notice-49 (3)

8/18/2019 notice-49 (3)

1/74

Paper No.Filed: March 21, 2016

Filed on behalf of: VirnetX Inc.By:

Joseph E. PalysPaul Hastings LLP875 15th Street NWWashington, DC 20005Telephone: (202) 551-1996Facsimile: (202) 551-0496E-mail: [email protected]

Naveen ModiPaul Hastings LLP875 15th Street NWWashington, DC 20005Telephone: (202) 551-1990Facsimile: (202) 551-0490E-mail: [email protected]

UNITED STATES PATENT AND TRADEMARK OFFICE

BEFORE THE PATENT TRIAL AND APPEAL BOARD

THE MANGROVE PARTNERS MASTER FUND, LTD. and APPLE INC.,Petitioner

v.

VIRNETX INC.,Patent Owner

Case IPR2015-010461 Patent 6,502,135

Patent Owner’s Response

1 Apple Inc., who filed a petition in IPR2016-00062, has been joined as a Petitioner

in the instant proceeding.

CONFIDENTIAL - PROTECTIVE ORDER MATERIAL

8/18/2019 notice-49 (3)

2/74

Case No. IPR2015-01046

i

TABLE OF CONTENTS

I. Introduction ......................................................................................................1

II. Claim Construction ..........................................................................................2

A. “Virtual Private Network (VPN)” (Claims 1, 4, 7, 10, and 12) ............ 4

B. “Domain Name Service (DNS) Request” (Claims 1, 3, 4, 8, 10,12) ........................................................................................................13

C. “Client Computer” (Claims 1, 3, 4, 7, 10, 12) ....................................15

D. Other Terms .........................................................................................17

III. Kiuchi Does Not Anticipate Claims 1, 3, 4, 7, 8, 10, and 12 ........................18

A. Kiuchi’s Disclosure .............................................................................18

B. Kiuchi Does Not Anticipate Independent Claim 1 .............................20

1. Kiuchi Does Not Disclose the Recited DNS Features ..............20

2. The Alleged Request in Kiuchi Does Not “Request an IPAddress Corresponding to a Domain Name Associatedwith the Target Computer” .......................................................22

3. Kiuchi’s Client-Side Proxy and Server-Side Proxy Do Not Disclose the Claimed Client and Target Computers..........24

4. Kiuchi Does Not Disclose the Claimed VPN ...........................29

a) Network ..........................................................................29

b) Direct Communication ...................................................31

C. Kiuchi Does Not Anticipate Independent Claim 10 ...........................32

1. Kiuchi Does Not Disclose the Recited DNS Features ..............32

2. Kiuchi Does Not Disclose a DNS Proxy Server thatGenerates a Request to Create a VPN ......................................32

3. Kiuchi Does Not Disclose a DNS Proxy Server thatReturns an IP Address ...............................................................33


8/18/2019 notice-49 (3)

3/74


ii

D. Kiuchi Does Not Anticipate Dependent Claims 3, 4, 7, 8, and12 .........................................................................................................34

1. Kiuchi Does Not Disclose the Features of Claim 4 ..................35

2.

Kiuchi Does Not Disclose the Features of Claim 7 ..................36

IV. Kiuchi and RFC 1034 Do Not Render Obvious Claim 8 ..............................37

V. Dr. Guerin’s Testimony Should be Accorded Little, If Any, Weight ...........38

A. Dr. Guerin Did Not Properly Analyze the Claims ..............................38

..............................................................39

VI.

Petitioners Have Failed to Prove All References Are Prior Art ....................41

A. Petitioners Do Not Establish by a Preponderance of theEvidence that RFC 1034 Was Publicly Accessible ............................42

B. The Additional Evidence Presented by Petitioner Apple IsInsufficient to Establish by a Preponderance of the Evidencethat RFC 1034 Was Publicly Accessible ............................................43

VII. Review is Barred by 35 U.S.C. §§ 312(a)(2) and 315(b)-(c) ........................45

A. The Petition Filed by Mangrove Fails to Name All of the RealParties-in-Interest ................................................................................46

1. The Complex Web of Mangrove Entities .................................46

a) The Mangrove Entities ...................................................47

b) The Unnamed Investors ..................................................51

c) Recent Representations to the United States

Securities and Exchange Commission ............................51

2. RPX Corporation.......................................................................52

..................................................................54


8/18/2019 notice-49 (3)

4/74


iii

4. Failure to Identify All RPIs Prohibits Review ..........................56

B. Review is Barred by 35 U.S.C. § 315(b)-(c) .......................................57

VIII. Conclusion .....................................................................................................60


8/18/2019 notice-49 (3)

5/74


iv

TABLE OF AUTHORITIES

Page(s)

Cases

Aceto Agricultural Chems. Corp. v. Gowan Co.,IPR2015-01016, Paper No. 15 (Oct. 2, 2015) .............................................. 56, 57

Apple Inc. v. DSS Technology Management, Inc.,IPR2015-00369, Paper No. 9 (June 25, 2015); ................................................... 42

Apple Inc. v. VirnetX Inc.,IPR2014-00237, Paper No. 15 (May 14, 2014) .................................................... 5

Apple Inc. v. VirnetX Inc.,IPR2014-00404, Paper No. 42 (July 29, 2015) ............................................ 22, 24

Apple Inc. v. VirnetX Inc.,IPR2015-00871, Paper No. 8 (Oct. 1, 2015) ...................................................... 10

Aspex Eyewear, Inc. v. Concepts In Optics, Inc.,111 F. App’x 582 (Fed. Cir. 2004) ............................................................... 38, 39

Atlanta Gas Light Co. v. Bennett Regulator Guards, Inc.,IPR2013-00453, Paper No. 88 (Jan. 6, 2015) ..................................................... 56

Becton, Dickenson & Co. v. Tyco Healthcare Group, LP,616 F.3d 1249 (Fed. Cir. 2010) .......................................................................... 36

In re Bigio,381 F.3d 1320 (Fed. Cir. 2004) ............................................................................ 9

Biogen Idec, Inc. v. GlaxoSmithKline LLC ,713 F.3d 1090 (Fed. Cir. 2013) ............................................................................ 9

Brand v. Miller ,487 F.3d 862 (Fed. Cir. 2007) ............................................................................ 38

Bruckelmyer v. Ground Heaters, Inc.,445 F.3d 1374 (Fed. Cir. 2006) .......................................................................... 41

Centricut, LLC v. Esab Group, Inc.,390 F.3d 1361 (Fed. Cir. 2004) .......................................................................... 38


8/18/2019 notice-49 (3)

6/74


v

In re Cuozzo,793 F.3d 1297 (Fed. Cir. 2015) ............................................................................ 4

Cuozzo Speed Techs., LLC v. Lee, No. 15-446, 2016 WL 205946 (U.S. Jan. 15, 2016) ............................................. 3

Cyber Corp. v. FAS Techs., Inc.,138 F.3d 1448 (Fed. Cir. 1998) ............................................................................ 9

Dish Network L.L.C. v. Dragon Intellectual Property, LLC ,IPR2015-00499, Paper No. 7 (July 17, 2015) .................................................... 42

Elec. Frontier Found. v. Pers. Audio, LLC ,IPR2014-00070, Paper No. 21 (Apr. 18, 2014) .................................................. 43

Eon–Net LP v. Flagstar Bancorp.,653 F.3d 1314 (Fed. Cir. 2011) ............................................................................ 6

Finnigan Corp. v. ITC ,180 F.3d 1354 (Fed. Cir. 1999) .......................................................................... 45

Galderma S.A. v. Allergan Industrie, SAS ,IPR2014-01422, Paper No. 14 (Mar. 5, 2015) ................................................... 50

Garmin Int’l, Inc. v. Cuozzo Speed Techs. LLC ,IPR2012-00001, Paper No. 15 (Jan. 9, 2013) ..................................................... 10

GEA Process Eng., Inc. v. Steuben Foods, Inc.,IPR2014-00041, Paper No. 15 (Dec. 23, 2014) .................................................. 56

Google Inc. v. Art+Com Innovationpool GMBH ,IPR2015-00788, Paper No. 7 (September 2, 2015); ........................................... 42

Idle Free Sys., Inc. v. Bergstrom, Inc.,IPR2012-00027, Paper No. 26 (June 11, 2013) .................................................... 3

Kinetic Technologies, Inc. v. Skyworks Solutions, Inc.,IPR2014-00690, Paper No. 43 (October 19, 2015) ............................................ 41

In re Klopfenstein,380 F.3d 1345 (Fed. Cir. 2004) .......................................................................... 41


8/18/2019 notice-49 (3)

7/74


vi

Koito Mfg. Co. v. Turn-Key-Tech LLC ,381 F.3d 1142 (Fed. Cir. 2004) .......................................................................... 38

Lantech Inc. v. Keip Machine Co.,32 F.3d 542 (Fed. Cir. 1994) .............................................................................. 36

Loughrin v. United States,134 S. Ct. 2384 (2014) ........................................................................................ 59

Microsoft Corp. v. Proxyconn, Inc.,789 F.3d 1292 (Fed. Cir. 2015) .............................................................. 10, 11, 12

Motorola Solutions, Inc. v. Mobile Scanning Techs., LLC ,IPR2013-00093, Paper No. 28 (Apr. 29, 2013) .................................................. 10

Oshkosh Truck Corp. v. United States,123 F.3d 1477 (Fed. Cir. 1997) .......................................................................... 60

Power Integrations, Inc. v. Lee,797 F.3d 1318 (Fed. Cir. 2015) .......................................................................... 27

Proveris Scientific Corp. v. Innovasystems, Inc.,536 F.3d 1256 (Fed. Cir. 2008) .................................................................... 38, 39

Richardson v. Suzuki Motor Co.,868 F.2d 1226 (Fed. Cir. 1989) .......................................................................... 21

In re Robertson,169 F.3d 743 (Fed. Cir. 1999) ............................................................................ 36

RPX Corp. v. VirnetX, Inc.,IPR2014-00171, Paper No. 52 (June 23, 2014) .................................................. 51

Samsung Elecs. Co. v. Rembrandt Wireless Techs., LP,IPR2014-00514, Paper No. 18 (Sep. 9, 2014) .................................................... 43

Schumer v. Lab. Computer Sys., Inc.,308 F.3d 1304 (Fed. Cir. 2002) .................................................................... 38, 39

In re Skvorecz,580 F.3d 1262 (Fed. Cir. 2009) ............................................................................ 3


8/18/2019 notice-49 (3)

8/74


vii

Square Inc. v. Unwired Planet, LLC ,CBM2014-00156, Paper No. 22 (Feb. 26, 2015) ............................................... 42

Straight Path IP Grp., Inc. v. Sipnet EU S.R.O.,806 F.3d 1356 (Fed. Cir. 2015) .............................................................. 10, 11, 12

Symantec Corp. v. Trustees of Columbia Univ. in the City of N.Y.,IPR2015-00371, Paper No. 13 (July 17, 2015). ................................................. 42

Taylor v. Sturgell,553 U.S. 880 (2008) ............................................................................................ 51

Tempo Lighting, Inc. v. Tivoli, LLC ,742 F.3d 973 (Fed. Cir. 2014) ...................................................................... 10, 11

Titanium Metals Corp. v. Banner ,778 F.2d 775 (Fed. Cir. 1985) ............................................................................ 21

In re Translogic Tech., Inc.,504 F.3d 1249 (Fed. Cir. 2007) ............................................................................ 2

Typeright Keyboard Corp. v. Microsoft Corp.,374 F.3d 1151 (Fed. Cir. 2004) .......................................................................... 45

In re VirnetX Inc., No. 2016-119, slip op. (Fed. Cir. Mar. 18, 2016) ............................................... 58

VirnetX Inc. v. Cisco Systems, Inc.,767 F.3d 1308 (Fed. Cir. 2014) ................................................................... passim

Ex Parte Weideman,Appeal No. 2008-3454, Decision on Appeal (BPAI Jan. 27, 2009) .................. 36

Xilinx, Inc. v. Intellectual Ventures I LLC ,IPR2013-00112, Paper No. 14 (June 27, 2013) .................................................. 10

In re Yamamoto,740 F.2d 1569 (Fed. Cir. 1984) ............................................................................ 3

ZTE Corp. & ZTE (USA) Inc. v. ContentGuard Holdings Inc.,IPR2013-00134, Paper No. 12 (June 19, 2013) .................................................. 10


8/18/2019 notice-49 (3)

9/74


viii

Statutes

28 U.S.C. § 1746 ...................................................................................................... 39

35 U.S.C. § 311(b) ............................................................................................. 41, 43

35 U.S.C. § 311(c) ................................................................................................... 60

35 U.S.C. § 312(a)(2) ........................................................................................ passim

35 U.S.C. § 314(b) ................................................................................................... 60

35 U.S.C. § 315(b) ............................................................................................ passim

35 U.S.C. § 315(c) ............................................................................................ passim

35 U.S.C. § 316(e) ..................................................................................................... 1

Other Authorities

37 C.F.R. § 11.18(b) ................................................................................................ 41

37 C.F.R. § 42.2 ....................................................................................................... 39

37 C.F.R. § 42.6(a)(4) .............................................................................................. 41

37 C.F.R. § 42.65(a) ........................................................................................... 42, 44

37 C.F.R. § 42.100(b) ................................................................................................ 2

37 C.F.R. § 42.122(b) .............................................................................................. 60

154 Cong. Rec. S9988 (daily ed. Sept. 27, 2008) .................................................... 59

77 Fed. Reg. 157 (Aug. 14, 2012)...................................................................... 50, 51


8/18/2019 notice-49 (3)

10/74


ix

LIST OF EXHIBITS

Exhibit

No.

Description Previously

Submitted

2001 Mangrove Partners Brochure, filed with the Securities and

Exchange Commission, March 27, 2015 X2002 Mangrove Partners Schedule A, filed with the Securities

and Exchange Commission,X

2003 Cayman Islands Search Report of Mangrove Partners X

2004 Form 13-F for Mangrove Partners, filed with theSecurities and Exchange Commission, February 17, 2015

X

2005 Excerpt of Dictionary of Finance and Investment Terms,Fifth Edition

X

2006 Form 13-F for Mangrove Partners, filed with the

Securities and Exchange Commission, May 15, 2015X

2007 Schedule 13G filed with the Securities and ExchangeCommission, for issuer Asta Funding, Inc., June 10, 2013

X

2008 Schedule 13G filed with the Securities and ExchangeCommission, for issuer JGWPT Holdings, Inc.,

November 8, 2013X

2009 Schedule 13G filed with the Securities and ExchangeCommission, for issuer JGWPT Holdings, Inc., December31, 2013

X

2010 Schedule 13G filed with the Securities and ExchangeCommission, for issuer Asta Funding, Inc., December 31,2013

X

2011 Schedule 13G filed with the Securities and ExchangeCommission, for issuer The First MarbleheadCorporation, December 31, 2013

X

2012 Schedule 13G filed with the Securities and ExchangeCommission, for issuer Asta Funding, Inc., December 31,2014

X

2013 Schedule 14A filed with the Securities and Exchange

Commission, reporting Mangrove Partners Press Release,February 9, 2015

X

2014 Schedule 14A filed with the Securities and ExchangeCommission, reporting Mangrove Partners Press Release,February 12, 2015

X

2015 Hedge Fund Regulation (2nd Edition), Scott J Lederman, X


8/18/2019 notice-49 (3)

11/74


x

Exhibit

No.


Submitted

Chapter 2, Form Over Substance: Hedge Fund Structures

2016 EDGAR Search Results, Mangrove Partners Fund

(Cayman), Ltd.

X

2017 EDGAR Search Results, Mangrove Partners Master Fund,Ltd.

X

2018 Cayman Islands Search Report of The Mangrove PartnersFund (Cayman), Ltd.

X

2019 Cayman Islands Search Report of The Mangrove PartnersMaster Fund, Ltd.

X

2020 Form D for Mangrove Partners Fund, L.P., filed with theSecurities and Exchange Commission

X

2021 Complaint For Civil Extortion, Malicious Prosecution,

and Unfair Business Practices Arising From U.S. PatentLaws, Allergan, Inc. v. Ferrum Ferro, Capital, LLC, caseno. 8:15-cv-00992 (C.D. Cal. June 19, 2015)

X

2022 “New Hedge Fund Strategy: Dispute the Patent, Short theStock,” The Wall Street Journal, April 7, 2015

X

2023 Cayman Islands Search Report of Hayman Credes MasterFund L.P.

X

2024 Website of Maples and Calder, available athttp://www.maplesandcalder.com/offices-

contacts/cayman-islands/

X

2025 Memorandum Opinion and Order in VirnetX Inc. v. Mitel Networks Corp. et al., Case No. 6:11-CV-00018 (E.D.Tex. Aug. 1, 2012)

X

2026 Declaration of Dr. Fabian Monrose in IPR2014-00237 X

2027 Glossary for the Linux FreeS/WAN Project X

2028 Excerpts from McGraw-Hill Computer Desktop Encyclopedia (9th ed. 2001)

X

2029 Microsoft’s Responsive Claim Construction Brief inVirnetX, Inc. v. Microsoft Corp., Case No. 6:07-CV-80(E.D. Tex. Jan. 20, 2009)

X

2030 Defendants’ Responsive Claim Construction Brief inVirnetX Inc. v. Cisco Systems, Inc., et al., Case No. 6:10-CV-417 (E.D. Tex. Dec. 7, 2011)

X

2031 Defendants’ Responsive Claim Construction Brief inVirnetX Inc. v. Mitel Networks Corp. et al., Case No.

X


8/18/2019 notice-49 (3)

12/74


xi

Exhibit

No.


Submitted

6:11-CV-00018 (E.D. Tex. June 11, 2012)

2032 Plaintiff VirnetX Inc.’s Opening Brief in Support of Its

Construction of Claims in VirnetX, Inc. v. MicrosoftCorp., Case No. 6:07-CV-80 (E.D. Tex. Dec. 30, 2008) X

2033 Memorandum Opinion and Order in VirnetX, Inc. v. Microsoft Corp., Case No. 6:07-CV-80 (E.D. Tex. July30, 2009)

X

2034 Memorandum Opinion and Order in VirnetX Inc. v. Mitel Networks Corp. et al., Case No. 6:11-CV-00018 (E.D.Tex. Aug. 1, 2012)

X

2035 Excerpts from Markman Hearing Transcript in Case No.6:10-CV-417 (E.D. Tex. Jan. 5, 2012)

X

2036 Response of Office Action in Reexamination, Control No.95/001,269, April 15, 2010

X

2037 Transcript of Teleconference of November 10, 2015 X


2039 Patent Owner’s Requests for Production X

2040 Patent Owner’s Interrogatories X

2041 Schedule D filed with the Securities and ExchangeCommission

X


2043 Declaration of Dr. Fabian Monrose2044 Memorandum Opinion and Order in VirnetX Inc. v. Cisco

Systems, Inc. et al., Case No. 6:10-CV-417 (E.D. Tex.Apr. 25, 2012)

2045 Office Action Response filed January 10, 2011, inapplication no. 11/839,987

2046 Transcript of Deposition of Dr. Roberto Tamassia inIPR2015-00810, IPR2015-00812

2047 Transcript of Deposition of Dr. Roch Guerin

2048 Transcript of Trial, Morning Session, VirnetX, Inc. v. Apple, Inc., Case No. 6:10-CV-417 (E.D. Tex. Nov. 5,2012)

2049 CONFIDENTIAL Mangrove Production Bates Numbered000001-000011

2050 Form 13-F for Mangrove Partners, filed with theSecurities and Exchange Commission, August 14, 2015


8/18/2019 notice-49 (3)

13/74


xii

Exhibit

No.


Submitted

2051 Form 13-F for Mangrove Partners, filed with theSecurities and Exchange Commission, November 16,

20152052 Form 13-F for Mangrove Partners, filed with theSecurities and Exchange Commission, February 16, 2016

2053 RPX Client Relations, http://www.rpxcorp.com/rpx-client-relations (last visited Jan. 23, 2014)

2054 RPX Corp., Annual Report (Form 10-K) (Mar. 11, 2013)

2055 RPX Why Join, http://www.rpxcorp.com/why-join-rpx(last visited Jan. 24, 2014)

2056 Transcript filed in IPR2014-00946, IPR2014-00947,IPR2014-00948

2057 Schedule 13D, filed with the Securities and ExchangeCommission on March 17, 2016, available at:http://www.sec.gov/Archives/edgar/data/1509432/000101359416000896/rpx13d-031716.htm

2058 Letter to RPX Corporation, filed with the Securities andExchange Commission on March 17, 2016, available at:http://www.sec.gov/Archives/edgar/data/1509432/000101359416000896/rpxex991-031716.pdf

2059 Office Action dated February 15, 2012 in inter partes

reexamination control no. 95/001,6792060 Right of Appeal Notice dated September 15, 2015 in inter

partes reexamination control no. 95/001,679

2061 CONFIDENTIAL Mangrove Production Bates Numbered000012-000063

2062 CONFIDENTIAL Petitioner Mangrove Partner’s MasterFund Ltd.’s Objections and Responses to VirnetXInterrogatory No. 1


8/18/2019 notice-49 (3)

14/74


1

IntroductionI.

Patent Owner VirnetX Inc. respectfully submits this Response to the Board’s

decisions to institute inter partes review (“IPR”) in IPR2015-01046 (Paper No. 11,

the “Decision”) and in IPR2016-00062 (Paper No. 28, the “00062 Decision”); and

the petitions for IPR filed by The Mangrove Partners Master Fund, Ltd. in

IPR2015-01046 (the “Petition”), and by Apple Inc. in IPR2016-00062 (the “Apple

Petition”). The Board should enter judgment against Petitioners for several

reasons.

For one, each of the claims-at-issue of U.S. Patent No. 6,502,135 (“the ’135

patent”) should be confirmed because Petitioners have not carried their “burden of

proving . . . unpatentability by a preponderance of the evidence” under 35 U.S.C.

§ 316(e). The asserted references fail to disclose each of the claimed features.

Petitioners makes vague assertions of unpatentability that, when unobscured,

reveal inaccuracies, inconsistencies, and contradictions with past holdings from the

Board and the Federal Circuit. Petitioners’ positions are also based on expert

testimony that should be given little to no weight because it fails to describe how

any of the claim features are allegedly taught or suggested in the asserted

references. In addition, Petitioners have not established at least one of the

references, RFC 1034, as a prior art printed publication. As such, Petitioners have

not established by a preponderance of the evidence that any claim is anticipated or


8/18/2019 notice-49 (3)

15/74


2

rendered obvious by Kiuchi and/or RFC 1034.

In addition, review of the Petitions is barred by statute. Petitioner Mangrove

Partners Master Fund, Ltd. failed to name all of the real-parties-in-interest

associated with its Petition, in violation of 35 U.S.C. § 312(a)(2). Moreover,

review is time-barred under 35 U.S.C. § 315(b)-(c).

Claim ConstructionII.

Petitioners identified six terms for construction. The Decision found that

“no claim terms require express construction.” (Decision at 5.) Patent Owner

respectfully disagrees and addresses construction of the terms below.

In IPR, claims are given their “broadest reasonable construction in light of

the specification.” 37 C.F.R. § 42.100(b). Under this standard, terms are

“generally given their ordinary and customary meaning,” which is the meaning that

the term would have to a person of ordinary skill2 at the time of the invention. See

In re Translogic Tech., Inc., 504 F.3d 1249, 1257 (Fed. Cir. 2007) (quoting

Phillips v. AWH Corp., 415 F.3d 1303, 1312, 1313 (Fed. Cir. 2005) (en banc)).

VirnetX acknowledges that this Board applies the broadest reasonable

interpretation (BRI) standard, and VirnetX’s constructions represent the BRI of the

2 A person of ordinary skill in the art would have had a master’s degree in

computer science or computer engineering and approximately two years of

experience in computer networking and computer security. (Ex. 2043 at ¶ 13.)


8/18/2019 notice-49 (3)

16/74


3

claims in light of the specification and prosecution history. Nevertheless, VirnetX

submits that the Board should apply the claim construction standard applied by the

courts, especially given the litigations and prosecution histories of the ’135 patent

and patents in the same family as the ’135 patent. The BRI standard “is solely an

examination expedient, not a rule of claim construction.” In re Skvorecz, 580 F.3d

1262, 1267-68 (Fed. Cir. 2009). It is justified in examination because applicant

has the opportunity to amend the claims during prosecution. In re Yamamoto, 740

F.2d 1569, 1571 (Fed. Cir. 1984). But IPR is “more adjudicatory than

examinational, in nature.” Idle Free Sys., Inc. v. Bergstrom, Inc., IPR2012-00027,

Paper No. 26 at 6 (June 11, 2013).

The ability to amend claims during IPR is so severely restricted that the

rationale underpinning the BRI—the ability to freely amend claims—does not

apply especially given the litigations and prosecution histories of the ’135 patent

and patents in the same family as the ’135 patent. As a result, to the extent the

Board would have adopted a narrower construction under the courts’ claim

construction standard than it has adopted here, it should adopt the narrower

construction because the BRI standard should not apply to this proceeding.

The Supreme Court recently granted certiorari to consider the application of

the BRI standard in Board proceedings. Cuozzo Speed Techs., LLC v. Lee, No. 15-

446, 2016 WL 205946, at *1 (U.S. Jan. 15, 2016). VirnetX respectfully submits


8/18/2019 notice-49 (3)

17/74


4

that, given “the adjudicative nature and the limited amendment process of IPRs,”

claims in IPR proceedings should be given their “actual meaning.” In re Cuozzo,

793 F.3d 1297, 1299, 1301-02 (Fed. Cir. 2015) (Prost, C.J., dissenting from denial

of en banc rehearing). Should the Supreme Court hold that the Board must apply

the standard applied by the courts (i.e., the Phillips standard), the challenged

claims of the ’135 patent must be confirmed, since the Federal Circuit has

confirmed the validity of the subject claims over Kiuchi based on such claim

constructions. VirnetX Inc. v. Cisco Systems, Inc., 767 F.3d 1308, 1313-14, 1323-

24 (Fed. Cir. 2014); see also Ex. 2044 at 5-8, 14-17, 31.

A.

“Virtual Private Network (VPN)” (Claims 1, 4, 7, 10, and 12)3

Patent Owner’s ProposedConstruction

Petitioners’ ProposedConstruction

Decision’s Construction

A network of computerswhich privately and

directly communicatewith each other byencrypting traffic overinsecure communication

paths between thecomputers

A secure network thatincludes portions of a

public network

No construction proposed

The term “virtual private network (VPN),” as used in the ’135 patent claims,

refers to “a network of computers which privately and directly communicate with

3 Patent Owner identifies only challenged claims that expressly recite the terms at

issue. Claims that depend from these claims may also implicitly contain the terms.


8/18/2019 notice-49 (3)

18/74


5

each other by encrypting traffic over insecure communication paths between the

computers.” Petitioners incorrectly allege that their construction “was previously

adopted by the PTAB in IPR2014-00237” (“the ’237 proceeding”). (Pet. at 7.)

There, the Board preliminarily construed “VPN” as part of the claim term “VPN

communication link” to have a different construction than Petitioners’ proposed

construction here. Apple Inc. v. VirnetX Inc., IPR2014-00237, Paper No. 15 at 11-

12 (May 14, 2014).4 Moreover, Petitioners point to nothing in the ’135 patent

specification or elsewhere that supports their overly vague and ambiguous

construction.

Petitioners’ proposed construction and their application of that construction

raises at least three additional issues: (1) whether a VPN requires encryption, (2)

whether a VPN requires that the computers within the VPN have the capability to

directly communicate with each other, and (3) whether a VPN requires a network.

For the reasons discussed below, encryption, direct communication capability, and

a network, are required.

Encryption: The specification “repeatedly and consistently” explains that a

4 In IPR2014-00237, the Board preliminarily construed “a VPN . . . to mean a

‘secure communication link’ with the additional requirement that the link includes

a portion of a public network.” Apple, IPR2014-00237, Paper No. 15 at 11-12. In

addition, the Board’s constructions are currently subject to appeal.


8/18/2019 notice-49 (3)

19/74


6

virtual private network requires encryption. See Eon–Net LP v. Flagstar Bancorp.,

653 F.3d 1314, 1321–23 (Fed. Cir. 2011). For instance, the ’135 patent

specification teaches that “data security is usually tackled using some form of data

encryption,” and it repeatedly discusses using encryption. (Ex. 1001 at 1:37-38;

see also id. at 2:66-3:2, 3:18-19, 3:57-59, 7:59-60, 9:11-19, 32:29-31; Ex. 2043 at

¶¶ 15-17.) Petitioners agree that the specification discloses techniques for

implementing a VPN using encryption. (Pet. at 8; Ex. 1001 at 2:66-3:67.) The

specification also discloses that its later discussed embodiments can use the earlier-

discussed principles of encryption, identifying “different embodiments or modes

that can be employed using the aforementioned principles.” ( Id. at 22:61-62; see

also id. at 32:29-31.)

The specification also refers to the “FreeS/WAN” project as a conventional

scheme of creating a “VPN.” (Ex. 1001 at 37:50-62; Ex. 2043 at ¶ 18.) Petitioners

assert that Patent Owner’s reference to RFC 2535 (the “FreeS/WAN” protocol)

does not define a VPN. (Pet. at 9.) However, the FreeS/WAN glossary of terms in

the ’135 patent’s prosecution history does define VPN, and the definition requires

encryption. It explains that a VPN is “a network which can safely be used as if it

were private, even though some of its communication uses insecure connections.

All traffic on those connections is encrypted.” (Ex. 2027 at 24, Glossary for the

Linux FreeS/WAN Project.) A contemporaneous dictionary similarly explains that


8/18/2019 notice-49 (3)

20/74


7

“VPNs enjoy the security of a private network via access control and encryption .

. . .” (Ex. 2028 at 8 (emphasis added).) Thus, both intrinsic and extrinsic evidence

demonstrate that VPNs require encryption.

Patent Owner’s construction is also consistent with the constructions

presented and adopted in other USPTO proceedings and three district court

litigations involving the ’135 patent. For example, in IPR2014-00481, Petitioner

Apple agreed that a virtual private network requires encryption. (IPR2014-00481,

Paper No. 1 at 6 (Mar. 7, 2014).) In the three district court cases, Patent Owner

and the defendants proposed several different claim constructions, all of which

included encryption. (See, e.g., Ex. 2029 at 9-14; Ex. 2030 at 2-3; Ex. 2031 at 8;

Ex. 2032 at 9-13.) In all three instances, the court construed “VPN” to require

encryption. (See Ex. 2033 at 4-10; Ex. 2034 at 4-6; Ex. 1019 at 5-8.) While the

Office construes the claims under a different standard than the district court, this

consistent understanding by all parties and the district court is additional evidence

that the BRI of VPN requires encryption.

Direct Communication: Petitioners’ construction incorrectly encompasses

links that are not direct. The ’135 patent specification describes a virtual private

network that is “direct” between a client computer and target computer, and the

prosecution history of the ’135 patent supports this understanding. (Ex. 2043 at

¶¶ 19-21.)


8/18/2019 notice-49 (3)

21/74


8

For instance, the ’135 patent describes a virtual private network as being

direct between a user’s computer and target. (See, e.g., Ex. 1001 at 38:30-33,

39:22-25; see also id. at 40:30-35, 41:23-27 (describing a load balancing example

in which a virtual private network is direct between a first host and a second host),

Figs. 24, 26, 28, 29, 33.) Similarly, in an embodiment describing the

aforementioned TARP, the ’135 patent describes the link between an originating

TARP terminal and a destination TARP terminal as direct. (See, e.g., Ex. 1001,

7:40-49, Fig. 2; see also id. at 31:62-32:3; 36:25-28.)

In describing this direct communication, the ’135 patent specification

discloses that the link traverses a network (or networks) through which it is simply

passed or routed via various network devices such as Internet Service Providers,

firewalls, and routers. (See, e.g., id. at Figs. 2, 24, 28, 29.) In litigation, Patent

Owner’s adversaries have repeatedly recognized that this type of network traversal

is a “direct” communication. (See Ex. 2035 at 42:16-21, 44:13-45:12.)

In addition, during the now-completed reexamination of the ’135 patent and

during the prosecution history of related VirnetX patents, Patent Owner clearly and

unambiguously disclaimed any virtual private networks and virtual private network

communication links that are not direct. (See, e.g., Ex. 2036 at 7; Ex. 2045 at 6-9.)

Referring to Aventail, a reference that is currently asserted against related VirnetX

patents in other proceedings before the Board, Patent Owner explained that the


8/18/2019 notice-49 (3)

22/74


9

reference did not disclose a VPN because, among other things, “computers

connected according to Aventail do not communicate directly with each other.”

(See Ex. 2036 at 7; Ex. 2045 at 8.)

In district court proceedings, Patent Owner’s adversaries acknowledged that

disclaimer is clear and unambiguous, describing Patent Owner’s statements as a

“clear mandate to the Patent Office that computers in a ‘virtual private network’

communicate directly with each other, and that absent direct communication

between the computers, there is no virtual private network.” (Ex. 2030 at 5.) A

disclaiming statement is unambiguous when “a competitor would reasonably

believe that the applicant had surrendered the relevant subject matter.” Cyber

Corp. v. FAS Techs., Inc., 138 F.3d 1448, 1457 (Fed. Cir. 1998). Here, Patent

Owner’s disclaimer “show[s] reasonable clarity and deliberateness.” Biogen Idec,

Inc. v. GlaxoSmithKline LLC , 713 F.3d 1090, 1096 (Fed. Cir. 2013) (citation

omitted). Given the specification and Patent Owner’s statements, the district court

found disclaimer and required the claimed VPN to include direct communication.

(Ex. 1019 at 6-8.)

Petitioners assert that the Board should not give this prosecution history any

weight. (Pet. at 12.) This view is inconsistent with the law, which not only allows,

but requires the Office to consider the prosecution history when reviewing claims

under the BRI standard. See In re Bigio, 381 F.3d 1320, 1325 (Fed. Cir. 2004).


8/18/2019 notice-49 (3)

23/74


10

The Federal Circuit has further stated that when a “patent has been brought back to

the agency for a second review,” “[t]he PTO should also consult the patent’s

prosecution history.” Microsoft Corp. v. Proxyconn, Inc., 789 F.3d 1292, 1298

(Fed. Cir. 2015); see also Straight Path IP Grp., Inc. v. Sipnet EU S.R.O., 806 F.3d

1356, 1362 (Fed. Cir. 2015). Consistent with the Federal Circuit’s case law, in

numerous IPR proceedings, the Board has consistently considered the prosecution

history when construing the claims. See Garmin Int’l, Inc. v. Cuozzo Speed Techs.

LLC , IPR2012-00001, Paper No. 15 at 8 (Jan. 9, 2013); see also Motorola

Solutions, Inc. v. Mobile Scanning Techs., LLC , IPR2013-00093, Paper No. 28 at

10 (Apr. 29, 2013); ZTE Corp. & ZTE (USA) Inc. v. ContentGuard Holdings Inc.,

IPR2013-00134, Paper No. 12 at 16 (June 19, 2013); Xilinx, Inc. v. Intellectual

Ventures I LLC , IPR2013-00112, Paper No. 14 at 6 (June 27, 2013).

In an IPR proceeding for a related patent, the Board relied on Tempo

Lighting, Inc. v. Tivoli, LLC , 742 F.3d 973 (Fed. Cir. 2014), to discount Patent

Owner’s prosecution history arguments. Apple Inc. v. VirnetX Inc., IPR2015-

00871, Paper No. 8 at 19, n. 6 (Oct. 1, 2015). The Board took out of context the

Federal Circuit’s observation in Tempo Lighting that the PTO is not automatically

required “to accept a claim construction proffered as a prosecution history

disclaimer,” since the disclaimer “generally only binds the patent owner.” 742

F.3d at 978. But while a patent examiner is not bound by a patent owner’s


8/18/2019 notice-49 (3)

24/74


11

disclaimer when construing claim terms, an unambiguous disclaimer nevertheless

informs the patent’s scope and should be given effect in subsequent IPR

proceedings. Microsoft Corp., 789 F.3d at 1298; Straight Path IP Grp., Inc., 806

F.3d at 1362.

Consistent with this principle, the Federal Circuit in Tempo Lighting applied

prosecution history disclaimer where an examiner requested the patent applicant to

rewrite its claims to clarify a specific claim term, resulting in an applicant’s

disclaiming remarks. 742 F.3d at 977-78. Here too, in the related reexamination

proceeding, the examiner construed “virtual private network” more broadly than

the specification, and VirnetX disclaimed embodiments that did not involve direct

communication in response to the examiner’s broadening of the claim. (See Ex.

2036 at 7; see also Ex. 2045 at 8.) Just as in Tempo Lighting, this disclaimer was a

clear and unambiguous “clarification” of the meaning of the term “virtual private

network,” and must be given effect. 742 F.3d at 978.

Petitioners further contend, somewhat confusingly, that while they agree that

“Patent Owner disclaimed a portion of the literal scope of the ’135 Patent claims

(i.e., that covering VPNs in which computers do not ‘directly’ communicate),” the

claims “must still encompass this subject matter.” (Pet. at 12.) Petitioners are

wrong and the Federal Circuit has instructed to consider a patent’s prosecution

history, even under a BRI standard, to avoid just such a convoluted and illogical


8/18/2019 notice-49 (3)

25/74


12

result. Microsoft Corp., 789 F.3d at 1298; Straight Path IP Grp., Inc., 806 F.3d at

1362.

Patent Owner’s construction is further supported by the construction

confirmed by the Federal Circuit in the related litigation. The Federal Circuit

noted that a virtual private network requires direct communication. It stated that

the district court’s construction of VPN is “a network of computers which privately

and directly communicate with each other by encrypting traffic on insecure paths

between the computers where the communication is both secure and anonymous.”

VirnetX Inc., 767 F.3d at 1317 n.1. As noted above, while the Office construes the

claims under a different standard than the district court, this consistent

understanding by the Federal Circuit is additional evidence that the BRI of VPN

requires links that are direct.

Network: Although Petitioners’ proposed construction explicitly requires a

“network,” Petitioners’ application of their construction seems to ignore this

requirement. (See infra Section III.B.4.) Consistent with the plain meaning of a

VPN, a VPN requires a network. (Ex. 2043 at ¶ 22.) In describing a VPN, the

’135 patent refers to the “FreeS/WAN” project, which has a glossary of terms.

(Ex. 1001 at 37:57 and bibliographic data showing references cited.) The

FreeS/WAN glossary defines a VPN as “a network which can safely be used as if it

were private, even though some of its communication uses insecure connections.


8/18/2019 notice-49 (3)

26/74


13

All traffic on those connections is encrypted.” (Ex. 2027 at 24, Glossary for the

Linux FreeS/WAN Project.) According to this glossary, a VPN includes at least

the requirement of a “network of computers.” (Ex. 2043 at ¶ 22.)

The specification further describes a VPN as including multiple “nodes.”

(See, e.g., Ex. 1001 at 15:12-16, 19:58; see also id. 17:43-45, 22:44-52, 23:14-20.)

More specifically, the network allows “[e]ach node . . . to communicate with other

nodes in the network.” (Ex. 1001 at 15:16-19.) So a device within a VPN is able

to communicate with the other devices within that same VPN. (Ex. 2043 at ¶ 23.)

In view of the foregoing, Patent Owner’s construction, unlike Petitioners’, is

supported by both intrinsic and extrinsic evidence, and so “virtual private network”

should be construed to mean “a network of computers which privately and directly

communicate with each other by encrypting traffic over insecure communication

paths between the computers.”

B.

“Domain Name Service (DNS) Request” (Claims 1, 3, 4, 8, 10, 12)




A request for a resourcecorresponding to adomain name

A request for a resourcecorresponding to anetwork address


Patent Owner proposes that the BRI of “domain name service (DNS)

request” is “a request for a resource corresponding to a domain name.”

Petitioners’ construction is not the BRI of the term, is inconsistent with the


8/18/2019 notice-49 (3)

27/74


14

specification, and should be rejected. The patent specification discloses that a

“DNS request” may request an IP address or other non-IP address resources, such

as public keys for encryption. (See Ex. 1001 at 37:50-62, citing Ex. 1016, RFC

2535.) In particular, the RFC cited by the specification explains that a computer or

resolver may make “[a]n explicit request for KEY RR’s [public key resource

records].” (Ex. 1016 at 17; see also Ex. 2043 at ¶¶ 24-26.) The ’135 patent

specification further explains that a DNS request involves the sending of a domain

name. (See Ex. 1001 at 37:63-38:2, 38:6-10, 38:23-27; see also id. at 37:33-35,

37:43-47; Ex. 2043 at ¶ 26.) As discussed below (infra Section II.D), the parties

agree that a domain name is “a name corresponding to a network address” and,

depending on the embodiment, the name may encompass, inter alia, an email

address or telephone number.

Petitioners allege that they simply substitute the agreed-upon construction of

“domain name” into “DNS request.” (Pet. at 13.) However, Petitioners’

construction reads in only a portion of the construction of “domain name.” ( Id.)

Petitioners’ abridged construction is ambiguous and either (1) fails to take into

consideration that a “DNS request” plainly must involve a “DN”, i.e., domain

name, or (2) contradicts its own construction of a “domain name” and restricts the

“domain name” to being a “network address.” Neither interpretation of

Petitioners’ construction is supported by the specification.


8/18/2019 notice-49 (3)

28/74


15

C. “Client Computer” (Claims 1, 3, 4, 7, 10, 12)




User’s computer A computer from which a

data request to a server isgenerated


In the context of the ’135 patent claims, the BRI of “client computer” is a

“user’s computer.” The specification of the ’135 patent supports this construction

by explaining that a VPN is initiated between the user ’s computer 2601 and the

target. (See, e.g., Ex. 1001 at 38:30-33; Ex. 2043 at ¶¶ 27-28.) This parallels the

claims language, which recites creating a VPN between a client computer and a

target computer (see, e.g., Ex. 1001 at claim 1). The ’135 patent also explains that

“[a] user’s computer 2501 includes a client application.” (See id. at 37:30-32; see

also id. at 38:15-16 (“A user’s computer 2601 includes a conventional client (e.g.,

a web browser) . . . .”).) Thus, the ’135 patent equates the user’s computer 2601

with the “client computer” in the claims. Similarly, in other embodiments, the

’135 patent discloses that a determination is made as to whether “client 3103 is a

validly registered user” (id. at 45:8-9), and “client computer 801” is depicted as a

user’s computer, namely a laptop device (id. at 16:16-17; Fig. 8).

The ’135 specification provides further guidance as to the “client computer”

being a user’s computer by explaining that its inventions allow for secure

communications between a user’s computer and a target computer. (Ex. 2043 at


8/18/2019 notice-49 (3)

29/74


16

¶ 29.) For instance, in the “Background of the Invention,” the specification

explains the importance of securing communications between an originating

terminal 100 at which a user is located and a destination terminal 110 that hosts a

web site. (Ex. 1001 at 1:15-31.) The “Summary of the Invention” likewise

explains that an originating terminal in a TARP VPN embodiment is a notebook

computer used by an executive and that a destination terminal is a server. (See id.

at 4:59-5:12.) The “Detailed Description of the Invention” also explains that a

VPN is created between a user’s computer at which a web browser is located and a

secure target site. (See id. at 38:13-33.) Consistent with the specification’s

disclosure of secure communications between a user’s computer and a target

computer, the claims recite “initiating the VPN between the client computer and

the target computer.” (See, e.g., id. at claim 1.)

The ordinary meaning is further confirmed by a dictionary that an IPR

petitioner cited against other VirnetX patents. (Ex. 2043 at ¶¶ 30-31.) It defines

“client machine” as “[a] user’s workstation that is attached to a network.” (Ex.

2028 at 3.) The relevant definitions for the other client-related terms also

unanimously require a user, either expressly or implicitly, by identifying a “client”

as a “workstation,” “personal computer,” “user’s machine,” or “user’s PC” in those

definitions:


8/18/2019 notice-49 (3)

30/74


17

Term Dictionary

Client A workstation or personal computer in a client/server

environment

Client application An application running in a workstation or personal

computer on a network

Client based Refers to hardware or software that runs in the user’s

machine (client)

Client program Software that runs in the user’s PC or workstation

Client/server An architecture in which the user’s PC (the client) is the

requesting machine and the server is the supplying

machine[.]

( Id.) In the same dictionary, “workstation” “is just a generic term for a user’s

computer.” ( Id. at 9.) Likewise, “personal computer” or “PC” is “a computer that

serves one user in the office or home.” ( Id. at 5.) Each of the client-related

definitions incorporates the view that a client computer is a user’s computer.

For at least these reasons, the “client computer” should be construed as a

“user’s computer.”

D. Other Terms

The BRI of “domain name” (claims 1, 3, 10) is “a name corresponding to a

network address.” This construction is consistent with the specification, which


8/18/2019 notice-49 (3)

31/74


18

explains that Internet Protocol or “IP” is but one type of network. (See, e.g., Ex.

1001 at 4:3, 4:65-66, 9:22-23; see also id. at 14:44-48, 19:42-44; Ex. 2043 at ¶ 32.)

The BRI of “DNS proxy server” (claims 8, 10) is “a computer or program

that responds to a domain name inquiry in place of a DNS.” This shared view is

consistent with embodiments disclosed in the specification. (See, e.g., Ex. 1001 at

38:23-47; see also Ex. 2033 at 11-12; Ex. 2034 at 8; Ex. 1019 at 16-17; Ex. 2028 at

6; Ex. 2043 at ¶ 33.)

The BRI of “automatically initiating the VPN” (claims 1, 4, 5) is

“initiating the VPN without involvement of a user.” This construction is supported

by the ’135 specification, which describes various embodiments for “automatically

set[ting] up a virtual private network between the target node and the user.” (See,

e.g., Ex. 1001 at 37:63-40:13; see also id. at 38:28-33, 39:22-29; Ex. 2033 at 21-

22; Ex. 2043 at ¶ 34.)

Kiuchi Does Not Anticipate Claims 1, 3, 4, 7, 8, 10, and 12III.

Kiuchi does not disclose each and every feature of claims 1, 3, 4, 7, 8, 10,

and 12, so it does not anticipate these claims.

A.

Kiuchi’s Disclosure

Kiuchi describes communication in a closed HTTP-based network (C-

HTTP). (Ex. 1002 at 7, Abstract; Ex. 2043 at ¶ 35.) C-HTTP communication is a

multi-step process and requires three components between the client, also referred


8/18/2019 notice-49 (3)

32/74


19

to as a user agent, and the origin server where the patient information resides: (1) a

client-side proxy, (2) a server-side proxy, and (3) a C-HTTP name server. (Ex.

1002 at 7-9; Ex. 2043 at ¶ 36.) “C-HTTP-based communication is performed only

between two types of C-HTTP proxies and between a C-HTTP proxy and C-HTTP

name server.” (Ex. 1002 at 11, § 4.2(2); Ex. 2043 at ¶ 36.) Unlike other protocols

that “assure ‘end-to-end’ security protection” in which security protection is

dependent on the end user, C-HTTP communication involves “proxy-proxy

security” and there is no direct communication between user agents and origin

servers. (Ex. 1002 at 10-11; Ex. 2043 at ¶ 36.)

As disclosed in Kiuchi, an end user at a user agent may select or request a

“resource name[] with a connection ID, for example,

‘http://server.in.current.connection/sample.html=@=6zdDfldfcZLj8V!i’” that

identifies resources at an origin server. (Ex. 1002 at 8, § 2.3(1); Ex. 2043 at ¶ 37.)

The “resource name” in Kiuchi corresponds to

“http://server.in.current.connection/sample.html” and identifies both the origin

server at which the requested resources are located, also referred to as the “host” in

Kiuchi, and the resources requested. (Ex. 1002 at 8, § 2.3(1); Ex. 2043 at ¶ 37.)

The connection ID corresponds to “6zdDfldfcZLj8V!i.” (Ex. 1002 at 8, § 2.3(1);

Ex. 2043 at ¶ 37; see also Ex. 2043 at ¶¶ 38-42 (describing the nine steps of

Kiuchi’s C-HTTP-based communications.)


8/18/2019 notice-49 (3)

33/74


20

B. Kiuchi Does Not Anticipate Independent Claim 1

Independent claim 1 recites combinations of features. Kiuchi does not

disclose these recited features for at least the reasons below.

1.

Kiuchi Does Not Disclose the Recited DNS Features

Independent claim 1 recites “generating from the client computer a Domain

Name Service (DNS) request.” (Ex. 1001 at claim 1.) Petitioners never explain

what exactly in Kiuchi they are relying on, but appear to advance two alternative

theories, pointing to: (1) a request sent by the user agent to the client-side proxy,

and (2) a C-HTTP request to be sent by the client-side proxy to the C-HTTP name

server. (Pet. at 27.) To address the claimed DNS features, the Decision relies on

Kiuchi’s request sent by the client-side proxy. (See Decision at 6.) In any event,

neither request discloses the claimed DNS features.

Kiuchi repeatedly differentiates its C-HTTP features from DNS. (Ex. 2043

at ¶¶ 43-44.) For example, Kiuchi explains that the C-HTTP name service is used

“instead of DNS,” the “DNS name service is not used for hostname resolution,”

and a “DNS lookup” is only performed after a permission request to the C-HTTP

name server fails. (Ex. 1002 at 7; see also id. at 11 (explaining that a different

naming scheme is used in a C-HTTP based system and that the system only

functions with C-HTTP proxies and name servers).) In other words, Kiuchi makes

clear that the disclosed DNS lookup is generated only if an error condition occurs


8/18/2019 notice-49 (3)

34/74


21

in which C-HTTP connectivity fails. ( Id. at 8 (“If [a C-HTTP connection] is not

permitted, [the C-HTTP name server] sends a status code which indicates an error.

If a client-side proxy receives an error status, then it performs DNS lookup,

behaving like an ordinary HTTP/1.0 proxy.”); Ex. 2043 at ¶ 44.) Petitioners’ own

expert agrees that the requests pointed to by Petitioners (i.e., the request sent by the

user agent to the client-side proxy, and the C-HTTP request to be sent by the

client-side proxy to the C-HTTP name server), which are different than the error-

condition request, are not DNS requests. (Ex. 2047 at 22:22-23:16.) Indeed,

Apple’s expert in related proceedings has similarly explained that a DNS request to

look up a network address must “follow[] the DNS protocol for such requests.”

(Ex. 2046 at 102:9-13.)

The Office previously recognized in a co-pending inter partes reexamination

that Kiuchi fails to disclose the claimed DNS features because it expressly teaches

that C-HTTP does not involve DNS. See, e.g., Ex. 2059 at 7-8. The Office later

contended in that reexamination that Kiuchi discloses the “same functionality”

because a URL is sent to the C-HTTP name server and an IP address may

eventually be returned. See Ex. 2060 at 8-9. But an anticipation rejection cannot

stand when a reference does not disclose claim limitations. See Richardson v.

Suzuki Motor Co., 868 F.2d 1226, 1236 (Fed. Cir. 1989); see also Titanium Metals

Corp. v. Banner , 778 F.2d 775, 780 (Fed. Cir. 1985).


8/18/2019 notice-49 (3)

35/74


22

Moreover, Kiuchi does not disclose the “same functionality.” (Ex. 2043 at

¶ 45.) For example, as discussed below, unlike conventional DNSs, which

“provide a look-up function that returns the IP address of a requested computer or

host” (Ex. 1001 at 37:22-24), Kiuchi’s C-HTTP name server does not return the IP

address of the URL in the request, which identifies Kiuchi’s origin server, but

instead returns a server-side proxy’s IP address. (See infra Section III.A.)5

For at least these reasons, Kiuchi does not anticipate claim 1.

2.

The Alleged Request in Kiuchi Does Not “Request an IPAddress Corresponding to a Domain Name Associated with

the Target Computer”

Independent claim 1 recites a DNS request “that requests an IP address

corresponding to a domain name associated with the target computer.” (Ex. 1001

at claim 1.) The claim thus requires that the IP address “correspond[] to” the

domain name. Because Kiuchi’s URL belongs to the resource on the origin server,

and because the IP address returned is for the server-side proxy, the IP address

5 In a final written decision in IPR2014-00404, the Board found that Kiuchi’s

system requests the address of the server-side proxy, not the origin server. Apple

Inc. v. VirnetX Inc., IPR2014-00404, Paper No. 42 at 10-11 (July 29, 2015). But,

as discussed in Section III.A, Kiuchi’s URL is that of the resource on the origin

server, not the server-side proxy, and so Kiuchi’s system is requesting the address

of the origin server.


8/18/2019 notice-49 (3)

36/74

8/18/2019 notice-49 (3)

37/74


24

3. Kiuchi’s Client-Side Proxy and Server-Side Proxy Do Not

Disclose the Claimed Client and Target Computers

Petitioners obfuscate their positions by relying in some instances on

Kiuchi’s user agent and origin server for the claimed “client computer” and “target

computer,” respectively, and in other instances on Kiuchi’s client-side proxy and

server-side proxy. (See, e.g., Pet. at 26.) However, similarly to the Board’s

analysis in prior related cases,6 the Institution Decision relies on Kiuchi’s client-

side proxy and server-side proxy as corresponding to the claimed client and target

computers. (See Decision at 6 (“As Petitioner explains, Kiuchi discloses a client-

side proxy that . . . sends a request to a C-HTTP name server.”).) This contention

contradicts the disclosure of Kiuchi and the ’135 patent, as well as what one of

ordinary skill would have understood at the time of the invention.

In the context of the ’135 patent claims, the BRI of the claimed “client

computer” is a “user’s computer.” (See supra Section II.E.) There is no question

that Kiuchi’s client-side proxy is not a user’s computer. Kiuchi does not disclose

6 For instance, in Apple Inc. v. VirnetX Inc., IPR2014-00404, Paper No. 42 at 15

n.4 (July 29, 2015), the Board incorrectly attempted to distinguish the Federal

Circuit’s decision in VirnetX, Inc. v. Cisco Sys., Inc., 767 F.3d 1308, 1324 (Fed.

Cir. 2014), based on its erroneous assessment of Kiuchi’s client-side proxy and

server-side proxy.


8/18/2019 notice-49 (3)

38/74


25

any user associated with the client-side proxy, and in fact Petitioner Apple’s own

expert admitted so in district court litigation. (See, e.g., Ex. 2048 at 37:9-18,

43:10-13, 46:16-19, 53:18-23.) In Kiuchi, the user’s computer is the user agent,

not the client-side proxy. (See, e.g., Ex. 1002 at 8; Ex. 2043 at ¶ 49; see also Ex.

2048 at 50:7-14 (the user agent “would be read naturally as a client computer”).)

In addition, assuming arguendo that a client computer is not necessarily a

“user’s computer,” Kiuchi’s client-side proxy would still not have been understood

to be a “client computer” by one of ordinary skill in the art. (Ex. 2043 at ¶ 50.)

Kiuchi discloses a communication system in which a “client,” also referred to as a

“user agent,” at one institution is able to securely access its target—resources on an

origin server at another institution—through the use of proxies and a name server.

(Ex. 1002 at 7-9.) Specifically, “[a] client-side proxy . . . should be specified as a

proxy server for external (outside the firewall) access in each user agent within the

firewall.” ( Id. at 8.) As Kiuchi explains, a user may attempt to access resources on

the origin server by entering the URL of the resource into the client. ( Id. at 8-9.)

The client then connects to a client-side proxy at its same institution, described in

Kiuchi as the “[c]onnection of a client to a client-side proxy.” ( Id. at 8.)

Kiuchi’s separate references to the “client” and “client-side proxy,” and

marked differentiation between the two, demonstrates that the client-side proxy is

not the client itself. (See, e.g., id. at 8 (“The session is finished when the client


8/18/2019 notice-49 (3)

39/74


26

accesses another C-HTTP server . . . or when the client-side . . . proxy times out.”);

see also Ex. 2043 at ¶ 51.) In fact, Kiuchi explains that one of its advantages is

that “no end-user has any chance to obtain keys for encryption or decryption.”

(Ex. 1002 at 11.) It also states that, in its disclosed system, “[e]nd-users do not

have to employ security protection procedures. They do not even have to be

conscious of using C-HTTP based communications.” ( Id.) Thus, Kiuchi not only

distinguishes between a “client,” where an end-user sits, and a “client-side proxy,”

which has no end-user, it touts the separation as a necessary feature of its system.

As a result, one of ordinary skill in the art would have read Kiuchi’s user agent as

the natural client computer in Kiuchi. ( Id.; Ex. 2043 at ¶ 51.) Indeed, in litigation,

Petitioner Apple’s expert testified that the user agent of Kiuchi “would be read

naturally as a client computer.” Ex. 2048 at 50:7-14; see also id. at 50:20-24.)

The Federal Circuit has agreed with Patent Owner’s understanding of

Kiuchi. In particular, it found “evidence that the ‘client’ of Kiuchi is actually a

web browser, a component that is distinguishable from the client-side proxy.”

VirnetX, Inc., 767 F.3d at 1324. Patent Owner expects Petitioners to argue that the

Federal Circuit’s findings are inapplicable because the Federal Circuit employed

the Phillips claim construction standard (but see supra Section II). But the Federal

Circuit has emphasized that the Board nevertheless has an “obligation to

acknowledge that interpretation” and “to assess whether it is consistent with the


8/18/2019 notice-49 (3)

40/74


27

broadest reasonable construction of the term.” Power Integrations, Inc. v. Lee, 797

F.3d 1318, 1326 (Fed. Cir. 2015). Here, consistent with the Federal Circuit’s

finding, the ’135 patent discloses that a client and proxy server are distinct. For

example, the ’135 patent explains that “[p]roxy servers prevent destination servers

from determining the identities of the originating clients.” (Ex. 1001 at 1:49-51.)

The ’135 patent also contrasts the claimed “client computer” from a proxy by

referring to it as a “user’s computer.” (See, e.g., id. at 37:30-39, 38:13-17, Fig. 26

(2601).) Thus, treating Kiuchi’s “client-side proxy” as the claimed “client

computer” is inconsistent with Kiuchi’s teachings and with the teachings of the

’135 patent. (Ex. 2043 at ¶ 52.)

Treating the client-side proxy as the claimed “client computer” is also

inconsistent with evidence relied upon by Petitioners’ expert to understand the

scope of the claims. In particular, Petitioners’ expert cites RFC 1945 to argue that

a “proxy” is described as an “intermediary program which acts as both a server and

a client for the purpose of making requests on behalf of other clients.” (Ex. 1003

at ¶ 19 (citing Ex. 1014 at 5).) However, while a proxy may make “requests on

behalf of other clients,” RFC 1945 explains that a “user agent” is “[t]he client

which initiates a request.” (Ex. 1014 at 5.) Kiuchi’s client side proxy is at best a

client proxy, not a “client computer” that generates requests, as claimed. (See Ex.

2043 at ¶ 53; see also Ex. 2048 at 52:7-8 (Petitioner Apple’s expert admitting that


8/18/2019 notice-49 (3)

41/74


28

the client-side proxy is “a client proxy, I will give you that”).)

Similarly, Kiuchi’s server-side proxy fails to disclose the “target computer”

recited in claim 1. Rather, in Kiuchi, a user agent seeks resources that are located

at the origin server, and not the server-side proxy, as admitted by Petitioner

Apple’s expert in litigation as well as Petitioners’ expert in this proceeding. (See

Ex. 2048 at 38:11-17; Ex. 2043 at ¶ 54; see also Ex. 2048 at 64:18-65:3; Ex. 2047

at 95:9-14, 99:21-100:11.) As explained in more detail above (see supra Section

III.B.1), the client-side proxy receives a URL associated with the origin server

from the client and subsequently asks the C-HTTP name server whether it can

communicate with the origin server, not the server-side proxy. (Ex. 1002 at 8.)

Kiuchi discloses that a user does not even need to know the institution is using C-

HTTP, and thus likely has no knowledge about the existence of server-side proxy.

( Id. at 11, “End-users . . . do not even have to be conscious of using C-HTTP based

communications.”) Thus, the user’s requests are not provided for direction to the

server-side proxy, but to the origin server. In discussing the prior art, the ’135

patent discloses a system like Kiuchi’s in which a proxy server is distinct from the

target computer. According to the ’135 patent, the proxies are “intermediate

server[s] interposed between client and destination server[s]” and this “target

server only sees the address of the outside proxy.” (Ex. 1001 at 1:51-55.)

For at least these additional reasons, Kiuchi does not anticipate claim 1.


8/18/2019 notice-49 (3)

42/74


29

4. Kiuchi Does Not Disclose the Claimed VPN

Claim 1 recites, among other things, “automatically initiating a VPN

between the client computer and the target computer.” (Ex. 1001 at claim 1.) As

discussed above, a VPN necessarily requires a “network” and “direct

communication.” (See supra Section II.A.)

In addressing the VPN limitation, Petitioners point to a connection that

allegedly enables data to be “securely transmitted between the user agent and

origin servers because the proxy servers automatically encrypt any traffic sent

between them.” (Pet. at 29.) Thus, Petitioners appear to rely on Kiuchi’s C-HTTP

connection. This C-HTTP connection allows the “client-side proxy [to] forward[]

HTTP/1.0 requests from the user agent in encrypted form using C-HTTP format,”

(Ex. 1002 at 9, § 2.3(6); Ex. 2043 at ¶ 56), the server-side proxy to forward the

requests to the origin server after converting them to HTTP/1.0 requests, (Ex. 1002

at 9, § 2.3(7); Ex. 2043 at ¶ 56), the origin server to send HTTP/1.0 responses,

which are “encrypted in C-HTTP format by the server-side proxy, forwarded to the

client-side proxy (which decrypts the C-HTTP response and extracts the HTTP/1.0

response), and sent to the client (Ex. 1002 at 9, § 2.3(8); Ex. 2043 at ¶ 56). In this

arrangement, there is neither a “network” nor “direct communication.”

a)

Network

Unlike the VPN disclosed in the ’135 patent, Kiuchi’s proxy-to-proxy C-


8/18/2019 notice-49 (3)

43/74


30

HTTP connection does not provide access to a network of computers. Rather,

Kiuchi teaches a specialized, point-to-point connection that exists only between the

two proxies, and thus is not a network. (See Ex. 1002 at 8-9, explaining that the

proxies implement all C-HTTP functions on behalf of the user agent and origin

server, 10-11, § 4.2, “C-HTTP-based communication is performed only between

two types of C-HTTP proxies and between a C-HTTP proxy and C-HTTP name

server. They do not communicate directly with various types of user agents and

servers using C-HTTP.”; Ex. 2043 at ¶ 57.) For example, each time a new C-

HTTP connection is established, any previous C-HTTP connection is first

disconnected. As Kiuchi explains, “[t]he [C-HTTP] session is finished when the

client accesses another C-HTTP server” meaning “the current connection is

disconnected,” and “a new connection is established . . . .” (Ex. 1002 at 8; see also

id. at 9, disclosing separate connection IDs for each C-HTTP connection, 10,

discussing the closure of the connection after each transaction; Ex. 2043 at ¶ 57.)

Thus, a C-HTTP connection exists only between two specific proxies and is unable

to expand to include more, limiting scalability and preventing network

communication. (See Ex. 2043 at ¶ 57; see also Ex. 1001 at 23:14-20.) This

stands in contrast to the ’135 patent’s disclosure of a scalable virtual private

“network” of computers on the same network able to communicate with one

another. (See id.) While a C-HTTP system may “accommodate up to a few


8/18/2019 notice-49 (3)

44/74


31

hundred [sic] proxies,” these proxies are not interconnected and do not form a

network. (Ex. 1002 at 11, § 4.3; Ex. 2043 at ¶ 57.)

b) Direct Communication

C-HTTP has additional characteristics that do not comport with a VPN. For

example, the C-HTTP proxy servers preclude the user agent and origin server (the

true client and target) from directly communicating with one another as in a VPN

by stopping communication at the proxies, wrapping/unwrapping messages,

encrypting/decrypting their contents, re-formatting, and ultimately re-sending

messages. (See Ex. 1002 at 8, “[i]n the client-side proxy, the HTML document is

rewritten,” 9, explaining that a client-side proxy encrypts and re-formats HTTP/1.0

requests to C-HTTP format and that the client-side proxy decrypts and re-formats

C-HTTP responses to HTTP/1.0 format, 10-11, § 4.2, “C-HTTP-based

communication is performed only between two types of C-HTTP proxies and

between a C-HTTP proxy and C-HTTP name server. They do not communicate

directly with various types of user agents and servers using C-HTTP”; Ex. 2043 at

¶ 58.) In fact, in related litigation, the Federal Circuit explained that a VPN, as

claimed, includes direct communication and that substantial evidence confirmed

that “Kiuchi’s proxy servers at least do not teach ‘direct communication’ between

a client and target computer” because “Kiuchi’s client-side and server-side proxies

terminate the connection, process information, and create a new connection. . . .”


8/18/2019 notice-49 (3)

45/74


32

VirnetX , 767 F.3d at 1324. (See also Ex. 2047 at 19:7-18 (Petitioners’ expert

admitting that “the client-side proxy and the server-side proxy are communicating

using C-HTTP, and you have user agent and origin servers that are only running

HTTP/1.0”), id. at 21:3-7 (Petitioners’ expert agreeing that the “encrypted

communications in the C-HTTP connection between the proxies . . . doesn’t extend

past [the] proxies to the origin server or the user agent”).)

For at least these additional reasons, Kiuchi does not anticipate claim 1.

C.

Kiuchi Does Not Anticipate Independent Claim 10

Independent claim 10 recites combinations of features. Kiuchi does not

disclose these recited features for at least the reasons below.

1.

Kiuchi Does Not Disclose the Recited DNS Features

Independent claim 10 recites “a DNS proxy server that receives a request

from the client computer to look up an IP address for a domain name.” (Ex. 1001

at claim 10.) For the reasons discussed above for claim 1, Kiuchi does not disclose

the claimed DNS features. (See supra Section III.B.1; see also Ex. 2043 at ¶ 59.)

2.

Kiuchi Does Not Disclose a DNS Proxy Server that

Generates a Request to Create a VPN

Claim 10 recites a “DNS proxy server [that] generates a request to create the

VPN.” (Ex. 1001 at claim 10.) Petitioners contend that Kiuchi’s client-side proxy

and C-HTTP name server correspond to the claimed “DNS proxy server.” (Pet. at

34; see also id. (relying of Kiuchi’s server-side proxy for the claimed “gatekeeper


8/18/2019 notice-49 (3)

46/74


33

computer”.)7 However, Kiuchi explains that the “client-side proxy sends a request

for connection to the server-side proxy,” (Ex. 1002 at 8), but this “request for

connection” cannot correspond to the claimed “request to create the VPN.”

Rather, Kiuchi explains that it is the server-side proxy (not the client-side proxy)

that requests creation of a C-HTTP connection when it sends a connection ID and a

symmetric data exchange key to the client-side proxy. ( Id . at 9.) “When the

client-side proxy accepts . . . the connection is established.” ( Id.; see also Ex. 2043

at ¶¶ 60-61.)

Moreover, as discussed above in connection with claim 1, Kiuchi’s C-HTTP

connection is not a VPN. (See supra Section III.B.3; Ex. 2043 at ¶ 62.)

3. Kiuchi Does Not Disclose a DNS Proxy Server that Returns

an IP Address

Kiuchi further fails to disclose a “DNS proxy server [that] returns the IP

address for the requested domain name if it is determined that access to a non-

secure web site has been requested,” as recited in claim 10. Kiuchi fails to disclose

this feature because Kiuchi explains that when permission for a C-HTTP

connection is not granted, the client-side proxy “performs DNS lookup, behaving

7 For claim 1, Petitioners fail to explain what components are being mapped to the

claimed “client computer” and “target computer.” Here, however, Petitioners rely

on Kiuchi’s user agent for the clamed “client computer.” (Pet. at 34.)


8/18/2019 notice-49 (3)

47/74


34

like an ordinary HTTP/1.0 proxy.” (Ex. 1002 at 8.) One of ordinary skill in the art

would understand this to mean that the client-side proxy forwards the request to a

DNS server for resolution and the DNS server returns an IP address. (Ex. 2043 at

¶ 63.) Petitioners in fact appear to agree, only alleging that “where the user agent

requests to connect to a non-secure server, the hostname in the connection request

will be resolved by a conventional DNS server .” (Pet. at 34.) Petitioners contrast

such a conventional DNS server from both of the alleged proxy servers. ( Id.

(“where a user agent requests to connect to a destination in the closed network, the

C-HTTP name server and client-side proxy act as proxy servers, acting in place of

a conventional DNS server”); see also id. at 30 (“If the client-side proxy receives

an error code, it determines the URL specifies a non-secure destination and it sends

the hostname in the URL to a conventional DNS server.”).) While a DNS server

(not a DNS proxy server) may return an IP address to the client-side proxy (part of

the alleged DNS proxy server), Kiuchi does not disclose that the client-side proxy

returns the IP address to the user agent. Therefore, Kiuchi does not disclose – and

Petitioners do not even allege that Kiuchi discloses – a “DNS proxy server [that]

returns the IP address for the requested domain name if it is determined that access

to a non-secure web site has been requested,” as claimed.

D.

Kiuchi Does Not Anticipate Dependent Claims 3, 4, 7, 8, and 12

Kiuchi does not anticipate claims 3, 4, 7, 8, and 12, for at least the reasons


8/18/2019 notice-49 (3)

48/74


35

discussed above for independent claims 1 and 10, from which they depend. See

Sections III.B-C. Therefore, Petitioners’ challenge to these claims should be

rejected and the claims confirmed. (Ex. 2043 at ¶ 65.) In addition, dependent

claims 4 and 7 should also be confirmed for the following additional reasons.

1. Kiuchi Does Not Disclose the Features of Claim 4

Claim 4 recites “determining whether the client computer is authorized to

establish a VPN with the target computer.” (Ex. 1001 at claim 4.) Kiuchi fails to

disclose this feature. Kiuchi teaches checking whether the server-side proxy is

registered in the network, not whether a purported “client computer” is authorized

to establish a VPN. (See Ex. 1002 at 8 (“examin[ing] whether the requested

server-side proxy . . . is permitted to accept the connection from the client-side

proxy”).) But whether the server-side proxy is permitted to connect says nothing

as to the client computer’s authorization. (Ex. 2043 at ¶ 64.) Indeed, it makes

little sense to conclude that simply because a client-side proxy at a first institution

may generally communicate with a server-side proxy at a second institution,

therefore every user at the first institution is authorized to communicate with the

second institution. (Ex. 1002 at 7.) This understanding is consistent with Kiuchi’s

disclosure, which stresses the importance of keeping patient information and

records confidential. ( Id.; see also id. at 11.) While the firewalls or proxies

between the two institutions may be authorized to communicate, individual clients


8/18/2019 notice-49 (3)

49/74


36

and users within each institution may or may not be authorized to do so. Indeed,

authorizing every user at a first institution to access confidential materials at

another simply because the institution’s firewalls are allowed to communicate

defeats the very purpose of Kiuchi.

2. Kiuchi Does Not Disclose the Features of Claim 7

Claim 7 recites that “step (3) comprises the step of using a gatekeeper

computer that allocates VPN resources for communicating between the client

computer and the target computer.” (Ex. 1001 at claim 7.) Petitioners allege that

Kiuchi’s “server-side proxy acts as a gatekeeper.” (Pet. at 32.) For claim 1,

however, the Institution Decision relies on Kiuchi’s server-side proxy as mapping

to the claimed “target computer.” (Decision at 6.) This is improper.

In In re Robertson, 169 F.3d 743 (Fed. Cir. 1999), the Federal Circuit held

that where a claim recites separate elements that perform different functions, a

single disclosed element in a prior art reference is insufficient to teach each and

every element as set forth in the claims. In re Robertson, 169 F.3d 743, 745 (Fed.

Cir. 1999); see also Becton, Dickenson & Co. v. Tyco Healthcare Group, LP, 616

F.3d 1249, 1254 (Fed. Cir. 2010); Lantech Inc. v. Keip Machine Co., 32 F.3d 542,

547 (Fed. Cir. 1994). Likewise, in Ex Parte Weideman, the Board held that

“[c]onsistent with the principle that all limitations in a claim must be considered

meaningful, it is improper to rely on the same structure in the [prior art] reference


8/18/2019 notice-49 (3)

50/74


37

as being responsive to two different [claimed] elements.” Appeal No. 2008-3454,

Decision on Appeal at 7 (BPAI Jan. 27, 2009). Here, Petitioners attempt to do just

that, relying on the same server-side proxy for both the claimed “target computer”

and the claimed “gatekeeper computer.” This attempt should be rejected.

Moreover, even if Petitioners attempt to rely on their nebulous mapping of

claim 1 (see supra Section III.B) to allege that Kiuchi’s origin server corresponds

to the claimed “target computer,” this mapping would also be improper. As the

Board has previously recognized, “the Federal Circuit determined that a client-side

proxy did not form a ‘direct communication’ with an origin server.” Apple Inc.,

IPR2014-00404, Paper No. 42 at 15 n.4. Petitioners’ mapping would also mean

that Kiuchi would not meet other limitations of the claims as noted above. (See

e.g., Sections III.B.2, B.3.)

Kiuchi and RFC 1034 Do Not Render Obvious Claim 8IV.

Claim 8 depends from and includes all of the features of independent claim

1. Petitioners rely on RFC 1034 to allegedly make up for certain deficiencies of

Kiuchi with respect to the additional limitations recited in claim 8. However,

Petitioners do not allege that RFC 1034 makes up for any of the deficiencies of

Kiuchi with respect to the limitations recited in claim 1. As such, for at least those

reasons discussed above in connection with claim 1, Petitioners have failed to

establish by a preponderance of the evidence that this claim is unpatentable, and


8/18/2019 notice-49 (3)

51/74


38

thus claim 8 should be confirmed.

Dr. Guerin’s Testimony Should be Accorded Little, If Any, WeightV.

A. Dr. Guerin Did Not Properly Analyze the Claims

Mangrove’s expert, Dr. Guerin, submitted a declaration in t

Documents

notice-49 (3)