PTAB

IPR2015-00869

Apple Inc v. VirnetX Inc

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: System and Method Employing an Agile Network Protocol for Secure Communications Using Secure Domain Names
  • Brief Description: The ’131 patent describes techniques for establishing secure communications over a network. The system initiates a secure virtual private network (VPN) connection in response to a Domain Name System (DNS) request for a specific secure destination, using a protocol referred to as the "Tunneled Agile Routing Protocol" or "TARP."

3. Grounds for Unpatentability

Ground 1: Obviousness over Aventail, RFC 2401, and RFC 2543 - Claims 1-10, 13-22, and 25-27 are obvious over the combination of these references.

  • Prior Art Relied Upon: Aventail (Aventail Connect v3.01/v2.51 Administrator’s Guide, pub. by Jan. 1999), RFC 2401 ("Security Architecture for the Internet Protocol," pub. Nov. 1998), and RFC 2543 ("SIP: Session Initiation Protocol," pub. Mar. 1999).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Aventail, a set of documents describing a commercial VPN product, disclosed the core functionality of independent claims 1 and 15. Specifically, Aventail taught a client computer running software that intercepts a DNS lookup request for a remote host. This software then determines whether the connection needs to be secure and redirected to an Aventail Extranet Server by consulting a local table of redirection rules. If a secure connection is required, the client receives information (an indication of availability, the IP address, and provisioning data) to establish an encrypted, authenticated VPN link to the remote host via the server. Petitioner contended this process mapped directly to the claimed steps of sending a domain name request, intercepting it, receiving connection information, and connecting over a secure link.
    • Motivation to Combine (for §103 grounds): The petition acknowledged two potential distinctions between Aventail and the challenged claims: (1) Aventail did not explicitly disclose true end-to-end encryption where data remains encrypted across an intermediary proxy server, and (2) Aventail did not explicitly describe its use for audio-video telephony services.
      • Aventail and RFC 2401: Petitioner argued a person of ordinary skill in the art (POSITA) would combine Aventail with RFC 2401 to address the first distinction. RFC 2401 taught the IPSec standard, which expressly described configurations for end-to-end encryption that passed through intermediary gateways without decryption. A POSITA would be motivated to integrate RFC 2401’s well-known and desirable security enhancements into Aventail’s VPN framework to increase security for sensitive communications, a predictable improvement in the same field of endeavor.
      • Aventail, RFC 2401, and RFC 2543: A POSITA would further combine this enhanced system with RFC 2543 to address the second distinction. Aventail’s system was described as "protocol-independent," and RFC 2543 taught a standard protocol (SIP) for establishing audio and video sessions, which could themselves be encrypted. A POSITA would have been motivated to implement the widely used telephony services of RFC 2543 over the secure, protocol-agnostic link provided by the Aventail/RFC 2401 combination. This would enable organizations to apply consistent security policies across all network services, including voice and video.
    • Expectation of Success (for §103 grounds): Petitioner asserted a POSITA would have had a reasonable expectation of success. Implementing the standard IPSec protocols from RFC 2401 into the Aventail system, which already operated at the TCP/IP layer, would have been a straightforward integration. Similarly, layering the application-level SIP protocol from RFC 2543 over the established secure network connection would have been a routine design choice with predictable results.
    • Key Aspects: The argument for dependent claims followed logically from the primary combination. For example, claims requiring audio/video conferencing (claims 2, 22) or telephony services (claims 4, 17) were argued to be obvious from the addition of RFC 2543. Claims related to mobile or notebook computers (claims 7, 8, 20, 21) were met because Aventail explicitly described its use with mobile workstations like laptops.

4. Key Claim Construction Positions

  • "interception of the request": Petitioner proposed this term should be construed as "receiving a request pertaining to a first entity at another entity." This construction was argued to be consistent with the specification, which describes a DNS proxy "intercepting" DNS lookup requests that would otherwise be routed to a standard DNS server. This construction is critical because it allows Aventail's system—where client software or a proxy server handles a request instead of its intended destination—to meet the claim limitation.
  • "secure communication link": Petitioner argued for a broad construction of "a transmission path that restricts access to data, addresses, or other information on the path, generally using obfuscation methods... including... authentication, encryption, or address hopping." While acknowledging that a court had previously construed the term to require "data security," Petitioner maintained that encryption was not strictly required under the broadest reasonable interpretation standard. However, the petition proceeded to argue obviousness even if encryption was required, as taught by the combination of Aventail and RFC 2401.
  • "provisioning information": Petitioner proposed this term means "information that is provided to enable or to aid in establishing communications to occur in the VPN." This covers various data disclosed in Aventail, such as SSL certificates, encryption method selections, and TCP sequence numbers exchanged during handshakes, all of which are necessary to establish the secure link.

5. Relief Requested

  • Petitioner requested the institution of an inter partes review and the cancellation of claims 1-10, 13-22, and 25-27 of the ’131 patent as unpatentable.