PTAB

CBM2014-00121

Phoenix Payment Systems Inc v. Protegrity Corp

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Data Security System For a Database
  • Brief Description: The ’281 patent relates to systems and methods for protecting data within a database. The invention grants or denies access to portions of data based on the satisfaction of one or more associated data processing rules.

3. Grounds for Unpatentability

Ground 1: Invalidity under §101 - Claims 1, 2, 12, 17, 21, 32, 33, 38, 45, 47, 53, and 58 are invalid under 35 U.S.C. § 101

  • Core Argument:
    • Petitioner argued that all challenged claims are directed to the patent-ineligible abstract idea of rule-based data access—determining whether access to data should be granted based on whether one or more rules are satisfied.
    • Petitioner asserted that the claims fail to add sufficiently meaningful limitations beyond the abstract idea. The claims merely recite vague and conventional computer components, such as a "database," a "table," and a "processor," to perform the steps of the abstract concept. These limitations, Petitioner contended, amount to nothing more than the routine and conventional use of a general-purpose computer and are insufficient to confer patent eligibility.
    • Petitioner further argued that the claims fail the machine-or-transformation test, as they are not tied to a specific machine and only involve the "mere manipulation or reorganization of data," which does not satisfy the transformation prong.

Ground 2: Anticipation by Denning - Claims 1, 2, 12, 17, 21, 32, 33, 38, 45, 47, and 58 are anticipated under 35 U.S.C. § 102 by Denning

  • Prior Art Relied Upon: Denning (Cryptography and Data Security, 1982).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Denning, a 1982 textbook on data security, teaches every element of the challenged claims. Denning’s disclosed "access-matrix model" for database systems was alleged to directly correspond to the claimed method. The access matrix contains rows corresponding to subjects (e.g., users), columns corresponding to objects (e.g., data portions like fields within records), and matrix entries that list "decision rules" specifying access rights. Petitioner asserted this structure anticipates the limitations of independent claim 1, which requires maintaining a database of data portions and a separate data protection table with rules for accessing those portions.
    • Prior Art Mapping (Dependent Claims): Denning was also alleged to anticipate dependent claims by teaching user-specific access restrictions (claim 2), the use of encryption in combination with access controls (claims 12, 32, 45, 53, 58), and the concept of data categories through its disclosure of data element types corresponding to database columns (claims 33, 47).

Ground 3: Obviousness over Denning, Lang, and FIPS - Claims 1, 2, 12, 17, 21, 32, 33, 38, 45, 47, and 58 are obvious over Denning, Lang, and FIPS PUB 140-1

  • Prior Art Relied Upon: Denning (Cryptography and Data Security, 1982), Lang (Patent 5,065,429), and FIPS PUB 140-1 ("Security Requirements for Cryptographic Modules").

  • Core Argument for this Ground:

    • Prior Art Mapping: Petitioner argued that the combination of Denning, Lang, and FIPS PUB 140-1 renders the challenged claims obvious. Denning teaches a foundational access-matrix model for database security, while Lang teaches a specific implementation of rule-based access control for data on storage media using an index table. FIPS PUB 140-1 provides a well-known federal standard for implementing cryptographic modules at various security levels. Together, these references were said to teach all elements of the claims, including rule-based access, data categorization, and encryption.
    • Motivation to Combine: Petitioner asserted that a person of ordinary skill in the art (POSITA) would have been motivated to combine the teachings. Denning was presented as an introductory text that explicitly encourages consulting other references for more detailed implementations. A POSITA would naturally look to references like Lang for specific system architectures and to a standard like FIPS PUB 140-1 to implement the cryptographic aspects described conceptually in Denning and Lang. The combination was framed as a common-sense application of known systems to achieve a predictable result.
    • Expectation of Success: A POSITA would have had a high expectation of success in combining these references because it involved applying a known security standard (FIPS) to established access control frameworks (Denning and Lang) to enhance data protection, a well-understood goal in the art.

  • Additional Grounds: Petitioner asserted additional anticipation challenges based on Lang alone, as well as narrower obviousness challenges against claim 53 based on Denning in view of FIPS PUB 140-1 and Lang in view of FIPS PUB 140-1.

4. Key Claim Construction Positions

  • Database: Petitioner argued for a broad construction of "database" to include any "organized collection of structured data," based on positions the Patent Owner had allegedly taken in related litigation.
  • Data Processing Rules: The term was proposed to broadly refer to rules for any form of data processing, including reading, printing, altering, moving, or copying, based on the patent’s specification.
  • Data Category: Petitioner argued this term, not explicitly defined in the patent, should be broadly construed as any class or division of data sharing one or more attributes. Petitioner contended it was synonymous with "data element type" from the priority patent, which corresponds to columns in a database table.
  • Encryption/Encrypted: Based on the specification, Petitioner proposed that these terms refer broadly to any "conversion of data into non-interpretable form," including hashing.

5. Relief Requested

  • Petitioner requests institution of a Covered Business Method patent review and cancellation of claims 1, 2, 12, 17, 21, 32, 33, 38, 45, 47, 53, and 58 of the ’281 patent as unpatentable.