Microsoft Corp v. VirnetX Inc

1. Case Identification

• Case #: IPR2014-00613
• Patent #: 7,418,504
• Filed: April 11, 2014
• Petitioner(s): Microsoft Corporation
• Challenged Claims: 1, 2, 6, 14-17, 19-23, 26-41, 43-47, and 50-60

2. Patent Overview

• Title: Agile Network Protocol for Secure Communications Using Secure Domain Names
• Brief Description: The ’504 patent describes a domain name service system configured to establish a secure communication link. The system is connected to a network, stores domain names and corresponding network addresses, receives queries, and provides an indication that it supports secure communications.

3. Grounds for Unpatentability

Ground 1: Anticipation over Provino - Claims 1, 2, 6, 14-17, 19-23, 26-28, 33-41, 43-47, 50-52, and 57-60 are anticipated under 35 U.S.C. §102 by Provino.

• Prior Art Relied Upon: Provino (Patent 6,557,037).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Provino discloses every element of the challenged claims. Provino describes a system for secure communication between a client device on a public network and a server within a private network (VPN). Petitioner asserted that Provino’s combination of a standard name server (17), a firewall (30), and a VPN name server (32) collectively constitutes the claimed "domain name service system." This system connects to the Internet, stores human-readable addresses (domain names) and corresponding IP addresses (network addresses), and receives queries from a client device. Petitioner contended that Provino’s system provides an "indication" of secure communication support when, for example, the name server returns the address of the firewall, or the firewall provides encryption information, both of which are prerequisites to establishing the taught secure tunnel.
  • Key Aspects: This ground asserted that Provino's two-phase process for establishing a secure tunnel inherently discloses all steps of the claimed methods and all components of the claimed systems, including responding to queries and enabling secure link establishment.

Ground 2: Obviousness over Provino and Kosiur - Claims 29-32 and 53-56 are obvious over Provino in view of Kosiur.

• Prior Art Relied Upon: Provino (Patent 6,557,037) and Kosiur (a 1998 book titled "Building and Managing Virtual Private Networks").
• Core Argument for this Ground:
  • Prior Art Mapping: This ground addressed claims requiring the secure communication link to be capable of supporting a "plurality of services," such as communication protocols, application programs (e.g., video conferencing, e-mail), and various data types (audio, video). Petitioner argued that while Provino teaches the foundational secure VPN, Kosiur explicitly teaches that VPNs of the era were commonly used to support a wide variety of applications to enhance business productivity and mobility.
  • Motivation to Combine: A POSITA would combine Kosiur's teachings with Provino's system for the predictable purpose of improving its utility. As companies increasingly relied on applications like e-mail and videoconferencing, it would have been a simple and desirable design choice to ensure a secure remote access system like Provino's could support these common services for employees.
  • Expectation of Success: The combination was argued to be predictable because Kosiur described these services as common applications for VPNs, indicating that their integration was well-understood and routine at the time.

Ground 3: Obviousness over Provino and RFC 2660 - Claims 16, 27, 33, 40, 51, and 57 are obvious over Provino in view of RFC 2660.

• Prior Art Relied Upon: Provino (Patent 6,557,037) and RFC 2660 (a 1999 draft publication concerning Secure HyperText Transfer Protocol, S-HTTP).

• Core Argument for this Ground:

  • Prior Art Mapping: This ground targeted claims requiring the establishment of a secure link "between a first location and a second location," which Petitioner argued could be construed to require end-to-end encryption. Petitioner asserted that Provino teaches a secure tunnel between a client device and a firewall, but RFC 2660 teaches the implementation of true end-to-end encryption between a client and a server using S-HTTP.
  • Motivation to Combine: A POSITA would have been motivated to incorporate the S-HTTP protocol from RFC 2660 into Provino’s system to provide stronger, end-to-end security. This would be desirable to protect sensitive data not just from outside attackers but also from interception within the private network (e.g., by network administrators), a known security concern.
  • Expectation of Success: RFC 2660 states that S-HTTP is compatible with standard HTTP and designed for interoperation. Therefore, a POSITA would have reasonably expected to successfully integrate S-HTTP into the communication flow of Provino’s system to achieve end-to-end encryption.

• Additional Grounds: Petitioner asserted an additional obviousness challenge (Ground 2) based on combining Provino with RFC 1034 to explicitly teach a "domain name database," arguing that RFC 1034’s description of standard DNS architecture would have made it obvious to use a formal database structure in Provino’s name servers for efficient data organization and retrieval.

4. Key Claim Construction Positions

• domain name service system: Petitioner proposed this term should encompass any system with the claimed characteristics, including one comprising multiple discrete devices. This construction was central to arguing that Provino’s distributed components (firewall, standard name server, VPN name server) collectively met the limitations for a single "system."
• indication: Petitioner argued for a broad construction including any visible or non-visible message, signal, or even the successful establishment of the secure link itself. This allowed Petitioner to map various data returned by Provino’s system, such as a firewall's IP address or encryption keys, to this claim term.

5. Key Technical Contentions (Beyond Claim Construction)

• Effective Priority Date: A central contention was that the challenged claims were not entitled to a priority date earlier than February 15, 2000. Petitioner argued that key claim terms, such as "domain name service," lacked written description support in the parent applications filed before this date. This assertion was critical to establishing Provino (filed May 29, 1998) as qualifying prior art under pre-AIA 35 U.S.C. §102(e).

6. Relief Requested

• Petitioner requested institution of an inter partes review and cancellation of claims 1, 2, 6, 14-17, 19-23, 26-41, 43-47, and 50-60 of the ’504 patent as unpatentable.