Bitdefender, Inc.,
`
`v.
`
`Uniloc Luxembourg S.A.,
`
`Case IPR2017-01315 (Patent 6,510,466)
`
`Hearing Before Mariam L. Quinn,
`Robert J. Weinschenk, and
`Jessica C. Kaiser (Presiding)
`
`August 7, 2018
`
`

`

`Petition is facially deficient re. means+function limitations
`
`Board’s original Institution Decision (Paper 10 at 17):
`
`a. Claims 15. 16, 22. 23, 35, and 36
`
`For independent claims 15 and 16, we determined abovethat
`
`Petitioner had not identified sufficient corresponding structure for “means
`
`for installing a plurality of application programs at the server.” Inits
`
`asserted ground, Petitioner addresses the limitations of claims 1, 15, and 16
`
`together. Pet. 28—52. For this limitation, although Petitioner contends
`
`Kasso has application programsstored at a server’s storage device.
`
`Petitioner does not address whether this teaching meets the corresponding
`
`structure discussed above(i.e., steps 112—116 of Figure 8 and the associated
`
`description (Ex. 1001, 17:55—67) (and their equivalents)). Pet. 30-31.
`
`

`

`Objection: Petitioner's Institution ResponseBrief introduces new arguments/evidence and should be stricken
`
`In granting additional briefing to address claims newly
`instituted under SAS, the Board Ordered Petitioner (in Paper 15)
`to identify with particularity the place where each matter(i.e.,
`argumentor evidence)raisedin its Institution Response Brief
`waspreviously addressedin its Petition (Paper 1).
`
`v There is not a single citation in the Institution ResponseBrief
`(Paper 17) to the Petition (Paper 1).
`
`v Instead, the Institution Response Brief (Paper 17) argues
`Petitioner should not be required to comply with the Board's
`order: “Forcing the Petitioner to supply evidence with their
`petition for arguments notyet raised would,in fact, require
`them to anticipate all possible arguments.”
`
`Y Thus, Petitioner concedesthat it relies on new
`arguments/evidence and thus contravened the Board’s Order.
`
`

`

`Ele
`
`1. A method for managementof application programs on a
`networkincluding a server and a client comprising the
`stepsof:
`installing a plurality of application programsat the server;
`receiving at the server a login request from a userat the
`client;
`establishing a user desktop interfaceat the client
`associated with the user responsiveto the login request
`from theuser, the desktopinterface including a
`plurality of display regions associated with a set of the
`plurality of application programsinstalled at the server
`for whichtheuseris authorized;
`receiving at the servera selection of oneofthe plurality of
`application programsfrom the user desktop interface;
`and
`
`providinganinstance of the selected one of the plurality of
`application programsto theclient for execution
`responsiveto theselection.
`
`

`

`Kasso's non-networked computer system is unavailing
`
`Claim 1 is directed to “[a] method for managementof application
`programson a networkincluding a server and aclient...”
`
`AsDr. DiEuliis testified, the non-networked computer system of
`Fig. 1 of Kasso is readily distinguishable from the claim language:
`
`networked environment. Id.at 4:1-43. A POSITA would have understood
`
`FIG. | to describe a single, normal computer system, such as a personal
`
`computer or workstation. Moreover, a POSITA would have understood
`
`that the computer system of FIG.
`
`1 would have been used by a person
`
`(i.e., user) and is not connected to a network. The embodiment described
`
`EX2001 q 63.
`
`in FIG. | demonstrates that Kasso is not limited to computer networks
`
`because Kasso states the invention may be practiced in a single,
`
`stand-alone computerthat is not connected to a network. Thus, Kassois
`
`different from the °466 patent, which is directed to computer
`
`networks, and cannot be implemented on a single-computer.
`
`

`

`and “receiving”limitations
`
`WoksataOM ttTm Ole) TeaCUA
`
`Petitionerfails to prove its conclusory statement: “Kasso describes
`a plurality of Java applets ...at HTTP server 208.” Pet. 30.
`
`Selector can access a set of application programs 240, 60
` EX1009, 5:60-62
`each of which is implemented as a Java applet storec
`association with an HTML page on the HTTP server+ 208.
`
`6
`represented by the icon. For example, the mailbox icon 404
`is associated with a URL identifying an HTMLpage on the
`H'TTP serverthat contains a MailView applet. The MailView
`applet implements an electronic mail program. Thus, when
`a user clicks the mailbox icon 406, from HTTP server 208
`Selector loads the HTML, page associated with the icon and
`which contains the MailView Java applet. The associated
`HTML page is loaded and graphically displayed in the
`
`5
`
`display pane 420 of the main screen 402. aeaaa
`
`40.
`ANNOOde Te
`
`

`

`
`
`No server in Kasso’'s Fig. 2 meets both the
`‘installing’ and “receiving”limitations
`
`For its only network embodiment, Kasso’s relies on a distributed server architecture.
`
`200
`
`202
`
`45
`
`NETWORK COMPUTER ENVIRONMENT
`
`
`
`cs|Ny eee Wey Ao alternate hardware environment is shown in FIG, 2. A
`
`210
`
`204
`
`210
`
`206.
`
`Jac
`
`208~|_HTTP
`SERVER
`
`LAN
`
`230
`
`plurality of network computers 200, 202 cach ts coupled
`using a conventional network communication link 210 to a
`local area network 204. Each of the network computers may
`so be configured in the form of computer system 100, except
`without data storage device 107. The term “host”is also used
`herein to refer to the network computers. A host is used by
`one or more human users.
`
`242
`
`Exhibit 1009, col. 4 lines 46-53.
`
`
`
`FINAL PROPERTIES-_-+-220 © It is undisputed that Kasso discloses “the
`
`FINAL APP PROPS
`
`PROPERTIES
`
`ii
`
`3
`
`5
`
`HOST. EROPS
`APP- SPECIFIC
`PROPERTIES
`
`FINAL HOST
`PROPERTIES
`
`222
`
`234
`
`...1S distinct from the
`
`Pet. 32; Paper 7 (Institution Decision) at 18.
`
`
`
`

`

`No proof that it would have been obvious to combine Kasso’s
`
`distinct NIS and HTTP serversinto a single server
`
`Dr. DiEuliis testified of certain example purposesachieved by the distributed server
`architecture disclosed in Kasso (and not by a non-disclosed, single-server approach):
`
`e Enhanced performanceand efficiency
`
`e Cost effective
`
`Because each server performs different functions, the
`
`performance of each function can be optimized without
`
`compromising the performance of other functions that are
`
`handled in other servers.
`
`e Balanced evolution of required computing powerat the servers
`
`e Easier scalability
`
`As the numberofitems handled (e.g., number of logins, number
`
`of users, numberof application programs, and so forth)
`
`increases, the expansion of the capability of the distributed
`
`servers can be accomplished much moreeasily than a single-
`
`server system.
`
`e Enhanced security
`
`In a distributed server network, each server has its own firewall
`
`and encryption. Thus, a hacker who wishesto steal information
`
`or access would need to break into multiple, probably different,
`
`serverfirewalls and decrypt different encryption schemesin
`
`orderto get all of the useful information. In addition, some
`
`A cost benefit accrues when a server must be upgraded only for
`
`the function performed by the affected server. In a single-server
`
`system, the whole computer system must be upgraded, not only
`
`to handle the increased load from one function, but to handle
`
`possible future increased computing loads for the other
`
`functions, as well. The cost of computer systems is not
`
`necessarily a steady, consistent increase as the computing power
`
`is increased, but can be an extremely dramatic increase for very
`
`large computer systems.
`
`e Easier maintenance
`
`The maintenance ofa distributed server is simpler than that of a
`
`single-server system. In a distributed system, the system
`
`administrators can optimize the server for the function
`
`performed bythat server. As the computing load changes over
`
`time, the administrator can add resources or change resource
`
`parameters to handle the change. Onthe other hand,in a single-
`
`server system, the administrator must juggle the resources
`
`amongthe various functions by tuning and allocating the
`(EX2001 {] 89)
`
`

`

`No proofthat it would have been obvious to combine Kasso’s
`
`distinct NIS and HTTP serversinto a single server
`
`Dr. DiEuliis testified that the enhanced security
`achieved only by Kasso’s distributed server architecture
`is made explicit in the disclosure:
`
`v Kasso emphasizescontrolling access to the network system
`(Fig. 2) via the NIS server 230.
`See, e.g., EX2001 JJ 89-93 (citing EX1009,5:35-43).
`
`V As Dr. DiEuliis testified, by using a dedicated serveras a
`security gateway, assets andsensitive information stored on
`other servers within the system is protected. Id.
`
`Vv Dr. DiEuliis concluded that Kasso’s emphasis of security
`achieved througha distributed-server architecture would
`have led a POSITA away from modifying Kasso to a single-
`server system, which “would eliminate the extremely
`important enhancedsecurity aspect of Kasso.”Id.
`
`v Kassofurtherdiscloses the need to store certain data ina
`location or mannerwhich prevents a user from editing or
`changingthe data content.
`EX1009. 7:49-52; see also Dr. DiEuliis at EX2001 § 91.
`
`

`

`No prooffor the proposed“offload” modification
`
`Petitioner’s conclusory and unproven “offload” theory:
`A POSITA would be motivated to deviate from Kasso by, instead,
`receiving authentication requests at the HTTP Server 208 and then
`“offloading” the authentication processto the NIS Server 230.
`
`Dr. DiEuliis’ rebuttal included(inter alia) the following points:
`
`v Kasso explicitly addresses whatit considers to be an adequate security
`solution: a dedicated NIS Server designed to both receive and process
`login requests and therebyfunction as a security gateway for accessing
`the system. This design protects assets and sensitive information stored
`on otherservers(e.g., access to HTTP server 208 is denied until
`successful login via NIS server 230). The proposed modification would
`eliminate this security feature. EX2001 at J 90-92.
`
`v Kasso explicitly discloses using uses various distinct and dedicated
`servers to process specific requests, which leads away from “offloading”
`a login request to anotherserver. Id. at J 89.
`
`v The proposed“offload” modification inefficiently requires additional
`and non-disclosed server-to-server communications that would
`consume bandwidth and processing power.Id. at J 102.
`
`10
`
`

`

`No proofthat it would have been obvious to combine Kasso’s
`
`distinct NIS and HTTP serversinto a single server
`
`Dependentclaims 2, 17, and 30 further require
`“maintaining application managementinformation for
`the plurality of applications at the server”
`
`Petitioner points to a “host property list” in Kasso and
`alleges that “a ‘host properties list’ 216 is maintained
`‘on a mass storage device 212 associated with the HTTP
`server 208.”
`
`However, “the server’recited in the claim language
`refers back to the server (1) at which the plurality of
`application programsare installed and (2) that received
`the login request from the user. See EX2001 § 111.
`
`