Ex Parte 7921211 et alDownload PDFPatent Trial and Appeal BoardSep 9, 201695001789 (P.T.A.B. Sep. 9, 2016) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 95/001,789 10/18/2011 7921211 41484-80150 6053 22852 7590 09/12/2016 FINNEGAN, HENDERSON, FARABOW, GARRETT & DUNNER LLP 901 NEW YORK AVENUE, NW WASHINGTON, DC 20001-4413 EXAMINER FOSTER, ROLAND G ART UNIT PAPER NUMBER 3992 MAIL DATE DELIVERY MODE 09/12/2016 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ APPLE INC., Requester, v. VIRNETX INC., Patent Owner. ____________ Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 Technology Center 3900 ____________ Before STEPHEN C. SIU, DENISE M. POTHIER, and JEREMY J. CURCURI, Administrative Patent Judges. SIU, Administrative Patent Judge DECISION ON APPEAL Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 2 VirnetX Inc. (“Patent Owner”) appeals under 35 U.S.C. §§ 134 and 315 the Examiner’s rejections of claims 1–60 over various references. App. Br. 2–4.1 We have jurisdiction under 35 U.S.C. §§ 134 and 315 (pre-AIA). This proceeding arose from an October 18, 2011 request for an inter partes reexamination of the claims of U.S. Patent 7,921,211 B2, titled “Agile Network Protocol for Secure Communications Using Secure Domain Names” and issued to Victor Larson, Robert Dunham Short, III, Edmund Colby Munger, and Michael Williamson, on April 5, 2011 (“the ’211 patent”). The ’211 patent describes a secure mechanism for communicating over the Internet. The ’211 patent 3:10-11. Claim 1 reads as follows: 1. A system for providing a domain name service for establishing a secure communication link, the system comprising: a domain name service system configured and arranged to be connected to a communication network, store a plurality of domain names and corresponding network addresses, receive a query for a network address, and indicate in response to the query whether the domain name service system supports establishing a secure communication link. The cited references are as follows: Beser US 6,496,867 B1 Dec. 17, 2002 Provino US 6,557,037 B1 Apr. 29, 2003 1 Patent Owner’s Appeal Brief, filed August 25, 2014 (App. Br.). Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 3 Solana, E., et al., “Flexible Internet Secure Transactions Based on Collaborative Domains,” Lecture Notes in Computer Science, Vol. 1361, at 37–51 (1997) (“Solana”). Atkinson, R, IETF RFC 2230, “Key Exchange Delegation Record for the DNS,” Nov. 1997 (“RFC2230”). Eastlake, D., et al., IETF RFC 2538, “Storing Certificates in the Domain Name System (DNS),” March 1999 (“RFC2538”). Eastlake, D., et al., IETF RFC 2065, “Domain Name System Security Extensions,” January 1997 (“RFC2065”). Kent S., et al., IETF RFC 2401, “Security Architecture for the Internet Protocol,” November 1998 (“RFC2401”). Postel, J. et al., IETF RFC 920, “Domain Requirements,” October 1984 (“RFC920”). Guttman, E, et al., IETF RFC 2504, “Users’ Security Handbook,” February 1999 (“RFC2504”). Reed, M, et al., “Proxies for Anonymous Routing,” 12th Annual Computer Security Applications Conference, San Diego, CA (December 9-13, 1996) (“Reed”). Goldschlag et al., “Hiding Routing Information,” workshop on Information Hiding, Cambridge, UK, May 1996 (“Goldschlag”). Mockapetris, P., RFC 1035, “Domain Names – Implementation and Specification,” November 1987 (“RFC1035”). Braken, R., RFC 1123, “Requirements for Internet Hosts – Application and Support,” October 1989 (“RFC1123”). Atkinson, R., RFC 1825, “Security Architecture for the Internet Protocol,” August 1995 (“RFC1825”). Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 4 Housley, R, et al., RFC 2459, “Internet X.509 Public Key Infrastructure Certificate and CRL Profile,” January 1999 (“RFC2459”). Mockapetris, P., RFC 1034, “Domain Names – Concepts and Facilities,” November 1987 (“RFC1034”). Patent Owner appeals the Examiner’s rejection of 1) Claims 1, 2, 5, 6, 8, 9, and 14–60 under 35 U.S.C. § 102(b) or (e) as anticipated by Solana or Provino, or under 35 U.S.C. § 103(a) as unpatentable over the combination of RFC2504 and any one of Solana or Provino; 2) Claims 1, 2, 6, 7, and 14–60 under 35 U.S.C. § 102(b) as anticipated by RFC2230; 3) Claims 2–5, 24, 25, 37, 48, and 49 under 35 U.S.C. § 103(a) as unpatentable over the combination of RFC 920 and any one of Solana, Provino, Beser, or RFC 2230; the combination of RFC 2504, RFC 920, and any one of Solana or Provino; or the combination of Provino, RFC 2230, and RFC 920; 4) Claims 10–13 under 35 U.S.C. § 103(a) as unpatentable over the combination of Reed and any one of Solana or Provino; the combination of Reed, RFC 2504, and any one of Solana or Provino; the combination of Reed, RFC 2401 and any one of Beser, RFC 2230, or RFC 2538; or the combination of Provino, RFC 2230, and Reed; Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 5 5) Claims 7, 32, and 56 under 35 U.S.C. § 103(a) as unpatentable over the combination of Solana and Beser or the combination of Solana, Beser and RFC 2504; 6) Claims 7, 29–32, and 53–56 under 35 U.S.C. § 103(a) as unpatentable over the combination of Beser and Provino or the combination of Provino, Beser, and RFC 2230; 7) Claims 29–32 and 53–56 under 35 U.S.C. § 103(a) as unpatentable over the combination of Beser and any one of RFC 2230 or RFC 2538 or the combination of Provino, Beser, and RFC 2230; 8) Claims 1, 2, 5–7, and 14–60 under 35 U.S.C. § 102(a) as anticipated by Beser; 9) Claims 8 and 9 under 35 U.S.C. § 103(a) as unpatentable over the combination of RFC 2401 and any one of Beser, RFC 2230 or RFC 2538; 10) Claims 1, 2, 6, 14–22, 24–46, 48–52, and 57–60 under 35 U.S.C. § 102(a) as anticipated by RFC 2538; 11) Claims 3, 4, 24, 25, 48, and 49 under 35 U.S.C. § 103(a) as unpatentable over the combination of RFC 2538 and RFC 920; 12) Claims 5, 23, and 47 under 35 U.S.C. § 103(a) as unpatentable over the combination of RFC 2538 and RFC 2065. ISSUE Did the Examiner err in rejecting claims 1–60? Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 6 PRINCIPLES OF LAW In rejecting claims under 35 U.S.C. § 102, “[a] single prior art reference that discloses, either expressly or inherently, each limitation of a claim invalidates that claim by anticipation.” Perricone v. Medicis Pharm. Corp., 432 F.3d 1368, 1375 (Fed. Cir. 2005) (citation omitted). The question of obviousness is resolved on the basis of underlying factual determinations including (1) the scope and content of the prior art, (2) any differences between the claimed subject matter and the prior art, and (3) the level of skill in the art. Graham v. John Deere Co., 383 U.S. 1, 17- 18 (1966). “The combination of familiar elements according to known methods is likely to be obvious when it does no more than yield predictable results.” KSR Int’l Co. v. Teleflex, Inc., 550 U.S. 398, 416 (2007). ANALYSIS Provino Purported “Non-Conventional” Domain Name Service System and “indication” – claim 1 Patent Owner argues that Provino fails to disclose the domain name service system as recited in claim 1 because, according to Patent Owner, Provino discloses “nothing more than a conventional DNS system,” which is “disparaged and disclaimed in the ’211 patent specification.” PO App. Br. 34. In other words, Patent Owner argues that claim 1 requires a “non- Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 7 conventional” (as opposed to a “conventional”) domain name service system, and Provino supposedly merely discloses a “conventional” domain name service system. As an initial matter and as Patent Owner points out, claim 1 recites a domain name service system. We disagree that claim 1 also recites that the domain name service system must be “non-conventional” (or, for that matter, that it must be or must not be “conventional”). Nor does Patent Owner point out sufficiently that claim 1 recites any specific features deemed to be “non-conventional” and not “conventional.” Therefore, we need not consider whether or not the domain name service system, as disclosed by Provino, is “conventional” or “non-conventional.” Even assuming for purposes of argument that claim 1 recites that the domain name service system must be “non-conventional” (a position for which we disagree as noted above), we are not persuaded by Patent Owner that Provino fails to disclose this feature. Patent Owner does not point out an explicit definition of “non-conventional” in the Specification and provides insufficient evidence to demonstrate that the domain name service system, as disclosed by Provino, is, in fact, “conventional” (as opposed to “non-conventional.”) Nor does Patent Owner demonstrate adequately how the DNS system in Provino differs from a “non-conventional” system (that is not explicitly defined in the Specification). PO App. Br. 34. Rather, Patent Owner and Patent Owner’s declarant (Dr. Angelos D. Keromytis)2 argue that the Specification defines and disparages a 2 Declaration of Angelos D. Keromytis, Ph.D., dated April 18, 2012 (“Keromytis Decl.”). Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 8 “conventional” domain name service system and that the Specification discloses a “conventional scheme” that provides public keys. PO App. Br. 8 (citing the ’211 patent 38:58–39:26, quoted in Supp. Keromytis Decl. ¶ 12);3 see also PO App. Br. 34–35. Even assuming that Patent Owner and Patent Owner’s declarant are correct that the Specification discloses a “conventional scheme” that provides public keys, we note that claim 1 does not preclude a system that provides public keys. Patent Owner or Patent Owner’s declarant does not provide a sufficient rationale as to why we must import a particular negative limitation (e.g., not providing public keys) into the claimed DNS system. Patent Owner argues that “[t]he specification explains that DNS systems that perform no more than these conventional functions have many shortcomings.” PO App. Br. 8; see also PO App. Br. 34–35. Presumably, Patent Owner argues that the Specification discloses that the domain name service system must perform “more than these conventional functions” (PO App. Br. 8) and that this feature must be imported into claim 1. First, the Specification does not appear to disclose that the domain name service system must perform more than these conventional functions. Rather, Patent Owner merely asserts that the Specification discloses that performing no more than these conventional functions has “many shortcomings.” Second, claim 1 does not recite that the domain name service system performs “more than these conventional functions.” Indeed, claim 1 does not appear to recite any functions performed by the domain name service system other than 3 Supplemental Declaration of Angelos D. Keromytis, Ph.D., dated December 26, 2012 (“Supp. Keromytis Decl.”). Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 9 support establishing a secure communication link. We thus are not persuaded by Patent Owner’s argument. Patent Owner argues that the Specification discloses that “[i]n a conventional architecture . . . nefarious listeners on the Internet would intercept the DNS REQ and DNS RESP packets.” The ’211 patent 39:8– 40:13, quoted in PO App. Br. 8; see also PO App. Br. 34–35. To the extent that Patent Owner alleges that a “conventional” domain name service system would permit “nefarious listeners” to “intercept the DNS REQ and DNS RESP packets” as described in the ’211 patent’s disclosure and that claim 1 requires a “non-conventional” domain name service system that does not permit “nefarious listeners” to “intercept the DNS REQ and DNS RESP packets,” we note that Patent Owner does not demonstrate sufficiently that Provino discloses a domain name service system in which nefarious listeners must be able to intercept the DNS REQ and DNS RESP packets. Hence, we are not persuaded by Patent Owner that the domain name service system disclosed by Provino is distinct from the domain name service system, as recited in claim 1. Also, even assuming that permitting activity by “nefarious” listeners is a “conventional” activity, as Patent Owner appears to contend, Patent Owner does not demonstrate sufficiently that the Specification discloses a specific “non-conventional” function domain name service system even if claim 1 did recite this hypothetical claim limitation (which claim 1 does not recite). In any event, we also note that claim 1 does not recite activities of “nefarious listeners” or whether or not intercepting the DNS REQ or DNS RESP packets by such listeners takes place. Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 10 Patent Owner argues that the Specification discloses one example in which “the DNS system does not return an IP address,” another example in which “DNS proxy 2610 transmits a message to gatekeeper 2603,” another example in which a link is “set up . . . without any return of DNS records,” another example in which a VPN is established “before any IP address is returned,” and another example in which “the SDNS only returns a secure URL after it has already coordinated with the VPN gatekeeper to establish a VPN.” PO App. Br. 9 (citing the ’211 patent 39:34-35, 39:63–40:8; 40:55– 65; 41:6–15; 51:22–50, Fig. 34, Supp. Keromytis Decl. ¶¶ 13–14). Presumably, Patent Owner argues that Provino fails to disclose each of these features and, therefore, fails to disclose claim 1. However, Patent Owner does not demonstrate sufficiently that any of these features that Patent Owner alleges to be disclosed in the Specification are recited in the claims. Therefore, we are not persuaded by Patent Owner’s argument. Claim 1 recites configured to “indicate” whether the system supports establishing a link. Patent Owner argues that “[c]onstruing the recited ‘indicate’ [feature] to include . . . conventional features . . . is unreasonable.” PO App. Br. 9. In other words, Patent Owner argues that it would somehow be “unreasonable” to construe the term “indicate” in claim 1 to mean data that only indicates and urges a supposedly “reasonable” construction of “indicate” to further mean 1) not providing public keys, 2) not returning an IP address of a requested computer or host, 3) not allowing hosts to retrieve automatically the public keys of a host, 4) not permitting nefarious listeners to intercept DNS REQ and DNS RESP packets, 5) not returning true IP addresses of a target node, 6) transmitting a message to gatekeeper 2603 Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 11 requesting that a VPN be created, 7) establishing a secure VPN without any return of DNS records, and 8) allowing a gatekeeper to establish a VPN before any IP address is returned. PO App. Br. 8–9; see also PO App. Br. 33–35. However, Patent Owner does not demonstrate persuasively why one of skill in the art would have broadly but reasonably construed the claim term “indicate” to include at least these eight identified specific features allegedly disclosed as examples in the Specification. See, e.g., the ’211 patent 39:7–51. Patent Owner also does not explain sufficiently why one of skill in the art would have imported these specific features selected by Patent Owner as allegedly disclosed in the Specification into claim 1 as supposedly included in a purportedly “reasonable” construction of the term “indicate.” In the absence of such a showing, we conclude that importing these eight features that Patent Owner alleges to be disclosed in the Specification into the broadest reasonable construction for the claim term “indicate” would be unreasonable. Patent Owner also argues that Provino fails to disclose “what occurs when the name server 17 receives a query for the specific Internet address of a server 31(s) on the VPN 15.” PO App. Br. 35. Claim 1, for example, recites a domain name service system configured and arranged to indicate whether the domain name service system supports establishing a secure communication link. Claim 1 does not recite or otherwise require any specific activity following receipt of a query for a specific Internet address of a server. In fact, claim 1, by reciting that the system is “configured and arranged to” perform functions, does not appear to recite any activity at all. Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 12 Provino’s Name Server 17 and the claimed DNS service system Patent Owner argues that Examiner’s mapping of the name server 17 of Provino as the claimed domain name service system, as recited in claim 1, to be erroneous because “the name server 17 [of Provino] . . . only has the more general address of the firewall 30” and “does not have the specific address of each server 31(s) on the VPN 15.” PO App. Br. 35. We note that claim 1 recites that “a domain name service system is configured and arranged to be connected to a communication network, store a plurality of domain names and corresponding network addresses, receive a query for a network address, and indicate in response to the query whether the domain name service system supports establishing a secure communication link.” We disagree that claim 1 also recites or otherwise requires that the domain name service also has the specific address of each server 31(s) in addition to an address of a firewall. Nor does Patent Owner demonstrate sufficiently that claim 1 recites this argued claim limitation. Therefore, we need not consider whether or not Provino discloses a name server 17 that stores the address of server 31(s) in addition to the address of a firewall. Provino’s Name Server 17, Firewall 30, and Name Server 32 and the claimed DNS System Patent Owner argues that “[t]he Examiner asserts [under an alternate theory] that the name server 17, firewall 30, and VPN name server 32 together form a DNS system” (PO App. Br. 35) but that Provino’s “firewall 30” cannot be included with “the name server 17, firewall 30, and VPN name server 32 together,” as alleged to be relied upon by the Examiner as Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 13 the claimed domain name service system because, according to Patent Owner, “[f]irewall 30 is simply programmed to identify name server 32 as part of the tunnel-establishment process.” PO App. Br. 36. Even assuming this contention regarding the programming of firewall 30 of Provino to be correct, Patent Owner does not demonstrate sufficiently that claim 1 requires that no part of the claimed domain name service system is “simply programmed to identify a name server . . . as part of a tunnel-establishment process.” Patent Owner argues that Provino’s “firewall 30” cannot be included with “the name server 17, firewall 30, and VPN name server 32 together,” as alleged to be relied upon by the Examiner as the claimed domain name service system because, according to Patent Owner, “[f]irewall 30 . . . does no DNS processing of its own” and “does not itself have any DNS-related functionality.” PO App. Br. 36–37. Even assuming this contention regarding “firewall 30” to be correct, Patent Owner does not demonstrate sufficiently that claim 1 recites that each and every individual component of the domain name service system must have DNS-related functionality itself irrespective of each and every other individual component of the system as a whole. In any event, we are not persuaded by Patent Owner that Provino’s firewall “does not have any DNS-related functionality.” For example, Provino discloses that “firewall 30 . . . provides the [requesting] device . . . with the identification of a nameserver . . . which the [requesting] device . . . can access to obtain the appropriate integer Internet addresses for the human- readable Internet addresses.” Provino 10:62–67. In other words, “firewall 30” of Provino performs a step in the process of resolving a desired domain Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 14 name – i.e., providing the identification of a nameserver. Patent Owner does not explain sufficiently how the firewall 30 performs a step necessary in a DNS-related function but still somehow “does not have any DNS-related functionality.” Patent Owner argues that Provino’s “firewall 30” cannot be included with “the name server 17, firewall 30, and VPN name server 32 together,” as alleged to be relied upon by the Examiner as the claimed domain name service system because, according to Patent Owner, “the ’211 patent disparages firewalls like Provino’s.” PO App. Br. 37 (citing the ’211 patent 2:64–3:6). Even assuming Patent Owner’s contention characterizing the Specification regarding firewalls to be correct, Patent Owner does not demonstrate sufficiently that claim 1 requires that no part of the domain name service system may include a firewall. Also, none of the alleged disadvantages of a firewall as disclosed in the Specification is excluded by claim 1. For example, the Specification states that a firewall may have high “overhead,” “instill a false sense of security,” and may not be useful for “business travelers, extranets, small teams, etc.” Spec 3:1–10. However, claim 1 does not appear to recite that the system must have low overhead (or at least not “high” overhead), not instill a false sense of security, and be useful for business travelers, extranets, and small teams, etc. Nor does Provino disclose that “firewall 30” suffers from high overhead, instilling a false sense of security, or not being useful for business travelers, etc., even assuming that claim 1, for example, recited such limitations. Hence, we are not persuaded by Patent Owner’s argument. Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 15 Patent Owner argues that Provino’s “firewall 30” cannot be included with “the name server 17, firewall 30, and VPN name server 32 together,” as alleged to be relied upon by the Examiner as the claimed domain name service system because, according to Patent Owner, “Firewall 30 [of Provino] does not ‘process the DNS request’.” Claim 1 recites “a domain name service system configured and arranged to be connected to a communication network, store a plurality of domain names and corresponding network addresses, receive a query for a network address, and indicate in response to the query whether the domain name service system supports establishing a secure communication link.” Claim 1 does not appear to also recite a firewall that “process[es] the DNS request.” For at least this reason, we are not persuaded by Patent Owner’s argument. In any event, even assuming claim 1 recites a firewall that “process[es] the DNS request” and assuming that Patent Owner is correct that “firewall 30” does not “process the DNS request,” Patent Owner does not assert or demonstrate sufficiently that “the name server 17, firewall 30, and VPN name server 32 together” (equated to the system as claimed) also does not “process the DNS request.” Patent Owner argues that “firewall 30 [of Provino] establishes the secure tunnel without assistance of VPN name server 32.” PO App. Br. 38. However, claim 1 recites a domain name service system configured and arranged to be connected to a communication network, store a plurality of domain names and corresponding network addresses, receive a query for a network address, and indicate in response to the query whether the domain name service system supports establishing a secure communication link. Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 16 Claim 1 does not appear to also recite or otherwise require that a firewall must receive assistance from a VPN name server to establish a secure tunnel. Therefore, we are not persuaded by Patent Owner’s argument. Authenticate – Claim 5 Claim 5 recites that the domain name service system is configured to authenticate the query. Patent Owner argues that Provino fails to disclose this feature because Provino discloses “authorizing” but fails to disclose “authenticating,” and that “[a]uthorization . . . is a process by which the system verifies that the user has permission to access” but “[a]uthentication is a process by which a system verifies the identity of a user who wishes to access it.” PO App. Br. 40 (citing Supp. Keromytis Decl. ¶ 39). We are not persuaded by Patent Owner’s and Patent Owner’s declarant’s argument. Even assuming that “authentication” must include verifying the “identity of a user who wishes to access it” and authorizing must include verifying if a user has “permission to access,” as Patent Owner contends, Patent Owner does not demonstrate a sufficient distinction between “authenticating” and “authorizing” because in order to determine if a particular individual has “permission to access,” the system would first verify the individual’s “identity” in some fashion. Otherwise, the system would be unable to determine if the user has “permission,” not having verified the “identity” of the user and, therefore, being unaware of who the user is. One of skill in the art would have understood that a system that is unaware of the “identity” of a user (i.e., who the user is) would also be unaware of whether the unidentified user has “permission” to access the system or not. Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 17 Patent Owner argues that Provino fails to disclose that “the domain name service system is configured to authenticate the query [for a network address],” as recited in claim 5, because Provino discloses that the domain name service system is configured to authenticate a different query from the query for a network address recited in claim 1. PO App. Br. 40–41. We are not persuaded by Patent Owner’s argument for at least the reasons set forth by Requester. 3PR Resp. Br. 20–21. For example, as Requester explains, Provino discloses that a client device (i.e., “device 12(m)”) sends “a query . . . to name server 17” and this “quer[y is] authenticated before name server 32 receives the secure domain name and resolves it into an IP address.” 3PR Resp. Br. 20. See, e.g., Provino 8:43–51. After device 12(m) of Provino receives the integer Internet address (from name server 17), “it can generate the necessary message packets for transmission to the device 13.” Provino 8:55–56. In other words, Provino discloses a query for a network address (to name server 17) that is authenticated (so that the client device can “generate the necessary message packets for transmission to the device.”) Patent Owner argues that, under an alternate theory, “the Examiner asserts that the name server 17, firewall 30, and VPN name server 32 [of Provino] together form a DNS system” (PO App. Br. 34) but that “[f]irewall 30 [of Provino] never authorizes the query from device 12(m) to name server 32.” PO App. Br. 41. However, Patent Owner does not assert or demonstrate persuasively that “the nameserver 17, firewall 30, and VPN name server 32 of Provino together” (allegedly equated to the claimed domain name service system) also does not “authorize[] the query from device 12(m).” As discussed above, Provino appears to disclose this feature. Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 18 Claims 8 and 9 Claims 8 and 9 recite that the domain name service system is connectable to a virtual private network. Patent Owner argues that the Examiner “contends that three different devices in Provino are part of a DNS system: name server 17, VPN firewall 30, and VPN name server 32” (PO App. Br. 41 (citing RAN 39)) but that “[f]irewall 30 and name server 32 are part of the VPN 15 and therefore are not connectable to it.” PO App. Br. 41. Even assuming that “firewall 30” and “name server 32” of Provino are “part of the VPN,” as Patent Owner asserts, we are not persuaded by Patent Owner’s argument that if a component is part of a network, the component is somehow not “connectable” to the network. One of skill in the art would have understood that a component that is part of a network would be connectable to the network because otherwise, the component would be disconnected from the network and would, therefore, not be part of the network, which would be contrary to the fact that the component is part of the network. In any event, even assuming that the “firewall 30” and “name server 32” of Provino are somehow not “connectable” to the VPN, as Patent Owner contends, Patent Owner does not assert or demonstrate sufficiently that the “name server 17” of Provino (equated by the Examiner to a component of the domain name service system, according to Patent Owner) is also not “connectable” to the virtual private network. Patent Owner argues that “[n]ame server 17 is outside VPN 15, but . . . never interacts with firewall 30 or with any other component on VPN 15” Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 19 so “nameserver 17 is also not connectable to VPN 15.” PO App. Br. 42. Claim 8, for example, recites that the domain name service system is connectable to a VPN. Patent Owner does not demonstrate sufficiently that claim 8 also recites that the domain name service system “interacts with” a component on the VPN. Therefore, we need not determine whether or not Provino discloses some interaction between name server 17 and the network, or what such interaction might entail. Patent Owner argues that Provino fails to disclose “at least one of the plurality of domain names” and “domain name service system,” as recited in claims 24 and 48. PO App. Br. 25–26, 42. We are not persuaded by Patent Owner’s argument that Provino fails to disclose a “plurality of domain names” for at least the previously discussed reasons. For example, Provino discloses that “nameserver 17 . . . can resolve the human-readable domain names [received from a user’s device] to provide the appropriate Internet address for the destination referred to in the respective human-readable name.” Provino 7:38–43. One of skill in the art would have understood that in order to resolve domain names, the nameserver 17 of Provino would have stored a “plurality of domain names.” Otherwise, no domain names would have been stored and nameserver 17 would be unable to determine corresponding Internet addresses for requested domain names (not having stored the domain names to resolve). Because Provino discloses that nameserver 17, in fact, determines corresponding Internet address for requested domain names, one of skill in the art would have understood that Provino discloses that nameserver 17 stores domain names. Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 20 Claim 10 recites that “the virtual private network is based on inserting into each packet . . . one or more data values that vary according to a pseudo-random sequence.” Patent Owner argues that the combination of Provino and Reed or the combination of Provino, Reed, and RFC 2230 or the combination of Provino, RFC 2504, and Reed fails to disclose or suggest this feature. PO App. Br. 43, 45, 47. Requester argues that Reed discloses this feature because Reed discloses a routing scheme “by routing IP packets through predefined . . . routers using the IP addresses of those routers” and that the “IP addresses of those routers” are inserted into each packet and varies according to a pseudorandom sequence. 3PR Resp. Br. 13, 22–23. We agree with Requester. Patent Owner argues that Reed discloses that “after the route is chosen and the onion is created, those IP address are fixed” and that “each layer . . . contains the identity of the next . . . router in the anonymous connection.” PO App. Br. 28. Assuming Patent Owner is correct that Reed provides the stated disclosure, Patent Owner does not demonstrate sufficient differences between Reed’s “route is chosen and . . . created [with a specific] IP address,” the IP address corresponding to the “next . . . router in the anonymous connection” and the claimed feature of inserting one or more data values that vary according to a pseudo-random sequence. For example, Patent Owner does not assert or demonstrate sufficiently that the “IP address” of the “next . . . router in the anonymous connection” of Reed (i.e., a data value that is inserted into a packet) does not vary from the previous IP address of the previous router. Indeed, one of skill in the art would have understood that the IP address of the “next . . . router” would not be the same Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 21 (and hence, would “vary”) in a pseudo-random manner in order to obtain “the anonymous connection,” as Patent Owner states that Reed discloses. Patent Owner argues that Reed discloses that “after the route is chosen . . . [the] IP addresses are fixed.” PO App. Br. 28. Claim 10 recites that the virtual private network is based on inserting into each packet one or more data values that vary according to a pseudo-random sequence. Even assuming Patent Owner to be correct that Reed discloses that all IP address are “fixed” “after the route is chosen” in all instances, Patent Owner does not demonstrate sufficiently that claim 10 also requires that IP address not be “fixed” after a route is chosen in all instances. We are not persuaded by Patent Owner’s argument. Claim 12 Claim 12 recites that “the virtual private network is based on comparing a value in each data packet transmitted between a first device and a second device to a moving window of valid values.” Patent Owner argues that the combination of Provino and Reed or the combination of Provino, Reed, and RFC 2230, or the combination of Provino, RFC 2504, and Reed fails to disclose or suggest this feature. PO App. Br. 43, 45, 47. Requester argues that Reed discloses this feature because Reed discloses that each “router maintains a table that maps between the identifiers of incoming connections and outgoing connections, and the cryptographic keys that are to be applied to data moving along an anonymous connection.” 3PR Resp. Br. 13, 22-23. We agree with Requester. Patent Owner argues that Reed discloses “identifiers in a table” but fails to disclose that “these identifiers in Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 22 the table are included in a moving window.” PO App. Br. 29. Patent Owner does not point out sufficient differences, however, between the “table” of identifiers and the “moving window” of values, as recited in claim 12. In both cases, values (or “identifiers”) are contained within a window (or “table”) that moves (or “applied to data moving along an anonymous connection”). We are not persuaded by Patent Owner’s argument. Patent Owner does not provide additional arguments in support of claims 1–60 with respect to Provino, alone or in combination with any of RFC 920, Reed, Beser, RFC 2230, and/or RFC 2504. PO App. Br. 42–47. In view of the above, we need not consider the propriety of the Examiner’s adoption or non-adoption of the rejection of claims 1–60 based on other grounds. Cf. In re Gleave, 560 F.3d 1331, 1338 (Fed. Cir. 2009). DECISION We affirm the Examiner’s rejection of claims 1, 2, 5, 6, 8, 9, and 14–60 under 35 U.S.C. § 102 as anticipated by Provino or under 35 U.S.C. § 103(a) as unpatentable over Provino and any one of RFC 2230 or RFC 2504; claims 2–5, 24, 25, 37, 48, and 49 under 35 U.S.C. § 103(a) as unpatentable over the combination of Provino and RFC 920, or the combination of Provino, RFC 920 and any one of RFC 2230 or RFC 2504; claims 10–13 under 35 U.S.C. § 103(a) as unpatentable over the combination of Provino and Reed or the combination of Provino, Reed, and any one of RFC 2230 or RFC 2504; claims 7, 29–32, and 53–56 under 35 U.S.C. § 103(a) as unpatentable over the combination of Provino and Beser Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 23 or the combination of Provino, Beser, and any one of RFC 2230 or RFC 2504. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). Requests for extensions of time in this inter partes reexamination proceeding are governed by 37 C.F.R. § 1.956. See 37 C.F.R. § 41.79. In the event neither party files a request for rehearing within the time provided in 37 C.F.R. § 41.79, and this decision becomes final and appealable under 37 C.F.R. § 41.81, a party seeking judicial review must timely serve notice on the Director of the United States Patent and Trademark Office. See 37 C.F.R. §§ 90.1 and 1.983. AFFIRMED Appeal 2016-004466 Reexamination Control 95/001,789 Patent 7,921,211 B2 24 Patent Owner: FINNEGAN, HENDERSON, FARABOW, GARRETT & DUNNER LLP 901 New York Avenue, NW Washington DC 20001-4413 Third-Party Requester: Sidley Austin LLP 2001 Ross Avenue Suite 3600 Dallas, TX 75201 pgc Copy with citationCopy as parenthetical citation
