Apple Inc v. VirnetX Inc

1. Case Identification

• Case #: IPR2013-00394
• Patent #: 7,418,504
• Filed: July 1, 2013
• Petitioner(s): Apple Inc.
• Patent Owner(s): VirnetX, Inc. and Science Application International Corporation
• Challenged Claims: 1-3, 5-8, and 14-60

2. Patent Overview

• Title: Agile Network Protocol for Secure Communications Using Secure Domain Names
• Brief Description: The ’504 patent describes systems and methods for establishing a secure communication link, such as a virtual private network (VPN), by using a domain name service (DNS) system. The DNS system is configured to provide an indication that it supports secure communications in response to a query for a network address.

3. Grounds for Unpatentability

Ground 1: Anticipation by Beser - Claims 1-3, 5-8, and 14-60 are anticipated by Beser under 35 U.S.C. §102(e).

• Prior Art Relied Upon: Beser (Patent 6,496,867).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Beser disclosed every limitation of the challenged claims. Beser described a system for establishing a secure IP tunneling association between two end devices using a trusted-third-party network device, which it stated could be a domain name server. This trusted-third-party device allegedly met the limitations of the claimed "domain name service system" by storing a plurality of unique identifiers (e.g., domain names) and corresponding network addresses in a database. Petitioner asserted that Beser’s system was configured to "receive a query for a network address" when an originating device sent a request containing a unique identifier to the trusted-third-party device. The subsequent establishment of a secure tunnel and provision of private IP addresses to the network devices comprised the claimed "indication that the domain name service system supports establishing a secure communication link." Beser’s disclosure of using non-standard identifiers like dial-up numbers was argued to anticipate claims requiring non-standard or secure names.

Ground 2: Anticipation by Provino - Claims 1-2, 5-8, 14-28, 33-52, and 57-60 are anticipated by Provino under 35 U.S.C. §102(e).

• Prior Art Relied Upon: Provino (Patent 6,557,037).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner contended that Provino taught a system for enabling secure communication between an external device and a device within a private VPN by facilitating domain name resolution through a combination of nameservers and a firewall. This combination of components was argued to constitute the claimed "domain name service system." The system stored domain names corresponding to internal devices and their network addresses. Petitioner argued Provino disclosed receiving a query when an external device requested to resolve a domain name associated with an internal device. The system responded by establishing a secure, encrypted tunnel. The "indication" of support for secure communications was provided when the external nameserver identified the location of the security gateway (firewall) in response to the initial query.

Ground 3: Obviousness over Beser and RFC 2401 - Claims 1-3, 5-8, and 14-60 are obvious over Beser in view of RFC 2401.

• Prior Art Relied Upon: Beser (Patent 6,496,867) and RFC 2401 (“Security Architecture for the Internet Protocol,” Nov. 1998).

• Core Argument for this Ground:

  • Prior Art Mapping: Petitioner presented this ground as an alternative, arguing that even if Beser was found not to explicitly teach the encryption of all network traffic within its secure tunnels, the combination with RFC 2401 would have rendered this feature obvious. RFC 2401 described the IPSec standard, which provided for the automatic encryption of all traffic sent through secure IP tunnels between security gateways like edge routers.
  • Motivation to Combine: A person of ordinary skill in the art (POSITA) would combine Beser and RFC 2401 because Beser explicitly identified the IPSec protocol (defined in RFC 2401) as the conventional method for establishing IP tunnels. Further, Beser’s described network architecture, using edge routers and gateways, was precisely the type of configuration for which the IPSec protocol of RFC 2401 was designed.
  • Expectation of Success: A POSITA would have had a reasonable expectation of success because Beser’s system was described as compliant with standards-based processes. Integrating the well-defined, modular IPSec framework from RFC 2401 to ensure all traffic was encrypted would have been a straightforward implementation to enhance security, a known goal in the art.

• Additional Grounds: Petitioner asserted additional obviousness challenges based on Provino in view of Beser for claims 3, 25, 29-32, 49, and 53-56. This combination was argued to be motivated by Beser's solution to a problem of readable source addresses in encrypted packets, a problem identified in Provino.

4. Key Claim Construction Positions

Petitioner argued for the broadest reasonable construction for several key terms, asserting they were not explicitly defined in the ’504 patent’s specification.

• "Indication that the domain name service system supports establishing a secure communication link": Petitioner argued this term should be construed broadly to encompass any signal or event that informs a user or device of the system’s capability for secure communication. This included not only explicit signals but also the successful establishment of the secure link itself, as the ability to form the link is itself an indication of support.
• "Secure Communication Link": Petitioner contended this term should encompass virtual private networks but should not be limited to require data encryption. Citing the specification’s use of words like "usually" and "preferably" regarding encryption, Petitioner argued that security could also be achieved through other techniques like obfuscation, which were known at the time. This construction was central to applying prior art that described secure tunnels without mandating encryption of all traffic.
• "Domain Name": While acknowledging the ordinary meaning of a hierarchical name, Petitioner argued that the broadest reasonable construction should encompass the Patent Owner’s litigation position that a "domain name" is simply "a name corresponding to an IP address."

5. Relief Requested

• Petitioner requested institution of an inter partes review and cancellation of claims 1-3, 5-8, and 14-60 of the ’504 patent as unpatentable.