Ex Parte 7418504 et alDownload PDFPatent Trial and Appeal BoardSep 9, 201695001851 (P.T.A.B. Sep. 9, 2016) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 95/001,851 12/13/2011 7418504 43614.101 1688 22852 7590 09/12/2016 FINNEGAN, HENDERSON, FARABOW, GARRETT & DUNNER LLP 901 NEW YORK AVENUE, NW WASHINGTON, DC 20001-4413 EXAMINER FOSTER, ROLAND G ART UNIT PAPER NUMBER 3992 MAIL DATE DELIVERY MODE 09/12/2016 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ CISCO SYSTEMS INC., Requester, v. VIRNETX INC., Patent Owner. ____________ Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 Technology Center 3900 ____________ Before STEPHEN C. SIU, DENISE M. POTHIER, and JEREMY J. CURCURI, Administrative Patent Judges. SIU, Administrative Patent Judge DECISION ON APPEAL Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 2 VirnetX Inc. (“Patent Owner”) appeals under 35 U.S.C. §§ 134 and 315 the Examiner’s rejections of claims 1–10, 12–35, and 60 over various references. PO App. Br. 1-2.1 Cisco Systems Inc. (“Requester”) appeals the Examiner’s non-adoption of grounds of rejections of claims 1–3, 5–30, 33–35, and 60 over various references. 3PR App. Br. 1-2.2 We have jurisdiction under 35 U.S.C. §§ 134 and 315 (pre-AIA). An oral hearing was conducted on July 7, 2016. This proceeding arose from an October 18, 2011 request for an inter partes reexamination of the claims of U.S. Patent 7,418,504 B2, titled “Agile Network Protocol for Secure Communications Using Secure Domain Names” and issued to Victor Larson; Robert Dunham Short, III; Edmund Colby Munger; and Michael Williamson, on August 26, 2008 (“the ’504 patent”). The ’504 patent describes a secure mechanism for communicating over the internet. The ’504 patent 3:14–15. Claims 1 and 11 read as follows: 1. A system for providing a domain name service for establishing a secure communication link, the system comprising: a domain name service system configured to be connected to a communication network, to store a plurality of domain names and corresponding network addresses, to receive a query for a network address, and to comprise an indication that the domain name service system supports establishing a secure communication link. 1 Patent Owner’s Appeal Brief, filed May 26, 2015 (PO App. Br.). 2 Third Party Requester Cisco Systems, Inc.’s Appeal Brief, filed May 26, 2015 (3PR App. Br.). Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 3 11. The system of claim 8, wherein the virtual private network is based on a network address hopping regime that is used to pseudorandomly change network addresses in packets transmitted between a first device and a second device. The cited references are as follows: Ludwig US 5,689,641 Nov. 18, 1997 Wesinger US 5,898,830 Apr. 27, 1999 Aziz US 6,119,234 Sept. 12, 2000 Borella US 6,269,099 B1 July 31, 2001 Broadhurst US 6,560,634 B1 May 6, 2003 Rolf Lendenmann, Understanding OSF DCE 1.1 for AIX and OS/2, IBM International Technical Support Organization, pp. 1–245 (Oct. 1995) (“Lendenmann”). Takahiro Kiuchi and Shigekoto Kaihara, “C-HTTP – The Development of a Secure, Closed HTTP-based Network on the Internet,” Proceedings of the Symposium on Network and Distributed System Security, pp. 64–75, 1996 (“Kiuchi”). Bryan Pfaffenberger, Netscape Navigator 3.0: Surfing the Web and Exploring the Internet, Academic Press, pp. 3–446 (1996) (“Pfaffenberger”). Information Sciences Institute, “Transmission Control Protocol,” DARPA Internet Program Protocol Specification Request for Comments 793 (Sept. 1981) (“RFC 793”). D. Eastlake and C. Kaufman, Network Working Group, Information Sciences Institute, “Domain Name System Security Extensions,” Request for Comments 2065, pp. 1–41 (Jan. 1997) (“RFC 2065”). Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 4 David M. Martin, “A Framework for Local anonymity in the Internet,” Technical Report, Boston University, Boston, MA, USA, pp. 1–14 (Feb. 21, 1998) (“Martin”). Bruce Schneier, Applied Cryptography (1996) (“Schneier”). Lawton, George, “New Top-Level Domains Promise Descriptive Names,” Sunworld Online, Sept. 1996 (“Lawton”). Gaspoz, Jean-Paul, “VPN on DCE: From Reference Configuration to Implementation,” Bringing Telecommunication Services to the People – IS&N ’95, Third International Conference on Intelligence in Broadband Services and Networks, October 1995 Proceedings, pp. 250-260 (“Gaspoz”). Mark Pallen, “The World Wide Web,” British Medical Journal, Vol. 311 at 1554 (Dec. 9, 1995) (“Pallen”). R.L. Rivest et al., “A Method for Obtaining Digital signatures and Public-Key Cryptosystems,” Communications of the ACM, Vol. 21, no. 2, pp. 120–126 (Feb. 1978) (“Rivest”). Frederic Gittler et al., “The DCE Security Service,” Hewlett-Packard Journal, pp. 41–48, Dec. 1995 (“Gittler”). Patent Owner appeals the Examiner’s rejection of 1) Claims 1–3, 5, 6, 14–30, 33–35, and 60 under 35 U.S.C. § 102(b) as anticipated by Lendenmann; 2) Claims 1, 2, 6–9, 14–22, 24, 25, 27, 28, 33–35, and 60 under 35 U.S.C. § 102(e) as anticipated by Aziz; 3) Claim 7 under 35 U.S.C. § 103(a) as unpatentable over Lendenmann and Wesinger; Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 5 4) Claims 8 and 9 under 35 U.S.C. § 103(a) as unpatentable over Lendenmann and Gaspoz; 5) Claim 10 under 35 U.S.C. § 103(a) as unpatentable over the combination of Lendenmann, Gaspoz, and Schneier or the combination of Aziz and Schneier; 6) Claims 12 and 13 under 35 U.S.C. § 103(a) as unpatentable over Lendenmann, Gaspoz, and RFC 793; 7) Claims 31 and 32 under 35 U.S.C. § 103(a) as unpatentable over Lendenmann, Ludwig, and RFC 793; 8) Claims 3, 4, and 26 under 35 U.S.C. § 103(a) as unpatentable over Aziz and Lawton; 9) Claim 9 under 35 U.S.C. § 103(a) as unpatentable over Aziz and Franaszek; 10) Claim 10 under 35 U.S.C. § 103(a) as unpatentable over Aziz and Schneier; 11) Claims 29–32 under 35 U.S.C. § 103(a) as unpatentable over Aziz and Ludwig; 12) Claims 1–4, 6, 8, 9, 14–19, 22, 24–30, 33, 34, and 60 under 35 U.S.C. § 103(a) as unpatentable over Kiuchi and Pfaffenberger; 13) Claims 5 and 23 under 35 U.S.C. § 103(a) as unpatentable over Kiuchi, Pfaffenberger, and Rivest; 14) Claim 7 under 35 U.S.C. § 103(a) as unpatentable over Kiuchi, Pfaffenberger, and Borella; Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 6 15) Claims 20, 21, and 35 under 35 U.S.C. § 103(a) as unpatentable over Kiuchi, Pfaffenberger, and Broadhurst; 16) Claims 31, 33, and 35 under 35 U.S.C. § 103(a) as unpatentable over Kiuchi, Pfaffenberger, and Ludwig. Requester appeals the Examiner’s non-adoption of the following proposed grounds of rejection: 1) Claim 11 under 35 U.S.C. § 103(a) as unpatentable over the combination of Lendenmann, Gaspoz, and Martin; the combination of Aziz and Martin; or the combination of Kiuchi, Pfaffenberger, and Martin; 2) Claims 1–3, 5, 6, 14–30, 33–35, and 60 under 35 U.S.C. § 103(a) as unpatentable over Lendenmann; 3) Claims 5 and 23 under 35 U.S.C. § 102 as anticipated by Aziz; 4) Claims 1, 2, 5–9, 14–25, 27, 28, 33–35, and 60 under 35 U.S.C. § 103(a) as unpatentable over Aziz; and 5) Claims 10, 12, and 13 under 35 U.S.C. § 103(a) as unpatentable over Kiuchi and Pfaffenberger. ISSUE Did the Examiner err in rejecting claims 1–10, and 12–60 and did the Examiner err in not adopting various rejections of claims 1–3, 5–30, 33–35, and 60? Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 7 PRINCIPLES OF LAW In rejecting claims under 35 U.S.C. § 102, “[a] single prior art reference that discloses, either expressly or inherently, each limitation of a claim invalidates that claim by anticipation.” Perricone v. Medicis Pharm. Corp., 432 F.3d 1368, 1375 (Fed. Cir. 2005) (citation omitted). The question of obviousness is resolved on the basis of underlying factual determinations including (1) the scope and content of the prior art, (2) any differences between the claimed subject matter and the prior art, and (3) the level of skill in the art. Graham v. John Deere Co., 383 U.S. 1, 17- 18 (1966). “The combination of familiar elements according to known methods is likely to be obvious when it does no more than yield predictable results.” KSR Int’l Co. v. Teleflex, Inc., 550 U.S. 398, 416 (2007). ANALYSIS Lendenmann Patent Owner states that the Examiner erred in finding that any one of Lendenmann’s 1) “returning a network address” (PO App. Br. 19-20), 2) “access control list integrated into the CDS” (PO App. Br. 20-21), 3) “binding handles” (PO App. Br. 21–23), and/or 4) “authentication challenge” (PO App. Br. 23-24) is “an indication that the domain name service system supports establishing a secure communication link,” as recited in claim 1. Returning a Network Address (“indication” – claim 1) Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 8 As Requester explains, Lendenmann discloses that the “Cell Directory Service (CDS) . . . stores names of resources . . . so that when given a name, CDS returns the network address of the named resource.” Orig Req.3 Exhibit F-1, 13 (citing Lendenmann 21). Requester also explains that “[b]y returning the network address corresponding to a secure domain name, the . . . CDS . . . provides” an “indication,” as recited in claim 1. Id. We agree with Requester. One of skill in the art would have understood that if a component (such as a Cell Directory Service (CDS)) provides a requested element, such as a requested network address, with which to establish a secure communication link, such that the component, in fact, establishes the secure communication link, the component would have provided an “indication” that the system supports the establishing of the secure communication link since the secure communication link is, in fact, established, demonstrating that the system, in fact, supports the establishment. Otherwise, the system would be unable to establish the communication link and the user who requested the network address would not be able to connect. This inability to establish a secure communication link would be in direct contrast with the system of Lendenmann, according to Requester (see e.g., Orig. Req., Ex. F-1, pp. 3–9, 13-18), and not disputed by Patent Owner, in which a communication link is, in fact established by a system that supports such an establishment. Patent Owner argues that the ’504 patent Specification discloses examples of two embodiments in which the domain name service system 3 Request for Inter Partes Reexamination, filed December 13, 2011 (“Orig. Req.”). Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 9 “does more than just return a network address.” PO App. Br. 20. We are not persuaded by Patent Owner’s argument at least because, even assuming that Patent Owner is correct that the ’504 patent Specification discloses two examples in which the domain name service system does “more than just return a network address,” Patent Owner does not demonstrate sufficiently that this alleged disclosure purported to be present in the ’504 patent Specification demonstrates that Lendenmann fails to disclose “an indication,” as recited in claim 1. For example, claim 1 does not recite that an “indication” includes “more than just return a network address” or what specifically “more than” would include assuming claim 1 requires such a recitation. Access Control List Integrated into the CDS (“indication” – claim 1) Requester also explains that Lendenmann discloses “the Cell Directory Service (CDS) . . . provides name resolution services only for authenticated and authorized users” and “only completes an operation . . . if the user is authenticated and authorized” by “creating access control lists (ACL)” that “determine which user can use the name and what management operations they are allowed to perform.” Orig. Req. Exh. F-1 13-14 (citing Lendemann 34). Requester states that “[b]y only performing operations for authenticated and authorized users, the Cell Directory Services includes . . . an indication,” as recited in claim 1. Orig. Req. Exh. F-1 14. We agree with Requester. For example, Lendenmann discloses that a “CDS” provides user access (or establishes a secure communication link) “only . . . if the user is authenticated and authorized” as indicated by “creating access control lists . . Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 10 . that determine which user . . . can use the name and what management operations they are allowed to perform.” Lendenmann 34. Lendenmann also discloses that the CDS “is integrated into the security service.” Id. Patent Owner does not explain a sufficient difference between the ACL entries that provide an “indication” whether the domain name service system supports establishing a secure communication link (by containing an indication of user access and permitted management operations for a given user indicated in the ACL entries) and the claim feature of an “indication.” Patent Owner argues that the CDS of Lendenmann only “‘returns the network address of the named resource’ when given a name in a request” and is a separate entity from the “security server” of Lendenmann, which Patent Owner alleges “run[s] the authentication process without any action by or reference to a CDS.” PO App. Br. 20. In other words, Patent Owner argues that the “CDS” of Lendenmann fails to comprise an indication that the system supports the establishing of a secure communication link, as recited in claim 1, because a separate entity (i.e., a “security server”) of Lendenmann allegedly authenticates a user. We are not persuaded by Patent Owner’s argument at least because, even assuming that Patent Owner is correct that Lendenmann discloses a separate entity (a “security server”) that performs the actual steps in establishing a secure communication link, Patent Owner does not demonstrate sufficiently how this alleged fact that a separate entity performs the actual steps to establish a communication link would indicate that the CDS of Lendenmann fails to comprise “an indication,” as recited in claim 1. For example, Patent Owner does not demonstrate sufficiently that claim 1 also recites or otherwise requires that the domain Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 11 name service perform any specific steps to establish a secure communication link. We also note that Lendenmann discloses that the CDS “is integrated into the security service.” Lendenmann 34. Hence, even assuming without agreeing that Patent Owner’s contention is correct that the CDS (i.e., domain name service system) is somehow required by claim 1 to perform a process that is disclosed by Lendenmann to be performed by a “security server,” Patent Owner does not explain how a CDS that is “integrated into the security service” somehow fails to perform a process that is performed by a service with which the CDS is integrated. In addition, we note that Lendenmann discloses that “a DCE [Distributed Computing Environment] unit is referred to as a cell [that] must contain a Security Server, a Cell directory Server and distributed Timer Servers” and that “[a]ll of these services may run on one machine, or . . . can be spread among the machines that are to be part of the cell.” Lendenmann 9 (Sec. 1.4.2). Hence, to the extent Patent Owner argues that the “Security Server” of the DCE unit establishes a communication link and not the (separate) Cell Directory Server of the DCE unit, we are not persuaded because, even assuming this contention to be correct, as Lendenmann discloses, the disputed function(s) may be “run on one machine” of the DCE unit. Because Patent Owner has not demonstrated sufficiently that any one of either “returning a network address” or “access control list” (i.e., “ACLs”) of Lendenmann is distinct from the “indication,” as recited in claim 1, we need not further consider whether or not “binding handles” or Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 12 “authentication challenge” of Lendenmann also discloses the claimed “indication.” Non-conventional DNS – Claims 1 and 24 Patent Owner argues that Lendenmann fails to disclose establishing a secure communication link, as recited in claims 1 and 24, because Lendenmann’s “CDS’s return of a network address when one is requested is a conventional feature that is both disparaged and disclaimed in the ’504 patent specification.” PO App. Br. 25-26; See also PO App. Br. 5–8. In other words, Patent Owner argues that claim 1 (or dependent claim 24) recites a “domain name service system” that is “non-conventional” but that Lendenmann merely discloses a domain name service system that is “conventional,” thus, differentiating Lendenmann from the claimed invention. We are not persuaded by Patent Owner’s argument. Claim 1 recites a domain name service server. Patent Owner does not assert or demonstrate sufficiently that claim 1 also recites that the domain name service server is “non-conventional.” For at least this reason, we are not persuaded by Patent Owner’s argument. Also, Patent Owner does not indicate where Lendenmann discloses a domain name service system that is “conventional.” Therefore, even assuming that claim 1 recites that the domain name service server must be “non-conventional” and must not be “conventional,” Patent Owner does not demonstrate sufficiently that Lendenmann fails to disclose this feature. Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 13 Patent Owner argues that the Specification discloses that a “conventional” domain name service server “provide[s] a look-up function that returns the IP address of a requested computer or host.” PO App. Br. 7 (citing the ’504 patent 39:7–42). Because Patent Owner argues that claim 1, for example, must require that the “domain name service server” be “non- conventional,” Patent Owner appears to argue that claim 1 precludes the “domain name service server” from “returning the IP address of a requested computer or host.” While we agree with Patent Owner that claim 1 does not recite “returning the IP address of a requested computer or host” (and, arguably, does not require this function), we also note that claim 1 does not recite that the domain name service server must not perform this function. Hence, this function is not precluded by claim 1. As such, even assuming Patent Owner’s contention to be correct that a “conventional” domain name service server provides a look-up function that returns the IP address of a requested computer or host, Patent Owner does not demonstrate persuasively that the domain name service server recited in claim 1 is, in fact, “non- conventional,” since claim 1 neither recites a “non-conventional” requirement nor does claim 1 preclude a function Patent Owner asserts to be solely “conventional.” Patent Owner argues the Specification discloses various alleged features of a “conventional” domain name service server as undesirable (see, e.g., PO App. Br. 6-8). Patent Owner argues, therefore, by inference and only after importing features alleged to be disclosed in the Specification into claim 1, that claim 1 also requires that the domain name service server must be “non-conventional,” presumably to avoid the alleged undesirable Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 14 characteristics that Patent Owner asserts is/are disclosed in the Specification. For example, Patent Owner argues that the Specification discloses that a “conventional” domain name service server would permit “nefarious listeners on the Internet [to] intercept the DNS REQ and DNS RESP packets [which would] hamper anonymous communications on the internet.” PO App. Br. 7 (citing the ’504 patent 39:7-40). We note that claim 1 does not recite that the domain name service server prevents nefarious listeners on the Internet from intercepting the DNS REQ and DNS RESP packets. Nor does Patent Owner provide an adequate rationale as to why one of skill in the art would have imported this particular claim limitation alleged to be in the Specification into claim 1. In any event, we also note that Patent Owner does not assert or demonstrate sufficiently that Lendenmann discloses a domain name service server that permits nefarious listeners on the Internet to intercept the DNS REQ and DNS RESP packets. Hence, even assuming Patent Owner’s contention to be correct that a “conventional” system permits nefarious listeners on the Internet to intercept the DNS REQ and DNS RESP packets and claim 1 requires a “non-conventional” system in which nefarious listeners are not permitted to perform this act, Patent Owner still does not sufficiently distinguish Lendenmann because Patent Owner does not demonstrate persuasively that Lendenmann only discloses a system that permits nefarious listeners to intercept the DNS REQ and DNS RESP packets. Patent Owner argues that “[o]ne of ordinary skill in the art would not have understood conventional domain name services . . . to have supported the establishment of a secure communication link.” PO App. Br. 8. Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 15 Presumably, Patent Owner argues that Lendenmann fails to disclose a system that supports the establishment of a secure communication link. This issue was previously discussed above. We are not persuaded by Patent Owner’s argument in view of the numerous references in Lendenmann’s disclosure of establishing a secure communication link. See, e.g., Lendenmann 34 (“Security in CDS Environment”), 41 (“Security Service”), 42 (“Security Requirements”), 43 (“Security Policies”), 44 (“Security Standards”), 45 (“DCE Security Service Components and Facilities”), to name a few. Claims 5 and 23 Patent Owner argues that Lendenmann fails to disclose that “the domain name service system is configured to authenticate the query,” as recited in claim 5 and claim 23, because “ACLs are a functionality of the DCE Security Service, not the CDS, and the CDS does not use the RPC model of communication. PO App. Br. 25. We note that neither claim 5 nor claim 23 recites that the domain name service system is configured to contain “ACLs” and also “use the RPC [Remote Procedure Call] model of communication.” Therefore, for at least this reason, we are not persuaded by Patent Owner’s argument that Lendenmann supposedly fails to disclose claim 5 or claim 23 for failure to disclose this purported claim limitation. To the extent that Patent Owner argues that the “CDS” of Lendenmann differs from the claimed “domain name service system” because the “CDS” is not “configured to authenticate the query,” as recited in claim 5 or claim 23, but that a separate entity of Lendenmann, namely, the Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 16 “Security Service” of Lendenmann, performs this function, we are still not persuaded by Patent Owner’s argument for at least the reasons previously discussed. For example, Lendenmann discloses that “a DCE unit is referred to as a cell [that] must contain a Security Server, a Cell directory Server and distributed Timer Servers” and that “[a]ll of these services may run on one machine.” Lendenmann 9 (Sec. 1.4.2). Given that Patent Owner states that the “Security Server” of Lendenmann performs the recited function and given that this function may “run on one machine” that includes both the Security Server and the CDS, one of skill in the art would have understood that Lendenmann discloses this disputed claim feature. Claims 12 and 13 Claim 12 recites a virtual private network (VPN) based on comparing a value in each data packet transmitted between a first device and a second device to a moving window of valid values. Claim 13 recites that the virtual private network is based on a comparison of a discriminator field in a header of each data packet to a table of valid discriminator fields maintained for a first device. Patent Owner argues that the Examiner finds the combination of Lendenmann, Gaspoz, and RFC 793 discloses or suggests this feature “of secure communications run over the TCP protocol” but that “[o]ne of ordinary skill in the art would not understand any and all TCP-based communications . . . to be a VPN as claimed.” PO App. Br. 27 (citing Supp. Keromytis Decl. ¶ 294). However, neither Patent Owner nor Patent Owner’s 4 This declaration is dated December 30, 2012 . PO App. Br., Evidence App’x. Ex. DEC-2. Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 17 declarant assert that no TCP-based communications can be a VPN. We also note that neither claim 12 nor claim 13 recites that “any and all TCP-based communications” must be a VPN. Patent Owner argues that no rationale is provided as to “why a VPN operating over TCP must also be ‘based on’ a moving window.” PO App. Br. 28. However, Requester states, “Lendenmann expressly teaches using TCP as a communications protocol,” “the use of the Transmission Control Protocol . . . is defined by RFC 793,” and that RFC 793 discloses a “moving window of valid values” as part of TCP. Orig. Req. Exhibit F-1 138–140. Patent Owner does not point out sufficient flaws in the rationale as presented by Requester. Patent Owner does not provide additional arguments in support of claims 2, 3, 6, 14–22, 25–30, 33–35, and 60. PO App. Br. 25–26. Patent Owner also does not provide additional arguments in support of claims 7– 10, 31, or 32 or arguments specific to the combination of Lendenmann and any of Wesinger, Gaspoz, Schneier, Ludwig, or RFC 793 alone or combination. PO App. Br. 27–28. The Examiner did not err in rejecting claims 1–3, 5–10, 12–35, and 60. Aziz Patent Owner states that the Examiner erred in finding that any one of Aziz’s 1) “SX Record” (PO App. Br. 30–32), 2) “Key and SIG records” (PO App. Br. 32–33), 3) “building tunnel information tables” (PO App. Br. 33– 34), and/or 4) “security extension to DNS” (PO App. Br. 34–35) is “an Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 18 indication that the domain name service system supports establishing a secure communication link,” as recited in claim 1. SX Record Requester argues that Aziz discloses a “name server” that “return[s] a new resource record type [SX record] in response to requests for information needed for secure communications with protected hosts in that domain” and that the SX record “is used . . . to update information used by a client for secure communications with protected hosts.” Orig. Req. Ex. F-2, 7–8 (citing Aziz 4:3–13; 6:27–32, 57–60; 7:28–35). Patent Owner indicates that the Examiner states that the “SX record contains an identifier . . . of a ‘secure exchanger’ and therefore ‘provides an indication,’” as recited in claim 1. PO App. Br. 31. We agree with Requester and the Examiner. Patent Owner argues that Aziz’s “SX record” is not an “indication” that the system supports establishing a secure communication link because “the SX record is nothing more than the simple return of a requested resource” and “an SX record does not indicate anything about [the] capabilities [of the system].” PO App. Br. 31. We are not persuaded by Patent Owner’s argument. As the Examiner and Requester point out, Aziz discloses that that “the SX record contains the identifier” of a component (i.e., a “secure exchanger”) that “handles secure communications” and that once the SX record is defined, “a client can explicitly ask a name server for a record of that type.” Aziz 6:27–29, 42–44. One of skill in the art would have understood that if the system can establish a secure communication link (e.g., “a client can explicitly ask a name server for a record”) if the SX Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 19 record is defined (or provided), then this would be an “indication” that the system supports establishing a secure communication link because the secure communication link is, in fact, capable of being established as “indicated” by the SX record. Conversely, if the SX record is not provided, the user would not be apprised of a secure exchanger that can handle secure communications and would not be able to “explicitly ask a name server for a record” and, hence, the communication link could not be established. Patent Owner does not explain sufficient differences between the provision of the SZ record of Aziz and the claimed “indication.” Key and SIG Records Regarding Key and SIG Records, Requester argues that Aziz discloses a domain name service system that “uses security extensions including KEY and SIG resource record types” and that “whenever a name server adds resource records to the response . . . the appropriate SIG and KEY records are also added.” Orig. Req. Ex. F-2, 9 (citing Aziz 5:61, 6:11-12, 9:35–40). Hence, Requester argues that the Key or SIG records of Aziz constitute an “indication” that the system supports establishing a secure communication link. We agree with Requester. For example, Aziz discloses that “the Internet Domain name system . . . uses security extensions including KEY and SIG resource record types” in order to “support the need for secure communications.” Aziz 5:61–64. One of skill in the art would have understood that if KEY and SIG, to be used to establish a secure communication, are provided, then the system would support establishing the secure communication. Otherwise, the system Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 20 would be unable to support a secure communications which would be contrary to Aziz’s disclosure that KEY and SEG are used to support secure communications. Because Patent Owner fails to refute the prima facie showing that Aziz discloses the claimed invention based on SX Records and Key and SIG records, we need not further determine if “security extension to DNS” or building tunnel information tables of Aziz also discloses the claimed invention. PO App. Br. 34–35. Enabling Reference Patent Owner argues that Aziz “is not an enabling reference” because, according to Patent Owner, Aziz “[l]ack[s] any teaching as to how the secure exchanger and SX records are used.” PO App. Br. 35. We disagree with Patent Owner’s argument that Aziz lacks any teaching as to how the secure exchanger and SX records are used. For example, as Patent Owner points out, Aziz discloses a secure exchanger “is a machine that handles secure communications for itself or for another machine (e.g., performs encryption or decryption” (Aziz 6:29–31) and an SX record is a “record type identifier” that, once defined, enables “a client [to] explicitly ask a name server for a record of that type.” Aziz 6:43–45. Patent Owner does not explain how these and other disclosures of Aziz pertaining to the secure exchanger and SX records are insufficient to enable one of skill in the art to practice the claimed invention without undue experimentation. For example, Patent Owner does not assess sufficiently the state of the prior art, level of skill in the art, predictability of the art, or the quantity of experimentation needed to Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 21 make or use the Aziz invention based on the content of the disclosure. It is improper to conclude that a disclosure is not enabling based on an analysis of only one factor while ignoring one or more of the others. In this case, Patent Owner does not appear to have analyzed any of these or other factors at all. Hence, we cannot agree that Patent Owner has demonstrated persuasively that one of skill in the art, given the Aziz disclosure, would have had to engage in undue experimentation to practice the Aziz claimed invention. Patent Owner does not provide additional arguments in support of claims 2–4, 6–8, 10, 14–22, 24–35, and 60 or any additional arguments with respect to Lawton, Schneier, or Ludwig. PO App. Br. 35–37. The Examiner did not err in rejecting claims 1–4, 6–8, 10, 14–22, 24–35, and 60. Obviousness – Secondary Considerations Patent Owner argues it would not have been obvious to one of ordinary skill in the art to have combined the teachings of any of the cited references because there was a “long-felt need . . . to easily and conveniently establish secure communication links” PO App. Br. 47, “others attempted to create easy-to-enable secure communications [but] failed” (PO App. Br. 48), “the technology of the ’504 patent was also met with skepticism” (id.), “the claimed inventions have experienced commercial success” (PO App. Br. 49), and “[t]hose in the industry have also praised the inventions” (PO App. Br. 49). Long Felt Need Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 22 Patent Owner argues that “[p]rior to the claimed inventions . . . it was widely recognized that providing secure remote access to a LAN or WAN was extremely difficult for IT support desks” and that the claimed invention “combine[s] both the ease of use and the security aspects of a VPN, without sacrificing one or the other . . . by providing a domain name service for establishing a secure communication link.” PO App. Br. 47 (citing Declaration of Dr. Robert Dunham Short III, dated March 29, 2012 (“Short Decl.”) ¶¶ 8, 9, 11, PO App. Br, Evidence App’x, Ex. B-4 1-2). Based on the evidence of record, we are not persuaded by Patent Owner’s argument that “it was widely recognized that providing secure remote access . . . was extremely difficult.” Id. Rather, Patent Owner’s evidence indicate that “[r]emote access . . . [is] insecure and unreliable” but that “[y]ou can solve the security problem using client-to-LAN virtual private network (VPN) technology.” PO App. Br., Evidence App’x, Ex. B-4 at 1, cited in Short Decl. ¶ 8. Hence, rather than being “extremely difficult” to provide secure remote access, as Patent Owner alleges, Patent Owner’s declarant (Dr. Short) points out that, in fact, it was known in the art that any security problems associated with remote access could be solved. Hence, solutions were known in the art that provided secure remote access. On this record, however, Patent Owner fails to demonstrate with specific and credible evidence that such solutions were “extremely difficult” to implement (see e.g., PO App. Br., Evidence App’x, Ex. B-4 at 1) prior to the filing of the ’504 patent. Also, Patent Owner argues that there was a long felt need to combine both the ease of use and the security aspects of a VPN by automatically Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 23 initiating an encrypted channel between a client and a secure server. PO App. Br. 47. As discussed above, either Lendenmann or Aziz predates the filing of the ’504 patent and also discloses this feature. Patent Owner does not explain how the claimed invention satisfies this alleged “long felt need” of providing secure remote access when both of Lendenmann and Aziz, at least, already provided for secure remote access. Patent Owner also argues that “the Defense Advanced Research Projects Agency (‘DARPA’) funded various research programs to . . . further the science and technology of information assurance and survivability” and that “SAIC . . . also spent significant resources of its own on their development [of “cutting edge technology].” PO App. Br. 47-48. Patent Owner does not explain sufficiently how the amount of resources spent by either “DARPA” or “SAIC” for various research programs to further “information assurance and survivability” or “cutting edge technology” demonstrates a long felt need for the claimed invention. We are not persuaded by Patent Owner’s argument. Failure of Others Patent Owner argues that “Dynamic Coalitions,’ was specifically created to address the ability of the Department of Defense to quickly and easily set up secure communications over the Internet” but that “none of [the organizations operating under “Dynamic Coalitions”] came up with a solution . . . that was even close to providing the ease of use of the solutions provided in the claimed inventions of the ’504 patent.” PO App. Br. 48 Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 24 (citing Short Decl. ¶¶ 4, 5, 10, 11, PO App. Br., Evidence App’x, Ex. B-4 at 1–2, Ex. B-3 at 1–4). We are cautioned by the Federal Circuit that, with respect to secondary considerations alleged by Patent Owner in response to a prima facie showing of obviousness, “the obviousness inquiry centers on whether ‘the claimed invention as a whole’ would have been obvious.” WBIP, LLC v. Kohler Co., Appeal Nos. 2015-1038, 2015-1044, slip op. at 15 (Fed. Cir., July 19, 2016). Looking at the “claimed invention as a whole,” we note that claim 1, for example, recites a system for providing a domain name service for establishing a secure communication link, the system comprising a domain name service system configured to be connected to a communication network, to store a plurality of domain names and corresponding network addresses, to receive a query for a network address, and to comprise an indication that the domain name service system supports establishing a secure communication link. As previously discussed in the record, either Lendenmann or Aziz discloses these features, either taken separately or as a “whole.” Patent Owner does not indicate a portion of the “whole” of the claimed invention that Lendenmann and/or Aziz supposedly does not disclose. Not having identified sufficiently a part of the “whole” of the claimed invention that Lendenmann and Aziz does not disclose, we conclude that either of Lendenmann or Aziz, taken individually, discloses the “whole” of the claimed invention. Therefore, Patent Owner fails to show a nexus to its evidence of secondary considerations. Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 25 While Patent Owner argues that DARPA-sponsored entities were supposedly unable to provide “a solution that allowed a user to easily and conveniently enable secure communications” (PO App. Br. 43 (citing Short Decl. ¶ 5; PO App. Br., Evidence App’x, Ex. B–3 at 1–4)), Patent Owner does not demonstrate persuasively and with credible evidence that Lendenmann and/or Aziz, for example, were also unable to provide such a “solution.” As previously discussed, either Lendenmann or Aziz succeeded in providing such solutions. Skepticism Patent Owner argues that “a DARPA program manager informed one of the co-inventors that technology disclosed in the ’504 patent would never be adopted” and that “IT offices of many large companies and institutions expressed skepticism that secure connections could ever be enabled easily by regular computer users” because secure connections “could only be achieved through difficult-to-provision VPNs and . . . easy-to-set-up connections could not be secure.” PO App. Br. 48 (citing Short Decl. ¶¶ 13, 15). We are not persuaded by Patent Owner’s argument. We are directed by the Federal Circuit to consider the “claimed invention as a whole,” when considering secondary considerations raised in response to a prima facie showing of obviousness. Patent Owner does not indicate that the DARPA program manager in question informed the co- inventor that technology claimed in the ’504 patent would never be adopted. Further, even assuming that the manager’s comment concerns the claimed invention, we are not persuaded by Patent Owner’s argument Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 26 because citing one person’s opinion as to whether the claimed invention would be adopted does not constitute general skepticism in the industry. For example, Patent Owner does not list any credible publications on this point or indicate that any studies were performed over a statistically significant proportion of those skilled in the art that would indicate that there was, in fact, a general feeling of skepticism in the field that secure communications could be accomplished. In any event, we note that not only does the record show that either one of Lendenmann or Aziz already solved the problem of providing secure remote access, as previously discussed, but that Patent Owner’s evidence also indicates that the problem of providing secure remote access was already solved. See, e.g., PO App. Br., Evidence App’x, Ex. B-4 at 1, cited in Short Decl. ¶ 8 (“But fear not: You can solve the security problem”). It is unlikely that those of skill in the art would have been skeptical that secure remote access, for example, could be achieved, given the fact that secure remote access was already being accomplished by ordinarily skilled artisans. Commercial Success Patent Owner argues that “the claimed inventions have experienced commercial success, with multiple companies licensing the technology.” PO App. Br. 49. However, Patent Owner does not provide any data regarding market share or revenue from sales of any products alleged to be encompassed by the claimed invention. Rather, Patent Owner argues commercial success based solely on the alleged fact that various business entities entered into licenses with Patent Owner. Id. Even assuming that the Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 27 cited business entities entered into licenses with Patent Owner, this allegation alone would be insufficient to demonstrate commercial success at least because Patent Owner provides insufficient evidence suggesting that the reason any of the business entities entered into licenses with Patent Owner was due to the merits of any claim at issue here, as opposed to any number of other reasons (e.g., expediency, advertising, or avoiding a lawsuit). Even assuming that the cited business entities entered into licensing for the sole reason that Patent Owner’s claimed invention was a “commercial success,” we are still not persuaded by Patent Owner’s argument. In discussing secondary considerations, Patent Owner generally alludes to “ways to . . . establish secure communication links.” See, e.g., PO App. Br. 47. To the extent Patent Owner argues that establishing secure communication links is the nexus that ties the secondary consideration factors to the claimed invention, we note that either Lendenmann or Aziz discloses this feature, and there can be no nexus when the alleged secondary consideration factors stem from what was known in the prior art. Tokai, 632 F.3d at 1369. As previously stated and in accordance with instructions from the Federal Circuit, we consider the “claimed invention as a whole” when determining whether Patent Owner has provided a sufficient nexus between the alleged secondary considerations (e.g., commercial success) and the claimed invention (“as a whole”) to overcome the prima facie showing of obviousness. As previously discussed above and based on the evidence of Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 28 record, either Lendenmann or Aziz discloses each of the parts of the claimed invention and, therefore, also discloses the “whole” claimed invention. Therefore, when considering the “claimed invention as a whole,” we still conclude that Patent Owner has not provided a sufficient showing of nexus between the alleged secondary considerations and the “claimed invention as a whole” to overcome the prima facie showing of obviousness. Praise in the Industry Patent Owner argues that “[t]hose in the industry have . . . praised the inventions . . . by investing in the technology or licensing it.” PO App. Br. 49. However, as previously discussed, Patent Owner does not demonstrate sufficiently any specific reason for any alleged investment and licensing activity on the part of business entities. As previously discussed, Patent Owner provided insufficient evidence to conclude that any licensing (or investing for that matter) activity was performed for any particular purpose or was related to any specific claim at issue in this proceeding. Nor does Patent Owner demonstrate sufficiently a nexus between the alleged praise and the “claimed invention as a whole.” Based on the evidence of record, we can only conclude that there is an allegation that licenses were entered into and investments were made without any showing as to the motivation behind these alleged activities. This is insufficient to conclude that these alleged activities constitute an expression of “praise” for the “claimed invention as a whole” (or because of “commercial success”). In summary, we are not persuaded by Patent Owner’s argument related to secondary considerations. Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 29 Patent Owner does not provide additional arguments in support of claims 2, 6–8, 10, 14–22, 25, 27–35 or additional arguments with respect to Aziz and Lawton, Ludwig, or Schneier. PO App. Br. 35–37. The Examiner did not err in rejecting claims 1, 2–4, 6–10, 14–22, 25, 27–35, and 60. Requester’s Appeal Claim 11 recites that “the virtual private network is based on a network address hopping regime that is used to pseudo-randomly change network addresses in packets transmitted between a first device and a second device.” Requester argues that Martin discloses a “network address hopping regime between a first computer and a second computer,” “select[ing a] source address/port pair . . . at random subject to . . . uniqueness and application-specific constraints,” and “[r]andomly choosing the source label [to hide] the node’s identity from external (and internal) observers.” Orig. Req. Ex. F-1 137 (citing Martin 9). Requester also argues that it would have been obvious to one of ordinary skill in the art to have combined the teachings of any one of Lendenmann or Aziz with that of Martin “to obfuscate a client computer’s network location.” Id. The Examiner finds that Martin fails to disclose a hopping regime. RAN 74. However, as Requester explains, Martin discloses “a network in which computers change to a new IP address when constructing packets for a connection” (3PR App. Br. 7 (citing Martin 8-9)) and, thus, discloses a network based on a network address hopping regime (i.e., a regime in which “IP addresses change at some point” – 3PR App. Br. 7). Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 30 Patent Owner argues that Martin fails to disclose “changing” a network address in packets because, according to Patent Owner, Martin discloses that a “TCP connection is built . . . for the duration of the TCP connection and is not changed for packets transmitted over the TCP connection.” PO Resp. Br. 1. We are not persuaded by Patent Owner’s argument for at least the reasons set forth by Requester. 3PR Reb. Br. 1–2. For example, claim 11 recites changing a network address in a packet. Patent Owner does not demonstrate sufficiently that claim 11 also recites changing a TCP connection prior to the expiration of the duration of the TCP connection. For at least this reason, we are not persuaded by Patent Owner’s argument. In addition, claim 11 recites that the virtual private network is based on a network address hopping regime but does not require the regime to be used within a single packet on the communication link. The Examiner erred in not adopting the rejection of claim 11 as obvious over Martin and one of Aziz or the combination of Lendenmann and Gaspoz. In view of the above, we need not consider the propriety of the Examiner’s adoption or non-adoption of the rejection of claims 1–35 and 60 based on other grounds. Cf. In re Gleave, 560 F.3d 1331, 1338 (Fed. Cir. 2009). DECISION We affirm the Examiner’s rejection of claim 1–3, 5, 6, 14–30, 33–35, and 60 under 35 U.S.C. § 102(b) as anticipated by Lendenmann; claim 7 Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 31 under 35 U.S.C. § 103(a) as unpatentable over Lendenmann and Wesinger; claims 8 and 9 under 35 U.S.C. § 103(a) as unpatentable over Lendenmann and Gaspoz; claim 10 under 35 U.S.C. § 103(a) as unpatentable over the combination of Lendenmann, Gaspoz, and Schneier; claims 12 and 13 under 35 U.S.C. § 103(a) as unpatentable over Lendenmann, Gaspoz, and RFC 793; claims 31 and 32 under 35 U.S.C. § 103(a) as unpatentable over Lendenmann, Ludwig, and RFC 793; claims 1, 2, 6-9, 14–22, 24, 25, 27, 28, 33–35, and 60 under 35 U.S.C. § 102(e) as anticipated by Aziz; claims 3 and 4 under 35 U.S.C. § 103(a) as unpatentable over Aziz and Lawton; claim 10 under 35 U.S.C. § 103(a) as unpatentable over Aziz and Schneier; and claims 29–32 under 35 U.S.C. § 103(a) as unpatentable over Aziz and Ludwig. We reverse the Examiner’s non-adoption of the rejection of claim 11 under 35 U.S.C. § 103(a) as unpatentable over the combination of Martin and any one of Aziz or the combination of Lendenmann and Gaspoz. Pursuant to 37 C.F.R. § 41.77(a), the above-noted reversal of the Examiner’s non-adoption of the rejection(s) of claim 11 constitute new grounds of rejection. Section 41.77(b) provides that “[a] new ground of rejection . . . shall not be considered final for judicial review.” That section also provides that Patent Owner, WITHIN ONE MONTH FROM THE DATE OF THE DECISION, must exercise one of the following two options with respect to the new grounds of rejection to avoid termination of the appeal proceeding as to the rejected claims: (1) Reopen prosecution. The owner may file a response requesting reopening of prosecution before the examiner. Such Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 32 a response must be either an amendment of the claims so rejected or new evidence relating to the claims so rejected, or both. (2) Request rehearing. The owner may request that the proceeding be reheard under § 41.79 by the Board upon the same record. The request for rehearing must address any new ground of rejection and state with particularity the points believed to have been misapprehended or overlooked in entering the new ground of rejection and also state all other grounds upon which rehearing is sought. In accordance with 37 C.F.R. § 41.79(a)(1), the “[p]arties to the appeal may file a request for rehearing of the decision within one month of the date of: . . . [t]he original decision of the Board under § 41.77(a).” A request for rehearing must be in compliance with 37 C.F.R. § 41.79(b). Comments in opposition to the request and additional requests for rehearing must be in accordance with 37 C.F.R. § 41.79(c)-(d), respectively. Under 37 C.F.R. § 41.79(e), the times for requesting rehearing under paragraph (a) of this section, for requesting further rehearing under paragraph (c) of this section, and for submitting comments under paragraph (b) of this section may not be extended. An appeal to the United States Court of Appeals for the Federal Circuit under 35 U.S.C. §§ 141–144 and 315 and 37 C.F.R. § 1.983 for an inter partes reexamination proceeding “commenced” on or after November 2, 2002 may not be taken “until all parties’ rights to request rehearing have been exhausted, at which time the decision of the Board is final and appealable by any party to the appeal to the Board.” 37 C.F.R. § 41.81. See also MPEP § 2682 (8th ed., Rev. 8, July 2010). Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 33 No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). Requests for extensions of time in this inter partes reexamination proceeding are governed by 37 C.F.R. § 1.956. See 37 C.F.R. § 41.79. In the event neither party files a request for rehearing within the time provided in 37 C.F.R. § 41.79, and this decision becomes final and appealable under 37 C.F.R. § 41.81, a party seeking judicial review must timely serve notice on the Director of the United States Patent and Trademark Office. See 37 C.F.R. §§ 90.1 and 1.983. AFFIRMED Appeal 2016-004575 Reexamination Control 95/001,851 Patent 7,418,504 B2 34 Patent Owner: FINNEGAN, HENDERSON, FARABOW, GARRETT & DUNNER LLP 901 New York Avenue, NW Washington DC 20001-4413 Third-Party Requester: SIDLEY AUSTIN LLP 2001 Ross Avenue Suite 3600 Dallas, TX 75201 pgc Copy with citationCopy as parenthetical citation
