`Trials@uspto.gov
`Date: October 5, 2020
`Tel: 571-272-7822
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`
`
`APPLE INC.,
`Petitioner,
`v.
`MPH TECHNOLOGIES OY,
`Patent Owner.
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`__________________________
`
`
`
`
`
`
`
`Before SALLY C. MEDLEY, KAMRAN JIVANI, and
`JOHN D. HAMANN, Administrative Patent Judges.
`HAMANN, Administrative Patent Judge.
`
`
`
`
`JUDGMENT
`Final Written Decision
`Determining No Challenged Claims Unpatentable
`35 U.S.C. § 318(a)
`
`
`
`
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`INTRODUCTION
`I.
`In this inter partes review, instituted pursuant to 35 U.S.C. § 314,
`Apple Inc. (“Petitioner”) challenges the patentability of claims 1–16 (“the
`challenged claims”) of U.S. Patent No. 8,037,302 B2 (Ex. 1001, “the ’302
`patent”), owned by MPH Technologies Oy (“Patent Owner”). We have
`jurisdiction under 35 U.S.C § 6. This Final Written Decision is entered
`pursuant to 35 U.S.C. § 318(a) and 37 C.F.R. § 42.73.
`For the reasons discussed herein, we determine that Petitioner has not
`shown by a preponderance of the evidence that claims 1–16 are
`unpatentable.
`II. BACKGROUND
`
`A. Procedural History
`Petitioner filed a Petition requesting inter partes review of the
`challenged claims of the ’302 patent. Paper 1 (“Pet.”). The Petition is
`supported by the Declaration of David Goldschlag, Ph.D. (Ex. 1003). Patent
`Owner filed a Preliminary Response. Paper 8.
`We instituted inter partes review of all of the challenged claims of the
`’302 patent on all of the grounds raised in the Petition. Paper 9 (“Dec. on
`Inst.”), 6–7, 31. Patent Owner filed a Response to the Petition. Paper 15
`(“PO Resp.”). The Response is supported by the Declaration of Professor
`George N. Rouskas, Ph.D. (Ex. 2002). Petitioner filed a Reply to Patent
`Owner’s Response. Paper 18 (“Pet. Reply”). The Reply is supported by an
`additional Declaration of David Goldschlag, Ph.D. (Ex. 1020). Patent
`Owner filed a Sur-Reply to Petitioner’s Reply. Paper 21 (“PO Sur-Reply”).
`An oral hearing was held on July 17, 2020. A transcript of the oral
`hearing is included in the record. Paper 27 (“Tr.”).
`
`2
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`B. Related Matter
`The parties identify MPH Techs. Oy v. Apple Inc., Case No. 4:18-cv-
`05935-PJH (N.D. Cal.), as a matter that may affect or would be affected by a
`decision in this proceeding. Pet. 2; Paper 7, 1.
`
`C. The Challenged Patent (Ex. 1001)
`The ’302 patent relates to providing “secure connections in
`telecommunication networks” more efficiently. Ex. 1001, 1:13–14, 4:55–63,
`7:3–5. In particular, the ’302 patent relates to reducing the handover latency
`for secure connections, such as those employing Internet Protocol (“IP”)
`Security (“IPSec”) with mobile terminals1 (i.e., terminals that can move
`from one network to another). Id. at 4:55–63, 7:3–5, 7:39–41.
`According to the ’302 patent, IPSec comprises a set of rules for
`“provid[ing] the capability to secure communications” between hosts. Id. at
`1:38–39. These rules describe, inter alia, the concept of a Security
`Association (“SA”), which the ’302 patent describes as “a one-way
`relationship between a sender and a receiver that offers [negotiated IPSec]
`security services to the traffic carried on it.” Id. at 1:62–65. SAs are
`identified, in part, by the IP addresses of the hosts. E.g., id. at 2:14–16. The
`’302 patent discloses that when a new SA is formed, “it is registered for
`immediate and/or later use” in a Security Association Database (“SAD”),
`“which is the nominal place to store IPSec SAs in the IPSec model.” Id. at
`7:45–53. Each host participating in the forming of the SA maintains a copy
`of the SAD, according to the ’302 patent. Id. at 7:47–48.
`
`1 The ’302 patent discloses that “the term[s] mobility and mobile terminal
`do[] not only mean physical mobility, . . . [but also] mean[] moving from
`one network to another, which can be performed by a physically fixed
`terminal as well.” Ex. 1001, 3:51–55.
`
`3
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`In addition, the ’302 patent discloses that IPSec is intended to work
`with static network topologies. Id. at 3:19–22. For example, IPSec can
`secure communications between static hosts across a local area network
`(“LAN”), as well as across a private or public wide area network (“WAN”).
`Id. at 1:38–40. IPSec, however, “does not work well with mobile”
`terminals, according to the ’302 patent, because when “a mobile terminal
`moves from one network to another [and changes addresses], an IPSec
`connection set up is required,” which typically “is expensive in terms of
`latency,” requiring “several seconds to complete.” Id. at 4:52–60.
`
`To address this problem, the ’302 patent discloses avoiding the need,
`if possible, to set up an IPSec connection when the mobile terminal moves
`networks by relying on a SA that is already established. E.g., id. at 10:39–
`43, 10:51–56. Figure 2, shown below, is a “signalling diagram,” which
`describes the invention of the ’302 patent. Id. at 9:5–6.
`
`
`
`4
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`Figure 2 “describes an example of the method of the invention for
`
`sending messages[, as shown in steps 1–6,] when a mobile terminal moves
`to a new address.” Id. at 10:9–11. We focus on steps 1 and 5 between the
`mobile terminal and home server, because these are the illustrated steps
`relevant to our analysis below.
`
`First, a SA is established between a first address of the mobile
`terminal and the address of the home server. Id. at 10:12–16. This SA is
`used to send a message from the mobile terminal to the home server, as
`illustrated in step 1. Id. at 10:21–25. Subsequently, the mobile terminal
`moves to a new network and obtains a new address from the new network.
`Id. at 10:39–40. “The mobile terminal then checks whether an SA
`. . . already exists between the new . . . address and the home server address.
`This check is normally done by inspecting the contents of” a SAD, “as
`specified by the IPSec protocol.” Id. at 10:40–46.
`
`If a SA between the mobile terminal’s new address and the home
`server’s address “already exists, this SA is registered to be the actual SA to
`be used.” Id. at 10:51–56. Put differently, the SA is registered as an active
`connection (i.e., “a stored mobility binding that maps a given terminal
`address to one or more” SAs to determine to what address to forward
`packets). E.g., id. at 8:13–14, 10:12–27. “This happens by means of a
`signalling message . . . done between the mobile terminal and the home
`server, described by step[] 5 . . . .” Id. at 10:57–59; see also id. at 7:59–63
`(describing sending a Registration Request signalling message to register the
`actual connection to use). Alternatively, the ’302 patent discloses that in
`lieu of a Registration Request, properly authenticated traffic from a new
`address can be used “as an implicit registration request, and a mobility
`
`5
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`binding update [can be] performed automatically.” Id. at 11:31–33. “When
`a[] . . . SA does not exist between the [mobile terminal’s] new . . . address
`and the home server[’s address], a[] . . . SA setup” occurs instead. Id. at
`10:66–67.
`
`D. The Challenged Claims
`Petitioner challenges claims 1–16 of the ’302 patent, of which claim 1
`is the sole independent claim. Claim 1 is illustrative of the challenged
`claims and is reproduced below:
`1.
`A method for ensuring secure forwarding of a message in
`a telecommunication network, comprising:
`
`providing a first terminal from which the message is sent
`and a second terminal to which the message is sent,
`
`a) establishing a first secure connection as being an active
`connection and extending between a first network address of the
`first terminal and an original network address of the second
`terminal, establishing a second secure connection extending
`between a second network address of the first terminal and the
`original network address of the second terminal,
`
`b) the first terminal changing from the first network
`address to the second network address, the first terminal
`checking whether the second secure connection already exists,
`and
`c) when the second secure connection already exists, the
`
`second terminal registering the already established second secure
`connection as being the active connection without having to
`reestablish the second secure connection.
`Ex. 1001, 12:15–34.
`
`6
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`E. Instituted Grounds of Unpatentability
`We instituted trial based on the following grounds of unpatentability,
`
`which are all the grounds of unpatentability raised in the Petition:
`
`References
`35 U.S.C.2 Challenged Claims
`1. Ahonen, 3 Ishiyama4
`§ 103(a)
`1–13, 16
`2. Ahonen, Ishiyama, Gupta5
`§ 103(a)
`14, 15
`
`
`Pet. 3–4, 17–53.
`
`III. LEVEL OF ORDINARY SKILL IN THE ART
`To determine whether an invention would have been obvious at the
`time it was made, we consider the level of ordinary skill in the pertinent art
`at the time of the invention. Graham v. John Deere Co., 383 U.S. 1,
`17 (1966). In assessing the level of ordinary skill in the art, various factors
`may be considered, including the “type of problems encountered in the art;
`prior art solutions to those problems; rapidity with which innovations are
`made; sophistication of the technology; and educational level of active
`workers in the field.” In re GPAC, Inc., 57 F.3d 1573, 1579 (Fed. Cir. 1995)
`(citing Custom Accessories, Inc. v. Jeffrey-Allan Indus., Inc., 807 F.2d 955,
`962 (Fed. Cir. 1986)). “[O]ne or more factors may predominate.” Id.
`
`
`2 The Leahy-Smith America Invents Act (“AIA”) included revisions to 35
`U.S.C. § 103 that became effective on March 16, 2013. Because the ’302
`patent issued from an application filed before March 16, 2013, we apply the
`pre-AIA version of the statutory basis for unpatentability.
`3 Int’l Pub. No. WO 01/54379 A1 (published July 26, 2001) (Ex. 1004).
`4 U.S. Patent No. 6,904,466 B1 (issued June 7, 2005) (Ex. 1005).
`5 Vipul Gupta et al., Complete Computing, WWCA ’98 PROC. 2D INT’L
`CONF. ON WORLDWIDE COMPUTING AND ITS APPLICATIONS (Mar. 4–5, 1998)
`(Ex. 1006).
`
`7
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`In our Decision on Institution, we adopted Petitioner’s proposed
`definition for one having ordinary skill in the art at the time of the invention
`of the ’302 patent as one who would have had “a B.S. degree in Computer
`Science, Electrical Engineering, or an equivalent field, as well as at least 3–5
`years of academic or industry experience in network security, or comparable
`industry experience.” Dec. on Inst. 7 (citing Pet. 14; Ex. 1003 ¶ 22). Patent
`Owner does not dispute our adoption of Petitioner’s definition, nor otherwise
`address the level of ordinary skill at the time of the invention of the ’302
`patent. See generally PO. Resp.; see also Ex. 2002 ¶ 24.
`Because Petitioner’s definition of the level of skill in the art is
`consistent with the ’302 patent and the asserted prior art, we maintain
`Petitioner’s definition for purposes of this Final Written Decision. See
`Okajima v. Bourdeau, 261 F.3d 1350, 1355 (Fed. Cir. 2001); GPAC, 57 F.3d
`at 1579; In re Oelrich, 579 F.2d 86, 91 (CCPA 1978). We apply Petitioner’s
`definition in our analysis below.
`
`IV. CLAIM CONSTRUCTION
`Because the Petition was filed after November 13, 2018, we construe
`the challenged claims by applying “the standard used in federal courts, in
`other words, the claim construction standard that would be used to construe
`the claim in a civil action under 35 U.S.C. [§] 282(b), which is articulated in
`Phillips [v. AWH Corp., 415 F.3d 1303 (Fed. Cir. 2005) (en banc)].” See
`Changes to the Claim Construction Standard for Interpreting Claims in Trial
`Proceedings Before the Patent Trial and Appeal Board, 83 Fed. Reg. 51,340,
`51,340, 51,358 (Oct. 11, 2018) (amending 37 C.F.R. § 42.100(b) effective
`November 13, 2018) (now codified at 37 C.F.R. § 42.100(b) (2019)). Under
`Phillips, the words of a claim are generally given their “ordinary and
`
`8
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`customary meaning,” which is the meaning they would have to a person of
`ordinary skill in the art at the time of the invention, in light of the
`specification and prosecution history. See Phillips, 415 F.3d at 1312–13.
`The parties identify for construction “establishing a first secure
`connection” and “establishing a second secure connection,” as recited in
`claim 1. Pet. 15–16; Prelim. Resp. 8–12. We address these terms in two
`parts (i.e., “secure connection” and “establishing”), as the parties do.
`
`A. Secure Connection
`In the Petition, Petitioner argued that a secure connection means “one
`
`or more . . . security associations.” Pet. 15 (citing Ex. 1003 ¶¶ 40–43). In
`our Decision on Institution, we concluded that “we need not decide whether
`a ‘secure connection’ should be limited to one or more SAs[, but r]ather, it is
`sufficient that the parties do not dispute that a secure connection covers one
`or more SAs.” Dec. on Inst. 9 (citations omitted). In the subsequent papers,
`the parties confirm that they do not dispute that a secure connection covers
`one or more SAs. Pet. Reply 3; PO Sur-Reply 2. Accordingly, we find that
`no express construction of “secure connection” is needed. Nidec Motor
`Corp. v. Zhongshan Broad Ocean Motor Co., 868 F.3d 1013, 1017 (Fed.
`Cir. 2017) (quoting Vivid Techs., Inc. v. Am. Sci. & Eng’g, Inc., 200 F.3d
`795, 803 (Fed. Cir. 1999)) (“[W]e need only construe terms ‘that are in
`controversy, and only to the extent necessary to resolve the controversy.’”).
`
`B. Establishing
`Patent Owner argues that “‘establishing a first/second secure
`
`connection’ requires forming or creating a new secure connection.”
`PO Resp. 22; see also id. at 22–23 (citing Ex. 1001, 7:39–41, 7:45–48,
`10:12–16, 12:19–25; Ex. 2002 ¶ 69). Petitioner agrees that “‘[e]stablishing’
`
`9
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`should be construed to mean ‘forming or creating a new secure connection,’
`as proposed by” Patent Owner. Pet. Reply 4. We conclude that the ’302
`patent’s Specification supports this proposed construction, and we construe
`“establishing a . . . secure connection” as meaning “forming or creating a
`new secure connection.” See Ex. 1001, code (57), 7:13–15, 7:39–41, 10:12–
`16.
`
`V.
`
`PRINCIPLES OF LAW
`A claim is unpatentable under 35 U.S.C. § 103(a) if the differences
`between the claimed subject matter and the prior art are such that the subject
`matter, as a whole, would have been obvious at the time of the invention to a
`person having ordinary skill in the art. KSR Int’l Co. v. Teleflex, Inc., 550
`U.S. 398, 406 (2007). The question of obviousness is resolved on the basis
`of underlying factual determinations, including (1) the scope and content of
`the prior art; (2) any differences between the claimed subject matter and the
`prior art; (3) the level of ordinary skill in the art; and (4) objective evidence
`of non-obviousness, if present. 6 See Graham, 383 U.S. at 17–18. When
`evaluating a claim for obviousness, we also must “determine whether there
`was an apparent reason to combine the known elements in the fashion
`claimed by the patent at issue.” KSR, 550 U.S. at 418 (citing In re Kahn,
`441 F.3d 977, 988 (Fed. Cir. 2006)).
`
`VI. ALLEGED OBVIOUSNESS OVER AHONEN AND ISHIYAMA
`Petitioner argues that the combination of Ahonen and Ishiyama
`renders claims 1–13 and 16 of the ’302 patent obvious under 35 U.S.C.
`
`
`6 Patent Owner does not present arguments or evidence of such objective
`evidence of non-obviousness in its Response. See generally PO Resp.
`
`10
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`§ 103(a). Pet. 17–50. We have reviewed the parties’ arguments and the
`evidence of record. For the reasons that follow, we determine that Petitioner
`does not show by a preponderance of the evidence that claims 1–13 and 16
`would have been obvious to one of ordinary skill in the art in view of
`Ahonen and Ishiyama.
`
`A. Summary of Ahonen
`Ahonen relates to a virtual private network (“VPN”) “in which a
`mobile terminal establishes a secure connection with a correspondent host
`located in an intranet, via a [s]ecurity [g]ateway” (also known as a firewall).
`Ex. 1004, 3:5–7. Figure 1, shown below as annotated by Petitioner,
`illustrates this network topology, in accordance with Ahonen’s invention.
`Id. at 7:1–2.
`
`
`Figure 1 illustrates mobile host 1 connected to correspondent host 4
`
`via access network 6, Internet 2, firewall 3, and intranet 5. Id. at 7:23–27.
`As annotated by the dotted line, a secure connection is established between
`mobile host 1 and correspondent host 4 over this path. Id. at 7:28–31.
`
`11
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`Thereafter, mobile host 1 sends firewall 3 an authentication certificate,
`which contains, inter alia, the identity of the SA to use for subsequent
`communication between mobile host 1 and correspondent host 4. E.g., id. at
`code (57). Mobile host l can then send data packets to correspondent host 4
`using the identified SA, via firewall 3. Id. However, firewall 3 only
`forwards the data packets to correspondent host 4 if they are authenticated
`by firewall 3. Id.
`
`Ahonen discloses that IPSec can be used to create the secure
`connection between mobile host 1 and correspondent host 4. Id. at 3:19–20.
`“In the IP[S]ec model[,however,] the end points of the secure connection are
`identified by their IP addresses.” Id. at 3:21–22. “Whilst this may be
`satisfactory for users having a fixed connection, [according to Ahonen,] it
`. . . present[s] problems for the mobile user . . . who wishes to roam
`[because] . . . the IP address allocated to the roaming mobile user is likely to
`change” as the user moves between networks. Id. at 3:22–26. According to
`Ahonen, when an IP address changes, it is difficult to reuse the pre-existing
`SAs, and the communicating parties may need to establish new SAs using
`the new IP address. Id. at 3:26–29. “This will result in increased signalling
`traffic and will degrade the performance of the VPN . . . .” Id. at 3:30–31.
`
`To address this problem, Ahonen’s invention discloses “reduc[ing] the
`amount of security related messaging during on-the-fly IP address changes,
`as the SAs needed to provide for secure communication between the mobile
`host and the correspondent host pre-exist.” Id. at 4:30–32. More
`specifically, Ahonen discloses negotiating one or more IPSec SAs between
`mobile host 1 and correspondent host 4 in preparation for providing future
`secure connections more efficiently when mobile host 1 roams. E.g., id. at
`
`12
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`5:31–6:1, 8:2–5, 8:28–9:2, 15:1–3. Ahonen discloses that the “[d]etails of
`the negotiated SAs are held at . . . firewall [3] in a Security Association
`Database (SAD)” on “the external side interface,” so that the mobile host
`can use the pre-existing SAs when roaming. Id. at 15:4–9.
`
`More specifically, Ahonen discloses that when mobile host 1 roams, it
`can “remotely ‘activate’ [the] pre-existing secure connections to
`. . . correspondent host 4.” Id. at 16:16–19. In particular, Ahonen discloses,
`to activate a pre-existing connection, mobile host 1 sends to firewall 3 an
`authorization certificate, which includes: (i) “the (New) Source and
`Destination IP addresses (if changed),”7 (ii) the cookies used to negotiate the
`SAs between mobile host 1 and correspondent host 4, (iii) the IPSec protocol
`ID, and (iv) the Security Parameter Index (“SPI”) of the SA. Id. at 17:1–11.
`Firewall 3 searches its Remote Control DataBase (“RCDB”) for records
`matching the authorization certificate’s cookies, IPSec protocol ID, and SPI.
`Id. at 17:19–25. If a match is found, firewall 3 sends an acknowledgement
`back to mobile host 1. Id. at 18:3–4. In addition, Ahonen discloses that if
`the source IP address was changed, firewall 3 also will “forward the new
`Source and Destination IP addresses to the correspondent host 4.” Id. at
`18:7–8. Ahonen discloses that correspondent host 4 then modifies “its SAD
`database to correctly reflect the change of the mobile host’s IP address to the
`new valid one.” Id. at 18:10–12.
`
`
`7 Ahonen discloses that “mobile host 1 might be required to use a new IP
`address when communicating via” the visited access network. Ex. 1004,
`16:22–24.
`
`13
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`B. Summary of Ishiyama
`Ishiyama relates to improving a mobile computer’s “capab[ility] of
`
`carrying out communications while moving among a plurality of inter-
`connected networks.” Ex. 1005, 1:9–11. In furtherance of this mobility,
`Ishiyama discloses having the mobile computer send a notification to its
`correspondent host when the mobile computer moves networks and gets a
`new address. E.g., id. at 3:63–67, 6:13–18, 15:37–16:10.
`
`According to one aspect of Ishiyama’s invention for an IPSec
`embodiment, Ishiyama discloses that when transmitting a packet, the mobile
`computer’s IPSec module “first searches through a security policy database”
`(“SPD”), using appropriate elements such as the source/destination address
`of a packet, to select a security policy, which identifies a SA to use to
`transmit the packet. Id. at 8:9–11, 9:50–54, 10:1–13.
`
`C. Challenged Claim 1
`Claim 1 recites, inter alia, “establishing a first secure connection as
`
`being an active connection and extending between a first network address of
`the first terminal and an original network address of the second terminal.”
`Ex. 1001, 12:19–22. Petitioner relies on Ahonen for teaching this limitation.
`Pet. 27–38. We agree with Patent Owner and find that Ahonen fails to teach
`this limitation. PO Resp. 48–52; PO Sur-Reply 20–21.
`
`This limitation has two requirements in establishing a first secure
`connection, namely, that the secure connection is established (i) as
`“extending between a first network address of the first terminal and an
`original network address of the second terminal” and (ii) “as being an active
`connection.” In accordance with our above construction, the first
`requirement is met by “forming or creating a new secure connection”
`
`14
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`between the claimed addresses. See supra Section IV(B) (construing
`establishing a secure connection).
`
`As to the second requirement, the ’302 patent teaches that “[w]hen a
`new secure connection is formed, it is registered for immediate and/or later
`use.” Ex. 1001, 7:45–46. The ’302 patent uses the phrases “for immediate
`use” and being “active” interchangeably. See, e.g., id. at code (57), 7:16–20,
`7:59–63, 8:12–26, 10:54–55. For example, the ’302 patent teaches that
`“[t]he actual connection(s) to be used is registered.” Id. at 7:59–63. In more
`detail, the ’302 patent teaches that “[t]he active SA is a stored mobility
`binding that maps a given terminal address to one or more IPSec tunnel
`mode SAs,” and that “[t]he mobility binding is necessary, . . . [because
`t]here has to be some way for the first terminal to determine which security
`association(s) to actually use when processing packets.” Id. at 8:12–15,
`8:23–27. Accordingly, the ’302 patent teaches that “[w]hen a new secure
`connection is formed, it is registered” as being (i) an active connection or
`(ii) for later use. Id. at 7:45–46, 8:12–15, 8:23–27. Here, the claim
`language requires that when the first secure connection is established, it is
`registered as being an active connection. Id. at 12:19–22.
`
`In addition, Dr. Rouskas’ following declaration testimony is
`consistent with our conclusions:
`Based on the language of the claim, and the ’302 Patent’s
`disclosure that “[w]hen a new secure connection is formed, it is
`registered for immediate and/or later use,” Ex. 1001[,7:45–
`46], a POSITA would understand “establishing a first secure
`connection as being an active connection” to mean that the first
`secure connection is established as an active connection for
`immediate use, as opposed to an inactive connection reserved for
`later use. Therefore, as any POSITA would have understood,
`this term not only requires creating or forming a new secure
`
`15
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`connection, but also creating or forming a new secure connection
`as being an active connection.
`Ex. 2002 ¶ 111. We find that this testimony is consistent with the plain and
`ordinary meaning of the limitation’s claim language and the ’302 patent’s
`Specification. Ex. 1001, 7:13–16, 7:39–46, 12:19–22.
`
`We are not persuaded by Petitioner’s arguments that “nothing in the
`claims or the [S]pecification requires an element of ‘immediacy’ or a
`particular timing to exist in the claims.” Pet. Reply 16–17 (citing Ex. 1020
`¶¶ 39–42). Rather, the plain language of the limitation requires that when
`the first secure connection is established (i.e., when forming or creating a
`new first secure connection), it also is registered as being an active
`connection at that time. More specifically, the claim language recites
`“establishing a first secure connection as being an active connection,” and
`hence, tethers the timing of registering the connection as an active
`connection to when the secure connection is formed. Ex. 1001, 12:19–22.
`Notably, claim 1 also recites “establishing a second secure connection,” but
`without reciting that it is established as being an active connection. Id. at
`12:22–25. Rather, claim 1 requires “registering the already established
`second secure connection as being the active connection,” after the first
`terminal changes to a second address associated with the second secure
`connection. Id. at 12:30–32. Hence, claim 1 clearly provides particular
`timing with respect to when secure connections are made active, including
`that the first secure connection is made active when the first secure
`connection is established. Id. at 12:15–34.
`
`Furthermore, the ’302 patent’s Specification supports that when the
`first secure connection is established (i.e., when forming or creating a new
`
`16
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`first secure connection), it also is registered as being an active connection at
`that time. Specifically, the Specification teaches that “[w]hen a new secure
`connection is formed, it is registered for immediate and/or later use.” Id. at
`7:45–46 (emphasis added); see also id. at code (57), 7:16–20, 7:59–63,
`8:12–26, 10:54–55 (using “active” and “for immediate use”
`interchangeably).
`
`We also find that Petitioner mischaracterizes Patent Owner’s
`argument as “‘establishing . . . as being an active connection,’ means the
`connection must be used ‘immediately’ as it is established, or in other
`words: ‘concurrently.’” Pet. Reply 16 (citing PO Resp. 49). Petitioner
`conflates establishing a connection “as being an active connection,” with
`actual use of the connection. Id.; see also id. n.2 (arguing that “if something
`cannot be used ‘later’ it must be used ‘now’ or ‘concurrently’”). Rather, as
`Patent Owner argues, being an active connection means that the connection
`is available “for immediate use.” PO Resp. 49 (emphasis added). For
`immediate use does not mean that the connection actually must be used at
`that time. Ex. 1001, code (57), 7:16–20, 7:59–63, 8:12–26, 10:54–55.
`
`We also are not persuaded by Petitioner’s arguments that “[a]t most,
`the ‘active connection’ element simply means that the ‘secure connection’
`can be used by the mobile host after it is established,” but “[t]here is no
`limitation on when that use needs to occur—and it certainly need not be
`‘immediate.’” Pet. Reply 17 (citing Ex. 1020 ¶ 40). Again, a secure
`connection being established as an active connection (i.e., being available
`for immediate use when the secure connection is formed) does not require
`immediate use. Rather, as Petitioner acknowledges, the secure connection
`
`17
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`“can be used by the mobile host.” Id.; Ex. 1001, code (57), 7:16–20, 7:59–
`63, 8:12–26, 10:54–55.
`
`We also are not persuaded by Petitioner’s arguments that “a
`suggestion that the claims require a connection to be ‘established’ and
`concurrently/immediately ‘active’ would defy the laws of physics and
`computer processing.” Pet. Reply 17 (citing Ex. 1020 ¶ 41). Put differently,
`Petitioner argues that “[c]omputers function in specific step-by-step orders
`and do not perform operations ‘immediately’ or ‘simultaneously,’” and thus,
`“the claims cannot be read to exclude the creation of an SA before the
`activation of an SA in view of how technology operates.” Id. (citing
`Ex. 1020 ¶¶ 41–42). We find that these arguments are inapposite. Neither
`claim 1, nor the Specification, suggests that a secure connection is created
`and made active in simultaneous computer functions. See, e.g., Ex. 1001,
`7:13–16, 7:39–46, 12:19–22. Rather, claim 1 requires, and the Specification
`teaches, that when the first secure connection is established, it is registered
`as being an active connection. See supra; Ex. 1001, 7:45–46, 12:19–22.
`This timing does not preclude the secure connection being formed before the
`connection is made active as part of establishing the secure connection. Id.
`Again, “[w]hen a new secure connection is formed, it is registered for
`immediate and/or later use.” Id. at 7:45–46 (emphasis added).
`
`We have considered Dr. Goldschlag’s testimony about the meaning of
`this limitation, but we accord it little weight because it is contrary to the
`plain claim language and the Specification’s teachings, and is without
`sufficient factual corroboration. See Ex. 1020 ¶¶ 39–43; Ex. 1001, 7:13–16,
`7:39–46, 7:45–46, 12:19–22; see also In re Am. Acad. of Sci. Tech Ctr., 367
`F.3d 1359, 1368 (Fed. Cir. 2004) (“[T]he Board is entitled to weigh the
`
`18
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`declarations and conclude that the lack of factual corroboration warrants
`discounting the opinions expressed in the declarations.”); 37 C.F.R
`§ 42.65(a).
`
`As to Ahonen’s disclosure, we agree with Patent Owner and find that
`Ahonen fails to teach “establishing a first secure connection as being an
`active connection and extending between a first network address of the first
`terminal and an original network address of the second terminal.” Ex. 1001,
`12:19–22. More specifically, for the reasons we provide below, Ahonen
`fails to teach that the first secure connection is registered as being an active
`connection when the first secure connection is formed.
`
`Petitioner argues that Ahonen discloses this limitation. Pet. 30–32.
`More specifically, Petitioner argues that Ahonen discloses establishing
`multiple secure connections (i.e., IPSec SAs) between mobile host 1 (i.e., the
`first terminal) and correspondent host 4 (i.e., the second terminal) “during a
`‘preparations’ phase.” Id. at 30 (citing Ex. 1004, 8:28–30, 8:32–9:2, 15:1–
`3); Pet. Reply 18 (citing Ex. 1004, 8:27–9:6, 13:20–28). According to
`Petitioner, “Ahonen further explains that during this very same preparations
`function, each of the SAs are activated.” Pet. Reply 18 (citing Ex. 1004,
`13:20–23, 15:11–16:14). In particular, Petitioner argues that “Ahonen
`explains that as a part of the preparations function, the mobile host sends
`an ‘authorisation certificate’ which enables the firewall to serve the mobile
`host.” Id. (citing Ex. 1004, 15:11–16:14; Ex. 1020 ¶¶ 43–44). “Upon
`receiving the ‘authorisation certificate,’ ‘firewall 3 is now ready to serve the
`mobile host 1 and the correspondent host 4 traffic via the Remote Control
`function,’” according to Petitioner. Id. (quoting Ex. 1004, 16:9–10; citing
`Ex. 1020 ¶ 45). Petitioner argues that “[t]his description explicitly teaches
`
`19
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`that Ahonen’s activation of a secure connection is part of and occurs during
`(i.e., immediate use) the preparations function, which is when . . . the ‘first
`secure connection’ is ‘established.’” Id. (citing Ex. 1020 ¶¶ 43–45).
`
`We disagree with Petitioner that Ahonen teaches making a secure
`connection active as part of, or during, the preparations function. To the
`contrary, Ahonen teaches providing to the firewall information about the
`SAs created during the preparations function so that a