PRicelineCom LLC v. IBM Corp

1. Case Identification

• Case #: IPR2016-00608
• Patent #: 7,631,346
• Filed: February 10, 2016
• Petitioner(s): Kayak Software Corp., OpenTable, Inc., Priceline.com LLC, and The Priceline Group Inc.
• Patent Owner(s): International Business Machines Corp.
• Challenged Claims: 1-20

2. Patent Overview

• Title: Managing User Authentication Within A Distributed Data Processing System
• Brief Description: The ’346 patent relates to single-sign-on (SSO) functionality within a federated computing environment. The purported invention is a method that allows a user to access a protected resource at a service provider without a pre-existing account by automatically creating the user account "on-the-fly" during the SSO process, using attribute information received from an identity provider.

3. Grounds for Unpatentability

Ground 1: Anticipation by Sunada - Claims 1, 3, 12, 14-15, and 18 are anticipated by Sunada under 35 U.S.C. §102.

• Prior Art Relied Upon: Sunada (Japanese Laid Open Application No. 2004-302907).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Sunada discloses every element of the challenged claims. Sunada describes an SSO system with an SSO Server (identity provider) and multiple App Servers (service providers). The core of the argument is that Sunada's Figure 3 flowchart explicitly details a process where, upon a user attempting to access a protected resource, the App Server checks if a user account exists (S35). If not, it obtains user attributes from the SSO Server (S36), creates a new user account (S39), and only then provides access to the resource (S41). This process directly maps to the central limitation of independent claim 1: creating a user account after triggering the SSO operation but before granting access.
  • Key Aspects: Petitioner contended that Sunada also discloses the limitations of dependent claims, including the App Server pulling information from the SSO server (claim 3), the servers functioning as identity and service providers (claim 12), and the system requesting additional information from the user if attributes from the SSO server are insufficient (claim 14). The apparatus (claim 18) and computer-readable medium (claim 15) claims were argued to be anticipated as they simply recited the same method performed on standard computer hardware disclosed by Sunada.

Ground 2: Obviousness over Sunada and Pfitzmann - Claims 1-8 and 10-20 are obvious over Sunada in view of Pfitzmann under 35 U.S.C. §103.

• Prior Art Relied Upon: Sunada (Japanese Laid Open Application No. 2004-302907) and Pfitzmann ("Privacy in Browser-Based Attribute Exchange").
• Core Argument for this Ground:
  • Prior Art Mapping: This ground asserted that to the extent Sunada does not explicitly teach every detail, Pfitzmann provides the missing elements. Pfitzmann, a publication from a project by the Patent Owner (IBM), describes well-known techniques for exchanging user attributes between an identity provider (a "Wallet") and a service provider (a "Destination Site"). It explicitly discloses using both "front-channel" communications (via browser redirection, mapping to claims 6-7) and "back-channel" communications (a direct server-to-server channel, mapping to claim 8). Petitioner argued Pfitzmann also teaches using different identifiers or "aliases" for different service providers to protect user privacy, rendering claim 2 obvious.
  • Motivation to Combine: A POSITA would combine the teachings because both documents address the same field of SSO and attribute exchange. Pfitzmann discloses known, standard methods for implementing the attribute transfer that is a necessary component of Sunada's on-the-fly account creation system. Implementing Pfitzmann's established communication protocols would have been an obvious design choice to achieve the functionality described in Sunada.
  • Expectation of Success: A POSITA would have had a high expectation of success, as combining Sunada's account creation logic with Pfitzmann's standard attribute exchange protocols represented a simple substitution of one known technique for another to produce a predictable result.

Ground 3: Obviousness over Sunada, Pfitzmann, and Cahill - Claim 9 is obvious over Sunada in view of Pfitzmann and Cahill under §103.

• Prior Art Relied Upon: Sunada, Pfitzmann, and Cahill (Patent 7,290,278).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground builds upon the combination of Sunada and Pfitzmann, which establishes the use of a back-channel information retrieval mechanism (claim 8). Claim 9 further requires that this back-channel mechanism use the Simple Object Access Protocol (SOAP). Petitioner introduced Cahill because it explicitly teaches using SOAP as a protocol for exchanging user attributes over a back channel in an online identity management system.
  • Motivation to Combine: A POSITA, having decided to implement the back-channel communication taught by Pfitzmann within Sunada's system, would have been motivated to use a standard, well-known protocol for that communication. Cahill demonstrates that SOAP was such a protocol. Petitioner noted that during prosecution of the ’346 patent, the Patent Owner did not contest that SOAP was a well-known protocol.
  • Expectation of Success: Using a standard, widely adopted protocol like SOAP (taught by Cahill) to implement the back-channel data exchange would have been a routine and predictable design choice for a POSITA, ensuring interoperability and reliable communication.

4. Key Claim Construction Positions

• "Federated Computing Environment": Petitioner proposed a construction consistent with the patent's specification: a "loosely coupled affiliation of enterprises which adhere to certain standards of interoperability" providing "a mechanism for trust among those enterprises." This construction was used to argue that the relationship between the SSO Server and App Servers in Sunada met the definition.
• "front-channel information retrieval mechanism": Defined as a process where information is exchanged between two domains via a user's browser. This construction was central to mapping Pfitzmann's browser-redirection teachings to claims 6 and 7.
• "back-channel information retrieval mechanism": Defined as a process where information is exchanged between two domains directly, without passing through the user's browser. This was critical for mapping Pfitzmann's direct communication channel to claim 8.

5. Relief Requested

• Petitioner requests institution of an inter partes review and cancellation of claims 1-20 of Patent 7,631,346 as unpatentable.