`571-272-7822
`
`
`
`
`
`
`
`Paper 10
`Entered: June 22, 2017
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`NETAPP, INC., LENOVO (UNITED STATES) INC., and EMC CORP.,
`Petitioner,
`
`v.
`
`INTELLECTUAL VENTURES II, LLC,
`Patent Owner.
`____________
`
`Case IPR2017-00467
`Patent 6,968,459 B1
`____________
`
`
`
`Before THOMAS L. GIANNETTI, PATRICK M. BOUCHER, and
`KAMRAN JIVANI, Administrative Patent Judges.
`
`JIVANI, Administrative Patent Judge.
`
`
`DECISION
`Denying Institution of Inter Partes Review
`37 C.F.R. § 42.108
`
`
`
`IPR2017-00467
`Patent 6,968,459 B1
`
`
`INTRODUCTION
`I.
`NetApp, Inc., Lenovo (United States) Inc., and EMC Corporation
`(collectively, “Petitioner”) requested an inter partes review of claims 15, 18,
`24, and 25 (the “Challenged Claims”) of U.S. Patent No. 6,968,459 B1 (“the
`’459 patent”). Paper 1 (“Petition” or “Pet.”). Patent Owner Intellectual
`Ventures II, LLC filed a Preliminary Response. Paper 9 (“Prelim. Resp.”).
`Under 35 U.S.C. § 314(a), an inter partes review may not be instituted
`unless it is determined that there is “a reasonable likelihood that the
`petitioner would prevail with respect to at least 1 of the claims challenged in
`the petition.” Based on the information presented in the Petition and
`Preliminary Response, we are not persuaded that there is a reasonable
`likelihood Petitioner would prevail on its challenges. Accordingly, we
`decline to institute inter partes review of claims 15, 18, 24, and 25 for the
`reasons set forth below.
`
`
`BACKGROUND
`II.
`The ’459 patent (Ex. 1001)
`A.
`The ’459 patent seeks to create “a highly secure computing
`environment . . . preventing the appropriation of sensitive data.” Ex. 1001,
`1:13–31. The ’459 patent describes “a secure computing environment in
`which a computer automatically operates in a secure ‘full access’ data
`storage mode when the computer detects the presence of a secure removable
`storage device.” Id. at 1:36–39. If, however, the computer detects the
`presence of a removable storage device that is not secure, “then the
`computer automatically operates in a ‘restricted-access’ mode.” Id. at 1:41,
`42. Figure 1 of the ’459 patent is reproduced below.
`
`2
`
`
`
`IPR2017-00467
`Patent 6,968,459 B1
`
`
`
`
`
`
`Figure 1 of the ’459 patent depicts a block diagram of a secure
`computing environment, including computer 100, which senses whether
`storage device 151 is secure. Id. at 1:30–33. To determine whether a
`removable storage device is secure, the ’459 patent describes attempting to
`read “device-specific security information” from the storage device. Id. at
`5:7–10. The device-specific security information is “derived from the
`unique format information of the removable storage device.” Id. at 3:66–
`4:1. The’459 patent elaborates:
`the device-specific security
`In one embodiment,
`information is a function of the low-level format
`information and,
`therefore, uniquely
`identifies
`the
`
`3
`
`
`
`IPR2017-00467
`Patent 6,968,459 B1
`
`
`underlying media of storage device 151. For example, in
`one embodiment the device-specific security information
`is a hash of the addresses of the bad sectors for storage
`device 151. Because it is a function of the physical
`characteristics of the actual storage medium within
`storage device 151, the format information is inherently
`unique to each storage device 151. In other words, the
`addresses of the bad sectors change from device to
`device.
`
`
`Id. at 4:9–19.
`According to the ’459 patent, when a computer operates in a secure
`“full access” data storage mode, storage management software encrypts and
`decrypts data transmitted between the computer and the removable storage
`device using a cryptographic key. Id. at 3:61–64. The system of the ’459
`patent generates this cryptographic key by combining any number of the
`following types of information: “(1) device-specific security information
` . . . , (2) manufacturing information that has been etched onto the storage
`device, (3) drive-specific information, such as drive calibration parameters,
`retrieved from the storage drive, and (4) user-specific information such as a
`password or biometric information.” Id. at 3:65–4:5.
`When a computer operates in a “restricted-access” data storage mode,
`the computer operates the storage device as “read-only” such that the user
`may read data from the device but may not write any data to the device. Id.
`at 1:63–66. Alternatively, the user may be permitted “to write [] non-
`sensitive data to the removable storage device in an unencrypted format.”
`Id. at 2:1, 2.
`Illustrative Claim
`B.
`Claims 15 and 18 are independent claims. Claim 15 is
`reproduced below.
`
`4
`
`
`
`IPR2017-00467
`Patent 6,968,459 B1
`
`
`for accessing a storage device
`
`15. A method
`comprising:
`detecting a storage device within the storage drive;
`sensing whether a storage device has device-specific
`security information stored thereon;
`providing full-access to the storage device when the
`storage device has the device-specific security information by:
`encrypting digital data using
`the
`security
`information during a write access to write the digital data
`to the storage device; and
`security
`the
`decrypting digital data using
`information during a read access to read the digital data
`from the storage device; and
`providing restricted-access to the storage device when the
`storage device does not store the device-specific security
`information by preventing the digital data from being written to
`the storage device during the write access.
`
`Evidence Relied Upon
`C.
`Petitioner relies on the following references:
`1. Blakley III et al., U.S. Patent No. 5,677,952, issued October 14,
`1997 (Ex. 1005, “Blakley”);
`2. Uchida, U.S. Patent No. 7,124,301 B1, issued on October 17, 2006
`(Ex. 1006, “Uchida”); and
`3. Ian D. Bramhill & Mathew Sims, Copyright in a Digital Age, BT
`Technol. J. Vol. 15 No. 2 (April 1997) (Ex. 1007, “Bramhill”).
`Petitioner further relies on the Declaration of Dr. Paul Franzon
`(Ex. 1002).
`
`5
`
`
`
`IPR2017-00467
`Patent 6,968,459 B1
`
`
`Proposed Grounds of Unpatentability
`D.
`Petitioner contends Blakley and Bramhill render the Challenged
`Claims unpatentable under 35 U.S.C. § 103. Pet. 16. Petitioner also
`contends Uchida and Bramhill render the Challenged Claims unpatentable
`under 35 U.S.C. § 103. Id.
`
`Related Proceedings
`E.
`The ’459 patent is the subject of IPR2016-01404, wherein claims 1, 2,
`13, 14, 33, 34, 39, 46, and 48 are currently under inter partes review.
`IPR2016-01404, Paper 9, 2. The Board declined to institute inter partes
`review of claims 15 and 18 in that proceeding. Id.
`Petitioner also identifies actions for infringement of the ’459 patent
`pending in the United States District Court for the District of Massachusetts.
`Pet. 7.
`
`
`III. CLAIM CONSTRUCTION
`Petitioner proposes construction of the following terms: “device-
`specific security information,” “device-specific information,” “user-specific
`information,” “security information,” and “detecting a storage device within
`a storage drive.” Pet. 9–16. Patent Owner responds that we need not
`construe the terms of the Challenged Claims. Prelim. Resp. 5. Because
`construction of the terms proposed by Petitioner is not necessary for our
`determination of whether to institute a trial, we do not construe these terms.
`Vivid Techs., Inc. v. Am. Sci. & Eng’g, Inc., 200 F.3d 795, 803 (Fed. Cir.
`1999) (explaining that only claim terms in controversy need to be construed,
`and only to the extent necessary to resolve the controversy).
`
`
`6
`
`
`
`IPR2017-00467
`Patent 6,968,459 B1
`
`
`IV. ANALYSIS
`A. Overview of Cited References
`Blakley
`1.
`Blakley describes a method for protecting information in a storage
`disk of a computer using a secret key derived from a password entered by an
`authorized user. Ex. 1005, 2:6–10. Blakley’s method begins by applying a
`length-increasing pseudorandom function to the secret key and an index. Id.
`at 2:10–13. The index identifies a sector of the storage disk. Id. at 2:13.
`The function generates a pseudorandom bit string having a length that is the
`size of the sector. Id. at 2:14–15. The pseudorandom bit string is then used
`to encrypt data written to the sector and to decrypt data read from the sector.
`Id. at 2:16–17.
`Uchida
`2.
`Uchida describes protecting data recorded on a removable storage
`medium such as an optical magnetic disk. Ex. 1006, Abst. Figure 10 of
`Uchida is reproduced below.
`
`7
`
`
`
`IPR2017-00467
`Patent 6,968,459 B1
`
`
`
`Figure 10 of Uchida depicts a flowchart of a two-password process
`employed in an embodiment of Uchida’s invention. Id. at 11:45–46. The
`process begins with a disk driver receiving a password entered by the user.
`Id. at 11:47–49. The driver then “judges whether or not the disk is protected
`by a password.” Id. at 11:49–50. If not, “the user is authorized to access the
`[disk], regardless of the password inputted from the user.” Id. at 11:51–53.
`If the driver determines that the disk is password protected, the driver checks
`the user entry against a first password. Id. at 11:53–58. A match of the first
`password results in the user having access to the whole disk. Id. If the user
`entry instead matches a second password, the user is authorized to read the
`root directory only. Id. at 11:59–66. Finally, if the disk is password
`
`8
`
`
`
`IPR2017-00467
`Patent 6,968,459 B1
`
`protected and the user entry does not match the first or second passwords,
`the user is unable to access the disk. Id. at 11:66–67.
`Bramhill
`3.
`Bramhill “proposes an initial model of a software-based system that
`provides copyright protection of multimedia information when delivered by
`Internet-based services.” Ex. 1007, 63. Bramhill describes a number of
`characteristics, which it calls “cybermetric[s],” that can be measured to
`identify a computer. Id. at 67. These cybermetrics include the physical
`components comprising the computer (such as the size of memory or
`presence of CD a drive), the characteristics of the physical components
`(such as the manufacturer or number of tracks on a hard disk), the location
`of static information on a hard disk (i.e., the bad sectors of the disk), etc. Id.
`B. Obviousness of claims 15, 18, 24, and 25 based on Blakley and
`Bramhill
`Independent claim 15
`1.
`Claim 15 recites, in relevant part, “sensing whether a storage device
`has device-specific security information stored thereon.” Claim 15 further
`recites providing full-access by encrypting and decrypting digital data “using
`the security information.” Thus, claim 15 requires (1) a determination of
`whether the storage devices contains “device-specific security information”
`and (2) use of the device-specific security information to encrypt and
`decrypt digital data. Ex. 1001, 10–27; see also IPR2016-01404, Paper 9, 17.
`Petitioner’s analysis identifies three alternatives employing different
`teachings of Blakley and Bramhill to meet the claim limitation “device-
`specific security information.” These are: (a) Blakley’s index used to
`generate its pseudorandom bit string, (b) Blakley’s value identification (ID),
`and (c) Bramhill’s cybermetrics. Pet. 26–29. We have reviewed Petitioner’s
`
`9
`
`
`
`IPR2017-00467
`Patent 6,968,459 B1
`
`analysis applying these three alternative theories, including the relevant
`portions of the Jestice Declaration cited in support. Id. (citing Ex. 1002,
`¶¶ 98–104). We conclude that Petitioner’s analysis is insufficient to
`establish a reasonable likelihood of success on this challenge for at least the
`following reasons.
`Blakley’s “index”
`a)
`Petitioner contends that “Blakley discloses ‘device-specific security
`information,’ e.g., the index used to generate the ‘pseudorandom bit string,’
`stored on the hard disk.” Pet. 27. Petitioner does not establish, however,
`that Blakey discloses “sensing” the presence of the index on the storage
`device, as required by claim 15. Id. at 28. Instead, Petitioner and
`Mr. Jestice assert that “a device-specific (and user-specific) pseudorandom
`bit string is generated and stored on the storage device during installation,
`and later checked against a pseudorandom bit string generated when a user
`logs on or otherwise initiates a request to access secure information.” Id.
`(emphasis added); see also Ex. 1002 ¶ 103.
`Petitioner’s argument blurs the distinction between Blakley’s index
`and Blakley’s pseudorandom bit string. That is, establishing that Blakley
`senses a bit string does not fulfill Petitioner’s burden to show that Blakley
`senses the presence of the “device-specific security information,” as claim
`15 requires, because Petitioner draws a correspondence between the recited
`device-specific security information and Blakley’s index. Further, claim 15
`recites using the device-specific security information (i.e., Blakley’s index)
`to encrypt and decrypt digital data. Petitioner does not contend Blakley’s
`index meets this requirement, and indeed Blakley does not describe using
`the index to encrypt and decrypt digital data. Ex. 1005, 2:15–16 (“The
`
`10
`
`
`
`IPR2017-00467
`Patent 6,968,459 B1
`
`pseudorandom bit string is then used to encrypt and decrypt data accesses to
`and from the sector.”) (emphasis added).
`To the extent Petitioner argues Blakley’s index-generated
`pseudorandom bit string meets the claimed device-specific security
`information (see Pet. 28), the string Petitioner and Mr. Jestice identify as
`stored in Blakley is not the pseudorandom bit string generated using the
`index. Id.; see also Ex. 1002 ¶ 103. Rather, Blakley describes the cited
`string as a “one-way function of the secret key” used to distinguish correct
`and incorrect passwords. Ex. 1005, 5:66–6:3. Even if the cited string were
`the pseudorandom bit string generated using the index, Blakley teaches this
`index-generated pseudorandom bit string is not stored on the storage device,
`as required by claim 15. Ex. 1005, 2:10–21 (describing that the
`pseudorandom bit string does not exist until an authorized user first inputs a
`password into the computer, the password is used to derive a secret key, and
`the secret key is combined in a length-increasing pseudorandom function
`with an index).
`
`Blakley’s “value identification (ID)”
`b)
`Petitioner alternatively contends Blakley’s value identification (ID) is
`stored on the storage drive and meets the claimed device-specific security
`information. Pet. 27. Petitioner, however, makes no attempt to show Blakey
`discloses “sensing” the presence of the value ID on the storage device, as
`required by claim 15. Id. at 28. Moreover, claim 15 requires using the
`device-specific security information (i.e., the value ID) to encrypt and
`decrypt digital data, which Blakely does not teach. Ex. 1005, 2:15–16,
`5:44–56.
`
`11
`
`
`
`IPR2017-00467
`Patent 6,968,459 B1
`
`
`Bramhill’s “cybermetrics”
`c)
`Petitioner alternatively identifies Bramhill’s cybermetrics, which
`Bramhill describes as a number of characteristics that can be measured to
`uniquely identify a device, as meeting the claimed device-specific security
`information. Pet. 29. Petitioner further asserts: “A POSA would have
`understood that the device-specific security information of Bramhill could
`be combined with the methods of controlling access to storage devices
`described in Blakley to further prevent the unauthorized use of data.” Id.
`(citing Ex. 1002, ¶¶72–80). Neither Petitioner nor Mr. Jestice identifies
`specific teachings from Blakley to be combined with Bramhill’s
`cybermetrics or explains how such teachings would be combined. See id.
`Because we cannot discern from Petitioner’s argument and its evidence cited
`the specific elements of Bramhill and Blakley to be combined and how an
`artisan of ordinary skill would combine them, we are not persuaded by
`Petitioner’s argument.
`For the foregoing reasons, we determine Petitioner has not
`shown a reasonable likelihood of prevailing on this obviousness
`challenge to claim 15.
`Independent claim 18
`2.
`Claim 18 recites, in relevant part, “sensing whether the storage device
`has security information generated from a combination of device-specific
`information associated with the storage device and user-specific information
`associated with a user.” Claim 18 further recites permitting write access by
`encrypting digital data “using the security information” when the security
`information is sensed. Thus, claim 18 requires a determination of whether
`the storage devices contains “security information” generated from a
`
`12
`
`
`
`IPR2017-00467
`Patent 6,968,459 B1
`
`combination of device-specific and user-specific information and use of the
`security information to encrypt digital data. Ex. 1001, 36–49; see also
`IPR2016-01404, Paper 9, 18.
`Petitioner’s analysis of independent claim 18 incorporates its analysis
`of independent claim 15. Pet. 36–38. For the reasons discussed above in the
`context of claim 15, we determine Petitioner has not shown a reasonable
`likelihood of prevailing on this obviousness challenge to claim 18. See
`supra Section IV.B.1.
`Dependent claims 24 and 25
`3.
`Claims 24 and 25 depend from claim 18. Petitioner addresses these
`claims by relying on its analysis of claim 18. Pet. 41–42. Because
`Petitioner has not shown a reasonable likelihood of prevailing on its
`obviousness challenge to independent claim 18, we similarly find Petitioner
`has not shown a reasonable likelihood of prevailing on this obviousness
`challenge to dependent claims 24 and 25.
`C. Obviousness of claims 15, 18, 24, and 25 based on Uchida and
`Bramhill
`Independent claim 15
`1.
`Claim 15 recites, in relevant part, “providing restricted-access to the
`storage device when the storage device does not store the device-specific
`security information by preventing the digital data from being written to the
`storage device during the write access.” Thus, claim 15 requires a
`determination of whether the storage devices contains “device-specific
`security information” and, if not, preventing data from being written to the
`storage device. Ex. 1001, 10–27; see also IPR2016-01404, Paper 9, 17.
`Petitioner contends Uchida’s Figure 10 meets this limitation. Pet. 62–
`64. More specifically, Petitioner identifies Uchida’s passwords as teaching
`
`13
`
`
`
`IPR2017-00467
`Patent 6,968,459 B1
`
`the claimed device-specific security information. See id. at 63. Petitioner,
`citing Mr. Jestice, further contends that if a user enters Uchida’s first
`password, the user is granted “full access” to the storage device, but if the
`user enters Uchida’s second password, the user is granted “restricted access”
`that permits reading from the disk but not writing. Id. at 64 (citing,
`Ex. 1002, ¶¶178–80).
`We have reviewed Petitioner’s analysis, including the relevant
`portions of the Jestice Declaration cited in support. Id. Petitioner’s analysis
`is insufficient to establish a reasonable likelihood of success on this
`challenge. Assuming arguendo that Uchida’s passwords meet the claimed
`device-specific security information, Uchida fails to teach restricted-access
`preventing writing data when the disk is not password protected (i.e., when
`the storage device does not contain the device-specific security information).
`Uchida states, “If the disk is not protected by a password, the user is
`authorized to access the whole storage medium, regardless of the password
`inputted from the user (STEP S62).” Id. at 11:51–53. Uchida thus teaches
`allowing full access, rather than restricted access, when the storage device
`does not store the device-specific security information.
`Petitioner further identifies Bramhill’s cybermetrics as meeting the
`claimed device-specific security information. Pet. 64 (citing, Ex. 1002
`¶¶ 176–183). Neither Petitioner nor Mr. Jestice explains how Bramhill’s
`cybermetrics would be combined with Uchida’s passwords in order to
`provide restricted-access preventing data from being written when the
`device-specific security information is not sensed. See id. Because we
`cannot discern from Petitioner’s argument and its evidence cited the specific
`elements of Bramhill and Blakley to be combined and how an artisan of
`
`14
`
`
`
`IPR2017-00467
`Patent 6,968,459 B1
`
`ordinary skill would combine them, we are not persuaded by Petitioner’s
`argument.
`For the foregoing reasons, we determine Petitioner has not
`shown a reasonable likelihood of prevailing on this obviousness
`challenge to claim 15.
`Independent claim 18
`2.
`Claim 18 recites, in relevant part, “configuring the storage drive to
`prevent write access to the storage device when the security information is
`not sensed.” Petitioner’s analysis of independent claim 18 incorporates its
`analysis of independent claim 15. Pet. 67. Petitioner further directs our
`attention to Figure 9 of Uchida. Id. at 67–68. Like Figure 10 discussed in
`Section IV.C.1 above, Figure 9 describes writing data when Uchida’s disk is
`not password protected. Ex. 1006, 10:65–66 (“If it is not protected by a
`password, the data is written (STEP S52)”). Accordingly, for the reasons
`discussed above in the context of claim 15, we determine Petitioner has not
`shown a reasonable likelihood of prevailing on this obviousness challenge to
`claim 18. See supra Section IV.C.1.
`Dependent claims 24 and 25
`3.
`Claims 24 and 25 depend from claim 18. Petitioner addresses these
`claims by relying on its analysis of claim 18. Pet. 70–71. Because
`Petitioner has not shown a reasonable likelihood of prevailing on its
`obviousness challenge to independent claim 18, we similarly find Petitioner
`has not shown a reasonable likelihood of prevailing on this obviousness
`challenge to dependent claims 24 and 25.
`
`15
`
`
`
`IPR2017-00467
`Patent 6,968,459 B1
`
`
`D. Discretion Whether to Institute Under 35 U.S.C. § 325(d)
`Patent Owner argues that we should exercise our discretion under
`35 U.S.C. § 325(d) and deny the Petition. Prelim. Resp. 6–8. Because we
`deny the Petition on the merits, we do not reach this argument.
`
`
`SUMMARY
`V.
`We determine that Petitioner has not demonstrated a reasonable
`
`likelihood of prevailing on its challenges to claims 15, 18, 24, and 25.
`
`
`VI. ORDER
`
`It is, therefore:
`ORDERED that the Petition is denied and no trial is instituted.
`
`
`
`16
`
`
`
`IPR2017-00467
`Patent 6,968,459 B1
`
`
`FOR PETITIONER:
`Benjamin E. Weed
`Brian J. Ankenbrandt
`K&L GATES LLP
`benjamin.weed.ptab@klgates.com
`brian.ankenbrandt@klgates.com
`
`Peter Dichiara
`Theodoros Konstantakopoulos
`WILMER CUTLER PICKERING HALE AND DORR LLP
`peter.dichiara@wilmerhale.com
`theodoros.konstantakopoulos@wilmerhale.com
`
`
`
`PATENT OWNER:
`Lori A. Gordon
`Steven W. Peters
`STERNE, KESSLER, GOLDSTEIN & FOX PLLC
`lgordon-ptab@skgf.com
`speters-ptab@skgf.com
`
`James R. Hietala
`Tim R. Seeley
`INTELLECTUAL VENTURES
`jhietala@intven.com
`tim@intven.com
`
`
`17
`
`