Obviousness

Obviousness Analysis of US Patent 7,904,686 under 35 U.S.C. § 103

US Patent 7,904,686 focuses on providing data security within a file system by applying a mapping function to the data block numbers associated with a file (stored in its index node or inode) to obtain "mapped data block numbers" which represent the actual physical addresses of the file's data on a storage device. This approach aims to prevent unauthorized reconstruction of files by obscuring the direct relationship between logical file structures and physical storage locations.

A person having ordinary skill in the art (PHOSITA) in the field of file systems and data security around the priority/filing date of US7904686 (2007-2008) would have been aware of existing methods for data protection and the challenges associated with unauthorized access to stored data, including direct access to file system blocks.

The following combinations of prior art references, which were also cited in the IPR proceeding IPR2025-01491, would render the independent claims (Claims 1, 9, 17, and 18) of US7904686 obvious.

Combination 1: Kado (US20080022396A1) in view of Mullor (US20030120938A1)

Kado (US20080022396A1): This patent, titled "Memory data protection device and IC card LSI," discloses a memory data protection device designed to prevent unauthorized reading or writing of data stored in memory. Kado explicitly describes using "address scrambling/encryption" and "address transformations" (abstract, US20080022396A1) handled by a memory controller to protect data in a non-volatile memory. This directly teaches the concept of modifying logical addresses into different physical addresses for security.

Mullor (US20030120938A1): This patent, titled "Method of securing software against reverse engineering," describes techniques for securing software by obfuscating its code. A relevant teaching from Mullor is the concept of "distributing code across various locations to make it harder to reconstruct" (abstract, US20030120938A1). Although focused on software code, this principle is broadly applicable to any data that one wishes to protect from unauthorized reconstruction.

Motivation for Combination:
The background of US7904686 explicitly identifies a vulnerability where "an individual can still reconstruct a file... by retrieving the data blocks... by accessing the index node (inode) of the file and completely bypass the application" (Background, US7904686B2). Mullor provides a clear motivation for addressing this problem by teaching that distributing data (or code) across various locations enhances security by making reconstruction difficult. Kado provides a direct technical solution—"address scrambling/transformation"—that can achieve this desired distribution at the memory or block level.

A PHOSITA, recognizing the problem of unauthorized file reconstruction through direct inode access, would be motivated to apply Kado's address transformation techniques to the logical data block numbers provided by a file system's inode. This combination would result in physically scattering the data blocks across the storage device in a non-linear fashion, consistent with Mullor's principle of making data harder to reconstruct. Such a system would directly achieve the security objective of US7904686.

Mapping to Claims of US7904686:

• "applying a mapping function to data block numbers that are associated with a file, wherein the data block numbers are contained in an index node associated with said file" (Claim 1): Kado teaches applying "address scrambling/encryption" or "address transformations" to protect data. A PHOSITA would understand that "data block numbers" in a file system's inode are essentially logical addresses. Applying Kado's transformation to these inode-contained data block numbers directly corresponds to applying a mapping function.
• "obtaining mapped data block numbers after applying the mapping function, wherein the mapped data block numbers are addresses of data of the file in a storage device" (Claim 1): The "address scrambling/transformation" taught by Kado would naturally yield transformed addresses. These transformed addresses would then represent the actual physical locations ("addresses of data of the file in a storage device") where the data is stored, thus fulfilling the "mapped data block numbers" element. This arrangement, motivated by Mullor, would obscure the true physical locations from unauthorized direct access via the inode.

Combination 2: Intertrust (US7430585B2) in view of Kado (US20080022396A1) and general file system knowledge

Intertrust (US7430585B2): This patent, titled "Secure processing unit systems and methods," describes methods for creating a "strongly tamper-resistant environment" for core computations and data storage. It teaches using a Secure Processing Unit (SPU) with "processor security registers" and "access control data for restricting access to certain memory regions." It further mentions employing "level-one page table entries" with "attributes that indicate whether the entries in the corresponding level-two page table may designate certain memory regions" (abstract, US7430585B2). This demonstrates the concept of securing data by controlling access to memory and using an indirection layer (e.g., page tables) to manage memory addresses for security purposes.

Kado (US20080022396A1): As discussed above, Kado teaches specific "address scrambling/encryption" or "address transformations" at the memory controller level for data protection in non-volatile memory.

Motivation for Combination:
A PHOSITA, aiming to implement the tamper-resistant data storage envisioned by Intertrust at the file system level and being aware of Kado's specific address transformation techniques, would find it obvious to combine these teachings. Intertrust sets forth the broader goal of secure, controlled access to memory. Kado provides a concrete mechanism for achieving this control by transforming addresses, directly countering the vulnerability of linear data block access that US7904686 addresses. It would be a straightforward and expected design choice to apply Kado's address scrambling to the logical data block addresses specified in file system inodes, thereby enforcing the kind of controlled and obfuscated memory access promoted by Intertrust for enhanced data security.

Mapping to Claims of US7904686:

• "applying a mapping function to data block numbers that are associated with a file, wherein the data block numbers are contained in an index node associated with said file" (Claim 1): Intertrust broadly teaches controlling access to memory regions via address indirection for security. Kado provides the technical detail of "address scrambling/transformation." A PHOSITA, integrating these, would readily apply Kado's scrambling to the logical "data block numbers" found in a file's inode to secure file data in the storage device.
• "obtaining mapped data block numbers after applying the mapping function, wherein the mapped data block numbers are addresses of data of the file in a storage device" (Claim 1): The outcome of Kado's address transformations would be the "mapped data block numbers" that represent the actual physical "addresses of data of the file in a storage device." This directly implements the security framework contemplated by Intertrust by making the physical storage locations opaque from the logical file system view.

Conclusion

Based on the analysis, claims 1, 9, 17, and 18 of US7904686 would have been obvious to a person having ordinary skill in the art when considering the technical teachings and motivations present in the cited prior art references. The core inventive concept of using a mapping function to transform logical data block numbers into obfuscated physical addresses for data security was directly or implicitly taught and motivated by these combinations.