PTAB

IPR2016-00608

Priceline.com LLC v. International Business Machines Corp.

1. Case Identification

2. Patent Overview

  • Title: Method and System for Single Sign-On with Runtime User Account Creation
  • Brief Description: The ’346 patent relates to methods and systems for managing user authentication using single-sign-on (SSO) in a federated computing environment. The patent’s purported innovation is a process that allows a user to access a protected resource on a service provider's system without a pre-existing account by automatically creating the account "on-the-fly" using attribute information received from a separate identity provider.

3. Grounds for Unpatentability

Ground 1: Anticipation of Claims 1, 3, 12, 14-15, and 18 under 35 U.S.C. §102

  • Prior Art Relied Upon: Sunada (Japanese Laid Open Application No. 2004-302907).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Sunada discloses every element of the challenged independent and dependent claims. Sunada describes an SSO system with an SSO Server (first system/identity provider) and an App Server (second system/service provider) that participate in a federated environment. Petitioner contended that Sunada’s Figure 3 flowchart explicitly teaches the core inventive concept of the ’346 patent: when a user attempts to access a service (step S31) and is found not to have a user account (step S35), the App Server obtains user attributes from the SSO Server (step S36) and creates a new user account (step S39) before granting access to the protected resource (step S41). This process, Petitioner asserted, is identical to the "runtime user account creation" claimed in the ’346 patent.

Ground 2: Obviousness of Claims 1-8 and 10-20 over Sunada in view of Pfitzmann

  • Prior Art Relied Upon: Sunada, in view of Pfitzmann ("Privacy in Browser-Based Attribute Exchange").
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner asserted that to the extent Sunada does not explicitly teach every limitation, the combination with Pfitzmann renders the claims obvious. While Sunada teaches the core concept of on-the-fly account creation, Pfitzmann provides known implementation details for attribute exchange. Pfitzmann was cited for its disclosure of front-channel (browser-based) and back-channel (direct server-to-server) communication mechanisms, the use of "alias identifiers" for privacy, and performing SSO within an explicit "closed-federation." Petitioner argued these were well-known design choices that a skilled artisan would apply to Sunada's system.
    • Motivation to Combine: A person of ordinary skill in the art (POSA) would have been motivated to combine the teachings because both documents address the same technical field of SSO and attribute exchange. Pfitzmann was presented as disclosing known, predictable, and lightweight browser-based solutions that a POSA would naturally use to implement or improve the system described in Sunada.
    • Expectation of Success: A POSA would have had a high expectation of success, as integrating Pfitzmann’s established methods for attribute exchange into Sunada's account creation framework was a simple substitution of one known method for another that would yield predictable results.

Ground 3: Obviousness of Claim 9 over Sunada in view of Pfitzmann and Cahill

  • Prior Art Relied Upon: Sunada, in view of Pfitzmann and Cahill (Patent 7,290,278).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground specifically targeted claim 9, which adds the limitation of using the Simple Object Access Protocol (SOAP) in the back-channel information retrieval mechanism. Petitioner argued that the combination of Sunada and Pfitzmann teaches a system that uses back-channel communication. Cahill was introduced to explicitly teach that SOAP was a well-known and standard protocol for implementing such back-channel communications over the internet for exchanging user attribute information.
    • Motivation to Combine: A POSA implementing the back-channel communication taught by Pfitzmann within Sunada's SSO system would have been motivated to use a standard, widely-adopted, and well-understood protocol like SOAP, as taught by Cahill. Petitioner noted that the Patent Owner had admitted during prosecution that it did not invent the SOAP protocol and that it was well-known.
    • Expectation of Success: Using a standard, off-the-shelf protocol like SOAP to implement a known communication method (back-channel) would have been a straightforward design choice with predictable and successful results.

4. Key Claim Construction Positions

  • "Federated Computing Environment": Petitioner proposed this term be construed as a “loosely coupled affiliation of enterprises which adhere to certain standards of interoperability; the federation provides a mechanism for trust among those enterprises.” This construction was argued to be broad enough to encompass the system described in Sunada, where an SSO Server and App Server have a predetermined agreement to exchange user information.
  • "single-sign-on operation": Proposed as "a process by which a user is authenticated on a first domain and subsequently not required to perform another authentication before accessing a protected resource on a second domain." This construction aligns with the general understanding of SSO and is central to mapping the prior art.
  • "front-channel" vs. "back-channel information retrieval mechanism": Petitioner defined "front-channel" as a process where information is exchanged between domains via a user's browser, and "back-channel" as a process where information is exchanged directly between domains (servers) without passing through the browser. These constructions were critical for applying Pfitzmann's teachings on different communication methods to the claims.

5. Relief Requested

  • Petitioner requested the institution of an inter partes review (IPR) and the cancellation of claims 1-20 of Patent 7,631,346 as unpatentable under 35 U.S.C. §102 and §103.