Kingston Technology Co Inc v. SecureWave Storage Solutions Inc

1. Case Identification

• Case #: IPR2020-00139
• Patent #: 7,036,020
• Filed: November 6, 2019
• Petitioner(s): Kingston Technology Company, Inc.
• Patent Owner(s): SecureWave Storage Solutions, Inc.
• Challenged Claims: 1-14

2. Patent Overview

• Title: Storage Device for Promoting Security in a Computer System
• Brief Description: The ’020 patent discloses a storage device, such as a disk drive, that enhances security by using firmware to manage a partitioned storage medium. The medium is divided into a general data partition and a secure data partition, with access to the secure partition governed by "authority records" that define user permissions.

3. Grounds for Unpatentability

Ground 1: Claims 1-3, 5, and 11-14 are obvious over Hamlin in view of Fisherman.

• Prior Art Relied Upon: Hamlin (Patent 7,003,674) and Fisherman (Patent 5,586,301).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Hamlin disclosed the core limitations of independent claims 1 and 12, including a storage device with firmware that divides a storage medium into a public partition and a secure partition (a "pristine area"). Hamlin's secure partition stores both sensitive data and "user/device authentication information," which Petitioner asserted corresponds to the claimed "authority records." Fisherman was cited to teach the remaining limitations, specifically a "master authority record." Fisherman disclosed a hard disk protection system with a "supervisor" user whose credentials are in the first element of a user list and who can create, delete, and govern other users, thereby teaching a master authority record that governs other authority records.
  • Motivation to Combine: Petitioner contended that a person of ordinary skill in the art (POSITA) would combine Hamlin and Fisherman because both address the same field of secure storage devices. A POSITA would have recognized that incorporating Fisherman's supervisor user and flexible access permissions into Hamlin's multi-user environment was a predictable solution to improve the security and utility of managing multiple authorized users.
  • Expectation of Success: Petitioner asserted a POSITA would have a reasonable expectation of success, as implementing Fisherman's supervisor and access control features would only require routine and predictable modifications to Hamlin's firmware.

Ground 2: Claim 4 is obvious over Hamlin and Fisherman in view of Carter.

• Prior Art Relied Upon: Hamlin (Patent 7,003,674), Fisherman (Patent 5,586,301), and Carter (Patent 6,738,907).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground builds on the Hamlin and Fisherman combination to address claim 4's limitation requiring each authority record to contain a "public-private key pair for authenticating data." Petitioner argued that Carter taught this element through its disclosure of a "soft-token store" containing user records. Each user record in Carter contains a certificate with a public key and a corresponding private key set, which are used to authenticate transactions (i.e., updates to secure data like passwords) via a digital signature.
  • Motivation to Combine: A POSITA would combine Carter with the Hamlin/Fisherman system to improve security. While Hamlin mentioned using public-private keys for encrypting data, Petitioner argued a POSITA would be motivated by Carter to extend this known technology to also authenticate data being written to the secure partition. This would provide an additional layer of security by ensuring data integrity and confirming that alterations were made only by authorized users.
  • Expectation of Success: Petitioner claimed success would be expected because Hamlin already disclosed the capability to process public-private keys. Therefore, the only modification required would be the routine step of storing the key pair within each user's authority record and using it for authentication, as taught by Carter.

Ground 3: Claims 6-10 are obvious over Hamlin and Fisherman in view of Mirov.

• Prior Art Relied Upon: Hamlin (Patent 7,003,674), Fisherman (Patent 5,586,301), and Mirov (Patent 6,138,236).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground adds Mirov to the Hamlin/Fisherman combination to address limitations in claims 6-10 related to firmware security, specifically authenticating cryptographic code with a "root assurance" (claim 6) and making the firmware "non-writable" (claim 6). Petitioner asserted Mirov disclosed a method for firmware authentication where a secure, trusted section of micro-code (the "root assurance") authenticates the main programmable firmware. Mirov also taught that this trusted authentication code is typically stored in a boot ROM (read-only memory), thus disclosing non-writable firmware.
  • Motivation to Combine: A POSITA would combine Mirov with the Hamlin/Fisherman system to secure the device's firmware itself. While Hamlin disclosed using firmware, it did not detail how to protect it from malicious attacks. Mirov directly addressed this problem by teaching a method to verify firmware authenticity upon boot-up. A POSITA would have been motivated to incorporate this teaching to protect the combined system from viruses or tampering.
  • Expectation of Success: Petitioner argued that integrating Mirov's teachings would involve well-understood modifications to the firmware's organization. The process would leverage hashing and encryption functionalities already present in Hamlin to create a trusted root authority that verifies the operating code, leading to a predictable result.
• Additional Grounds: Petitioner asserted additional obviousness challenges, including grounds where Silvester (Patent 7,155,615) was added to teach a secure partition that is explicitly "invisible to the operating system" and a fifth ground combining Hamlin, Fisherman, Mirov, and Silvester.

4. Key Claim Construction Positions

• "authority record(s)": Petitioner proposed this term means "data defining an entity's access permissions." This construction is functional and not limited to a specific data structure.
• "master authority record": Following from the above, Petitioner proposed this term means "data defining the access permissions of an entity that can govern (e.g., create and delete) other authority records."
• "root assurance": Petitioner proposed this term means "code used to authenticate other code," arguing the claims and specification support that its purpose is to authenticate the cryptographic code in the firmware.

5. Arguments Regarding Discretionary Denial

• Petitioner argued that the Board should institute the inter partes review (IPR) and not exercise discretionary denial because the petition was filed concurrently with a motion for joinder to an already-instituted IPR (IPR2019-00932) involving the same patent and substantially identical grounds.

6. Relief Requested

• Petitioner requested institution of an IPR and cancellation of claims 1-14 of the ’020 patent as unpatentable under 35 U.S.C. §103.