Trials@uspto.gov
`571-272-7822
`
`
`
`
`
`
`
`Paper 41
`Date: May 11, 2015
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`_____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`APPLE INC.,
`Petitioner,
`
`v.
`
`VIRNETX INC.,
`Patent Owner.
`____________
`
`Case IPR2014-00238
`Patent 8,504,697 B2
`____________
`
`
`Before MICHAEL P. TIERNEY, KARL D. EASTHOM, and
`STEPHEN C. SIU, Administrative Patent Judges.
`
`SIU, Administrative Patent Judge.
`
`
`
`FINAL WRITTEN DECISION
`35 U.S.C. § 318(a) and 37 C.F.R. § 42.73
`
`
`
`
`I. BACKGROUND
`
`Apple Inc. (“Petitioner”) filed a Petition (Paper 1) (“Pet.”) seeking an
`inter partes review of claims 1–11, 14–25, and 28–30 of U.S. Patent No.
`8,504,697 B2 (Ex. 1001, “the ’697 patent”) pursuant to 35 U.S.C. §§ 311–
`319. On May 14, 2014, the Board instituted an inter partes review of claims
`1–11, 14–25, and 28–30 (Paper 15) (“Dec. on Inst.”).
`
`
`
`
`571-272-7822
`
`
`
`
`
`
`
`Paper 41
`Date: May 11, 2015
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`_____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`APPLE INC.,
`Petitioner,
`
`v.
`
`VIRNETX INC.,
`Patent Owner.
`____________
`
`Case IPR2014-00238
`Patent 8,504,697 B2
`____________
`
`
`Before MICHAEL P. TIERNEY, KARL D. EASTHOM, and
`STEPHEN C. SIU, Administrative Patent Judges.
`
`SIU, Administrative Patent Judge.
`
`
`
`FINAL WRITTEN DECISION
`35 U.S.C. § 318(a) and 37 C.F.R. § 42.73
`
`
`
`
`I. BACKGROUND
`
`Apple Inc. (“Petitioner”) filed a Petition (Paper 1) (“Pet.”) seeking an
`inter partes review of claims 1–11, 14–25, and 28–30 of U.S. Patent No.
`8,504,697 B2 (Ex. 1001, “the ’697 patent”) pursuant to 35 U.S.C. §§ 311–
`319. On May 14, 2014, the Board instituted an inter partes review of claims
`1–11, 14–25, and 28–30 (Paper 15) (“Dec. on Inst.”).
`
`
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`Subsequent to institution, VirnetX (“Patent Owner”) filed a Patent
`Owner Response (Paper 30) (“PO Resp.”), and Petitioner filed a Reply
`(Paper 33) (“Pet. Reply”). An Oral Hearing was conducted on February 9,
`2015.
`
`The Board has jurisdiction under 35 U.S.C. § 6(c). This final written
`decision is issued pursuant to 35 U.S.C. § 318(a) and 37 C.F.R. § 42.73.
`For the reasons that follow, we determine that Petitioner has shown by
`a preponderance of the evidence that claims 1–11, 14–25, and 28–30 of the
`’697 patent are unpatentable.
`
`
`The ’697 Patent (Ex. 1001)
`A.
`The ’697 patent describes methods for communicating over the
`internet. Ex. 1001, 10:7–8.
`
`
`Illustrative Claim
`B.
`Claim 1 of the ’697 patent is reproduced below:
`
`1. A method of connecting a first network device and
`a second network device, the method comprising:
`intercepting, from the first network device, a request to
`look up an internet protocol (IP) address of the second network
`device based on a domain name associated with the second
`network device;
`determining, in response to the request, whether the
`second network device is available for a secure communications
`service; and
`initiating a secure communication link between the first
`network device and the second network device based on a
`determination that the second network device is available for
`the secure communications service;
`
`2
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`wherein the secure communications service uses the
`secure communication link to communicate at least one of
`video data and audio data between the first network device and
`the second network device.
`
`
`C.
`US 5,898,830
`
`Cited Prior Art
`Apr. 27, 1999
`
`(Ex. 1008)
`
`
`
`
`References
`
`Wesinger
`
`Wesinger
`
`H. Schulzrinne, et al., SIP: Session Initiation Protocol, Network Working
`Group, Request for Comments: 2543, Bell Labs, March, 1999 (“RFC 2543”
`Ex. 1012).
`
`
`D.
`
`Instituted Grounds of Unpatentability
`
`Basis
`
`§102
`
`§103
`
`Claims Challenged
`
`1–3, 8–11, 14–17, 22–25,
`and 28–30
`4–7 and 18–21
`
`Wesinger and RFC 2543
`
`
`Claim Interpretation
`
`E.
`Secure communication link
`Patent Owner argues that the term “secure communication link” must
`include encryption. See, e.g., PO Resp. 11, 13–19. Patent Owner, however,
`does not demonstrate sufficiently that the construction of this term impacts
`any issue in this proceeding. Therefore, we decline to construe this term.
`Virtual Private Network
`In the Decision, we construed the term “Virtual Private Network” to
`include a secure communication link that includes a portion of a public
`network. Dec. on Inst. 9–10. Patent Owner argues that “the Board need not
`construe this term . . . and [the construction of this term] does not appear to
`impact any of the issues in this case.” PO Resp. 21. In view of Patent
`
`3
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`Owner’s observation that the construction of this term does not impact any
`of the issues in this case, we decline to construe this term.
`Intercepting a request
`In the Decision, we construed the term “intercepting” a request as
`receiving a request pertaining to a first entity at another entity. Dec. on
`Inst. 12. Patent Owner states that “it does not appear that the construction of
`‘intercepting’ will bear on the outcome of the issues in this inter partes
`review.” PO Resp. 23. In view of Patent Owner’s observation that the
`construction of the term “intercepting” has no bearing on the issues in this
`proceeding, we decline to construe this term.
`Determining in response to the request
`Patent Owner disputes the construction of this term in related
`IPR2014-00237. Patent Owner does not specify how the construction of the
`term “determining” is relevant in the present proceeding. Because the
`relevance of the construction of this term with any particular issue in this
`proceeding has not been established, we decline to construe the term
`“determining” in this proceeding.
`Neither party has expressed disagreement with the constructions of
`other claim terms of the ’697 patent, and we see no reason to modify these
`constructions based on the evidence introduced during trial. We maintain
`these constructions for this Final Written Decision.
`
`
`
`
`4
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`II. ANALYSIS
`A. Wesinger
`
`For at least the foregoing reasons, we find that Petitioner has
`demonstrated that claims 1–3, 8–11, 14–17, 22–25, and 28–30 are
`anticipated by Wesinger under 35 U.S.C. § 102.
`Claim 1, for example, recites “determining, in response to the request,
`whether the second network device is available for a secure communication
`service.” Claim 16 recites a similar feature. Patent Owner argues that
`Wesinger fails to disclose this feature. PO Resp. 37.
`In particular, Patent Owner argues that Wesinger discloses “two
`distinct requests: a ‘DNS [query]’ and ‘an ensuing connection request.” PO
`Resp. 40. Patent Owner further alleges that Wesinger discloses the “DNS
`query” is “for the network address of the destination D” but that “Wesinger’s
`firewall decides whether to allow or deny a requested connection upon
`receiving a connection request” and “does not perform its firewall
`allow/disallow processing . . . in response to [the] DNS request [or query].”
`PO Resp. 38, 39. We are not persuaded by Patent Owner’s argument.
`Even if Patent Owner’s contention that Wesinger discloses a
`“connection request” is correct, Patent Owner does not demonstrate
`sufficiently that Wesinger fails to disclose that the “connection request” is,
`in fact, not associated with the “look up [of] an internet protocol (IP) address
`of the second network device based on a domain name associated with the
`second network device.” For example, Wesinger explicitly discloses that,
`responsive to the “connection request,” an IP address (e.g., “virtual host
`X.X.X.X., where X.X.X.X. represents an IP address,” Ex. 1008, 10:60–61)
`
`5
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`of a network device is provided based on a domain name (e.g.,
`“homer.odyssey.com,” Ex. 1008, 10:59, 10:64–65) that is included in the
`“connection request.” Hence, Wesinger discloses a request (e.g.,
`“connection request”) to look up an internet protocol (IP) address of a device
`based on a domain name associated with the device, as recited in claim 1.
`Wesinger also discloses “two mappings are required in order to handle
`a connection request” in which “a first mapping maps from the host name
`received in the connection request to the IP address of a virtual host.”
`Ex. 1008, 10: 51–54. In other words, Wesinger discloses a “connection
`request” that contains a “host name” that is mapped to a corresponding “IP
`address of a virtual host.” Patent Owner does not explain sufficiently a
`difference between the “connection request” of Wesinger that contains a
`host name and is used to look up a corresponding IP address and the
`disputed claim feature of a request to look up an IP address of a device based
`on a domain name.
`Wesinger also discloses, for example, that the “connection request” is
`received (Ex. 1008, 16:22) and, in response, “[f]irst the address and name . .
`. are obtained of the virtual host for which a connection is requested . . .
`[and] identified . . . by IP address” (Ex. 1008, 16:29–31), that “[o]nce the
`process has determined which host it is . . . the process changes to a user
`profile . . .” (Ex. 1008, 16:43–44) and “[i]f the remote host satisfied the
`required level of access scrutiny . . . then the connection is allowed.”
`Ex. 1008, 16:57–58, 66–67. Hence, Wesinger discloses receiving a
`“connection request” (or “request”) to look up an IP address of a device
`based on a domain name (e.g., identified by an IP address), as recited in
`claim 1.
`
`6
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`Patent Owner argues that “the DNS query [of Wesinger] does not
`invoke the firewall allow/disallow decision” and “does not perform its
`firewall allow/disallow processing . . . in response to a DNS request.” PO
`Resp. 38, 39. To the extent that the so-called “DNS query” to which Patent
`Owner refers is the “request to look up an internet protocol (IP) address of”
`a device based on a domain name, as recited in claim 1, for example, we are
`not persuaded by Patent Owner’s contention that Wesinger fails to disclose
`this feature for at least the previously discussed reasons pertaining to
`Wesinger’s disclosure of the “connection request.”
`Wesinger discloses that “[i]f all the rules are satisfied, then the
`connection [with the virtual host] is allowed” and that “[o]nce the
`connection has been allowed, the virtual host process . . . performs . . .
`connection processing.” Ex. 1008, 16:66 – 17:3. Patent Owner argues that
`Wesinger discloses determining “whether the incoming connection request .
`. . is allowed,” but fails to disclose “determin[ing] whether the . . . ‘second
`device’ is available for a secure communications service,” as recited in claim
`1. PO Resp. 46–47.
`Patent Owner does not explain sufficiently a difference between the
`determination of whether a requested connection with a device is “allowed”
`or not and the determination of whether a device is “available” for a
`connection. One of ordinary skill in the art would have understood that if a
`connection with a virtual host is determined to be allowed if all rules are
`satisfied (as Wesinger discloses), then the virtual host would be determined
`to be “available” for the connection, the connection being formed with the
`virtual host based on the determination. Under an ordinary and customary
`construction of the term “available” as would have been understood by one
`
`7
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`of ordinary skill in the art in light of the Specification as being accessible for
`use, at hand, or usable,1 we do not discern a substantial difference between
`determining whether a device is allowed to connect (and connecting only if
`the device is allowed) and determining whether a device is available (or
`accessible for use, at hand, or usable) for a connection (and connecting only
`if the device is accessible for use, at hand, or usable). In both cases, a
`determination is made as to whether a connection will be made with a device
`and the connection is created based on this determination.
`Patent Owner does not argue that the Specification provides a
`specialized definition of the term “available.” Nor do we identify a
`specialized definition of the term in the Specification. However, we note
`that the Specification discloses that “DNS proxy . . . determines whether the
`user has sufficient security privileges to access the site. If so, DNS proxy . .
`. request[s] that a virtual private network be created between user computer .
`. . and secure target site.” Ex. 1001, 40:31–42. In another embodiment in
`the Specification, a check is made “to determine whether the user is
`authorized to connect to the secure host” by “reference to an internally
`stored list” and “[i]f the user has sufficient security privileges, then . . . a
`secure VPN is established between the user’s computer and the secure target
`site.” Ex. 1001, 41:14–27. In yet another embodiment in the Specification,
`a “[c]lient has permission to access target computer” and “the client’s DNS
`request would be . . . forward[ed] . . . to gatekeeper 2603 [which] would
`establish a VPN between the client and the requested target.” Ex. 1001,
`41:47–51. In another embodiment, the “[c]lient does not have permission to
`
`
`1 THE AMERICAN HERITAGE DICTIONARY OF THE ENGLISH LANGUAGE 90
`(1975) (Ex. 3001).
`
`8
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`access target computer” and the “gatekeeper would reject the request.”
`Ex. 1001, 41:57–61.
`In each of the identified embodiments in the Specification, availability
`of the second network device (i.e., a secure target site) for a secure
`communication service is determined based on whether the user (of the first
`network device) has “sufficient security privileges” or “permission to
`access” the target computer. We do not identify, and Patent Owner does not
`point out, an embodiment in the Specification in which the availability of the
`second network device is determined by other methods or criteria. To the
`extent that determining whether the second network device is available for a
`secure communications service, as recited in claim 1, is determining that the
`user of the first network device has sufficient security privileges or
`permission to access the second network device (i.e., the criteria disclosed in
`the Specification), Wesinger discloses this feature. For example, Wesinger
`discloses that if “the remote host” (i.e., first network device) “satisfies the
`required level of access scrutiny,” is on an “Allow database,” and is not on a
`“Deny database,” then “the connection is allowed.” See, e.g., Ex. 1008,
`16:57–67.
`Patent Owner argues that Wesinger fails to disclose intercepting a
`request to look up an internet protocol (IP) address of the second network
`device, as recited in claim 1, for example. In particular, Patent Owner
`argues that Wesinger discloses “prompts from the firewall in the prior art
`‘custom’ embodiment” but “does not disclose that they function as or result
`in a request to look up an IP address as claimed” and “does not disclose
`combining the name prompts . . . of the prior art embodiment with its
`allegedly inventive disclosed embodiments.” PO Resp. 49, 50. We are not
`
`9
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`persuaded by Patent Owner’s argument. Even if the alleged “prompts” from
`the firewall of Wesinger do not “function as or result in a request to look up
`an IP address,” as Patent Owner contends, Patent Owner does not
`demonstrate that the request from the user also does not “function as or
`result in a request to look up an IP address.” As previously discussed above,
`Wesinger discloses that “the firewall . . . receives from the user a request
`pertaining to a first entity.” For at least the previously discussed reasons, we
`are not persuaded by Patent Owner that the request from the user in
`Wesinger materially differs from the claimed “request.”
`Patent Owner argues that Wesinger fails to disclose “intercepting”
`under the construction that “intercepting” must include “evaluating the
`request in relation to establishing a secure communication link.” PO
`Resp. 51. Claim 1 recites intercepting a request to look up an internet
`protocol (IP) address of the second network device based on a domain name
`associated with the second network device and determining (in response to
`the request) whether the second network device is available for a secure
`communications service. Patent Owner appears to re-iterate arguments that
`Wesinger fails to disclose intercepting a request to look up an IP address of
`the second network device based on a domain name and determining, in
`response to the request, whether the second network device is available for a
`secure communications service, as recited in claim 1, for example. For at
`least the previously discussed reasons, we are not persuaded by Patent
`Owner’s argument.
`Regarding claims 8, 9, 22, and 23, Patent Owner argues that Wesinger
`discloses devices that “need not be a mobile device, such as the claimed
`notebook computer.” PO Resp. 53. Thus, Patent Owner argues that
`
`10
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`Wesinger fails to disclose a notebook computer. We are not persuaded by
`Patent Owner’s argument. Patent Owner does not contest that Wesinger
`discloses a “computer.” One of ordinary skill in the art at the time of the
`invention would have understood that a “notebook computer” is a
`“computer” and immediately would have envisioned Wesigner as describing
`both desktop and notebook computers as both types of computers would
`have been used to connect to networks.
`Regarding claims 10 and 29, Patent Owner argues that Wesinger fails
`to disclose receiving the request to determine whether the second network
`device is available for secure communications service, the request being the
`request to look up an internet protocol (IP address of the second network).
`PO Resp. 53–54. Patent Owner also argues that “the DNS query [of
`Wesinger] is not received . . . ‘to determine whether the second network
`device is available for the secure communications service.’” PO Resp. 54.
`Regarding claims 14 and 28, Patent Owner argues that Wesinger discloses a
`“firewall [that] makes the . . . determination as a function of an ‘ensuing’
`connection request following the DNS query and resolution process” but that
`the determination “is not a function of a domain name look up.” PO
`Resp. 55. We are not persuaded by Patent Owner’s arguments for at least
`the previously discussed reasons.
`
`
`B. Wesinger and RFC 2543 – Claims 4–7 and 18–21
`Patent Owner argues that it would not have been obvious to one of
`ordinary skill in the art to have combined the teachings of Wesinger and
`RFC 2543 because “Wesinger teaches away from . . . RFC 2543.” PO Resp.
`56–57.
`
`11
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`As previously discussed, Wesinger discloses a system in which a
`client sends a connection request for connection with a device and, if access
`is granted and “[i]f all the rules are satisfied, then the connection [with the
`device] is allowed.” Ex. 1008, 16:66–67. Petitioner does not indicate that
`Wesinger discloses a specific type of connection or session between devices.
`The RFC 2543 reference discloses a similar system in which a client
`“send[s] a request” in order to “establish . . . multimedia sessions or calls.”
`Ex. 1012 at 7, 13. Thus, RFC discloses that one of ordinary skill in the art
`would have known that different types of connections or sessions that may
`be established between devices include, for example, multimedia session or
`calls. We agree with Petitioner that the combination of such known features,
`performing their known functions, would have resulted in the mere
`predictable result of a system in which a connection or session is established
`between devices (Wesinger and RFC 2543), the connection or session being,
`for example, a multimedia session or call (RFC 2543).
`Patent Owner argues that it would not have been obvious to one of
`ordinary skill in the art to have combined Wesinger and RFC 2543 because,
`according to Patent Owner, Wesinger discloses a “firewall [that] should
`ideally . . . not have any other user-accessible programs running on it” to
`avoid “security risks.” PO Resp. 56, 57 (citing Ex. 1008, 3:25–41, 7:1–5).
`As an initial matter, Wesinger discloses one possible scenario in
`which the firewall “ideally” does not have other user-accessible programs
`running on it. Ex. 1008, 7:2. Wesinger merely discloses one potential
`option but does not disclose that the firewall must not have any other user-
`accessible programs running on it. For at least this reason, we are not
`persuaded by Patent Owner’s arguments.
`
`12
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`
`Also, Patent Owner does not demonstrate sufficiently that the
`established session between devices in Wesinger requires “any other user-
`accessible programs running on it” beyond applications needed to establish
`the desired connection or that if the session in Wesinger is a known
`“multimedia session or call,” that such a session would require such
`additional “user-accessible programs.” One of ordinary skill in the art
`would have understood that a “multimedia session or call” connection
`between devices established in Wesinger would involve applications needed
`for the establishment of the desired connection and not include extraneous,
`unnecessary applications because, at least, the non-inclusion of unnecessary
`elements would be a matter of common sense, the unnecessary elements not
`being of any use. Hence, even if Wesinger discloses that the firewall must
`not have “other user-accessible programs running on it” (Patent Owner does
`not demonstrate or allege that Wesinger discloses or suggests this alleged
`requirement, however), Patent Owner does not show persuasively that a
`firewall for establishing a specifically desired type of connection between
`devices requires such “other user-accessible programs.”
`Patent Owner argues that there an “express teaching in Wesinger that
`merging these applications [of RFC 2543] with Wesinger’s architecture or
`system is undesirable because it may lead to further security risks.” PO
`Resp. 57 (citing Ex. 2025 ¶ 69). While Patent Owner points out that
`Wesinger discloses that the firewall “ideally” does not have other user-
`accessible programs running on it (Ex. 1008, 7:2), Patent Owner does not
`demonstrate persuasively that Wesinger, in fact, also provides an “express
`teaching” that “merging” applications is undesirable, that such “merging”
`actions would lead to “further security risks,” or that “merging applications”
`
`13
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`is necessary to provide for a multimedia connection between devices, for
`example.
`
`C. Declaration of Michael Fratto
`Patent Owner argues that the Declaration of Michael Fratto Regarding
`U.S. Patent No. 8,504,697 (Ex. 1003) should not be given any weight. See,
`e.g., PO Resp. 1–8. We did not rely on the testimony of Mr. Fratto in this
`decision. Therefore, Patent Owner’s argument is moot.
`
`
`ORDER
`Petitioner has demonstrated, by a preponderance of the evidence, that
`claims 1–3, 8–11, 14–17, 22–25, and 28–30 are anticipated by Wesinger,
`under 35 U.S.C. § 102, and that claims 4–7 and 18–21 are unpatentable over
`Wesinger and RFC 2543, under 35 U.S.C. § 103(a).
`In consideration of the foregoing, it is hereby:
`ORDERED that claims 1–11, 14–25, and 28–30 of the ’697 patent
`
`have been shown to be unpatentable;
`This is a final decision. Parties to the proceeding seeking judicial
`review of the decision must comply with the notice and service requirements
`of 37 C.F.R. § 90.2.
`
`
`
`
`
`
`14
`
`
`
`IPR2014-00238
`Patent 8,504,697 B2
`
`PETITIONER:
`
`Jeffrey P. Kushan
`Joseph A. Micallef
`SIDLEY AUSTIN LLP
`jkushan@sidley.com
`jmicallef@sidley.com
`
`
`PATENT OWNER:
`
`Joseph E. Palys
`Naveen Modi
`PAUL HASTINGS LLP
`josephpalys@paulhastings.com
`naveenmodi@paulhastings.com
`
`Jason E. Stach
`FINNEGAN, HENDERSON, FARABOW, GARRETT & DUNNER, LLP
`jason.stach@finnegan.com
`
`15
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
