PTAB

IPR2015-01754

Cisco Systems Inc v. SSL Services LLC

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Apparatus for Carrying Out Communications Over a Multi-Tier Virtual Private Network
  • Brief Description: The ’011 patent describes a system for establishing secure communications over an open network, such as the Internet, by creating a virtual private network (VPN). The core technology involves using a software "shim" that intercepts standard communication function calls from an application program to transparently initiate mutual authentication and create an encrypted channel.

3. Grounds for Unpatentability

Ground 1: Claims 1-7 are obvious over Alden, Takahashi, Quinn, and Schneier.

  • Prior Art Relied Upon: Alden (Patent 6,101,543), Takahashi (a 1996 conference paper on mobile computing security), Quinn (a 1998 book on Windows Sockets programming), and Schneier (a 1994 book on applied cryptography).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that the combination of the four references teaches every element of the challenged claims. Alden disclosed the foundational VPN architecture, including a client and server communicating over a public network using a multi-tier protocol stack (e.g., Winsock) and a "pseudo network adapter" to create a secure tunnel. However, Alden's system required burdensome pre-configuration and modification of the client's network stack. Takahashi addressed this exact problem by teaching an "add-in program"—a shim—that transparently intercepts Winsock API commands from an application to dynamically establish a secure, encrypted connection without modifying the application or underlying network software. Petitioner asserted this directly teaches the core "shim" concept of the ’011 patent. To implement the standard Winsock API calls used by both Alden and Takahashi, a person of ordinary skill in the art (POSITA) would have consulted a standard reference like Quinn, which detailed the specific communication function calls (e.g., send(), recv()) and confirmed they lack any inherent encryption functions. Finally, for creating a shared session key to encrypt data—a feature of the claimed invention—Alden explicitly directed a POSITA to Schneier, which taught the standard technique of an initiator generating and sending a random session key to establish a secure channel.
    • Motivation to Combine: Petitioner contended that a POSITA would combine Alden and Takahashi to improve upon Alden's known deficiencies. A POSITA seeking to make Alden's VPN more flexible and less intrusive would have found Takahashi's shim-based interception technique an obvious solution, as it addressed the same technical problem (secure mobile communication) using the same framework (Winsock). The combination was a predictable application of Takahashi's improved technique to Alden's known system. The motivation to further combine this with Quinn and Schneier was straightforward: a POSITA would consult Quinn as a standard reference to implement the common Winsock API, and Alden itself provided the explicit motivation to use Schneier's teachings for session key generation.
    • Expectation of Success: A POSITA would have had a reasonable expectation of success in making this combination. The integration involved applying known, compatible techniques—Takahashi's interception shim, Quinn's standard API calls, and Schneier's session key generation—to Alden's VPN architecture to achieve the predictable result of a more flexible and transparently implemented VPN.

4. Key Claim Construction Positions

  • “shim” (claims 2-6) and corresponding “means” (claim 1): Petitioner proposed construing "shim" as "software that is added between two existing layers, which utilizes the same function calls of the existing layers." This construction was argued to be critical because it aligned with the applicants' arguments during prosecution distinguishing prior art. The key aspect was that the shim works transparently without modifying the application above it or the socket layer below it.
  • “means for intercepting said function calls...” (claim 1): Petitioner argued the function is "intercepting said function calls and requests for service," and the corresponding structure disclosed in the specification is "a client computer containing software for implementing either a socket shim or a TDI shim." This construction ties the means-plus-function language directly to the "shim" concept, making the teachings of Takahashi highly relevant.

5. Arguments Regarding Discretionary Denial

  • Petitioner argued that discretionary denial under §325(d) would be inappropriate. The petition asserted it was the first such challenge filed by Petitioner against the ’011 patent. More importantly, it presented new arguments and a combination of prior art references—specifically the four-way combination including Quinn and Schneier—that had never been evaluated on the merits by the Patent Office. Petitioner noted that prior reexaminations focused on a subset of the challenged claims and did not have the benefit of the expert declaration evidence submitted with the petition.

6. Relief Requested

  • Petitioner requested the institution of an inter partes review and the cancellation of claims 1-7 of the ’011 patent as unpatentable under 35 U.S.C. §103.