PTAB

IPR2025-00092

Wiz Inc v. Orca Security Ltd

Log In
Key Events
Petition
petition Intelligence

1. Case Identification

2. Patent Overview

  • Title: Securing Virtual Cloud Assets
  • Brief Description: The ’231 patent describes methods, systems, and computer-readable media for securing virtual assets in a cloud computing environment. The claimed technology involves determining the location of a virtual disk snapshot, accessing it, and analyzing it to detect and alert potential cyber threats based on a determined priority.

3. Grounds for Unpatentability

Ground 1: Claims 1-7, 9-17, and 19 are obvious over Veselov, Basavapatna, and VMware SDK.

  • Prior Art Relied Upon: Veselov (Patent 11,216,563), Basavapatna (Application # 2013/0191919), and VMware SDK (“Virtual Infrastructure SDK Reference Guide”).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that the combination of these references teaches all limitations of the challenged claims. Veselov was asserted to teach the core method of securing virtual assets by obtaining and analyzing snapshots to identify security risks. Basavapatna was presented to supply the limitation of prioritizing detected cyber threats based on calculated risk metrics, a feature Petitioner argued was absent from Veselov. VMware SDK, a technical guide for a widely used virtualization platform, was argued to explicitly teach taking a new snapshot of a virtual machine if an existing one cannot be located, addressing another key limitation of the independent claims.
    • Motivation to Combine: A Person of Ordinary Skill in the Art (POSA) would combine these references to create a more robust and comprehensive security assessment tool. A POSA would incorporate Basavapatna’s well-known technique for prioritizing alerts to make Veselov’s system more effective and actionable for users facing numerous potential threats. A POSA would also incorporate the logical and routine step from VMware SDK of creating a baseline snapshot when none exists to ensure Veselov’s snapshot-based analysis could always be performed, thereby increasing the system's utility and reliability.
    • Expectation of Success: Petitioner asserted a POSA would have a reasonable expectation of success, as the combination involved applying known techniques (threat prioritization, baseline snapshot creation) to an existing framework (Veselov's snapshot analysis) to achieve the predictable result of an improved, more fully-featured security system.

Ground 2: Claims 8 and 18 are obvious over Veselov, Basavapatna, VMware SDK, and Kapoor.

  • Prior Art Relied Upon: Veselov (Patent 11,216,563), Basavapatna (Application # 2013/0191919), VMware SDK (“Virtual Infrastructure SDK Reference Guide”), and Kapoor (Patent 10,498,845).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground built upon the combination in Ground 1, adding Kapoor to specifically address the limitations of claims 8 and 18. These claims require scanning a parsed copy of the snapshot by reading process identification number (PID) files to determine running processes. Petitioner argued that while the primary combination teaches analyzing a snapshot for threats, Kapoor explicitly discloses a method for detecting anomalies in virtualized environments by collecting information about running processes, including scanning a PID file directory to identify them.
    • Motivation to Combine: A POSA implementing the system of Veselov and Basavapatna would be motivated to use Kapoor’s specific and effective technique for determining which applications are running. Basavapatna taught assessing risk based on running applications but did not specify the exact method for identifying them. A POSA would look to known techniques and find Kapoor’s method of reading PID files to be a simple, effective, and predictable way to implement this functionality within the broader snapshot analysis framework.
    • Expectation of Success: Petitioner contended there was a high expectation of success because reading PID files was a well-understood and routine method for identifying running processes on a system. Applying this standard technique to the file system data within a snapshot, as taught by Veselov, would present no meaningful technical challenges and would predictably enhance the system’s analytical capabilities.

4. Key Claim Construction Positions

  • “[Determining/Determine] a Location of a Snapshot”: Petitioner argued this term should be construed to encompass both virtual locations (e.g., a virtual address) and non-virtual locations (e.g., a path in a storage system). This construction was asserted to be consistent with the specification and necessary for the prior art to apply, as references like Veselov teach accessing snapshots via various endpoints, including virtualization layers and data stores.
  • “[Analyzing/Analyze] the Snapshot”: Petitioner proposed this term encompasses both direct analysis of the snapshot as a data file and analysis of a virtual machine (VM) instantiated from the snapshot. This position was based on the specification’s language and was argued to be consistent with the Patent Owner’s infringement contentions in related litigation. This construction is critical for mapping Veselov, which describes both analysis methods.

5. Arguments Regarding Discretionary Denial

  • Petitioner argued that discretionary denial under 35 U.S.C. §325(d) would be inappropriate. The core assertion was that the prior art references central to the petition—Veselov, Basavapatna, VMware SDK, and Kapoor—were never presented to, or considered by, the Examiner during the original prosecution of the ’231 patent. Furthermore, Petitioner contended that the Examiner’s reasons for allowance were conclusory and constituted a material error, as the claims were allowed without any substantive rejection under §102 or §103, and the present petition demonstrates a strong case of unpatentability that the Examiner overlooked.

6. Relief Requested

  • Petitioner requested the institution of an inter partes review and the cancellation of claims 1-19 of the ’231 patent as unpatentable.