PTAB

IPR2023-00017

Microsoft Corp v. Virtru Corp

Log In
Key Events
Petition

1. Case Identification

2. Patent Overview

  • Title: Distributing Cryptographic Data to Authenticated Recipients
  • Brief Description: The ’673 patent describes a method and system for securely distributing encrypted data. The system uses a centralized access control management system that communicates with external, third-party identity providers to authenticate recipients before granting them access to cryptographic information, such as decryption keys.

3. Grounds for Unpatentability

Ground 1: Claims 1, 5-9, and 11-19 are obvious over Templin.

  • Prior Art Relied Upon: Templin (Patent 8,898,482).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Templin disclosed all limitations of the challenged claims. Templin’s web server (114) was asserted to be the claimed "access control management system." This server received information (112) associated with an encrypted message (110) from a first client device, where the information included a cryptographic key and authentication requirements (e.g., viewer email addresses). The server then received a request from a second client device (viewer 124) and verified the viewer was identified in the stored authentication information. Petitioner contended that Templin’s disclosure of using third-party authentication systems like OpenID and OAuth (e.g., Gmail, Twitter) for authentication inherently taught automatically selecting an identity provider based on the user’s identifier (e.g., their email address). After successful authentication, Templin’s server sent the cryptographic key to the second client device to decrypt the message. The repetitive steps for a second encrypted object and third user were argued to be obvious extensions of this primary process.
    • Motivation to Combine (for §103 grounds): This ground relied on a single reference. Petitioner argued that to the extent any claim limitations were not explicitly disclosed, a person of ordinary skill in the art (POSITA) would have found it obvious to modify Templin’s system. For example, a POSITA would have been motivated to include specific viewer identification information (like userids) in the data sent to the server to ensure that only authorized viewers could access the encrypted object, a fundamental goal of such a security system.
    • Expectation of Success (for §103 grounds): Petitioner asserted a POSITA would have had a reasonable expectation of success in making any minor modifications to Templin, as the underlying authentication techniques (e.g., email verification, third-party authentication) were well-known at the time.

Ground 2: Claims 1, 5-9, and 11-19 are obvious over Templin in view of McDaniel.

  • Prior Art Relied Upon: Templin (Patent 8,898,482) and McDaniel (Patent 9,736,153).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground leveraged Templin’s disclosure as described in Ground 1 and supplemented it with teachings from McDaniel. Petitioner argued McDaniel provided additional, explicit support for claim limitations that were implicitly or inherently taught by Templin. Specifically, McDaniel’s resource server (114) was presented as an access control system that explicitly verified a user’s credentials (username and password) against stored authentication information before granting access to a protected resource. Furthermore, McDaniel was cited for its teaching of an access control system that automatically discovers and selects an identity server (116) from a plurality of such servers based on the user’s credentials (e.g., username). This process, which involved the server automatically sending an authentication request to the selected identity provider, was argued to map directly to the challenged claims.
    • Motivation to Combine (for §103 grounds): A POSITA would combine Templin and McDaniel to improve Templin’s encryption system with McDaniel's known, conventional authentication techniques. Petitioner argued this combination represented using a known technique (McDaniel’s user verification and identity provider selection) to improve a similar system (Templin’s secure messaging). The motivation was to provide a more seamless and robust authentication process for external clients without requiring massive upgrades to legacy client devices, a benefit explicitly taught by McDaniel. Templin itself motivated the combination by teaching that verifying user identifiers helps prevent unauthorized access by third parties.
    • Expectation of Success (for §103 grounds): A POSITA would have reasonably expected success in this combination because McDaniel disclosed that its authentication methods were "conventional techniques" and employed "well-known authentication protocols." Integrating these known methods into Templin’s analogous secure access system would have been a straightforward application of known principles.

4. Arguments Regarding Discretionary Denial

  • Petitioner argued that discretionary denial under 35 U.S.C. §314(a) and the Fintiv factors would be inappropriate. The petition asserted it presented a compelling unpatentability challenge, which under the Board's interim guidance weighs against denial. Petitioner also contended that the estimated trial date in the parallel district court litigation (July 2024) is well after the statutory deadline for a Final Written Decision (FWD) in the IPR (estimated April 2024), meaning Fintiv factors related to timing weigh heavily against discretionary denial.

5. Relief Requested

  • Petitioner requested the institution of an inter partes review and the cancellation of claims 1, 5-19 of the ’673 patent as unpatentable.