vhc cc brief v apple

8/12/2019 VHC Cc Brief v Apple

1/30

IN THE UNITED STATES DISTRICT COURTFOR THE EASTERN DISTRICT OF TEXAS

TYLER DIVISION

VIRNETX INC. and

SCIENCE APPLICATIONSINTERNATIONAL CORPORATION,

Plaintiffs,

vs.

APPLE INC.

Defendant.

Civil Action Nos. 6:11-cv-5636:12-cv-855

JURY TRIAL DEMANDED

VIRNETXS OPENING CLAIM CONSTRUCTION BRIEF

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 1 of 30 PageID #: 3304


2/30

-i-

Table of ContentsI. INTRODUCTION ........................................................................................................ 1

II.

LEVEL OF ORDINARY SKILL IN THE ART ...................................................... 2

III. ARGUMENT ............................................................................................................ 2

A. Disputes Involving Previously Construed Claim Terms ....................................... 2

1. virtual private network [included in asserted claims of the 135 patent] .......2

2. generating from the client computer . . . [included inclaim 1 of the 135 patent] ................................................................................ 7

3. an indication that the domain name service system supports establishing asecure communication link [included in asserted claims of the 504

patent] ............................................................................................................... 8

4. indicate in response to the query whether the domain name service systemsupports establishing a secure communication link [included in assertedclaims of the211 patent] .................................................................................. 9

B. Disputes Involving New Claim Terms ................................................................ 12

5. intercept and intercepting [included in asserted claims of the 697 patent] ............................................................................................................. 12

6. [intercept / intercepting] . . . a request to look up an internet protocol(IP) address [included in claims of the 697 patent] ..................................... 12

7. wherein the secure communication service uses the securecommunication link to communicate at least one of video dataand audio data between the first network device and the second networkdevice [included in asserted claims of the 697 patent] ................................ 14

8. [determine/determining] . . . is available for a secure communicationsservice [included in asserted claims of the 697 patent] ............................... 15

9. domain name lookup [included in claims 14 and 28 of the 697 patent] ..... 15

10.secure name service [included in asserted claims of the 181 patent] ........ 16

11. secure name [included in asserted claims of the 181 patent] ................... 18

12. unsecured name [included in claims 1, 26, and 27 of the 181 patent] ...... 19



3/30

-ii-

13. securely communicate [included in claims 1, 24, 26, and 29of the 181 patent] ........................................................................................... 20

14. sending a message securely [included in claims 24-26 and 29

of the 181 patent] ........................................................................................... 20

15. non-secure communication link [included in claim 7 of the 181 patent] ............................................................................................................. 21

16. requesting and obtaining registration of a secure/unsecured name[included in claims 24-27 of the 181 patent] ................................................. 22

17. message [included in asserted claims of the 181 patent] .......................... 23

IV.

CONCLUSION ....................................................................................................... 23



4/30

-iii-

Table of Authorities

Cases

CIAS, Inc. v. Alliance Gaming Corp. ,504 F.3d 1356 (Fed. Cir. 2007)................................................................................................. 14

Edwards Lifesciences, LLC v. Cook Inc. ,582 F.3d 1322 (Fed. Cir. 2009)................................................................................................. 18

Eon-Net LP v. Flagstar Bancorp ,653 F.3d 1314 (Fed. Cir. Jul. 29, 2011) .................................................................................... 18

Globetrotter Software, Inc. v. Elan Computer Group, Inc. ,362 F.3d 1367 (Fed. Cir. 2004)................................................................................................. 13

i4i Ltd. Pship v. Microsoft Corp. ,598 F.3d 831(Fed. Cir. 2010).................................................................................................... 20

Level 3 Commcns, LLC v. Limelight Networks ,630 F.Supp.2d 654 (E.D.Va.2008) ........................................................................................... 14

Liebel-Flarsheim Co. v. Medrad, Inc. ,358 F.3d 898 (Fed. Cir. 2004)................................................................................................... 18

Neev v. Abbott Med. Optics, Inc. ,2012 WL 1066797 (D.Del. Mar. 26, 2012) .............................................................................. 14

Phillips v. AWH Corp. ,415 F.3d 1303 (Fed. Cir. 2005)............................................................................................. 6, 12

SuperGuide Corp. v. DirecTV Enters. ,211 F. Supp. 2d 725 (W.D.N.C. 2002) ....................................................................................... 7

Taurus IP, LLC v. DaimlerChrysler Corp. ,726 F.3d 1306 (Fed. Cir. 2013)................................................................................................. 15

Teleflex, Inc. v. Ficosa N. Am. Corp. ,299 F.3d 1313 (Fed. Cir. 2002)................................................................................................... 6

Thorner v. Sony Computer Entmt Am. LLC ,669 F.3d 1362 (Fed. Cir. 2012)............................................................................................. 6, 22

VirnetX, Inc. v. Microsoft Corp. ,2009 WL 2370727 (E.D. Tex. July 30, 2009) ........................................................................ 5, 8



5/30

-iv-

Zircon Corp. v. Stanley Black & Decker, Inc. ,452 Fed.Appx. 966 (Fed. Cir. 2011) ............................................................................. 17, 18, 19



6/30

-1-

I. INTRODUCTION

There are six patents at issue in this lawsuit: U.S. Patent Nos. 6,502,135 (the 135

patent), 7,418,504 (the 504 patent), 7,490,151 (the 151 patent), and 7,921,211 (the 211

patent), 8,051,181 (the 181 patent) and 8,504,697 (the 697 patent). The patents are

attached in Exhibits 1-6. The Court has previously construed terms for all asserted patents

except the 181 and 697 patents. The Courts prior claim construction opinions are attached as

exhibits A-C. The new patents belong to the same family of patent applications. 1 As such, the

technology at issue in the new patents will be familiar to the Court.

The Court has conducted three Markman proceedings for patents in VirnetXs portfolio

and has presided over three VirnetX trials. In acknowledgement of the Courts expertise in

VirnetXs patents and out of respect for the Courts time, the parties have agreed to rely on prior

briefing for previously construed claims as much as possible. Specifically, the parties have

agreed to submit prior briefing on the majority of previously construed claim terms in lieu of

repeating those arguments in the body of the briefs for this proceeding, and that this preserves

the parties right to appeal alleged error in the previously construed terms (barring subsequent

waiver). Accordingly, VirnetX incorporates by reference exhibits D-P, which are claim

construction arguments and materials in support thereof from the previous cases. The claim

terms for which this agreement applies are the terms highlighted in green in the parties Joint

Claim Construction Statement. Dkt. No. 113-2.

1 Specifically, the 181 patent is a continuation of the patent application that became U.S. Patent No. 7,188,180, which the Court has construed. The 697 patent is a continuation of acontinuation of the patent application that became the 211 patent.



7/30

-2-

II. LEVEL OF ORDINARY SKILL IN THE ART

As with the prior litigations, VirnetX proposes that a person of ordinary skill in the art

would have a Masters degree in computer science or computer engineering as well as two years

of experience in computer networking with some accompanying exposure to network security.

See Jones Decl. at 3.

III. ARGUMENT

A. Disputes Involving Previously Construed Claim Terms

1. virtual private network [included in asserted claims of the 135 patent]VirnetXs Proposed Construction Apples Proposed Construction

a network of computers which privately anddirectly communicate with each other byencrypting traffic on insecure communication

paths between the computers

a network of computers which privately anddirectly communicate with each other byencrypting traffic on insecurecommunication paths between the computerswhere the communication is both secure andanonymous.

VirnetX urges the Court to reconsider its construction of this term to prevent what

VirnetX believes was injustice in the Cisco 2 trial from reoccurring, in which the Courts

construction for VPN was miscast and abused by Ciscos counsel and witnesses. The Cisco

trial highlights two fundamental claim construction disputes between VirnetX and Apple: (1)

Does a VPN, in its ordinary meaning, require anonymity? And if so, (2) what is the appropriate

scope of anonymity?

The Cisco Trial. During claim construction, Cisco did not argue that the term virtual

private network (or VPN) requires anonymity because of disclaimer or lexicography in the

specification or the prosecution history of the 135 patent. Rather, Cisco told the Court that a

VPN, in its ordinary meaning, achieves anonymity through tunneling. See Cisco Claim

2 VirnetX Inc. v. Cisco Systems Inc. et al. (6:10-cv-417) (hereinafter the Cisco case or simplyCisco )



8/30

-3-

Construction Hing Tr. (Ex. K) at 28:10-22 (This is an excerpt from Your Honors order. You

start out early on with The Wiley Electrical and Electronics Engineering Dictionary that defines

a virtual private network. . . . So privacy here in the extrinsic evidence is both encryption and

tunneling protocols. Tunneling protocols is how you ensure anonymity. ) (emphasis added).

But at trial, Cisco about-faced and told the jury that the Courts construction did not cover

tunneling. See Cisco , 03/11/13 TT a.m. at 81:19-25 (Question: Dr. Clark, do you disagree with

Ciscos lawyers statement that tunneling protocols ensure anonymity? Answer: I disagree

that tunneling protocols ensure anonymity. ).3 Remarkably, Cisco falsely denied making

these arguments to the jury. See Cisco , 6/17/13 Post-Trial Hing Tr. at 52:13-17 (The Court:Let me ask you this, Mr. Desmarais: Did you misrepresent to the jury that the Courts claim

construction forbid IP tunneling as a VPN? Mr. Desmarais: Absolutely not, Your Honor.

Absolutely not.). 4

Anonymity Revisited. VirnetX is not suggesting that the Court or its construction of

VPN is somehow to blame for Ciscos misrepresentations and misconduct. Conceivably any

construction can be twisted and distorted. But VirnetX is still reeling from Ciscos ill-gotten

3 This is not the only way that Cisco miscast and abused the Courts construction for VPN.Cisco also: (1) told the jury that the Courts construction was limited to a very special type ofVPN; (ii) told the jury that the anonymity requirement could only be met by the anonymityachieved by the preferred embodiments; and (iii) told the jury that prior art VPNs cannot meetthe Courts construction. Ciscos repeated misconduct is documented, cited, and quoted inVirnetXs Motion for a New Trial. See Cisco , Dkt. No. 798 at 5-9.

4 In making this misrepresentation to the Court, counsel for Cisco argued that he simply told the

jury that tunneling was the prior art way of achieving anonymity. But Cisco repeatedly toldthe jury that prior art VPNs could not meet the Courts construction for VPN. See , e.g. , Cisco ,3/07/13 p.m. TT at 82:5-11 (Q. So if we put up Claim 1 of the 759 patent, would CiscosEasyVPN and AnyConnect productsdo theywith regards to the anonymity component of thevirtual private network, do they all work the same way? A. They all work the same way and donot provide an anonymous VPN. They just provide a VPN, which was prior art.). Moreover,Cisco told the jury that only the tunneling of the IP-hopping embodiment of the patent couldachieve anonymity. See Cisco , 3/07/13 p.m. TT at 60:18-61:23.



9/30

-4-

verdicta verdict that Cisco won by incessantly telling the jury that the Courts construction of

VPN is so far removed from the ordinary meaning of the term that it does not cover

archetypical, industry-standard VPNs such as IPsec. See Jones Decl. at 4-7.

The Court did not include anonymity in its construction of VPN by way of any

disclaimer or lexicography in the intrinsic record of the patents. Indeed, no defendantnot

Microsoft, not Apple, not Ciscohas ever argued that the term is so limited by disclaimer or

lexicography. The disputes between the parties and the claim construction opinions of the Court

have all exclusively focused on the ordinary meaning of the term.

So is anonymity part of the ordinary meaning of VPN? No, and VirnetX has alwaysopposed this. In a private network, computers communicate with each other securely. A virtual

private network enables a computer outside of the private network to communicate as if it were

physically within the private network. A VPN achieves this by securing the (otherwise) insecure

communication path between the remote computer and the private network (through encryption)

and by enabling the remote and private computers to communicate directly with each other ( e.g. ,

through tunneling). Tunneling is one way of enabling computers to directly communicate with

each other. Using tunneling, a remote computer can directly communicate with computers on

the private network via the private IP address space of the private network. Specifically, the

packets with private IP addresses are encapsulated by packets with public IP addresses. The

public IP addresses of the outer packet enable the packet to traverse the Internet (which only

uses public IP addresses) such that it is routed to a public-facing computer at the private network.

The public facing computer then removes the outer IP address and routes the inner packet to the

appropriate computer within the private network using the private addresses.



10/30

-5-

To be sure, the combination of tunneling and encryption provides some degree of

anonymity because the private IP addresses of the inner packet are encrypted and therefore not

visible to an intercepting party. But it does not follow that anonymity is not the sine qua non of

a virtual private network. Indeed, the Court has ruled that virtual private networks are not

limited to IP tunneling. See VirnetX, Inc. v. Microsoft Corp. , 2009 WL 2370727, at *5 (E.D.

Tex. July 30, 2009) (Accordingly, virtual private network is not limited to IP tunneling, and

the Court construes virtual private network as a network of computers which privately

communicate with each other by encrypting traffic on insecure communication paths between the

computers.) (Ex. A). Again, a VPN allows a computer outside of the physical private networkto communicate as part of the private network. A VPN achieves this: (1) by enabling the

computers to communicate directly with each other as if they were physically on the same

private network; (2) by encrypting the communications on insecure communication paths to

mimic the privacy of a private network; and (3) with or without some consequential degree of

anonymity.

Apples Arguments. Apple does not argue that anonymity is part of the ordinary

meaning of the term VPN. Instead, Apple argues that anonymity is party of the ordinary

meaning of the term in light of the specification. Apples arguments and proposed construction

should be rejected for three reasons. First , there is nothing in the specification that describes all

VPNs as having or requiring anonymity. Second , the specification does not deviate from the

ordinary meaning of VPN. While the patent discloses a novel IP-hopping VPN that

provides anonymity that helps foil traffic analysis, it does not follow that non-IP-hopping VPNs

necessarily have some non-zero degree of anonymity. Indeed, the specification implies that,

without IP-hopping, there is no anonymity. See 135 at 38:2-6 (The VPN is preferably



11/30

-6-

implemented using the IP address hopping features of the basic invention described above,

such that the true identity of the two nodes cannot be determined even if packets during the

communication are intercepted.).

Third , Apple cannot identify any difference between importing anonymity into the term

VPN via discerning the ordinary meaning of the term in light of the specification and

importing anonymity via disclaimer to the preferred embodiments. In other words, Apples

argument is nothing more than disclaimer in disguise. While claims must be read in view of the

specification, of which they are a part, Phillips v. AWH Corp. , 415 F.3d 1303, 1315 (Fed. Cir.

2005) (internal quotations omitted), this is not an open invitation to import limitations from the preferred embodiments. Nor is it a way to circumvent the Federal Circuits stringent test for

disclaimer. 5 Indeed, the Federal Circuit in Phillips warned against importing limitations from

the specification under the guise of using the specification to interpret the meaning of the claim.

See Phillips , 415 F.3d at 1323 ([W]e recognize that the distinction between using the

specification to interpret the meaning of a claim and importing limitations from the specification

into the claim can be a difficult one to apply in practice. However, the line between construing

terms and importing limitations can be discerned with reasonable certainty and predictability if

the courts focus remains on understanding how a person of ordinary skill in the art would

understand the claim terms.) (internal citation removed). Accordingly, VirnetX requests that

the Court modify its construction of VPN by removing the requirement of anonymity.

Claim Scope Disputes Post- Cisco . If the Court is inclined to construe virtual private

network to require anonymity, the Cisco trial highlights several disputes of claim scope that

5 See , e.g. , Thorner v. Sony Computer Entmt Am. LLC , 669 F.3d 1362, 1366 (Fed. Cir. 2012)(requiring expressions of manifest exclusion or restriction, representing a clear disavowal ofclaim scope for a finding of disclaimer) (quoting Teleflex, Inc. v. Ficosa N. Am. Corp. , 299 F.3d1313, 1325 (Fed. Cir. 2002)).



12/30

-7-

should be resolved by the Courtand not duked out before the jury. Specifically, Apple and

VirnetX dispute the legal scope anonymity. If the Court includes anonymity in the construction

of VPN, VirnetX requests (and Apple opposes) a ruling that anonymity is met by at least by

tunneling and encryption, that anonymity is not limited to the anonymity achieved by the IP-

hopping embodiments of the patent, and that anonymity is achieved by VPNs known to persons

of ordinary skill at the time of the invention. These clarifications are imminently appropriate

based on the history of the construction of VPN. Namely, the doctrine of judicial estoppel

should preclude Apple from arguing that tunneling and encryption does not achieve anonymity,

as that is exactly what Apple represented to the Court at oral argument in the Cisco case. Seesupra at 2; SuperGuide Corp. v. DirecTV Enters. , 211 F. Supp. 2d 725, 764 (W.D.N.C. 2002)

(finding that Gemstars position [which is different from what it argued during claim

construction] is precluded by the doctrine of judicial estoppel which is designed to prevent

litigants from playing fast and loose with the courts.). Next, Apple should be precluded from

arguing that anonymity is limited to preferred embodiments of the patent as Apple is not arguing

that there is disclaimer to those embodiments. And finally, Apple should be precluded from

arguing that VPNs known to persons of ordinary skill at the time of the invention do not achieve

anonymity because the opposite would eviscerate any notion that Apples proposed construction

of VPN is the ordinary meaning of the term.

2. generating from the client computer . . . [included in claim 1 of the 135 patent]VirnetXs Proposed Construction Apples Proposed Construction

[no construction necessary] generating and transmitting from the clientcomputer a DNS request

The first step of claim 1 of the 135 patent begins: generating from . . . . Apple attempts

to rewrite the claim language with its proposed construction: generating and transmitting from .

. . . The Court adopted this construction in the prior litigation because the parties agreed to this



13/30

-8-

construction. See Ex. B at 27. This agreement, however, was based on representation from

Apples counsel that it would not attempt to use the transmitting language to circumvent the

Courts prior ruling in the Microsoft case that the client computer can perform the second step

(i.e., the determining step). See Microsoft Claim Construction Opinion (Ex. A) at 20 (finding

that [t]he client computer can perform the determining step based on the claim language and

the doctrine of claim differentiation). Apple represented that it would not circumvent this ruling

at the claim construction hearing:

MR. CASSADY: Your Honor, we are okay with generating andtransmitting, but I still didnt get an answer to my question,

which is are they trying to circumvent Your Honors constructionthat said the client computer can do the determining step by eithertransmitting from a function to a function, from a piece of softwareto a piece of software, from other functions on the client? Im stillnot hearing that answer. That is really the problem here.

THE COURT: Can you answer that more definitively?

MR. WILLIAMS: The first thing I said when I stood up hereawhile ago was, no, sir, we are not trying to circumvent anything.

See Cisco Claim Construction Hing Tr. (Ex. K) at 117:19-118:5. Apple did not make good on

this commitment. Namely, Apples expert argued that Apple did not infringe because a client

computer cannot examine a DNS request to perform the determination step because the

Courts construction requires the DNS request to be transmitted from the device. Accordingly,

VirnetX asks that the Court not adopt Apples proposed construction and leave the claim

language as-is.

3. an indication that the domain name service system supports establishing a securecommunication link[included in asserted claims of the 504 patent]

VirnetXs Proposed Construction Apples Proposed Construction

[no construction necessary]

alternatively: an indication that the domain nameservice system has authorized and supportsestablishing a secure communication link

an affirmative signal beyond the merereturning of an IP address, public key, digitalsignature, or certificate that the domain nameservice system supports establishing a securecommunication link



14/30

-9-

4. indicate in response to the query whether the domain name service system supportsestablishing a secure communication link [included in asserted claims of the211 patent]



alternatively: indicate in response to the querywhether the domain name service system hasauthorized and supports establishing a securecommunication link

in response to the query for a networkaddress, affirmatively signaling beyond themere returning of an IP address, public key,digital signature, or certificate that thedomain name service system supportsestablishing a secure communication link

As the Court has previously observed, these terms are readily understandable and do not

require construction. See Cisco and Mitel Opinions (Ex. B at 27-28; Ex. C at 10-11).

If the Court is inclined to construe these terms, it should adopt VirnetXs proposed

constructions, which clarifies that the claimed indication is that the domain name service

system has authorized and supports establishing a secure communication link. This is in accord

with the specification and the prosecution history. The 504 and 211 patents describe a

preferred embodiment in columns 49 through 53 that illustrates why VirnetXs alternative,

proposed construction is appropriate. Particularly, the specification teaches SDNS 3313 that

supports establishing 6 a VPN by accessing VPN gatekeeper 3314, which provisions computer

3301 and secure web server computer 3320, or a secure edge router for server computer 3320,

thereby creating the VPN. See 504 at 51:34-40. Notably, the specification teaches that a VPN

gatekeeper only provisions authorized users. See id . at 40:57-63 (recognizing that a gatekeeper

computer determines whether a user is authorized); see also id . at 41: 33-38 (Scenario #2:

Client does not have permission to access target computer. In this scenario, the clients DNS

6 To remove any doubt that SDNS 3133 in combination with VPN gatekeeper 3314 is the preferred embodiment with respect to the disputed indication terms, VirnetX notes that SDNS3133 embodies the other two limitations of the independent claims of the 504 and 211 patent,namely: (1) storing domain names and corresponding network addresses, see 504 at 51:11-12(SDNS 3313 contains a cross-reference database of secure domain names and correspondingsecure network addresses); and (2) receiving a query for a network address, see id . at 51:29-30(When a user queries SDNS 3313 for the secure computer network address . . .).



15/30

-10-

request would be received by the DNS proxy server 2610, which would forward the request to

gatekeeper 2603. The gatekeeper would reject the request, informing DNS proxy server 2610

that it was unable to find the target computer.).

Further, VirnetXs alternative, proposed construction accounts for how the specification

explains the claimed inventions by disparaging conventional DNS. Particularly, the specification

teaches that [c]onventional Domain Name Servers (DNSs) provide a look-up function that

returns the IP address of a requested computer or host. . . . One conventional scheme that

provides secure virtual private networks over the Internet provides the DNS server with the

public keys of the machines that the DNS server has the addresses for. See 504 at 39:7-9 and36:34-37. The specification then criticizes conventional DNS for not differentiating between

authorized and unauthorized users. Compare 504 at 39:43-45 (The conventional scheme

suffers from certain drawbacks. For example, any user can perform a DNS request. Moreover,

DNS requests resolve to the same value for all users.) with id . at 40:25-34 (describing the

benefits of the invention: If the user had requested lookup of a secure web site but lacked

credentials to create such a connection, DNS proxy 2610 would return a host unknown error to

the user. In this manner, different users requesting access to the same DNS name could be

provided with different look-up results.). Accordingly, VirnetXs alternative, proposed

construction is appropriate because it acknowledges that the claimed domain name service

system indicates that it supports establishing a secure communication link for authorized

requests/users.

The Court should reject Apples proposed construction because it misreads arguments

made in re-examination. In re-exam, VirnetX explained how conventional DNS could not meet

the claimed indication for the same reasons given above. See Ex. Q at 6 (The specification



16/30

-11-

explains that DNS systems that perform no more than these conventional functions have many

shortcomings, and further explains novel DNS-system embodiments that go beyond these

conventional functions by supporting establishing secure communications.). VirnetX also

explained that [n]ever does the specification equate the mere return of requested DNS records,

such as an IP address or key certificate, with supporting secure communications. See id .

Apples proposed construction facially appears to track VirnetXs re-exam argument, but there is

a critical difference between the two. Namely, VirnetX argued in re-exam that a server that does

nothing more than merely returning DNS records (like conventional DNS) does not support

establishing a secure communication link and therefore does not indicate as much by returningthe DNS records. 7 It does not followand VirnetX did not arguethat an IP address, public

key, etc. could not serve as the claimed indication for a domain name server that actually

supports establishing a secure communication link. To the extent that the Court is inclined to

account for VirnetXs arguments made in re-exam, the appropriate construction would require

that the domain name service system actually supports establishing a secure communication link

(which is already required by the claim language) and that it does so for authorized

requests/users.

7 In other words, the IP addresses and public keys in these conventional schemes are not theclaimed indication because everyoneauthorized and unauthorized users alikereceives thesame information. If a server is actually providing the claimed indication, then authorizedusers/requestors will receive an indication that the server supports establishing a securecommunication link (because they are authorized) that is different from what is received byunauthorized users/requestors (for whom the server will not support establishing a securecommunication link).



17/30

-12-

B. Disputes Involving New Claim Terms

5. intercept and intercepting [included in asserted claims of the 697 patent]VirnetXs Proposed Construction Apples Proposed Construction

[no construction necessary] access/accessing a communication addressed

to another6. [intercept / intercepting] . . . a request to look up an internet protocol (IP) address[included in claims of the 697 patent]



alternatively: receiving a request to look up an IPaddress and performing some evaluation on therequest that is not merely resolving the request

[no construction necessary beyondconstruction of intercept[ing]

No construction is necessary for the terms intercept and intercepting. The

surrounding claim language adequately explains that the phrase refers to receiving a request to

look up an internet protocol address and, apart from resolving it, evaluating the request to

determine whether the second network device is available for a secure communications service.

See Phillips , 415 F.3d at 1314 ([T]he claims themselves provide substantial guidance as to the

meaning of particular claim terms.). To the extent the Court is inclined to construe either of

these terms, VirnetX requests that the Court adopt its alternative proposed construction.

Apples proposed construction should be rejected for three reasons. First , Apples

proposed construction is inconsistent with the specification of the 697 patent. The 697 patent

discloses DNS proxy 2610 which intercepts all DNS lookup functions from client 2605 and

determines whether access to a secure site has been requested. 697 at 40:31-33. DNS proxy

2610 does not intercept DNS requests by somehow accessing communications that wereaddressed to another computer. To the contrary, the specification teaches that DNS proxy 2610,

itself, receives requests. See 697 at 41:49-50 (the clients DNS request would be received by

the DNS proxy server 2610 ); 41:6-9 (FIG. 27 shows steps that can be executed by DNS



18/30

-13-

proxy server 2610 to handle requests for DNS look-up for secure hosts. In step 2701, a DNS

look-up request is received for a target host.); see also Fig. 26 Fig. 26 (showing a line from the

IP stack of user computer 2601 to DNS Proxy 2610). 8

Second , even if DNS Proxy 2610 is viewed as intercepting requests from DNS Server

2609, it still does not follow that the requests were addressed to another computer. To the

contrary, the functions of DNS proxy 2610 and DNS server 2609 can be combined into a single

server for convenience. See 697 at 41:1-3; see also Fig. 26. In this embodiment, requests are

addressed to modified DNS server 2602, which includes both DNS proxy 2610 and DNS server

2609. See 697 at 40:25-27 (A modified DNS server 2602 includes a conventional DNS serverfunction 2609 and a DNS proxy 2610.). Apples proposed construction would impermissibly

exclude this preferred embodiment by requiring the intercepted requests to be address to

something other than modified DNS server 2602 and should therefore be rejected. See

Globetrotter Software, Inc. v. Elan Computer Group, Inc. , 362 F.3d 1367, 1381 (Fed. Cir. 2004)

([a] claim interpretation that excludes a preferred embodiment from the scope of the claim is

rarely, if ever, correct.).

Third , dependent claims 10 and 29 of the 697 patent recite that intercepting the request

consists of receiving the request to determine whether the second network device is available for

the secure communications service (emphasis added)thereby limiting intercepting to this

8 To be sure, the specification also uses the term intercepting to mean illicitly receiving a

request. See 697 at 29:62-63 (using the word intercepting in a nefarious sense whendescribing interlopers intercept[ing] . . . messages and trying to interfere with communication);id . at 39:49-51 (nefarious listeners on the Internet . . . intercept[ing] . . . packets and thuslearn[ing] what IP addresses the user was contacting). But the specification uses interceptingin a different sense when describing the embodiments. When describing the embodiments, thespecification describes intercepting a request by receiving it and performing some evaluationon it ( e.g. , determining whether access to a secure site has been requested) that is not merelyresolving the request.



19/30

-14-

language. See CIAS, Inc. v. Alliance Gaming Corp. , 504 F.3d 1356, 1361 (Fed. Cir. 2007) (It is

equally well understood in patent usage that consisting of is closed-ended and conveys

limitation and exclusion.). Apples construction, however, includes limitations beyond the

language of the dependent claims would therefore render these claims impossible to practice and

effectively void. In sum, Apples proposed construction should be rejected. See Level 3

Commcns, LLC v. Limelight Networks , 630 F.Supp.2d 654, 662 (E.D.Va.2008) (stating that

adopting construction which renders claim practically impossible [to practice] would make little

sense); Neev v. Abbott Med. Optics, Inc. , 2012 WL 1066797, at *12 (D.Del. Mar. 26, 2012)

(rejecting construction that would make practicing patent claim impossible).7. wherein the secure communication service uses the secure communication link tocommunicate at least one of video data and audio data between the first network device and thesecond network device [included in asserted claims of the 697 patent]


[no construction necessary] wherein the secure communications serviceuses the secure communication link tocommunicate at least one of video data andaudio data extending from the first networkdevice to the second network device

Apples proposed construction replaces between [A] and [B] with extending from [A]

to [B]. This dispute is not different from the dispute of between in the Cisco litigation, which

the parties have agreed not to re-brief. Accordingly, VirnetX opposes Apples construction for

the same reasons given in VirnetXs prior briefing.



20/30

-15-

8. [determine/determining] . . . is available for a secure communications service[included in asserted claims of the 697 patent]


[no construction necessary] determine/determining whether a device isavailable to establish a securecommunication link

Apples proposed construction attempts to change the claim language from available for

a secure communications service to available to establish a secure communication link. This

is improper. Courts do not rewrite claims; instead, we give effect to the terms chosen by the

patentee. Taurus IP, LLC v. DaimlerChrysler Corp. , 726 F.3d 1306, 1321 (Fed. Cir. 2013).

Moreover, the 697 patent teaches that the secure communications service uses a secure

communication link. See 697 at Abstract (the secure communications service uses the secure

communication link). This is reflected in the claim, itself. See claim 1 of the 697 patent

(wherein the secure communications service uses the secure communication link . . .)

(emphasis added); claim 16 (same). In sum, Apples attempt to replace secure communications

service with secure communication link is misplaced and should be rejected.

9. domain name lookup [included in claims 14 and 28 of the 697 patent]VirnetXs Proposed Construction Apples Proposed Construction

[no construction necessary] a lookup service that return an IP address fora requested domain name to the requester

No construction is necessary for this term. The language of claims 14 and 28 (as well as

the language of the independent claims on which claims 14 and 28 depend) make clear that

domain name lookup refers to looking up a domain name. Particularly, claim 16 requires

servers configured to determine. . . whether the second network device is available for a secure

communications service. Claim 28, which depends on claim 16, further requires that the

determination that the second network device is available for the secure communications service

is a function of the result of a domain name lookup (emphasis added).



21/30

-16-

Apples proposed construction should be rejected because it erroneously equates domain

name lookup with the term Domain Name Service (DNS). 9 In claims 14 and 28 of the 697

patent, domain name lookup merely specifies that the claimed determination is the result, at

least in part, of looking up a domain name. The claims do not require that the domain name

lookup also return an IP addressmuch less to an unspecified requester. Indeed, the preferred

embodiment describes automatically initiating a VPN instead of returning an IP address for the

requested domain name. See 697 at 40:5-9 (if the request is from a special type of user (e.g.,

one for which secure communication services are defined), the server does not return the true IP

address of the target node, but instead automatically sets up a virtual private network between thetarget node and the user.). In sum, the term domain name lookup as used by the claims of the

697 is meaningfully different from the 135 patents use of Domain Name Service, and

Apples construction should be rejected.

10. secure name service [included in asserted claims of the 181 patent]VirnetXs Proposed Construction Apples Proposed Construction

a lookup service that returns a network address

for a requested secure name and facilitatesestablishing a secure communication link basedon a secure name

Indefinite

VirnetXs proposed construction of secure name service is derived from the

specification and claim language of the 181 patent. The specification teaches a Secure Domain

Name Service (SDNS) 3313 as the preferred embodiment of a secure name service. For this

embodiment, the specification teaches: (i) that SDNS 3313 is a lookup service that returns

network addresses for a requested secure name, see 181 at 50:60-67 (SDNS 3313 contains a

cross-reference database of secure domain names and corresponding secure network addresses. .

9 Apples proposed construction for domain name lookup is identical to the Courts previousconstruction of Domain Name Service (DNS). See Ex. B at 15.



22/30

-17-

. . so that a user who desires a secure communication link to the website of the entity can

automatically obtain the secure computer network address for the secure website); and (ii) that

SDNS 3313 facilitates establishing a secure communication link based on a secure name, see

181:51:16-18 (SDNS 3313 accesses VPN gatekeeper 3314 for establishing a VPN

communication link between software module 3309 and secure server 3320). 10

VirnetXs proposed construction is appropriate because it accounts for the fact that SDNS

3313 is a preferredbut not limitingembodiment. First , VirnetXs proposed construction

recognizes that the claimed secure name service facilitates establishing a secure

communication linkand not necessarily a VPN. This, too, is warranted by the claim languageof the 181, which pertain to establishing secure communication links, not VPNs. See , e.g. ,

claim 2 of the 181 patent.

Second , VirnetXs proposed construction recognizes that the claimed secure name

service handles secure namesand not necessarily secure domain names. This is warranted by

the claim language. Namely, the claims of the 181 patent pertain to secure names rather than

secure domain names. See , e.g. , claim 2 of the 181 patent (sending a message to a secure

name service, the message requesting a network address associated with the secure name of the

second device). Further, claim 3 demonstrates, through the doctrine of claim differentiation,

that the claimed secure name service is not limited to secure domain names. See claim 3 of the

181 patent (The method according to claim 2, wherein the secure name of the second device is

a secure domain name.). See , e.g. , Zircon Corp. v. Stanley Black & Decker, Inc. , 452

10 See also Patent Owners Comments after Action Closing Prosecution (March 18, 2013), FileHistory of the Reexamination of U.S. Patent No. 8,051,181 (A person of ordinary skill in the artat the time of the invention would have understood that secure names are those names used tocommunicate securely that are resolved by a secure name service (i.e., a service that bothresolves a name into a network address and further supports establishing a secure communicationlink).).



23/30

-18-

Fed.Appx. 966, 974 (Fed. Cir. 2011) ([T]he presumption arising from claim differentiation is a

strong one when the very limitation one seeks to import into an independent claim appears in a

claim dependent therefrom.) (citing Liebel-Flarsheim Co. v. Medrad, Inc. , 358 F.3d 898, 910

(Fed. Cir. 2004)); but see Eon-Net LP v. Flagstar Bancorp , 653 F.3d 1314, at *18 (Fed. Cir. Jul.

29, 2011) ([C]laim differentiation is a rule of thumb that does not trump the clear import of the

specification) (citing Edwards Lifesciences, LLC v. Cook Inc. , 582 F.3d 1322, 1331 (Fed. Cir.

2009)). Accordingly, VirnetXs proposed construction for the term secure name service

should be adopted.

11.

secure name [included in asserted claims of the 181 patent]VirnetXs Proposed Construction Apples Proposed Construction

an authenticated name that can be resolved by asecure name service and can be used forestablishing a secure communication link

Indefinite

VirnetXs proposed construction for secure name follows the reasoning given above

for secure name service, which is a lookup service that returns a network address for a

requested secure name and facilitates establishing a secure communication link based on a secure

name. Additionally, a secure name is an authenticated name because it is securely registered

with the secure name service. The specification of the 181 patent teaches that [a] n entity can

register a secure domain name in SDNS 3313 so that a user who desires a secure communication

link to the website of the entity can automatically obtain the secure computer network address

for the secure website. 181 at 50:64-67 (emphasis added); see also File History of U.S. Patent

No. 8,051,181, Applicant Remarks/Arguments at 9 (Oct. 8, 2010) ([A] secure name is a name

associated with a network address of a first device. The name can be registered such that a

second device can obtain the network address associated with the first device from a secure name



24/30

-19-

registry and send a message to the first device.) (emphasis added). Accordingly, VirnetXs

proposed construction for the term secure name should be adopted.

12. unsecured name [included in claims 1, 26, and 27 of the 181 patent]

VirnetXs Proposed Construction Apples Proposed Constructiona name that can be resolved by a conventionalname service

Indefinite

A person of skill in the art would understand that unsecured name refers to a name that

can be resolved by a conventional name service. The specification teaches that non-secure

domain names can be registered with standard DNS for subsequent resolution. See 181 at

52:50-58 (the present invention automatically registers the corresponding equivalent non-secure

domain name with standard DNS 3325 in a well-known manner.).

Notably, a name could serve as both a secure name and an unsecured name if it can be

resolved by a secure name service and a conventional name service. There is nothing in the 181

patent that demands a different result. To be sure, the specification teaches an embodiment

where a secure domain name cannot be resolved by standard DNS. See 181 at 50:19-22

(Because the secure top-level domain name is a non-standard domain name, a query to a

standard domain name service (DNS) will return a message indicating that the universal resource

locator (URL) is unknown.). But the patent does not limit secure names to non-standard

domain names. Indeed, only dependent claim 23 requires a secure name to be a non-standard

domain name (which cannot be resolved by conventional DNS). Accordingly, the doctrine of

claim differentiation creates a strong presumption that secure names and unsecured names are

not mutually exclusive in the other claims. See Zircon Corp. , 452 Fed.Appx. at 974.



25/30

-20-

13. securely communicate [included in claims 1, 24, 26, and 29 of the 181 patent]VirnetXs Proposed Construction Apples Proposed Construction


alternatively: communicate with data security

send a message over a secure communicationlink

14. sending a message securely [included in claims 24-26 and 29 of the 181 patent]VirnetXs Proposed Construction Apples Proposed Construction


alternatively: sending a message with datasecurity

sending a message over a securecommunication link

No construction is necessary for these terms. To the extent that construction is necessary,

the terms should be construed simply to acknowledge that securely refers to data security. The

181 patent teaches that [a] tremendous variety of methods have been proposed and

implemented to provide security and anonymity for communications over the Internet. 181 at

1:28-30. The 181 patent goes on to teach the difference between data security and

anonymity. See 181 at 1:30-57. Apples proposed construction should be rejected for two

reasons. First , to the extent these claims require a secure communication link, it is an express

limitation of the claim. Had the inventors intended this limitation [to mean secure

communication link], they could have drafted claims to expressly include [secure communication

link]. See i4i Ltd. Pship v. Microsoft Corp. , 598 F.3d 831, 843 (Fed. Cir. 2010). Second , Apple

is attempting to import anonymity into these claims by daisy-chaining its proposed constructions

for these terms with its proposed constructions for secure communication link, (which Apple

wants construed to mean VPN), and its proposed construction for VPN, (which Apple wants

construed to include anonymity). The specification, however, distinguishes security and

anonymity. See 181 at 1:28-49 (describing differences and concluding: These two security

issues may be called data security and anonymity, respectively.). Apples attempts to import

secure communication link and anonymity are improper and should be rejected.



26/30

-21-

15. non-secure communication link [included in claim 7 of the 181 patent]VirnetXs Proposed Construction Apples Proposed Construction

a communication link that is not a securecommunication link

a communication link that transmitsinformation in the clear

The Courts construction for secure communication link is a direct communication

link that provides data security. A non-secure communication link is a communication link

that does not meet this construction. Apples proposed construction incorrectly applies non-

only to the first word secure. If the patentee intended this term to mean unencrypted ( i.e. ,

in the clear), it certainly could have used that term. See , e.g. , 181 at 53:6-9 (According to the

invention, communications are protected by a client-side proxy application program that accepts

unencrypted , unprotected communication packets from a local browser application.) (emphasis

added); but see id . at 21:43-48 (Packets transmitted according to one or more of the inventive

principles will be generally referred to as secure packets or secure communications to

differentiate them from ordinary data packets that are transmitted in the clear using ordinary,

machine-correlated addresses.).

VirnetXs proposed construction is further supported by the use of the term non-VPN

in the specification. When the specification uses the term non-VPN, it does not mean that the

communication link is necessarily not virtual i.e. , applying the non- only to the first word of

virtual private network. Nor does non-VPN necessarily mean that the communication link it

is not encrypted. Otherwise, the description of a communication link as a non-secure , non-

VPN communication link would be redundant. See 181 at 49:28-31 (emphasis added). By

describing a communication link as a non-secure, non-VPN communication link, the



27/30

-22-

specification is accounting for the fact that a VPN is not merely secure. 11 In the same way, a

secure communication link is not merely secure but also requires direct communication.

Accordingly, the Court should construe non-secure communication link as a communication

link that is not a secure communication link.

16. requesting and obtaining registration of a secure/unsecured name [included in claims24-27 of the 181 patent]


[no construction necessary] requesting and obtaining from a domainname registry service ownership of ansecure/unsecured name

No construction is necessary for this phrase beyond secure name and unsecured name.

Once these terms are construed, the phrase has an ordinary meaning that a jury will understand

without further construction.

Further, Apples proposed construction should be rejected because it rewrites the claim

language absent disclaimer or lexicography. The specification describes a preferred embodiment

secure domain name registry service that registers secure domain names, see 181 at 52:14-

227, but it also describes registration with SDNS 3313 in another embodiment, see 181 at

50:64-67. 12 As such, the specification disproves any disclaimer to obtaining . . . ownership

from a domain name registry service as Apples construction would require. See Thorner , 669

F.3d at 1366-1367 (It is likewise not enough that the only embodiments, or all of the

embodiments, contain a particular limitation. We do not read limitations from the specification

11 A virtual private network is not merely secure under either partys construction. Apples

proposed construction additionally requires anonymity. VirnetXs proposed constructionadditionally requires a VPN to allow private and direct communication, i.e., enabling a computeroutside of a private network to communicate as if it were physically within the private network.

12 Moreover, the specification also teaches a preferred embodiment where non-secure domainnames can be registered with a non-secure domain name server databasenot a domain nameregistry service. See 181 at 52:28-33.



28/30

-23-

into claims; we do not redefine words. Only the patentee can do that. To constitute disclaimer,

there must be a clear and unmistakable disclaimer.). Accordingly, Apples proposed

construction should be rejected.

17. message [included in asserted claims of the 181 patent]VirnetXs Proposed Construction Apples Proposed Construction

a unit of information that can be transmittedelectronically

a communication comprising one or morenetwork packets

VirnetXs proposed construction of this term is in accord with the understanding of a

person of ordinary skill in the art in 2000. The Microsoft Computer Dictionary defines

message as a unit of information transmitted electronically from one device to another. See

Microsoft Computer Dictionary at 287 (4th ed. 1999). Apples proposed construction is

incorrect because it requires a message to be composed of one or more entire network packets,

when, in fact, a message could be sent as only a portion ( e.g. , the payload) of one or more

network packets. See Jones Decl. at 8.

IV. CONCLUSION

For the foregoing reasons, VirnetX respectfully requests that the Court adopt its proposed

constructions and reject Apples proposed constructions.



29/30

Dated: March 24, 2014 Respectfully submitted,

C ALDWELL C ASSADY & C URRY /s/ Austin CurryBradley W. Caldwell

Texas State Bar No. 24040630Email: [email protected] D. CassadyTexas State Bar No. 24045625Email: [email protected] Austin CurryTexas State Bar No. 24059636Email: [email protected] R. PearsonTexas State Bar No. 24070398Email: [email protected]

Hamad M. HamadTexas State Bar No. 24061268Email: [email protected] S. StewartTexas State Bar No. 24079399Email: [email protected] F. SummersTexas State Bar No. 24079417Email: [email protected] Cedar Springs Rd., Suite 1000Dallas, Texas 75201Telephone: (214) 888-4848Facsimile: (214) 888-4849

Robert M. ParkerTexas State Bar No. 15498000Email: [email protected]. Christopher BuntTexas State Bar No. 00787165Email: [email protected] AinsworthTexas State Bar No. 00783521Email: [email protected] ARKER , BUNT & AINSWORTH , P.C.100 East Ferguson, Suite 1114Tyler, Texas 75702Telephone: (903) 531-3535Telecopier: (903) 533-9687ATTORNEYS FOR PLAINTIFFVIRNETX INC.



30/30

CERTIFICATE OF SERVICE

The undersigned certifies that, on March 24, 2014, the foregoing document was filed

electronically in compliance with Local Rule CV-5(a). As such, this motion was served on all

counsel who have consented to electronic service. Local Rule CV-5(a)(3)(A).

/s/ Austin CurryJohn Austin Curry


vhc cc brief v apple

Documents