EMC Corp v. Clouding Corp

1. Case Identification

• Case #: IPR2014-01216
• Patent #: 5,825,891
• Filed: July 29, 2014
• Petitioner(s): EMC Corporation, EMC International U.S. Holdings, Inc., and VMware, Inc.
• Patent Owner(s): Clouding IP, LLC
• Challenged Claims: 1-8

2. Patent Overview

• Title: Key Management For Network Communication
• Brief Description: The ’891 patent discloses methods for secure network communication. It describes two main embodiments: a method for establishing an encrypted communication tunnel using a temporary password and tunnel record information (claims 1-5), and a method for updating an existing tunnel record for a mobile or remote computer (claims 6-8).

3. Grounds for Unpatentability

Ground 1: Obviousness over Okamoto and Myles - Claims 1-8 are obvious over Okamoto in view of Myles.

• Prior Art Relied Upon: Okamoto (Patent 5,944,794) and Myles (an IEEE journal article from June 1995).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Okamoto disclosed a user identification management scheme for establishing secure, encrypted "sessions" between a remote computer ("first computer") and a home system ("second computer"), which meets the limitations of claims 1-5. Okamoto taught sending a configuration request, using a temporary key (a "temporary configuration password") to encrypt a session key ("tunnel record information"), and sending this information to the remote computer to establish an encrypted tunnel. Petitioner argued Myles complemented Okamoto by teaching a protocol for mobile hosts to update their network location with a local agent, which maps directly to the limitations of claims 6-8 concerning updating a tunnel record. Myles described creating a new "binding" with a care-of-address to update records when a mobile host moves.
  • Motivation to Combine: Petitioner contended a person of ordinary skill in the art (POSITA) would combine Okamoto’s secure session establishment method with Myles’s mobile host protocol. The motivation was to provide support for mobile users, a common and predictable need in network security. A POSITA would have sought to adapt Okamoto's static system to allow users to securely connect from different locations, and Myles provided a well-known method for registering and updating the network addresses of such mobile hosts.
  • Expectation of Success: Petitioner asserted a POSITA would have had a high expectation of success, as both references dealt with authenticating and managing network connections and used compatible concepts, making their integration straightforward.

Ground 2: Obviousness over Aziz and Kaufman - Claims 1-5 are obvious over Aziz in view of Kaufman.

• Prior Art Relied Upon: Aziz (Patent 5,416,842) and Kaufman (a 1995 book chapter on network security).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner asserted that Aziz disclosed the foundational architecture for creating an encrypted tunnel between firewalls ("first" and "second" computers) to protect network communications, meeting the basic method steps of claim 1. However, Aziz used public key encryption. Kaufman was argued to provide the missing elements by teaching a key distribution technique using a temporary master key derived from a user's password (a "temporary configuration password") to obtain a session key ("tunnel record information") for establishing a secure session.
  • Motivation to Combine: A POSITA would combine the systems to enhance the security and efficiency of Aziz's tunneling framework. Petitioner argued that Kaufman’s method, which used shared secret keys, offered advantages over Aziz’s public key infrastructure, including smaller key sizes, reduced computational load, and simpler maintenance. A POSITA would have been motivated to replace Aziz’s key distribution mechanism with Kaufman's more efficient and widely understood technique.
  • Expectation of Success: The combination was presented as predictable, as it involved implementing a known key distribution method (Kaufman) within a standard secure tunneling architecture (Aziz) to achieve a more secure and efficient system.

Ground 3: Obviousness over Aziz and Rodwin - Claims 6-8 are obvious over Aziz in view of Rodwin.

• Prior Art Relied Upon: Aziz (Patent 5,416,842) and Rodwin (Patent 5,812,819).
• Core Argument for this Ground:
  • Prior Art Mapping: As in the previous ground, Aziz provided the basic firewall-to-firewall tunneling environment. Petitioner argued Rodwin taught the specific method for updating tunnel records for remote users as claimed in claims 6-8. Rodwin disclosed a remote access system where multiple users could connect to a network, be authenticated, and be dynamically assigned an IP address. This process of authenticating a remote user and updating their connection information (i.e., their new IP address) was alleged to directly map to the claim limitations of authenticating a first computer and updating its corresponding tunnel record.
  • Motivation to Combine: A POSITA would combine Aziz with Rodwin to add robust remote user authentication and dynamic IP address support to Aziz’s secure tunnel. While Aziz contemplated mobile users, Rodwin provided a specific, conventional mechanism for authenticating them and updating records, a necessary feature for managing users who connect from various locations with changing IP addresses.
  • Expectation of Success: Petitioner claimed success would be expected, as coupling a remote authentication system like Rodwin's to a secure network gateway like Aziz's was a common design pattern for providing secure remote access.
• Additional Grounds: Petitioner asserted that claims 1-5 are also obvious over Aziz in view of Weiss (PCT/US86/02644), arguing Weiss provided another method for secure key distribution using temporary, randomly generated numbers that would have been a suitable and advantageous replacement for the key distribution in Aziz.

4. Key Claim Construction Positions

• "temporary configuration password" (claim 1): Petitioner argued for the construction "non-permanent codes to identify an authorized user, which are used in connection with an initialization process to enable the user to access a secured network." This construction was asserted to be consistent with the ’891 patent’s description of a "onetime pad" that is deleted after use and is broad enough to cover the temporary keys and one-time codes disclosed in the prior art.
• "authenticating" (claims 6-8): Petitioner proposed the construction "a process which validates a computer or user." This construction was argued to align with the plain and ordinary meaning of the term and the context of the patent's embodiment describing the authorization of a connection request from a first computer.

5. Arguments Regarding Discretionary Denial

• Petitioner argued that institution was appropriate and the asserted grounds were not cumulative of prior art considered in previously instituted IPRs against the ’891 patent. Specifically, Petitioner noted that the combination of Okamoto and Myles was a new ground that disclosed both embodiments of the patent in a single, straightforward combination. Petitioner also highlighted the Patent Owner's history of settling with previous petitioners to terminate IPR proceedings, suggesting that denying institution on grounds of redundancy would reward such behavior and prevent a final decision on patentability.

6. Relief Requested

• Petitioner requested institution of an inter partes review and cancellation of claims 1-8 of the ’891 patent as unpatentable.