Cisco Systems Inc v. Vir2us Inc

1. Case Identification

• Case #: IPR2017-01759
• Patent #: 7,536,598
• Filed: July 11, 2017
• Petitioner(s): Cisco Systems, Inc.
• Patent Owner(s): Vir2us, Inc.
• Challenged Claims: 64 and 66

2. Patent Overview

• Title: Computer System Capable of Supporting a Plurality of Independent Computing Environments
• Brief Description: The ’598 patent discloses a computer system that can switch between multiple, isolated computing environments. The invention uses hardware switches to programmatically couple or decouple a CPU from different data stores or to enable/interrupt a communications link, thereby creating secure, independent operating states for purposes like parental controls or protection from malware.

3. Grounds for Unpatentability

Ground 1: Claims 64 is obvious over Robinson in view of Horn

• Prior Art Relied Upon: Robinson (Patent 6,097,385) and Horn (Patent 5,938,767).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Robinson taught a computer system with a plurality of isolated processing environments (separate virtual machines for "adult" and "child" use) and a communications port. Horn taught a physical locking device for a modem that selectively enabled or interrupted a communications link (a telephone line) to control Internet access. The combination, Petitioner asserted, disclosed all limitations of claim 64, including the "means to switch" the communications link based on which processing environment (adult or child) was active.
  • Motivation to Combine: A Person of Ordinary Skill in the Art (POSA) would combine Horn's physical switch with Robinson's multi-environment system to achieve the well-understood goal of providing Internet access to an adult user while preventing a child user from accessing it. Horn’s simple, secure, and low-cost mechanical switch was presented as an advantageous and obvious way to implement the access control suggested by Robinson’s system.
  • Expectation of Success: The combination was a predictable integration of known elements. A POSA would have expected success in connecting Horn's modem to one of Robinson's standard communication ports to add network functionality, a common practice at the time.

Ground 2: Claim 64 is obvious over Reshef

• Prior Art Relied Upon: Reshef (International Publication No. WO 00/16200).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground was presented as an alternative invalidity theory, particularly if the Board adopted the Patent Owner's broader construction of "data port" to include software ports (e.g., TCP ports). Petitioner asserted that Reshef disclosed a secure gateway computer with multiple, isolated processing environments (simultaneously executing O/Ss in virtual environments). Reshef’s "monitor program" controlled the CPU's memory management hardware to selectively enable or disable access to I/O ports, including software-based TCP ports used for an Ethernet communications link.
  • Motivation to Combine: This ground relied on a single reference. Petitioner argued Reshef's monitor program, by controlling hardware access to software ports, constituted the claimed "means to switch" a communications link when a specific processing environment was active. The motivation was inherent in Reshef’s design for creating secure, isolated network access for different environments on a single machine.
  • Expectation of Success: A POSA would understand that controlling access to I/O and memory locations, as taught by Reshef, was a known and predictable method for enabling or disabling a communications link for a given software environment.

Ground 3: Claim 66 is obvious over Merrill in view of Colligan

• Prior Art Relied Upon: Merrill (International Publication No. WO 99/57632) and Colligan (German Patent DE 19960524).
• Core Argument for this Ground:
  • Prior Art Mapping: Claim 66 recites a method for isolated data processing where pristine files from a first data storage are used to repair a second data storage. Petitioner argued Merrill disclosed storing a pristine "base O/S image" in a special disk partition (first data storage), which is copied to system memory (second data storage) on boot. In response to a crash signal, Merrill’s System Management Mode (SMM) could take control and use the base image to perform a repair. Colligan taught storing a factory restoration image in a hidden location on a hard drive, invisible to the OS, to protect it from corruption.
  • Motivation to Combine: A POSA would combine these teachings to improve Merrill's system. Applying Colligan's teaching of a hidden, isolated partition to Merrill's "special disk partition" would be an obvious step to better protect the pristine base O/S image from corruption by the running OS, which was the very purpose of a recovery partition.
  • Expectation of Success: Success would be expected because both references addressed the same problem of system restoration using a pristine image, and the method of isolation (not mapping the partition into the OS's address space) was a known technique.

Ground 4: Claim 66 is obvious over Alexander

• Prior Art Relied Upon: Alexander (a 1998 IEEE publication).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Alexander, which disclosed a secure bootstrap architecture called AEGIS, taught every step of the method of claim 66. Alexander described storing verified, pristine copies of software in a "trusted repository" like a network host (first data storage). During boot, these files are loaded into the node’s main memory (second data storage) to create a "trusted state." If an integrity check fails (a signal indicating need for repair), the system reboots into a recovery kernel, decouples from the corrupted memory, and copies the pristine files from the first storage to repair the second storage.
  • Motivation to Combine: This ground relied on a single reference. The motivation was inherent in Alexander's goal to create a secure, self-repairing system. Each element of claim 66 was argued to be present in Alexander for the explicit purpose of ensuring system integrity.
  • Expectation of Success: Alexander described a complete, functional system, demonstrating that the claimed process was a known and predictable method for secure system booting and recovery.

4. Key Claim Construction Positions

• "means to switch..." (Claim 64): Petitioner argued this means-plus-function term, implicating pre-AIA §112, ¶6, has a two-part function requiring two distinct structures disclosed in the patent: (1) a "communications link function" performed by a hardware data line switch (like switch 7Z), and (2) a "communicatively coupling function" performed by a data-store switch (like switch 6Z) that selects the active processing environment.
• "data port" (Claim 64): Petitioner argued for a plain meaning of a physical, mechanical interface for connecting a communications link. However, Petitioner also argued that its grounds succeed even under the Patent Owner's asserted broader construction, which includes software structures like TCP ports. Ground 2 (over Reshef) was specifically advanced to address this broader software-based interpretation.

5. Relief Requested

• Petitioner requested the institution of an inter partes review and the cancellation of claims 64 and 66 of the '598 patent as unpatentable.