`
`
`
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`
`
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`
`
`
`
`UNIFIED PATENTS INC.,
`Petitioner
`
`v.
`
`INTELLECTUAL VENTURES II LLC
`Patent Owner
`____________________
`
`IPR2016-01404
`Patent 6,968,459
`____________________
`
`
`PATENT OWNER INTELLECTUAL VENTURES II LLC’S
`RESPONSE TO PETITION
`
`
`
`
`
`Mail Stop PATENT BOARD
`Patent Trial and Appeal Board
`U.S. Patent & Trademark Office
`P.O. Box 1450
`Alexandria, VA 22313-1450
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`I.
`
`II.
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`TABLE OF CONTENTS
`
`Introduction. ..................................................................................................... 1
`
`The ’459 patent solved the important problem of authorized users copying
`sensitive data to unsecured removable storage devices. .................................. 2
`
`III. Claim construction. .......................................................................................... 6
`
`A. Device-specific security information. ................................................... 7
`
`IV. Ground 1: Bensimon does not anticipate claims 1, 13, 14, 33, 39, 46, and 48.
` .......................................................................................................................11
`
`A. Overview of Bensimon. .......................................................................11
`
`B.
`
`Bensimon does not anticipate independent claims 1, 33, 39. .............13
`
`1.
`
`2.
`
`3.
`
`Petitioner does not establish that Bensimon discloses “device
`specific security information.” ..................................................14
`
`Petitioner did not establish that Bensimon discloses the
`“restricted-access mode” step. ..................................................18
`
`Petitioner did not establish that Bensimon discloses “the
`computer… prevents write access to the storage device” as
`recited in claims 1 and 33. ........................................................29
`
`C.
`
`Petitioner did not establish that Bensimon anticipates independent
`claims 13 and 14. .................................................................................33
`
`V. Ground 2: The combination of Bensimon and Takahashi does not render
`obvious claims 2 and 34. ...............................................................................36
`
`VI. Conclusion. ....................................................................................................38
`
`
`
`- i -
`
`
`
`
`
`
`
`
`
`
`
`Table of Authorities
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`Cases
`
`Eli Lilly and Co. v. Zenith Goldline Pharmaceuticals, Inc.,
`471 F. 3d 1369 (Fed. Cir. 2003) .............................................................................. 20
`
`
`
`
`
`
`
`- ii -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`
`
`Exhibit List
`
`
`Description
`
`Microsoft Dictionary
`Schneier, B., Applied Cryptography, 2d. Ed., Wiley, 1996
`Franzon Deposition Transcript (May 4, 2017)
`Declaration of David M. Goldschlag, Ph.D.
`Curriculum Vitae of Dr. Goldschlag
`Definition of “specific”, Merriam Webster’s Collegiate Dictionary,
`Eleventh Edition (2008)
`
`Exhibit #
`2001
`2002
`2003
`2004
`2005
`2006
`
`- iii -
`
`
`
`
`
`
`
`I.
`
`Introduction.
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`The Petition in this case is nothing more than an attempt to contort the
`
`Bensimon reference to read on the claims of U.S. Patent No. 6,968,459 (the ’459
`
`patent). It is rife with errors, and Petitioner’s own expert admits that, if it is taken
`
`literally, the Petition cannot prove anticipation of the ’459 claims.1 Simply put, the
`
`Petition stretches the law of anticipation too far, and the Board should find all
`
`remaining challenged claims patentable.
`
` The ’459 patent addressed an important technological issue: preventing an
`
`authorized user from copying secure information to an unsecured removable
`
`device. The ’459 claims reflect this innovation, requiring that the computer
`
`prevents writing to devices that do not have security information. Petitioner’s cited
`
`references do not address that issue, and instead focus on securing removable
`
`devices against unauthorized users. When those devices are not secured, the cited
`
`references freely permit both reading and writing operations, unlike the challenged
`
`claims.
`
`The Board should reject Petitioner’s application of Bensimon to the claims
`
`under Ground 1 for four reasons. First, Petitioner relies on an improper and
`
`convoluted reading of the claims. Second, Petitioner has not shown that
`
`
`1 See Franzon Dep., 74:5–22; 73:5–22.
`
`
`
`- 1 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`Bensimon’s read-write password, either alone, or in combination with the
`
`password flag is “device-specific information.” Third, even under Petitioner’s
`
`convoluted reading of the claims, Petitioner’s argument relies on an embodiment
`
`that Bensimon does not explicitly or inherently disclose. Finally, Petitioner simply
`
`fails to address the requirement of the claims that the “computer” prevents access
`
`during the restricted-access mode, not the storage device. And Ground 2 fails for
`
`the same reasons as Ground 1 because it is limited to addressing dependent claims
`
`2 and 34.
`
`Because the Petition falls short of making the proper showing of anticipation
`
`or obviousness, the Board should affirm patentability of claims 1, 13, 14, 33, 39,
`
`46, and 48 of the ’459 patent over Bensimon and claims 2 and 34 over the
`
`combination of Bensimon and Takahashi.
`
`II. The ’459 patent solved the important problem of authorized users
`copying sensitive data to unsecured removable storage devices.
`
`In 1999, engineers at Imation Corporation recognized that “[o]ne of the
`
`greatest challenges” in creating a secure computing environment is “preventing the
`
`authorized user from using sensitive data in an unauthorized manner.” (’459 patent,
`
`1:13–23.) For example, prior to the ’459 patent, after a user successfully entered a
`
`password, the user was able to access and handle information without technology-
`
`imposed limitations. The lack of access control meant that an authorized user could
`
`
`
`- 2 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`“simply copy[] the sensitive data to a removable storage device such as floppy
`
`diskette.” (Exhibit 1001, ’459 patent, 1:23–26.)
`
`To address this critical security flaw, the inventors of the ’459 patent
`
`developed a computing environment using secure storage devices where, for
`
`example, “a computer automatically operates in a secure ‘full-access’ data storage
`
`mode when the computer detects the presence of a secure removable storage
`
`device.” (’459 patent, 1:36–40.) Conversely, “[i]f the computer senses a non-
`
`secure removable storage device then the computer automatically operates in a
`
`‘restricted-access’ mode.” (’459 patent, 1:40–43.) Figure 1, reproduced below,
`
`illustrates an embodiment of such a computing environment.
`
`
`
`
`
`- 3 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`
`
`In secure full-access mode, the system “uses a cryptographic key to encrypt
`
`and decrypt the data stream between the computer and the removable storage
`
`device.” (’459 patent, 1:44–47.) The key can be generated by a combination of
`
`various types of information such as “(1) device-specific information derived of
`
`the removable storage device, (2) manufacturing information that has been etched
`
`onto the storage device, (3) drive-specific information…, and (4) user-specific
`
`information such as a password.” (’459 patent, 1:47–55.) Figure 2, reproduced
`
`below, illustrates an exemplary method requiring each of the four types of
`
`
`
`- 4 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`information identified in the Figure (204, 206, 208, 210) for a storage device to be
`
`deemed secure and have “full access.”
`
`
`
`The patent contemplates two situations: where the storage device is secure
`
`and where the storage device is unsecured. Where the storage device is secure, the
`
`computing environment uses the “secure storage device as a secure ‘access card’”
`
`to gain access to sensitive data of the organization. (’459 patent, 1:56–58.) For
`
`example, the computer allows the user to access sensitive information from other
`
`sources after plugging in a secure storage device. (See ’459 patent, 1:58–62.)
`
`Sensitive information written to the secure storage device can be encrypted. (See
`
`
`
`- 5 -
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`’459 patent, 1:44–47.) Conversely, if the storage device is unsecured, the computer
`
`
`
`operates such that the device cannot be written to, which prevents removing
`
`sensitive information from the computer when using an unsecured device. (See
`
`’459 patent, 1:63–66.)
`
`III. Claim construction.
`Petitioner proposed constructions for six terms— “device-specific security
`
`information,” “[device/user]-specific information,” “security information,” “status
`
`change… for the storage device,” “storage manager,” and “drive.” (See Petition,
`
`pp. 11–18.) The Board declined to construe any of these terms, finding that
`
`“construction of the terms proposed by Petitioner is not necessary to our analysis
`
`on whether to institute a trial.”
`
`Patent Owner agrees that construction of “[device/user]-specific
`
`information,” “security information,” “status change… for the storage device,”
`
`“storage manager,” and “drive” is not necessary to resolve the controversy in this
`
`proceeding. However, the construction of “device-specific security information” is
`
`necessary, as Patent Owner details in its arguments that follow.
`
`
`
`
`
`
`
`- 6 -
`
`
`
`
`
`
`
`A. Device-specific security information.
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`Petitioner
`
`Patent Owner
`
`information that is specific to the
`storage device and used to secure access
`to the storage device.
`
`information that is unique to the
`storage device and used to secure
`access to the storage device.
`
`
`
`The Board should adopt Patent Owner’s construction for this term,
`
`“information that is unique to a device that is used to secure access to the storage
`
`device,” because Patent Owner’s construction is consistent with the claims and
`
`specification. The Board should reject Petitioner’s construction because it is
`
`circular, adding no further insight or meaning to the term.
`
`Both parties agree that device-specific security information is used to secure
`
`access to a device and is specific to the device. (Petition, p. 11.) However, the
`
`parties dispute the meaning of “specific.” Petitioner provides no explicit meaning
`
`of this term in its construction. Instead, Petitioner’s position on the meaning of
`
`“specific” in the term “device-specific” fluctuates based on the situation. For
`
`example, Petitioner repeatedly appears to equate the terms “specific” and “unique.”
`
`(See e.g., Petition, p. 23 (“‘unique’ or specific”); Petition, p. 12 (emphasizing that
`
`its construction properly includes the term “specific” because the specification
`
`describes a “unique identifier[s]’” and “unique format information”).) But during
`
`
`
`- 7 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`deposition, when pressed regarding flaws in his position regarding the Bensimon
`
`reference, Dr. Franzon contradicted the Petition, testifying that “the device specific
`
`security information does not need to be unique.” (Exhibit 2003, Franzon Dep.,
`
`14:5–8.)
`
`Patent Owner’s interpretation of “specific” as “unique” is consistent with the
`
`plain and ordinary meaning of the term and its usage in the specification. The word
`
`“specific” has a well understood meaning: “restricted to a particular individual,
`
`situation, relation, or effect.” (Exhibit 2006, Merriam-Webster, p. 1198.) When
`
`that definition is applied to the term “device-specific security information,” the
`
`plain meaning is that the “security information” must be “restricted to a particular”
`
`device, or in other words unique.
`
`The specification consistently and exclusively requires that the “device-
`
`specific security information” be unique to a device that is used to secure access to
`
`the storage device. The specification also only recites examples of unique device-
`
`security information. (See e.g., ’459 patent, 1:51–53, 3:66 to 4:1,4:9–12, 5:10–13,
`
`7:43–46.) And although, the ’459 patent makes references to both the words
`
`“unique” and “specific,” the ’459 patent repeatedly underscores that these terms
`
`are linked, and it is the fact that device information is unique that makes it device-
`
`specific. (See e.g., ’459 patent, 5:31–32 (“Because these calibration parameters are
`
`unique to each drive, they are well suited for generating a cryptographic key that
`
`
`
`- 8 -
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`is drive-specific.”); 4:14–17( “because [the device-specific security information] is
`
`
`
`a function of the physical characteristics of the actual storage medium within
`
`storage device 151, the format information is inherently unique to each storage
`
`device 151”) (emphasis added).)
`
`The claims of the ’459 patent are consistent with the requirement that
`
`device-specific security information must be unique. The claims recite a few
`
`examples of device-specific security information, all of which are unique, such as a
`
`drive serial number (claim 6) or the calibration parameters of a drive2 (claim 7).
`
`The claims never recite any examples of device-specific security information that
`
`is not unique.
`
`The requirement that “device-specific information” be unique is further
`
`underscored when one understands the role of device-specific information in the
`
`’459 patent’s system. A goal of the ’459 patent is to create “a highly secure
`
`computing system [] in which data can only be stored on the original storage
`
`device from the original storage drive by the authorized user.” (’459 patent, 6:1–
`
`4 (emphasis added).) This means, for example, that the encrypted data can only be
`
`decrypted from the device it was originally written to because its encryption key
`
`
`2 The specification of the ’459 patent explains that “calibration parameters
`
`are unique to each drive.” (’459 patent, 5:30–32.)
`
`
`
`- 9 -
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`used information unique to the device. (See, ’459 patent, 6:8–18; Goldschlag Decl.,
`
`
`
`¶28.) The role of the “device-specific security information” is central to ensuring
`
`that the original storage device is being used and allows the computer to
`
`authenticate the device (as opposed to authenticating the user as a password would
`
`enable). (Goldschlag Decl., ¶¶29-30.) If the data were copied onto a different
`
`storage device, the device-specific security information would be different for that
`
`device, and the system would not be able to generate the cryptographic key to
`
`decrypt the data. (See, ’459 patent, 6:4–15; Goldschlag Decl., ¶¶29-30.) The use of
`
`non-unique device-specific security information creates the situation that multiple
`
`storage devices could have the same device-specific security information.
`
`(Goldschlag Decl., ¶30.) In this situation, the system would not be able to ensure
`
`that the original storage device was being used, undermining the purpose for the
`
`system. (Goldschlag Decl., ¶30.)
`
`Thus, because Patent Owner’s construction is consistent with the claims and
`
`the specification, the proper construction for the term “device-specific security
`
`information” is “information that is unique to a device that is used to secure access
`
`to the storage device.”
`
`
`
`- 10 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`IV. Ground 1: Bensimon does not anticipate claims 1, 13, 14, 33, 39, 46, and
`48.
`A. Overview of Bensimon.
`Bensimon discloses a personal computer (PC) card that requires entry of a
`
`password to read from or write to the card. (See, Bensimon, 2:45–49.) Figure 3,
`
`reproduced below, illustrates a block diagram of the PC card.
`
`
`
`Storage media 102 contains the information stored on the PC card (see,
`
`Bensimon, 4:45–47) and may comprise a disk drive or IC memory such as “Flash
`
`EEPROM.” (Bensimon, 5:7–11.) Bensimon does not employ any encryption.
`
`Instead, it polices access by comparing a password entered by a user with a
`
`password stored on the PC card. (See, Bensimon, 5:63 to 6:6.) “The device 100
`
`compares this string with its recorded string (if password protection [has] been
`
`
`
`- 11 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`previously invoked) and enables normal operation if the password is valid.”
`
`(Bensimon, 5:65–67.) When a user wishes to enable password protection, the user
`
`can send the new password with a Password-Enable command. (See Bensimon,
`
`5:35–39.) The PC card then stores the new password in memory storage 102 along
`
`with a password-enabling flag indicating that the card is password-protected.
`
`Bensimon discloses “two classes of passwords: (1) Write protection (read-
`
`only); and (2) Read/Write Protection” that are stored on Bensimon’s device.
`
`(Bensimon, 6:13–14.) A user that correctly enters the read-only password is given
`
`read-only access to the storage device. (See, Bensimon, 7:3–7.) Conversely, a user
`
`that correctly enters the read-write password is given read-write access to the
`
`storage device. (See, Bensimon, 7:8–12.)
`
`The password-enabling flag is sent to the computer to inform the computer
`
`that the device is password-protected, regardless of the type of password protection
`
`that is enabled. (Bensimon, 6:23–34; Goldschlag Decl., ¶37.) The computer
`
`prompts the user for a password, and passes the entered password to the device for
`
`comparison. (Bensimon, 5:63–67.) The storage device has a processor to perform
`
`the comparison and other instructions. (Bensimon, Figure 3; 4:48–52.)
`
`The PC card of Bensimon does not modify the operation of the PC itself.
`
`The card itself protects the data on the device. (Goldschlag Decl., ¶33.) Bensimon
`
`explains that it specifically rejected trying to modify the operation of the PC,
`
`
`
`- 12 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`finding as “inadequate” previous approaches to security of removable storage
`
`devices because “[a] thief of a small removable device could have read the
`
`information in the medium in a system not requiring a password and could also re-
`
`use the storage device itself.” (Bensimon, 2:23–29.) Bensimon addressed this
`
`inadequacy by requiring a password to access the device in addition to any security
`
`measures required to operate the computer itself. (See, Bensimon, 4:50–56.) As a
`
`result, “the device 100 is rendered useless to those without knowledge of the
`
`password.” (Bensimon, 6:17–19.)
`
` Bensimon does not anticipate independent claims 1, 33, 39.
`
`B.
`Ground 1 fails for independent claims 1, 33, and 39—set out more fully in
`
`the following subsections to this argument—because Petitioner did not show that
`
`Bensimon discloses the “restricted-mode” operation as well as the “device-specific
`
`security information” set forth in the challenged independent claims. Petitioner
`
`also fails to show that the computer prevents access during the restricted-access
`
`mode as required in claim 1. Because claims 46 and 48 depend from claim 39,
`
`Ground 1 fails for those dependent claims as well. In the following subsections,
`
`Patent Owner discusses Ground 1’s deficiencies in detail.
`
`
`
`- 13 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`1. Petitioner does not establish that Bensimon discloses “device
`specific security information.”
`Each of claims 1, 33, and 39 recites “device-specific security information.”
`
`The presence or absence of this “device-specific security information” is used to
`
`determine the mode of operation for the storage device: full-access (read-write)
`
`when the storage device has “device-specific security information” or restricted
`
`access (read only) when the storage device does not have “device-specific security
`
`information.”
`
`Petitioner begins its analysis of the “sensing” element of the claims arguing
`
`that “[t]he password and password-enabling flag, alone or in combination, disclose
`
`the claimed ‘device-specific security information stored thereon.’” (Petition, p. 22.)
`
`But Petitioner quickly retreats from this position in the full-access and restricted
`
`access elements, relying solely on the “read/write” password to meet the language
`
`of the claim as illustrated in the following table.
`
`Claim Language
`
`Petition
`
`sensing whether a storage device has
`device-specific security information
`stored thereon
`
`“The password and password-enabling
`flag, alone or in combination, disclose
`the claimed ‘device-specific security
`information stored thereon.’”
`
`(Petition, p. 22.)
`
`operating a computer in full-access
`
`“The above step of claim 1 is met in a
`
`
`
`- 14 -
`
`
`
`
`
`
`
`Claim Language
`mode when the storage device has
`device-specific security information
`
`operating a computer in a restricted-
`access mode when the storage device
`does not have device-specific security
`information
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`Petition
`situation where Bensimon’s storage
`device 100 has the password-enabling
`flag and the read/write password.”
`
`(Petition, p. 26.)
`
`“The above step of claim 1 is met in a
`situation where Bensimon’s storage
`device 100 does not have the read-write
`password as ‘device-specific security
`information’ but instead has the write-
`only password.”
`
`(Petition, p. 27.)
`
`
`
`Thus, when Petitioner’s argument for the entirety of the independent claims
`
`is considered, Petitioner only relies on Bensimon’s read-write password as the
`
`recited “device-specific security information.” Petitioner’s argument fails because
`
`Bensimon’s read-write password is not “unique” and therefore not “device-
`
`specific.” Moreover, even if Bensimon’s password-flag is considered alone or in
`
`combination with the read-write password, Patent Owner demonstrates below that
`
`the password-flag cannot be the claimed “device-specific security information”
`
`because it is also not “unique.”
`
`
`
`- 15 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`a) The read-write password is not “device-specific security
`information” under the correct construction of that term.
`The proper construction for “device-specific security information” is
`
`“information that is unique to the storage device and used to secure access to the
`
`storage device.” (See, Section II, above.) Bensimon’s read-write password cannot
`
`be “device-specific security information” because it is not unique. Bensimon never
`
`explicitly discloses that either its read-write or read only passwords are unique.
`
`(Goldschlag Decl., ¶42.) And it is not inherent that a password would be unique.
`
`To the contrary, as Dr. Goldschlag explains it is not inherent that a password is
`
`unique as two different people could be using the same password. (Goldschlag
`
`Decl., ¶42.)
`
`When the proper construction is applied, Bensimon does not explicitly or
`
`inherently disclose that its read-write password is the recited “device-specific
`
`security information.” Accordingly, the Board should find patentable claims 1, 33,
`
`and 39.
`
`b) The password-flag is not “device-specific” information.
`Petitioner fails to establish the Bensimon discloses under either its
`
`construction or the proper construction set forth above by Patent Owner. In the
`
`discussion of the “sensing” claim element, Petitioner notes that “when the
`
`password-enabling flag is stored on Bensimon’s storage device 100, it places the
`
`
`
`- 16 -
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`storage device ‘in a password protected mode’ and ‘make[s] the card 100 password
`
`
`
`protected.” (Petition, p. 24; citing Bensimon at 5:34–36.) From this statement,
`
`Petitioner speculates, without support, that “Benimon’s [sic] password-enabling
`
`[flag] is ‘information that is specific to the storage device.’” (Petition, p. 24.)
`
`Nowhere does Petitioner explain why or how the password-enabling flag is
`
`specific to the storage device. Thus, Petitioner fails to establish that Bensimon’s
`
`password-enabling flag is “device-specific security information.”
`
`The Board, in the Institution Decision, found that “Petitioner relies on both
`
`Bensimon’s password and its password-enabling flag, and cites Bensimon’s
`
`description of the password-enabling flag stored on the storage media as a ‘unique
`
`string of characters.’ (Pet. 26–27 (citing Ex. 1004, 6:13–29).” (Institution Decision,
`
`p. 12.) But Petitioner only refers to the read-write password in the full and
`
`restricted access sections as “device-specific security information,” not the
`
`password flag. There is no discussion in the Petition on how the passage cited by
`
`the Board supports any contention that the password-enabling flag is “device-
`
`specific security information.” Indeed, Petitioner itself did not rely on this portion
`
`of Bensimon when actually discussing the password-enabling flag in the “sensing”
`
`claim element.
`
`Patent Owner respectfully disagrees with the Board’s interpretation of this
`
`passage from Bensimon. As Dr. Goldschlag explains, although Bensimon’s refers
`
`
`
`- 17 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`to its password flag as “a unique string of characters,” a person of ordinary skill in
`
`the art (POSITA) would understand this does not mean that the string of characters
`
`are unique between devices, but rather only unique from the other information
`
`returned by a storage device to a computer. (Goldschlag Decl., ¶45.) If Bensimon’s
`
`password flag were truly unique between devices, then Bensimon’s computer
`
`could never know what to look for to determine whether a password was required.
`
`(Goldschlag Decl., ¶46.) Therefore, the password-enabling flag of Bensimon is
`
`also not unique (or specific) to a device. (Goldschlag Decl., ¶46.)
`
`Accordingly, the password-enabling flag of Bensimon is not “device-specific
`
`security information” under either Petitioner’s or Patent Owner’s construction of
`
`the term.
`
`2.
`
`Petitioner did not establish that Bensimon discloses the
`“restricted-access mode” step.
`
`Petitioner’s argument fails for a further reason—Petitioner fails to establish
`
`that Bensimon discloses the “restricted-access” claim element. Each of the
`
`independent claims requires that the computer operate “in a restricted-access mode
`
`when the storage device does not have the device-specific security information.”
`
`Petitioner contends this claim element is met “in a situation where Bensimon’s
`
`storage device 100 does not have the read-write password as ‘device-specific
`
`security information’ but instead has the write-only password.” (Petition, p. 27.)
`
`
`
`- 18 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`However, Petitioner’s contention is based on a fundamental misunderstanding of
`
`Bensimon, as highlighted by its own expert at deposition. And the new theory
`
`advanced by Petitioner’s expert to compensate for this fatal flaw in the Petition is
`
`equally flawed.
`
`a) The Petition fails to establish that Bensimon discloses the
`“operating in a restricted-access mode” claim element.
`
`Petitioner argues that Bensimon discloses the “restricted access mode” step
`
`of claims 1, 33 and 39 when “Bensimon’s storage device 100 does not have the
`
`read-write password as ‘device-specific security information’ but instead has the
`
`write only password.” (Petition, p. 27.) In other words, under Petitioner’s theory,
`
`Bensimon discloses the “restricted access mode” claim element when the
`
`following conditions are present:
`
`— the storage device does not store a “read-write password”;
`
`— the storage device only stores a write protect (read only) password;
`
`and
`
`— the user correctly enters the write protection password.
`
`Thus, Petitioner premises its argument on its belief that Bensimon’s system can
`
`store a read only password alone, without also storing a read-write password.
`
`Petitioner misunderstands Bensimon. Nowhere does Bensimon disclose the storage
`
`
`
`- 19 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`of only one type of password. And both experts agree that a POSITA would not
`
`understand Bensimon in this way.
`
` Bensimon discloses two types of passwords: “(1) Write protection (read-
`
`only); and (2) Read/Write protection.” (Bensimon, 6:13–14.) When the user enters
`
`the write protection password, the device is read only (i.e., writes are disabled).
`
`(Bensimon, 6:14–17.) When the user enters the read/write password, the device
`
`can be accessed for both reads and writes. (Bensimon, 6:17–18; Franzon Dep.,
`
`71:20 to 72:6, 74:15–22, 96:9–12.) In both cases, if the user enters the wrong
`
`password, no access is granted. (Goldschlag Decl., ¶51; Bensimon, 6:17–18, 7:3–
`
`7.)
`
`Bensimon provides no further details about the usage of its two-password
`
`system in its detailed description. Bensimon never discloses that its system has a
`
`mode of operation where a read-only password is present but not a read-write
`
`password. And both Patent Owner’s and Petitioner’s experts agree that Bensimon
`
`does not explicitly disclose this mode of operation. (Goldschlag Decl., ¶¶50-52;
`
`Franzon Dep., 106:14–15 (“Bensimon is... silent on all the details of when it's read,
`
`when it's write.”); see also 105:22 to 106:6.)
`
`Without an explicit disclosure in Bensimon of a device that stores only a
`
`read-only password, Petitioner is forced to rely on inherency to make its
`
`anticipation case. See Eli Lilly and Co. v. Zenith Goldline Pharmaceuticals, Inc.,
`
`
`
`- 20 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`471 F. 3d 1369,1375–77 (Fed. Cir. 2003) (“[T]he prior art reference must disclose
`
`each and every feature of the claimed invention, either explicitly or inherently.”).
`
`But Petitioner’s inherency theory must fail because it is not necessarily the case
`
`that Bensimon’s device would have only a read-only password and not a read-write
`
`password.
`
`Bensimon does not contemplate a mode of operation where only its read-
`
`only password would be stored without a read-write password. Indeed, both
`
`experts agree that such a mode would be illogical.3 (Goldschlag Decl., ¶¶50-52;
`
`Franzon Dep., 105:22 to 106:6.) As Petitioner’s expert—Dr. Franzon—puts it, “at
`
`some point, data has to be written to the device in order to be able to read it, so it
`
`makes sense that… there would be a capability of… writing to the device in a
`
`protected mode.” (Franzon Dep, 106:9–13.) In fact, Dr. Franzon further
`
`underscored his point:
`
` Bensimon… doesn't say there might be two classes of
`passwords or sometimes there's two classes of passwords. It
`
`
`3 In fact, if the device only has a “write protection (read only)” password, a
`
`person with knowledge of the write protection password, could simply disable it
`
`using the “Password-Disable” command and gain full access to the device.
`
`(Goldschlag Decl., ¶50; Bensimon, 6:7–12.)
`
`
`
`- 21 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`says there are two classes of passwords. So to be more literal,
`it's saying that these passwords are present.
`
`(Franzon, 84:4–10 (emphasis added).) And Bensimon’s claims support the
`
`understanding that both passwords are stored, reciting that the storage device
`
`“stor[es] information including a read-only password and a read/write password.”
`
`(Bensimon, 6:65–67.) Therefore, a POSITA would understand Bensimon as
`
`requiring both passwords to be present. The storage device then enables access
`
`according to the password entered (i.e., when read-only password entered, user is
`
`granted read-only access; when read/write access granted, user has full access).
`
`Thus, Bensimon does not explicitly or inherently disclose “restricted-access
`
`mode.” Accordingly, the Board should find independent claims 1, 33, and 39
`
`patentable.
`
`b) Bensimon’s password enabling flag cannot meet the restricted-
`access claim element.
`
`Petitioner did not mention Bensimon’s password-enabling flag in its
`
`discussion of the “restricted-access mode.” (Petition, p. 27.) However, should
`
`Petitioner contend in its Reply that Bensimon’s password-enabling flag alone or in
`
`combination with the read-write password meets the “restricted access mode”
`
`claim element, Patent Owner demonstrates that such argument would be incorrect
`
`based on the explicit teachings of Bensimon.
`
`
`
`- 22 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`Bensimon’s password flag “provides a standard method for the computer
`
`system 10 to de