`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`EMC Corporation,
`Petitioner,
`
`v.
`
`Actividentity, Inc.,
`Patent Owner.
`____________
`
`Case IPR2017-00338
`Patent 9,098,685 B2
`____________
`
`Record of Oral Hearing
`Held: April 9, 2018
`____________
`
`
`
`
`Before JAMES B. ARPIN (via Videolink), LYNNE E. PETTIGREW, and
`KEVIN C. TROCK (via Videolink), Administrative Patent Judges.
`
`
`
`
`Case IPR2017-00338
`Patent 9,098,685 B2
`
`
`
`APPEARANCES:
`
`ON BEHALF OF THE PETITIONER:
`
`
`THOMAS A. BROWN, ESQUIRE
`EMC Corporation
`176 South Street
`Hopkinton, MA 01748
`
`
`
`ON BEHALF OF THE PATENT OWNER:
`
`
`BYRON I. PICKARD, ESQUIRE
`Sterne Kessler Goldstein Fox
`1100 New York Ave., N.W.
`Washington, D.C. 20005
`
`
`
`
`
`The above-entitled matter came on for hearing on Monday, April 9,
`2018, commencing at 12:59 p.m., at the U.S. Patent and Trademark Office,
`600 Dulany Street, Alexandria, Virginia.
`
`
`
`
`
`
`2
`
`
`
`Case IPR2017-00338
`Patent 9,098,685 B2
`
`
`P R O C E E D I N G S
`- - - - -
`JUDGE PETTIGREW: Good afternoon. This is a hearing for
`IPR 2017-00338. The Petitioner is EMC Corporation and Intellectual
`Ventures is the exclusive licensee arguing on behalf of the patent owner.
`Judge Arpin is joining us by video from our Denver office, and
`Judge Trock is joining us by video from our Silicon Valley office. Please
`make sure you speak into the microphone to ensure that they can hear you.
`Also, they won’t have the benefit of the visual cues in the room. So as you
`move through your demonstratives, please identify specific slide numbers.
`We also remind you that the demonstratives are not evidence,
`but instead are aids to facilitate the panel’s understanding of the arguments
`presented at the hearing.
`Each side will have 30 minutes to argue. Petitioner has the
`ultimate burden of establishing unpatentability and will argue first. The
`exclusive licensee then will present its opposing arguments. And finally
`petitioner may use any time it has reserved for rebuttal to respond to the
`exclusive licensee’s argument.
`Before we begin the arguments, we have a brief housekeeping
`item. Last week, Intellectual Ventures filed a motion to withdraw and
`substitute lead counsel. This morning a decision granting that motion was
`entered into PTAB end-to-end after the wrong paper, last week,
`inadvertently was entered. So now Mr. Pickard is recognized as lead
`counsel.
`
`Counsel, when you begin your argument please identify
`
`
`
`
`
`3
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2017-00338
`Patent 9,098,685 B2
`
`yourself and the party you represent for the record. And counsel for
`petitioner, please indicate how much time you’d like to reserve for rebuttal.
`Now petitioner, when you are ready?
`MR. BROWN: Thank you, Your Honor. My name is Thomas
`Brown. I represent Petitioner EMC Corporation. I’d like to reserve ten
`minutes for rebuttal.
`Good afternoon and may it please the Board, my name is
`Thomas Brown. I represent Petitioner EMC Corporation. Turning to slide
`two of our presentation, the 685 patent is entitled Flexible Method of User
`Authentication purportedly in contrast with prior art systems disclosing
`static methods of user identification. The inventor of the 685 patent believed
`he came up with a novel way of flexibly determining a security policy based
`on environment conditions that include time, location, and connection type.
`As you’ll see, the inventor was mistaken. Determining a security policy
`based on these criteria was well known in the prior art.
`Turning to slide three, the 685 patent discloses a system that
`includes a user work station, shown in red; a security server, shown in blue;
`and a server with information resources, shown in green. In the 685 patent,
`the security server ensures that only authorized users are able to access
`secure resources from the data server.
`Turning to slide four, in the 685 patent, the way the security
`server works is through the use of security policies that determine an
`appropriate authorization method. You can think of a security policy
`broadly for the purpose of this proceeding as a set of rules governing access
`to resources. And shown on this slide, slide four, is an example of the
`
`
`4
`
`
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2017-00338
`Patent 9,098,685 B2
`
`security policy in the 685 patent. The security policy here is deny access.
`And it’s selected based on time on day, between midnight and 6:00 a.m.
`And we note that the exclusive licensee at page nine of its preliminary
`response relied on this example in its construction, its proposed construction
`of security policy.
`Turning to slide five, the 685 patent also provides examples of
`security policies that are determined based on location. For example, a
`security policy may apply if a general is trying to access data from a non-
`allied country. In this example, you see that heightened authorization
`methods are required in which the general is required to provide a
`fingerprint every three minutes.
`Now turning to slide six, on this slide, we have a hypothetical
`example provided by the exclusive licensee’s expert Dr. Goldschlag of
`another security policy within the meaning of the 685 patent. Again, here
`the security policy is allowing access by employees, and it would be selected
`based on location, from work.
`On slide seven we show that the 685 patent discloses that
`different security levels, high or normal, might apply in different
`environmental conditions.
`And on slide eight we have an excerpt from the 685 patent that
`shows that these thresholds are referred to in the 685 patent as security
`levels. Now the security levels in the 685 patent describe the policy, and
`we’ll get into it a little more, the security policy itself. But they describe
`that, for example, if you have an access coming in from North Korea, you’ll
`want to apply a security policy that’s more stringent.
`
`
`5
`
`
`
`
`
`Case IPR2017-00338
`Patent 9,098,685 B2
`
`
`Now, in slide nine, we turn to a discussion of Wood. Like the
`685 patent, Wood uses security policies that take into account environment
`information, like time of day, location, and connection type, the exact same
`environment information that’s described, that are claimed in the 685 patent.
`On slide ten, we show that Wood has a structural diagram that’s
`remarkably similar to that of the 685 patent. Like the 685 patent, figure one
`of the Wood patent shows a system involving a user work station, shown in
`red; a security server shown in blue; and information resources shown in
`green. And again, the security server ensures that only authorized users are
`able to access secure resources.
`On slide 11, we have an example from Wood of a security
`policy selected based on time of access. Here the security policy is refuse,
`refuse access, and it’s selected when the, based on time of day, when the
`time of day is outside working hours.
`On slide 12, we have an example from Wood of another
`security policy. This one depends on geographic location. In this example a
`salary tool is accessible, that’s the policy, and it’s selected when the --
`JUDGE ARPIN: Counselor?
`MR. BROWN: Yes, Your Honor?
`JUDGE ARPIN: If you go back to slide 11 for a moment,
`
`please?
`
`MR. BROWN: Yes?
`JUDGE ARPIN: You said that refuse was a security policy.
`Isn’t refuse the response to a security policy?
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`
`
`6
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2017-00338
`Patent 9,098,685 B2
`
`
`
`
`MR. BROWN: Your Honor, the 685 patent, when the 685
`patent describes its own examples of subject matter that satisfies the claim.
`Remember, so the claim is determining a security policy based on
`environment information. This is precisely the formulation that it uses. So
`if I may, I’m going to turn back to slide four which is an undisputed
`example, again, of an embodiment of the patent.
`So when the patent itself, when the 685 patent discusses its own
`claimed subject matter, it says no access is to be provided between midnight
`and 6:00 a.m. So if you read this as a disclosure of the claimed subject
`matter, then you have to read this as the security policy is no access is to be
`provided and it’s selected between midnight and 6:00 a.m. And this is
`consistent, Your Honor, with both sides’ proposed constructions. The Board
`didn’t construe any terms here, but both sides interpreted understood
`security policy to broadly mean rules that relate to accessing a resource.
`And so there’s this ample expert testimony as well showing that deny access
`is an example of a security policy within the meaning of the 685 patent.
`JUDGE ARPIN: Well counselor, I understand that security
`policy to say that if it’s, if access is sought during a certain time period, the
`system will look and see what time it is, compare it to that security policy
`time period, and then determine whether the response is going to be access
`granted or access refused. Am I wrong?
`MR. BROWN: No, you’re not wrong, Your Honor. But I guess
`the point I’m trying to convey is that this security policy is selected based on
`time of day, between midnight and 6:00 a.m., as the claim language requires
`in the 685 patent.
`
`
`7
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2017-00338
`Patent 9,098,685 B2
`
`
`
`
`JUDGE ARPIN: Okay. Please continue, counselor.
`MR. BROWN: Thank you, Your Honor. Now turning to I
`think we’re on slide 12, again, the examples in Wood are substantively
`identical, as we’ll get into more detail, to those in the 685 patent.
`Now Your Honor, while we’re on the subject of Wood, I want
`to turn, if I may, to paragraph 60 of the Neuman declaration. And we don’t
`have a slide on this. But it’s important to stress, because as we were
`reviewing IV’s material, we realized that IV really is very much
`mischaracterizing our position on what the security policy is in Wood.
`Now the examples of security policies we’ve gone through so
`far are examples in Wood. But Wood has a very robust description of what
`a security policy is. And so this paragraph, paragraph 60, of Neuman’s
`declaration, which is discussed in our petition at page 25, explains that a
`security policy in Wood is a set of mapping rules that identify those
`authentication themes that are sufficient to achieve a given trust level based
`on environment information.
`In other words, in Wood, a security policy is a mapping
`function that takes two inputs: a required trust level and current environment
`information. And it returns a list of authorization methods that are sufficient
`to achieve the required trust level. And the reason I want to pause and
`emphasize this is that IV’s position in their reply, they spent a lot of time
`arguing that the current trust level is not a security policy, and the required
`trust level is not a security policy. Neither of those has been our position.
`Our position has always been that the general disclosure in Wood of a
`security policy is a mapping rule that identifies authentication schemes
`
`
`8
`
`
`
`Case IPR2017-00338
`Patent 9,098,685 B2
`
`sufficient to achieve a given trust level. And the mapping rule, as the
`following sentence in Wood points out, is dependent on the current trust
`level and the environment information. And Wood is very explicit about
`this.
`
`If there are no questions about that point, I’d like to turn back to
`
`slide 13.
`
`Now just like the 685 patent, Wood teaches that security
`policies may be associated with different security levels, which Wood calls
`trust levels. Again, in Wood, a trust level, it may describe the level of
`security that is desirable. So for example, again, if a request comes in from
`North Korea, then you want to apply a high security policy. But it’s not
`itself the security policy, just like in the 685 patent there are security levels
`that describe a category of security policy.
`Turning to slide 14, here we introduce the Neuman reference,
`which is our second ground, our obviousness ground. Neuman discloses a
`highly rigorous way of expressing multiple security policies. Neuman
`shows that the claimed subject matter was not only well known, especially
`the determining a security policy step, for which we rely on Neuman, that
`was not only very well-known but in fact was even in the process of being
`formalized and standardized.
`Skipping now to slide 17, where we identify five issues the
`patent owner contests in this matter. Your Honors, I’m happy to address any
`that the Board may be interested in hearing about in particular. If Your
`Honors have no preference, I would address issue number one.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`
`
`9
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2017-00338
`Patent 9,098,685 B2
`
`
`
`
`I will move on then to slide 18. On slide 18, we discuss the
`determining a security policy step, which is what IV seems to spend most of
`its, exclusive licensee seems to spend most of its time on. They argue that
`the Wood reference fails to disclose determining a security policy from a
`plurality of security policies. However, they are mistaken.
`On slide 19, once again we have an excerpt from the 685 patent,
`the one you’ve seen before, on the top, and an excerpt from the Wood patent
`on the bottom. When the 685 patent discloses an example of the claimed
`subject matter, they say no access is to be provided between midnight and
`6:00 a.m. A user requesting access during this period of time is
`automatically denied. Again, in our view, reading this in light of the claim
`language, the security policy is deny access and it’s selected between
`midnight and 10:00 a.m. since this is indisputably a disclosure of the
`claimed subject matter. You have the exact same disclosure in Wood.
`Wood says that when a request is received outside of working hours, the
`security policy will dictate a refuse response. If the first excerpt from the
`685 patent supports the claimed subject matter, then the second excerpt
`anticipates it.
`Turning to slide 20, we have Dr. Goldschlag’s hypothetical
`example of a security policy within the meaning of the 685 patent. Again,
`allow access by employees could be a security policy and it would be
`selected from the work location. And again, if that’s within the scope of the
`685 patent then so is the excerpt from Wood at the bottom. A salary tool is
`accessible. There’s the policy from within the company’s internal network,
`that’s the geographic location. Turning to slide -- yes, Your Honor?
`
`
`10
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2017-00338
`Patent 9,098,685 B2
`
`
`JUDGE TROCK: So Counsel?
`MR. BROWN: Yes, Your Honor?
`JUDGE TROCK: Going back to slide 19, this is your example
`of a comparison between 685 and Wood.
`MR. BROWN: Yes.
`JUDGE TROCK: And you are addressing this issue of
`determining a policy for a plurality of pre-determined security policies, is
`that right?
`
`MR. BROWN: Well, this is determining that that’s the claim
`language. Yes, Your Honor.
`JUDGE TROCK: Okay. So can you point out to me where in
`Wood there is a disclosure of the plurality of pre-determined security
`policies?
`
`MR. BROWN: Yes, definitely. Thank you, Your Honor. On
`this example itself our expert testified -- well, actually both experts for the
`685 patent testified that that excerpt itself discloses multiple policies because
`a person of ordinary skill in the art would understand that a different policy
`applies between 6:00 a.m. and midnight. And our expert likewise testified
`that in the Wood expert, the Wood excerpt, excuse me, a person of ordinary
`skill in the art would understand that a different policy applies inside
`working hours. However, there are more explicit --
`JUDGE TROCK: So, not to interrupt you. So it’s not a
`disclosure of Wood. It’s an understanding of someone of ordinary skill in
`the art, is that what you’re saying?
`MR. BROWN: Yes, Your Honor.
`
`
`
`
`
`11
`
`
`
`Case IPR2017-00338
`Patent 9,098,685 B2
`
`
`JUDGE TROCK: Okay.
`MR. BROWN: But under Microsoft, under the Biscotti case,
`Microsoft v. Biscotti, a reference anticipates where the claimed subject
`matter would be immediately envisaged by a person of ordinary skill in the
`art.
`
`JUDGE TROCK: Okay.
`MR. BROWN: But there are more explicit disclosures in Wood.
`And so for example on page 24 of our petition, we cite to column nine, lines
`21 through 26 of Wood, which says for some requested accesses and
`security policies... even a session without authenticated logging credentials
`may be authorized. And it says, for others a more substantial trust level may
`be required. So that’s a very clear example in Wood where it talks about the
`notion of having multiple security policies within a given system. Does that
`answer your question? Thank you.
`JUDGE TROCK: Yes, thank you.
`JUDGE ARPIN: Counselor, back to slide 19, is it your position
`or is it Petitioner’s position that midnight to 6:00 a.m. is one policy and 6:00
`a.m. to midnight is another policy?
`MR. BROWN: Yes. So --
`JUDGE ARPIN: Why isn’t that one policy?
`MR. BROWN: Thank you, Your Honor. The --
`JUDGE ARPIN: Or should I say, using the Wood example, is
`outside of working hours one policy and inside of working hours another
`policy?
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`
`
`12
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2017-00338
`Patent 9,098,685 B2
`
`
`MR. BROWN: Your Honor, it’s our view that under the
`broadest reasonable construction of security policy, those represent two
`different security policies because they are two rules, because they are rules
`that are selected at different times of day. Now one can imagine that they
`might fall within a larger rubric, a larger set of policies, in much the same
`way that different rules for immigration to this country might fall within the
`rubric of an immigration policy. There’s nothing inconsistent with saying
`that there is a set of policies which you might call itself a policy. But, as
`long as there are multiple rules within that policy, then the reference
`discloses a plurality of policies.
`JUDGE ARPIN: So are you saying a rule is a policy?
`MR. BROWN: Under the broadest reasonable interpretation,
`that’s a fair summary of both sides’ proposed constructions.
`Now turning to slide 21, Dr. Neuman states the obvious when
`he says that Wood has remarkably similar examples to those of the 685
`patent.
`
`On slide 22, just very briefly, exclusive licensee argues that
`Wood’s security policies are determined based on the resource being
`accessed. Wood operates exactly the same way as the 685 patent in this
`regard. So the top excerpt on this slide shows that in the 685 patent,
`previously stored policy data is used to determine security policy. And the
`middle excerpt shows that that previously stored policy data depends on the
`data, the secure data being requested from the data server. So in the 685
`patent what kind of data you are requesting from the data server influences
`the determination of the 685 patent. The Board itself recognized on page 16,
`
`
`13
`
`
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2017-00338
`Patent 9,098,685 B2
`
`that to say that Wood depends in part on the resource being accessed is not a
`distinction over the 685 patent. And the Board also recognized on page 17
`of its institution decision that whether or not Wood considers the resource
`being accessed when determining a security policy doesn’t place it outside
`the scope of the claim. The claim doesn’t say -- well, the Board put it better
`than I can so I’ll just read the development excerpt. “The determining a
`security policy step of claim one is not exclusionary, i.e. it does not
`expressly preclude considerations of other parameters in addition to the
`conditions.”
`
`Now if we turn --
`JUDGE ARPIN: Counselor, on your slide 21?
`MR. BROWN: Yes, Your Honor?
`JUDGE ARPIN: Did I hear you earlier say that outside the
`company’s network is a geographic reference?
`MR. BROWN: Are you referring to slide 20?
`JUDGE ARPIN: Twenty-one. I’m looking at the highlighted
`
`last line --
`
`MR. BROWN: Got it.
`JUDGE ARPIN: -- of paragraph 85 --
`MR. BROWN: I see it.
`JUDGE ARPIN: -- on Dr. Neuman’s declaration.
`MR. BROWN: Yes, Your Honor. Yes, it is.
`JUDGE ARPIN: Well Judge Trock, Judge Pettigrew, and I are
`all on the same network, and we’re clearly not in the same geographic
`location.
`
`
`14
`
`
`
`
`
`Case IPR2017-00338
`Patent 9,098,685 B2
`
`
`MR. BROWN: Yes, Your Honor. But a person of ordinary
`skill in the art would understand that at least in some circumstances a
`company’s network might refer to an internet that is geographically based.
`Your Honor, I do take your point --
`JUDGE ARPIN: -- to it in Wood?
`MR. BROWN: Your Honor, I’m not familiar with that, with a
`more specific example in Wood at this moment. I can take a look during our
`break. But in any event, our argument doesn’t depend on location based
`security policies. The claim is equally invalid if Wood discloses time-based
`or connection-based policies. And outside the company’s network could
`equally be understood as a connection-based policy.
`JUDGE ARPIN: Thank you. Please continue, counselor.
`MR. BROWN: Okay. Turning to slide 24 -- actually, Your
`Honor, I’ll reserve the 30 seconds I have remaining for rebuttal, please.
`JUDGE PETTIGREW: Okay. Thank you.
`MR. BROWN: Thank you.
`JUDGE PETTIGREW: And now we’ll hear from Intellectual
`Ventures, the exclusive licensee.
`MR. PICKARD: Good afternoon. Byron Pickard on behalf of
`Intellectual Ventures. Just for the Board’s information, I’m joined by Lestin
`Kenton, backup counsel, and James Heitala from Intellectual Ventures.
`I want to focus on the determining step with my time today. I
`think there is a fundamental problem with the petitioner’s case.
`JUDGE TROCK: Which determining step, counsel?
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`
`
`15
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2017-00338
`Patent 9,098,685 B2
`
`
`MR. PICKARD: Oh, I’m sorry. Determining the security
`policy from a pre-determined set of secured policies. I apologize.
`JUDGE ARPIN: Counselor, is there a slide I should be looking
`
`at?
`
`MR. PICKARD: I will direct your attention to Patent Owner’s
`slide five in a moment.
`The petitioner focuses largely on content of the security policies
`that are in Wood and in Neuman. But that’s not really what the dispute is
`about on this determining step. There’s not a dispute that Wood discloses
`security policies and it’s not relevant whether those security policies are
`time-based or location-based. If we look at the claim language, again patent
`owner’s slide five which shows independent claim one, the determining a
`security policy step, this deals with a threshold issue. That is, what set of
`rules are we going to apply for this particular security access? And it does,
`the patent, the 685 patent does so in a very particular way. It determines that
`security from a plurality of pre-determined security policies. So there’s
`going to be a set of them. And then it’s going to choose among them based
`on two things. The stored policy data, and the 685 says that could be things
`like user ID, but relevant for purposes here it will do so on these, what we
`have called the computing conditions in our paper. That’s received
`indications of the type of link, the location from which the access attempt is
`being made, and the time at which the access attempt is being made.
`The petitioner has confused a security policy that considers
`whether it fails or satisfies the grant or deny access that looks at time with
`the threshold issue of how do we select which rules we apply? The 685
`
`
`16
`
`
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2017-00338
`Patent 9,098,685 B2
`
`could select rules that have nothing to do with time-based or location-based
`rules. Once those rules are determined, that security policy, then it turns to
`the next step of determining an authorization method. How will we
`authenticate or authorize the user?
`Wood works in a fundamentally different way, and I think we
`see that from the examples that the petitioner has presented to the Board.
`JUDGE TROCK: Can I stop you right there for a second,
`
`counsel?
`
`MR. PICKARD: Of course.
`JUDGE TROCK: I believe what you just said was that -- well,
`here is my question. My question is you’re indicating here that the
`procedure you want to follow in this determining step is a consideration of
`two things. One is the stored policy data and the computing conditions, is
`that correct?
`MR. PICKARD: Correct.
`JUDGE TROCK: Okay. And then the computing conditions
`also include the time of access, is that correct?
`MR. PICKARD: That is correct.
`JUDGE TROCK: Okay. Isn’t that what Wood does?
`MR. PICKARD: No, that’s not what Wood does. Wood has
`rules that would grant or deny access based on time, but that’s different than
`the approach of the 685 patent. The determining step first asks what rules
`are we going to invoke for this particular access attempt? And, in the
`example of the roving general, it gives the example of locations in those.
`And so if it’s in a non-allied country it’s going to invoke a security policy
`
`
`17
`
`
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2017-00338
`Patent 9,098,685 B2
`
`that has a particularly high set of authorization methods. And I’ll give you
`an example that we’re going to do a --
`JUDGE TROCK: All right. So you agree with prior counsel’s
`statement that the security policies are essentially rules to apply?
`MR. PICKARD: That’s right. And I don’t think there’s a
`dispute in this case that’s relevant for deciding the issues about what a
`security policy is. But that’s not the issue.
`JUDGE TROCK: Right. So, my understanding then of how
`this portion of the claim operates then is that you’re going to determine what
`rules to apply, which is the security policy. That’s going to come from a set
`of policies that have already been pre-determined, correct?
`MR. PICKARD: Correct.
`JUDGE TROCK: And you’re going to look at two separate
`parameters in order to make that choice. One is going to be stored policy
`data and the other is going to be the computing conditions, is that correct?
`MR. PICKARD: That’s correct.
`JUDGE TROCK: And one of those conditions can be time, is
`that correct?
`MR. PICKARD: That is correct.
`JUDGE TROCK: Okay. So the only thing that’s left here is the
`stored policy data, is that where you’re going to --
`MR. PICKARD: No, we haven’t --
`JUDGE TROCK: -- in terms of the distinction?
`MR. PICKARD: I’m sorry to have interrupted you. No, we
`have not argued that. And I want to go to the example of the time-based
`
`
`18
`
`
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2017-00338
`Patent 9,098,685 B2
`
`security policy that the petitioner has offered for the Board’s consideration.
`If we look at their reply at, bear with me a moment, I believe it’s at page
`four. They offer --
`JUDGE TROCK: Yes, I have it at page four.
`MR. PICKARD: Yeah, they offer a time-based policy. And if
`you look over to page five of the reply, they have the disclosure from Wood.
`And they give it, so I think the important language there is a given security
`policy and associated trust level mappings may dictate a refuse response.
`That disclosure in Wood has nothing to do with how we determine which
`rule applies. That talks about a given security policy and how that given
`security policy will work, how it will grant or refuse access. The location-
`based example that they give at page --
`JUDGE TROCK: Well let me stop you right there.
`MR. PICKARD: Yes?
`JUDGE TROCK: So are you arguing that Wood, in this
`example Wood has already selected the policy? And is it your argument that
`in the 685 you have to, you are considering time before you make the
`selection? Is that your position?
`MR. PICKARD: Essentially yes. In order to satisfy the
`limitations of the 685 you have to consider one of those computing
`conditions to select which rules to apply. That a rule considers location or
`time is of no moment. The 685 could invoke a set of rules that considers
`those things or it might not. The critical part for that determining a security
`policy is at the threshold what set of rules are we going to apply? We have
`to consider one of these things. And the example of Wood that’s on page
`
`
`19
`
`
`
`
`
`Case IPR2017-00338
`Patent 9,098,685 B2
`
`five, at four to five of petitioner’s reply, somehow it’s been selected. It
`doesn’t say how that rule has been selected, whether it’s a fixed rule that was
`set by the administrator. It just doesn’t provide that necessary disclosure.
`The same problems present themselves at pages eight and nine
`of the reply where they give what they call the location-based access
`attempt. And if you look, I think, you know, they have the handwritten rule
`from Dr. Goldschlag; access is allowed from work by employees. And the
`unremarkable thing about that note is all Dr. Goldschlag has done is state a
`rule. But they haven’t tied it back to how that rule was determined, how it
`was selected from a plurality of security policies. As a fundamental --
`JUDGE ARPIN: Counselor?
`MR. PICKARD: Yes?
`JUDGE ARPIN: Turning to your slide five, which is the
`language of claim one --
`MR. PICKARD: Yes?
`JUDGE ARPIN: Where do you see in this language that that
`order of selection is improper?
`MR. PICKARD: I’m not sure I quite understand Your Honor’s
`point. The order --
`JUDGE ARPIN: Well I think Judge Trock asked you a question
`about whether or not you are selecting the policy based on the received
`indication of time. And I’m not seeing in the claim language where it
`matters whether you select the policy and then look at time, or whether you
`know that time is an issue and then select a policy.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`
`
`20
`
`
`
`Case IPR2017-00338
`Patent 9,098,685 B2
`
`
`MR. PICKARD: I think if you look at the language of the
`claim, determining a security policy based on previously stored policy data
`and the received indications as to the computing conditions. So the
`determination has to be based on that. So there has to be a consideration
`before it is chosen from among that plurality of security policies.
`JUDGE ARPIN: Is that because the stored policy data comes
`before the received indication?
`MR. PICKARD: I don’t think that’s the critical point. I think
`the critical point is you can’t make a decision based on something if that
`thing occurs in the future and you’re not, you can’t know what that
`indication is, the received indication is, until it is received. In fact, it uses
`the past tense there, based on received indications. It’s suggesting that that,
`those indications, the three computing conditions, have been received. Not
`on to be received indications, but received indications.
`JUDGE TROCK: But the rules are already set, is that correct?
`I mean these are pre-determined policies. So you’re not making up new
`rules, you’re just selecting amongst a plurality of rules that already exist.
`MR. PICKARD: That’s right.
`JUDGE TROCK: So, all right, logically then you would have
`considered all of these conditions. And based upon what the conditions are
`telling you, you’re going to select a policy from it or a set of rules from that,
`is that correct?
`MR. PICKARD: Right. That’s how that claim language
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
