Trend Micro Inc v. Cupp Computing As

1. Case Identification

• Case #: IPR2019-00368
• Patent #: 9,781,164
• Filed: November 30, 2018
• Petitioner(s): Trend Micro Inc.
• Patent Owner(s): Cupp Computing As
• Challenged Claims: 1-7, 9-16, and 18

2. Patent Overview

• Title: System and Method for Providing Network Security to Mobile Devices
• Brief Description: The ’164 patent describes a security system that provides security services to a mobile device after it has moved outside of a trusted enterprise network. The system allows an administrator to manage and update security policies, code, and data that are applied to the mobile device.

3. Grounds for Unpatentability

Ground 1: Claims 1-7, 9-16, and 18 are obvious over Groenendaal

• Prior Art Relied Upon: Groenendaal (Application # 2005/0260996)
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Groenendaal discloses every limitation of the challenged claims. Groenendaal teaches a security system to support and manage mobile devices located outside a trusted network. Its "server 102" was mapped to the claimed "security system," which includes a processor and memory. This server stores "security profiles 150" and "configuration profiles 152," which Petitioner asserted correspond to the claimed security code, security policy, and security data. Petitioner contended that Groenendaal’s system allows an IT administrator using a GUI on a trusted enterprise network to manage these profiles, configure policies (e.g., enable a firewall), and send update commands to the server, which then provides security services to mobile clients. The dependent claims were argued to be met by Groenendaal's disclosure of gateway-level services, firewall settings, intrusion detection, and content-based security rules.
  • Motivation to Combine (for §103 grounds): This ground is based on a single reference. Petitioner argued that if any element was not explicitly disclosed, it would have been obvious to a person of ordinary skill in the art (POSITA) to implement it as a matter of common sense. For example, storing firmware in memory to allow a processor to execute it was presented as an obvious design choice that would yield predictable results.
  • Expectation of Success (for §103 grounds): Petitioner asserted a POSITA would have a high expectation of success in implementing any minor modifications to Groenendaal's system, as they would involve applying known principles for their intended purpose.

Ground 2: Claims 1-6, 9-15, and 18 are obvious over Wright

• Prior Art Relied Upon: Wright (Application # 2005/0055578)
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Wright, like Groenendaal, discloses all limitations of the challenged claims. Wright describes a "server system 200" that extends security services beyond a corporate network to remote mobile devices. This system was mapped to the claimed security system, with its "memory 242" storing security policies and its processor executing a "policy management module 236." Petitioner asserted Wright’s administrator uses a GUI on a trusted enterprise network to manage security policies, including location-based access rules and data protection. The server pushes execution instructions (security code) and policies to mobile clients. Update commands, such as modifying policies or reassigning a device to a new group, are initiated via the GUI and processed by the server system. Petitioner also mapped Wright’s teachings of port blocking, malicious software checks, and content-based filtering to the dependent claims.
  • Motivation to Combine (for §103 grounds): This ground is based on a single reference. Petitioner's obviousness arguments were similar to those for Ground 1, contending that any missing limitation would have been an obvious implementation choice for a POSITA based on the disclosures in Wright and general knowledge in the art.
  • Expectation of Success (for §103 grounds): Petitioner asserted that a POSITA would have expected success in implementing the claimed features in Wright's system, as it would be combining known elements for their established functions.

Ground 3: Claims 1-7, 9-16, and 18 are obvious over Groenendaal and Wright

• Prior Art Relied Upon: Groenendaal (Application # 2005/0260996) and Wright (Application # 2005/0055578)
• Core Argument for this Ground:
  • Prior Art Mapping: This ground was presented as an alternative, arguing that if the Board found either Groenendaal or Wright failed to disclose a particular limitation, the other reference would supply it. For example, if Groenendaal was found not to explicitly teach malware protection (claim 5), Wright's disclosure of checking files for malicious software could be implemented in Groenendaal’s system. Petitioner contended that Groenendaal's server, which already processes emails and files, would serve as a suitable base system for integrating Wright's malware scanning feature.
  • Motivation to Combine (for §103 grounds): A POSITA would combine Groenendaal and Wright because both references address the same problem of providing security to mobile devices outside a trusted enterprise network. They employ similar solutions, such as using centrally managed security policies updated by an administrator via a GUI. Petitioner further noted that both describe overlapping security services (e.g., firewall services, intrusion detection) and even disclose defining security policies in the same XML format, making their teachings highly compatible.
  • Expectation of Success (for §103 grounds): A POSITA would have a reasonable expectation of success in combining the references because their systems are analogous and address the same technical challenges with compatible approaches. Integrating a feature from one into the other would be a straightforward application of known techniques.

4. Key Claim Construction Positions

• "a security policy" (claims 1 and 10): Petitioner argued this term should be construed to mean "one or more security policies." This position was based on the standard rule that the indefinite article "a" in an open-ended claim means "one or more." Petitioner asserted that nothing in the ’164 patent evinces a clear intent to limit the term to a single policy, and noted that the specification frequently refers to "security policies" in the plural.

5. Relief Requested

• Petitioner requests institution of an inter partes review and cancellation of claims 1-7, 9-16, and 18 of the ’164 patent as unpatentable.