PTAB
IPR2023-01463
CrowdStrike Inc v. Taasera Licensing LLC
Key Events
Petition
Table of Contents
petition Intelligence
1. Case Identification
- Case #: IPR2023-01463
- Patent #: 9,608,997
- Filed: October 24, 2023
- Petitioner(s): CrowdStrike, Inc.
- Challenged Claims: 1-3, 6, 8-13, 16, 18-23, 26, and 28-30
2. Patent Overview
- Title: Methods and Systems for Controlling Access to Computing Resources Based on Known Security Vulnerabilities
- Brief Description: The ’997 patent describes methods and systems for monitoring and evaluating endpoint devices to enforce security compliance policies. A remote computing system uses configurable policies to determine if an endpoint is compliant and, based on that determination, initiates actions to control the endpoint's access to computing resources.
3. Grounds for Unpatentability
Ground 1: Obviousness over Couillard and Freund - Claims 1-3, 6, 8-13, 16, 18-23, 26, and 28-30 are obvious over Couillard in view of Freund.
- Prior Art Relied Upon: Couillard (Application # 2006/0203815) and Freund (Patent 5,987,611).
- Core Argument for this Ground:
- Prior Art Mapping: Petitioner argued that Couillard taught the core framework of the challenged claims, and Freund provided the necessary implementation details that Couillard left open.
- Couillard disclosed a system for verifying the compliance of a device before allowing it to connect to a corporate network. This system included a central "Compliancy Appliance Server" (CAS) that stores security policies and a lightweight "Compliancy Security Agent" (CSA) installed on endpoint workstations. The CAS provides a remote user interface for administrators to configure policies, receives status information from the CSA, determines a compliance state, and initiates remote actions (e.g., quarantining the device in a specific VLAN) to enforce compliance. Petitioner asserted this maps to the limitations of independent claims 1, 11, and 21 regarding providing a remote UI, maintaining policies, receiving status, determining compliance, and initiating remote actions.
- Petitioner contended that while Couillard described the function of its endpoint CSA at a high level (i.e., to "obtain the compliance verification results"), it did not specify the implementation. Freund allegedly supplied this missing detail. Freund taught a client-based filter application that monitors endpoint conditions by "hooking" into the operating system (e.g., the file subsystem and process management) to track running applications and file activity. Petitioner argued that combining Freund's OS-level monitoring techniques with Couillard's framework teaches the claimed step of "configuring one or more software services provided by an operating system on the endpoint to monitor" the operating conditions.
- Motivation to Combine: Petitioner argued a person of ordinary skill in the art (POSITA) would have been motivated to combine the references to supply the implementation details for Couillard's system. A POSITA implementing Couillard’s CSA, which needed to gather endpoint state information, would have looked to known techniques for doing so, such as the client-side filtering and OS hooks taught by Freund. Both references address the same problem of endpoint security and are analogous art, making the combination logical and predictable.
- Expectation of Success: A POSITA would have had a reasonable expectation of success because both systems are similarly structured with a central server and client-side software. Freund's teachings on using OS hooks for monitoring were well-known techniques intended for use in the exact type of client-server security architecture described by Couillard. The integration was a predictable application of known technologies.
- Prior Art Mapping: Petitioner argued that Couillard taught the core framework of the challenged claims, and Freund provided the necessary implementation details that Couillard left open.
4. Arguments Regarding Discretionary Denial
- Petitioner argued against discretionary denial under §314(a) and §325(d).
- Fintiv Factors: Petitioner argued that denial under Fintiv is unwarranted because the trial date in the parallel district court litigation is uncertain. The case is part of a multidistrict litigation (MDL) proceeding and must be remanded before a trial can be set in the originating court. Furthermore, Petitioner stipulated that, if IPR is instituted, it will not pursue in the district court any invalidity ground that relies on the prior art asserted in the petition, thereby eliminating overlap.
- §325(d) Factors: Petitioner asserted that denial under §325(d) is inappropriate because the primary prior art reference, Couillard, was not considered by the examiner during the original prosecution of the ’997 patent. Therefore, the petition raises new arguments and art that the Patent Office has not previously evaluated.
5. Relief Requested
- Petitioner requests institution of an inter partes review and cancellation of claims 1-3, 6, 8-13, 16, 18-23, 26, and 28-30 of the ’997 patent as unpatentable.
Analysis metadata