`571-272-7822
` Date: July 29, 2015
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`_____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`APPLE INC.,
`Petitioner,
`
`v.
`
`VIRNETX INC.,
`Patent Owner.
`____________
`
`Case IPR2014-004031
`Patent 7,987,274 B2
`____________
`
`
`
`Before MICHAEL P. TIERNEY, KARL D. EASTHOM, and
`STEPHEN C. SIU, Administrative Patent Judges.
`
`EASTHOM, Administrative Patent Judge.
`
`FINAL WRITTEN DECISION
`35 U.S.C. § 318(a) and 37 C.F.R. § 42.73
`
`
`
`
`
`
`
`
`
`1 As discussed below, IPR2014-00483 has been joined with IPR2014-00403.
`This Final Written Decision applies to the joined case.
`
`
`
`IPR2014-00403
`Patent 7,987,274 B2
`
`
`I. BACKGROUND
`
`Microsoft Corporation filed a revised Petition (Paper 4) requesting
`
`inter partes review of claims 1–5, 7, 8, 10, 12, 13, 15, 17, and 18 of U.S.
`
`Patent No. 7,987,274 B2 (“the ’274 Patent,” Ex. 1001) pursuant to 35 U.S.C.
`
`§§ 311–319. Paper 4. The Board instituted an inter partes review of claims
`
`1–5, 7, 8, 10, 12, 13, 15, 17, and 18. Paper 13 (“Inst. Dec.”).
`
`Apple Incorporated (“Petitioner”) also filed a Petition (Paper 2)
`
`seeking an inter partes review of claims 1–5, 7, 8, 10, 12, 13, 15, 17, and 18
`
`of the ’274 patent pursuant to 35 U.S.C. §§ 311–319 in Case IPR2014-
`
`00483 (“’483 IPR”). Noting that Microsoft Corporation’s Petition and
`
`Apple Incorporated’s Petition were substantially identical in material
`
`aspects, the Board instituted an inter partes review of claims 1–5, 7, 8, 10,
`
`12, 13, 15, 17, and 18, and joined IPR2014-00483 with IPR2014-00403
`
`pursuant to 35 U.S.C. § 315(c). See ’483IPR, Paper 11, 6–9.2 Thereafter,
`
`pursuant to a settlement agreement, the present proceeding was terminated
`
`with respect to Microsoft Corporation only. Paper 38.
`
`Prior to institution, VirnetX Incorporated (“Patent Owner”) filed a
`
`Patent Owner Preliminary Response (Paper 9) (“Prelim. Resp.”), and after
`
`institution, filed a Patent Owner Response (Paper 26) (“PO Resp.”).
`
`Petitioner then filed a Reply (Paper 34) (“Pet. Reply”). An Oral Hearing
`
`transpired on April 28, 2015. Paper 41 (“Tr.”).
`
`The Board has jurisdiction under 35 U.S.C. § 6(c). This Final Written
`
`Decision issues pursuant to 35 U.S.C. § 318(a) and 37 C.F.R. § 42.73.
`
`
`2 Unless otherwise noted, all citations hereinafter are to filings in IPR2014-
`00403.
`
`2
`
`
`
`IPR2014-00403
`Patent 7,987,274 B2
`
`
`For the reasons that follow, we determine that Petitioner has shown by
`
`a preponderance of the evidence that claims 1–5, 7, 8, 10, 12, 13, 15, 17, and
`
`18 of the ’274 patent are unpatentable.
`
`A. The ’274 Patent (Ex. 1001)
`
`The ’274 patent Specification describes secure systems for
`
`communicating over the Internet. Ex. 1001, Abstract, 9:38–39. The secure
`
`systems use a secure domain name service (SDNS): “SDNS 3313 contains a
`
`cross-reference database of secure domain names and corresponding secure
`
`network addresses. That is, for each secure domain name, SDNS 3313
`
`stores a computer network address corresponding to the secure domain
`
`name.” Id. at 47:15–19. The ’274 patent Specification also describes
`
`creating a secure communication link in the form of a virtual private
`
`network (“VPN”) link. One preferable “VPN communication link can be
`
`based on a technique of inserting a source and destination IP address pair
`
`into each data packet that is selected according to a pseudo-random
`
`sequence.” Id. at 46:64–67. The ’274 patent Specification refers to this
`
`technique and similar techniques as an “address hopping regime” or a
`
`“particular information hopping technique.” Id. at 47:1, 13–14.
`
`B. Illustrative Claim
`
`Claim 1 of the ’274 patent, illustrative of the challenged claims,
`
`follows:
`
`1. A method of accessing a secure network address,
`comprising:
`sending a query message from a first network device to a
`secure domain service, the query message requesting from the
`secure domain service a secure network address for a second
`network device;
`
`3
`
`
`
`IPR2014-00403
`Patent 7,987,274 B2
`
`
`receiving at the first network device a response message
`from the secure domain name service containing the secure
`network address for the second network device; and
`sending an access request message from the first network
`device to the secure network address using a virtual private
`network communication link.
`
`
`C. Cited Prior Art
`
`US 6,557,037 B1
`US 6,151,628
`
`
`
`
`Provino
`Xu
`
`
`Dave Kosiur, Building and Managing Private Networks (Sept. 1, 1998) (Ex.
`1006, “Kosiur”).
`
`
`Apr. 29, 2003
`Nov. 21, 2012
`
`(Ex. 1003)
`(Ex. 1007)
`
`
`References
`
`Provino
`
`Provino and Kosiur
`Provino and Xu
`
`
`D. Instituted Grounds of Unpatentability
`
`Basis
`
`§ 102
`
`§ 103
`§ 103
`
`Claims Challenged
`
`1, 7, 8, 10, 12, 13, 15,
`and 17
`2–5
`18
`
`E. Claim Construction
`
`In an inter partes review, the Board interprets claim terms in an
`
`unexpired patent according to the broadest reasonable construction in light
`
`of the specification of the patent in which they appear. In re Cuozzo Speed
`
`Techs., LLC, No. 2014-1301, 2015 WL 4097949, at *6 (Fed. Cir. July 8,
`
`2015); 37 C.F.R. § 42.100(b). Under that standard, claims must be
`
`construed according to their ordinary and customary meaning, in view of the
`
`specification, as would be understood by one of ordinary skill in the art at
`
`the time of the invention. See In re Translogic Tech., Inc., 504 F.3d 1249,
`
`1257 (Fed. Cir. 2007). A “lexicographer” who redefines a claim term to
`
`4
`
`
`
`IPR2014-00403
`Patent 7,987,274 B2
`
`have an “uncommon meaning[]”or “uncommon definition” must do so with
`
`“reasonable clarity, deliberateness, and precision.” In re Paulsen, 30 F.3d
`
`1475, 1480 (Fed. Cir. 1994) (citation omitted).
`
`Recently, the Federal Circuit indicated that even for non-expired
`
`patents that return to the PTO, prosecution history may be an important
`
`component of intrinsic evidence in construing claims (notwithstanding that
`
`Patent Owner may amend the claims and a broadest reasonable construction
`
`standard applies).3 See Tempo Lighting, Inc. v. Tivoli, LLC, 742 F.3d 973,
`
`977 (Fed. Cir. 2014) (“In claim construction, this court gives primacy to the
`
`language of the claims, followed by the specification. Additionally, the
`
`prosecution history, while not literally within the patent document, serves as
`
`intrinsic evidence for purposes of claim construction. This remains true in
`
`construing patent claims before the PTO.”) (citing In re Morris, 127 F.3d
`
`1048, 1056 (Fed. Cir. 1997)); Microsoft Corp. v. Proxyconn, Inc., No. 2014-
`
`1542, 2015 WL 3747257, at *3 (Fed. Cir. June 16, 2015) (“The PTO
`
`should also consult the patent’s prosecution history in proceedings in which
`
`the patent has been brought back to the agency for a second review.”)
`
`
`3 For district court litigation and for expired patents that return to the PTO,
`claims cannot be amended. Those claims must be construed using their
`ordinary and customary meaning, as would be understood by a person of
`ordinary skill in the art, at the time of the invention, in light of the language
`of the claims, the specification, and the prosecution history of record. See
`Phillips v. AWH Corp., 415 F.3d 1303, 1313–17 (Fed. Cir. 2005) (en banc);
`In re Rambus, 694 F.3d 42, 46 (Fed. Cir. 2012) (“[T]he Board’s review of
`the claims of an expired patent is similar to that of a district court’s
`review.”); Cuozzo, 2015 WL 4097949, at *6 n.6 (“The claims of an expired
`patent are the one exception where the broadest reasonable interpretation is
`not used because the patentee is unable to amend the claims.”) (citing In re
`Rambus, Inc., 753 F.3d 1253, 1256 (Fed. Cir. 2014)).
`
`
`5
`
`
`
`IPR2014-00403
`Patent 7,987,274 B2
`
`(citing Tempo Lighting, 742 F.3d at 977); Microsoft Corp. v. Multi-Tech
`
`Sys., Inc., 357 F.3d 1340, 1349 (Fed. Cir. 2004) (“[T]he prosecution history
`
`of one patent is relevant to an understanding of the scope of a common term
`
`in a second patent stemming from the same parent application.”). On the
`
`other hand, in Tempo Lighting, 742 F.3d at 978, the “court also observes that
`
`the PTO is under no obligation to accept a claim construction proffered as a
`
`prosecution history disclaimer, which generally only binds the patent
`
`owner.”
`
`Although disclaimers or lexicographic definitions in a specification
`
`may be express, they need not be. Compare In re Bigio, 381 F.3d 1320,
`
`1325 (Fed. Cir. 2004) (“Absent claim language carrying a narrow meaning,
`
`the PTO should only limit the claim based on the specification or
`
`prosecution history when those sources expressly disclaim the broader
`
`definition.”) (emphasis added), with Bell Atl. Network Servs., Inc. v. Covad
`
`Commc’ns Grp., Inc., 262 F.3d 1258, 1268 (Fed. Cir. 2001) (“[A] claim
`
`term may be clearly redefined without an explicit statement of redefinition. .
`
`. . In other words, the specification may define claim terms by implication
`
`such that the meaning may be found in or ascertained by a reading of the
`
`patent documents.”) (citations and internal quotation marks omitted), and
`
`Vitronics Corp. v. Conceptronic, Inc., 90 F.3d 1576, 1582 (Fed. Cir. 1996)
`
`(“The specification acts as a dictionary when it expressly defines terms used
`
`in the claims or when it defines terms by implication.”).
`
`In any case, prosecution history disclaimers, like uncommon or
`
`lexicographic meanings, must be clear and unambiguous: “[W]hile the
`
`prosecution history can inform whether the inventor limited the claim scope
`
`in the course of prosecution, it often produces ambiguities created by
`
`6
`
`
`
`IPR2014-00403
`Patent 7,987,274 B2
`
`ongoing negotiations between the inventor and the PTO. Therefore, the
`
`doctrine of prosecution disclaimer only applies to unambiguous disavowals.”
`
`Grober v. Mako Prods., Inc., 686 F.3d 1335, 1341 (Fed. Cir. 2012) (citing
`
`Abbott Labs. v. Sandoz, Inc., 566 F.3d 1282, 1289 (Fed. Cir. 2009)). A
`
`“heavy presumption” exists in favor of the ordinary meaning of claim
`
`language. Bell Atl. Network Servs., Inc., 262 F.3d at 1268. To overcome
`
`this presumption, the patentee must “clearly set forth” and “clearly redefine”
`
`a claim term away from its ordinary meaning. Id. The disavowal must be
`
`“unmistakable” and “unambiguous.” Dealertrack, Inc. v. Huber, 674 F.3d
`
`1315, 1322 (Fed. Cir. 2013). This standard is “exacting.” Thorner v. Sony
`
`Computer Entm’t Am. LLC, 669 F.3d 1362, 1366 (Fed. Cir. 2012).
`
`1. Virtual Private Network (VPN) Communication Link
`
`We previously construed the claim 1 term “virtual private network
`
`communication link” to mean “a transmission path between two devices that
`
`restricts access to data, addresses, or other information on the path, generally
`
`using obfuscation methods to hide information on the path, including, but
`
`not limited to, one or more of authentication, encryption, or address
`
`hopping.” Inst. Dec. 8–9.4 Patent Owner “disagrees with this construction,”
`
`contending that the term “must incorporate the ‘direct communication’ and
`
`‘network’ aspects of the VPN that are disclosed in the ’274 patent
`
`specification.” PO Resp. 5. However, Patent Owner does not contend that
`
`the last two requirements “materially affect[] the parties’ disputes.” See PO
`
`
`4 Our construction is consistent with the broadest, reasonable construction in
`Inter Partes Reexamination Control No. 95/001,792. See Cisco Systems,
`Inc. v. VirnetX, Inc., Appeal 2014-000491, slip. op. at 4–8 (PTAB Apr. 1,
`2014) (Decision on Appeal) (involving a grandparent patent to the ’274
`patent, U.S. Patent No. 7,188,180).
`
`7
`
`
`
`IPR2014-00403
`Patent 7,987,274 B2
`
`Resp. 4. Patent Owner also clarified during the oral hearing that it does not
`
`contend that Provino fails to disclose “direct communication.” See Tr. 86:8–
`
`14.
`
`Therefore, we maintain our construction of the term “virtual private
`
`network” or “virtual private network communication link” for purposes of
`
`this decision. See Vivid Techs., Inc. v. Am. Sci. & Eng’g, Inc., 200 F.3d 795,
`
`803 (Fed. Cir. 1999) (stating that claim terms need only be construed to the
`
`extent necessary to resolve the case).
`
`2. Secure Domain Service (SDNS)
`
`Patent Owner proposes that a “secure domain service” (SDNS), as
`
`recited in claim 1, should be construed as “[a] lookup service that recognizes
`
`that a query message is requesting a secure computer address, and returns a
`
`secure computer address for a requested secure domain name.” PO Resp.
`
`15.5 Petitioner proposes that an SDNS should be construed as “[a] service
`
`that can resolve secure computer network addresses for a secure domain
`
`name for which a conventional domain name service [(“DNS”)] cannot
`
`resolve addresses.” See Pet. 13; PO Resp. 15 (discussing Petitioner’s
`
`proposed construction). The distinction between the two proposals centers
`
`on what the function of “recognizes . . . requesting a secure domain name”
`
`requires.
`
`To support its construction, Patent Owner argues, among other things,
`
`that “during the now-completed inter partes reexamination” (Reexam.
`
`
`5 Claim 1 recites a “secure domain service” and a “secure domain name
`service.” For purposes of this Final Written Decision and because it is not at
`issue, we do not distinguish the claim term “secure domain service” from a
`“secure domain name service,” and generally refer to each as an “SDNS.”
`See Pet. 12 (pointing out that claim 1 recites both terms).
`
`8
`
`
`
`IPR2014-00403
`Patent 7,987,274 B2
`
`Control No. 95/001,270) (“’270 reexamination”) of the grandparent patent to
`
`the ’274 patent, U.S. Patent No. 7,188,180 (the “’180 patent,”), “VirnetX . . .
`
`disclaimed secure domain services that do not perform this recognition,”
`
`and, further, the Eastern District of Texas “later relied on VirnetX’s
`
`statements.” PO Resp. 16–17 (citing Ex. 2040, 7 (Response to Office
`
`Action, Apr. 19, 2010, ’270 reexamination); Ex. 1018, 2, 17–18 (District
`
`Court Memorandum Opinion and Order)). During the ’270 reexamination
`
`proceeding, Patent Owner contended that an SDNS, as claimed and
`
`disclosed, cannot merely “‘resolve[] a domain name query that,
`
`unbeknownst to the secure domain name service, happens to be associated
`
`with a secure domain name.’” See PO Resp. 16 (quoting Ex. 1040, 7).
`
` Patent Owner does not contend explicitly that, or explain how,
`
`Petitioner’s proposed construction improperly embraces the allegedly
`
`disclaimed type of a conventional DNS that “happens” to resolve a domain
`
`name query “associated with secure domain name.” See id. at 15–17. It also
`
`is not clear how that allegedly disclaimed feature relates to the “recognizes”
`
`function in Patent Owner’s proposed claim construction.
`
`Claim 1 recites sending a query message to “a secure domain service,”
`
`requesting a secure network address, and receiving “a response message
`
`from the secure domain name service containing the secure network
`
`address.” It does not recite “recogniz[ing] that the query message is
`
`requesting a secure computer address.” “[T]he claims themselves provide
`
`substantial guidance as to the meaning of particular claim terms” and “the
`
`context in which a term is used in the asserted claim can be highly
`
`instructive.” Phillips, 415 F.3d at 1314. “The construction that stays true to
`
`the claim language and most naturally aligns with the patent’s description of
`
`9
`
`
`
`IPR2014-00403
`Patent 7,987,274 B2
`
`the invention will be, in the end, the correct construction.” Phillips, 415
`
`F.3d at 1316.
`
`Based on the context of the claim, the Specification, and the
`
`prosecution history, claim 1 does not require “recogniz[ing]” as argued by
`
`Patent Owner. As explained in the Background section supra, the
`
`Specification describes an “SDNS 313” that “contains a cross-reference
`
`database of secure domain names and corresponding secure network
`
`addresses. That is, for each secure domain name, SDNS 3313 stores a
`
`computer network address corresponding to the secure domain name.” Ex.
`
`1001, 47:15–18. This disclosure comes closest to aligning with the claim
`
`term, “secure domain service” (i.e., an SDNS as set forth in the disclosure).
`
`Patent Owner does not point the panel to a disclosure in the Specification
`
`that clearly supports the requirement of an SDNS to “recognize that the
`
`query message is requesting a secure computer address.”
`
`Patent Owner also contends that during the ’270 reexamination, Patent
`
`Owner proposed various examples of possible “additional functionalities not
`
`available with a traditional domain name service.” PO Resp. 17. For
`
`example, Patent Owner maintains that it argued during the reexamination
`
`that a secure domain name service “may allow an entity to register server
`
`secure domain names representing different levels of access to the secure
`
`website” and “may also support the establishment of a VPN communication
`
`link.” See PO Resp. 17 (citing Ex. 1001, 47:38–51; Ex. 2040, 3, 7–8).
`
`According to Patent Owner, “[t]hus a secure domain service is distinguished
`
`from a conventional domain name service.” Id. at 17.
`
`Contrary to Patent Owner’s arguments, even if the prosecution history
`
`of claims in the grandfather ’180 patent in the ’270 reexamination
`
`10
`
`
`
`IPR2014-00403
`Patent 7,987,274 B2
`
`proceeding somehow limits the claims here that Patent Owner otherwise
`
`could have moved to amend under a broadest reasonable construction, Patent
`
`Owner’s arguments were not “unambiguous,” and do not “call for the
`
`application of prosecution history disclaimer.” See PO Resp. 17–18. There
`
`was no “express disclaimer,” Bigio, 381 F.3d at 1325, or “unambiguous
`
`disavowal[],” Grober, 686 F.3d at 1341.
`
`For example, as Petitioner points out, Patent Owner argued, among
`
`other things, as follows during the ’270 reexamination of the ’180 patent:
`
`To illustrate, the ’180 patent explicitly states that a secure
`domain name service can resolve addresses for a secure
`domain name; whereas a conventional domain name service
`cannot resolve addresses for a secure domain name. See, ’180
`Patent at col. 51, ll. 18–45 (stating “[b]ecause the secure top-
`level domain name is a non-standard domain name, a query to a
`standard domain name service (DNS) will return a message
`indicating that the universal resource locator (URL) is
`unknown”) . . . .
`Ex. 2040, 7 (emphasis added); see Pet. Reply 10 (discussing prosecution
`
`history); Pet. 10–13 (discussing prosecution history and district court
`
`litigation).
`
`Responding to Patent Owner’s various arguments during the ’270
`
`reexamination of the ’180 patent, the examiner reasoned as follows:
`
`Further, Patent Owner argues that the ’180 patent clearly
`distinguishes the claimed “secure domain name” from a domain
`name that happens to correspond to a secure computer. Patent
`Owner’s argument is persuasive. The Examiner agrees that the
`’180 patent distinguishes the claimed “secure domain name.”
`For example, the ’180 patent explains that a secure domain
`name is a non-standard domain name and that querying a
`convention domain name server using a secure domain name
`will result in a return message indicating that the URL is
`unknown ( ’180 patent, column 51 lines 25–35). Similarly,
`
`11
`
`
`
`IPR2014-00403
`Patent 7,987,274 B2
`
`
`Patent Owner argues that the ’180 patent clearly distinguishes
`the claimed “secure domain name service” from a conventional
`domain name service that can resolve domain names of
`computers that are used to establish secure connections. Patent
`Owner’s argument is persuasive. The Examiner agrees that the
`’180 patent distinguishes the claimed “secure domain name
`service.” For example, the ’180 patent explains that a secure
`domain name service can resolve addresses for a secure
`domain name whereas a conventional domain name service
`cannot resolve addresses for a secure domain name (’180
`patent, column 51 lines 25–35).
`Ex. 3001, 3 (’270 reexamination of the ’180 patent, Right of Appeal Notice
`
`(Dec. 30, 2010)) (emphases added, examiner’s emphasis omitted).6
`
`
`
`This exchange between the Patent Owner and the examiner reveals
`
`that the central reason for confirmation by the examiner in the ’270
`
`reexamination was Patent Owner’s argument that the ’180 patent makes
`
`clear that a conventional DNS cannot resolve addresses for a secure domain
`
`name, whereas the disclosed SDNS can. Id.
`
`Petitioner contends that the declarants for Patent Owner and Petitioner
`
`essentially agree to this key distinction. See Pet. Reply 7–8 (citing Ex. 1090,
`
`21:14–22:1, 23:16–26:15, 16:9–17:17; Ex. 1011 ¶ 15). Quoting the ’274
`
`patent, Dr. Roch Guerin, Petitioner’s declarant, testifies that the ’274 patent
`
`indicates that “‘SDNS 3313 contains a cross-reference database of secure
`
`domain names and corresponding secure network addresses.’ Ex. 1001,
`
`47:15–16. In other words, the SDNS 3313 differs from a standard name
`
`service in that it is configured to resolve secure domain names.” Ex. 1011
`
`¶ 15 (emphasis added). After summarizing other pertinent disclosures in the
`
`’274 patent Specification (see Ex. 1011 ¶¶ 11–23), Dr. Guerin testifies that
`
`
`6 Page number “3” in Ex. 3001 refers to the original page number supplied
`by the examiner in the Right of Appeal Notice.
`
`12
`
`
`
`IPR2014-00403
`Patent 7,987,274 B2
`
`“a broadest reasonable interpretation of ‘secure domain name service’ would
`
`be broad enough to cover ‘a service that can resolve secure computer
`
`network addresses for a secure domain name for which a conventional
`
`domain name service cannot resolve addresses.’” Ex. 1011 ¶ 24.
`
`Dr. Fabian Monrose, Patent Owner’s declarant, testified during cross-
`
`examination that a “secure domain name service is referred to as a lookup
`
`service that recognizes that a query message is requesting a secure computer
`
`address and returns a secure computer address for the requested secure
`
`domain name.” Ex. 1090, 21:18–22. Arguing that Provino does not
`
`disclose an SDNS, Patent Owner relies on Dr. Monrose’s declaration
`
`testimony that the disclosed SDNS does more than provide a mere look-up
`
`function. See PO Resp. 30–32 (citing Ex. 2041 ¶¶ 35–39); see also Ex.
`
`1090, 17:18–18:4 (Dr. Monrose’s deposition testimony: “For example, the
`
`ability to initiate a virtual private network communication, the ability to
`
`have multiple levels of access control, the ability to make decisions based on
`
`the -- on the originator, et cetera.”). Similar to this declaration and
`
`deposition testimony, Patent Owner lists different “additional functionalities
`
`not available with a traditional domain name service. For instance, a secure
`
`domain service may allow an entity to register server secure domain names
`
`representing different levels of access to the secure website.” See PO Resp.
`
`17 (citing Ex. 2040, 3, 7; Ex. 1001, 47:15–37).
`
`Even if these types of “example[s]” describe possible functions of a
`
`disclosed SDNS, they do not arise to an unequivocal disclaimer or show that
`
`the “recognizes” function must be incorporated into the claimed SDNS. Dr.
`
`Monrose and Patent Owner do not offer a clear interpretation of what the
`
`“recognizes” function entails and do not point to where that term appears in
`
`13
`
`
`
`IPR2014-00403
`Patent 7,987,274 B2
`
`the ’274 patent Specification. Describing “some examples” of what some of
`
`the disclosed “SDNS[] . . . embodiments . . . can perform” fails to link those
`
`examples with the proffered “recognizes” function. See Ex. 1090, 21:18–
`
`22:5. In other words, Dr. Guerin’s testimony and Petitioner’s claim
`
`construction tracks more closely to direct support in the ’274 patent
`
`Specification.
`
`During the oral hearing in this proceeding, when questioned about the
`
`specific added functionality the claims may require by disclaimer or
`
`otherwise, Patent Owner indicated that the claims do not require a specific
`
`functionality: “Because in some instances it could be example A and in
`
`some instances it could be example B. But as long as it is recognizing that a
`
`query message is requesting a secure . . . computer address . . . it can’t be
`
`just a conventional DNS operation. It has to be more than that.” Tr. 67:24–
`
`68:4.
`
`Therefore, the clearest thread running through the arguments,
`
`prosecution history, evidence, the ’274 patent Specification, and the claim
`
`language, is that “the ’180 patent explains that a secure domain name
`
`service can resolve addresses for a secure domain name whereas a
`
`conventional domain name service cannot resolve addresses for a secure
`
`domain name (’180 patent, column 51 lines 25–35).” Ex. 3001, 3 (emphasis
`
`added). Simply put, a conventional DNS does not resolve a secure address
`
`for a secure domain name, hence the name, secure domain server, and
`
`nomenclature, SDNS. Cf. In re Abbott Diabetes Care Inc., 696 F.3d 1142,
`
`1149–50 (Fed. Cir. 2004) (disavowal must “repeatedly, consistently, and
`
`exclusively” show the same feature).
`
`14
`
`
`
`IPR2014-00403
`Patent 7,987,274 B2
`
`
`In a similar vein, according to Patent Owner, “each of the disclosed
`
`embodiments performs more than the conventional DNS functions and
`
`supports establishing a secure communication link.” PO Resp. 30–31.
`
`Describing what some embodiments may do fails to explain why Petitioner’s
`
`construction, “resolv[ing] secure computer network addresses for a secure
`
`domain name” does not also “support[] establishing a secure communication
`
`link.” The arguments and evidence show that a “secure domain service”
`
`(SDNS) requires no functionality beyond Petitioner’s proposed
`
`construction.7
`
`Further alleging a Specification disclaimer, Patent Owner quotes the
`
`’274 patent as noting that ‘“[t]he conventional scheme suffers from certain
`
`drawbacks,’” and points to “‘certain aspects of the invention’” as setting up
`
`a VPN. See PO Resp. 30 (quoting Ex. 1001, 39:4–41 (emphasis by Patent
`
`Owner), citing Ex. 2041 ¶ 35). In that conventional scheme, the ’274 patent
`
`discloses that “[o]ne conventional scheme . . . provides the DNS server with
`
`public keys of the machines that the DNS server has addresses for.” Ex.
`
`
`7 Patent Owner also argues that “the Board has rejected arguments that “a
`‘secure domain name service’ is a service that can resolve secure computer
`network addresses that a conventional domain name server cannot resolve.”
`PO Resp. 35 (citing Apple Inc. v. VirnetX Inc., Case IPR2014-00482, slip.
`op. at 9 (PTAB Sept. 3, 2014) (Paper 10); Apple Inc. v. VirnetX Inc., Case
`IPR2014-00481, slip. op. at 9 (PTAB Sept. 3, 2014) (Paper 11)). This
`argument mischaracterizes and overstates the import of those prior decisions
`to institute. In both proceedings, we determined that “for purposes of this
`Decision, a ‘secure domain name service’ is a service that provides a secure
`computer network address for a requested secure domain name”––if
`anything, a slightly broader construction than the petitioner’s proposed
`construction there and Petitioner’s similar construction proposed here. See,
`e.g., Apple, Case IPR2014-00481, Paper 11 at 9. Also, those decisions
`involved preliminary findings and claim constructions. See id.
`
`15
`
`
`
`IPR2014-00403
`Patent 7,987,274 B2
`
`1001, 39:13–17 (emphasis added). The ’274 patent describes “drawbacks”
`
`pertaining to that “conventional scheme” (i.e., not the DNS itself and not a
`
`an SDNS): “For example, any user can perform a DNS request. . . . [and]
`
`DNS requests resolve to the same value for all users.” Ex. 1001, 39:23–25
`
`(emphasis added). Although it is not clear, this disparaged “scheme” may be
`
`the basis upon which Patent Owner relies for its disclaimer argument that an
`
`SDNS cannot merely “resolve[] a domain name query” that “happens to be
`
`associated with a secure domain name” “unbeknownst to the domain name
`
`service.” See PO Resp. 16 (quoting Ex. 2040, 7, but not linking directly the
`
`disclosed conventional public key scheme to the prosecution argument).
`
`Nevertheless, Patent Owner fails to explain how Petitioner’s construction
`
`embraces this disparaged public key scheme. Petitioner proposes that an
`
`SDNS “can resolve secure computer network addresses for a secure domain
`
`name.” Id. at 34 (emphasis added). On its face, a “secure domain name”
`
`does not “happen” to be “associated with a secure name”; rather, a secure
`
`domain name is a secure name.
`
`Moreover, the ’274 patent describes overcoming the problems
`
`associated with the public key “scheme” by doing much more than adding
`
`Patent Owner’s proposed “recognizing” functionality to the SDNS as
`
`construed by Petitioner: “According to certain aspects of the invention, a
`
`specialized DNS server traps DNS requests and, if the request is from a
`
`special type of user (e.g., one for which secure communications are defined),
`
`the server does not return the true IP address of the target node, but instead
`
`automatically sets up a virtual private network between the target node and
`
`the user. The VPN is preferably implemented using the IP address ‘hopping
`
`features.’” Ex. 1001, 39:24–34 (emphases added). The claims do not recite
`
`16
`
`
`
`IPR2014-00403
`Patent 7,987,274 B2
`
`a “specialized DNS,” but even if the claimed SDNS somehow relates to this
`
`disclosed “specialized DNS,” Patent Owner does not urge that its proposed
`
`SDNS must return a false IP address, automatically set up a VPN, or use
`
`hopping features––which the Specification discloses as solving problems
`
`associated with the allegedly disparaged conventional DNS/public key
`
`scheme.
`
`Patent Owner also does not explain how its proposed “recognizes”
`
`functionality would overcome the conventional scheme’s problem of
`
`allowing “any user [to] perform a DNS request,” or prevent its proposed
`
`SDNS from “resolv[ing] the same value for all users.” See Ex. 1001, 39:23–
`
`25. There is no dispute on this record that a “secure network address is an
`
`address that requires authorization for access.” Ex. 1090, 21:10–13; PO
`
`Resp. 24 (agreeing with claim construction of “secure network address” in
`
`Institution Decision, see Inst. Dec. 9). Assuming that “any user” even has
`
`access to a secure domain name, a secure network address that requires
`
`authorization naturally prevents “any user” from obtaining it via a resolved
`
`secure domain name, thereby overcoming the prior art problems in the DNS
`
`conventional scheme, and suggesting that any “recognizes” functionality as
`
`a proposed SDNS requirement is superfluous or not required.
`
`Overcoming that prior art scheme’s problems with a list of disclosed
`
`features that are not required under Patent Owner’s claim construction fails
`
`to support that construction. Criticizing a prior art scheme in the disclosure
`
`or in arguments does not criticize an SDNS itself. As a specific example,
`
`urging construction of a client computer as a user’s computer, Patent Owner
`
`refers to a “conventional” “user’s” computer as “another embodiment,” even
`
`though the ’274 patent Specification disparages the “conventional
`
`17
`
`
`
`IPR2014-00403
`Patent 7,987,274 B2
`
`architecture” that employs such a user’s computer (because it is not secure
`
`enough). See Ex. 1001, 39:4–13; PO Resp. 21. Further, as Petitioner
`
`argues, even if a DNS/public key scheme embodiment falls into Petitioner’s
`
`construction, “‘[m]ere criticism of a particular embodiment encompassed in
`
`the plain meaning of a claim term is not sufficient to rise to the level of clear
`
`disavowal.’” Pet. 7 (quoting Thorner v. Sony Computer Entm’t Am. LLC,
`
`669 F.3d 1362, 1366 (Fed. Cir. 2012)).
`
`Finally, Patent Owner made the opposite argument to the District
`
`Court that it is making here, and argued that the “non-standard” distinction,
`
`which underlies the “recognizing” interpretation according to Patent Owner’s
`
`arguments here, “is not supported by the specification or the prosecution
`
`history.” Ex. 1018, 18 (discussing Patent Owner’s ’180 patent prosecution
`
`history arguments in the ’270 reexamination). In other words, despite Patent
`
`Owner’s arguments to the contrary in the District Co