Apple Inc v. VirnetX Inc

1. Case Identification

• Case #: IPR2015-00811
• Patent #: 8,868,705
• Filed: March 2, 2015
• Petitioner(s): Apple Inc.
• Patent Owner(s): VirnetX, Inc. and Science Application International Corporation
• Challenged Claims: 1-34

2. Patent Overview

• Title: Agile Network Protocol for Secure Communications Using Secure Domain Names
• Brief Description: The ’705 patent describes techniques for establishing secure communications, such as a virtual private network (VPN), over the Internet. The system uses a modified Domain Name System (DNS) server that intercepts a client's request to look up a network address, determines if the request is for a secure destination, and if so, provides the necessary information to create an encrypted communications channel to that destination.

3. Grounds for Unpatentability

Ground 1: Obviousness over Aventail and RFC 2401 - Claims 1-3, 6, 14, 16-25, 28, 31, 33 and 34 are obvious over Aventail in view of RFC 2401.

• Prior Art Relied Upon: Aventail (Aventail Connect v3.01/v2.51 Administrator’s Guide, a 1999 publication) and RFC 2401 (a 1998 Internet standards document for IP Security architecture).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Aventail, a commercial VPN system, disclosed every element of the independent claims. Aventail’s client software (“Aventail Connect”) intercepts network requests, including DNS lookups for a target device. It then consults a table of redirection rules to determine if the target device requires a secure, encrypted connection. If so, it provides “provisioning information”—such as Secure Sockets Layer (SSL) certificates, TCP handshake parameters, and SOCKS protocol parameters—to establish an encrypted channel with an Aventail Extranet server, which then connects to the target device.
  • Motivation to Combine: Petitioner contended that while Aventail teaches encrypting the connection to its proxy server, it does not explicitly disclose end-to-end encryption where data remains encrypted all the way to the final target device. RFC 2401, which describes the widely known IPSec standard, explicitly teaches methods for providing end-to-end encryption, including configurations where encrypted traffic passes through an intermediary firewall or proxy without being decrypted. A person of ordinary skill in the art (POSITA) would combine RFC 2401’s end-to-end security teachings with the Aventail system to increase security, a predictable and desirable improvement.
  • Expectation of Success: A POSITA would have a high expectation of success because both references operate in the same field of secure networking. Furthermore, RFC 2401 stated that its end-to-end encryption technique “imposes no new requirements on the hosts or security gateways,” suggesting implementation would involve only routine effort.

Ground 2: Obviousness over Aventail, RFC 2401, and RFC 2543 - Claims 8-10, 12, 15, 30 and 32 are obvious over Aventail in view of RFC 2401 and RFC 2543.

• Prior Art Relied Upon: Aventail, RFC 2401, and RFC 2543 (a 1999 Internet standards document for Session Initiation Protocol, or SIP).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground builds upon the base combination of Aventail and RFC 2401 to address dependent claims requiring the client or target device to be a “phone.” Petitioner asserted that the Aventail system was designed to be “protocol-independent,” making it applicable to a wide variety of services. RFC 2543 discloses the SIP protocol for establishing and managing multimedia sessions, including Internet telephone calls, and teaches that these sessions can be encrypted end-to-end.
  • Motivation to Combine: A POSITA would combine the telephony functions of RFC 2543 with the secure networking framework of Aventail and RFC 2401. The motivation was to integrate a desirable service (telephony) onto a common, secure communications architecture. This would enable consistent implementation of security and access control measures, representing a routine and conventional design choice.

Ground 3: Obviousness over Aventail, RFC 2401, and Brand - Claims 4, 5, 7, 26, 27 and 29 are obvious over Aventail in view of RFC 2401 and Brand.

• Prior Art Relied Upon: Aventail, RFC 2401, and Brand (Patent 5,237,566).

• Core Argument for this Ground:

  • Prior Art Mapping: This ground addresses dependent claims requiring specific network transmission types, such as a “broadband connection,” an “unmodulated transmission link,” or multiplexing schemes (FDM, TDM, CDMA). Petitioner argued that the base combination of Aventail and RFC 2401 describes a secure communication method but is not specific about the underlying physical network technology. Brand discloses basic network categorizations, explaining that networks can be either broadband (e.g., using frequency division multiplexing) or baseband (which are “unmodulated”).
  • Motivation to Combine: A POSITA would have found it obvious to implement the secure channel taught by Aventail and RFC 2401 over the fundamental network types described in Brand. Choosing between a broadband or baseband network was a routine design choice from a finite and well-known set of predictable options for any network implementation.

• Additional Grounds: Petitioner asserted an additional obviousness challenge for claims 11 and 13 based on the combined teachings of Aventail, RFC 2401, RFC 2543, and Brand, relying on similar design choice rationales.

4. Key Claim Construction Positions

• "intercept[ing] . . . a request": Petitioner proposed that this term should be construed as “receiving a request pertaining to a first entity at another entity.” This construction is critical because it allows the "intercepting" device (e.g., the Aventail proxy server) to be different from the request's intended destination (e.g., a public DNS server), which aligns with how the prior art proxy systems operate.
• "provisioning information": Petitioner proposed construing this term as “information that enables communication in a virtual private network, where the virtual private network uses encryption.” This broad construction is central to Petitioner's argument, as it encompasses the various parameters disclosed by Aventail for setting up a secure channel, such as SSL certificates, TCP sequence numbers, and SOCKS negotiation data.

5. Relief Requested

• Petitioner requests institution of an inter partes review and cancellation of claims 1-34 of the ’705 patent as unpatentable.