`
`
`
`
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`
`
`
`
`UNIFIED PATENTS INC.,
`Petitioner
`
`v.
`
`INTELLECTUAL VENTURES II LLC
`Patent Owner
`____________________
`
`IPR2016-01404
`Patent 6,968,459
`____________________
`
`
`PATENT OWNER INTELLECTUAL VENTURES II LLC’S
`PRELIMINARY RESPONSE TO PETITION
`
`
`
`
`
`Mail Stop PATENT BOARD
`Patent Trial and Appeal Board
`U.S. Patent & Trademark Office
`P.O. Box 1450
`Alexandria, VA 22313-1450
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`I.
`
`II.
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`TABLE OF CONTENTS
`
`Introduction. ..................................................................................................... 1
`
`The ’459 patent solved the important problem of authorized users copying
`sensitive data to unsecured removable storage devices. .................................. 2
`
`III. Claim construction. .......................................................................................... 6
`
`IV. Ground 1: The Board should deny institution because Petitioner did not
`establish a reasonable likelihood that Bensimon anticipates claims 1, 13, 14,
`33, 39, 46, and 48............................................................................................. 7
`
`A. Overview of Bensimon. ......................................................................... 7
`
`B.
`
`Petitioner did not establish a reasonable likelihood that Bensimon
`anticipates claims 1, 33, 39, 46, and 48. ............................................... 8
`
`1.
`
`2.
`
`3.
`
`Overview of the differences between Bensimon and claims 1,
`33, and 39. ................................................................................... 9
`
`Petitioner did not show that Bensimon discloses the “restricted-
`access mode” operation recited in claims 1, 33, and 39. ..........10
`
`Petitioner did not show that Bensimon discloses “device-
`specific security information” as recited in claims 1, 33, and 39
` ...................................................................................................14
`
`C.
`
`Petitioner did not establish a reasonable likelihood that Bensimon
`anticipates independent claims 13 and 14. ..........................................17
`
`V. Ground 2: The Board should deny institution because Petitioner did not
`establish a reasonable likelihood that the combination of Bensimon and
`Takahashi renders obvious claims 2, 15, and 34. ..........................................20
`
`A.
`
`B.
`
`Petitioner did not establish a reasonable likelihood that Bensimon and
`Takahashi renders obvious claim 2. ....................................................21
`
`Petitioner did not establish a reasonable likelihood that Bensimon and
`Takahashi renders obvious independent claim 15. .............................22
`
`
`
`- i -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`1.
`
`2.
`
`3.
`
`Petitioner did not show that the combination of Bensimon and
`Takahashi teaches or suggests “providing restricted-access.” .22
`
`Petitioner did not show that the combination of Bensimon and
`Takahashi teaches or suggests “encrypting digital data using
`the security information.” .........................................................23
`
`Petitioner did not show that the combination of Bensimon and
`Takahashi teaches or suggests “device-specific security
`information” as recited in claim 15. ..........................................28
`
`VI. Ground 3: The Board should deny institution because Petitioner did not
`establish a reasonable likelihood that the combination of Kimura and
`Takahashi renders obvious claim 18. ............................................................29
`
`A.
`
`B.
`
`Petitioner did not establish a reasonable likelihood that the
`combination of Kimura and Takahashi teaches or suggests “sensing
`whether the storage device has security information.” .......................33
`
`Petitioner did not establish a reasonable likelihood that the
`combination of Kimura and Takahashi teaches or suggests
`“encrypting digital data using the security information.” ..................35
`
`VII. Conclusion. ....................................................................................................39
`
`
`
`- ii -
`
`
`
`
`
`
`
`
`
`
`
`Table of Authorities
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`Cases
`
`General Elec. Co. v. TAS Energy Inc.,
`IPR2014-00163, 2014 WL 1994554 (PTAB May 13, 2014) .................................. 27
`
`In re Chaganti,
`2014 WL 274514 (Fed. Cir. 2014)........................................................................... 26
`
`In re Kahn,
`441 F.3d 977 (Fed. Cir. 2006) .................................................................................. 26
`
`KSR Int’l Co. v. Teleflex, Inc.,
`550 U.S. 398 (2007) ................................................................................................. 26
`
`Phillips v. AWH Corp.,
`415 F.3d 1303 (Fed. Cir. 2005).................................................................................. 6
`
`Vivid Techs. v. Amer. Science,
`200 F.3d 795 (Fed. Cir. 2000) .................................................................................... 6
`
`
`
`Statutes
`
`35 U.S.C. § 103(a) ................................................................................................... 26
`
`
`
`Regulations
`
`37 C.F.R. § 42.65 ..................................................................................................... 27
`
`
`
`
`
`
`
`- iii -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`
`
`Exhibit List
`
`
`Description
`
`Microsoft Dictionary
`Schneier, B., Applied Cryptography, 2d. Ed., Wiley, 1996
`
`Exhibit #
`2001
`2002
`
`- iv -
`
`
`
`
`
`
`
`I.
`
`Introduction.
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`The Board should not institute trial on any of the three grounds asserted by
`
`Petitioner. Patent Owner will show that the reasons the Board should deny
`
`institution are simple and straightforward. The ’459 patent addressed an important
`
`technological issue: preventing an authorized user from copying secure
`
`information to an unsecured removable device. The ’459 claims reflect this
`
`innovation, requiring that the computer prevents writing to devices that do not have
`
`security information. Petitioner’s cited references do not address that issue, and
`
`instead focus on securing removable devices. When those devices are not secured,
`
`the cited references freely permit both reading and writing operations, unlike the
`
`challenged claims.
`
`This Preliminary Response lays out the facts that show Petitioner has not
`
`met its burden. In Section II, Patent Owner provides a roadmap of the ’459 patent,
`
`showing how the patent solved the problem of preventing authorized users from
`
`copying sensitive data to unsecured removable storage devices. After showing in
`
`Section III that no explicit claim construction is necessary to resolve this dispute,
`
`Patent Owner addresses, in Sections IV–VI, each of Petitioner’s three asserted
`
`grounds and shows, for each ground, that Petitioner never meets its burden. For
`
`example, Ground 1 fails because Petitioner did not show that Bensimon discloses
`
`the “restricted-access mode” or “device-specific security information” recited in
`
`
`
`- 1 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`independent claims 1, 33, and 39, and therefore does not anticipate those claims.
`
`Ground 2 fails because Petitioner did not address the term “automatic” in claim 2,
`
`and did not show that the combination of Bensimon and Takahashi discloses
`
`“encrypting digital data using the security information.” Finally, Ground 3 fails
`
`because Petitioner did not show that the combination of Kimura and Takahashi
`
`discloses “sensing whether the storage device has security information” and
`
`“encrypting digital data using the security information.”
`
`This Preliminary Response shows that Petitioner has not met its burden to
`
`establish a reasonable likelihood of prevailing against any challenged claim. The
`
`Board should therefore deny all of Petitioner’s proposed grounds.
`
`II. The ’459 patent solved the important problem of authorized users
`copying sensitive data to unsecured removable storage devices.
`
`In 1999, engineers at Imation Corporation recognized that “[o]ne of the
`
`greatest challenges” in creating a secure computing environment is “preventing the
`
`authorized user from using sensitive data in an unauthorized manner.” (Ex. 1001,
`
`’459 patent, 1:13–23.) For example, prior to the ’459 patent, after a user
`
`successfully entered a password, the user was able to access and handle
`
`information without technology-imposed limitations. The lack of access control
`
`meant that an authorized user could “simply copy[] the sensitive data to a
`
`removable storage device such as floppy diskette.” (’459 patent, 1:23–26.)
`
`
`
`- 2 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`To address this critical security flaw, the inventors of the ’459 patent
`
`developed a computing environment using secure storage devices where, for
`
`example, “a computer automatically operates in a secure ‘full-access’ data storage
`
`mode when the computer detects the presence of a secure removable storage
`
`device.” (’459 patent, 1:36–40.) Conversely, “[i]f the computer senses a non-
`
`secure removable storage device then the computer automatically operates in a
`
`‘restricted-access’ mode.” (’459 patent, 1:40–43.) Figure 1, reproduced below,
`
`illustrates an embodiment of such a computing environment.
`
`
`
`
`
`- 3 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`
`
`In secure full-access mode, the system “uses a cryptographic key to encrypt
`
`and decrypt the data stream between the computer and the removable storage
`
`device.” (’459 patent, 1:44–47.) The key can be generated by a combination of
`
`various types of information such as “(1) device-specific information derived of
`
`the removable storage device, (2) manufacturing information that has been etched
`
`onto the storage device, (3) drive-specific information…, and (4) user-specific
`
`information such as a password.” (’459 patent, 1:47–55.) Figure 2, reproduced
`
`below, illustrates an exemplary method requiring the four types of information
`
`
`
`- 4 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`identified in the Figure (204, 206, 208, 210) are required for a storage device to be
`
`deemed secure and have “full access.”
`
`
`
`The patent contemplates two situations: where the storage device is secure
`
`and where the storage device is unsecured. Where the storage device is secure, the
`
`computing environment uses the secure storage device as a secure ‘access card’ to
`
`gain access to sensitive data of the organization by using a secure storage device as
`
`a secure ‘access card.’ (’459 patent, 1:56–58.) For example, the computer allows
`
`the user to access sensitive information from other sources after plugging in a
`
`secure storage device. (See ’459 patent, 1:58–62.) Sensitive information written to
`
`
`
`- 5 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`the secure storage device can be encrypted. (See ’459 patent, 1:44–47.)
`
`Conversely, if the storage device is unsecured, the computer operates such that the
`
`device can be read only from, and not written to, which prevents removing
`
`sensitive information from the computer when using an unsecured device. (See
`
`’459 patent, 1:63–66.)
`
`III. Claim construction.
`Petitioner proposes constructions for six terms— “device-specific security
`
`information,” “[device/user]-specific information,” “security information,” “status
`
`change… for the storage device,” “storage manager,” and “drive.” (See Petition,
`
`pp. 11–18.)
`
`The Board should not adopt constructions for any of these terms for two
`
`reasons. First, construction is not “necessary to resolve the controversy” in this
`
`proceeding. Vivid Techs. v. Amer. Science, 200 F.3d 795, 803 (Fed. Cir. 2000).
`
`Second, the meaning of each claim term is clear and therefore no further
`
`construction is required. Phillips v. AWH Corp., 415 F.3d 1303, 1312 (Fed. Cir.
`
`2005).
`
`
`
`- 6 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`IV. Ground 1: The Board should deny institution because Petitioner did not
`establish a reasonable likelihood that Bensimon anticipates claims 1, 13,
`14, 33, 39, 46, and 48.
`A. Overview of Bensimon.
`Bensimon discloses a personal computer (PC) card that requires entry of a
`
`password to read from or write to the card. (See Bensimon, 2:45–49.) Figure 3,
`
`reproduced below, illustrates a block diagram of the PC card.
`
`
`
`Storage media 102 contains the information stored on the PC card (see
`
`Bensimon, 4:45–47) and may comprise a disk drive or IC memory such as “Flash
`
`EEPROM.” (Bensimon, 5:7–11.) Bensimon does not employ any encryption.
`
`Instead, it polices access by comparing a password entered by a user with a
`
`password stored on the PC card. (See Bensimon, 5:63 to 6:6.) “The device 100
`
`
`
`- 7 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`compares this string with its recorded string (if password protection [has] been
`
`previously invoked) and enables normal operation if the password is valid.”
`
`(Bensimon, 5:65–67.) A user enables password protection by sending a new
`
`password with a Password-Enable command. (See Bensimon, 5:35–39.) The PC
`
`card then stores the password in memory storage 102 along with a flag indicating
`
`that the card is password-protected.
`
`The PC card of Bensimon does not modify the operation of the PC itself. It
`
`merely protects the data on the device. Bensimon explains that it specifically
`
`rejected trying to modify the operation of the PC, finding as “inadequate” previous
`
`approaches to security of removable storage devices because “[a] thief of a small
`
`removable device could have read the information in the medium in a system not
`
`requiring a password and could also re-use the storage device itself.” (Bensimon,
`
`2:23–29.) Bensimon addressed this inadequacy by requiring a password to access
`
`the device in addition to any security measures required to operate the computer
`
`itself. (See Bensimon, 4:50–56.) As a result, “the device 100 is rendered useless to
`
`those without knowledge of the password.” (Bensimon, 6:17–19.)
`
`B.
`
`Petitioner did not establish a reasonable likelihood that Bensimon
`anticipates claims 1, 33, 39, 46, and 48.
`
`Ground 1 fails for independent claims 1, 33, and 39—set out more fully in
`
`the following subsections to this argument—because Petitioner did not show that
`
`
`
`- 8 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`Bensimon discloses the “restricted-mode” operation as well as the “device-specific
`
`security information” set forth in the challenged independent claims. Because
`
`claims 46 and 48 depend from claim 39, Ground 1 fails for those dependent claims
`
`as well. In the following subsections, Patent Owner first provides an overview of
`
`the material differences between Bensimon and the challenged independent claims,
`
`and second, Patent Owner discusses Ground 1’s deficiencies in detail.
`
`1. Overview of the differences between Bensimon and claims
`1, 33, and 39.
`
`Claims 1, 33, and 39 recite a computer that operates in one of two modes:
`
`“full-access mode” and “restricted-access mode.” In full-access mode, the
`
`computer “permits both read and write access to the storage device.” But in
`
`restricted-access mode, the computer “permits read access to the storage device
`
`and prevents write access to the storage device.” In the ’459 patent, the computer
`
`operates in full-access mode only “when the storage device has [] device-specific
`
`security information.” Otherwise, the lack of such information results in the
`
`computer operating in restricted-access mode.
`
`Bensimon operates differently: the existence of a password on the storage
`
`device (the alleged device-specific security information) restricts information
`
`access, whereas the lack of a password results in full access to the data.
`
`
`
`- 9 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`2.
`
`Petitioner did not show that Bensimon discloses the
`“restricted-access mode” operation recited in claims 1, 33,
`and 39.
`Independent claims 1 and 33 each recite “operating the computer in a
`
`restricted-access mode when the storage device does not have the device-specific
`
`security information.” Thus, to establish that Bensimon anticipates this claim
`
`element, Petitioner must show that when the storage device of Bensimon does not
`
`have the alleged device-specific security information, the computer operates in a
`
`restricted-access mode. Petitioner failed to make this showing.
`
`Petitioner alleges that the “password and password-enabling flag” of
`
`Bensimon “alone or in combination, disclose the claimed ‘device-specific security
`
`information stored thereon.’” (Petition, p. 22.) In Bensimon, when the password is
`
`not present in the storage device or is not enabled, the device operates in a full-
`
`access mode—allowing read and write access to all data stored on the device.
`
`Specifically, Bensimon discloses that the device operates in an “unprotected mode”
`
`if password security is not enabled: “It does not compare passwords if password
`
`security is not enabled.” (Bensimon, 6:3–4; see also claim 4 (“a selectable
`
`unprotected mode of operation wherein access to said storage device is not
`
`password protected when said unprotected mode is selected”).) In addition, the
`
`initial configuration of the storage device in Bensimon is unprotected mode (no
`
`password). A user must take action to enable password-protection by entering a
`
`
`
`- 10 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`new password “along with a Password-Enable command.” (Bensimon, 5:35–39.)
`
`Indeed, a user may “never intend[] to use the password protection features of the
`
`invention.” (Bensimon, 5:34–35.)
`
`Thus, in Bensimon, when the storage device does not have a password or the
`
`password feature is not enabled, the storage device operates in full-access mode,
`
`and not restricted-access mode. For this reason, Bensimon cannot anticipate claims
`
`1 and 33 and their respective dependent claims.
`
`But, Petitioner’s argument fails for another reason. Petitioner did not show
`
`that Bensimon discloses a “restricted access mode” in which “the drive permits
`
`read access to the storage device and prevents write access to the storage device.”
`
`Petitioner alleges that the “restricted access” claim element “is met in a situation
`
`where Bensimon’s storage device 100 does not have the read-write password as
`
`‘device-specific security information’ but instead has the write-only password.”
`
`(Petition, p. 27.) Petitioner continues: “In this case, if the user correctly enters the
`
`write-only password on the storage device 100 at the ‘comparison’ step, the user is
`
`given only write access to the storage device.” (Petition, p. 27.)
`
`As an initial matter, nowhere does Bensimon disclose a “write-only
`
`password.” But, even assuming Bensimon did disclose a write-only password,
`
`Bensimon would not include the recited “restricted-access mode.” In Petitioner’s
`
`straw man argument, when the write-only password is entered correctly, the user is
`
`
`
`- 11 -
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`given write access to the storage device but read access is denied. And, conversely,
`
`
`
`when the write-only password is not entered correctly, write access is restricted
`
`along with read access. Thus, the write-only password class does not create the
`
`claimed “restricted-access mode” in which the computer “permits read access to
`
`the storage device and prevents write access to the storage device.”
`
`The same is true for Bensimon’s disclosed “Write protection (read only)”
`
`and “Read/Write” classes of passwords. As explained by Bensimon, “[i]n the case
`
`of write protection passwords, the device 100 is fully operational, with the
`
`exception that any write or format operations are disabled.” (Bensimon, 6:14–17.)
`
`That is, if the write protection (read only) password is entered correctly, read only
`
`access is permitted and write access is restricted. Conversely, if the write
`
`protection (read only) password is not entered correctly, write access and read
`
`access are restricted. Thus, the write protection (read only) password class does not
`
`create the claimed “restricted-access mode” in which the computer “permits read
`
`access to the storage device and prevents write access to the storage device” when
`
`the storage device does not have the password.
`
`Similarly, “[i]n the read/write protection mode, the device 100 is rendered
`
`useless to those without knowledge of the password.” (Bensimon, 6:17–19.) Thus,
`
`if the read/write password is entered correctly, full access to the device is
`
`permitted, and if the read/write password is not entered correctly, both write and
`
`
`
`- 12 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`read access are prevented. Thus, read/write password class does not create the
`
`claimed “restricted-access mode” in which the computer “permits read access to
`
`the storage device and prevents write access to the storage device.”
`
`Accordingly, for this further reason, Bensimon fails to disclose the
`
`“restricted-access” claim element.
`
`As acknowledged by the Petitioner, “[i]ndependent claim 39 of the ’459
`
`patent is virtually identical in substance to independent claim 1.” (Petition, p. 31.)
`
`Like claims 1 and 33, claim 39 recites “a storage manager to selectively configure
`
`the drive to operate in… a restricted-access mode of operation as a function of the
`
`device-specific information stored on the storage device, wherein… in the
`
`restricted-access mode the drive permits read access to the storage device and
`
`prevents write access to the storage device.” Petitioner provides no analysis of this
`
`claim element, merely stating that “one of ordinary skill in the art would
`
`understand that Bensimon discloses one or more software applications executing
`
`on the computer 10 that perform the method discussed above.” (Petition, p. 32.)
`
`Patent Owner assumes that Petitioner is referencing the method of claim 1.
`
`Accordingly, Petitioner’s argument for claim 39 fails for the same reason as its
`
`argument for claim 1—Bensimon does not disclose a “restricted-access mode” in
`
`which the computer “permits read access to the storage device and prevents write
`
`access to the storage device.”
`
`
`
`- 13 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`Accordingly the Board should not institute Ground 1 against claims 1, 33,
`
`and 39 and their respective dependent claims.
`
`3.
`
`Petitioner did not show that Bensimon discloses “device-
`specific security information” as recited in claims 1, 33, and
`39
`Independent claims 1, 33, and 39 each recites “device-specific security
`
`information.” Petitioner contends that Bensimon’s user-entered “password and
`
`password-enabling flag, alone or in combination, disclose the claimed ‘device-
`
`specific security information.’” (Petition, p. 22.) Petitioner is incorrect: neither the
`
`password nor the password-enabling flag of Bensimon are “device-specific.”
`
`First, the ’459 patent explicitly distinguishes “device-specific” security
`
`information from other types of security information including user-entered
`
`passwords. The ’459 patent provides examples of “device-specific security
`
`information”: “In one embodiment, the device-specific security information is a
`
`function of the low-level format information and, therefore, uniquely identifies the
`
`underlying media of storage device 151. In another embodiment, the device-
`
`specific security information is a hash of the addresses of the bad sectors for
`
`storage device 151. The format information, which is a function of the physical
`
`characteristics of the actual storage medium within storage device 151, is
`
`inherently unique to each storage device 151. In other words, the addresses of the
`
`bad sectors change from device to device.” (’459 patent, 4:9–19.)
`
`
`
`- 14 -
`
`
`
`
`
`
`
`And, the ’459 patent consistently stresses that the “device-specific security
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`information” is separate and distinct from other security information, including
`
`“(2) manufacturing information that has been etched onto the storage device, (3)
`
`drive-specific information, such as drive calibration parameters, retrieved from the
`
`storage device, and (4) user-specific information such as a password or
`
`biometic information.” (’459 patent, 4:1–5 (emphasis added); see also, ’459
`
`patent, Figure 2, 5:7–57.) Indeed, claim 18 reinforces this point by specifically
`
`reciting that both “device specific information” and “user-specific information” are
`
`separate and distinct types of information. Claim 25, which depends from claim 18,
`
`confirms that a password is a type of user-specific information: “the user-specific
`
`information is a password.”
`
`Second, Petitioner argues that “Bensimon also teaches passwords that are
`
`‘unique’ or specific to the storage device 100.” (Petition, p. 23.) But, Petitioner
`
`premises this argument on a misunderstanding of Bensimon. Contrary to
`
`Petitioner’s understanding, Bensimon’s passwords are “user-specific
`
`information”—a user selects and sets the password. Bensimon has no mechanism
`
`to restrict the re-use of passwords across devices to make them specific or unique
`
`to a device. For that reason, the user can assign the exact same password to each
`
`and every device in Bensimon. Moreover, Bensimon discloses that the device does
`
`not ship to a user with the password—“the user enables and sets a password for the
`
`
`
`- 15 -
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`first time” after delivery. (Bensimon, 5:52–55.) The user can also disable password
`
`
`
`protection (Bensimon, 6:7–11) or change the password (Bensimon, 5:43–51).
`
`Because the user fully controls the password in Bensimon, the password is not
`
`“specific to the storage device.”
`
`The only support that Petitioner could find for its position are two passages
`
`from Bensimon. But those passages, as Patent Owner will show, do not support
`
`Petitioner’s argument. In the first passage, Bensimon describes “a unique string of
`
`characters” that “provides a standard method for the computer system 10 to
`
`determine whether it must supply a password… to continue operation with the
`
`storage device.” (Bensimon, 6:23–29.) However, this disclosure does not support
`
`Petitioner because the “unique string of characters” does not refer to the
`
`passwords. (Bensimon, 6:23–29.) Instead, the characters merely notify the
`
`computer system that a password is required to operate the storage device.
`
`In the second passage, Bensimon describes that the user-entered password
`
`can be stored as “part of the electronics instead of the media.” Petitioner never
`
`explains the significance of this disclosure. (See Petition, p. 23.) To the extent
`
`Petitioner hopes to suggest that this portion of Bensimon constitutes disclosure that
`
`the password is “device-specific,” Petitioner errs. The cited portion of Bensimon
`
`merely discusses whether to store the password in the storage medium 102 or in
`
`the “control electronics” which includes its own separate data memory 110.
`
`
`
`- 16 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`(Bensimon, 6:35–37; see also Figure 3, 4:58–61.) Bensimon concludes that the
`
`password should be stored on the media 102 itself alongside the protected data
`
`because a savvy intruder can separate the control circuitry from the storage media
`
`102. (See Bensimon, 6:35–46.) Such an intrusion would defeat any password
`
`protection provided by the control electronics. This second passage, like the first,
`
`does not establish that the user-entered password is device-specific.
`
`Petitioner argues that the password-protection flag alternatively constitutes
`
`“device-specific security information,” but fails to show why this flag is “device-
`
`specific.” (See Petition, p. 24.) Bensimon mentions the password-enabling flag
`
`only once: “In a preferred embodiment, the password and a password enabling flag
`
`are stored in the media 102 itself, along with the protected data, rather than with
`
`the control electronics.” (Bensimon, 6:35–37.) Bensimon provides no detail about
`
`this flag, how it is set, how it is used, or whether it is “device-specific.”
`
`Petitioner did not establish that Bensimon discloses “device-specific security
`
`information.” For this further reason, the Board should deny institution of Ground
`
`1.
`
`C.
`
`Petitioner did not establish a reasonable likelihood that Bensimon
`anticipates independent claims 13 and 14.
`Dependent claim 13 recites the step of “sensing the storage device” of claim
`
`1 “is performed when a status change is detected for the storage device.”
`
`
`
`- 17 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`Petitioner cannot point to any single statement in Bensimon that anticipates the
`
`claim 13 “detection” feature, so Petitioner stitches together two separate
`
`disclosures from Bensimon to create the illusion that Bensimon discloses the
`
`features recited in claim 13. In the first disclosure, Bensimon states that “the owner
`
`of a pc card (e.g., card 100) would insert the pc card 100 into the port 14 in the
`
`computer 10 (shown in FIG. 1) to use the card 100.” (Petition, p. 28 (quoting
`
`Bensimon, 5:32–34).) The remainder of the quoted disclosure discusses the user’s
`
`actions to set a password: “If the pc card is not previously in a password protected
`
`mode and the owner wishes to make the card 100 password protected, he or she
`
`would enter a valid password into the computer unit 10 along with a Password-
`
`Enable command.” (Bensimon, 5:34–38.) Nowhere in this disclosure does
`
`Bensimon mention detecting a status change.
`
`Petitioner then turns to Bensimon’s statement, a full column after the
`
`“insertion” disclosure, that “[h]ost systems that are password aware may look at
`
`this data field prior to attempting access, and determine whether the password is
`
`required to be issued to the drive.” (Bensimon, 6:30–32.) Bensimon further notes
`
`that “[p]referably, this issuance will be accomplished via system prompt of the
`
`user.” (Bensimon, 6:32–34.)
`
`Bensimon does not disclose detecting the insertion of the PC card, let alone
`
`performing the “sensing” step once the detection occurs. Neither quoted passage
`
`
`
`- 18 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`discloses detecting the insertion of a PC card because the immediate actions that
`
`follow insertion are performed by the user who inserts the card, who knows that he
`
`or she inserted the card and, thus, does not need a detection step. (See Bensimon,
`
`6:34–38.)
`
`Even if Petitioner somehow showed that Bensimon’s disclosures include the
`
`“detection” element, a second, equally insurmountable problem remains:
`
`Bensimon does not disclose that “sensing” is performed when insertion of the drive
`
`is detected. The quoted portion of Bensimon merely states that a system may
`
`determine whether a password is required (the supposed “sensing” step) “prior to
`
`attempting access.” (Bensimon, 6:30–32.) Performing a step “prior to attempting
`
`access” does not require that the step be performed “when a status change is
`
`detected.” Aside from the evident lack of specificity in this disclosure, Bensimon’s
`
`words—attempting access—indicate uncertainty about the status of the PC card
`
`and further suggest that no status change has been detected.
`
`Petitioner’s mix-and-match argument does not meet its burden to establish a
`
`reasonable likelihood of prevailing against claim 13. The attempt violates the rules
`
`of anticipation, and the relied-upon quotes from Bensimon do not support the
`
`Petitioner’s argument. The Board should therefore deny institution of Ground 1
`
`against claim 13.
`
`
`
`- 19 -
`
`
`
`
`
`
`
`IPR2016-01404
`Patent No. 6,968,459
`
`
`Claim 14 depends from claim 13 and further recites “wherein the status
`
`change indicates the insertion of the storage device into the computer.” Petitioner
`
`addresses claims 13 and 14 together. (See Petition, pp. 27–28.) Patent Owner
`
`already has demonstrated relative to claim 13 that Bensimon does not disclose
`
`detecting the insertion of the storage device into the computer or performing the
`
`“sensing” step when such insertion is detected. Accordingly, Petitioner did not
`
`meets it burden to establish a reasonable likelihood of prevailing against claim 14,
`
`and the Board should deny institution of Ground 1 against claim 14.
`
`V. Ground 2: The Board should deny institution because Petitioner did not
`establish a reasonable likelihood that the com