Microsoft Corp v. VirnetX Inc

1. Case Identification

• Case #: IPR2014-00405
• Patent #: 7,188,180
• Filed: January 31, 2014
• Petitioner(s): Microsoft Corporation
• Patent Owner(s): VirnetX Inc.
• Challenged Claims: 1, 4, 6, 10, 12-15, 17, 20, 22, 26, 28-31, 33, 35, and 37

2. Patent Overview

• Title: Method for Establishing Secure Communication Link Between Computers of Virtual Private Network
• Brief Description: The ’180 patent discloses a method for establishing a secure virtual private network (VPN) communication link. The method involves using a non-standard, secure domain name that cannot be resolved by a conventional Domain Name System (DNS), querying a specialized secure domain name service (SDNS) to obtain a corresponding secure network address, and then using that address to establish the secure VPN link.

3. Grounds for Unpatentability

Ground 1: Claims 1, 4, 10, 12-15, 17, 20, 26, 28-31, 33, and 35 are anticipated by Kiuchi under 35 U.S.C. § 102.

• Prior Art Relied Upon: Kiuchi (Takahiro Kiuchi et al., C-HTTP -- The Development of a Secure, Closed HTTP-based Network on the Internet, Feb. 1996).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that every limitation of the independent claims is disclosed in Kiuchi’s description of a “C-HTTP” protocol for creating a “closed HTTP-based virtual network.” The method begins when a user selects a URL with a non-standard hostname (the claimed “secure domain name”). A client-side proxy then sends a query message to a C-HTTP name server (the “secure domain name service”), which returns the IP address of a server-side proxy (the “secure computer network address”). The response message from the C-HTTP name server also includes the public key of the server-side proxy and nonce values, satisfying the “provisioning information” limitation of dependent claim 4. Critically, after the client-side and server-side proxies establish an encrypted C-HTTP connection (the “virtual private network communication link”), the client-side proxy sends access request messages over this established secure link to the server-side proxy’s IP address.

Ground 2: Claims 6, 22, and 37 are obvious over Kiuchi in view of Tavs under 35 U.S.C. § 103.

• Prior Art Relied Upon: Kiuchi (a 1996 symposium proceeding) and Tavs (Patent 6,073,175).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner asserted that Kiuchi discloses the base VPN system recited in the independent claims. The challenged dependent claims add the limitation that the VPN is based on inserting into a data packet a value representing a “predetermined level of service.” Tavs directly addresses this concept by teaching a system for managing network congestion that uses a nearly identical client-proxy and server-proxy architecture. In Tavs, the client-proxy embeds service-level information, such as PICS ratings indicating business relevance, into HTTP header requests to allow for traffic prioritization across the network.
  • Motivation to Combine: A POSITA would combine Kiuchi’s secure network with Tavs’ traffic prioritization method to solve the well-known problem of network congestion. This combination would empower network operators to prioritize business-critical traffic within the secure C-HTTP network, a common and predictable improvement for enterprise networks.
  • Expectation of Success: A POSITA would have a high expectation of success because both Kiuchi and Tavs describe similar client-server proxy architectures operating over standard network protocols. Integrating the service-level data from Tavs into Kiuchi’s data packets would be a straightforward and predictable modification for a person skilled in network protocol design.

Ground 3: Claims 1, 4, 10, 12-15, 17, 20, 26, 28-31, 33, and 35 are obvious over Kiuchi in view of Bhatti.

• Prior Art Relied Upon: Kiuchi (a 1996 symposium proceeding) and Bhatti (Patent 8,200,837).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner presented this ground as an alternative to the anticipation argument in Ground 1. This ground assumes, for the sake of argument, that Kiuchi does not explicitly teach sending an "access request message" over the established C-HTTP connection. Bhatti remedies this alleged deficiency by disclosing a standard framework for HTTP communications where a user terminal generates and sends an "access request" to a content server to retrieve a file. Kiuchi provides the underlying secure C-HTTP tunnel built upon HTTP protocols.
  • Motivation to Combine: A POSITA would naturally implement the standard HTTP access requests of Bhatti within Kiuchi’s system because Kiuchi’s framework is based on HTTP and is designed to be transparent to the user agent. The fundamental purpose of establishing a secure connection like Kiuchi's is to send requests for content, and Bhatti simply teaches the conventional and "typical" method for structuring such requests. The combination is merely using a secure tunnel for its intended and obvious purpose.
• Additional Grounds: Petitioner asserted an additional obviousness challenge against claims 6, 22, and 37 based on the combination of Kiuchi, Bhatti, and Tavs, arguing that the motivation to add Tavs' quality-of-service features would be unaffected by the inclusion of Bhatti's standard access request teachings.

4. Key Claim Construction Positions

• "virtual private network": Petitioner argued for a construction consistent with a prior district court ruling: “a network of computers that privately communicate with each other by encrypting traffic on insecure communication paths between the computers.” This construction was central to mapping Kiuchi’s C-HTTP system, which creates an encrypted network between proxies over the public internet, to the claims.
• "secure domain name": Petitioner proposed this term be construed as “a non-standard domain name that corresponds to a secure computer network address and cannot be resolved by a conventional DNS.” This construction was critical for aligning the claims with Kiuchi’s use of a proprietary C-HTTP name server to resolve hostnames that a public DNS could not.
• "provisioning information": Petitioner argued for a broad construction of “information that enables communication in a virtual private network.” This allowed Petitioner to map the public key and nonce values provided by Kiuchi’s C-HTTP name server to this claim element, as they are necessary to establish the encrypted C-HTTP connection.

5. Relief Requested

• Petitioner requests institution of an inter partes review and cancellation of claims 1, 4, 6, 10, 12-15, 17, 20, 22, 26, 28-31, 33, 35, and 37 of Patent 7,188,180 as unpatentable.