Paper 9
`Trials@uspto.gov
`Entered: October 7, 2019
`Tel: 571-272-7822
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`
`
`
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`
`
`APPLE INC.,
`Petitioner,
`v.
`MPH TECHNOLOGIES OY,
`Patent Owner.
`
`
`
`Case IPR2019-00821
`Patent 8,037,302 B2
`__________________________
`
`Before SALLY C. MEDLEY, KAMRAN JIVANI, and
`JOHN D. HAMANN, Administrative Patent Judges.
`HAMANN, Administrative Patent Judge.
`
`
`
`
`DECISION
`Granting Institution of Inter Partes Review
`35 U.S.C. § 314
`
`
`
`
`
`
`Trials@uspto.gov
`Entered: October 7, 2019
`Tel: 571-272-7822
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`
`
`
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`
`
`APPLE INC.,
`Petitioner,
`v.
`MPH TECHNOLOGIES OY,
`Patent Owner.
`
`
`
`Case IPR2019-00821
`Patent 8,037,302 B2
`__________________________
`
`Before SALLY C. MEDLEY, KAMRAN JIVANI, and
`JOHN D. HAMANN, Administrative Patent Judges.
`HAMANN, Administrative Patent Judge.
`
`
`
`
`DECISION
`Granting Institution of Inter Partes Review
`35 U.S.C. § 314
`
`
`
`
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`
`INTRODUCTION
`I.
`Apple Inc. (“Petitioner”) filed a Petition (Paper 1, “Pet.”) requesting
`an inter partes review of claims 1–16 of U.S. Patent No. 8,037,302 B2 (Ex.
`1001, “the ’302 patent”) pursuant to 35 U.S.C. § 311. MPH Technologies
`Oy (“Patent Owner”) filed a Patent Owner Preliminary Response (Paper 8,
`“Prelim. Resp.”).
`We have authority to determine whether to institute an inter partes
`review under 35 U.S.C. § 314 and 37 C.F.R. § 42.4(a). An inter partes
`review may be instituted if “the information presented in the petition filed
`under section 311 and any response filed under section 313 shows that there
`is a reasonable likelihood that the petitioner would prevail with respect to at
`least 1 of the claims challenged in the petition.” 35 U.S.C. § 314(a). On
`April 24, 2018, the Supreme Court held that a decision to institute under
`35 U.S.C. § 314 may not institute on fewer than all claims challenged in the
`Petition. SAS Inst., Inc. v. Iancu, 138 S. Ct. 1348, 1359–60 (2018).
`Upon consideration of the Petition and the Preliminary Response, we
`determine that the information presented shows there is a reasonable
`likelihood that Petitioner would prevail in establishing the unpatentability of
`at least one challenged claim of the ’302 patent. Accordingly, we institute
`inter partes review on all of the challenged claims based on all of the
`grounds identified in the Petition.
`
`A. Related Matter
`The parties identify MPH Techs. Oy v. Apple Inc., Case No. 4:18-cv-
`05935-PJH, in the U.S. District Court for the Northern District of California,
`as a matter that may affect or would be affected by a decision in this
`proceeding. Pet. 2; Paper 7, 1.
`
`2
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`B. The Challenged Patent (Ex. 1001)
`The ’302 patent relates to providing “secure connections in
`telecommunication networks” more efficiently. Ex. 1001, 1:13–14, 4:55–63,
`7:3–5. In particular, the ’302 patent relates to reducing the handover latency
`for secure connections, such as those employing Internet Protocol (“IP”)
`Security (“IPSec”) with mobile terminals1 (i.e., terminals that can move
`from one network to another). Id. at 4:55–63, 7:3–5, 7:39–41.
`According to the ’302 patent, IPSec comprises a set of rules for
`“provid[ing] the capability to secure communications” between hosts. Id. at
`1:38–39. These rules describe, inter alia, the concept of a Security
`Association (“SA”), which the ’302 patent describes as “a one-way
`relationship between a sender and a receiver that offers [negotiated IPSec]
`security services to the traffic carried on it.” Id. at 1:62–65. SAs are
`identified, in part, by the IP addresses of the hosts. E.g., id. at 2:14–16. The
`’302 patent discloses that when a new SA is formed, “it is registered for
`immediate and/or later use” in a Security Association Database (“SAD”),
`“which is the nominal place to store IPSec SAs in the IPSec model.” Id. at
`7:45–53. Each host participating in the forming of the SA maintains a copy
`of the SAD, according to the ’302 patent. Id. at 7:47–48.
`In addition, the ’302 patent discloses that IPSec is intended to work
`with static network topologies. Id. at 3:19–22. For example, IPSec can
`secure communications between static hosts across a local area network
`(“LAN”), as well as across a private or public wide area network (“WAN”).
`
`
`1 The ’302 patent discloses that “the term[s] mobility and mobile terminal
`do[] not only mean physical mobility, . . . [but also] mean[] moving from
`one network to another, which can be performed by a physically fixed
`terminal as well.” Ex. 1001, 3:51–55.
`
`3
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`Id. at 1:38–40. IPSec, however, “does not work well with mobile”
`terminals, according to the ’302 patent, because when “a mobile terminal
`moves from one network to another [and changes addresses], an IPSec
`connection set up is required,” which typically “is expensive in terms of
`latency,” requiring “several seconds to complete.” Id. at 4:52–60.
`
`To address this problem, the ’302 patent discloses avoiding the need,
`if possible, to set up an IPSec connection when the mobile terminal moves
`networks by relying on a SA that is already established. E.g., id. at 10:39–
`43, 10:51–56. Figure 2, shown below, is a “signalling diagram,” which
`describes the invention of the ’302 patent. Id. at 9:5–6.
`
`
`Figure 2 “describes an example of the method of the invention for
`
`sending messages when a mobile terminal moves to a new address.” Id. at
`10:9–11. We focus on steps 1 and 5 between the mobile terminal and home
`server, because these are the illustrated steps relevant to our analysis below.
`
`4
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`
`First, a SA is established between a first address of the mobile
`terminal and the address of the home server. Id. at 10:12–16. This SA is
`used to send a message from the mobile terminal to the home server, as
`illustrated in step 1. Id. at 10:21–25. Subsequently, the mobile terminal
`moves to a new network and obtains a new address from the new network.
`Id. at 10:39–40. “The mobile terminal then checks whether an SA
`. . . already exists between the new . . . address and the home server address.
`This check is normally done by inspecting the contents of” a SAD, “as
`specified by the IPSec protocol.” Id. at 10:40–46.
`
`If a SA between the mobile terminal’s new address and the home
`server’s address “already exists, this SA is registered to be the actual SA to
`be used.” Id. at 10:51–56. Put differently, the SA is registered as an active
`connection (i.e., “a stored mobility binding that maps a given terminal
`address to one or more” SAs to determine to what address to forward
`packets). E.g., id. at 8:13–14, 10:12–27. “This happens by means of a
`signalling message . . . done between the mobile terminal and the home
`server, described by step[] 5 . . . .” Id. at 10:56–59; see also id. at 7:59–63
`(describing sending a Registration Request signalling message to register the
`actual connection to use). Alternatively, the ’302 patent discloses that in
`lieu of a Registration Request, properly authenticated traffic from a new
`address can be used “as an implicit registration request, and a mobility
`binding update [can be] performed automatically.” Id. at 11:31–33. “When
`a[] . . . SA does not exist between the [mobile terminal’s] new . . . address
`and the home server[’s] address, . . . a[] . . . SA setup” occurs instead. Id. at
`10:66–67.
`
`5
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`C. The Challenged Claims
`Petitioner challenges claims 1–16 of the ’302 patent, of which claim 1
`is the sole independent claim. Claim 1 is illustrative of the challenged
`claims and is reproduced below:
`1.
`A method for ensuring secure forwarding of a message in
`a telecommunication network, comprising:
`
`providing a first terminal from which the message is sent
`and a second terminal to which the message is sent,
`
`a) establishing a first secure connection as being an active
`connection and extending between a first network address of the
`first terminal and an original network address of the second
`terminal, establishing a second secure connection extending
`between a second network address of the first terminal and the
`original network address of the second terminal,
`
`b) the first terminal changing from the first network
`address to the second network address, the first terminal
`checking whether the second secure connection
`already exists, and
`
`c) when the second secure connection already exists, the
`second terminal registering the already established second secure
`connection as being the active connection without having to
`reestablish the second secure connection.
`Ex. 1001, 12:15–34.
`
`
`
`D. Asserted Grounds of Unpatentability
`Petitioner asserts the following grounds of unpatentability:
`
`References
`Basis2 Challenged Claims
`1. Ahonen3 and Ishiyama4
`§ 103(a)
`1–13 and 16
`
`
`2 The Leahy-Smith America Invents Act (“AIA”) included revisions to 35
`U.S.C. § 103 that became effective on March 16, 2013. Because the ’302
`patent issued from an application filed before March 16, 2013, we apply the
`pre-AIA version of the statutory basis for unpatentability.
`3 Int’l Pub. No. WO 01/54379 A1 (published July 26, 2001) (Ex. 1004).
`4 U.S. Patent No. 6,904,466 B1 (issued June 7, 2005) (Ex. 1005).
`
`6
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`
`References
`2. Ahonen, Ishiyama, and
`Gupta5
`
`Basis2 Challenged Claims
`§ 103(a)
`14 and 15
`
`Pet. 3–4, 17–53. Petitioner submits the Declaration of David Goldschlag,
`Ph.D. (Ex. 1003) in support of its arguments.
`
`LEVEL OF ORDINARY SKILL IN THE ART
`II.
`To determine whether an invention would have been obvious at the
`time it was made, we consider the level of ordinary skill in the pertinent art
`at the time of the invention. Graham v. John Deere Co., 383 U.S. 1,
`17 (1966). In assessing the level of ordinary skill in the art, various factors
`may be considered, including the “type of problems encountered in the art;
`prior art solutions to those problems; rapidity with which innovations are
`made; sophistication of the technology; and educational level of active
`workers in the field.” In re GPAC, Inc., 57 F.3d 1573, 1579 (Fed. Cir. 1995)
`(quoting Custom Accessories, Inc. v. Jeffrey-Allan Indus., Inc., 807 F.2d
`955, 962 (Fed. Cir. 1986)). “[O]ne or more factors may predominate.” Id.
`Petitioner argues that one of ordinary skill in the art at the time of the
`invention of the ’302 patent would have had “a B.S. degree in Computer
`Science, Electrical Engineering, or an equivalent field, as well as at least 3–5
`years of academic or industry experience in network security, or comparable
`industry experience.” Pet. 14 (citing Ex. 1003 ¶ 22).
`Patent Owner does not identify a level of skill one would have had at
`the time of the invention of the ’302 patent. For purposes of this Decision
`
`
`5 Vipul Gupta et al., Complete Computing, WWCA ’98 PROC. 2D INT’L
`CONF. ON WORLDWIDE COMPUTING AND ITS APPLICATIONS (Mar. 4–5, 1998)
`(Ex. 1006).
`
`7
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`on Institution, and based on the current record, we adopt Petitioner’s
`assessment of the level of skill in the art because it is consistent with the
`’302 patent and the asserted prior art, and we apply it in our obviousness
`evaluation below.
`
`III. CLAIM CONSTRUCTION
`Because the Petition was filed after November 13, 2018, we construe
`the challenged claims by applying “the standard used in federal courts, in
`other words, the claim construction standard that would be used to construe
`the claim in a civil action under 35 U.S.C. [§] 282(b), which is articulated in
`Phillips [v. AWH Corp., 415 F.3d 1303 (Fed. Cir. 2005) (en banc)].”6 Under
`Phillips, the words of a claim are generally given their “ordinary and
`customary meaning,” which is the meaning they would have to a person of
`ordinary skill in the art at the time of the invention, in light of the
`specification and prosecution history. See Phillips, 415 F.3d at 1312–13.
`The parties identify for construction, inter alia, claim 1’s step of
`“establishing a second secure connection.” Pet. 15–16; Prelim. Resp. 8–12.
`Patent Owner also identifies for construction whether claim 1 requires its
`steps to be performed in their recited order. Prelim. Resp. 13–18.
`
`A. Establishing Second Secure Connection
`Petitioner argues that establishing a second secure connection means
`
`“establishing one or more second security associations.” Pet. 15 (citing
`Ex. 1003 ¶¶ 40–43). In other words, Petitioner construes “secure
`connection” to mean “one or more . . . security associations.” Id. Petitioner
`
`
`6 Changes to the Claim Construction Standard for Interpreting Claims in
`Trial Proceedings Before the Patent Trial and Appeal Board, 83 Fed. Reg.
`51,340, 51,343–44 (Oct. 11, 2018) (to be codified at 37 CFR pt. 42).
`
`8
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`argues that its proposed construction “is consistent with both the claims and
`the [’302 patent’s S]pecification.” Id. For example, Petitioner argues that
`because claim 3 depends from claim 1 and recites “establishing the first
`secure connection by using IPSec protocols,” claim 1 must be broad enough
`to include claim 3. Id. (citations omitted).
`
`Petitioner also argues that the ’302 patent’s Specification discloses
`that “[t]he secure connections are preferably established by forming
`. . . SAs[] using the IPSec protocols.” Id. at 16 (quoting Ex. 1001, 7:39–41).
`In addition, the ’302 patent’s Specification “repeatedly uses the terms
`‘security association’ and ‘secure connection’ interchangeably,” according
`to Petitioner. Id. (citing Ex. 1001, 2:1–2, 7:54–55).
`
`Patent Owner argues that Petitioner “improperly limit[s] the claimed
`‘secure connection’ to IPSec protocols of the preferred embodiment by
`importing the terms ‘security associations’ when claim 1 is not so limited.”
`Prelim. Resp. 12 n.3. Patent Owner also argues that Petitioner fails to
`provide a proposed construction for “establishing.” Id. at 8–9. Patent
`Owner argues that establishing a second secure connection means “forming
`a new . . . [second] secure connection.” Id. at 12. In other words, Patent
`Owner construes “establishing” to mean “forming a new,” in this context.
`Id. Patent Owner argues that the ’302 patent’s Specification and prosecution
`history support its construction for “establishing.” Id. at 10–11 (citing
`Ex. 1001, 7:41–48; Ex. 1002, 348, 352–53, 375).
`
`For our purposes on institution, we need not decide whether a “secure
`connection” should be limited to one or more SAs. Rather, it is sufficient
`that the parties do not dispute that a secure connection covers one or more
`SAs. E.g., Pet. 15; Prelim. Resp. 10; see also Nidec Motor Corp. v.
`
`9
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`Zhongshan Broad Ocean Motor Co., 868 F.3d 1013, 1017 (Fed. Cir. 2017)
`(quoting Vivid Techs., Inc. v. Am. Sci. & Eng’g, Inc., 200 F.3d 795, 803
`(Fed. Cir. 1999)) (“[W]e need only construe terms ‘that are in controversy,
`and only to the extent necessary to resolve the controversy.’”). Likewise, we
`need not construe “establishing,” as the manner in which Petitioner relies on
`the prior art is consistent with Patent Owner’s proposed construction of
`“forming a new.”7 See Section V(C)(2), infra.
`
`Accordingly, we determine that no express construction of this term is
`needed at this time. See, e.g., Nidec, 868 F.3d at 1017.
`
`B. Steps in Recited Order
`Patent Owner argues that claim 1 should be construed to require that
`steps a), b), and c) be performed in the order they are recited. Prelim. Resp.
`13–17. As we discuss below, however, the manner in which Petitioner relies
`on the prior art shows claim 1’s steps a), b), and c) being performed in their
`recited order. See Section V(C)(2), infra. Thus, we need not determine
`whether claim 1 requires these steps to be performed in their recited order,
`as this is not in controversy. See, e.g., Nidec, 868 F.3d at 1017.
`
`
`7 We question whether Patent Owner’s proposed construction (i.e., “forming
`a new”) differs substantively from the plain meaning of “establishing” in the
`context of the disputed term. We also note that claim 1 recites “establishing
`a first secure connection as being an active connection” and “establishing a
`second secure connection.” Compare Ex. 1001, 12:19–20 (emphasis added),
`with id. at 12:22–23. The parties do not address how, if at all, “as being an
`active connection” modifies the plain meaning of “establishing” in the
`context of the entire limitation. Regardless, our Decision on Institution does
`not turn on these issues, and thus, we do not reach them.
`
`10
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`
`IV. PRINCIPLES OF LAW
`A claim is unpatentable under 35 U.S.C. § 103(a) if the differences
`between the claimed subject matter and the prior art are such that the subject
`matter, as a whole, would have been obvious at the time of the invention to a
`person having ordinary skill in the art. KSR Int’l Co. v. Teleflex, Inc., 550
`U.S. 398, 406 (2007). The question of obviousness is resolved on the basis
`of underlying factual determinations, including: (1) the scope and content of
`the prior art; (2) any differences between the claimed subject matter and the
`prior art; (3) the level of ordinary skill in the art; and (4) objective evidence
`of non-obviousness, if present.8 See Graham, 383 U.S. at 17–18. When
`evaluating a claim for obviousness, we also must “determine whether there
`was an apparent reason to combine the known elements in the fashion
`claimed by the patent at issue.” KSR, 550 U.S. at 418 (citing In re Kahn,
`441 F.3d 977, 988 (Fed. Cir. 2006)).
`
`V. ALLEGED OBVIOUSNESS OVER AHONEN AND ISHIYAMA
`Petitioner argues that the combination of Ahonen and Ishiyama
`renders claims 1–13 and 16 of the ’302 patent obvious under 35 U.S.C.
`§ 103(a). Pet. 17–50. Below we discuss independent claim 1, as Patent
`Owner’s Preliminary Response does not address separately any of the other
`challenged claims for this asserted ground. For the reasons that follow, we
`determine that Petitioner establishes a reasonable likelihood that it would
`prevail in showing that claim 1 would have been obvious to one of ordinary
`skill in the art in view of Ahonen and Ishiyama.
`
`
`8 Patent Owner does not present arguments or evidence of such objective
`evidence of non-obviousness. See generally Prelim. Resp.
`
`11
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`A. Summary of Ahonen
`Ahonen relates to a virtual private network (“VPN”) “in which a
`mobile terminal establishes a secure connection with a correspondent host
`located in an intranet, via a [s]ecurity [g]ateway” (also known as a firewall).
`Ex. 1004, 3:5–7. Figure 1,9 shown below, illustrates this network topology,
`in accordance with Ahonen’s invention. Id. at 7:1–2.
`
`
`Figure 1 illustrates mobile host 1 connected to correspondent host 4
`
`via access network 6, Internet 2, firewall 3, and intranet 5. Id. at 7:23–27.
`As annotated by the dotted line, a secure connection is established between
`mobile host 1 and correspondent host 4 over this path. Id. at 7:28–31.
`Thereafter, mobile host 1 sends firewall 3 an authentication certificate,
`which contains, inter alia, the identity of the SA to use for subsequent
`communication between mobile host 1 and correspondent host 4. E.g., id. at
`Abstract. Mobile host l can then send data packets to correspondent host 4
`using the identified SA, via firewall 3. Id. However, firewall 3 only
`
`9 Shown as annotated by Petitioner. Pet. 19.
`
`12
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`forwards the data packets to correspondent host 4 if they are authenticated
`by firewall 3. Id.
`
`Ahonen discloses that IPSec can be used to create the secure
`connection between mobile host 1 and correspondent host 4. Id. at 3:19–20.
`“In the IP[S]ec model[,however,] the end points of the secure connection are
`identified by their IP addresses.” Id. at 3:21–22. “Whilst this may be
`satisfactory for users having a fixed connection, [according to Ahonen,] it
`. . . present[s] problems for the mobile user . . . who wishes to roam
`[because] . . . the IP address allocated to the roaming mobile user is likely to
`change” as the user moves between networks. Id. at 3:22–26. According to
`Ahonen, when an IP address changes, it is difficult to reuse the pre-existing
`SAs, and the communicating parties may need to establish new SAs using
`the new IP address. Id. at 3:26–29. “This will result in increased signalling
`traffic and will degrade the performance of the VPN . . . .” Id. at 3:30–31.
`
`To address this problem, Ahonen’s invention discloses “reduc[ing] the
`amount of security related messaging during on-the-fly IP address changes,
`as the SAs needed to provide for secure communication between the mobile
`host and the correspondent host pre-exist.” Id. at 4:30–32. More
`specifically, Ahonen discloses negotiating one or more IPSec SAs between
`mobile host 1 and correspondent host 4 in preparation for providing future
`secure connections more efficiently when mobile host 1 roams. E.g., id. at
`5:31–6:1, 8:2–5, 8:28–9:2, 15:1–3. Ahonen discloses that the “[d]etails of
`the negotiated SAs are held at . . . firewall [3] in a Security Association
`Database (SAD)” on “the external side interface,” so that mobile host 3 can
`use the pre-existing SAs when roaming. Id. at 15:4–9.
`
`13
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`
`More specifically, Ahonen discloses that when mobile host 1 roams, it
`can “remotely ‘activate’ [the] pre-existing secure connections to
`. . . correspondent host 4.” Id. at 16:16–19. In particular, Ahonen discloses,
`to activate a pre-existing connection, mobile host 1 sends to firewall 3 an
`authorization certificate, which includes: (i) “the (New) Source and
`Destination IP addresses (if changed),”10 (ii) the cookies used to negotiate
`the SAs between mobile host 1 and correspondent host 4, (iii) the IPSec
`protocol ID, and (iv) the Security Parameter Index (“SPI”) of the SA. Id. at
`17:1–11. Firewall 3 searches its Remote Control DataBase (“RCDB”) for
`records matching the authorization certificate’s cookies, IPSec protocol ID,
`and SPI. Id. at 17:19–25. If a match is found, firewall 3 sends an
`acknowledgement back to mobile host 1. Id. at 18:3–4. In addition, Ahonen
`discloses that if the source IP address was changed, firewall 3 also will
`“forward the new Source and Destination IP addresses to the correspondent
`host 4.” Id. at 18:7–8. Ahonen discloses that correspondent host 4 then
`modifies “its SAD database to correctly reflect the change of the mobile
`host’s IP address to the new valid one.” Id. at 18:10–12.
`
`B. Summary of Ishiyama
`Ishiyama relates to improving a mobile computer’s “capab[ility] of
`
`carrying out communications while moving among a plurality of inter-
`connected networks.” Ex. 1005, 1:9–11. In furtherance of this mobility,
`Ishiyama discloses having the mobile computer send a notification to its
`
`
`10 Ahonen discloses that “mobile host 1 might be required to use a new IP
`address when communicating via” the visited access network. Ex. 1004,
`16:22–24.
`
`14
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`correspondent host when the mobile computer moves networks and gets a
`new address. E.g., id. at 3:63–67, 6:13–18, 15:37–16:10.
`
`According to one aspect of Ishiyama’s invention for an IPSec
`embodiment, Ishiyama discloses that when transmitting a packet, the mobile
`computer’s IPSec module “first searches through a security policy database”
`(“SPD”), using appropriate elements such as the source/destination address
`of a packet, to select a security policy, which identifies a SA to use to
`transmit the packet. Id. at 8:9–11, 9:50–54, 10:1–13.
`
`C. Challenged Claim 1
`Petitioner relies on Ahonen for teaching claim 1’s limitations, except
`
`for “the first terminal checking whether the second secure connection
`already exists,” for which Petitioner also relies on Ishiyama. Pet. 27–38.
`For the reasons that follow, we determine, based on the current record, that
`the combination of Ahonen and Ishiyama renders claim 1 of the ’302 patent
`obvious.
`
`1. Undisputed Limitations
`a. Method for Ensuring Secure Forwarding
`Petitioner argues that Ahonen discloses “[a] method for ensuring
`
`secure forwarding of a message in a telecommunication network,” as recited
`in claim 1’s preamble. Id. at 27–29. More specifically, Petitioner argues
`that Ahonen discloses allowing a mobile host to communicate (e.g.,
`forwarding messages) securely with a correspondent host over a VPN, via a
`gateway (i.e., a telecommunication network). Id. (citing Ex. 1004, Abstract,
`4:7–16, 7:23–31, 8:2–5, Fig. 1; Ex. 1003 ¶ 64).
`
`15
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`b. Providing First and Second Terminals
`Petitioner argues that Ahonen discloses “providing a first terminal
`
`from which the message is sent and a second terminal to which the message
`is sent,” as recited in claim 1. Id. at 29–30. More specifically, Petitioner
`argues that Ahonen’s “mobile user 1 is a first terminal and correspondent
`host [4] is a second terminal,” for which one or more SAs are negotiated for
`communications there between. Id. at 29 (citing Ex. 1004, Abstract); see
`also id. at 29–30 (citing Ex. 1004, 5:31–6:1; Ex. 1003 ¶ 60) (arguing that
`Ahonen discloses that mobile host 1 and correspondent host 4 can send
`encrypted messages to one another).
`
`c. Establishing a First Secure Connection
`Petitioner argues that Ahonen discloses “establishing a first secure
`
`connection as being an active connection and extending between a first
`network address of the first terminal and an original network address of the
`second terminal,” as recited in claim 1. Id. at 30–32. More specifically,
`Petitioner argues that Ahonen discloses establishing multiple secure
`connections (i.e., IPSec SAs) between mobile host 1 (i.e., the first terminal)
`and correspondent host 4 (i.e., the second terminal) “during a ‘preparations’
`phase.” Id. at 30 (citing Ex. 1004, 8:28–30, 8:32–9:2, 15:1–3). Petitioner
`argues that each secure connection extends between an IP address of mobile
`host 1 and correspondent host 4’s IP address, as endpoints of IPSec tunnels.
`Id. at 31 (citing Ex. 1004, 3:19–23, 17:1–13; Ex. 1003 ¶ 72). Petitioner
`argues that Ahonen discloses that at least one of these established secure
`connections can be marked as active via Ahonen’s remote control function.
`Id. (citing Ex. 1004, 16:16–17, 17:20–22).
`
`16
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`d. First Terminal Changing Addresses
`Petitioner argues that Ahonen discloses “the first terminal changing
`
`from the first network address to the second network address,” as recited in
`claim 1. Id. at 34. More specifically, Petitioner argues that Ahonen
`discloses that mobile host 1 roams between networks and changes IP
`addresses. Id. (citing Ex. 1004, 3:19–26, 14:17–19, 16:17–23).
`
`e. When the Second Secure Connection Already Exists11
`Petitioner argues that Ahonen discloses “when the second secure
`
`connection already exists, the second terminal registering the already
`established second secure connection as being the active connection without
`having to reestablish the second secure connection,” as recited in claim 1.
`Id. at 37–38. More specifically, Petitioner argues that Ahonen discloses that
`mobile host 1 sends to firewall 3 an authorization certificate containing SA
`identifying information and IP addresses. Id. at 37 (citing Ex. 1004, 15:1,
`17:19–25). According to Petitioner, if the source IP address was changed,
`firewall 3 will also forward the new Source and Destination IP addresses to
`correspondent host 4. Id. (citing Ex. 1004, 18:7–15). Petitioner argues that
`correspondent host 4 then modifies “its SAD database to correctly reflect
`the change of the mobile host’s IP address to the new valid one.” Id. at
`37–38 (citing Ex. 1004, 18:7–10; Ex. 1003 ¶ 89). Thereby, correspondent
`host 4 registers this SA connection as “active,” without having to reestablish
`the connection, according to Petitioner. Id. at 38.
`
`11 The parties should consider whether our precedential decision regarding
`conditional steps is relevant to this limitation of claim 1. See Ex parte
`Schulhauser, No. 2013-007847, 2016 WL 6277792, at *4 (PTAB Apr. 28,
`2016) (precedential). We do not reach this issue because, based on the
`current record we find that Ahonen discloses this limitation.
`
`17
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`f. Our Analysis
`After reviewing Petitioner’s arguments and information regarding the
`limitations identified above, including Dr. Goldschlag’s Declaration, which
`are not addressed by Patent Owner at this stage of the proceeding (see
`generally Prelim. Resp.), we are persuaded that Petitioner demonstrates, for
`purposes of this Decision on Institution, that Ahonen discloses the above
`identified undisputed limitations.
`
`2. Establishing a Second Secure Connection
`a. Petitioner’s Arguments
`Petitioner argues that Ahonen discloses “establishing a second secure
`connection extending between a second network address of the first terminal
`and the original network address of the second terminal,” as recited in claim
`1. Pet. 32–33. More specifically, Petitioner argues that “Ahonen explains
`that one of the challenges with IPSec and mobile users is that their IP
`addresses change as they roam networks.” Id. at 32 (citing Ex. 1004, 3:24–
`29; Ex. 1003 ¶ 76). To address this problem, Ahonen discloses “creat[ing]
`multiple pre-existing security associations (i.e., a secure connection) for
`each network a mobile hosts visits,” according to Petitioner. Id. at 32 (citing
`Ex. 1004, 4:30–32). In other words, Petitioner argues Ahonen’s invention
`“reduce[s] the amount of security related messaging during on-the-fly IP
`address changes, as the SAs needed to provide for secure communication
`between the mobile host and the correspondent host pre-exist.” Id. at
`32–33 (quoting Ex. 1004, 4:30–32).
`“These pre-existing SAs are then activated based on the network the
`mobile host is visiting using a remote control function,” according to
`Petitioner. Id. at 33 (citing Ex. 1004, 16:16–17). Petitioner argues that
`
`18
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`Ahonen “recognizes that in this new network the secure connection is from
`the mobile host’s second network address.” Id. (citing Ex. 1004, 16:22–25).
`“[I]n such a case, the correspondent host then ‘modif[ies] its SAD database
`to correctly reflect the change of the mobile host’s IP address to the new
`valid one,’” according to Petitioner. Id. (citing Ex. 1004, 18:10–12). In
`addition, Petitioner argues that “because the mobile host might travel back to
`the previous network, not ‘all SAs that are associated between the mobile
`host 1 and the correspondent host 4 need to be modified in the SAD,’”
`according to Petitioner. Id. (citing Ex. 1004, 18:13–15).
`
`b. Patent Owner’s Arguments
`Patent Owner argues that Ahonen fails to disclose establishing a
`
`second secure connection. Prelim. Resp. 19–26. More specifically, Patent
`Owner argues that Ahonen instead discloses a “remote control function” that
`“modifies a pre-existing connection (e.g., SA) with the new address after the
`first terminal moves.” Id. at 21; id.(citing Ex. 1004, 16:16–19). In other
`words, Patent Owner argues that Ahonen’s pre-existing secure connections
`are not established “from different addresses of the first terminal in the first
`instance.” Id. at 23. Rather, each of Ahonen’s pre-existing SAs “uses the
`same original source address of the mobile terminal,” according to Patent
`Owner. Id. (citing Ex. 1004, 15:15–17). For this reason, Patent Owner
`argues Ahonen “‘modif[ies] its SAD database’ after the first terminal moves
`to a new address in order to establish the second secure connection.” Id. at
`22–23.
`
`In addition, Patent Owner argues that for this limitation, Petitioner
`“never relies on any alleged creation of secure connections in Ahonen’s
`‘preparations function stage,’ but only after that stage.” Id. at 21 n.5. In
`
`19
`
`
`
`IPR2019-00821
`Patent 8,037,302 B2
`other words, Petitioner here “relies on Ahonen’s ‘activat[ion]’ of ‘pre-
`existing SAs,’” according to Patent Owner. Id. at 22 (citing Pet. 35).
`
`Lastly,12 Patent Owner argues that under Petitioner’s “mapping of
`Ahonen to the claims, Ahonen’s alleged ‘establishing a second secure
`connection extending between a second
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
