Kingston Technology Company, Inc. v. SecureWave Storage Solutions, Inc.

1. Case Identification

• Patent #: 7,036,020
• Filed: December 21, 2018
• Petitioner(s): Kingston Technology Company, Inc.
• Patent Owner(s): SecureWave Storage Solutions, Inc.
• Challenged Claims: 1-14

2. Patent Overview

• Title: Methods and Systems for Promoting Security in a Computer System Employing Attached Storage Devices
• Brief Description: The ’020 patent discloses a computer security system using a storage device with a partitioned storage medium. The system's key feature is that firmware on the storage device, rather than the host operating system, manages access to a secure partition containing sensitive data and authority records.

3. Grounds for Unpatentability

Ground 1: Claims 1-4 and 12-14 are obvious over Silvester in view of Hamlin.

• Prior Art Relied Upon: Silvester (Patent 7,155,615) and Hamlin (Patent 7,155,616).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Silvester taught the foundational system of a storage device with a "secure-private partition" (SPP) that is normally invisible to the operating system. Silvester's disk controller handles access to this SPP. Hamlin was argued to teach improving security by performing authentication services within the disk drive's firmware, making it static and less susceptible to virus attacks compared to an OS-based implementation. The combination of Silvester and Hamlin allegedly disclosed all limitations of independent claims 1 and 12, including a storage device with a secure partition, firmware for access, and authority records defining access permissions.
  • Motivation to Combine: A person of ordinary skill in the art (POSITA) would combine Silvester and Hamlin to bolster the security of Silvester’s system. Silvester’s stated goal was to protect against computer viruses, and Hamlin explicitly taught that moving access control into drive firmware (as opposed to the OS) makes the system less vulnerable to such attacks. This was presented as a combination of known prior art elements to achieve a predictable result.
  • Expectation of Success: Success would be expected because implementing access control in firmware was a well-known and practical approach for disk drive controllers at the time, and combining these known security methods would predictably improve the overall system security.

Ground 2: Claim 5 is obvious over Silvester in view of Hamlin and further in view of Kadooka.

• Prior Art Relied Upon: Silvester (Patent 7,155,615), Hamlin (Patent 7,155,616), and Kadooka (Patent 5,428,685).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground built upon the combination of Silvester and Hamlin. Petitioner contended that claim 5 adds the limitation of "cryptographic operations embedded in the firmware of the storage device." While Hamlin disclosed cryptographic circuitry, Kadooka was cited for its explicit teaching of embedding encryption firmware within a memory device (an IC memory card) to encrypt data before it is written to storage.
  • Motivation to Combine: A POSITA, having combined Silvester and Hamlin to create a secure storage device, would be motivated to incorporate Kadooka’s teachings to further improve security by adding encryption. Implementing this encryption within the existing firmware, as taught by Kadooka, was argued to be a predictable design choice for improving efficiency and security, as it would keep all security functions localized on the device.
  • Expectation of Success: A POSITA would have a reasonable expectation of success in integrating Kadooka's firmware-based encryption into the Silvester/Hamlin device, as it represented the application of a known technique (encryption) to a known device (secure drive) to improve its function.

Ground 3: Claims 6-10 are obvious over Silvester in view of Hamlin, Kadooka, and Dancs.

• Prior Art Relied Upon: Silvester (Patent 7,155,615), Hamlin (Patent 7,155,616), Kadooka (Patent 5,428,685), and Dancs (Patent 6,141,752).

• Core Argument for this Ground:

  • Prior Art Mapping: This ground addressed claims requiring that the "cryptographic code is authenticated with a root assurance in the firmware." Building on the prior grounds, Petitioner introduced Dancs, which taught authenticating data using a "root public key" that serves as a "root authority." Dancs further taught storing this root key in non-writable memory (ROM) to guarantee its integrity. This was mapped to the "root assurance" limitation, which Petitioner argued should be construed as a root authority.
  • Motivation to Combine: A POSITA would be motivated to add the teachings of Dancs to the combined device of Silvester, Hamlin, and Kadooka to ensure the authenticity of the cryptographic code itself. After adding encryption (from Kadooka), ensuring that the encryption code has not been tampered with would be the next logical step to secure the system, and using a root authority stored in ROM as taught by Dancs was a known method to achieve this.
  • Expectation of Success: The combination was asserted to be predictable, as it involved adding another known layer of security (authentication of the security code) to an existing secure system.

• Additional Grounds: Petitioner asserted additional obviousness challenges, including Ground 1A (adding the X.509 standard to the Silvester/Hamlin combination for claim 4), Ground 4A (an alternative combination for claims 7-10), and Ground 5 (combining Silvester, Hamlin, and Monsen for claim 11's "security partition open call" limitation). These grounds relied on similar principles of combining known security techniques to achieve predictable improvements.

4. Key Claim Construction Positions

• "Authority Record": Petitioner argued this term should be construed as "a record that is used to authenticate users and grant them access to the secure partition of the storage device." This construction was based on the specification's description and Figure 4, which shows the record containing access rights and password information, aligning it with user authorization data.
• "Root Assurance": Petitioner contended this term has no established meaning in the art and was coined by the applicant. Based on the patent's context of public key cryptography, Petitioner argued a POSITA would understand "root assurance" to mean "a root authority stored in the firmware of the device." This construction was central to the obviousness arguments for claims requiring authentication, as "root authority" is a well-known concept taught by prior art like Dancs.

5. Relief Requested

• Petitioner requested institution of an inter partes review and cancellation of claims 1-14 of the ’020 patent as unpatentable under 35 U.S.C. §103.