CrowdStrike Inc v. Skysong Innovations LLC

1. Case Identification

• Case #: IPR2025-01397
• Patent #: 10,313,385
• Filed: August 15, 2025
• Petitioner(s): CrowdStrike, Inc.
• Patent Owner(s): Skysong Innovations, LLC
• Challenged Claims: 1-17

2. Patent Overview

• Title: System and Method for Network Security Using Game Theory and Darknet Data
• Brief Description: The ’385 patent discloses a game-theoretic framework for improving host-based cybersecurity. The system uses real-world exploit data obtained from darknet markets to inform penetration testing, identify vulnerabilities, and automate defensive remediation strategies.

3. Grounds for Unpatentability

Ground 1: Obviousness over a Single Reference - Claims 1, 8, 14, and 15 are obvious over Vallone.

• Prior Art Relied Upon: Vallone (Application # 2016/0134653).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Vallone, as a single reference, disclosed all elements of the independent claims. Vallone taught a system for assessing a target network's vulnerability by accessing cyberthreat intelligence from networks including "the dark net." It described obtaining threat characteristics (e.g., scripts, programs), executing synthetic tests that mimic the threat in a controlled environment so that the "ultimate objective of the cyberthreat...is not committed," monitoring the test, and using feedback from the analysis to dynamically update the network’s security, such as by finding and applying patches.
  • Motivation to Combine (for §103 grounds): Not applicable, as this is a single-reference obviousness challenge.
  • Expectation of Success (for §103 grounds): Not applicable.

Ground 2: Obviousness over Core Exploit Analysis References - Claims 1, 8, 14, and 15 are obvious over Oberheide in view of Patsos and Roytman.

• Prior Art Relied Upon: Oberheide (Application # 2014/0245450), Patsos (a 2010 journal article on incident response intelligence), and Roytman (Application # 2015/0237065).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner asserted that Oberheide provided the foundational system for identifying vulnerabilities, using an exploit engine to execute exploits, and an update component to apply patches. To meet the "dark net" limitation, Petitioner combined Oberheide with Patsos, which taught an intelligence system that collects security information about exploits from sources including "underground web sources" and "hacking web sites." To teach creating a "constraint set" of vulnerabilities, Petitioner added Roytman, which disclosed a threat management platform that ranks a set of vulnerabilities based on breach data to identify a critical subset that is most vulnerable to attack.
  • Motivation to Combine: A POSITA would combine Patsos with Oberheide to enhance the system's security coverage by accessing the most current exploits marketed on the dark net. A POSITA would then incorporate Roytman's ranking techniques to improve and automate Oberheide's process for prioritizing remediation efforts, focusing on the subset of vulnerabilities that pose the most significant threat.
  • Expectation of Success: Petitioner argued the combination would have been predictable. Integrating Patsos's known web crawling techniques and Roytman's data-driven ranking methods into Oberheide's vulnerability management framework were presented as straightforward modifications for a POSITA.

Ground 3: Obviousness Including Cost-Benefit Analysis - Claims 2-6, 9-12, 16, and 17 are obvious over Oberheide, Patsos, and Roytman in view of Juels.

• Prior Art Relied Upon: Oberheide (Application # 2014/0245450), Patsos (a 2010 journal article), Roytman (Application # 2015/0237065), and Juels (Patent 9,471,777).

• Core Argument for this Ground:

  • Prior Art Mapping: This ground built upon the Oberheide/Patsos/Roytman combination from Ground 2, adding Juels to address dependent claims related to cost and budgeting. Juels taught a game-theoretic model for cybersecurity where both attacker and defender actions have associated costs. It explicitly linked the effectiveness of an exploit (the risk level) to its cost (e.g., an expensive zero-day exploit versus a cheap published exploit) and taught that parties operate within financial budgets that constrain their actions. This combination allegedly taught quantifying risk relative to exploit cost, creating a budget, and obtaining exploits constrained by that budget.
  • Motivation to Combine: A POSITA would combine Juels's cost-benefit principles with the base system to enhance the efficiency of patching. This would allow the system to make more intelligent remediation decisions, such as choosing a slightly less effective but significantly cheaper exploit, thereby optimizing a limited security budget.
  • Expectation of Success: Modifying Roytman's risk-scoring algorithm to account for a cost metric, as taught by Juels, was argued to be a simple and predictable modification well within the skill of a POSITA.

• Additional Grounds: Petitioner asserted an additional obviousness challenge (Ground 4) against claims 7 and 13 based on the Oberheide/Patsos/Roytman combination in view of Wolff, which taught removing a vulnerable software component as a remediation step to prevent future exploitation.

4. Relief Requested

• Petitioner requests institution of an inter partes review and cancellation of claims 1-17 of Patent 10,313,385 as unpatentable.