PTAB

IPR2013-00349

Apple Inc v. VirnetX Inc

Log In
Key Events
Petition
petition Intelligence

1. Case Identification

2. Patent Overview

  • Title: Agile Network Protocol For Secure Communications With Assured System Availability
  • Brief Description: The ’135 patent discloses methods and systems for transparently creating a Virtual Private Network (VPN) between a client computer and a target computer. The system initiates the secure connection automatically in response to the client computer generating a Domain Name Service (DNS) request for a secure website.

3. Grounds for Unpatentability

Ground 1: Anticipation of Claims 1-10, 12-15, and 18 under 35 U.S.C. §102 by Aventail

  • Prior Art Relied Upon: Aventail Connect v3.01/2.5 Administrator's Guide ("Aventail").
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Aventail, a printed publication distributed before the patent's priority date, disclosed every element of the challenged claims. The Aventail system described processes to automatically and transparently establish a VPN between a client and a remote private network. It used "redirection rules" to intercept a user's connection request (e.g., a DNS request) and, if the destination matched a rule for a secure site, it would automatically initiate a secure, encrypted VPN connection through a proxy server (the Aventail Extranet Server or "AES"). This process mapped directly to the limitations of independent claim 1. For system claim 10, Petitioner contended that the Aventail client software and the AES, working together, constituted the claimed "DNS proxy server" that determines whether a request is for a secure site and initiates the VPN via a "gateway computer" (the AES).
    • Key Aspects: Petitioner asserted that Aventail's "Extranet Neighborhood" feature showed that computers in the VPN could "directly interact," anticipating a key limitation of the claims.

Ground 2: Anticipation of Claims 1-10, 12-15, and 18 under 35 U.S.C. §102 by BinGO

  • Prior Art Relied Upon: BinGO! User's Guide / Extended Feature Reference ("BinGO").
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that BinGO, a printed publication publicly distributed by March 1999, also anticipated all challenged claims. The BinGO system used a router that functioned as a DNS proxy server to evaluate DNS requests from client computers on a LAN. The router determined whether the request was for a non-secure internet destination or a secure corporate network destination. If the request was for a secure destination, the BinGO router would automatically establish a VPN, mapping to the method of claim 1. For claim 10, the BinGO router itself was alleged to be the claimed "DNS proxy server" and "gateway computer," as it was connected to both the public internet and the private corporate network, handled authentication, and allocated resources for the VPN. For claim 13, BinGO's Token Authentication Firewall ("TAF") was cited as disclosing the use of authentication tables to authorize client connections.

Ground 3: Obviousness of Claims 6, 14, and 15 over Aventail in view of Reed I

  • Prior Art Relied Upon: Aventail and Reed, M., et al., “Anonymous Connections and Onion Routing,” IEEE Journal on Selected Areas in Communications (May 1998) ("Reed I").

  • Core Argument for this Ground:

    • Prior Art Mapping: This ground addressed claims requiring an "IP address hopping scheme" (claim 6) or communicating via a scheme where packet fields are periodically changed (claims 14 and 15). Petitioner argued that while Aventail disclosed creating VPNs using proxy servers, it might not explicitly teach these specific schemes. Reed I, however, described "onion routing" as a known IP hopping technique developed to counter the threat of traffic analysis by routing IP traffic through multiple intermediary network devices, thereby providing anonymity.
    • Motivation to Combine: A POSITA would have been motivated to combine the onion routing technique from Reed I with the VPN system of Aventail to improve the security and anonymity of the VPN traffic. Aventail already provided a secure communication system, and Reed I addressed a known security threat (traffic analysis) relevant to such systems.
    • Expectation of Success: Petitioner asserted a POSITA would have a high expectation of success because Reed I explicitly suggested using its onion routing schemes in VPN systems and noted they could be easily integrated with existing systems that use proxy servers, like the system disclosed in Aventail.

  • Additional Grounds: Petitioner asserted additional obviousness challenges, including that claims 4, 5, and 18 are obvious over Aventail in view of RFC 1035 (for adding standardized DNS error code functionality) and that claims 6, 14, and 15 are obvious over BinGO in view of Reed I.

4. Key Claim Construction Positions

  • "Virtual Private Network (VPN)": Petitioner argued for a broad construction of "VPN," contending that it should not be limited to systems that require encryption or "direct communication" between computers.
    • Petitioner pointed to the patent specification's language that data security is "usually tackled" with encryption, implying it is not a mandatory feature.
    • Critically, Petitioner argued that under the broadest reasonable construction standard applicable in IPR proceedings, the term should not be limited by any disclaimers the Patent Owner may have made during district court litigation. Petitioner asserted that in an IPR, the claims must be interpreted as broadly as their terms reasonably allow, and any prosecution history disclaimer must be clear and unambiguous to limit claim scope, which they argued was not the case here. This broader construction was essential to Petitioner's argument that prior art like Aventail, which may not feature "direct" end-to-end communication, still falls within the claim scope.

5. Relief Requested

  • Petitioner requested institution of an inter partes review and cancellation of claims 1-10, 12-15, and 18 of the ’135 patent as unpatentable.