Oracle Corp v. Clouding IP LLC

1. Case Identification

• Case #: IPR2013-00260
• Patent #: 5,825,891
• Filed: May 2, 2013
• Petitioner(s): Oracle Corporation
• Patent Owner(s): Clouding IP, LLC
• Challenged Claims: 9

2. Patent Overview

• Title: Method for Key Management in Network Communications
• Brief Description: The ’891 patent relates to a method for managing keys in secure network communications. The disclosed method involves a firewall computer providing a temporary password to a second computer, which is then used to encrypt and securely transmit Virtual Private Network (VPN) tunnel information, such as secret keys, over a public network.

3. Grounds for Unpatentability

Ground 1: Obviousness over Aziz in view of Stallings - Claim 9 is obvious over Aziz in view of Stallings

• Prior Art Relied Upon: Aziz (Patent 5,416,842) and Stallings (Network and Internetwork Security, 1995).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Aziz taught a fundamental architecture for creating an encrypted tunnel between two firewalls over a public network. Stallings taught well-known techniques for securely distributing cryptographic keys. Specifically, Stallings described a method where two parties who have a "previously and recently used a key" (an old key) can use it to encrypt and transmit a new key. Petitioner contended this "old key" functions as the claimed "temporary configuration password," used to secure the "tunnel record information" (the new key). Stallings’s teaching that the old key is used to configure a new session, after which the new key is used, inherently taught the temporary nature and subsequent disuse (deletion) of the password.
  • Motivation to Combine: A Person of Ordinary Skill in the Art (POSITA) would combine Stallings’s established key distribution techniques with Aziz’s firewall tunneling system to enhance security and improve efficiency. Using Stallings’s private key method would be a predictable and desirable alternative to the public key encryption methods available at the time, offering benefits such as smaller key sizes and reduced computational overhead.
  • Expectation of Success: A POSITA would have had a high expectation of success in implementing Stallings’s key distribution protocol within the Aziz framework, as it represented the application of a standard security solution to a known system.

Ground 2: Obviousness over Aziz in view of Stallings and Schneier - Claim 9 is obvious over Aziz in view of Stallings and Schneier

• Prior Art Relied Upon: Aziz (Patent 5,416,842), Stallings (Network and Internetwork Security, 1995), and Schneier (Applied Cryptography, 1993).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground augmented the Aziz/Stallings combination with Schneier to provide a more explicit teaching for the "deleting the temporary configuration password" limitation of claim 9. Petitioner asserted that while Stallings implied the temporary nature of the initial key, Schneier explicitly taught that "old keys must be destroyed" as a fundamental principle of cryptographic security to prevent future misuse. Schneier also described one-time pads, which are by definition used once and then destroyed, further supporting the routine practice of deleting temporary credentials.
  • Motivation to Combine: A POSITA implementing the Aziz/Stallings system would be motivated by basic security principles, as articulated by Schneier, to ensure that any temporary key used for configuration is securely deleted after its purpose is served. This would be a routine and necessary step to prevent compromise of the secure channel.
  • Expectation of Success: Adding the key deletion step described by Schneier was a predictable and straightforward security measure, not an inventive leap.

Ground 3: Obviousness over Aziz in view of Weiss - Claim 9 is obvious over Aziz in view of Weiss

• Prior Art Relied Upon: Aziz (Patent 5,416,842) and Weiss (International Publication No. WO PCT/US86/02644).

• Core Argument for this Ground:

  • Prior Art Mapping: This ground presented Weiss as an alternative to Stallings for teaching a temporary key management system. Weiss described a hierarchical key distribution system where a randomly generated "source number" is used to create a master key; the source number is then immediately destroyed. This master key is then used to securely transfer additional keys (e.g., session keys) over an insecure channel, after which the master key itself is "deleted or erased." Petitioner argued that either the source number or the master key met the definition of a "temporary configuration password" that is subsequently deleted. The additional keys transferred constituted the "tunnel record information."
  • Motivation to Combine: A POSITA would have found it desirable to incorporate the robust, multi-level key generation and destruction protocol from Weiss into Aziz's tunneling architecture. This would provide enhanced security by ensuring that keys used for authentication and session setup are transient and not vulnerable to later discovery.
  • Expectation of Success: Integrating the key management logic from Weiss into the firewall system of Aziz was a predictable combination of known security and networking technologies.

• Additional Grounds: Petitioner asserted additional obviousness challenges against claim 9 based on combinations of Aziz with Kaufman (a 1995 textbook describing the Kerberos protocol) and Aziz with both Stallings and Kaufman, relying on similar arguments that Kerberos’s use of temporary, password-derived master keys to distribute session tickets met the claim limitations.

4. Key Claim Construction Positions

• "Temporary Configuration Password": Petitioner argued for a broad construction under the broadest reasonable interpretation standard, proposing the term encompasses any "non-permanent passwords and keys which are used in connection with a configuration process." This construction was necessary to map the term to the prior art's disclosure of temporary keys, one-time pads, and master keys that are used for a single configuration event before being discarded.
• "Tunnel Record Information": Petitioner proposed that this term should include "records that comprise encryption information (e.g., a key)." This construction was intended to cover the session keys, secret keys, and other encrypted credentials that the prior art references described being transferred after initial authentication with a temporary password.

5. Relief Requested

• Petitioner requests institution of an inter partes review and cancellation of claim 9 of the ’891 patent as unpatentable under 35 U.S.C. §103.