Norman Noble Inc v. NuTech Ventures

1. Case Identification

• Case #: IPR2013-00101
• Patent #: 8,051,181
• Filed: December 11, 2012
• Petitioner(s): Microsoft Corporation
• Patent Owner(s): VirnetX Inc.
• Challenged Claims: 1-6, 11-13, 19-21, 23, 24, 26, and 27

2. Patent Overview

• Title: Agile Network Protocol for Secure Communications with Assured System Availability
• Brief Description: The ’181 patent discloses methods for establishing a secure communication link, such as a virtual private network (VPN), between a client computer and a target computer over an untrusted network. The system transparently intercepts a Domain Name System (DNS) request from the client and uses a secure communication link server to initiate the secure connection, avoiding user intervention.

3. Grounds for Unpatentability

Ground 1: Obviousness over Short and RFC 2401 - Claims 1-4, 11-13, 19, 20, 23, 24, 26, and 27 are obvious over Short in view of RFC 2401.

• Prior Art Relied Upon: Short (Patent 6,158,011) and RFC 2401 (Request for Comments 2401, "Security Architecture for the Internet Protocol").
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Short discloses all limitations of independent claim 1. Short teaches a system that transparently establishes a secure communication tunnel by using a gateway/firewall to intercept a user’s DNS request for a target web server. This gateway, functioning as the claimed "secure communication link server," then initiates a secure tunnel. Short’s disclosure of the gateway intercepting the DNS request and establishing the connection was argued to meet the ’181 patent’s limitation of "determining from the domain name service request that a secure communication link is desired." RFC 2401, which defines the industry-standard IPsec protocol, was asserted to disclose the specific cryptographic and security association mechanisms recited in the claims for establishing the secure link.
  • Motivation to Combine: A POSITA seeking to implement the secure tunneling system described in Short would naturally turn to well-known, standardized security protocols. Petitioner contended that RFC 2401 (IPsec) was the preeminent, non-proprietary standard for securing IP communications at the time of the invention. A POSITA would combine the network architecture of Short with the standardized security protocol of RFC 2401 to create a robust and interoperable system, which was a simple substitution of one known security element for another.
  • Expectation of Success: The combination would have been straightforward, as IPsec was designed specifically to secure communications in IP networks like the one described in Short. Implementing a standard protocol within a network architecture was a routine task for a network engineer with a high expectation of success.

Ground 2: Obviousness over Short, RFC 2401, and Chellis - Claims 1-4, 11-13, 19, 20, 23, 24, 26, and 27 are obvious over Short in view of RFC 2401 and Chellis.

• Prior Art Relied Upon: Short (Patent 6,158,011), RFC 2401, and Chellis (Patent 6,981,158).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground presented Chellis as an alternative or supplemental reference to Short for teaching the DNS-based initiation of a secure connection. Petitioner argued that Chellis explicitly discloses modifying a DNS server to return the IP address of a "mediator" (equivalent to the ’181 patent’s secure communication link server) in response to a request for a secure host. This teaching provides a more direct mapping to the claim limitation of the DNS indicating that a secure link is needed. The remaining security protocol limitations were met by RFC 2401, as in the first ground.
  • Motivation to Combine: A POSITA would combine the teachings because Short and Chellis both address the same problem of transparently initiating secure network connections using DNS. Chellis provides a clear and effective mechanism for the DNS-based redirection aspect of the system, which a POSITA would have found advantageous to integrate into Short's overall secure tunneling architecture. This combination represents using known techniques to improve a similar system.
  • Expectation of Success: Integrating Chellis’s specific DNS redirection method into Short’s system would have been a predictable design choice for a POSITA, with a high expectation of yielding a functional and improved system.

Ground 3: Obviousness over Short, RFC 2401, Chellis, and RFC 1035 - Claims 5, 6, and 21 are obvious over Short in view of RFC 2401, Chellis, and RFC 1035.

• Prior Art Relied Upon: Short, RFC 2401, Chellis, and RFC 1035 (Request for Comments 1035, "Domain Names - Implementation and Specification").
• Core Argument for this Ground:
  • Prior Art Mapping: This ground addressed dependent claims 5, 6, and 21, which add the limitation of checking an "automatic tunneling flag" associated with the DNS request to determine if a secure link is required. Petitioner argued that while the primary references did not disclose this specific flag, RFC 1035, the foundational DNS specification, taught the general structure of DNS messages, including the use of various bits and fields (flags) to control DNS operations.
  • Motivation to Combine: A POSITA implementing the system of Short and Chellis would need a mechanism to signal to the secure communication link server when tunneling is required. Petitioner asserted it would have been obvious to add a new flag for this purpose within the well-established DNS framework defined by RFC 1035. This would be a simple and logical design choice to add necessary signaling to the existing system.
  • Expectation of Success: Modifying a DNS server to set and check a custom flag based on the established RFC 1035 framework was a routine programming task for a person skilled in network protocol development.

4. Key Claim Construction Positions

• "secure communication link server": Petitioner argued this term should be construed broadly under its plain and ordinary meaning to encompass any network device that initiates or facilitates the creation of a secure link. This construction would allow the term to read on network elements like the gateway/firewall disclosed in Short or the "mediator" in Chellis, which perform the claimed function even if not explicitly labeled as a "server" in the prior art.
• "transparently creating": Petitioner contended this phrase should mean that the secure link is established without requiring input or intervention from the end-user. This construction was central to mapping the automated processes described in Short and Chellis, where the user simply makes a standard network request and the system's underlying components automatically establish the secure tunnel.

5. Relief Requested

• Petitioner requests the institution of an inter partes review and the cancellation of claims 1-6, 11-13, 19-21, 23, 24, 26, and 27 of the ’181 patent as unpatentable.