Apple Inc v. VirnetX Inc

1. Case Identification

• Case #: IPR2016-00063
• Patent #: 7,490,151
• Filed: October 26, 2015
• Petitioner(s): Apple Inc.
• Patent Owner(s): VirnetX Inc.
• Challenged Claims: 1, 2, 6-8, and 12-14

2. Patent Overview

• Title: Establishment of a Secure Communications Link Based on a Domain Name Service (DNS) Request
• Brief Description: The ’151 patent describes systems and methods for secure internet communications. The technology centers on a domain name server (DNS) proxy that intercepts DNS requests from a client to transparently create a virtual private network (VPN) when the request corresponds to a secure server.

3. Grounds for Unpatentability

Ground 1: Anticipation by Kiuchi - Claims 1, 2, 6-8, and 12-14 are anticipated by Kiuchi under 35 U.S.C. §102.

• Prior Art Relied Upon: Kiuchi ("C-HTTP - The Development of a Secure, Closed HTTP-based Network on the Internet," a 1996 IEEE publication).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Kiuchi discloses a system for creating a secure, closed HTTP-based virtual network (C-HTTP) that meets every limitation of the challenged claims. Kiuchi’s "client-side proxy," which is stored in memory on a firewall, functions as the claimed "DNS proxy module." This proxy intercepts URL requests from a user agent (the "client"). The proxy then determines if the request corresponds to a secure server by querying a central "C-HTTP name server." If the name server returns an error (indicating a non-secure destination), the client-side proxy forwards the request to a standard public DNS. If the name server confirms a secure destination, it returns the IP address and public key of a "server-side proxy," which the client-side proxy then uses to automatically initiate an encrypted C-HTTP connection. Petitioner contended this process maps directly to the steps of independent claims 1, 7, and 13.
  • Key Aspects: The argument asserted that Kiuchi’s system also anticipates dependent claims 2, 8, and 14 by disclosing authorization checks and claims 6 and 12 by hiding the true IP address of the origin server behind the server-side proxy.

Ground 2: Obviousness over Kiuchi and Rescorla - Claims 1, 2, 6-8, and 12-14 are obvious over Kiuchi in view of Rescorla.

• Prior Art Relied Upon: Kiuchi (1996 IEEE publication) and Rescorla ("The Secure Hypertext Transfer Protocol," a Feb. 1996 Internet Draft).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner presented this as an alternative ground, arguing that if the Board were to adopt a narrow interpretation that the secure channel must be "end-to-end" (from the user agent to the origin server), Rescorla provides the missing element. Rescorla teaches the Secure HTTP (S-HTTP) protocol for end-to-end encryption and authentication between an HTTP client-server pair.
  • Motivation to Combine: A POSITA would combine these references because Kiuchi itself explicitly suggests it. Kiuchi states that its C-HTTP protocol can co-exist with other secure HTTP proposals to provide both "institutional and personal level security protection." Kiuchi even cites an earlier version of the Rescorla draft as an example of such a protocol. The motivation was to achieve the benefit of end-to-end encryption for individual users, which complements the network-level security provided by Kiuchi’s proxy system.
  • Expectation of Success: A POSITA would have had a reasonable expectation of success because combining the systems would involve replacing standard HTTP messages in Kiuchi's architecture with the S-HTTP messages taught by Rescorla, a well-understood modification at the time.

Ground 3: Obviousness over Kiuchi and RFC 1034 - Claims 1, 2, 6-8, and 12-14 are obvious over Kiuchi in view of RFC 1034.

• Prior Art Relied Upon: Kiuchi (1996 IEEE publication) and RFC 1034 ("Domain Names - Concepts and Facilities," a Nov. 1987 IETF standard).

• Core Argument for this Ground:

  • Prior Art Mapping: This ground was asserted to counter potential claim construction arguments from the Patent Owner regarding which specific network entity performs certain functions. Kiuchi’s system uses an "iterative" approach where the client-side proxy must perform a separate lookup to a public DNS if the C-HTTP name server returns an error. RFC 1034, the foundational DNS standard, teaches both iterative and "recursive" approaches to name resolution.
  • Motivation to Combine: A POSITA would combine Kiuchi with RFC 1034's teachings to modify Kiuchi’s architecture from an iterative to a recursive model. In this modified system, the C-HTTP name server itself would handle the public DNS lookup on behalf of the client if the request was for a non-secure server. RFC 1034 states that the recursive mode is the "simplest mode for the client," providing a clear motivation to streamline Kiuchi’s system by centralizing the lookup logic in the name server, thus simplifying the client-side proxy.
  • Expectation of Success: The combination would have been a straightforward design choice, as RFC 1034 provides detailed guidance on implementing recursive name servers.

• Additional Grounds: Petitioner asserted an additional obviousness challenge based on the combination of Kiuchi, RFC 1034, and Rescorla, arguing this combination would render the claims obvious even if multiple narrow claim interpretations were adopted simultaneously.

4. Key Claim Construction Positions

• "Determining": Petitioner argued this term should be given its plain and ordinary meaning of "to come to a decision," which can include querying a separate entity for information. This construction is critical because in Kiuchi, the "client-side proxy" determines if a server is secure by "asking" the separate "C-HTTP name server." Petitioner noted the ’151 patent’s own specification supports this, describing a DNS proxy that determines authorization by communicating with a separate "gatekeeper."
• "Secure Server": Petitioner asserted the broadest reasonable interpretation is "a server that communicates over a transmission path that restricts access to data," rejecting the Patent Owner's proposed narrower construction requiring communication in an "encrypted channel." This allows Kiuchi’s origin server, which is protected behind a firewall, to qualify as a secure server regardless of the encryption status of the final link.
• "Automatically": Petitioner argued for the ordinary meaning of an action that arises as a necessary consequence of a given circumstance, rejecting the Patent Owner's proposed limitation of "without user involvement." This allows the multi-step, protocol-driven process in Kiuchi to be considered "automatic."

5. Relief Requested

• Petitioner requested that its Motion for Joinder to IPR2015-01047 be granted, that an inter partes review be instituted, and that claims 1, 2, 6-8, and 12-14 of the ’151 patent be cancelled as unpatentable.