PTAB

IPR2014-00485

Apple Inc v. VirnetX Inc

Log In
Key Events
Petition
petition Intelligence

1. Case Identification

2. Patent Overview

  • Title: Method for Establishing Secure Communication Link Between Computers of Virtual Private Network
  • Brief Description: The ’181 patent discloses methods for establishing a secure communication link, such as a Virtual Private Network (VPN), between computers. The system relies on a "secure name service" to resolve a "secure name" associated with a device to its network address, enabling secure communication over a public network.

3. Grounds for Unpatentability

Ground 1: Anticipation over RFC 2543 - Claims 1-29 are anticipated by RFC 2543.

  • Prior Art Relied Upon: RFC 2543 (“SIP: Session Initiation Protocol”).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that RFC 2543, which defines the Session Initiation Protocol (SIP), discloses every element of the challenged claims. The SIP protocol establishes multimedia sessions between devices (a caller and callee) using SIP Uniform Resource Locators (URLs) in the form of "user@domain name". Petitioner asserted that a SIP URL functions as the claimed "secure name" because it is a non-standard name that cannot be resolved by a conventional Domain Name System (DNS) server, but instead requires a dedicated SIP server. This SIP server, which resolves the SIP URL to the callee's current network address, functions as the claimed "secure name service." The process detailed in RFC 2543 for initiating a call (e.g., sending an INVITE message), receiving a response, and exchanging session data (which can be encrypted) directly maps to the method steps of the independent claims. Dependent claims are also anticipated as RFC 2543 discloses optional features like encryption, multiple media streams (e.g., audio and video), and authentication.

Ground 2: Anticipation over Provino - Claims 1-29 are anticipated by Provino.

  • Prior Art Relied Upon: Provino (Patent 6,557,037).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner contended that Provino, which describes a system for establishing VPNs between external devices on a public network and internal devices on a private network, anticipates all challenged claims. In Provino's system, an internal device is associated with a private, human-readable "secondary address" that is not resolvable on the public internet; Petitioner mapped this to the claimed "secure name." An internal nameserver, located behind a firewall, resolves this secondary address to an IP address; this nameserver functions as the "secure name service." The publicly accessible domain name of the firewall itself was mapped to the "unsecured name." Petitioner argued that Provino’s two-phase process—where an external device first authenticates with the firewall to establish a VPN and then sends an encrypted request through the VPN to the internal nameserver to resolve the internal device's secure name—discloses the claimed methods of securely establishing a communication link.

Ground 3: Obviousness over RFC 2543 and RFC 2401 - Claims 1-29 are obvious over RFC 2543 in view of RFC 2401.

  • Prior Art Relied Upon: RFC 2543, and RFC 2401 (“Security Architecture for the Internet Protocol”).

  • Core Argument for this Ground:

    • Prior Art Mapping: This ground was presented as an alternative to anticipation. If the Board were to find that RFC 2543 does not inherently teach the encryption of all network traffic required for a "secure communication link," this combination renders the claims obvious. RFC 2401 defines the IPsec protocol, a well-known standard for securing communications at the IP layer through tunneling and encryption.
    • Motivation to Combine: A POSITA would combine RFC 2543 with RFC 2401 because RFC 2543 explicitly refers to IPsec as a known method for implementing security for SIP messages. It would have been an obvious design choice to use the IPsec tunneling protocol defined in RFC 2401 to encrypt all SIP session traffic, thereby ensuring a fully secure communication link.
    • Expectation of Success: Both RFC 2543 and RFC 2401 are IETF standards designed to be implemented within the same internet protocol suite. A POSITA would have had a high expectation of success in using IPsec to secure SIP communications as suggested by RFC 2543 itself.

  • Additional Grounds: Petitioner asserted additional obviousness challenges, including combining RFC 2543 with RFC 1889 and RFC 2327 to teach full encryption of network traffic. Another ground combined RFC 2543 with Kiuchi to teach the use of non-standard domain names if SIP URLs were found not to meet that limitation. Finally, Petitioner argued that claims 12-17 were obvious over Provino in view of Beser or Kosiur, which taught using VPNs to carry a wide variety of data types and protocols.

4. Key Claim Construction Positions

  • "secure name": Petitioner argued this term should be construed as "a non-standard domain name that cannot be resolved by a conventional domain name server." This construction was based on the patent's differentiation from "unsecured names" and the Patent Owner's arguments during prosecution of related patents. This construction is central because it allows prior art systems with proprietary or non-standard naming schemes (like SIP URLs in RFC 2543 or secondary addresses in Provino) to meet the limitation.
  • "secure name service": Consistent with the above, Petitioner argued this term should mean "a service that can resolve network addresses for a secure name for which a conventional name service cannot resolve addresses." This construction positions specialized servers, such as SIP proxy servers or Provino's internal nameserver, as the claimed service, distinct from standard public DNS.

5. Relief Requested

  • Petitioner requests institution of an inter partes review and cancellation of claims 1-29 of the ’181 patent as unpatentable.