`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`TREND MICRO, INC.
`Petitioner
`
`
`
`v.
`
`
`
`TAASERA LICENSING LLC
`______
`
`
`
`Case No. IPR-2023-00801
`Patent No. 8,327,441
`
`
`PETITION FOR INTER PARTES REVIEW
`OF U.S. PATENT NO. 8,327,441
`
`
`Filed on behalf of Trend Micro, Inc.
`By: Robert M. Hansen
`Scott B. Amankwatia
`Matthew J. Anderson
`The Marbury Law Group, PLLC
`11800 Sunrise Valley Drive
`15th Floor
`Reston, VA 20191
`Tel: (703) 391-2900
`Fax: (703) 391-2901
`
`
`
`
`
`
`
`
`
`
`

`

`TABLE OF CONTENTS
`
`
`I.
`
`Introduction .......................................................................................................... 1
`
`II. Grounds for Standing (37 C.F.R. § 42.104(a)) ................................................. 2
`
`III.
`
`Identification of Challenge (37 C.F.R. § 42.104(b)) ........................................ 2
`
`A. Citation of Prior Art ...................................................................................... 2
`
`B.
`
`Statutory Grounds for Challenge ................................................................... 3
`
`IV. The ’441 patent ................................................................................................. 3
`
`A. Claim of Priority of the ’441 patent .............................................................. 3
`
`B. Overview of the ’441 patent .......................................................................... 3
`
`C.
`
`Summary of the Prosecution History ............................................................ 9
`
`D. Level of Ordinary Skill in the Art ...............................................................10
`
`E. Claim Construction ......................................................................................10
`
`V. HOW THE CLAIMS ARE UNPATENTABLE ............................................11
`
`A. Overview of Asserted Prior Art ..................................................................11
`
`i. Munetoh .......................................................................................................11
`
`ii.
`
`Rajan .........................................................................................................13
`
`B. Ground 1: Claims 1-7 and 9 are unpatentable under 35 U.S.C. § 103(a) as
`
`obvious in view of Munetoh and Rajan ................................................................16
`
`C. Motivation to Combine Munetoh and Rajan ...............................................16
`
`1. Claim 1 ........................................................................................................18
`
`[1a.] A method of providing an attestation service for an application at
`
`runtime executing on a computing platform using an attestation server,
`
`comprising: ....................................................................................................18
`
`[1b.]
`
`receiving, by the attestation server remote from the computing
`
`platform: ........................................................................................................21
`
`i
`
`

`

`
`
`
`
`
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,327,441
`
`[1c.]
`
`a runtime execution context indicating attributes of the
`
`application at runtime, wherein the attributes comprise one or more
`
`executable file binaries of the application and loaded components of the
`
`application; ....................................................................................................22
`
`[1d.] a security context providing security information about the
`
`application, wherein the security information comprises an execution
`
`analysis of the one or more executable file binaries and the loaded
`
`components; ..................................................................................................24
`
`[1e.]
`
`generating, by the attestation server, a report indicating security
`
`risks associated with the application based on the received runtime
`
`execution context and the received security context, as an attestation
`
`result; and ......................................................................................................27
`
`[1f.]
`
`sending, by the attestation server, the attestation result
`
`associated with the application. ...................................................................31
`
`2. Claim 2 ........................................................................................................32
`
`[2a.]
`
`generating, by the attestation server, an application artifact as a
`
`reference for changes in a subsequent execution context; and ................32
`
`[2b.]
`
`sending the generated application artifact such that subsequent
`
`changes to the runtime execution context are tracked based on the
`
`generated application artifact. ....................................................................33
`
`3. Claim 3 ........................................................................................................35
`
`[3a.] The method according to claim 2, further comprising digitally
`
`signing the attestation results: .....................................................................35
`
`[3b.] wherein the attributes further comprise parent-child process
`
`associations of the application. ....................................................................36
`
`4. Claim 4 ........................................................................................................37
`
`ii
`
`

`

`
`
`
`
`
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,327,441
`
`The method of claim 1, wherein the received security context is an
`
`introspective security context, and wherein the execution analysis is a
`
`static, dynamic, or virtual analysis of the one or more executable file
`
`binaries and the loaded components. ..........................................................37
`
`5. Claim 5 ........................................................................................................39
`
`The method of claim 4, wherein the generating of the report indicating
`
`security risks associated with the application includes generating, by the
`
`attestation server, one or more security assertions that pertain to the
`
`received runtime execution context and the received introspective
`
`security context. ............................................................................................39
`
`6. Claim 6 ........................................................................................................40
`
`The method according to claim 1, further comprising authenticating the
`
`application using a plurality of collaboration services. ............................40
`
`7. Claim 7 ........................................................................................................41
`
`The method according to claim 1, further comprising controlling a
`
`user's transaction with the application by applying a set of authorization
`
`rules in accordance with the attestation results. ........................................41
`
`8. Claim 9 ........................................................................................................42
`
`The method according to claim 1, further comprising providing
`
`confidence metrics in the attestation results indicating a level of security
`
`risk by different classifications such that a restriction on a user's
`
`transaction with the application are applied based on the level of
`
`security risk indicated by the confidence metrics in the attestation
`
`results. ............................................................................................................42
`
`D. Ground 2: Claims 1-7 and 9 are unpatentable under 35 U.S.C. § 103(a) as
`
`obvious over Rajan in view of Munetoh...............................................................43
`
`E. Motivation to Combine Rajan and Munetoh ...............................................44
`
`iii
`
`

`

`
`
`
`
`
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,327,441
`
`1. Claim 1 ........................................................................................................45
`
`[1a.] A method of providing an attestation service for an application at
`
`runtime executing on a computing platform using an attestation server,
`
`comprising: ....................................................................................................45
`
`[1b.]
`
`receiving, by the attestation server remote from the computing
`
`platform: ........................................................................................................47
`
`[1c.]
`
`a runtime execution context indicating attributes of the
`
`application at runtime, wherein the attributes comprise one or more
`
`executable file binaries of the application and loaded components of the
`
`application; ....................................................................................................48
`
`[1d.] a security context providing security information about the
`
`application, wherein the security information comprises an execution
`
`analysis of the one or more executable file binaries and the loaded
`
`components; ..................................................................................................49
`
`[1e.]
`
`generating, by the attestation server, a report indicating security
`
`risks associated with the application based on the received runtime
`
`execution context and the received security context, as an attestation
`
`result; and ......................................................................................................51
`
`[1f.]
`
`sending, by the attestation server, the attestation result
`
`associated with the application. ...................................................................53
`
`2. Claim 2 ........................................................................................................55
`
`[2a.]
`
`generating, by the attestation server, an application artifact as a
`
`reference for changes in a subsequent execution context; and ................55
`
`[2b.]
`
`sending the generated application artifact such that subsequent
`
`changes to the runtime execution context are tracked based on the
`
`generated application artifact. ....................................................................56
`
`3. Claim 3 ........................................................................................................58
`
`iv
`
`

`

`
`
`
`
`
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,327,441
`
`[3a.] The method according to claim 2, further comprising digitally
`
`signing the attestation results: .....................................................................58
`
`[3b.] wherein the attributes further comprise parent-child process
`
`associations of the application. ....................................................................58
`
`4. Claim 4 ........................................................................................................59
`
`The method of claim 1, wherein the received security context is an
`
`introspective security context, and wherein the execution analysis is a
`
`static, dynamic, or virtual analysis of the one or more executable file
`
`binaries and the loaded components. ..........................................................59
`
`5. Claim 5 ........................................................................................................59
`
`The method of claim 4, wherein the generating of the report indicating
`
`security risks associated with the application includes generating, by the
`
`attestation server, one or more security assertions that pertain to the
`
`received runtime execution context and the received introspective
`
`security context. ............................................................................................59
`
`6. Claim 6 ........................................................................................................60
`
`The method according to claim 1, further comprising authenticating the
`
`application using a plurality of collaboration services. ............................60
`
`7. Claim 7 ........................................................................................................60
`
`The method according to claim 1, further comprising controlling a
`
`user's transaction with the application by applying a set of authorization
`
`rules in accordance with the attestation results. ........................................60
`
`9. Claim 9 ........................................................................................................61
`
`The method according to claim 1, further comprising providing
`
`confidence metrics in the attestation results indicating a level of security
`
`risk by different classifications such that a restriction on a user's
`
`transaction with the application are applied based on the level of
`
`v
`
`

`

`
`
`
`
`
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,327,441
`
`security risk indicated by the confidence metrics in the attestation
`
`results. ............................................................................................................61
`
`VI. NO BASIS FOR DISCRETIONARY DENIAL ............................................61
`
`VII. CONCLUSION ...........................................................................................63
`
`VIII. Mandatory Notices (37 C.F.R. § 42.8(a)(1)) ...............................................63
`
`
`
`vi
`
`

`

`
`
`
`
`
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,327,441
`
`TABLE OF AUTHORITIES
`
`
`Cases
`
`Advanced Bionics, LLC v. MED-EL Elektromedizinische Gerate GmbH,
`IPR2019-01469, Paper 6 (Feb. 13, 2020)..............................................................63
`
`
`Cellco Partnership v. Huawei Device Co.,
`IPR2020-01117, Paper 10 (Feb. 3, 2021)..............................................................64
`
`
`Graham v. John Deere Co., 383 U.S. 1 (1966) ................................................ 16, 44
`
`KSR Int’l Co. v. Teleflex, Inc., 550 U.S. 398 (2007) ........................................ 16, 45
`
`Phillips v. AWH Corp., 415 F.3d 1303 (Fed. Cir. 2005) (en banc) .........................10
`
`Wellman, Inc. v. Eastman Chem. Co., 642 F.3d 1355 (Fed. Cir. 2011) ..................11
`
`Statutes
`
`35 U.S.C. § 102(b)(pre-AIA) ..................................................................................... 2
`35 U.S.C. § 103(a) ........................................................................................... passim
`35 U.S.C. § 325(d) ...................................................................................................61
`
`Rules
`
`37 C.F.R. § 42.10(a) .................................................................................................64
`37 C.F.R. § 42.104(a) ................................................................................................. 2
`37 C.F.R. § 42.104(b) ................................................................................................ 2
`37 C.F.R. § 42.8(a)(1) ..............................................................................................63
`37 C.F.R. § 42.8(b)(2) ..............................................................................................64
`37 C.F.R. § 42.8(b)(3) ..............................................................................................64
`37 C.F.R. §42.100(b) ...............................................................................................10
`
`
`
`vii
`
`

`

`
`
`
`Exhibit
`No.
`1001
`1002
`1003
`
`
`
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,327,441
`
`EXHIBIT LIST
`
`
`
`Description
`
`U.S. Patent No. 8,327,441 to Kumar et al.
`Curriculum Vitae of A.L. Seth Nielson, Ph.D.
`Expert Declaration of Dr. Seth Nielson under 37 C.F.R. § 1.68.
`
`1004
`1005
`
`Prosecution History of ’441 to Kumar et al.
`Seiji Munetoh, Integrity management Infrastructure for Trusted
`Computing, IEICE TRANS. INF. & SYST., Vol. E91-D, No. 5,
`1242-1251, (May 2008).
`Hridesh Rajan, Tisa: Toward Trustworthy Services in a Service-
`Oriented Architecture, IEEE Transactions on Services
`Computing, 201-213, (October-December 2008).
`Declaration of Ingrid Hsieh-Yee, Ph.D.
` Steve Anderson, Web Services Trust Language (WS-Trust),
`(February 2005).
`George Moncrief, ezHPC Security Architecture, IEEE Computer
`Society, (2006).
`Taasera Licensing LLC, v. Trend Micro Incorporated, Plaintiff’s
`Disclosure of Asserted Claims and Infringement Contentions
`with ’441 Claim Chart, 2:21-cv-00441-JRG-RSP, (Jul 26, 2022).
` Ajay Surie, Rapid Trust Establishment for Pervasive Computing,
`IEEE Computer Society, 24-30, (2007).
`1012 Minjin Kwon, PROBE: A Process Behavior-based Host Intrusion
`Prevention System, Department of Computer Science and
`Engineering, Korea University, Seoul, (2008).
`
`1006
`
`1007
`1008
`
`1009
`
`1010
`
`1011
`
`viii
`
`

`

`I.
`
`INTRODUCTION
`
`Trend Micro, Inc. (“Petitioner”) petitions for inter partes review of claims 1-
`
`12 of U.S. Patent No. 8,327,441 to Kumar et al., entitled “System and method for
`
`application attestation.” (“the ’441 patent,” EX1001), which according to PTO
`
`records, is assigned to Taasera Licensing, Inc. (“Taasera”).
`
`As will be shown, computer security concerns were rapidly increasing and
`
`systems were in development to assure the integrity of computing networks years
`
`before the ’441 patent application was filed. A consortium of key industry players
`
`assembled as the Trusted Computing Group (TCG) were developing specifications
`
`and requirements for hardware-based architectures, software systems and modules
`
`with the goal of guaranteeing security, integrity and confidentiality of data.
`
`EX1006, p.2. More than two years before the ’441 patent application was filed,
`
`the TCG had developed and publicized industry specifications defining an Integrity
`
`Management Infrastructure in which Platform Trust Services measure the integrity
`
`of a computing platform at runtime and produce verifiable Integrity Reports.
`
`EX1005, p.1. More than two years after such publications, Patent Owner Taasera
`
`sought to patent essentially the same technology.
`
`1
`
`

`

`
`
`
`
`II. Grounds for Standing (37 C.F.R. § 42.104(a))
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,327,441
`
`
`
`Petitioner certifies that the ’441 patent is available for inter partes review
`
`and that Petitioner is not barred or estopped from requesting an inter partes review
`
`challenging the patent claims on the grounds identified in this Petition.
`
`III.
`
`Identification of Challenge (37 C.F.R. § 42.104(b))
`
`A. Citation of Prior Art
`
`
`
`Petitioner cites the following prior art references.
`
`Munetoh, et al. “Integrity Management Infrastructure for Trusted Computing”
`
`IEICE TRANS. INF. & SYST., Vol. E91-D, No. 5, 1242-1251, (May 2008)
`
`(“Munetoh”, EX1005) is prior art under pre-AIA § 102(b) because it was published
`
`and publicly accessible by June 16, 2008, more than one year before the earliest
`
`possible priority date of the ’441 patent. EX1007. Munetoh was not identified or
`
`considered during prosecution of the ’441 patent.
`
`
`
`Rajan, et al. “Tisa: Toward Trustworthy Services in a Service-Oriented
`
`Architecture,” IEEE Transactions on Services Computing, 201-213, (October-
`
`December 2008) (“Rajan”, EX1006) is prior art under pre-AIA § 102(b) because it
`
`was published and publicly available no later than March 24, 2009, more than one
`
`year before the earliest possible priority date of the ’441 patent. EX1007. Rajan
`
`was not identified or considered during prosecution of the ’441 patent.
`
`2
`
`

`

`
`
`
`
`
`
`
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,327,441
`
`B. Statutory Grounds for Challenge
`
`Petitioner requests review of ’441 patent claims 1-7 and 9 (the “Challenged
`
`Claims”) on the following grounds:
`
`GROUND 1: Claims 1-7 and 9 are unpatentable under 35 U.S.C. § 103(a) as
`
`obvious over Munetoh (EX1005) in view of Rajan (EX1006).
`
`GROUND 2: Claims 1-7 and 9 are unpatentable under 35 U.S.C. § 103(a) as
`
`obvious over Rajan (EX1006) in view of Munetoh (EX1005).
`
`
`
`IV. The ’441 patent
`
`A. Claim of Priority of the ’441 patent
`
`The ’441 patent issued December 4, 2012, from U.S. Patent Application No.
`
`13/399,065, filed February 17, 2012, which claimed priority to Provisional
`
`Application No. 61/443,854, filed February 17, 2011. EX1001, p.1. Solely for the
`
`purposes of this Petition, the earliest priority date for the ’441 patent is taken to be
`
`February 17, 2011 (the “priority date”), so the Challenged Claims should be
`
`examined under pre-AIA statutes.
`
`B. Overview of the ’441 patent
`
`The ’441 patent relates to computer security. EX1001, 1:15-18, 5:45-67;
`
`EX1003, ¶71. As background, the patent recognizes that in recent trends in
`
`3
`
`

`

`
`
`
`
`
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,327,441
`
`computing “enterprise software is no longer owned by the customer, but instead
`
`the Information Technology infrastructure can be provided by a third party and the
`
`software applications may be sold as service offerings.” Id., 1:20-25. “Security in
`
`such environments may be an emerging challenge.” Id., 5:66-67.
`
`To address such security concerns, the ’441 patent discloses systems and
`
`methods “of providing an attestation service for an application at runtime
`
`executing on a computing platform using an attestation server.” Id., 26:27-29. The
`
`application may be an application targeted for use by a computing platform
`
`operated by a user that may desire an assurance or an attestation that the
`
`application is appropriate to be used. Id., 7:7-12. In an attestation service,
`
`“applications may be secured by signing-on or authenticating applications onto the
`
`network using an attestation process (e.g., via a single factor or multi-factor
`
`attestation).” Id., 6:1-4. The patent discloses a “method, apparatus and/or system
`
`to establish user-to-application connections based on the dynamic attestation of
`
`applications” EX1001, 1:41-44.
`
`FIG. 4 reproduced below illustrates the system and methods of the ’441
`
`patent.
`
`4
`
`

`

`
`
`
`
`
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,327,441
`
`
`
`Referring to FIG. 4, a network 450 may include an instrumented target
`
`platform 400, a runtime monitor 401, an attestation broker or attestation server
`
`402, collaboration services 403, an interactive user 404, and/or a network access
`
`enforcer 405. Id., 14:9-12,12:64-67.
`
`The specification explains that “[t]he user 404 may establish a physical
`
`connection over network 450 and may initiate an application access request 411 to
`
`commence or initiate a transaction with a target application hosted on the
`
`instrumented target platform 401.” Id., 14:12-16. “Applications running on the
`
`5
`
`

`

`
`
`
`
`
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,327,441
`
`instrumented target platform 400 may be inspected by the runtime monitor 401 for
`
`application execution context and state changes.” Id., 14:17-19.
`
`The “runtime monitor may generate a runtime application execution context
`
`(e.g., metadata), which may include, for example, the file hash digests and/or file
`
`attributes for loaded components of the running target application. The running
`
`target application may be registered by the runtime monitor 401 with the
`
`attestation broker 402 via a start notification 406 and the runtime application
`
`execution context (e.g., that may include the metadata) may be sent by the runtime
`
`monitor 401 to the attestation broker 402 via an application execution context
`
`change notification 408.” Id., 14:27-37.
`
`In response, the attestation broker or attestation server 402 “may verify the
`
`authenticity of the running application on the instrumented target platform 400
`
`with a real time or near real time exchange 409 of the received metadata with one
`
`or more collaboration services 403 and the return of the application security
`
`context 410 based on the exchanged metadata.” Id., 14:39-44, 12:64-67.
`
`“A network access enforcer 405 may register or subscribe with the
`
`attestation broker 402 as a web service over a web services protocol interface
`
`412:413 for notifications (e.g., publications) of application statements or reports
`
`(e.g., claims) for running applications (e.g., all running applications) on a plurality
`
`of instrumented target platforms 400.” Id. 15:5-10. “The network access enforcer
`
`6
`
`

`

`
`
`
`
`
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,327,441
`
`405 may query the attestation broker 402 for user specific application bindings
`
`configured for the attestation broker 402 to determine authorization controls based
`
`on dynamic multi-factor application attestation, and real time (or near real time)
`
`confidence metrics based on the local execution context 408 and assessed security
`
`context 410.” Id., 1528-34. “[T]he network access enforcer 405 … may deny
`
`access on an authenticated user based on the level of concern … as expressed in
`
`the user-to-application policy bindings provisioned for the attestation broker 402.”
`
`Id., 15:34-41.
`
`The Challenged Claims recite a “method of providing an attestation service
`
`for an application at runtime executing on a computing platform using an
`
`attestation server.” Id., 26:27-29.
`
`In the method recited in claim 1, the attestation server receives a runtime
`
`execution context indicating attributes of the application at runtime, and a security
`
`context providing security information about the application. Id., 26:30-39. The
`
`attributes comprise one or more executable file binaries of the application and
`
`loaded components of the application, and the security information comprises an
`
`execution analysis of the one or more executable file binaries and the loaded
`
`components. Id.
`
`Based on based on the received runtime execution context and the received
`
`security context, the attestation server generates as an attestation result. Id., 26:40-
`
`7
`
`

`

`
`
`
`
`
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,327,441
`
`44. The attestation server then sends the attestation result associated with the
`
`application. Id., 26:44-45. The claim does not identify where the attestation result
`
`is sent.
`
`Claim 2 expands the method to include the attestation result generating an
`
`application artifact as a reference for changes in a subsequent execution context,
`
`and sending the generated application artifact such that subsequent changes to the
`
`runtime execution context are tracked based on the generated application artifact.
`
`Id., 26:46-52. Again, the claim does not identify where the generated application
`
`artifact is sent. The specification explains that “the attestation service may be
`
`configured to generate an artifact based on a runtime local execution context of the
`
`running application instance on the instrumented target platform.” Id., 2:40-43.
`
`Claim 3 adds digitally signing the attestation results and limits the attributes to
`
`further including parent-child process associations of the application. Id., 26:53-
`
`56.
`
`Claim 4 clarifies that the received security context is an introspective
`
`security context, and the execution analysis is a static, dynamic, or virtual analysis
`
`of the one or more executable file binaries and the loaded components. Id., 26:53-
`
`56. Claim 5 further clarifies that the attestation server generates one or more
`
`security assertions that pertain to the received runtime execution context and the
`
`received introspective security context. Id., 26:63-67.
`
`8
`
`

`

`
`
`
`
`
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,327,441
`
`Claim 6 adds to the method authenticating the application using a plurality
`
`of collaboration services. Id., 27:1-3. Claim 7 adds to the method controlling a
`
`user’s transaction with the application by applying a set of authorization rules in
`
`accordance with the attestation results. Id., 27:4-7.
`
`C. Summary of the Prosecution History
`
`Prosecution of the 13/399,065 application that issued as the ’441 patent
`
`began with a non-final Office Action on April 27, 2012, in which claims 1-26 were
`
`rejected under 35 U.S.C. § 102(e) as unpatentable under U.S. Patent Publication
`
`2011/0179477 to Starnes. EX1004, pp.111-119. Applicant initiated an Examiner
`
`Interview on June 7, 2012. EX1004, pp.107.
`
`After an Examiner Interview, Taasera responded on June 29, 2012, by
`
`amending claims 1, 3-5, 13-19, and 21-26. Of relevance to the Challenged Claims,
`
`independent claim 1 was amended to recite “wherein the attributes comprise one or
`
`more executable file binaries of the application and loaded components of the
`
`application... wherein the security information comprises an execution analysis of
`
`the one or more executable file binaries and the loaded components”.
`
`A Notice of Allowance then issued September 17, 2012, without an
`
`Examiner’s statement of reasons for allowance. Id., pp.48-49.
`
`9
`
`

`

`
`
`
`
`
`D. Level of Ordinary Skill in the Art
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,327,441
`
`As established by the Declaration of Dr. Seth Nielson dated April 6, 2023
`
`(EX1003), a person having ordinary skill in the art (PHOSITA) at the time of the
`
`earliest claimed priority date for the ’948 patent would have had a bachelor’s
`
`degree in computer science, or a related field, or an equivalent technical degree or
`
`equivalent work experience, and an additional one to two years of education or
`
`experience in the field of computer security topics. More education can
`
`supplement practical experience and vice versa. EX1003, ¶81.
`
`E. Claim Construction
`
`In this proceeding, claims are interpreted under the same standard applied by
`
`Article III courts (i.e., the Phillips standard). 37 C.F.R. §42.100(b); Phillips v.
`
`AWH Corp., 415 F.3d 1303 (Fed. Cir. 2005) (en banc).
`
`So far in parallel litigation neither Taasera nor any defendants have proposed
`
`a claim construction. For purposes of this proceeding only, Petitioner proposes
`
`that all claim terms should be given their plain and ordinary meanings and no
`
`specific claim constructions are necessary to apply the asserted prior art to the
`
`Challenged Claims.1 See Wellman, Inc. v. Eastman Chem. Co., 642 F.3d 1355,
`
`1361 (Fed. Cir. 2011) (“[C]laim terms need only be construed to the extent
`
`
`1 Petitioner reserves the right in other proceedings to construe the Challenged
`
`Claims and pursue indefiniteness theories.
`
`10
`
`

`

`
`
`
`
`
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,327,441
`
`necessary to resolve the controversy.”).
`
`V. HOW THE CLAIMS ARE UNPATENTABLE
`
`
`
`The following discussion and the accompanying evidence demonstrate that
`
`there is a reasonable likelihood that Petitioner will prevail with respect to the
`
`Challenged Claims.
`
`A. Overview of Asserted Prior Art
`
`Petitioner submits that claims 1-7 and 9 of the ’441 patent are invalid as
`
`unpatentable under 35 U.S.C. § 103(a) in view of the combination of Munetoh and
`
`Rajan.
`
`i.
`
`Munetoh
`
`Munetoh is directed towards an integrity management infrastructure for
`
`trusted computing based on a standard published by the Trusted Computing Group
`
`(TCG). EX1003, ¶¶83-84; EX1005, pp.1. In Munetoh, a chain of trust is used to
`
`check the security and authenticity of various hardware and software components.
`
`EX1005, pp.1; EX1003, ¶¶84,89-91. In addition to managing the integrity of
`
`components on a device, Munetoh describes infrastructure for confirming and
`
`attesting to parties requesting the service can confirm trust in the service. EX1005,
`
`pp.4-5; EX1003, ¶¶86-87,91. Specifically, Munetoh provides an integrity
`
`management model that includes a remote verifier that provides platform trust
`
`11
`
`

`

`
`
`
`
`
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,327,441
`
`services (PTS). EX1005, pp.4, Fig.-1; EX1003, ¶¶87,93. Information about the
`
`trustworthiness of a platform is collected and monitored by a client (agent)
`
`installed on the platform. EX1005, pp.5-6. The system is illustrated in Figure 1 of
`
`Munetoh which is reproduced below.
`
`
`
`The platform trust services at the remote verifier includes a finite state
`
`machine that records the change of states on a platform received in an integrity
`
`measurement log (IML). Id. The applications running on the server being analyzed
`
`for trust may also be measured and attested by the remote verifier by analyzing the
`
`behavior and integrity of software components that are loaded and executed.
`
`EX1005, pp.3-6. Specifically, hash values are measured for binary images of
`
`12
`
`

`

`
`
`
`
`
`
`Petition for Inter Partes Review of
`U.S. Patent No. 8,32