throbber
Filed on behalf of: VirnetX Inc.
`By:
`
`Joseph E. Palys
`Paul Hastings LLP
`875 15th Street NW
`Washington, DC 20005
`Telephone: (202) 551-1996
`Facsimile: (202) 551-0496
`E-mail: josephpalys@paulhastings.com
`
`Naveen Modi
`Paul Hastings LLP
`875 15th Street NW
`Washington, DC 20005
`Telephone: (202) 551-1990
`Facsimile: (202) 551-0490
`E-mail: naveenmodi@paulhastings.com
`
`
`
`
`
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`
`
`
`
`
`
`
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`
`
`
`
`
`
`
`
`
`APPLE INC.
`Petitioner
`
`v.
`
`VIRNETX INC.
`Patent Owner
`
`
`
`
`
`
`
`Case IPR2014-00481
`Patent 7,188,180
`
`
`
`
`
`
`
`
`
`
`
`
`Declaration of Fabian Monrose, Ph.D.
`
`
`
`1
`
`Page 1 of 53
`
`VIRNETX EXHIBIT 2010
`Apple v. VirnetX
`Trial IPR2015-01009
`
`

`
`Case No. IPR2014-00481
`
`Table of Contents
`
`I.
`
`II.
`
`Introduction ...................................................................................................... 4
`
`Resources Consulted ........................................................................................ 4
`
`III. Background and Qualifications ....................................................................... 5
`
`IV.
`
`Level of Ordinary Skill .................................................................................. 10
`
`V.
`
`Claim Terms .................................................................................................. 10
`
`A.
`
`“VPN Communication Link” (Claims 1, 17, and 33) ......................... 10
`
`1.
`
`2.
`
`A VPN Communication Link is a Link in a VPN .................... 11
`
`A VPN Requires a Network of Computers ............................... 13
`
`B.
`
`C.
`
`D.
`
`“Secure Computer Network Address” (Claims 1, 12, 17, 28,
`and 33) ................................................................................................. 14
`
`“Client Computer” (Claims 13, 15, 29, and 31) .................................. 15
`
`Other Terms ......................................................................................... 17
`
`VI.
`
`Provino........................................................................................................... 18
`
`A.
`
`B.
`
`Provino’s Disclosure ........................................................................... 18
`
`Claims 1, 17, and 33 ............................................................................ 20
`
`1.
`
`2.
`
`“Receiving a Secure Domain Name” ........................................ 20
`
`“Sending a Query Message From to a Secure Domain
`Name Service, the Query Message Requesting From the
`Secure Domain Name Service a Secure Computer
`Network Address Corresponding to a Secure Domain
`Name” ....................................................................................... 22
`
`a)
`
`b)
`
`The ’180 Patent Specification......................................... 23
`
`“Secure Domain Name Service” Under Apple’s
`Construction .................................................................... 26
`
`2
`
`Page 2 of 53
`
`

`
`Case No. IPR2014-00481
`
`3.
`
`“Sending an Access Request Message to the Secure
`Computer Network Address Using a Virtual Private
`Network Communication Link” ............................................... 28
`
`C.
`
`Dependent Claims ............................................................................... 30
`
`1.
`
`2.
`
`Dependent Claims 10 and 26 – The VPN Includes the
`Internet ...................................................................................... 30
`
`Dependent Claims 12 and 28 – The Access Request
`Message Contains a Request for Information Stored at
`the Secure Computer Network Address .................................... 30
`
`VII. Provino in View of Guillen ........................................................................... 32
`
`VIII. Conclusion ..................................................................................................... 35
`
`
`
`
`
`3
`
`Page 3 of 53
`
`

`
`Case No. IPR2014-00481
`
`I, FABIAN MONROSE, declare as follows:
`
`I.
`
`Introduction
`
`1.
`
`I have been retained by VirnetX Inc. (“VirnetX”) for this inter partes
`
`review proceeding. I understand that this proceeding involves U.S. Patent No.
`
`7,188,180 (“the ’180 patent”). I understand the ’180 patent is assigned to VirnetX
`
`and that it is part of a family of patents that stems from U.S. provisional
`
`application nos. 60/106,261 (“the ’261 application”), filed on October 30, 1998,
`
`and 60/137,704 (“the ’704 application”), filed on June 7, 1999. I understand that
`
`the ’180 patent is a divisional of U.S. application no. 09/558,209 filed April 26,
`
`2000 (“the ’209 application,” abandoned). And I understand the ’209 application
`
`is a continuation-in-part of U.S. application no. 09/504,783 filed February 15, 2000
`
`(now U.S. Patent 6,502,135, “the ’135 patent”), and that the ’135 patent is a
`
`continuation-in-part of U.S. application no. 09/429,643 (now U.S. Patent No.
`
`7,010,604) filed October 29, 1999, which claims priority to the ’261 and ’704
`
`applications.
`
`II. Resources Consulted
`
`2.
`
`I have reviewed the ’180 patent, including claims 1-41. I have also
`
`reviewed the Petition for Inter Partes Review (Paper No. 1) filed with the U.S.
`
`Patent and Trademark Office (“Office”) by Apple Inc. on March 7, 2014 (Paper
`
`No. 1, the “Petition”). I have also reviewed the Patent Trial and Appeal Board’s
`
`4
`
`Page 4 of 53
`
`

`
`Case No. IPR2014-00481
`
`(“Board”) decision to institute inter partes review (Paper No. 11, the “Decision”)
`
`of September 3, 2014.
`
`3.
`
`I understand that in this proceeding the Board instituted review of the
`
`’180 patent on two grounds: (1) anticipation of claims 1, 10, 12–15, 17, 26, 28–31,
`
`and 37 by Provino; and (2) obviousness of claims 4, 6, 20, 22, 35, and 37 over
`
`Provino in view of Guillen. I have reviewed the exhibits and other documentation
`
`supporting the Petition that are relevant to the Decision and the instituted grounds.
`
`III. Background and Qualifications
`
`4.
`
`I have a great deal of experience and familiarity with computer and
`
`network security, and have been working in this field since 1993 when I entered
`
`the Ph.D. program at New York University.
`
`5.
`
`I am currently a Professor of Computer Science at the University of
`
`North Carolina at Chapel Hill. I also hold an appointment as the Director of
`
`Computer and Information Security at the Renaissance Computing Institute
`
`(RENCI). RENCI develops and deploys advanced technologies to facilitate
`
`research discoveries and practical innovations. To that end, RENCI partners with
`
`researchers, policy makers, and technology leaders to solve the challenging
`
`problems that affect North Carolina and our nation as a whole. In my capacity as
`
`Director of Computer and Information Security, I
`
`lead
`
`the design and
`
`implementation of new platforms for enabling access to, and analysis of, large and
`
`5
`
`Page 5 of 53
`
`

`
`Case No. IPR2014-00481
`
`sensitive biomedical data sets while ensuring security, privacy, and compliance
`
`with regulatory requirements. At RENCI, we are designing new architectures for
`
`securing access to data (e.g., using virtual private networks and data leakage
`
`prevention technologies) hosted among many different institutions. Additionally, I
`
`serve on RENCI’s Security, Privacy, Ethics, and Regulatory Oversight Committee
`
`(SPOC), which oversees the security and regulatory compliance of technologies,
`
`designed under the newly-formed Data Science Research Program and the Secure
`
`Medical Research Workspace.
`
`6.
`
`I received my B.Sc. in Computer Science from Barry University in
`
`May 1993. I received my MSc. and Ph.D. in Computer Science from the Courant
`
`Institute of Mathematical Sciences at New York University in 1996 and 1999,
`
`respectively. Upon graduating from the Ph.D. program, I joined the Systems
`
`Security Group at Bell Labs, Lucent Technologies. There, my work focused on the
`
`analysis of
`
`Internet Security
`
`technologies
`
`(e.g.,
`
`IPsec and client-side
`
`authentication) and applying
`
`these
`
`technologies
`
`to Lucent’s portfolio of
`
`commercial products. In 2002, I joined the Johns Hopkins University as Assistant
`
`Professor in the Computer Science department. I also served as a founding
`
`member of the Johns Hopkins University Information Security Institute (JHUISI).
`
`At JHUISI, I served a key role in building a center of excellence in Cyber Security,
`
`leading efforts in research, education, and outreach.
`
`6
`
`Page 6 of 53
`
`

`
`Case No. IPR2014-00481
`
`7.
`
`In July of 2008, I joined the Computer Science department at the
`
`University of North Carolina (UNC) Chapel Hill as Associate Professor, and was
`
`promoted to Full Professor four years later. In my current position at UNC Chapel
`
`Hill, I work with a large group of students and research scientists on topics related
`
`to cyber security. My former students now work as engineers at several large
`
`companies, as researchers in labs, or as university professors themselves. Today,
`
`my research focuses on applied areas of computer and communications security,
`
`with a focus on traffic analysis of encrypted communications (e.g., Voice over IP);
`
`Domain Name System (DNS) monitoring for performance and network abuse;
`
`network security architectures for traffic engineering; biometrics and client-to-
`
`client authentication techniques; computer forensics and data provenance; runtime
`
`attacks and defenses for hardening operating system security; and large-scale
`
`empirical analyses of computer security incidents. I also regularly teach courses in
`
`computer and information security.
`
`8.
`
`I have published over 75 papers in prominent computer and
`
`communications security publications. My research has received numerous
`
`awards, including the Best Student Paper Award (IEEE Symposium on Security &
`
`Privacy, July, 2013), the Outstanding Research in Privacy Enhancing Technologies
`
`Award (July, 2012), the AT&T Best Applied Security Paper Award (NYU-Poly
`
`CSAW, Nov., 2011), and the Best Paper Award (IEEE Symposium on Security &
`
`7
`
`Page 7 of 53
`
`

`
`Case No. IPR2014-00481
`
`Privacy, May, 2011), among others. My research has also received corporate
`
`sponsorship, including two Google Faculty Research Awards (2009, 2011) for my
`
`work on network security and computer forensics, as well as an award from
`
`Verisign Inc. (2012) for my work on DNS.
`
`9.
`
`I am the sole inventor or a co-inventor on three issued US patents and
`
`four pending patent applications, nearly all of which relate to network and systems
`
`security. Over the past 12 years, I have been the lead investigator or a
`
`co-investigator on grants totaling nearly nine million US dollars from the National
`
`Science Foundation (NSF), the Department of Homeland Security (DHS), the
`
`Department of Defense (DoD), and industry. In 2014, I was invited to serve on the
`
`Information Science and Technology (ISAT) study group for the Defense
`
`Advanced Research Projects Agency (DARPA). During my
`
`three year
`
`appointment, I will assist DARPA by providing continuing and independent
`
`assessment of the state of advanced information science and technology as it
`
`relates to the U.S. Department of Defense.
`
`10.
`
`I have chaired several international conferences and workshops,
`
`including for example, the USENIX Security Symposium, which is the premier
`
`systems-security conference for academics and practitioners alike. Additionally, I
`
`have also served as Program Chair for the USENIX Workshop on Hot Topics in
`
`Security, the Program Chair for the USENIX Workshop on Large-scale Exploits &
`
`8
`
`Page 8 of 53
`
`

`
`Case No. IPR2014-00481
`
`Emergent Threats, the local arrangements Chair for the Financial Cryptography
`
`and Data Security Conference, and the General Chair of the Symposium on
`
`Research in Attacks and Defenses. As a leader in the field, I have also served on
`
`numerous technical program committees including the Research in Attacks,
`
`Intrusions, and Defenses Symposium (2012, 2013), USENIX Security Symposium
`
`(2013, 2005-2009), Financial Cryptography and Data Security (2011, 2012),
`
`Digital Forensics Research Conference (2011, 2012), ACM Conference on
`
`Computer and Communications Security (2009-2011, 2013), IEEE Symposium on
`
`Security and Privacy (2007, 2008), ISOC Network & Distributed System Security
`
`(2006—2009), International Conference on Distributed Computing Systems (2005,
`
`2009, 2010), and USENIX Workshop on Large-scale Exploits and Emergent
`
`Threats (2010-2012).
`
`11. From 2006 to 2009, I served as an Associate Editor for IEEE
`
`Transactions on Information and Systems Security (the leading technical journal
`
`on cyber security), and currently serve on the Steering Committee for the USENIX
`
`Security Symposium.
`
`12. My curriculum vitae, which is appended, details my background and
`
`technical qualifications. Although I am being compensated at my standard rate of
`
`$450/hour for my work in this matter, the compensation in no way affects the
`
`statements in this declaration.
`
`9
`
`Page 9 of 53
`
`

`
`Case No. IPR2014-00481
`
`IV. Level of Ordinary Skill
`
`13.
`
`I am familiar with the level of ordinary skill in the art with respect to
`
`the inventions of the ’180 patent as of what I understand is the patent’s early-2000
`
`priority date. Specifically, based on my review of the technology, the educational
`
`level of active workers in the field, and drawing on my own experience, I
`
`believe a person of ordinary skill in art at that time would have had a master’s
`
`degree in computer science or computer engineering, as well as two years of
`
`experience in computer networking with some accompanying exposure to network
`
`security. My view is consistent with VirnetX’s view that a person of ordinary skill
`
`in the art requires a master’s degree in computer science or computer engineering
`
`and approximately two years of experience in computer networking and computer
`
`security. I have been asked to respond to certain opinions offered by Dr. Roch
`
`Guerin, consider how one of ordinary skill would have understood certain claim
`
`terms, and consider how one of ordinary skill in the art would have understood the
`
`references mentioned above in relation to the claims of the ’180 patent. My
`
`findings are set forth below.
`
`V. Claim Terms
`
`A.
`
`“VPN Communication Link” (Claims 1, 17, and 33)
`
`14.
`
`I understand that the parties and the Board have put forth the following
`
`constructions:
`
`10
`
`Page 10 of 53
`
`

`
`VirnetX’s Proposed
`Construction
`A communication path
`between computers in a
`virtual private network
`
`Petitioner’s Proposed
`Construction
`Any communication link
`between two end points in
`a virtual private network
`
`Case No. IPR2014-00481
`
`Board’s Construction
`
`A transmission path
`between two devices that
`restricts access to data,
`addresses, or other
`information on the path,
`generally using
`obfuscation methods to
`hide information on the
`path, including, but not
`limited to, one or more of
`authentication,
`encryption, or address
`hopping
`
`
`
`1.
`
`A VPN Communication Link is a Link in a VPN
`
`15.
`
`I understand that the Decision states that a “VPN communication link”
`
`may be satisfied by “a link that merely connects to a virtual private network.”
`
`(Decision at 6.) I disagree with this interpretation. The ’180 patent discloses that a
`
`VPN communication link does not exist outside of a virtual private network.
`
`Dependent claims 4-10, 20-26, and 35-40 recite characteristics of “the virtual
`
`private network” underlying the independent claims’ “virtual private network
`
`communication link.” This is consistent with my understanding that a VPN
`
`communication link requires a virtual private network. When a secure domain
`
`name service (SDNS) receives a query for a secure network address, it “accesses
`
`VPN gatekeeper 3314 for establishing a VPN communication link between
`
`software module 3309 [at the querying computer 3301] and secure server 3320.”
`
`11
`
`Page 11 of 53
`
`

`
`Case No. IPR2014-00481
`
`(Ex. 1001 at 52:27-29.) Then, “VPN gatekeeper 3314 provisions computer 3301
`
`and secure web server computer 3320 . . . thereby creating the VPN” between the
`
`devices. (Ex. 1001 at 52:30-33, emphasis added.) Notably, the secure server 3320
`
`“can only be accessed through a VPN communication link.” (Ex. 1001 at 52:29-
`
`30.)
`
`16. The VPN communication link is initiated to send an access request
`
`message between the querying computer 3301 and secure server 3320. (See Ex.
`
`1001 at 52:55-57.) “Further communication between computers 3301 and 3320
`
`occurs via the VPN” through the VPN communication link. (Ex. 1001 at 52:60-
`
`62.)
`
`17. One of ordinary skill in the art would understand that the VPN
`
`communication link and the virtual private network arise contemporaneously and
`
`exist between the same devices. Figure 33, depicted below, reflects this. As
`
`shown, VPN communication link 3321 traverses the unsecured public network,
`
`Internet 3302 to connect computer 3301 with secure server 3320. Thus, in my
`
`opinion, the VPN communication link is more than a simple connection to a VPN.
`
`12
`
`Page 12 of 53
`
`

`
`Case No. IPR2014-00481
`
`
`
`2.
`
`A VPN Requires a Network of Computers
`
`18.
`
`I understand that the Decision concludes that a virtual private network
`
`communication link may be satisfied by a “path between two devices.” (Decision
`
`at 7.) In my opinion, the Decision’s construction eliminates the “network” from a
`
`virtual private network and a virtual private network communication link.
`
`19. One of ordinary skill in the art would understand the plain meaning of
`
`a VPN communication link to mean that the link must exist in a VPN and therefore
`
`must be between computers in a network. In describing a VPN, the ’180 patent
`
`refers to the “FreeS/WAN” project, which has a glossary of terms. (Ex. 1001 at
`
`40:14 and bibliographic data showing references cited.) The FreeS/WAN glossary
`
`defines a VPN as “a network which can safely be used as if it were private, even
`
`13
`
`Page 13 of 53
`
`

`
`Case No. IPR2014-00481
`
`though some of its communication uses insecure connections. All traffic on those
`
`connections is encrypted.” (Ex. 2009 at 24, Glossary for the Linux FreeS/WAN
`
`Project.) According to this glossary, a VPN includes at least the requirement of a
`
`“network of computers.”
`
`20. The specification further describes a VPN as including multiple
`
`“nodes.” (See, e.g., Ex. 1001 at 17:14-18, referring to “each node in the network”
`
`and “vastly increasing the number of distinctly addressable nodes,” 21:61, “nodes
`
`on the network”; see also id. 19:44-46, 24:48.) More specifically, the network
`
`allows “each node . . . to communicate with other nodes in the network.” (Ex.
`
`1001 at 17:18-20.) So a device within a VPN is able to communicate with the
`
`other devices within that same VPN. In addition, the specification distinguishes
`
`point-to-point queries from those carried on a VPN communication link, stating
`
`that they occur “without using an administrative VPN communication link.” (See,
`
`e.g., Ex. 1001 at 52:41-43, 47-49.)
`
`B.
`
`“Secure Computer Network Address” (Claims 1, 12, 17, 28, and
`33)
`
`21.
`
`I understand that the parties and the Board have put forth the following
`
`constructions:
`
`14
`
`Page 14 of 53
`
`

`
`Case No. IPR2014-00481
`
`Board’s Construction
`
`An address that requires
`authorization for access
`
`VirnetX’s Proposed
`Construction
`A network address that
`requires authorization for
`access and is associated
`with a computer capable
`of virtual private network
`communications
`
`Petitioner’s Proposed
`Construction
`A network address that
`requires authorization for
`access and is associated
`with a computer
`configured to be accessed
`through a virtual private
`network
`
`
`22.
`
`In my opinion, the parties’ proposed constructions requiring a
`
`relationship between the associated computer and the virtual private network is
`
`supported by the claim language, which recites “sending an access request message
`
`to the secure computer network address using a virtual private network
`
`communication link.” For the sending to occur as claimed, the computer must be
`
`capable of virtual private network communications. The ’180 patent specification
`
`further supports this, describing that “secure server 3320 . . . can only be accessed
`
`through a VPN communication link.” (Ex. 1001 at 52:27-30.) Thus, in my
`
`opinion, the computer must be capable of virtual private network communications.
`
`C.
`
`“Client Computer” (Claims 13, 15, 29, and 31)
`
`23.
`
`I understand that the parties and the Board have put forth the following
`
`constructions:
`
`VirnetX’s Proposed
`Construction
`User’s computer
`
`
`
`
`Petitioner’s Proposed
`Construction
`No construction proposed No construction
`
`Board’s Construction
`
`15
`
`Page 15 of 53
`
`

`
`Case No. IPR2014-00481
`
`24.
`
` In the context of the ’180 patent, the client computer is repeatedly and
`
`consistently discussed in connection with the user. The specification explains that
`
`the VPN communication link is initiated between the user’s computer 2601 and the
`
`target:
`
`If [the DNS request from the user’s computer 2601 is
`
`requesting access to a secure site and the user is
`
`authorized], DNS proxy 2610 transmits a message to
`
`gatekeeper 2603 requesting that a virtual private network
`
`be created between user computer 2601 and secure target
`
`site 2604.
`
`(See, e.g., Ex. 1001 at 40:53-56.) The specification further explains that a software
`
`module 3309 for accessing the secure computer network address using the VPN is
`
`installed on a computer 3301, (See Ex. 1001 at 50:60-64, 52:55-57), and elsewhere
`
`describes that the computer 3301 is manned by a user and equipped with a web
`
`browser 3306 and user input devices such as a keyboard, display, and/or mouse,
`
`(see id. at 49:66-50:13, 50:34-48, 50:64-51:14; FIG. 34.) In another embodiment,
`
`the specification explains that a “user’s computer 2501” includes this “client
`
`application.” (See id. at 39:53-55, 40:36-38.) Thus, in my opinion, one of
`
`ordinary skill in the art would understand that the ’180 patent equates the user’s
`
`computer 2601 with the “client computer” in the claims.
`
`16
`
`Page 16 of 53
`
`

`
`Case No. IPR2014-00481
`
`D. Other Terms
`
`25.
`
`I understand that the parties and Board have provided the following
`
`constructions. I agree that the claim language encompasses the features described
`
`in each of VirnetX’s constructions.
`
`“Access Request Message” (Claims 1, 12, 13, 17, 28, 29, and 33)
`VirnetX’s Proposed
`Petitioner’s Proposed
`Board’s Construction
`Construction
`Construction
`No construction necessary No construction proposed A signal in a packet or
`other message format that
`signifies that the first
`network device seeks
`communication,
`information, or services,
`with or from another
`device associated with the
`secure network address
`“Secure Domain Name” (Claims 1, 17, and 33)
`VirnetX’s Proposed
`Petitioner’s Proposed
`Board’s Construction
`Construction
`Construction
`A non-standard domain
`A non-standard domain
`name that corresponds to
`name that corresponds to
`a secure computer
`a secure computer
`network address and
`network address and
`cannot be resolved by a
`cannot be resolved by a
`conventional domain
`conventional domain
`name service (DNS)
`name service (DNS)
` “Secure Domain Name (Service)” (Claims 1, 17, and 30)
`VirnetX’s Proposed
`Petitioner’s Proposed
`Board’s Construction
`Construction
`Construction
`A lookup service that
`A service that can resolve
`recognizes that a query
`secure computer network
`message is requesting a
`addresses for a secure
`secure computer address,
`domain name for which a
`and returns a secure
`conventional domain
`computer network address
`name service cannot
`for a requested secure
`resolve addresses
`
`A service that provides a
`secure computer network
`address for a requested
`secure domain name
`
`A name that corresponds
`to a secure computer
`network address
`
`17
`
`Page 17 of 53
`
`

`
`Case No. IPR2014-00481
`
`domain name
`
`VI. Provino
`
`A.
`
`Provino’s Disclosure
`
`26. Provino describes a system for connecting an external device to a
`
`device on a virtual private network. (Ex. 1003, Abstract.) Referring to Figure 1 of
`
`Provino, reproduced below, when an operator at device 12(m) wishes to connect to
`
`device 13 on the Internet, the operator inputs a human-readable address of device
`
`13, causing device 12(m) to send a message to nameserver 17 requesting the
`
`corresponding Internet address of the device 13. (Ex. 1003 at 8:14-40, 11:5-11.) If
`
`the nameserver 17 has or can obtain the Internet address of device 13, it will
`
`provide that address to device 12(m). (Ex. 1003 at 8:48-51.) If nameserver 17 is
`
`unable to obtain an Internet address of device 13, it will return a message to device
`
`12(m) stating this fact. (Ex. 1003 at 11:11-14.)
`
`18
`
`Page 18 of 53
`
`

`
`Case No. IPR2014-00481
`
`
`
`27. When nameserver 17 receives a request for the address of server 31(s)
`
`on virtual private network 15, however, it may return the address of firewall 30 on
`
`virtual private network 15 because it does not have the address of server 31(s).
`
`(Ex. 1003 at 9:52-56, 10:45-55.) Therefore, to connect to server 31(s) on virtual
`
`private network 15, device 12(m) initiates establishment of a secure tunnel with
`
`firewall 30. (Ex. 1003 at 10:45-58, 12:1-4, 12:16-35.) After the secure tunnel is
`
`established, firewall 30 provides device 12(m) with the identification of second
`
`nameserver 32 inside virtual private network 15. (Ex. 1003 at 12:37-40.)
`
`28. The device 12(m) uses the secure tunnel to send nameserver 32
`
`through firewall 30 a request for the Internet address of server 31(s) corresponding
`
`to the human-readable address of the server 31(s). (Ex. 1003 at 11:14-17, 13:54-
`
`19
`
`Page 19 of 53
`
`

`
`Case No. IPR2014-00481
`
`14:33.) “[I]f the nameserver 32 does not have an association between the human-
`
`readable Internet address and an integer Internet address [for server 31(s)], the
`
`nameserver 32 can provide a response message packet so indicating.” (Ex. 1003 at
`
`11:50-53.) If device 12(m) receives the Internet address of server 31(s), “the
`
`device can use that address in generating message packets for transmission to
`
`server 31(s) . . . .” (Ex. 1003 at 11:16-25.)
`
`B. Claims 1, 17, and 33
`
`1. “Receiving a Secure Domain Name”
`
`29.
`
`I understand that independent claims 1, 17, and 33 recite “receiving a
`
`secure domain name.” The Decision suggests that Provino discloses receiving a
`
`domain name by an operator or program providing a human-readable Internet
`
`address to device 12(m), and that it is a “secure” domain name because
`
`“nameserver 32 verifies the domain name as secure . . . .” (Decision at 14, citing
`
`Ex. 1003 at 11:5-23, 13:31-40.) The Petition, on the other hand, contends that
`
`Provino’s human-readable Internet address is a “secure” domain name not because
`
`nameserver 32 verifies it, but because it is supposedly “a non-standard domain
`
`name . . . and cannot be resolved by conventional DNS,” nameserver 17. (Pet. at
`
`19.) I disagree with the Decision and with Apple.
`
`30. Provino’s nameserver 32 does not “verify” that the human-readable
`
`Internet address is a secure domain name. As explained by the Provino passages
`
`20
`
`Page 20 of 53
`
`

`
`Case No. IPR2014-00481
`
`cited in the Decision, nameserver 32’s only function is the conventional DNS
`
`function of resolving a name into an address, if possible. Specifically, nameserver
`
`32 “determines whether it has an integer Internet address associated with the
`
`human-readable Internet address provided in the request message packet,” and, if
`
`so, “generates a response message packet including the integer Internet address.”
`
`(Ex. 1003, 14:39-46.) If not, nameserver 32 “provides a response message packet
`
`so indicating.” (Ex. 1003, 11:50-53.) Provino does not disclose that nameserver 32
`
`additionally “verifies the domain name as secure,” as suggested by the Decision.
`
`31.
`
`In my opinion, even under VirnetX’s and Petitioner’s construction of
`
`“secure domain name,” Provino does not teach “receiving a secure domain name”
`
`because the human-readable Internet address of Provino is not a “non-standard”
`
`domain name. By “human-readable Internet address,” Provino simply refers to
`
`how conventional DNS “relieve[s] a user of the necessity of remembering and
`
`entering specific integer Internet addresses, . . . [by] provid[ing a] second
`
`addressing mechanism which is more easily utilized by human operators of the
`
`respective devices.” (Ex. 1003 at 1:49-52.) Provino is not concerned with
`
`“standard” versus “non-standard” domain names in its system—Provino is silent
`
`on this topic entirely. By contrast, the ’180 patent discuses exemplary “standard”
`
`domain names ending in “.com” and exemplary “non-standard” domain names
`
`21
`
`Page 21 of 53
`
`

`
`Case No. IPR2014-00481
`
`ending in “.scom.” (Ex. 1001 at 51:16-27.) Provino gives no indication that its
`
`human-readable names are anything other than standard ones.
`
`32.
`
`I understand Apple asserts that Provino’s human-readable integer
`
`Internet address is “non-standard” because Provino teaches that “the human-
`
`readable network addresses may be ‘any form of secondary or informal network
`
`address arrangements.’” (Pet. at 19, citing Ex. 1003 at 16:12-17.) In my opinion,
`
`Apple takes the quoted Provino statement out of context. It is part of a brief
`
`discussion at the end of the patent mentioning that Provino’s system can be used in
`
`other types of networks even though Provino only describes it in the context of the
`
`Internet. (Ex. 1003 at 16:8-16.) But Provino does not actually describe any such
`
`embodiments, much less teach that they use non-standard domain names in any
`
`way. Nor does Provino describe the role non-standard domain names might play
`
`within Provino’s overall framework.
`
`2. “Sending a Query Message From to a Secure Domain Name
`Service, the Query Message Requesting From the Secure
`Domain Name Service a Secure Computer Network Address
`Corresponding to a Secure Domain Name”
`
`33.
`
`In my opinion, Provino does not disclose “sending a query message to
`
`a secure domain name service, the query message requesting from the secure
`
`domain name service a secure computer network address corresponding to the
`
`domain name,” as recited in claim 1. I understand that claims 17 and 33 recite
`
`similar features. I understand that the Board has said that Provino discloses the
`
`22
`
`Page 22 of 53
`
`

`
`Case No. IPR2014-00481
`
`query message “sending” feature because “Provino’s secure nameserver 32”
`
`receives a “query from first network device 12(m).” (Decision at 15; see also Pet.
`
`at 26-27.) However, in my opinion, Provino’s “nameserver 32” is not the claimed
`
`“secure domain name service” in light of the ’180 patent’s disclosure and
`
`Petitioner’s claim construction.
`
`a)
`
`The ’180 Patent Specification
`
`34.
`
`In my opinion, one of ordinary skill in the art would understand that
`
`the specification of the ’180 patent limits the claimed “secure domain name
`
`service” to DNSs that perform more than conventional functions. In contrast,
`
`Provino’s nameserver 32 performs only conventional functions. The ’180 patent
`
`specification begins disclaiming conventional DNS functions (such as merely
`
`returning a requested address or a public key) by describing these actions as
`
`“conventional” in the prior art:
`
`Conventional Domain Name Servers (DNSs) provide a
`
`look-up function that returns the IP address of a
`
`requested computer or host.
`
`. . .
`
`One conventional scheme that provides secure virtual
`
`private networks over the Internet provides the DNS
`
`server with the public keys of the machines that the DNS
`
`server has the addresses for. This allows hosts to retrieve
`
`automatically the public keys of a host that the host is to
`
`23
`
`Page 23 of 53
`
`

`
`Case No. IPR2014-00481
`
`communicate with . . . . One implementation of this
`
`standard is presently being developed as part of the
`
`FreeS/WAN project (RFC 2535).
`
`(Ex. 1001, 39:53-40:14, emphasis added.) The specification explains that DNSs
`
`that perform no more than these conventional functions have many shortcomings,
`
`and further explains novel DNS-system embodiments that go beyond these
`
`conventional functions by supporting establishing secure communications. (Ex.
`
`1001 at 40:15-17, 52:12-29.)
`
`35. Time and again, the ’180 patent specification disparages systems with
`
`functions limited to conventional IP-address and public-key features. For example,
`
`the ’180 patent specification explains:
`
`In the conventional architecture . . . , nefarious listeners
`
`on the Inter

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket