Ex Parte Larson et alDownload PDFPatent Trial and Appeal BoardSep 9, 201695001788 (P.T.A.B. Sep. 9, 2016) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 95/001,788 10/18/2011 Victor Larson 077580-0146 5823 22852 7590 09/12/2016 FINNEGAN, HENDERSON, FARABOW, GARRETT & DUNNER LLP 901 NEW YORK AVENUE, NW WASHINGTON, DC 20001-4413 EXAMINER FOSTER, ROLAND G ART UNIT PAPER NUMBER 3992 MAIL DATE DELIVERY MODE 09/12/2016 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ APPLE INC., Requester, v. VIRNETX INC., Patent Owner. ____________ Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 Technology Center 3900 ____________ Before STEPHEN C. SIU, DENISE M. POTHIER, and JEREMY J. CURCURI, Administrative Patent Judges. SIU, Administrative Patent Judge DECISION ON APPEAL Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 2 VirnetX Inc. (“Patent Owner”) appeals under 35 U.S.C. §§ 134 and 315 the Examiner’s rejections of claims 1–60 over various references. App. Br. 9–33.1 We have jurisdiction under 35 U.S.C. §§ 134 and 315 (pre-AIA). This proceeding arose from an October 18, 2011 request for an inter partes reexamination of the claims of U.S. Patent 7,418,504 B2, titled “Agile Network Protocol for Secure Communications Using Secure Domain Names” and issued to Victor Larson, Robert Dunham Short, III, Edmund Colby Munger, and Michael Williamson, on August 26, 2008 (“the ’504 patent”). The ’504 patent describes a secure mechanism for communicating over the Internet. The ’504 patent 3:14–15. Claim 1 reads as follows: 1. A system for providing a domain name service for establishing a secure communication link, the system comprising: a domain name service system configured to be connected to a communication network, to store a plurality of domain names and corresponding network addresses, to receive a query for a network address, and to comprise an indication that the domain name service system supports establishing a secure communication link. The cited references are as follows: Beser US 6,496,867 B1 Dec. 17, 2002 Provino US 6,557,037 B1 Apr. 29, 2003 1 Amended Appeal Brief in Support of Appellants’ Appeal to the Patent Trial and Appeal Board, filed August 27, 2014 (App. Br.). Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 3 Solana, E., et al., “Flexible Internet Secure Transactions Based on Collaborative Domains,” Lecture Notes in Computer Science, Vol. 1361, at 37-51 (1997) (“Solana”). Atkinson, R, IETF RFC 2230, “Key Exchange Delegation Record for the DNS,” Nov. 1997 (“RFC2230”). Eastlake, D., et al., IETF RFC 2538, “Storing Certificates in the Domain Name System (DNS),” March 1999 (“RFC2538”). Eastlake, D., et al., IETF RFC 2064, “Domain Name System Security Extensions,” January 1997 (“RFC2064”). Kent S., et al., IETF RFC 2401, “Security Architecture for the Internet Protocol,” November 1998 (“RFC2401”). Postel, J. et al., IETF RFC 920, “Domain Requirements,” October 1984 (“RFC920”). Guttman, E, et al., IETF RFC 2504, “Users’ Security Handbook,” February 1999 (“RFC2504”). Reed, M, et al., “Proxies for Anonymous Routing,” 12th Annual Computer Security Applications Conference, San Diego, CA (December 9-13, 1996) (“Reed”). Goldschlag et al., “Hiding Routing Information,” workshop on Information Hiding, Cambridge, UK, May 1996 (“Goldschlag”). Mockapetris, P., RFC 1035, “Domain Names – Implementation and Specification,” November 1987 (“RFC1035”). Braken, R., RFC 1123, “Requirements for Internet Hosts – Application and Support,” October 1989 (“RFC1123”). Atkinson, R., RFC 1825, “Security Architecture for the Internet Protocol,” August 1995 (“RFC1825”). Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 4 Housley, R, et al., RFC 2459, “Internet X.509 Public Key Infrastructure Certificate and CRL Profile,” January 1999 (“RFC2459”). Mockapetris, P., RFC 1034, “Domain Names – Concepts and Facilities,” November 1987 (“RFC1034”). Patent Owner appeals the Examiner’s rejection of 1) Claims 1, 2, 5, 6, 8, 9, and 14–60 under 35 U.S.C. § 102(b) or (e) as anticipated by Solana or Provino, or under 35 U.S.C. § 103(a) as unpatentable over the combination of Solana and RFC 2504 or the combination of Provino and any one of RFC2230 or RFC2504; 2) Claims 1, 2, 6, 7, and 14–60 under 35 U.S.C. § 102(b) as anticipated by RFC 2230; 3) Claims 1, 2, 6, 14–22, 24–46, 48–52, and 57–60 under 35 U.S.C. § 102(a) as anticipated by RFC 2538; 4) Claims 1, 2, 5–7, 14–60 under 35 U.S.C. § 102(e) as anticipated by Beser; 5) Claims 2–5, 24, 25, 37, 48, and 49 under 35 U.S.C. § 103(a) as unpatentable over the combination of RFC 920 and any one of Solana, Provino, Beser, or RFC 2230; the combination of Solana, RFC 2504, and RFC 920; and the combination of Provino, RFC 920, and any one of RFC 2230 or RFC 2504; 6) Claims 10–13 under 35 U.S.C. § 103(a) as unpatentable over the combination of Solana and Reed; the combination of Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 5 Solana, Reed, and RFC 2504; the combination of Provino and Reed; the combination of Provino, RFC 2230, and Reed; the combination of Provino, RFC 2504, and Reed; the combination of Beser, RFC 2401, and Reed; the combination of RFC 2230, RFC 2401, and Reed; and the combination of RFC 2538, RFC 2401, and Reed; 7) Claims 7, 32, and 56 under 35 U.S.C. § 103(a) as unpatentable over the combination of Solana and Beser or the combination of Solana, Beser, and RFC 2504; 8) Claim 7, 29–32, and 53–56 under 35 U.S.C. § 103(a) as unpatentable over the combination of Provino and Beser or the combination of Provino, Beser and any one of RFC 2230 or RFC 2504; 9) Claims 8 and 9 under 35 U.S.C. § 103(a) as unpatentable over the combination of RFC 2401 and any one of Beser, RFC 2230 or RFC 2538; 10) Claims 29–32 and 53–56 under 35 U.S.C. § 103(a) as unpatentable over the combination of Beser and any one of RFC 2230 or RFC 2538; 11) Claims 3, 4, 24, 25, 48, and 49 under 35 U.S.C. § 103(a) as unpatentable over the combination of RFC 2538 and RFC 920;and 12) Claims 5, 23, and 47 under 35 U.S.C. § 103(a) as unpatentable over the combination of RFC 2538 and RFC 2065. Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 6 ISSUE Did the Examiner err in rejecting claims 1–60? PRINCIPLES OF LAW In rejecting claims under 35 U.S.C. § 102, “[a] single prior art reference that discloses, either expressly or inherently, each limitation of a claim invalidates that claim by anticipation.” Perricone v. Medicis Pharm. Corp., 432 F.3d 1368, 1375 (Fed. Cir. 2005) (citation omitted). The question of obviousness is resolved on the basis of underlying factual determinations including (1) the scope and content of the prior art, (2) any differences between the claimed subject matter and the prior art, and (3) the level of skill in the art. Graham v. John Deere Co., 383 U.S. 1, 17-18 (1966). “The combination of familiar elements according to known methods is likely to be obvious when it does no more than yield predictable results.” KSR Int’l Co. v. Teleflex, Inc., 550 U.S. 398, 416 (2007). ANALYSIS Provino Purported “Non-Conventional” Domain Name Service (DNS) System and “indication” – claim 1 Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 7 Patent Owner argues that Provino fails to disclose the domain name service system as recited in claim 1 because, according to Patent Owner, Provino discloses “nothing more than a conventional DNS system,” which is “disparaged and disclaimed in the ’504 patent specification.” PO App. Br. 33. In other words, Patent Owner argues that claim 1 requires a “non- conventional” (as opposed to a “conventional”) domain name service system and Provino supposedly merely discloses a “conventional” domain name service system. As an initial matter and as Patent Owner points out, claim 1 recites a domain name service system that comprises “an indication” that the DNS system “supports establishing a secure communication link.” We disagree that claim 1 also recites that the domain name service system must be “non- conventional” (or, for that matter, that it must be or must not be “conventional”). Nor does Patent Owner point out sufficiently that claim 1 recites any specific features deemed to be “non-conventional” and not “conventional.” Therefore, we need not consider whether or not the domain name service system, as disclosed by Provino, is “conventional” or “non- conventional.” Even assuming for purposes of argument that claim 1 recites that the domain name service system must be “non-conventional” (a position for which we disagree as noted above), we are not persuaded by Patent Owner that Provino fails to disclose this alleged feature. Patent Owner does not point to an explicit definition of “non-conventional” in the Specification and provides insufficient evidence to demonstrate that the domain name service system, as disclosed by Provino, is, in fact, “conventional” (as opposed to Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 8 “non-conventional”). Nor does Patent Owner demonstrate adequately how the DNS system in Provino differs from a “non-conventional” system (that is not explicitly defined in the Specification). Rather, Patent Owner and Patent Owner’s declarant (Dr. Angelos D. Keromytis)2 argue that the Specification defines and disparages a “conventional” domain name service system and that the Specification discloses a “conventional scheme” that provides public keys. PO App. Br. 7–8 (citing ’504 patent Specification 39:7–42, cited in Keromytis Decl. ¶¶ 19, 45). Patent Owner or Patent Owner’s declarant does not provide a sufficient rationale as to why we must import a particular negative limitation (e.g., not providing public keys) into the claimed DNS system. Patent Owner argues that “[t]he specification explains that DNS systems that perform no more than these conventional functions have many shortcomings.” PO App. Br. 8; see also PO App. Br. 34-35. Presumably, Patent Owner argues that the Specification discloses that the domain name service system must perform “more than these conventional functions” and that this feature must be imported into claim 1. First, the Specification does not appear to disclose that the domain name service system must perform more than these conventional functions. Rather, Patent Owner merely asserts that the Specification discloses that performing no more than these conventional functions has “many shortcomings.” Second, claim 1 does not recite that the domain name service system performs “more than these conventional functions.” Indeed, claim 1 does not appear to recite any 2 Declaration of Angelos D. Keromytis, Ph.D., dated March 29, 2012 (“Keromytis Decl.”). Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 9 functions performed by the domain name service system other than support establishing a secure communication link. We thus are not persuaded by Patent Owner’s argument. Patent Owner argues that the Specification discloses that “[i]n the conventional architecture . . . nefarious listeners on the Internet could intercept the DNS REQ and DNS RESP packets.” PO App. Br. 8 (citing Specification 39:24 – 40:29). To the extent that Patent Owner alleges that a “conventional” domain name service system would permit “nefarious listeners” to “intercept the DNS REQ and DNS RESP packets” and that claim 1 requires a “non-conventional” domain name service system that does not permit “nefarious listeners” to “intercept the DNS REQ and DNS RESP packets,” we note that Patent Owner does not demonstrate sufficiently that Provino discloses a domain name service system in which nefarious listeners must be able to intercept the DNS REQ and DNS RESP packets. Hence, we are not persuaded by Patent Owner that Provino fails to disclose a “non-conventional” domain name service system even if claim 1 did recite this hypothetical claim limitation. In any event, we note that claim 1 does not recite activities of “nefarious listeners” or whether or not intercepting the DNS REQ or DNS RESP packets by such listeners takes place. Patent Owner argues that the Specification discloses one example in which “the DNS system does not return an IP address,” another example in which “DNS proxy 2610 transmits a message to gatekeeper 2603,” another example in which a link is “set up . . . without any return of DNS records,” another example in which a VPN is established “before any IP address is returned,” and another example in which “the SDNS only returns a secure Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 10 URL after it has already coordinated with the VPN gatekeeper to establish a VPN.” PO App. Br. 9 (citing ’504 patent 39:34-35, 39:63–40:8; 40:55–65; 41:6–15; 51:22–50, Fig. 34, Supp. Keromytis Decl. ¶¶ 13–14). Presumably, Patent Owner argues that Provino fails to disclose each of these features and, therefore, fails to disclose claim 1. However, Patent Owner does not demonstrate sufficiently that any of these features that Patent Owner alleges to be disclosed in the Specification are recited in the claims. Therefore, we are not persuaded by Patent Owner’s argument. Claim 1 recites a system configured to “indicat[e]” whether the system supports establishing a link. Patent Owner argues that “[c]onstruing the recited ‘indication’” feature “to include . . . conventional features . . . is unreasonable.” PO App. Br. 9. In other words, Patent Owner argues that it would somehow be “unreasonable” to construe the term “indication” in claim 1 to mean data that only indicates and urges a supposedly “reasonable” construction of “indication” to further mean 1) not providing public keys, 2) not returning an IP address of a requested computer or host, 3) not allowing hosts to retrieve automatically the public keys of a host, 4) not permitting nefarious listeners to intercept DNS REQ and DNS RESP packets, 5) not returning true IP addresses of a target node, 6) transmitting a message to gatekeeper 2603 requesting that a VPN be created, 7) establishing a secure VPN without any return of DNS records, and 8) allowing a gatekeeper to establish a VPN before any IP address is returned. PO App. Br. 8-9; see also PO App. Br. 33–35. However, Patent Owner does not demonstrate persuasively why one of skill in the art would have broadly but reasonably construed the claim term “indication” to include at least these Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 11 eight specific features allegedly disclosed as examples in the Specification. See, e.g., the ’504 patent 39:7–51. Patent Owner also does not explain sufficiently why one of skill in the art would have imported these specific features selected by Patent Owner as allegedly disclosed in the Specification into claim 1 as supposedly included in a purportedly “reasonable” construction of the term “indication.” In the absence of such a showing, we conclude that importing these eight features that Patent Owner alleges to be disclosed in the Specification into the broadest reasonable construction for the claim term “indication” would be unreasonable. Patent Owner also argues that Provino fails to disclose “what occurs when the name server 17 receives a query for the specific Internet address of a server 31(s) on the VPN 15.” PO App. Br. 34. Claim 1, for example, recites a domain name service system configured to store a plurality of domain names and corresponding network addresses. Claim 1 does not recite or otherwise require any specific activity following receipt of a query for a specific Internet address of a server. In fact, claim 1, by reciting the system is “configured to” perform functions, does not appear to recite any activity at all. Provino’s Name Server 17 and the claimed DNS service system Patent Owner argues that the Examiner “asserts that the name server 17 [of Provino], alone, discloses” “a domain name service system configured to . . . comprise an indication that the domain name service system supports establishing a secure communication link” (PO App. Br. 33), as recited in claim 1, but that “the name server 17 [of Provino] . . . only Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 12 has the more general address of the firewall 30” and “does not have the specific address of each server 31(s) on the VPN 15.” PO App. Br. 34. In other words, Patent Owner argues that Provino fails to disclose claim 1’s features because Provino supposedly only discloses that the name server has an address of the firewall but does not have the address of server 31(s). We disagree that claim 1 recites or otherwise requires that the domain name service also has the specific address of each server 31(s) in addition to an address of a firewall. Nor does Patent Owner demonstrate sufficiently that claim 1 recites this argued claim limitation. Therefore, we need not consider whether or not Provino discloses a name server 17 that stores the address of server 31(s) in addition to the address of a firewall. Provino’s Name Server 17, Firewall 30, and Name Server 32 and the claimed DNS System Patent Owner also argues that, under an alternate theory, “the Examiner asserts that the name server 17, firewall 30, and VPN name server 32 [of Provino] together form a DNS system” (PO App. Br. 33) as recited in claim 1, and that this “second proposition is similarly flawed, because the name server 17 is distinguishable from SDNS 3313” given that, according to Patent Owner, “SDNS 3313” “performs more than a conventional DNS function.” PO App. Br. 34. Patent Owner does not indicate which claim recites “SDNS 3313.” We do not independently identify any claim under dispute that recites “SDNS 3313.” For at least this reason, we are not persuaded by Patent Owner’s argument. Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 13 Also, even if claim 1 recites “SDNS 3313,” Patent Owner merely asserts that “name server 17 is distinguishable from SDNS 3313” but does not assert or demonstrate sufficiently that “the name server 17, firewall 30, and VPN name server 32 together” (the Examiner’s alternate theory, as asserted by Patent Owner) is also distinguishable from “SDNS 3313” (and, if so, in what way). For at least these reasons, we need not consider whether or not Provino discloses an “SDNS 3313” or how “SDNS 3313” differs (or does not differ) from “the name server 17, firewall 30, and VPN name server 32 together [of Provino].” We are not persuaded by Patent Owner’s argument. Also, we note that claim 1 recites a domain name service system configurably connected to a network, stores domain names and corresponding network addresses, receives a query, and comprises an indication that the system supports establishing a secure communication link. We are unable to identify where claim 1 also recites that the domain name service system must perform “more than a conventional DNS function,” which Patent Owner alleges to be a function of “SDNS 3313.” In any event, we are not persuaded Patent Owner’s arguments pertaining to the alleged lack of disclosure by Provino of a “non-conventional” system for at least the reasons previously discussed. Patent Owner argues that Provino’s “firewall 30” cannot be included with “the name server 17, firewall 30, and VPN name server 32 together,” as alleged to be relied upon by the Examiner as the claimed domain name service system because, according to Patent Owner, “[f]irewall 30 is simply programmed to identify name server 32 as part of the tunnel-establishment Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 14 process.” PO App. Br. 35. Even assuming this contention regarding the programming of firewall 30 of Provino to be correct, Patent Owner does not demonstrate sufficiently that claim 1 requires that no part of the claimed domain name service system is “simply programmed to identify a name server . . . as part of a tunnel-establishment process.” Patent Owner argues that Provino’s “firewall 30” cannot be included with “the name server 17, firewall 30, and VPN name server 32 together,” as alleged to be relied upon by the Examiner as the claimed domain name service system because, according to Patent Owner, “[f]irewall 30 . . . does no DNS processing of its own” and “does not itself have any DNS-related functionality.” PO App. Br. 36–37. Even assuming this contention regarding “firewall 30” to be correct, Patent Owner does not demonstrate sufficiently that claim 1 recites that each and every individual component of the domain name service system must have DNS-related functionality itself irrespective of each and every other individual component of the system as a whole. In any event, we are not persuaded by Patent Owner that Provino’s firewall “does not have any DNS-related functionality.” For example, Provino discloses that “firewall 30 . . . provides the [requesting] device . . . with the identification of a nameserver . . . which the [requesting] device . . . can access to obtain the appropriate integer Internet addresses for the human-readable Internet addresses.” Provino 10:62–67. In other words, “firewall 30” of Provino performs a step in the process of resolving a desired domain name – i.e., providing the identification of a nameserver. Patent Owner does not explain sufficiently how the firewall 30 performs a step in a Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 15 DNS-related function but still somehow “does not have any DNS-related functionality.” Patent Owner argues that Provino’s “firewall 30” cannot be included with “the name server 17, firewall 30, and VPN name server 32 together,” as alleged to be relied upon by the Examiner as the claimed domain name service system because, according to Patent Owner, “the ’504 patent disparages firewalls like Provino’s.” PO App. Br. 37 (citing the ’504 patent 3:1-10). Even assuming Patent Owner’s contention characterizing the ’504 patent Specification to be correct, Patent Owner does not demonstrate sufficiently that claim 1 requires that no part of the domain name service system must include a firewall. Also, none of the alleged disadvantages of a firewall as disclosed in the Specification is excluded by claim 1. For example, the Specification states that a firewall may have high “overhead,” “instill a false sense of security,” and may not be useful for “business travelers, extranets, small teams, etc.” ’504 Patent 3:1-10. However, claim 1 does not appear to recite that the system must have low overhead, not instill a false sense of security, and be useful for business travelers, extranets, and small teams. Nor does Provino disclose that “firewall 30” suffers from high overhead, instilling a false sense of security, or not being useful for business travelers, even assuming that claim 1, for example, recited such limitations. Hence, we are not persuaded by Patent Owner’s argument. Patent Owner argues that, under an alternate theory, “the Examiner asserts that the name server 17, firewall 30, and VPN name server 32 [of Provino] together form a DNS system” (PO App. Br. 33) but that “[f]irewall Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 16 30 [of Provino] never authorizes the query from device 12(m) to name server 32.” PO App. Br. 39. However, Patent Owner does not assert or demonstrate persuasively that “the nameserver 17, firewall 30, and VPN name server 32 of Provino together” (allegedly equated to the claimed domain name service system) also does not “authorize[] the query from device 12(m).” As discussed above, Provino discloses this feature. Authenticate – Dependent Claim 5 Claim 5 recites that “the domain name service system is configured to authenticate the query.” Claims 23 and 47 recite similar features. Patent Owner argues that Provino discloses “authorizing” but fails to disclose “authenticating,” as recited in claim 5, because “[a]uthorization . . . is a process by which the system verifies that the user has permission to access” but “[a]uthentication is a process by which a system verifies the identity of a user who wishes to access it.” PO App. Br. 39 (citing Supp. Keromytis Decl. ¶ 39). We are not persuaded by Patent Owner’s and Patent Owner’s declarant’s argument. Even assuming that “authentication” must include verifying the “identity of a user who wishes to access it” and authorizing must include verifying if a user has “permission to access,” as Patent Owner contends, Patent Owner does not demonstrate a sufficient distinction between “authenticating” and “authorizing” because in order to determine if a particular individual has “permission to access,” the system would first verify the individual’s “identity” in some fashion. Otherwise, the system would be unable to determine if the user has “permission,” not having verified the “identity” of the user and, therefore, being unaware of who the Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 17 user is. One of skill in the art would have understood that a system that is unaware of the “identity” of a user (i.e., who the user is) would also be unaware of whether the unidentified user has “permission” to access the system or not. Patent Owner argues that Provino fails to disclose that “the domain name service system is configured to authenticate the query [for a network address],” as recited in claim 5, because Provino discloses that the domain name service system is configured to authenticate a different query from the query for a network address recited in claim 1. PO App. Br. 39. We are not persuaded by Patent Owner’s argument for at least the reasons set forth by Requester. 3PR Resp. Br. 20. For example, as Requester explains, Provino discloses that a client device (i.e., “device 12(m)”) sends “a query . . . to name server 17” and this “quer[y is] authenticated before name server 32 receives the secure domain name and resolves it into an IP address.” 3PR Resp. Br. 20. See, e.g., Provino 8:43–51. After device 12(m) of Provino receives the integer Internet address (from name server 17), “it can generate the necessary message packets for transmission to the device 13.” Provino 8:55-56. In other words Provino discloses a query for a network address (to name server 17) that is authenticated so that the client device can “generate the necessary message packets for transmission to the device.” Claims 8 and 9 Claims 8 and 9 recite that the domain name service system is connectable to a virtual private network. Patent Owner argues that the Examiner “contends that three different devices in Provino are part of a DNS Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 18 system: name server 17, VPN firewall 30, and VPN name server 32” (PO App. Br. 40 (citing RAN 40)) but that “[f]irewall 30 and name server 32 are part of the VPN 15 and therefore are not connectable to it.” PO App. Br. 40. Even assuming that “firewall 30” and “name server 32” of Provino are “part of the VPN,” as Patent Owner asserts, we are not persuaded by Patent Owner’s argument that if a component is part of a network, the component is somehow not “connectable” to the network. One of skill in the art would have understood that a component that is part of a network would be connectable to the network because otherwise, the component would be disconnected from the network and would, therefore, not be part of the network, which would be contrary to the fact that the component is part of the network. In any event, even assuming that the “firewall 30” and “name server 32” of Provino are somehow not “connectable” to the VPN of which they are components, as Patent Owner contends, Patent Owner does not assert or demonstrate sufficiently that the “name server 17” of Provino (equated by the Examiner to a component of the domain name service system, according to Patent Owner) is also not “connectable” to the virtual private network. Patent Owner argues that “[n]ame server 17 is outside VPN 15, but . . . never interacts with firewall 30 or with any other component on VPN 15” so “nameserver 17 is also not connectable to VPN 15.” PO App. Br. 40. Claim 8, for example, recites that the domain name service system is connectable to a VPN. Patent Owner does not demonstrate sufficiently that claim 8 also recites that the domain name service system “interacts with” a component on the VPN. Therefore, we need not determine whether or not Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 19 Provino discloses “interaction” between name server 17 and the network, or what such “interaction” might entail. Patent Owner argues that Provino fails to disclose “at least one of the plurality of domain names” and “domain name service system,” as recited in claims 24 and 48. PO App. Br. 40-41. We are not persuaded by Patent Owner’s argument that Provino fails to disclose a “plurality of domain names” for at least the previously discussed reasons. For example, Provino discloses that “nameserver 17 . . . can resolve the human-readable domain names [received from a user’s device] to provide the appropriate Internet address for the destination referred to in the respective human-readable name.” Provino 7:38–43. One of skill in the art would have understood that in order to resolve domain names, the nameserver 17 of Provino would have stored a “plurality of domain names.” Otherwise, no domain names would have been stored and nameserver 17 would be unable to determine corresponding Internet addresses for requested domain names (not having stored the domain names to resolve). Because Provino discloses that nameserver 17, in fact, determines corresponding Internet address for requested domain names, one of skill in the art would have understood that Provino discloses that nameserver 17 stores domain names. Claim 10 Claim 10 recites that “the virtual private network is based on inserting into each packet . . . one or more data values that vary according to a pseudo-random sequence.” Patent Owner argues that the combination of Provino and Reed or the combination of Provino, Reed, and RFC 2230 or Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 20 the combination of Provino, RFC 2504, and Reed fails to disclose or suggest this feature. PO App. Br. 41–43, 45. Requester argues that Reed discloses this feature because Reed discloses a routing scheme “by routing IP packets through predefined . . . routers using the IP addresses of those routers” and that the “IP addresses of those routers” are inserted into each packet and varies according to a pseudorandom sequence. 3PR Resp. Br. 12–13, 22. We agree with Requester. Patent Owner argues that Reed discloses that “after the route is chosen and the onion is created, those IP address are fixed” and that “each layer . . . contains the identity of the next . . . router in the anonymous connection” but does not demonstrate sufficient differences between Reed’s alleged disclosure of a “route [that] is chosen and . . . created [with a specific] IP address,” the IP address corresponding to the “next . . . router in the anonymous connection,” and the claimed feature of inserting one or more data values that vary according to a pseudo-random sequence. PO App. Br. 27. Patent Owner does not assert or demonstrate sufficiently that the “IP address” of the “next . . . router in the anonymous connection” of Reed (i.e., a data value that is inserted into a packet) does not vary from the previous IP address of the previous router. Indeed, one of skill in the art would have understood that the IP address of the “next . . . router” would not be the same (and hence, would “vary”) in a pseudo-random manner in order to obtain “the anonymous connection,” as Patent Owner states that Reed discloses. Patent Owner argues that Reed discloses that “after the route is chosen . . . [the] IP addresses are fixed.” PO App. Br. 27. Claim 10 recites that the virtual private network is based on inserting into each packet one or more Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 21 data values that vary according to a pseudo-random sequence. Even assuming Patent Owner to be correct that Reed discloses that all IP address are “fixed” “after the route is chosen” in all instances, Patent Owner does not demonstrate sufficiently that claim 10 also requires that IP address not be “fixed” after a route is chosen in all instances. We are not persuaded by Patent Owner’s argument. Claim 12 Claim 12 recites that “the virtual private network is based on comparing a value in each data packet transmitted between a first device and a second device to a moving window of valid values.” Patent Owner argues that the combination of Provino and Reed or the combination of Provino, Reed, and RFC 2230, or the combination of Provino, RFC 2504, and Reed fails to disclose or suggest this feature. PO App. Br. 42, 44, 45–46. Requester argues that Reed discloses this feature because Reed discloses that each “router maintains a table that maps between the identifiers of incoming connections and outgoing connections, and the cryptographic keys that are to be applied to data moving along an anonymous connection.” 3PR Resp. Br. 13, 22. We agree with Requester. Patent Owner argues that Reed discloses “identifiers in a table” but fails to disclose that “these identifiers in the table are included in a moving window.” PO App. Br. 28. Patent Owner does not point out sufficient differences, however, between the “table” of identifiers and the “moving window” of values, as recited in claim 12. In both cases, values (or “identifiers”) are contained within a window (or “table”) that moves (or Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 22 “applied to data moving along an anonymous connection.”) We are not persuaded by Patent Owner’s argument. Patent Owner does not provide additional arguments in support of claims 2, 6, 14–23, and 25–60 with respect to Provino and claims 2–5, 24, 25, 37, 48, and 49 with respect to Provino and RFC 920; claims 7, 29–32, and 53–56 with respect to Provino and Beser; claims 1, 2, 5, 6, 8, 9, and 14– 60 with respect to Provino and RFC 2230; claims 2–5, 24, 25, 37, 48, and 49 with respect to Provino, RFC 2230 and RFC 920; claim 11 and 13 with respect to Provino, RFC 2230 and Reed or Provino, RFC 2504, and Reed; claims 2–5, 24, 25, 37, 48, and 49 with respect to Provino, RFC 2504, and RFC 920; claims 7, 29–32, and 53–56 with respect to Provino and Beser; and claims 1, 2, 5, 6, 8, 9, and 14–60 with respect to Provino and RFC 2230. PO App. Br. 41–45. In view of the above, we need not consider the propriety of the Examiner’s adoption or non-adoption of the rejection of claims 1–60 based on other grounds. Cf. In re Gleave, 560 F.3d 1331, 1338 (Fed. Cir. 2009). DECISION We affirm the Examiner’s rejection of claims 1, 2, 5, 6, 8, 9, and 14–60 under 35 U.S.C. § 102 as anticipated by Provino or under 35 U.S.C. § 103(a) as unpatentable over Provino and any one of RFC 2230 or RFC 2504; claims 2–5, 24, 25, 37, 48, and 49 under 35 U.S.C. § 103(a) as unpatentable over the combination of Provino and RFC 920, or the combination of Provino, RFC 920 and any one of RFC 2230 or RFC 2504; claims 10-13 under 35 U.S.C. § 103(a) as unpatentable over the combination Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 23 of Provino and Reed or the combination of Provino, Reed, and any one of RFC 2230 or RFC 2504; claims 7, 29–32, and 53–56 under 35 U.S.C. § 103(a) as unpatentable over the combination of Provino and Beser or the combination of Provino, Beser, and any one of RFC 2230 or RFC 2504. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). Requests for extensions of time in this inter partes reexamination proceeding are governed by 37 C.F.R. § 1.956. See 37 C.F.R. § 41.79. In the event neither party files a request for rehearing within the time provided in 37 C.F.R. § 41.79, and this decision becomes final and appealable under 37 C.F.R. § 41.81, a party seeking judicial review must timely serve notice on the Director of the United States Patent and Trademark Office. See 37 C.F.R. §§ 90.1 and 1.983. AFFIRMED Appeal 2016-004435 Reexamination Control 95/001,788 Patent 7,418,504 B2 24 Patent Owner: FINNEGAN, HENDERSON, FARABOW, GARRETT & DUNNER LLP 901 New York Avenue, NW Washington DC 20001-4413 Third-Party Requester: Sidley Austin LLP 2001 Ross Avenue Suite 3600 Dallas, TX 75201 pgc Copy with citationCopy as parenthetical citation