`Trials@uspto.gov
`Entered: October 18, 2016
`
`571-272-7822
`UNITED STATES PATENT AND TRADEMARK OFFICE
`_______________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`_______________
`
`APPLE INC.,
`Petitioner,
`
`v.
`
`VIRNETX INC.,
`Patent Owner.
`_______________
`
`Case IPR2015-01009
`Patent 8,843,643 B2
`_______________
`
`
`
`Before KARL D. EASTHOM, ROBERT J. WEINSCHENK, and
`BETH Z. SHAW, Administrative Patent Judges.
`
`WEINSCHENK, Administrative Patent Judge.
`
`FINAL WRITTEN DECISION
`35 U.S.C. § 318(a) and 37 C.F.R. § 42.73
`
`
`
`
`
`
`
`
`IPR2015-01009
`Patent 8,843,643 B2
`
`
`INTRODUCTION
`I.
`Apple Inc. (“Petitioner”) filed a Petition (Paper 1, “Pet.”) requesting
`an inter partes review of claims 1–9, 12–24, and 27–32 of U.S. Patent No.
`8,843,643 B2 (Ex. 1001, “the ’643 patent”). VirnetX Inc. (“Patent Owner”)
`filed a Preliminary Response (Paper 6, “Prelim. Resp.”) to the Petition. On
`October 29, 2015, we instituted an inter partes review of claims 1–9, 12–24,
`and 27–32 (“the challenged claims”) of the ’643 patent on the following
`grounds:
`Claim(s)
`1–9, 12, 14,
`17–24, 27,
`and 29
`1, 13, 15–17,
`28, and 30–
`32
`
`Applied Reference(s)
`Statutory Basis
`35 U.S.C. § 102(a) Microsoft Windows 2000
`Professional Resource Kit (2000)
`(Ex. 1005, “Windows Resource Kit”)
`35 U.S.C. § 103(a) Windows Resource Kit; Microsoft
`Internet Explorer 5 Resource Kit
`(1999) (Ex. 1006, “IE5 Resource
`Kit”); and Elgamal et al., U.S. Patent
`No. 5,657,390 (issued Aug. 12, 1997)
`(Ex. 1007, “Elgamal”)
`
`Paper 9 (“Dec. on Inst.”), 9.
`After institution, Patent Owner filed a Response (Paper 15, “PO
`Resp.”) to the Petition, and Petitioner filed a Reply (Paper 23, “Pet. Reply”)
`to the Response. An oral hearing was held on July 19, 2016, and a transcript
`of the hearing is included in the record. Paper 32 (“Tr.”).
`We issue this Final Written Decision pursuant to 35 U.S.C. § 318(a)
`and 37 C.F.R. § 42.73. For the reasons set forth below, Petitioner has shown
`by a preponderance of the evidence that claims 1–9, 14, 17–24, and 29 of the
`’643 patent are unpatentable, but Petitioner has not shown by a
`preponderance of the evidence that claims 12, 13, 15, 16, 27, 28, and 30–32
`of the ’643 patent are unpatentable.
`
`2
`
`
`
`IPR2015-01009
`Patent 8,843,643 B2
`
`
`Related Proceedings
`A.
`The parties indicate that the Petition in this case is related to the
`petition for inter partes review in IPR2015-01010, which also involves the
`’643 patent. Pet. 2; Paper 5, 2. Patent Owner indicates that certain patents
`related to the ’643 patent are at issue in various inter partes reviews,
`reexaminations, and district court cases. Paper 5, 2–12.
`The ’643 Patent
`B.
`The ’643 patent relates to, inter alia, establishing a secure
`communication link between a computer and a server without a user of the
`computer having to enter any identification information, passwords, or
`encryption keys. Ex. 1001, col. 48, l. 66–col. 49, l. 1, col. 50, ll. 9–16. For
`example, a user of a computer may connect to a non-secure server by
`entering a domain name for the non-secure server in a Web browser. Id. at
`col. 49, ll. 21–32. The user then can enable a secure communication mode
`simply by clicking a “go secure” hyperlink in the Web browser. Id. at col.
`50, ll. 9–12. The ’643 patent explains that a software module on the
`computer automatically replaces the domain name for the non-secure server
`with a secure domain name. Id. at col. 50, ll. 22–25. The software module
`then sends a query using the secure domain name to a secure domain name
`service (“SDNS”). Id. at col. 50, ll. 49–53. In response to the query, the
`SDNS returns an address for a secure server. Id. at col. 51, ll. 39–42. The
`computer then accesses the secure server through a virtual private network
`(“VPN”) communication link. Id. at col. 51, ll. 57–59.
`Illustrative Claim
`C.
`Claims 1 and 17 are independent. Claim 1 is reproduced below.
`
`
`
`3
`
`
`
`IPR2015-01009
`Patent 8,843,643 B2
`
`
`1. A method for establishing an encrypted communication
`link between a first device and a second device over a
`communication network, the method comprising:
`enabling, at the first device, a secure communication mode
`without a user entering any cryptographic information for
`establishing the secure communication mode; and
`establishing, based on a determination that the secure
`communication mode has been enabled,
`the encrypted
`communication link between the first device and the second
`device over the communication network, the establishing
`including:
`constructing a domain name based on an identifier
`associated with the second device;
`sending a query using the domain name;
`receiving, in response to the query, at least one network
`address associated with the domain name; and
`initiating establishment of the encrypted communication
`link between the first device and the second device over the
`communication network using the at least one network address
`and encrypted communication link resources received from a
`server that is separate from the first device.
`Ex. 1001, col. 55, ll. 46–67.
`
`II. ANALYSIS
`A. Claim Construction
`The claims of an unexpired patent are interpreted using the broadest
`reasonable interpretation in light of the specification of the patent in which
`they appear. 37 C.F.R. § 42.100(b); Cuozzo Speed Techs., LLC v. Lee, 136
`S. Ct. 2131, 2144–45 (2016). The parties propose construing several claim
`terms in the ’643 patent. Pet. 8–14; PO Resp. 4–22. For the reasons
`discussed below, we determine that no claim terms require express
`construction to resolve the parties’ disputes regarding the asserted grounds
`
`4
`
`
`
`IPR2015-01009
`Patent 8,843,643 B2
`
`of unpatentability in this case. See infra Sections II.B–II.C; Vivid Techs.,
`Inc. v. Am. Sci. & Eng’g, Inc., 200 F.3d 795, 803 (Fed. Cir. 1999) (“[O]nly
`those terms need be construed that are in controversy, and only to the extent
`necessary to resolve the controversy.”).
`Anticipation of Claims 1–9, 12, 14, 17–24, 27, and 29 by
`B.
`Windows Resource Kit
`Petitioner argues that claims 1–9, 12, 14, 17–24, 27, and 29 are
`anticipated by Windows Resource Kit. Pet. 3. A claim is anticipated if each
`limitation of the claim is disclosed in a single prior art reference arranged as
`in the claim. Net MoneyIN, Inc. v. VeriSign, Inc., 545 F.3d 1359, 1369 (Fed.
`Cir. 2008). We have considered the parties’ arguments and supporting
`evidence. We determine that Petitioner has shown by a preponderance of
`the evidence that claims 1–9, 14, 17–24, and 29 are anticipated by Windows
`Resource Kit, but Petitioner has not shown by a preponderance of the
`evidence that claims 12 and 27 are anticipated by Windows Resource Kit.
`Overview of Windows Resource Kit
`1.
`Windows Resource Kit is a guide for installing, configuring, and
`supporting Windows 2000. Ex. 1005, xxxiii. Windows Resource Kit
`describes, inter alia, configuring a computer with Windows 2000 to
`communicate with other computers on a network. Id. at 948. For example,
`Windows Resource Kit explains that a user can select a security policy on a
`Windows 2000 computer to ensure that communications with other
`computers are secure. Id. at 1021–1025. Windows Resource Kit also
`describes the Domain Name System (“DNS”) that a Windows 2000
`computer uses to communicate with other computers on a network. Id. at
`964. Specifically, Windows Resource Kit explains that a Windows 2000
`computer sends a query containing a domain name associated with another
`
`5
`
`
`
`IPR2015-01009
`Patent 8,843,643 B2
`
`computer to a DNS. Id. The DNS then responds to the query with an
`Internet Protocol (“IP”) address. Id. at 964, 986. The Windows 2000
`computer uses that IP address to locate the other computer on the network.
`Id. at 1006. Based on the security policy selected on the Windows 2000
`computer, the two computers may establish an encrypted communication
`link. Id. at 1021–1022.
`Claim 1
`2.
`Claim 1 recites “enabling, at the first device, a secure communication
`mode without a user entering any cryptographic information for establishing
`the secure communication mode.” Ex. 1001, col. 55, ll. 49–51. Windows
`Resource Kit discloses enabling a secure communication mode on a
`computer by selecting one of several default IP security policies using an IP
`security dialog box and without entering any other information. Pet. 20–21;
`Ex. 1003 ¶¶ 188–189; Ex. 1005, 1024–1025. The “Secure Server” (or
`“High”) policy, for example, requires that “all outgoing communications are
`secured” and that “[a]ll unsecured incoming communications are rejected.”
`Pet. 21; Ex. 1003 ¶¶ 189–190; Ex. 1005, 1025.
`Patent Owner argues that Windows Resource Kit does not disclose
`enabling a secure communication mode without a user entering any
`cryptographic information. PO Resp. 22–24. Specifically, Patent Owner
`argues that Windows Resource Kit requires the user to select a security
`policy, and, thus, requires the user to identify a specific encryption function.
`Id. at 23–24 (citing Ex. 2015 ¶¶ 38–39). Patent Owner’s argument is not
`persuasive. Neither Patent Owner nor Patent Owner’s declarant, Dr. Fabian
`Monrose, explains specifically how selecting one of the default IP security
`policies in Windows Resource Kit identifies a specific encryption function.
`
`6
`
`
`
`IPR2015-01009
`Patent 8,843,643 B2
`
`PO Resp. 22–24; Ex. 2015 ¶¶ 38–39; Ex. 1046, 74:14–75:22. Further,
`contrary to Patent Owner’s argument, Windows Resource Kit discloses that
`selecting one of the default IP security policies simply indicates whether a
`communication is secure, not a specific encryption function. Ex. 1003
`¶¶ 189–190; Ex. 1005, 1024–1025. This disclosure in Windows Resource
`Kit is consistent with the written description in the ’643 patent, which
`explains that clicking a “go secure” hyperlink indicates whether a
`communication is secure, but not a specific encryption function. Ex. 1001,
`col. 50, ll. 9–19.
`Claim 1 recites “establishing, based on a determination that the secure
`communication mode has been enabled, the encrypted communication link
`between the first device and the second device over the communication
`network.” Ex. 1001, col. 55, ll. 52–55. Windows Resource Kit discloses the
`procedure for establishing an IP security session between a first computer
`(Computer A) and a second computer (Computer B). Pet. 22–23; Ex. 1003
`¶¶ 195–198; Ex. 1005, 1021–1022, Fig. 22.19. Specifically, Windows
`Resource Kit states the following:
`2. IPSec checks IP Security Group Policy settings on Computer
`A to determine the computer’s active IP Security policy. The
`default policies allow a computer to demand secure
`communication,
`to request secure communication but
`proceed unsecurely if necessary, or to never request IP
`security.
`3. Computer A begins security negotiations with Computer B.
`The two computers exchange public keys and establish a
`shared, secret key that is created independently at both ends
`without being transmitted across the network.
`
`Ex. 1005, 1021–1022. In other words, Windows Resource Kit discloses that
`the first computer determines which IP security policy was selected by the
`
`7
`
`
`
`IPR2015-01009
`Patent 8,843,643 B2
`
`user, and, based on that determination, begins negotiations with the second
`computer to establish an encrypted communication link. Ex. 1003 ¶¶ 185–
`186, 197–198; Ex. 1005, 1021–1022, Fig. 22.19.
`Patent Owner argues that Windows Resource Kit does not disclose
`establishing an encrypted communication link based on a determination that
`the secure communication mode has been enabled because selecting an IP
`security policy in Windows Resource Kit does not trigger the establishment
`of an encrypted communication link between two computers. PO Resp. 25–
`28 (citing Ex. 2015 ¶¶ 42–46). Patent Owner’s argument is not persuasive.
`Claim 1 recites that establishing the encrypted communication link is “based
`on” a determination that the secure communication mode has been enabled.
`Ex. 1001, col. 55, ll. 52–55. In contrast, claim 16, which depends from
`claim 1, recites that establishing the encrypted communication link is
`“trigger[ed]” by enablement of the secure communication mode. Id. at col.
`57, ll. 9–11. The use of different terms in claims 1 and 16 indicates that the
`phrase “based on” in claim 1 is not limited to the “trigger[ing]” recited in
`claim 16. See Liebel-Flarsheim Co. v. Medrad, Inc., 358 F.3d 898, 910
`(Fed. Cir. 2004).
`The specification of the ’643 patent also indicates that the phrase
`“based on” in claim 1 does not require triggering the establishment of an
`encrypted communication link. Although, as Patent Owner points out, the
`’643 patent describes an embodiment in which clicking a “go secure”
`hyperlink triggers the establishment of an encrypted communication link
`(PO Resp. 27–28 (citing Ex. 1001, col. 49, ll. 44–46, col. 50, ll. 9–22, Fig.
`34)), the ’643 patent is not limited to that embodiment. For example, the
`’643 patent also explains that “the user can optionally specify that all
`
`8
`
`
`
`IPR2015-01009
`Patent 8,843,643 B2
`
`communication links established over computer network 3302 are secure
`communication links” and, thus, “anytime that a communication link is
`established, the link is a VPN link.” Ex. 1001, col. 52, ll. 10–14. In other
`words, a user can enable a secure communication mode once for all future
`communication links so that “the user need not ‘click’ on the secure option
`each time secure communication is to be effected.” Id. at col. 52, ll. 16–19.
`As such, in this embodiment in the ’643 patent, the establishment of an
`encrypted communication link is based on, but not triggered by, a
`determination that the secure communication mode has been enabled.
`Claim 1 recites that establishing the encrypted communication link
`includes “constructing a domain name based on an identifier associated with
`the second device.” Ex. 1001, col. 55, ll. 55–58. Windows Resource Kit
`discloses constructing a domain name by appending a DNS suffix to a DNS
`host name. Pet. 24–27; Ex. 1003 ¶¶ 162–163; Ex. 1005, 967–968, 972, 976.
`For example, Windows Resource Kit discloses that the DNS suffix
`“dom1.acquired01-int.com” is appended to the DNS host name “client1” to
`construct the domain name “client1.dom1.acquired01-int.com.” Pet. 25; Ex.
`1003 ¶ 165; Ex. 1005, 976. The DNS host name “client1” is a name used to
`identify the second computer. Ex. 1003 ¶ 165; Ex. 1005, 968 (“The DNS
`host name is taken from the computer name assigned to it during Windows
`2000 Professional installation.”). Patent Owner does not dispute that
`Windows Resource Kit discloses the above limitation of claim 1.
`Claim 1 recites that establishing the encrypted communication link
`includes “sending a query using the domain name.” Ex. 1001, col. 55, l. 59.
`Windows Resource Kit discloses that the first computer sends a query
`containing the domain name to a DNS. Pet. 27; Ex. 1003 ¶¶ 161, 165; Ex.
`
`9
`
`
`
`IPR2015-01009
`Patent 8,843,643 B2
`
`1005, 964, 976. Patent Owner does not dispute that Windows Resource Kit
`discloses the above limitation of claim 1.
`Claim 1 recites that establishing the encrypted communication link
`includes “receiving, in response to the query, at least one network address
`associated with the domain name.” Ex. 1001, col. 55, ll. 60–61. Windows
`Resource Kit discloses that, in response to the query, the first computer
`receives one or more IP addresses associated with the domain name from the
`DNS. Pet. 28; Ex. 1003 ¶¶ 172, 174–175; Ex. 1005, 964 (“When a request
`for name-to-IP address resolution is made, the Windows 2000 resolver first
`submits the name query to DNS.”), 986. Patent Owner does not dispute that
`Windows Resource Kit discloses the above limitation of claim 1.
`Claim 1 recites that establishing the encrypted communication link
`includes “initiating establishment of the encrypted communication link
`between the first device and the second device over the communication
`network using the at least one network address and encrypted
`communication link resources received from a server that is separate from
`the first device.” Ex. 1001, col. 55, ll. 62–67. Windows Resource Kit
`discloses that to establish the encrypted communication link, the first
`computer sends a packet to the second computer that includes the IP address
`received from the DNS. Pet. 29; Ex. 1003 ¶¶ 195–196; Ex. 1005, 964, 1006
`(“When IP prepares to send a packet, it inserts the local (source) IP address
`and the destination address.”), 1021. Windows Resource Kit also discloses
`that to establish the encrypted communication link, the first computer uses a
`public encryption key received from the second computer. Pet. 29–30; Ex.
`1003 ¶¶ 198, 202; Ex. 1005, 1022 (“The two computers exchange public
`keys and establish a shared, secret key.”). Windows Resource Kit discloses
`
`10
`
`
`
`IPR2015-01009
`Patent 8,843,643 B2
`
`that the second computer can be a server. Ex. 1005, 1025 (“Secure Server
`(Require Security)”).
`Patent Owner argues that the first computer in Windows Resource Kit
`“could come pre-configured with the IP address” of the second computer,
`and, thus, the IP address would not be received from a server separate from
`the first computer. PO Resp. 29–30 (citing Ex. 2015 ¶¶ 48–49). Patent
`Owner’s argument is not persuasive. Patent Owner does not direct us to any
`specific portion of Windows Resource Kit that discloses a computer coming
`pre-configured with the IP address of another computer. PO Resp. 29–30.
`Further, as discussed above, Windows Resource Kit expressly discloses that
`the first computer receives the IP address of the second computer from a
`DNS that is separate from the first computer. Ex. 1003 ¶¶ 172, 174–175;
`Ex. 1005, 964 (“When a request for name-to-IP address resolution is made,
`the Windows 2000 resolver first submits the name query to DNS.”), 986.
`Patent Owner also argues that Petitioner improperly relies on the
`second computer in Windows Resource Kit as teaching both the server and
`the second device in claim 1. PO Resp. 30–32 (citing Ex. 2015 ¶¶ 50–52).
`Patent Owner contends that, according to the specification of the ’643
`patent, the server that provides the encrypted communication link resources
`must be separate from the first device and the second device. PO Resp. 31
`(citing Ex. 1001, col. 51, ll. 29–42, col. 51, ll. 57–62, Fig. 33).
`Patent Owner’s argument is not persuasive. Claim 1 recites a “first
`device,” a “second device,” and a “server” separately, which generally is an
`indication that those elements are distinct components. Ex. 1001, col. 55,
`ll. 62–67; see Becton, Dickinson & Co. v. Tyco Healthcare Group, LP, 616
`F.3d 1249, 1254 (Fed. Cir. 2010) (“Where a claim lists elements separately,
`
`11
`
`
`
`IPR2015-01009
`Patent 8,843,643 B2
`
`‘the clear implication of the claim language’ is that those elements are
`‘distinct component[s]’ of the patented invention.”). However, the parties
`agree that the term “server,” when given its ordinary and customary
`meaning, can refer to software operative on a computer. Pet. Reply 11;
`Tr. 33:11–15. In other words, although the term “server” is recited
`separately in claim 1, the ordinary and customary meaning of the term
`“server” indicates that it can be part of a computer. Id. Further, claim 1
`specifies that the server is “separate from” the first device, but does not
`recite a similar requirement that the server is separate from the second
`device. Ex. 1001, col. 55, ll. 62–67. Thus, the claim language indicates that
`the server is separate from the first device, but not necessarily the second
`device. Id.; see Retractable Techs., Inc. v. Becton, Dickson & Co., 653 F. 3d
`1296, 1303 (Fed. Cir. 2011) (holding that the claim language indicates that
`the “needle holder” and “retainer member” need not be separate
`components).
`Our reading of the claim language is consistent with the specification
`of the ’643 patent. One embodiment described in the ’643 patent includes
`computer 2601 (a first device), computer with unsecure target site 2611 and
`secure target site 2604 (a second device), and gatekeeper 2603 (a server) that
`provides encrypted communication link resources. Ex. 1001, col. 39, ll. 58–
`67, col. 40, ll. 10–14, Fig. 26. Another embodiment described in the ’643
`patent includes computer 3301 (a first device), computer with unsecure
`server 3304 and secure server 3320 (a second device), and gatekeeper 3314
`(a server) that provides encrypted communication link resources. Id. at col.
`49, ll. 10–13, col. 51, ll. 29–39, Fig. 33. In each of those embodiments, the
`server is separate from both the first and second devices. Id. at Figs. 26, 33.
`
`12
`
`
`
`IPR2015-01009
`Patent 8,843,643 B2
`
`
`There is, however, another embodiment in the ’643 patent that
`includes computer 3604 (a first device), computer 3608 (a second device),
`and server proxy 3610 (a server) that provides encrypted communication
`link resources.1 Id. at col. 53, ll. 57–58, col. 54, ll. 40–43, col. 55, ll. 9–21,
`Fig. 36. In this embodiment, server proxy 3610, which provides encrypted
`communication link resources to computer 3604, is separate from computer
`3604 (the first device), but is part of computer 3608 (the second device). Id.
`at col. 55, ll. 9–23, Fig. 36. Thus, like the claim language, this embodiment
`in the specification indicates that the server is separate from the first device,
`but not necessarily the second device. Id.; see Powell v. Home Depot
`U.S.A., Inc., 663 F.3d 1221, 1231–32 (Fed. Cir. 2011) (holding that the
`specification discloses that the “cutting box” may also function as a “dust
`collection structure,” and, thus, the claim terms do not require separate
`components).
`At the oral hearing, Patent Owner argued that the ’643 patent indicates
`that the first device accesses the server before the encrypted communication
`link is established, but does not access the second device until after the
`encrypted communication link is established. Tr. 30:17–31:5 (citing Ex.
`1001, col. 51, ll. 31–32). Thus, according to Patent Owner, the server
`cannot be part of the second device. Tr. 30:17–31:5. Patent Owner’s
`argument is not persuasive. The ’643 patent indicates that the second device
`
`
`1 The embodiment in Figure 36 differs from those in Figures 26 and 33
`because it creates a virtual private connection, rather than a VPN. Ex. 1001,
`col. 53, l. 66–col. 54, l. 8. Nonetheless, like the gatekeepers in Figures 26
`and 33, the server proxy in Figure 36 provides field-hopping resources, such
`as those used for a VPN. Id. at col. 40, ll. 32–35, col. 51, ll. 57–64, col. 55,
`ll. 14–17.
`
`13
`
`
`
`IPR2015-01009
`Patent 8,843,643 B2
`
`in Figure 33 may include unsecure server 3304 and secure server 3320. Ex.
`1001, col. 51, ll. 29–39, Fig. 33. Although the first device can only access
`secure server 3320 after the encrypted communication link is established (id.
`at col. 51, ll. 31–32), the first device can access unsecure server 3304 and
`any other unsecure portions of the second device before the encrypted
`communication link is established (id. at col. 49, ll. 28–30). Thus, contrary
`to Patent Owner’s argument, the first device can access the unsecure
`portions of the second device to obtain the encrypted communication link
`resources and then use those resources to establish an encrypted
`communication link with the secure server on the second device. See, e.g.,
`id. at col. 55, ll. 9–23, Fig. 36.
`For the reasons discussed above, we determine that Petitioner has
`shown by a preponderance of the evidence that claim 1 is anticipated by
`Windows Resource Kit.
`Claim 17
`3.
`Claim 17 recites limitations similar to those discussed above with
`respect to claim 1. Ex. 1001, col. 57, ll. 12–37; see supra Section II.B.2.
`Claim 17 further specifies that the first device comprises “a communications
`component that communicates over the communication network,” “a
`memory storing computer program instructions,” and “at least one processor
`that executes the instructions.” Ex. 1001, col. 57, ll. 15–18. Windows
`Resource Kit discloses a computer with a network adapter for
`communicating over a communication network (Pet. 31; Ex. 1003 ¶ 157; Ex.
`1005, 84 (“detects your network adapter”), 107), a memory for storing
`computer program instructions (Pet. 31; Ex. 1003 ¶ 157; Ex. 1005, 107), and
`a processor for executing those instructions (Pet. 31; Ex. 1003 ¶ 157; Ex.
`
`14
`
`
`
`IPR2015-01009
`Patent 8,843,643 B2
`
`1005, 107). Patent Owner does not dispute that Windows Resource Kit
`discloses the above limitations of claim 17.
`Therefore, we determine that Petitioner has shown by a preponderance
`of the evidence that claim 17 is anticipated by Windows Resource Kit.
`Claims 2, 4, and 18
`4.
`Claim 2 depends from claim 1, and recites “wherein enabling the
`secure communication mode includes receiving a command entered into the
`first device by the user, and the command specifies the secure
`communication mode.” Ex. 1001, col. 56, ll. 1–4. Windows Resource Kit
`discloses that a user can enable a secure communication mode on a
`computer by selecting one of several default IP security policies using an IP
`security dialog box on the computer. Pet. 32–33; Ex. 1003 ¶¶ 188–189;
`Ex. 1005, 1024–1025. Selecting the “Secure Server” (or “High”) policy, for
`example, specifies a secure communication mode because it requires that
`“all outgoing communications are secured” and that “[a]ll unsecured
`incoming communications are rejected.” Pet. 32–33; Ex. 1003 ¶¶ 189–190;
`Ex. 1005, 1025. Patent Owner does not dispute that Windows Resource Kit
`discloses the above limitations of claim 2.
`Claim 4 depends from claim 2, and recites “wherein receiving the
`command includes: displaying, at the first device, a user interface including
`a user interface element for enabling the secure communication mode; and
`receiving the command from the user via the user interface element.”
`Ex. 1001, col. 56, ll. 8–14. Windows Resource Kit discloses a computer that
`displays Windows 2000, which is a user interface (Pet. 33; Ex. 1005, 7
`(“Windows 2000 Professional has an improved user interface.”)), and
`displays an IP security dialog box, which is a user interface element (Pet. 33;
`
`15
`
`
`
`IPR2015-01009
`Patent 8,843,643 B2
`
`Ex. 1005, 1025). Windows Resource Kit discloses that a user can enable a
`secure communication mode on the computer by selecting one of several
`default IP security policies using the IP security dialog box. Pet. 33–34; Ex.
`1003 ¶¶ 188–189; Ex. 1005, 1024–1025. Patent Owner does not dispute that
`Windows Resource Kit discloses the above limitations of claim 4.
`Claim 18 depends from claim 17, and recites limitations similar to
`those discussed above with respect to claims 2 and 4. Ex. 1001, col. 57,
`ll. 38–48. For the reasons discussed above with respect to claims 2 and 4,
`Windows Resource Kit discloses the limitations of claim 18. Patent Owner
`does not dispute that Windows Resource Kit discloses the limitations of
`claim 18.
`Therefore, we determine that Petitioner has shown by a preponderance
`of the evidence that claims 2, 4, and 18 are anticipated by Windows
`Resource Kit.
`Claims 3 and 19
`5.
`Claim 3 depends from claim 2, and recites “wherein the command
`defines a setup parameter associated with the secure communication mode.”
`Ex. 1001, col. 56, ll. 5–7. Claim 19 depends from claim 17, and recites
`similar limitations. Id. at col. 57, ll. 49–51. As discussed above, Windows
`Resource Kit discloses that a user can enable a secure communication mode
`on a computer by selecting one of several default IP security policies using
`an IP security dialog box. Pet. 36; Ex. 1003 ¶¶ 188–189; Ex. 1005, 1024–
`1025. The default IP security policies are setup parameters because they
`determine which communications are secure. Pet. 36; Ex. 1003 ¶¶ 189–190;
`Ex. 1005, 1024–1025. Patent Owner does not dispute that Windows
`Resource Kit discloses the above limitations of claims 3 and 19.
`
`16
`
`
`
`IPR2015-01009
`Patent 8,843,643 B2
`
`
`Therefore, we determine that Petitioner has shown by a preponderance
`of the evidence that claims 3 and 19 are anticipated by Windows Resource
`Kit.
`
`Claims 5 and 20
`6.
`Claim 5 depends from claim 4, and recites “wherein the user interface
`comprises an application stored on the first device.” Ex. 1001, col. 56, ll.
`16–17. Claim 20 depends from claim 17, and recites similar limitations. Id.
`at col. 57, ll. 52–53. As discussed above, Windows Resource Kit discloses a
`computer that displays Windows 2000, which is a user interface. Pet. 37;
`Ex. 1005, 7. Windows Resource Kit further discloses that Windows 2000
`includes an Internet Explorer 5 application that is stored on the computer.
`Pet. 37; Ex. 1005, 11–12 (“With Internet Explorer 5 built in”). Patent
`Owner does not dispute that Windows Resource Kit discloses the above
`limitations of claims 5 and 20.
`Therefore, we determine that Petitioner has shown by a preponderance
`of the evidence that claims 5 and 20 are anticipated by Windows Resource
`Kit.
`
`Claims 6 and 21
`7.
`Claim 6 depends from claim 5, and recites “wherein the application
`comprises a web browser.” Ex. 1001, col. 56, ll. 18–19. Claim 21 depends
`from claim 20, and recites similar limitations. Id. at col. 57, ll. 54–55. As
`discussed above with respect to claims 4 and 5, Windows Resource Kit
`discloses a computer with Windows 2000, which is a user interface. Pet. 37;
`Ex. 1005, 7. Windows Resource Kit further discloses that Windows 2000
`includes an Internet Explorer 5 application, which is a web browser. Pet. 37;
`Ex. 1005, 11–12.
`
`17
`
`
`
`IPR2015-01009
`Patent 8,843,643 B2
`
`
`Patent Owner argues that, because claim 6 depends indirectly from
`claim 4, claim 6 requires that the user interface recited in claim 4 comprise a
`web browser. PO Resp. 32–33 (citing Ex. 2015 ¶¶ 53–54). Patent Owner
`contends that Petitioner relies on the IP security dialog box in Windows
`Resource Kit as disclosing the user interface in claim 4, but does not show
`that the IP security dialog box includes a web browser. PO Resp. 33–34
`(citing Ex. 2015 ¶¶ 55–57).
`Patent Owner’s argument is not persuasive. Petitioner relies on
`Windows 2000, not the IP security dialog box, in Windows Resource Kit as
`disclosing the “user interface” recited in claims 4 and 18. Pet. 33
`(“Windows Resource Kit further discloses that the user interface in
`Windows 2000 provides multiple user interface elements, including the IP
`security dialog window.” (emphasis omitted)). Petitioner relies on the IP
`security dialog box as disclosing the “user interface element” recited in
`claims 4 and 18. Id. Claims 6 and 21 recite that the user interface
`comprises a web browser application. Ex. 1001, col. 56, ll. 16–19, col. 57,
`ll. 52–55. Thus, Petitioner must show that Windows 2000 (i.e., the user
`interface) comprises a web browser application, but does not have to show
`that the IP security dialog box (i.e., the user interface element) comprises a
`web browser application. Id. As discussed above, Windows Resource Kit
`discloses that Windows 2000 includes an Internet Explorer 5 application,
`which is a web browser. Pet. 37; Ex. 1005, 11–12.
`Therefore, we determine that Petitioner has shown by a preponderance
`of the evidence that claims 6 and 21 are anticipated by Windows Resource
`Kit.
`
`18
`
`
`
`IPR2015-01009
`Patent 8,843,643 B2
`
`
`Claims 7 and 22
`8.
`Claim 7 depends from claim 1, and recites “wherein sending the query
`using the domain name includes sending, to a secure domain name service
`(SDNS), a query for a network address associated with the domain name.”
`Ex. 1001, col. 56, ll. 20–23. Claim 22 depends from claim 17, and recites
`similar limitations. Id. at col. 57, ll. 56–59.
`Petitioner argues that a secure domain name service (“SDNS”) is “a
`service that provides a secure computer network address for a requested
`secure domain name.” Pet. 12. Petitioner further specifies that a secure
`domain name is “a name that corresponds to a secure computer network
`address.” Id. (emphasis omitted). Patent Owner argues that an SDNS is “a
`lookup service that recognizes that a query message is requesting a secure
`computer network address, i.e., a network address that requires authorization
`for access, and returns a secure computer network address for a requested
`secure domain name.” PO Resp. 13. Pat