PTAB

IPR2015-00871

Apple Inc v. VirnetX Inc

Log In
Key Events
Petition
petition Intelligence

1. Case Identification

2. Patent Overview

  • Title: System and Method Employing an Agile Network Protocol for Secure Communications Using Secure Domain Names
  • Brief Description: The ’705 patent relates to techniques for establishing secure communications, such as a virtual private network (VPN), in response to a client device’s Domain Name System (DNS) request for a secure destination. The system intercepts the request, determines if a secure link can be established with the target device, and facilitates the creation of that secure connection.

3. Grounds for Unpatentability

Ground 1: Obviousness over Aventail/RFC 2401/RFC 2543 - Claims 1-23 and 25-30 are obvious over Aventail in view of RFC 2401 and RFC 2543.

  • Prior Art Relied Upon: Aventail (Aventail Connect v3.01/v2.51 Administrator's Guide, 1999), RFC 2401 ("Security Architecture for the Internet Protocol," Nov. 1998), and RFC 2543 ("SIP: Session Initiation Protocol," Mar. 1999).
  • Core Argument for this Ground: Petitioner argued that the Aventail VPN software documentation discloses a system highly analogous to the one claimed, meeting nearly all limitations of independent claims 1 and 16. Petitioner asserted that the only potential distinctions were Aventail's lack of explicit disclosure for (1) true end-to-end encryption and (2) the use of the secure link for audio/video communications. Petitioner contended that a person of ordinary skill in the art (POSITA) would have found it obvious to modify Aventail by incorporating the well-known, standardized teachings of RFC 2401 for end-to-end encryption and RFC 2543 for audio/video communications.
    • Prior Art Mapping: Petitioner asserted that Aventail teaches a client device that facilitates a secure connection with a target device. This is created by intercepting a request (via a Layered Service Provider in the TCP/IP stack) to look up an IP address based on a domain name. Aventail then makes a determination, by consulting a table of redirection rules, that the target is a device with which a secure, encrypted link can be established. This mapping was argued to satisfy the core steps of independent claims 1 and 16.
    • Motivation to Combine: A POSITA would combine Aventail with RFC 2401 to implement robust, end-to-end IPSec encryption, a known and desirable method for increasing security beyond the link-level encryption shown in Aventail. A POSITA would further incorporate the teachings of RFC 2543 (SIP) because Aventail was described as a protocol-independent platform, making the addition of a common application like voice/video telephony a predictable extension to broaden its utility. This would also enable consistent security and access control policies across all services on the VPN.
    • Expectation of Success: Petitioner argued that implementing standardized, modular protocols like IPSec (from RFC 2401) and SIP (from RFC 2543) into an existing VPN framework like Aventail would have been a routine and predictable task for a POSITA with a high expectation of success.

Ground 2: Obviousness over Aventail/RFC 2401/RFC 2543 and Brand - Claim 24 is obvious over Aventail in view of RFC 2401, RFC 2543, and in further view of Brand.

  • Prior Art Relied Upon: The combination from Ground 1, plus Brand (Patent 5,237,566).
  • Core Argument for this Ground: This ground specifically targeted dependent claim 24, which adds the limitation that the secure communication link is an "unmodulated transmission link." Petitioner argued that while Aventail discloses using common network technologies like Ethernet, it does not explicitly state they are unmodulated. Brand was introduced to supply this express teaching.
    • Prior Art Mapping: The mapping from Ground 1 was incorporated. Petitioner added that Aventail discloses using Ethernet for its network connections. Brand was then cited for its teaching that networks can be categorized as broadband or baseband, and that baseband networks—such as Ethernet—are "unmodulated." Therefore, the combination discloses the use of an unmodulated link as required by claim 24.
    • Motivation to Combine: A POSITA implementing the Aventail system would have necessarily chosen a physical network type from a finite set of known options. Brand merely provides the fundamental, well-known definition of a network type (baseband Ethernet) already suggested for use by Aventail. The motivation was simply to implement the Aventail system using a conventional, predictable network technology.
    • Expectation of Success: Applying the basic network principles taught by Brand to the system disclosed in Aventail was a straightforward application of known technologies with no technical barriers.

4. Key Claim Construction Positions

Petitioner argued for the broadest reasonable interpretation for several key terms, asserting these constructions were consistent with prior Board decisions involving related patents.

  • "interception of a request": Petitioner proposed this term includes "receiving a request pertaining to a first entity at another entity." This construction was important for mapping Aventail's system, where a DNS request intended for a DNS server is received and acted upon by a different entity, such as a client-side proxy (Aventail Connect) or a remote proxy server.
  • "secure communication link": Petitioner proposed a broad construction of "a transmission path that restricts access to data, addresses, or other information on the path, generally using obfuscation methods... including... one or more of authentication, encryption, or address hopping." This interpretation allowed Aventail's authenticated and encrypted VPN connection to meet the limitation, while also forming the basis for arguing it would be obvious to enhance this link with the end-to-end encryption taught by RFC 2401.

5. Relief Requested

  • Petitioner requested the institution of an inter partes review and the cancellation of claims 1-30 of the ’705 patent as unpatentable under 35 U.S.C. §103.