. Claim Terms
`14.
`I understand that in an inter partes review proceeding, the claims of a
`
`patent are construed under the broadest reasonable interpretation in light of the
`
`specification. I also understand that the parties have proposed constructions for
`
`certain terms of the ’643 patent. Unless otherwise noted, I have used Patent
`
`Owner’s proposed constructions in my analysis. In my opinion, Patent Owner’s
`
`proposed constructions are consistent with the specification. To the extent Patent
`
`Owner has not proposed a construction for a term, I understand that term to have
`
`its plain and ordinary meaning from the perspective of one of ordinary skill in the
`
`art in light of the specification. I have applied this understanding in my analysis.
`
`
`
`A.
`15.
`
`“Constructing a Domain Name” (Claims 1, 12, 17, and 27)
`
`I understand that the parties and the Board have put forth the following
`
`constructions for purposes of this proceeding:
`
`8
`
`Page 11 of 68
`
`

`

`Patent Owner’s Proposed
`Construction
`
`Petitioner’s Proposed
`Construction
`
`Decision’s
`Construction
`
`Case No. IPR2015-01009
`
`name
`
`No construction necessary
`
`Any technique for creating a No construction
`representation of a domain
`proposed
`
`16.
`
`In my opinion,
`
`the plain and ordinary meaning of “constructing a
`
`domain name” would be readily apparent to one of ordinary skill in the art without
`
`construction as Patent Owner proposes.
`
`I understand Petitioner argues that
`
`“constructing a domain name” should be given its “plain and ordinary meaning,”
`
`which it alleges to be “any technique for creating a representation of a domain
`
`name.” (Pet. at 10-11.) However, Petitioner’s construction adds ambiguity and
`
`alters the plain meaning of the claim by requiring the creation of “a regresentation
`
`91' a domain name” rather than what the claim requires, which is simply the
`
`“constructing [of] a domain name.” Moreover, in my opinion, Petitioner provides
`
`no guidance as to what constitutes a representation of a domain name, and provides
`
`no boundary as to the “technique” to create such a representation.
`
`B.
`
`“Secure Domain Name” / “Non-Secure Domain Name” (Claims 12
`and 27)
`
`17.
`
`I understand that the parties and the Board have put forth the following
`
`constructions for purposes of this proceeding:
`
`Patent Owner’s Proposed Petitioner’s Proposed
`Construction
`
`Decision’s Construction
`
`Construction Secure Domain Name: A name that corresponds to No construction proposed
`
`A non—standard domain
`
`a secure com uter network
`
`Page 12 of 68
`
`Page 12 of 68
`
`

`

`Case No. IPR2015-01009
`
`address / a name that
`corresponds to a non-
`secure computer network
`address
`
`name that corresponds to
`a secure computer
`network address, i.e., a
`network address that
`requires authorization for
`access, and cannot be
`resolved by a
`conventional domain
`name service (DNS)
`
`Non-Secure Domain
`Name: A standard
`domain name that
`corresponds to a non-
`secure computer network
`address, i.e., a network
`address that does not
`require authorization for
`access, and can be
`resolved by a
`conventional name
`service (DNS)
`
`
`18. Patent Owner’s constructions are consistent with the specification’s
`
`disclosure of a secure and non-secure domain. For example, the specification
`
`discloses that a “secure domain name” corresponds to “a nonstandard domain
`
`name.” (Ex. 1001 at 7:33-35; 50:22-31.) The specification provides examples of
`
`“a nonstandard domain name”: .scom, .snet, .sorg, .sedu, .smil, and .sgov. (Id. at
`
`7:43-46.)
`
` The specification also explains that a “secure domain name”
`
`“corresponds to a secure computer network address.” (See id. at 51:6-10, stating
`
`that “SDNS 3313 contains a cross-reference database of secure domain names and
`
`corresponding secure network addresses.”) Because a “secure domain name” is “a
`
`10
`
`Page 13 of 68
`
`

`

`Case No. IPR2015-01009
`
`non-standard domain name,” the specification explains that “a query to a standard
`
`domain name service (DNS) will return a message indicating that the universal
`
`resource locator (URL) is unknown.” (Id. at 50:32-35-44; Figs. 33, 34.) To obtain
`
`the URL for a “secure domain name,” “a secure domain name service (SDNS)”
`
`must be queried. (Id. at 51:35-38; Figs. 33, 34.) One of ordinary skill in the art
`
`would have thus understood that a secure domain name is a non-standard domain
`
`name that corresponds to a secure computer network address and cannot be
`
`resolved by a conventional domain name service (DNS).
`
`19.
`
`In my opinion, a person of ordinary skill in the art would have
`
`understood that the specification correspondingly teaches that a “non-secure
`
`domain name” is a conventional domain name. In one example, the specification
`
`teaches that a “non-secure domain name” might be “website.com,” in contrast to a
`
`secure domain name such as “website.scom.” (Ex. 1001 at 52:37-40.) The “non-
`
`secure domain name” further corresponds to a “non-secure computer network
`
`address” and is resolved by a conventional DNS. In particular, the specification
`
`explains that “a lookup of a non-secure web site . . . would merely pass through to
`
`conventional DNS server . . . [and] would be handled in a conventional manner,
`
`returning the IP address of [the] non-secure web site.” (Id. at 40:20-24; see also id.
`
`at 49:47 (describing “non-secure” as “conventional”), 52:1-2 (“Browser 3306
`
`accesses a standard DNS 3325 for obtaining the non-secure URL for server
`
`11
`
`Page 14 of 68
`
`

`

`Case No. IPR2015-01009
`
`3304.”), 52:42-43 (describing a “non-secure domain name server database” as a
`
`“standard DNS”).)
`
`20.
`
`I understand that Petitioner itself relies on whether a client name and
`
`its corresponding DNS suffix (allegedly collectively disclosing a domain name)
`
`can be resolved conventionally or not in distinguishing between a secure domain
`
`name and a non-secure domain name. (Pet. at 42 (“[t]his domain name . . . can be
`
`either a secure or non-secure domain name, depending on whether the primary
`
`DNS suffix that has been set can be resolved conventionally or not (e.g., whether
`
`the fully qualified domain name can be resolved by a public DNS server)”).)
`
`Therefore, Petitioner seems to agree that the conventional/non-conventional aspect
`
`of Patent Owner’s construction is, in fact, required in construing the “secure
`
`domain name” and “non-secure domain name” terms in the claims.
`
`21.
`
`I understand that this is also consistent with statements made by Patent
`
`Owner in a now-completed inter partes reexamination of a related patent. I
`
`understand that Patent Owner stated that the related patent “takes pains to explain
`
`that a secure domain name is different from a domain name that just happens to be
`
`associated with a secure computer or just happens to be associated with an address
`
`requiring authorization.” (Ex. 2008 at 5, Response to Office Action in Control No.
`
`95/001,270 (Apr. 19, 2010).) I understand that Patent Owner further explained that
`
`“a secure domain name cannot be resolved by a conventional domain name
`
`12
`
`Page 15 of 68
`
`

`

`service.” (Id. at 6.) I also understand that the Patent Office examiner made the
`
`following statement when the claims of that patent were allowed:
`
`Case No. IPR2015-01009
`
`Patent Owner argues that the ’180 patent clearly
`distinguishes the claimed ‘secure domain name; from a
`domain name that happens to correspond to a secure
`computer. Patent Owner’s argument is persuasive. The
`Examiner agrees that the ’180 patent distinguishes the
`claimed ‘secure domain name.’ For example, the ’180
`patent explains that a secure domain name is a non-
`standard domain name and that querying a convention[al]
`domain name server using a secure domain name will
`result in a return message indicating that the URL is
`unknown . . . .
`
`(Ex. 2006 at 4, Right of Appeal Notice in Control No. 95/001,270 (Dec. 3, 2010).)
`
`These statements are consistent with the above understanding of a secure domain
`
`name claimed and disclosed in the ’643 patent.
`
`22. Both Patent Owner’s and Petitioner’s constructions recite a “secure
`
`computer network address” and I agree that this “secure computer network
`
`address” is an “address that requires authorization for access,” as proposed by
`
`Patent Owner. For example, a person of ordinary skill in the art would have
`
`understood that the ’643 patent makes clear that a secure computer network
`
`address is accessible only to certain users. For instance, a user can “obtain the
`
`secure computer network address for the secure website” only after a secure
`
`13
`
`Page 16 of 68
`
`

`

`Case No. IPR2015-01009
`
`domain name service “determines the particular secure computer network address
`
`based on the user’s identity and the user’s subscription level.” (Ex. 1001 at 51:6-
`
`28; see also id. at 11:19-21 (disclosing “mechanisms for securing data to ensure
`
`that only authorized computers can have access to the private information”), 40:51-
`
`53 (“if access to a secure host was requested . . . then a further check is made to
`
`determine whether the user is authorized to connect to the secure host”), 41:51-53,
`
`46:45-48, 47:4-8, Figs. 27, 33, 34.)
`
`23.
`
`I agree that Patent Owner’s statements during the aforementioned now
`
`completed reexamination of a related patent further support this understanding as
`
`Patent Owner distinguished several references for failing to disclose a network
`
`address that requires authorization. (Ex. 2008 at 6, 15-17, 27, 31, 34.) I
`
`understand that Petitioner contends that a secure computer network address may be
`
`met by “a network address for a secure computer or service, or an address in a
`
`secure computer network” (Pet. at 38). But in my opinion, Petitioner’s
`
`construction is vague and does not explain what it considers to be “a secure
`
`computer or service” or a “secure computer network.”
`
`C.
`24.
`
`“Secure Domain Name Service” (Claims 7, 8, 22, and 23)
`
`I understand that the parties and the Board have put forth the following
`
`constructions for purposes of this proceeding:
`
`14
`
`Page 17 of 68
`
`

`

`Case No. IPR2015-01009
`
`Decision’s Construction
`
`No construction proposed
`
`Patent Owner’s Proposed Petitioner’s Proposed
`Construction
`Construction
`
`A service that provides a
`A lookup service that
`secure computer network
`recognizes that a query
`address for a requested
`message is requesting a
`secure computer network secure domain name
`address, i.e., a network
`address that requires
`authorization for access,
`
`and returns a secure
`
`computer network
`address for a requested
`secure domain name
`
`
`
`25.
`
`In my opinion, Patent Owner’s construction is consistent with the
`
`specification’s disclosure of a secure domain name service.
`
`In particular, “Secure
`
`domain name service” (“SDNS”) refers to “a lookup service that recognizes that a
`
`query message is requesting a secure computer network address, i-e., a network
`
`address that requires authorization for access, and returns a secure computer
`
`network address for a requested secure domain name.”
`
`The ’643 patent
`
`specification supports this view.
`
`26. For example, the ’643 patent specification explains that “[a]n entity
`
`can register a secure domain name in SDNS 3313 so that a user who desires a
`
`secure communication link to the website of the entity can automatically obtain the
`
`secure computer network address for the secure website.” (Ex. 1001 at 51:10-13.)
`
`27. Upon registration,
`
`the SDNS recognizes whether a received DNS
`
`query is requesting a secure computer network address.
`
`(E.g.,
`
`id. at 40:1—3 (the
`
`Page 18 of 68
`
`15
`
`Page 18 of 68
`
`

`

`Case No. IPR2015-01009
`
`SDNS receives a DNS query and “determines whether access to a secure site has
`
`been requested”); id. at 40:45-47 (“[i]n step 2701, a DNS look-up request is
`
`received for a target host. In step 2702, a check is made to determine whether
`
`access to a secure host was requested”), 51:24-28 (“[w]hen a user queries SDNS
`
`3313 for the secure computer network address for the [registered secure domain
`
`name], SDNS 3313 determines the particular secure computer network address
`
`based on the user’s identity and the user’s subscription level.”) If so, the SDNS
`
`returns a secure computer network address for a requested secure domain name.
`
`(E.g., id. at 51:39-42 (“[I]n step 3410, SDNS 3313 returns a secure URL to
`
`software module 3309 for the .scom server address for a secure server 3320
`
`corresponding to server 3304.”).)
`
`28.
`
`In my opinion, Patent Owner has also made clear that a secure domain
`
`name service “recognizes that a query message is requesting a secure computer
`
`address,” i.e., functionality that differentiates a secure domain name service from a
`
`conventional one. For example, during the aforementioned now-completed inter
`
`partes reexamination of a related VirnetX patent, Patent Owner stated:
`
`A secure domain name service is not a domain name
`service
`that resolves a domain name query
`that,
`unbeknownst
`to
`the secure domain name service,
`happens to be associated with a secure domain name. . . .
`A secure domain name service of the ’180 patent,
`
`16
`
`Page 19 of 68
`
`

`

`Case No. IPR2015-01009
`
`instead, recognizes that a query message is requesting a
`secure computer network address and performs its
`services accordingly.
`
`(Ex. 2008 at 7, emphasis added; see also id. at 8 (“the secure domain name
`
`service . . . is different from a conventional domain name service”), 11; Ex. 1001 at
`
`51:5-42.)
`
`29.
`
`In the reexamination, I understand that Patent Owner also explained
`
`that “a secure domain name service [provides] additional functionalities not
`
`available with a traditional domain name service.” (Ex. 2008 at 7; see also Ex.
`
`1001 at 51:29-45.) For instance, a secure domain service may allow an entity to
`
`register server secure domain names representing different levels of access to the
`
`secure website. (Ex. 2008 at 3, 7; see also Ex. 1001 at 51:6-28.) It may also
`
`support the establishment of a VPN communication link. (See, e.g., Ex. 1001 at
`
`51:29-42.) Thus, a secure domain name service is distinguished from a
`
`conventional domain name service. (Ex. 2008 at 7-8; see also Ex. 1001 at 39:29-
`
`40.)
`
`30. Patent Owner’s construction also includes the notion that a “secure
`
`computer network address” is “a network address requiring authorization for
`
`access.” As discussed above, Petitioner’s constructions, like Patent Owner’s,
`
`include recitation of a “secure computer network address,” but Petitioner does not
`
`expressly clarify the term. See supra Section V.B.
`
`17
`
`Page 20 of 68
`
`

`

`Case No. IPR2015-01009
`
`D.
`
`Other Terms
`
`31.
`
`I understand that the parties and Board have provided the following
`
`constructions for purposes of this proceeding.
`
`I agree that the claim language
`
`encompasses the features described in each of VimetX’s constructions.
`
`“Enc ted Communication Link” Claims 1 11 15 and 2
`Patent Owner’s Proposed
`Petitioner’s Proposed
`Decision’s Construction
`Construction
`Construction
`
`A direct communication
`link that is encrypted
`
`A transmission path that
`restricts access to data,
`addresses, or other
`
`information on the path at
`least b usin -
`'
`
`No construction proposed
`
`“Domain Name” Claims 1, 7, 9, 17, and 22-24
`Patent Owner’s Proposed
`Petitioner’s Proposed
`Decision’s Construction
`Construction
`Construction
`
`A name corresponding to A name corresponding to No construction proposed
`a network address
`an IP address
`
`“One Encrypted Communication Link in a Hierarchy of a Plurality of
`Enc ‘. ted Communication Links” Claim 30
`Patent Owner’s Proposed
`Petitioner’s Proposed
`Decision’s Construction
`Construction
`Construction
`
`No construction necessary One encrypted
`communication link in a
`
`No construction proposed
`
`ranked, graded, or nested
`set of plurality of
`encrypted communication
`links
`
`Patent Owner’s Proposed
`Construction
`
`Petitioner’s Proposed
`Construction
`
`Decision’s Construction
`
`A communication path
`between two devices in a
`
`A transmission path
`between two devices that
`
`No construction proposed
`
`virtual private network
`
`restricts access to data,
`addresses, or other
`
`information on the o ath,
`
`18
`
`Page 21 of 68
`
`Page 21 of 68
`
`

`

`Case No. IPR2015-01009
`
`generally using
`obfuscation methods to
`hide information on the
`path, including, but not
`limited to, one or more of
`authentication,
`encryption, or address
`hopping
`
`
`VI. Windows Resource Kit
`A. Windows Resource Kit’s Disclosure
`32. Windows Resource Kit is a “comprehensive technical resource for
`
`installing, configuring, and supportin