`Tel: 571-272-7822
`
`Paper 11
`Entered: October 30, 2014
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`INTERNATIONAL BUSINESS MACHINES CORPORATION,
`Petitioner,
`
`v.
`
`INTELLECTUAL VENTURES II LLC,
`Patent Owner.
`
`Case IPR2014-00681
`Patent 6,715,084 B2
`
`
`
`
`
`
`
`
`
`Before KRISTEN L. DROESCH, JENNIFER S. BISK, and
`JUSTIN BUSCH, Administrative Patent Judges.
`
`BISK, Administrative Patent Judge.
`
`DECISION
`Denying Institution of Inter Partes Review
`37 C.F.R. § 42.108
`
`
`
`INTRODUCTION
`
`A. Background
`
`International Business Machines Corporation (“IBM” or “Petitioner”)
`
`filed a Corrected Petition (Paper 4, “Pet.”) requesting an inter partes review
`
`of claims 1–9 and 12–18 (the “challenged claims”) of U.S. Patent No.
`
`
`
`IPR2014-00681
`Patent 6,715,084 B2
`
`6,715,084 B2 (Ex. 1005, “the ’084 patent”). 35 U.S.C. § 311. Intellectual
`
`Ventures II LLC, (“Intellectual Ventures” or “Patent Owner”), filed a
`
`Preliminary Response. Paper 10 (“Prelim. Resp.”).
`
`We have authority to determine whether to institute an inter partes
`
`review. 35 U.S.C. § 314(b); 37 C.F.R. § 42.4(a). The standard for
`
`instituting an inter partes review is set forth in 35 U.S.C. § 314(a), which
`
`provides that an inter partes review may not be instituted “unless the
`
`Director determines . . . there is a reasonable likelihood that the petitioner
`
`would prevail with respect to at least 1 of the claims challenged in the
`
`petition.”
`
`After considering the Petition and Preliminary Response, we
`
`determine that IBM has not established a reasonable likelihood of prevailing
`
`on any of the claims challenged in the Petition. Accordingly, we do not
`
`institute an inter partes review.
`
`B. Related Matters
`
`At the time of filing the Petition in this proceeding, IBM filed another
`
`petition for inter partes review in IPR2014-00682 challenging claims 19, 20,
`
`and 22–33 of the ’084 patent. Subsequent to IBM’s filings, another
`
`petitioner also filed two petitions challenging claims of the ’084 patent in
`
`IPR2014-00793 and IPR2014-00801.
`
`IBM indicates that the ’084 patent is the subject of concurrent
`
`proceedings in various district courts, none of which name IBM as a
`
`defendant. See Pet. 2–3; Paper 9 (Petitioner’s Amended Mandatory
`
`Notices).
`
`2
`
`
`
`IPR2014-00681
`Patent 6,715,084 B2
`
`C. The ’084 Patent
`
`The ’084 patent relates to network-based intrusion detection systems.
`
`Ex. 1005, 1:7–10. Intrusion detection systems are used to determine that a
`
`breach of computer security—access to computer resources by an
`
`unauthorized outsider—has occurred, is underway, or is beginning. Id. at
`
`3:38–49. Conventional intrusion detection products and services are based
`
`on specialized equipment located on a customer’s premises and are directed
`
`to the analysis of a single customer’s data. Id. at 4:51–67. These systems
`
`may produce false alarms and are often unable to detect the earliest stages of
`
`network attacks. Id. In contrast, the broad-scope intrusion detection system
`
`of the ’084 patent analyzes the traffic coming into multiple hosts or other
`
`customers’ computers or sites, providing additional data for analysis, and
`
`consequently, the ability to recognize intrusions that would otherwise be
`
`difficult or impossible to diagnose. Id. at 5:44–56.
`
`As described, one embodiment of the broad-scope intrusion detection
`
`system monitors the communications on a network, or on a particular
`
`segment of the network, by a data collection and processing center coupled
`
`to the network. Ex. 1005, 7:18–24; 7:31–35. Because the data collection
`
`and processing center gathers information from multiple network devices,
`
`including potentially multiple customers, it has access to a broader scope of
`
`network activity. Id. at 8:13–21. This additional data allows for the
`
`recognition of additional patterns of suspicious activity beyond those
`
`detectable with conventional systems. Id. at 8:21–22.
`
`To detect intrusions, the ’084 patent describes one technique of
`
`collecting suspicious network traffic events, forwarding those events to a
`
`central database and analysis engine, and then using pattern correlations to
`
`3
`
`
`
`IPR2014-00681
`Patent 6,715,084 B2
`
`determine suspected intrusion-oriented activity. Ex. 1005, 8:23–31. Upon
`
`detection of suspected malicious activity, adjustments to devices such as
`
`firewalls can be made to focus sensitivity on attacks from suspected sources
`
`or against suspected targets. Id. at 8:31–35; 10:49–67. In addition, if any
`
`intrusions or attempted intrusions have been detected, alerts can be sent both
`
`to the system to which the suspicious communication was directed and also
`
`to systems that have not yet received the communication. Id. at 11:53–12:4.
`
`D. Illustrative Claim
`
`Of the challenged claims in the ’084 patent, claims 1 and 9 are
`
`independent. Claim 1 is illustrative and recites:
`
`1. A method of alerting at least one device in a networked
`computer system comprising a plurality of devices to an anomaly,
`at least one of the plurality of devices having a firewall,
`comprising:
`
`detecting an anomaly in the networked computer system using
`network-based intrusion detection techniques comprising
`analyzing data entering into a plurality of hosts, servers, and
`computer sites in the networked computer system;
`
`determining which of the plurality of devices are anticipated to be
`affected by the anomaly by using pattern correlations across the
`plurality of hosts, servers, and computer sites; and
`
`alerting the devices that are anticipated to be affected by the
`anomaly.
`
`E. The Evidence of Record
`
`IBM relies upon the following prior art references as its basis for
`
`challenging claims 1–9 and 12–18 of the ’084 patent.1
`
`Reference Patents/Printed Publications
`
`Exhibit
`
`
`1 IBM also proffers the Declaration of Dr. Steven M. Bellovin. See Ex.
`1001.
`
`4
`
`
`
`IPR2014-00681
`Patent 6,715,084 B2
`
`Porras
`
`Phillip A. Porras & Alfonso
`Valdes, Live Traffic Analysis of
`TCP/IP Gateways, Proceedings
`of the 1998 ISOC Symposium on
`Network and Distributed Sys.
`Security 1–13, (Dec. 12, 1997)
`U.S. Patent No. 7,237,264 B1
`Graham
`NetRanger NetRangerTM User’s Guide
`Version 1.3.1, WheelGroup Corp.
`001–327, (1997)
`Steven R. Snapp et al., A System
`for Distributed Intrusion
`Detection, IEEE 170–176, (1991)
`
`Snapp
`
`Ex. 1006 (“Porras”)
`
`Ex. 1007 (“Graham”)
`Ex. 1008 (“NetRanger”)
`
`Ex. 1009 (“Snapp”)
`
`F. The Asserted Grounds of Unpatentability
`
`IBM contends that the challenged claims are unpatentable under
`
`35 U.S.C. §§ 102 and/or 103 based on the following grounds (Pet. 4–5):
`
`Statutory Ground
`§ 102(b)
`§ 102(e)
`§ 103
`§ 102(b)
`§ 103
`
`Basis
`
`Porras
`Graham
`Graham and Snapp
`NetRanger
`NetRanger and Snapp
`
`Challenged Claims
`1–9, 12–18
`1–7, 9, 12–17
`8, 18
`1–7, 9, 12–17
`8, 18
`
`A. Claim Construction
`
`ANALYSIS
`
`In an inter partes review, claim terms are given their broadest
`
`reasonable interpretation in light of the specification in which they appear
`
`and the understanding of others skilled in the relevant art. See 37 C.F.R.
`
`§ 42.100(b). Applying that standard, we interpret the claim terms of the
`
`’084 patent according to their ordinary and customary meaning in the
`
`context of the patent’s written description. See In re Translogic Tech., Inc.,
`
`504 F.3d 1249, 1257 (Fed. Cir. 2007).
`
`5
`
`
`
`IPR2014-00681
`Patent 6,715,084 B2
`
`IBM proposes interpretations for “an anomaly in the network,”
`
`“network-based intrusion detection techniques,” “alerting the device / alerts
`
`the device,” and “generating an automated response to the intrusion.” Pet.
`
`5–9. Intellectual Ventures disputes IBM’s analysis and provides its own
`
`interpretations for “anomaly,” “network based intrusion detection
`
`techniques,” “generating an automated response to the intrusion,”
`
`“determining which of the plurality of devices are anticipated to be affected
`
`by the anomaly,” and “alert [-ing/-s] the device.” Prelim. Resp. 6–18. Of
`
`these terms, we consider it necessary, for purposes of this Decision, to
`
`expressly construe the terms “anomaly” and “determining which . . . are
`
`anticipated to be affected by the anomaly.” None of the remaining terms
`
`requires an express construction at this time.
`
`1. “anomaly”
`
`IBM proposes that “an anomaly in the network” be construed as “a
`
`predetermined pattern of data in the network.” Pet. 5. Intellectual Ventures
`
`disagrees, arguing that an anomaly is “a departure from the usual or
`
`expected; an abnormality or irregularity.” Prelim. Resp. 10 (citing Exs.
`
`2002; 2003 (reciting dictionary definitions of “anomaly”)).
`
`We agree that Intellectual Ventures’s proposed construction is the
`
`broadest reasonable interpretation of the term and is consistent with the
`
`specification of the ’084 patent. For example, the ’084 patent states that
`
`“Anomaly detection systems look for statistically anomalous behavior . . .
`
`[s]tatistical scenarios can be implemented for user, dataset, and program
`
`usage to detect ‘exceptional’ use of the system.” Ex. 1005, 3:54–57.
`
`6
`
`
`
`IPR2014-00681
`Patent 6,715,084 B2
`
`2. “determining which of the plurality of devices are anticipated
`to be affected by the anomaly”
`
`IBM does not propose an explicit construction for “determining which
`
`of the plurality of devices are anticipated to be affected by the anomaly”
`
`(“the determining limitation”)2. Intellectual Ventures proposes that the
`
`broadest reasonable construction is “deciding or ascertaining which devices
`
`are expected or foreseen to be affected by the detected anomaly.” Prelim.
`
`Resp. 15–18. Intellectual Ventures bases this construction on dictionary
`
`definitions of “determine” and “anticipate.” Id. at 15–16 (citing Exs. 2008,
`
`2009 (defining determine as “to set limits to; bound; define . . . to reach a
`
`decision about after thought and investigation; decide upon”); Exs. 2010,
`
`2011 (defining anticipate as “to . . . expect . . . to foresee (a command, wish
`
`etc.) and perform in advance”)).
`
`Intellectual Ventures’s proposed construction is consistent with the
`
`specification. For example, the specification states that “[a]n anomaly is
`
`detected in the computer system, and then it is determined which device[] or
`
`devices are anticipated to be affected by the anomaly in the future. These
`
`anticipated devices are then alerted to the potential for the future anomaly.”
`
`Ex. 1005, 5:57–64. Although the specification also states that “the devices
`
`are polled in a predetermined sequential order, and a device anticipated to be
`
`affected by the anomaly is a device that has not been polled,” the ’084 patent
`
`does not limit anticipated devices solely to devices that have not been polled.
`
`Id. at 5:66–6:2.
`
`
`2 This language is recited by claim 1. Claim 9 has a similar limitation
`“determining a device that is anticipated to be affected by the anomaly.”
`
`7
`
`
`
`IPR2014-00681
`Patent 6,715,084 B2
`
`In keeping with the broadest reasonable interpretation that is
`
`consistent with the specification, we construe the determining limitation to
`
`mean deciding or ascertaining which devices are expected or foreseen to be
`
`affected by the anomaly.
`
`B. The Asserted Grounds
`
`1. Anticipation by Porras (Ex. 1006)
`
`Porras is an article describing “Live Traffic Analysis of TCP/IP
`
`Gateways.” Ex. 1006. The article discloses “a variety of ways to extend
`
`both statistical and signature-based intrusion-detection analysis techniques to
`
`monitor network traffic.” Id. at Abstract.
`
`IBM challenges claims 1–9 and 12–18 as anticipated by Porras. Pet.
`
`14–27. With respect to the determining limitation, IBM points to Porras’s
`
`disclosure that “malicious activity, nonmalicious failures, and other
`
`exceptional events” are detected and “warnings [are sent] to other domains
`
`that have not yet experienced or reported the session anomalies.” Pet. 15–
`
`16; 18–19. Although IBM contends that a skilled artisan would have
`
`understood Porras to teach the determining limitation, IBM’s only evidence
`
`of such an understanding is the conclusory statement by its declarant that
`
`“there would be no need for Porras to send warnings to domains that have
`
`not yet experienced the anomaly” unless Porras was identifying devices
`
`anticipated to be affected by the anomaly. Prelim. Resp. 25 (quoting Ex.
`
`1001 ¶ 87).
`
`Intellectual Ventures asserts that the declarant’s statement is not only
`
`conclusory, but also incorrect because “sending warnings to domains
`
`without identifying which devices are anticipated to be affected, for
`
`example, sounding a general alarm, is a reasonable practice in some
`
`8
`
`
`
`IPR2014-00681
`Patent 6,715,084 B2
`
`situations.” Prelim. Resp. 25 (citing Ex. 1008, 164). We agree with
`
`Intellectual Ventures that the cited portion of Porras expressly states that
`
`warnings are sent to domains that have not yet experienced the anomaly.
`
`This disclosure indicates that Porras must determine which devices have
`
`been affected by the attack to differentiate the domains that have not been
`
`affected from those that have. We are not persuaded, however, that Porras
`
`discloses determining which of the devices are expected to be affected by the
`
`attack.
`
`We have reviewed the rest of the portions of Porras relied upon by
`
`IBM (Pet. 18–19), and we are not persuaded that any of them disclose the
`
`determining limitation. Nor does IBM point to persuasive evidence that the
`
`determining limitation is inherent. Thus, we deny IBM’s challenge that
`
`Porras anticipates claims 1–9 and 12–18.
`
`2. Anticipation by Graham (Ex. 1007)
`
`Graham describes a “system and method for preventing network
`
`misuse.” Ex. 1007, Abstract. One of Graham’s embodiments evaluates
`
`“whether a firewall is configured to block certain suspicious data signatures
`
`before raising an alert and/or taking action in response to those signatures.”
`
`Id. at 12:15–19. Figure 1 of Graham is reproduced below.
`
`9
`
`
`
`IPR2014-00681
`Patent 6,715,084 B2
`
`
`
`Figure 1 illustrates an exemplary network architecture on which
`
`various features described by Graham are implemented. Ex. 1007, 2:65–67.
`
`The architecture generally depicts a local area network 140 over which a
`
`plurality of nodes 130–134 communicate. Id. at 3:47–51. Each of nodes
`
`130–134 may be a computer or any device that includes a processor and a
`
`network interface. Id. at 3:51–55. Although Figure 1 shows node 130 and
`
`firewall 152 as separate devices, they may be implemented on a single
`
`computer which performs the functions of both elements. Id. at 12:33–38.
`
`IBM challenges claims 1–7, 9, and 12–17 as anticipated by Graham.
`
`Pet. 29–40. Intellectual Ventures disputes Graham’s anticipation of the
`
`claimed invention. Prelim. Resp. 27–39. We agree with Intellectual
`
`Ventures that IBM has not shown that Graham discloses the detecting
`
`limitation—“detecting an anomaly in the networked computer system using
`
`network-based intrusion detection techniques comprising analyzing data
`
`entering into a plurality of hosts, servers, and computer sites in the
`
`networked computer system”—as required by the challenged claims. See id.
`
`at 34–36.
`
`10
`
`
`
`IPR2014-00681
`Patent 6,715,084 B2
`
`IBM equates node 130 to the claimed “data collection and processing
`
`center comprising a computer with a firewall coupled to a computer
`
`network.” Pet. 28–30. Because “node 130 may be configured to scan for
`
`suspicious network traffic . . . and may work with the firewall 152 to filter
`
`out suspicious data” (Ex. 1007, 12:19–21), IBM asserts that node 130 also
`
`fulfills the claim requirement that “the data collection and processing center
`
`monitor[s] data communicated to the network.” Pet. at 29. Finally, IBM
`
`asserts that Graham discloses the detecting limitation because it “analyze[s]
`
`data across LAN 140.” Id. at 29–30.
`
`The only language in Graham that IBM points to as supporting
`
`“analyzing data entering into a plurality of hosts,” however, is a statement
`
`that the nodes include a processor for processing data, and that when “node
`
`132 identifies an incident,” it may take precautionary measures. Pet. at 30
`
`(quoting Ex. 1007, 3:51–55, 4:45–50). Nothing in this language describes
`
`explicitly any of the nodes analyzing data. Nor does IBM assert that this
`
`analysis is inherently disclosed by Graham. See id. Moreover, IBM
`
`provides no evidence to support a finding of inherency. For example, IBM’s
`
`declarant, Dr. Bellovin, concludes that “Graham teaches node 130 . . .
`
`analyzing data entering into multiple nodes” based on language in Graham
`
`that node 130 monitors traffic for an incident. Ex. 1001 ¶ 163. Dr. Bellovin,
`
`however, does not discuss how Graham teaches this limitation or whether
`
`such analysis necessarily flows from the disclosure of Graham. Id.
`
`We are, therefore, not persuaded that IBM has established that there is
`
`a reasonable likelihood that claims 1–7, 9, and 12–17 are unpatentable as
`
`anticipated by Graham.
`
`11
`
`
`
`IPR2014-00681
`Patent 6,715,084 B2
`
`3. Obviousness over Graham and Snapp (Ex. 1009)
`
`Snapp is an article titled “A System for Distributed Intrusion
`
`Detection.” Ex. 1009. Snapp describes one approach to solving the problem
`
`of attacks or intrusions on computer systems called the intrusion-detection
`
`concept. Id. at Abstract. The focus of the article is to extend the concept
`
`from the local area network environment to arbitrarily wider areas using
`
`components including a host manager, a local access network manager, and
`
`a central manager, which receives, processes, and correlates reports from the
`
`other managers in order to detect intrusions. Id.
`
`a. Claims 8 and 18
`
`IBM challenges claims 8 and 18 as obvious over the combination of
`
`Graham and Snapp. Pet. 39–42. IBM relies on Snapp for disclosure of the
`
`limitation “adjusting anomaly detection sensitivity and alarm thresholds
`
`based on the detected anomaly,” recited by both claims 8 and 18. Id. at 39–
`
`40.
`
`IBM, however, continues to rely solely on Graham for teaching the
`
`detecting limitation. Pet. 29–30, 41–42. This asserted ground, therefore,
`
`suffers from the same deficiency as discussed above with respect to
`
`anticipation by Graham. Moreover, IBM does not point to any evidence that
`
`a person of ordinary skill in the art would have found the detecting limitation
`
`obvious over the combined disclosures of Graham and Snapp. See Pet. 41–
`
`42; Ex. 1001 ¶¶ 198–202.
`
`We are, therefore, not persuaded that IBM has established that there is
`
`a reasonable likelihood that claims 8 and 18 are unpatentable as obvious
`
`over Graham combined with Snapp.
`
`12
`
`
`
`IPR2014-00681
`Patent 6,715,084 B2
`
`4. Anticipation by NetRanger (Ex. 1008)
`
`NetRanger is a user guide for a product of the same name—“a real-
`
`time network security management system that detects, analyzes, responds
`
`to, and deters unauthorized network activity.” Ex. 1008, 019. NetRanger
`
`uses “centralized monitoring and management of remote dynamic packet
`
`filtering devices that plug into TCP/IP networks.” Id. The NetRanger
`
`System includes the “NSX,” which is the “sensing and management
`
`component.” Id. at 020–021. The NSX, in turn, communicates with one or
`
`more “Director,” which provides monitoring and analysis. Id.
`
`a. Printed Publication
`
`Intellectual Ventures argues that Petitioner has not made a sufficient
`
`threshold showing that NetRanger was available on the putative publication
`
`date. Prelim. Resp. 57–58. Intellectual Ventures cites Synopsys, Inc. v.
`
`Mentor Graphics Corp., for the proposition that absent evidence of
`
`publication or public accessibility of a reference, a petitioner for inter partes
`
`review, with respect to grounds based on that reference, should be denied.
`
`Id. (citing IPR2012-00042, slip op. at 35–36 (PTAB Feb. 22, 2013), Paper
`
`16). Indeed, the determination of whether a given reference qualifies as a
`
`prior art “printed publication” involves a case-by-case inquiry into the facts
`
`and circumstances surrounding the reference’s disclosure to members of the
`
`public. In re Klopfenstein, 380 F.3d 1345, 1350 (Fed. Cir. 2004).
`
`Unlike the reference at issue in Synopsys, which was a company’s
`
`product brochure that lacked any date on its face, NetRanger includes a
`
`copyright date printed on its face. Ex. 1008. In fact, the disclosed copyright
`
`date of 1997 is several years before the priority date of the ’084 patent—
`
`March 26, 2002. Intellectual Ventures has not pointed to any other
`
`13
`
`
`
`IPR2014-00681
`Patent 6,715,084 B2
`
`indication, in NetRanger itself, that it is anything other than what it appears
`
`to be—a User’s Guide that was published and accessible to users of the
`
`corresponding product on or around the disclosed 1997 copyright date. Id.
`
`On this record, we are persuaded that Petitioner has made a threshold
`
`showing that NetRanger is a “printed publication” under 35 U.S.C. § 102(a).
`
`As a consequence, for purposes of this Decision, NetRanger is available as
`
`prior art for Petitioner to demonstrate a reasonable likelihood that the
`
`challenged claims are unpatentable.
`
`b. Claims 1–7, 9, and 12–17
`
`IBM challenges claims 1–7, 9, and 12–17 as anticipated by
`
`NetRanger. Pet. 42–56. Intellectual Ventures disputes NetRanger’s
`
`anticipation of the claimed invention. Prelim. Resp. 45–54. We agree with
`
`Intellectual Ventures that NetRanger does not disclose the determining
`
`limitation—“determining which of the plurality of devices are anticipated to
`
`be affected by the anomaly by using pattern correlations across the plurality
`
`of hosts, servers, and computer sites.” See id. at 47–50.
`
`IBM points to NetRanger’s disclosure that “[n]umerous computers are
`
`vulnerable to an attack where if you send an ICMP packet with an extremely
`
`large data size it will crash the machine . . . NetRanger blocks and alarms
`
`this traffic.” Pet. 43, 46–47 (quoting Ex. 1008, 164); Ex. 1001 ¶¶ 225–30.
`
`This language discloses detecting an anomaly and pre-emptively blocking
`
`that traffic. IBM, however, does not explain how this language discloses
`
`determining which device has been affected by, or is anticipated to be
`
`affected by, such an attack.
`
`IBM points to testimony of Dr. Bellovin stating that a skilled artisan
`
`would have understood NetRanger to teach the determining limitation
`
`14
`
`
`
`IPR2014-00681
`Patent 6,715,084 B2
`
`because “there would be no need for NetRanger to generate reports of
`
`network vulnerabilities or to block the network traffic” unless the Director
`
`was identifying devices anticipated to be affected by the anomaly. Ex. 1001
`
`¶ 229. This testimony does not support either an explicit or inherent
`
`disclosure of this limitation by NetRanger, as required for anticipation.
`
`Moreover, the statement is conclusory and not persuasive. We agree with
`
`Intellectual Ventures that preemptively blocking all traffic may be a
`
`reasonable practice in some situations, and network vulnerability reports
`
`may not require detecting the anomaly before identifying the vulnerable
`
`devices. See Prelim. Resp. 50.
`
`We have reviewed the rest of the portions of NetRanger relied upon
`
`by IBM (Pet. 46–47), and we are not persuaded that any of them disclose the
`
`determining limitation. We are, therefore, not persuaded that IBM has
`
`established that there is a reasonable likelihood that claims 1–7, 9, and 12–
`
`17 are unpatentable as anticipated by NetRanger.
`
`5. Obviousness over NetRanger and Snapp
`
`IBM challenges claims 8 and 18 as obvious over the combination of
`
`NetRanger and Snapp. Pet. 56–57. IBM admits that NetRanger does not
`
`provide an express description of the claim limitation “wherein the data
`
`collection and processing center adjusts anomaly detection sensitivity and
`
`alarm thresholds based on the detected anomaly” and relies on Snapp for
`
`disclosure of this limitation. Id. at 56.
`
`IBM continues to rely solely on NetRanger for teaching the
`
`determining limitation. Id. This asserted ground, therefore, suffers from the
`
`same deficiency as discussed above with respect to anticipation by
`
`NetRanger. Moreover, IBM does not point to any evidence that a person of
`
`15
`
`
`
`IPR2014-00681
`Patent 6,715,084 B2
`
`ordinary skill in the art would have found the determining limitation obvious
`
`over the combined disclosures of NetRanger and Snapp. See Pet. 56–57; Ex.
`
`1001 ¶¶ 270–277. We are, therefore, not persuaded that IBM has
`
`established that there is a reasonable likelihood that claims 8 and 18 are
`
`unpatentable as obvious over NetRanger combined with Snapp.
`
`CONCLUSION
`
`For the foregoing reasons, we determine that Petitioner has not shown
`
`a reasonable likelihood that it would prevail in demonstrating that any of the
`
`challenged claims of the ’084 patent are unpatentable on at least one
`
`challenged ground. The Board has not made a final determination on the
`
`patentability of any challenged claim.
`
`ORDER
`
`ORDERED that an inter partes review of U.S. Patent No. 6,715,084
`
`B2 is not instituted based on this Petition.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`16
`
`
`
`IPR2014-00681
`Patent 6,715,084 B2
`
`
`
`PETITIONER:
`
`Kenneth Adamo
`kenneth.adamo@kirkland.com
`
`Eugene Goryunov
`eugene.goryunov@kirkland.com
`
`PATENT OWNER:
`
`Jonathan Strang
`jstrang-PTAB@skgf.com
`
`Lori Gordon
`lgordon-PTAB@skgf.com
`
`
`
`17
`
`