PTAB

IPR2013-00348

Apple Inc v. VirnetX Inc

Log In
Key Events
Petition
petition Intelligence

1. Case Identification

2. Patent Overview

  • Title: Agile Network Protocol For Secure Communications With Assured System Availability
  • Brief Description: The ’135 patent discloses methods and systems for transparently creating a secure virtual private network (VPN) between a client computer and a target computer over a public network. The system is often initiated automatically in response to a client's Domain Name Service (DNS) request for a secure website.

3. Grounds for Unpatentability

Ground 1: Anticipation - Claims 1-10, 12-15, and 18 are anticipated by Beser.

  • Prior Art Relied Upon: Beser (Patent 6,496,867).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Beser discloses every limitation of the challenged claims. Beser describes a system that automatically and transparently establishes an IP tunneling association between two end devices with the aid of a trusted-third-party network device, which may be a DNS server. Petitioner asserted that in Beser's system, a client sends a request with a domain name, which the trusted device compares to an internal database to determine if a secure connection is required. If so, the device automatically initiates a secure tunnel (a VPN) without further user interaction. This process was argued to directly map to the steps of independent claims 1, 10, 13, and 18, which recite a method for transparently creating a VPN initiated by a DNS request.
    • Key Aspects: The core of this argument was that Beser’s disclosure of using a DNS server as a trusted third party to trigger the transparent creation of a secure communication channel anticipated the fundamental concept claimed in the ’135 patent.

Ground 2: Obviousness - Claims 1-10, 12-15, and 18 are obvious over Beser in view of RFC 2401.

  • Prior Art Relied Upon: Beser (Patent 6,496,867) and RFC 2401 (a 1998 standards document).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Beser provides the foundational system for DNS-initiated VPNs but may not explicitly require encryption for all traffic. RFC 2401, which describes the IPSec protocol, was presented as a well-known standard for providing automatic encryption and encapsulation of all VPN traffic sent between security gateways over a public network.
    • Motivation to Combine: A POSITA would combine RFC 2401 with Beser to ensure robust security. Petitioner highlighted that Beser itself refers to the IPSec protocol (described in RFC 2401) as a typical method for establishing IP tunneling schemes and states its system is compliant with standards-based processes. This explicit reference and the shared goal of creating secure tunnels would motivate a POSITA to implement Beser's system using the specific, standardized encryption methods detailed in RFC 2401.
    • Expectation of Success: A POSITA would have had a reasonable expectation of success in this combination because both references describe compatible network architectures (e.g., using edge routers and gateways). Integrating a well-defined protocol like IPSec into a system designed to be standards-compliant was argued to be a predictable design choice.

Ground 3: Obviousness - Claims 3, 5, 8, 10, 12, and 18 are obvious over Beser in view of Blum.

  • Prior Art Relied Upon: Beser (Patent 6,496,867) and Blum (Patent 6,182,141).

  • Core Argument for this Ground:

    • Prior Art Mapping: This ground specifically addressed claim limitations concerning the handling of requests for "non-secure" websites. While Beser teaches initiating a VPN for secure sites, Blum was argued to teach a DNS proxy server that transparently intercepts all connection requests. Blum's proxy evaluates the requested domain name and either proxies the request to a remote secure server or, if the request is for a non-secure site, resolves it conventionally through a public DNS server.
    • Motivation to Combine: A POSITA would have been motivated to combine Blum's differentiated handling of secure and non-secure requests with Beser's system to create a more complete and practical DNS-based network security solution. Because Beser's trusted-third-party device functions as a DNS proxy, incorporating Blum's known method for handling non-secure traffic would have been an obvious way to improve the system’s overall functionality.
    • Expectation of Success: The combination was asserted to be predictable as both references describe analogous DNS proxy schemes designed to route network traffic based on the domain name contained in a request, making their integration straightforward.

  • Additional Grounds: Petitioner asserted additional obviousness challenges based on combinations of Beser with RFC 2401, Blum, Hoke, and Aventail, relying on similar theories of improving security, authentication, and handling of non-secure requests.

4. Key Claim Construction Positions

  • Virtual Private Network (VPN): Petitioner argued that under the broadest reasonable construction standard applied in an IPR, the term "VPN" does not require all network traffic to be encrypted. This position was based on the patent's own disclosure, which states that data security is "usually" handled with encryption, implying that encryption is a preferable but not mandatory feature of the claimed VPN.
  • Direct Communication: Petitioner contended that the broadest reasonable construction of the claims should not be limited by any "direct communication" requirement between computers in the VPN. Petitioner acknowledged that the Patent Owner may have disclaimed VPNs without direct communication during a prior reexamination proceeding but argued that such a disclaimer should not limit the claim scope in an IPR, where claims must be interpreted as broadly as their terms reasonably allow.

5. Relief Requested

  • Petitioner requested the institution of an inter partes review and the cancellation of claims 1-10, 12-15, and 18 of the ’135 patent as unpatentable.