Microsoft Corp v. VirnetX Inc

1. Case Identification

• Case #: IPR2014-00558
• Patent #: 6,502,135
• Filed: March 31, 2014
• Petitioner(s): Microsoft Corporation
• Patent Owner(s): VirnetX Inc.
• Challenged Claims: 1, 3, 4, 7, 8, 10, 12, and 13

2. Patent Overview

• Title: Agile Network Protocol for Secure Communications With Assured System Availability
• Brief Description: The ’135 patent describes methods and systems for transparently establishing a secure communication channel, such as a virtual private network (VPN), over a public network. The invention initiates the VPN automatically when a client computer makes a Domain Name Service (DNS) request for a resource determined to be on a secure network, often using a DNS proxy server to intercept and manage the request.

3. Grounds for Unpatentability

Ground 1: Anticipation of Claims 1, 3, 4, 7, 8, 10, 12, and 13 by Aventail

• Prior Art Relied Upon: Aventail (Aventail Connect v3.01/2.51 and Extranet Center v3.0 Administrator's Guides, 1999).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that the Aventail reference, describing a commercial VPN system, disclosed every element of the challenged claims. Independent claim 1’s method for transparently creating a VPN is taught by Aventail’s system, which intercepts DNS requests on a client computer and evaluates them against redirection rules to determine if a secure connection is needed. If a secure destination is identified, the system automatically initiates a VPN to an Aventail ExtraNet Server (AES). For independent system claim 10, Petitioner asserted that the Aventail Connect client software functions as the claimed "DNS proxy server" and the AES functions as the claimed "gatekeeper computer." For independent method claim 13, Aventail’s AES was shown to maintain authentication tables to verify that a connection request is from an authorized client before establishing a secure link.

Ground 2: Anticipation of Claims 1-4, 7, 8, 10, and 12 by Kiuchi

• Prior Art Relied Upon: Kiuchi (IEEE publication, “C-HTTP - The Development of a Secure, Closed HTTP-based Network on the Internet,” 1996).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner contended that Kiuchi’s "C-HTTP" protocol for creating a closed, secure network over the Internet anticipated the challenged claims. Kiuchi’s method involved a client-side proxy intercepting a user's web request and sending a query to a central C-HTTP name server to resolve the hostname. This C-HTTP name server determined if the destination was part of the secure network and if the client was authorized. If authorized, the server returned information used by the client-side proxy to establish an encrypted connection with a server-side proxy, thereby transparently creating a VPN as required by claim 1. Petitioner mapped Kiuchi's client-side proxy to the "DNS proxy server" and the server-side proxy to the "gatekeeper computer" of claim 10, arguing the C-HTTP name server performed the authorization and resource allocation functions.

Ground 3: Obviousness of Claim 8 over Kiuchi in view of RFC 1034

• Prior Art Relied Upon: Kiuchi (IEEE publication, 1996) and RFC 1034 (IETF Standard, “Domain Names – Concepts and Facilities,” 1987).
• Core Argument for this Ground:
  • Prior Art Mapping: Claim 8 depends from claim 1 and adds the limitation that the DNS proxy server passes a request through to a standard DNS server if access to a secure site is not requested. In Kiuchi, if the C-HTTP name server determines a destination is non-secure, it returns an error code to the client-side proxy, which then initiates a new, separate lookup with a conventional DNS server. RFC 1034 describes the standard functional requirements of DNS name servers.
  • Motivation to Combine: A POSITA would have been motivated to modify Kiuchi’s system for efficiency. Instead of the inefficient two-step process (error code followed by a new client-initiated DNS lookup), it would have been an obvious design choice to integrate the standard DNS lookup functionality directly into the C-HTTP name server. This would allow the C-HTTP server to simply forward requests for non-secure sites to a conventional DNS server for resolution.
  • Expectation of Success: A POSITA would have a high expectation of success in making this modification, as it involved streamlining a process by integrating a standard, well-known network function (DNS lookup) into a specialized name server that already possessed name service functionality.
• Additional Grounds: Petitioner asserted additional obviousness challenges, including that all anticipated claims were alternatively obvious over the Aventail documents treated as separate references, and that claim 4 was obvious over Aventail in view of RFC 1035.

4. Key Claim Construction Positions

• "Virtual Private Network (VPN)" (claims 1, 10, 13): Petitioner argued for the broad construction of "a private network that is configured within a public network." This position was asserted against the Patent Owner's narrower constructions from district court litigation that required (i) encryption and (ii) direct communication between computers. Petitioner argued the ’135 patent specification explicitly describes non-encryption security (e.g., IP hopping) and that any prosecution history disclaimer regarding "direct communication" is inapplicable under the Broadest Reasonable Interpretation standard used in an inter partes review (IPR).
• "DNS Proxy Server" (claims 10, 8): For the purposes of the petition, Petitioner adopted the construction previously asserted by the Patent Owner: "a computer or program that responds to a domain name inquiry in place of a DNS."

5. Arguments Regarding Discretionary Denial

• Petitioner presented extensive arguments that the petition was not time-barred under 35 U.S.C. §315(b) by prior litigations in 2007 and 2010.
• Effect of "Without Prejudice" Dismissal: Petitioner argued that because the prior litigations were settled and Microsoft's invalidity defenses were dismissed "without prejudice," the service of the complaints in those cases was nullified for the purposes of the §315(b) one-year clock. The settlement agreement expressly preserved Microsoft's right to challenge the patent's validity in the future.
• Interpretation of §315(b): As an alternative, Petitioner argued that the statutory language "served with a complaint" is ambiguous and should be interpreted to mean the one-year bar runs from the most recent complaint (from the 2013 litigation), not the first-ever complaint. This interpretation, Petitioner contended, aligns with congressional intent to prevent harassment while still allowing an accused infringer to challenge a patent when sued again after a settlement.

6. Relief Requested

• Petitioner requested institution of an IPR and cancellation of claims 1, 3, 4, 7, 8, 10, 12, and 13 of the ’135 patent as unpatentable.