Trials@uspto.gov
`Tel: 571-272-7822
`
`
`Paper 29
`Entered: June 22, 2017
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`APPLE INC.,
`Petitioner,
`
`v.
`
`VIRNETX INC.,
`Patent Owner.
`
`
`Case IPR2016-00332
`Patent 8,504,696 B2
`
`
`
`
`Before MICHAEL P. TIERNEY, Vice Chief Administrative Patent Judge,
`KARL D. EASTHOM and STEPHEN C. SIU, Administrative Patent
`Judges.
`
`EASTHOM, Administrative Patent Judge.
`
`
`
`FINAL WRITTEN DECISION
`35 U.S.C. § 318(a) and 37 C.F.R. § 42.73
`
`
`
`
`
`
`
`
`
`
`
`

`

`IPR2016-00332
`Patent 8,504,696 B2
`
`I. INTRODUCTION
`A. Background
`Petitioner, Apple Inc., filed a Petition (Paper 1, “Pet.”) seeking an
`inter partes review of claims 1–11, 14–25, 28, and 30 (the “challenged
`claims”) of U.S. Patent No. 8,504,696 B2 (Ex. 1001, “the ’696 patent”),
`pursuant to 35 U.S.C. §§ 311–319. Pet. 6. After Patent Owner, VirnetX
`Inc., filed a Preliminary Response (Paper 6, “Prelim. Resp.”), we instituted
`an inter partes review of the challenged claims (Paper 8, “Institution
`Decision” or “Inst. Dec.”).
`Subsequent to institution, Patent Owner filed a Patent Owner
`Response (Paper 14, “PO Resp.”), Petitioner filed a Reply (Paper 17, “Pet.
`Reply”), and Patent Owner filed a Sur-Reply (Paper 18, “PO Sur-Reply”).
`The Board filed a transcription of the Oral Hearing held on March 27, 2017.
`(Paper 28, “Tr.”). This Final Written Decision issues concurrently with the
`final written decision involving the ’696 patent in Apple Inc. v. VirnetX Inc.,
`IPR2016-00331 (PTAB June 22, 2017).
`The Board has jurisdiction under 35 U.S.C. § 6(c). This Final Written
`Decision issues pursuant to 35 U.S.C. § 318(a) and 37 C.F.R. § 42.73. For
`the reasons that follow, we determine that Petitioner has shown by a
`preponderance of the evidence that claims 1–11, 14–25, 28, and 30 of the
`’696 patent are unpatentable.
`B. Related Matters
`Petitioner indicates that the ’696 patent “has not been asserted in
`litigation or the subject of other IPR proceedings.” Pet. 2. Petitioner
`concurrently filed a petition challenging the same claims and claim 29 in the
`’696 patent in IPR2016-00331. Id. at 5. Petitioner and Patent Owner
`
`2
`
`

`

`IPR2016-00332
`Patent 8,504,696 B2
`
`provide listings of district court actions, other inter partes review, and inter
`partes reexamination proceedings challenging related patents. See id. at 2–
`5, Paper 5, 3–15; see also VirnetX, Inc. v. Cisco Systems, Inc., 767 F.3d
`1308, 1317–19 (Fed. Cir. 2014) (addressing ancestor VirnetX patents);1
`VirnetX Inc. v. Apple Inc., 665 F. App’x 880 (Fed. Cir. 2016) (affirming
`Apple Inc. v. VirnetX Inc., Cases IPR2014-00237, IPR2014-00238 (PTAB
`May 11, 2015) (final written decisions “’237 FWD,” “’238 FWD,” or
`generally, “’237 IPR,” ’238 IPR”) (appealed by VirnetX));2 VirnetX Inc. v.
`Apple Inc., 671 F. App’x 786 (Fed. Cir. 2016) (affirming Apple Inc. v.
`VirnetX Inc., Cases IPR2014-00403, IPR2014-00404, IPR2014-00481,
`IPR2014-00482 (PTAB July 29, 2015) (final written decisions, “’403
`FWD,” “’404 FWD,” “’481 FWD,” “’482 FWD,” or generally, “’403 IPR,”
`’404 IPR,” etc.) (appealed by VirnetX));3 Apple Inc. v. VirnetX Inc., Case
`IPR2015-00811 (PTAB Sept. 8, 2016) (appealed by VirnetX); Apple Inc. v.
`VirnetX Inc., Case IPR2015-00812 (PTAB Aug. 30, 2016) (appealed by
`
`
`1 The ’696 patent is a continuation of an application, which is a continuation
`of U.S. Patent No. 7,921,211, which is a continuation of U.S. Patent No.
`7,418,504 (“’504 patent”), which is a continuation-in-part of U.S. Patent No.
`6,502,135 (’”135 patent”)––three of the four patents at issue in Cisco. See
`Cisco, 767 F.3d at 1313. (The fourth patent at issue in Cisco, is U.S. Patent
`No. 7,490,151 (“’151 patent”), a division of the ’135 patent.)
`2 The court affirmed the ’237 FWD and the ’238 FWD without reaching the
`merits of the ’237 FWD. See 665 F. App’x at 889 (In re Gleave, 560 F.3d
`1331, 1338 (Fed. Cir. 2009) (“declining to address alternative grounds of
`invalidity when the court upholds one such ground”).
`3 The court affirmed the four final written decisions without reaching the
`merits of the ’404 FWD and ’482 FWD. See 671 F. App’x at 787 (finding
`“no error in the Patent Trial and Appeal Board’s (‘the Board’) claim
`constructions or findings in the 403 and 481 proceedings).
`
`3
`
`

`

`IPR2016-00332
`Patent 8,504,696 B2
`
`VirnetX); Apple Inc. v. VirnetX Inc., IPR2015-00870 (PTAB Sept. 28, 2016)
`(appealed by VirnetX); Apple Inc. v. VirnetX Inc., IPR2015-00871 (PTAB
`Sept. 28, 2016) (“’871 FWD” or generally “’871 IPR”) (appealed by
`VirnetX). Some of these related cases involve overlapping claim
`construction and prior art issues with the instant case and are discussed
`further below as necessary.
`C. References and Declarations
`Petitioner relies on the following references.
`Reference
`Description
`Publication or
`Issue Date
`1996–1999
`
`Aventail Aventail (see note 4)
`
`RFC 2401 S. Kent & R. Atkinson, RFC
`2401, Security Architecture for
`the Internet Protocol, Network
`Working Group, Request for
`Comments
`RFC 2543 Handley et al., SIP: Session
`Initiation Protocol, Network
`Working Group, Request for
`Comments
`
`Exhibit
`No.
`Ex. 1009–
`10114
`Ex. 1008
`
`Nov. 1998
`
`Mar. 1999
`
`Ex. 1013
`
`
`4 Exhibits 1009–1011 relate to an Aventail Connect software application and
`are collectively referred to as “Aventail” unless otherwise noted. See
`Aventail Connect v3.01/v2.51 Administrator’s Guide (“Aventail
`Administrator Guide,” Ex. 1009), Aventail Connect v3.01/v2.51 User’s
`Guide (1996–1999) (“Aventail User Guide,” Exhibit 1010), and Aventail
`ExtraNet Center v3.0 Administrator’s Guide (NT and UNIX) (“Aventail
`ExtraNet,” Exhibit 1011).
`
`4
`
`

`

`IPR2016-00332
`Patent 8,504,696 B2
`
`Reference
`
`Description
`
`Yeager
`
`Publication or
`Issue Date
`1996
`
`Exhibit
`No.
`Ex. 1066
`
`N. YEAGER & R.E. MCGRAW,
`WEB SERVER TECHNOLOGY,
`THE ADVANCED GUIDE FOR
`WORLD WIDE WEB
`INFORMATION PROVIDERS
`(Michael B. Morgan et al. eds.,
`1996)
`Pet. 6, Attachment B.
`Petitioner also relies on, inter alia, the Declaration of Roberto
`Tamassia (Ex. 1005, “Tamassia Declaration”), the Declaration of the RFC
`Publisher for the Internet Engineering Task Force, an Organized Activity of
`the Internet Society, signed by Sandy Ginoza (Ex. 1060, “Ginoza
`Declaration”), the Declaration of Christopher Hopen (Ex. 1023, “Hopen
`Declaration”), the Declaration of Michael Fratto (Ex. 1043, “Fratto
`Declaration”), and the Declaration of James Chester (Ex. 1022 “Chester
`Declaration”). The latter three declarations were submitted in a related inter
`partes reexamination proceeding. See Pet. 18–19 (listing reexamination
`95/001,682).
`Patent Owner relies on two declarations, Declaration of Fabian
`Monrose, Ph.D., submitted originally in two related cases, Apple Inc. v.
`VirnetX, Inc., Cases IPR2015-00811, IPR2015-00812 (PTAB Dec. 11, 2015)
`(Ex. 2016 “Monrose Declaration”; Ex. 2018, “Monrose Declaration”).
`D. Asserted Grounds of Unpatentability
`Petitioner challenges claims of the ’696 patent as unpatentable on the
`following 35 U.S.C. § 103(a) grounds.
`References
`Aventail, RFC 2401
`
`Claims Challenged
`1, 4, 5, 9–11, 14–16, 19, 20, 24,
`
`5
`
`

`

`IPR2016-00332
`Patent 8,504,696 B2
`
`25, 28, and 30
`Aventail, RFC 2401, and RFC 2543 2, 3, 6–8, 17, 18, and 21–23
`Aventail, RFC 2401, and Yeager
`15 and 30
`Pet. 6.
`
`E. The ’696 Patent
`The ’696 patent describes secure methods for communicating over the
`Internet. Ex. 1001, Abstract, 10:3–8. Specifically, the ’696 patent describes
`“the automatic creation of a virtual private network (VPN) in response to a
`domain-name server look-up function.” Id. at 39:23–25. This automatic
`creation employs a modified Domain Name Server, which may include a
`conventional Domain Name Server (DNS) and a DNS proxy (id. at 40:20–
`40:22):
`
`Conventional Domain Name Servers (DNSs) provide a
`look-up function that returns the IP address of a requested
`computer or host. For example, when a computer user types in
`the web name “Yahoo.com,” the user’s web browser transmits a
`request to a DNS, which converts the name into a four-part IP
`address that is returned to the user’s browser and then used by
`the browser to contact the destination web site.
`
`Id. at 39:26–32.
`The DNS proxy of the modified DNS server intercepts DNS
`lookup requests, determines whether the user has requested access to a
`secure site (using for example, a domain name extension or an internal
`table of secure sites), and if so, whether the user has sufficient security
`privileges to access the requested site. Id. at 40:26–35. If the user has
`requested access to a secure site to which it has insufficient security
`privileges, the DNS proxy returns a “‘host unknown’” error to the
`user. Id. at 40:49–52. If the user has requested access to a secure site
`to which it has sufficient security privileges, the DNS proxy requests a
`
`6
`
`

`

`IPR2016-00332
`Patent 8,504,696 B2
`
`gatekeeper to create a VPN between the user’s computer and the
`secure target site. Id. at 40:32–35. The DNS proxy then returns to the
`user the resolved address passed to it by the gatekeeper, which need
`not be the actual address of the destination computer. Id. at 40:39–44.
`The VPN is “preferably implemented using the IP address ‘hopping’
`features,” (i.e., changing IP addresses based upon an agreed upon algorithm)
`described elsewhere in the ’696 patent, “such that the true identity of the two
`nodes cannot be determined even if packets during the communication are
`intercepted.” Id. at 3:4–8. The system may hide the identities (i.e.,
`anonymity, a form of security) by encrypting parts of packets, including the
`true final destination. See id. at 1:50–56, 10:3–10:67.
`“Tunneled Agile Routing Protocol (TARP)” (id. at 3:16–18) routers
`122–127, described as “special servers or routers” (id. at 10:4–5) along the
`hopping path, “are similar to regular IP routers 128–132” (id. at 10:5–6).
`See id. Fig. 2. TARP routers determine the “next-hop in a series of TARP
`router hops” (id. at 10:15–16) in the path and the final destination, by
`authenticating or decrypting transmitted encrypted parts of packets to find
`the next-hop TARP router address. Id. at 3:36–63, 10:23–67. “Once the
`outer layer of encryption is removed, the TARP router determines the final
`destination. Each TARP packet 140 undergoes a minimum number of hops
`to help foil traffic analysis.” Id. at 3:47–50 “[T]he hops may be chosen at
`random. . . .” Id. at 3:50–51. “The fact that different packets take different
`routes provides distinct advantages by making it difficult for an interloper to
`obtain all the packets forming an entire multi-packet message.” Id. at 3:56–
`59. Data messages in the packets also may be encrypted. See id. at 1:50–56,
`4:7–12.
`
`7
`
`

`

`IPR2016-00332
`Patent 8,504,696 B2
`
`F. Illustrative Challenged Claim 1
`Independent claims 1 and 16 recite the same limitations respectively
`in system and method format. Compare Ex. 1001, 56:8–23, with id. at 57:1–
`14. All other challenged claims depend from claims 1 or 16. Claim 1,
`illustrative of the challenged claims, follows:
`
`1. A system for connecting a first network device and a
`
`second network device, the system including one or more
`servers configured to:
`
`intercept, from the first network device, a request to look
`up an internet protocol (IP) address of the second network
`device based on a domain name associated with the second
`network device;
`
`determine, in response to the request, whether the second
`network device is available for a secure communications
`service; and
`
`initiate a virtual private network communication link
`between the first network device and the second network device
`based on a determination that the second network device is
`available for the secure communications service, wherein the
`secure communications service uses the virtual private network
`communication link.
`
`Ex. 1001, 56:7–23.
`
`II. ANALYSIS
`A. Claim Construction
`In an inter partes review, the Board construes claims by applying the
`broadest reasonable interpretation in light of the specification. 37 C.F.R.
`§ 42.100(b); Cuozzo Speed Techs., LLC v. Lee, 136 S. Ct. 2131, 2144–46
`(2016) (upholding the use of the broadest reasonable interpretation standard
`under 37 C.F.R. § 42.100(b)). Under this standard, absent any special
`definitions, claim terms or phrases are given their ordinary and customary
`meaning, as would be understood by one of ordinary skill in the art, in the
`
`8
`
`

`

`IPR2016-00332
`Patent 8,504,696 B2
`
`context of the entire disclosure. In re Translogic Tech., Inc., 504 F.3d 1249,
`1257 (Fed. Cir. 2007).
` For the purposes of this Decision, only the claim clause below needs
`express construction. See Vivid Techs., Inc. v. Am. Sci. & Eng’g, Inc., 200
`F.3d 795, 803 (Fed. Cir. 1999) (only those terms which are in controversy
`need to be construed and only to the extent necessary to resolve the
`controversy); Pet. Reply 5–6 (“Patent Owner advances no patentability
`arguments based on its proposed constructions for ‘server,’ ‘domain name,’
`‘secure communication service,’ ‘modulation,’ and ‘intercept[ing] . . .
`[a/the] request,’ so they need not be construed.”) (citing Vivid Techs., 200
`F.3d at 803).
`
`Virtual Private Network Link (“VPN Link”)
`Claims 1 and 16 recite a “virtual private network link” (“VPN link”).
`Citing, inter alia, the Board’s claim construction in the ’237 IPR and ’481
`IPR, Petitioner proposes that the terms “VPN link” means “a transmission
`path that includes portions of a public network and restricts access to data,
`addresses, or other information on the path, generally using obfuscation
`methods to hide information on the path, including, but not limited to, one or
`more of authentication, encryption, or address hopping.” See Pet. 15–16
`(citing ’237 FWD 10; Ex. 1005 ¶ 75); Pet. Reply 3–5 (citing ’481 FWD 10,
`arguing that prosecution history and the ’696 patent do not show that a
`secure communication and VPN link requires a “direct” communication).
`Patent Owner states “[a] ‘virtual private network communication link’
`in view of the specification is ‘a communication path between two devices
`in a virtual private network,’ where a virtual private network is a network of
`computers which privately and directly communicate with each other by
`
`9
`
`

`

`IPR2016-00332
`Patent 8,504,696 B2
`
`encrypting traffic on insecure paths between the devices where the
`communication is both secure and anonymous.” PO Resp. 3 (citing Ex.
`2018 ¶¶ 21–30). This latter part of Patent Owner’s construction that pertains
`to a virtual private network does not address the issue clearly of the recited
`VPN link. Patent Owner does not urge anonymity clearly or specifically as
`required for the recited VPN link under a broadest reasonable construction.
`Citing Cisco, Patent Owner also contends “[a]s the Court noted, ‘encryption
`of traffic’ is required on these ‘insecure paths.’” Id. at 14 (quoting Cisco,
`767 F.3d at 1322). In another section of its Response, Patent Owner argues
`that a VPN link requires a direct link and encryption (i.e., without
`mentioning anonymity). Id. at 27. (“[I]n the context of the ’696 patent
`claims, the virtual private network communication link between a first
`network device and a second network device is a direct communication link
`between the first network device and the second network device that is
`encrypted.”).
`In addition to arguing a VPN link only requires a direct encrypted link
`(see id.), Patent Owner also does not argue that Aventail does not disclose or
`suggest anonymity on its VPN link. See id. at 27–30. Accordingly, on this
`record, it is not necessary to determine if a VPN link requires anonymity on
`all parts of the link under a broadest reasonable construction of a VPN link.
`On one hand, because we determine below that the combination of
`Aventail and RFC 2401 teaches or suggests the argued features of a VPN
`link under at least one of Patent Owner’s proposed constructions, we need
`not resolve each of the various claim construction arguments. On the other
`hand, as an alternative, because Patent Owner contends the combination of
`Aventail and RFC 2401 does not teach or suggest a direct encrypted VPN
`
`10
`
`

`

`IPR2016-00332
`Patent 8,504,696 B2
`
`link, with a VPN link as part of a VPN network, we reach these disputed
`portions of the claim construction.
`Petitioner contends that collateral estoppel prevents Patent Owner
`from making these particular claim construction arguments, because prior
`related Board final written decisions affirmed by the Federal Circuit
`previously addressed the construction of the term. Pet. Reply 3–4 (citing the
`’481 FWD and generally the VirnetX-Apple decisions recently affirmed,
`supra nn. 2 & 3). In additional briefing requested by Patent Owner and
`granted, Patent Owner contends that the “Federal Circuit expressly did not
`reach” the merits of any Board decision where construction of the term “was
`essential to a final judgment.” See P.O. Sur-Reply 1–2. This argument has
`merit. Petitioner does not meet its burden of showing collateral estoppel
`applies here, because Petitioner does not direct specific attention to a Board
`or Federal Circuit final judgment in which resolving the construction
`regarding the direct requirement was necessary to the judgment.
`Regarding the alleged “network of computers” requirement of a VPN
`asserted by Patent Owner, Petitioner quotes the ’696 Specification: “The
`secure communication link is a virtual private network communication link
`over the computer network.” Pet. 16 (quoting Ex. 1001, 6:63–65). This
`cited sentence does not require a VPN link to be in a VPN network of other
`computers that communicate privately with the first and second network
`devices. Furthermore, claim 1 only recites two devices: “a virtual private
`network communication link between the first network device and the
`second network device.”
`Petitioner also notes the ’696 Specification states “software module
`3309 accesses secure server 3320 through VPN communication link 3321.”
`
`11
`
`

`

`IPR2016-00332
`Patent 8,504,696 B2
`
`Pet. 16 (quoting Ex. 1050, 52:19–20; Fig. 33). Petitioner explains that with
`respect to Figure 33, “communication link 3321 is shown as only the portion
`of the path between computer 3301 and server 3320 that is over network
`3302.” Id. (citing Ex. 1001; 52:19–20, Fig. 33; Ex. 1005 ¶ 74) (emphasis
`added). Figure 33 and relevant descriptions thereof reveal a mere
`communications link 3321 that connects between ISP 3303 and server 3320,
`without requiring a network of other devices, as Petitioner contends. See Ex.
`1050, 52:19–20, Fig. 33. Therefore, the Specification supports Petitioner.
`Contrary to Patent Owner’s arguments, the claim language and Specification
`do not support a requirement for a VPN link that includes a VPN that
`requires additional network computers to be connected via the recited VPN
`link, in order to communicate separately and privately with each other or the
`first and second network computers.
`Regarding the “direct” requirement, Petitioner contends the inclusion
`of “direct” adds an additional limitation that the Board previously rejected in
`the related ’481 FWD. See Pet. Reply 3 (citing ’481 FWD, 7–11). Patent
`Owner contends that the Specification “describes a virtual private network
`link as ‘direct’ between a client and target device.” PO Resp. 28 (emphasis
`added). Contrary to Patent Owner’s arguments, even if the Specification
`describes embodiments that skilled artisans would have recognized may
`have a direct connection, without more, such a mere description is not
`enough to support a lexicographic definition, claim disavowal, or
`importation of an embodiment’s features into the claim term.
`Moreover, none of the citations provided by Patent Owner, relating to
`the TARP routers or otherwise, use the term “direct” or otherwise indicate
`what the term embraces. See PO Resp. 8 (citing Ex. 1001,10:3–12, Fig. 2;
`
`12
`
`

`

`IPR2016-00332
`Patent 8,504,696 B2
`
`34:3–8, 40:32–35, 41:25–28), 42:32–36, 43:25–29 (allegedly “describing a
`variation of the TARP embodiments as including a direct communication
`link”), 38:29–32. 49:13–15, 49:21–36. The cited TARP embodiment at least
`includes an edge router 2903 or an ISP 2901 within an Internet path. See Ex.
`1001, 43:25–29, Fig. 29.
`Patent Owner and Petitioner agree that any direct embodiments
`include various intervening devices (including routers): “In each of these
`embodiments, the ’696 patent specification discloses that the link traverses a
`network (or networks) through which it is simply passed or routed via
`various network devices such as Internet Service Providers, firewalls, and
`routers.” PO Resp. 9 (citing Ex. 1001, Figs. 2, 24, 28, 29, 33; Ex. 2018 at ¶¶
`16, 17, 27)). Similarly, Petitioner states that the ’696 patent Specification
`“describes secure communication links that traverse firewalls, edge routers,
`and proxies between end devices in a connection.” Pet. Reply 5 (citing Ex.
`1001, 33:60–34:30, 49:39–43, 53:38–54:32, 55:55–67).
`The disclosed TARP routers do not require the claims to have a direct
`element. Each TARP router processes packets to determine the “next-hop in
`a series of TARP router hops” (Ex. 1001 at 10:15–16) in the path and the
`final destination, by authenticating or decrypting transmitted encrypted parts
`of packets to find the next-hop TARP router address, which may be
`“random.” Id. at 3:36–63, 10:23–67. “[T]he TARP router receiving the
`TARP packet 140 may forward the TARP packet 140 to a TARP router 122–
`127 that the current TARP terminal chooses at random.” Id. at 10:62–64.
`And each TARP router decides “whether it should forward the TARP packet
`140 to another TARP router 122–127 or to the destination TARP terminal
`110.” Id. at 10:55–57.
`
`13
`
`

`

`IPR2016-00332
`Patent 8,504,696 B2
`
`In other words, these TARP routers create a multitude of random
`paths by decrypting and processing packets. Moreover, after “the outer layer
`of decryption is completed by a TARP router 122–127, the TARP router
`determines the final destination.” Ex. 1001, 10:47–49 (emphasis added). In
`addition to including various TARP routers and other intervening devices
`that do not impede a direct path, the path also may include “Internet, through
`an ISP 3303,” an “edge router,” and a “load balancer that distributes packets
`across different transmission paths.” See Ex. 1001, 6:11–12, 49:40–43; Fig.
`33. Patent Owner does not argue that a “direct” path (or the claims)
`precludes a TARP router or a load balancer. See, e.g., PO Resp. 8 (citing
`42:32–36, 43:25–29 as “describing a load balancing example in which a
`virtual private network is direct between a first host and a second host”).
`The ’696 Specification portions cited by Patent Owner do not even
`mention a direct path, let alone shed light on what it means. Patent Owner
`also does not provide a definition or clarify in its briefing what “direct”
`means. For example, Patent Owner contends that “some anonymity
`techniques involve ‘an intermediate server interposed between a client and
`destination server’ and thus are not direct.” PO Resp. 6–7 (quoting Ex.
`1001, 1:65–2:8, 2:44–48, Fig. 1). Patent Owner’s oblique argument “that
`some anonymity techniques” do not create a direct communication link does
`not support its disavowal or disclaimer arguments. Id. at 7. The
`Specification does not describe the prior art “intermediate server” as an
`indirect link, and the cited passage does not mention anything about the link
`as being direct or indirect. See id. at 6–7 (citing Ex. 1001, 1:65–2:8).
`Furthermore, the cited embodiment employs a proxy server with the
`intermediate server, and Patent Owner obliquely implies without any
`
`14
`
`

`

`IPR2016-00332
`Patent 8,504,696 B2
`
`explanation or evidence that the Specification somehow describes one server
`(the intermediate server), but not the other server (the proxy server), as
`impeding a direct link. See id.; Ex. 1001, 1:65–2:9; Fig. 1.
`Another passage cited by Patent Owner employs “crowd proxies . . .
`interposed between originating and target terminals. . . . Each intermediate
`proxy can send the message either to another randomly chosen proxy in the
`‘crowd’ or to the destination.” See Ex. 1001 2:47–52 (cited at PO Resp. 6–
`7). Patent Owner does not explain how these crowd proxies impede a direct
`link, and nothing in the passage mentions direct or indirect links. The crowd
`proxies appear to operate much like the TARP routers of the disclosed
`invention, as described above and further below, which create random router
`hops and decide to send the message packet either to another randomly
`chosen router or the destination. Compare Ex. 1001, 2:47–52 (crowd
`proxies), with id. at 3:36–63 and 10:23–67 (TARP routers).
`Accordingly, the Specification does not show clearly how different
`edge routers, intervening routers, load balancers, TARP routers, proxy
`servers, or any other devices, some of which may or may not decrypt and/or
`encrypt packets along the way and provide random hop blocks, require a
`“direct” connection or show what the unclaimed term “direct” means. In the
`absence of a clear special definition or other consideration, even if Patent
`Owner points to a direct connection in an embodiment, “limitations are not
`to be read into the claims from the specification.” In re Van Geuns, 988
`F.2d 1181, 1184 (Fed. Cir. 1993).
`Patent Owner also alleges that it disclaimed the term “VPN” during
`prosecution of a completed reexamination of the related ’135 patent (see
`supra note 1) so as to require a “direct” VPN link. See PO Resp. 8–10
`
`15
`
`

`

`IPR2016-00332
`Patent 8,504,696 B2
`
`(citing 2002, 5; Ex. 2006, 6–9; Ex. 2011, 7), 28 (citing Ex. 2012, 8); Ex.
`3001 (part of the ’135 patent’s prosecution history). These arguments are
`not persuasive. The ’135 patent reexamination Examiner first found that
`Aventail anticipates claims directed to a VPN, Patent Owner made
`arguments attempting to overcome Aventail, and then, the Examiner
`determined that the requestor had not shown Aventail to be prior art (based
`on Patent Owner’s additional arguments directed to the publication date of
`Aventail). See Ex. 3001 (Examiner’s responses during the ’135 patent
`reexamination);5 Ex. 2011, 2–3 (Patent Owner arguing “the Office Action
`has failed to establish that Aventail is prior art” during the ’135 patent
`reexamination). As discussed further below, Patent Owner’s Aventail-based
`VPN prosecution history arguments, which effectively became moot
`according to the reexamination record, do not amount to a clear disclaimer
`that binds the public. See Ex. 3001; supra note 5.
`Where a “patent has been brought back to the agency for a second
`review,” the Board should consult the patent’s prosecution history.
`Microsoft Corp. v. Proxyconn, Inc., 789 F.3d 1292, 1298 (Fed. Cir. 2015);
`Straight Path IP Grp., Inc. v. Sipnet EU S.R.O., 806 F.3d 1356, 1362 (Fed.
`Cir. 2015) (prosecution history “is to be consulted even in determining a
`claim’s broadest reasonable interpretation”). After consulting the
`prosecution history, in cases like this one, Tempo Lighting, Inc. v. Tivoli,
`
`
`5 See Ex. 3001, 20–21 (Reexam. Cont. No. 95/001,269, Action Closing
`Prosecution (June 16, 2010)), 12 (Right of Appeal Notice, 4 (Oct. 29,
`2010)), 4–5 (NIRC)) (all confirming claims directed to a VPN over Aventail
`because Aventail was not shown to be prior art), 29–34 (Non-final Office
`Action (Jan. 15, 2010) (finding anticipation by Aventail of claims ’135
`patent claims 1, 3, 4, 6–10, and 12).
`
`16
`
`

`

`IPR2016-00332
`Patent 8,504,696 B2
`
`LLC, 742 F.3d 973 (Fed. Cir. 2014) “observes that the PTO is under no
`obligation to accept a claim construction proffered as a prosecution history
`disclaimer.”
`Assuming the equitable doctrine of prosecution estoppel (disclaimer)
`applies to this ongoing proceeding, the party seeking to invoke the doctrine
`bears the burden of proving the existence of a “clear and unmistakable”
`disclaimer that would have been evident to one skilled in the art. See Elbex
`Video, Ltd. v. Sensormatic Elecs. Corp., 508 F.3d 1366, 1371 (Fed. Cir.
`2007) (“Claim terms are entitled to a ‘heavy presumption’ that they carry
`their ordinary and customary meaning to those skilled in the art in light of
`the claim term's usage in the patent specification,” and the “doctrine [of
`prosecution disclaimer] does not apply ‘where the alleged disavowal is
`ambiguous;’ the disavowal must ‘be both clear and unmistakable’ to one of
`ordinary skill in the art.”) (citations omitted); Rambus Inc. v. Infineon Techs.
`AG, 318 F.3d 1081, 1089–91 (Fed.Cir.2003) (finding no clear disclaimer
`because the statement made was “facially inaccurate” in light of the
`remainder of the prosecution history); Biotec Biologische
`Naturverpackungen GmbH & Co. KG v. Biocorp, Inc., 249 F.3d 1341, 1348
`(Fed.Cir.2001) (finding no clear disclaimer because “a person of reasonable
`intelligence would not be misled into relying on the erroneous statement, for
`it is contrary not only to the plain language of the claims and the
`specification, but also to other statements in the same prosecution
`document”); cf. Desper Prods., Inc. v. QSound Labs., Inc., 157 F.3d 1325,
`1334–36 (Fed.Cir.1998) (concluding prosecution statements were clear and
`unmistakable disclaimer because they were entirely consistent with written
`description and knowledge of those skilled in the art).
`
`17
`
`

`

`IPR2016-00332
`Patent 8,504,696 B2
`
`Patent Owner argues that during the District Court phase of the Cisco
`litigation, Petitioner (as a defendant) argued that Patent Owner narrowed the
`claims by arguing the prior art did not include a “direct” VPN during the
`’135 reexamination proceeding, and our reviewing court (at the Federal
`Circuit) agreed with Petitioner by affirming (in part) the District Court. See
`PO Resp. 9–10 (citing Cisco, 767 F.3d at 1317 n.1; Ex. 2002, 5; Ex. 2004,
`6–8). Patent Owner also contends that the Federal Circuit “noted that a
`virtual private network link requires direct communication.” See id. at 10
`(citing Cisco, 767 F.3d at 1317 n.1). Specifically, Patent Owner points out
`that Cisco “stat[ed] that the district court’s construction of VPN is ‘a
`network of computers which privately and directly communicate with each
`other by encrypting traffic on insecure paths between the computers where
`the communication is both secure and anonymous.’” Id. at 10 (quoting
`Cisco, 767 F.3d at 1317 n.1).
`Nevertheless, although the Cisco District Court relied on the alleged
`’135 patent reexamination VPN disclaimer arguments, it is not clear if the
`parties informed the court to consider that the ’135 patent reexamination
`Examiner found that Aventail anticipates the argued claims of the related
`’135 patent and allowed the claims only because the requestor failed to meet
`the burden of showing Aventail is prior art to the related ’135 patent. See
`Ex. 2003, 6–8 (District Court addressing “directly”; VirnetX Inc. v. Apple
`Inc. 925 F. Supp. 816, 830 (E.D. Tex. 2013) (similar). Also, in its briefing
`in the instant proceeding, as discussed above and further below, Patent
`Owner does not clarify what the term “direct” means.
`Under these circumstances and others discussed below, not requiring
`the challenged claims to include a “direct” VPN does not contradict the
`
`18
`
`

`

`IPR2016-00332
`Patent 8,504,696 B2
`
`construction the Cisco reviewing court adopted from the District Court.
`That particular claim construction was not at issue during the Cisco appeal.
`In other words, in the Cisco appeal, the parties did not dispute the “direct”
`requirement, and our reviewing appellate court simply adopted the
`requirement. See, e.g., Cisco, 767 F.3d at 1317–19 & n.1 (no discussion of a
`controversy about the “direct” requirement).
`Also, our reviewing court employs a different standard when
`reviewing a district court’s construction. See In re Rambus, Inc., 694 F.3d
`42, 46 (Fed. Cir. 2012) (contrasting the Board’s review of expired patents,
`which is “similar to that of a district court’s review,” with the Board’s
`review of unexpired patents, which involves the broadest reasonable
`interpretation standa