F5 Inc v. Sunstone Information Defense Inc

1. Case Identification

• Case #: IPR2022-00484
• Patent #: 10,958,682
• Filed: January 26, 2022
• Petitioner(s): F5, Inc.; Capital One Financial Corporation
• Patent Owner(s): Sunstone Information Defense, Inc.
• Challenged Claims: 1-6, 8, 21-25, 27-28, 32, and 36

2. Patent Overview

• Title: System and Method for Detecting Malicious Applications
• Brief Description: The ’682 patent discloses systems and methods for detecting malicious applications that interfere with client-server communications, such as by spoofing a user interface to steal authentication credentials. The technology involves a server sending both data ("hard information") and rendering instructions ("soft information") to a client, predicting how the client should display the information and what the user response should be, and then comparing this prediction to the actual response received from the client to identify anomalies.

3. Grounds for Unpatentability

Ground 1: Obviousness over Ozzie and Chen - Claims 1-3, 6, and 8 are obvious over Ozzie in view of Chen.

• Prior Art Relied Upon: Ozzie (Application # 2010/0100725) and Chen (Application # 2008/0134338).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Ozzie taught the foundational elements of the challenged claims, including a server-based system for providing a multi-factor authentication user interface (UI) to a client device upon request. Ozzie discloses sending transactional information (e.g., username/password fields) and corresponding presentation information that specifies how the UI is displayed. Petitioner contended that Chen supplied the claimed predictive analysis. Chen taught a method for detecting visual spoofing flaws by using a "reasoning engine" to determine if a user's interaction with a UI (a "visual invariant," like mouse clicks) corresponds to the expected layout and behavior defined by the underlying program logic (a "program invariant," such as HTML source code). The combination, therefore, taught a system that sends an authentication UI and predicts a user response based on both the transactional data and its presentation code to detect malware.
  • Motivation to Combine: A person of ordinary skill in the art (POSITA) would combine these references to enhance security. Recognizing the shared goal of preventing credential theft, a POSITA would be motivated to integrate Chen’s sophisticated spoofing detection engine into Ozzie’s authentication framework to protect it from the exact types of UI manipulation and malware that Chen was designed to detect.
  • Expectation of Success: A POSITA would have a high expectation of success, as combining the references involved applying Chen's analysis of HTML and user interactions to the web-based UI generated by Ozzie, all of which used well-understood internet technologies.

Ground 2: Obviousness over Ozzie, Chen, and Frantz - Claim 4 is obvious over Ozzie in view of Chen and in further view of Frantz.

• Prior Art Relied Upon: Ozzie (Application # 2010/0100725), Chen (Application # 2008/0134338), and Frantz (Patent 8,756,684).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground asserted that the base combination of Ozzie and Chen taught the limitations of claim 1, from which claim 4 depends. Petitioner argued Frantz taught the additional limitations of claim 4: taking remedial action upon detecting a mismatch and predicting temporal characteristics of communication. Frantz disclosed detecting man-in-the-browser attacks by comparing a current user session's temporal characteristics (e.g., "the average time between clicks") against an average session baseline. Upon detecting a likely attack, Frantz’s “threat remediator” taught taking remedial action, such as blocking the client, transmitting a threat notification (an alert), or otherwise thwarting the transaction.
  • Motivation to Combine: In the pursuit of a more robust security system, a POSITA who combined Ozzie and Chen would be further motivated to incorporate Frantz's teachings. Frantz would add a complementary layer of security that analyzes behavioral and temporal data, allowing the system to detect anomalies that might not be apparent from analyzing UI structure alone, thereby increasing the overall likelihood of detecting malware.

Ground 3: Obviousness over Ozzie, Chen, and Boodaei - Claims 5, 21-25, 27-28, 32, and 36 are obvious over Ozzie in view of Chen and in further view of Boodaei.

• Prior Art Relied Upon: Ozzie (Application # 2010/0100725), Chen (Application # 2008/0134338), and Boodaei (Application # 2008/0222736).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground added Boodaei to the Ozzie/Chen combination to teach limitations related to varying presentation information and analyzing hidden UI features. Petitioner argued Boodaei taught proactively preventing malware from spoofing an interface by modifying an HTML page to obfuscate its forms and links. This modification, which included adding "invisible" form parameters hidden from the user, constituted the claimed "selecting a variation of the presentation information" and "estimating locations of features and functions that are hidden from display." Boodaei also taught using a "codeword set" (e.g., client-side Javascript) to encrypt and later de-obfuscate user responses, mapping to limitations in claims 12 and 16 concerning codeword utilization.
  • Motivation to Combine: A POSITA would combine Boodaei with the Ozzie/Chen system to create a defense-in-depth security solution. Boodaei's proactive obfuscation would make it difficult for malware to even attempt a spoof, while Chen's reactive detection would identify any malware that managed to overcome the obfuscation, providing a more comprehensive defense against attacks.

4. Arguments Regarding Discretionary Denial

• Petitioner argued that discretionary denial under the Fintiv factors would be inappropriate. The petition asserted that no trial date was set in the co-pending litigation, meaning a Final Written Decision (FWD) from the Board would likely issue well before trial. Furthermore, investment in the district court case was minimal, as discovery had not yet commenced, and Petitioner contended the merits of the invalidity grounds presented were strong.

5. Relief Requested

• Petitioner requested the institution of an inter partes review (IPR) and the cancellation of claims 1-6, 8, 21-25, 27-28, 32, and 36 of the ’682 patent as unpatentable.