PTAB

IPR2020-00323

IBM Corp v. Trusted Knight Corp

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Apparatus, System, and Method for Protecting Against Keylogging Malware
  • Brief Description: The ’473 patent describes a method to prevent software keylogging malware from capturing confidential user data. The method involves installing an anti-key logger at a highly privileged access level in a browser's Application Programming Interface (API) stack, detecting a form submission event, submitting the user's data to its destination, and then clearing the confidential data from the system to prevent its interception.

3. Grounds for Unpatentability

Ground 1: Anticipation by the Grandparent Patent - Claims 1-29 are anticipated by the ’445 Patent.

  • Prior Art Relied Upon: Grandparent (Patent 8,316,445).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that the ’473 patent is not entitled to its claimed priority date due to a broken priority chain, making its own direct ancestor, the Grandparent patent, anticipatory prior art under 35 U.S.C. §102. The priority chain was allegedly broken by an intermediate application (the “Parent” patent), which was filed as a continuation-in-part but contained an entirely new specification and claims directed exclusively to new subject matter (memory scraping) not found in the Grandparent. Because the Parent was not entitled to the Grandparent’s filing date, neither is the ’473 patent. Since the ’473 patent’s specification is a near-verbatim copy of the Grandparent’s specification, the Grandparent was argued to disclose each and every limitation of the challenged claims.
    • Key Aspects: This ground rests on a legal argument regarding the interpretation of 35 U.S.C. §120 and the effect of a continuation-in-part application that prosecutes claims only to new matter.

Ground 2: Obviousness over Waterson and Ross - Claims 1-6, 8-17, and 19-29 are obvious over Waterson in view of Ross.

  • Prior Art Relied Upon: Waterson (Patent 7,779,062) and Ross (Blake Ross et al., Stronger Password Authentication Using Browser Extensions, 14th USENIX Security Symposium, 2005).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner asserted that Waterson taught a kernel-level anti-keylogging system that protects against malware by ensuring it is the first program to interface with the keyboard driver and "contaminating" the keystroke data stream with random data to render it useless to keyloggers. However, Waterson did not explicitly address browser-level, form-grabbing malware that captures data upon submission. Ross remedied this deficiency by teaching a browser extension that specifically traps browser form submission events (e.g., "BeforeNavigate2") to replace passwords with hashed versions immediately before submission. The combination of Waterson's low-level driver protection with Ross's high-level browser event trapping was alleged to teach the claimed invention, including installing an anti-key logger at a privileged level that acts on a browser submission event.
    • Motivation to Combine: A POSITA would combine Waterson and Ross to achieve "complete mediation"—a core security principle requiring all security-sensitive interfaces to be protected. The combination would create a more robust solution that protects against both kernel-level keystroke interception (per Waterson) and browser-level form submission interception (per Ross), which was an obvious path to improving security.
    • Expectation of Success: A POSITA would have a high expectation of success, as Waterson itself disclosed that its software could be implemented as a browser plug-in, which is analogous to the browser helper object described in Ross, making the integration a routine modification.

Ground 3: Obviousness over Waterson, Ross, and Geon - Claims 1-6, 8-17, and 19-29 are obvious over Waterson and Ross in view of Geon.

  • Prior Art Relied Upon: Waterson (Patent 7,779,062), Ross (2005 USENIX paper), and Geon (Patent 7,774,595).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground was presented as an alternative in the event the Board determined that the combination of Waterson and Ross did not sufficiently teach the limitation of "clearing" confidential data. Waterson teaches "contaminating" data, which Petitioner argued met the court's construction of "removing meaning." To provide an express disclosure, Petitioner introduced Geon. Geon teaches a security keyboard driver that uses a Clearbuffer() function to reset a keyboard buffer to "dummy data," explicitly preventing data from being read from the I/O port after it has been processed. This was argued to be an explicit teaching of clearing confidential data from a buffer to prevent its capture.
    • Motivation to Combine: A POSITA would be motivated to incorporate Geon's explicit buffer-clearing functionality into the Waterson/Ross system to add another layer of security. After data is entered and submitted, clearing the keyboard buffer as taught by Geon would ensure no residual sensitive information could be captured by malware, thus enhancing the overall protection provided by the combined system.
    • Expectation of Success: Success would be expected, as both Waterson and Geon describe low-level, driver-based security mechanisms that manipulate keyboard data. Adding Geon's buffer-clearing step would be a simple and predictable modification to Waterson's existing driver-level software.

4. Key Claim Construction Positions

  • "clearing confidential data": Petitioner adopted the construction from a related district court litigation involving the Grandparent patent. The term was construed as "removing meaning from confidential data." This construction is broader than simply deleting data and encompasses methods like encryption or data contamination, which Petitioner argued was taught by Waterson's method of mixing clean user data with a random data stream.

5. Relief Requested

  • Petitioner requested institution of an inter partes review and cancellation of claims 1-29 of the ’473 patent as unpatentable.