VMware Inc v. Good Technology Software Inc

1. Case Identification

• Case #: IPR2015-00031
• Patent #: 8,012,219
• Filed: October 6, 2014
• Petitioner(s): VMware, Inc.
• Patent Owner(s): Good Technology Software, Inc.
• Challenged Claims: 1, 9-11, 14-16, 18-19, and 23-24

2. Patent Overview

• Title: System and Method for Preventing Access to Data on a Compromised Remote Device
• Brief Description: The ’219 patent describes a system for controlling access to data on a remote device. A server system can send a command to the remote device to selectively prevent access to certain subsets of data (e.g., synchronized corporate data) upon receiving an indication that the device is compromised, while maintaining access to other data (e.g., personal data).

3. Grounds for Unpatentability

Ground 1: Obviousness over Blomstrand, Fergus, and Clark - Claims 1, 9-11, 14-16, 18-19, and 23-24 are obvious over Blomstrand in view of Fergus and Clark.

• Prior Art Relied Upon: Blomstrand (WO 00/45243), Fergus (Application # 2002/007999), and Clark (Patent 5,666,530).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Blomstrand taught the core concept of a central system sending a message to a compromised Personal Digital Assistant (PDA) to delete or encrypt specified data, while leaving other data intact. This met the limitations of receiving a compromise indication, selecting a subset of data, transmitting a command, and selectively preventing access while maintaining access to a further subset. To the extent Blomstrand did not explicitly teach synchronization or maintaining a list of data types, Clark supplied these elements with its disclosure of synchronizing data between a portable computer and a host using a synchronization list.
  • Motivation to Combine: A POSITA would combine these references because they all addressed security and data management on portable devices. A POSITA would combine Clark’s synchronization methods with Blomstrand to solve the problem of data loss on a PDA, a benefit Blomstrand itself discussed. Fergus, which taught the use of flexible "purge scripts" to specify data for removal by type or location, would have been a predictable way to implement Blomstrand’s goal of selectively protecting different types of data based on the required degree of protection.
  • Expectation of Success: Combining these known elements for use in portable device security would yield predictable results, as each element would perform its known function.

Ground 2: Obviousness over Mendez, Blomstrand, and Fergus - Claims 1, 9-11, 14-16, 18-19, and 23-24 are obvious over Mendez in view of Blomstrand and Fergus.

• Prior Art Relied Upon: Mendez (Patent 6,151,606), Blomstrand (WO 00/45243), and Fergus (Application # 2002/007999).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner asserted that Mendez, a patent assigned to the Patent Owner, disclosed a client-server system where synchronized "global data" on a client is deleted upon a de-authorization indication from the server, while local, non-synchronized data is left intact and accessible. This taught the claimed method of distinguishing between data sets, preventing access to a first set (global data), and maintaining access to a second set (local data). Blomstrand was added to supply the teaching of receiving the compromise indication from a source other than the remote device itself (e.g., a user reporting the device stolen).
  • Motivation to Combine: A POSITA would be motivated to incorporate Blomstrand’s remote-wipe trigger into Mendez’s system to enhance the security of the client device, a benefit expressly recognized in Mendez. It would have been obvious to use Blomstrand’s remote deletion feature to protect the global data in Mendez from unauthorized access. Further, incorporating the flexible purge scripts of Fergus would allow for more granular control over which data is deleted from the Mendez client, a desirable and predictable improvement.
  • Expectation of Success: The combination represented the application of a known technique (remote wipe trigger) to a similar system (Mendez's secure data access system) to yield predictable improvements in security.

Ground 3: Obviousness over Hamasaki and Hayward - Claims 1, 9-11, 14-16, 18-19, and 23-24 are obvious over Hamasaki in view of Hayward.

• Prior Art Relied Upon: Hamasaki (Application # 2004/0025053) and Hayward (Application # 2004/0025053). Note: The petition cites Hayward's publication number incorrectly; the exhibit list clarifies Hayward is an application publication.
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued Hamasaki disclosed a management server that could remotely manage a mobile headset with a non-volatile memory partitioned into different data types, such as corporate data and personal data. Hamasaki taught that the server could send commands to delete the corporate data portion without affecting the personal data portion, for instance, if a user is terminated or the device is lost. This mapped to the key claim limitations. Hayward was introduced to explicitly add the teaching of mutual (two-way) synchronization between a remote device and a server, a feature not expressly detailed in Hamasaki.
  • Motivation to Combine: A POSITA would combine Hayward’s two-way synchronization with Hamasaki’s partitioned memory management system to provide the predictable benefits of robust data synchronization in an enterprise environment. Additionally, a POSITA would incorporate Hayward's teaching of preventing a compromised device from reconnecting to the server to further enhance the security of the Hamasaki system.
  • Expectation of Success: Implementing Hayward's known synchronization and security features in the Hamasaki system was presented as a predictable variation that would have been obvious to a POSITA.

4. Key Claim Construction Positions

• "maintaining ... access": Petitioner argued that because the ’219 patent fails to specify who or what must maintain access, this term should be given its broadest reasonable construction. Under this construction, the limitation is met if access is maintained for any entity, such as the user or the remote device itself.

5. Key Technical Contentions (Beyond Claim Construction)

• Priority Date Entitlement: Petitioner contended that the ’219 patent was not entitled to the filing date of its provisional application. The provisional application allegedly only disclosed "erasing data," whereas the non-provisional application and its claims were broadened to include the generic concept of "preventing access," which added new matter such as encryption. Therefore, Petitioner argued the patent’s effective priority date should be its actual filing date of August 9, 2003, making certain references prior art.

6. Relief Requested

• Petitioner requested institution of an inter partes review and cancellation of claims 1, 9-11, 14-16, 18-19, and 23-24 of the ’219 patent as unpatentable.