Apple Inc v. VirnetX Inc

1. Case Identification

• Case #: IPR2016-00062
• Patent #: 6,502,135
• Filed: October 26, 2015
• Petitioner(s): Apple Inc.
• Patent Owner(s): VirnetX Inc.
• Challenged Claims: 1, 3, 4, 7, 8, 10, and 12

2. Patent Overview

• Title: Agile Network Protocol for Secure Communications with Assured System Availability
• Brief Description: The ’135 patent discloses systems and methods for secure communication over the Internet. The challenged claims are directed to a method and system that uses a Domain Name Service (DNS) proxy server to transparently create a virtual private network (VPN) in response to a domain name inquiry for a secure website.

3. Grounds for Unpatentability

Ground 1: Anticipation of Claims 1, 3, 4, 7, 8, 10, and 12 under §102 by Kiuchi

• Prior Art Relied Upon: Kiuchi (“C-HTTP - The Development of a Secure, Closed HTTP-based Network on the Internet,” a 1996 IEEE publication).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Kiuchi discloses every limitation of the challenged claims. Kiuchi describes a C-HTTP system for creating a secure, closed network over the Internet using a client-side proxy, a server-side proxy, and a C-HTTP name server. Petitioner asserted this system meets the limitations of independent claims 1 and 10 by transparently creating a VPN.
  • Specifically, a user agent’s request for a URL (analogous to a DNS request) is intercepted by a client-side proxy. This proxy queries the C-HTTP name server to resolve the hostname. The name server determines if the request is for a secure site within the closed network and, if authorized, returns the IP address of the server-side proxy. This initiates the automatic creation of a secure, encrypted connection (the VPN) between the proxies.
  • For dependent claims, Petitioner argued Kiuchi teaches resolving a non-secure request using a conventional DNS server (claim 3), authorizing the connection prior to initiation (claim 4), using a gatekeeper computer (the server-side proxy) to allocate resources (claims 7 and 10), and determining security privileges (claim 12).

Ground 2: Obviousness of Claim 8 under §103 over Kiuchi in view of RFC 1034

• Prior Art Relied Upon: Kiuchi (a 1996 IEEE publication) and RFC 1034 (“Domain Names—Concepts and Facilities,” an IETF publication).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground was presented as an alternative to the anticipation argument for claim 8. Claim 8 requires that the determination of whether a request is for a secure site is performed in a DNS proxy server, which then passes non-secure requests to a conventional DNS server. Petitioner contended that Kiuchi’s DNS proxy functionality is distributed between the client-side proxy and the C-HTTP name server. In Kiuchi, the C-HTTP name server returns an error code for non-secure requests, prompting the client-side proxy to then query a conventional DNS server.
  • Motivation to Combine: Petitioner argued that even if Kiuchi’s distributed system does not meet the claim limitations literally, a person of ordinary skill in the art (POSITA) would have been motivated to modify Kiuchi based on the teachings of RFC 1034. A POSITA would combine the non-secure lookup function directly into the C-HTTP name server. Instead of returning an error code, the C-HTTP name server would itself pass the non-secure request to a conventional DNS server for resolution.
  • Expectation of Success: The motivation would be to streamline the system’s operation and eliminate the inefficient back-and-forth communication between the C-HTTP name server and the client-side proxy. A POSITA would have a high expectation of success because RFC 1034 describes standard DNS functionalities, and integrating this known function into Kiuchi’s name server would be a predictable design choice.

4. Key Claim Construction Positions

• "Virtual Private Network (VPN)" (Claims 1, 10): Petitioner argued for a broad construction of VPN as "a secure network that includes portions of a public network." This construction was asserted to be critical because the prior art (Kiuchi) creates a secure network without necessarily using encryption for all security aspects, a point of contention with the Patent Owner in related proceedings.
  • Petitioner specifically argued that, under the broadest reasonable interpretation standard, a VPN does not require data encryption, as the ’135 patent specification itself describes security via non-encryption methods like "IP address hopping schemes."
  • Petitioner also contended that a VPN does not require that computers "directly communicate," arguing that the presence of intermediate routers and firewalls is typical in network communication and does not negate the existence of a VPN.
• "DNS Proxy Server" (Claims 8, 10): Petitioner adopted a construction from related proceedings: "a computer or program that responds to a domain name inquiry in place of a DNS." Critically, Petitioner noted this construction allows for the claimed server to be distributed among different computers or processes, which supports their argument that Kiuchi’s distributed client-side proxy and C-HTTP name server together constitute a "DNS proxy server."
• "Client Computer" (Claims 1, 10): Petitioner proposed the construction "a computer from which a data request to a server is generated." This was intended to counter the Patent Owner's narrower "user's computer" construction, arguing that the claims do not require a user to be present at the client computer, which could itself be a proxy.

5. Relief Requested

• Petitioner requested joinder with the proceeding IPR2015-01046, institution of an inter partes review, and cancellation of claims 1, 3, 4, 7, 8, 10, and 12 of the ’135 patent as unpatentable.