Apple Inc v. VirnetX Inc

1. Case Identification

• Case #: IPR2013-00354
• Patent #: 7,490,151
• Filed: June 17, 2013
• Petitioner(s): Apple Inc.
• Patent Owner(s): VirnetX, Inc. and Science Application International Corporation
• Challenged Claims: 1-16

2. Patent Overview

• Title: Establishment of a Secure Communication Link Based Domain Name Service (DNS) Request
• Brief Description: The ’151 patent discloses a system for automatically establishing secure communication links. The invention uses a Domain Name Server (DNS) proxy module to intercept DNS requests from a client, determine if the request corresponds to a secure server, and if so, automatically initiate an encrypted channel to that server.

3. Grounds for Unpatentability

Ground 1: Anticipation of Claims 1-16 under 35 U.S.C. §102

• Prior Art Relied Upon: Aventail (Aventail Connect Administrator’s Guide, a printed publication publicly distributed no later than January 31, 1999).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that the Aventail virtual private network (VPN) system performed every step of the challenged claims. Independent claims 1, 7, and 13 require a DNS proxy module to intercept DNS requests, determine if the request corresponds to a secure server, and then either initiate an encrypted channel (if secure) or forward the request to a normal DNS function (if not secure). Petitioner contended that Aventail’s "Connect" client software intercepted all connection requests. It then used "redirection rules" to determine if a request was for a secure destination on a private network. If a match was found, Aventail automatically established an encrypted VPN. If there was no match, the request was passed to the client’s operating system for standard DNS resolution, thus meeting all limitations.
  • Key Aspects: The argument asserted that Aventail’s combination of client-side interception software and server-side redirection rules constituted the claimed "DNS proxy module," anticipating all claims.

Ground 2: Anticipation of Claims 1-16 under 35 U.S.C. §102

• Prior Art Relied Upon: BinGO (The BinGO! User Guide, a printed publication publicly distributed no later than March 31, 1999).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner asserted that the BinGO system, which used a router to create VPNs, disclosed all elements of the challenged claims. The BinGO router was described as intercepting and evaluating all DNS requests from client computers to determine if the destination was secure (e.g., a corporate network) or non-secure (e.g., a public website). If the request was for a secure destination, the router automatically initiated an encrypted VPN channel. If the destination was non-secure, the request was forwarded to a secondary DNS server for normal resolution. Petitioner argued this functionality directly maps to the limitations of independent claims 1, 7, and 13. Dependent claims reciting authorization, error messages, and IP address hopping were also allegedly taught by BinGO’s authentication features and use of Network Address Translation (NAT).

Ground 3: Claims 1-16 are obvious over Beser in view of RFC 2401

• Prior Art Relied Upon: Beser (Patent 6,496,867) and RFC 2401 (a 1998 publication defining the IPSec protocol).

• Core Argument for this Ground:

  • Prior Art Mapping: Beser disclosed a system for establishing secure IP tunnels using a trusted-third-party network device, such as a DNS server, to mediate the connection. This device determines if an incoming request requires a secure tunnel and initiates one if a match is found in its database. However, Petitioner noted that Patent Owner might argue Beser does not explicitly teach the automatic encryption of all network traffic within the tunnel, a potential interpretation of the "initiating an encrypted channel" limitation.
  • Motivation to Combine: A Person of Ordinary Skill in the Art (POSITA) would combine Beser and RFC 2401 because Beser explicitly identified the IPSec protocol, which is defined in RFC 2401, as the typical method for establishing its IP tunnels. A POSITA implementing Beser’s system would have naturally consulted RFC 2401 for the standard implementation details of IPSec.
  • Expectation of Success: RFC 2401 taught that under the IPSec standard, all traffic sent over a secure IP tunnel is automatically encrypted. Therefore, a POSITA would have found it obvious to implement Beser’s tunneling system with the default, full-encryption standard described in RFC 2401, rendering the claims obvious. Further, RFC 2401’s disclosure of "nested tunneling" would have made the "IP address hopping" limitations of claims 5 and 11 obvious.

• Additional Grounds: Petitioner asserted numerous other obviousness challenges, primarily based on combining Beser with other references like Blum (Patent 6,182,141) and Hoke (Patent 6,701,437), to address any perceived gaps in Beser's disclosure regarding handling non-secure requests or ensuring automatic encryption of all traffic.

4. Key Claim Construction Positions

• "Domain Name Server (DNS) Proxy Module" (claims 1, 7): Petitioner argued that because the specification provides no special definition, this term should be construed broadly to mean "one or more computers or processes that individually or collectively respond to a domain name inquiry in place of a DNS server." This broad construction allows prior art systems where proxy functions are distributed between a client and a server to meet the limitation.
• "IP Address Hopping Scheme" (claims 5, 11): Petitioner proposed this term encompasses "any type of scheme for routing IP traffic from a client to a destination through intermediary devices." This construction is broad enough to include techniques disclosed in the prior art like proxy chaining and nested tunnels (as in RFC 2401), which were known methods for enhancing security and anonymity.

5. Relief Requested

• Petitioner requests institution of an inter partes review and cancellation of claims 1-16 of the ’151 patent as unpatentable.