`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`
`
`
`
`
`
`
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`
`
`
`
`
`
`
`
`
`BLACK SWAMP IP, LLC
`Petitioner
`
`v.
`
`VIRNETX INC.
`Patent Owner
`
`
`
`
`
`
`
`Case IPR2016-00693
`Patent 7,418,504
`
`
`
`
`
`
`
`
`
`
`
`
`Declaration of Fabian Monrose, Ph.D.
`
`
`
`
`
`
`
`
`
`VirnetX Exhibit 2015
`Black Swamp IP, LLC v. VirnetX Inc.
`IPR2016-00693
`
`Page 1 of 35
`
`

`

`Case No. IPR2016-00693
`
`Table of Contents
`
`Introduction ...................................................................................................... 1
`
`Resources Consulted ........................................................................................ 1
`
`
`
`I.
`
`II.
`
`III. Background and Qualifications ....................................................................... 2
`
`IV. Level of Ordinary Skill .................................................................................... 7
`
`V. Overview of the ’504 Patent ............................................................................ 8
`
`VI. Claim Terms ..................................................................................................11
`
`A.
`
`B.
`
`C.
`
`D.
`
`“Domain Name Service System” (Claims 1, 15-16, 27, 33, 36,
`51, 57, and 60) .....................................................................................11
`
`“Secure Communication Link” (Claims 1, 16, 27, 33, 36, 40,
`51, 57, and 60) .....................................................................................12
`
`1.
`
`2.
`
`3.
`
`“Authentication” and “Address Hopping” Alone Do Not
`Result in a “Secure Communication Link” ...............................13
`
`A “Secure Communication Link” Must Be Direct ...................15
`
`A “Secure Communication Link” Requires Encryption ...........16
`
`“Indication” (Claims 1, 36, and 60) ....................................................17
`
`“Transparently” (Claims 27 and 51) ...................................................19
`
`VII. Kiuchi Does Not Disclose the Features of the Challenged Claims ...............20
`
`A. Overview of Kiuchi .............................................................................20
`
`B.
`
`Independent Claim 1 ...........................................................................23
`
`1.
`
`2.
`
`3.
`
`Kiuchi Does Not Disclose the Recited “Indication” .................23
`
`Kiuchi Does Not Disclose the Recited “Plurality of
`Domain Names and Corresponding Network Addresses”........24
`
`Kiuchi Does Not Disclose a System for Establishing the
`Recited “Secure Communication Link” ...................................25
`
`i
`
`Page 2 of 35
`
`

`

`Case No. IPR2016-00693
`
`C.
`
`Independent Claims 36 and 60 ............................................................26
`
`D. Dependent Claims 15 and 39 ..............................................................27
`
`E.
`
`F.
`
`Dependent Claims 16 and 40 ..............................................................28
`
`Dependent Claims 27 and 51 ..............................................................29
`
`G. Dependent Claims 2, 5, 6, 33, 37, and 57 ...........................................31
`
`VIII. Conclusion .....................................................................................................31
`
`
`
`ii
`
`Page 3 of 35
`
`

`

`
`
`I.
`
`Case No. IPR2016-00693
`
`I, FABIAN MONROSE, declare as follows:
`
`Introduction
`I have been retained by VirnetX Inc. (“VirnetX”) for this inter partes
`
`1.
`
`review proceeding. I understand that this proceeding involves U.S. Patent No.
`
`7,418,504 (“the ’504 patent”). I understand the ’504 patent is assigned to VirnetX
`
`and that it is part of a family of patents that stems from U.S. provisional
`
`application nos. 60/106,261 (“the ’261 application”), filed on October 30, 1998,
`
`and 60/137,704 (“the ’704 application”), filed on June 7, 1999. I understand that
`
`the ’504 patent is a continuation of U.S. application no. 09/558,210 filed April 26,
`
`2000 (“the ’210 application,” abandoned). And I understand the ’210 application
`
`is a continuation-in-part of U.S. application no. 09/504,783 filed February 15, 2000
`
`(now U.S. Patent 6,502,135, “the ’135 patent”), and that the ’135 patent is a
`
`continuation-in-part of U.S. application no. 09/429,643 filed October 29, 1999
`
`(now U.S. Patent No. 7,010,604), which claims priority to the ’261 and ’704
`
`applications.
`
`II. Resources Consulted
`I have reviewed the ’504 patent, including claims 1-60. I have also
`2.
`
`reviewed the Corrected Petition for Inter Partes Review filed with the U.S. Patent
`
`and Trademark Office (“Office”) by Black Swamp IP, LLC on April 27, 2016
`
`(“Petition”). I have also reviewed the Patent Trial and Appeal Board’s (“Board”)
`
`
`
`Page 4 of 35
`
`

`

`decision to institute inter partes review (Paper No. 8, the “Decision”) of September
`
`Case No. IPR2016-00693
`
`9, 2016.
`
`3.
`
`I understand that in this proceeding the Board instituted review of the
`
`’504 patent on the following ground: anticipation of claims 1, 2, 5, 6, 15, 16, 27,
`
`33, 36, 37, 39, 40, 51, 57, and 60 over Kiuchi (Ex. 1005). I have reviewed the
`
`exhibits and other documentation supporting the Petition that are relevant to the
`
`Decision and the instituted grounds, and any other material that I reference in this
`
`declaration.
`
`III. Background and Qualifications
`I have a great deal of experience and familiarity with computer and
`4.
`
`network security, and have been working in this field since 1993 when I entered
`
`the Ph.D. program at New York University.
`
`5.
`
`I am currently a Professor of Computer Science at the University of
`
`North Carolina at Chapel Hill. I also hold an appointment as the Director of
`
`Computer and Information Security at the Renaissance Computing Institute
`
`(RENCI). RENCI develops and deploys advanced technologies to facilitate
`
`research discoveries and practical innovations. To that end, RENCI partners with
`
`researchers, policy makers, and technology leaders to solve the challenging
`
`problems that affect North Carolina and our nation as a whole. In my capacity as
`
`Director of Computer and Information Security, I
`
`lead
`
`the design and
`
`
`
`Page 5 of 35
`
`

`

`Case No. IPR2016-00693
`
`implementation of new platforms for enabling access to, and analysis of, large and
`
`sensitive biomedical data sets while ensuring security, privacy, and compliance
`
`with regulatory requirements. At RENCI, we are designing new architectures for
`
`securing access to data (e.g., using virtual private networks and data leakage
`
`prevention technologies) hosted among many different institutions. Additionally, I
`
`serve on RENCI’s Security, Privacy, Ethics, and Regulatory Oversight Committee
`
`(SPOC), which oversees the security and regulatory compliance of technologies,
`
`designed under the newly-formed Data Science Research Program and the Secure
`
`Medical Research Workspace.
`
`6.
`
`I received my B.Sc. in Computer Science from Barry University in
`
`May 1993. I received my MSc. and Ph.D. in Computer Science from the Courant
`
`Institute of Mathematical Sciences at New York University in 1996 and 1999,
`
`respectively. Upon graduating from the Ph.D. program, I joined the Systems
`
`Security Group at Bell Labs, Lucent Technologies. There, my work focused on the
`
`analysis of
`
`Internet Security
`
`technologies
`
`(e.g.,
`
`IPsec and client-side
`
`authentication) and applying
`
`these
`
`technologies
`
`to Lucent’s portfolio of
`
`commercial products. In 2002, I joined the Johns Hopkins University as Assistant
`
`Professor in the Computer Science department. I also served as a founding
`
`member of the Johns Hopkins University Information Security Institute (JHUISI).
`
`
`
`Page 6 of 35
`
`

`

`Case No. IPR2016-00693
`
`At JHUISI, I served a key role in building a center of excellence in Cyber Security,
`
`leading efforts in research, education, and outreach.
`
`7.
`
`In July of 2008, I joined the Computer Science department at the
`
`University of North Carolina (UNC) Chapel Hill as Associate Professor, and was
`
`promoted to Full Professor four years later. In my current position at UNC Chapel
`
`Hill, I work with a large group of students and research scientists on topics related
`
`to cyber security. My former students now work as engineers at several large
`
`companies, as researchers in labs, or as university professors themselves. Today,
`
`my research focuses on applied areas of computer and communications security,
`
`with a focus on traffic analysis of encrypted communications (e.g., Voice over IP);
`
`Domain Name System (DNS) monitoring for performance and network abuse;
`
`network security architectures for traffic engineering; biometrics and client-to-
`
`client authentication techniques; computer forensics and data provenance; runtime
`
`attacks and defenses for hardening operating system security; and large-scale
`
`empirical analyses of computer security incidents. I also regularly teach courses in
`
`computer and information security.
`
`8.
`
`I have published over 80 papers in prominent computer and
`
`communications security publications. My research has received numerous
`
`awards, including the Best Student Paper Award (IEEE Symposium on Security &
`
`Privacy, July, 2013), the Outstanding Research in Privacy Enhancing Technologies
`
`
`
`Page 7 of 35
`
`

`

`Case No. IPR2016-00693
`
`Award (July, 2012), the AT&T Best Applied Security Paper Award (NYU-Poly
`
`CSAW, Nov., 2011), and the Best Paper Award (IEEE Symposium on Security &
`
`Privacy, May, 2011), among others. My research has also received corporate
`
`sponsorship, including two Google Faculty Research Awards (2009, 2011) for my
`
`work on network security and computer forensics, as well as an award from
`
`Verisign Inc. (2012) for my work on DNS.
`
`9.
`
`I am the sole inventor or a co-inventor on three issued US patents and
`
`four pending patent applications, nearly all of which relate to network and systems
`
`security. Over the past 12 years, I have been the lead investigator or a
`
`co-investigator on grants totaling nearly nine million US dollars from the National
`
`Science Foundation (NSF), the Department of Homeland Security (DHS), the
`
`Department of Defense (DoD), and industry. In 2014, I was invited to serve on the
`
`Information Science and Technology (ISAT) study group for the Defense
`
`Advanced Research Projects Agency (DARPA).
`
` During my three year
`
`appointment, I will assist DARPA by providing continuing and independent
`
`assessment of the state of advanced information science and technology as it
`
`relates to the U.S. Department of Defense.
`
`10.
`
`I have chaired several international conferences and workshops,
`
`including for example, the USENIX Security Symposium, which is the premier
`
`systems-security conference for academics and practitioners alike. Additionally, I
`
`
`
`Page 8 of 35
`
`

`

`Case No. IPR2016-00693
`
`have also served as Program Chair for the USENIX Workshop on Hot Topics in
`
`Security, the Program Chair for the USENIX Workshop on Large-Scale Exploits &
`
`Emergent Threats, the local arrangements Chair for the Financial Cryptography
`
`and Data Security Conference, the General Chair of the Symposium on Research in
`
`Attacks and Defenses, and the Co-Chair and Chair for the Symposium on Research
`
`in Attacks and Defenses in 2015 and 2016, respectively. As a leader in the field, I
`
`have also served on numerous technical program committees including the
`
`Symposium on Electronic Crime Research (2016), Research in Attacks, Intrusions,
`
`and Defenses Symposium (2012, 2013), USENIX Security Symposium (2013,
`
`2005-2009), Financial Cryptography and Data Security (2011, 2012), Digital
`
`Forensics Research Conference (2011, 2012), ACM Conference on Computer and
`
`Communications Security (2009-2011, 2013), IEEE Symposium on Security and
`
`Privacy (2007, 2008), ISOC Network & Distributed System Security (2006—
`
`2009), International Conference on Distributed Computing Systems (2005, 2009,
`
`2010), and USENIX Workshop on Large-scale Exploits and Emergent Threats
`
`(2010-2012).
`
`11. From 2006 to 2009, I served as an Associate Editor for IEEE
`
`Transactions on Information and Systems Security (the leading technical journal
`
`on cyber security), and currently serve on the Steering Committee for the USENIX
`
`Security Symposium.
`
`
`
`Page 9 of 35
`
`

`

`Case No. IPR2016-00693
`
`12. My curriculum vitae, which I understand is Exhibit 2020 in this
`
`proceeding, details my background and technical qualifications. Although I am
`
`being compensated at my standard rate of $450/hour for my work in this matter,
`
`the compensation in no way affects the statements in this declaration.
`
`IV. Level of Ordinary Skill
`I am familiar with the level of ordinary skill in the art with respect to
`13.
`
`the inventions of the ’504 patent as of what I understand is the patent’s early-2000
`
`priority date. Specifically, based on my review of the technology, the educational
`
`level of active workers in the field, and drawing on my own experience, I
`
`believe a person of ordinary skill in art at that time would have had a master’s
`
`degree in computer science or computer engineering, as well as two years of
`
`experience in computer networking with some accompanying exposure to network
`
`security. My view is consistent with VirnetX’s view that a person of ordinary skill
`
`in the art requires a master’s degree in computer science or computer engineering
`
`and approximately two years of experience in computer networking and computer
`
`security. I have been asked to consider how one of ordinary skill would have
`
`understood certain claim terms, and consider how one of ordinary skill in the art
`
`would have understood the Kiuchi reference mentioned above in relation to the
`
`claims of the ’504 patent. My findings are set forth below.
`
`
`
`Page 10 of 35
`
`

`

`Case No. IPR2016-00693
`
`V. Overview of the ’504 Patent
`14. The ’504 patent discloses several embodiments of a domain name
`
`service (“DNS”) system for establishing a secure communication link, such as a
`
`virtual private network
`
`(“VPN”) communication
`
`link, between devices
`
`connected to a network. In one embodiment, a novel, specialized DNS system
`
`receives a DNS request and automatically facilitates the establishment of a secure
`
`communication link between two devices. (Ex. 1001 at 39:46-51.)
`
`15. The ’504 patent distinguishes the claimed DNS service system from a
`
`conventional DNS scheme that merely returns a requested IP address and/or public
`
`key:
`
`
`
`Conventional Domain Name Servers (DNSs) provide a
`look-up function that returns the IP address of a
`requested computer or host. For example, when a
`computer user types in the web name “Yahoo.com,” the
`user’s web browser transmits a request to a DNS, which
`converts the name into a four-part IP address that is
`returned to the user’s browser.
`
`. . .
`
`One conventional scheme that provides secure virtual
`private networks over the Internet provides the DNS
`server with the public keys of the machines that the DNS
`server has the addresses for. This allows hosts to retrieve
`automatically the public keys of a host that the host is to
`
`Page 11 of 35
`
`

`

`Case No. IPR2016-00693
`
`communicate with so that the host can set up a VPN
`without having the user enter the public key of the
`destination host. One implementation of this standard is
`presently being developed as part of the FreeS/WAN
`project (RFC 2535).
`
`certain
`from
`suffers
`scheme
`conventional
`The
`drawbacks. For example, any user can perform a DNS
`request. Moreover, DNS requests resolve to the same
`value for all users.
`
`invention, a
`the
`to certain aspects of
`According
`specialized DNS server traps DNS requests and, if the
`request is from a special type of user (e.g., one for which
`secure communication services are defined), the server
`does not return the true IP address of the target node, but
`instead automatically sets up a virtual private network
`between the target node and the user.
`
`(Id. at 39:7-51.)
`
`16. Compared with a conventional DNS known at the time of filing the
`
`’504 patent—which is described as merely returning a requested IP address and/or
`
`public key—the claimed DNS system of the ’504 patent supports establishing a
`
`secure communication link and provides an indication of the same. (See, e.g., id.
`
`at 55:49-56, 57:48-58, 60:3-14.) For example, in FIGS. 26 and 27 of the ’504
`
`patent, reproduced below, a DNS server 2602 including a DNS proxy 2610
`
`
`
`Page 12 of 35
`
`

`

`supports establishing a VPN link between a computer 2601 and a secure
`
`target site 2604. (Id. at 39:67-41:59.)
`
`Case No. IPR2016-00693
`
`
`17. Here, the DNS server 2602 receives a DNS request for a target site
`
`from computer 2601. (Id. at 40:49-52.) A DNS proxy 2610 at the DNS server
`
`2602 determines whether the target site is a secure site. (Id. at 40:6-8, 40:49-
`
`56.) If access to a secure site has been requested, the DNS proxy 2610 determines
`
`whether the computer 2601 is authorized to access the site. (Id. at 40:57-59.) If
`
`so, the DNS proxy 2610 transmits a message to gatekeeper 2603 to create a secure
`
`communication link (e.g., a VPN link) between computer 2601 and secure target
`
`site 2604. (Id. at 40:12-15.) In this example, the gatekeeper 2603 allocates
`
`
`
`Page 13 of 35
`
`

`

`Case No. IPR2016-00693
`
`resources (in this case, IP hop blocks) for the secure communication link to the
`
`computer 2601 and secure target site 2604. (Id. at 40:15-19.) The DNS proxy
`
`2610 then responds to the computer 2601’s DNS request with an address received
`
`from the gatekeeper 2603. (Id. at 40:19-22.) In this manner, the specialized DNS
`
`service system supports establishing a secure communication link, doing more than
`
`a conventional DNS server at the time of the invention.
`
`VI. Claim Terms
`I understand that in an inter partes review proceeding, the claims of a
`18.
`
`patent are construed under the broadest reasonable interpretation in light of the
`
`specification. I also understand that the parties have proposed constructions for
`
`certain terms of the ’504 patent. Unless otherwise noted, I have used Patent
`
`Owner’s proposed constructions in my analysis. In my opinion, Patent Owner’s
`
`proposed constructions are consistent with the specification. To the extent Patent
`
`Owner has not proposed a construction for a term, I understand that term to have
`
`its plain and ordinary meaning from the perspective of one of ordinary skill in the
`
`art in light of the specification. I have applied this understanding in my analysis.
`
`
`
`A.
`
`“Domain Name Service System” (Claims 1, 15-16, 27, 33, 36, 51,
`57, and 60)
`
`19.
`
`I understand that the parties and the Board have put forth the following
`
`constructions for purposes of this proceeding:
`
`
`
`Page 14 of 35
`
`

`

`Patent Owner’s Proposed
`Construction
`No construction necessary
`
`
`
`Petitioner’s Proposed
`Construction
`Any system with the
`features of the claims,
`where the system may
`include one or more
`computers or devices.
`
`Case No. IPR2016-00693
`
`Decision’s
`Construction
`No construction
`proposed
`
`20.
`
`In my opinion, the plain and ordinary meaning of “domain name
`
`service system” would have been readily apparent to one of ordinary skill in the art
`
`without construction as Patent Owner proposes. It is the subject of independent
`
`claim 1, for example, which already defines its characteristics: “a domain name
`
`service system configured to be connected to a communication network, to store a
`
`plurality of domain names and corresponding network addresses, to receive a
`
`query for a network address, and to comprise an indication that the domain name
`
`service system supports establishing a secure communication link.” Since the
`
`claims themselves define the characteristics of the domain name service system, in
`
`my opinion, the plain and ordinary meaning of “domain name service system”
`
`would have been readily apparent to one of ordinary skill in the art.
`
`B.
`
`“Secure Communication Link” (Claims 1, 16, 27, 33, 36, 40, 51,
`57, and 60)
`
`21.
`
`I understand that the parties and the Board have put forth the following
`
`constructions for purposes of this proceeding:
`
`
`
`Page 15 of 35
`
`

`

`Patent Owner’s Proposed
`Construction
`A direct communication
`link that provides data
`security through
`encryption
`
`Case No. IPR2016-00693
`
`Decision’s Construction
`
`No construction proposed
`
`Petitioner’s Proposed
`Construction
`A transmission path that
`restricts access to data,
`addresses, or other
`information on the path,
`generally using obfuscation
`methods to hide
`information on the path,
`including, but not limited
`to, one or more of
`authentication, encryption,
`or address hopping.
`
`
`
`22.
`
`In my opinion, Patent Owner’s constructions are consistent with the
`
`specification’s disclosure of a secure communication link. Petitioner’s proposed
`
`construction contradicts the plain language of the claims, is internally inconsistent,
`
`and is contrary to the ’504 patent specification and prosecution history.
`
`1.
`
`“Authentication” and “Address Hopping” Alone Do Not
`Result in a “Secure Communication Link”
`
`23.
`
`In my opinion, Black Swamp’s proposed construction (Pet. at 10-12) is
`
`internally inconsistent and technically flawed. Of the obfuscation methods in the
`
`proposed construction—authentication, encryption, and address hopping—a person
`
`of ordinary skill in the art would have understood that only encryption restricts
`
`access to “data, addresses, or other information on the path,” as required by the
`
`first portion of Black Swamp’s construction. The other techniques alone do not
`
`“hide information on the path,” as Black Swamp’s construction requires.
`
`
`
`Page 16 of 35
`
`

`

`Case No. IPR2016-00693
`
`24. For example, authentication merely “[e]nsur[es] that a message
`
`originated from the expected sender and has not been altered on route.” (Ex. 2005
`
`at 3, Glossary for the Linux FreeS/WAN Project.) It does not prevent an
`
`eavesdropper from accessing data transmitted over an unsecure communication
`
`link. The specification supports this fact by describing at least one scenario where
`
`an authenticated transmission occurs “in the clear”—i.e., over an unsecured
`
`communication link:
`
`SDNS [secure domain name service] 3313 can be
`accessed through secure portal 3310 “in the clear”, that
`is, without using an administrative VPN communication
`link. In this situation, secure portal 3310 preferably
`authenticates the query using any well-known technique,
`such as a cryptographic technique, before allowing the
`query to proceed to SDNS [3313].
`
`(Ex. 1001 at 51:48-53.)
`
`25. Similarly, address hopping alone also does not provide the claimed
`
`security, as there is nothing inherent in moving from address to address that hides
`
`information on the path or precludes an eavesdropper from reading the details of a
`
`communication. A person of ordinary skill in the art would have understood that
`
`this is why the ’504 patent discloses embodiments that use encryption in
`
`conjunction with address hopping to protect, for example, the next address in a
`
`routing scheme from being viewed by eavesdroppers. (See, e.g., id. at 3:34-48,
`
`
`
`Page 17 of 35
`
`

`

`Case No. IPR2016-00693
`
`stating in part that “[e]ach TARP packet’s true destination is concealed behind a
`
`layer of encryption generated using a link key.”) It is the encryption that hides
`
`information on the path while moving from address to address. (See, e.g., id. at
`
`3:14-4:38.)
`
`26. While authentication and address hopping may be used in conjunction
`
`with encryption as an “obfuscation method,” in my opinion, this fact does not
`
`make either sufficient by itself to “hide information on the path,” as Black
`
`Swamp’s construction requires.
`
`2. A “Secure Communication Link” Must Be Direct
`In my opinion, Black Swamp’s construction incorrectly encompasses
`
`27.
`
`links that are not direct. A person of ordinary skill in the art would have
`
`understood that the ’504 patent specification describes a secure communication
`
`link as “direct” between a client and target device and the prosecution history of
`
`related VirnetX patents supports this understanding.
`
`28. For instance, in one embodiment, the ’504 patent describes the link
`
`between an originating TARP terminal and a destination TARP terminal as direct.
`
`(See, e.g., Ex. 1001, 9:41-50, Fig. 2; see also id. at 33:49-55 (describing a variation
`
`of the TARP embodiments as including a direct communication link); 38:11-14
`
`(describing the embodiment of Figure 24 in which a first computer and second
`
`computer are connected directly).) The ’504 patent similarly describes direct
`
`
`
`Page 18 of 35
`
`

`

`Case No. IPR2016-00693
`
`communications in later embodiments as well. (See, e.g., id. at 40:12-15, 41:5-8
`
`(describing a virtual private network as being direct between a user’s computer and
`
`target), 42:12-16, 43:5-9 (describing a load balancing example in which a virtual
`
`private network is direct between a first host and a second host), 48:57-59, 48:65-
`
`49:12 (describing a secure communication link that is direct between a first
`
`computer and a second computer), Figs. 24, 26, 28, 29, 33.) A person of ordinary
`
`skill in the art would have understood that in each of these embodiments, the ’504
`
`patent specification discloses that the link traverses a network (or networks)
`
`through which it is simply passed or routed via various network devices such as
`
`Internet Service Providers, firewalls, and routers. (See, e.g., id. at Figs. 2, 24, 28,
`
`29, 33.)
`
`A “Secure Communication Link” Requires Encryption
`
`3.
`In my opinion, Black Swamp’s proposed construction is contrary to the
`
`29.
`
`specification, which explains over and over again that a secure communication link
`
`requires encryption. For instance, the ’504 patent specification teaches that “data
`
`security is usually tackled using some form of data encryption,” and it repeatedly
`
`discusses using encryption. (Ex. 1001 at 1:55-56; see also id. at 3:14-17 (“TARP”
`
`embodiments described as using a “unique two-layer encryption format”), 3:34-35
`
`(“[e]ach TARP packet’s true destination address is concealed behind a layer of
`
`encryption”), 4:5-7 (“[t]he message payload is hidden behind an inner layer of
`
`
`
`Page 19 of 35
`
`

`

`Case No. IPR2016-00693
`
`encryption”), 9:60-61, 11:10-17.)
`
`C.
`30.
`
`“Indication” (Claims 1, 36, and 60)
`
`I understand that the parties and the Board have put forth the following
`
`constructions for purposes of this proceeding:
`
`Patent Owner’s Proposed
`Construction
`No construction
`necessary
`
`Decision’s Construction
`
`No construction proposed
`
`Petitioner’s Proposed
`Construction
`A visible or non-visible
`message or signal that the
`DNS system supports
`establishing a secure
`communication link,
`including the establishment
`of the secure
`communication link itself
`
`
`
`31. Claim 1 of the ’504 patent recites the phrase “to comprise an indication
`
`that the domain name service system supports establishing a secure communication
`
`link.” Independent claim 36 recites “supporting an indication that the domain
`
`name service system supports establishing a secure communication link.” And
`
`independent claim 60 recites “comprising an indication that the domain name
`
`service system supports establishing a secure communication link.” For simplicity,
`
`I refer to these features as the “indication” phrases.
`
`32.
`
`In my opinion, the plain and ordinary meaning of the “indication”
`
`phrases would be readily apparent to one of ordinary skill in the art without
`
`construction as Patent Owner proposes.
`
`
`
`Page 20 of 35
`
`

`

`Case No. IPR2016-00693
`
`33.
`
`I understand that Black Swamp’s construction permits the “indication”
`
`phrases to be met by “the establishment of the secure communication link itself.”
`
`In my opinion, this equating of establishing a secure communication link with
`
`indicating whether the domain name service system supports establishing a secure
`
`communication link is inconsistent with how one of ordinary skill in the art at the
`
`time of the invention would have understood the “indication” phrases.
`
`34. For example, a person of ordinary skill in the art would have
`
`understood that the claim language distinguishes these two functions, separately
`
`reciting “establishing a secure communication link,” (see, e.g., Ex. 1001 at 55:49-
`
`50, claim 1 preamble), and “an indication that the domain name service system
`
`supports establishing a secure communication link,” (see, e.g., id. at 55:54-56).
`
`Dependent claim 16 further reveals that “establishing a secure communication
`
`link” is separate from an “indication that the domain name service system
`
`supports establishing a secure communication link.” (Ex. 1001 at 56:35-43.) In
`
`my opinion, a person of ordinary skill in the art would have understood that the
`
`plain language of the claims not only discloses these features to be distinct, but
`
`further teaches that the indication that the DNS system supports establishing a
`
`secure communication link precedes the establishing of a secure communication
`
`link. (Id. at 55:49-56, 56:35-43, 60:3-13.)
`
`
`
`Page 21 of 35
`
`

`

`Case No. IPR2016-00693
`
`D.
`35.
`
`“Transparently” (Claims 27 and 51)
`
`I understand that the parties and the Board have put forth the following
`
`constructions for purposes of this proceeding:
`
`Petitioner’s Proposed
`Construction
`The user need not be
`involved in creating the
`secure communication link.
`
`Decision’s Construction
`
`No construction proposed
`
`Patent Owner’s Proposed
`Construction
`The user need not be
`involved in creating the
`secure communication
`link.
`
`
`36.
`
`In my opinion, VirnetX’s construction of this term is consistent with
`
`the patent disclosure. The ’504 patent specification and claims define the term
`
`“transparently” to mean that “the user need not be involved in creating the secure
`
`communication link.” Claim 27, for example, recites, “wherein the domain name
`
`service system is configured to enable establishment of a secure communication
`
`link between a first location and a second location transparently to a user at the
`
`first location.” Because the establishment of the secure communication link is
`
`transparent to the user, a person of ordinary skill in the art would have understood
`
`that the broadest reasonable interpretation of “transparently” is that the user need
`
`not be involved in creating the secure communication link. The specification
`
`confirms this understanding. (See, e.g., Ex. 1001 at 41:11-12, “. . . transparently to
`
`the user (i.e., the user need not be involved in creating the secure link).”)
`
`
`
`Page 22 of 35
`
`

`

`Case No. IPR2016-00693
`
`VII. Kiuchi Does Not Disclose the Features of the Challenged Claims
`A. Overview of Kiuchi
`37. Kiuchi explains that “[i]n the medical community, there is a strong
`
`need for closed networks among hospitals and related institutions.” (Ex. 1005 at
`
`64.) When an end user at a client in one hospital requests patient information
`
`located at a server of another hospital, “[s]ecure transfer … is obviously essential.”
`
`(Id. at 64.) Kiuchi discloses a closed HTTP-based network (“C-HTTP”) “to assure
`
`institutional level security.” (Id. at 64.)
`
`38. C-HTTP communication is a multi-step process and, as shown below,
`
`requires three components for communication between the client (also referred to
`
`as a user agent) and the origin server (where the patient information resides): a
`
`client-side proxy, a server-side proxy, and a C-HTTP name server. (Id. at 64-67.)
`
`“C-HTTP-based communication is performed only between two types of C-HTTP
`
`proxies and between a C-HTTP proxy and CHTTP name server.” (Id. at 68.)
`
`Unlike other protocols that “assure ‘end-to-end’ security protection” where
`
`security protection is dependent on the end user, C-HTTP communication involves
`
`“proxy-proxy security” and no direct communication between user agents and
`
`origin servers. (Id. at 67-68.)
`
`39. As disclosed in Kiuchi, an end user at a user agent may select or
`
`request
`
`a
`
`“resource name[] with
`
`a
`
`connection
`
`ID,
`
`for
`
`example,
`
`
`
`Page 23 of 35
`
`

`

`Case No. IPR2016-00693
`
`‘http://server.in.current.connection/sample.html=@=6zdDfldfcZLj8V!i’”
`
`that
`
`identifies resources at an origin server. (Id. at 65.) The “resource name” in Kiuchi
`
`corresponds to “http://server.in.current.connection/sample.html” and identifies
`
`both the origin server where the requested resources are located, also referred to as
`
`the “host” in Kiuchi, and the resources requested. (Id.) The connection ID
`
`corresponds to “6zdDfldfcZLj8V!i.”