PTAB

IPR2013-00376

New Bay Capital LLC v. VirnetX Inc

Log In

1. Case Identification

2. Patent Overview

  • Title: Establishment of a Secure Communication Link Based on a Domain Name Service (DNS) Request
  • Brief Description: The ’151 patent describes a system using a DNS proxy module to intercept DNS requests from a client. The proxy determines if the request corresponds to a secure server. If it does, the system automatically initiates an encrypted channel; if not, it forwards the request to a conventional DNS function for standard IP address resolution.

3. Grounds for Unpatentability

Ground 1: Claims 1 and 13 are obvious over Kiuchi

  • Prior Art Relied Upon: Kiuchi ("C-HTTP - The Development of a Secure, Closed HTTP-based Network on the Internet," a 1996 IEEE paper).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Kiuchi discloses a system for creating a secure, closed network over the public internet. This system includes a client-side proxy, a server-side proxy, and a central "C-HTTP name server." When a client requests a secure resource, the client-side proxy queries the C-HTTP name server, which returns an IP address and VPN credentials to establish a secure channel. For a non-secure resource, Kiuchi's C-HTTP name server returns an error, prompting the client-side proxy to then perform a separate, conventional DNS lookup. Petitioner contended that these elements collectively teach the limitations of claims 1 and 13.
    • Motivation to Combine: The petition asserted that a person of ordinary skill in the art (POSITA) would have been motivated to modify Kiuchi to consolidate the DNS functions. Instead of the C-HTTP name server returning an error for non-secure requests (requiring a second step by the client-side proxy), a POSITA would find it a trivial and obvious design choice for the C-HTTP name server to directly forward the non-secure request to a conventional DNS server itself. This modification would simply be a rearrangement of known elements to streamline the system and achieve a more efficient, predictable result.
    • Expectation of Success: A POSITA would have a high expectation of success, as this modification involves rearranging existing network functions and does not require any new technology, yielding the predictable result of a more streamlined name resolution process.

Ground 2: Claims 1 and 13 are anticipated by Kiuchi

  • Prior Art Relied Upon: Kiuchi (a 1996 IEEE paper).
  • Core Argument for this Ground:
    • Prior Art Mapping: Under an alternative theory, Petitioner argued that Kiuchi anticipates all limitations of claims 1 and 13 without modification. This argument re-characterizes Kiuchi's "client-side proxy" as itself being the claimed "data processing device." Petitioner asserted that the client-side proxy inherently contains a "client module" (which extracts a domain name from an HTTP request) and a "resolver" function that acts as the claimed "DNS proxy module." In this interpretation, the resolver function (DNS proxy module) intercepts the internal DNS request from the client module, determines if it is for a secure host by querying the C-HTTP name server, and then either initiates a secure channel or forwards the request to a conventional DNS server, thereby mapping directly onto the claimed invention.

Ground 3: Claims 1 and 13 are obvious over Dalton in view of Kiuchi

  • Prior Art Relied Upon: Dalton ("Applying Military Grade Security to the Internet," a 1997 JENC8 paper) and Kiuchi.
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Dalton discloses a firewalled Domain Name System in a "Compartmented Mode Workstation" (CMW) that intercepts all DNS requests. The CMW determines if a request is for a protected internal host or an external public host. For external hosts, it forwards the request to an external DNS server. For internal hosts, it resolves the IP address locally to initiate communication. However, Dalton does not explicitly teach automatically creating an encrypted channel for these internal communications. Kiuchi supplies this missing element by teaching the use of a central name server to return VPN resources (public keys, Nonce values) to automatically establish an encrypted channel over the internet.
    • Motivation to Combine: A POSITA would have been motivated to replace Dalton's private, closed Local Area Network (LAN) with the more cost-effective and flexible virtual private network taught by Kiuchi. The petition highlighted the strong incentives at the time (cost, speed, convenience) to move communications from expensive private circuits to the public internet. A POSITA would therefore logically modify Dalton's CMW to incorporate Kiuchi's mechanism for returning VPN resources to establish an encrypted channel for secure communications, thereby arriving at the claimed invention.
    • Expectation of Success: The combination would have been straightforward, as both Dalton's CMW and Kiuchi's C-HTTP name server are fundamentally DNS servers that perform a lookup service. Integrating Kiuchi's VPN functionality into Dalton's system was a predictable implementation to enhance security for communications over the public internet.

4. Key Claim Construction Positions

Petitioner argued for broad constructions of key terms, asserting that the Patent Owner was estopped from arguing for narrower interpretations due to its successful advocacy for these broad constructions in prior district court litigations.

  • "domain name": Argued to mean "a name corresponding to an IP address or a group of IP addresses," not limited to a traditional hierarchical DNS format. This broad construction is critical for the prior art to meet the limitation, as Kiuchi's system uses hostnames that correspond to IP addresses.
  • "domain name server (DNS) proxy module": Proposed as "a program that responds to a domain name inquiry in place of a DNS." Petitioner contended this module can be a software function on the same computer as the client, not necessarily a separate server, a position it asserts Patent Owner previously took.
  • "automatically initiating an encrypted channel": Argued to mean "initiating/creating the channel without involvement of a user." This construction is met by Kiuchi, where the secure channel is established transparently to the user after the initial request, based on the exchange of VPN credentials.

5. Arguments Regarding Discretionary Denial

The petition was filed concurrently with other proceedings involving the ’151 patent, including district court litigation and two merged inter partes reexaminations. Petitioner argued that this inter partes review (IPR) should be instituted and not be delayed or consolidated with other proceedings for several reasons:

  • The petition is highly streamlined, challenging only two claims based on two primary prior art references.
  • It advances new arguments and evidence that were not presented in the prior litigations or the pending reexaminations.
  • It does not present the timeliness issues that a separate IPR filed by Apple Inc. allegedly does.
  • Consolidating this IPR with others would unduly complicate matters and burden the Petitioner.

6. Relief Requested

  • Petitioner requests institution of an IPR and cancellation of claims 1 and 13 of Patent 7,490,151 as unpatentable.