Micron Technology Inc v. SecureWave Storage Solutions Inc

1. Case Identification

• Case #: IPR2019-00932
• Patent #: 7,036,020
• Filed: April 9, 2019
• Petitioner(s): Micron Technology, Inc.
• Patent Owner(s): SecureWave Storage Solutions, Inc.
• Challenged Claims: 1-14

2. Patent Overview

• Title: Methods and Systems for Promoting Security in a Computer System Employing Attached Storage Devices
• Brief Description: The ’020 patent describes a storage device with a standard data partition and a secure data partition. Access to the secure partition, which stores sensitive data and access credentials called "authority records," is managed by the device's internal firmware.

3. Grounds for Unpatentability

Ground 1: Obviousness over Hamlin and Fisherman - Claims 1-3, 5, and 12-14 are obvious over Hamlin in view of Fisherman.

• Prior Art Relied Upon: Hamlin (Patent 7,003,674) and Fisherman (Patent 5,586,301).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Hamlin disclosed the core features of the challenged claims, including a storage device with a public partition and a secure "pristine area" (the claimed "secure data partition"). Hamlin’s pristine area stored both encrypted data and "user/device authentication information" (the claimed "authority records"), and its access was managed by an internal control system (the claimed "firmware"). Petitioner contended that Fisherman supplied the missing limitations, specifically teaching a "supervisor" user with the ability to create and delete other users and their associated data. This supervisor function mapped directly to the claimed "master authority record" that governs other authority records.
  • Motivation to Combine: A POSITA would combine Fisherman with Hamlin to improve the security and utility of Hamlin’s multi-user storage system. Hamlin contemplated a multi-user environment but lacked a robust management system. Fisherman provided a known solution by introducing a supervisor role to manage user accounts and flexible access permissions (e.g., read/write rights), which was a recognized need for such systems. This would predictably enhance Hamlin’s security by allowing an administrator to enforce different access policies for different users.
  • Expectation of Success: Petitioner asserted a POSITA would have a high expectation of success, as integrating Fisherman's supervisor functionality into Hamlin's system would only require routine and predictable modifications to the firmware's data management routines.

Ground 2: Obviousness over Hamlin, Fisherman, and Silvester - Claims 3 and 11 are obvious over Hamlin in view of Fisherman and Silvester.

• Prior Art Relied Upon: Hamlin (Patent 7,003,674), Fisherman (Patent 5,586,301), and Silvester (Patent 7,155,615).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground built upon the Hamlin and Fisherman combination by adding Silvester to address the limitations of claim 3 ("secure data...is invisible to the operating system") and claim 11 ("secure data is accessed by the firmware using a security partition open call internal to the storage device and hidden from a user"). Petitioner argued that Silvester explicitly taught a secure-private partition (SPP) that is "invisible to the operating system" when in a locked mode. Silvester also disclosed that operations for opening and closing this partition were carried out by the internal disk controller, making the access mechanism both internal and hidden from the end-user.
  • Motivation to Combine: A POSITA would incorporate Silvester’s teachings to further Hamlin's stated goal of protecting data from compromised operating systems. Making the secure partition invisible, as taught by Silvester, was a direct and effective way to prevent a malicious OS from detecting or accessing it. Hiding the "open call" improved both security, by obscuring the access mechanism from attackers, and usability, by not burdening the user with an extra step.
  • Expectation of Success: Success would be expected from routine firmware changes, such as preventing the firmware from exposing the secure partition’s address range to the operating system's memory maps.

Ground 3: Obviousness over Hamlin, Fisherman, and Mirov - Claims 6-10 are obvious over Hamlin in view of Fisherman and Mirov.

• Prior Art Relied Upon: Hamlin (Patent 7,003,674), Fisherman (Patent 5,586,301), and Mirov (Patent 6,138,236).

• Core Argument for this Ground:

  • Prior Art Mapping: This ground added Mirov to the base combination to address limitations related to firmware security in claims 6-10, such as authenticating cryptographic code with a "root assurance" and using "non-writable" firmware. Petitioner asserted Mirov disclosed an apparatus for firmware authentication where a trusted, non-writable "authentication section" (the claimed "root assurance") stored in ROM authenticates the main, programmable firmware. This secure micro-code in the authentication section constituted the claimed "root assurance in the firmware."
  • Motivation to Combine: A POSITA would combine Mirov to secure the firmware in the Hamlin/Fisherman system. While Hamlin relied on firmware for its security, it did not specify how that firmware itself was protected from tampering or virus attacks. Mirov provided a well-known solution to this problem by teaching a method to verify firmware integrity at boot-up, a logical and necessary improvement for a security-focused device.
  • Expectation of Success: Petitioner argued the combination was predictable, as it would involve well-understood techniques like storing a portion of the firmware in ROM to serve as a trusted root and leveraging existing hashing functions within Hamlin to perform the verification.

• Additional Grounds: Petitioner asserted additional obviousness challenges, including a ground that claims 7-10 are obvious over Hamlin, Fisherman, Mirov, and Silvester, and a ground that claim 4 (reciting a public-private key pair) is obvious over Hamlin and Fisherman in view of Carter (Patent 6,738,907).

4. Key Claim Construction Positions

• "Authority Record(s)" / "Master Authority Record": Petitioner proposed these terms should be construed functionally as "data defining an entity's access permissions" and "data defining the access permissions of an entity that can govern...other authority records," respectively. This construction was argued to be supported by the claims, which focus on what the records do rather than their specific data structure.
• "Root Assurance": Petitioner proposed this term be construed as "code used to authenticate other code." This was based on the context of claim 6, where its purpose is to "authenticate the 'cryptograph code'," and the understanding that such a root of trust in firmware must itself be trusted code.

5. Arguments Regarding Discretionary Denial

• Petitioner argued against discretionary denial under 35 U.S.C. §325(d) or General Plastic factors by asserting that its petition was "markedly different" from two other IPR petitions filed against the ’020 patent (IPR2019-00494 and IPR2019-00501). Petitioner stated it relied on entirely different prior art than one petition and used a different primary reference and combination strategy than the other, ensuring the Board would consider substantively different arguments.

6. Relief Requested

• Petitioner requests institution of an inter partes review and cancellation of claims 1-14 of the ’020 patent as unpatentable under 35 U.S.C. §103.