Google, Inc. v. BlackBerry Limited

1. Case Identification

• Case #: IPR2017-01619
• Patent #: 8,489,868
• Filed: June 16, 2017
• Petitioner(s): Google Inc.
• Patent Owner(s): BlackBerry Ltd.
• Challenged Claims: 1, 13, 76-95, 98, 100, 104, 108, 112, 113, 137-39, 142-44

2. Patent Overview

• Title: Secure Systems for Application Access to Sensitive APIs
• Brief Description: The ’868 patent describes systems and methods for controlling a software application’s access to sensitive Application Programming Interfaces (APIs) on a mobile device. The system requires an application to be digitally signed by an authorized entity, such as the device manufacturer, before it can access protected APIs.

3. Grounds for Unpatentability

Ground 1: Obviousness over Garst and Gong - Claims 1, 13, 76, 78, 81, 84, 85, 87, 88, 90-93, 95, 98, 100, 104, 108, 112, 113, 137-39, and 142-44 are obvious over Garst in view of Gong.

• Prior Art Relied Upon: Garst (Patent 6,188,995) and Gong (a 1999 publication, "Inside Java 2 Platform Security Architecture: Cryptography, APIs, and Implementation").
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Garst taught all key limitations of independent claims 1 and 76, except for implementation on a mobile device. Garst disclosed a system for controlling access to an application platform by restricting access to "resource libraries" (APIs) through a "per-program" licensing scheme using digital signatures. Specifically, Garst detailed a method where an API vendor digitally signs a license key string with its private key, and an application can only access the API if the signature is successfully verified using the vendor's public key. This maps directly to the ’868 patent’s claims of determining if an application is signed to control access to a sensitive API.
  • Motivation to Combine: Petitioner contended a person of ordinary skill in the art (POSA) would be motivated to implement Garst’s API access control scheme on a mobile device as taught by Gong. Gong described the deployment of Java technology, including its security models for controlling resource access, on mobile devices like PDAs and cell phones. A POSA would combine Garst's scheme with Gong's mobile platform to achieve the known benefits of API licensing and enhanced security on the rapidly proliferating mobile devices of that era.
  • Expectation of Success: A POSA would have had a high expectation of success, as the combination involved implementing a known access control scheme (Garst) on a known target platform (mobile devices, per Gong) using well-understood programming methods, which was a predictable application of existing technologies.

Ground 2: Obviousness over Garst, Gong, and Davis - Claims 77, 79, 80, and 82 are obvious over Garst and Gong in view of Davis.

• Prior Art Relied Upon: Garst (Patent 6,188,995), Gong (a 1999 publication), and Davis (Patent 5,844,986).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground built upon the Garst and Gong combination and added Davis to teach the limitations of preventing execution or purging an application if its digital signature is missing or invalid. Petitioner asserted that Davis disclosed a procedure to authenticate executable code with digital signatures, and if the code cannot be validated, it "is deleted by the cryptographic coprocessor and is never used." This directly addressed the limitations in claims 77, 79, 80, and 82.
  • Motivation to Combine: A POSA would have been motivated to add the teachings of Davis to the Garst/Gong system to improve device security. By deleting or preventing the execution of unverified applications, the combined system would be more robust against "intrusive attacks, such as a virus attack," a concern explicitly addressed by Davis.
  • Key Aspects: This combination extended the base security model of Garst/Gong from simply denying access to actively removing the potentially malicious application, a logical step for improving security.

Ground 3: Obviousness over Garst, Gong, and Chang - Claim 83 is obvious over Garst and Gong in view of Chang.

• Prior Art Relied Upon: Garst (Patent 6,188,995), Gong (a 1999 publication), and Chang (Patent 5,724,425).

• Core Argument for this Ground:

  • Prior Art Mapping: This ground added Chang to the base combination to teach the "global signature" limitation of claim 83. Petitioner argued that Chang disclosed a security scheme to "control the accessibility of a platform" where an application must include a verified "platform builder's digital signature" to be executed at all. This platform-level signature functioned as the claimed "global signature" that must be verified prior to allowing access to any APIs.
  • Motivation to Combine: A POSA would have been motivated to incorporate Chang's global signature concept to provide the mobile device manufacturer with overarching control over which applications are authorized to run on the device. This would enhance security and provide a mechanism for generating licensing revenue, consistent with the goals described in the prior art.

• Additional Grounds: Petitioner asserted additional obviousness challenges against other dependent claims by adding single references to the Garst/Gong combination. These included combinations with Sibert (Patent 7,243,236) for signing an "abridged version" of an application, Wong-Insley (Patent 6,131,166) for including an operating system, and Haddock (Patent 5,657,378) for including an input/output controller.

4. Key Claim Construction Positions

• Petitioner dedicated substantial argument to the construction of the phrase "determining, at the mobile device, whether the software application is signed."
• Petitioner argued that, based on the specification's explicit disparagement of schemes where the signature identifies the developer, the broadest reasonable interpretation of this phrase must require that the signature is generated by an entity with an interest in protecting the sensitive API (e.g., the mobile device manufacturer or API author), not the application developer. The specification consistently described the invention as being "in contrast" to known developer-centric signing schemes. This construction was presented as critical to distinguishing the invention from the prior art that the patent owner sought to disavow.

5. Arguments Regarding Discretionary Denial

• Petitioner argued that the Board should institute this inter partes review (IPR) despite a concurrently filed IPR petition (IPR2017-01620) against the same ’868 patent.
• The grounds were justified because this petition relied on Garst as the primary reference, while the concurrent petition relied on a different primary reference (Lin, Patent 6,766,353). Petitioner contended that these different prior art sets addressed different potential interpretations of the key "determining" claim phrase, providing the Board with distinct and strong cases for unpatentability.

6. Relief Requested

• Petitioner requested institution of IPR and cancellation of claims 1, 13, 76-95, 98, 100, 104, 108, 112, 113, 137-39, and 142-44 of Patent 8,489,868 as unpatentable.