IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`Nehushtan et al.
`In re Patent of:
`9,635,544 Attorney Docket No.: 50095-0121IP1
`U.S. Patent No.:
`April 25, 2017
`
`Issue Date:
`Appl. Serial No.: 14/591,108
`
`Filing Date:
`January 7, 2015
`
`Title:
`CELLULAR DEVICE SECURITY APPARATUS AND METHOD
`
`
`Mail Stop Patent Board
`Patent Trial and Appeal Board
`U.S. Patent and Trademark Office
`P.O. Box 1450
`Alexandria, VA 22313-1450
`
`
`
`PETITION FOR INTER PARTES REVIEW OF UNITED STATES PATENT
`NO. 9,635,544 PURSUANT TO 35 U.S.C. §§ 311–319, 37 C.F.R. § 42
`
`

`

`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`TABLE OF CONTENTS
`
`I.
`
`II.
`
`REQUIREMENTS .......................................................................................... 1
`A. Grounds for Standing ................................................................................ 1
`B. Challenge and Relief Requested ............................................................... 1
`
`THE ’544 PATENT ......................................................................................... 3
`A. ’544 Patent Specification .......................................................................... 3
`B. Prosecution History ................................................................................... 5
`C. Claim Construction ................................................................................... 5
`
`III. THE CHALLENGED CLAIMS ARE UNPATENTABLE ............................ 6
`A. [GROUND 1] – Shahbazi Renders Obvious Claims 1-20 ....................... 6
`1.
`Shahbazi .......................................................................................... 6
`2.
`Shahbazi Under §103 ....................................................................10
`3.
`Claim 1 ..........................................................................................12
`4.
`Elements of Claim 4, 17-19 ...........................................................27
`5.
`Claims 2, 3, 5-10, 15, 16 ...............................................................35
`6.
`Elements of Claims 11-14, 20 .......................................................47
`B. [GROUND 2] – Fam, Geiger, and Shirai Render Obvious Claims 1-20 ...
`
` .......................................................................................................48
`1.
`Fam ................................................................................................48
`2. Geiger ............................................................................................51
`3.
`Shirai..............................................................................................54
`4.
`Combination of Fam and Geiger ...................................................55
`5.
`Combination of Shirai and Fam-Geiger System ...........................56
`6.
`Claim 1 ..........................................................................................57
`7.
`Elements of Claims 4, 17-19 .........................................................69
`8.
`Claims 2, 3, 6-10, 15, 16 ...............................................................76
`9.
`Elements of Claims 11-14, 20 .......................................................83
`
`IV. DISCRETION SHOULD NOT PRECLUDE INSTITUTION .....................83
`
`V.
`
`FEES ..............................................................................................................86
`
`VI. CONCLUSION ..............................................................................................86
`
`VII. MANDATORY NOTICES UNDER 37 C.F.R § 42.8(a)(1) .........................86
`A. Real Party-In-Interest Under 37 C.F.R. § 42.8(b)(1)..............................86
`B. Related Matters Under 37 C.F.R. § 42.8(b)(2) .......................................86
`C. Lead And Back-Up Counsel Under 37 C.F.R. § 42.8(b)(3) ...................86
`D. Service Information ................................................................................87
`
`i
`
`

`

`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`
`
`EXHIBITS
`
`APPLE-1001
`
`U.S. Patent 9,635,544 to Nehushtan et al. (“the ’544 patent”)
`
`APPLE-1002
`
`Excerpts from the Prosecution History of the ’544 patent (“the
`Prosecution History”)
`
`APPLE-1003
`
`Declaration of Dr. Patrick Traynor
`
`APPLE-1004
`
` U.S. Patent No. 8,635,661 (“Shahbazi”)
`
`APPLE-1005
`
` U.S. Patent No. 7,181,726 (“Fam”)
`
`APPLE-1006
`
` U.S. Patent No. 6,463,534 (“Geiger”)
`
`APPLE-1007
`
` U.S. Patent Application Publication No. 2001/0051519
`(“Shirai”)
`
`
`
`APPLE-1008
`
` Klemetti, Aarne, “PDA Operating Systems,” EVTEK, Media
`Technology, 2002
`
`APPLE-1009
`
`
`
`“The Symbian Platform Version 6.0: Power and Innovation,”
`The Wayback Machine (accessed 10/11/2022), available at
`https://web.archive.org/web/20010303233643/http://www.symb
`iandevnet.com
`
`APPLE-1010
`
` RNN Trust’s Complaint for Patent Infringement in R.N
`Nehushtan Trust Ltd. v. Apple Inc., 3:22-cv-01832-LB
`(N.D.Cal. March 23, 2021) (“Infringement Complaint”)
`
`APPLE-1011
`
` U.S. Provisional Application No. 60/531,668 (“Shahbazi
`Provisional”)
`
`APPLE-1012
`
` United States Department of Defense, Department of Defense
`Standard, “Trusted Computer System Evaluation Criteria”,
`DoD 5200.28-STD
`
`ii
`
`

`

`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`APPLE-1013
`
` Polly Sprenger, Wired Magazine, “Pirates Sneer at Intel Chip”
`https://www.wired.com/1999/01/pirates-sneer-at-intel-chip/,
`Jan 22, 1999.
`
`APPLE-1014
`
`
`
`Jason Miller, Federal News Network, “10 Years Later, CAC is
`securely part of DoD”
`
`APPLE-1015
`
` Arnis Parsovs, “Estonian Electronic Identity Card: Security
`Flaws in Key Management”, USENIX Security 2020.
`
`APPLE-1016
`
` C. Stephen Carr, “Network Subsystem for Time Sharing
`Hosts”, IETF RFC 15, 25 September, 1969.
`
`APPLE-1017
`
`
`
`ITU-T Recommendation E.212 (1993)
`
`APPLE-1018
`
` GSMA, https://www.gsma.com/aboutus/history, Accessed 16
`November 2022
`
`APPLE-1019
`
` Research in Motion, 2001 Annual Report
`
`APPLE-1020
`
` U.S. Patent No. 7,239,877 (“Corneille”)
`
`APPLE-1021
`
` GSM 03.48 v8.0.0 (1999-07)
`
`APPLE-1022
`
` U.S. Patent Application Publication No. 2006/0031407
`(“Dispensa”)
`
`APPLE-1023
`
` Sascha Segan, “The Evolution of the Blackberry, From 957 to
`Z10,” PCMag, 28 Jan. 2013, https://www.pcmag.com/news/the-
`evolution-of-the-blackberry-from-957-to-z10 (APPLE-1023)
`
`APPLE-1024
`
` Symbian S600, https://nokia.fandom.com/wiki/Symbian_S60,
`Accessed 16 Nov. 2022 (APPLE-1024)
`
`APPLE-1025
`
` November 22, 2022 Letter to John L. North
`
`
`
`
`
`iii
`
`

`

`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`LISTING OF CHALLENGED CLAIMS
`
`Claim Identifier Claim Language
`
`1
`
`[1.1]
`
`[1.2]
`
`[1.3]
`
`[1.4]
`
`[1.5]
`
`[1.6]
`
`[1.7]
`
`[1.8]
`
`A cellular communication device comprising a
`processor, a memory and a data mode, said data mode
`allowing reading and writing of data in said memory
`and changing of settings on said cellular communication
`device,
`
`said settings changeable in said data mode comprising
`personal data, device configuration data and technical
`data relating to the specific device;
`
`wherein said cellular communication device further
`comprises an access restrictor that restricts use of said
`data mode in response to receipt of a security setting
`unique to said cellular communication device;
`
`wherein said device unique security setting is generated
`remotely and provided to the cellular communication
`device using a predetermined communication protocol
`before use of the data mode;
`
`said data mode permitting a file transfer in an active
`connection to and from said cellular communication
`device;
`
`wherein said device unique security setting is
`dynamically changed after use of said data mode,
`
`wherein said predetermined communication protocol is
`managed by said cellular communication device in
`association with a client program, and
`
`said cellular communication device is configured to
`carry out one member of the group consisting of:
`
`setting said cellular communication device into said data
`mode when it determines that said device unique
`security setting is correct; and
`
`monitoring said active connection, and disabling said
`
`iv
`
`

`

`Claim Identifier Claim Language
`
`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`2
`
`[2]
`
`3
`
`[3]
`
`4
`
`[4.1]
`
`[4.2]
`
`[4.3]
`
`[4.4]
`
`[4.5]
`
`[4.6]
`
`data mode when said active connection is not active.
`
`The cellular communication device of claim 1, wherein
`said memory in said cellular communication device
`includes address data modifiable in said data mode in
`accordance with data in an external data source.
`
`The cellular communication device of claim 1, wherein
`said data mode permits modification of data stored in an
`external data source in accordance with address data
`stored on said cellular communication device.
`
`A cellular communication device having a processor,
`memory and a data mode, said data mode allowing
`reading and writing and changing of data and settings on
`said cellular communication device, including storing,
`modifying or replacing an operating system stored in
`said memory in an active connection;
`
`said data and settings comprising personal data,
`configuration data and technical data relating to said
`cellular communication device,
`
`said cellular communication device further comprising
`an access restrictor to restrict use of said data mode in
`accordance with a device unique security setting,
`
`wherein said device unique security setting is obtained
`remotely and provided to said cellular communication
`device before the access data mode is used,
`
`wherein said device unique security setting is
`dynamically changed after use of said data mode,
`
`the cellular communication device being configured to
`carry out one member of the group consisting of:
`
`using said data mode when it determines that said
`device unique security setting is correct; and
`
`monitoring said active connection, and disabling said
`data mode when said active connection is not active.
`
`v
`
`

`

`Claim Identifier Claim Language
`
`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`The cellular communication device of claim 1, wherein
`said device unique security setting is one member of the
`group consisting of a software setting, a security
`certificate, a signature, a coding configuration for an
`instruction, a dynamic password, and a one-time
`password.
`
`The cellular communication device of claim 1, wherein
`said unique security setting is constructed using one
`member of the group consisting of: one cellular
`communication device specific data item and one
`random data item, and two cellular communication
`device specific data items and two random data items.
`
`The cellular communication device of claim 1, wherein
`said unique security setting is provided to said cellular
`communication device via a predetermined
`communication protocol.
`
`The cellular communication device of claim 5, wherein
`said unique security setting is provided to said cellular
`communication device using a predetermined
`communication protocol, said predetermined
`communication protocol comprising one member of the
`group consisting of:
`
` specified sequence of communication packets, and
`
` specified structure of communication packets.
`
` a
`
` a
`
`The cellular communication device of claim 1, wherein
`said access restrictor restricts use of said data mode to
`an active connection with a predetermined secure server.
`
`The cellular communication device according to claim
`5, wherein said active connection is identified via said
`unique security setting.
`
`5
`
`[5]
`
`6
`
`[6]
`
`7
`
`[7]
`
`8
`
`[8]
`
`9
`
`[9]
`
`10
`
`[10]
`
`11
`
`12
`
`[11]
`
`[12]
`
`See [5]
`
`See [6]
`
`vi
`
`

`

`Claim Identifier Claim Language
`
`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`13
`
`14
`
`15
`
`[13]
`
`[14]
`
`[15]
`
`16
`
`[16]
`
`17
`
`[17.1]
`
`
`
`
`
`
`
`
`
`
`
`
`
`[17.2]
`
`[17.3]
`
`[17.4]
`
`[17.5]
`
`[17.6]
`
`[17.7]
`
`See [8]
`
`See [1.8]
`
`The cellular communication device of claim 14, wherein
`said client program is located externally of said cellular
`communication device.
`
`The cellular communication device of claim 1, further
`comprising a configuration enabler for enabling or
`disabling use of said data mode in response to said
`unique security setting.
`
`A cellular communication device comprising a
`processor, a memory and a data mode, said data mode
`allowing reading and writing of data and changing of
`settings on said cellular communication device by an
`active connection;
`
`said settings comprising personal data, device
`configuration data and technical data relating to said
`cellular communication device;
`
`said cellular communication device further comprising
`an access restrictor to restrict use of said data mode in
`response to a cellular communication device unique
`security setting;
`
`wherein said device unique security setting is obtained
`remotely and provided to the cellular communication
`device before use of the data mode;
`
`said data mode being usable for transfer of icons to the
`cellular communication device; and
`
`wherein said cellular communication device is
`associated with a client program for managing a
`predetermined communication protocol, and
`
`carrying out one member of the group consisting of:
`
`setting said cellular communication device into said data
`mode when said device unique security setting is
`
`vii
`
`

`

`Claim Identifier Claim Language
`
`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`18
`
`[18.1]
`
`[18.2]
`
`[18.3]
`
`[18.4]
`
`[18.5]
`
`[18.6]
`
`correct; and
`
`disabling said data mode when said active connection is
`no longer active.
`
`A server for supporting data configuration operations at
`a plurality of cellular communication devices, said
`cellular communication devices each comprising a
`processor, a memory and a data mode for allowing
`reading and writing of data into said memory and
`changing of settings on said cellular communication
`device;
`
`said settings comprising personal data, device
`configuration data and technical data relating to the
`specific cellular communication device;
`
`said each cellular communication device further
`comprising an access restrictor to restrict use of said
`data mode in accordance with a unique security setting
`provided by said server to said each cellular
`communication device in a predetermined
`communication protocol;
`
`said unique security setting being provided by said
`server to said each cellular communication device in
`real-time before use of the data mode by each cellular
`communication device respectively; and
`
`wherein use of the access data mode by said each
`cellular communication device permits the server to
`install, upgrade, modify, reconfigure or replace an
`operating system of stored on said cellular
`communication device via an active connection when
`said device is in said data mode,
`
`wherein said predetermined communication protocol is
`managed by said cellular communication devices in
`association with at least one client program, and
`
`See [17.6]
`
`viii
`
`

`

`Claim Identifier Claim Language
`
`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`[18.7]
`
`19
`
`[19.1]
`
`[19.2]
`
`[19.3]
`
`[19.4]
`
`[19.5]
`
`[19.6]
`
`wherein said devices are respectively configured to
`carry out one member of the group consisting of:
`
`setting said cellular communication device into said data
`mode when said device unique security setting is
`correct; and
`
`disabling said data mode when said active connection is
`not active.
`
`A method of restricting access to a data mode of each
`one of a plurality of cellular communication devices,
`each of said devices further comprising a processor and
`a memory, said data mode allowing reading and writing
`of data into said memory to change settings on each said
`cellular communication device,
`
`said settings comprising personal data, device
`configuration data and technical data relating to the
`specific cellular communication device,
`
`the method being carried out remotely at a server using
`an active connection and comprising: storing device
`dependent information of each of said plurality of
`cellular communication devices;
`
`creating unique security settings for each of said
`plurality of cellular communication devices using said
`cellular communication device dependent information,
`
`providing said unique security settings to said respective
`cellular communication devices remotely in real-time
`before the data mode is used using a predetermined
`communication protocol;
`
`See [1.4], [18.4]
`
`configuring each of said plurality of cellular
`communication devices to enable access to said data
`mode in response to a respective unique security setting;
`and
`
`ix
`
`

`

`Claim Identifier Claim Language
`
`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`[19.7]
`
`[19.8]
`
`enabling one member of the group of actions to be
`performed by one of said cellular communication
`devices, the group consisting of
`
`transferring icons,
`transferring a file,
`installing an operating system,
`upgrading an operating system,
`modifying an operating system,
`reconfiguring an operating system and
`replacing an operating system,
`
`said action being carried out when said respective
`cellular communication device is in said data mode; and
`
`managing said predetermined communication protocol
`using a client program for one member of the group
`consisting of:
`
`enabling entry into said data mode when said cellular
`communication device determines that said device
`unique security setting is correct; and
`
`disabling said data mode when said active connection is
`no longer active.
`
`20
`
`[20]
`
`See [8]
`
`
`
`
`
`x
`
`

`

`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`Petitioner (“Apple”) petitions for Inter Partes Review of claims 1-20
`
`(“Challenged Claims”) of U.S. Patent No. 9,635,544 (“the ’544 patent”).
`
`I.
`
`REQUIREMENTS
`
`A. Grounds for Standing
`
`Apple certifies that the ’544 patent is available for IPR. This petition is
`
`being filed within one year of service of a complaint against Apple. Apple is not
`
`barred or estopped from requesting this review.
`
`B. Challenge and Relief Requested
`
`Apple requests IPR and cancellation of the Challenged Claims on the
`
`grounds below. In support, this petition includes a declaration from Dr. Patrick G.
`
`Traynor1 (APPLE-1003).
`
`Ground
`
`Claims
`
`Basis
`
`1
`
`2
`
`1-20
`
`1-20
`
`§103: Shahbazi
`
`§103: Fam, Geiger, Shirai
`
`The ’544 patent was filed 1/7/2015, and claims priority to U.S. Provisional
`
`Application No. 60/550,305 filed 3/8/2004 (“Critical Date”). Apple does not
`
`concede that the Challenged Claims are entitled to the claimed priority, but applies
`
`
`1 Dr. Traynor is a professor in Computer and Information Science and Engineering
`
`(CISE) at the University of Florida and a Co-Director of the Florida Institute of
`
`Cybersecurity (FICS) Research.
`
`1
`
`

`

`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`prior art before the alleged date. APPLE-1003, ¶58. Applied references are prior
`
`art based at least one bases below:
`
`Reference Date(s)
`
`Basis
`
`Shahbazi
`
`12/23/2003
`
`§102(e)
`
`Fam
`
`3/7/2003
`
`§102(e)
`
`Geiger
`
`10/8/2002
`
`§102(b)
`
`Shirai
`
`12/31/2001
`
`§102(b)
`
`Shahbazi claims priority to U.S. Provisional Pat. No. 60/531,668
`
`(“Shahbazi Provisional”)(APPLE-1011), filed 12/23/2003. Shahbazi is entitled to
`
`the benefit of its provisional filing date since the Shahbazi Provisional disclosure
`
`“provides sufficient detail that would have led a POSITA to conclude that the in-
`
`ventor of the Shahbazi Provisional had possession of the invention claimed in
`
`Shahbazi…” APPLE-1003, ¶63.
`
`Shahbazi, Claim 1
`(APPLE-1004, 17:65-18:33)
`
`Shahbazi Provisional
`
`[1a]
`
`[1b]
`
`[1c]
`
`[1d]
`
`[1e]
`
`[1f]
`
`APPLE-1011, 4-5
`
`Id., 6-8
`
`Id., 6-8, 14-15
`
`Id., 10-11
`
`Id., 10-11
`
`Id., 15-17
`
`2
`
`

`

`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`II. THE ’544 PATENT
`
`A.
`
`’544 Patent Specification
`
`The ’544 patent describes a “security system for protection of data and
`
`access,” including “read and write access to configuration data, in a cellular
`
`telephony device.” APPLE-1001, 1:20-24. According to the ’544 patent, “[a]
`
`security vulnerability exists in cellular device” in that “it is possible to read
`
`sensitive information” and “write it into a new cellular device (destination) thus
`
`making the destination device identical to the source device with regards to the
`
`cellular network.” Id., 1:25-35. This “enables the destination device to make calls,
`
`which are then billed to the source device.” Id. APPLE-1003, ¶49.
`
`The ’544 patent describes solving security vulnerabilities associated with
`
`sensitive information stored on a cellular device by limiting device access.
`
`APPLE-1003, ¶51. Figure 2 shows a system in which “a cellular telephone is
`
`connected through a data connection to a reprogramming device and to a secure
`
`server.” APPLE-1001, 6:66-7:2.
`
`3
`
`

`

`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`APPLE-1001, Fig. 2
`
`
`
`Shahbazi places device 20 in a “data mode for allowing reading and writing of data
`
`to change the settings and generally to allow reprogramming.” Id. Device 20 is
`
`“configured to restrict use of the data mode” using a “unique security setting
`
`belonging to the device.” Id. This ensures “the data mode cannot be used unless
`
`the device unique security setting is provided” and “it is no longer possible to
`
`obtain a single password and thereby compromise a large number of devices.” Id.
`
`The system includes reprogramming client device 24 and server 26 to
`
`support data mode operations on device 20. APPLE-1003, ¶53. Device 24
`
`4
`
`

`

`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`supports connection 22 to device 20 and carries out reprogramming or data
`
`configuration operations, such as “replacing or updating of the operating system”
`
`and “changing of the telephone number.” APPLE-1001, 9:1-15. Server 26
`
`supports device 24 and in some instances where “the device unique security
`
`settings are dynamic and change rapidly[,]” provide additionally security by
`
`enabling “a live connection.” Id., 10:14-21. In such embodiments, the device
`
`unique security setting is “an encoding configuration for the data mode read and
`
`write instructions, and the data mode entry command,” “reprogramming client
`
`device 24 does not know…what the read and write commends are for the given
`
`device.” Id., 9:28-40. Server 26 “knows or generates the settings” such that the
`
`live connection permits data mode operation on device 20. Id., 10:14-21.
`
`B.
`
`Prosecution History
`
`The examiner did not consider any of Shahbazi, Fam, Geiger, and Shirai,
`
`which render the Challenged Claims obvious. APPLE-1003, ¶¶54-58.
`
`C. Claim Construction
`
`All claim terms should be construed according to the Phillips standard.
`
`Phillips v. AWH Corp., 415 F.3d 1303 (Fed. Cir. 2005); 37 C.F.R. §42.100.
`
`Additionally, “claim terms need only be construed to the extent necessary to
`
`resolve the controversy.” Wellman, Inc. v. Eastman Chem. Co., 642 F.3d 1355,
`
`1361 (Fed. Cir. 2011). Because the Challenged Claims are obvious under any
`
`5
`
`

`

`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`reasonable interpretation, no express constructions are required in this proceeding.2
`
`Petitioner reserves the right to address any construction proposed by Patent Owner
`
`or the Board. Petitioner also reserves the right to pursue constructions in district
`
`court that are necessary to decide matters of infringement.
`
`III. THE CHALLENGED CLAIMS ARE UNPATENTABLE
`
`A.
`
`[GROUND 1] – Shahbazi Renders Obvious Claims 1-20
`
`1.
`
`Shahbazi
`
`Shahbazi describes a software framework that links security technologies to
`
`enforce security and data protection policies across for mobile devices. APPLE-
`
`1004, 5:26-31; APPLE-1011,3 7-8; APPLE-1003, ¶59. It recognizes that the
`
`prominence of mobile devices as a standard computing platform has led to
`
`“security threats to data stored in and access by these types of mobile devices” and
`
`has “created a heightened awareness and increased need for security.” APPLE-
`
`1004, 2:11-21; APPLE-1011, 3. It also identifies prior art technologies—e.g.,
`
`“Trusted Mobile Suite”—used to secure various computing environments and “set
`
`access control, encryption, and other parameters and push them to such mobile
`
`
`2 Apple is not conceding that the Challenged Claims satisfy all statutory require-
`
`ments, such as 35 U.S.C. §112, nor waiving arguments concerning other ineligible
`
`grounds nor constructions.
`
`3 Reference to page numbers of APPLE-1011 are to document page numbers.
`
`6
`
`

`

`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`devices” to “protect against fraud, theft, sabotage, malicious hacking, and other
`
`adverse exposure caused by data compromise.” Id., 2:22-41; APPLE-1011, 3.
`
`This “allows administrators and users to secure all or selected applications[]” from
`
`“unwanted or unauthorized access.” Id.
`
`Shahbazi promotes “an efficient and flexible system and method for
`
`securing data in mobile devices used in varying operating environments.” APPLE-
`
`1004, 3:5-17; APPLE-1011, 4-5. This involves an identity status that is “akin to
`
`DNA information of an organism” and includes “information [that] characterizes
`
`or identifies different mobile devices.” APPLE-1004, 9:16-46; APPLE-1011, 7-9.
`
`The identity status enables a “security profile” used for device protection and
`
`includes parameters “relating to protection of the mobile device, restriction on use
`
`of an internal resource and external resource, and configuration of a resource.”
`
`APPLE-1004, 3:60-4:6; APPLE-1011, 7-9. This enables the Shahbazi system to
`
`“intelligently create and enforce security and data protection policies across [a]
`
`dynamic set of mobile devices and end points in a timeless, network, and device
`
`independent manner, with low maintenance requirement.” APPLE-1004, 5:26-31;
`
`APPLE-1011, 7-9; APPLE-1003, ¶60.
`
`Figure 1 illustrates system 100 implementing Shahbazi’s security
`
`framework.
`
`7
`
`

`

`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`APPLE-1004, Fig. 14
`
`
`
`System 100 “supports security amongst computing nodes 102 and mobile devices
`
`104. APPLE-1004, 5:45-59; APPLE-1011, 9. Computing device 102 “can be any
`
`type of wired or wireless network node, a client station connected, a server station,
`
`a router, a hub, or an access point.” Id. A security server 106 “provides central
`
`functionality for implementing security parameters.” Id. Mobile device 104 is
`
`“any type of device,” including a “handheld device, personal digital assistant,
`
`
`4 Figures 1 and 2 in APPLE-1004 and APPLE-1011 are identical.
`
`8
`
`

`

`phone, smart phone, pager, etc.” Id., 5:60-65; APPLE-1011, 9-10; APPLE-1003,
`
`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`¶61.
`
`
`
`Figure 2 illustrates security between computing node 102 and mobile device
`
`104.
`
`APPLE-1004, Fig. 2
`
`
`
`Computing node 102 “acts as a gateway between the mobile devices 104 and other
`
`network resources 124.” APPLE-1004, 6:41-67; APPLE-1011, 11-12. Node
`
`security program or agent 202 is executed in the computing node 102 for
`
`interfacing with device security program or agent 204 executed at the mobile
`
`9
`
`

`

`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`device 104 or resource device 124. Id. Device security program 204 interprets
`
`device security profile 206 to implement mobile device security. Node security
`
`program 202 interprets node security profile 208 to determine one or more security
`
`parameters for managing the security between computing node 102, resource
`
`device 124, and mobile devices 104. This includes “controlling transfer of data,
`
`files, device profiles, applications, and programs between the computing node 102,
`
`resource device 124, and the mobile devices 104.” Id. One example is
`
`“preventing data synchronization between the mobile device 104 and resource
`
`device 124.” Id. Other examples include “prevent[ing] remote execution,
`
`utilization of any application, or file on the mobile device 104 or resources 124.”
`
`Id.; APPLE-1003, ¶62.
`
`2.
`
`Shahbazi Under §103
`
`Given its comprehensive teachings regarding a software framework that
`
`addresses data security, Shahbazi describes every feature recited in the Challenged
`
`Claims.5 Yet Shahbazi’s disclosure of some relevant features arguably span more
`
`than one embodiment. Regardless, the Shahbazi disclosure would have rendered
`
`the ’544 patent claims obvious, as demonstrated by this petition.
`
`
`5 See §§III.A.3-6, infra (substantively applying Shahbazi to features recited in the
`
`Challenged Claims), citing, e.g., APPLE-1004, 5:26-31; APPLE-1011, 7-8.
`
`10
`
`

`

`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`Shahbazi recognizes that “[v]arious types of security software incorporating
`
`different data security encryption standards have been used in the past for securing
`
`network, desktop, laptop, and PDA environments.” APPLE-1004, 2:22-41. And,
`
`it also observes that “society continues to adopt handheld devices as a standard
`
`computing platform.” Id., 2:12-21. A POSITA would have perceived Shahbazi
`
`teaching that that “different security standards are required to adequately secure
`
`different computing environments and further recognizes that growing adoption of
`
`handheld devices means that they would be used as a replacement for these
`
`computing requirements, creating a need for different mobile device security
`
`standards.” APPLE-1003, ¶76. Thus, a POSITA seeking to implement Shahbazi
`
`would have found it obvious to combine its various teachings in different ways to
`
`accommodate different mobile device security standards. Id. This would have
`
`motivated a POSITA to combine, adapt, and/or substitute specific teachings found
`
`in Shahbazi based on what he/she would have perceived as Shahbazi’s broader
`
`disclosure of using those teachings to address the various specific security needs of
`
`handheld devices. Id. More, “a POSITA would have recognized that
`
`embodiments in which identity status is connection-specific (e.g., tied to an
`
`identified location from which mobile device 104 attempts to connect to a
`
`computing node 102) are advantageous when there is a desire to restrict the
`
`capability to perform a synchronization operation in certain designated secure
`
`11
`
`

`

`locations, such as a user’s home over a local area network.” APPLE-10003, ¶77
`
`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`(APPLE-1004, 7:65-8:12, APPLE-1022, [0065]).
`
`3.
`
`Claim 1
`
`[1.1]
`
`The Shahbazi system includes mobile devices 104 (e.g., “cellular
`
`communication device”) for which security is managed using computer nodes 102
`
`and security server 106. APPLE-1004, 6:60-65; APPLE-1011, 11-12.
`
`APPLE-1004, Fig. 1
`
`
`
`According to Shahbazi, “security threats to data stored in and access by these types
`
`of mobile devices have become a serious concern and have created a heightened
`
`12
`
`

`

`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`awareness and increased need for security.” APPLE-1004, 2:12-41; APPLE-1011,
`
`3. Further, “[v]arious types of security software incorporating different data
`
`security encryption standards have been used in the past for securing network,
`
`desktop, laptop, and PDA environments.” Id.; APPLE-1003, ¶78.
`
`Figure 2 shows a technique for managing security between mobile device
`
`104 and computing node 102. Mobile device 104 is “any handheld device,
`
`personal digital assistant, phone, smart phone, pager, etc., where various types of
`
`mobile devices operating within the system 100 can be discovered, located or
`
`detected for managing security.” APPLE-1004, 5:60-65; APPLE-1011, 9-10.
`
`Given that mobile device 104 is implemented as one of these devices, it would
`
`have been obvious to a POSITA that mobile device 104 would have included a
`
`“processor” and “memory.” APPLE-1003, ¶79.
`
`13
`
`

`

`Attorney Docket No. 50095-0121IP1
`IPR of U.S. Patent No. 9,635,544
`
`
`APPLE-1004, Fig. 1 (annotated)
`
`
`
`Information stored on mobile device 104 (“settings”) are synchronized with