Apple Inc v. VirnetX Inc

1. Case Identification

• Case #: IPR2015-00867
• Patent #: 8,458,341
• Filed: March 17, 2015
• Petitioner(s): Apple Inc.
• Patent Owner(s): VirnetX, Inc. and Science Application International Corporation
• Challenged Claims: 1-11, 14-25, and 28

2. Patent Overview

• Title: System and Method Employing an Agile Network Protocol for Secure Communications Using Secure Domain Names
• Brief Description: The ’341 patent describes techniques for establishing secure communications over a network. The challenged claims relate to a method where a request to look up an IP address for a domain name is intercepted by a network device, which then determines if the destination is available for a secure service and, if so, establishes a virtual private network (VPN) communication link.

3. Grounds for Unpatentability

Ground 1: Obviousness over Aventail and RFC 2401 - Claims 1, 4-5, 9-11, 14-15, 18-19, 23-25, and 28 are obvious over Aventail in view of RFC 2401.

• Prior Art Relied Upon: Aventail (Aventail Connect v3.01/v2.51 Administrator’s Guide, published no later than Jan. 31, 1999) and RFC 2401 (a Nov. 1998 standards document for Internet Protocol Security, or IPSec).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Aventail discloses a VPN system that is highly analogous to the claimed invention. In the Aventail system, client software intercepts a connection request (e.g., a DNS lookup for a domain name), determines if the destination requires a secure connection by checking a redirection table, and then establishes an encrypted link. Petitioner contended this process meets nearly all limitations of independent claims 1 and 15, including sending a request based on a domain name, intercepting it, determining availability for a secure service, and receiving information to establish and connect over a VPN link. The primary distinction argued was that Aventail does not explicitly describe end-to-end encryption, where data remains encrypted past an intermediary proxy server to the final destination host. RFC 2401 was introduced to cure this gap, as it expressly teaches schemes for providing end-to-end encryption using the IPSec standard, including configurations where encrypted traffic passes through firewalls or proxies.
  • Motivation to Combine: A Person of Ordinary Skill in the Art (POSITA) would combine Aventail and RFC 2401 because both relate to the same field of secure network communications. A POSITA implementing the Aventail VPN system would have been motivated to enhance its security. RFC 2401 provided a well-known, standardized solution for implementing robust, end-to-end encryption. Applying the end-to-end encryption taught by RFC 2401 to the Aventail framework was presented as a predictable design choice to achieve a more secure system, which was a known and desirable goal.
  • Expectation of Success: A POSITA would have had a reasonable expectation of success because implementing the IPSec techniques from RFC 2401 was a conventional and widely used method for securing communications. RFC 2401 itself stated that its end-to-end encryption technique "imposes no new requirements on the hosts or security gateways," suggesting a straightforward and predictable integration into a system like Aventail.

Ground 2: Obviousness over Aventail, RFC 2401, and RFC 2543 - Claims 2-3, 6-8, 16-17, and 20-22 are obvious over Aventail and RFC 2401 in further view of RFC 2543.

• Prior Art Relied Upon: Aventail, RFC 2401, and RFC 2543 (a March 1999 standards document for Session Initiation Protocol, or SIP).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground builds upon the combination in Ground 1 to address dependent claims requiring telephony and audio-video conferencing services. Petitioner asserted that Aventail’s networking scheme was "protocol-independent," making it suitable for a wide variety of applications. RFC 2543 was introduced as it describes a network-based architecture for secure video telephony (SIP) that supports end-to-end encryption. The addition of RFC 2543 provides the specific teachings for implementing the audio-video and telephony services recited in the dependent claims. Further, RFC 2543 discloses the use of modulation for voice data transmitted over a PSTN, addressing limitations in claims 7, 8, 21, and 22.
  • Motivation to Combine: A POSITA would be motivated to add the telephony functions of RFC 2543 to the secure VPN framework of Aventail and RFC 2401. Because Aventail’s system was protocol-independent, applying it to a common application like telephony would have been a natural and obvious extension. This combination would enable an organization to consistently implement and manage security policies across all network services, including voice and video conferencing, from a single platform.
  • Expectation of Success: Petitioner argued that implementing support for telephony services as described in RFC 2543 within the Aventail architecture would have been straightforward from a technical perspective, representing a routine application of known technologies.
• Additional Grounds: Petitioner asserted additional obviousness challenges against various dependent claims based on the Aventail and RFC 2401 combination. These arguments contended that Aventail taught or suggested the use of the claimed secure service for messaging (claims 4, 18), e-mail (claims 5, 19), and on mobile or notebook devices (claims 9, 10, 23, 24).

4. Key Claim Construction Positions

• "interception of the request": Petitioner argued for a construction of "receiving a request pertaining to a first entity at another entity," consistent with prior PTAB interpretations of the same term in a related patent. This construction was critical because it covers scenarios in Aventail where either the client software itself or a remote proxy server intercepts the DNS request, neither of which is the intended final destination of the request.
• "provisioning information": Petitioner proposed construing this term as "information that enables communication in a virtual private network." This broad construction was important for mapping various pieces of information disclosed by Aventail—such as SSL certificates, encryption methods, TCP sequence numbers, and SOCKS negotiation parameters—to this claim limitation.

5. Relief Requested

• Petitioner requests institution of an inter partes review and cancellation of claims 1-11, 14-25, and 28 of the ’341 patent as unpatentable.