PTAB

IPR2025-01572

Apple Inc v. Headwater Research LLC

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Method and System for Establishing a Secure Communication Link
  • Brief Description: The ’055 patent describes methods for improving the security of mobile devices on a network. The technology involves a multi-step process where a device first obtains a secure device credential from a network, and then uses that credential to request and obtain a separate, secured application credential for validating the authenticity of a specific application on the device.

3. Grounds for Unpatentability

Ground 1: Obviousness over Lundblade, Jobst, and Hardjono - Claims 1-2, 6-11, 13-15, and 18-19 are obvious over Lundblade in view of Jobst and Hardjono.

  • Prior Art Relied Upon: Lundblade (Patent 7,784,089), Jobst (Patent 6,707,915), and Hardjono (Application # 2007/0143629).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that the primary reference, Lundblade, teaches the foundational method of a client device requesting and receiving cryptographically generated credentials from a server to establish secure communications. However, Lundblade does not explicitly teach verifying the device's identity before issuing credentials. Jobst was argued to supply this missing element, as it teaches verifying a device's unique identifier (e.g., IMEI) against a server database of authorized devices before issuing a device credential (a phone password). The combination of Lundblade and Jobst was asserted to teach the initial device credentialing process of claim 1.
    • Petitioner further argued that Hardjono addresses the subsequent application-level verification. Hardjono teaches a method to ensure a software application is trustworthy before it is granted access to network resources. This is accomplished by the device sending a second request that includes a digest (e.g., a hash) of the application. The network verifies this digest against known-good values and, if it matches, returns a "trust report" (a secured application credential) that grants the application access. Petitioner contended that layering Hardjono's application integrity check on top of the secure link established by Lundblade/Jobst renders the remaining limitations of claim 1 obvious.
    • Motivation to Combine: A POSITA would combine Lundblade with Jobst to improve security, a known goal, by using the known technique of verifying a device’s identity before providing it with network credentials. A POSITA would further add Hardjono’s teachings to address the separate, well-known problem of ensuring that software applications on a trusted device are not malicious or corrupted before granting them access to sensitive network resources. This combination would predictably increase overall system security.
    • Expectation of Success: Petitioner asserted a POSITA would have a high expectation of success, as combining these known security techniques (device authentication and application integrity verification) involved conventional programming and server/database functions without requiring undue experimentation.

Ground 2: Obviousness over Lundblade, Jobst, Hardjono, and Zuccherato - Claim 3 is obvious over the combination for Ground 1 in view of Zuccherato.

  • Prior Art Relied Upon: Lundblade (Patent 7,784,089), Jobst (Patent 6,707,915), Hardjono (Application # 2007/0143629), and Zuccherato (Application # 2003/0014629).

  • Core Argument for this Ground:

    • Prior Art Mapping: This ground builds on the primary combination of Lundblade, Jobst, and Hardjono to address claim 3, which requires returning a verifiable network system credential to the device before the device verification step. Petitioner argued that the primary combination does not explicitly teach authenticating the network to the device. Zuccherato was argued to teach this concept, disclosing a method for setting up a secure TLS session where a server first sends a verifiable certificate to a mobile device. The device then validates this certificate with a trusted authority before proceeding with the secure session.
    • Motivation to Combine: A POSITA would be motivated to add Zuccherato’s server authentication step to the beginning of the Lundblade/Jobst process to prevent man-in-the-middle attacks. This ensures the device is communicating with a legitimate network server before it transmits its own sensitive device identifiers for verification, which was a well-understood security practice.
    • Expectation of Success: Success would be expected because implementing server authentication via certificates as part of establishing a secure connection (like SSL/TLS) was a standard, well-known architecture on the Internet and would require only simple programming modifications.

  • Additional Grounds: Petitioner asserted additional obviousness challenges for the remaining dependent claims. These grounds relied on the core combination of Lundblade, Jobst, and Hardjono, with the addition of a single, new reference for each challenge. The additional combinations included:

    • Claims 4 is obvious over the core combination and Chen (Patent 7,958,544) for teaching the specific step of encrypting the device credential with a key known to the network.
    • Claims 5 and 16 are obvious over the core combination and Lundblade ’330 (Application # 2005/097330) for teaching the use of an application credential to route a subsequent network message to the correct application.
    • Claim 12 is obvious over the core combination and Fosback (Application # 2009/276433) for teaching that a known-application credential could be uploaded to the network via an application developer service design center.
    • Claim 17 is obvious over the core combination and Scarlata (Patent 7,587,595) for teaching the use of a hardware Trusted Platform Module (TPM) as the service processor for generating and securing credentials.

4. Relief Requested

  • Petitioner requests institution of an inter partes review and cancellation of claims 1-19 of Patent 10,064,055 as unpatentable.