PTAB

IPR2015-00870

Apple Inc v. VirnetX Inc

Log In
Key Events
Petition
petition Intelligence

1. Case Identification

2. Patent Overview

  • Title: System and Method Employing an Agile Network Protocol for Secure Communications Using Secure Domain Names
  • Brief Description: The ’705 patent describes techniques for establishing secure communications over the Internet. The system uses a modified Domain Name System (DNS) server that, upon receiving a request to look up a network address for a secure domain name, determines if a secure link can be established and facilitates the creation of a virtual private network (VPN) to the target device.

3. Grounds for Unpatentability

Ground 1: Obviousness over Beser and RFC 2401 - Claims 1-23 and 25-30 are obvious over Beser in view of RFC 2401.

  • Prior Art Relied Upon: Beser (Patent 6,496,867) and RFC 2401 ("Security Architecture for the Internet Protocol," Nov. 1998).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Beser discloses the core functionality of the challenged claims. Beser teaches a system for establishing an IP tunnel between two end devices by using a trusted-third-party network device (which can be a DNS server). This third-party device intercepts a request from an originating device, which contains a unique identifier (e.g., a domain name) for a target device. The third-party device then determines if the target is eligible for a tunneling association by checking an internal database and, if so, negotiates the exchange of private IP addresses to establish an anonymous channel. Petitioner contended that while Beser provides anonymity, it only suggests that data traffic should ordinarily be encrypted. RFC 2401, a well-known standard for IP Security (IPsec), supplies the missing element by teaching how to automatically encrypt IP traffic between hosts or security gateways, thereby creating a secure, encrypted communication link.
    • Motivation to Combine: A POSITA would combine Beser with RFC 2401 because Beser explicitly references the IPsec protocol, which RFC 2401 defines, as the conventional method for establishing secure IP tunnels. Beser’s own teachings that IP tunnels should be encrypted would have motivated a POSITA to consult the leading industry standard (RFC 2401) to implement that encryption. The combination would use Beser's system for establishing an anonymous connection and RFC 2401's methods to add robust, end-to-end data encryption, achieving a higher level of overall security.
    • Expectation of Success: A POSITA would have had a reasonable expectation of success because IPsec, as described in RFC 2401, was designed to be integrated into existing network topologies like the one in Beser. Petitioner asserted that any potential performance issues from encrypting streaming data, which Beser mentions as a challenge, would have been seen as a simple trade-off addressable by using more powerful hardware or adjusting data quality, both well within the skill of a POSITA.

Ground 2: Obviousness over Beser, RFC 2401, and Brand - Claim 24 is obvious over Beser in view of RFC 2401 and Brand.

  • Prior Art Relied Upon: Beser (Patent 6,496,867), RFC 2401, and Brand (Patent 5,237,566).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground builds upon the combination of Beser and RFC 2401 to address the additional limitation in claim 24, which requires the secure link to be an "unmodulated transmission link." While Beser describes communicating over various networks (e.g., LANs, internet, cable), it does not specify the modulation technology. Brand was introduced to remedy this, as it teaches the basic categorization of networks into "broadband systems and baseband systems" and explicitly discloses that baseband networks are "unmodulated."
    • Motivation to Combine: A POSITA implementing the secure communication system of Beser and RFC 2401 would have sought to ensure its applicability across different common network types. Brand provides the two basic, predictable network options. Choosing to implement the system over a baseband (unmodulated) network would have been a routine design choice to enhance the system's versatility. This was an obvious selection from a finite set of known and predictable network alternatives.

4. Key Claim Construction Positions

  • "interception of a request": Petitioner argued for a construction of "receiving a request pertaining to a first entity at another entity." This construction is based on the patent’s disclosure of a DNS proxy receiving a request intended for a DNS server and is crucial for mapping to Beser, where a trusted-third-party device receives the initial communication request instead of the ultimate target device.
  • "secure communication link": Petitioner proposed construing this term as "a transmission path that restricts access to data, addresses, or other information on the path, generally using obfuscation methods to hide information on the path, including, but not limited to, one or more of authentication, encryption, or address hopping." This broad interpretation allows both the anonymity provided by Beser’s private IP address scheme and the data security provided by RFC 2401’s encryption to satisfy the claim limitation.

5. Relief Requested

  • Petitioner requested institution of an inter partes review and cancellation of claims 1-30 of the ’705 patent as unpatentable.