Apple Inc v. VirnetX Inc

1. Case Identification

• Case #: IPR2015-00186
• Patent #: 7,921,211
• Filed: October 31, 2014
• Petitioner(s): Apple Inc.
• Patent Owner(s): VirnetX, Inc. and Science Application International Corporation
• Challenged Claims: 1-2, 5-6, 14-17, 19-23, 26-41, 43-47, and 50-60

2. Patent Overview

• Title: Agile Network Protocol for Secure Communications Using Secure Domain Names
• Brief Description: The ’211 patent describes systems and methods for establishing a secure communication link over a network. The technology centers on a domain name service (DNS) system that, in response to a standard name resolution query, can indicate whether it supports the creation of a secure connection, thereby allowing a client computer to transparently initiate a secure session.

3. Grounds for Unpatentability

Ground 1: Anticipation of Claims 1-2, 6, 14-17, 19-23, 26-41, 43-47, and 50-60 under 35 U.S.C. §102 by Provino

• Prior Art Relied Upon: Provino (Patent 6,557,037).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Provino discloses every limitation of the challenged claims. Provino describes a two-phase process for a client to securely connect to a server within a Virtual Private Network (VPN). In phase one, the client sends a query for a human-readable address to a standard nameserver (equivalent to the claimed DNS system), which returns the network address of a firewall. Petitioner contended this return of the firewall’s address constitutes the claimed "indication" that the system supports a secure link, as the firewall is the gateway for establishing an encrypted tunnel. In phase two, the client uses this secure tunnel to communicate with a VPN-specific nameserver to resolve addresses for internal servers and then communicates securely with those servers. This entire framework was alleged to meet the limitations of independent claims 1, 36, and 60, including storing domain names, receiving a query, and indicating support for a secure link.

Ground 2: Claims 29-32 and 53-56 are obvious over Provino in view of Kosiur

• Prior Art Relied Upon: Provino (Patent 6,557,037) and Kosiur (a 1998 book titled Building and Managing Virtual Private Networks).
• Core Argument for this Ground: This ground addressed dependent claims requiring the secure communication link to be capable of supporting a "plurality of services," such as video conferencing, email, audio, and video.
  • Prior Art Mapping: Petitioner asserted that Provino teaches the foundational secure VPN architecture. Kosiur was introduced to supply the common knowledge that such VPNs were routinely configured to support a wide variety of services and applications. Kosiur explicitly discusses using VPNs for applications including interactive multimedia, file transfers, web browsing, email, and IP telephony.
  • Motivation to Combine: A POSITA would combine Provino’s VPN system with the teachings of Kosiur to enhance its utility for business users. Since Provino’s system is intended for employees of a company or government agency, it would have been a predictable and desirable modification to configure the VPN to support the very productivity applications (email, multimedia) that Kosiur identifies as common uses for VPNs, thereby increasing the mobility and efficiency of remote employees.
  • Expectation of Success: The combination would have been straightforward, as it involved configuring a known VPN system to carry well-understood types of network traffic, presenting no technical hurdles.

Ground 3: Claims 16, 27, 33, 40, 51, and 57 are obvious over Provino in view of RFC 2660

• Prior Art Relied Upon: Provino (Patent 6,557,037) and RFC 2660 (a draft standard for Secure HTTP).

• Core Argument for this Ground: This ground served as an alternative argument for claims requiring a secure communication link "between" a first and second location, anticipating a potential patent owner argument that this requires true end-to-end encryption rather than just a tunnel to a firewall.

  • Prior Art Mapping: Provino teaches establishing a secure, encrypted tunnel from a client device to a firewall at the edge of a private network. RFC 2660 teaches the Secure HTTP (S-HTTP) protocol, which provides for end-to-end encrypted and authenticated communications directly between a client and a server application.
  • Motivation to Combine: A POSITA would combine these references to provide layered security. While Provino secures the link to the network perimeter, implementing S-HTTP as taught by RFC 2660 would further secure the communication all the way to the end server within the private network. This would be motivated by the desire to protect sensitive communications from being intercepted by others on the private network, such as network administrators.
  • Expectation of Success: A POSITA would have expected success in layering S-HTTP over Provino's VPN tunnel, as the protocols are not mutually exclusive and provide complementary security benefits.

• Additional Grounds: Petitioner asserted that claims 20, 21, 35, 44, 45, and 59 are obvious over Provino and RFC 1034 (the foundational DNS standard), arguing it would be obvious to use the standard domain name database structure from RFC 1034 in Provino's nameservers. Further, Petitioner separately asserted that claim 5 is anticipated by Provino or, alternatively, obvious over Provino and RFC 2660.

4. Key Claim Construction Positions

• "Domain Name Service System": Petitioner argued that, under the broadest reasonable interpretation and consistent with the patent owner's prior assertions, this term should encompass any system with the characteristics described by the claims, including one or more discrete computers or devices. This construction allows Provino’s system, comprising a standard nameserver, a firewall, and a VPN nameserver, to collectively be considered the claimed system.
• "Indicate/Indicating": Citing prior reexamination proceedings, Petitioner argued this term should encompass any visible or non-visible message or signal that the DNS system supports establishing a secure link, including the establishment of the link itself. This broad construction is critical to Petitioner's argument that Provino's return of a firewall address in response to a DNS query constitutes the claimed "indication."
• "Secure Communication Link": Petitioner adopted the patent owner's asserted construction of a "direct communication link that provides data security through encryption." This allowed Petitioner to map the encrypted VPN tunnel taught in Provino directly to this claim element.

5. Relief Requested

• Petitioner requested institution of an inter partes review and cancellation of claims 1-2, 5-6, 14-17, 19-23, 26-41, 43-47, and 50-60 of the ’211 patent as unpatentable.