Trials@uspto.gov
`571-272-7822
`
`
`Paper 122
`Entered: July 14, 2020
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`THE MANGROVE PARTNERS MASTER FUND, LTD., APPLE INC.,
`and BLACK SWAMP IP, LLC,
`Petitioner,
`
`v.
`
`VIRNETX INC.,
`Patent Owner.
`____________
`
`IPR2015-010471
`Patent 7,490,151 B2
`____________
`
`Before MICHAEL P. TIERNEY, Vice Chief Administrative Patent Judge,
`KARL D. EASTHOM, JASON W. MELVIN, Administrative Patent Judges.
`
`MELVIN, Administrative Patent Judge.
`
`
`
`JUDGMENT
`Final Written Decision on Remand
`Determining All Challenged Claims Unpatentable
`35 U.S.C. §§ 144, 318
`
`
`
`
`
`
`1 Apple Inc. and Black Swamp IP, LLC, which filed petitions in IPR2016-
`00063 and IPR2016-00167, respectively, have been joined as Petitioners in
`this proceeding.
`
`
`571-272-7822
`
`
`Paper 122
`Entered: July 14, 2020
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`THE MANGROVE PARTNERS MASTER FUND, LTD., APPLE INC.,
`and BLACK SWAMP IP, LLC,
`Petitioner,
`
`v.
`
`VIRNETX INC.,
`Patent Owner.
`____________
`
`IPR2015-010471
`Patent 7,490,151 B2
`____________
`
`Before MICHAEL P. TIERNEY, Vice Chief Administrative Patent Judge,
`KARL D. EASTHOM, JASON W. MELVIN, Administrative Patent Judges.
`
`MELVIN, Administrative Patent Judge.
`
`
`
`JUDGMENT
`Final Written Decision on Remand
`Determining All Challenged Claims Unpatentable
`35 U.S.C. §§ 144, 318
`
`
`
`
`
`
`1 Apple Inc. and Black Swamp IP, LLC, which filed petitions in IPR2016-
`00063 and IPR2016-00167, respectively, have been joined as Petitioners in
`this proceeding.
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`
`INTRODUCTION
`I.
`A. BACKGROUND AND SUMMARY
`The Mangrove Partners Master Fund, Ltd., Apple Inc., and Black
`Swamp IP, LLC (collectively, “Petitioner”) requested inter partes review of
`claims 1, 2, 6–8, and 12–14 (the “challenged claims”) of U.S. Patent
`No. 7,490,151 B2 (“the ’151 patent”). Paper 2 (“Pet.”).2 We issued a
`Decision instituting inter partes review. Paper 11 (“Inst. Dec.”).
`After institution, VirnetX Inc. (“Patent Owner”) filed a Patent
`Owner’s Response (Paper 54 (redacted version), “PO Resp.”; Paper 48 (non-
`redacted version)), to which Petitioner replied (Paper 58 (redacted version);
`Paper 56 (non-redacted version), “Pet. Reply”; and Paper 59, “Pet. Separate
`Reply”). Oral argument was conducted on June 30, 2016. Transcripts of that
`argument have been made of record. Paper 79 (“Original Tr.”); see also
`Paper 78. Our Final Written Decision was issued September 9, 2016.
`Paper 80 (“Original Decision”).
`On appeal, the Federal Circuit vacated our Original Decision and
`remanded the case for further proceedings. VirnetX Inc. v. Mangrove
`Partners Master Fund, Ltd., 778 F. App’x 897 (Fed. Cir. 2019). After
`conferring with the parties, we permitted Patent Owner to file a Motion for
`Additional Discovery (Paper 90), to which Petitioner filed an Opposition
`(Paper 91) and Patent Owner filed a Reply (Paper 96). We granted in part
`Patent Owner’s Motion. Paper 97. Patent Owner requested rehearing of our
`decision on its Motion for Additional Discovery (Paper 101), to which
`Petitioner opposed (Paper 102) and Patent Owner replied (Paper 103).
`
`
`2 We consider the Petition filed by The Mangrove Partners Master Fund,
`Ltd., not the similar petitions filed by the joined parties.
`
`2
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`
`We permitted the parties to brief the issues for consideration on
`remand from the Federal Circuit. Petitioner filed a principal brief
`(Paper 104, “Pet. Remand Br.”), Patent Owner filed an opposition
`(Paper 105, “PO Remand Br.”), Petitioner filed a reply (Paper 106, “Pet.
`Remand Reply”), and Patent Owner filed a sur-reply (Paper 107, “PO
`Remand Sur-Reply”). Oral argument was conducted on January 24, 2020,
`and a transcript appears in the record. Paper 115 (“Tr.”).
`This is a final written decision as to the patentability of the challenged
`claims. For the reasons discussed below, we determine that Petitioner has
`shown by a preponderance of the evidence that the challenged claims are
`unpatentable.
`
`B. RELATED MATTERS
`The ’151 patent is at issue in the following civil actions: (i) Civ. Act.
`No. 6:13-cv-00211-LED (E.D. Tex.), filed February 26, 2013; (ii) Civ. Act.
`No. 6:12-cv-00855-LED (E.D. Tex.), filed November 6, 2012; and (iii) Civ.
`Act. No. 6:10-cv-00417-LED (E.D. Tex.), filed August 11, 2010. Pet. 1;
`Paper 8, 11–12.
`The ’151 patent is the subject of Reexamination Control
`Nos. 95/001,697 and 95/001,714. Pet. 1–2; Paper 8, 2–3.
`Petitioner additionally identifies the following:
`
`On January 21, 2020, the Federal Circuit issued its opinion in
`VirnetX Inc. v. Cisco Systems, Inc., No. 2019-1043 (Fed. Cir.
`Jan. 21, 2020), affirming, under Fed. Cir. R. 36, the Board’s
`decisions in Cisco Systems, Inc. v. VirnetX Inc., Control
`No. 95/001,746, Appeal Nos. 2015-007843, 2017-010852,
`2017-010852, each involving related U.S. Patent No. 6,839,759
`and, inter alia, the Kiuchi reference at issue in this proceeding.
`
`3
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`Paper 111.
`Additionally, Patent Owner identifies a number of PTO proceedings
`that involve U.S. Patent No. 6,502,135 (“the ’135 patent”). Paper 8, 4. Of
`particular significance here, the ’135 patent is at issue in IPR2015-01046,
`which has been treated as largely a companion proceeding to the present
`one.
`
`Patent Owner identifies multiple other proceedings involving “patents
`stemming from the same applications that led to the ’151 patent.” Paper 8,
`3–10.
`
`C. THE ’151 PATENT
`The ’151 patent discloses a system and method for automatic creation
`of a virtual private network (VPN) in response to a domain-name server
`look-up function. Ex. 1001, 36:58–60.
`
`ILLUSTRATIVE CLAIMS
`D.
`Claim 1 of the ’151 patent is illustrative of the claimed subject matter
`and is reproduced below:
`1. A data processing device, comprising memory storing a
`domain name server (DNS) proxy module that intercepts
`DNS requests sent by a client and, for each intercepted
`DNS request, performs the steps of:
`(i) determining whether the intercepted DNS request
`corresponds to a secure server;
`(ii) when the intercepted DNS request does not correspond
`to a secure server, forwarding the DNS request to a DNS
`function that returns an IP address of a nonsecure
`computer, and
`(iii) when the intercepted DNS request corresponds to a
`secure server, automatically initiating an encrypted
`channel between the client and the secure server.
`
`4
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`Ex. 1001, 46:55–67.
`
`E. PRIOR ART AND ASSERTED GROUNDS
`Petitioner asserts unpatentability on the following grounds:
`Claims Challenged 35 U.S.C. § Reference(s)
`1, 2, 6–8, 12–14
`102
`Kiuchi3
`
`1, 2, 6–8, 12–14
`
`1, 2, 6–8, 12–14
`
`1, 2, 6–8, 12–14
`
`103
`
`103
`
`103
`
`Kiuchi, Rescorla4
`
`Kiuchi, RFC 10345
`
`Kiuchi, RFC 1034, Rescorla
`
`Pet. 4.
`
`F. CAFC REMAND
`On appeal, the Federal Circuit held that our prior decision “relied on
`only the C-HTTP name server to perform the functions of the DNS proxy
`module.” VirnetX, 778 F. App’x at 906. The Court held that we had not
`identified substantial evidence “that the C-HTTP name server performs the
`functions of the claimed DNS proxy module.” Id. It further noted that we
`“could not have found that the client-side proxy corresponds to the claimed
`‘client’ and is also a part of the DNS proxy module, as the claim makes clear
`that these are separate components.” Id.
`
`
`3 Takahiro Kiuchi and Shigekoto Kaihara, “C-HTTP – The Development of
`a Secure, Closed HTTP-based Network on the Internet,” published by
`IEEE in the Proceedings of SNDSS 1996 (Ex. 1002).
`4 E. Rescorla and A. Schiffman, “The Secure Hypertext Transfer Protocol,”
`Internet Draft (Feb. 1996) (Ex. 1004).
`5 P. Mockapetris, Request for Comment (“RFC”) 1034, “Domain Names–
`Concepts and Facilities,” Nov. 1997 (Ex. 1005).
`
`5
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`
`Regarding how the claimed “client” mapped to Kiuchi’s disclosures,
`the Federal Circuit held that our prior decision had inconsistencies in various
`parts of its analysis. Id. at 907–08. Attempting to resolve that inconsistency,
`the Court held that relying exclusively on Kiuchi’s client-side proxy for the
`claimed “client” would require resolving a claim-construction dispute over
`the meaning of that term. Id. at 908.
`Finally, the Federal Circuit held that we should consider Petitioner’s
`obviousness challenges anew in light of the Court’s decision. Id.
`
`II. ANALYSIS
`A. CLAIM CONSTRUCTION
`In a Board proceeding based on a petition filed before November 13,
`2018, as here, claims in an unexpired patent are interpreted according to
`their broadest-reasonable construction in light of the specification of the
`patent in which they appear. 37 C.F.R. § 42.100(b) (2018); see Cuozzo
`Speed Techs., LLC v. Lee, 136 S. Ct. 2131, 2144–46 (2016).6
`The Federal Circuit held that, “[t]o the extent the Board intended to
`rely exclusively on Kiuchi’s client-side proxy for the claimed ‘client,’” it
`would be necessary to construe the meaning of “client.” VirnetX, 778
`F. App’x at 907–08. The parties dispute that construction, along with the
`construction of “between.”
`
`
`6 A recent amendment to this rule does not apply here because the Petition
`was filed before November 13, 2018. See Changes to the Claim
`Construction Standard for Interpreting Claims in Trial Proceedings Before
`the Patent Trial and Appeal Board, 83 Fed. Reg. 51,340 (Oct. 11, 2018)
`(amending 37 C.F.R. § 42.100(b), effective Nov. 13, 2018) (codified at 37
`C.F.R. § 42.100(b) (2019)).
`
`6
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`
`1. “client”
`As to the proper construction of “client,” Petitioner submits that its
`“anticipation argument does not implicate this issue—there, the user agent is
`the ‘client’” Pet. Remand Br. 6. As noted below, because we find claims 13
`and 14 anticipated by Kiuchi and all claims obvious over Kiuchi and
`Rescorla, we do not reach Petitioner’s obviousness contentions regarding
`RFC 1034. See infra at 28. Construing “client” in this proceeding would
`therefore have no impact on our judgment—it would only influence a
`ground we do not reach. In copending IPR2015-01046, we construe “client
`computer.” See IPR2015-01046, Paper 106. We note here that we would
`reach the same construction for “client” as “client computer” in that
`proceeding, as the parties treat the terms as essentially synonymous.
`Pet. Remand Br. 7 n.2.7
`
`2. “between the client and the secure server”
`Each independent challenged claim includes a phrase requiring an
`element between two points—claims 1 and 7 recite “initiating an encrypted
`channel between the client and the secure server” and claim 13 recites
`“creating a secure channel between the client and the secure server.”
`Patent Owner submits that the district court correctly construed such
`phrases as “extending from [A] to [B].” PO Remand Br. 9–10 (citing
`Ex. 2031, 25–26). Patent Owner notes that construing this term was not
`required for the prior decision in this case, which considered Kiuchi’s client-
`side and server-side proxies as the two relevant endpoints. Id. at 10 n.4.
`
`
`7 In the related proceeding, we construe “client computer” as “user’s
`computer.” IPR2015-01046, Paper 106.
`
`7
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`Petitioner contends that the broadest-reasonable construction applies and
`that we should adopt the construction Patent Owner sought before the
`district court, that “[s]ecurity—i.e., encryption—is only necessary for public
`communication paths for the security objective of the patents to be met
`because security can be inherently present on private portions of the path.”
`Pet. Remand Br. 9–10 (quoting Ex. 1009, 10). According to Petitioner, that
`construction must be consistent with the broadest-reasonable construction
`because Patent Owner offered it to the district court. Id. at 10.
`Petitioner does not offer any substantive basis to adopt a construction
`other than Patent Owner’s proposed construction. The plain and ordinary
`meaning of the claim language supports Patent Owner’s proposed
`construction, and we apply it here—between the client and the secure server
`means extending from the client to the secure server, not simply a piece of
`the way between the two.
`
`B. ANTICIPATION
`Petitioner illustrates its mapping of the claim language to Kiuchi’s
`disclosures using the following annotated version of a diagram appearing in
`Petitioner’s expert declaration of Dr. Guerin:
`
`8
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`
`
`
`Pet. Remand Br. 11 (annotating Ex. 1003 ¶ 24; Pet. 25–37). The annotated
`diagram is not itself evidence, but helps illustrate Petitioner’s contentions.
`Kiuchi discloses systems and methods for facilitating “secure HTTP
`communication mechanisms within a closed group of institutions on the
`Internet, where each member is protected by its own firewall.” Ex. 1002, 64
`(Abstract). It terms its approach C-HTTP, indicating “a closed HTTP
`(Hypertext Transfer Protocol)-based network (C-HTTP).” Id.
`C-HTTP allows a conventional user agent (such as web browser
`software) to request a resource identified in a URL. Id. at 65 (§ 2.3). A
`client-side proxy intercepts all such resource requests made by a user agent.
`Id. (“A client-side proxy behaves as an HTTP/1.0 compatible proxy, and it
`should be specified as a proxy server for external (outside the firewall)
`access in each user agent within the firewall.”). The “client-side proxy asks
`
`9
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`the C-HTTP name server whether it can communicate with the host
`specified in a given URL.” Id. “If the connection is permitted, the C-HTTP
`name server sends the IP address and public key of the server-side proxy” to
`the client-side proxy. Id. If, on the other hand, connection from the client-
`side proxy to the appropriate server-side proxy is not permitted, the C-HTTP
`name server sends the client-side proxy a status code that indicates an error.
`Id. In that event, the client-side proxy “performs DNS lookup, behaving like
`an ordinary HTTP/1.0 proxy.” Id.
`When connection is permitted, the client-side proxy and server-side
`proxy negotiate details and establish an encrypted connection between them,
`over which the user agent’s request is passed. Id. at 66. The “server-side
`proxy communicates with an origin server inside the firewall” such that,
`“[f]rom the view of the user agent or client-side proxy, all resources appear
`to be located in a server-side proxy on the firewall.” Id.
`Petitioner asserts that Kiuchi’s user agent, acting as the claimed client,
`generates a request for content corresponding to a hostname in a URL. Pet.
`Remand Br. 10 (citing Pet. 25–28); see also id. at 6 (“Petitioners’
`anticipation argument does not implicate this issue—there, the user agent is
`the ‘client.’”).
`Petitioner asserts that Kiuchi discloses “determining whether the
`intercepted DNS request corresponds to a secure server.” Kiuchi’s client-
`side proxy intercepts a user agent’s requests and uses the C-HTTP name
`server to determine whether requested content corresponds to an origin
`server reachable through a server-side proxy. Id. (citing Pet. 28–29). Thus,
`Petitioner asserts that the client-side proxy, working with the C-HTTP name
`server, acts as the claimed DNS proxy module. Id.; Pet. 25 (citing Ex. 1003
`
`10
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`¶¶ 18, 20–21) (“client-side proxy – working in concert with the C-HTTP
`name server – is a domain name server (DNS) proxy module that intercepts
`DNS requests sent by a user agent acting as a client”).
`Petitioner asserts that Kiuchi discloses “when the intercepted DNS
`request corresponds to a secure server, . . . automatically initiating an
`encrypted channel between the client and the secure server.” If the requested
`content corresponds to a server-side proxy and origin server, Kiuchi’s client-
`side proxy establishes a connection with the origin server through the server-
`side proxy. Pet. Remand Br. 10–12 (citing Pet. 29–32).
`Petitioner asserts that Kiuchi discloses “when the intercepted DNS
`request does not correspond to a secure server, forwarding the DNS request
`to a DNS function that returns an IP address of a nonsecure computer.” If the
`requested content does not require such a connection, the client-side proxy
`forwards the request to a conventional DNS server for resolution. Id. at 10–
`13.
`
`Patent Owner disputes several aspects of Petitioner’s contentions.
`
`1. Kiuchi discloses “forwarding the DNS request to a DNS function”
`When Kiuchi’s client-side proxy (which, together with the C-HTTP
`name server, maps to the claimed “DNS proxy module”) receives an error
`response from the C-HTTP name server (indicating the client’s request does
`not correspond to a secure server) it “performs DNS lookup, behaving like
`an ordinary HTTP/1.0 proxy.” 1002, 65 (§ 2.3). Petitioner submits that
`Kiuchi therefore discloses “when the intercepted DNS request does not
`correspond to a secure server, forwarding the DNS request to a DNS
`function that returns an IP address of a nonsecure computer.” Pet. 29–30
`(quoting Ex. 1002, 65 (§ 2.3)).
`
`11
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`
`Patent Owner challenges that conclusion, arguing that “there is no
`disclosure of any forwarding of the DNS request to a DNS function.” PO
`Remand Br. 14. In that regard, Patent Owner relies on a statement by the
`Federal Circuit that Kiuchi’s C-HTTP name server does not, alone, meet the
`claim requirement. VirnetX, 778 F. App’x at 906–07. Because the Court was
`not addressing functionality of the combined client-side proxy and C-HTTP
`name server, this statement does not undermine Petitioner’s asserted
`combination on which we rely. Indeed, the client-side proxy alone forwards
`the DNS request to a DNS function when it determines (in conjunction with
`the C-HTTP name server) that the request does not correspond to a secure
`server.
`Patent Owner argues also that simply accessing a DNS function falls
`short of forwarding a received DNS request to a DNS function, making the
`distinction between generating a new request and forwarding a received
`request. PO Remand Sur-Reply Br. 11–12. In Patent Owner’s view, Kiuchi
`is silent on the details of the interaction and thus cannot anticipate the
`challenged claims. Id. We do not agree, because Kiuchi’s statement that the
`client-side proxy behaves “like an ordinary HTTP/1.0 proxy” to perform
`DNS lookup indicates that the client-side proxy passes on a request already
`received.
`Moreover, continues Patent Owner, to the extent Kiuchi addresses the
`issue, it explains that it uses C-HTTP name service “instead of DNS.” Id. at
`12 (quoting Ex. 1002, 7 (“In a C-HTTP-based network, instead of DNS, a C-
`HTTP based secure, encrypted name and certification service is used.”)). We
`do not agree. Kiuchi’s statement that it uses its C-HTTP name service
`instead of DNS does not mean all aspects of Kiuchi’s system use a different
`
`12
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`format from DNS. Rather, the client-side proxy handling all “external
`(outside the firewall) access” for user agents within the firewall is consistent
`with Kiuchi’s user agents using standard DNS-formatted requests. Ex. 1002,
`65 (§ 2.3); see Ex. 1003 ¶ 22 (citing Ex. 1002, 65 (§ 2.3)). Moreover, the
`format of Kiuchi’s C-HTTP requests is not at issue because the claim
`limitation relates to requests for resources outside the secure system—those
`for which the C-HTTP name server returns an error. See Ex. 1002, 66
`(§ 2.3). In such cases, Kiuchi’s client-side proxy “performs DNS lookup,
`behaving like an ordinary HTTP/1.0 proxy.” Id. at 65 (§ 2.3). Kiuchi further
`indicates that nonsecure requests use standard DNS, as it discloses that an
`alternative service “is used for the C-HTTP-based network,” not for all
`requests. Id. at 64 (§ 2.1).
`We find that the claim language reads on Kiuchi’s disclosure of the
`client-side proxy “behaving like an ordinary HTTP/1.0 proxy” to perform a
`DNS lookup. As Petitioner points out, Kiuchi’s client-side proxy receives
`from the client (user agent) a request that contains a URL specifying a
`hostname. Ex. 1002, 65 (§ 2.3); Pet. 25–28; Pet. Remand Br. 10. Behaving
`like an ordinary proxy to perform the DNS lookup means that the client-side
`proxy will send the DNS request to a public DNS server. Pet. 30 (citing
`Ex. 1003 ¶ 23; Ex. 1002, 65 (§ 2.3)). Against the evidence supporting
`Kiuchi’s operation for nonsecure connections, Patent Owner has not shown
`that Kiuchi’s client-side proxy in any way reformats or restructures requests
`from the user agent.
`Accordingly, based on a preponderance of the evidence, we find
`Kiuchi discloses “when the intercepted DNS request does not correspond to
`
`13
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`a secure server, forwarding the DNS request to a DNS function,” as recited
`in independent claims 1, 7, and 13.
`
`2. Kiuchi discloses “determining whether the intercepted DNS request
`corresponds to a secure server”
`Petitioner asserts that Kiuchi’s client-side proxy and C-HTTP name
`server, acting together, determine whether the intercepted DNS request
`corresponds to a secure server. Reply 8–9. That argument is consistent with
`the Petition’s assertion that Kiuchi’s client-side proxy makes the
`determination “by asking ‘the C-HTTP name server whether it can
`communicate with the host specified in a given URL.’” Pet. 28–29 (quoting
`Ex. 1002, 65 (§ 2.3); citing Ex. 1003 ¶¶ 23–24, 26). Patent Owner
`challenges Petitioner’s mapping, arguing that Petitioner relies on the C-
`HTTP name server alone and that its operation cannot be “imputed to the
`client-side proxy.” PO Remand Br. 14–15.
`Petitioner’s mapping of the claimed functionality to two devices in
`Kiuchi is consistent with the ’151 patent’s description. The Specification
`discloses that functionality may be located in a single computer or may
`instead by distributed among multiple computers. See Ex. 1001, 38:30–50
`(“DNS proxy 2610 returns to user computer 2601 the resolved address
`passed to it by the gatekeeper . . . . Gatekeeper 2603 can be implemented on
`a separate computer (as shown in FIG 25) or as a function within modified
`DNS server 2602. . . . It will be appreciated that the functions of DNS proxy
`2610 and DNS server 2609 can be combined into a single server for
`convenience. . . . [A] check [whether the user is authorized to connect to the
`secure host] can be made by communicating with gatekeeper 2603 . . . .”),
`Fig. 26.
`
`14
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`
`Patent Owner disputes such reliance on the specification, arguing the
`specification’s flexibility relates only to “a determination of whether a user
`has sufficient authorization,” not to “whether the intercepted request
`corresponds to a secure host.” PO Remand Sur-Reply 13. The Specification
`is not so constrained. When discussing how the DNS proxy “determines
`whether access to a secure site has been requested,” it discloses that the
`determination may be made “for example, by a domain name extension, or
`by reference to an internal table of such sites.” Ex. 1001, 37:60–65. The use
`of “for example,” along with the flexible description of various DNS proxy,
`DNS server, and gatekeeper functions noted above, supports that the claims
`are not limited to a particular arrangement of hardware. Kiuchi’s client-side
`proxy using information returned from the C-HTTP name server is
`consistent with the ’151 patent’s description.
`Further, in Petitioner’s mapping of the claim language to Kiuchi’s
`disclosures, Petitioner does not rely on the C-HTTP name server as
`performing any other aspect of the claims. See Pet. 25–32; Pet. Remand
`Br. 10–13. Thus, Petitioner does not attempt to use the C-HTTP name server
`as an element corresponding to multiple claim limitations. See VirnetX, 778
`Fed. App’x at 906 (“The Board could not have found that the client-side
`proxy corresponds to the claimed ‘client’ and is also a part of the DNS proxy
`module, as the claim makes clear that these are separate components.”).
`Accordingly, based on a preponderance of the evidence, we find
`Kiuchi discloses its client-side proxy acting with the C-HTTP name server
`as the claimed DNS proxy module “determining whether the intercepted
`
`15
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`DNS request corresponds to a secure server,” as recited in independent
`claims 1, 7, and 13.8
`
`3. Kiuchi discloses “a secure channel
`between the client and the secure server”
`but not “an encrypted channel . . .”
`Petitioner asserts that, when the user agent requests a resource on an
`available origin server, “the client-side proxy initiates an encrypted channel
`on public communication paths between the user agent and the origin server
`(i.e., the communication path over the Internet between the client-side proxy
`and the server-side proxy).” Pet. 31 (citing Ex. 1003 ¶¶ 28, 31). Petitioner
`does not assert, however, that Kiuchi discloses an encrypted connection
`between its user agent and client-side proxy. See PO Remand Br. 15–16.
`As Patent Owner argues, an encrypted channel between only the
`client-side and server-side proxies does not satisfy the requirement of claims
`1 and 7 for an encrypted channel between the client and the secure server.
`Based on the ordinary meaning of the claimed “between” phrases in
`claims 1 and 7, we agree with Patent Owner that Kiuchi does not disclose
`encryption extending from the user agent to either the server-side proxy or
`the origin server. PO Remand Sur-Reply Br. 14; see supra at 8.
`We reach a different conclusion, however, for claim 13, which
`requires only a “secure” connection rather than the “encrypted” connection
`of claims 1 and 7. The Petition relies on Kiuchi’s disclosure of encrypting C-
`HTTP connections between client-side and server-side proxies. Pet. 34
`(citing Ex. 1002, 64 (Abstract), 65). It is undisputed that the link between
`
`
`8 The variation in claim 13’s language for this limitation does not affect our
`analysis.
`
`16
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`Kiuchi’s client-side proxy and server-side proxy is encrypted, and thus
`secure. Patent Owner disputes whether Petitioner has adequately shown that
`communications between the user agent and client-side proxy or
`communications between the server-side proxy and origin server are secure.
`The Petition asserts that when a server-side proxy receives a request
`for connection, it “verifies that the client-side proxy is a member of the
`closed network.” Pet. 34 (citing Ex. 1002, 65 (§§ 2.2, 2.3); Ex. 1003 ¶¶ 26–
`28). Further, the Petition points out that Kiuchi permits secure
`communication “within a closed group of institutions on the Internet, where
`each member is protected by its own firewall.” Id. at 17 (citing Ex. 1002, 64
`(Abstract)); accord Tr. 6:9–11; see also Pet. 25 (showing Kiuchi’s “C-HTTP
`connection ‘provides [a] secure HTTP communication mechanisms’ in
`which communications over the C-HTTP connection are encrypted.”
`(quoting Ex. 1002, 64–66)).
`Beyond Kiuchi’s disclosures, Petitioner relies on the Federal Circuit’s
`recognition in an earlier case that Patent Owner’s “expert testified that one
`of ordinary skill would understand that the path extending from the VPN
`server to the target computer, i.e., within the private network, would be
`secure and anonymous owing to protection provided by the private
`network.” VirnetX, Inc. v. Cisco Sys., Inc., 767 F.3d 1308, 1321
`(Fed. Cir. 2014); see Pet. Remand Reply 17–18; Tr. 6:12–19. Patent Owner
`contests such reliance, pointing out that its expert testified the accused
`network was secure both because it had a firewall and because it had “been
`physically secured.” PO Remand Sur-Reply 14 (quoting VirnetX, 767 F.3d at
`1321).
`
`17
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`
`We find that a preponderance of the evidence shows that Kiuchi
`discloses “a secure channel between the client and the secure server.” The
`Specification states that “[i]t is desired for the communications to be secure,
`that is, immune to eavesdropping.” Ex. 1001, 1:34–35. Based on that
`disclosure, we understand “secure” to be used consistently with its plain and
`ordinary meaning, rather than imparting some particularized meaning.
`Kiuchi discloses that “in-hospital networks are usually protected using
`a dual home gateway and packet filter (firewall) and the Internet can only be
`accessed through proxies on the firewalls.” Ex. 1002, 67 (§ 4.2). Further,
`Kiuchi discloses that it “provides secure HTTP communication mechanisms
`within a closed group of institutions on the Internet, where each member is
`protected by its own firewall.” Id. at 64 (Abstract).
`Patent Owner argues a firewall is insufficient to secure network
`communications. See PO Remand Sur-Reply 14. We do not agree. As noted
`above, the record does not support limiting the claim to such a strict
`application of “secure.”
`Thus, we agree Kiuchi discloses a “secure channel between the client
`and the secure server” because data in Kiuchi’s C-HTTP network is
`encrypted when sent over public segments of the network path and protected
`using firewalls when sent over private segments.9 Pet. Remand Reply 10.
`
`
`9 Though not critical to our conclusion, the testimony of Petitioner’s
`declarant, Dr. Guerin, supports the conclusion that Kiuchi discloses a
`secure network. Ex. 1003 ¶¶ 17, 29 (“Communications between the user
`agent and the client-side proxy as well as those between the original server
`[sic] and the server-side proxy are behind the firewall of their respective
`site, and therefore protected. This, together with the security afforded by
`the encrypted C-HTTP connection over the public communication path
`between the client-side proxy and the server-side proxy, ensures that
`
`18
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`
`4. Additional claims
`As discussed above, Kiuchi discloses the limitations of claim 13.
`Patent Owner does not provide additional arguments in support of claim 14
`with respect to Kiuchi’s disclosures. PO Resp. 25–26; PO Remand Br. 10–
`25. We have reviewed Petitioner’s contentions and determine that, on this
`record, for the reasons given by Petitioner, a preponderance of the evidence
`shows that claim 14 is unpatentable over Kiuchi. See Pet. 35–37.
`
`5. Summary
`Having considered the parties’ evidence and argument, we find that a
`preponderance of the evidence shows that Kiuchi discloses the limitations of
`claims 13 and 14. We find that a preponderance of the evidence does not
`show that Kiuchi discloses the limitations of claims 1 or 7, and therefore that
`Petitioner has not proven unpatentability of claims 1, 2, 6–8, or 12.
`
`C. OBVIOUSNESS OVER KIUCHI AND RESCORLA
`Rescorla is an Internet Draft, a working document of the Internet
`Engineering Task Force that describes “The Secure HyperText Transfer
`Protocol,” or S-HTTP. Ex. 1004, 1. As it describes, “Secure HTTP
`(S-HTTP) provides secure communication mechanisms between an HTTP
`client-server pair.” Id. at 5. Petitioner relies on Rescorla’s description that
`“[s]everal cryptographic message format standards may be incorporated into
`S-HTTP clients and servers” and that “S-HTTP provides full flexibility of
`cryptographic algorithms, modes and parameters.” Pet. 39–40 (quoting
`Ex. 1004 § 1.1).
`
`
`communications between the user agent and the origin server are over a
`secure channel.”) (citation omitted) (citing Ex. 1002, 64).
`
`19
`
`
`
`IPR2015-01047
`Patent 7,490,151 B2
`
`
`1. Rescorla qualifies as prior art
`Patent Owner contests Petitioner’s assertions, arguing that Rescorla
`“does not qualify as a printed publication, and thus cannot be used in an
`obvious combination.” PO Remand Sur-Reply 15; accord PO Resp. 41–42.
`According to Patent Owner, “a work is not publicly accessible if the only
`people who know how to find it are the ones who created it.” PO Remand
`Sur-Reply 15–16 (quoting Samsung Elecs. Co. v. Infobridge Pte. Ltd., 929
`F.3d 1363, 1372 (Fed. Cir. 2019)). In Patent Owner’s view, Petitioner has
`not adequately shown that the relevant group knew how to find Rescorla.
`Id.at 16 (“Petitioners introduced no evidence that those outside of the RFC
`development process would have known how to find Rescorla.”). Patent
`Owner asserts that Internet Drafts, while developed for “eventual publication
`as an RFC,” were limited to those developing the draft. Id.
`Petitioner presents adequate evidence of Rescorla’s public
`availability. Reply 19–21; see Samsung Elecs. 929 F.3d at 1374 (“Our cases
`have consistently held that the standard for public accessibility is whether a
`person of ordinary skill in the art could, after exercising reasonable
`diligence, access a reference.”). Resorla’s face indicates a February 1996
`date. Ex. 1004, 1. It states that it is an Internet-Draft, which is a “working
`document[] of the Internet Engineering Task Force (IETF)
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
