throbber
Trials@uspto.gov Paper No. 8
` Entered: December 18, 2014
`571-272-7822
`
`
` UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`INTERNATIONAL BUSINESS MACHINES CORPORATION,
`Petitioner,
`
`v.
`
`INTELLECTUAL VENTURES II LLC,
`Patent Owner.
`
`Case IPR2014-01410
`Patent 5,745,574
`
`
`
`
`
`
`
`
`
`Before KRISTEN L. DROESCH, JENNIFER S. BISK, and
`JUSTIN BUSCH, Administrative Patent Judges.
`
`BUSCH, Administrative Patent Judge.
`
`DECISION
`Institution of Inter Partes Review
`37 C.F.R. § 42.108
`
`
`
`
`
`

`

`IPR2014-01410
`Patent 5,745,574
`
`INTRODUCTION
`
`A. Background
`International Business Machines Corporation (“Petitioner”) filed a
`Petition to institute an inter partes review (Paper 2, “Pet.”) of claim 30 of
`U.S. Patent No. 5,745,574 (Ex. 1004, “the ’574 patent”) on August 28, 2014.
`Intellectual Ventures II LLC (“Patent Owner”) filed a Preliminary Response
`(“Prelim. Resp.”) on November 17, 2014. Paper 6.
`We have jurisdiction under 35 U.S.C. § 314. The standard for
`instituting an inter partes review is set forth in 35 U.S.C. § 314(a), which
`provides that an inter partes review may not be instituted “unless the
`Director determines . . . there is a reasonable likelihood that the petitioner
`would prevail with respect to at least 1 of the claims challenged in the
`petition.”
`After considering the Petition and Preliminary Response, we
`determine that Petitioner has established a reasonable likelihood of
`prevailing on its challenge to claim 30. Accordingly, we institute an inter
`partes review of claim 30.
`
`B. Related Proceedings
`Petitioner and Patent Owner indicate the ’574 patent is at issue in
`several district court proceedings involving numerous parties, none of which
`name Petitioner as a defendant. Pet. 1; Paper 4, 1–2. Petitioner also
`indicates that the ’574 patent is the subject of two co-pending1 petitions for
`inter partes review (IPR2014-00660, IPR2014-00724) and a co-pending
`
`
`1 Decisions instituting inter partes reviews were issued in IPR2014-00660
`and IPR2014-00724 after the filing of the instant petition.
`
`2
`
`

`

`IPR2014-01410
`Patent 5,745,574
`
`petition for a covered business method patent review (CBM2014-00160).
`Pet. 2.
`
`C. The ’574 Patent
`The ’574 patent relates to public key encryption (PKE), which is used
`for securing and authenticating transmissions over unsecure networks. Ex.
`1004, 1:6–8, 1:10–2:9. To use PKE for authenticating transmissions, a
`transmitted message is encrypted with a sender’s private encryption key (a
`key known only to the sender) that can only be decrypted by the sender’s
`public encryption key (freely available), ensuring that the message was sent
`by the sender. Id. at 1:57–65. A public key infrastructure (PKI), with a
`hierarchical system of encrypting public lower nodes’ public keys, allows
`for a common point of trust between two parties who wish to communicate
`with each other. Id. at 3:16–39. The ’574 patent explains that some of the
`problems with conventional PKE systems include that such systems do not
`have a “consistent public key infrastructure which can actually and
`automatically provide the certifications required for a public key system,” a
`“hierarchical arrangement of certifying authorities which can cross policy
`certifying authority boundaries,” or a convenient and transparent “way for
`permitting secure transactions to cross organizational boundaries.” Id. at
`4:41–51. The ’574 patent purports to “provid[e] a full, correct, consistent
`and very general security infrastructure which will support global secure
`electronic transactions across organizational, political and policy certifying
`authority boundaries.” Id. at 4:55–59.
`
`3
`
`

`

`
`
`IPR22014-01410
`
`
`Patennt 5,745,5774
`
`for updati
`
`
`The challlenged claaim recites
`
`ng public kkey
` a process
`
`
`
`
`
`
`
`certiificates useed within aa PKI systeem. Figuree 4 of the ’5574 patentt is
`
`
`reprooduced bellow:
`
`
`
`Fig. 4. Nott
`
`ar set of ceertificationn
`
`s set by thee
`
`
`
`a hierarchhical PKI
`
`
`
`
`
`Figuure 4 depictts a logicall representtation of a pportion of
`
`
`
`
`
`
`
`and oone way inn which thaat infrastruucture mayy be used too verify traansactions.
`
`
`Ex. 11004, 8:177–29. As c
`
`an be seenn in Figure
`
`
`4, a hierarrchy includdes
`
`users U1,UU2. Id. at F
`
`
`
`
`certiification auuthorities (CAs) CA1––CA4 and
`
`
`
`
`
`
`
`
`depicted in Figgure 4 is a ppolicy certtifying authhority (PCCA), locatedd
`
`
`
`
`
`hieraarchically aabove the CCAs, “whiich definess a particul
`
`
`
`
`
`
`
`
`
`policcies [and] sset the stanndards for their particcular certiffication subb-
`
`
`
`
`
`
`hieraarchies.” IId. at 9:26––30. Each of the CAAs follows tthe policie
`
`
`
`
`
`can then certify CAss underneatth them “inn a
`
`
`PCAA they fall uunder and
`
`
`
`
`
`
`
`
`
`
`of thhe hierarchy.” Id. at 99:37–42.
`
`In order
`ublic key obtain a puarchy and oo the hierarfor U2 to bbe added to
`
`
`
`
`
`d be verifieds that can bmunicationssend commcertiificate, whiich will alllow U2 to s
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`o gistration toion for regan applicatiould send aand vvalidated bby a recipieent, U2 wo
`
`
`
`
`the PPCA. Ex. 1004, 13:665–67. Anny other no
`
`de would ffollow the
`same
`
`
`
`
`proccedure in orrder to parrticipate in the PKI annd obtain ccertificatess so that
`
`
`
`
`hieraarchical fasshion untill ultimatelyy the end uusers are ceertified at tthe bottomm
`
`4
`
`

`

`IPR2014-01410
`Patent 5,745,574
`
`CAs may certify other nodes and so that users may send communications
`that can be verified and validated by a recipient. The PCA may accept or
`reject the application for registration. Id. at 14:1–7. If the PCA accepts the
`application, the new node is added to a network map certification
`infrastructure database and the node performs steps to obtain a certificate.
`Id. at 15:59–67.
`A CA or user obtains a certificate by generating new public and
`private keys, generating a certificate including the newly generated public
`key and any other information required by the policies established by the
`PCA, self-signing the certificate, and sending the certificate in a message to
`the issuing CA (the CA above it in the hierarchy) to request a signature from
`that CA. Ex. 1004, 14:24–34, 15:4–9. The CA uses policies established by
`the PCA to authenticate the request. Id. at 14:35–41. If authenticated, the
`CA signs the certificate, stores a copy and/or sends a copy to a certificate
`repository, and issues the certificate by sending the signed certificate back to
`the CA or user in a reply message. Id. at 14:47–52.
`When a node’s certificate expires, the node follows a similar process
`of generating new keys and requesting issuance of a new certificate from its
`issuing CA. If the issuing CA determines that the requesting node is an
`already-existing node, the issuing CA also marks the node’s old certificate
`as revoked and adds it to a certificate revocation list (CRL). Ex. 1004,
`14:43–47.
`The requesting node authenticates the reply message received from
`the issuing CA by comparing the public key in the signed certificate with the
`public key that corresponds to the private key used for signing the message
`sent from the node to the issuing CA. Ex. 1004, 14:54–60, 15:10–22. If the
`
`5
`
`

`

`IPR2014-01410
`Patent 5,745,574
`
`keys match, the node stores the signed certificate. Id. at 14:54–63. If the
`node is a CA with subordinate nodes to which it issued signed certificates,
`the CA must update those certificates. Id. at 15:22–25. The CA sends re-
`signed certificates to each of its subordinate nodes (if any), which results in
`each subordinate node iteratively receiving a new signed certificate and
`determining whether that node has subordinate nodes for which it needs to
`reissue certificates. Id. at 15:44–58.
`
`D. Illustrative Claim
`Claim 30 is directed to method steps for updating certificates in a
`public key infrastructure and recites:
`
`In a computer system for secure communications
`30.
`containing computer processes arranged in a certification
`infrastructure, a method of updating certificates, comprising:
`a. at a first computer process, which possesses a certificates to be
`updated, updating the current certificate by
`a.1. receiving a new signed certificate from a computer process
`which is authorized to issue the new signed certificate,
`a.2. revoking the current certificate previously used for
`verification of certificates of subordinate computer
`processes,
`a.3. issuing new certificates to all subordinate computer
`processes for which certificates had been previously signed
`by the first computer process and copying to all subordinate
`computer processes the new certificate to be used for
`verification of new subordinate certificates, and
`b. iteratively performing the distribution of the new certificate to
`all subsequent subordinate computer processes, until all
`computer processes subordinate in the infrastructure to said first
`computer process have the new certificates.
`Ex. 1004, 20:4667.
`
`
`
`6
`
`
`
`

`

`IPR2014-01410
`Patent 5,745,574
`
`E. The Evidence of Record
`Petitioner proffers prior art reference Kapidzic2 and the declaration of
`Dr. Matthew Blaze (Ex. 1001) in support of its challenge of claim 30.
`
`F. The Asserted Ground of Unpatentability
`Petitioner contends that claim 30 is unpatentable under 35 U.S.C.
`§ 102(a) as anticipated by Kapidzic. Pet. 3.
`
`ANALYSIS
`
`A. Claim Construction
`In an inter partes review, claim terms are given their broadest
`reasonable interpretation in light of the specification in which they appear
`and the understanding of others skilled in the relevant art. See 37 C.F.R.
`§ 42.100(b). Applying that standard, we interpret the claim terms of the
`’574 patent according to their ordinary and customary meaning in the
`context of the patent’s written description. See In re Translogic Tech., Inc.,
`504 F.3d 1249, 1257 (Fed. Cir. 2007) (quoting Philllips v. AWH Corp.,
`415 F.3d 1303, 1312 (Fed. Cir. 2005) (en banc)). We do not find it
`necessary, for purposes of this decision, to construe explicitly any term at
`this time.
`
`
`2 Nada Kapidzic & Alan Davidson, A Certificate Management System:
`Structure, Functions and Protocols, Proc. of the Symposium on Network
`and Distributed System Security, IEEE Computer Society Press, 153–160
`(Feb. 16–17, 1995) (Exs. 1006, 1007) (“Kapidzic”).
`
`7
`
`

`

`
`
`IPR22014-01410
`
`
`Patennt 5,745,5774
`
`Kapidzicc is one paaper in a coollection off papers, wwhich weree the subjecct
`
`
`B. Kapiddzic (Ex. 110073)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`of a symposiumm on netwoork and disstributed syystem secuurity. Ex.
`1007, 2;
`
`
`
`
`
`
`Ex. 11006,4 1. KKapidzic ddiscloses a “Certificatte Manageement Syst
`em
`
`
`
`
`
`
`
`(CMMS)[, whichh] is a netwworked system for geeneration, ddistributionn, storage
`
`
`
`
`
`
`
`and vverificationn of certifiicates for uuse in a varriety of seccurity enhaanced
`
`
`
`applications.” Ex. 1007, 5.
`
`
`
`
`
`
`Figure 1 of Kapidzzic is reprooduced beloow:
`
`
`
`
`
`
`
`
`
`Figuure 1 depictts a logicall representtation of a hhierarchy wwithin a puublic key
`
` Id. at 6. AAs can be
`
`
`
`
`infraastructure ((PKI) of thhe CMS dissclosed in
`Kapidzic.
`
`
`
`seenn from commparing Figgure 1 of KKapidzic to Figure 4 oof the ’5744 patent,
`
`
`
`
`
`
`
`
`Kapiidzic and the ’574 paatent discloose similar
`
`logical hieerarchies.
`
`3 WWe cite to thhe exhibit ppage numbbers of Ex.
`
`
`
`
`
`
`
`
`
`
`paginnation.
`
`
`
`paginnation.
`
`
`
`1007, rathher than its
`
`original
`
`
`
`1006, rathher than its
`
`original
`
`
`
`4 WWe cite to thhe exhibit ppage numbbers of Ex.
`
`
`
`8
`
`

`

`
`
`IPR22014-01410
`
`
`Patennt 5,745,5774
`
`
`
`
`
`
`Kapidzicc also discloses a proocess for ceertifying a
`
`new certifficate
`auth
`
`the descripption acco
`mpanying
`
`
`
`ority (CA)). This proocess is expplained by
`
`
`
`
`
`Figuure 2. Figuure 2 of Kaapidzic is reeproduced d below:
`
`
`
`
`
`
`
`
`
`Figuure 2 depictts a certificcation proccess of a CCA within tthe PKI dissclosed in
`
`air of keyss
`
`
`
`
`
`
`Kapiidzic. In pparticular, FFigure 2 shhows that tthe CA gennerates a p
`
`
`
`
`(onee a public kkey (PK), thhe other a private or
`
`
`
`secret keyy (SK)) andd sends thee
`
`
`publlic key in aa self-signeed certificaate to its paarent CA. IId. at 7–8.
`
`
`
`
` In the
`
`
`
`
`exammple shownn in Figuree 2, the parrent CA is
`
`
`a policy ceertificationn authority
` identity o
`using
`
`
`
`(PCAA). The paarent CA vverifies the
`
`f the requeesting CA,
`
`
`
`d, if everytthing passees verificaation, stores
`e PCA, an
`
`
`proccedures deffined by th
`
`
`
`
`
`
`
`a coppy of the CCA’s certifficate and ssends a cerrtificate siggnature repply
`
`
`
`
`
`
`
`containing signned certificcates to thee top of thee hierarchyy back to thhe
`
`
`
`
`
`
`requuesting CA. Id. at 8. The requeesting CA rreceives thhe certificaate
`
`
`
`
`
`
`
`
`signaature replyy, verifies tthe signatuures from thhe top of thhe hierarchhy down,
`
`
`storiing each ceertificate. IId.
`
`
` s
`
`
`
`9
`
`

`

`IPR2014-01410
`Patent 5,745,574
`
`When a CA’s certificate either is compromised or expires, the CA
`
`must generate a new key pair and follow the original certification procedure
`using the new key pair. Id. at 9–10. After completing the certification
`process as described above, the CA who has updated its certificate must then
`update all of the subordinate certificates which it has signed. Id. The
`process of updating the certificates for a CA’s subordinates includes sending
`a message that is iteratively sent to the next level down the sub-tree. Id. at
`10.
`
`C. Anticipation of Claim 30 by Kapidzic
`Petitioner challenges claim 30 as anticipated by Kapidzic, supported
`by a chart showing where Kapidzic allegedly discloses each limitation. Pet.
`6–28. Patent Owner elects not to present argument addressing whether
`Kapidzic discloses the subject matter of the challenged claims at this time.
`Prelim. Resp. 21–22.
`As discussed above, Kapidzic discloses a Certificate Management
`System (CMS), which is a hierarchical, networked system that uses public
`key certificates for secure communications. Ex. 1007, 5–8, Fig. 1. Kapidzic
`discloses that, in certain circumstances, an entity within the CMS may need
`to update its certificate. Id. at 9–10, Fig. 6. Petitioner asserts those
`disclosures of Kapidzic meet the preamble of claim 30, which recites “[i]n a
`computer system for secure communications containing computer processes
`arranged in a certification infrastructure, a method of updating certificates.”
`Pet. 6–8 (citing Ex. 1007, 5–10, Figs. 2, 6); see id. at 18–21.
`Kapidzic discloses a method, performed within the CMS, for
`obtaining a certificate that includes a requesting entity sending a Certificate
`Signature Request message to its parent (certifying) CA and receiving back a
`
`10
`
`

`

`IPR2014-01410
`Patent 5,745,574
`
`Certificate Signature Reply from the parent CA. Ex. 1007, 7–8, Fig. 2.
`Kapidzic further discloses that if a CA’s key expires or is compromised, the
`CA may need to update its certificate. Id. at 9–10. Kapidzic explains that in
`order to update a certificate, a new key pair is generated and, “[w]hen a new
`key pair is generated by some CA, the same procedure is followed as in the
`original certification.” Ex. 1007, 9, Fig. 6. Petitioner argues those
`disclosures of Kapidzic meet the first limitation of claim 30, identified by
`Petitioner as element “a.,” which recites “at a first computer process, which
`possesses a certificates [sic] to be updated, updating the current certificate.”
`Pet. 10–11 (citing Ex. 1007, 9–10, Fig. 6); see id. at 21–22.
`Kapidzic provides additional detail regarding the update process,
`stating that “[a] Certificate Signature Request is created and sent to the
`parent CA, which signs it and returns the Certificate Signature Reply,” and
`referring back to the section describing the original certification process.
`Ex. 1007, 9–10, Fig. 6. Petitioner argues those disclosures meet the second
`limitation, identified by Petitioner as element “a.1.,” which recites
`“receiving a new signed certificate from a computer process which is
`authorized to issue the new signed certificate.” Pet. 11–12 (citing Ex. 1007,
`5, 7–10); see id. at 22–24.
`Kapidzic also discloses that “when a certificate is updated, the old
`certificate must be revoked.” Ex. 1007, 7. Petitioner argues that disclosure
`and other disclosures explaining how the CMS handles revoked certificates,
`meet the third limitation, identified by Petitioner as element “a.2.,” which
`recites “revoking the current certificate previously used for verification of
`certificates of subordinate computer processes.” Pet. 12–13 (citing Ex.
`1007, 7–10); see id. at 24–25.
`
`11
`
`

`

`IPR2014-01410
`Patent 5,745,574
`
`Kapidzic discloses that “[c]hanging the keys of one CA affects the
`certification hierarchy, since all certificates of direct subordinates have been
`signed with the old secret key” and “all those certificates must be re-signed
`with the new secret key and sent to their owners.” Ex. 1007, 9. Kapidzic
`further explains that the disclosed CMS handles that process by sending a
`Certificate Re-Sign message to each of its subordinates, which is similar in
`format to and processed by a recipient in the same way as a Certificate
`Signature Reply. Id. at 10. As discussed above, Kapidzic discloses that the
`recipient of such a message verifies the signatures from the top of the
`hierarchy down, storing each certificate. Id. at 7–8. Petitioner asserts those
`disclosures of Kapidzic meet the fourth element, identified by Petitioner as
`element “a.3.,” which recites “issuing new certificates to all subordinate
`computer processes for which certificates had been previously signed by the
`first computer process and copying to all subordinate computer processes the
`new certificate to be used for verification of new subordinate certificates.”
`Pet. 9, 19–22 (citing Ex. 1007, 8–10, Fig. 6); see id. at 25–27.
`Kapdizic also discloses that “all other CAs and users in that
`certification sub-tree must be informed of these changes, since their
`certificate verification paths must also include the new certificates.” Ex.
`1007, 9. The CMS handles updating of the subsequent levels by a process
`that includes having each recipient of a Certificate Re-Sign message send a
`Certificate Update message, which is a forwarded Certificate Re-Sign
`message, to each of its subordinates. Id. at 10. “This process iterates until it
`is propagated down to the users.” Id. Petitioner asserts those disclosures of
`Kapidzic meet the final element, identified by Petitioner as element “b.,”
`which recites “iteratively performing the distribution of the new certificate
`
`12
`
`

`

`IPR2014-01410
`Patent 5,745,574
`
`to all subsequent subordinate computer processes, until all computer
`processes subordinate in the infrastructure to said first computer process
`have the new certificates.” Pet. 16–18 (citing Ex. 1007, 8–10, Fig. 6); see id.
`at 27–28.
`On this record, we are persuaded that Petitioner demonstrates a
`reasonable likelihood that claim 30 is anticipated by Kapidzic.
`
`CONCLUSION
`For the foregoing reasons, we determine that Petitioner has shown a
`reasonable likelihood that it would prevail in demonstrating that claim 30 of
`the ’574 patent is unpatentable. We have not made a final determination on
`the patentability of claim 30.
`To administer the proceedings more efficiently, we exercise our
`authority under 35 U.S.C. § 315(d) to consolidate the present proceeding and
`the proceeding in IPR2014-00660 as one trial.
`
`ORDER
`
`For the reasons given, it is:
`ORDERED that pursuant to 35 U.S.C. § 314(a), an inter partes
`review is hereby instituted on the alleged ground that claim 30 of the ’574
`patent is unpatentable, under 35 U.S.C. § 102(a), as anticipated by Kapidzic;
`FURTHER ORDERED that pursuant to 35 U.S.C. § 314, cases
`IPR2014-00660 and IPR2014-01410 hereby are consolidated;
`FURTHER ORDERED that pursuant to 35 U.S.C. § 314(c) and
`37 C.F.R. § 42.4, the trial commences on the entry date of this decision, and
`notice is hereby given of the institution of a trial;
`FURTHER ORDERED that all further filings in the consolidated
`proceeding shall be made in Case IPR2014-00660;
`
`13
`
`

`

`IPR2014-01410
`Patent 5,745,574
`
`FURTHER ORDERED that the case caption for Case IPR2014-00660
`shall be changed to reflect the consolidation in accordance with the attached
`example; and
`FURTHER ORDERED that a copy of this Decision be entered into
`the file of Case IPR2014-00660.
`
`
`PETITIONER:
`Kenneth Adamo
`Eugene Goryunov
`KIRKLAND & ELLIS LLP
`kenneth.adamo@kirkland.com
`eugene.goryunov@kirkland.com
`
`PATENT OWNER:
`
`Brenton Babcock
`Ted Cannon
`KNOBBE, MARTENS, OLSON & BEAR, LLP
`2brb@knobbe.com
`2tmc@knobbe.com
`
`Don Coulman
`INTELLECTUAL VENTURES
`dcoulman@intven.com
`
`
`
`
`
`
`14
`
`

`

`Trials@uspto.gov Paper No. 8
` Entered: December 18, 2014
`571-272-7822
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`INTERNATIONAL BUSINESS MACHINES CORPORATION,
`Petitioner,
`
`v.
`
`INTELLECTUAL VENTURES II LLC,
`Patent Owner.
`
`Case IPR2014-006601
`Patent 5,745,574
`
`
`
`
`
`
`
`
`
`
`1 Case IPR2014-01410 has been consolidated with the instant proceeding.
`
`

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket