UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`APPLE INC.,
`Petitioner
`
`v.
`
`MPH TECHNOLOGIES OY,
`Patent Owner
`
`Case IPR2019-00821
`U.S. Patent No. 8,037,302
`
`DECLARATION OF DAVID GOLDSCHLAG, PH.D.
`
`Mail Stop “PATENT BOARD”
`Patent Trial and Appeal Board
`U.S. Patent & Trademark Office
`P.O. Box 1450
`Alexandria, VA 22313-1450
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 1
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`TABLE OF CONTENTS
`
`Qualifications.............................................................................................. 3
`My Understanding of Claim Construction ................................................. 5
`My Understanding of Obviousness ............................................................ 6
`Level of Ordinary Skill in the Art .............................................................. 8
`Overview of the ’302 Patent ....................................................................... 9
`Background of the Technologies Disclosed in the ’302 Patent ...............15
`A.
`Security Issues in Mobile IP ............................................................15
`The ’302 Patent Claims ............................................................................19
`A.
`“a first secure connection”/ “a second secure connection”
`[Claim 1.a] ................................................................................................19
`Analysis ....................................................................................................21
`A.
`First Ground: The Combination of Ahonen and Ishiyama ..............21
`1. Ahonen ......................................................................................................21
`2. Overview of the Combination of Ahonen and Ishiyama .........................26
`3. Ahonen in view of Ishiyama renders claim 1 obvious .............................32
`4. Ahonen in view of Ishiyama renders claim 2 obvious .............................48
`5. Ahonen in view of Ishiyama renders claim 3 obvious .............................52
`6. Ahonen in view of Ishiyama renders claim 4 obvious .............................53
`7. Ahonen in view of Ishiyama renders claim 5 obvious .............................54
`8. Ahonen in view of Ishiyama renders claim 6 obvious .............................56
`9. Ahonen in view of Ishiyama renders claims 7, 9, 10, and 13 obvious.....58
`10. Ahonen in view of Ishiyama renders claim 8 obvious .............................61
`11. Ahonen in view of Ishiyama renders claim 11 obvious ...........................63
`12. Ahonen in view of Ishiyama renders claim 12 obvious ...........................64
`13. Ahonen in view of Ishiyama renders claim 16 obvious ...........................65
`B.
`Second Ground: The Combination of Ahonen, Ishiyama
`and Gupta ..................................................................................................67
`1. Overview of the Combination of Ahonen and Ishiyama .........................67
`2. Overview of the Combination of Ahonen, Ishiyama, and Gupta .............67
`3. Ahonen and Ishiyama in view of Gupta renders claims 14-15 obvious ..70
`Conclusion ................................................................................................72
`
`I.
`II.
`III.
`IV.
`V.
`VI.
`
`VII.
`
`VIII.
`
`IX.
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 2
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`I, David Goldschlag, Ph.D., declare as follows:
`
`1.
`
`I have been retained on behalf of Apple, Inc. for the above-captioned
`
`inter partes review proceeding. I understand that this proceeding involves U.S.
`
`Patent No. 8,037,302 (“the ’302 patent”), titled “Method and System for Ensuring
`
`Secure Forwarding of Messages,” and that the ’302 patent is currently assigned to
`
`Mobility Patent Holding MPH Oy.
`
`2.
`
`I have reviewed and am familiar with the specification of the ’302
`
`patent issued on October 11, 2011. I will cite to the specification using the
`
`following format: Ex. 1001, ’302 patent, 1:1-10. This example citation points to
`
`the ’302 patent specification at column 1, lines 1-10, which is being provided as
`
`Exhibit 1001.
`
`3.
`
`I have reviewed and am familiar with the following prior art used in
`
`the Petition for Inter Partes Review of the ’302 patent:
`
`•
`
`PCT Patent Publication No. WO 01/54379 to Ahonen (“Ahonen”).
`
`Ahonen is provided as Ex. 1004.
`
`•
`
`U.S. Patent No. 6,904,466 to Ishiyama et al. (“Ishiyama”). Ishiyama
`
`is provided as Ex. 1005.
`
`•
`
`“Complete Computing,” by Gupta et al. (“Gupta”). Gupta is
`
`provided as Ex. 1006.
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 3
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`4.
`
`I am familiar with the technology-at-issue as of the September 2001
`
`timeframe.
`
`5.
`
`To the best of my knowledge, the above-mentioned documents and
`
`materials are true and accurate copies of what they purport to be. An expert in the
`
`field would reasonably rely on them to formulate opinions such as those set forth
`
`in this declaration.
`
`6.
`
`I understand that Gupta was originally presented as part of the Second
`
`International Conference for Worldwide Computing and Its Applications
`
`(WWCA’98) held in Tsukuba, Japan on March 4-5, 1998. See Ex. 1006, Gupta,
`
`0001; see also Ex. 1013, Mullins Decl., ¶¶45-47, Attachment 1A. Conferences
`
`such as WWCA ’98 were typically open to the interested public, and I have no
`
`reason to believe otherwise in this case. The papers presented at the conference
`
`would typically be published in conference proceedings and distributed to
`
`attendees of the workshop without restriction.
`
`7.
`
`I have been asked to provide my technical review, analysis, insights,
`
`and opinions regarding the above-noted references that form the basis for the
`
`grounds of rejection set forth in the Petition for Inter Partes Review of the U.S.
`
`Patent No. 8,037,302.
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 4
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`I.
`
`Qualifications
`
`8.
`
`My qualifications are stated more fully in my curriculum vitae,
`
`attached as Exhibit 1009. Here, I provide a brief summary of my qualifications:
`
`9.
`
`I have extensive education and work experience in the field of
`
`computer security. I received a B.S. degree in Computer Science from Wayne State
`
`University in 1985, then received a Ph.D. degree in Computer Science from the
`
`University of Texas at Austin in 1992. In my Ph.D. program, I studied formal
`
`methods and automated
`
`theorem proving. My Ph.D.
`
`thesis focused on
`
`methodologies for increasing the confidence one may have that computer systems
`
`behave as desired, including functionality, security, and safety.
`
`10.
`
`I have conducted significant research and published significant papers
`
`in the field of computer security. For example, I have published 34 papers in the
`
`field of computer security, including papers on verification of computer programs,
`
`verification of computer hardware, novel techniques for smartcard security for
`
`cable and satellite TV systems, techniques for privacy in electronic transactions,
`
`techniques for secure lotteries that do not depend on the trustworthiness of the
`
`lottery operator, and several papers on Onion Routing. Onion Routing, now called
`
`Tor, is a system for privacy and anonymity on the internet. I and my co-inventors
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 5
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`for Onion Routing, were awarded the Alan S. Berman Award at the Naval
`
`Research Laboratory in 1999.
`
`11. My research and work in computer security has resulted in my being a
`
`joint inventor on 12 issued patents related to computer security, including a patent
`
`on Onion Routing, patents related to security for paid video content, and patents
`
`related to security and compliance of devices accessing enterprise systems.
`
`12. Since 1987, I have continuously worked for government agencies and
`
`private companies within the field of computer security. For example, from 1993
`
`to 1997 I worked for the Naval Research Laboratory, researching computer
`
`security and privacy solutions, developing security architectures, and developing
`
`technologies
`
`to
`
`increase computer security and privacy for e-commerce
`
`applications. It was at Naval Research Laboratory that I co-invented Onion
`
`Routing. From 1997 to 1999, I worked at Divx developing a cost-effective way to
`
`secure digital entertainment content for movie-rental distribution via protected
`
`DVDs. These positions, along with my education, all of which were completed
`
`before the relevant time for assessing validity of the ’302 patent, more than qualify
`
`me as a person of ordinary skill in the art of the ’302 patent at the relevant time. In
`
`addition, I worked with people with the same experience as a person of ordinary
`
`skill in the art. From my personal experience working on computer security
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 6
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`solutions myself and with others, I understand the types of problems and the
`
`knowledge that a person of ordinary skill in the art would have confronted and
`
`known at the relevant time.
`
`13.
`
`I have continued my work in computer security after the relevant time
`
`as well, from 1999 to the present. I have held several top-level executive positions
`
`with companies focused on computer security, including KeySec software, Trusted
`
`Edge, Inc., Trust Digital, Inc., McAfee, Inc., MobileSpaces (Cellsec, Inc.), Pulse
`
`Secure, LLC, and New Edge Labs, Inc. In view of my education and experience
`
`both before and after the relevant time, I am an expert in computer security, with
`
`knowledge and skill in the art of the ’302 patent that is well beyond the level of
`
`knowledge and skill of a person of ordinary skill in the art of the ’302 patent.
`
`14. My Curriculum Vitae is attached as Ex. 1009, which contains further
`
`details on my education, experience, publications, and other qualifications to
`
`render an expert option. My work on this case is being billed at my normal hourly
`
`rate, with reimbursement for actual expenses. My compensation is not contingent
`
`upon the outcome of this inter partes review proceeding.
`
`II. My Understanding of Claim Construction
`
`15.
`
`I understand that, before the PTAB, claims are to be given their
`
`ordinary and customary meaning in light of the specification as would have been
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 7
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`read by a person having ordinary skill in the relevant art (also referred to herein as
`
`“POSITA”) at the time of the invention.
`
`III. My Understanding of Obviousness
`
`16.
`
`It is my understanding that a claimed invention is unpatentable if the
`
`differences between the invention and the prior art are such that the subject matter
`
`as a whole would have been obvious at the time the invention was made to a
`
`person having ordinary skill in the art to which the subject matter pertains.
`
`17.
`
`I understand that for a single reference or a combination of references
`
`to render a claimed invention obvious, a POSITA must have been able to arrive at
`
`the claims by altering or combining the applied references.
`
`18.
`
`I also understand that when considering the obviousness of a patent
`
`claim, one should consider whether a teaching, suggestion, or motivation to
`
`combine the references exists so as to avoid impermissibly applying hindsight
`
`when considering the prior art. I understand this test should not be rigidly applied,
`
`but that the test can be important to avoid such hindsight.
`
`19.
`
` I also understand that a showing of obviousness requires some
`
`articulated reasoning with a rationale to support the combination of the references.
`
`I have been informed that the following rationales may support a finding of
`
`obviousness:
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 8
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`(A)
`
` combining prior art elements according to known methods to yield
`
`predictable results;
`
`(B)
`
` simply substituting one known element for another to obtain
`
`predictable results;
`
`(C)
`
` use of a known technique to a known device ready for improvement
`
`to yield predictable results;
`
`(D)
`
` applying a known
`
`technique
`
`to a known device ready for
`
`improvement to yield predictable results;
`
`(E)
`
` choosing from a finite number of identified, predictable solutions
`
`with a reasonable expectation of success;
`
`(F)
`
` known work in a field that prompts variations in the work in the same
`
`or a different field that leads to predictable results; and
`
`(G)
`
` some teaching, suggestion, or motivation in the prior art that would
`
`have lead a POSITA to modify a prior art reference or combine
`
`multiple prior art references or teachings to arrive at the claimed
`
`invention.
`
`20.
`
`I understand that various “real world” factors or objectives may be
`
`indicative of non-obviousness. I understand that such factors include:
`
`(A)
`
` the commercial success of the claimed invention;
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 9
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`(B)
`
` the existence of a long-felt, unresolved need for a solution to the
`
`problem resolved by the claimed invention;
`
`(C)
`
` failed attempts to solve the problem solved by the claimed invention;
`
`(D)
`
` copying of the claimed invention;
`
`(E)
`
`(F)
`
` unexpected results of the claimed invention;
`
` praise for the claimed invention by others in the relevant field; and
`
`(G)
`
` willingness of others to accept a license under the patent because of
`
`the merits of the claimed invention.
`
`21.
`
`It is my understanding that “obviousness” is a question of law based
`
`on underlying factual issues including the content of the prior art and the level of
`
`skill in the art. Therefore, I do not reach any conclusions here with respect to the
`
`ultimate question of obviousness. Instead, my expert testimony is focused on the
`
`underlying facts and analyses that are relevant to the obviousness inquiry.
`
`IV. Level of Ordinary Skill in the Art
`
`22. Based on the technologies disclosed in the ’302 patent, one of
`
`ordinary skill in the art would have a B.S. degree in Electrical Engineering,
`
`Computer Engineering, or Computer Science, as well as at least 3-5 years of
`
`industry experience in communications network design and programming.
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 10
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`V. Overview of the ’302 Patent
`
`23.
`
`In my opinion, the technology of the ’302 patent was old and was
`
`well-known in the art by September 2001, the earliest priority date of the ’302
`
`patent. At a high level, the ’302 patent is directed toward “a method for ensuring
`
`secure forwarding of a message in a telecommunication network” where one node
`
`is a mobile node. Ex. 1001, ’302 patent, 12:15-16. Specifically, secure forwarding
`
`of a message from a first terminal to a second terminal is achieved by “one or
`
`more secure connections … established between different addresses of the first
`
`terminal and address of the other terminal [i.e., the second terminal].” Id.,
`
`Abstract. And the ’302 patent claims that the disclosed method is “a part of a
`
`mobile IP solution or an IPSec solution.” Id., 1:14-16. IPSec refers to the “IP
`
`Security Protocol” standard that was well known before the earliest priority date of
`
`the ’302 patent as admitted in the Technical Background of the ’302 patent. See id.,
`
`1:38-48.
`
`24. The ’302 patent explains that a well-known problem with IPSec is that
`
`it was “designed for a static Internet, where the hosts using IPSec are relatively
`
`static. Thus, IPSec does not work well with mobile devices.” Id., 3:20-23. When
`
`mobile devices move to new networks, the mobile devices must renegotiate keys
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 11
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`which is a computationally expensive operation that is “extremely time
`
`consuming” and introduces “latency” into the communications. Id., 3:26-30.
`
`25. The ’302 patent’s purported solution to this problem is to re-use the
`
`parameters of previously created secure connections in response to a mobile device
`
`that has changed networks. Id., 7:45-53, 10:39-43. In particular, when a mobile
`
`terminal moves to a new network, it checks to determine whether a previously
`
`created secure connection exists at the new network. See id., 10:39-43. By pre-
`
`creating secure connections and re-using them as the mobile terminal moves, the
`
`’302 patent attempts to avoid the previously described problems related to the
`
`renegotiation of keys. See id., 3:26-30.
`
`26. Figure 2 from the ’302 patent illustrates the process for re-using
`
`secure connections:
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 12
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`’302 patent, FIG. 2.
`
`
`
`27. The ’302 patent describes Figure 2 above as “an example of the
`
`method … for sending messages when a mobile terminal moves to a new address.”
`
`Id., 10:9-11. At a first step, “[a] secure connection, preferably an IPSec security
`
`association (SA) … is established between the care-of-address [of the mobile
`
`terminal] and
`
`the home server address.” Id., 10:12-16. If bi-directional
`
`communication is required, then two security associations are established. Id., 2:1-
`
`5. The security association, among other parameters, includes the encryption keys
`
`that have been negotiated between the hosts that are used to encrypt and decrypt
`
`traffic. Id., 2:9-19. The ’302 patent uses the terms “secure connection” or “IPSec
`
`connection” and “security association”
`
`interchangeably: “IPSec security
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 13
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`associations are used as secure connections.” Id., 7:54-55. (“The term IPSec
`
`connection is used in what follows in place of an IPSec bundle of one or more
`
`security associations SAs”).) Id., 2:1-2.
`
`28. The details of the “security associations” between two hosts are stored
`
`in a database located on each of the hosts known as a “IPSec Security Association
`
`Database” or “SADB.” See id., 7:45-58. In order to use the secure connection, each
`
`of the hosts queries their SADB, to obtain the details of the secure connections,
`
`such as encryption/decryption keys, etc.
`
`29. To perform the IPSec processing, a message sent through the IPSec
`
`tunnel is marked “IP/IPSec/IP/Data” because IPSec operates as a tunneling
`
`protocol which tunnels IP packets. When the home server, receives encrypted
`
`IPSec messages, it decrypts them, and forwards them to their destination based
`
`upon the destination address specified within the IP packet that is inside of the
`
`IPSec packet. See id., 11:10-12. The ’302 patent explains that packets from X to
`
`the mobile terminal are handled similarly. Id., 10:26-27. The packet is first routed
`
`to the home server. Then, it is processed via IPSec and encrypted, “during which
`
`an outer IP header is added to the packet and delivered to the current network(s) (in
`
`step 4) the mobile terminal is in.” Id., 10:26-31.
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 14
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`30. As the mobile terminal moves to a new network, however, it obtains a
`
`new address from the visited network, which the ’302 patent refers to as a “care-of
`
`address.” Id., 4:4-5, 4:15-17. The ’302 patent explains that this process would
`
`typically require the renegotiation of keys which would lead to latency issues and
`
`additional computation issues. Id., 9:36-43. The ’302 patent allegedly avoids these
`
`issues, however, by simply having “[t]he mobile terminal… check[] whether an SA
`
`(or more precisely, a pair of SA bundles) already exists between the new care-of
`
`address and the home server address.” Id., 10:40-43. With respect to Figure 2, the
`
`mobile terminal checks whether a security association was already established or
`
`previously created between the mobile terminal and host X. To perform this check,
`
`the mobile terminal queries its SADB. Id., 10:39-43. If a previously created SA
`
`already exists, then “this SA is registered to be the actual SA to be used” for
`
`further communications. Id., 10:55-56. If a previously-created SA does not exist
`
`between the “new care-of address and the home server, a [new] SA setup
`
`occurs….” Id., 10:66-11:3.
`
`31. The ’302 patent refers to the process of the mobile host selecting the
`
`correct secure connection to use as “registration.” Id., 10:51-56. Specifically,
`
`“[w]hen the first terminal moves from one address to another address, a secure
`
`connection, whose endpoints are the new address of the first terminal and the
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 15
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`address of the other terminal, is registered to be at least one of the active
`
`connections.” Id., 7:16-20. This process is further described with reference to steps
`
`5 and 6 of Figure 2, shown below:
`
`’302 patent, FIG. 2.
`
`
`
`32. The ’302 patent explains that “[s]tep 5 is a registration request from
`
`the mobile host to the home server to register the new address and step 6 is a
`
`registration reply back to the mobile terminal.” Id., 10:63-65. This registration
`
`request signals to the home server that the mobile terminal has changed address
`
`and that a different secure connection should be considered the “active”
`
`connection. The reply is confirmation that the home server received the registration
`
`request, but “[i]t is also within the scope of the invention to only use a Registration
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 16
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`Request message …, but not using a Registration Reply message.” Id., 11: 27-30.
`
`And although the registration requests are “preferably the Mobile IP Registration
`
`Request and Registration Reply messages,…other registration formats may also be
`
`used.” Id., 11:24-27.
`
`VI. Background of the Technologies Disclosed in the ’302 Patent
`
`Security Issues in Mobile IP
`
`A.
`33. The ’302 patent explains that its claimed method is “meant to be used
`
`in wireless networks either as a part of a mobile IP solution or an IPSec solution.”
`
`’302 patent, 1:13-15. But in reality, the alleged novelty of the ’302 patent is
`
`nothing more than applying known Mobile IP techniques to IPSec. Thus, it’s
`
`beneficial to first generally understand Mobile IP technology and its known
`
`problems at the time of the filing of the ’302 patent.
`
`34. Mobile IP is a standard communication protocol designed to allow
`
`mobile device users to move from one network to another while maintaining a
`
`permanent IP address. See Ex. 1010, Zao, 373. As was widely known in the prior
`
`art and as admitted in the ’302 patent, POSITAs attempted to combine Mobile IP
`
`with the IPSec protocol to enhance security in Mobile IP communications. See
`
`’302 patent, 3:19-23; Zao, 375. As previously described, however,
`
`this
`
`combination created problems due to the moving nature of the mobile devices
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 17
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`conflicting with IPSec’s original design goal to operate with fixed networks. See,
`
`e.g., ’302 patent, 1:33-37, 3:42-43. That is, typical IPSec tunnel endpoints are fixed
`
`and have IP addresses that cannot change. As a result of this limitation, when the
`
`mobile endpoints change IP addresses or move to new networks, a full
`
`renegotiation of keys would be required, which leads to latency issues and
`
`additional computation. See id., 9:36-46. In view of these well-known problems,
`
`POSITAs before the earliest date of the ’302 patent were already generating many
`
`solutions to solve the IPSec problems resulting from mobile endpoints.
`
`35. For example, “Secure Mobile IP Using IP Security Primitives,” by
`
`Inoue et al. published in 1997 echoed the same problem and described a solution
`
`including “a system which employs a secure mobile IP protocol on stationary
`
`security gateways and mobile hosts” using IPSec AH and ESP protocols. Ex. 1011,
`
`Inoue, 235-236. Inoue describes a strategy involving a “Dynamic gateway
`
`discovery” protocol and a “default border gateway” Id., 238-239. Using the default
`
`border gateway, “it becomes possible for a mobile node to securely communicate
`
`from an outside network to an internal network without registering the information
`
`about all border gateways (and their protected networks).” Id., 239.
`
`36. Similarly, “A Public-Key based secure Mobile IP,” by Zao et al.
`
`published in 1999 disclosed “the design and the implementation of a public key
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 18
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`management system that can be used with … Mobile IP. The system… can supply
`
`cryptographic keys for authenticating … and establishing IPSec tunnels for Mobile
`
`IP redirected packets.” Zao, 373. In particular, Zao’s system described the use of
`
`“certificates” and a “public key infrastructure (PKI)” to allow “hierarchical trust
`
`relations” that can be mapped onto Mobile IP networks, which leads to a “more
`
`scaleable and desirable” system. Id., 374-377. Zao explains: “[t]he main reason to
`
`use the PKI technology was scalability: in order to support global internet
`
`mobility, we must have technology that can establish shared secrets among a large
`
`set of nodes spread across multiple Internet domains.” Id., 376. “[T]he use of
`
`public key certificates eliminates the need for real-time key dispatches” and
`
`therefore would avoid the key negotiation and latency problems described in the
`
`’302 patent. Id.
`
`37. Another solution based on establishment of multiple security
`
`associations was described in U.S. Pat. No. 7,174,018 to Patil et al. (“Patil”). Patil
`
`attempted to achieve the same goal described in the ’302 patent: maintaining
`
`network connectivity in an IP-based mobile communication even when the Mobile
`
`Node changes its point of attachment to the network. Ex. 1012, Patil, Abstract.
`
`Patil explains that its system is intended to “reduce [] management complexity and
`
`allow large-scale roaming among different networks…” Id., 10:48-51. To achieve
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 19
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`these goals, Patil describes “creating variable-based Security Associations (SAs)
`
`between various nodes [and agents] on the system” “to comprehensively, and
`
`flexibly, cover connections in the network.” Id., Abstract, 5:20-37. Patil describes
`
`establishing a “Service Level Agreement (SLA) between various foreign networks
`
`[where the mobile terminal may roam] and a home network” to establish Security
`
`Associations between routers/firewalls of the foreign networks and the home
`
`network. Id. In this manner, Patil’s proposed solution to the mobility problem is to
`
`create several security associations using service level agreements (SLAs) and to
`
`create a “consortium of agreements between various networks and service
`
`providers.” See id., 5:39-64. For example, Patil describes “forming five different
`
`SAs securely connecting various nodes and routers on the Internet.” Id., 7:36-50.
`
`As the mobile node moves, the mobile node sends a “registration request” to
`
`indicate the particular SA being used, and “[a]ny subsequent registrations, after the
`
`initial registration, are done using the SAs established during the initial
`
`registration.” See id., 8:35-9:3, FIG. 2. Therefore, at a high-level, Patil’s solution to
`
`IPSec mobility of pre-creating multiple SAs, and then using them as the Mobile
`
`Node travels, is effectively the same as ’302 patent’s alleged point of novelty—
`
`establishing security associations between different care-of-addresses of the
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 20
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`roaming mobile terminal and a home network.—Id., Abstract, 5:31-36; ’302
`
`patent, 10:12-16.
`
`38. WO 01/54379 to Ahonen is another example of an attempted solution
`
`to the problem of mobility and IPSec. As will be explained below, Ahonen
`
`describes the very same solution as the ’302 patent. In view of these references,
`
`and especially Ahonen and Patil, the ’302 patent’s alleged solution was already
`
`well-known in the art.
`
`VII. The ’302 Patent Claims
`
`39.
`
`In the following section, I address my interpretation of specific terms
`
`used in the ’302 patent.
`
`A.
`
`40.
`
`“a first secure connection”/ “a second secure connection” [Claim
`1.a]
`In my opinion, the terms “establishing a first secure connection”/
`
`“establishing a second secure connection” should be construed to respectively
`
`include “establishing one or more first security associations” and “establishing one
`
`or more second security associations.” That is, one can establish a secure
`
`connection by establishing one or more security associations.
`
`41. This is consistent with both the claims and the specification in my
`
`opinion. For example, claim 3, depends from claim 1, and recites “establishing the
`
`first secure connection by using IPSec protocols.” I understand that dependent
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 21
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`claims generally are required to narrow the scope of independent claims by adding
`
`more limitations to the independent claim. Because of this, “establishing a first
`
`secure connection” of claim 1 is broader than the scope of dependent claim 3 that
`
`claims “establishing the first secure connection by using IPSec protocols.” Thus, in
`
`my opinion, “establishing a first secure connection” of claim 1 must include
`
`methods of establishing such a connection using the IPSec protocol. The
`
`specification of the ’302 patent explains that “The IP security protocols (IPSec)
`
`provides the capability to secure communications across a LAN, across private and
`
`public wide area networks (WANs) and across the internet.” ’302 Patent, 1:38-40.
`
`And that the “[t]he secure connections are preferably established by forming
`
`Security Associations (SAs) using the IPSec protocols.” Id., 7:39-41. In other
`
`words, an IPSec connection is created using one or more security associations.
`
`42. The ’302 specification also repeatedly uses the terms “security
`
`association” and “secure connection” interchangeably. For example, “IPSec
`
`security associations are used as secure connections.” Id., 7:54-55; see also id.,
`
`2:1-2 (“IPSec connection is used in what follows in place of an IPSec bundle of
`
`one or more security associations SAs.”); Id., 8:45-46 (“an IPSec security
`
`association is used instead of the IP-IP tunnelling”).
`
`MPH Technologies Oy, Exhibit 2007
`Page 2007 - 22
`IPR2019-00820, Apple Inc. v. MPH Technologies Oy
`
`Ex. 1003
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`

`

`43. Accordingly, in my opinion, the terms “establishing a first secure
`
`connection”/ “establishing a second secure connection” should be construed broad
`
`enough
`
`to respectively
`
`include “establishing one or more first security
`
`associations” and “establishing one or more second security associations.”
`
`VIII. Analysis
`
`44. Claims 1-16 are unpatentable for at least the reasons set forth below.
`
`A.
`
`First Ground: The Combination of Ahonen and Ishiyama
`1.
`45. Ahonen, like the ’302 patent, is directed to a method for “allowing a
`
`Ahonen
`
`