Expedia, Inc. v. International Business Machines Corporation

1. Case Identification

• Case #: Unassigned
• Patent #: 7,631,346
• Filed: December 6, 2018
• Petitioner(s): Expedia, Inc.; Homeaway.com, Inc.; Hotels.com L.P.; Hotwire, Inc.; Orbitz Worldwide, Inc.; Orbitz, LLC; & Travelscape LLC
• Patent Owner(s): International Business Machines Corp.
• Challenged Claims: 3 and 12-14

2. Patent Overview

• Title: Method for Managing User Authentication in a Federated Computing Environment
• Brief Description: The ’346 patent discloses a method for providing single-sign-on (SSO) functionality within a federated computing environment composed of identity providers and service providers. The invention purports to improve upon prior art SSO systems by enabling the creation of a user account at a service provider during the SSO process itself.

3. Grounds for Unpatentability

Ground 1: Claims 3 and 12-14 are obvious over Barriga-Caceres in view of Sunada.

• Prior Art Relied Upon: Barriga-Caceres (Application # 2003/0163733) and Sunada (Japanese Application Publication 2004-302907).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Barriga-Caceres discloses a federated SSO system where a first system (an Authentication Provider or AP) authenticates a user for access to a protected resource on a second system (a Service Provider or SP). Barriga-Caceres teaches the core SSO flow, including using front-channel and back-channel communications (e.g., SAML assertions) to authenticate a user. However, Barriga-Caceres requires the user to already have an account with the SP. Petitioner contended that Sunada remedies this deficiency by disclosing a method for creating a user account at a service during an SSO process if it is determined that the user does not have one. By incorporating Sunada’s on-the-fly account creation into the SSO flow of Barriga-Caceres, all limitations of the challenged claims are met.
  • Motivation to Combine (for §103 grounds): A POSITA would combine Barriga-Caceres and Sunada because both address the same field of SSO in federated systems. Barriga-Caceres explicitly notes that SPs "may experience an increase in potential users," but its system is limited to users who already have accounts. A POSITA would be motivated to incorporate Sunada’s known technique for new-user account creation to improve the Barriga-Caceres system, thereby seamlessly onboarding new customers and achieving the stated goal of increasing the user base.
  • Expectation of Success (for §103 grounds): A POSITA would have had a high expectation of success because implementing real-time account creation was one of a finite number of predictable solutions to the problem of handling new users, and Sunada provided a detailed, working implementation of this solution.

Ground 2: Claims 3 and 12-14 are obvious over Barriga-Caceres in view of Mellmer.

• Prior Art Relied Upon: Barriga-Caceres (Application # 2003/0163733) and Mellmer (Patent 7,680,819).
• Core Argument for this Ground:
  • Prior Art Mapping: The core argument is analogous to Ground 1. Petitioner again relied on Barriga-Caceres to teach the foundational federated SSO architecture where a user must have a pre-existing account at the SP. To supply the missing element of dynamic account creation, Petitioner pointed to Mellmer. Mellmer discloses a "DigitalMe" SSO system where, if a partner site determines a user does not have an account, it automatically generates a new one. The combination of Barriga-Caceres's SSO framework with Mellmer's account creation process allegedly renders the challenged claims obvious.
  • Motivation to Combine (for §103 grounds): The motivation to combine Barriga-Caceres with Mellmer mirrors the motivation for Ground 1. A POSITA would be motivated by market forces and design incentives to enhance the Barriga-Caceres system to capture new users who lack accounts. Incorporating the known technique of automated account creation from a similar SSO system (Mellmer) into Barriga-Caceres would have been an obvious way to improve the system and expand its utility for SPs.
  • Expectation of Success (for §103 grounds): A POSITA would have reasonably expected success in combining the references, as Mellmer provides a clear, predictable process for creating user accounts in real-time within an SSO operation, directly addressing the limitation in Barriga-Caceres.

4. Key Claim Construction Positions

• Petitioner noted that the PTAB, in prior IPRs involving the ’346 patent, had construed key terms. Petitioner appeared to adopt these constructions for its arguments.
  • "federated computing environment": Construed as "an environment having a loosely coupled affiliation of entities that adhere to certain standards of interoperability; the federation provides a mechanism for trust among those entities with respect to certain computational operations for the users within the federation."
  • "single sign-on operation": Construed as "a process by which a user is authenticated at a first entity and subsequently not required to perform another authentication before accessing a protected resource at a second entity."
• Petitioner asserted that its unpatentability grounds are valid under these constructions and also argued that the grounds hold even under the Patent Owner's alternative construction, which requires multiple distinct enterprises.

5. Relief Requested

• Petitioner requests institution of inter partes review and cancellation of claims 3 and 12-14 of the ’346 patent as unpatentable.