EMC Corp v. Secure Axcess LLC

1. Case Identification

• Case #: IPR2014-00475
• Patent #: 7,631,191
• Filed: March 4, 2014
• Petitioner(s): EMC Corporation and RSA Security LLC
• Patent Owner(s): Secure Axcess, LLC
• Challenged Claims: 1-32

2. Patent Overview

• Title: System and Method for Authenticating a Web Page
• Brief Description: The ’191 patent discloses systems and methods for authenticating a web page to a user. The system inserts a digital "authenticity key" into web page data, which is then processed by a browser plug-in on the user's computer to verify the page's origin; if authentic, a pre-configured "authenticity stamp" is displayed to the user.

3. Grounds for Unpatentability

Ground 1: Anticipation of Claims 1-9, 11-12, 14-22, 25, and 27-32 under §102 by Arent

• Prior Art Relied Upon: Arent (Patent 6,018,724).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Arent taught every element of the challenged claims. Arent disclosed a system for authenticating online transaction data, such as web page-based offers, that are electronically "signed" with a digital signature (the claimed "authenticity key"). At the user's computer, this signature is used to verify the data's authenticity. If verified, a user-customized "certification indicator" (the claimed "authenticity stamp") is displayed. Petitioner contended that Arent's storage of the user-defined component of its indicator in a "wallet database file" that stores "user preferences" directly corresponded to the claimed "preferences file" from which the stamp is retrieved. Arent also explicitly taught displaying a different indicator if the data was not authenticated, anticipating claims related to a "non-authenticity stamp."

Ground 2: Obviousness of Claims 10, 13, 23, and 26 over Arent in view of SDML, Anderson, or Schneier

• Prior Art Relied Upon: Arent (Patent 6,018,724), SDML (a W3C Note on Signed Document Markup Language), Anderson (WO 98/37655), and Schneier (a book on applied cryptography).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground addressed claims requiring the insertion of a second authenticity key. Petitioner argued that Arent taught the base system, while the secondary references established that using multiple digital signatures on a single electronic document was well-known and standardized technology before the ’191 patent. SDML and Anderson both disclosed markup languages that expressly supported multiple signatures to authenticate different parts of a document. Schneier taught a scenario where two different parties separately sign the same document.
  • Motivation to Combine: Petitioner asserted a POSITA would combine Arent with any of the secondary references to enhance security. For instance, a web page offer could be signed by both the merchant and a financial institution, or different components of the page could be signed by different entities. This would have been a predictable implementation of known security principles onto Arent's existing authentication framework.
  • Expectation of Success: The combination was argued to be a straightforward application of standardized digital signature techniques (SDML, Anderson, Schneier) to Arent's web authentication system, with a high expectation of success.

Ground 3: Anticipation of Claims 1-6, 8-9, 11-12, 14-22, 25, and 27-32 under §102 by Tygar

• Prior Art Relied Upon: Tygar ("WWW Electronic Commerce and Java Trojan Horses," a 1996 USENIX Workshop proceeding).

• Core Argument for this Ground:

  • Prior Art Mapping: Petitioner presented Tygar as an independent anticipatory reference. Tygar taught a "window personalization" technique to combat spoofing by displaying a user-selected, customized graphic (the "authenticity stamp") to confirm the authenticity of a user interface, such as a dialogue box. Tygar explicitly proposed this technique for use with Java applets embedded in web pages, which could be digitally signed by a trusted authority (the "authenticity key"). Petitioner argued that the user's computer retrieves the signed applet ("formatted data") and uses the digital signature to verify its authenticity before displaying the personalized graphic. The consumer's chosen personalization graphic would be stored in a file on the user's computer, which Petitioner argued was a direct equivalent of the claimed "preferences file."

• Additional Grounds: Petitioner asserted numerous additional grounds. Obviousness challenges were raised combining Arent or Tygar with references teaching challenge-response authentication for selecting authenticity stamps (Merritt or X. 509) and receiving preference keys from a third party (ANSI X9.17 or Denning). Further grounds were included that added references teaching methods for hiding files (Schneier '475, Faltstrom, or Takada) or using an HTML link as an authenticity key (Palage) to preemptively counter narrower potential claim constructions from the Patent Owner.

4. Key Claim Construction Positions

Petitioner argued for constructions consistent with those adopted in a prior district court litigation involving the ’191 patent, asserting they represented the broadest reasonable construction.

• "Preferences file": Proposed as "a file containing one or more authenticity stamps." This construction is broad and does not require the file to be hidden or contain any information beyond the stamp itself.
• "Authenticity key": Proposed as "information, such as a digital signature, that may be used to support authentication." This construction does not require the key to be a digital signature itself.
• "Returning the formatted data . . . to locate a preferences file" (and similar terms): Petitioner argued this phrase requires only that the return of formatted data is a precondition to locating the preferences file. Crucially, Petitioner asserted that the authenticity key itself is not used to locate the preferences file; rather, a separate "preferences key" performs that function, as described in the specification. This construction was central to arguing that prior art systems, where authentication must succeed before a stamp is retrieved from a local file, met the claim limitations.

5. Relief Requested

• Petitioner requested institution of an inter partes review and cancellation of claims 1-32 of the ’191 patent as unpatentable under 35 U.S.C. §§ 102 and 103.