Bitdefender, Inc.,
`
`v
`
`Uniloc Luxembourg S.A.,
`
`Case IPR2017-013 15 (Patent 6,510,466)
`
`Hearing Before Mariam L. Quinn,
`Robert J. Weinschenk, and
`
`Jessica C. Kaiser (Presiding)
`
`August 7, 2018
`
`

`

`Petition is faoially deficient re. means+funotion limitations
`
`Board’s original Institution Decision [Paper 10 at 17):
`
`a. Claims 15. 16, 22. 23, 35. and 36
`
`For independent claims 15 and 16. we determined above that
`
`Petitioner had not identified sufficient corresponding stmcture for “means
`
`for installing a plurality of application programs at the server." In its
`
`asserted ground. Petitioner addresses the limitations of claims 1. 15. and 16
`
`together. Pet. 28—52. For this limitation. although Petitioner contends
`
`Kasso has application programs stored at a server’s storage device.
`
`Petitioner does not address whether this teaching meets the corresponding
`
`structure discussed above (i.e.. steps 112—1 16 of Figure 8 and the associated
`
`description (Ex. 1001, 17:55—67) (and their equivalents». Pet. 30—3 1.
`
`

`

`Objection: Petitioner’s Institution Response Brief introduces new arguments/evidence and should be stricken
`
`In granting additional briefing to address claims newly
`
`instituted under SAS, the Board Ordered Petitioner (in Paper 15)
`
`to identify with particularity the place where each matter (i.e.,
`
`argument or evidence) raised in its Institution Response Brief
`
`was previously addressed in its Petition (Paper 1).
`
`\/ There is not a single citation in the Institution Response Brief
`(Paper 17) to the Petition (Paper 1).
`
`\/ Instead, the Institution Response Brief (Paper 17) argues
`Petitioner should not be required to comply with the Board's
`
`order: "Forcing the Petitioner to supply evidence with their
`
`petition for arguments not yet raised would, in fact, require
`
`them to anticipate all possible arguments."
`
`\/ Thus, Petitioner concedes that it relies on new
`
`arguments/evidence and thus contravened the Board’s Order.
`
`

`

`Claim 1
`
`1. A method for management of application programs on a
`network including a server and a client comprising the
`steps of:
`
`installing a plurality of application programs at the server;
`
`receiving at the server a login request from a user at the
`client;
`
`establishing a user desktop interface at the client
`associated with the user responsive to the login request
`from the user, the desktop interface including a
`plurality of display regions associated with a set of the
`plurality of application programs installed at the server
`for which the user is authorized;
`
`receiving at the server a selection of one of the plurality of
`application programs from the user desktop interface;
`and
`
`providing an instance of the selected one of the plurality of
`application programs to the client for execution
`responsive to the selection.
`
`

`

`Kasso’s non-networked computer system is unavailing
`
`Claim 1 is directed to “[a] method for management of application
`
`programs on a network including a server and a client. .
`
`As Dr. DiEuliis testified, the non—networked computer system of
`
`Fig. 1 of Kasso is readily distinguishable from the claim language:
`
`networked environment. ld.at 4:1-43. A POSITA would have understood
`
`FIG. 1 to describe a single, normal computer system, such as a personal
`
`computer or workstation. Moreover, a POSlTA would have understood
`
`that the computer system of FIG.
`
`I would have been used by a person
`
`(i.e., user) and is not connected to a network. The embodiment described
`
`EX2 001 11 63
`
`in FIG. 1 demonstrates that Kasso is not limited to computer networks
`
`because Kasso states the invention may be practiced in a single,
`
`stand-alone computer that is not connected to a network. Thus, Kasso is
`
`different from the ’466 patent, which is directed to computer
`
`networks, and cannot be implemented on a single-computer.
`
`

`

`No server in Kasso meets both the “installing” and “receiving” limitations
`
`Petitioner fails to prove its conclusory statement: “Kasso describes
`_ a plurality of Java applets .
`.
`. at HTTP server 208." Pet. 3 O.
`
`Selector can access a set of application programs 240, 60
` EX1009, 5:60—62
`each of which is implemented as a Java applet . '
`association with an HTML page on the HTTP server 208.
`
`6
`
`5
`
`represented by the icon. For example, the mailbox icon 404
`is associated with a URL identifying an HTML. page on the
`HTTP server that contains a MailView applet. The MailView
`applet implements an electronic mail program. Thus, when
`a user clicks the mailbox icon 406, from HTTP server 208
`Selector loads the HTML, page associated with the icon and
`which contains the MailView Java applet. The associated
`HTML page is loaded and graphically displayed in the
`display pane 420 of the main screen 402 The apphcanon
`
`
`
`.
`_
`EX1009, 6'10 12'
`
`

`

`| nstalling” and “recetvmg” limitaitons
`
`No server in Kasso’s Fig.2 meets both the
`
`(l'
`
`For its only network embodiment, Kasso’s relies on a distributed server architecture.
`
`200
`
`202
`
`n m . . - n
`
`210
`
`20
`
`J88
`
`208
`
`‘ HTTP
`SERVER
`
`21!
`
`204
`
`212
`
`DEFAULT
`
`PROPERTIES
`
`HOST PROPS
`
`APP- SPECIFIC
`PROPERTIES
`
`214
`
`216
`
`224
`
`226
`
`FINAL APP PROPS
`
`FINAL PROPERTIES
`
`FINAL HOST
`PROPERTIES
`
`LAN
`
`230
`
`@
`
`234
`
`220
`
`222
`
`45
`
`NETWORK (.‘(IMPU'I'ER ENVIRONMENT
`
`An alternate hardwarc environment is shown in FIG. 2. A
`
`plurality of network computers 200. 2.02 each is coupled
`using a conventional network communication link 210 to a
`local area network 204. Each of the network computers ms?
`-l'] be configured in the {arm of computer system 100, except
`without data storage device 107. The term “has!” is also used
`herein to refer to the network Computers- A host is used by
`one or more human users.
`
`Exhibit 1009, col. 4 lines 46-53.
`
`It is undisputed that Kasso discloses “the
`
`‘is distinctfrom the
`
`
`Pet. 32; Paper 7 (Institutitgm Decision] at 18.
`
`218
`
`USER
`PROPERTIES
`
`£32
`
`FILE
`SERVER
`
`

`

`No proof that it would have been obvious to combine Kasso’s
`
`distinct NIS and HTTP sewers into a single server
`
`Dr. DiEuliis testified of certain example purposes achieved by the distributed server
`architecture disclosed in Kasso (and not by a non—disclosed, single-server approach):
`
`0 Enhanced performance and efficiency
`
`0 Cost effective
`
`Because each server performs different functions, the
`
`A cost benefit accrues when a server must be upgraded only for
`
`performance of each function can be optimized without
`compromising the performance of other functions that are
`.
`handled in other servers.
`
`_
`_
`.
`0 Balanced evolution of reqmred computing power at the servers
`
`.
`.
`.
`0 Easner scalability
`
`As the number of items handled (e.g., number of logins, number
`
`of users, number of application programs, and so forth)
`increases, the expansion of the capability of the distributed
`
`servers can be accomplished much more easily than a single-
`
`server system.
`
`0 Enhanced security
`
`the function performed by the affected server. In a single-server
`Syswm’ the “mom c°mpuwr ”Stem mu“ be "pgmded’ "0‘ only
`to handle the increased load from one function, but to handle
`
`possible future increased computing loads for the other
`
`functions, as well. The cost of computer systems is not
`
`necessaril a stead , consistent increase as the com utin
`8P0
`Y
`Y
`P
`is incneased. but can be an extremely dramatic increase for very
`
`wer
`
`large computer systems.
`. Easier maintenance
`,
`.
`,
`.
`_
`The maintenance of a distributed server is Simpler than that of a
`.
`.
`.
`Single-server system. In a distributed system, the system
`administrators can optimize the server for the function
`
`performed by that server. As the computing load changes over
`
`In a distributed server network, each server has its own firewall
`
`time, the administrator can add resources or change resource
`
`and encryption. Thus, a hacker who wishes to steal information
`.
`.
`.
`or access would need to break into multiple, probably different,
`.
`.
`,
`server firewalls and decrypt different encryption schemes in
`order to get all of the useful information. in addition, some
`
`parameters to handle the change. 0" me Other hand, '" a Single-
`se
`s ste , head ’
`'strato
`ust 'u
`l
`t
`sources
`rver y m t
`mm]
`r m
`J g 0 he re
`amon the various functions b tunin and allocatin the
`g
`y
`g
`g
`(EXZOO 1 1] 8 9)
`
`

`

`
`
`No proof that it would have been obvious to combine Kasso’s
`distinct NIS and HTTP servers into a single server
`
`Dr. DiEuliis testified that the enhanced securigg
`
`achieved only by Kasso’s distributed server architecture
`
`is made explicit in the disclosure:
`
`\/ Kasso emphasizes controlling access to the network system
`(Fig. 2) via the NIS server 230.
`See, e.g., EX2001 1111 89-93 (citing EX1009, 5:35-43).
`
`/ As Dr. DiEuliis testified, by using a dedicated server as a
`security gateway, assets and sensitive information stored on
`other servers within the system is protected. Id.
`
`\/ Dr. DiEuliis concluded that Kasso’s emphasis of security
`achieved through a distributed-server architecture would
`have led a POSITA away from modifying Kasso to a single-
`server system, which “would eliminate the extremely
`important enhanced security aspect of Kasso." Id.
`
`/ Kasso further discloses the need to store certain data in a
`
`location or manner which prevents a user from editing or
`changing the data content.
`EX1009. 7:49-52; see also Dr. DiEuliis at EX2001 1T 91.
`
`

`

`No proof for the proposed “offload” modification
`
`Petitioner’s conclusory and unproven “offload" theory:
`A POSITA would be motivated to deviate from Kasso by, instead,
`receiving authentication requests at the HTTP Server 208 and then
`“offloading" the authentication process to the NIS Server 230.
`
`Dr. DiEuliis' rebuttal included (inter alia) the following points:
`
`\/ Kasso explicitly addresses what it considers to be an adequate security
`solution: a dedicated NIS Server designed to m receive m process
`10 gin requests and thereby function as a security gateway for accessing
`the system. This design protects assets and sensitive information stored
`on other servers (e.g., access to HTTP server 208 is denied until
`successful login via NIS server 230). The proposed modification would
`
`eliminate this security feature. EXZ 001 at 11 90-92.
`
`\/ Kasso explicitly discloses using uses various distinct and dedicated
`servers to process specific requests, which leads away from “offloading”
`a login request to another server. Id. at 11 89.
`
`\/ The proposed "offload" modification inefficiently requires additional
`and non-disclosed server-to-server communications that would
`
`consume bandwidth and processing power. Id. at 11 102.
`
`10
`
`

`

`No proof that it would have been obvious to combine Kasso’s
`
`distinct NIS and HTTP sewers into a single server
`
`Dependent claims 2, 17, and 30 further require
`
`"maintaining application management information for
`
`the plurality of applications at the server"
`
`Petitioner points to a “host property list" in Kasso and
`
`alleges that “a ‘host properties list’ 216 is maintained
`
`‘on a mass storage device 212 associated with the HTTP
`server 208.”
`
`However, "the server" recited in the claim language
`
`refers back to the server (1) at which the plurality of
`
`application programs are installed and (2) that received
`
`the login request from the user. See EX2001 11 111.
`
`11
`
`