Trend Micro Inc v. Cupp Computing As

1. Case Identification

• Case #: IPR2019-00803
• Patent #: 8,789,202
• Filed: March 8, 2019
• Petitioner(s): Trend Micro Inc.
• Patent Owner(s): CUPP Computing AS
• Challenged Claims: 1, 3-4, 6, 10, 11, 13-14, 16, 20, and 21

2. Patent Overview

• Title: Systems and Methods for Providing Real Time Access Monitoring of a Removable Media Device
• Brief Description: The ’202 patent describes a mobile security system, typically on a removable media device like a USB drive. When the device is connected to a host computer, it injects "redirection code" that intercepts data requests, determines whether to allow the requests based on a security policy, and then provides the data accordingly to filter malicious code.

3. Grounds for Unpatentability

Ground 1: Obviousness over Aussel and Barton - Claims 11, 13, 16, and 20 are obvious over Aussel in view of Barton.

• Prior Art Relied Upon: Aussel (Application # 2010/0186093) and Barton (Patent 7,665,137).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Aussel taught a portable mass storage device (e.g., USB key) with a security application. Upon connection to a computer, this application uses an "autorun" feature to "hook" the operating system—injecting redirection code (a substitute DLL) to intercept and filter unsafe operations. However, Aussel did not explicitly place this security functionality within a dedicated hardware "controller" on the device. Barton allegedly supplied this missing element by teaching a storage subsystem that includes a hardware controller for scanning data to detect malicious code based on a security policy. The combination of Aussel’s portable security system with Barton’s dedicated scanning controller allegedly rendered the limitations of independent claim 11 obvious.
  • Motivation to Combine: A POSITA would combine Barton’s controller-based scanning with Aussel’s system to improve performance. Barton explicitly taught that integrating scanning functions into a storage subsystem controller frees up the host computer’s CPU resources for other tasks. This provided a clear motivation to implement Aussel’s software-based security functions in a dedicated hardware controller.
  • Expectation of Success: Petitioner asserted that a POSITA would have a reasonable expectation of success because both references address the same technical problem (malware scanning for data from storage) using compatible methods (intercepting data requests). The combination represented a predictable integration of a known hardware solution (Barton’s controller) with a known software system (Aussel’s hooking mechanism).

Ground 2: Obviousness over Aussel, Barton, and Touboul - Claims 11, 13-14, 16, and 20 are obvious over Aussel and Barton in view of Touboul.

• Prior Art Relied Upon: Aussel (Application # 2010/0186093), Barton (Patent 7,665,137), and Touboul (Application # 2007/0199060).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground presented an alternative argument for the obviousness of the device claims. Petitioner contended that if Aussel was found not to teach the specific limitation of a security policy "implementing content analysis and risk assessment algorithms," Touboul explicitly did. Touboul, whose named inventor is a co-inventor of the ’202 patent, described a mobile security system that performs weighted risk analysis based on factors like content type, source, and complexity to determine whether to allow access. Petitioner argued that adding Touboul’s specific algorithms to the Aussel/Barton combination rendered the claims obvious.
  • Motivation to Combine: A POSITA implementing the security system of Aussel would be motivated to incorporate the specific, well-defined algorithms from Touboul to improve the system's effectiveness. Touboul expressly stated that its algorithms provide a "higher security level," which is a universally desirable goal in the security field. This provided a strong reason to supplement Aussel's more general filtering rules with Touboul’s detailed risk assessment techniques.
  • Expectation of Success: Success was predictable because Aussel and Touboul described highly analogous systems (portable USB security devices using hooking techniques to protect a host computer). Their functionalities were complementary, and integrating Touboul's known algorithms into Aussel’s system would have been a straightforward design choice for a POSITA.

Ground 3: Obviousness over Aussel and Touboul - Claims 1, 3-4, 6, 10, and 21 are obvious over Aussel in view of Touboul.

• Prior Art Relied Upon: Aussel (Application # 2010/0186093) and Touboul (Application # 2007/0199060).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground challenged the patent’s method claims. Petitioner argued that Barton was unnecessary for these claims because they do not recite a hardware "controller." Aussel alone taught the core method steps: detecting a coupled removable device, injecting redirection code, and intercepting data requests. Touboul was then combined to explicitly teach the step of "determining whether to allow the intercepted request for data based on a security policy, the security policy implementing content analysis and risk assessment algorithms." Aussel provided the framework, and Touboul provided the specific algorithmic intelligence for the decision-making step.
  • Motivation to Combine: The motivation was identical to that in Ground 2: to apply a known, advanced technique (Touboul's risk analysis) to a known system (Aussel's security method) to improve its performance and achieve a higher level of security, which was a recognized objective in the field.
  • Expectation of Success: The combination was expected to succeed due to the significant technological overlap between Aussel and Touboul, making the integration of their respective features predictable and well within the skill of a POSITA.

4. Key Claim Construction Positions

• "login engine configured to": Petitioner argued this term should not be construed under 35 U.S.C. § 112(f) as a means-plus-function limitation because "engine" is a recognized structural term in the art, not a nonce word like "means." Further, Petitioner contended the term should not be construed to require any authentication or "login" functionality, as the patent specification described password entry as an optional embodiment. This construction was critical to mapping Aussel's "autorun" program to the claimed "login engine."

5. Key Technical Contentions (Beyond Claim Construction)

• Priority Date Challenge: Petitioner argued that claims 11, 13-14, 16, and 20 were not entitled to the November 19, 2008 priority date of the provisional application. The petition asserted that the provisional application failed to provide written description support for a controller on the removable media device performing the security determination. Instead, the provisional described this function as being performed by software injected onto and running on the host PC. This contention, if successful, would establish an earlier effective date for certain prior art references.

6. Arguments Regarding Discretionary Denial

• Petitioner argued that discretionary denial under §314(a) or §325(d) was improper. The petition emphasized that none of the primary prior art references (Aussel, Barton, or Touboul) were considered during the original prosecution of the ’202 patent. It further asserted that the references were not cumulative of the art of record and that this petition represented the first post-grant challenge to any claim of the patent.

7. Relief Requested

• Petitioner requested institution of an inter partes review and cancellation of claims 1, 3-4, 6, 10, 11, 13-14, 16, 20, and 21 of the ’202 patent as unpatentable.