Expedia, Inc. v. International Business Machines Corporation

1. Case Identification

• Patent #: 6,374,359
• Filed: July 11, 2019
• Petitioner(s): Expedia, Inc.; HomeAway.com, Inc.; Hotels.com L.P.; Hotwire, Inc.; and Orbitz, LLC
• Patent Owner(s): International Business Machines Corp.
• Challenged Claims: 17-20

2. Patent Overview

• Title: Method for Authenticating a Web Browser User
• Brief Description: The ’359 patent discloses a method for authenticating a web browser user by requiring the browser to refresh a webpage. This refresh action serves as confirmation to a web server that the browser has accepted a requested cookie, thereby addressing the problem of detecting when a browser refuses to accept cookies.

3. Grounds for Unpatentability

Ground 1: Claims 17-20 are obvious over Reiche in view of Fisher, Goodman, Stubbs, and the LDAP Draft.

• Prior Art Relied Upon: Reiche (Patent 6,092,196), Fisher (Spinning the Web, 1996), Goodman (JavaScript Handbook, 1996), Stubbs (a 1996 Usenet post), and the LDAP Draft (IETF Working Draft, July 29, 1997).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that the prior art combination discloses all elements of the challenged claims. Reiche was presented as teaching the foundational system for cookie-based authentication, including a multi-server architecture, constructing and encrypting a cookie, and using a server-side redirect (an HTTP 302-redirect) to verify it. Petitioner asserted that Fisher supplies the key limitation of a "refresh page," which was the basis for allowance during prosecution. Fisher explicitly taught an HTML <META HTTP-EQUIV=REFRESH> metatag as a well-known "client-pull" alternative to the server-side header-redirect used in Reiche.
  • For dependent claims, Petitioner argued that Stubbs taught including a user's IP address (the claimed "client destination address"), username, and password within the cookie to enhance security. Goodman was cited as disclosing an alternative, obvious method for setting the cookie using client-side JavaScript embedded in the webpage. Finally, the LDAP Draft was used to demonstrate that applying the authentication scheme to a well-known "given application" like an LDAP directory interface would have been obvious.
  • Motivation to Combine: A Person of Ordinary Skill in the Art (POSITA) would combine Reiche with Fisher as a simple substitution of one known redirect method for another to achieve predictable results and gain more developer control, such as avoiding potential server-side conflicts between Set-Cookie and Redirect headers. A POSITA would incorporate the teachings of Stubbs to address the widely known security vulnerabilities of cookies by adding user-specific data (IP address, credentials) to prevent forgery. Combining with Goodman represented a well-known design choice to use client-side JavaScript for more flexibility in setting cookies. Applying this entire enhanced authentication scheme to an LDAP directory, as described in the LDAP Draft, was argued to be an obvious application of the technique to a standard, well-known use case for authentication.
  • Expectation of Success: Petitioner asserted that a POSITA would have had a high expectation of success, as the combination involved the substitution of known, interchangeable components (e.g., Fisher’s HTML metatag for Reiche’s header-redirect) and the addition of features to solve known problems (e.g., Stubbs’s security enhancements) using predictable solutions.

4. Key Claim Construction Positions

• Petitioner dedicated significant argument to the construction of "refresh page," a term central to the patent's distinction over prior art during prosecution.
• Petitioner's Proposed Construction for "refresh page": "page containing HTML code for causing a Web browser to refresh the page".
• Rationale: Petitioner argued this construction was required by the patent’s specification, which only discloses an HTML metatag (<META HTTP-EQUIV="Refresh">) as the mechanism for the refresh. This construction aligns with the prosecution history, where this specific HTML-based mechanism was used to overcome a rejection based on Reiche, which used a server-based HTTP header-redirect. Petitioner contended that the Patent Owner’s broader construction (“content that redirects the web browser”) would improperly encompass the very prior art the Examiner found the invention to be patentable over, thus eliminating the basis for allowance.

5. Arguments Regarding Discretionary Denial

• Petitioner argued that discretionary denial under §325(d) would be inappropriate because the petition presented prior art and arguments substantially different from those considered during the original prosecution.
• The central argument was that the Examiner was never presented with prior art like Fisher, which explicitly teaches the HTML refresh metatag that formed the basis for allowing the claims over the Reiche reference. Because the petition's core combination relies on art that "fills gaps in a previously examined reference," Petitioner contended that review should be instituted.

6. Relief Requested

• Petitioner requested the institution of an inter partes review of claims 17-20 of Patent 6,374,359 and the cancellation of those claims as unpatentable under 35 U.S.C. §103.