`
`IN THE UNITED STATES DISTRICT COURT
`FOR THE EASTERN DISTRICT OF TEXAS
`TYLER DIVISION
`
`CIVIL ACTION NO. 6:07-CV-80 (LED)
`
`§
`§
`
`§ §
`
`§ §
`
`§ §
`
`§ §
`
`§
`
`VIRNETX, INC. AND SCIENCE
`APPLICATIONS INTERNATIONAL
`CORP.,
`
`Plaintiffs,
`
`v.
`
`MICROSOFI‘ CORPORATION,
`
`Defendant.
`
`MICROSOFT’S RESPONSIVE CLAIM CONSTRUCTION BRIEF
`
`Jared Bobrow (Pro Hac Vice)
`Lead Attorney
`Matthew D. Powers
`
`Paul Ehrlich (Pro Hac Vice)
`Thomas B. King (Pro Hac Vice)
`WEIL, GOTSHAL & MANGES LLP
`
`201 Redwood Shores Parkway
`Redwood Shores, CA 94065
`
`Elizabeth Stotland Weiswasser (Pro Hac Vice)
`Timothy E. DeMasi (Pro Hac Vice)
`WEIL, GOTSHAL & MANGES LLP
`767 Fifth Avenue
`
`New York, NY 10153-0119
`
`Nicolas Barzoukas (SBN: 00783611)
`WEIL, GOTSHAL & MANGES LLP
`700 Louisiana, Suite 1600
`Houston, TX 77002
`
`Eric H. Findlay (SBN: 00789886)
`RAMEY & FLOCK
`
`100 East Ferguson, Suite 500
`Tyler, TX 75702
`
`ATTORNEYS FOR DEFENDANT
`MICROSOFT CORPORATION
`
`Page 1 of 58
`
`VIRNETX EXHIBIT 2029
`
`Mangrove V. VirnetX
`Trial |PR2015—01046
`
`
`
`
`
`
`
`
`
`VIRNETX EXHIBIT 2029
`Mangrove v. VirnetX
`Trial IPR2015-01046
`
`Page 1 of 58
`
`
`
`Case 6:07-cv-00080-LED Document 201 Filed 01/20/09 Page 2 of 58 PageID #: 9477
`
`
`TABLE OF CONTENTS
`
`Page
`
`INTRODUCTION...........................................................................................................1
`
`
`
`
`I.
`
`II.
`
`LEGAL FRAMEWORK .................................................................................................1
`
`III. THE PATENTS-IN-SUIT ...............................................................................................2
`
`IV. THE DISPUTED CLAIM TERMS..................................................................................3
`
`A. “Virtual Private Network (VPN)” ..............................................................................3
`
`1. Microsoft’s Construction Gives VPN Its Ordinary Meaning in the Context of
`the Patents-In-Suit.............................................................................................3
`
`2. VirnetX’s Proposed Construction Is Wrong.......................................................8
`
`a. VirnetX’s Encryption Clause Is Not Supported By The Evidence...............8
`
`b. VirnetX’s Expansion Clause Is Not Supported By The Evidence .............11
`
`B. Preamble: “Transparently Creating A Virtual Private Network (VPN)”....................12
`
`1.
`
`2.
`
`“Transparently” In The Preamble Is Not A Limitation.....................................12
`
`If Limiting, The “Transparently” Phrase Applies To The Client And Target
`Computers, Not A “User”................................................................................13
`
`C. “Domain Name Service (DNS)” ..............................................................................14
`
`1. The Ordinary Meaning Of DNS In The Context Of The Patents Is The Internet-
`standard “Domain Name Service” ...................................................................14
`
`2. VirnetX’s Patents Attempt To Build Upon The Existing DNS Infrastructure...16
`
`3. VirnetX’s Proposed Construction Is Wrong.....................................................18
`
`D. “Domain Name” ......................................................................................................19
`
`1. Microsoft’s Construction Is Consistent With The Ordinary Meaning And The
`Intrinsic Evidence ...........................................................................................19
`
`2. VirnetX’s Criticisms Of Microsoft’s Construction Are Baseless......................21
`
`E. “Web Site”...............................................................................................................22
`
`i
`
`Page 2 of 58
`
`
`
`Case 6:07-cv-00080-LED Document 201 Filed 01/20/09 Page 3 of 58 PageID #: 9478
`
`
`1. Microsoft’s Construction Gives “Web Site” Its Ordinary Meaning Consistent
`With Its Use In The Patents.............................................................................23
`
`2. VirnetX’s Proposed Construction Is Fatally Overbroad And Inconsistent With
`The Intrinsic Evidence ....................................................................................25
`
`F. “Secure Web Site” ...................................................................................................27
`
`1. The Patents Establish That Web Sites Are “Secure” By Virtue Of Restricting
`Access To Authorized Users ...........................................................................28
`
`G. “Determining Whether The Dns Request Transmitted In Step (1) Is Requesting
`Access To A Secure Web Site”................................................................................29
`
`1. The Claim Language Strongly Supports Microsoft’s Construction ..................30
`
`2. The Specification Confirms Microsoft’s Construction.....................................31
`
`3. VirnetX’s Non-Construction Proposal Should Be Rejected .............................32
`
`H. “Automatically Initiating the VPN” .........................................................................33
`
`1. The Claim Language Illustrates That “Automatically” Precludes The Client Or
`Target From Requesting VPN Initiation ..........................................................33
`
`2. The Specification Supports Microsoft’s Construction......................................34
`
`I. “DNS Proxy Server”................................................................................................35
`
`1. The DNS Proxy Server Must Be Separate From The Client Computer ............35
`
`2. The DNS Proxy Server Must Check The DNS Request ...................................37
`
`J. “Enabling A Secure Communication Mode Of Communication At The First
`Computer Without A User Entering Any Cryptographic Information For Establishing
`The Secure Communication Mode Of Communication”...........................................37
`
`1. The Intrinsic Evidence Does Not Support Redrafting The Claims....................38
`
`2. The Court Should Not Redraft The ’759 Patent Claims To
`“Preserve Validity” .........................................................................................40
`
`3.
`
`“Cryptographic Information”...........................................................................41
`
`K. “Secure Communication Link” ................................................................................42
`
`L. “Virtual Private Network Communication Link”......................................................43
`
`ii
`
`Page 3 of 58
`
`
`
`Case 6:07-cv-00080-LED Document 201 Filed 01/20/09 Page 4 of 58 PageID #: 9479
`
`
`M. “Secure Domain Name Service,” “Secure Domain Name” And “Secure Computer
`Network Address” ...................................................................................................43
`
`1.
`
`2.
`
`“Secure Domain Name Service” Implements DNS For Nonstandard Top-Level
`Domain Names ...............................................................................................45
`
`“Secure Domain Names” Are Specified To Include Only Non-standard
`Top-Level Domain Names ..............................................................................47
`
`3.
`
`“Secure” Computer Network Addresses Require Authorization For Access ....48
`
`V.
`
`CONCLUSION .............................................................................................................50
`
`
`
`iii
`
`Page 4 of 58
`
`
`
`Case 6:07-cv-00080-LED Document 201 Filed 01/20/09 Page 5 of 58 PageID #: 9480
`
`
`
`
`TABLE OF AUTHORITIES
`
`CASES
`
`Page
`
`
`Acumed LLC v. Stryker Corp.,
`483 F.3d 800 (Fed. Cir. 2007)..........................................................................................9, 35
`
`
`AquaTex Industrial v. Techniche Solutions,
`419 F.3d 1374 (Fed. Cir. 2005)....................................................................................15, 25
`
`
`C.R. Bard, Inc. v. U.S. Surgical Corp.,
`388 F.3d 858 (Fed. Cir. 2004)..............................................................................................44
`
`
`Catalina Marketing International, Inc. v. Coolsavings.com, Inc.,
`289 F.3d 801 (Fed. Cir. 2002)........................................................................................12, 13
`
`
`Chimie v. PPG Industrial, Inc.,
`402 F.3d 1371 (Fed. Cir. 2005)......................................................................................18, 19
`
`
`Curtiss-Wright Flow Control Corp. v. Velan, Inc.,
`438 F.3d 1374 (Fed. Cir. 2006)............................................................................................30
`
`
`DSW, Inc. v. Shoe Pavilion, Inc.,
`537 F.3d 1342 (Fed. Cir. 2008)............................................................................................41
`
`
`Decisioning.com, Inc. v. Federated Department Stores, Inc.,
`527 F.3d 1300 (Fed. Cir. 2008)..............................................................................................3
`
`
`Electro-Scientific Industrial, Inc. v. Dynamic Details, Inc.,
`307 F.3d 1343 (Fed. Cir. 2002)............................................................................................13
`
`
`Helmsderfer v. Bobrick Washroom Equipment, Inc.,
`527 F.3d 1379 (Fed. Cir. 2008)......................................................................................24, 27
`
`
`Honeywell International Inc. v. ITT Industrial, Inc.,
`452 F.3d 1312 (Fed. Cir. 2006)............................................................................................45
`
`
`Kyocera Wireless Corp. v. ITC,
`545 F.3d 1340 (Fed. Cir. 2008)..............................................................................................3
`
`
`LG Electrics, Inc. v. Bizcom Electrics, Inc.,
`453 F.3d 1364 (Fed. Cir. 2006)............................................................................................17
`
`
`Mangosoft, Inc. v. Oracle Corp.,
`525 F.3d 1327 (Fed. Cir. 2008)............................................................................................28
`
`iv
`
`Page 5 of 58
`
`
`
`Case 6:07-cv-00080-LED Document 201 Filed 01/20/09 Page 6 of 58 PageID #: 9481
`
`
`
`Merck & Co. v. Teva Pharmaceuticals USA, Inc.,
`395 F.3d 1364 (Fed. Cir. 2005)............................................................................................42
`
`
`Netcraft Corp. v. eBay, Inc.,
`No. 2008-1263, 2008 U.S. App. LEXIS 25031 (Fed. Cir. Dec. 8, 2008) ........................30, 45
`
`
`Nystrom v. Trex Co.,
`424 F.3d 1136 (Fed. Cir. 2005)........................................................................................2, 15
`
`
`O2 Micro International Ltd. v. Beyond Innovation Technology Co. Ltd,
`521 F.3d 1351 (Fed. Cir. 2008)............................................................................................32
`
`
`PPG Industrial v. Guardian Industrial Corp.,
`156 F.3d 1351 (Fed. Cir. 1998)............................................................................................19
`
`
`Phillips v. AWH Corp.,
`415 F.3d 1303 (Fed. Cir. 2005).....................................................................................passim
`
`
`SRI International v. Matsushita Electric Corp.,
`775 F.2d 1107 (Fed. Cir. 1995)............................................................................................38
`
`
`Sinorgchem Co., Shandong v. International Trade Commission,
`511 F.3d 1132 (Fed. Cir. 2007)............................................................................................27
`
`
`Symantec Corp. v. Computer Associates International Inc.,
`522 F.3d 1279 (Fed. Cir. 2008)..........................................................................................25
`
`
`Verizon Services Corp. v. Vonage Holdings Corp.,
`503 F.3d 1295 (Fed. Cir. 2007)................................................................................ 28, 35, 44
`
`
`Warner-Lambert Co. v. Purepac Pharm. Co.,
`503 F.3d 1254 (Fed. Cir. 2007)......................................................................................20, 26
`
`
`
`MISCELLANEOUS
`
`
`Peter Dyson, Dictionary of Networking (1999)............................................................................6
`
`Douglas E. Comer, Internetworking with TCP/IP Vol. 1: Principles, Protocols and
`Architecture (4th ed. 2000)....................................................................................................7
`
`
`Naganand Doraswamy & Dan Harkins, IPSec, The New Security Standard for the
`Internet Intranets. (1999) ......................................................................................................6
`
`
`Brian Lavoie and Henrik F. Nielsen, Web characterization Terminology & Definitions
`Sheet (May 24, 1999). .........................................................................................................24
`
`v
`
`Page 6 of 58
`
`
`
`Case 6:07-cv-00080-LED Document 201 Filed 01/20/09 Page 7 of 58 PageID #: 9482
`
`
`I.
`
`INTRODUCTION
`If there is a consistent theme to the parties’ competing constructions, it is this:
`
`Microsoft’s proposed constructions are based on the ordinary meanings of the disputed terms in
`
`the context of the patents-in-suit, while VirnetX, having deliberately written its claims in terms
`
`familiar to those skilled in the art, now attempts to abandon those accepted meanings. For
`
`example, under VirnetX’s constructions, a “web site” is any computer on the Internet, a “domain
`
`name” is any series of characters, and a “virtual private network” is any network that uses
`
`encryption. What VirnetX calls giving the disputed claim terms their “full scope” in fact
`
`ignores their ordinary meanings as understood by those of skill in the art in the context of the
`
`patents. VirnetX’s approach must be rejected, and Microsoft’s constructions should be adopted.
`
`II.
`
`LEGAL FRAMEWORK
`“The inquiry into how a person of ordinary skill in the art understands a claim
`
`term provides an objective baseline from which to begin claim interpretation.” Phillips v. AWH
`
`Corp., 415 F.3d 1303, 1313 (Fed. Cir. 2005) (en banc). “The ordinary and customary meaning
`
`of a claim term is the meaning that the term would have to a person of ordinary skill in the art in
`
`question at the time of the invention.” Id. While in some cases the ordinary meaning will be
`
`“readily apparent” to a lay judge, in other cases the Court looks to a variety of time-tested public
`
`sources to ascertain the ordinary meaning, including “the words of the claims themselves, the
`
`remainder of the specification, the prosecution history, and extrinsic evidence concerning
`
`relevant scientific principles, the meaning of technical terms, and the state of the art.” Id. at
`
`1314 (quotation omitted). While the specification is “always highly relevant,” there “is no
`
`magic formula or catechism for conducting claim construction.” Id. at 1315, 1324. Because
`
`the question of ordinary meaning is central, “Dictionaries are among the many tools that can
`
`assist the court in determining the meaning of particular terminology to those of skill in the art of
`
`the invention.” Symantec Corp. v. Computer Assocs. Int’l Inc., 522 F.3d 1279, 1288-89 (Fed.
`
`1
`
`Page 7 of 58
`
`
`
`Case 6:07-cv-00080-LED Document 201 Filed 01/20/09 Page 8 of 58 PageID #: 9483
`
`
`Cir. 2008) (quoting Phillips, 415 F.3d at 1318). “Broadening of the ordinary meaning of a term
`
`in the absence of support in the intrinsic record indicating that such a broad meaning was
`
`intended violates the principles articulated in Phillips.” Nystrom v. Trex Co., 424 F.3d 1136,
`
`1145-46 (Fed. Cir. 2005). “Ultimately, the interpretation to be given a term can only be
`
`determined and confirmed with a full understanding of what the inventors actually invented and
`
`intended to envelop with the claim. The construction that [1] stays true to the claim language
`
`and [2] most naturally aligns with the patent’s description of the invention will be, in the end, the
`
`correct construction.” Phillips, 415 F.3d at 1316 (quotation omitted).
`
`III.
`
`THE PATENTS-IN-SUIT
`VirnetX’s ’135 Patent is generally directed to “[a] secure mechanism for
`
`communicating over the internet.” ’135 Patent at 2:66 (Exh A). The patent purports to address
`
`two security issues: data security (concealing the content of the messages being sent over the
`
`Internet) and anonymity (concealing the identities of the persons sending those messages). Id.
`
`at 1:15-37. VirnetX’s ’135 Patent uses “a DNS proxy server that transparently creates a virtual
`
`private network in response to a domain name inquiry.” Id. at 6:1-3. The DNS proxy server
`
`intercepts a DNS request sent from a client computer to the conventional DNS and, if the client
`
`is seeking access to a secure web site, the DNS proxy server automatically initiates a VPN
`
`between the client and the target computer hosting the secure web site. Id. at 37:19-38:13.
`
`The ’759 and ’180 Patents are a continuation-in-part from the application that led
`
`to the ’135 Patent, and add text relating to a “secure virtual Internet” that “works over the
`
`existing Internet infrastructure.” ’759 Patent at 6:24-26 (Exh B). The ’759 Patent states that “a
`
`user can conveniently establish a VPN using a ‘one-click’ or a ‘no-click’ technique without
`
`being required to enter user identification information, a password and/or an encryption key for
`
`establishing a VPN.” Id. at 6:37-41. The ’180 Patent is directed to “a secure domain name
`
`service (SDNS) for the secure virtual Internet” that provides “secure computer network
`
`addresses” corresponding to “secure domain names.” ’180 Patent 6:27-31 (Exh C).
`
`2
`
`Page 8 of 58
`
`
`
`Case 6:07-cv-00080-LED Document 201 Filed 01/20/09 Page 9 of 58 Page|D #: 9484
`
`IV.
`
`THE DISPUTED CLAHVI TERMS
`
`A.
`
`“virtual private network (VPN)”
`
`“virtual private network
`(VPN)”
`
`1\lic1‘o.sofi Ts Co11st1‘11ctio11
`
`\'i1'11etX"s C‘oustn1cIio11
`
`a network implemented by
`encapsulating an encrypted IP
`packet within another IP
`packet (that is, tunneling) over
`a shared networking
`infrastructure
`
`a network of computers
`capable of privately
`communicating with each
`other by encrypting traflic on
`insecure communication paths
`between the computers, and
`which is capable of expanding
`to include additional
`
`computers and communication
`I aths
`
`VirnetX’s proposed construction of VPN fails one of the most basic tests for a
`
`claim construction under Federal Circuit law:
`
`it does not accomplish the objectives set out in
`
`the patent for the claimed invention. The law is clear on this point. See, e.g., Kyocera Wireless
`
`Corp. v. ITC, 545 F.3d 1340, 1347-49 (Fed. Cir. 2008) (construing the term “different” to require
`
`“two difierent methods of communication” where the specification described a “need for a
`
`multipurpose computer module that can provide more than one peripheral
`
`function”);
`
`Decisioning. com, Inc. v. Federated Dep’t Stores, Inc., 527 F.3d 1300, 1310-11 (Fed. Cir. 2008)
`
`(excluding consumer-owned personal computers from the construction of “remote interface”
`
`because personal computers did not “achiev[e]
`
`the invention’s stated purpose”). Accord
`
`Phillips, 415 F.3d at 1315 (“[T]he best source for discerning the proper context of claim terms is
`
`the patent specification wherein the patent applicant describes the invention”) (quotation
`
`omitted). The patents-in-suit are clear that achieving virtual privacy on a public network has
`
`two requirements: data security (accomplished by encryption) and anonymity (accomplished by
`
`encapsulation). VirnetX’s proposed construction ignores the anonymity aspect of a VPN as set
`
`forth in its own patents.
`
`1.
`
`Microsoft’s Construction Gives VPN Its Ordinary Meaning in the
`Context of the Patents-In-Suit
`
`Starting with the term itself, “virtual private network” indicates that its purpose is
`
`Page 9 of 58
`
`
`
`Case 6:07-cv-00080-LED Document 201 Filed 01/20/09 Page 10 of 58 PageID #: 9485
`
`
`to virtualize a real private network over a public network. As explained in Microsoft’s tutorial,
`
`there are two fundamental security characteristics of a real private network that a VPN attempts
`
`to virtualize: (i) persons outside a real private network cannot see the content of the messages
`
`being sent in the network (i.e., data security); and (ii) persons outside a real private network
`
`cannot tell who is sending messages to whom in the private network (i.e., anonymity). Exh. D
`
`(“Johnson Decl.”) at ¶ 22, 24; see also VX Exh. 4 (“Jones Decl.”) at ¶ 16 (“A private network
`
`has secure communication paths between the computers in the network because the paths are
`
`only used by the private network itself, and are not publicly accessible.”).
`
`It is not surprising, therefore, that the patents-in-suit—the asserted claims of
`
`which all require VPNs—are expressly concerned with both “data security and anonymity.”
`
`’135 patent at 1:35-36. As stated in the Background of the Invention section, “[a] tremendous
`
`variety of methods have been proposed and implemented to provide security and anonymity for
`communications over the Internet.”1 Id. at 1:15-17. The Background describes data security as
`being “immune to eavesdropping,” and says that “[d]ata security is usually tackled using some
`
`form of data encryption.” Id. at 1:23-25, 1:38-39. The Background describes anonymity as
`
`“prevent[ing] an eavesdropper from discovering that terminal 100 is in communication with
`
`terminal 110.” Id. at 1:27-28.
`
`Microsoft’s construction of VPN embodies both the requirements of data security
`
`and anonymity. As described in Microsoft’s tutorial, an IP packet contains an IP header (which
`
`includes the source and destination IP addresses of the packet) and a payload (which includes the
`
`message to be transmitted). See Johnson Decl. at ¶ 18. In a VPN as construed by Microsoft,
`
`the entire IP packet (header and payload) is encrypted, and the encrypted IP packet is
`
`encapsulated in a new, outer IP packet. Encrypting the entire IP packet and encapsulating it in a
`
`new IP packet achieves both data security and anonymity. If the IP packet is intercepted during
`
`transmission, a third party cannot see either the content of the message (which is in the encrypted
`
`
`1 Emphasis is supplied except where otherwise noted.
`
`4
`
`Page 10 of 58
`
`
`
`Case 6:07-cv-00080-LED Document 201 Filed 01/20/09 Page 11 of 58 PageID #: 9486
`
`
`payload) or the identities of the true source and destination for the packet (which are in the
`
`encrypted header). Id. at ¶ 23, 35.
`
`VirnetX’s construction of VPN, by contrast, achieves only data security—not
`
`anonymity. In a VPN as construed by VirnetX, only the payload of the IP packet is encrypted.
`
`See Brief at 7 n.2 (describing SSL and TLS, which are used to encrypt only the payload);
`
`Johnson Decl. at ¶ 35. While a third party intercepting the IP packet during transmission could
`
`not see the message (data security), the third party would see the packet’s true source and
`
`destination IP addresses because the IP header was not encrypted. As a result, there is no
`
`anonymity.
`
`The patents-in-suit describe two types of VPNs—TARP VPNs and IPsec VPNs—
`
`both of which support Microsoft’s construction. According to the patents, TARP (or Tunneled
`
`Agile Routing Protocol) VPNs use “normal IP protocol to send IP packet messages.” ’135
`
`patent at 3:4-5. The entire IP packets are first encrypted, and then the encrypted IP packets are
`
`encapsulated in new IP packets to create a secure IP tunnel. See id. at 3:5-11; see also Figs. 3A,
`
`3B & 4. By encrypting the entire IP packet, not only is the message concealed (data security),
`
`but so too are the true source and destination IP addresses of the packet located in the IP header
`
`(anonymity). See id. at 3:5-8; see also id. at 3:19-20, 3:58-60. In this way, TARP achieves
`
`both data security and anonymity. See id. at 3:5-18; see also id. at 3:19-20, 3:58-60, 38:2-6.
`
`IPsec VPNs, which were used in the FreeS/WAN project referenced in the
`
`patents, are defined by IETF RFC 2401. See ’135 patent at 37:50-58; Brief at 8; VX Exh. 6 at
`
`14; Johnson Decl. at ¶ 30. According to RFC 2401, IPsec VPNs—like TARP VPNs—encrypt
`
`IP packets and encapsulate them in new IP packets (i.e., tunneling) to achieve both data security
`and anonymity.2 See Exh. G (“IETF RFC 2401”) at 6; Johnson Decl. at ¶ 23.
`
`
`2 The cited prior art also describes VPNs as being created by encrypting IP packets and
`encapsulating them in IP packets. See Exh. E (“U.S. Patent No. 6,178,505”) at 4:5-27, Fig. 22;
`Exh. F (“Patent Cooperation Treaty Application No. PCT/SE00/02565”) at 1:11-25.
`
`5
`
`Page 11 of 58
`
`
`
`Case 6:07-cv-00080-LED Document 201 Filed 01/20/09 Page 12 of 58 PageID #: 9487
`
`
`The extrinsic evidence showing the ordinary meaning of VPN at the relevant time
`
`further supports Microsoft’s construction as providing anonymity through tunneling:
`
`• “[A] VPN is an encrypted private tunnel across the Internet.” Exh. H (“Peter Dyson,
`Dictionary of Networking. 1999”) at 399.
`• “VPNs must be implemented through some form of IP tunneling mechanism.” Exh. I
`(“IETF RFC 2764”) at 8 & 10. (Cited by VirnetX).
`• “A VPN is virtual because it is not a physically distinct network. Tunnels are used to
`establish connectivity between disparate physical networks. A VPN is private because
`the tunnels are encrypted to provide confidentiality.” Exh. J (“Naganand Doraswamy &
`Dan Harkins, IPSec, The New Security Standard for the Internet Intranets. 1999”) at 168.
`Indeed, one of the best descriptions of how a person of ordinary skill in the art would have
`
`understood a VPN is from a treatise that VirnetX’s own expert, Dr. Mark Jones, used in the
`
`1990s to develop a graduate level course on internetworking:
`
`Two basic techniques make a VPN possible: tunneling and encryption.
`We have already encountered tunneling in Chapters 17 and 19. VPNs use
`the same basic idea – they define a tunnel across the global Internet
`between a router at one site and a router as another, and use IP-in-IP
`encapsulation to forward datagrams across the tunnel.
`
`Despite using the same basic concept, a VPN tunnel differs dramatically
`from the tunnels described previously. In particular, to guarantee privacy,
`a VPN encrypts each outgoing datagram before encapsulating it in another
`datagram for transmission. Figure 20.2 illustrates the concept.
`
`
`
`6
`
`Page 12 of 58
`
`
`
`Case 6:07-cv-00080-LED Document 201 Filed 01/20/09 Page 13 of 58 PageID #: 9488
`
`
`Exh. K (“Douglas E. Comer, Internetworking with TCP/IP Vol. 1: Principles, Protocols and
`Architecture, 4th ed. 2000”) at 390-394; VX Exh. 4 App. A at 8.3
`In its Opening Brief, VirnetX makes a number of arguments about why
`
`Microsoft’s construction is wrong. VirnetX’s arguments should be rejected. First, VirnetX
`
`argues that Microsoft’s construction limits VPNs to the Internet. Microsoft’s construction,
`
`however, is limited to IP-based VPNs regardless of whether they are used on the Internet or
`some other network. 4 Second, VirnetX argues that Microsoft’s construction is improperly
`limited to VPNs that are IP-based. The alleged inventions, however, are based on the IP
`
`protocol. See ’135 patent at claims 1 & 10 (requiring “IP addresses,” “DNS” and “domain
`
`name”); ’759 patent at 6:21-24 (“The present invention provides key technologies for
`
`implementing a secure virtual Internet by using a new agile network protocol that is built on top
`
`of the existing Internet protocol.”); ’180 patent at claim 1 (requiring “domain name,” “domain
`name service” and “computer network address”). 5 Third, VirnetX argues that Microsoft’s
`construction requires VPNs to be implemented in the network layer. Microsoft’s construction
`
`does not require encapsulation to happen at any particular layer, and is broad enough to cover IP
`
`packets being encapsulated in IP packets at layers other than the network layer. See Exh. L
`
`(Johnson Depo.) at 33-34. Fourth, VirnetX argues that the specification distinguishes IPsec.
`
`
`3 VirnetX relies on another book by Comer in its Brief. See Brief at 6 & Exh. 12 (Computer
`Networks and Internets).
`4 The patents describe VPNs implemented on an Ethernet. See ’135 patent at 23:11-36. Those
`VPNs are merely extensions of TARP VPNs to an Ethernet. The description of those VPNs is
`found in the section of the patent entitled “Further Extensions.” Id. at 18:29. That section,
`which follows the description of TARP VPNs, begins by stating that “[t]he following describes
`various extensions to the techniques, systems, and methods described above.” Id. at 18:31-32.
`The VPNs are specifically described as being part of a “promiscuous per VPN” mode. Id. at
`23:11-12. As described earlier in that section, a “promiscuous” mode is a particular way of
`using TARP, wherein the TARP stack analyzes every IP packet transmitted over the Ethernet
`network to determine, based on IP addresses, whether the packet is destined for the machine
`associated with that stack. Id. at 20:41-56; see also 23:11-20 (where each node in the VPN
`examines every packet transmitted in that VPN). Because these VPNs are extensions of TARP
`VPNs, they are IP-based and support Microsoft’s construction.
`5 VirnetX’s assertion that a preferred embodiment uses any type of “address hoping” is wrong.
`The patent specifically identifies “IP address ‘hopping.’” ’135 patent at 38:3.
`
`7
`
`Page 13 of 58
`
`
`
`Case 6:07-cv-00080-LED Document 201 Filed 01/20/09 Page 14 of 58 PageID #: 9489
`
`
`But the specification does not distinguish IPsec on the ground that it is not a VPN. See ’135
`
`patent at 37:50-62. Fifth, VirnetX’s argument that the patents describe using MAC addresses to
`
`implement VPNs is wrong. The patents do not describe using MAC addresses to implement
`
`VPNs. Instead, they describe using MAC addresses to implement hardware address hopping, a
`
`concept that is not claimed in the asserted claims. See ’135 patent at 19:47-20:3, 20:32-66,
`
`21:3-29, 22:40-44. Finally, VirnetX argues that the PPTP protocol is not limited to tunneling IP
`
`packets within IP packets. While PPTP can be used to create VPNs, that is not its only use.
`See Johnson Decl. at ¶ 36.6
`Microsoft’s construction gives VPN its ordinary meaning in the context of the
`
`patents-in-suit, and should be adopted.
`
`2.
`VirnetX’s Proposed Construction Is Wrong
`VirnetX’s proposed construction of “virtual private network” has two parts: (1)
`
`“a network of computers capable of privately communicating with each other by encrypting
`
`traffic on insecure paths between the computers” (the “Encryption Clause”); and (2) “which is
`
`capable of expanding to include additional computers and communication paths” (the
`
`“Expansion Clause”). Neither clause is consistent with the ordinary meaning of a VPN or
`
`supported by the intrinsic or extrinsic evidence.
`
`a.
`
`VirnetX’s Encryption Clause Is Not Supported By The
`Evidence
`
`(1)
`
`VirnetX’s “Explicit Definition” Is Not An Explicit
`Definition
`VirnetX argues that its proposed construction is required by an “explicit
`
`definition” in the intrinsic evidence, namely the references to the FreeS/WAN project in the
`
`specification and File History. Brief at 5. VirnetX’s position is wrong on both counts: the
`
`references to FreeS/WAN are not an “explicit definition” and, in any event, they support
`
`Microsoft’s position more than VirnetX’s and are at best ambiguous. VirnetX’s position that
`
`
`6 Microsoft was unable to find the quote VirnetX attributed to the Risley patent in that patent.
`
`8
`
`Page 14 of 58
`
`
`
`Case 6:07-cv-00080-LED Document 201 Filed 01/20/09 Page 15 of 58 PageID #: 9490
`
`
`FreeS/WAN is an “explicit definition” is simply not supportable. The only specification citation
`
`offered by VirnetX is from column 37 (a section not purporting to be a definition and deep into
`
`the patent’s description) where the patent says, unremarkably, in characterizing the prior art that
`
`“one conventional scheme that provides secure virtual private networks over the Internet . . . one
`
`implementation of this standard is presently being developed as part of the FreeS/WAN project.”
`’135 Patent at 37:59-62. This portion is by no means an explicit definition.7 VirnetX next
`relies on a document submitted during the File History as being “prominently” submitted. Brief
`
`at 5. To the contrary, not only was the gloss