Obviousness

Obviousness Analysis of U.S. Patent 6,502,135

An analysis of U.S. Patent 6,502,135 ('135 patent) under 35 U.S.C. § 103 for obviousness reveals significant vulnerabilities, particularly in light of prior art combinations successfully argued in inter partes review (IPR). The '135 patent, titled "Agile network protocol for secure communications with assured system availability," generally describes methods for creating secure communication links, such as virtual private networks (VPNs), by using dynamically and pseudo-randomly changing data values, such as IP addresses, within data packets.

While the provided patent text does not contain a formal "Prior Art" section listing cited references, the history of PTAB challenges offers a clear view of the most relevant art and the successful arguments made against the patent's validity. Specifically, the final written decision in IPR2016-00062 found several key claims unpatentable.

1. Obviousness of Secure Communication with Hopped Addresses (Claim 1)

Independent claim 1 recites a method for secure communication by establishing a VPN link wherein data packets contain values that vary in a pseudo-random sequence. This claim and its dependents were found obvious over the combination of U.S. Patent 5,577,209 to Boyle and U.S. Patent 5,659,616 to Sudia.

• Teachings of the Prior Art:

  • Boyle (US 5,577,209): Titled "Secure Communications on a Public Network," Boyle discloses a system for creating a virtual private network over a public network like the Internet. It teaches encapsulating data packets and using a security gateway or firewall to manage access and secure communications between trusted networks, a foundational concept for VPNs.
  • Sudia (US 5,659,616): Titled "Anonymous and Authenticated Digital Communication System," Sudia is directed at enhancing anonymity and security. It discloses techniques to prevent traffic analysis by using changing or temporary identifiers. The core contribution is the concept of masking the true identity and relationship of communicating parties by using methods that obscure the source and destination information in data packets.

• Motivation to Combine:
  A person of ordinary skill in the art (POSITA) at the time of the invention was well aware of the threat of traffic analysis against secure communication channels. While a VPN as taught by Boyle could encrypt the content of a communication, it did not hide the fact that two specific endpoints were communicating. An eavesdropper could still gather valuable intelligence by observing the source and destination addresses of the encrypted packets.

  Sudia explicitly addresses this problem by teaching the use of anonymous or changing identifiers to thwart traffic analysis. Therefore, a POSITA would have been motivated to enhance the VPN system of Boyle with the anti-traffic-analysis techniques of Sudia. The combination would have been a predictable solution to a known problem: improving the privacy of an already secure communication link. This would involve modifying Boyle's VPN to use the dynamic, pseudo-random addressing taught by Sudia, directly arriving at the invention claimed in claim 1 of the '135 patent.

2. Obviousness of Transparent VPN Creation via DNS (Claim 12)

Independent claim 12 adds a key limitation: transparently creating the secure link by having a proxy intercept a Domain Name System (DNS) request and automatically establishing the VPN. The PTAB found this limitation was also rendered obvious by the prior art, including the combination of Boyle, Sudia, and Request for Comments (RFC) 2207.

• Teachings of the Prior Art:

  • Boyle and Sudia: As described above, these references teach the foundational VPN and address-hopping techniques.
  • RFC 2207 ("RSVP Extensions for IPSEC Data Flows"): This technical standard describes methods for signaling and setting up secure IPsec data flows. It provides a mechanism for network devices to request and establish specific quality of service and security parameters for a data session, linking policy to the setup of a secure channel. Boyle also teaches the use of a DNS-based security gateway that can intercept requests and apply security policies.

• Motivation to Combine:
  The motivation for this combination is rooted in usability and automation. Requiring a user to manually initiate a VPN connection before accessing a secure resource is cumbersome and prone to error. A POSITA would have recognized the benefit of automating this process. DNS lookups are a fundamental and predictable step in nearly all network communications.

  Using a DNS request as a trigger to establish a secure connection, as suggested by Boyle, is a logical and efficient way to create the VPN "transparently" from the user's perspective. A POSITA, seeking to implement the secure, address-hopped VPN of Boyle-in-view-of-Sudia in a user-friendly manner, would find it obvious to use the DNS-interception technique also taught by Boyle. The system would intercept the user's request for a specific domain, recognize it as requiring a secure connection, and automatically establish the address-hopped VPN before allowing the communication to proceed. This combination directly addresses the limitations of claim 12.

Conclusion of Obviousness Analysis

The successful challenge in IPR2016-00062, which resulted in the cancellation of claims 1, 2, 6, 12, 13, and 16, provides a strong foundation for an obviousness determination. A person of ordinary skill in the art, faced with the known problem of protecting not only the content but also the metadata (i.e., the identity of the communicants) of a communication, would have been motivated to combine existing VPN technology (Boyle) with known anti-traffic-analysis techniques (Sudia). Furthermore, to improve usability, it would have been an obvious step to automate the initiation of this secure channel by triggering it with a standard network event like a DNS lookup, a technique also contemplated in the prior art.