PTAB

IPR2024-00039

CrowdStrike Inc v. Taasera Licensing LLC

Log In
Key Events
Petition
petition Intelligence

1. Case Identification

2. Patent Overview

  • Title: Methods and Systems for Controlling Access to Computing Resources Based on Known Security Vulnerabilities
  • Brief Description: The ’918 patent describes methods and systems for controlling an endpoint’s access to network resources by monitoring its operating conditions, evaluating them against security compliance policies stored on a remote computing system, and enforcing actions based on the resulting compliance state.

3. Grounds for Unpatentability

Ground 1: Obviousness over Couillard and Freund - Claims 1, 7, 9, and 17 are obvious over Couillard in view of Freund.

  • Prior Art Relied Upon: Couillard (Application # 2006/0203815) and Freund (Patent 5,987,611).
  • Core Argument for this Ground:

    • Prior Art Mapping: Petitioner argued that Couillard taught the foundational framework of the challenged claims. Couillard described a system with a central "Compliancy Appliance Server" (CAS) and a lightweight "Compliancy Security Agent" (CSA) on endpoint workstations. The CAS, a remote computing system, was used by administrators to define and store a plurality of security policies (Corporate Compliancy Rules). When an endpoint attempted to connect to the network, the CSA would perform a compliance scan based on these policies. The CAS would then receive the results, determine a compliance state, and authorize, restrict, or quarantine the endpoint’s network access accordingly.

      Petitioner contended that while Couillard disclosed the overall system, it provided only a high-level description of how the CSA agent gathers compliance data. Freund was argued to supply the missing implementation details. Freund disclosed a client-server security system where a client-based filter application monitors the endpoint using software "hooks" that integrate directly into the underlying operating system (e.g., Windows). These hooks allowed the agent to intercept and monitor low-level activities such as process loading, file system access, and TCP/IP communications. Petitioner asserted that a person of ordinary skill in the art (POSITA) would have recognized Freund’s hook-based monitoring as a well-understood and effective method for implementing the data gathering functions of Couillard’s CSA. The combination, therefore, taught all limitations of independent claims 1, 9, and 17, including providing a remote user interface for policy configuration (Couillard’s CAS), maintaining policies in a data store (CAS), identifying operating conditions to evaluate (based on the policies), configuring software services on the endpoint (implementing Freund's hooks), receiving status information at the remote system (CAS receiving CSA results), determining a compliance state, and authorizing access based on that state. Dependent claim 7 was also allegedly obvious as Couillard’s policies explicitly included software conditions like antivirus status and OS patch levels.

    • Motivation to Combine: Petitioner argued that a POSITA seeking to implement Couillard’s compliance verification system would have been motivated to look to a reference like Freund for specific, practical techniques. Couillard described what the CSA should do (verify compliance), but Freund taught how to do it effectively by using OS hooks to gather detailed, real-time data about endpoint operating conditions. Combining Freund's robust monitoring mechanism with Couillard's policy enforcement framework was presented as a predictable step to improve the efficacy of Couillard’s system. A POSITA would combine Freund's teachings because its hooks, executing at a high privilege level ("ring 0"), offered access to the most relevant and secure information needed for a thorough compliance check.

    • Expectation of Success: Petitioner asserted a high expectation of success. Both Couillard and Freund described similarly structured client-server security architectures and were intended for use in common operating system environments like Microsoft Windows. Integrating Freund's known hook-based monitoring techniques into Couillard's agent was a straightforward application of conventional programming practices in a predictable art.

4. Arguments Regarding Discretionary Denial

  • Fintiv Factors: Petitioner argued that discretionary denial under Fintiv was unwarranted. It highlighted that the parallel district court litigation was part of a Multi-District Litigation (MDL) proceeding where the trial date was uncertain and would only be set after the case was remanded to its originating court. To further mitigate any overlap, Petitioner stipulated that, if the IPR was instituted, it would not pursue any invalidity ground in the district court that utilized the prior art references relied upon in the petition.
  • §325(d) Factors: Petitioner argued against denial under §325(d), stating that the primary reference, Couillard, was not cited or considered during the original prosecution of the ’918 patent. Therefore, the petition presented new arguments and prior art that the Patent Office had not previously evaluated.
  • General Plastic Factors: Petitioner argued that the General Plastic factors favored institution. It noted that another IPR had been filed against the ’918 patent by a different petitioner (Palo Alto Networks). However, Petitioner asserted it was an entirely separate entity, sued months after the first petitioner, and that its petition used a completely different combination of prior art, thus presenting distinct unpatentability challenges.

5. Relief Requested

  • Petitioner requests institution of an inter partes review and cancellation of claims 1, 7, 9, and 17 of the ’918 patent as unpatentable.