`571-272-7822
`
`
`Paper 122
`Entered: July 14, 2020
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`THE MANGROVE PARTNERS MASTER FUND, LTD., APPLE INC.,
`and BLACK SWAMP IP, LLC,
`Petitioner,
`
`v.
`
`VIRNETX INC.,
`Patent Owner.
`____________
`
`IPR2015-010471
`Patent 7,490,151 B2
`____________
`
`Before MICHAEL P. TIERNEY, Vice Chief Administrative Patent Judge,
`KARL D. EASTHOM, JASON W. MELVIN, Administrative Patent Judges.
`
`MELVIN, Administrative Patent Judge.
`
`
`
`JUDGMENT
`Final Written Decision on Remand
`Determining All Challenged Claims Unpatentable
`35 U.S.C. §§ 144, 318
`
`
`
`
`
`
`1 Apple Inc. and Black Swamp IP, LLC, which filed petitions in IPR2016-
`00063 and IPR2016-00167, respectively, have been joined as Petitioners in
`this proceeding.
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`
`INTRODUCTION
`I.
`A. BACKGROUND AND SUMMARY
`The Mangrove Partners Master Fund, Ltd., Apple Inc., and Black
`Swamp IP, LLC (collectively, “Petitioner”) requested inter partes review of
`claims 1, 2, 6–8, and 12–14 (the “challenged claims”) of U.S. Patent
`No. 7,490,151 B2 (“the ’151 patent”). Paper 2 (“Pet.”).2 We issued a
`Decision instituting inter partes review. Paper 11 (“Inst. Dec.”).
`After institution, VirnetX Inc. (“Patent Owner”) filed a Patent
`Owner’s Response (Paper 54 (redacted version), “PO Resp.”; Paper 48 (non-
`redacted version)), to which Petitioner replied (Paper 58 (redacted version);
`Paper 56 (non-redacted version), “Pet. Reply”; and Paper 59, “Pet. Separate
`Reply”). Oral argument was conducted on June 30, 2016. Transcripts of that
`argument have been made of record. Paper 79 (“Original Tr.”); see also
`Paper 78. Our Final Written Decision was issued September 9, 2016.
`Paper 80 (“Original Decision”).
`On appeal, the Federal Circuit vacated our Original Decision and
`remanded the case for further proceedings. VirnetX Inc. v. Mangrove
`Partners Master Fund, Ltd., 778 F. App’x 897 (Fed. Cir. 2019). After
`conferring with the parties, we permitted Patent Owner to file a Motion for
`Additional Discovery (Paper 90), to which Petitioner filed an Opposition
`(Paper 91) and Patent Owner filed a Reply (Paper 96). We granted in part
`Patent Owner’s Motion. Paper 97. Patent Owner requested rehearing of our
`decision on its Motion for Additional Discovery (Paper 101), to which
`Petitioner opposed (Paper 102) and Patent Owner replied (Paper 103).
`
`
`2 We consider the Petition filed by The Mangrove Partners Master Fund,
`Ltd., not the similar petitions filed by the joined parties.
`
`2
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`
`We permitted the parties to brief the issues for consideration on
`remand from the Federal Circuit. Petitioner filed a principal brief
`(Paper 104, “Pet. Remand Br.”), Patent Owner filed an opposition
`(Paper 105, “PO Remand Br.”), Petitioner filed a reply (Paper 106, “Pet.
`Remand Reply”), and Patent Owner filed a sur-reply (Paper 107, “PO
`Remand Sur-Reply”). Oral argument was conducted on January 24, 2020,
`and a transcript appears in the record. Paper 115 (“Tr.”).
`This is a final written decision as to the patentability of the challenged
`claims. For the reasons discussed below, we determine that Petitioner has
`shown by a preponderance of the evidence that the challenged claims are
`unpatentable.
`
`B. RELATED MATTERS
`The ’151 patent is at issue in the following civil actions: (i) Civ. Act.
`No. 6:13-cv-00211-LED (E.D. Tex.), filed February 26, 2013; (ii) Civ. Act.
`No. 6:12-cv-00855-LED (E.D. Tex.), filed November 6, 2012; and (iii) Civ.
`Act. No. 6:10-cv-00417-LED (E.D. Tex.), filed August 11, 2010. Pet. 1;
`Paper 8, 11–12.
`The ’151 patent is the subject of Reexamination Control
`Nos. 95/001,697 and 95/001,714. Pet. 1–2; Paper 8, 2–3.
`Petitioner additionally identifies the following:
`
`On January 21, 2020, the Federal Circuit issued its opinion in
`VirnetX Inc. v. Cisco Systems, Inc., No. 2019-1043 (Fed. Cir.
`Jan. 21, 2020), affirming, under Fed. Cir. R. 36, the Board’s
`decisions in Cisco Systems, Inc. v. VirnetX Inc., Control
`No. 95/001,746, Appeal Nos. 2015-007843, 2017-010852,
`2017-010852, each involving related U.S. Patent No. 6,839,759
`and, inter alia, the Kiuchi reference at issue in this proceeding.
`
`3
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`Paper 111.
`Additionally, Patent Owner identifies a number of PTO proceedings
`that involve U.S. Patent No. 6,502,135 (“the ’135 patent”). Paper 8, 4. Of
`particular significance here, the ’135 patent is at issue in IPR2015-01046,
`which has been treated as largely a companion proceeding to the present
`one.
`
`Patent Owner identifies multiple other proceedings involving “patents
`stemming from the same applications that led to the ’151 patent.” Paper 8,
`3–10.
`
`C. THE ’151 PATENT
`The ’151 patent discloses a system and method for automatic creation
`of a virtual private network (VPN) in response to a domain-name server
`look-up function. Ex. 1001, 36:58–60.
`
`ILLUSTRATIVE CLAIMS
`D.
`Claim 1 of the ’151 patent is illustrative of the claimed subject matter
`and is reproduced below:
`1. A data processing device, comprising memory storing a
`domain name server (DNS) proxy module that intercepts
`DNS requests sent by a client and, for each intercepted
`DNS request, performs the steps of:
`(i) determining whether the intercepted DNS request
`corresponds to a secure server;
`(ii) when the intercepted DNS request does not correspond
`to a secure server, forwarding the DNS request to a DNS
`function that returns an IP address of a nonsecure
`computer, and
`(iii) when the intercepted DNS request corresponds to a
`secure server, automatically initiating an encrypted
`channel between the client and the secure server.
`
`4
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`Ex. 1001, 46:55–67.
`
`E. PRIOR ART AND ASSERTED GROUNDS
`Petitioner asserts unpatentability on the following grounds:
`Claims Challenged 35 U.S.C. § Reference(s)
`1, 2, 6–8, 12–14
`102
`Kiuchi3
`
`1, 2, 6–8, 12–14
`
`1, 2, 6–8, 12–14
`
`1, 2, 6–8, 12–14
`
`103
`
`103
`
`103
`
`Kiuchi, Rescorla4
`
`Kiuchi, RFC 10345
`
`Kiuchi, RFC 1034, Rescorla
`
`Pet. 4.
`
`F. CAFC REMAND
`On appeal, the Federal Circuit held that our prior decision “relied on
`only the C-HTTP name server to perform the functions of the DNS proxy
`module.” VirnetX, 778 F. App’x at 906. The Court held that we had not
`identified substantial evidence “that the C-HTTP name server performs the
`functions of the claimed DNS proxy module.” Id. It further noted that we
`“could not have found that the client-side proxy corresponds to the claimed
`‘client’ and is also a part of the DNS proxy module, as the claim makes clear
`that these are separate components.” Id.
`
`
`3 Takahiro Kiuchi and Shigekoto Kaihara, “C-HTTP – The Development of
`a Secure, Closed HTTP-based Network on the Internet,” published by
`IEEE in the Proceedings of SNDSS 1996 (Ex. 1002).
`4 E. Rescorla and A. Schiffman, “The Secure Hypertext Transfer Protocol,”
`Internet Draft (Feb. 1996) (Ex. 1004).
`5 P. Mockapetris, Request for Comment (“RFC”) 1034, “Domain Names–
`Concepts and Facilities,” Nov. 1997 (Ex. 1005).
`
`5
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`
`Regarding how the claimed “client” mapped to Kiuchi’s disclosures,
`the Federal Circuit held that our prior decision had inconsistencies in various
`parts of its analysis. Id. at 907–08. Attempting to resolve that inconsistency,
`the Court held that relying exclusively on Kiuchi’s client-side proxy for the
`claimed “client” would require resolving a claim-construction dispute over
`the meaning of that term. Id. at 908.
`Finally, the Federal Circuit held that we should consider Petitioner’s
`obviousness challenges anew in light of the Court’s decision. Id.
`
`II. ANALYSIS
`A. CLAIM CONSTRUCTION
`In a Board proceeding based on a petition filed before November 13,
`2018, as here, claims in an unexpired patent are interpreted according to
`their broadest-reasonable construction in light of the specification of the
`patent in which they appear. 37 C.F.R. § 42.100(b) (2018); see Cuozzo
`Speed Techs., LLC v. Lee, 136 S. Ct. 2131, 2144–46 (2016).6
`The Federal Circuit held that, “[t]o the extent the Board intended to
`rely exclusively on Kiuchi’s client-side proxy for the claimed ‘client,’” it
`would be necessary to construe the meaning of “client.” VirnetX, 778
`F. App’x at 907–08. The parties dispute that construction, along with the
`construction of “between.”
`
`
`6 A recent amendment to this rule does not apply here because the Petition
`was filed before November 13, 2018. See Changes to the Claim
`Construction Standard for Interpreting Claims in Trial Proceedings Before
`the Patent Trial and Appeal Board, 83 Fed. Reg. 51,340 (Oct. 11, 2018)
`(amending 37 C.F.R. § 42.100(b), effective Nov. 13, 2018) (codified at 37
`C.F.R. § 42.100(b) (2019)).
`
`6
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`
`1. “client”
`As to the proper construction of “client,” Petitioner submits that its
`“anticipation argument does not implicate this issue—there, the user agent is
`the ‘client’” Pet. Remand Br. 6. As noted below, because we find claims 13
`and 14 anticipated by Kiuchi and all claims obvious over Kiuchi and
`Rescorla, we do not reach Petitioner’s obviousness contentions regarding
`RFC 1034. See infra at 28. Construing “client” in this proceeding would
`therefore have no impact on our judgment—it would only influence a
`ground we do not reach. In copending IPR2015-01046, we construe “client
`computer.” See IPR2015-01046, Paper 106. We note here that we would
`reach the same construction for “client” as “client computer” in that
`proceeding, as the parties treat the terms as essentially synonymous.
`Pet. Remand Br. 7 n.2.7
`
`2. “between the client and the secure server”
`Each independent challenged claim includes a phrase requiring an
`element between two points—claims 1 and 7 recite “initiating an encrypted
`channel between the client and the secure server” and claim 13 recites
`“creating a secure channel between the client and the secure server.”
`Patent Owner submits that the district court correctly construed such
`phrases as “extending from [A] to [B].” PO Remand Br. 9–10 (citing
`Ex. 2031, 25–26). Patent Owner notes that construing this term was not
`required for the prior decision in this case, which considered Kiuchi’s client-
`side and server-side proxies as the two relevant endpoints. Id. at 10 n.4.
`
`
`7 In the related proceeding, we construe “client computer” as “user’s
`computer.” IPR2015-01046, Paper 106.
`
`7
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`Petitioner contends that the broadest-reasonable construction applies and
`that we should adopt the construction Patent Owner sought before the
`district court, that “[s]ecurity—i.e., encryption—is only necessary for public
`communication paths for the security objective of the patents to be met
`because security can be inherently present on private portions of the path.”
`Pet. Remand Br. 9–10 (quoting Ex. 1009, 10). According to Petitioner, that
`construction must be consistent with the broadest-reasonable construction
`because Patent Owner offered it to the district court. Id. at 10.
`Petitioner does not offer any substantive basis to adopt a construction
`other than Patent Owner’s proposed construction. The plain and ordinary
`meaning of the claim language supports Patent Owner’s proposed
`construction, and we apply it here—between the client and the secure server
`means extending from the client to the secure server, not simply a piece of
`the way between the two.
`
`B. ANTICIPATION
`Petitioner illustrates its mapping of the claim language to Kiuchi’s
`disclosures using the following annotated version of a diagram appearing in
`Petitioner’s expert declaration of Dr. Guerin:
`
`8
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`
`
`
`Pet. Remand Br. 11 (annotating Ex. 1003 ¶ 24; Pet. 25–37). The annotated
`diagram is not itself evidence, but helps illustrate Petitioner’s contentions.
`Kiuchi discloses systems and methods for facilitating “secure HTTP
`communication mechanisms within a closed group of institutions on the
`Internet, where each member is protected by its own firewall.” Ex. 1002, 64
`(Abstract). It terms its approach C-HTTP, indicating “a closed HTTP
`(Hypertext Transfer Protocol)-based network (C-HTTP).” Id.
`C-HTTP allows a conventional user agent (such as web browser
`software) to request a resource identified in a URL. Id. at 65 (§ 2.3). A
`client-side proxy intercepts all such resource requests made by a user agent.
`Id. (“A client-side proxy behaves as an HTTP/1.0 compatible proxy, and it
`should be specified as a proxy server for external (outside the firewall)
`access in each user agent within the firewall.”). The “client-side proxy asks
`
`9
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`the C-HTTP name server whether it can communicate with the host
`specified in a given URL.” Id. “If the connection is permitted, the C-HTTP
`name server sends the IP address and public key of the server-side proxy” to
`the client-side proxy. Id. If, on the other hand, connection from the client-
`side proxy to the appropriate server-side proxy is not permitted, the C-HTTP
`name server sends the client-side proxy a status code that indicates an error.
`Id. In that event, the client-side proxy “performs DNS lookup, behaving like
`an ordinary HTTP/1.0 proxy.” Id.
`When connection is permitted, the client-side proxy and server-side
`proxy negotiate details and establish an encrypted connection between them,
`over which the user agent’s request is passed. Id. at 66. The “server-side
`proxy communicates with an origin server inside the firewall” such that,
`“[f]rom the view of the user agent or client-side proxy, all resources appear
`to be located in a server-side proxy on the firewall.” Id.
`Petitioner asserts that Kiuchi’s user agent, acting as the claimed client,
`generates a request for content corresponding to a hostname in a URL. Pet.
`Remand Br. 10 (citing Pet. 25–28); see also id. at 6 (“Petitioners’
`anticipation argument does not implicate this issue—there, the user agent is
`the ‘client.’”).
`Petitioner asserts that Kiuchi discloses “determining whether the
`intercepted DNS request corresponds to a secure server.” Kiuchi’s client-
`side proxy intercepts a user agent’s requests and uses the C-HTTP name
`server to determine whether requested content corresponds to an origin
`server reachable through a server-side proxy. Id. (citing Pet. 28–29). Thus,
`Petitioner asserts that the client-side proxy, working with the C-HTTP name
`server, acts as the claimed DNS proxy module. Id.; Pet. 25 (citing Ex. 1003
`
`10
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`¶¶ 18, 20–21) (“client-side proxy – working in concert with the C-HTTP
`name server – is a domain name server (DNS) proxy module that intercepts
`DNS requests sent by a user agent acting as a client”).
`Petitioner asserts that Kiuchi discloses “when the intercepted DNS
`request corresponds to a secure server, . . . automatically initiating an
`encrypted channel between the client and the secure server.” If the requested
`content corresponds to a server-side proxy and origin server, Kiuchi’s client-
`side proxy establishes a connection with the origin server through the server-
`side proxy. Pet. Remand Br. 10–12 (citing Pet. 29–32).
`Petitioner asserts that Kiuchi discloses “when the intercepted DNS
`request does not correspond to a secure server, forwarding the DNS request
`to a DNS function that returns an IP address of a nonsecure computer.” If the
`requested content does not require such a connection, the client-side proxy
`forwards the request to a conventional DNS server for resolution. Id. at 10–
`13.
`
`Patent Owner disputes several aspects of Petitioner’s contentions.
`
`1. Kiuchi discloses “forwarding the DNS request to a DNS function”
`When Kiuchi’s client-side proxy (which, together with the C-HTTP
`name server, maps to the claimed “DNS proxy module”) receives an error
`response from the C-HTTP name server (indicating the client’s request does
`not correspond to a secure server) it “performs DNS lookup, behaving like
`an ordinary HTTP/1.0 proxy.” 1002, 65 (§ 2.3). Petitioner submits that
`Kiuchi therefore discloses “when the intercepted DNS request does not
`correspond to a secure server, forwarding the DNS request to a DNS
`function that returns an IP address of a nonsecure computer.” Pet. 29–30
`(quoting Ex. 1002, 65 (§ 2.3)).
`
`11
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`
`Patent Owner challenges that conclusion, arguing that “there is no
`disclosure of any forwarding of the DNS request to a DNS function.” PO
`Remand Br. 14. In that regard, Patent Owner relies on a statement by the
`Federal Circuit that Kiuchi’s C-HTTP name server does not, alone, meet the
`claim requirement. VirnetX, 778 F. App’x at 906–07. Because the Court was
`not addressing functionality of the combined client-side proxy and C-HTTP
`name server, this statement does not undermine Petitioner’s asserted
`combination on which we rely. Indeed, the client-side proxy alone forwards
`the DNS request to a DNS function when it determines (in conjunction with
`the C-HTTP name server) that the request does not correspond to a secure
`server.
`Patent Owner argues also that simply accessing a DNS function falls
`short of forwarding a received DNS request to a DNS function, making the
`distinction between generating a new request and forwarding a received
`request. PO Remand Sur-Reply Br. 11–12. In Patent Owner’s view, Kiuchi
`is silent on the details of the interaction and thus cannot anticipate the
`challenged claims. Id. We do not agree, because Kiuchi’s statement that the
`client-side proxy behaves “like an ordinary HTTP/1.0 proxy” to perform
`DNS lookup indicates that the client-side proxy passes on a request already
`received.
`Moreover, continues Patent Owner, to the extent Kiuchi addresses the
`issue, it explains that it uses C-HTTP name service “instead of DNS.” Id. at
`12 (quoting Ex. 1002, 7 (“In a C-HTTP-based network, instead of DNS, a C-
`HTTP based secure, encrypted name and certification service is used.”)). We
`do not agree. Kiuchi’s statement that it uses its C-HTTP name service
`instead of DNS does not mean all aspects of Kiuchi’s system use a different
`
`12
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`format from DNS. Rather, the client-side proxy handling all “external
`(outside the firewall) access” for user agents within the firewall is consistent
`with Kiuchi’s user agents using standard DNS-formatted requests. Ex. 1002,
`65 (§ 2.3); see Ex. 1003 ¶ 22 (citing Ex. 1002, 65 (§ 2.3)). Moreover, the
`format of Kiuchi’s C-HTTP requests is not at issue because the claim
`limitation relates to requests for resources outside the secure system—those
`for which the C-HTTP name server returns an error. See Ex. 1002, 66
`(§ 2.3). In such cases, Kiuchi’s client-side proxy “performs DNS lookup,
`behaving like an ordinary HTTP/1.0 proxy.” Id. at 65 (§ 2.3). Kiuchi further
`indicates that nonsecure requests use standard DNS, as it discloses that an
`alternative service “is used for the C-HTTP-based network,” not for all
`requests. Id. at 64 (§ 2.1).
`We find that the claim language reads on Kiuchi’s disclosure of the
`client-side proxy “behaving like an ordinary HTTP/1.0 proxy” to perform a
`DNS lookup. As Petitioner points out, Kiuchi’s client-side proxy receives
`from the client (user agent) a request that contains a URL specifying a
`hostname. Ex. 1002, 65 (§ 2.3); Pet. 25–28; Pet. Remand Br. 10. Behaving
`like an ordinary proxy to perform the DNS lookup means that the client-side
`proxy will send the DNS request to a public DNS server. Pet. 30 (citing
`Ex. 1003 ¶ 23; Ex. 1002, 65 (§ 2.3)). Against the evidence supporting
`Kiuchi’s operation for nonsecure connections, Patent Owner has not shown
`that Kiuchi’s client-side proxy in any way reformats or restructures requests
`from the user agent.
`Accordingly, based on a preponderance of the evidence, we find
`Kiuchi discloses “when the intercepted DNS request does not correspond to
`
`13
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`a secure server, forwarding the DNS request to a DNS function,” as recited
`in independent claims 1, 7, and 13.
`
`2. Kiuchi discloses “determining whether the intercepted DNS request
`corresponds to a secure server”
`Petitioner asserts that Kiuchi’s client-side proxy and C-HTTP name
`server, acting together, determine whether the intercepted DNS request
`corresponds to a secure server. Reply 8–9. That argument is consistent with
`the Petition’s assertion that Kiuchi’s client-side proxy makes the
`determination “by asking ‘the C-HTTP name server whether it can
`communicate with the host specified in a given URL.’” Pet. 28–29 (quoting
`Ex. 1002, 65 (§ 2.3); citing Ex. 1003 ¶¶ 23–24, 26). Patent Owner
`challenges Petitioner’s mapping, arguing that Petitioner relies on the C-
`HTTP name server alone and that its operation cannot be “imputed to the
`client-side proxy.” PO Remand Br. 14–15.
`Petitioner’s mapping of the claimed functionality to two devices in
`Kiuchi is consistent with the ’151 patent’s description. The Specification
`discloses that functionality may be located in a single computer or may
`instead by distributed among multiple computers. See Ex. 1001, 38:30–50
`(“DNS proxy 2610 returns to user computer 2601 the resolved address
`passed to it by the gatekeeper . . . . Gatekeeper 2603 can be implemented on
`a separate computer (as shown in FIG 25) or as a function within modified
`DNS server 2602. . . . It will be appreciated that the functions of DNS proxy
`2610 and DNS server 2609 can be combined into a single server for
`convenience. . . . [A] check [whether the user is authorized to connect to the
`secure host] can be made by communicating with gatekeeper 2603 . . . .”),
`Fig. 26.
`
`14
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`
`Patent Owner disputes such reliance on the specification, arguing the
`specification’s flexibility relates only to “a determination of whether a user
`has sufficient authorization,” not to “whether the intercepted request
`corresponds to a secure host.” PO Remand Sur-Reply 13. The Specification
`is not so constrained. When discussing how the DNS proxy “determines
`whether access to a secure site has been requested,” it discloses that the
`determination may be made “for example, by a domain name extension, or
`by reference to an internal table of such sites.” Ex. 1001, 37:60–65. The use
`of “for example,” along with the flexible description of various DNS proxy,
`DNS server, and gatekeeper functions noted above, supports that the claims
`are not limited to a particular arrangement of hardware. Kiuchi’s client-side
`proxy using information returned from the C-HTTP name server is
`consistent with the ’151 patent’s description.
`Further, in Petitioner’s mapping of the claim language to Kiuchi’s
`disclosures, Petitioner does not rely on the C-HTTP name server as
`performing any other aspect of the claims. See Pet. 25–32; Pet. Remand
`Br. 10–13. Thus, Petitioner does not attempt to use the C-HTTP name server
`as an element corresponding to multiple claim limitations. See VirnetX, 778
`Fed. App’x at 906 (“The Board could not have found that the client-side
`proxy corresponds to the claimed ‘client’ and is also a part of the DNS proxy
`module, as the claim makes clear that these are separate components.”).
`Accordingly, based on a preponderance of the evidence, we find
`Kiuchi discloses its client-side proxy acting with the C-HTTP name server
`as the claimed DNS proxy module “determining whether the intercepted
`
`15
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`DNS request corresponds to a secure server,” as recited in independent
`claims 1, 7, and 13.8
`
`3. Kiuchi discloses “a secure channel
`between the client and the secure server”
`but not “an encrypted channel . . .”
`Petitioner asserts that, when the user agent requests a resource on an
`available origin server, “the client-side proxy initiates an encrypted channel
`on public communication paths between the user agent and the origin server
`(i.e., the communication path over the Internet between the client-side proxy
`and the server-side proxy).” Pet. 31 (citing Ex. 1003 ¶¶ 28, 31). Petitioner
`does not assert, however, that Kiuchi discloses an encrypted connection
`between its user agent and client-side proxy. See PO Remand Br. 15–16.
`As Patent Owner argues, an encrypted channel between only the
`client-side and server-side proxies does not satisfy the requirement of claims
`1 and 7 for an encrypted channel between the client and the secure server.
`Based on the ordinary meaning of the claimed “between” phrases in
`claims 1 and 7, we agree with Patent Owner that Kiuchi does not disclose
`encryption extending from the user agent to either the server-side proxy or
`the origin server. PO Remand Sur-Reply Br. 14; see supra at 8.
`We reach a different conclusion, however, for claim 13, which
`requires only a “secure” connection rather than the “encrypted” connection
`of claims 1 and 7. The Petition relies on Kiuchi’s disclosure of encrypting C-
`HTTP connections between client-side and server-side proxies. Pet. 34
`(citing Ex. 1002, 64 (Abstract), 65). It is undisputed that the link between
`
`
`8 The variation in claim 13’s language for this limitation does not affect our
`analysis.
`
`16
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`Kiuchi’s client-side proxy and server-side proxy is encrypted, and thus
`secure. Patent Owner disputes whether Petitioner has adequately shown that
`communications between the user agent and client-side proxy or
`communications between the server-side proxy and origin server are secure.
`The Petition asserts that when a server-side proxy receives a request
`for connection, it “verifies that the client-side proxy is a member of the
`closed network.” Pet. 34 (citing Ex. 1002, 65 (§§ 2.2, 2.3); Ex. 1003 ¶¶ 26–
`28). Further, the Petition points out that Kiuchi permits secure
`communication “within a closed group of institutions on the Internet, where
`each member is protected by its own firewall.” Id. at 17 (citing Ex. 1002, 64
`(Abstract)); accord Tr. 6:9–11; see also Pet. 25 (showing Kiuchi’s “C-HTTP
`connection ‘provides [a] secure HTTP communication mechanisms’ in
`which communications over the C-HTTP connection are encrypted.”
`(quoting Ex. 1002, 64–66)).
`Beyond Kiuchi’s disclosures, Petitioner relies on the Federal Circuit’s
`recognition in an earlier case that Patent Owner’s “expert testified that one
`of ordinary skill would understand that the path extending from the VPN
`server to the target computer, i.e., within the private network, would be
`secure and anonymous owing to protection provided by the private
`network.” VirnetX, Inc. v. Cisco Sys., Inc., 767 F.3d 1308, 1321
`(Fed. Cir. 2014); see Pet. Remand Reply 17–18; Tr. 6:12–19. Patent Owner
`contests such reliance, pointing out that its expert testified the accused
`network was secure both because it had a firewall and because it had “been
`physically secured.” PO Remand Sur-Reply 14 (quoting VirnetX, 767 F.3d at
`1321).
`
`17
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`
`We find that a preponderance of the evidence shows that Kiuchi
`discloses “a secure channel between the client and the secure server.” The
`Specification states that “[i]t is desired for the communications to be secure,
`that is, immune to eavesdropping.” Ex. 1001, 1:34–35. Based on that
`disclosure, we understand “secure” to be used consistently with its plain and
`ordinary meaning, rather than imparting some particularized meaning.
`Kiuchi discloses that “in-hospital networks are usually protected using
`a dual home gateway and packet filter (firewall) and the Internet can only be
`accessed through proxies on the firewalls.” Ex. 1002, 67 (§ 4.2). Further,
`Kiuchi discloses that it “provides secure HTTP communication mechanisms
`within a closed group of institutions on the Internet, where each member is
`protected by its own firewall.” Id. at 64 (Abstract).
`Patent Owner argues a firewall is insufficient to secure network
`communications. See PO Remand Sur-Reply 14. We do not agree. As noted
`above, the record does not support limiting the claim to such a strict
`application of “secure.”
`Thus, we agree Kiuchi discloses a “secure channel between the client
`and the secure server” because data in Kiuchi’s C-HTTP network is
`encrypted when sent over public segments of the network path and protected
`using firewalls when sent over private segments.9 Pet. Remand Reply 10.
`
`
`9 Though not critical to our conclusion, the testimony of Petitioner’s
`declarant, Dr. Guerin, supports the conclusion that Kiuchi discloses a
`secure network. Ex. 1003 ¶¶ 17, 29 (“Communications between the user
`agent and the client-side proxy as well as those between the original server
`[sic] and the server-side proxy are behind the firewall of their respective
`site, and therefore protected. This, together with the security afforded by
`the encrypted C-HTTP connection over the public communication path
`between the client-side proxy and the server-side proxy, ensures that
`
`18
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`
`4. Additional claims
`As discussed above, Kiuchi discloses the limitations of claim 13.
`Patent Owner does not provide additional arguments in support of claim 14
`with respect to Kiuchi’s disclosures. PO Resp. 25–26; PO Remand Br. 10–
`25. We have reviewed Petitioner’s contentions and determine that, on this
`record, for the reasons given by Petitioner, a preponderance of the evidence
`shows that claim 14 is unpatentable over Kiuchi. See Pet. 35–37.
`
`5. Summary
`Having considered the parties’ evidence and argument, we find that a
`preponderance of the evidence shows that Kiuchi discloses the limitations of
`claims 13 and 14. We find that a preponderance of the evidence does not
`show that Kiuchi discloses the limitations of claims 1 or 7, and therefore that
`Petitioner has not proven unpatentability of claims 1, 2, 6–8, or 12.
`
`C. OBVIOUSNESS OVER KIUCHI AND RESCORLA
`Rescorla is an Internet Draft, a working document of the Internet
`Engineering Task Force that describes “The Secure HyperText Transfer
`Protocol,” or S-HTTP. Ex. 1004, 1. As it describes, “Secure HTTP
`(S-HTTP) provides secure communication mechanisms between an HTTP
`client-server pair.” Id. at 5. Petitioner relies on Rescorla’s description that
`“[s]everal cryptographic message format standards may be incorporated into
`S-HTTP clients and servers” and that “S-HTTP provides full flexibility of
`cryptographic algorithms, modes and parameters.” Pet. 39–40 (quoting
`Ex. 1004 § 1.1).
`
`
`communications between the user agent and the origin server are over a
`secure channel.”) (citation omitted) (citing Ex. 1002, 64).
`
`19
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`
`1. Rescorla qualifies as prior art
`Patent Owner contests Petitioner’s assertions, arguing that Rescorla
`“does not qualify as a printed publication, and thus cannot be used in an
`obvious combination.” PO Remand Sur-Reply 15; accord PO Resp. 41–42.
`According to Patent Owner, “a work is not publicly accessible if the only
`people who know how to find it are the ones who created it.” PO Remand
`Sur-Reply 15–16 (quoting Samsung Elecs. Co. v. Infobridge Pte. Ltd., 929
`F.3d 1363, 1372 (Fed. Cir. 2019)). In Patent Owner’s view, Petitioner has
`not adequately shown that the relevant group knew how to find Rescorla.
`Id.at 16 (“Petitioners introduced no evidence that those outside of the RFC
`development process would have known how to find Rescorla.”). Patent
`Owner asserts that Internet Drafts, while developed for “eventual publication
`as an RFC,” were limited to those developing the draft. Id.
`Petitioner presents adequate evidence of Rescorla’s public
`availability. Reply 19–21; see Samsung Elecs. 929 F.3d at 1374 (“Our cases
`have consistently held that the standard for public accessibility is whether a
`person of ordinary skill in the art could, after exercising reasonable
`diligence, access a reference.”). Resorla’s face indicates a February 1996
`date. Ex. 1004, 1. It states that it is an Internet-Draft, which is a “working
`document[] of the Internet Engineering Task Force (IETF)