Case 6:07-cv—O0080-LED Document 194
`
`Filed 12/30/08 Page 1 of 53 Page|D #: 8609
`
`IN THE UNITED STATES DISTRICT COURT
`FOR THE EASTERN DISTRICT OF TEXAS
`TYLER DIVISION
`
`CASE NO. 607CV80 (LED)
`PATENT CASE
`
`JURY TRIAL DEMANDED
`
`§ §
`
`§
`
`§ §
`
`§
`§
`g
`
`§ §
`
`VIRNETX INC.
`
`AND
`
`PLAINTIFF,
`
`SCIENCE APPLICATIONS
`INTERNATIONAL CORPORATION
`INVOLUNTARY
`PLAINTIFF,
`
`§
`V.
`g
`MICROSOFT CORPORATION
`DEFENDANT.
`
`PLAINTIFF VIRNETX INC.’S OPENING BRIEF IN SUPPORT OF ITS
`
`CONSTRUCTION OF CLAIMS PURSUANT TO P.R. 4-5
`
`Page 1 of 53
`
`VIRNETX EXHIBIT 2032
`
`Mangrove V. VirnetX
`Trial |PR2015—01046
`
`
`
`
`
`
`
`
`
`VIRNETX EXHIBIT 2032
`Mangrove v. VirnetX
`Trial IPR2015-01046
`
`Page 1 of 53
`
`

`
`Case 6:07-cv-00080-LED Document 194 Filed 12/30/08 Page 2 of 53 PageID #: 8610
`
`TABLE OF CONTENTS
`
`
`
`C.
`
`-i-
`
`I.
`II.
`III.
`
`INTRODUCTION ............................................................................................................. 1
`APPLICABLE CLAIM CONSTRUCTION STANDARDS............................................. 1
`BACKGROUND OF THE TECHNOLOGY .................................................................... 1
`A.
`VirnetX’s U.S. Patent No. 6,502,135 (the “’135 Patent”)................................... 2
`B.
`VirnetX’s U.S. Patent No. 6,839,759 (the “’759 Patent”) ..................................... 3
`C.
`VirnetX’s U.S. Patent No. 7,188,180 (the “’180 Patent”) ..................................... 3
`VIRNETX’S PROPOSED CONSTRUCTIONS FOR THE ’135 PATENT
`CLAIM TERMS AND PHRASES SHOULD BE ADOPTED ......................................... 4
`A.
`virtual private network (VPN) ............................................................................... 4
`B.
`transparently creating [creates] a virtual private network (VPN).......................... 9
`C.
`Domain Name Service (DNS) ............................................................................. 11
`D.
`domain name........................................................................................................ 14
`E.
`secure web site ..................................................................................................... 17
`F.
`determining whether the DNS request transmitted in step (1) is requesting
`access to a secure web site................................................................................... 23
`automatically initiating the VPN ......................................................................... 25
`G.
`DNS proxy server ................................................................................................ 27
`H.
`VIRNETX’S PROPOSED CONSTRUCTIONS FOR THE ’759 PATENT
`CLAIM TERMS AND PHRASES SHOULD BE ADOPTED ....................................... 29
`A.
`virtual private network communication link........................................................ 30
`B.
`secure communication link (… the secure communication link being a
`virtual private network communication link) ...................................................... 31
`enabling a secure communication mode of communication at the [a] first
`computer without a user entering any cryptographic information for
`establishing the secure communication mode of communication ....................... 33
`VIRNETX’S PROPOSED CONSTRUCTIONS FOR THE ’180 PATENT
`CLAIM TERMS AND PHRASES SHOULD BE ADOPTED ....................................... 37
`A.
`secure computer network address ........................................................................ 38
`B.
`secure domain name............................................................................................. 40
`C.
`secure domain name service ................................................................................ 44
`VII. CONCLUSION................................................................................................................ 46
`
`
`IV.
`
`V.
`
`VI.
`
`
`
`Page 2 of 53
`
`

`
`Case 6:07-cv-00080-LED Document 194 Filed 12/30/08 Page 3 of 53 PageID #: 8611
`
`
`
`TABLE OF AUTHORITIES
`
`FEDERAL CASES
`
`
`Acumed LLC v. Stryker Corp.,
`483 F.3d 800 (Fed. Cir. 2007)..............................................................................................5
`
`Alcatel United States Res., Inc. v. Microsoft Corp.,
`2008 U.S. Dist. LEXIS 49615 (E.D. Tex. Jun. 27, 2008)..............................................1, 33
`
`Baldwin Graphic Sys., Inc. v. Siebert, Inc.,
`512 F.3d 1338 (Fed. Cir. 2008)..........................................................................................14
`
`Electro Sci. Indus. v. Dynamic Details, Inc.,
`307 F.3d 1343 (Fed. Cir. 2002)............................................................................................9
`
`O2 Micro Inter. Ltd. v. Beyond Innovation Tech. Ltd.,
`521 F.3d 1351 (Fed. Cir. 2008)..........................................................................................13
`
`Oatey Co. v. IPS Corp.,
`514 F.3d 1271 (Fed. Cir. 2008)............................................................................................8
`
`Phillips v. AWH Corp.,
`415 F.3d 1303 (Fed. Cir. 2005)....................................................................1, 15, 20, 36, 41
`
`Pitney Bowes, Inc. v. Hewlett-Packard Co.,
`182 F.3d 1298 (Fed. Cir. 1999)............................................................................................9
`
`Rambus Inc. v. Infineon Techs. Ag,
`318 F.3d 1081 (Fed. Cir. 2003)..........................................................................................42
`
`U.S. Surgical Corp. v. Ethicon, Inc.,
`103 F.3d 1554 (Fed. Cir. 1997)....................................................................................23, 32
`
`Verizon Servs. Corp.. v. Vonage Holdings Corp.,
`503 F.3d 1295 (Fed. Cir. 2007)......................................................................................8, 24
`
`Vitronics Corp. v. Conceptronic,
`90 F.3d 1576 (Fed. Cir. 1996)............................................................................................16
`
`Voda v. Cordis Corp.,
`536 F.3d 1311 (Fed. Cir. 2008)..........................................................................................15
`
`Warner-Lambert Co. v. Purepac Pharm. Co.,
`503 F.3d 1254 (Fed. Cir. 2007)....................................................................................20, 45
`
`-ii-
`
`Page 3 of 53
`
`

`
`Case 6:07-cv-00080-LED Document 194 Filed 12/30/08 Page 4 of 53 PageID #: 8612
`
`LIST OF EXHIBITS TO VIRNETX’S
`OPENING CLAIM CONSTRUCTION BRIEF
`
`
`1.
`
`2.
`
`3.
`
`4.
`
`5.
`
`6.
`
`7.
`
`8.
`
`9.
`
`’135 patent
`
`’759 patent
`
`’180 patent
`
`Jones declaration
`
`Williamson deposition
`
`FreeS/WAN glossary
`
`Risley ’158 patent
`
`Office Action (Paper No. 8) dated March 13, 2002
`
`Amendment and Response (Paper No. 11) dated June 13, 2002
`
`10. WO 99/48303
`
`11.
`
`12.
`
`B. Gleeson et al., Request for Comments (RFC) 2764
`
`Douglas E. Comer, Computer Networks and Internets (2d ed. 1999)
`
`13. Microsoft Internet & Networking Dictionary (2003)
`
`14. Microsoft document (VNET 000008935)
`
`15.
`
`16.
`
`RFC 1034
`
`RFC 1035
`
`17. McGraw-Hill Dictionary of Electrical & Computer Engineering (2003)
`
`18.
`
`19.
`
`20.
`
`21.
`
`22.
`
`Andrew S. Tanenbaum, Computer Networks (3d ed. 1996)
`
`Notice of Allowability (Paper No. 13)
`
`U.S. Patent No. 6,119,171
`
`U.S. Patent No. 6,286,047
`
`J. Gilmore, "Swan: Securing the Internet against Wiretapping", printed from
`http://liberty.freeswan.org/freeswan_trees/freesswan-1.3/doc/rationale. html on Feb. 21,
`2002, 4 pages
`
`-iii-
`
`Page 4 of 53
`
`

`
`Case 6:07-cv-00080-LED Document 194 Filed 12/30/08 Page 5 of 53 PageID #: 8613
`
`23.
`
`24.
`
`Second Preliminary Amendment (Paper No. 9) dated February 22, 2002
`
`Notice of Allowability dated August 9, 2004
`
`25. Merriam Webster’s Collegiate Dictionary (10th ed. 1996)
`
`Amendment dated August 17, 2006
`
`Notice of Allowability dated November 13, 2006
`
`Dr. D. Johnson deposition rough transcript
`
`RFC 2637
`
`RFC Index
`
`
`
`26.
`
`27.
`
`28.
`
`29.
`
`30.
`
`-iv-
`
`Page 5 of 53
`
`

`
`Case 6:07-cv-00080-LED Document 194 Filed 12/30/08 Page 6 of 53 PageID #: 8614
`
`
`I.
`
`INTRODUCTION
`
`A consistent theme emerges from examination of the parties’ competing constructions.
`
`VirnetX’s proposed constructions give full scope to the claim language, as firmly supported by the
`
`intrinsic evidence. Microsoft’s proposed constructions, however, seek to limit the claims to certain
`
`preferred embodiments (while excluding others), to extrinsic industry standards, or to extrinsic
`
`dictionary definitions that conflict with the context of the patented inventions. The canons of claim
`
`construction favor VirnetX’s proposed constructions and compel rejection of Microsoft’s.
`II.
`
`APPLICABLE CLAIM CONSTRUCTION STANDARDS
`
`“It is a ‘bedrock principle’ of patent law that ‘the claims of a patent define the invention to
`
`which the patentee is entitled the right to exclude.’” Phillips v. AWH Corp., 415 F.3d 1303, 1312 (Fed.
`
`Cir. 2005) (en banc) (internal citation omitted). The specification “‘is always highly relevant to the
`
`claim construction analysis. Usually, it is dispositive; it is the single best guide to the meaning of a
`
`disputed term.’” Id. at 1315 (internal citation omitted). The prosecution history also supplies intrinsic
`
`evidence if it is in evidence. Id. at 1317. “Differences among the claim terms can also assist in
`
`understanding a term’s meaning … For example, when a dependent claim adds a limitation to an
`
`independent claim, it is presumed that the independent claim does not include the limitation.” Alcatel
`
`United States Res., Inc. v. Microsoft Corp., 2008 U.S. Dist. LEXIS 49615, at *5 (E.D. Tex. Jun. 27,
`
`2008). “Technical dictionaries and treatises may help a court understand the underlying technology
`
`and the manner in which one skilled in the art might use claim terms, but technical dictionaries and
`
`treatises may provide definitions that are too broad or may not be indicative of how the term is used in
`
`the patent.” Id. at *7. Generally, extrinsic evidence is “less reliable than the patent and its prosecution
`
`history in determining how to read claim terms.” Id.
`III.
`
`BACKGROUND OF THE TECHNOLOGY
`
`The field of the three VirnetX patents in suit is secure computer network communications,
`
`more specifically, communications in a virtual private network (VPN). As will be seen, the three
`
`VirnetX patents are directed to aspects of using a domain name service (DNS) or secure domain name
`
`service (SDNS) to set up and use VPNs.
`
`
`
`Page 6 of 53
`
`

`
`Case 6:07-cv-00080-LED Document 194 Filed 12/30/08 Page 7 of 53 PageID #: 8615
`
`
`A.
`
`VirnetX’s U.S. Patent No. 6,502,135 (the “’135 Patent”)
`
`The ’135 patent improves security in computer networks through a novel method and system of
`
`creating VPNs. Networks, such as VPNs, can carry all kinds of traffic between computers using
`
`various applications and protocols. A VPN, in particular, allows computers in a network to
`
`communicate privately by encrypting their communications on paths between them that may be
`
`insecure, e.g., over underlying public networks, such as the Internet, that may be subject to nefarious
`
`listeners. See ’135 patent (Exhibit 1 hereto) at 1:16-45; 37:40-49.
`
`There were several problems with the prior art. One category of prior art required a user to
`
`manually set up the VPN, such as by providing encryption information, e.g., keys required to encrypt
`
`and decrypt the messages. Ex. 4 (Jones Decl.) ¶22; Ex. 5 (Williamson rough Depo. Tr.) at 46-47.
`
`However, manually created VPNs were neither flexible nor easy to use. For example, business
`
`travelers trying to remotely connect to their corporate networks through VPNs had difficulty setting up
`
`and using VPNs. See ’135 patent at 2:52-63.
`
`The ’135 patent improves security by making it easier for users to use VPNs without the user
`
`having to manually create the VPN, and ensuring VPNs are created when they are needed, without
`
`compromising security, e.g., for business travelers who need to establish VPNs with their corporate
`
`networks over the Internet. See id. at 5:8-12; 11:39-43. The ’135 patent claims a method and system of
`
`“transparently creating a virtual private network (VPN).” See ’135 patent claims 1 and 10. In other
`
`words, a user need not be involved in creating the VPN. See id. at 39:22-29. The inventions
`
`transparently create the VPN by initiating or setting up the VPN in response to a DNS request. Id. at
`
`6:1-3; 32:33-35; 37:17-21; 37:63-38:2. Put another way, a DNS request triggers a VPN. Id. A DNS
`
`request contains a domain name, one example of which is “Yahoo.com.” Id. at 37:22-29; 37:45. A
`
`DNS request is to be sent to a DNS, which is a service that receives requests for computer network
`
`addresses (machine-understandable numerical addresses) corresponding to domain names, and which
`
`provides responses. See ’135 patent at 37:22-29; 37:45; 38:23-42. As claimed in claims 1 and 10, the
`
`invention can examine the DNS request and determine whether to create the VPN for the user based on
`
`-2-
`
`Page 7 of 53
`
`

`
`Case 6:07-cv-00080-LED Document 194 Filed 12/30/08 Page 8 of 53 PageID #: 8616
`
`
`the DNS request. In system claim 10, in response to the DNS request, a DNS proxy server requests a
`
`VPN for the user and a gatekeeper computer allocates the resources for the VPN.
`B.
`
`VirnetX’s U.S. Patent No. 6,839,759 (the “’759 Patent”)
`
`The ’759 patent stems from a continuation-in-part of the ’135 patent and provides further
`
`improvements in security in computer networks through another novel method and apparatus of
`
`controlling who can establish VPN links using DNS without a user entering cryptographic information,
`
`such as encryption keys. See ’759 patent (Exhibit 2 hereto) Title; claims 1 and 16; 6:37-51; see also id.
`
`6:21-36. The prior art failed to differentiate between requestors in deciding whether to set up a VPN.
`
`Id. at 40:24-37. This was a significant drawback in the prior art. Id. The invention overcomes the
`
`problems of the prior art. The invention provides a DNS that provides VPN resources based on the
`
`requestor’s (or user’s) identity. Id. at 40:37-44. If the requestor does not have sufficient security
`
`privileges to communicate in a VPN, the VPN will not be enabled. Id. at 40:48-55; 41:23-28; 41:51-
`
`64; 41:65-42:2; 42:19-38; Fig. 27.
`C.
`
`VirnetX’s U.S. Patent No. 7,188,180 (the “’180 Patent”)
`
`The ’180 patent (which shares the same specification as the ’759 patent) provides further
`
`improvements in security in computer networks through another novel method and apparatus of using a
`
`secure domain name service (SDNS) to provide secure computer network addresses corresponding to
`
`secure domain names and enable a VPN communication. See ’180 patent (Exhibit 3 hereto) Title;
`
`claims 1, 17 and 33; 6:22-37; 7:19-42. The prior art did not provide for such a SDNS. Id. at 6:22-36.
`
`In an embodiment of the invention, secure domain name requests (for secure computer network
`
`addresses) are handled by a SDNS. Id. at 51:28-45; 53:26-40. The SDNS has a registry of secure
`
`domain names. Figure 35 shows an embodiment of registering a secure domain name with a SDNS.
`
`Id. at 53:26-54:6. Id. at 52:22-26; 52:41-46. The SDNS provides additional security. It is capable of
`
`providing trustworthy responses, e.g., by replying to the secure domain name request with the secure
`
`computer network address using a VPN link. Id. at Id. at 52:4-22; 52:37-40; 52:51-54; Fig. 34.
`
`-3-
`
`Page 8 of 53
`
`

`
`Case 6:07-cv-00080-LED Document 194
`
`Filed 12/30/08 Page 9 of 53 PagelD #: 8617
`
`IV.
`
`VlRNETX’S PROPOSED CONSTRUCIIONS FOR THE ’l35 PATENT CLAIM
`
`TERMS AND PHRASES SHOULD BE ADOPTED.
`
`Method claim 1 contains seven of the eight disputed claim terms and phrases in the ’ 135 patent,
`
`in bold and underlining below‘
`
`1. A method of transparently creating a virtual private network QELE) between a
`client computer and a target computer, comprising the steps of:
`
`(1) generating from the client computer a Domain Name Service (DNS) request that
`requests an IP address corresponding to a domain name associated with the target
`computer;
`
`(2) determining whether the 1 request transmitted in step (1) is requesting
`access to a secure web site; and
`
`(3) in response to determining that the DNS request in step (2) is requesting access to a
`secure target web site, automatically initiating the VPN between the client computer
`and the target computer.
`
`System claim 10, the other independent claim in the patent, contains six of the eight disputed claim
`
`terms and phrases (including the additional term “DNS proxy server”), in bold and underlining below:
`
`10. A system that transparently creates a virtual private network gym; between a
`client computer and a secure target computer, comprising:
`
`a _]_)_l;l§ proxy server that receives a request from the client computer to look 11p an IP
`address for a domain name, wherein the DNS proxy server returns the IP address for
`me requested domain name if it is determined that access to a non-secure web site has
`been requested, and wherein the DNS proxy server generates a request to create the
`VPN between the client computer and the secure target computer if it is determined that
`access to a secure web site has been requested; and
`
`a gatekeeper computer that allocates resources for the VPN between the client
`computer and the secure web computer in response to the request by the DNS proxy
`server.
`
`A.
`
`virtual private network g 2 PM
`
`VirnetX’s Proposed Construction
`
`Microsoft’s Proposed Construction
`
`a network implemented by encapsulating an
`a network of computers capable ofprivately
`encrypted IP packet within another IP packet
`communicating with each other by encrypting
`(that is, tunneling) over a shared networking
`traffic on insecure commrmication paths between
`the computers, and which is capable of expanding mfiastmcture
`to include additional computers and
`
`commrmication s aths
`
`lDrsput'edtermsandphrasesareonlyh1ghl'ightedonceintheclarms' herein".
`
`.4-
`
`Page 9 of 53
`
`Page 9 of 53
`
`

`
`Case 6:07-cv-00080-LED Document 194 Filed 12/30/08 Page 10 of 53 PageID #: 8618
`
`
`The dispute about the construction of the claim term “virtual private network (VPN)” is
`
`whether the intrinsic evidence explicitly defining the term should control the construction, as proposed
`
`by VirnetX, or whether Microsoft’s restrictive construction, limiting VPNs to a particular protocol and
`
`specific packet format (encapsulation of one IP packet within another) trumps the explicit (and
`
`industry-accepted) definition provided in the intrinsic evidence. VirnetX’s intrinsic evidence definition
`
`should be adopted.
`VirnetX’s Proposed Construction. The claim language itself is of limited assistance in
`
`defining the term VPN since the claim language does not tell us what a VPN is. The first part of
`
`VirnetX’s proposed construction is “a network of computers capable of privately communicating with
`
`each other by encrypting traffic on insecure paths between the computers.” The intrinsic evidence
`
`contains an explicit definition of a VPN that supports VirnetX’s construction. The specification refers
`
`to the “FreeS/WAN” project as the conventional scheme of creating a “VPN.” ’135 patent at 37:50-62.
`
`The prosecution history file prominently includes a FreeS/WAN glossary of terms defining a VPN.
`
`See Acumed LLC v. Stryker Corp., 483 F.3d 800, 815 (Fed. Cir. 2007) (intrinsic evidence includes
`
`references cited during prosecution). The FreeS/WAN glossary defines a VPN as follows:
`
`Ex. 6 at 24. As can be seen, the definition of a VPN includes encrypting traffic on insecure paths (or
`
`connections) between computers in the network, allowing the computers to privately communicate
`
`with each other. The VPN provides security by encrypting traffic communicated between computers in
`
`the VPN, and “[m]any encryption methods are known and usable in this context.” ’135 patent at 1:38-
`
`45; 37:63-38:2; see also id. at 38:13-22; 38:43-52; 39:7-20; 39:21-25; 39:42-60. Moreover, consistent
`
`with the FreeS/WAN glossary definition of a VPN, Figure 24 in the specification shows that there can
`
`be multiple paths in the VPN (rather than just one path).
`
`-5-
`
`Page 10 of 53
`
`

`
`Case 6:07-cv-00080-LED Document 194 Filed 12/30/08 Page 11 of 53 PageID #: 8619
`
`
`Id. at 36:25-32 (links L1, L2 and L3 may be VPN links); Fig. 24. This intrinsic evidence supports this
`
`part of VirnetX’s construction that a VPN is “a network of computers capable of privately
`
`communicating with each other by encrypting traffic on insecure paths between the computers.”
`
`The intrinsic evidence also supports the second part of VirnetX’s proposed construction of a
`
`VPN as “capable of expanding to include additional computers and communication paths.” The
`
`intrinsic evidence establishes that a VPN, as a network, must include the capability of expansion, also
`
`known as scalability. The specification describes an embodiment of a VPN as including more than two
`
`computers or nodes. ’135 patent at 23:11-20; 29:30-64. In addition, the cited art (the Risley ’158
`
`patent) describes and depicts a “typical network” as including more than two computers. Ex. 7 at 5:62;
`
`Fig. 2C. The Risley ’158 patent was relied upon by the Examiner in support of a rejection, which was
`
`overcome based on the ’135 patented invention’s use of a DNS request to trigger a VPN. Ex. 8; Ex. 9
`
`at 6 (“Neither Risley nor Boden teach or suggest triggering the creation of a VPN in response to a DNS
`
`request.”). Another cited reference describes a VPN as expandable, noting that “new locations” can be
`
`“easily added to the network.” Ex. 10 at VNET 00221857. Thus, while the patent describes VPNs
`
`between a client and target computer, this connection must be scalable to add additional computers
`
`(nodes).
`
`The extrinsic evidence is consistent. A VPN emulates the scalability of a WAN. See Ex. 11 at
`
`4 (“[A] VPN is simply defined as the ‘emulation of a Wide Area Network (WAN) facility using IP
`
`facilities’ (including the public Internet, or private IP backbones).”) (emphasis added); Ex. 12 at 168
`(“The key issue that separates WAN technologies from LAN technologies is scalability – a WAN must
`
`be able to grow as needed to connect many sites spread across large geographic distances, with many
`
`computers at each site.”).
`
`-6-
`
`Page 11 of 53
`
`

`
`Case 6:07-cv-00080-LED Document 194 Filed 12/30/08 Page 12 of 53 PageID #: 8620
`
`
`Microsoft’s Proposed Construction. Microsoft’s construction is unnecessarily narrow and
`
`conflicts with the intrinsic evidence definition as well as examples in the specification. It requires
`
`encapsulation of an IP packet within another IP packet, and thus excludes networks other than over the
`
`Internet, and other packets. The specification, however, describes VPNs which are implemented
`
`without such encapsulation, and in networks other than the Internet, such as Ethernet. ’135 patent at
`
`23:11-36. As the other intrinsic evidence indicates, encapsulation of a packet within another IP packet
`
`is possible, but not required. Ex. 7 at 7:44-49 (“Encryption and decryption may also automatically be
`
`executed on certain data packets, with the criteria defined by the system administrator. Along with this
`it may be desirable to encapsulate a packet and give it a new header with a new IP address …”)
`
`(emphasis added). Consistent with the intrinsic evidence, Microsoft’s dictionary definition of a VPN
`
`does not include any of the encapsulating or tunneling limitations it seeks to impose on VirnetX. Ex.
`
`13 at 278 (“Nodes on a public network such as that Internet that communicate among themselves using
`
`encryption technology so that their messages as safe from being intercepted and understood by
`
`unauthorized users as if the nodes were connected by private lines”).
`Microsoft makes a convoluted argument that the VPN must be based in the IP layer.2 Joint
`Claim Construction Statement (“JCC”) Exh. E ¶¶31-34. The purported basis for this argument is that
`
`“[t]he patents-in-suit distinguish between VPNs [allegedly at the networking layer] and so-called
`
`‘virtual private connections’ [allegedly at the application layer].” Id. ¶ 31. The described virtual
`
`private connection, upon which Microsoft’s argument hinges, does not even use encryption. ’180
`
`patent at 54:24-29; 55:2-14; 55:37-46; Fig. 37. Even Microsoft agrees that a VPN must employ some
`
`type of encryption, so the layer at which an unencrypted virtual private connection is implemented is
`
`irrelevant to the definition of a VPN. Moreover, it is notable that the citations on which Microsoft
`
`relies for this alleged distinction are only in the ’759 and ’180 patents, and not the earlier-filed ’135
`
`patent. The term “virtual private network” or “VPN” is found first and foremost in the ’135 patent.
`
`
`2 Microsoft’s motivation for seeking to unduly limit the virtual private network (VPN) in the claims to “encapsulating,”
`“tunneling” and encrypting at the IP networking layer is to try to exclude VPNs using technologies like Secure Socket Layer
`(SSL) or Transport Layer Security (TLS), used by Microsoft’s accused products. JCC Exh. E ¶31.
`-7-
`
`Page 12 of 53
`
`

`
`Case 6:07-cv-00080-LED Document 194 Filed 12/30/08 Page 13 of 53 PageID #: 8621
`
`
`The common denominator of the patents in suit is the FreeS/WAN glossary definition of a VPN on
`
`which VirnetX relies, which has none of Microsoft’s encapsulating or tunneling limitations.
`
`Additionally, Microsoft’s reliance on the ’135 patent’s description of IPSEC, as well as address
`
`hopping, is misplaced. In fact, the specification distinguishes the only implementation of IPSEC
`
`described, the conventional prior art FreeS/WAN scheme of creating a VPN. ’135 patent at 37:22-62.
`
`In any event, the FreeS/WAN glossary defines a “VPN” as proposed by VirnetX. Moreover, the
`
`specification describes “address hopping,” the preferred embodiment (id. at 38:1-6), as implemented in
`
`networks not limited to the Internet, such as Ethernet networks, so encapsulation of an IP packet within
`
`another IP packet at the Internet network layer is not the only kind of VPNs described by the
`
`specification. Id. at 19:25-36; 19:37-47; 20:62-66; 21:41-49; 29:30-64; 38:2-6; 38:33-35. The VPN
`
`packets in the preferred embodiment are not limited to IP packets with IP headers, and other packets
`
`and headers can be used to implement the VPN, such as MAC addresses. Id. at 9:43-49; 10:59-62;
`
`18:31-37; 18:42-44; 19:47-20:3; 20:32-66; 21:3-29; 22:40-44; 23:11-20; 23:45-59; 29:30-64; 43:29-39.
`
`The preferred embodiment VPNs can thus be implemented in layers other than the IP network layer.
`
`Id. at 10:63-66; 19:37-47; Fig. 12A. A construction like Microsoft’s that excludes an embodiment,
`
`without any kind of lexicography, disclaimer or disavowal, is not correct. See Verizon Servs. Corp.. v.
`
`Vonage Holdings Corp., 503 F.3d 1295, 1305 (Fed. Cir. 2007) (“We normally do not interpret claim
`
`terms in a way that excludes disclosed examples in the specification.”); Oatey Co. v. IPS Corp., 514
`
`F.3d 1271, 1276 (Fed. Cir. 2008) (same).
`
`In addition, to the extent extrinsic sources are considered, it should be noted that Microsoft co-
`
`authored a standard on VPNs (known as PPTP) which were not limited to tunneling by encapsulating
`
`an IP packet within another IP packet. Ex. 29 at 4 (describing IPX and Appletalk). Indeed, the word
`
`“tunneling” in the art is more general and is used to describe other kinds of packets encapsulated in
`
`other packets; i.e., not all VPNs are IP based. Ex. 4 (Jones Dec.) ¶21. See also Ex. 11 (“A Framework
`for IP Based Virtual Private Networks”) (emphasis added).
`
`In any event, the word “tunneling” in Microsoft’s construction is not instructive and could be
`
`confusing for the jury.
`
`-8-
`
`Page 13 of 53
`
`

`
`Case 6:07-cv-00080—LED Document 194
`
`Filed 12/30/08 Page 14 of 53 PagelD #: 8622
`
`VirnetX’s proposed construction includes every aspect of what it means to have a VPN, as
`
`defined in the intrinsic evidence. Microsofi’s definition, however, includes lmwarranted limitations.
`
`VirnetX’s proposed construction is the correct construction.
`
`B.
`
`transparently creating |creates| a virtual private network 1 2 gm
`
`V'IrnetX’s Proposed Construction
`
`Microsoft’s Proposed Construction
`
`such creation”
`
`a user need not be involved in creating a virtual
`private network (VPN)
`
`no construction necessary because the
`preamble is not a limitation.
`In the alternative, to the extent the court
`determines a construction is necessary, it is
`“creating a virtual private network (VPN)
`without the client or target computer
`involved in -
`-
`'
`
`The dispute about the construction of the claim phrase is whether the “transparently .. .” phrase
`
`is a limitation of the claim and whether the intrinsic evidence defines the word “transparently” as not
`
`requiring user involvement as proposed by VirnetX, or whether the word “transparently” requires no
`
`construction, as proposed by Microsoft. The ’l35 patent defines the word “transparently” as VirnetX
`
`proposes, and this meaning is a critical aspect that gives life and meaning to the claimed invention
`
`But, even if the “transparently ...” phrase is not a limitation, it should be construed as VirnetX
`
`proposes to help the jmy and avoid any confusion.
`
`VrnetX’s Proposed Construction.
`
`The claim language itself makes it clear that
`
`the
`
`“transparently ...” phrase is part of the invention. Claims 1 and 10 are directed to creating a VPN
`
`between a client computer and target computer, as seen in both the preamble and body of the claims.
`
`Antecedent basis for the terms VPN, client computer and target computer are found in the preamble.
`
`See Electra Sci. Indus. v. Dynamic Details, Inc., 307 F.3d 1343, 1348 (Fed. Cir. 2002); Pimejv Bowes,
`
`Inc. v. Hewlett-Packard C0,, 182 F.3d 1298, 1305-06 (Fed Cir. 1999) (preamble limiting because it is
`
`“intimately meshed with the ensuing language in the claim” even though not all preamble terms are
`
`recited in the body of the claim) (internal citations omitted). Further, the claim language shows that a
`
`user need not be involved in creating the VPN.
`
`In claim 1, the VPN is created in response to a DNS
`
`Page 14 of 53
`
`Page 14 of 53
`
`

`
`Case 6:07-cv-00080-LED Document 194 Filed 12/30/08 Page 15 of 53 PageID #: 8623
`
`
`request. In claim 10, a DNS proxy server requests creation of the VPN, and a gatekeeper computer
`
`allocates resources for the VPN.
`
`The Abstract, the Summary of the Invention and the Detailed Description describe the
`
`invention in terms of transparently creating a VPN in response to a domain name inquiry (or query), a
`
`DNS request. ’135 patent at Abstract; 6:1-3; 7:18-23; 32:33-35; 37:17-21; Figs. 26, 27. In an act of
`
`lexicography, the specification then specifically defines the word “transparently” to the user as “the
`
`user need not be involved in creating the secure link.” Id. at 39:21-29. Instead of a user being involved
`
`in created a secure link in a VPN, “transparent VPN creation” is “based on a DNS look-up function.”
`
`Id. at 7:22-23. The prosecution history then consistently distinguishes the prior art as not creating a
`
`VPN in response to a DNS request. Ex. 9 at 3-6.
`Microsoft’s Proposed Construction. Microsoft’s argument that the phrase “transparently …”
`
`is not a part of the invention ignores all of the intrinsic evidence above. But, even if the Court agrees
`
`that the phrase is not a limitation of the claim, the Court should construe the phrase to help the jury.
`
`Without construction by the Court, the jury could be confused and think that the word “transparently”
`
`means that something can be “seen through,” such as a window.
`
`Microsoft proposes the following alternative definition: “creating a virtual private network
`
`(VPN) without the client or target computer involved in requesting such creation.” This limitation has
`
`no support in the intrinsic or extrinsic evidence and is wrong for at least two reasons. First, Microsoft’s
`
`proposed limitation does not relate to the user, contrary to the specification’s description that the word
`
`“transparently” means the user need not be involved in creating the VPN. ’135 patent at 39:21-29.
`
`Second, there is nothing in the claim language that says the client or target computer cannot be
`
`involved in creating the VPN. On the contrary, the client