Apple Inc v. VirnetX Inc

1. Case Identification

• Case #: IPR2015-00868
• Patent #: 8,516,131
• Filed: March 17, 2015
• Petitioner(s): Apple Inc.
• Patent Owner(s): Virnetx, Inc. and Science Application International Corporation
• Challenged Claims: 1-10, 13-22, and 25-27

2. Patent Overview

• Title: System and Method Employing an Agile Network Protocol for Secure Communications Using Secure Domain Names
• Brief Description: The ’131 patent relates to techniques for establishing secure communications over the Internet. The technology centers on a system where a request to establish a connection, based on a domain name, is intercepted by a modified DNS server that determines if the destination requires a secure link and, if so, facilitates the creation of a virtual private network (VPN).

3. Grounds for Unpatentability

Ground 1: Claims 1-10, 13-22, and 25-27 are obvious over Beser in view of RFC 2401.

• Prior Art Relied Upon: Beser (Patent 6,496,867) and RFC 2401 (a November 1998 IETF publication, "Security Architecture for the Internet Protocol").
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Beser discloses a method for establishing a secure IP tunneling association that maps directly to the steps of independent claims 1 and 15. In Beser, an originating device sends a request based on a unique identifier (which can be a domain name) to connect with a terminating device. This request is "intercepted" by a first network device and forwarded to a trusted-third-party network device (which can be a DNS server). This trusted device determines if the destination is eligible for a secure tunnel by checking an internal database. If eligible, it negotiates private IP addresses for the endpoints and provides this information back to them. Petitioner asserted this process teaches the claimed steps of sending a request, interception, making a determination, and receiving an "indication," the requested IP address, and "provisioning information" to establish a connection.
  • Motivation to Combine: Petitioner contended that a person of ordinary skill in the art (POSITA) would have been motivated to combine Beser with RFC 2401. Beser explicitly and repeatedly refers to the IPsec protocol as a conventional, standard-based technique for establishing and encrypting the IP tunnels its system creates. RFC 2401 is the seminal document that defines the IPsec protocol. Therefore, a POSITA seeking to implement the secure tunneling scheme described in Beser would have naturally and necessarily turned to RFC 2401 for guidance on implementation, particularly for adding encryption.
  • Expectation of Success: A POSITA would have had a high expectation of success in combining the teachings. RFC 2401 was designed for integration into existing network topologies like those in Beser. Petitioner argued that while Beser noted potential performance challenges with encrypting streaming data, a POSITA would have viewed this as a simple engineering trade-off solvable by using more powerful hardware or adjusting encryption parameters, not as a teaching away from the combination. The adaptability of the IPsec protocol was well-known, reinforcing the expectation of success.
  • Key Aspects: The core of Petitioner's argument was that Beser provides the complete architectural framework for the claimed invention, while RFC 2401 provides the standard, off-the-shelf encryption mechanism that Beser itself suggests using. Even if the claims are construed to require encryption (a point Petitioner disputed), the combination renders them obvious. The dependent claims were argued to be obvious for similar reasons, as Beser taught the use of various communication services (audio/video conferencing, telephony) and devices (portable computers, notebooks), while RFC 2401 taught the claimed encryption.

4. Key Claim Construction Positions

• "secure communication link": Petitioner argued for a construction of "a transmission path that restricts access to data, addresses, or other information on the path, generally using obfuscation methods to hide information on the path, including, but not limited to, one or more of authentication, encryption, or address hopping." This construction, adopted from prior Board decisions, does not strictly require encryption, aligning with Beser's disclosure of anonymity through private IP addresses. Petitioner maintained that even under a narrower construction requiring encryption, the combination with RFC 2401 would render the claims obvious.
• "provisioning information": Petitioner proposed this term means "information that enables communication in a virtual private network." This broad definition was intended to encompass not only the IP address hopblocks mentioned in the ’131 patent but also the private IP addresses and encryption keys that result from the combination of Beser and RFC 2401.
• "interception of the request": Petitioner argued this term should mean "receiving a request pertaining to a first entity at another entity." This construction is met in Beser when the initial connection request, intended for a terminating end device, is received and acted upon by an intermediary network device or the trusted-third-party DNS server.

5. Relief Requested

• Petitioner requested the institution of an inter partes review and the cancellation of claims 1-10, 13-22, and 25-27 of Patent 8,516,131 as unpatentable under 35 U.S.C. §103.