PTAB

IPR2019-00501

Unified Patents, LLC v. SecureWave Storage Solutions, Inc.

Log In

1. Case Identification

2. Patent Overview

  • Title: Storage Device Security
  • Brief Description: The ’020 patent describes methods and systems for promoting security in a computer system using techniques isolated within a storage device. The invention relates to a storage device containing firmware that manages a secure data partition, which stores authority records to control access, thereby operating independently of the host computer's operating system.

3. Grounds for Unpatentability

Ground 1: Obviousness over Guthery and Dethloff - Claims 1-5 are obvious over Guthery in view of Dethloff.

  • Prior Art Relied Upon: Guthery (Patent 6,567,915) and Dethloff (Patent 4,837,422).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued Guthery, which teaches a multi-application smart card, discloses most elements of the challenged claims. Guthery's smart card is a storage device with a partitioned EEPROM (public and private storage) and firmware (programs in ROM) that controls access. Petitioner asserted that Guthery’s "authentication table" and "authorization tables," which define access rights for various identities (e.g., holder, video store), constitute the claimed "authority records" stored in a secure partition (Guthery’s private storage).
    • Motivation to Combine: While Guthery taught that identities could be added to or removed from its authentication table, it did not specify how. Petitioner argued a person of ordinary skill in the art (POSA) would look to a compatible system like Dethloff to implement this functionality. Dethloff, another multi-user smart card patent, explicitly teaches using a "master PIN" to create and delete "sub-user" accounts, thereby providing a mechanism for managing user records.
    • Expectation of Success: A POSA would combine Dethloff's master PIN concept with Guthery's table-based access control to create a "master authority record" with a predictable result. This combination would simply implement a known administrative control scheme into Guthery's existing framework, improving its functionality as Guthery itself contemplated.

Ground 2: Obviousness over Guthery, Dethloff, and Moran - Claims 1-5 are obvious over Guthery in view of Dethloff and Moran.

  • Prior Art Relied Upon: Guthery (Patent 6,567,915), Dethloff (Patent 4,837,422), and Moran (Patent 6,324,537).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground incorporated the arguments from Ground 1 and added Moran to further support the firmware limitations. Petitioner asserted Moran teaches an access control device with firmware that is integrated with the storage device hardware. Moran's system is explicitly designed so the host CPU cannot directly access the secure data; instead, all requests must pass through the access control firmware.
    • Motivation to Combine: Petitioner argued a POSA would be motivated to incorporate Moran’s teachings to strengthen the security of the Guthery/Dethloff system. Moran's approach of embedding tamper-resistant firmware directly into the hardware provided a well-understood method to ensure access control was truly isolated from the host OS, a key goal of the ’020 patent. This would address any ambiguity as to whether Guthery's access control was sufficiently isolated.
    • Expectation of Success: Since all three references address securing data on storage devices, a POSA would have found it obvious and predictable to implement the access control methods of Guthery/Dethloff using the robust, hardware-integrated firmware architecture taught by Moran.

Ground 3: Obviousness over Robb, Jones, and Grawrock - Claims 1-5 are obvious over Robb in view of Jones and Grawrock.

  • Prior Art Relied Upon: Robb (Patent 6,931,503), Jones (Patent 5,623,637), and Grawrock (Patent 6,081,893).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued Robb discloses the foundational system: a storage device with supervisor firmware that controls access to data partitions, including a "special partition" or "dedicated area" that is hidden from the host system. Petitioner contended Robb lacks the claimed "authority records" and "master authority record." To supply these elements, Petitioner turned to Jones, which teaches securing memory card partitions with passwords and access codes (the "authority records"), and Grawrock, which teaches a system administrator log-in record with privileges to create and delete other user records (the "master authority record").
    • Motivation to Combine: A POSA seeking to improve Robb's system by adding granular, user-specific access controls would have been motivated to combine these references. The POSA would first incorporate Jones's per-partition password system to control access and then add Grawrock's administrator functionality to manage those user privileges in a multi-user environment.
    • Expectation of Success: It would have been obvious to store the authority records from Jones and the master record from Grawrock within Robb's secure "special partition." This would be a logical and predictable design choice to protect the access control data itself from tampering, achieving enhanced security by leveraging the existing secure architecture of Robb.

4. Key Claim Construction Positions

  • "one or more authority records": Petitioner proposed this term means "at least one record that defines who or what has access to the secure partition and secure data." This construction is central to its argument that data structures like Guthery’s authentication tables and Jones’s password entries meet the claim limitation.
  • "master authority record": Petitioner proposed this term means "an authority record that provides access permissions for a user to create or delete other authority records." This construction allows Petitioner to map prior art administrator-level functions, such as those in Dethloff and Grawrock, to this specific claim element.

5. Arguments Regarding Discretionary Denial

  • Petitioner argued against discretionary denial of institution, noting a parallel inter partes review (IPR), IPR2019-00494, had been filed by Kingston Technology against the same ’020 patent.
  • Petitioner contended that its challenge raised new issues not considered by the USPTO during prosecution, as the primary reference, Guthery, was not previously cited.
  • It further argued that its petition was not cumulative of the Kingston IPR, as there was no overlap in the prior art references or arguments between the two petitions, and that filing before an institution decision in the Kingston matter warranted review on the merits.

6. Relief Requested

  • Petitioner requests institution of an IPR and cancellation of claims 1-5 of the ’020 patent as unpatentable.