Obviousness

Obviousness Analysis of US Patent 7490151 under 35 U.S.C. § 103

This analysis identifies combinations of prior art references that would render the claims of US Patent 7490151 obvious to a person having ordinary skill in the art (POSITA) at the time of the invention (priority date October 30, 1998). The analysis draws heavily from the "Prior art" section, which identified patents by the same assignee and inventors detailing the underlying secure communication technologies, as well as general knowledge of networking protocols. Furthermore, the outcomes of the PTAB challenges, specifically the Final Written Decisions (FWDs) that found claims 1-20 unpatentable as obvious over combinations of TARPP, IKE, and ISAKMP, provide strong guidance for this analysis.

Prior Art References Considered:

1. US 7,010,604 (B1) (referred to as TARPP or a TARP reference): Published March 14, 2006 (priority date October 29, 1999, which precedes US7490151's filing date). This patent, and the related TARP patents (US6052787A, US6295607B1, US6502135B1, US6826606B1), describe a "secure communication link using dynamically changing addresses." Key features include the use of specialized TARP routers, two-layer encryption (link and session keys), agile routing, IP address hopping, interleaving of data, and decoy packet generation to enhance security and thwart traffic analysis. These patents collectively teach the nature and characteristics of the secure communication link itself.
2. RFC 2409 (IKE - Internet Key Exchange): Published November 1998. IKE defines a protocol for performing authenticated keying material for use with IPsec. It specifies how two entities can negotiate and establish Security Associations (SAs) for secure communication.
3. RFC 2408 (ISAKMP - Internet Security Association and Key Management Protocol): Published November 1998. ISAKMP provides a framework for Internet key management and helps establish Security Associations (SAs), enabling two communicating parties to agree on security parameters and set up a secure channel.
4. General Knowledge of DNS and Proxy Servers: At the priority date of US7490151, a POSITA would be well aware of the Domain Name Service (DNS) as the standard mechanism for resolving human-readable domain names into IP addresses (as depicted in FIG. 25 of US7490151B2). Similarly, proxy servers were a known technology used to mediate network traffic for various purposes, including caching, filtering, and anonymity (as discussed in the background of US7490151B2 regarding "local proxy server" and "outside proxy").

Obviousness Combination and Motivation:

The independent claims (Claims 1, 10, and 19) of US7490151 center on a method, apparatus, and system, respectively, for establishing a secure communication link based on a DNS request, specifically utilizing a DNS proxy server. The core inventive concept is the DNS proxy server automatically establishing a secure communication link with the client in response to a DNS request.

Combination:
A person having ordinary skill in the art in 1998 would have found it obvious to combine:

1. A TARP-based secure communication link (as taught by US7010604B1 and related TARP patents), which provides the underlying secure channel with features like dynamic addressing and robust encryption.
2. The secure communication link establishment mechanisms of IKE (RFC 2409) and ISAKMP (RFC 2408), which provide a standardized, authenticated method for setting up Virtual Private Networks (VPNs) or Security Associations (SAs) between endpoints.
3. The functionalities of a DNS proxy server (from general knowledge of networking and proxy technologies) to intercept and manage client DNS requests.

Motivation for Combination:

At the priority date, a POSITA would have recognized the growing need for enhanced network security and the inherent complexity and user friction associated with manually initiating secure connections (e.g., configuring and connecting to a VPN client). Secure communication technologies, such as those described in the TARP patents and the emerging IPsec/IKE/ISAKMP standards, offered robust security, but their activation often required explicit user action or application-specific configurations.

The motivation to combine these elements stems from the desire to achieve transparent and on-demand secure communication.

• Problem: Explicitly setting up a secure channel (like a VPN) before accessing a network resource is cumbersome for users.
• Recognized Opportunity: DNS requests are the natural first step initiated by clients when attempting to access a resource using its domain name. Proxy servers are a well-known mechanism for transparently intercepting and mediating client requests.
• Obvious Solution: A POSITA, seeking to simplify and automate secure communication, would be motivated to leverage a DNS proxy server as a control point. By placing the proxy in the DNS resolution path, the proxy could:
  • Intercept a client's DNS request for a destination server.
  • In response to this request, infer the client's intent to communicate with that destination.
  • Trigger the establishment of a secure communication link (e.g., using IKE/ISAKMP protocols) with the client before the actual application-level communication begins. This would make the secure link setup largely transparent to the end-user.
  • Once the secure link is established, the DNS proxy could then complete the original DNS resolution and return the destination address to the client via the newly secured channel.
  • Subsequently, all communications between the client and the destination server would be routed through this established secure link via the DNS proxy, utilizing the secure communication features (e.g., IP hopping, encryption) taught by the TARP patents.

This combination provides a significant usability advantage by making secure connections largely automatic and transparent, addressing a known problem in network security. The DNS request serves as a logical and opportune trigger for initiating the secure session, as it precedes most application-level communications. The DNS proxy, as a known intermediary for DNS traffic, is the obvious component to implement this triggering and mediation logic.

Conclusion of Obviousness:

The independent claims (1, 10, 19) of US7490151 would have been obvious to a person having ordinary skill in the art in 1998 in light of the combination of the TARP patents (e.g., US7010604B1), IKE (RFC 2409), ISAKMP (RFC 2408), and general knowledge of DNS and proxy servers. The motivation to combine these references arises from the clear need for transparent and user-friendly secure communication, where the initial act of resolving a domain name through a DNS proxy provides an intuitive and effective trigger for establishing an underlying secure communication link.

This conclusion is strongly supported by the outcomes of the Inter Partes Review (IPR) proceedings. The PTAB consistently found claims 1-20 of US7490151 unpatentable as obvious over "TARPP in view of IKE and ISAKMP" in IPR2016-00167, IPR2016-00063, and IPR2015-01047. These decisions were subsequently affirmed by the Federal Circuit, solidifying the legal determination of obviousness for all claims.