Rubrik Inc v. Commvault Systems Inc

1. Case Identification

• Case #: IPR2021-00535
• Patent #: 8,447,728
• Filed: February 22, 2021
• Petitioner(s): Rubrik, Inc.
• Patent Owner(s): Commvault Systems, Inc.
• Challenged Claims: 1-15 and 20-22

2. Patent Overview

• Title: System and Method for Storage Operation Access Security
• Brief Description: The ’728 patent discloses systems and methods for managing user access rights in a data management system. The invention focuses on applying security and access controls from a source data file to a secondary copy (e.g., a backup) created during a storage operation, and on migrating user security information from an external system.

3. Grounds for Unpatentability

Ground 1: Obviousness over Flank - Claim 1 is obvious over Flank

• Prior Art Relied Upon: Flank (Patent 7,913,300).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Flank taught a centralized role-based access control (RBAC) system for storage servers that performed all steps of claim 1. Flank’s system received requests from identified, preexisting users to perform storage operations (e.g., backup), which create secondary copies of production data. The system then queried a security system (an access control list, or ACL) to determine if the user had rights to access specific files and computers. If authorized, the system performed the backup. Flank’s RBAC framework also determined which copies of source data a user within a group could access.
  • Motivation to Combine (for §103 grounds): Not applicable (single reference ground).
  • Expectation of Success (for §103 grounds): Not applicable (single reference ground).

Ground 2: Obviousness over Flank and Sandorfi - Claims 1, 20-22 are obvious over Flank in view of Sandorfi

• Prior Art Relied Upon: Flank (Patent 7,913,300), Sandorfi (Application # 2005/0108486).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner asserted that Flank provided the foundational RBAC system, while Sandorfi provided specific details on modern backup systems that render the claims obvious. Sandorfi was argued to explicitly teach creating backup data as “secondary copies” that are “usable to restore production data” but “not actively used by a live data server,” satisfying limitations in claims 1 and 20. For claim 20’s “data structure for associating access control information,” Petitioner pointed to Sandorfi’s disclosure of file descriptors that include file permissions and access restrictions for backup files.
  • Motivation to Combine (for §103 grounds): A POSITA would combine the references as they address complementary aspects of networked data management. Sandorfi provided detailed teachings on backup media and management practices that Flank only mentioned generally, making Sandorfi a natural source for a POSITA seeking to implement or improve Flank’s system.
  • Expectation of Success (for §103 grounds): A POSITA would have a high expectation of success as the combination involved integrating a known backup application (taught by Sandorfi) with a compatible access control system designed for such third-party applications (taught by Flank).

Ground 3: Obviousness over Flank and Shaji - Claims 2, 5, 7-14 are obvious over Flank in view of Shaji

• Prior Art Relied Upon: Flank (Patent 7,913,300), Shaji (Application # 2004/0204949).

• Core Argument for this Ground:

  • Prior Art Mapping: Petitioner argued that Shaji’s methods for migrating security policies would have been an obvious technique to apply when configuring user permissions in Flank’s system. Shaji taught migrating security principals (users and groups) from a source system to a destination system using migration tables, which Petitioner mapped to the limitations of claims 7-14 regarding migrating a user from an external security infrastructure. Shaji’s teaching of preserving ACLs when copying an object was argued to teach applying a source file’s access rights to its secondary copy, as recited in claim 5.
  • Motivation to Combine (for §103 grounds): A POSITA implementing Flank’s RBAC system would be motivated to use Shaji’s migration techniques to leverage a pre-existing external directory service (e.g., Active Directory). This approach would be far more efficient, secure, and less error-prone than manually recreating all users and permissions from scratch within Flank’s data management system.
  • Expectation of Success (for §103 grounds): The combination involved applying a well-known data migration technique to a data management system, a predictable and routine task for a person of ordinary skill.

• Additional Grounds: Petitioner asserted additional obviousness challenges based on combinations including Flank, Sandorfi, Shaji, Redlich (Application # 2005/0138110), Feinleib (Patent 7,805,721), Unix Backup & Recovery (a 1999 publication), and Zimniewicz (Application # 2004/0260565).

4. Arguments Regarding Discretionary Denial

• Petitioner argued against discretionary denial under 35 U.S.C. §314(a), asserting that the PTAB should institute review because the co-pending district court trial date was set for January 30, 2023, well over 18 months from the petition’s filing date. Petitioner also contended that the primary reference (Flank) and nearly all secondary references were not considered during the original prosecution of the ’728 patent, weighing against denial.

5. Relief Requested

• Petitioner requests institution of an inter partes review and cancellation of claims 1-15 and 20-22 of Patent 8,447,728 as unpatentable.