Apple Inc v. VirnetX Inc

1. Case Identification

• Case #: IPR2013-00398
• Patent #: 7,921,211
• Filed: July 1, 2013
• Petitioner(s): Apple Inc.
• Patent Owner(s): VirnetX, Inc. and Science Application International Corporation
• Challenged Claims: 1-3, 5-8, and 14-60

2. Patent Overview

• Title: Agile Network Protocol for Secure Communications Using Secure Domain Names
• Brief Description: The ’211 patent discloses systems and methods for establishing a secure communication link, such as a virtual private network (VPN), by using a domain name service (DNS) system. The DNS system indicates whether it supports secure communications in response to a query for a network address.

3. Grounds for Unpatentability

Ground 1: Anticipation of Claims 1-3, 5-8, and 14-60 by Beser

• Prior Art Relied Upon: Beser (Patent 6,496,867).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Beser discloses every element of the challenged claims. Beser describes a system for establishing a secure IP tunneling association between two devices using a trusted-third-party network device, which can be a domain name server. This trusted device performs the functions of the claimed "domain name service system" by storing unique identifiers (e.g., domain names) and corresponding network addresses, receiving a query for a network address, and indicating its support for establishing a secure link by negotiating and providing private IP addresses to create a secure tunnel. Petitioner asserted that Beser’s disclosure of using standard and non-standard identifiers (like dial-up numbers) and cryptographic techniques for authentication anticipates the various dependent claims.

Ground 2: Obviousness of Claims 1-3, 5-8, and 14-60 over Beser in view of RFC 2401

• Prior Art Relied Upon: Beser (Patent 6,496,867) and RFC 2401 ("Security Architecture for the Internet Protocol").
• Core Argument for this Ground:
  • Prior Art Mapping: This ground was presented as an alternative to Ground 1. Petitioner argued that if Beser were found not to teach the encryption of all IP packets sent through its IP tunnels, a person of ordinary skill in the art (POSITA) would have found it obvious to implement such a feature using the teachings of RFC 2401. RFC 2401 describes the IPSec standard, which explicitly teaches that all traffic sent over secure IP tunnels is automatically encrypted.
  • Motivation to Combine: A POSITA would combine Beser and RFC 2401 because Beser explicitly refers to the IPSec protocol (defined in RFC 2401) as a conventional way to establish IP tunnels. Beser also explains that its IP tunneling schemes are compliant with standards-based processes, making the integration of the IPSec standard a predictable and logical step.
  • Expectation of Success: A POSITA would have had a high expectation of success because Beser describes network designs using edge routers and gateways that are identical to the network configurations for which RFC 2401 provides standardized encryption schemes.

Ground 3: Anticipation of Claims 1-2, 5-8, 14-28, 33-52, and 57-60 by Provino

• Prior Art Relied Upon: Provino (Patent 6,557,037).

• Core Argument for this Ground:

  • Prior Art Mapping: Petitioner asserted that Provino anticipates the challenged claims by describing a system for establishing secure communications between an external device on a public network and an internal device on a private network (VPN). Provino's system uses external and internal nameservers (DNS servers) and a firewall, which collectively function as the claimed "domain name service system." When an external device queries the external nameserver for a domain name associated with the VPN, the system responds by referring the device to the firewall, which authenticates the device and establishes a secure, encrypted tunnel. This process of establishing the tunnel serves as the "indication" that the system supports secure communications, thereby meeting the limitations of independent claim 1.

• Additional Grounds: Petitioner asserted an additional obviousness challenge against claims 3, 25, 29-32, 49, and 53-56 based on Provino in view of Beser. The core argument was that a POSITA would have been motivated to combine the references to solve a problem identified in Provino (unprotected source addresses in encrypted packets) using the solution taught by Beser.

4. Key Claim Construction Positions

Petitioner argued that several claim terms should be given their broadest reasonable construction, encompassing meanings asserted by the Patent Owner in concurrent litigation.

• "Domain Name Service System": Petitioner contended this term should be construed as "a lookup service, comprising one or more applications or devices, that will return to a requester an IP address or an error code in response to a domain name resolution request." This construction is broad enough to cover systems comprising single or multiple devices, consistent with Examiner findings in a related reexamination.
• "Indication": Petitioner argued this term should encompass anything that indicates the DNS system supports secure communications. This could include a visible signal or, critically, the successful establishment of the secure communication link itself.
• "Secure Communication Link": Petitioner argued this term, described in the patent as a VPN, should not be limited to links where all network traffic is encrypted. The patent specification states that encryption is "usually" used and describes security via non-encryption techniques like IP address "hopping." This construction was central to the anticipation arguments, as it would read on prior art that establishes secure tunnels without mandating universal encryption.

7. Relief Requested

• Petitioner requested institution of an inter partes review and cancellation of claims 1-3, 5-8, and 14-60 of the ’211 patent as unpatentable.