Microsoft Corp v. VirnetX Inc

1. Case Identification

• Case #: IPR2014-01418
• Patent #: 7,188,180
• Filed: August 29, 2014
• Petitioner(s): Microsoft Corp.
• Patent Owner(s): VirnetX, Inc. and Science Application International Corporation
• Challenged Claims: 1, 4, 6, 10, 12-15, 17, 20, 22, 26, 28-31, 33, 35, and 37

2. Patent Overview

• Title: Method for Establishing Secure Communication Link Between Computers of Virtual Private Network
• Brief Description: The ’180 patent discloses methods and systems for establishing a secure communication link, such as a virtual private network (VPN), between computers. The invention uses a specialized secure domain name service to resolve a non-standard "secure domain name" to a secure network address, enabling an external computer to securely connect with a computer inside a private network.

3. Grounds for Unpatentability

Ground 1: Anticipation by Provino - Claims 1, 10, 12-15, 17, 26, 28-31, and 33 are anticipated under 35 U.S.C. §102 by Provino.

• Prior Art Relied Upon: Provino (Patent 6,557,037).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Provino discloses every element of the challenged claims. Provino describes a two-phase process for an external device to securely connect to a server within a private VPN. In the first phase, a secure tunnel is established with the VPN's firewall. In the second phase, the external device uses a human-readable address for the internal server, which is analogous to the ’180 patent's "secure domain name." Because a conventional external nameserver cannot resolve this address, the device queries a nameserver located inside the VPN (the "secure domain name service"). This internal nameserver resolves the human-readable address to the server's integer IP address (the "secure computer network address"), which is then returned to the external device to establish communication.

Ground 2: Obviousness over Provino, Guillen, and Kosiur - Claims 4, 6, 20, 22, 35, and 37 are obvious over Provino in view of Guillen and Kosiur.

• Prior Art Relied Upon: Provino (Patent 6,557,037), Guillen (1993 International Conference on Network Protocols), and Kosiur (Building and Managing Virtual Private Networks (1998)).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground addresses dependent claims that add limitations related to "provisioning information" and a "predetermined level of service." Petitioner asserted that while Provino teaches the base system, Guillen teaches the use of Quality of Service (QoS) parameters to ensure network communications meet the needs of specific applications (e.g., multimedia). These QoS parameters, which represent a "predetermined level of service," are precisely the type of "provisioning information" recited in the claims. Kosiur provides general background on VPNs.
  • Motivation to Combine: A POSITA would combine Guillen's teachings with Provino's VPN architecture to improve network performance. As applications with varying bandwidth and latency requirements (like multimedia) became more common, it was a known and desirable goal to manage network resources effectively. A POSITA would naturally look to well-known QoS techniques like those in Guillen and integrate them into the name resolution process of a system like Provino's.
  • Expectation of Success: A POSITA would have a high expectation of success in storing QoS parameters in a nameserver alongside IP addresses, as suggested by Guillen's teaching of using directory services (like DNS) for address resolution. Modifying Provino's internal nameserver to store and return QoS data would have been a straightforward implementation.

Ground 3: Anticipation by RFC 2543 - Claims 1, 4, 6, 10, 12-15, 17, 20, 22, 26, 28-31, 33, 35, and 37 are anticipated under 35 U.S.C. §102 by RFC 2543.

• Prior Art Relied Upon: RFC 2543 ("SIP: Session Initiation Protocol").

• Core Argument for this Ground:

  • Prior Art Mapping: Petitioner contended that RFC 2543, which defines the Session Initiation Protocol (SIP), anticipates all challenged claims. In the SIP framework, a user is identified by a SIP URL (e.g., user@domain.com), which Petitioner mapped to the claimed "secure domain name" because it is a non-standard name. To initiate a call, a caller sends a request to a SIP proxy server associated with the callee's domain. This proxy server functions as the "secure domain name service" by resolving the callee's SIP URL to their current IP address (the "secure computer network address"). Once the address is resolved and the call is accepted, a secure communication link for exchanging session data is established, fulfilling the method steps of claim 1. RFC 2543 also discloses including session parameters, such as bandwidth and quality of service levels, in the setup messages, which meets the "provisioning information" limitations.

• Additional Grounds: Petitioner asserted an additional obviousness challenge (Ground 4) alleging that claims 1, 4, 6, 10, 12-15, 17, 20, 22, 26, 28-31, 33, 35, and 37 are obvious over RFC 2543 in view of RFC 2327, RFC 1889, and RFC 2401. This ground argued that even if RFC 2543 alone did not teach every detail, these additional references, which RFC 2543 explicitly incorporates for session description and security protocols, supply any missing elements.

4. Key Claim Construction Positions

Petitioner argued for constructions of several key terms based on their broadest reasonable interpretation in light of the specification and prosecution history.

• "Secure Domain Name": Petitioner proposed a construction of "a non-standard domain name that corresponds to a secure computer network address and cannot be resolved by a conventional DNS." This construction was argued to be critical because it captures the invention's core departure from standard internet name resolution.
• "Secure Domain (Name) Service": Consistent with the above, Petitioner proposed this term be construed as "a service that can resolve secure computer network addresses for a secure domain name for which a conventional domain name service cannot resolve addresses." This distinguishes the claimed service from a standard DNS server.
• "Provisioning Information": Petitioner proposed this term encompass "information that enables communication in a virtual private network," including details like encryption keys or QoS parameters.

5. Relief Requested

• Petitioner requests institution of inter partes review and cancellation of claims 1, 4, 6, 10, 12-15, 17, 20, 22, 26, 28-31, 33, 35, and 37 of the ’180 patent as unpatentable.