Paper No. 23
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`––––––––––––––––––
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`––––––––––––––––––
`
`APPLE INC.,
`Petitioner,
`
`v.
`VIRNETX INC.,
`Patent Owner.
`
`––––––––––––––––––
`
`Case No. IPR2015-01009
`U.S. Patent No. 8,843,643
`
`––––––––––––––––––
`
`PETITIONER’S REPLY
`
`
`
`

`
`IPR2015-01009
`
`
`
`Petitioner’s Reply
`
`Table of Contents
`
`I.
`
`II.
`
`Introduction ...................................................................................................... 1
`
`Claim Construction .......................................................................................... 1
`
`III. Windows Resource Kit Anticipates Claims 1-9, 12, 14, 17-24, 27, and 29 ... 1
`
`A.
`
`Independent Claims 1 and 17 ................................................................ 1
`
`1. Windows Resource Kit Discloses “Enabl[ing] … a Secure
`Communication Mode Without a User Entering Any
`Cryptographic Information” ........................................................ 1
`
`2. Windows Resource Kit Discloses “Establish[ing], Based on a
`Determination that the Secure Communication Mode has Been
`Enabled, The Encrypted Communication Link” ........................ 6
`
`3. Windows Resource Kit Discloses “Initiating Establishment of
`the Encrypted Communication Link … Using the… Network
`Address and Encrypted Communication Link Resources
`Received From a Server that is Separate From the First Device”8
`
`B.
`
`Dependent Claims ............................................................................... 11
`
`1.
`
`2.
`
`3.
`
`4.
`
`Claims 6 and 21 ......................................................................... 11
`
`Claims 7 and 22 ......................................................................... 12
`
`Claims 12 and 27....................................................................... 15
`
`Claims 2-5, 8, 9, 13, 18-20, 23, 24, and 29 ............................... 16
`
`C.
`
`The Petition’s Anticipation Grounds Are Proper ................................ 16
`
`IV. Windows Resource Kit, IE5 Resource Kit, and Elgamal Render Claims 1,
`13, 15-17, 28, and 30-32 Obvious ................................................................. 18
`
`A.
`
`Independent Claims 1 and 17 .............................................................. 18
`
`1.
`
`The References Render Obvious “Constructing a Domain Name
`Based on an Identifier Associated With the Second Device”... 18
`i
`
`

`
`IPR2015-01009
`
`
`
`Petitioner’s Reply
`
`2.
`
`The References Render Obvious “Initiating Establishment of
`the Encrypted Communication Link Between the First Device
`and the Second Device… Using… Encrypted Communication
`Link Resources Received From a Server that is Separate From
`the First Device” ....................................................................... 20
`
`B.
`
`C.
`
`Dependent Claims 13 and 28 .............................................................. 21
`
`Dependent Claims 15-16 and 30-32 .................................................... 22
`
`V. Dr. Tamassia’s Testimony is Probative ......................................................... 22
`
`VI. Dr. Monrose’s Testimony Is Entitled to No Weight Because He Admitted
`He Has No Opinion About What the References Teach or What the
`Challenged Claims Cover .............................................................................. 23
`
`VII. Conclusion ..................................................................................................... 25
`
`
`
`
`
`
`
`ii
`
`

`
`IPR2015-01009
`
`Cases
`
`
`
`
`
`TABLE OF AUTHORITIES
`
`Petitioner’s Reply
`
` Page(s)
`
`Advanced Display Systems, Inc. v. Kent State University,
`212 F.3d 1272 (Fed. Cir. 2000) .......................................................................... 17
`
`Apple Inc. v. VirnetX Inc.,
`IPR2014-00403, Paper 42 (July 29, 2015) ......................................................... 12
`
`Arthrocare Corp. v. Smith & Nephew, Inc.,
`406 F.3d 1365 (Fed. Cir. 2005) .......................................................................... 10
`
`Belden Inc. v. Berk-Tek LLC,
`805 F.3d 1064 (Fed. Cir. 2015) .......................................................................... 23
`
`Canon Inc. v. Intellectual Ventures I LLC,
`IPR2014-00757, Paper 8 (Nov. 21, 2014) ............................................................ 5
`
`Cisco Systems, Inc. v. VirnetX Inc.,
`Appeal 2015-007843 (Feb. 11, 2016) ............................................................... 5, 7
`
`Epos Technologies Ltd. v. Pegasus Technologies,
`766 F.3d 1338 (Fed. Cir. 2014) ............................................................................ 4
`
`Liberty Mutual Ins. Co. v. Progressive Casualty Ins. Co.,
`CBM2012-00002, Paper 66 (Jan. 23, 2014), aff'd, No. 2014-1466
`(Fed. Cir. 2014) ..................................................................................................... 9
`
`Liebel-Flarsheim Co. v. Medrad, Inc.,
`358 F.3d 898 (Fed. Cir. 2004) .............................................................................. 7
`
`Schumer v. Lab. Computer Sys., Inc.,
`308 F.3d 1304 (Fed. Cir 2002) ........................................................................... 23
`
`Sundance, Inc. v. Demonte Fabricating Ltd,
`550 F.3d 1356 (Fed. Cir. 2008) .......................................................................... 22
`
`iii
`
`

`
`IPR2015-01009
`
`
`
`Petitioner’s Reply
`
`Tempo Lighting Inc. v. Tivoli, LLC,
`742 F.3d 973 (Fed. Cir. 2014) ........................................................................ 5, 14
`
`Titanium Metals Corp. of America v. Banner,
`778 F.2d 775 (Fed. Cir. 1985) ............................................................................ 23
`
`Other Authorities
`
`37 C.F.R. §42.65(a) .................................................................................................. 17
`
`Fed. R. Evid. 702 ..................................................................................................... 22
`
`
`
`
`
`iv
`
`

`
`IPR2015-01009
`
`
`
`Petitioner’s Reply
`
`Exhibit List
`
`1006
`1007
`1008
`1009
`
`1010
`
`1011
`
`Exhibit # Reference Name
`1001
`U.S. Patent 8,843,643
`1002
`U.S. Patent 8,843,643 File History
`1003
`Declaration of Roberto Tomassia
`1004
`Curriculum Vitae of Roberto Tomassia
`1005
`Microsoft Corp., Microsoft Windows 2000 Professional Resource Kit
`(2000)
`Microsoft Internet Explorer 5 Resource Kit
`U.S. Patent 5,657,390
`Publication - Web Server Technology; Yeager & McGrath (1998)
`Microsoft Windows 2000 Professional Resource Kit – Copyright
`Registration Request
`USPN 6,839,750 (Control No. 95/001747) Request for Inter Partes
`Reexamination
`USPN 6,839,759 (Control No. 95/001747) Patent Owner’s Response
`to 10/14/2011 Office Action
`VirnetX v Cisco - Opening Claim Construction Brief (TXED 6-10-cv-
`417; Dkt 173)
`VirnetX v Cisco - Claim Construction Order (TXED 6-10-cv-00417;
`Dkt 266)
`Microsoft Windows 2000 Professional Resource Kit – About page
`U.S. Patent No. 6,502,135
`U.S. Patent No. 6,839,759
`Amazon Reviews “Microsoft Windows 2000 Professional Resource
`Kit”
`Barnes and Noble Customer Reviews of “Microsoft Windows 2000
`Professional Resource Kit”
`Microsoft Press Announces Complete Line of Learning and Reference
`Solutions for Microsoft Windows 2000 (Feb. 17, 2000),
`http://news.microsoft.com/2000/02/17/microsoft-press-announces-
`v
`
`1012
`
`1013
`
`1014
`1015
`1016
`1017
`
`1018
`
`1019
`
`

`
`IPR2015-01009
`
`
`
`Petitioner’s Reply
`
`1020
`1021
`1022
`1023
`1024
`1025
`1026
`1027
`
`1028
`1029
`1030
`1031
`
`1032
`
`Exhibit # Reference Name
`complete-line-of-learning-and-reference-solutions-for-microsoft-
`windows-2000/
`RFC 2026 – The Internet Standards Process – Revision 3
`U.S. Patent No. 5,991,810
`RFC 882 – Domain Names – Concepts and Facilities
`RFC 883 – Domain Names – Implementation and Specification
`RFC 1034 – Domain Names – Concepts and Facilities
`RFC 1035 – Domain Names – Implementation and Specification
`RFC 1912 – Common DNS Operational and Configuration Errors
`Linux Networking-HOWTO,
`http://www.tldp.org/HOWTO/html_single/NET3-4-HOWTO/ (Aug.
`1999)
`RFC 2219 – Use of DNS Aliases for Network Services
`RFC 2543 – SIP: Session Initiation Protocol
`U.S. Patent No. 6,061,738
`Ben Laurie & Peter Laurie, Apache: The Definitive Guide (2d ed.
`1999)
`Kerberos: An Authentication Service for Open Network Systems
`(Mar. 30, 1988)
`RFC 2409 – The Internet Key Exchange (IKE)
`RFC 2408 – Internet Security Association and Key Management
`Protocol (ISAKMP)
`RFC 2401 – Security Architecture for Internet Protocol
`U.S. Patent No. 5,960,204
`Original Specification, U.S. Utility Patent Application No. 09/558,210
`Microsoft Internet Explorer 5 Resource Kit - Copyright Registration
`Amazon reviews “Microsoft Windows 2000 Server Resource Kit”
`Secure Sockets Layer for SOCKS Version 5 (1997)
`Ari Luotonen & Tim Berners-Lee, CERN httpd Reference Manual
`
`1033
`1034
`
`1035
`1036
`1037
`1038
`1039
`1040
`1041
`
`vi
`
`

`
`IPR2015-01009
`
`
`
`Petitioner’s Reply
`
`1042
`
`1043
`
`Exhibit # Reference Name
`(1994)
`Archive.org snapshot of Morgan Kaufmann Publishers website,
`www.mjp.com (April 29, 1997), https://web.archive.org/web/
`19970429195411/http://www.mkp.com/index.htm
`Search for “‘web server technology’ yeager”, Google Scholar,
`https://scholar.google.com/ (date limited: 1996-1999)
`U.S. Patent No. 6,012,126
`Declaration of Scott M. Border
`Deposition Transcript of Dr. Fabian Monrose (May 18, 2016)
`
`1044
`1045
`1046
`[NEW]
`1047
`
`[RESERVED]
`
`1048
`[NEW]
`1049
`[NEW]
`
`The Reality of Virtual Private Networks, InfoWorld, Aug. 16, 1999
`(Advertising Supplement)
`Gibbs, M., IP Security: Keeping Your Business Private, Network
`World (March 15, 1999)
`
`vii
`
`

`
`IPR2015-01009
`
`I.
`
`Introduction
`
`
`
`Petitioner’s Reply
`
`In its Institution Decision, the Board correctly found that Windows Resource
`
`Kit anticipates claims 1-9, 12, 14, 17-23, 27, and 29, and that Windows Resource
`
`Kit in view of IE5 Resource Kit and Elgamal renders obvious claims 1, 13, 15-17,
`
`28, and 30-32. Paper 9 (“Dec.”), 9. The Board’s initial determination is fully
`
`supported by more than substantial evidence, and the claims should be cancelled.
`
`II. Claim Construction
`
`The Board correctly found that no claims require construction. Dec., 4-5. In
`
`its response (Paper 15) (“Resp.”), Patent Owner proposes constructions for a
`
`number of terms, only a few of which are relevant to the parties’ dispute: “secure
`
`domain name” / “non-secure domain name” (Resp., 5-12), and “secure domain
`
`name server” (Resp., 13-20). For those terms, Patent Owner’s constructions are
`
`not supported by the specification and are simply an attempt to read features into
`
`the claims. As explained below, Patent Owner’s constructions must be rejected.
`
`III. Windows Resource Kit Anticipates Claims 1-9, 12, 14, 17-24, 27, and 29
`
`A.
`
`Independent Claims 1 and 17
`
`1. Windows Resource Kit Discloses “Enabl[ing] … a Secure
`Communication Mode Without a User Entering Any
`Cryptographic Information”
`
`The Board correctly found that Windows Resource Kit discloses the claimed
`
`“enabling” step. Dec., 5. Petitioner explained Windows Resource Kit discloses
`
`1
`
`

`
`IPR2015-01009
`
`
`
`Petitioner’s Reply
`
`user-enabled encrypted communications through a configuration interface and
`
`selection of “Low,” “Moderate,” or “High” security policies from a dropdown
`
`menu. Pet., 20-22; Ex. 1005, 1024-27; Ex. 1003, ¶¶189-193. The latter two modes
`
`request or require encryption be used to protect communications, so are “secure
`
`communication mode[s].” Pet., 21; Ex. 1003, ¶¶189-190. A user does not enter
`
`any cryptographic information when selecting these modes, but simply chooses
`
`one and clicks the “OK” button. Pet., 21; Ex. 1005, 1024-25; Ex. 1003, ¶193.
`
`These policies control when encryption is required, but not how encryption is
`
`performed. Pet., 21; Ex. 1005, 1026-27; Ex. 1003, ¶¶191-193.
`
`Windows Resource Kit’s configuration menu is almost identical to the ’643
`
`patent’s preferred embodiment, which describes a user “clicking on a ‘go secure’
`
`hyperlink (an example of the claimed enabling the secure communication mode
`
`step).” Resp., 27; Ex. 1001, 50:9-19. Clicking this “go secure” hyperlink does not
`
`require the user “to enter any user identifying information, passwords or
`
`encryption keys for establishing a secure communication link.” Ex. 1001, 50:14-
`
`16. The user in Windows Resource Kit likewise clicks a button to enable a desired
`
`security policy without having to enter any additional information. Pet., 21; Ex.
`
`1005, 1024-25; Ex. 1003, ¶193; see Ex. 1046, 81:19-82:11 (Dr. Monrose
`
`agreeing). Windows Resource Kit’s description of selecting between requesting
`
`and requiring encryption (“Moderate” v. “High”) is also equivalent to the ’643
`
`2
`
`

`
`IPR2015-01009
`
`
`
`Petitioner’s Reply
`
`patent’s disclosure of “a user [] optionally select[ing] parameters … such as
`
`enabling a secure communication link mode … for all communication links over
`
`computer network 3302.” Ex. 1001, 50:2-6 (emphasis added).
`
`Patent Owner and Dr. Monrose challenge Petitioner’s showing by arguing
`
`the mapping is inconsistent with “Dr. Tamassia’s understanding” of the “enabling”
`
`step. Resp., 22-24; Ex. 2015, ¶¶36-39 (Dr. Monrose repeating Patent Owner’s
`
`arguments verbatim). Patent Owner implies selecting a security policy constitutes
`
`providing “cryptographic information” under this “understanding” because Dr.
`
`Tamassia explained that the selection “has an impact on whether IPSec is
`
`subsequently established.” See Resp., 22-24; Ex. 2016, 66:21-67:6; see Ex. 1046,
`
`66:2-19. Patent Owner’s argument is wrong for four reasons.
`
`First, Patent Owner never addresses whether Windows Resource Kit
`
`actually discloses this element. Resp., 22-24. Instead, it merely asserts selecting a
`
`security policy is “inconsistent with Dr. Tamassia’s… interpretation,” (Resp., 24),
`
`which says nothing about whether it is inconsistent with the claimed “enabling”
`
`step interpreted in view of the ’643 patent’s specification.
`
`Second, Patent Owner mischaracterizes Dr. Tamassia’s opinion. He
`
`consistently explained that “cryptographic information” is information “used to
`
`encrypt, decrypt, or authenticate,” (Ex. 1003, ¶193), and selecting Windows
`
`Resource Kit’s security policies, in contrast, merely “control[s] the scenarios in
`
`3
`
`

`
`IPR2015-01009
`
`
`
`Petitioner’s Reply
`
`which encryption would be required,” (id., ¶¶191, 193). See also Ex. 2016, 25:13-
`
`26:20 (explaining “cryptographic information [is] the specific cryptographic
`
`values that will be used in the secure communication such as cryptographic
`
`keys…, digital signatures…, hash values…, required… key lengths and specific
`
`encryption algorithms.” (emphasis added)). He explained that while selecting
`
`security policies “has an impact on” whether communications are secure, it is not
`
`related to the strength of the security because it merely selects “whether the client
`
`insists or not in having IP security.” Ex. 2016, 63:13-65:16. Thus, the selection of
`
`“Low,” “Moderate,” or “High” is not “cryptographic information.”
`
`Third, Patent Owner implies any information that “has an impact on”
`
`establishing the encrypted communication link is “cryptographic information,” but
`
`this reads the word “cryptographic” out of the claim. See Resp., 24; Ex. 1046,
`
`29:16-30:9 (Dr. Monrose agreeing “the mere fact of clicking on the ‘go secure’
`
`hyperlink does not provide any cryptographic information”). This reading would
`
`also exclude the ’643 patent’s preferred embodiment, which enables a secure
`
`communication mode by (1) clicking a “go secure” hyperlink and (2) “select[ing]
`
`parameters … such as enabling [the] mode … for all communication links.” Ex.
`
`1001, 49:41-53 (emphasis added). Both of these “impact” whether the encrypted
`
`communication link is established, but neither is “cryptographic.” See Epos
`
`Technologies Ltd. v. Pegasus Technologies, 766 F.3d 1338, 1347 (Fed. Cir. 2014)
`
`4
`
`

`
`IPR2015-01009
`
`
`
`Petitioner’s Reply
`
`(constructions that excludes a preferred embodiment are rarely, if ever, correct).
`
`Moreover, when a “phrase appears in the claims as part of a negative limitation,” it
`
`must be interpreted to give “the broadest reasonable construction of the claims,”
`
`not the phrase. Canon Inc. v. Intellectual Ventures I LLC, IPR2014-00757, Paper
`
`8, 6 (Nov. 21, 2014); see also Microsoft Corp. v. IpLearn-Focus, LLC, IPR2015-
`
`00097, Paper 11, 10-11 (Mar. 26, 2015).
`
`Patent Owner’s implicit construction also conflicts with the ordinary
`
`understanding of the term, which is undisputed. Dr. Tamassia explained that
`
`“cryptographic information … [is] used to encrypt, decrypt, or authenticate
`
`information,” Ex. 1003, ¶193, and Dr. Monrose agreed that “cryptographic
`
`information is information that is used to encrypt or decrypt data,” Ex. 1046, 29:5-
`
`15. This understanding is consistent with the Board’s decision involving a related
`
`patent, where it construed “without a user entering any cryptographic information”
`
`to mean “without a user entering a code or a key to convert data so that only the
`
`specific recipients will be able to read the sent information.” Cisco Systems, Inc. v.
`
`VirnetX Inc., Appeal 2015-007843, 12 (Feb. 11, 2016).
`
`Lastly, Patent Owner’s position that Windows Resource Kit is deficient is
`
`fatally undercut by Dr. Monrose’s deposition testimony, who testified that
`
`selecting “different policies impact[s] the choice of cryptographic information that
`
`is used in the subsequent connection.” Ex. 1046, 73:6-74:12 (emphasis added).
`
`5
`
`

`
`IPR2015-01009
`
`
`
`Petitioner’s Reply
`
`This is irrelevant to whether the mode is enabled without “entering” cryptographic
`
`information. He stated that “an indication of a specific encryption/decryption
`
`function” would constitute “cryptographic information,” but admitted that IPSec is
`
`only a “protocol suite,” “not an encryption or decryption function” itself, and that it
`
`merely supports “the negotiation of cryptographic techniques.” Id., 73:6-74:12,
`
`69:6-19 (emphasis added). He did not know which encryption functions were
`
`supported by IPSec and could not identify “any specific functions that map to any
`
`one of” the security policies. Ex. 1046, 78:6-81:2. In sum, Dr. Monrose could not
`
`point to any “cryptographic information” actually entered by a user during the
`
`selection of Windows Resource Kit’s security policies. Windows Resource Kit
`
`thus discloses the “enabling” step.
`
`2. Windows Resource Kit Discloses “Establish[ing], Based on a
`Determination that the Secure Communication Mode has Been
`Enabled, The Encrypted Communication Link”
`
`The Board correctly found that Windows Resource Kit discloses the claimed
`
`“establishing” step. Dec., 5-6. Windows Resource Kit discloses an example
`
`where Computer A creates packets to send to Computer B, and Computer A’s
`
`IPSec functionality checks the current security policy before the packets are sent.
`
`Pet., 22-23; Ex. 1005, 1021-27; Ex. 1003, ¶¶185-194. If the security policy
`
`indicates that outgoing connections require encryption, Computer A performs a
`
`series of security negotiations with Computer B so as to form an “encrypted
`
`6
`
`

`
`IPR2015-01009
`
`
`
`Petitioner’s Reply
`
`communication link” between them, and then sends the packets over this “link.”
`
`Pet., 23; Ex. 1005, 1021-22; Ex. 1003, ¶¶195-203.
`
`Patent Owner argues Windows Resource Kit is deficient because “selecting
`
`a security policy … does not trigger establishment of a connection.” Resp., 25-28
`
`(emphasis added); Ex. 2015, ¶¶40-46 (Dr. Monrose repeating Patent Owner’s
`
`arguments verbatim); Ex. 1046, 94:13-95:1. Absent this “trigger” requirement,
`
`Patent Owner and Dr. Monrose do not contest that Windows Resource Kit
`
`discloses this limitation. See Resp., 25-28; Ex. 1046, 91:16-93:6.
`
`The plain language of claims 1 and 17, however, does not require the
`
`“enabling” step to “trigger” the “establishing” step. Claims 1 and 17 include
`
`separate “enabling” and “establishing” steps, and nothing requires that one
`
`“trigger” the other. Ex. 1001, 55:46-67, 57:12-37; see Cisco Systems, Appeal
`
`2015-007843, 12 (finding no “triggering” requirement in a claim containing similar
`
`language). This reading is confirmed by dependent claims 16 and 32, which recite
`
`the same requirement Patent Owner now reads into claims 1 and 17: “wherein the
`
`enablement of the secure communication mode triggers establishing of the
`
`encrypted communication link.” Ex. 1001, 57:9-11, 58:59-62 (emphasis added). It
`
`is well-settled that “the presence of a dependent claim that adds a particular
`
`limitation raises a presumption that the limitation in question is not found in the
`
`independent claim.” Liebel-Flarsheim Co. v. Medrad, Inc., 358 F.3d 898, 910
`
`7
`
`

`
`IPR2015-01009
`
`
`
`Petitioner’s Reply
`
`(Fed. Cir. 2004). Patent Owner offers nothing to upset the strong presumption
`
`against reading any “triggering” requirement into claims 1 and 17.
`
`As Petitioner explained (Pet., 22-23; Ex. 1005, 1021-27; Ex. 1003, ¶¶185-
`
`203), the next outbound packets generated after a security policy is selected will
`
`apply the “very same security policy that was previously selected” (see Resp., 26).
`
`Windows Resource Kit thus discloses the “establishing” step.
`
`3. Windows Resource Kit Discloses “Initiating Establishment of
`the Encrypted Communication Link … Using the… Network
`Address and Encrypted Communication Link Resources
`Received From a Server that is Separate From the First Device”
`
`The Board correctly found Windows Resource Kit discloses the claimed
`
`“initiating” step. Dec., 5-6. Windows Resource Kit discloses that when a
`
`computer connects to a remote host using a domain name, a DNS resolver first
`
`queries one or more DNS servers. Pet., 27 Ex. 1005, 964, 967; Ex. 1003, ¶¶162-
`
`171. In response, the DNS resolver receives one or more IP addresses
`
`corresponding to the domain name. Pet., 28; Ex. 1005, 979-982, 986; Ex. 1003,
`
`¶¶172-175. These IP addresses are then used as destination addresses to generate
`
`packets to route to the remote host. Pet., 29; Ex. 1005, 1006, 1021; Ex. 1003,
`
`¶196. After these packets are generated but before they are sent, the computer
`
`determines whether secure communications are necessary by checking the
`
`computer’s active IP Security policy. Pet., 22-23; Ex. 1005, 1020-27; Ex. 1003,
`
`¶¶185-194. If secure communications are required, the computer and remote host
`8
`
`

`
`IPR2015-01009
`
`
`
`Petitioner’s Reply
`
`begin security negotiations and establish an “encrypted communication link.” Pet.,
`
`29-30; Ex. 1005, 1021-22, 1025; Ex. 1003, ¶¶140-42, 198-202.
`
`Patent Owner makes two arguments against this mapping, neither of which
`
`has merit. See Resp., 29-32; Ex. 2015, ¶¶47-52 (Dr. Monrose repeating Patent
`
`Owner’s arguments verbatim). First, it asserts Windows Resource Kit does not
`
`disclose using “an IP address received from a DNS query when establishing a
`
`communication link.” Resp., 29-30. Patent Owner’s argument rests on its
`
`assertion that the passage describing Computer A and Computer B does not
`
`explicitly state that the outbound packet was generated after a DNS lookup. See
`
`Resp., 29-30; Ex. 1005, 21. The relevant question, however, is what a person of
`
`ordinary skill in the art would have understood from the document. See Liberty
`
`Mutual Ins. Co. v. Progressive Casualty Ins. Co., CBM2012-00002, Paper 66, 25
`
`(Jan. 23, 2014), aff’d, No. 2014-1466 (Fed. Cir. 2015) (“[N]arrowly focus[ing] on
`
`one sentence of [] disclosure … fails to consider” the prior art “from the
`
`perspective of one of ordinary in the art.”).
`
`Dr. Tamassia explained that “[t]he resolution process … [is] not mentioned
`
`in the specific example” because it is instead “described in the section about name
`
`resolution.” Ex. 2016, 74:10-24. He also explained that Windows Resource Kit
`
`shows checking the IP Security policy whenever an application “generates
`
`outbound packets,” such as those generated after requesting an IP address via a
`
`9
`
`

`
`IPR2015-01009
`
`
`
`Petitioner’s Reply
`
`DNS query. Ex. 1005, 1021; Ex. 1003, ¶¶161, 185, 196; Pet., 22-30. Patent
`
`Owner’s argument that the IP address could come “pre-configured,” Resp., 30, is
`
`irrelevant because Windows Resource Kit’s discloses using DNS lookup as a
`
`source of IP addresses. Ex. 1005, 964. Petitioner need not show that every
`
`embodiment in the prior art anticipates. See Arthrocare Corp. v. Smith & Nephew,
`
`Inc., 406 F.3d 1365, 1372 (Fed. Cir. 2005) (error “to limit the disclosure of the
`
`prior art reference to a preferred embodiment”).
`
`Second, Patent Owner asserts the claimed “second device” and “server”
`
`must correspond to “different components,” while Petitioner has mapped
`
`Computer B to both components. Resp., 28-32. Patent Owner’s position is
`
`inconsistent with the claims, which provide that the server must only be “separate
`
`from the first device,” but do not require the server to be “separate from the second
`
`device.” If the claims implicitly required the “first device,” “second device,” and
`
`“server” to be located on distinct devices, there would be no need to explicitly
`
`require the server to be “separate from the first device.” Thus, the claim language
`
`contemplates that the “server” need not be separate from the “second device.”
`
`This reading of the claims is consistent with the ’643 specification, which
`
`shows that the various components of the system, including the gatekeeper
`
`computer alleged to correspond to the claimed “server,” can reside on separate
`
`devices or on the same device. Ex. 1001, 51:34-39, 40:30-42, 41:10-12; see Ex.
`
`10
`
`

`
`IPR2015-01009
`
`
`
`Petitioner’s Reply
`
`1046, 43:2-21 (Dr. Monrose agreeing). Likewise, Patent Owner argued in a
`
`proceeding involving the related ’135 patent that a “server” can include “a
`
`computer or program that responds to a request.” IPR2014-00171, Paper 41, 44-
`
`45 (emphasis added). Patent Owner explained that “the common usage in the field
`
`[is] that a ‘server’ may comprise hardware and/or software elements.” Id. at 45.
`
`Thus, Windows Resource Kit discloses a “second device” that includes
`
`“server” functionality in the form of a server computer running server software,
`
`Ex. 1005, 1021, 1024-25, and therefore fulfills both the claimed “second device”
`
`and “server” elements. Pet., 29-30. Server software such as “Windows 2000
`
`Server” (“server”) is a separate software component from the underlying computer
`
`hardware (“second device”). See, e.g., Ex. 1005, 5 (“Windows 2000 Server-based
`
`computer”), 87 (“systems running Windows 2000 Server”), 171 (“the destination
`
`computer in which to install Windows 2000 Server”), 223 (“a computer running
`
`Windows 2000 Server”). Windows Resource Kit thus discloses the “initiating”
`
`step.
`
`B. Dependent Claims
`
`1.
`
`Claims 6 and 21
`
`The Board correctly found that Windows Resource Kit anticipates claims 6
`
`and 21. Dec., 9. Petitioner explained that the Windows 2000 operating system is a
`
`“user interface” with multiple “user interface elements,” one of which is the IPSec
`
`11
`
`

`
`IPR2015-01009
`
`
`
`Petitioner’s Reply
`
`dialog window. Pet., 33, 35; Ex. 1005, 7, 353, 1025. Per claims 5, 6, 20, and 21,
`
`Windows 2000 comes with Internet Explorer 5, which is a “web browser” and
`
`“application” stored in the memory of the Windows 2000 computer (“first
`
`device”). Pet., 37; Ex. 1005, 11-12.
`
`In its Response, Patent Owner presents an argument premised on the Petition
`
`mapping Windows Resource Kit’s IPSec dialog window to the claimed “user
`
`interface.” Resp., 32-35; Ex. 2015, ¶¶53-58 (Dr. Monrose repeating Patent
`
`Owner’s arguments verbatim). Patent Owner is mistaken—Windows 2000 fulfills
`
`the claimed “user interface,” not the IPSec dialog window. Pet., 33, 37. Windows
`
`Resource Kit thus anticipates claims 6 and 21.
`
`2.
`
`Claims 7 and 22
`
`The Board correctly found that Windows Resource Kit anticipates claims 7
`
`and 22. Dec., 6-7. After the petition was filed, the Board construed an “SDNS” as
`
`“a service that can resolve secure computer network addresses for a secure domain
`
`name for which a conventional domain name service cannot resolve addresses.”
`
`Apple Inc. v. VirnetX Inc., IPR2014-00403, Paper 42, 8-20 (July 29, 2015).
`
`Windows Resource Kit explains that domain names can correspond to hosts
`
`that require encryption or authentication, and are thus secure computers with
`
`secure network addresses. Pet., 38; Ex. 1005, 1024, 1027; Ex. 1003, ¶¶67-39.
`
`Windows 2000 also supports using a private name server to resolve intranet names
`
`12
`
`

`
`IPR2015-01009
`
`
`
`Petitioner’s Reply
`
`and a public name server to resolve Internet names. Pet., 38-39; Ex. 1005, 989-90.
`
`This allows a host to register “different domain names on each network,” with
`
`private domain names un-resolvable on the conventional public name server. Ex.
`
`1005, 989-90.
`
`In its Response, Patent Owner argues that Windows Resource Kit does not
`
`disclose an “SDNS” for reasons that largely rest on its overly narrow construction
`
`of the term (which incorporates its construction for “secure domain name”). Resp.,
`
`5-20, 36-38; Ex. 2015, ¶¶17-30, 59-65 (Dr. Monrose repeating Patent Owner’s
`
`arguments verbatim). Each of these arguments fails.
`
`First, Patent Owner argues Windows Resource Kit does not disclose
`
`providing a “secure computer network address” for a requested “secure domain
`
`name” because the hosts or addresses do not require “security” or “authentication
`
`for access.” Resp., 36-38. That is incorrect. Windows Resource Kit explains a
`
`connection’s “level of security … is based on the IP security policy of the sending
`
`or receiving computer,” and that when the “High” security policy is selected on the
`
`receiving computer “[a]ll unsecured incoming communications are rejected.” Ex.
`
`1005, 1021, 1025 (emphasis added). A remote host operating under this policy is
`
`secure, “authenticate[s] the session,” and “limit[s] access from unauthorized
`
`users.” Id., 1020-21. Likewise, an address returned by a private name server for
`
`such a host is one that requires authorization for access. Id. Moreover, any
`
`13
`
`

`
`IPR2015-01009
`
`
`
`Petitioner’s Reply
`
`computer and address located on a private network is “secure” because it is located
`
`on “a secure computer network.” Pet., 11; Ex. 1003, ¶69. These aspects of Patent
`
`Owner’s proposed construction of “SDNS” are thus irrelevant.
`
`Second, Patent Owner argues Windows Resource Kit’s domain names are
`
`not “non-standard.” Resp., 37-38. But Patent Owner’s supposed disclaimers are
`
`not applicable to the Board here, Tempo Lighting Inc. v. Tivoli, LLC, 742 F.3d 973,
`
`978 (Fed. Cir. 2014), and are not supported by the ’643 specification, which does
`
`not require an “SDNS” resolve only “non-standard” domain names. The
`
`specification simply provides that an SDNS has a table that correlates secure
`
`domain names and secure network addresses. Ex. 1001, 51:6-10. Patent Owner
`
`offers no reason to depart from the Board’s prior rejection of this requirement in
`
`related proceedings. See IPR2014-00403, Paper 42, 8-20.
`
`Third, Patent Owner argues Windows Resource Kit’s private name server is
`
`“conventional,” but provides no justification other than that it cannot resolve “non-
`
`standard” domain names. Resp. 37-38. Windows Resource Kit discloses domain
`
`names corresponding to intranet destinations that can only be resolved by a private
`
`name server located on a private network, and cannot be resolved by conventional
`
`public name servers. Ex. 1005, 989-90. Patent Owner continues to offer no
`
`rebuttal to this mapping, despite the Board’s prompting. See Dec., 7.
`
`14
`
`

`
`IPR2015-01009
`
`
`
`Petitioner’s Reply
`
`Finally, Patent Owner argues Windows Resource Kit’s private name server
`
`is not an “SDNS” because it cannot “recognize[] that a query message is requesting
`
`a secure computer network address.” Resp., 38. But Windows Resource Kit’s
`
`name server “recognizes” a query is requesting a secure address in the manner
`
`disclosed in the ’643 patent: by checking an internal table that correlates secure
`
`names to secure addresses. Ex. 1001, 51:6-10. Neither the claims nor the
`
`specification require anything more.
`
`Windows Resource Kit thus anticipates claims 7 and 22.
`
`3.
`
`Claims 12 and 27
`
`The Board correctly found that Windows Resource Kit anticipates claims 12
`
`and 27. Dec., 7. Windows Resource Kit discloses a variety of domain name