`571-272-7822
`
`
`
`
`
`
`
`Paper 50
`Filed: October 16, 2019
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`ZSCALER, INC.,
`Petitioner,
`v.
`SYMANTEC CORPORATION,
`Patent Owner.
`
`IPR2018-00912
`Patent 8,316,429 B2
`
`
`Before NEIL T. POWELL, DANIEL N. FISHMAN, and MINN CHUNG,
`Administrative Patent Judges.
`
`FISHMAN, Administrative Patent Judge.
`
`
`JUDGMENT
`Final Written Decision
`Determining All Challenged Claims Unpatentable
`35 U.S.C. § 318(a)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`IPR2018-00912
`Patent 8,316,429 B2
`
`INTRODUCTION
`I.
`A. Background and Summary
`Zscaler, Inc. (“Petitioner”) filed a Petition (Paper 1, “Petition” or
`“Pet.”) requesting inter partes review of claims 1–9 and 13–17 (the
`“challenged claims”) of U.S. Patent No. 8,316,429 B2 (“the ’429 patent,”
`Ex. 1001) pursuant to 35 U.S.C. §§ 311 et seq. Symantec Corporation
`(“Patent Owner”) filed a Preliminary Response. Paper 10 (“Prelim. Resp.”).
`On October 17, 2018, based on the record before us at that time, we
`instituted an inter partes review of all challenged claims on all grounds of
`unpatentability asserted in the Petition. Paper 13 (“Decision on Institution”
`or “Dec. on Inst.”).
`Patent Owner filed a Response (Paper 17, “PO Resp.”), Petitioner
`filed a Reply (Paper 26, “Reply”), and Patent Owner filed a Sur-Reply
`(Paper 35, “Sur-Reply”). 1
`The parties filed several unopposed motions to seal various papers and
`exhibits to protect alleged confidential information. See Papers 16, 25, 34,
`42, 44, 46. We address these motions below.
`Upon consideration of the complete record, we determine by a
`preponderance of the evidence that claims 1–9 and 13–17 are unpatentable.
`B. Real Parties in Interest
`Petitioner identifies Zscaler, Inc. as the sole real party in interest for
`Petitioner. Pet. 2. Patent Owner identifies Symantec Corporation and
`
`
`1 Patent Owner also filed a redacted version of its Response (Paper 18) and a
`redacted version of its Sur-Reply (Paper 36), and Petitioner filed a redacted
`version of its Reply (Paper 27), the redacted versions filed to protect alleged
`confidential information.
`
`2
`
`
`
`IPR2018-00912
`Patent 8,316,429 B2
`Symantec Limited as the real parties in interest for Patent Owner. Paper 6,
`2.
`
`C. Related Matters
`The parties inform us that the ’429 patent is presently asserted against
`Petitioner in the following litigation: Symantec Corp. v. Zscaler, Inc., Case
`No. 3:17-cv-04414-JST (N.D. Cal.) (transferred from 1:17-cv-00806-MAK
`in the District of Delaware). Pet. 2; Paper 6, 2. Petitioner further identifies
`two other inter partes reviews directed to claims of other patents of Patent
`Owner as well as a second petition challenging claims 10–12 of the ’429
`patent. Pet. 3 (citing Cases IPR2018-00616, IPR2018-00806, and IPR2018-
`00913). Petitioner also identifies another litigation involving other patents
`of Patent Owner (Symantec Corp. v. Zscaler, Inc., 17-cv-04426 (N.D. Cal.)
`(transferred from 16-cv-01176 in the District of Delaware)). Patent Owner
`further identifies litigation 1:17-cv-00432-VAC-SRF involving the ’429
`patent and IPR2018-00913 requesting review of certain claims of the ’429
`patent. Paper 6, 2.
`
`D. The ’429 Patent
`The ’429 patent discloses that firewalls are common in computing
`networks to implement policies that determine which network traffic can
`pass between two network systems by blocking certain exchanges when one
`or more policies applicable to the information to be exchanged are not met.
`Ex. 1001, 1:14–22. Such firewalls are often implemented in a proxy server
`intermediate between two networks attempting to exchange information. Id.
`at 1:23–24. The firewall/proxy server intercepts information to be
`exchanged and examines the information to evaluate it against firewall
`rules/policies to determine whether the exchange should be allowed. Id. at
`1:30–34.
`
`3
`
`
`
`IPR2018-00912
`Patent 8,316,429 B2
`According to the ’429 patent, some applications, such as banking or e-
`commerce over the Internet, encrypt the information exchanges to protect
`sensitive information. Id. at 1:34–40. The ’429 patent explains that such
`encrypted communications usually cannot be read by the firewall and, thus,
`cannot be evaluated against rules/policies of the firewall to determine
`whether to allow or block the exchange. Id. at 1:41–50. According to the
`’429 patent, one possible solution is to permit the proxy to decrypt the
`encrypted communications and then evaluate the decrypted communication
`against the firewall policies. Id. at 1:51–55. The ’429 patent notes that such
`a solution is undesirable because, once decrypted, the communications could
`be attacked to improperly obtain private information (such as banking
`information of a customer). Id. at 1:55–2:3.
`The ’429 patent purports to address these security needs by
`intercepting secure (encrypted) communications and evaluating the
`intercepted information with respect to policies of the firewall without
`decrypting the communications. Id. at 2:30:39. Specifically, in an
`embodiment of the ’429 patent, a Uniform Resource Locator (“URL”) of a
`host computer involved in a communication is extracted from a digital
`certificate associated with the host, and the host is categorized based on the
`extracted URL. Id. at 2:30–33. The ’429 patent discloses an embodiment in
`which systems communicate using the Secure Socket Layer (“SSL”)
`standard protocol. See id. at 1:6–10. Figure 1 of the ’429 patent is
`reproduced below.
`
`4
`
`
`
`IPR2018-00912
`Patent 8,316,429 B2
`
`
`Figure 1 shows a conventional SSL handshake protocol between a
`client and a server, as known in the art. Id. at 3:11–12. Client 100 initiates a
`secure connection by sending client hello message 104 to server 102, which
`responds with server hello message 106. Id. at 4:40–43. Server hello
`message 106 includes server certificate 108. Id. at 4:45–48. In an
`embodiment, “[t]he present invention makes use of information in the
`Certificate Info field of the server’s digital certificate to identify the host the
`client is contacting and, based on that identification, determine whether or
`not SSL communications may be passed encrypted through a firewall at a
`proxy.” Id. at 5:34–38.
`
`5
`
`
`
`IPR2018-00912
`Patent 8,316,429 B2
`Figure 3 of the ’429 patent is reproduced below.
`
`
`Figure 3 depicts proxy/firewall 306 according to an embodiment of
`the ’429 patent that extracts information from a digital certificate used to
`decide whether to allow client 302 to communicate with server 312. Id. at
`
`6
`
`
`
`IPR2018-00912
`Patent 8,316,429 B2
`3:15–19. In the exemplary embodiment of Figure 3, client 302 attempts to
`communicate with server 312 through intermediate proxy/firewall 306. See
`id. at 6:17–7:28. Client 302 initiates an SSL connection with server 312 by
`sending client hello message 314, which is received by proxy/firewall 306.
`Id. at 6:39–42. Proxy/firewall 306 then sends its own proxy hello message
`316 to server 312 to which server 312 responds with server hello message
`318 that includes certificate 320. Id. at 7:10–19. Proxy/firewall 306 then
`extracts information 322 (URL 324) from certificate 320 to identify the
`server 312. Id. at 7:20–23. Proxy/firewall 306 uses URL 324 to determine
`category 326 for server 312 from URL database 310. Id. at 7:23–28. Based
`on the determined category, “a secure communication session (e.g., an SSL
`session) with said host may be granted or denied.” Id. at 2:33–35.
`E. Illustrative Claims
`Claims 1 and 13, the independent claims among the challenged
`claims, are illustrative of the claimed subject matter and are reproduced
`below:
`
`1. A method, comprising:
`receiving, at a proxy, a client hello message from a client;
`transmitting, from said proxy to an Internet host, a request
`for a digital certificate associated with the Internet host;
`extracting, at the proxy, information from the digital
`certificate associated with the Internet host;
`categorizing, at the proxy, said Internet host into one or
`more content categories according to said information extracted
`from
`the digital certificate, said categorizing
`including
`maintaining a table at said proxy wherein each Internet host is
`associated with a category which defines attributes of the Internet
`host or content associated with the Internet host; and
`based on the one or more content categories into which the
`Internet host is categorized, determining, at the proxy, whether
`
`7
`
`
`
`IPR2018-00912
`Patent 8,316,429 B2
`to (i) pass encrypted communication between a client and the
`Internet host through the proxy without decrypting the encrypted
`communication at the proxy or (ii) decrypt the encrypted
`communication between the client and the Internet host so as to
`permit examination of the encrypted communication at the
`proxy.
`Id. at 9:22–41.
`13. A method, comprising:
`receiving, at a proxy, a client hello message from a client;
`transmitting, from said proxy to a host computer system, a
`request for a digital certificate associated with the host;
`categorizing, at the proxy, the host computer system into
`one or more content categories according to uniform resource
`locator (URL) information extracted from the digital certificate
`associated with said host, said categorizing
`including
`maintaining a table at said proxy wherein each Internet host is
`associated with a category which defines attributes of the Internet
`host or content associated with the Internet host; and
`based on the one or more content categories into which the
`Internet host is categorized, determining, at the proxy, whether
`to (i) pass encrypted communication between a client and the
`Internet host through the proxy without decrypting the encrypted
`communication at the proxy or (ii) decrypt the encrypted
`communication between the client and the Internet host so as to
`permit examination of the encrypted communication at the
`proxy.
`Id. at 10:29–48.
`
`F. Prior Art and Asserted Grounds
`Petitioner asserts that the challenged claims would have been
`unpatentable on the following grounds:
`
`8
`
`
`
`35 U.S.C. §
`103(a)2
`
`IPR2018-00912
`Patent 8,316,429 B2
`Claims Challenged
`1–9 and 13–17
`
`Petitioner also relies on the testimony of Dr. Markus Jakobsson
`(Exs. 1003, 1046) in support of its assertions. Patent Owner relies on the
`testimony of Sandeep Chatterjee, Ph.D. (Ex. 2007) in support of its
`assertions.
`
`References
`Levow3 and Toneguzzo4
`
`II. ANALYSIS
`A. Legal Standards
`1. Obviousness
`A patent claim is unpatentable under 35 U.S.C. § 103(a) if the
`differences between the claimed subject matter and the prior art are “such
`that the subject matter[,] as a whole[,] would have been obvious at the time
`the invention was made to a person having ordinary skill in the art to which
`said subject matter pertains.” KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398,
`406 (2007). The question of obviousness is resolved based on underlying
`factual determinations, including (1) the scope and content of the prior art;
`(2) any differences between the claimed subject matter and the prior art;
`(3) the level of skill in the art; and (4) objective evidence of non-
`obviousness, i.e., secondary considerations. Graham v. John Deere Co., 383
`U.S. 1, 17–18 (1966).
`
`
`2 The Leahy-Smith America Invents Act (“AIA”) amended 35 U.S.C.
`§ 103. See Pub. L. No. 112-29, 125 Stat. 284, 287–88 (2011). Because the
`application that resulted in the ’429 patent was filed before the effective date
`of the relevant amendment, the pre-AIA version of § 103 applies.
`3 Levow et al., U.S. Patent Publication No. 2006/0248575 A1 (Ex. 1005,
`“Levow”).
`4 Toneguzzo et al., U.S. Patent Publication No. 2003/0182573 A1 (Ex. 1006,
`“Toneguzzo”).
`
`9
`
`
`
`IPR2018-00912
`Patent 8,316,429 B2
`B. Level of Ordinary Skill in the Art
`Petitioner argues a person of ordinary skill in the art related to the
`’429 patent would have a Bachelor’s Degree in computer science, or a
`similar degree, and would also have two to three years of experience in
`“designing and developing Internet content filtering, web security, or
`firewall software programs.” Pet. 12 (citing Ex. 1003 ¶¶ 22–25).
`In our Decision on Institution, we determined the prior art, as well as
`the ’429 patent, require a degree of knowledge that is specific to “Internet
`content filtering, web security, or firewall software programs”—i.e., more
`than mere general knowledge of network security and distributed computing
`systems. Dec. on Inst. 10–11. For example, the ’429 patent discloses an
`embodiment based on the exchange of hello messages and their respective
`digital certificates as is known in the SSL protocol but does not fully
`disclose details of that protocol or the hello messages. An ordinarily skilled
`artisan more generally knowledgeable in “network security, distributed
`computing systems, or a related technology field,” as Patent Owner had
`suggested in its proposed definition in the Preliminary Response (Prelim.
`Resp. 9 (citing Ex. 2001 ¶¶ 34–40)), may lack general knowledge of the SSL
`protocol as applied in web-based network exchanges.
`Accordingly, in our Decision on Institution, we adopted Petitioner’s
`definition of the level of ordinary skill in the art and determined that a
`person of ordinary skill in the art at the time of the invention of the ’429
`patent would have had a Bachelor’s Degree in computer science, or a similar
`degree, and would also have had 2–3 years of experience in designing and
`developing Internet content filtering, web security, or firewall software
`programs. Dec. on Inst. 11.
`
`10
`
`
`
`IPR2018-00912
`Patent 8,316,429 B2
`In its Response, Patent Owner adopts the definition we adopted in the
`Decision on Institution. PO Resp. 8. Accordingly we discern no reason to
`modify our determination regarding the level of ordinary skill in the art, and
`we again determine that a person of ordinary skill in the art at the time of the
`invention of the ’429 patent would have had a Bachelor’s Degree in
`computer science, or a similar degree, and would also have had 2–3 years of
`experience in designing and developing Internet content filtering, web
`security, or firewall software programs.
`C. Claim Construction
`In an inter partes review filed before the change in the Board’s
`standard of claim construction, 5 as is the case here, a claim in an unexpired
`patent shall be given its broadest reasonable construction in light of the
`specification of the patent in which it appears. 37 C.F.R. § 42.100(b)
`(2017); see also Cuozzo Speed Techs., LLC v. Lee, 136 S. Ct. 2131, 2142–46
`(2016) (upholding the use of the broadest reasonable interpretation
`standard). Under the broadest reasonable interpretation standard, claim
`‘terms generally are given their ordinary and customary meaning, as would
`be understood by one of ordinary skill in the art in the context of the entire
`disclosure. In re Translogic Tech., Inc., 504 F.3d 1249, 1257 (Fed. Cir.
`2007). “A fundamental rule of claim construction is that terms in a patent
`document are construed with the meaning with which they are presented in
`the patent document. Thus claims must be construed so as to be consistent
`
`5 For petitions filed on or after November 13, 2018, the Board adopted a
`different claim construction standard (namely that applied by the district
`courts in civil actions under 35 U.S.C. § 282(b)). See Changes to the Claim
`Construction Standard for Interpreting Claims in Trial Proceedings Before
`the Patent Trial and Appeal Board, 83 Fed. Reg. 51,340 (Oct. 11, 2018)
`(codified at 37 C.F.R. § 42.100(b) (2019)).
`
`11
`
`
`
`IPR2018-00912
`Patent 8,316,429 B2
`with the specification, of which they are a part.” Merck & Co. v. Teva
`Pharms. USA, Inc., 347 F.3d 1367, 1371 (Fed. Cir. 2003) (citations omitted).
`“[A] claim construction analysis must begin and remain centered on the
`claim language itself . . . .” Innova/Pure Water, Inc. v. Safari Water
`Filtration Sys., Inc., 381 F.3d 1111, 1116 (Fed. Cir. 2004). “Though
`understanding the claim language may be aided by the explanations
`contained in the written description, it is important not to import into a claim
`limitations that are not a part of the claim.” SuperGuide Corp. v. DirecTV
`Enters., Inc., 358 F.3d 870, 875 (Fed. Cir. 2004).
`Although the broadest reasonable interpretation standard is broad, the
`Board cannot interpret the words of a claim without regard for the full claim
`language and the written description. See TriVascular, Inc. v. Samuels, 812
`F.3d 1056, 1062 (Fed. Cir. 2016); Microsoft Corp. v. Proxyconn, Inc., 789
`F.3d 1292, 1298 (Fed. Cir. 2015). Our reviewing court has emphasized the
`importance of a patent’s specification as intrinsic evidence for construing
`claim terms. See Phillips v. AWH Corp., 415 F.3d 1303, 1315–17 (Fed. Cir.
`2005) (en banc). Specifically, the Court has explained that “the
`specification . . . is the single best guide to the meaning of a disputed claim
`term.” Id. at 1314 (quoting Vitronics Corp. v. Conceptronic, Inc., 90 F.3d
`1576, 1582 (Fed. Cir. 1996)). The court in Phillips stated that extrinsic
`evidence, such as dictionary definitions, may be useful, but is unlikely to
`result in a reliable interpretation of claim scope unless considered in the
`context of the intrinsic evidence. See Phillips, 415 F.3d at 1319.
`Lastly, only terms that are in controversy need to be construed and
`only to the extent necessary to resolve the controversy. See Wellman, Inc. v.
`Eastman Chem. Co., 642 F.3d 1355, 1361 (Fed. Cir. 2011); Vivid Techs.,
`Inc. v. American Sci. & Eng’g, Inc., 200 F.3d 795, 803 (Fed. Cir. 1999).
`
`12
`
`
`
`IPR2018-00912
`Patent 8,316,429 B2
`Other than the terms identified below, we discern no reason to
`construe any other claim terms.
`1. “Proxy”
`All challenged claims recite method steps that are performed by, or
`relate to, a proxy. Petitioner argues the ’429 patent expressly defines a
`proxy:
`As used herein in the context of the present invention, the term
`proxy is meant to refer to a device that enforces a set of rules on
`network traffic by intercepting the network traffic that flows
`between a client and a server, parsing and analyzing the
`messages being sent in both directions, and modifying the traffic
`based on a collection of ‘if-then’ rules.
`Pet. 11 (quoting Ex. 1001, 3:38–43; citing Ex. 1003 ¶¶ 47–48).
`Patent Owner acknowledges the quoted definition, does not dispute
`the definition, and applies the definition in its Response. PO Resp. 11–12.
`In our Decision on Institution, we adopted Petitioner’s proffered
`construction (Dec. on Inst. 12–13) and we discern no reason to modify our
`construction. Thus, we continue to adopt the above-quoted express
`definition in the ’429 patent Specification as agreed to by the parties.
`Ex. 1001, 3:38–43.
`
`2. “Extracting”
`Independent method claim 1 recites a step of “extracting, at the proxy,
`information from the digital certificate associated with the Internet host” (the
`extracting step)”—e.g., extracting a URL from the requested host’s digital
`certificate. Independent method claim 13 recites a related step of
`categorizing a host computer according to URL information extracted from
`a digital certificate. Neither the Petition nor Patent Owner’s Preliminary
`Response proffered an express interpretation of this term and we discerned
`
`13
`
`
`
`IPR2018-00912
`Patent 8,316,429 B2
`no reason to expressly interpret the term for purposes of our Decision on
`Institution. 6 See Dec. on Inst. 12. Through trial, in arguing whether the
`proposed combination discloses the extracting step of claim 1, the parties
`have disagreed over the proper interpretation of extracting. PO Resp. 52–
`57; Reply 22–24; Sur-Reply 21–22.
`Patent Owner argues extracting would have been understood by
`ordinarily skilled artisans, in accordance with its “plain and ordinary
`meaning . . . to remove or duplicate items from a larger group in a
`systematic manner.” PO Resp. 53 (citing Ex. 2007 ¶ 232 (citing Ex. 2033
`(Microsoft Computer Dictionary), 4)).
`Petitioner responds that the ’429 patent uses extracting repeatedly
`without limitation and argues extracting “simply means obtaining or
`identifying” and “does not require copying, duplicating, or relocating the
`information to a different place in memory, as Patent Owner incorrectly
`suggests.” Reply 22 (citing Ex. 1058 (IEEE 100 The Authoritative
`Dictionary of IEEE Standards Terms), 3 (defining extract to mean “to pick,
`from a set of items, all items that meet a particular criterion”); Ex. 1046
`¶¶ 67–72).
`Responsive to Petitioner’s assertions, Patent Owner argues
`Petitioner’s proposed interpretation of extracting effectively reads the
`
`
`6 Patent Owner’s Preliminary Response argued that the combination of
`Levow and Toneguzzo failed to disclose the extracting step of claim 1 not
`because of an interpretation of extracting but, rather, because the digital
`certificate of Toneguzzo was a proprietary digital certificate, rather than a
`“digital certificate associated with the Internet host” as required by claim 1.
`See Prelim. Resp. 43–47. This argument in the Preliminary Response was
`not raised in the Patent Owner’s Response and, thus, is waived. See Paper
`14, 3.
`
`14
`
`
`
`IPR2018-00912
`Patent 8,316,429 B2
`limitation out of the claims, asserts that the ’429 patent distinguishes terms
`such as identifying or obtaining from extracting, and urges application of its
`interpretation as consistent with the ordinary and customary meaning. Sur-
`Reply 21.
`To interpret the term extract(ing) under the broadest reasonable
`interpretation standard, as noted supra, we focus on the intrinsic evidence—
`the claims, the Specification, and the prosecution history. See Phillips, 415
`F.3d at 1315–17; see also WesternGeco LLC v. ION Geophysical Corp., 889
`F.3d 1308, 1323 (Fed. Cir. 2018) (“A patent’s specification, together with its
`prosecution history, constitutes intrinsic evidence to which the Board gives
`priority when it construes claims.”).
`For the reasons discussed below, we are persuaded that Petitioner’s
`proffered interpretation is the broadest reasonable interpretation supported
`by the Specification. We further determine Patent Owner’s proffered
`interpretation, requiring removal or duplication of the information, is unduly
`narrow and unsupported by the intrinsic evidence.
`First, the claims provide little guidance regarding the proper
`interpretation of extracting. In particular, claim 1 merely clarifies that the
`step of extracting is performed “at the proxy” and that the information is
`extracted “from the digital certificate associated with the Internet host”—
`i.e., the Internet host to which the preceding transmitting step has
`transmitted “a request for a digital certificate associated with the Internet
`host.” In like manner, claim 13 refers to information extracted from the
`digital certificate as a basis for categorizing the host as performed by the
`proxy. Nothing in the claims requires or suggests that the extracted
`information must be removed from the digital certificate or duplicated to
`another location other than the digital certificate, as suggested by Patent
`
`15
`
`
`
`IPR2018-00912
`Patent 8,316,429 B2
`Owner’s proffered interpretation. Nothing in the claims requires or suggests
`that, following the extracting step, the digital certificate is further used with
`the extracted information, removed, or duplicated to another location.
`Instead, the extracting step of the claims more broadly encompasses using
`the extracted information in place within the digital certificate as it is stored
`in the computer memory, as urged by Petitioner’s proffered interpretation—
`i.e., identifying the information in, and/or obtaining the information from,
`the digital certificate without need to remove or duplicate the information. 7
`Thus, the claims support Petitioner’s proffered interpretation as the broadest
`reasonable interpretation of extract(ing).
`Looking next to the Specification of the ’429 patent, we find some
`support for Petitioner’s proposed interpretation that extracting merely means
`identifying or obtaining. Although we agree with Patent Owner that the ’429
`patent Specification uses the term identify(ing) in other contexts, we find the
`Specification supports interpreting extract(ing) to be essentially synonymous
`with obtain(ing). The title of the ’429 patent is METHODS AND SYSTEMS
`FOR OBTAINING URL FILTERING INFORMATION. Ex. 1001, code (54);
`id. at 1:1–2. However, the ’429 patent Specification makes no further
`reference to obtaining the URL information but, instead, in reference to
`“URL information,” the Specification discloses extracting the URL
`information—suggesting obtaining and extracting are used as synonyms in
`the ’429 patent Specification. See id. at 2:31–32 (“uniform resource locator
`
`
`7 The claims do not preclude additional processing to remove or duplicate
`the extracted information in accord with Patent Owner’s proffered
`interpretation but we determine Petitioner’s interpretation is broader,
`consistent with the ’429 patent Specification, and consistent with the
`understanding of an ordinarily skilled artisan at the time of the ’429 patent.
`
`16
`
`
`
`IPR2018-00912
`Patent 8,316,429 B2
`(URL) information extracted from a digital certificate”), 3:25–26 (“methods
`for extracting and categorizing uniform resource locators (URLs) identifying
`hosts”), 3:29–30 (“methods for extracting URLs”), 3:54–55 (“hostname or
`URL extracted from a client request or server response”), 6:31 (“the URL of
`the host 312 could not be extracted”), 7:29–31 (“information extracted from
`an Internet host’s digital certificate to perform URL filtering operations”),
`9:13–13 (“methods for extracting and categorizing URL information”).
`From these exemplary passages of the Specification, we understand that the
`’429 patent relates to obtaining URL information and apparently,
`synonymously with obtaining, does so by extracting the information. Thus,
`the ’429 patent Specification suggests the broadest reasonable interpretation
`of extracting is synonymous with obtaining.
`Patent Owner does not identify, and we do not discern, any
`disclosures of the ’429 patent that narrow the act of extracting to any
`particular operation. In particular, Patent Owner does not identify any
`support in the intrinsic evidence (claims, Specification, prosecution history)
`that narrows the understanding of extract(ing) to require removing or
`duplicating the URL information, as required by Patent Owner’s proffered
`dictionary definition. Indeed, we perceive no purpose, nor does Patent
`Owner identify any purpose, in removing or duplicating the URL
`information in the ’429 patent. Specifically, we discern no disclosed use of
`the digital certificate with information removed therefrom or necessarily
`duplicated to another location in the computer. Instead, the Specification
`describes simply using the extracted URL information to query the URL
`database or to perform URL filtering operations. Id. at 7:20–31. The
`extracted URL information may also be used as an index to the URL
`database. Id. at 7:33–36. Thus, the Specification describes that the purpose
`
`17
`
`
`
`IPR2018-00912
`Patent 8,316,429 B2
`of extracting the URL information from a digital certificate is to simply use
`the obtained URL information for filtering or other proxy/firewall security
`operations. There is no discussion in the Specification whether the URL
`information must be obtained in a particular way to be effective for the
`intended purpose or that the obtained URL information is any different
`depending on how the information is obtained. That is, the ’429 patent
`appears to use the term extracting in the general sense of obtaining. In view
`of these disclosures in the Specification, we agree with Petitioner that, “[t]he
`’429 patent uses the term ‘extracting’ repeatedly, and it never limits the term
`in the way Patent Owner argues.” Reply 22.
`Neither party has identified, nor do we discern, any aspects of the
`prosecution history that may narrow the interpretation of extracting. In
`particular, we discern nothing in the prosecution history that requires
`extracting to remove or duplicate the information.
`Accordingly, consistent with the intrinsic evidence and consistent
`with the plain and ordinary meaning as understood by an ordinarily skilled
`artisan, we determine the broadest reasonable interpretation of extracting
`information encompasses at least obtaining information. In particular, we
`find the limitation of “extracting . . . information from the digital
`certificate,” as recited in claim 1 and as similarly required in claim 13,
`encompasses obtaining the information from the digital certificate. Thus,
`Petitioner’s interpretation (“identifying or obtaining”) is supported by the
`Specification and claims of the ’429 patent (i.e., supported by the intrinsic
`evidence).
`Because the intrinsic evidence adequately supports our adoption of
`Petitioner’s proffered broadest reasonable interpretation of extracting as
`identifying or obtaining, we need not consider the extrinsic evidence. In
`
`18
`
`
`
`IPR2018-00912
`Patent 8,316,429 B2
`general, expert testimony, dictionaries, treatises, and other extrinsic evidence
`that shed light on the commonly understood meaning of a technical term are
`“less significant than the intrinsic record in determining the legally operative
`meaning of claim language.” Phillips, 415 F.3d at 1317 (internal quotation
`marks and citations omitted). However, even considering the extrinsic
`evidence we are not persuaded that it would alter our interpretation of
`extracting. Petitioner’s expert witness, Dr. Jakobsson, testifies that
`extracted information is information “identified in, or obtained from, the
`certificate.” Ex. 1046 ¶ 70. Dr. Jakobsson cites portions of the ’429 patent
`Specification and the above-identified IEEE dictionary definition in support
`of his interpretation. Id.
`Patent Owner’s expert, Dr. Chatterjee, testifies the proper
`interpretation is that provided by the above-identified Microsoft Computer
`Dictionary. Ex. 2007 ¶ 232. Dr. Chatterjee discusses a counter-example of
`obtaining information that does not require extraction as the Microsoft
`Computer Dictionary defines the term and, thus, asserts the proposed
`combination of references could obtain the URL information without
`necessarily extracting the information. Id. ¶¶ 234–239. Specifically,
`Dr. Chatterjee provides an example of using the strstr function in the C (and
`C++) programming language to locate a substring within a string and
`suggests that such a technique may be used in the prior art references such
`that the references do not necessarily extract the information as he defines
`the term in accord with the Microsoft Computer Dictionary.
`Thus, both parties’ experts testify that the ordinarily skilled artisan
`would have understood extracting in accord with their respective proffered
`interpretations. Both experts provide extrinsic evidence (dictionaries) in
`support of their positions. However, only Dr. Jakobsson explains that his
`
`19
`
`
`
`IPR2018-00912
`Patent 8,316,429 B2
`proffered interpretation is supported by the ’429 patent Specification and
`cites portions thereof in support of his position. We credit Dr. Jakobsson’s
`testimony over that of Dr. Chatterjee as being consistent with the ’429 patent
`Specification.
`Therefore, we are persuaded that the broadest reasonable
`interpretation of extracting, consistent with the intrinsic evidence (the ’429
`patent claims, Specification, and prosecution history) and consistent with the
`plain and ordinary meaning as evidenced by the weight of the extrinsic
`evidence (Dr. Jakobsson’s testimony) is, “identifying or obtaining,” as
`proffered by Petitioner.
`
`D. Assignor Estoppel
`As a footnote in arguments relating to secondary considerations,
`Patent Owner argues Petitioner is barred from challenging the validity of the
`’429 patent based on the principle of assignor estoppel. PO Resp. 34 n.15.
`Specifically, Patent Owner argues Mr. Lee Dolsen, a co-inventor of the ’429
`patent, is in privity with Petitioner. Id.
`We disagree that Petitioner is barred as suggested by Paten