Apple Inc v. Nagravision SA

1. Case Identification

• Case #: IPR2016-00961
• Patent #: 7,725,740
• Filed: April 28, 2016
• Petitioner(s): Apple Inc.
• Patent Owner(s): Nagravision S.A.
• Challenged Claims: 1-2, 4-9

2. Patent Overview

• Title: Method for generating a cryptographic key
• Brief Description: The ’740 patent discloses a method for generating a root key within a secure computing module. The method involves copying secret information from a first memory zone (e.g., ROM) to a temporary location in a second memory zone, generating the root key using this secret information and an "imprint" (e.g., a hash) of a user program, and then eliminating the secret information and disabling access to its original location to enhance security.

3. Grounds for Unpatentability

Ground 1: Claims 1-2 and 4-9 are obvious over Abgrall

• Prior Art Relied Upon: Abgrall (Application # 2003/0037237).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Abgrall discloses all elements of the challenged claims. Abgrall describes a secure system that, during initialization, reads a secret master key (SMK) from a secure non-volatile memory (e.g., BIOS ROM) and copies it to a hidden memory location (SMRAM). It then disables access to the original location. Abgrall generates an "AppKey" (the claimed root key) by combining the copied SMK with an "AppCodeDigest" (an "imprint" or hash of a user program). This AppKey is then used to decrypt a "CustAppKey" (a "transmission key") for secure communication with a server (a "management center"). Petitioner contended that Abgrall's step of making the SMRAM inaccessible to normal programs after initialization meets the claim limitation of "eliminating the secret information" under the proper claim construction. The dependent claims were also argued to be disclosed, including storing the secret key as a "factory key" in ROM (claim 2) and using a hash function to calculate control information (claims 4-5).

Ground 2: Claims 1-2 and 4-9 are obvious over Abgrall in view of Fielder

• Prior Art Relied Upon: Abgrall (Application # 2003/0037237) and Fielder (Patent 5,995,624).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner asserted this ground as an alternative, arguing that if Abgrall's teaching of making secret information "inaccessible" is deemed insufficient to disclose the "eliminating" limitation of claim 1, Fielder explicitly supplies this teaching. Fielder describes a secure communication system where secret information is copied to RAM for generating a session key. Crucially, Fielder teaches that after the key is generated, the RAM containing the secret information is "either overwritten by data generated during a next occurring session, or erased at the end of the current system connection." This explicit teaching of overwriting or erasing data remedies any potential deficiency in Abgrall's disclosure of the "eliminating" step.
  • Motivation to Combine: A person of ordinary skill in the art (POSITA) would combine Abgrall and Fielder to enhance the security of the system. Both references address the same technical problem of protecting secret key material during cryptographic operations. Fielder’s method of explicitly overwriting or erasing secret information from RAM is a well-known and predictable solution for preventing its recovery. A POSITA would have recognized this as a more robust security measure than simply making a memory region unaddressable, as taught by Abgrall, and would have been motivated to incorporate it.
  • Expectation of Success: A POSITA would have had a reasonable expectation of success in combining the references. The combination involves applying a known data sanitization technique from Fielder to the secure boot and key generation process of Abgrall. This is a straightforward application of one security principle to a related system to achieve the predictable result of enhanced security, without requiring any undue experimentation.

4. Key Claim Construction Positions

Petitioner proposed constructions for several key terms central to its invalidity arguments, arguing for their broadest reasonable interpretation in light of the specification.

• "eliminating the secret information from the first portion of the second memory zone": Petitioner proposed this term means "rendering inaccessible (e.g., by deleting, erasing, and/or overwriting) the secret information." This construction is broad enough to cover Abgrall's teaching of making a memory location unaddressable, while also encompassing Fielder's explicit teaching of overwriting or erasing.
• "imprint of data": Proposed as "the result of a cyclic redundancy check, hash, or other unidirectional operation performed on data." This aligns the claim term with common cryptographic integrity-checking functions disclosed in the patent and the prior art.
• "management center": Construed as "a computer system for providing encrypted data and keys to a remote device." This construction maps to the authentication servers and device authority servers described in the prior art.
• "control information": Defined as "information calculated by a hash or other unidirectional operation." This construction links the term directly to the "imprint" generated from user program data.

5. Relief Requested

• Petitioner requested the institution of an inter partes review and the cancellation of claims 1-2 and 4-9 of the ’740 patent as unpatentable under 35 U.S.C. §103.