PTAB

IPR2025-00932

Samsung Electronics Co Ltd v. Headwater Research LLC

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Enterprise Access Control and Accounting Allocation for Access Networks
  • Brief Description: The ’250 patent describes a method for operating a wireless device by using stored secure policy information to manage application execution and network communications. The policies create distinct, secure application environments, with one environment directing its network traffic through a secure tunnel while other applications operate outside that tunnel.

3. Grounds for Unpatentability

Ground 1A: Claims 1-2 are obvious over Owen and Bartlett

  • Prior Art Relied Upon: Owen (Application # 2005/0213763) and Bartlett (Application # 2003/0177396).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Owen discloses the core concept of the challenged claims by teaching a method to secure a mobile device using "domains" (e.g., an "employer domain" and a "user domain"). These domains function as application-specific execution environments, where domain policies control which applications can run and which "communication pipes" they can access. For example, only applications in the employer domain can use the secure corporate communication pipe. Bartlett was argued to supply the missing detail of how to establish the secure communication pipe. Bartlett teaches adaptively providing a secure Virtual Private Network (VPN) by automatically establishing an encrypted tunnel when user traffic is generated, eliminating the need for explicit user action. The combination, referred to as the Owen-Bartlett device (OBD), allegedly meets the limitations of claim 1 by using Owen’s domain policies to segregate applications and then using Bartlett’s method to automatically initiate a secure tunnel for the employer domain's communication pipe.
    • Motivation to Combine: Petitioner contended that while Owen describes using secure communication pipes for different domains, it does not specify the mechanism for establishing them. A person of ordinary skill in the art (POSITA), seeking to implement Owen’s system, would combine it with Bartlett's teachings to provide an automatic and user-friendly way to establish the secure connection (VPN tunnel) required for the employer domain. This combination simplifies the user experience and improves system viability.
    • Expectation of Success: A POSITA would have had a reasonable expectation of success because Owen and Bartlett describe complementary functions for a mobile device—one managing application security policies and the other managing secure network connections. Integrating Bartlett’s automated VPN functionality into Owen’s domain-based framework was presented as a predictable combination of known elements to achieve a known goal.

Ground 1B: Claims 1-2 are obvious over Owen, Bartlett, and Smith

  • Prior Art Relied Upon: Owen (Application # 2005/0213763), Bartlett (Application # 2003/0177396), and Smith (a 2005 book on virtual machines).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground builds on Ground 1A by adding Smith to provide a specific, well-known implementation for Owen's "domains." Smith teaches that virtual machine (VM) technology provides secure, isolated execution environments ("sandboxes") on a single hardware platform. Petitioner argued that a POSITA would implement Owen's separate domains (e.g., employer and user) as separate VMs as taught by Smith. This combination, the Owen-Bartlett-Smith Device (OBSD), results in a system where applications assigned to the employer domain run in a first VM (a first secure application environment) and applications assigned to the user domain run in a second, isolated VM. The traffic from the first VM is tunneled per Bartlett, while the second VM is isolated from that tunnel.
    • Motivation to Combine: Petitioner asserted that a POSITA would be motivated to use Smith's VM technology to implement Owen's domains to achieve robust security and isolation. Since Owen's goal is to securely separate different types of applications (e.g., corporate vs. personal), using VMs as taught by Smith is a natural and effective way to enforce this separation at the system level, thereby enhancing the security benefits described in Owen.
    • Expectation of Success: The combination was argued to be predictable. Using VMs to create isolated software environments was a common technique. A POSITA would expect success in applying Smith's established virtualization methods to implement the logical separation of domains proposed by Owen, with each element performing its known function.

Ground 2: Claims 1-2 are obvious over Lambert, Rao, and Smith

  • Prior Art Relied Upon: Lambert (Application # 2002/0099952), Rao (Application # 2006/0039354), and Smith (a 2005 book on virtual machines).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground presents an alternative combination of references. Lambert teaches using software restriction policies to control application execution, allowing software to run in different environments (e.g., "unrestricted" or "restricted") with different permissions, including network access restrictions. Rao discloses a remote access client (RAC) that intercepts network packets from applications and routes them through a secure tunnel to a gateway, with policies for prioritizing traffic. Smith, as in Ground 1B, provides the VM technology to implement isolated execution environments. The combined Lambert-Rao-Smith Device (LRSD) would use Lambert's policies to assign applications to either a "trusted" or "untrusted" execution environment, implement these environments in separate, isolated VMs per Smith, and use Rao's RAC within each VM to manage and tunnel network traffic according to the policies.
    • Motivation to Combine: A POSITA would combine Lambert and Rao to create a comprehensive policy-based system. Lambert provides the high-level policy framework for restricting application behavior, while Rao provides the specific networking mechanism (the RAC and tunnel) to enforce network-level restrictions. Smith would be added to securely implement Lambert's distinct execution environments using VMs, which Lambert itself suggests as a possible implementation. This combination creates a robust, secure, and policy-driven architecture.
    • Expectation of Success: A POSITA would reasonably expect success in combining these references, as they address complementary aspects of system security and network management. Integrating Rao's networking client into Lambert's policy environments, and implementing the entire system on a virtualized platform per Smith, was argued to be a straightforward application of known technologies.

4. Arguments Regarding Discretionary Denial

  • Petitioner argued that discretionary denial is unwarranted. The petition noted an intent to use the bifurcated briefing process outlined in the March 26, 2025, Stewart Memorandum to rebut any discretionary denial arguments raised by the Patent Owner.

5. Relief Requested

  • Petitioner requests the institution of an inter partes review and the cancellation of claims 1-2 of the ’250 patent as unpatentable under 35 U.S.C. §103.