Professional Documents
Culture Documents
gov
571-272-7822
Paper 9
Entered: January 11, 2017
DECISION
Institution of Inter Partes Review
37 C.F.R. 42.108
IPR2016-01404
Patent 6,968,459 B1
I.
INTRODUCTION
IPR2016-01404
Patent 6,968,459 B1
II.
A.
BACKGROUND
IPR2016-01404
Patent 6,968,459 B1
device-specific security information from the storage device. Id. at 5:7
10. The device-specific security information is derived from the unique
format information of the removable storage device. Id. at 3:654:1.
The459 patent elaborates:
In one embodiment, the device-specific security
information is a function of the low-level format
information and, therefore, uniquely identifies the
underlying media of storage device 151. For example, in
one embodiment the device-specific security information
is a hash of the addresses of the bad sectors for storage
device 151. Because it is a function of the physical
characteristics of the actual storage medium within
storage device 151, the format information is inherently
unique to each storage device 151. In other words, the
addresses of the bad sectors change from device to
device.
Id. at 4:919.
According to the 459 patent, when a computer operates in a secure
full access data storage mode, storage management software encrypts and
decrypts data transmitted between the computer and the removable storage
device using a cryptographic key. Id. at 3:6164. The system of the 459
patent generates this cryptographic key by combining any number of the
following types of information: (1) device-specific security information
. . . , (2) manufacturing information that has been etched onto the storage
device, (3) drive-specific information, such as drive calibration parameters,
retrieved from the storage drive, and (4) user-specific information such as a
password or biometric information. Id. at 3:654:5.
When a computer operates in a restricted-access data storage mode,
the computer operates the storage device as read-only such that the user
IPR2016-01404
Patent 6,968,459 B1
may read data from the device but may not write any data to the device. Id.
at 1:6366. Alternatively, the user may be permitted to write the nonsensitive data to the removable storage device in an unencrypted format.
Id. at 1:662:2.
B.
Illustrative Claim
A method comprising:
IPR2016-01404
Patent 6,968,459 B1
Petitioner further relies on the Declaration of Dr. Paul Franzon
(Ex. 1002).
D.
Bensimon
35 U.S.C. 102(b)
35 U.S.C. 103(a)
2, 15, and 34
35 U.S.C. 103(a)
18
E.
Related Proceedings
III.
CLAIM CONSTRUCTION
IPR2016-01404
Patent 6,968,459 B1
Sci. & Engg, Inc., 200 F.3d 795, 803 (Fed. Cir. 1999) (explaining that only
claim terms in controversy need to be construed, and only to the extent
necessary to resolve the controversy).
IV.
A.
ANALYSIS
Bensimon
IPR2016-01404
Patent 6,968,459 B1
Figure 1 of Bensimon depicts computer 10 and storage device 100,
which Bensimon describes as an intelligent storage device. Id. at 4:50,
5:3234. The intelligent storage device of Bensimon includes a password
security feature at the device level. Password security at the device level
provides an advantage over system-level password security in that a stolen
storage device cannot be used in any computer unless the thief also knows
the password. Id. at 4:5056.
Figure 3 of Bensimon is reproduced below.
IPR2016-01404
Patent 6,968,459 B1
Figure 3 of Bensimon depicts a simplified block diagram of an
intelligent removable information storage device 100 in accordance with the
invention. Id. at 4:3545. In a preferred embodiment of Bensimon, the
password and a password enabling flag are stored in the media 102 itself,
along with the protected data, rather than with the control electronics. Id. at
6:3537.
2.
Takahashi
IPR2016-01404
Patent 6,968,459 B1
management unit is to read encrypted external program code instructions
and data stored in the external memory, decrypt these instructions, and
store the information in a secure random access memory (RAM). Id. at
2:3240.
3.
Kimura
Claim 1
IPR2016-01404
Patent 6,968,459 B1
claimed full-access mode permitting read and write access when
Bensimons storage device 100 has the password-enabling flag and the
read/write password as the device-specific security information. Pet. 26
(citing Ex. 1002 61); see also Ex. 1004, 6:1329. Further, Petitioner
contends Bensimon discloses the claimed restricted-access mode
permitting read access and preventing write access when Bensimons storage
device 100 has the password-enabling flag and the write protection (readonly) password as the device-specific security information. See Pet. 27
(citing Ex. 1002 6263); see also Ex. 1004, 6:1329.
Patent Owner argues Bensimon does not disclose the restrictedaccess mode because when Bensimons password security is not enabled,
the device operates in an unprotected mode. Prelim. Resp. 10 (citing Ex.
1004, 6:34). Similarly, Patent Owner argues Bensimon does not disclose
the restricted-access mode because, if the write protection (read only)
password is not entered correctly, write access and read access are
restricted. Prelim. Resp. 12. We are not persuaded by Patent Owners
arguments. Claim 1 recites, A method comprising. . . . The transition
comprising in a method claim indicates that the claim is open-ended and
allows for additional steps. Invitrogen Corp. v. Biocrest Manufacturing,
L.P., 327 F.3d 1364, 1368 (Fed. Cir. 2003). The presence of an additional
unprotected mode in Bensimon, therefore, is not excluded by the scope of
claim 1. Similarly, the presence of an additional mode preventing access
due to incorrect password entry is not excluded by the scope of claim 1.
Rather, we agree with Petitioner that Bensimon discloses the claimed
restricted-access mode permitting read access and preventing write access
in the situation where Bensimons storage device 100 has the password-
11
IPR2016-01404
Patent 6,968,459 B1
enabling flag and the correctly-entered write protection (read-only)
password. See Pet. 27 (citing Ex. 1002 6263); see also Ex. 1004, 6:13
29.
Patent Owner additionally argues Bensimon lacks the claimed
device-specific security information because Bensimons passwords are
user-specific informationa user selects and sets the password. Prelim.
Resp. 15 (emphasis omitted). Thus, according to Patent Owner, the user
can assign the exact same password to each and every device in Bensimon.
Id. We are not persuaded by Patent Owners argument. To the extent Patent
Owner contends passwords may not be device-specific security
information, we disagree. The 459 patent does not disclose that devicespecific security information must not include passwords, or that all
passwords are user-specific rather than device-specific. See Ex. 1001, 3:65
4:5. Moreover, Petitioner relies on both Bensimons password and its
password-enabling flag, and cites Bensimons description of the passwordenabling flag stored on the storage media as a unique string of characters.
Pet. 2627 (citing Ex. 1004, 6:1329). We agree with Petitioner, based on
the record before us and at this stage of the proceeding, that at least
Bensimons password and password-enabling flag stored on the device are
device-specific as required by claim 1.
For the reasons discussed above and based on the current record
at this stage of the proceeding, we determine Petitioner has shown a
reasonable likelihood of prevailing on this anticipation challenge to
claim 1.
12
IPR2016-01404
Patent 6,968,459 B1
2.
Claims 33 and 39
Claims 13 and 14
IPR2016-01404
Patent 6,968,459 B1
data field prior to attempting access, and determine
whether the password is required to be issued to the
drive. Preferably, this issuance will be accomplished via
system prompt of the user.
Id. at 28 (citing Ex. 1004, 6:3034).
Patent Owner argues Bensimon fails to meet the limitations of claim
13 and 14 because Bensimon does not disclose detecting the insertion of
the PC card, let alone performing the sensing step once the detection
occurs. Prelim. Resp. 18 (emphasis omitted). We are not persuaded by
Patent Owners arguments. The passages of Bensimon cited by Petitioner
disclose that password aware systems determine whether a password is
required to be issued to the card prior to attempting access to the card (i.e.,
sensing whether a storage device has device-specific security information
stored thereon). Ex. 1004, 6:3032. If a password is required to be issued,
Bensimon discloses prompting the user to issue the password. Id. at 6:32
34. According to Bensimon, this process allows the user to enable
protection for a pc card not previously in a password protected mode upon
insertion of the pc card into the computer (i.e., when a status change is
detected . . . the status change indicates the insertion of the storage device
into the computer). Id. at 5:3240. Therefore, we agree with Petitioner,
based on the record before us and at this stage of the proceeding, that
Bensimon meets the limitations of claims 13 and 14.
For the reasons discussed above and based on the current record
at this stage of the proceeding, we determine Petitioner has shown a
reasonable likelihood of prevailing on this anticipation challenge to
claims 13 and 14.
14
IPR2016-01404
Patent 6,968,459 B1
4.
Claims 46 and 48
Claims 2 and 34
IPR2016-01404
Patent 6,968,459 B1
teaching or suggesting the claim 2 limitations: encrypting digital data to be
written to the storage device from the computer and decrypting digital data
read from the storage device by the computer. Pet. 3638 (citing Ex. 1005,
2:2639). Petitioner further relies on Takahashi as teaching or suggesting
encrypting digital data to be written to the storage drive; and decrypting
digital data read from the storage device, as recited by claim 34. Id. at 42
43.
Finally, relying on the Franzon Declaration, Petitioner asserts one of
ordinary skill in the art would have been motivated to combine the cited
references because one of ordinary skill would have recognized that, by
adding Takahashis technique to Bensimons system, the unauthorized user
would not only have to know the password for the device as described by
Bensimon, but would also need to have the particular encryption firmware as
described by Takahashi. Id. at 3840 (citing Ex. 1002 81; see also id.
82).
Patent Owner advances no argument on claim 34 and argues regarding
claim 2 that Petitioner fails to show the cited references teach or suggest
automatically performing the encrypting and decrypting. Prelim. Resp. 21.
We are not persuaded by this argument because Takahashi teaches
performing the cited encryption and decryption without user intervention via
direct memory access controller 14 and memory controller 16. Ex. 1005,
2:603:20.
For the reasons discussed above and based on the current record
at this stage of the proceeding, we determine Petitioner has shown a
reasonable likelihood of prevailing on this obviousness challenge to
claims 2 and 34.
16
IPR2016-01404
Patent 6,968,459 B1
2.
Claim 15
17
IPR2016-01404
Patent 6,968,459 B1
cite, and we do not find, support in Bensimon for the notion that the
password is shared by the computer and the device. Sharing the password
in the manner proposed by Petitioner would be contrary to Bensimons
disclosure that password security at the device level provides an advantage
over system-level password security. Id. at 4:5056. Further, Bensimon
describes storing the password and the password enabling flag in the media
102 itself, along with the protected data, rather than with the control
electronics. Id. at 6:3537. Petitioner fails to explain in the record before
us why one of ordinary skill in the art would be motivated to modify
Bensimons passworddescribed in the above-cited passages as secured
within the storage media itselfto be shared between the storage media and
the computer such that the computer could use that password to decrypt data.
For the reasons discussed above, we determine Petitioner has
not shown a reasonable likelihood of prevailing on this obviousness
challenge to claim 15.
D.
Obviousness of Claim 18 based on Kimura in combination with
Takahashi
Claim 18 recites, in relevant part, sensing whether the storage device
has security information generated from a combination of device-specific
information associated with the storage device and user-specific information
associated with a user. Thus, claim 18 requires a determination of whether
the storage device contains security information generated from a
combination of device-specific and user-specific information.
Petitioner relies on Kimuras particular security code assigned to the
card in question as meeting the claimed security information. Pet. 52. Id.
at 5253 (citing Ex. 1006, 14:1221, 17:2737). Petitioner further relies on
Kimuras comparison of this internal security code (i.e., security
18
IPR2016-01404
Patent 6,968,459 B1
information) with another security code deciphered from external
information as meeting the claimed sensing whether the storage device
has security information. Pet. 52.
We are not persuaded by Petitioners arguments because they are not
commensurate with the claim language. Claim 18 requires sensing the
presence of security information, which Petitioner contends is taught or
suggested by Kimuras security code. Pet 52. Petitioners contentions,
however, fail to identify adequate teaching or suggestion of sensing the
presence of this secure code. Id. Kimura describes the cited security code
as internal information assigned to that particular card and not available
to the interface bus under any circumstances. Ex. 1006, 18:4060. Thus,
Kimura describes the card has the cited security code within its internal
memory once the code has been assigned to that card. See id. Rather than
establishing that Kimura senses the presence of this code in the internal
memory of the card, Petitioner directs our attention to Kimuras comparison
of a second code to the internal security code. Pet. 52, 5759. Whether the
two codes match, however, does not address sensing whether Kimuras card
contains the internal security codewhich Kimura teaches is in fact stored
within the card after it is assigned to the card. Ex. 1006, 18:4060.
For the reasons discussed above and based on the current record
at this stage of the proceeding, we determine Petitioner has not shown
a reasonable likelihood of prevailing on this obviousness challenge to
claim 18.
19
IPR2016-01404
Patent 6,968,459 B1
V.
SUMMARY
VI.
ORDER
It is, therefore:
ORDERED that, pursuant to 35 U.S.C. 314(a), an inter partes
review of the 459 patent is hereby instituted on the following grounds:
A. Anticipation of claims 1, 13, 14, 33, 39, 46, and 48 by Bensimon;
and
B. Obviousness of claims 2 and 34 over Bensimon and Takahashi.
FURTHER ORDERED that review based on any other proposed
grounds of unpatentability is not authorized; and
FURTHER ORDERED that pursuant to 35 U.S.C. 314(c) and
37 C.F.R. 42.4, notice is hereby given of the institution of a trial
commencing on the entry date of this decision.
20
IPR2016-01404
Patent 6,968,459 B1
FOR PETITIONER:
P. Andrew Riley
James D. Stein
FINNEGAN, HENDERSON, FARABOW,
GARRETT & DUNNER, LLP
Andrew.Riley@finnegan.com
James.Stein@finnegan.com
Jonathan Stroud
UNIFIED PATENTS INC.
jonathan@unifiedpatents.com
PATENT OWNER:
Lori A. Gordon
Byron Pickard
Steven Peters
STERNE, KESSLER GOLDSTEIN & FOX PLLC
lgordon-ptab@skgf.com
bpickard@skgf.com
speters@skgf.com
21