AirWatch LLC v. Route1 Inc.

1. Case Identification

• Case #: IPR2017-02145
• Patent #: 7,814,216
• Filed: September 22, 2017
• Petitioner(s): AirWatch LLC and VMware, Inc.
• Patent Owner(s): Route1 Inc.
• Challenged Claims: 1-11

2. Patent Overview

• Title: System and Method for Accessing Host Computer Via Remote Computer
• Brief Description: The ’216 patent relates to methods for enabling secure peer-to-peer communication between a remote device and a host computer, particularly when the host is located behind a firewall. The system uses a central controller to authenticate both devices and then instructs the host to initiate a direct connection to the remote, a technique referred to as "connection reversal" to bypass firewall restrictions.

3. Grounds for Unpatentability

Ground 1: Claims 1, 3, 4, and 7-11 are obvious over Dingman in view of Buch and Cook.

• Prior Art Relied Upon: Dingman (Application # 2004/0024879), Buch (Application # 2003/0217165), and Cook (Patent 7,424,736).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Dingman taught the core inventive concept of the ’216 patent. Dingman described a "communication bridge" (controller) that enables a remote device to connect with a host behind a firewall using a "reversal" technique, where the controller instructs the host to initiate the connection. While Dingman mentioned authenticating "authorized" users, it lacked specifics. Petitioner asserted Buch filled this gap by teaching the use of public-key certificates (specifically the X.509 standard, as in the ’216 patent) for end-to-end authentication in the same type of Session Initiation Protocol (SIP) environment used by Dingman. To address the limitation of receiving connection notifications, Petitioner pointed to Cook, which taught a system where both a host and remote send "heartbeat" messages back to a controller to confirm that a direct connection has been established.
  • Motivation to Combine: A person of ordinary skill in the art (POSITA) would combine Dingman with Buch to implement a robust and standard-based authentication system. Buch provided a well-known method (X.509 certificates) to achieve the "authorization" generally described in Dingman's SIP-based framework. A POSITA would further add Cook's notification scheme to the Dingman/Buch system to improve reliability and enable auditing by confirming the status of the connection, a common and desirable feature for brokered network communications.
  • Expectation of Success: A POSITA would have a high expectation of success, as combining the references involved implementing a standard authentication protocol (Buch) into a compatible system (Dingman) and adding a known method for status monitoring (Cook) to enhance system functionality.

Ground 2: Claim 5 is obvious over Dingman, Buch, and Cook, further in view of Bahl.

• Prior Art Relied Upon: Dingman (Application # 2004/0024879), Buch (Application # 2003/0217165), Cook (Patent 7,424,736), and Bahl (Application # 2005/0210150).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground built upon the combination in Ground 1 to address dependent claim 5, which adds a reconnection procedure where the host requests parameters after a remote device fails to respond to a status request. Petitioner argued Bahl taught this specific functionality. Bahl disclosed a system where, if a mobile remote device loses its connection (e.g., by changing its network address) and fails to respond, the host initiates a reconnection by querying a server for the remote's new address information.
  • Motivation to Combine: A POSITA would be motivated to incorporate Bahl's teachings to handle a common and foreseeable problem in mobile networking: connection loss due to device mobility. Bahl provided a known solution that would allow the combined Dingman/Buch/Cook system to re-establish a connection, which is particularly critical when the host is behind a firewall and cannot accept unsolicited connection attempts from the remote's new, unknown address.

Ground 3: Claims 1-3 and 7-11 are obvious over Flowers in view of Schneier and Cook.

• Prior Art Relied Upon: Flowers (Application # 2003/0105812), Schneier ("Applied Cryptography" textbook), and Cook (Patent 7,424,736).

• Core Argument for this Ground:

  • Prior Art Mapping: Petitioner presented Flowers as an alternative primary reference teaching a secure peer-to-peer system with a "Peer Switch" (controller) that facilitates connections across firewalls. Flowers explicitly taught the controller instructing a host to initiate a connection back to a remote, and also disclosed providing the remote with a "menu of hosts" it is authorized to access (addressing claim 2). To supplement Flowers's general mention of digital certificates, Petitioner relied on Schneier, a foundational cybersecurity textbook, for its detailed disclosure of the X.509 standard certificate structure. Cook was again used to supply the teaching of host and remote "heartbeat" notifications to the controller upon successful connection.
  • Motivation to Combine: A POSITA would combine Flowers with Schneier because Schneier provided the well-known, industry-standard implementation details for the certificate-based authentication already contemplated by Flowers. The motivation to add Cook's teachings was the same as in Ground 1: to add a desirable layer of connection auditing and reliability through status notifications.
  • Expectation of Success: The combination involved applying standard, well-documented techniques (Schneier's X.509 certificates, Cook's heartbeats) to the system disclosed in Flowers, representing a predictable and straightforward design choice for a POSITA.

• Additional Grounds: Petitioner asserted additional obviousness challenges based on the Dingman and Flowers combinations, further modified by Bahl and Shaffer (Patent 7,539,127) to address claims related to connection recovery after remote device failure and standby messaging (claims 5 and 6).

4. Key Technical Contentions (Beyond Claim Construction)

• Petitioner's central technical contention, woven throughout all grounds, was that the "connection reversal" technique was not a novel invention. They argued this method—having a controller instruct a host behind a firewall to initiate an outbound connection to a remote device—was a widely known and fundamental technique for traversing firewalls and Network Address Translators (NATs) long before the ’216 patent was filed. This was presented as the primary reason the patent should not have been allowed.

5. Relief Requested

• Petitioner requests the institution of an inter partes review and cancellation of claims 1-11 of Patent 7,814,216 as unpatentable under 35 U.S.C. §103.