Apple Inc v. VirnetX Inc

1. Case Identification

• Case #: IPR2015-00188
• Patent #: 7,418,504
• Filed: October 31, 2014
• Petitioner(s): Apple Inc.
• Patent Owner(s): VirnetX, Inc. and Science Application International Corporation
• Challenged Claims: 1-2, 5-6, 14-17, 19-23, 26-41, 43-47, 50-60

2. Patent Overview

• Title: Agile Network Protocol for Secure Communications Using Secure Domain Names
• Brief Description: The ’504 patent describes systems and methods for establishing a secure communication link using a domain name service (DNS) system. The technology involves a DNS system that, in response to a query for a network address, provides an indication that it supports creating a secure link, thereby facilitating the creation of secure connections like a Virtual Private Network (VPN).

3. Grounds for Unpatentability

Ground 1: Anticipation of Claims 1-2, 5-6, 14-17, 19-23, 26-41, 43-47, and 50-60 by Provino

• Prior Art Relied Upon: Provino (Patent 6,557,037)
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Provino discloses every element of the challenged claims. Provino describes a system for establishing secure communications between a client device and a server within a private network (VPN). The system operates in two phases: (1) The client queries a standard name server (like a DNS server) to get the address of a firewall, then establishes a secure tunnel with the firewall, which in turn provides the address of an internal VPN name server. (2) The client uses the secure tunnel to query the VPN name server for the target server's address and then communicates securely. Petitioner contended this system constitutes a "domain name service system" (comprising the name servers and firewall) that receives a "query" and provides an "indication" (e.g., the firewall's address, encryption information, or the establishment of the secure link itself) that supports establishing a secure communication link, thereby anticipating the independent claims. Petitioner further mapped specific elements of Provino to the various dependent claims, such as its use of encryption and authentication of queries by the firewall.

Ground 2: Claims 29-32 and 53-56 are obvious over Provino in view of Kosiur

• Prior Art Relied Upon: Provino (Patent 6,557,037) and Kosiur (a 1998 book, Building and Managing Virtual Private Networks).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground addressed claims requiring the secure link to be capable of supporting a "plurality of services," including specific application types like video conferencing, email, and telephony. Petitioner asserted that while Provino teaches a secure tunnel, it does not detail all the services it supports. Kosiur, an authoritative text on VPNs from the relevant time, explicitly teaches that a primary purpose of VPNs is to support a wide variety of business applications and services (including email, file transfers, interactive multimedia, and IP telephony) to increase employee productivity and mobility.
  • Motivation to Combine: A POSITA would combine Kosiur’s teachings with Provino's system to enhance its utility for common business purposes. Configuring the VPN in Provino to support the various services described in Kosiur would have been a predictable and desirable improvement to increase the productivity of remote employees using the system.
  • Expectation of Success: A POSITA would have a high expectation of success, as VPNs were already commonly configured to support such services, and applying these known capabilities to Provino's secure communication system would involve routine implementation.

Ground 3: Claims 16, 27, 33, 40, 51, and 57 are obvious over Provino in view of RFC 2660

• Prior Art Relied Upon: Provino (Patent 6,557,037) and RFC 2660 (a 1999 IETF draft on Secure HTTP).

• Core Argument for this Ground:

  • Prior Art Mapping: This ground addressed claims requiring the establishment of a secure link "between" a first location (client) and a second location (server), which Petitioner argued could be construed to require end-to-end encryption. Provino's secure tunnel extends from the client to the firewall, not necessarily end-to-end to the internal server. RFC 2660 teaches using Secure HTTP (S-HTTP) to provide robust end-to-end encryption and security mechanisms between a client and a server.
  • Motivation to Combine: A POSITA would combine RFC 2660 with Provino to enhance security. Even within a private network, there is a clear motivation to screen communications from internal third parties like network administrators. Implementing the S-HTTP protocol taught by RFC 2660 within Provino's framework would provide this desired end-to-end security.
  • Expectation of Success: The combination would have been a predictable design choice. RFC 2660 was designed for interoperability and could be incorporated into Provino's system to replace standard HTTP with S-HTTP for messages between the client and the end server, ensuring end-to-end encryption without altering the fundamental architecture of Provino's system.

• Additional Grounds: Petitioner asserted additional obviousness challenges, including that claims requiring a "domain name database" are obvious over Provino in view of RFC 1034 (the foundational DNS specification), and that claim 5 is anticipated by Provino or, alternatively, obvious over Provino in view of RFC 2660.

4. Key Claim Construction Positions

• "domain name service system": Petitioner argued this term should be construed broadly to encompass any system with the claimed characteristics, including one comprising multiple discrete devices like the standard name server, firewall, and VPN name server disclosed in Provino.
• "indication": Petitioner argued this term should encompass any visible or non-visible message or signal that the system supports establishing a secure link. This includes not only an explicit message but also the successful establishment of the secure link itself or the provision of information (like an address or encryption key) necessary to create it.
• "secure communication link": Petitioner argued this term encompasses a direct communication link that provides data security through encryption, consistent with the secure tunnel using encryption as described in Provino.

5. Arguments Regarding Discretionary Denial

• Petitioner filed an accompanying motion for joinder to a previously instituted IPR (IPR2014-00613) on the same patent. Petitioner argued that because the petition was filed within one month of institution of the earlier IPR and was accompanied by a motion for joinder, the one-year time bar under 35 U.S.C. §315(b) does not apply, pursuant to §315(c).

6. Relief Requested

• Petitioner requests institution of an inter partes review and cancellation of claims 1-2, 5-6, 14-17, 19-23, 26-41, 43-47, and 50-60 of the ’504 patent as unpatentable.