PTAB

IPR2013-00375

New Bay Capital LLC v. VirnetX Inc

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Agile Network Protocol for Secure Communications With Assured System Availability
  • Brief Description: The ’135 patent describes a method for transparently and automatically creating a virtual private network (VPN) between a client and a target computer. The process is initiated in response to the client making a Domain Name Service (DNS) request for a secure website.

3. Grounds for Unpatentability

Ground 1: Unpatentability Over Kiuchi - Claims 1, 3, and 7 are anticipated by Kiuchi; Claim 8 is obvious over Kiuchi.

  • Prior Art Relied Upon: Kiuchi ("C-HTTP - The Development of a Secure, Closed HTTP-based Network on the Internet," a 1996 IEEE publication).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Kiuchi discloses a system for creating a secure, closed network (a VPN) over the internet that meets all limitations of the challenged claims. In this interpretation, Kiuchi’s "client-side proxy" is the claimed "client computer," and its "server-side proxy" is the "target computer." The client-side proxy generates a request to a "C-HTTP name server" (a DNS) to determine if a target host is part of the secure network. If the C-HTTP name server confirms the host is secure, it returns an IP address and security credentials (public key, Nonce values), which automatically initiates the creation of a secure connection (the VPN). If the host is not secure, the C-HTTP server returns an error, and the client-side proxy then performs a conventional DNS lookup, satisfying claim 3. Petitioner asserted that Kiuchi’s C-HTTP name server or server-side proxy performs the gatekeeper functions of claim 7 by allocating the necessary VPN resources (keys, Connection ID).
    • Motivation to Combine (for §103 grounds): For claim 8, Petitioner argued it would have been an obvious design choice to modify Kiuchi’s system. Instead of the C-HTTP name server returning an error for non-secure requests (requiring the client-side proxy to initiate a second, conventional DNS lookup), a POSITA would have streamlined the process by having the C-HTTP name server directly pass the request to a conventional DNS server. This would simply be a rearrangement of existing functions to improve efficiency.
    • Expectation of Success (for §103 grounds): A POSITA would have an expectation of success because this modification involves only a minor rearrangement of known network functions and protocols.

Ground 2: Anticipation Over Kiuchi (Alternative Interpretation) - Claims 1, 3, 7, and 8 are anticipated by Kiuchi.

  • Prior Art Relied Upon: Kiuchi (a 1996 IEEE publication).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground presented an alternative interpretation of Kiuchi based on its internal software architecture. Petitioner argued that Kiuchi’s "client-side proxy" itself contains two distinct software modules: a "Client Module" and a "Resolver (DNS Proxy Server Module)." When a user agent sends an HTTP request, the Client Module (the "client computer") extracts the domain name and sends an internal DNS request to the Resolver module (the "DNS proxy server"). This internal Resolver module then communicates with the external C-HTTP name server to determine if the site is secure, thereby performing the "determining" step of claim 1. Based on the response, the Resolver module either initiates the VPN (by passing credentials back to the Client Module) or performs a conventional DNS lookup. Petitioner contended this internal architecture, common in network programming, fully anticipates all limitations of claims 1, 3, 7, and 8, as the "DNS proxy server" functions are performed within the client-side machine.

Ground 3: Obviousness over Dalton in view of Kiuchi - Claims 1, 3, 7, and 8 are obvious over Dalton/Kiuchi.

  • Prior Art Relied Upon: Dalton ("Applying Military Grade Security to the Internet," a 1997 publication) and Kiuchi.
  • Core Argument for this Ground:
    • Prior Art Mapping: Dalton disclosed a firewalled DNS system using a Compartmented Mode Workstation (CMW) that provides secure access for internal clients on a private LAN. The CMW intercepts all DNS requests. If a request is for another internal host, it resolves the IP address locally. If the request is for an external host on the internet, the CMW forwards the request to an external DNS server. Petitioner argued Dalton teaches every element of claim 1 except for the automatic initiation of a VPN. Kiuchi supplies this missing element by teaching the use of a specialized DNS server (the C-HTTP name server) to return VPN credentials (keys, Nonce values) along with an IP address to automatically establish a secure connection.
    • Motivation to Combine (for §103 grounds): A POSITA would combine these references to overcome the limitations of Dalton's system, which relies on a costly and geographically limited private LAN. Kiuchi explicitly taught the cost, speed, and convenience benefits of creating closed virtual networks over the public internet. Therefore, a POSITA would have been motivated to replace Dalton's private LAN with Kiuchi's internet-based VPN architecture, modifying Dalton’s CMW to incorporate Kiuchi’s function of returning VPN resources to initiate a secure connection for internal network requests.
    • Expectation of Success (for §103 grounds): The combination involved applying a known internet security solution (Kiuchi) to improve a known network architecture (Dalton), which would have been a predictable and routine integration for a POSITA.

4. Key Claim Construction Positions

  • DNS proxy server: Petitioner argued this term should be construed as "a computer or program that responds to a domain name inquiry in place of a DNS." Critically, Petitioner contended this function does not have to be on a separate machine from the "client computer" and can be a software module on the same device, a position supported by the patent’s inventor testimony from prior litigation.
  • Domain Name Service (DNS) request: Petitioner proposed this is "a communication that contains a domain name and requests an IP address for the domain name." This broad construction covers not only network protocol requests but also internal software communications, such as a function call from one software module to another on the same computer.

5. Arguments Regarding Discretionary Denial

  • Petitioner argued that its IPR should not be joined or consolidated with two other recently filed IPRs against the same patent by Apple Inc. The reasons provided were that the Apple IPRs presented timeliness issues not present in this case, asserted different prior art, and involved more claims, which would unduly complicate and burden the Petitioner's more streamlined case.

6. Relief Requested

  • Petitioner requests institution of IPR and cancellation of claims 1, 3, 7, and 8 as unpatentable.