DCT

6:12-cv-00855

VirnetX Inc v. Apple Inc

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 6:12-cv-00855, E.D. Tex., 08/27/2013
  • Venue Allegations: Plaintiffs allege venue is proper in the Eastern District of Texas because Apple conducts business in the state and places its products into the stream of commerce with the expectation that they will be purchased and used within the district.
  • Core Dispute: Plaintiffs allege that Apple’s VPN On Demand, FaceTime, and iMessage functionalities, as implemented in its iPhones, iPads, iPods, and computers, infringe six patents related to secure network communication protocols.
  • Technical Context: The patents relate to methods for establishing secure and anonymous communication links over public networks, such as creating virtual private networks (VPNs) by concealing the ultimate destination of data packets and using a domain name service to trigger the creation of a secure link.
  • Key Procedural History: This case is a consolidation of two prior civil actions. All asserted patents, except for U.S. Patent No. 8,504,697, were previously asserted in one of the consolidated actions. The complaint alleges willfulness based on actual notice provided to Apple through a prior case, VirnetX Inc. v. Cisco Inc., 6:10-cv-417 (E.D. Tex.), a notable allegation as it cites a case against a different defendant as a basis for knowledge.

Case Timeline

Date Event
1998-10-30 Earliest Priority Date for all Patents-in-Suit
2002-12-31 U.S. Patent No. 6,502,135 Issues
2008-08-26 U.S. Patent No. 7,418,504 Issues
2009-02-10 U.S. Patent No. 7,490,151 Issues
2009-09-09 Release of iOS 3.1 (Accused VPN on Demand)
2011-01-06 Release of OS X 10.6.6 (Accused FaceTime)
2011-04-05 U.S. Patent No. 7,921,211 Issues
2011-07-20 Release of OS X 10.7 (Accused iMessage)
2011-11-01 U.S. Patent No. 8,051,181 Issues
2013-08-06 U.S. Patent No. 8,504,697 Issues
2013-08-27 Consolidated and Second Amended Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 6,502,135 - "Agile Network Protocol for Secure Communications with Assured System Availability," issued December 31, 2002

The Invention Explained

  • Problem Addressed: The patent addresses the need for both security (preventing eavesdropping) and anonymity (preventing identification of communicating parties) for communications over the Internet. It notes that conventional methods like proxies and firewalls are vulnerable to traffic analysis, which can reveal who is communicating even if the data is encrypted (ʼ135 Patent, col. 1:13-37, 2:4-10).
  • The Patented Solution: The invention proposes a "Tunneled Agile Routing Protocol" (TARP) that uses special TARP routers to create secure communication tunnels. A data packet's standard IP header does not contain the final destination address but rather the address of the next TARP router in a chain. This "agile routing" means each packet can take a different, random path through the network, making it difficult for an observer to intercept an entire message or determine the ultimate endpoints (’135 Patent, col. 3:1-17, 3:36-44; Fig. 2). The true destination is concealed within a layer of encryption that is removed and replaced at each hop, while the message payload is protected by a separate layer of encryption known only to the start and end terminals (’135 Patent, col. 3:18-28).
  • Technical Importance: This protocol was designed to provide a higher degree of security than typical VPNs by actively thwarting traffic analysis, a technique used to deduce communication patterns even when data is encrypted (Compl. ¶7).

Key Claims at a Glance

  • The complaint asserts independent method claim 1 and independent system claim 10 (Compl. ¶¶15-16).
  • Claim 1 (Method):
    • transmitting a data packet from a first computer to a second computer through a plurality of relay computers;
    • wherein the data packet includes a destination address of one of the relay computers;
    • determining at the one relay computer a destination for the data packet; and
    • retransmitting the data packet to the destination.
  • Claim 10 (System):
    • a first computer for transmitting a data packet;
    • a second computer for receiving the data packet;
    • a plurality of relay computers for relaying the data packet from the first computer to the second computer; and
    • wherein the data packet includes a destination address of one of the relay computers.
  • The complaint reserves the right to assert dependent claims (Compl. ¶¶16-17).

U.S. Patent No. 7,418,504 - "Agile Network Protocol for Secure Communications Using Secure Domain Names," issued August 26, 2008

The Invention Explained

  • Problem Addressed: The patent recognizes that even with secure data transmission, the use of a conventional Domain Name Service (DNS) to look up a website's IP address can compromise anonymity, as the DNS request itself is typically insecure and reveals the user's intended destination (’504 Patent, col. 37:46-51). Manually configuring secure VPNs for each communication can be cumbersome for users.
  • The Patented Solution: The invention proposes integrating the creation of a secure communication link into the DNS process itself. A DNS proxy server intercepts a user's request for a domain name. If the domain has a special secure top-level name (e.g., ".scom" instead of ".com"), the proxy initiates a process to automatically and transparently establish a secure VPN to the target site (’504 Patent, col. 38:5-20). This process involves a "gatekeeper" that allocates the necessary resources, such as IP hopping parameters, for the secure link (’504 Patent, Fig. 26). The user is then connected securely without needing to manually configure a VPN.
  • Technical Importance: This method simplifies the user experience for establishing secure connections by automating VPN creation based on the domain name itself, making robust security more accessible and transparent to the end-user (Compl. ¶8).

Key Claims at a Glance

  • The complaint asserts system claims including independent claim 1 (Compl. ¶¶25, 31).
  • Claim 1 (System):
    • a domain name service system configured to be connected to a communication network, to store a plurality of domain names and corresponding network addresses, to receive a query for a network address, and to comprise an indication that the domain name service system supports establishing a secure communication link.
  • The complaint reserves the right to assert dependent claims (Compl. ¶¶25, 27).

U.S. Patent No. 7,490,151 - "Establishment of a Secure Communication Link Based on a Domain Name Service (DNS) Request," issued February 10, 2009

  • Technology Synopsis: This patent, related to the '504 Patent, describes a system where a DNS request for a specific domain name triggers the automatic establishment of a secure VPN. It focuses on a DNS proxy server that intercepts these requests and, if secure access is required and authorized, transparently creates the VPN link to the target site without returning the site's true IP address over the public network (’151 Patent, Abstract).
  • Asserted Claims: Independent claims 1, 7, and 13 are asserted (Compl. ¶¶20-21).
  • Accused Features: Apple’s VPN On Demand functionality is accused of infringement (Compl. ¶20).

U.S. Patent No. 7,921,211 - "Agile Network Protocol for Secure Communications Using Secure Domain Names," issued April 5, 2011

  • Technology Synopsis: This patent, also related to the '504 Patent, covers systems and methods for secure communications using secure domain names. The technology involves a secure DNS service that includes a portal to authenticate a query for a network address and a database that stores secure addresses based on non-standard top-level domain names, thereby initiating a secure communication link (’211 Patent, Abstract).
  • Asserted Claims: Independent claims 1, 36, and 60 are asserted (Compl. ¶¶37, 39).
  • Accused Features: Apple’s FaceTime and iMessage functionalities are accused of infringement (Compl. ¶¶37, 43).

U.S. Patent No. 8,051,181 - "Method for Establishing Secure Communication Link Between Computers of Virtual Private Network," issued November 1, 2011

  • Technology Synopsis: This patent focuses on the method for establishing a secure communication link. A DNS request for a target site is intercepted to determine if secure access is requested. If the user is authorized, a VPN is automatically established with the target site, integrating the security setup into the standard workflow of network name resolution (’181 Patent, Abstract).
  • Asserted Claims: Independent claims 1 and 2 are asserted (Compl. ¶¶49-50).
  • Accused Features: Apple’s FaceTime and iMessage functionalities are accused of infringement (Compl. ¶¶49, 54).

U.S. Patent No. 8,504,697 - "System and Method Employing an Agile Network Protocol for Secure Communications Using Secure Domain Names," issued August 6, 2013

  • Technology Synopsis: This patent describes a system connecting network devices via a secure link initiated by a server. The server receives a request from a first device to look up a second device's address and, in response, determines if a secure service is available and initiates the secure link. This technology is framed in the context of communicating video and audio data securely (’697 Patent, Abstract).
  • Asserted Claims: Independent claims 1 and 16 are asserted (Compl. ¶¶60-61).
  • Accused Features: Apple’s FaceTime and iMessage functionalities are accused of infringement (Compl. ¶¶60, 65).

III. The Accused Instrumentality

Product Identification

  • The complaint accuses Apple's servers and a wide range of products, including the iPhone, iPod Touch, iPad, iPad mini, and Mac computers, that support specific functionalities (Compl. ¶¶15, 25, 31).

Functionality and Market Context

  • VPN On Demand: This iOS and OS X feature automatically establishes a VPN connection when a user attempts to access predefined domains or services, removing the need for manual VPN activation. The complaint alleges this system of devices and servers infringes the ’135 and ’151 patents (Compl. ¶¶15, 20).
  • FaceTime: This is Apple’s video and audio calling service. To initiate a call, a user's device contacts Apple's servers to look up the IP address of the recipient's device (associated with a phone number or email address), after which a secure, encrypted connection is established. The complaint alleges this service infringes the ’504, ’211, ’181, and ’697 patents (Compl. ¶¶25, 37, 49, 60).
  • iMessage: This is Apple’s instant messaging service. Similar to FaceTime, it uses Apple's servers to resolve user identifiers to device IP addresses to establish secure, end-to-end encrypted messaging sessions. The complaint alleges this service also infringes the ’504, ’211, ’181, and ’697 patents (Compl. ¶¶31, 43, 54, 65).
  • No probative visual evidence provided in complaint.

IV. Analysis of Infringement Allegations

6,502,135 Patent Infringement Allegations

Claim Element (from Independent Claim 10) Alleged Infringing Functionality Complaint Citation Patent Citation
a first computer for transmitting a data packet An Apple device (e.g., iPhone) initiating a VPN On Demand session. ¶15 col. 7:42-44
a second computer for receiving the data packet The destination computer or server that the Apple device is attempting to securely connect to. ¶15 col. 7:42-44
a plurality of relay computers for relaying the data packet from the first computer to the second computer Apple's servers that support the VPN On Demand functionality, which allegedly receive and forward data packets between the end-user device and the final destination. ¶15 col. 7:40-44
wherein the data packet includes a destination address of one of the relay computers The complaint alleges that packets sent from an Apple device to initiate a VPN On Demand session are addressed to one of Apple’s servers, not the ultimate destination of the communication. ¶15 col. 7:45-50

Identified Points of Contention (’135 Patent)

  • Scope Question: A primary issue may be whether Apple's standard network servers, which facilitate the setup and operation of VPN connections, function as the specialized "relay computers" described in the patent. The specification describes these as "TARP routers" that perform agile, multi-hop routing, a specific architecture that may differ from Apple's implementation (’135 Patent, col. 3:1-4).
  • Technical Question: What evidence does the complaint provide that data packets in Apple's VPN On Demand system are actually relayed through a "plurality" of Apple servers in a chain, with the address being rewritten at each hop, as required by the patent's agile routing concept? The complaint's allegations on this point are conclusory (Compl. ¶15).

7,418,504 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
a domain name service system configured to be connected to a communication network Apple's servers that support FaceTime and iMessage, which resolve user identifiers (e.g., phone numbers, email addresses) to device IP addresses. ¶¶25, 31 col. 37:20-25
to store a plurality of domain names and corresponding network addresses Apple's servers allegedly store a database mapping user identifiers to the IP addresses needed to establish a connection. ¶¶25, 31 col. 38:5-20
to receive a query for a network address An Apple device initiating a FaceTime call or iMessage conversation sends a query to Apple's servers to look up the recipient's IP address. ¶¶25, 31 col. 38:21-25
and to comprise an indication that the domain name service system supports establishing a secure communication link The process of looking up a user's address via Apple's servers for FaceTime or iMessage allegedly serves as an indication that initiates the establishment of a secure communication link. ¶¶25, 31 col. 38:5-20

Identified Points of Contention (’504 Patent)

  • Scope Question: A central dispute will likely concern whether Apple's proprietary system for resolving user IDs to IP addresses for FaceTime and iMessage constitutes a "domain name service system." Practitioners may question whether this term, strongly associated with the public DNS protocol, can be construed to cover a private, application-specific directory service. The patent's focus on secure top-level domains like ".scom" may support a narrower interpretation tied to DNS (’504 Patent, Abstract).
  • Technical Question: Does the query from an Apple device to an Apple server function as an "indication that the... system supports establishing a secure... link," or is the secure nature of the subsequent connection an independent feature of the FaceTime/iMessage application, rather than a feature of the lookup service itself?

V. Key Claim Terms for Construction

For the ’135 Patent

  • The Term: "relay computer"
  • Context and Importance: The infringement theory hinges on casting Apple's servers as "relay computers." Practitioners may focus on this term because its construction will determine whether the claim covers a standard client-server architecture for VPNs or is limited to the specific multi-hop, agile-routing "TARP router" system detailed in the specification.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The claim language itself is broad, referring simply to "relaying" a data packet, which could be argued to cover any server that forwards traffic (ʼ135 Patent, col. 48:28-30).
    • Evidence for a Narrower Interpretation: The specification consistently describes the relay computers as specialized "TARP routers" that perform "agile routing" by randomly selecting the next hop and concealing the final destination, suggesting a more limited definition than a generic server (’135 Patent, col. 3:1-4, 7:38-44).

For the ’504 Patent

  • The Term: "domain name service system"
  • Context and Importance: The viability of the infringement allegations against FaceTime and iMessage depends on this term being construed broadly to cover Apple's user directory service. The central question is whether a private, application-specific lookup service is equivalent to the public DNS-based system described in the patent.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The patent abstract refers more generally to a "domain name service," which could be argued to encompass any system that resolves a name to an address.
    • Evidence for a Narrower Interpretation: The patent repeatedly describes the invention in the context of traditional DNS, referencing a "DNS proxy server," a "DNS look-up function," and the creation of non-standard top-level domains (e.g., ".scom"), which could support an interpretation limited to systems that interact with or modify the standard DNS protocol (’504 Patent, col. 6:2-5, col. 38:5-20).

VI. Other Allegations

Indirect Infringement

  • The complaint alleges that Apple induces infringement by providing its devices and operating systems along with instructions and advertisements that encourage users to use the accused FaceTime, iMessage, and VPN On Demand functionalities (Compl. ¶¶18, 29, 35, 41, 47, 52, 57, 63, 68). It further alleges contributory infringement on the basis that Apple's products are a material part of the invention and are not staple articles of commerce suitable for substantial non-infringing use (Compl. ¶¶19, 30, 36, 42, 48, 53, 58, 64, 69).

Willful Infringement

  • Willfulness is alleged based on Apple's purported actual and constructive notice of the patents. Notably, the complaint alleges actual notice arises at least in part from a previous case against a different defendant, VirnetX Inc. v. Cisco Inc. (Compl. ¶71). It also alleges notice of the '697 patent through the ongoing consolidated case and Apple's knowledge of the shared specification among the patents (Compl. ¶71).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of definitional scope: can the term "domain name service system," which is described in the '504 patent family in the context of modifying the public DNS, be construed to cover Apple's private, application-specific directory services that resolve user IDs to IP addresses for FaceTime and iMessage?
  • A second key issue will be one of technical equivalence: do Apple's servers, which facilitate the establishment of secure connections for consumer applications, perform the specific multi-hop, agile-routing functions of the "relay computers" (or "TARP routers") required by the '135 patent's system for ensuring anonymity against traffic analysis?
  • A significant legal question will be the basis for willfulness: the complaint's reliance on litigation against a third party (Cisco) to establish pre-suit knowledge for Apple presents an unusual predicate for willfulness that will likely be subject to challenge.