Mangrove Partners Master Fund Ltd v. VirnetX Inc

1. Case Identification

• Patent #: 7,490,151
• Petitioner(s): The Mangrove Partners Master Fund, Ltd.
• Patent Owner(s): VirnetX Inc.
• Challenged Claims: 1, 2, 6-8, and 12-14

2. Patent Overview

• Title: System and Method for Securely Communicating Over the Internet
• Brief Description: The ’151 patent describes systems and methods for secure internet communication. The challenged claims relate to a domain name server (DNS) proxy that transparently establishes a virtual private network by intercepting a DNS request, determining if it corresponds to a secure server, and automatically initiating an encrypted channel if it does.

3. Grounds for Unpatentability

Ground 1: Anticipation of Claims 1, 2, 6-8, and 12-14 under §102 by Kiuchi

• Prior Art Relied Upon: Kiuchi ("C-HTTP - The Development of a Secure, Closed HTTP-based Network on the Internet," IEEE Proceedings of SNDSS 1996).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Kiuchi discloses every element of the challenged claims. Kiuchi's C-HTTP system uses a client-side proxy that functions as the claimed DNS proxy module. This proxy intercepts a request from a user agent (the "client") containing a hostname (a "domain name"). The proxy determines if the request is for a secure server by querying a C-HTTP name server; if the hostname is registered in the secure network, it is a secure request. If the request is not for a secure server, the proxy forwards the request to a standard public DNS. If the request is for a secure server, the proxy uses information from the C-HTTP name server to automatically initiate an encrypted C-HTTP connection with a server-side proxy, thus creating an encrypted channel.
  • Key Aspects: Petitioner contended that Kiuchi's client-side proxy and C-HTTP name server, working together, perform all steps of the independent claims. The argument asserts that Kiuchi's system inherently avoids sending the true IP address of the origin server to the client (as required by dependent claims 6 and 12), instead providing the IP address of the server-side proxy.

Ground 2: Obviousness of Claims 1, 2, 6-8, and 12-14 under §103 over Kiuchi in view of Rescorla

• Prior Art Relied Upon: Kiuchi and Rescorla ("The Secure Hypertext Transfer Protocol," Internet Draft, Feb. 1996).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground was presented as an alternative, in case the Patent Owner successfully argued that the channel in Kiuchi is not a fully end-to-end encrypted channel between the client and the ultimate origin server. Petitioner asserted that Rescorla teaches the use of Secure HTTP (S-HTTP) to provide end-to-end secure transactions between a client and server. Combining Rescorla's end-to-end security protocol with Kiuchi's proxy-based architecture would result in the claimed invention.
  • Motivation to Combine: A person of ordinary skill in the art (POSITA) would have been motivated to combine the references because Kiuchi explicitly suggests it. Kiuchi states it is possible to develop C-HTTP proxies that "communicate with other secure HTTP compatible user agents and servers" and that C-HTTP "can co-exist with" other secure protocols to provide both "institutional and personal level security." Kiuchi even references an earlier version of the Rescorla draft as an example.
  • Expectation of Success: A POSITA would have had a reasonable expectation of success in implementing Rescorla’s S-HTTP protocol within Kiuchi's framework, as it would involve replacing standard HTTP messages with S-HTTP messages to achieve the desired end-to-end encryption without altering the fundamental proxy architecture.

Ground 3: Obviousness of Claims 1, 2, 6-8, and 12-14 under §103 over Kiuchi in view of RFC 1034

• Prior Art Relied Upon: Kiuchi and RFC 1034 ("Domain Names-Concepts and Facilities," Nov. 1987).

• Core Argument for this Ground:

  • Prior Art Mapping: This ground was asserted to counter potential claim construction arguments that Kiuchi fails to anticipate because the "wrong" network entity performs a specific DNS function. In Kiuchi, the client-side proxy queries a standard DNS when a secure connection is not made (an "iterative" approach). Petitioner argued that RFC 1034 teaches a "recursive" approach where the first name server contacted (here, the C-HTTP name server) pursues the query on behalf of the client. A POSITA would have found it obvious to modify Kiuchi's system to have the C-HTTP name server perform the lookup for non-secure requests, thereby satisfying any narrow construction of the "DNS proxy module."
  • Motivation to Combine: A POSITA would combine these teachings to streamline the system's operation. Modifying Kiuchi's system to use the recursive approach taught by RFC 1034 would eliminate the need for the C-HTTP name server to send an error message back to the client-side proxy, which then initiates a second, separate DNS lookup. Instead, the C-HTTP name server would handle the lookup directly, which RFC 1034 describes as the "simplest mode for the client."
  • Expectation of Success: Modifying the DNS resolution logic was a well-understood design choice in 1996, and RFC 1034 provides the explicit guidance for implementing such a recursive process.

• Additional Grounds: Petitioner asserted an additional obviousness challenge (Ground 4) based on the combination of Kiuchi, RFC 1034, and Rescorla, arguing this combination would render the claims obvious even if multiple narrow claim interpretations advocated by the Patent Owner were simultaneously adopted.

4. Key Claim Construction Positions

Petitioner argued for the broadest reasonable interpretation for several key terms, often citing prior PTAB decisions involving the ’151 patent.

• "Determining": Petitioner contended this term should be given its plain meaning of "to come to a decision," which allows the DNS proxy module to make the determination by querying another entity (like Kiuchi's C-HTTP name server). This counters the Patent Owner's apparent position that the proxy module must perform the determination step by itself without external queries.
• "Automatically": Petitioner argued for the plain meaning of "marked by action that arises as a...consequence of a given set of circumstances," rejecting the Patent Owner's proposed narrower construction requiring action "without involvement of a user." Petitioner asserted the process in Kiuchi is automatic because it is initiated as a consequence of receiving a request for a secure server.
• "Secure Server": Petitioner proposed a broad construction of "a server that communicates over a transmission path that restricts access to data," arguing that the patent does not require the channel itself to be encrypted, merely secure. This construction would cover Kiuchi's origin server, which sits behind a firewall and is accessed via an authenticated, encrypted proxy channel.
• "Between [A] and [B]": Petitioner argued for the plain meaning of "in the space that separates," contending that an encrypted channel "between" the client and secure server does not need to extend the entire way, and can cover an intermediate portion of the communication path, as disclosed in Kiuchi.

5. Relief Requested

• Petitioner requested institution of an inter partes review and cancellation of claims 1, 2, 6-8, and 12-14 of the ’151 patent as unpatentable.