Mangrove Partners Master Fund Ltd v. VirnetX Inc

1. Case Identification

• Case #: IPR2015-01045
• Patent #: Patent 6,502,135
• Petitioner(s): The Mangrove Partners Master Fund, Ltd.
• Patent Owner(s): VirnetX Inc.
• Challenged Claims: 1, 3, 4, 7, 8, 10, and 12

2. Patent Overview

• Title: Secure VPN Creation via DNS Proxy Server
• Brief Description: The ’135 patent discloses a system and method for securely communicating over the Internet. The claims address a DNS proxy server that transparently creates a virtual private network (VPN) in response to a domain name inquiry, automatically initiating a secure connection when a request is made to a secure web site.

3. Grounds for Unpatentability

Ground 1: Anticipation of Claims 1, 3, 4, 7, 8, 10, and 12 under §102(b) by Kiuchi

• Prior Art Relied Upon: Kiuchi (Takahiro Kiuchi and Shigekoto Kaihara, "C-HTTP - The Development of a Secure, Closed HTTP-based Network on the Internet," published by IEEE in the Proceedings of SNDSS 1996).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Kiuchi discloses every element of the challenged claims. Kiuchi describes a "C-HTTP" system that establishes a secure, closed virtual network over the Internet between different private networks (e.g., corporate headquarters and branches), which Petitioner asserted constitutes a VPN. The key steps of independent claim 1 were mapped as follows:
    • A client-side proxy receiving a URL request from a user agent and sending a request to a C-HTTP name server to resolve the hostname into an IP address meets the limitation of generating a "DNS request."
    • The C-HTTP name server determines if the hostname corresponds to a secure destination within its closed network, thus "determining whether the DNS request... is requesting access to a secure web site."
    • If the destination is secure and authorized, the C-HTTP name server returns the server-side proxy's IP address and public key, which automatically initiates the setup of an encrypted connection (a VPN) between the proxies, without user intervention.
  • Key Aspects: Petitioner asserted this anticipation argument applies to both method (claim 1) and system (claim 10) claims. The dependent claims were also argued to be anticipated, as Kiuchi discloses handling non-secure requests by returning an error code that prompts a standard DNS lookup (claim 3), authenticating the client prior to establishing the VPN (claim 4), and using a gatekeeper (the server-side proxy) to allocate VPN resources (claims 7 and 12).

Ground 2: Obviousness of Claim 8 over Kiuchi in view of RFC 1034

• Prior Art Relied Upon: Kiuchi (IEEE Proceedings of SNDSS 1996) and RFC 1034 (Mockapetris, P., "Domain Names-Concepts and Facilities," Nov. 1987).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground was presented as an alternative to the anticipation of claim 8. Claim 8 requires that the DNS proxy server itself "passes through the request to a DNS server" if access is not being requested to a secure site. Petitioner argued that while Kiuchi's distributed system (where the client-side proxy performs the standard DNS lookup after receiving an error from the C-HTTP server) anticipates this, a POSITA would have found it obvious to modify Kiuchi’s system based on RFC 1034. Specifically, the C-HTTP name server could be configured to perform the pass-through function directly.
  • Motivation to Combine: A POSITA would have been motivated to integrate the functionality of a conventional DNS server, as detailed in the foundational RFC 1034, directly into Kiuchi's C-HTTP name server. This would streamline the system’s operation by eliminating the two-step process where the C-HTTP server first sends an error code back to the client proxy, which then initiates a separate DNS lookup. Having the C-HTTP server directly forward the request for non-secure sites to a conventional DNS server would be an obvious and more efficient design choice.
  • Expectation of Success: A POSITA would have had a high expectation of success because Kiuchi's C-HTTP server already performed name service functions for its closed network. Integrating standard DNS lookup capabilities for external sites would be a straightforward extension of its existing functionality.

4. Key Claim Construction Positions

Petitioner argued that several claim terms required construction under the broadest reasonable interpretation standard and that Patent Owner's previously proposed constructions were improperly narrow.

• Virtual Private Network (VPN): Petitioner argued a VPN should be construed as "a secure network that includes portions of a public network." This construction was central to the invalidity arguments. Petitioner asserted that, contrary to Patent Owner's contentions in other proceedings, a VPN does not necessarily require encryption (the ’135 patent itself discloses IP address hopping as an alternative security mechanism) and does not require computers to "directly communicate" (allowing for intermediaries like the proxies in Kiuchi).
• Client Computer: Petitioner proposed construing "client computer" as "a computer from which a data request to a server is generated." This rejects a narrower interpretation of a "user's computer" and is broad enough to encompass a proxy server, which originates requests on behalf of an end-user device. This construction is critical for mapping Kiuchi's client-side proxy to the claims.
• Automatically: Petitioner argued this term should be interpreted by its plain meaning of "having a self-acting or self-regulating mechanism," rejecting Patent Owner’s proposed limitation of "without involvement of a user." This allows Kiuchi's system, which initiates the secure connection between proxies without further user action after the initial request, to meet the claim limitation.

5. Relief Requested

• Petitioner requested the institution of an inter partes review and the cancellation of claims 1, 3, 4, 7, 8, 10, and 12 of Patent 6,502,135 as unpatentable.