Askeladden LLC v. N5 Technologies LLC

1. Case Identification

• Case #: IPR2017-00083
• Patent #: 7,197,297
• Filed: October 14, 2016
• Petitioner(s): Askeladden L.L.C.
• Patent Owner(s): N5 Technologies, LLC
• Challenged Claims: 1-11

2. Patent Overview

• Title: Authentication Method for Enabling a User of a Mobile Station to Access to Private Data or Services
• Brief Description: The ’297 patent describes a method for authenticating a mobile device user requesting access to private data (e.g., a corporate directory) from a private server via text message. The method uses a two-factor authentication process: first verifying a "user unique identifier" (e.g., username) is in a database, and second, verifying that the "user mobile station number" (e.g., caller ID) appended to the message matches the number associated with that identifier in the database.

3. Grounds for Unpatentability

Ground 1: Two-Factor Authentication over SMS - Claims 1, 2, 4, 6, and 9-11 are obvious over Chen in view of Angel and Rao.

• Prior Art Relied Upon: Chen (Application # 2002/0086706), Angel (Patent 6,907,408), and Rao (an 2001 IEEE article).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that the combination of Chen, Angel, and Rao taught every limitation of the challenged claims. Chen taught a system for a mobile device to access private data on a server via SMS, using the phone number (caller ID) for basic authentication. Chen acknowledged this single factor could be insufficient and that its user database already contained usernames. Angel taught a hierarchical, two-factor authentication method, first checking a username against a database and subsequently checking the user’s telephone number (caller ID) to confirm identity. Rao, whose inventors are the same as Chen, taught repeating an authentication process for each individual, session-less SMS request to ensure security.
  • Motivation to Combine: A POSITA would combine Chen with Angel to improve the security of Chen’s system, which Chen itself identified as a potential weakness. Angel provided a known, conventional two-factor method (username plus phone number) to achieve the predictable result of enhanced security. A POSITA would be further motivated to incorporate Rao’s teaching of per-message authentication because SMS is a session-less protocol, and authenticating each request independently is a known solution to maintain security for subsequent interactions, as required by claim 1.
  • Expectation of Success: Combining the known authentication factors from Angel with the SMS messaging system of Chen and the per-message authentication approach of Rao involved applying known techniques to known systems to achieve predictable security enhancements.

Ground 2: Adding LDAP Directory Services - Claim 3 is obvious over Chen, Angel, and Rao in view of Gress.

• Prior Art Relied Upon: Chen (Application # 2002/0086706), Angel (Patent 6,907,408), Rao (an 2001 IEEE article), and Gress (Patent 6,813,507).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground adds Gress to the primary combination to address the limitation in claim 3 requiring the user's data to be a "lightweight directory access protocol [LDAP] alias." Gress taught a unified messaging system that used SMS to communicate with a central server and explicitly disclosed using the LDAP protocol to access a subscriber directory containing user profile information.
  • Motivation to Combine: Petitioner argued that LDAP was a well-known, industry-standard protocol for directory services at the time. A POSITA implementing the private directory database taught by Chen would have been motivated to use a standard protocol like LDAP, as taught by Gress, to ensure consistency, interoperability, and standardization. This represented the simple application of a known, standard technology to the existing system for a predictable result.

Ground 3: Using MMS Instead of SMS - Claims 5 and 7 are obvious over Chen, Angel, and Rao in view of Yang.

• Prior Art Relied Upon: Chen (Application # 2002/0086706), Angel (Patent 6,907,408), Rao (an 2001 IEEE article), and Yang (Application # 2003/0065738).

• Core Argument for this Ground:

  • Prior Art Mapping: This ground adds Yang to address the limitations in claims 5 and 7 requiring the request and response messages to be based on the Multimedia Message System (MMS). Yang taught that both SMS and MMS were known, available options for exchanging data between a mobile device and a private server.
  • Motivation to Combine: MMS was a known evolution of SMS. A POSITA building upon the SMS-based system of Chen would have been motivated to substitute MMS for SMS to gain the known advantages of MMS, such as sending multimedia content. Petitioner asserted this was a simple substitution of one known messaging element (SMS) for a known alternative (MMS) to obtain predictable results.

• Additional Grounds: Petitioner asserted an additional obviousness challenge for claim 8 based on the primary combination of Chen, Angel, and Rao in view of Serbetciouglu (Patent 5,719,918). Serbetciouglu taught encrypting SMS messages to provide security, and Petitioner argued a POSITA would have been motivated to add this known security feature to the base system.

4. Key Claim Construction Positions

• Petitioner noted that a district court had previously construed the claims to require a specific "order of steps," namely that the server must first check for the "user unique identifier" in the database before checking if the appended phone number matches.
• Petitioner requested the Board adopt this construction but argued that the claims are obvious irrespective of whether a particular order of steps is imposed, as Angel taught the same order and also recognized that the authentication steps could be reversed.

5. Relief Requested

• Petitioner requests institution of an inter partes review and cancellation of claims 1-11 of the ’297 patent as unpatentable.