Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 1 of 30 PageID #: 3304

IN THE UNITED STATES DISTRICT COURT FOR THE EASTERN DISTRICT OF TEXAS TYLER DIVISION VIRNETX INC. and SCIENCE APPLICATIONS INTERNATIONAL CORPORATION, Plaintiffs, vs. APPLE INC. Defendant.

Civil Action Nos. 6:11-cv-563 6:12-cv-855

JURY TRIAL DEMANDED

VIRNETXS OPENING CLAIM CONSTRUCTION BRIEF

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 2 of 30 PageID #: 3305

Table of Contents I. INTRODUCTION ........................................................................................................ 1 II. III. A. LEVEL OF ORDINARY SKILL IN THE ART ...................................................... 2 ARGUMENT ............................................................................................................ 2 Disputes Involving Previously Construed Claim Terms ....................................... 2 1.virtual private network [included in asserted claims of the 135 patent] .......2 2.generating from the client computer . . . [included in claim 1 of the 135 patent] ................................................................................ 7 3.an indication that the domain name service system supports establishing a secure communication link [included in asserted claims of the 504 patent] ............................................................................................................... 8 4.indicate in response to the query whether the domain name service system supports establishing a secure communication link [included in asserted claims of the211 patent] .................................................................................. 9 B. Disputes Involving New Claim Terms ................................................................ 12 5.intercept and intercepting [included in asserted claims of the 697 patent] ............................................................................................................. 12 6.[intercept / intercepting] . . . a request to look up an internet protocol (IP) address [included in claims of the 697 patent] ..................................... 12 7.wherein the secure communication service uses the secure communication link to communicate at least one of video data and audio data between the first network device and the second network device [included in asserted claims of the 697 patent] ................................ 14 8.[determine/determining] . . . is available for a secure communications service [included in asserted claims of the 697 patent] ............................... 15 9.domain name lookup [included in claims 14 and 28 of the 697 patent] ..... 15 10.secure name service [included in asserted claims of the 181 patent] ........ 16 11. secure name [included in asserted claims of the 181 patent] ................... 18 12. unsecured name [included in claims 1, 26, and 27 of the 181 patent]...... 19 -i-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 3 of 30 PageID #: 3306

13. securely communicate [included in claims 1, 24, 26, and 29 of the 181 patent] ........................................................................................... 20 14. sending a message securely [included in claims 24-26 and 29 of the 181 patent] ........................................................................................... 20 15. non-secure communication link [included in claim 7 of the 181 patent] ............................................................................................................. 21 16. requesting and obtaining registration of a secure/unsecured name [included in claims 24-27 of the 181 patent] ................................................. 22 17. message [included in asserted claims of the 181 patent] .......................... 23

IV. CONCLUSION ....................................................................................................... 23

-ii-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 4 of 30 PageID #: 3307

Table of Authorities Cases CIAS, Inc. v. Alliance Gaming Corp., 504 F.3d 1356 (Fed. Cir. 2007)................................................................................................. 14 Edwards Lifesciences, LLC v. Cook Inc., 582 F.3d 1322 (Fed. Cir. 2009)................................................................................................. 18 Eon-Net LP v. Flagstar Bancorp, 653 F.3d 1314 (Fed. Cir. Jul. 29, 2011) .................................................................................... 18 Globetrotter Software, Inc. v. Elan Computer Group, Inc., 362 F.3d 1367 (Fed. Cir. 2004)................................................................................................. 13 i4i Ltd. Pship v. Microsoft Corp., 598 F.3d 831(Fed. Cir. 2010).................................................................................................... 20 Level 3 Commcns, LLC v. Limelight Networks, 630 F.Supp.2d 654 (E.D.Va.2008) ........................................................................................... 14 Liebel-Flarsheim Co. v. Medrad, Inc., 358 F.3d 898 (Fed. Cir. 2004)................................................................................................... 18 Neev v. Abbott Med. Optics, Inc., 2012 WL 1066797 (D.Del. Mar. 26, 2012) .............................................................................. 14 Phillips v. AWH Corp., 415 F.3d 1303 (Fed. Cir. 2005)............................................................................................. 6, 12 SuperGuide Corp. v. DirecTV Enters., 211 F. Supp. 2d 725 (W.D.N.C. 2002) ....................................................................................... 7 Taurus IP, LLC v. DaimlerChrysler Corp., 726 F.3d 1306 (Fed. Cir. 2013)................................................................................................. 15 Teleflex, Inc. v. Ficosa N. Am. Corp., 299 F.3d 1313 (Fed. Cir. 2002)................................................................................................... 6 Thorner v. Sony Computer Entmt Am. LLC, 669 F.3d 1362 (Fed. Cir. 2012)............................................................................................. 6, 22 VirnetX, Inc. v. Microsoft Corp., 2009 WL 2370727 (E.D. Tex. July 30, 2009) ........................................................................ 5, 8

-iii-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 5 of 30 PageID #: 3308

Zircon Corp. v. Stanley Black & Decker, Inc., 452 Fed.Appx. 966 (Fed. Cir. 2011) ............................................................................. 17, 18, 19

-iv-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 6 of 30 PageID #: 3309

I.

INTRODUCTION There are six patents at issue in this lawsuit: U.S. Patent Nos. 6,502,135 (the 135

patent), 7,418,504 (the 504 patent), 7,490,151 (the 151 patent), and 7,921,211 (the 211 patent), 8,051,181 (the 181 patent) and 8,504,697 (the 697 patent). The patents are attached in Exhibits 1-6. The Court has previously construed terms for all asserted patents except the 181 and 697 patents. The Courts prior claim construction opinions are attached as exhibits A-C. The new patents belong to the same family of patent applications.1 As such, the technology at issue in the new patents will be familiar to the Court. The Court has conducted three Markman proceedings for patents in VirnetXs portfolio and has presided over three VirnetX trials. In acknowledgement of the Courts expertise in VirnetXs patents and out of respect for the Courts time, the parties have agreed to rely on prior briefing for previously construed claims as much as possible. Specifically, the parties have agreed to submit prior briefing on the majority of previously construed claim terms in lieu of repeating those arguments in the body of the briefs for this proceeding, and that this preserves the parties right to appeal alleged error in the previously construed terms (barring subsequent waiver). Accordingly, VirnetX incorporates by reference exhibits D-P, which are claim construction arguments and materials in support thereof from the previous cases. The claim terms for which this agreement applies are the terms highlighted in green in the parties Joint Claim Construction Statement. Dkt. No. 113-2.

Specifically, the 181 patent is a continuation of the patent application that became U.S. Patent No. 7,188,180, which the Court has construed. The 697 patent is a continuation of a continuation of the patent application that became the 211 patent. -1-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 7 of 30 PageID #: 3310

II.

LEVEL OF ORDINARY SKILL IN THE ART As with the prior litigations, VirnetX proposes that a person of ordinary skill in the art

would have a Masters degree in computer science or computer engineering as well as two years of experience in computer networking with some accompanying exposure to network security. See Jones Decl. at 3. III. ARGUMENT A. Disputes Involving Previously Construed Claim Terms 1. virtual private network [included in asserted claims of the 135 patent] VirnetXs Proposed Construction Apples Proposed Construction a network of computers which privately and directly communicate with each other by encrypting traffic on insecure communication paths between the computers where the communication is both secure and anonymous.

a network of computers which privately and directly communicate with each other by encrypting traffic on insecure communication paths between the computers

VirnetX urges the Court to reconsider its construction of this term to prevent what VirnetX believes was injustice in the Cisco2 trial from reoccurring, in which the Courts construction for VPN was miscast and abused by Ciscos counsel and witnesses. The Cisco trial highlights two fundamental claim construction disputes between VirnetX and Apple: (1) Does a VPN, in its ordinary meaning, require anonymity? And if so, (2) what is the appropriate scope of anonymity? The Cisco Trial. During claim construction, Cisco did not argue that the term virtual private network (or VPN) requires anonymity because of disclaimer or lexicography in the specification or the prosecution history of the 135 patent. Rather, Cisco told the Court that a VPN, in its ordinary meaning, achieves anonymity through tunneling. See Cisco Claim
2

VirnetX Inc. v. Cisco Systems Inc. et al. (6:10-cv-417) (hereinafter the Cisco case or simply Cisco) -2-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 8 of 30 PageID #: 3311

Construction Hing Tr. (Ex. K) at 28:10-22 (This is an excerpt from Your Honors order. You start out early on with The Wiley Electrical and Electronics Engineering Dictionary that defines a virtual private network. . . . So privacy here in the extrinsic evidence is both encryption and tunneling protocols. Tunneling protocols is how you ensure anonymity.) (emphasis added). But at trial, Cisco about-faced and told the jury that the Courts construction did not cover tunneling. See Cisco, 03/11/13 TT a.m. at 81:19-25 (Question: Dr. Clark, do you disagree with Ciscos lawyers statement that tunneling protocols ensure anonymity? Answer: I disagree that tunneling protocols ensure anonymity.).3 Remarkably, Cisco falsely denied making these arguments to the jury. See Cisco, 6/17/13 Post-Trial Hing Tr. at 52:13-17 (The Court: Let me ask you this, Mr. Desmarais: Did you misrepresent to the jury that the Courts claim construction forbid IP tunneling as a VPN? Mr. Desmarais: Absolutely not, Your Honor. Absolutely not.).4 Anonymity Revisited. VirnetX is not suggesting that the Court or its construction of VPN is somehow to blame for Ciscos misrepresentations and misconduct. Conceivably any construction can be twisted and distorted. But VirnetX is still reeling from Ciscos ill-gotten This is not the only way that Cisco miscast and abused the Courts construction for VPN. Cisco also: (1) told the jury that the Courts construction was limited to a very special type of VPN; (ii) told the jury that the anonymity requirement could only be met by the anonymity achieved by the preferred embodiments; and (iii) told the jury that prior art VPNs cannot meet the Courts construction. Ciscos repeated misconduct is documented, cited, and quoted in VirnetXs Motion for a New Trial. See Cisco, Dkt. No. 798 at 5-9. In making this misrepresentation to the Court, counsel for Cisco argued that he simply told the jury that tunneling was the prior art way of achieving anonymity. But Cisco repeatedly told the jury that prior art VPNs could not meet the Courts construction for VPN. See, e.g., Cisco, 3/07/13 p.m. TT at 82:5-11 (Q. So if we put up Claim 1 of the 759 patent, would Ciscos EasyVPN and AnyConnect productsdo theywith regards to the anonymity component of the virtual private network, do they all work the same way? A. They all work the same way and do not provide an anonymous VPN. They just provide a VPN, which was prior art.). Moreover, Cisco told the jury that only the tunneling of the IP-hopping embodiment of the patent could achieve anonymity. See Cisco, 3/07/13 p.m. TT at 60:18-61:23. -34 3

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 9 of 30 PageID #: 3312

verdicta verdict that Cisco won by incessantly telling the jury that the Courts construction of VPN is so far removed from the ordinary meaning of the term that it does not cover archetypical, industry-standard VPNs such as IPsec. See Jones Decl. at 4-7. The Court did not include anonymity in its construction of VPN by way of any disclaimer or lexicography in the intrinsic record of the patents. Indeed, no defendantnot Microsoft, not Apple, not Ciscohas ever argued that the term is so limited by disclaimer or lexicography. The disputes between the parties and the claim construction opinions of the Court have all exclusively focused on the ordinary meaning of the term. So is anonymity part of the ordinary meaning of VPN? No, and VirnetX has always opposed this. In a private network, computers communicate with each other securely. A virtual private network enables a computer outside of the private network to communicate as if it were physically within the private network. A VPN achieves this by securing the (otherwise) insecure communication path between the remote computer and the private network (through encryption) and by enabling the remote and private computers to communicate directly with each other (e.g., through tunneling). Tunneling is one way of enabling computers to directly communicate with each other. Using tunneling, a remote computer can directly communicate with computers on the private network via the private IP address space of the private network. Specifically, the packets with private IP addresses are encapsulated by packets with public IP addresses. The public IP addresses of the outer packet enable the packet to traverse the Internet (which only uses public IP addresses) such that it is routed to a public-facing computer at the private network. The public facing computer then removes the outer IP address and routes the inner packet to the appropriate computer within the private network using the private addresses.

-4-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 10 of 30 PageID #: 3313

To be sure, the combination of tunneling and encryption provides some degree of anonymity because the private IP addresses of the inner packet are encrypted and therefore not visible to an intercepting party. But it does not follow that anonymity is not the sine qua non of a virtual private network. Indeed, the Court has ruled that virtual private networks are not limited to IP tunneling. See VirnetX, Inc. v. Microsoft Corp., 2009 WL 2370727, at *5 (E.D. Tex. July 30, 2009) (Accordingly, virtual private network is not limited to IP tunneling, and the Court construes virtual private network as a network of computers which privately communicate with each other by encrypting traffic on insecure communication paths between the computers.) (Ex. A). Again, a VPN allows a computer outside of the physical private network to communicate as part of the private network. A VPN achieves this: (1) by enabling the computers to communicate directly with each other as if they were physically on the same private network; (2) by encrypting the communications on insecure communication paths to mimic the privacy of a private network; and (3) with or without some consequential degree of anonymity. Apples Arguments. Apple does not argue that anonymity is part of the ordinary meaning of the term VPN. Instead, Apple argues that anonymity is party of the ordinary meaning of the term in light of the specification. Apples arguments and proposed construction should be rejected for three reasons. First, there is nothing in the specification that describes all VPNs as having or requiring anonymity. Second, the specification does not deviate from the ordinary meaning of VPN. While the patent discloses a novel IP-hopping VPN that provides anonymity that helps foil traffic analysis, it does not follow that non-IP-hopping VPNs necessarily have some non-zero degree of anonymity. Indeed, the specification implies that, without IP-hopping, there is no anonymity. See 135 at 38:2-6 (The VPN is preferably

-5-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 11 of 30 PageID #: 3314

implemented using the IP address hopping features of the basic invention described above, such that the true identity of the two nodes cannot be determined even if packets during the communication are intercepted.). Third, Apple cannot identify any difference between importing anonymity into the term VPN via discerning the ordinary meaning of the term in light of the specification and importing anonymity via disclaimer to the preferred embodiments. In other words, Apples argument is nothing more than disclaimer in disguise. While claims must be read in view of the specification, of which they are a part, Phillips v. AWH Corp., 415 F.3d 1303, 1315 (Fed. Cir. 2005) (internal quotations omitted), this is not an open invitation to import limitations from the preferred embodiments. Nor is it a way to circumvent the Federal Circuits stringent test for disclaimer.5 Indeed, the Federal Circuit in Phillips warned against importing limitations from the specification under the guise of using the specification to interpret the meaning of the claim. See Phillips, 415 F.3d at 1323 ([W]e recognize that the distinction between using the specification to interpret the meaning of a claim and importing limitations from the specification into the claim can be a difficult one to apply in practice. However, the line between construing terms and importing limitations can be discerned with reasonable certainty and predictability if the courts focus remains on understanding how a person of ordinary skill in the art would understand the claim terms.) (internal citation removed). Accordingly, VirnetX requests that the Court modify its construction of VPN by removing the requirement of anonymity. Claim Scope Disputes Post-Cisco. If the Court is inclined to construe virtual private network to require anonymity, the Cisco trial highlights several disputes of claim scope that
5

See, e.g., Thorner v. Sony Computer Entmt Am. LLC, 669 F.3d 1362, 1366 (Fed. Cir. 2012) (requiring expressions of manifest exclusion or restriction, representing a clear disavowal of claim scope for a finding of disclaimer) (quoting Teleflex, Inc. v. Ficosa N. Am. Corp., 299 F.3d 1313, 1325 (Fed. Cir. 2002)). -6-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 12 of 30 PageID #: 3315

should be resolved by the Courtand not duked out before the jury. Specifically, Apple and VirnetX dispute the legal scope anonymity. If the Court includes anonymity in the construction of VPN, VirnetX requests (and Apple opposes) a ruling that anonymity is met by at least by tunneling and encryption, that anonymity is not limited to the anonymity achieved by the IPhopping embodiments of the patent, and that anonymity is achieved by VPNs known to persons of ordinary skill at the time of the invention. These clarifications are imminently appropriate based on the history of the construction of VPN. Namely, the doctrine of judicial estoppel should preclude Apple from arguing that tunneling and encryption does not achieve anonymity, as that is exactly what Apple represented to the Court at oral argument in the Cisco case. See supra at 2; SuperGuide Corp. v. DirecTV Enters., 211 F. Supp. 2d 725, 764 (W.D.N.C. 2002) (finding that Gemstars position [which is different from what it argued during claim construction] is precluded by the doctrine of judicial estoppel which is designed to prevent litigants from playing fast and loose with the courts.). Next, Apple should be precluded from arguing that anonymity is limited to preferred embodiments of the patent as Apple is not arguing that there is disclaimer to those embodiments. And finally, Apple should be precluded from arguing that VPNs known to persons of ordinary skill at the time of the invention do not achieve anonymity because the opposite would eviscerate any notion that Apples proposed construction of VPN is the ordinary meaning of the term. 2. generating from the client computer . . . [included in claim 1 of the 135 patent] VirnetXs Proposed Construction Apples Proposed Construction generating and transmitting from the client computer a DNS request

[no construction necessary]

The first step of claim 1 of the 135 patent begins: generating from . . . . Apple attempts to rewrite the claim language with its proposed construction: generating and transmitting from . . . . The Court adopted this construction in the prior litigation because the parties agreed to this -7-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 13 of 30 PageID #: 3316

construction. See Ex. B at 27. This agreement, however, was based on representation from Apples counsel that it would not attempt to use the transmitting language to circumvent the Courts prior ruling in the Microsoft case that the client computer can perform the second step (i.e., the determining step). See Microsoft Claim Construction Opinion (Ex. A) at 20 (finding that [t]he client computer can perform the determining step based on the claim language and the doctrine of claim differentiation). Apple represented that it would not circumvent this ruling at the claim construction hearing: MR. CASSADY: Your Honor, we are okay with generating and transmitting, but I still didnt get an answer to my question, which is are they trying to circumvent Your Honors construction that said the client computer can do the determining step by either transmitting from a function to a function, from a piece of software to a piece of software, from other functions on the client? Im still not hearing that answer. That is really the problem here. THE COURT: Can you answer that more definitively? MR. WILLIAMS: The first thing I said when I stood up here awhile ago was, no, sir, we are not trying to circumvent anything. See Cisco Claim Construction Hing Tr. (Ex. K) at 117:19-118:5. Apple did not make good on this commitment. Namely, Apples expert argued that Apple did not infringe because a client computer cannot examine a DNS request to perform the determination step because the Courts construction requires the DNS request to be transmitted from the device. Accordingly, VirnetX asks that the Court not adopt Apples proposed construction and leave the claim language as-is. 3. an indication that the domain name service system supports establishing a secure communication link[included in asserted claims of the 504 patent] VirnetXs Proposed Construction Apples Proposed Construction [no construction necessary] alternatively: an indication that the domain name service system has authorized and supports establishing a secure communication link -8an affirmative signal beyond the mere returning of an IP address, public key, digital signature, or certificate that the domain name service system supports establishing a secure communication link

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 14 of 30 PageID #: 3317

4. indicate in response to the query whether the domain name service system supports establishing a secure communication link [included in asserted claims of the211 patent] VirnetXs Proposed Construction Apples Proposed Construction [no construction necessary] alternatively: indicate in response to the query whether the domain name service system has authorized and supports establishing a secure communication link in response to the query for a network address, affirmatively signaling beyond the mere returning of an IP address, public key, digital signature, or certificate that the domain name service system supports establishing a secure communication link

As the Court has previously observed, these terms are readily understandable and do not require construction. See Cisco and Mitel Opinions (Ex. B at 27-28; Ex. C at 10-11). If the Court is inclined to construe these terms, it should adopt VirnetXs proposed constructions, which clarifies that the claimed indication is that the domain name service system has authorized and supports establishing a secure communication link. This is in accord with the specification and the prosecution history. The 504 and 211 patents describe a preferred embodiment in columns 49 through 53 that illustrates why VirnetXs alternative, proposed construction is appropriate. Particularly, the specification teaches SDNS 3313 that supports establishing6 a VPN by accessing VPN gatekeeper 3314, which provisions computer 3301 and secure web server computer 3320, or a secure edge router for server computer 3320, thereby creating the VPN. See 504 at 51:34-40. Notably, the specification teaches that a VPN gatekeeper only provisions authorized users. See id. at 40:57-63 (recognizing that a gatekeeper computer determines whether a user is authorized); see also id. at 41: 33-38 (Scenario #2: Client does not have permission to access target computer. In this scenario, the clients DNS To remove any doubt that SDNS 3133 in combination with VPN gatekeeper 3314 is the preferred embodiment with respect to the disputed indication terms, VirnetX notes that SDNS 3133 embodies the other two limitations of the independent claims of the 504 and 211 patent, namely: (1) storing domain names and corresponding network addresses, see 504 at 51:11-12 (SDNS 3313 contains a cross-reference database of secure domain names and corresponding secure network addresses); and (2) receiving a query for a network address, see id. at 51:29-30 (When a user queries SDNS 3313 for the secure computer network address . . .). -96

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 15 of 30 PageID #: 3318

request would be received by the DNS proxy server 2610, which would forward the request to gatekeeper 2603. The gatekeeper would reject the request, informing DNS proxy server 2610 that it was unable to find the target computer.). Further, VirnetXs alternative, proposed construction accounts for how the specification explains the claimed inventions by disparaging conventional DNS. Particularly, the specification teaches that [c]onventional Domain Name Servers (DNSs) provide a look-up function that returns the IP address of a requested computer or host. . . . One conventional scheme that provides secure virtual private networks over the Internet provides the DNS server with the public keys of the machines that the DNS server has the addresses for. See 504 at 39:7-9 and 36:34-37. The specification then criticizes conventional DNS for not differentiating between authorized and unauthorized users. Compare 504 at 39:43-45 (The conventional scheme suffers from certain drawbacks. For example, any user can perform a DNS request. Moreover, DNS requests resolve to the same value for all users.) with id. at 40:25-34 (describing the benefits of the invention: If the user had requested lookup of a secure web site but lacked credentials to create such a connection, DNS proxy 2610 would return a host unknown error to the user. In this manner, different users requesting access to the same DNS name could be provided with different look-up results.). Accordingly, VirnetXs alternative, proposed construction is appropriate because it acknowledges that the claimed domain name service system indicates that it supports establishing a secure communication link for authorized requests/users. The Court should reject Apples proposed construction because it misreads arguments made in re-examination. In re-exam, VirnetX explained how conventional DNS could not meet the claimed indication for the same reasons given above. See Ex. Q at 6 (The specification

-10-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 16 of 30 PageID #: 3319

explains that DNS systems that perform no more than these conventional functions have many shortcomings, and further explains novel DNS-system embodiments that go beyond these conventional functions by supporting establishing secure communications.). VirnetX also explained that [n]ever does the specification equate the mere return of requested DNS records, such as an IP address or key certificate, with supporting secure communications. See id. Apples proposed construction facially appears to track VirnetXs re-exam argument, but there is a critical difference between the two. Namely, VirnetX argued in re-exam that a server that does nothing more than merely returning DNS records (like conventional DNS) does not support establishing a secure communication link and therefore does not indicate as much by returning the DNS records.7 It does not followand VirnetX did not arguethat an IP address, public key, etc. could not serve as the claimed indication for a domain name server that actually supports establishing a secure communication link. To the extent that the Court is inclined to account for VirnetXs arguments made in re-exam, the appropriate construction would require that the domain name service system actually supports establishing a secure communication link (which is already required by the claim language) and that it does so for authorized requests/users.

In other words, the IP addresses and public keys in these conventional schemes are not the claimed indication because everyoneauthorized and unauthorized users alikereceives the same information. If a server is actually providing the claimed indication, then authorized users/requestors will receive an indication that the server supports establishing a secure communication link (because they are authorized) that is different from what is received by unauthorized users/requestors (for whom the server will not support establishing a secure communication link). -11-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 17 of 30 PageID #: 3320

B. Disputes Involving New Claim Terms 5. intercept and intercepting [included in asserted claims of the 697 patent] VirnetXs Proposed Construction Apples Proposed Construction access/accessing a communication addressed to another

[no construction necessary]

6. [intercept / intercepting] . . . a request to look up an internet protocol (IP) address [included in claims of the 697 patent] VirnetXs Proposed Construction Apples Proposed Construction [no construction necessary] alternatively: receiving a request to look up an IP address and performing some evaluation on the request that is not merely resolving the request [no construction necessary beyond construction of intercept[ing]

No construction is necessary for the terms intercept and intercepting. The surrounding claim language adequately explains that the phrase refers to receiving a request to look up an internet protocol address and, apart from resolving it, evaluating the request to determine whether the second network device is available for a secure communications service. See Phillips, 415 F.3d at 1314 ([T]he claims themselves provide substantial guidance as to the meaning of particular claim terms.). To the extent the Court is inclined to construe either of these terms, VirnetX requests that the Court adopt its alternative proposed construction. Apples proposed construction should be rejected for three reasons. First, Apples proposed construction is inconsistent with the specification of the 697 patent. The 697 patent discloses DNS proxy 2610 which intercepts all DNS lookup functions from client 2605 and determines whether access to a secure site has been requested. 697 at 40:31-33. DNS proxy 2610 does not intercept DNS requests by somehow accessing communications that were addressed to another computer. To the contrary, the specification teaches that DNS proxy 2610, itself, receives requests. See 697 at 41:49-50 (the clients DNS request would be received by the DNS proxy server 2610); 41:6-9 (FIG. 27 shows steps that can be executed by DNS

-12-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 18 of 30 PageID #: 3321

proxy server 2610 to handle requests for DNS look-up for secure hosts. In step 2701, a DNS look-up request is received for a target host.); see also Fig. 26 Fig. 26 (showing a line from the IP stack of user computer 2601 to DNS Proxy 2610).8 Second, even if DNS Proxy 2610 is viewed as intercepting requests from DNS Server 2609, it still does not follow that the requests were addressed to another computer. To the contrary, the functions of DNS proxy 2610 and DNS server 2609 can be combined into a single server for convenience. See 697 at 41:1-3; see also Fig. 26. In this embodiment, requests are addressed to modified DNS server 2602, which includes both DNS proxy 2610 and DNS server 2609. See 697 at 40:25-27 (A modified DNS server 2602 includes a conventional DNS server function 2609 and a DNS proxy 2610.). Apples proposed construction would impermissibly exclude this preferred embodiment by requiring the intercepted requests to be address to something other than modified DNS server 2602 and should therefore be rejected. See Globetrotter Software, Inc. v. Elan Computer Group, Inc., 362 F.3d 1367, 1381 (Fed. Cir. 2004) ([a] claim interpretation that excludes a preferred embodiment from the scope of the claim is rarely, if ever, correct.). Third, dependent claims 10 and 29 of the 697 patent recite that intercepting the request consists of receiving the request to determine whether the second network device is available for the secure communications service (emphasis added)thereby limiting intercepting to this

To be sure, the specification also uses the term intercepting to mean illicitly receiving a request. See 697 at 29:62-63 (using the word intercepting in a nefarious sense when describing interlopers intercept[ing] . . . messages and trying to interfere with communication); id. at 39:49-51 (nefarious listeners on the Internet . . . intercept[ing] . . . packets and thus learn[ing] what IP addresses the user was contacting). But the specification uses intercepting in a different sense when describing the embodiments. When describing the embodiments, the specification describes intercepting a request by receiving it and performing some evaluation on it (e.g., determining whether access to a secure site has been requested) that is not merely resolving the request. -13-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 19 of 30 PageID #: 3322

language. See CIAS, Inc. v. Alliance Gaming Corp., 504 F.3d 1356, 1361 (Fed. Cir. 2007) (It is equally well understood in patent usage that consisting of is closed-ended and conveys limitation and exclusion.). Apples construction, however, includes limitations beyond the language of the dependent claims would therefore render these claims impossible to practice and effectively void. In sum, Apples proposed construction should be rejected. See Level 3 Commcns, LLC v. Limelight Networks, 630 F.Supp.2d 654, 662 (E.D.Va.2008) (stating that adopting construction which renders claim practically impossible [to practice] would make little sense); Neev v. Abbott Med. Optics, Inc., 2012 WL 1066797, at *12 (D.Del. Mar. 26, 2012) (rejecting construction that would make practicing patent claim impossible). 7. wherein the secure communication service uses the secure communication link to communicate at least one of video data and audio data between the first network device and the second network device [included in asserted claims of the 697 patent] VirnetXs Proposed Construction Apples Proposed Construction [no construction necessary] wherein the secure communications service uses the secure communication link to communicate at least one of video data and audio data extending from the first network device to the second network device

Apples proposed construction replaces between [A] and [B] with extending from [A] to [B]. This dispute is not different from the dispute of between in the Cisco litigation, which the parties have agreed not to re-brief. Accordingly, VirnetX opposes Apples construction for the same reasons given in VirnetXs prior briefing.

-14-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 20 of 30 PageID #: 3323

8. [determine/determining] . . . is available for a secure communications service [included in asserted claims of the 697 patent] VirnetXs Proposed Construction Apples Proposed Construction [no construction necessary] determine/determining whether a device is available to establish a secure communication link

Apples proposed construction attempts to change the claim language from available for a secure communications service to available to establish a secure communication link. This is improper. Courts do not rewrite claims; instead, we give effect to the terms chosen by the patentee. Taurus IP, LLC v. DaimlerChrysler Corp., 726 F.3d 1306, 1321 (Fed. Cir. 2013). Moreover, the 697 patent teaches that the secure communications service uses a secure communication link. See 697 at Abstract (the secure communications service uses the secure communication link). This is reflected in the claim, itself. See claim 1 of the 697 patent (wherein the secure communications service uses the secure communication link . . .) (emphasis added); claim 16 (same). In sum, Apples attempt to replace secure communications service with secure communication link is misplaced and should be rejected. 9. domain name lookup [included in claims 14 and 28 of the 697 patent] VirnetXs Proposed Construction Apples Proposed Construction a lookup service that return an IP address for a requested domain name to the requester

[no construction necessary]

No construction is necessary for this term. The language of claims 14 and 28 (as well as the language of the independent claims on which claims 14 and 28 depend) make clear that domain name lookup refers to looking up a domain name. Particularly, claim 16 requires servers configured to determine. . . whether the second network device is available for a secure communications service. Claim 28, which depends on claim 16, further requires that the determination that the second network device is available for the secure communications service is a function of the result of a domain name lookup (emphasis added). -15-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 21 of 30 PageID #: 3324

Apples proposed construction should be rejected because it erroneously equates domain name lookup with the term Domain Name Service (DNS).9 In claims 14 and 28 of the 697 patent, domain name lookup merely specifies that the claimed determination is the result, at least in part, of looking up a domain name. The claims do not require that the domain name lookup also return an IP addressmuch less to an unspecified requester. Indeed, the preferred embodiment describes automatically initiating a VPN instead of returning an IP address for the requested domain name. See 697 at 40:5-9 (if the request is from a special type of user (e.g., one for which secure communication services are defined), the server does not return the true IP address of the target node, but instead automatically sets up a virtual private network between the target node and the user.). In sum, the term domain name lookup as used by the claims of the 697 is meaningfully different from the 135 patents use of Domain Name Service, and Apples construction should be rejected. 10. secure name service [included in asserted claims of the 181 patent] VirnetXs Proposed Construction Apples Proposed Construction Indefinite

a lookup service that returns a network address for a requested secure name and facilitates establishing a secure communication link based on a secure name

VirnetXs proposed construction of secure name service is derived from the specification and claim language of the 181 patent. The specification teaches a Secure Domain Name Service (SDNS) 3313 as the preferred embodiment of a secure name service. For this embodiment, the specification teaches: (i) that SDNS 3313 is a lookup service that returns network addresses for a requested secure name, see 181 at 50:60-67 (SDNS 3313 contains a cross-reference database of secure domain names and corresponding secure network addresses. . Apples proposed construction for domain name lookup is identical to the Courts previous construction of Domain Name Service (DNS). See Ex. B at 15. -169

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 22 of 30 PageID #: 3325

. . so that a user who desires a secure communication link to the website of the entity can automatically obtain the secure computer network address for the secure website); and (ii) that SDNS 3313 facilitates establishing a secure communication link based on a secure name, see 181:51:16-18 (SDNS 3313 accesses VPN gatekeeper 3314 for establishing a VPN communication link between software module 3309 and secure server 3320).10 VirnetXs proposed construction is appropriate because it accounts for the fact that SDNS 3313 is a preferredbut not limitingembodiment. First, VirnetXs proposed construction recognizes that the claimed secure name service facilitates establishing a secure communication linkand not necessarily a VPN. This, too, is warranted by the claim language of the 181, which pertain to establishing secure communication links, not VPNs. See, e.g., claim 2 of the 181 patent. Second, VirnetXs proposed construction recognizes that the claimed secure name service handles secure namesand not necessarily secure domain names. This is warranted by the claim language. Namely, the claims of the 181 patent pertain to secure names rather than secure domain names. See, e.g., claim 2 of the 181 patent (sending a message to a secure name service, the message requesting a network address associated with the secure name of the second device). Further, claim 3 demonstrates, through the doctrine of claim differentiation, that the claimed secure name service is not limited to secure domain names. See claim 3 of the 181 patent (The method according to claim 2, wherein the secure name of the second device is a secure domain name.). See, e.g., Zircon Corp. v. Stanley Black & Decker, Inc., 452 See also Patent Owners Comments after Action Closing Prosecution (March 18, 2013), File History of the Reexamination of U.S. Patent No. 8,051,181 (A person of ordinary skill in the art at the time of the invention would have understood that secure names are those names used to communicate securely that are resolved by a secure name service (i.e., a service that both resolves a name into a network address and further supports establishing a secure communication link).). -1710

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 23 of 30 PageID #: 3326

Fed.Appx. 966, 974 (Fed. Cir. 2011) ([T]he presumption arising from claim differentiation is a strong one when the very limitation one seeks to import into an independent claim appears in a claim dependent therefrom.) (citing Liebel-Flarsheim Co. v. Medrad, Inc., 358 F.3d 898, 910 (Fed. Cir. 2004)); but see Eon-Net LP v. Flagstar Bancorp, 653 F.3d 1314, at *18 (Fed. Cir. Jul. 29, 2011) ([C]laim differentiation is a rule of thumb that does not trump the clear import of the specification) (citing Edwards Lifesciences, LLC v. Cook Inc., 582 F.3d 1322, 1331 (Fed. Cir. 2009)). Accordingly, VirnetXs proposed construction for the term secure name service should be adopted. 11. secure name [included in asserted claims of the 181 patent] VirnetXs Proposed Construction Apples Proposed Construction Indefinite

an authenticated name that can be resolved by a secure name service and can be used for establishing a secure communication link

VirnetXs proposed construction for secure name follows the reasoning given above for secure name service, which is a lookup service that returns a network address for a requested secure name and facilitates establishing a secure communication link based on a secure name. Additionally, a secure name is an authenticated name because it is securely registered with the secure name service. The specification of the 181 patent teaches that [a]n entity can register a secure domain name in SDNS 3313 so that a user who desires a secure communication link to the website of the entity can automatically obtain the secure computer network address for the secure website. 181 at 50:64-67 (emphasis added); see also File History of U.S. Patent No. 8,051,181, Applicant Remarks/Arguments at 9 (Oct. 8, 2010) ([A] secure name is a name associated with a network address of a first device. The name can be registered such that a second device can obtain the network address associated with the first device from a secure name

-18-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 24 of 30 PageID #: 3327

registry and send a message to the first device.) (emphasis added). Accordingly, VirnetXs proposed construction for the term secure name should be adopted. 12. unsecured name [included in claims 1, 26, and 27 of the 181 patent] VirnetXs Proposed Construction Apples Proposed Construction Indefinite

a name that can be resolved by a conventional name service

A person of skill in the art would understand that unsecured name refers to a name that can be resolved by a conventional name service. The specification teaches that non-secure domain names can be registered with standard DNS for subsequent resolution. See 181 at 52:50-58 (the present invention automatically registers the corresponding equivalent non-secure domain name with standard DNS 3325 in a well-known manner.). Notably, a name could serve as both a secure name and an unsecured name if it can be resolved by a secure name service and a conventional name service. There is nothing in the 181 patent that demands a different result. To be sure, the specification teaches an embodiment where a secure domain name cannot be resolved by standard DNS. See 181 at 50:19-22 (Because the secure top-level domain name is a non-standard domain name, a query to a standard domain name service (DNS) will return a message indicating that the universal resource locator (URL) is unknown.). But the patent does not limit secure names to non-standard domain names. Indeed, only dependent claim 23 requires a secure name to be a non-standard domain name (which cannot be resolved by conventional DNS). Accordingly, the doctrine of claim differentiation creates a strong presumption that secure names and unsecured names are not mutually exclusive in the other claims. See Zircon Corp., 452 Fed.Appx. at 974.

-19-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 25 of 30 PageID #: 3328

13.

securely communicate [included in claims 1, 24, 26, and 29 of the 181 patent] VirnetXs Proposed Construction Apples Proposed Construction send a message over a secure communication link

[no construction necessary] alternatively: communicate with data security 14.

sending a message securely [included in claims 24-26 and 29 of the 181 patent] VirnetXs Proposed Construction Apples Proposed Construction sending a message over a secure communication link

[no construction necessary] alternatively: sending a message with data security

No construction is necessary for these terms. To the extent that construction is necessary, the terms should be construed simply to acknowledge that securely refers to data security. The 181 patent teaches that [a] tremendous variety of methods have been proposed and implemented to provide security and anonymity for communications over the Internet. 181 at 1:28-30. The 181 patent goes on to teach the difference between data security and anonymity. See 181 at 1:30-57. Apples proposed construction should be rejected for two reasons. First, to the extent these claims require a secure communication link, it is an express limitation of the claim. Had the inventors intended this limitation [to mean secure communication link], they could have drafted claims to expressly include [secure communication link]. See i4i Ltd. Pship v. Microsoft Corp., 598 F.3d 831, 843 (Fed. Cir. 2010). Second, Apple is attempting to import anonymity into these claims by daisy-chaining its proposed constructions for these terms with its proposed constructions for secure communication link, (which Apple wants construed to mean VPN), and its proposed construction for VPN, (which Apple wants construed to include anonymity). The specification, however, distinguishes security and anonymity. See 181 at 1:28-49 (describing differences and concluding: These two security issues may be called data security and anonymity, respectively.). Apples attempts to import secure communication link and anonymity are improper and should be rejected. -20-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 26 of 30 PageID #: 3329

15.

non-secure communication link [included in claim 7 of the 181 patent] VirnetXs Proposed Construction Apples Proposed Construction a communication link that transmits information in the clear

a communication link that is not a secure communication link

The Courts construction for secure communication link is a direct communication link that provides data security. A non-secure communication link is a communication link that does not meet this construction. Apples proposed construction incorrectly applies non- only to the first word secure. If the patentee intended this term to mean unencrypted (i.e., in the clear), it certainly could have used that term. See, e.g., 181 at 53:6-9 (According to the invention, communications are protected by a client-side proxy application program that accepts unencrypted, unprotected communication packets from a local browser application.) (emphasis added); but see id. at 21:43-48 (Packets transmitted according to one or more of the inventive principles will be generally referred to as secure packets or secure communications to differentiate them from ordinary data packets that are transmitted in the clear using ordinary, machine-correlated addresses.). VirnetXs proposed construction is further supported by the use of the term non-VPN in the specification. When the specification uses the term non-VPN, it does not mean that the communication link is necessarily not virtuali.e., applying the non- only to the first word of virtual private network. Nor does non-VPN necessarily mean that the communication link it is not encrypted. Otherwise, the description of a communication link as a non-secure, nonVPN communication link would be redundant. See 181 at 49:28-31 (emphasis added). By describing a communication link as a non-secure, non-VPN communication link, the

-21-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 27 of 30 PageID #: 3330

specification is accounting for the fact that a VPN is not merely secure.11 In the same way, a secure communication link is not merely secure but also requires direct communication. Accordingly, the Court should construe non-secure communication link as a communication link that is not a secure communication link. 16. requesting and obtaining registration of a secure/unsecured name [included in claims 24-27 of the 181 patent] VirnetXs Proposed Construction Apples Proposed Construction [no construction necessary] requesting and obtaining from a domain name registry service ownership of an secure/unsecured name

No construction is necessary for this phrase beyond secure name and unsecured name. Once these terms are construed, the phrase has an ordinary meaning that a jury will understand without further construction. Further, Apples proposed construction should be rejected because it rewrites the claim language absent disclaimer or lexicography. The specification describes a preferred embodiment secure domain name registry service that registers secure domain names, see 181 at 52:14227, but it also describes registration with SDNS 3313 in another embodiment, see 181 at 50:64-67.12 As such, the specification disproves any disclaimer to obtaining . . . ownership from a domain name registry service as Apples construction would require. See Thorner, 669 F.3d at 1366-1367 (It is likewise not enough that the only embodiments, or all of the embodiments, contain a particular limitation. We do not read limitations from the specification A virtual private network is not merely secure under either partys construction. Apples proposed construction additionally requires anonymity. VirnetXs proposed construction additionally requires a VPN to allow private and direct communication, i.e., enabling a computer outside of a private network to communicate as if it were physically within the private network.
12 11

Moreover, the specification also teaches a preferred embodiment where non-secure domain names can be registered with a non-secure domain name server databasenot a domain name registry service. See 181 at 52:28-33. -22-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 28 of 30 PageID #: 3331

into claims; we do not redefine words. Only the patentee can do that. To constitute disclaimer, there must be a clear and unmistakable disclaimer.). Accordingly, Apples proposed construction should be rejected. 17. message [included in asserted claims of the 181 patent] VirnetXs Proposed Construction Apples Proposed Construction a communication comprising one or more network packets

a unit of information that can be transmitted electronically

VirnetXs proposed construction of this term is in accord with the understanding of a person of ordinary skill in the art in 2000. The Microsoft Computer Dictionary defines message as a unit of information transmitted electronically from one device to another. See Microsoft Computer Dictionary at 287 (4th ed. 1999). Apples proposed construction is incorrect because it requires a message to be composed of one or more entire network packets, when, in fact, a message could be sent as only a portion (e.g., the payload) of one or more network packets. See Jones Decl. at 8. IV. CONCLUSION For the foregoing reasons, VirnetX respectfully requests that the Court adopt its proposed constructions and reject Apples proposed constructions.

-23-

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 29 of 30 PageID #: 3332

Dated: March 24, 2014

Respectfully submitted, CALDWELL CASSADY & CURRY /s/ Austin Curry Bradley W. Caldwell Texas State Bar No. 24040630 Email: bcaldwell@caldwellcc.com Jason D. Cassady Texas State Bar No. 24045625 Email: jcassady@caldwellcc.com John Austin Curry Texas State Bar No. 24059636 Email: acurry@caldwellcc.com Daniel R. Pearson Texas State Bar No. 24070398 Email: dpearson@caldwellcc.com Hamad M. Hamad Texas State Bar No. 24061268 Email: hhamad@caldwellcc.com Christopher S. Stewart Texas State Bar No. 24079399 Email: cstewart@caldwellcc.com John F. Summers Texas State Bar No. 24079417 Email: jsummers@caldwellcc.com 2101 Cedar Springs Rd., Suite 1000 Dallas, Texas 75201 Telephone: (214) 888-4848 Facsimile: (214) 888-4849 Robert M. Parker Texas State Bar No. 15498000 Email: rmparker@pbatyler.com R. Christopher Bunt Texas State Bar No. 00787165 Email: charley@pbatyler.com Charles Ainsworth Texas State Bar No. 00783521 Email: charley@pbatyler.com PARKER, BUNT & AINSWORTH, P.C. 100 East Ferguson, Suite 1114 Tyler, Texas 75702 Telephone: (903) 531-3535 Telecopier: (903) 533-9687 ATTORNEYS FOR PLAINTIFF VIRNETX INC.

Case 6:12-cv-00855-LED Document 136 Filed 03/24/14 Page 30 of 30 PageID #: 3333

CERTIFICATE OF SERVICE
The undersigned certifies that, on March 24, 2014, the foregoing document was filed electronically in compliance with Local Rule CV-5(a). As such, this motion was served on all counsel who have consented to electronic service. Local Rule CV-5(a)(3)(A).

/s/ Austin Curry John Austin Curry