IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`In re Application of:
`
`A Larson ct al.
`
`Application Serial No.:
`
`11/839,987
`
`August 1.6, 2007
`
`METHOD FOR ESTABLISHING SECURE COMlVlUNICA'li‘ION
`LINK BETWEI-.*lN COMPUTERS OF VIRTUAL PRIVATE
`NETWORK
`-
`
`Lim, Krisna
`
`2453
`
`9470
`
`077580-0066 (VRNK—lCP2D\/CN2)
`
`
`Filing Date:
`
`Title:
`
`Examiner:
`
`Art Unit:
`
`Confirmation No;
`
`Atty. Docket No.:
`
`Mail Stop Amendment
`Commissioner for Patents
`PO. Box 1450
`
`Alexandria, VA 22313-1450
`
`RESPONSE
`
`In response to the non—final Office Action mailed July 8, 2010 (“the Office Action”),
`
`please amend the above—identified application as follows:
`Remarks, beginning on page 2 of this paper.
`
`1of12
`
`VIRNETX EXHIBIT 2006
`
`Apple V. Vi1'netX
`IPR20l6-00331
`
`VIRNETX EXHIBIT 2006
`Apple v. VirnetX
`IPR2016-00331
`
`

`
`Serial No.: 11/839,987
`
`Response to June 8, 2010 Office Action
`
`Applicant appreciates the Examiner’s examination of the subject application. Claims 1-
`
`Remarks
`
`18 are currently pending.
`
`In the Office Action, the Examiner has rejected Claims 1-18 under 35 U.S.C. § 103(a), as
`
`being unpatentable over VPN Overview and Aventail Connect V 3.1/V2.6 Administrator’s Guide
`
`(“Aventail”). The Examiner rejected claims 1-18 on the ground of nonstatutory obviousness-
`
`type double patenting as being unpatentable over claims 2-23 of co—pending Application No.
`
`1 1/679,416.
`
`Applicant respectfully traverses the outstanding objection and rejections and requests
`
`reconsideration of the subject application in light of the foregoing amendments and the following
`
`remarks.
`
`Patentability under 35 U.S. C. § 103
`
`The Examiner has rejected Claims 1-18 under 35 U.S.C. § 103(a), as being unpatentable
`
`over VPN Overview and Aventail. These rejections are respectfully traversed, and
`
`reconsideration and withdrawal of these rejections are respectfully requested.
`
`Independent claim 1 recites the following:
`
`A method of accessing a secure network address, comprising:
`sending a query message from a first network device to a secure domain
`service, the query message requesting from the secure domain service a secure
`network address for a second network device;
`
`receiving at the first network device a response message from the secure
`domain name service containing the secure network address for the second
`network device; and
`
`sending an access request message from the first network device to the
`secure network address using a virtual private network communication link.
`
`(emphasis added).
`
`2ofl2
`
`2 of 12
`
`

`
`Serial No.: 11/839,987
`
`Response to June 8, 2010 Office Action
`
`As a preliminary matter, neither Aventail nor VPN Overview have been shown to be
`
`prior art to all claims in the present application, including claim 1. Aventail is not prior art
`
`because the present application claims priority to U.S. Patent Nos. 6,502,135 (hereinafter “the
`
`‘135 patent”) and 7,188,180 (hereinafter “the ‘180 patent”). The ‘135 and ‘180 Patents have
`
`been subject to an inter partes reexamination proceedings, Control Nos. 95/001,269 (hereinafter
`
`“the ‘269 Reexam”) and 95/001,270 (hereinafter “the ‘270 Reexam”), respectively. In both
`
`Reexams, the USPTO determined that “Aventail cannot be relied upon as prior art to the
`
`[patents].” See Reexamination Control No. 95/001,269, Action Closing Prosecution, June 16,
`
`2010, attached as Exhibit A, and Reexamination Control No. 95/001,270, Action Closing
`
`Prosecution, June 16, 2010, attached as Exhibit B. This determination was soundly based on the
`
`fact that no evidence was found that established Aventail’ s publication date.
`
`Indeed, Aventail’s identification of a copyright date range of 1996 — 1999 is not
`
`equivalent to a publication date. The distinction between a publication date and a copyright date
`
`is critical. To establish a date of publication, the reference must be shown to have “been
`
`disseminated or otherwise made available to the extent that persons interested and ordinarily
`
`skilled in the subject matter or art, exercising reasonable diligence, can locate it.” In re Wyre,
`
`655 F.2d 221 (C.C.P.A. 1981). Aventail, on its face, provides “© 1996-1999 Aventail
`
`Corporation.” The copyright date does not meet this standard. Unlike a publication date, a
`
`copyright date merely establishes “the date that the document was created or printed.”
`
`Hilgraeve, Inc. v. Symantec Corp., 271 F. Supp. 2d 964, 975 (E.D. Mich. 2003).
`
`Presuming the author of the document accurately represented the date the document was
`
`created, this creation date is not evidence of any sort of publication or dissemination. Without
`
`3ofl2
`
`3 of 12
`
`

`
`Serial No.: 11/839,987
`
`Response to June 8, 2010 Office Action
`
`more, this bald assertion of the creation of the document does not meet the “publication”
`
`standard required for a document to be relied upon as prior art.
`
`Further exacerbating matters is the filing date of the ‘135 Patent: February 15, 2000.
`
`Suppose the relied upon sections of the Aventail reference were created on December 31, 1999,
`
`and the copyright date range were accordingly amended to read “1996—1999.” Under these
`
`circumstances, it is possible that the document, although created, was not made publicly
`
`available until after the filing date of the ‘135 Patent, six weeks after creation. Under these
`
`circumstances, Aventail clearly would not be eligible to be relied upon as prior art to the ‘135
`
`Patent.
`
`As an aside, the Applicant notes that the present assignee (VimetX Inc.) and its
`
`prosecution counsel have been accused of inequitable conduct during the ‘269 Reexam in a
`
`litigation proceeding, VirnetX Inc. v. Cisco Systems, Inc., et al., United States District Court for
`
`the Eastern District of Texas, Tyler Division, Case No. 6:10—cv—417. Exhibits C—E. In its
`
`Original Answer, Affirmative Defenses, and Counterclaims to the Vimetx’s Original Complaint,
`
`the Defendant Apple Inc. (“Apple”) alleges that evidence of Aventail’s publication as early as
`
`June 1999 was presented in a different trial involving Microsoft Corporation. Exhibit C at ‘H 23
`
`(p. 14). Apple further alleges that “VimetX was aware that the Aventail reference may have
`
`been published at least as early as June 1999.” Exhibit C at ‘H 23. Defendants Aastra
`
`Technologies Limited and Aastra USA Inc. (“Aastra”) have made similar allegations in their
`
`responsive pleadings. Exhibit D at ‘H 86 (p. 19); Exhibit E at ‘H 86 (p. 19). To the contrary, the
`
`applicants are unaware of evidence establishing Aventail’s publication date, and specifically are
`
`unaware of the June 1999 publication date alleged by Apple and Aastra in their pleadings. The
`
`trial transcript from the Microsoft trial does not discuss anything about a publication date for the
`
`4ofl2
`
`4 of 12
`
`

`
`Serial No.: 11/839,987
`
`Response to June 8, 2010 Office Action
`
`Aventail reference. Exhibit F. While the trial transcript references the Aventail product, it does
`
`not mention anything about a publication date. See e. g. Exhibit F-2, pp. 112, 146; Exhibit F-3,
`
`pp. 115, 119-20; Exhibit F-10 pp. 21-40; Exhibit F-11, pp. 21-32, 120-150. The deposition of
`
`Gary Tomlinson (former employee of Aventail) taken during discovery prior to the Microsoft
`
`trial is inconclusive, at best. Exhibit H at pp. 33-36. Thus, although an allegation of knowledge
`
`has been made by a third party, the applicants, the assignee and applicants’ prosecution counsel
`
`have not had and do not have such knowledge. To be sure, the applicants will notify the USPTO
`
`immediately if it becomes aware of evidence of Aventail’s publication date.
`
`VPN Overview has also not been shown to be prior art. On its face, VPN Overview only
`
`provides that it was copyrighted in 1998. VPN Overview at 2. Further, the reference identifies
`
`itself as being nothing more than a draft. VPN Overview at 1 (Stating the following: “White
`
`Paper — DRAFT”). The lack of a publication date in conjunction with the document’s status as a
`
`draft fail to evidence that VPN Overview is prior art to the present application.
`
`Assuming arguendo, that Q of these references are prior art to the present application,
`
`neither VPN Overview nor Aventail, alone or in combination, are understood to disclose or
`
`suggest the features of claim 1, particularly with respect to at least the features of “a Virtual
`
`private network communication link,” “a s(=,(:ju1‘(=, domain name service” and aE computer
`
`network address.”
`
`Aventail’s and VPN Overview’s disclosures were summarized in the Declaration of
`
`Professor Jason Nieh in support of the ‘270 Reexam. Reexamination Control No. 95/001,270,
`
`Declaration of Jason Nieh, Ph.D., Pursuant to 37 C.F.R. § 1.132, April 19, 2010, attached as
`
`Exhibit G (hereinafter “Nieh Decl.”). The Nieh Decl. is cited herein to characterize the cited
`
`references and their deficiencies.
`
`5ofl2
`
`5 of 12
`
`

`
`Serial No.: 11/839,987
`
`Response to June 8, 2010 Office Action
`
`Aventail discloses a system and architecture for transmitting data between two
`
`computers using the SOCKS protocol. Nieh Decl. at ‘H 14. The system routes certain, predefined
`
`network traffic from a WinSock (Windows sockets) application to an extranet (SOCKS) server,
`
`possibly through successive servers. Aventail at 7; Nieh Decl. at ‘H 14. Upon receipt of the
`
`network traffic, the SOCKS server then transmits the network traffic to the Internet or external
`
`network. Aventail at 7; Nieh Decl. at ‘H 14. Aventail’s disclosure is limited to connections
`
`created at the socket layer of the network architecture. Nieh Decl. at ‘H 14.
`
`In operation, a component of the Aventail Connect software described in the reference
`
`resides between WinSock and the underlying TCP/1P stack. See Aventail at 9; Nieh Decl. at ‘H
`
`15. The Aventail Connect software intercepts all connection requests from the user, and
`
`determines whether each request matches local, preset criteria for redirection to a SOCKS server.
`
`See Aventail at 10; Nieh Decl. at ‘H 15. If redirection is appropriate, then Aventail Connect
`
`creates a false DNS entry to return to the requesting application. See Aventail at 12; Nieh Decl.
`
`at ‘H 16. Aventail discloses that Aventail Connect then forwards the destination hostname to the
`
`eXtranet SOCK server over a SOCKS connection. See Aventail at 12; Nieh Decl. at ‘H 16. The
`
`SOCKS server performs the hostname resolution. Aventail at 12; Nieh Decl. at ‘H 17. Once the
`
`hostname is resolved, the user can transmit data over a SOCKS connection to the SOCKS server.
`
`Nieh Decl. at ‘H 17. The SOCKS server, then, separately relays that transmitted data to the target.
`
`Nieh Decl. at ‘H 17.
`
`Aventail does not teach a VPN. In fact, the system disclosed in Aventail is incompatible
`
`with a VPN, and one skilled in the art would be unable to combine the two. These assertions are
`
`true for at least three reasons. First, Aventail has not been shown to demonstrate that computers
`
`connected via the Aventail system are able to communicate with each other as though they were
`
`6ofl2
`
`-6-
`
`6 of 12
`
`

`
`Serial No.: 11/839,987
`
`Response to June 8, 2010 Office Action
`
`on the same network. Id. at ‘H 25. Aventail discloses establishing point—to—point SOCKS
`
`connections between a client computer and a SOCKS server. Id. The SOCKS server then relays
`
`data received to the intended target. Id. Aventail does not disclose a VPN, where data can be
`
`addressed to one or more different computers across the network, regardless of the location of
`
`the computer. Id.
`
`For example, suppose two computers, A and B, reside on a public network. Id. at ‘H 26.
`
`Further, suppose two computers, X and Y, reside on a private network. Id. If A establishes a
`
`VPN connection with X and Y’s network to address data to X, and B separately establishes a
`
`VPN connection with X and Y’s network to address data to Y, then A would nevertheless be able
`
`to address data to B, X, and Y without additional set up. Id. This is true because A, B, X, and Y
`
`would all be a part of the same VPN. Id.
`
`In contrast, suppose, according to Aventail, which only discloses communications at the
`
`socket layer, A establishes a SOCKS connection with a SOCKS server for relaying data to X,
`
`and B separately establishes a SOCKS connection with the SOCKS server for relaying data to Y.
`
`Id. at ‘H 27. In this situation, not only would A be unable to address data to Y without
`
`establishing a separate SOCKS connection (i. e. a VPN according to the Office Action), but A
`
`would be unable to address data to B over a secure connection. Id. This is one example of how
`
`the cited portions of Aventail fail to disclose a VPN. Id.
`
`Second, according to Aventail, Aventail Connect’s fundamental operation is
`
`incompatible with users transmitting data that are sensitive to network information. Id. at ‘H 28.
`
`As stated above, Aventail discloses that Aventail Connect operates between the WinSock and
`
`TCP/IP layers, as depicted on page 9:
`
`7ofl2
`
`7 of 12
`
`

`
`Serial No.: 11/839,987
`
`Response to June 8, 2010 Office Action
`
`'v\-indx;x\-*»::- TCFWF’ éuppli-:2-3t:v;m
`‘
`:"-
`r:.i1h::.r ‘.~"
`
`
`
`
`
`(‘Aventail Connect
`
`itagrered Service Prfiruider) §
`‘
`_
`
`x
`
`Aventail at 9; id. Because Aventail discloses that Aventail Connect operates between these
`
`layers, it can intercept DNS requests. Nieh Dec. at ‘H 28. Aventail discloses that Aventail
`
`Connect intercepts certain DNS requests, and returns a false DNS response to the user if the
`
`requested hostname matches a hostname on a user—defined list. Id. Accordingly, Aventail
`
`discloses that the user will receive false network information from Aventail Connect for these
`
`hostnames. Id. If the client computer hopes to transfer to the target data that is sensitive to
`
`network information, Aventail Connect’s falsification of the network information would prevent
`
`the correct transfer of data. Id. Aventail has not been shown to disclose a VPN.
`
`Third, Aventail has not been shown to disclose a VPN because computers connected
`
`according to Aventail do not communicate directly with each other. Id. at ‘H 29. Aventail
`
`discloses a system where a client on a public network transmits data to a SOCKS server via a
`
`singular, point—to—point SOCKS connection at the socket layer of the network architecture. Id.
`
`The SOCKS server then relays that data to a target computer on a private network on which the
`
`SOCKS server also resides. Id. All communications between the client and target stop and start
`
`8ofl2
`
`-3-
`
`8 of 12
`
`

`
`Serial No.: 11/839,987
`
`Response to June 8, 2010 Office Action
`
`at the intermediate SOCKS server. Id. The client cannot open a connection with the target itself.
`
`Therefore, one skilled in the art would not have considered the client and target to be virtually on
`
`the same private network. Id. Instead, the client computer and target computer are deliberately
`
`separated by the intermediate SOCKS server. Id. For these reasons, Aventail not only fails to
`
`disclose a VPN, but it discloses a system that is inherently incompatible with a VPN.
`
`Dr. Nieh also summarized VPN Overview in his declaration. VPN Overview provides an
`
`overview of VPNs, describing their basic requirements, and some of the key technologies that
`
`permit private networking over public networks. See, VPN Overview at Abstract; Nieh Dec. at ‘H
`
`30. As described above, Aventail is inherently incompatible with a VPN. Thus, one skilled in
`
`the art would be unable to implement the system disclosed in VPN Overview on the system
`
`disclosed in Aventail. The two references cannot be combined in the manner suggested in the
`
`Office Action of June 9, 2010, even if the references were prior art to the present application.
`
`Accordingly, VPN Overview and Aventail, either alone or in combination, are not understood to
`
`disclose, teach, or suggest the features of independent claim 1.
`
`Moreover, neither Aventail nor VPN Overview teach or disclose “a secure domain name
`
`service” and a “secure computer network address.” Both Aventail and VPN Overview disclose
`
`conventional domain name services and computer network addresses, but not “a secure domain
`
`name” or “a secure computer network address.” See Office Action at 3. Indeed, in
`
`reexamination of a patent to which the current application claims priority, the Patent Office
`
`found that neither Aventail nor VPN Overview teach or disclose “a secure domain name
`
`service.” Reexamination Control No. 95/001,270, Action Closing Prosecution, June 16, 2010,
`
`attached as Exhibit B, at ‘M 6-7 and 9-10. (“Aventail does not teach the claimed .
`
`.
`
`. secure
`
`domain name service .
`
`.
`
`. as being a part of a non—conventional domain name system;” “VPN
`
`9ofl2
`
`-9-
`
`9 of 12
`
`

`
`Serial No.: 11/839,987
`
`Response to June 8, 2010 Office Action
`
`Overview [does not] teach the claimed .
`
`.
`
`. secure domain name service .
`
`.
`
`. as being a part of a
`
`non—conventional domain name system.” Paragraphs [0303] — [0306] of the application also
`
`support the distinction that “a secure domain name” and “a secure computer network address”
`
`are not conventional domain name services and computer network addresses. See also Nieh Dec.
`
`at ‘H 10-13.
`
`For all these reasons, Applicant respectfully submits that neither Aventail nor VPN
`
`Overview teach or disclose the elements of independent claim 1. Applicant respectfully submits
`
`that claim 1 is in condition for allowance. Reconsideration and withdrawal of the rejection of
`
`independent claim 1 is respectfully requested.
`
`The other claims currently under consideration in the application are dependent from
`
`their respective independent claims discussed above and therefore are believed to be allowable
`
`over the applied references for at least the reasons provided above for their respective
`
`independent claims. Because each dependent claim is deemed to define an additional aspect of
`
`the invention, the individual consideration of each on its own merits is respectfully requested.
`
`Reconsideration and withdrawal of the rejections of the dependent claims are respectfully
`
`requested.
`
`The absence of a reply to a specific rejection, issue, or comment does not signify
`
`agreement with or concession of that rejection, issue, or comment. In addition, because the
`
`arguments made above may not be exhaustive, there may be other reasons for patentability of
`
`any or all claims that have not been expressed. Finally, nothing in this paper should be construed
`
`as an intent to concede, or an actual concession of, any issue with regard to any claim, or any
`
`cited art, except as specifically stated in this paper, and the amendment or cancellation of any
`
`10 0fl2
`
`.10.
`
`10 of 12
`
`

`
`Serial No.: 11/839,987
`
`Response to June 8, 2010 Office Action
`
`claim does not necessarily signify concession of unpatentability of the claim prior to its
`
`amendment or cancellation.
`
`Non-statutory Double Patenting Rejection
`
`Examiner has rejected claims 1-18 on the ground of nonstatutory obViousness—type
`
`double patenting as being unpatentable over claims 2-23 of co—pending Application No.
`
`11/679,416. Accordingly, Applicant submits herewith a terminal disclaimer. Applicant
`
`respectfully submits that this rejection has been overcome and requests withdrawal of this
`
`rejection.
`
`llofl2
`
`-11-
`
`11 of 12
`
`

`
`Serial No.: 11/839,987
`
`Response to June 8, 2010 Office Action
`
`In light of the Amendments and Remarks herein, the Applicant submits that the pending
`
`CONCLUSION
`
`claims, claims 1-19, are in condition for allowance and respectfully requests a notice to this
`
`effect. Should the Examiner have any questions, please call the undersigned at the phone
`
`number listed below.
`
`To the extent necessary, a petition for an extension of time (3 months) under 37 C.F.R. §
`
`1.136 is hereby made. Please charge any shortage in fees due in connection with the filing of
`
`this paper, including extension of time fees, to Deposit Account 501133 and please credit any
`
`excess fees to such deposit account.
`
`Respectfully submitted,
`
`MCDERMOTT WILL & EMERY LLP
`
`/Toby H. Kusmer/
`Toby H. Kusmer
`Registration No. 26,418
`28 State Street
`Boston, MA 02109
`Phone: 617-535-4065
`
`Facsimile: 617-535-3800
`
`Date: January 10, 2011
`
`DM_US 27382961 -1 .077580.0066
`
`Please recognize our Customer No. 23630 as
`our correspondence address.
`
`12 ofl2
`
`.12.
`
`12 of 12