VirnetX Inc.Download PDFPatent Trials and Appeals BoardJul 14, 2020IPR2015-01046 (P.T.A.B. Jul. 14, 2020) Copy Citation Trials@uspto.gov Paper 112 571-272-7822 Entered: July 14, 2020 UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ THE MANGROVE PARTNERS MASTER FUND, LTD., and APPLE INC., Petitioner, v. VIRNETX INC., Patent Owner. ____________ IPR2015-010461 Patent 6,502,135 B1 ____________ Before MICHAEL P. TIERNEY, Vice Chief Administrative Patent Judge, KARL D. EASTHOM, JASON W. MELVIN, Administrative Patent Judges. MELVIN, Administrative Patent Judge. JUDGMENT Final Written Decision on Remand Determining All Challenged Claims Unpatentable 35 U.S.C. §§ 144, 318 1 Apple Inc., which filed a petition in IPR2016-00062, has been joined as a Petitioner in this proceeding. IPR2015-01046 Patent 6,502,135 B1 2 I. INTRODUCTION A. BACKGROUND AND SUMMARY The Mangrove Partners Master Fund, Ltd., and Apple Inc. (collectively, “Petitioner”) requested inter partes review of claims 1, 3, 4, 7, 8, 10, and 12 of U.S. Patent No. 6,503,135 B1 (Ex. 1001, “the ’135 patent”). Paper 1, (“Pet.”).2 We issued a Decision instituting inter partes review. Paper 11 (“Inst. Dec.”). After Institution, VirnetX Inc. (“Patent Owner”) filed a Patent Owner’s Response (Paper 49 (redacted version), “PO Resp.”; Paper 44 (non- redacted version)), to which Petitioner replied (Paper 51 (redacted version), “Pet. Reply”; Paper 50 (non-redacted version); and Paper 53, “Pet. Separate Reply”). Oral argument was conducted on June 30, 2016. Our Final Written Decision was issued September 9, 2016. Paper 71 (“Original Decision”). On appeal, the Federal Circuit vacated our Original Decision and remanded the case for further proceedings. VirnetX Inc. v. Mangrove Partners Master Fund, Ltd., 778 F. App’x 897 (Fed. Cir. 2019). After conferring with the parties, we permitted Patent Owner to file a Motion for Additional Discovery (Paper 81), to which Petitioner filed an Opposition (Paper 82) and Patent Owner filed a Reply (Paper 87). We granted in part Patent Owner’s Motion. Paper 88. Patent Owner requested rehearing of our Decision on its Motion for Additional Discovery (Paper 92), to which Petitioner opposed (Paper 93) and Patent Owner replied (Paper 94). We permitted the parties to brief the issues for consideration on remand from the Federal Circuit. Petitioner filed a principal brief (Paper 95, 2 We consider the Petition filed by The Mangrove Partners Master Fund, Ltd., not the similar petition filed by the joined party. IPR2015-01046 Patent 6,502,135 B1 3 “Pet. Remand Br.”), Patent Owner filed an Opposition (Paper 96, “PO Remand Br.”), Petitioner filed a Reply (Paper 97, “Pet. Remand Reply”), and Patent Owner filed a Sur-Reply (Paper 98, “PO Remand Sur-Reply”). Oral argument was conducted on January 24, 2020, and a transcript appears in the record. Paper 105 (“Tr.”). This is a Final Written Decision on Remand as to the patentability of the challenged claims. For the reasons discussed below, we determine that Petitioner has shown by a preponderance of the evidence that the challenged claims are unpatentable. B. RELATED MATTERS The ’135 patent is at issue in the following civil actions: (i) Civ. Act. No. 6:13-cv-00211-LED (E.D. Tex.), filed February 26, 2013; (ii) Civ. Act. No. 6:12-cv-00855-LED (E.D. Tex.), filed November 6, 2012; and (iii) Civ. Act. No. 6:10-cv-00417-LED (E.D. Tex.), filed August 11, 2010. Pet. 1; Paper 8, 11–12. The ’135 patent is the subject of Reexamination Control Nos. 95/001,679 and 95/001,682. Pet. 2; Paper 8, 2–3. Petitioner additionally describes a related matter as follows: On January 21, 2020, the Federal Circuit issued its opinion in VirnetX Inc. v. Cisco Systems, Inc., No. 2019-1043 (Fed. Cir. Jan. 21, 2020), affirming, under Fed. Cir. R. 36, the Board’s decisions in Cisco Systems, Inc. v. VirnetX Inc., Control No. 95/001,746, Appeal Nos. 2015-007843, 2017-010852, 2017-010852, each involving related U.S. Patent No. 6,839,759 and, inter alia, the Kiuchi reference at issue in this proceeding. Paper 102, 1. IPR2015-01046 Patent 6,502,135 B1 4 Additionally, Patent Owner identifies a number of PTO proceedings that involve U.S. Patent No. 7,490,151 (“the ’151 patent”). Paper 8, 3–4. Of particular significance here, the ’151 patent is at issue in IPR2015-01047, which has been treated as largely a companion proceeding to the present. See, e.g., VirnetX, 778 F. App’x at 904 (describing the ’135 patent and the ’151 patent collectively; noting the patents “share a substantially identical specification”). Patent Owner identifies multiple other proceedings involving “patents stemming from the same applications that led to the ’135 patent.” Paper 8, 3–10. C. THE ’135 PATENT The ’135 patent discloses a system and method for communicating over the Internet and the automatic creation of a virtual private network (VPN) in response to a domain-name server look-up function. Ex. 1001, 2:66–3:2, 37:19–21. The ’135 patent describes “a protocol referred to as the Tunneled Agile Routing Protocol (TARP), [which] uses a unique two-layer encryption format and special TARP routers.” Id. at 2:66–3:2. D. ILLUSTRATIVE CLAIMS Claim 1 of the ’135 patent is illustrative of the claimed subject matter and is reproduced below: 1. A method of transparently creating a virtual private network (VPN) between a client computer and a target computer, comprising the steps of: (1) generating from the client computer a Domain Name Service (DNS) request that requests an IP address corresponding to a domain name associated with the target computer; IPR2015-01046 Patent 6,502,135 B1 5 (2) determining whether the DNS request transmitted in step (1) is requesting access to a secure web site; and (3) in response to determining that the DNS request in step (2) is requesting access to a secure target web site, automatically initiating the VPN between the client computer and the target computer. Ex. 1001, 47:20–32. E. PRIOR ART AND ASSERTED GROUNDS Petitioner asserts unpatentability on the following grounds: Claim(s) Challenged 35 U.S.C. § Reference(s) 1, 3, 4, 7, 8, 10, 12 102 Kiuchi3 8 103 Kiuchi, RFC 10344 Pet. 4. F. CAFC REMAND On appeal, the Federal Circuit held that our prior decision erred by failing to construe “client computer” and reading it on Kiuchi’s client-side proxy without adequate analysis. VirnetX, 778 F. App’x at 908–09. It further held that reading “client computer” on Kiuchi’s user agent did not deprive VirnetX of adequate notice or opportunity to respond under the APA. Id. at 909. Considering the construction for “VPN between the client and target computers,” the Federal Circuit held that “[t]he statements VirnetX made 3 Takahiro Kiuchi and Shigekoto Kaihara, “C-HTTP – The Development of a Secure, Closed HTTP-based Network on the Internet,” published by IEEE in the Proceedings of SNDSS 1996 (Ex. 1002). 4 Mockapetris, P., RFC 1034, “Domain Names–Concepts and Facilities,” Nov. 1997 (Ex. 1005). IPR2015-01046 Patent 6,502,135 B1 6 during reexamination constitute disclaimer.” VirnetX, 778 F. App’x at 910. The Federal Circuit determined that “a ‘VPN between the client computer and the target computer’ requires direct communication between the client and target computers” because VirnetX distinguished its claims over “a system in which a client computer communicates with an intermediate server via a singular, point-to-point connection.” Id.; see id. at 909–910 (describing statements made to distinguish a prior art reference called “Aventail”). In light of that new construction, the Court remanded the case for us to determine whether Kiuchi satisfies the VPN limitation. Id. II. ANALYSIS A. CLAIM CONSTRUCTION The ’135 patent expired October 29, 2019, and we therefore construe its claims according to the standard used by district courts, as expressed in Phillips v. AWH Corp., 415 F.3d 1303 (Fed. Cir. 2005) (en banc). PO Remand Br. 2–3; see In re CSB-Sys. Int’l, Inc., 832 F.3d 1335, 1342 (Fed. Cir. 2016). The Federal Circuit instructed us as to the correct construction for a “VPN between the client computer and the target computer.” VirnetX, 778 F. App’x at 909–10. Additionally, as to the ’151 patent, it held that, “[t]o the extent the Board intended to rely exclusively on Kiuchi’s client- side proxy for the claimed ‘client,’” it was necessary to construe the meaning of “client.” Id. at 907–08. 1. “virtual private network (VPN)” The Federal Circuit held that the claim language “a virtual private network (VPN) between a client computer and a target computer” “requires IPR2015-01046 Patent 6,502,135 B1 7 direct communication between the client and target computers” because, during reexamination, VirnetX disclaimed scope that would read on “a system in which a client computer communicates with an intermediate server via a singular, point-to-point connection.” 778 F. App’x at 910. The parties continue to dispute the impact of the Federal Circuit’s claim construction. Petitioner contends that, during the concurrent litigation, Patent Owner’s expert “testified that direct communication refers to direct addressability of the target computer.” Pet. Remand Br. 10 (emphasis omitted) (citing Ex. 1044, 50:25–51:5). Patent Owner takes the view that, regardless of how one understands “direct communication,” the claims cannot encompass “a ‘system in which a client computer communicates with an intermediate server via a singular, point-to-point connection,’ wherein ‘[t]hat intermediate server then relays the data to a target computer on the same private network on which the server resides.” PO Remand Br. 12 (quoting VirnetX, 778 F. App’x at 910). At bottom, the parties dispute whether Kiuchi describes direct communication that would fall within the claims’ scope as properly construed, and we address that issue below. 2. “client computer” As to the proper construction of “client computer,” Petitioner submits that its “first anticipation mapping does not implicate this issue—there, the ‘user agent’ is the ‘client computer.’” Pet. Remand Br. 6. Patent Owner does not dispute that assertion. PO Remand Br. 15–21. The construction does, however, impact Petitioner’s second anticipation mapping and we therefore address the dispute. IPR2015-01046 Patent 6,502,135 B1 8 Petitioner submits that a “client computer” should be construed as a “computer from which a data request to a server is generated.” Pet. Remand Br. 6–9. Patent Owner, on the other hand, submits that the claimed client computer must refer to a “user’s computer.” PO Remand Br. 3–12. Petitioner contends that “client computer” refers to the “conventional client component of a client/server architecture.” Pet. Remand Br. 7 (citing Ex. 1003 ¶ 19; Ex. 1014, 5 (defining “client” as “[a]n application program that establishes connections for the purpose of sending requests.”)). According to Petitioner, that usage is consistent with the Specification’s specific use of “user’s computer” and description, for example, that “[a] user’s computer 2601 includes a conventional client (e.g., a web browser) 2605.” Pet. Remand Br. 8 (quoting Ex. 1001, 38:14–15; citing Ex. 1001, 37:30–32; 39:17–20, 39:22–29, 44:40–45). Petitioner reasons that because the ’135 patent uses the term “user’s computer” when desired, it does not indicate that the term is synonymous with “client computer.” Id. at 9. Finally, Petitioner argues that the Specification describes embodiments where a VPN is initiated by client software that runs on a computer not described as a user’s computer, showing that a client computer refers simply to the computer from which a data request to a server is generated. Id. (citing Ex. 1001, 31:57–64, 36:26–28, 40:27–30). Patent Owner focuses initially on the claim language reciting “initiating the VPN between the client computer and the target computer.” PO Remand Br. 3. In Patent Owner’s view, that language reflects the Specification’s description that the invention provides secure communication between a user’s computer running a web browser and a secure target site. Id. at 4 (citing Ex. 1001, 1:15–31, 4:59–5:12, 38:13–33). IPR2015-01046 Patent 6,502,135 B1 9 In that way, Patent Owner contrasts its proposed construction with Petitioner’s, which Patent Owner contends would permit a server to act as the “client computer” and therefore contort the claim in an unnatural way. Id. at 8. Regarding the Specification’s description of a user’s computer including a conventional client application (Ex. 1001, 38:14–15), Patent Owner asserts it supports Patent Owner’s construction for “client computer” because it shows that the relevant client applications are those on user- operated computers, not just any software that communicates with a server. PO Remand Br. 8–9. Finally, Patent Owner addresses Petitioner’s contention that the Specification describes VPN connections involving a client computer that is not operated by a user. Id.at 10–11. In Patent Owner’s view, each of the Specification portions identified by Petitioner either does involve a user-operated computer or relates to embodiments outside the scope of the challenged claims. Id. The proper construction for “client computer” presents a close issue. Although we agree that the plain words seemingly refer to a computer that acts as a client in a client–server relationship, the Specification demonstrates that the claims are not so broad. The preamble recites “transparently creating a virtual private network (VPN) between a client computer and a target computer.”5 The Specification describes “automatic creation of a virtual private network (VPN) in response to a domain-name server look-up function” under a heading that states “Use 5 Although the preamble does not necessarily limit the claim, here, the term “virtual private network” in the preamble provides antecedent basis for that term later in the claim. See Catalina Marketing Intern. v. Coolsavings.com, 289 F. 3d 801, 808 (Fed. Cir. 2002). Moreover, the parties do not assert that the preamble here limits the claim. IPR2015-01046 Patent 6,502,135 B1 10 of a DNS Proxy to Transparently Create Virtual Private Networks.” Ex. 1001, 37:17–21. The embodiment described in that section includes determining the need for a secure connection based on a DNS request from the user’s computer. Id. at 37:63–38:2; accord id. at 38:23–25 (“According to one embodiment, DNS proxy 2610 intercepts all DNS lookup functions from client 2605 and determines whether access to a secure site has been requested.”). The Specification explains that Figure 26 depicts the same embodiment and confirms that, when created, the VPN extends from the user’s computer with client software to the desired target site. Id. at 38:13– 65. Although we are mindful that a single embodiment in the Specification should not be used to limit the claims, the close fit between this embodiment and the claims at issue counsels close consideration. Moreover, the Specification does not appear to discuss operations using DNS requests outside of the embodiment associated with Figure 26. Cf. id. at 32:27–35 (describing improvements added through a continuation-in-part application as including “a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry”). If we were to construe the claimed “client computer” as Petitioner seeks, it would permit a claim scope that exceeds the Specification’s description. The parties essentially assert two ordinary meanings exist––one related to the user, the other related to the client–server relationship––but the Specification only describes the client computer vis-à-vis the user. So if we were to construe the claimed “client computer” as Petitioner seeks, it would read a meaning into the claim that the Specification does not describe. Though Petitioner’s proposed construction accurately expresses that the described client software generates a request for data from a server, the IPR2015-01046 Patent 6,502,135 B1 11 construction is incomplete because it does not identify where the client computer fits within the overall VPN claimed. Patent Owner’s construction, on the other hand, is consistent with the Specification’s description that the VPN extends from a user’s computer to a desired target site.6 Accordingly, we adopt Patent Owner’s construction for “client computer” as “a user’s computer.” B. ANTICIPATION Kiuchi discloses systems and methods for facilitating “secure HTTP communication mechanisms within a closed group of institutions on the Internet, where each member is protected by its own firewall.” Ex. 1002, 64 (Abstract). It terms its approach C-HTTP, indicating “a closed HTTP (Hypertext Transfer Protocol)-based network (C-HTTP).” Id. C-HTTP allows a conventional user agent (such as web browser software running on a user’s computer) to request a resource identified in a URL. Id. at 65 (§ 2.3). A client-side proxy intercepts all such resource requests made by a user agent. Id. (“A client-side proxy behaves as an HTTP/1.0 compatible proxy, and it should be specified as a proxy server for external (outside the firewall) access in each user agent within the 6 Petitioner points to a progeny of the ’135 patent, US 9,386,000, reciting claims with a “client device” further restricted “wherein the client device is a user device.” See Pet. Remand Reply 3–4. Petitioner reasons that “client” cannot restrict a device (like the computer claimed here) to a user device because then the further restriction in the ’000 patent would be superfluous. Id. Under the circumstances here with two ordinary meanings at issue, we view the claim language of the ’000 patent as only marginally relevant to the construction of the challenged claims, and potentially superfluous language does not persuade us that our construction discussed above is erroneous. IPR2015-01046 Patent 6,502,135 B1 12 firewall.”). The “client-side proxy asks the C-HTTP name server whether it can communicate with the host specified in a given URL.” Id. “If the connection is permitted, the C-HTTP name server sends the IP address and public key of the server-side proxy” to the client-side proxy. Id. Once the client-side proxy receives that information, it “sends a request for connection to the server-side proxy.” Id. After verifying the client-side proxy’s information and access permission, the server-side proxy sends connection information to the client-side proxy, which in turn checks the connection information and establishes a secure connection. Id. at 65–66 (§ 2.3). In that connection, the client-side proxy encrypts requests from the user agent and forwards them to the server-side proxy, which in turn forwards them to “an origin server inside the firewall.” Id. at 66 (§ 2.3). Responses from the origin server are returned to the user agent, through the server-side proxy and client-side proxy, in turn. Id. Petitioner argues the Petition proposes two fundamental mappings of the claim language to Kiuchi’s disclosures. Pet. Remand Br. 11–13. 1. Kiuchi anticipates claim 1 under Petitioner’s first mapping In Petitioner’s first mapping, Kiuchi’s user agent running on a computer acts as the claimed “client computer” to generate a DNS request using a domain name associated with an origin server, causing creation of a VPN between the user agent and the origin server that passes through the client-side proxy and server-side proxy. Id. at 11–12 (citing Pet. 26–27; Reply 8–11), 13–24. Petitioner illustrates this mapping using the following annotated version of a diagram appearing in the declaration of Dr. Guerin: IPR2015-01046 Patent 6,502,135 B1 13 Pet. Remand Br. 12 (annotating Ex. 1003 ¶ 24). a. Kiuchi discloses “direct” communication Patent Owner argues that Petitioner’s first mapping does not satisfy the claim language because Kiuchi does not disclose a direct connection between the user agent and origin server. PO Remand Br. 15–21. According to Patent Owner, Kiuchi discloses three separate links, one between each pair of devices in the chain from the user agent to the origin server depicted above. Id. at 15. That argument, however, conflates link with connection. The two are not the same. The disclaimer recognized by the Federal Circuit relates to “a system in which a client computer communicates with an intermediate server via a singular, point-to-point connection” wherein “[t]hat intermediate server then relays the data to a target computer on the same private network on which the server resides.” VirnetX, 778 F. App’x at 910. IPR2015-01046 Patent 6,502,135 B1 14 Interpreting the disclaimed scope as Patent Owner urges would contrast with the ’135 patent’s disclosure of multiple links between two TARP terminals as consistent with the claimed invention. See Ex. 1001, Fig. 2.7 Thus, simply using multiple links does not push a system outside the scope of the claims. Rather, we must consider the nature of the overall connection. Before the Office, Patent Owner described the claimed VPN as one “where data can be addressed to one or more different computers across the network, regardless of the location of the computer.” Ex. 2036, 5–6. Thus, the ability to address data to a particular computer is a key aspect of the claimed VPN. Id.; Ex. 1044, 50:25–51:5 (Patent Owner’s district-court expert stating that “direct communication refers to direct addressability”).8 Kiuchi’s system is consistent with Patent Owner’s description of the claimed VPN. Kiuchi’s user agent generates a request that includes a resource address (in the form of a URL). See Ex. 1002 § 2.3 (“A client-side proxy behaves as an HTTP/1.0 compatible proxy, and it should be specified as a proxy server for external (outside the firewall) access in each user agent within the firewall.”); id. (“A client-side proxy asks the C-HTTP name server whether it can communicate with the host specified in a given URL.”). Indeed, Patent Owner’s expert, Dr. Monrose, testified that Kiuchi’s 7 Patent Owner takes the position that the claimed VPN should be consistent with the described TARP routing. See, e.g., Tr. 37:24, 39:2–14, 40:5–15. 8 With the same claim construction but a different factual record, the Federal Circuit held that substantial evidence supported a jury’s finding of no anticipation by Kiuchi. VirnetX, Inc. v. Cisco Systems, Inc., 767 F.3d 1308, 1323–24 (Fed. Cir. 2014). That does not compel the same finding in this proceeding, where we reach a determination based on a preponderance of the evidence. Our unique factual record—including expert testimony— justifies our finding that Kiuchi does anticipate the claims. IPR2015-01046 Patent 6,502,135 B1 15 URL provided by the user agent is an address of the resource on an origin server. Ex. 1036, 240:21–241:14; see also Tr. 38:13–16 (stating that the URL is “the identifier to the resource that you want that sits on the origin server”). The client-side proxy intercepts the request and, using the C-HTTP name server, maps the request to the particular server-side proxy that can access the requested resource. Ex. 1002, 65 (§ 2.3) (“If the connection is permitted, the C-HTTP name server sends the IP address and public key of the server-side proxy . . . .”). The client-side proxy establishes a connection with the server-side proxy, which retrieves the resource from the appropriate origin server and returns it to the client-side proxy, which in turn returns the resource to the user agent. Id. at 66 (“Once the connection is established, a client-side proxy forwards HTTP/1.0 requests from the user agent in encrypted form using C-HTTP format. . . . Using HTTP/1.0, a server-side proxy communicates with an origin server inside the firewall. . . . The resulting HTTP/1.0 response is sent to the user agent.”). Thus, Kiuchi’s system, unlike the disclaimed scope, allows a client (the user agent) to connect to a remote server transparently and access resources with only the single URL identifying the remote resource. Kiuchi’s system operates like the ’135 patent’s TARP, which allows the system to route a packet as required to reach the destination address provided by the client computer. Ex. 1001, 3:5–31. Kiuchi’s user agent does not communicate with the client-side proxy using a singular, point-to-point connection because the user agent addresses the desired endpoint and the VPN provides the required message routing for the user agent to receive a response from the desired endpoint. IPR2015-01046 Patent 6,502,135 B1 16 Patent Owner asserts that Kiuchi discloses “a client computer communicating with an intermediary computer and a point-to-point . . . connection,” like the disclaimed system. Tr. 36:4–7. But Patent Owner provides no explanation of why Kiuchi’s connection is a point-to-point connection. Such a characterization belies Kiuchi’s disclosures, which state that, “[f]rom the view of the user agent or client-side proxy, all resources appear to be located in a server side proxy on the firewall” and further that “the server-side proxy forwards requests to the origin server.” Ex. 1002, 66 (§ 2.3). Further, Patent Owner contends that Kiuchi’s connection stops at the proxies because “the communication is only configured to reach . . . the intermediary server.” Tr. 63:18–20. Similarly, Patent Owner contends that Kiuchi’s URL is “not to get the communication to the origin server.” Id. at 63:22–26. That argument is not consistent with Patent Owner’s acknowledgement that the URL is “the identifier to the resource that you want that sits on the origin server.” Tr. 38:13–16; accord Ex. 1036, 240:21– 241:14. We find Kiuchi does not disclose that “a client computer communicates with an intermediate server via a singular, point-to-point connection” as was disclaimed. Patent Owner argues that Kiuchi’s URL, while identifying the desired resource on the origin server, is not an address because “it’s not the ultimate, the IP address that you're actually going to use to get to the target computer.” Tr. 38:13–25. But Patent Owner does not contend that the claims require such an IP address. Id. at 38:26–39:2. Rather, Patent Owner contends that Kiuchi does not disclose direct communication because its user agent does not provide the server-side proxy’s address. Tr. 39:6–12 (“[T]he client- side proxy doesn’t send that [the server-side proxy’s IP address] back to the IPR2015-01046 Patent 6,502,135 B1 17 client and then the client sets up a direct communication with the server-side proxy or anything like that . . . .”). The claims, however, do not require that the client computer must provide the address of the target computer. Rather, they require only that the client computer generates a request for “an IP address corresponding to a domain name associated with the target computer.” Nor does Patent Owner’s distinction explain why Kiuchi’s communication is meaningfully less direct than that described in the ’135 patent. Patent Owner argues that Kiuchi discloses modifying messages between an origin server and user agent and thus does not disclose direct communication. PO Resp. 31. But, as Petitioner points out (Reply 16; Remand Br. 16), Kiuchi teaches modifying content only for HTML objects, not for image and sound objects. Ex. 1002, 66–67; Ex. 1036, 229:22–230:12 (Patent Owner’s declarant agreeing). Thus, Kiuchi’s disclosures of at least those types of resources maintain the requirement for direct communication. Indeed, although Kiuchi’s requests and responses are wrapped and encrypted over the proxy-to-proxy link, the user agent and origin server communicate using standard HTTP requests and responses. Ex. 1002, 66 (§ 2.3); see Pet. Remand Br. 21–22; Tr. 13:7–18; see also Ex. 1001, 13:33–39 (describing that an encrypted TARP packet is wrapped with an IP header for transmission over an intermediate link). Despite repeated questioning on Patent Owner’s distinction from Kiuchi, Patent Owner could not articulate a clear line between direct versus indirect communication. See Tr. 45:12– 47:17, 49:13–50:14, 52:14–54:4. Patent Owner argues that Kiuchi does not use the URL sent by the user agent to get to the desired endpoint (see id. at 42:14–43:1), but that is not consistent with Kiuchi’s disclosures as described IPR2015-01046 Patent 6,502,135 B1 18 above. Patent Owner contends also that “direct” must be whatever the ’135 patent’s Specification describes (see id. at 53:16–22), but that sidesteps the question. Patent Owner has not adequately distinguished what was disclaimed from what the Specification describes. That is particularly important where Kiuchi shares many characteristics with the disclosed TARP system. As discussed above, we find that Kiuchi’s system does not use a singular, point-to-point connection as was disclaimed. Based on the totality of evidence in the record, we have evaluated the parties’ evidence and argument, and we find by a preponderance of evidence that Kiuchi discloses direct communication that satisfies the claimed VPN. b. Kiuchi discloses the additional limitations of claim 1 Other than whether Kiuchi discloses a direct connection, on remand Patent Owner does not dispute Petitioner’s assertions for the first mapping. See PO Remand Br. 15–21. In the Original Decision, we found that Kiuchi discloses the remaining claim elements. Original Decision 5–10. Without any reason to reach a contrary conclusion, we maintain those findings. Kiuchi discloses all other elements of claim 1. The claimed client computer reads on Kiuchi’s user agent. See id. at 9–10. The claimed generating and determining steps of claim 1, relating to a DNS request, read on Kiuchi’s request from a user agent for a resource, which is sent by the client-side proxy to the C-HTTP name server and resolved to the IP address of a server-side proxy if directed at a resource on an origin server. See id. at 5–8. The claimed target computer reads on Kiuchi’s origin server. See id. at 8–9. IPR2015-01046 Patent 6,502,135 B1 19 2. Kiuchi does not anticipate claim 1 under Petitioner’s second mapping In Petitioner’s second asserted mapping, Kiuchi’s client-side proxy acts as the claimed “client computer” to create a VPN between the client- side proxy and server-side proxy. Id. at 12–13 (citing Pet. 26–27; Reply 8– 11), 24–30. As part of that process, Petitioner asserts, the client-side proxy “generates a request” to the C-HTTP name server to request the IP address corresponding to a hostname associated with the server-side proxy. Id. at 25 (citing Pet. 26–27; Ex. 1002, 65). Our construction for “client computer” forecloses that language reading on Kiuchi’s client-side proxy. Quite simply, the client-side proxy is not a user’s computer. Rather, it is a computer configured to manage the connection between a user’s computer and nonlocal networks. Ex. 1002, 65 (§ 2.3) (“A client-side proxy behaves as an HTTP/1.0 compatible proxy, and it should be specified as a proxy server for external (outside the firewall) access in each user agent within the firewall.”). Petitioner argues that the client-side proxy is a “user’s computer” and thus a “client computer” under Patent Owner’s construction. Pet. Remand Br. 29–30. That argument is not persuasive. Petitioner argues that the client- side proxy has administrative users. Id. (citing Ex. 1002, 64–65). We agree with Patent Owner that Kiuchi does not describe that such users perform the claimed VPN method, and thus, administrative users do not show the client- side proxy is a client computer as claimed. See PO Remand Br. 22–23. Petitioner suggests additionally that Kiuchi’s disclosures encompass a “single-user institution, where every computer, including the client-side proxy, is that ‘user’s computer.’” See Pet. Remand Br. 30 (citing Ex. 1002, 64–65, 69). We do not understand the term “user’s computer,” however, to IPR2015-01046 Patent 6,502,135 B1 20 mean simply a computer that is owned by or controlled by a particular individual. Rather, it refers to a computer that a user operates as part of the claimed method. Thus, a “single-user institution” does not mean that the client-side proxy is a user’s computer as claimed. We agree with Patent Owner that no user is associated with Kiuchi’s client-side proxy such that it would be considered a user’s computer. See PO Remand Br. 22–24. Accordingly, we conclude that Petitioner has not shown by a preponderance of the evidence that Kiuchi discloses the claimed VPN between Kiuchi’s client-side proxy and server-side proxy. 3. Kiuchi discloses the limitations of the additional challenged claims Petitioner contends that Kiuchi discloses the additional language of claim 3, “(4) in response to determining that the DNS request in step (2) is not requesting access to a secure target web site, resolving the IP address for the domain name and returning the IP address to the client computer.” Pet. 29–30. Patent Owner does not specifically challenge that assertion. See Paper 12, 3 (“[A]ny arguments for patentability not raised in the response will be deemed waived.”). Kiuchi discloses that when the client-side proxy receives an error code from the C-HTTP name server, the client-side proxy “performs DNS lookup, behaving like an ordinary HTTP/1.0 proxy.” Ex. 1002, 65 (§ 2.3). We agree with Petitioner that Kiuchi discloses the additional limitations of claim 3. Petitioner contends that Kiuchi discloses the additional language of claim 4, “prior to automatically initiating the VPN between the client computer and the target computer, determining whether the client computer is authorized to establish a VPN with the target computer and, if not so authorized, returning an error from the DNS request.” Pet. 30–31. Petitioner IPR2015-01046 Patent 6,502,135 B1 21 relies on Kiuchi’s disclosure that the C-HTTP name server authenticates a user agent’s request to determine if the connection is permitted. Id. (citing Ex. 1002, 65 (“[T]he name server . . . examines whether the client-side proxy is permitted to access to the server-side proxy.”). Patent Owner contends that Kiuchi’s disclosures are directed only at the client-side proxy, not at the particular user agent. PO Resp. 35–36. According to Patent Owner, “whether the server-side proxy is permitted to connect says nothing as to the client computer’s authorization.” Id. at 35. Petitioner, on the other hand, contends that Kiuchi’s system determines a user agent is authorized by determining whether it “is part of an institution that is part of the closed network.” Reply 18. We conclude that Petitioner’s position is persuasive and supported by the record. Kiuchi’s disclosure of determining whether a client- side proxy may connect to the desired server-side proxy also determines whether the client computer is authorized, as the client computer (the user agent) connects through the authorized client-side proxy. Petitioner contends that Kiuchi discloses the additional language of claim 7, “wherein step (3) comprises the step of using a gatekeeper computer that allocates VPN resources for communicating between the client computer and the target computer.” Pet. 31–32. Petitioner asserts that Kiuchi’s server-side proxy acts as a gatekeeper that allocates resources. Id. Patent Owner challenges that mapping, asserting that the server-side proxy cannot serve as both the target computer and the gatekeeper computer. PO Resp. 36. As discussed above, that is not the mapping we find persuasive—rather, Kiuchi’s origin server is the claimed target computer— and thus, Patent Owner’s argument is inapposite. We find that Kiuchi’s server-side proxy acts as a gatekeeper by interacting with the C-HTTP name IPR2015-01046 Patent 6,502,135 B1 22 server and the client-side proxy as part of the process to establish the VPN. Ex. 1002, 65 (§ 2.3). Petitioner contends that Kiuchi discloses the additional language of claim 8, “wherein step (2) is performed in a DNS proxy server that passes through the request to a DNS server if it is determined in step (3) that access is not being requested to a secure target web site.” Pet. 32–33. Patent Owner does not specifically challenge that assertion. See Paper 12, 3. Kiuchi discloses that “the function of the DNS proxy is distributed among the client-side proxy and the C-HTTP name server” as Petitioner asserts. Pet. 32; see Ex. 1002, 65 (§ 2.3). We find that Kiuchi teaches the additional limitations of claim 8. Independent claim 10 recites a DNS proxy server that receives a request from the client computer to look up an IP address for a domain name, wherein the DNS proxy server returns the IP address for the requested domain if it is determined that the access to a non-secure website has been requested, and wherein the DNS proxy server generates a request to create the VPN between the client computer and the secure target computer if it is determined that access to a secure web site has been requested. For that aspect, Petitioner asserts that Kiuchi’s client-side proxy acts as the claimed DNS proxy server because, when the C-HTTP name server returns an error code, the client-side proxy “performs DNS lookup, behaving like an ordinary HTTP/1.0 proxy.” Ex. 1002, 65 (§ 2.3). Patent Owner agrees that Kiuchi’s “client-side proxy forwards the request to a DNS server for resolution and the DNS server returns an IP address,” but argues that Kiuchi’s client-side proxy does not return an IP address to the user agent. PO Resp. 33–34. But behaving like an ordinary proxy includes returning the IPR2015-01046 Patent 6,502,135 B1 23 response from the DNS server to the user agent. See Ex. 1005, 6–7, 16. 29. Thus, Petitioner’s assertions regarding Kiuchi satisfy the claim language regarding requesting access to non-secure websites. Regarding access to secure websites, Patent Owner argues that Kiuchi’s client-side proxy does not “generate[] a request to create the VPN.” PO Resp. 32–33. According to Patent Owner, Kiuchi’s server-side proxy, not the client-side proxy “requests creation of a C-HTTP connection when it sends a connection ID and a symmetric data exchange key to the client-side proxy.” Id. at 33. We agree with Petitioner, however, that the claim language is satisfied when “a client-side proxy sends a request for connection to the server-side proxy.” Ex. 1002, 65 (§ 2.3). That request triggers the process of creating the VPN, which concludes with another action by the client-side proxy. Id. at 66 (“When the client-side proxy accepts and checks them, the connection is established.”). Claim 10 further recites a “gatekeeper computer that allocates resources for the VPN between the client computer and the secure web computer in response to the request by the DNS proxy server.” Petitioner asserts, and we find, that Kiuchi discloses that language for the reasons discussed above regarding claim 7. Petitioner asserts that Kiuchi discloses the additional language of claim 12, “wherein the gatekeeper computer determines whether the client computer has sufficient security privileges to create the VPN, and, if the client computer lacks sufficient security privileges, rejecting the request to create the VPN.” Pet. 35. As with claim 7, Petitioner relies on Kiuchi’s server-side proxy acting as a gatekeeper, and as with claim 4, relies on the server-side proxy determining whether a connection is permitted. For the IPR2015-01046 Patent 6,502,135 B1 24 reasons discussed above regarding those two claims, we agree with Petitioner that Kiuchi discloses the additional limitations of claim 12. Accordingly, having considered the full record, we find by a preponderance of the evidence that Kiuchi discloses the limitations of claims 3, 4, 7, 8, 10, and 12. C. OBVIOUSNESS Petitioner additionally contends that claim 8, which depends from claim 1, would have been obvious over the combination of Kiuchi and RFC 1034. Pet. 35–37. Petitioner’s contentions rely on RFC 1034 for only the limitation added by claim 8. Id. Patent Owner notes that Petitioner did not raise the issue of claim 8’s obviousness in the remand brief. PO Remand Br. 13 n.5. Patent Owner, however, only contested obviousness of claim 8 based on Kiuchi’s asserted deficiencies relevant to claim 1 and the public accessibility of RFC 1034. PO Resp. 37–38, 41–45. We need not address this asserted basis for unpatentability because we conclude that Kiuchi anticipates claim 8. D. DR. GUERIN’S DECLARATION Patent Owner argues that we should not afford Dr. Guerin’s declaration (Exhibit 1003) any weight because “it was altered by counsel after he signed it.” PO Remand Br. 25 (citing PO Resp. 37–39; Paper 82, 11–14). As we noted in an earlier Decision on Request for Rehearing, Exhibit 1003 merely confirms what is otherwise apparent from the record. Paper 74, 6. We reach the same conclusion here. Dr. Guerin’s declaration does not drive our conclusion on any disputed issue. Patent Owner has not IPR2015-01046 Patent 6,502,135 B1 25 demonstrated that any relevant modifications were made without Dr. Guerin’s agreement. Thus, Patent Owner’s argument is not persuasive. E. TERMINATION UNDER § 315(B) Patent Owner argues that this proceeding should be terminated under 35 U.S.C. § 315(b) in light of Apple’s joinder to the proceeding. PO Remand Br. 32–33. As Patent Owner recognizes, however, the Federal Circuit rejected this argument as raised in the first appeal. VirnetX, 778 F. App’x at 901. Because the Federal Circuit left open whether prejudice could arise later (see id. at 902), Patent Owner “continues to object” because “Apple’s counsel continued to assume a leading role” in the proceedings. PO Remand Br. 32–33. We determine that Patent Owner has not identified any material change in the case due to Apple’s participation and decline to terminate based on § 315(b). F. CONSTITUTIONALITY Patent Owner raises an argument relying on Arthrex, Inc. v. Smith & Nephew, Inc., 941 F.3d 1320 (Fed. Cir. 2019). PO Remand Br. 31–32. That argument, however, is not sufficiently explained and attempts to incorporate by reference to Patent Owner’s other papers. See id. Our rules prohibit such incorporation, and considering Patent Owner’s arguments from the referenced papers would violate the word limit applicable to Patent Owner’s remand brief. See 37 C.F.R. § 42.6(a)(3) (2019). In any event, we see little merit to Patent Owner’s Appointment’s Clause challenge. Even apart from the fact the interlocutory discovery order issued by the panel in this case was not a final agency action, Patent Owner waived any such challenge by not raising it before the agency or the Federal IPR2015-01046 Patent 6,502,135 B1 26 Circuit during the original appeal of this case. See Vivint, Inc. v. Alarm.com Inc., Fed. Cir. Nos. 19-2438, -2439, ECF No. 29 at 2 (holding that Vivint’s failure to raise an Appointments Clause challenge in its original appeal forfeited its ability to do so after remand because it did not “‘timely raise[]’ its challenge ‘before the first body capable of providing it with the relief sought’”) (quoting Arthrex, Inc. v. Smith & Nephew, Inc., 941 F.3d 1320, 1339 (Fed. Cir. 2019)). III. CONCLUSION For the reasons discussed above, we conclude that Petitioner has proven the challenged claims are unpatentable.9 In summary Claim(s) 35 U.S.C. § Reference(s)/Basis Claims Shown Unpatentable Claims Not Shown Unpatentable 1, 3, 4, 7, 8, 10, 12 102 Kiuchi 1, 3, 4, 7, 8, 10, 12 8 10310 Kiuchi, RFC 1034 Overall Outcome 1, 3, 4, 7, 8, 10, 12 9 Should Patent Owner wish to pursue amendment of the challenged claims in a reissue or reexamination proceeding subsequent to the issuance of this decision, we draw Patent Owner’s attention to the April 2019 Notice Regarding Options for Amendments by Patent Owner Through Reissue or Reexamination During a Pending AIA Trial Proceeding. See 84 Fed. Reg. 16,654 (Apr. 22, 2019). If Patent Owner chooses to file a reissue application or a request for reexamination of the challenged patent, we remind Patent Owner of its continuing obligation to notify the Board of any such related matters in updated mandatory notices. See 37 C.F.R. § 42.8(a)(3), (b)(2). 10 As explained above, we do not reach this ground of unpatentability because it would not change our Order or offer any additional analysis of disputed issues. IPR2015-01046 Patent 6,502,135 B1 27 IV. ORDER In consideration of the foregoing, it is hereby ORDERED that that claims 1, 3, 4, 7, 8, 10, and 12 of the ’135 patent are unpatentable; and FURTHER ORDERED that, because this is a Final Written Decision, parties to the proceeding seeking judicial review of the decision must comply with the notice and service requirements of 37 C.F.R. § 90.2. IPR2015-01046 Patent 6,502,135 B1 28 PETITIONER: Abraham Kasdan WIGGIN AND DANA LLP akasdan@wiggin.com James T. Bailey jtb@jtbaileylaw.com Jeffrey Kushan Scott Border Thomas Broughan SIDLEY AUSTIN LLP IPRNotices@sidley.com sborder@sidley.com tbroughan@sidley.com PATENT OWNER: Joseph Palys Naveen Modi Daniel Zeilberger Chetan Bansal PAUL HASTINGS LLP josephpalys@paulhastings.com naveenmodi@paulhastings.com danielzeilberger@paulhastings.com chetanbansal@paulhastings.com Copy with citationCopy as parenthetical citation