International Business Machines Corporation v. Intellectual Ventures II LLC

1. Case Identification

• Patent #: 5,745,574
• Filed: December 15, 1995
• Petitioner(s): International Business Machines Corporation (IBM)
• Patent Owner(s): Intellectual Ventures II LLC
• Challenged Claims: 30

2. Patent Overview

• Title: Security Infrastructure for Electronic Transactions
• Brief Description: The ’574 patent describes a public key infrastructure (PKI) designed to facilitate secure and authentic electronic transactions over an unsecure network. The invention is centered on a hierarchical certification system comprising entities like a Policy Registration Authority (PRA), Policy Certification Authorities (PCAs), and Certification Authorities (CAs) that issue, verify, and update digital certificates.

3. Grounds for Unpatentability

Ground 1: Anticipation of Claim 30 - Claim 30 is anticipated by Kapidzic under 35 U.S.C. §102.

• Prior Art Relied Upon: Kapidzic, et al., A Certificate Management System: Structure, Functions and Protocols (“Kapidzic”), published in the Proceedings of the Symposium on Network and Distributed System Security on or before February 16–17, 1995.
• Core Argument for this Ground:

  • Prior Art Mapping: Petitioner argued that Kapidzic discloses every element of claim 30. The claim recites a method for updating certificates within a hierarchical certification infrastructure. Petitioner asserted that Kapidzic’s “Certificate Management System” (CMS) is a networked computer system using public key certificates for secure communication, arranged in a strict hierarchy of Certification Authorities (CAs) with a single root, directly corresponding to the "certification infrastructure" of the claim.

  • Petitioner mapped the specific method steps of claim 30 as follows:

    • (Preamble and element a): Kapidzic's system includes a "first computer process" (a requesting CA) that possesses a certificate needing an update, for instance, when its keys expire or are compromised. The method of updating this certificate begins at this CA.
    • (Element a.1 - receiving a new certificate): When a CA needs to update its keys, it generates a new key pair and sends a Certificate Signature Request to its parent CA. The parent CA, an authorized process, creates and returns a Certificate Signature Reply containing the new signed certificate. The requesting CA "receives the Certificate Signature Reply," thus receiving the new signed certificate as claimed.
    • (Element a.2 - revoking the current certificate): Kapidzic taught that "when a certificate is updated, the old certificate must be revoked." This revocation ensures the old certificate is no longer used for verifying subordinate computer processes, as verification paths include a check for revocation.
    • (Element a.3 - issuing new certificates to subordinates): After a CA's certificate is updated, all certificates previously signed by that CA using its old secret key must be re-signed with the new secret key. Kapidzic disclosed that the updated CA "re-signs all the certificates of its subordinates" and sends them a Certificate Re-sign message. This message also contains a copy of the CA's own new certificate, which is necessary for the subordinates to verify the newly re-signed certificates.
    • (Element b - iterative distribution): The distribution of the new certificates propagates down the hierarchy. After a direct subordinate receives its Certificate Re-sign message, it forwards the information to its own subordinates via a Certificate Path Update message. Petitioner argued this process iterates down to the end-users at the bottom of the hierarchy, ensuring all subordinate processes in the infrastructure ultimately receive the new certificates, as claimed.

4. Key Claim Construction Positions

• Petitioner submitted that for the purposes of the inter partes review (IPR), the preamble of claim 30 ("In a computer system for secure communications containing computer processes arranged in a certification infrastructure, a method of updating certificates comprising:") should be considered non-limiting.
• However, in the event the Board determined the preamble to be limiting, Petitioner argued that Kapidzic's disclosure of a "Certificate Management System" for secure communications with a hierarchical structure of CAs fully met the preamble's limitations.
• For all other terms in claim 30, Petitioner proposed they be given their plain and ordinary meaning in light of the ’574 patent’s specification.

5. Relief Requested

• Petitioner requested the institution of an IPR and the cancellation of claim 30 of Patent 5,745,574 as unpatentable.