`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`SOPHOS LIMITED AND SOPHOS INC.,
`Petitioners
`
`v.
`
`FORTINET, INC.,
`Patent Owner
`
`U.S. Patent No. 8,205,251
`Filing Date: May 24, 2011
`Issue Date: June 19, 2012
`Title: Policy-Based Content Filtering
`
`
`Inter Partes Review No.: (Unassigned)
`
`
`
`PETITION FOR INTER PARTES REVIEW OF
`U.S. PATENT NO. 8,205,251
`UNDER 35 U.S.C. §§ 311-319 AND 37 C.F.R. §§ 42.1-80, 42.100-123
`
`
`
`
`
`
`
`TABLE OF CONTENTS
`
`
`Page
`
`
`I.
`
`COMPLIANCE WITH FORMAL REQUIREMENTS ................................. 1
`A. Mandatory Notices Under 37 C.F.R. §§ 42.8(b)(1)-(4) ....................... 1
`1.
`Real Party-In-Interest ................................................................. 1
`2.
`Related Matters .......................................................................... 1
`3.
`Lead and Backup Counsel ......................................................... 1
`4.
`Service Information.................................................................... 2
`Proof of Service on the Patent Owner .................................................. 2
`B.
`Power of Attorney ................................................................................ 2
`C.
`Standing ................................................................................................ 2
`D.
`Fees ....................................................................................................... 3
`E.
`STATEMENT OF PRECISE RELIEF REQUESTED .................................. 3
`II.
`III. FULL STATEMENT OF REASONS FOR REQUESTED RELIEF ............ 4
`A.
`Technology Background ...................................................................... 4
`B.
`Summary of the ’251 Patent ................................................................. 4
`C.
`Person of Ordinary Skill in the Art ...................................................... 5
`D.
`Claim Construction .............................................................................. 5
`E.
`Ground 1: Claims 1, 6, 12, 17, 18, 26, 27, 29, & 31 are Obvious
`under 35 U.S.C. § 103(a) (pre-AIA) in view of Taylor ....................... 6
`Ground 2: Claims 1, 12, 17, 18, 26, 27 and 29 are Obvious
`under 35 U.S.C. § 103(a) (pre-AIA) in view of Sonnenberg ............. 27
`G. Ground 3: Claims 9, 22, & 32 are Obvious under 35 U.S.C. §
`103(a) (pre-AIA) in light of Taylor in view of Astaro ....................... 47
`H. Ground 4: Claims 6, 9, 22, 31, & 32 are Obvious under 35
`U.S.C. § 103(a) (pre-AIA) in light of Sonnenberg in view of
`Astaro ................................................................................................. 53
`IV. CONCLUSION ............................................................................................. 59
`
`F.
`
`
`
`
`
`-i-
`
`
`
`
`
`
`
`EXHIBIT LIST
`
`Exhibit No. Description
`
`1001
`
`1002
`
`1003
`
`1004
`
`1005
`
`1006
`
`1007
`
`1008
`
`1009
`
`1010
`
`1011
`
`1012
`
`1013
`
`1014
`
`1015
`
`U.S. Patent No. 8,205,251
`
`File history of U.S. Patent No. 8,205,251
`
`Fortinet, Inc.’s Answer, Affirmative Defenses, and Counterclaims,
`
`Sophos Ltd. et al v. Fortinet, Inc., No. 14-cv-00100-GMS (D.Del.)
`
`Sophos Ltd. et al v. Fortinet, Inc. Proof of Service
`
`U.S. Patent No. 8,205,251, Infringement Contentions Pursuant to
`
`Section 4(C)
`
`U.S. Patent No. 6,728,885 B1
`
`U.S. Patent No. 7,076,650 B1
`
`Astaro Security Linux V5 WebAdmin User Manual
`
`Declaration of Charles P. Pfleeger
`
`U.S. Patent No. 6,167,445
`
`U.S. Patent No. 6,574,661 B1
`
`U.S. Patent No. 6,606,708 B1
`
`U.S. Patent No. 7,284,267 B1
`
`U.S. Patent No. 7,171,440 B2
`
`U.S. Patent No. 5,835,726
`
`
`
`
`
`-i-
`
`
`
`
`
`
`
`Exhibit No. Description
`
`1016
`
`Computer Networks 4th edition, Andrew S. Tannenbaum, Prentice
`
`Hall, 2003
`
`1017
`
`Security in Computing 3rd edition, Charles P. Pfleeger and Shari
`
`Lawrence Pfleeger, Prentice Hall, 2003
`
`1018
`
`1019
`
`Advanced Programming Techniques, Hughes, C., et al, Wiley, 1978
`
`“A Network Firewall,” Ranum, M., Proceedings of the
`
`International Conference on Systems and Network Security and
`
`Management (SANS-1)”, November 1992
`
`1020
`
`“A Toolkit and Methods for Internet Firewalls,” Ranum, M. and
`
`Avolio, F., Proceedings Usenix Security Symposium, 1994
`
`1021
`
`“Robust TCP Stream Reassembly In the Presence of Adversaries,”
`
`Dharmapurikar, S. and Paxson, V., Proceedings Usenix Security
`
`Symposium, 2005
`
`1022
`
`“RFC 793 Transmission Control Protocol,” Information Sciences
`
`Institute, University of Southern California, September 1981
`
`1023
`
`“Guidelines on Firewalls and Firewall Policy,” NIST [National
`
`Institute of Standards and Technology] Special Publication 800-41,
`
`Jan 2002
`
`
`
`
`
`-ii-
`
`
`
`
`
`
`
`Exhibit No. Description
`
`1024
`
`“Six Dumbest Ideas in Computer Security,” Ranum, M., Schneier
`
`on Security Blog, 9 September 2005. https://www.schneier.com/
`
`blog/archives/2005/09/marcus_ranums_t.html
`
`1025
`
`Cybersecurity Operations Handbook, Rittinghouse, J. and
`
`Hancock, W., Elsevier, 2003
`
`
`
`
`
`
`
`-iii-
`
`
`
`
`
`
`
`Real parties in interest Sophos Ltd. and Sophos Inc. hereby petition for inter
`
`partes review of U.S. Patent No. 8,205,251 (the “’251 patent”) (Ex. 1001), under
`
`35 U.S.C. §§ 311-319, 37 C.F.R. §§ 42.1-42.80 and 37 C.F.R. §§ 42.100-42.123.
`
`I.
`
`
`
`COMPLIANCE WITH FORMAL REQUIREMENTS
`A. Mandatory Notices Under 37 C.F.R. §§ 42.8(b)(1)-(4)
`
`Real Party-In-Interest
`
`1.
`Pursuant to 37 C.F.R. § 42.8(b)(1), Petitioner states that Sophos Ltd. and
`
`Sophos Inc. (“Sophos” or “Petitioner”) are the real party-in-interest.
`
`Related Matters
`
`2.
`Pursuant to 37 C.F.R. § 42.8(b)(2), Petitioner states that the ’251 patent is
`
`subject to the following civil action: Sophos Ltd. et al v. Fortinet, Inc., No. 14-cv-
`
`00100-GMS (D.Del.). See Exs. 1003-1004.
`
`Lead and Backup Counsel
`
`3.
`Pursuant to 37 C.F.R. § 42.8(b)(3), Petitioner provides the following
`
`designation of counsel:
`
`Lead Counsel
`Gianni Minutoli
`Reg. No. 41,198
`Fortinet-IPRs@dlapiper.com
`Postal and Hand Delivery Address:
`DLA Piper LLP (US)
`One Fountain Square
`11911 Freedom Drive, Suite 300
`Reston, VA 20190-5602
`
`Backup Counsel
`Ryan W. Cobb
`Reg. No. 64,598
`Fortinet-IPRS@dlapiper.com
`Postal and Hand Delivery Address:
`DLA Piper LLP (US)
`2000 University Avenue
`East Palo Alto, CA 94303
`650-833-2235 (phone)
`
`
`
`
`
`-1-
`
`
`
`
`
`
`703-773-4045 (phone)
`202-799-5125 (fax)
`
`650-833-2001 (fax)
`
`Harpreet Singh
`Reg. No. 71,842
`Fortinet-IPRS@dlapiper.com
`Postal and Hand Delivery Address:
`DLA Piper LLP (US)
`2000 University Avenue
`East Palo Alto, CA 94303-2214
`650-833-2191 (phone)
`650-687-1191 (fax)
`
`
`
`Service Information
`
`4.
`Pursuant to 37 C.F.R. § 42.8(b)(4), Petitioner states that service information
`
`
`
`for lead and back-up counsel is provided in the designation of lead and back-up
`
`counsel above.
`
`B.
`
`Proof of Service on the Patent Owner
`
`
`
`As identified in the attached Certificate of Service, a copy of this Petition in
`
`its entirety is being served to the Patent Owner’s attorney of record at the address
`
`listed in the USPTO’s records by overnight courier pursuant to 37 C.F.R. § 42.6.
`
`C.
`
`Power of Attorney
`
`Powers of attorney are being filed with designation of counsel in accordance
`
`with 37 C.F.R. § 41.10(b).
`
`D.
`
`Standing
`
`
`
`
`
`-2-
`
`
`
`
`
`
`
`
`In accordance with 37 C.F.R. §42.104(a), Petitioner certifies that the ’251
`
`patent is available for inter partes review and that Petitioner is not barred or
`
`estopped from requesting an inter partes review challenging the patent claims on
`
`the grounds identified in this Petition. The ’251 patent was asserted against
`
`Sophos in Fortinet’s counterclaims in connection with Civil Action No. 14-cv-
`
`00100-GMS on March 20, 2014. See Exs. 1003-1004. Under 35 U.S.C. § 315(b),
`
`this inter partes review is timely as it is being filed within 1 year of service of the
`
`counterclaims.
`
`E.
`
`Fees
`
`
`
`The undersigned authorizes the Director to charge the fee specified by 37
`
`C.F.R. § 42.15(a) and any additional fees that might be due in connection with this
`
`Petition to Deposit Account No. 07-1896.
`
`II.
`
`STATEMENT OF PRECISE RELIEF REQUESTED
`
`In accordance with 35 U.S.C. § 311, Petitioner requests cancelation of
`
`claims 1, 6, 9, 12, 17, 18, 22, 26, 27, 29, 31 and 32 of the ’251 patent in view of the
`
`following grounds:
`
`A. Ground 1: Claims 1, 6, 12, 17, 18, 26, 27, 29, & 31 are Obvious under
`
`35 U.S.C. § 103(a) (pre-AIA) in view of Taylor.
`
`B. Ground 2: Claims 1, 12, 17, 18, 26, 27 and 29 are Obvious under 35
`
`U.S.C. § 103(a) (pre-AIA) in view of Sonnenberg.
`
`
`
`
`
`-3-
`
`
`
`
`
`
`
`C. Ground 3: Claims 9, 22, & 32 are Obvious under 35 U.S.C. § 103(a)
`
`(pre-AIA) in light of Taylor in view of Astaro.
`
`D. Ground 4: Claims 6, 9, 22, 31, & 32 are Obvious under 35 U.S.C. §
`
`103(a) (pre-AIA) in light of Sonnenberg in view of Astaro.
`
`III. FULL STATEMENT OF REASONS FOR REQUESTED RELIEF
`A. Technology Background
`
`A firewall is a device that filters all traffic between a protected inside
`
`network and a less trustworthy or outside network. Ex. 1009 at ¶ 37. Three types
`
`of firewalls are packet filters, stateful inspection firewalls, and application
`
`gateways. Id. A packet filtering gateway controls access to packets based on
`
`either the packet source address, destination address, or the specific transport
`
`protocol type. Id. Stateful inspection firewalls maintain state information from
`
`one packet to the next in the network stream. Id. The application gateway controls
`
`input, output, and/or access to an application or service. Id. Application firewalls
`
`monitor the content of various network streams and can restrict or prevent access
`
`to the application or service by network traffic that fails to meet the firewall policy.
`
`By utilizing a proxy in the middle of the protocol exchange, the gateway can
`
`screen content transfer to ensure that only acceptable network streams can access
`
`the application or service. Id.
`
`B.
`
`Summary of the ’251 Patent
`
`
`
`
`
`-4-
`
`
`
`
`
`
`
`The ’251 patent purports to teach methods and systems for “processing
`
`application-level content of network service protocols.” Ex.1001 at 2:36-37. A
`
`“network connection” is rerouted to a “proxy module” within the firewall device
`
`“configured to support a network service protocol associated with the network
`
`connection.” Id. at 2:38-43. The “proxy module” then “retrieves one or more
`
`content processing configuration schemes” based on the firewall policy that
`
`matches the “network service protocol” and the “network connection.” Id. at 2:43-
`
`46. The content of the packet stream associated with the network connection is
`
`then reassembled by the proxy module and scanned based on the “content
`
`processing configuration schemes.” Id. at 2:49-54.
`
`C.
`
`Person of Ordinary Skill in the Art
`
`A person of ordinary skill in the art at the time of the alleged invention of
`
`the ’251 patent would have a Bachelor’s degree in computer science or electrical
`
`engineering, or the equivalent thereof, and four years of industry experience as a
`
`network computer system administrator, including working with network firewalls
`
`and other hardware and software appliances. Ex. 1009 at ¶ 12.
`
`D. Claim Construction
`
`Pursuant to 37 C.F.R. § 42.100(b) and 42.204(b)(3), this petition presents
`
`claim analysis in a manner that is consistent with the broadest reasonable
`
`construction in light of the specification. Claim terms are given their ordinary and
`
`
`
`
`
`-5-
`
`
`
`
`
`
`accustomed meaning as would be understood by one of ordinary skill in the art,
`
`unless the inventor, as a lexicographer, has set forth a special meaning for a term.
`
`Multiform Desiccants, Inc. v. Medzam, Ltd., 133 F.3d 1473 (Fed. Cir. 1998); York
`
`Prods., Inc., v. Central Tractor Farm & Family Ctr., 99 F.3d 1568, 1572 (Fed. Cir.
`
`1996).
`
`In the ’251 patent, the inventor did not act as a lexicographer and did not
`
`provide a special meaning for any of the claim terms. Accordingly, using the
`
`broadest reasonable interpretation standard, the terms should be given their
`
`ordinary and custom meaning as understood by a person of ordinary skill in the art
`
`and consistent with the disclosure. Ex. 1009 at ¶ 42.
`
`Petitioner notes that the claims should be construed using the broadest
`
`reasonable interpretation standard, which is applied for the purposes of inter partes
`
`review. Because the standards of claim interpretation used by the Courts in patent
`
`litigation are different from the claim interpretation standards used by the Office in
`
`claim examination proceedings (including inter partes review), Petitioner reserves
`
`the right to advocate a different claim interpretation in any other forum in
`
`accordance with the claim construction standards applied in such forum.
`
`E. Ground 1: Claims 1, 6, 12, 17, 18, 26, 27, 29, & 31 are Obvious
`
`under 35 U.S.C. § 103(a) (pre-AIA) in view of Taylor
`
`
`
`
`
`-6-
`
`
`
`
`
`
`
`
`U.S. Patent No. 6,728,885 to Taylor (hereinafter “Taylor”) (Ex. 1006)
`
`discloses “a firewall includ[ing] a dynamic packet filter which communicates with
`
`a proxy. The proxy registers with the dynamic packet filter for notifications of
`
`request to establish new data communication connections through physical
`
`connections between the internal and outside computer networks.” Ex. 1006 at
`
`3:40-47. The firewall in Taylor further includes various modules used in filtering
`
`incoming packets as depicted in Figure 2 below.
`
`Taylor Fig. 2
`
`
`
`
`
`The system in Taylor filters application-level content by “applying a proxy
`
`filter at the application layer to all packets received on a specific connection” and
`
`that “packet is eventually forwarded to proxy 211 to be filtered at the application
`
`layer level.” Ex. 1006 at 6:40-44; 11:46-48. The Taylor system also allows users
`
`
`
`
`
`-7-
`
`
`
`
`
`
`to create “configuration files” which are used to establish specific filtering rules for
`
`the firewall. Ex. 1006 at 3:55-66.
`
`
`
`Claim Language
`
`Exemplary Citations to Disclosure
`
`1. A computer-implemented
`method for processing
`application-level content of
`network service protocols,
`the method comprising:
`
`Taylor discloses “a method, system and computer
`program for providing multilevel security to a
`computer network” (computer-implemented
`method). Ex. 1006 at Abstract.
`
`Taylor further discloses that “[t]he computer
`program includes a first module located in an
`application layer…configured to examine a number
`of packets received by the computer network from
`at least one outside network…” (computer-
`implemented method for processing application
`level content of network service protocols). Ex.
`1006 at Abstract.
`
`Taylor further discloses “a typical firewall 101 is
`placed between a Local Area Network (LAN) 103
`and outside networks 111, 115” and “[i]nternal
`hosts 105, 107, 109 and remote hosts 119, 121 are
`computers, e.g., personal computers (PC) or
`computer workstations” (computer-implemented
`method for processing application level content of
`network service protocols). Ex. 1006 at 1:17-24.
`
`Taylor discloses, “a Transport Control Protocol
`(TCP) module of a TCP/IP layer in a source
`computer divides the file into packets of an efficient
`size for transmitting over the network” (network
`service protocols). Ex. 1006 at 1:43-46.
`
`Taylor further discloses, “the TCP module is a
`communication protocol used along with the
`Internet Protocol (IP) to send data in the form of
`
`
`
`
`
`-8-
`
`
`
`
`
`
`
`Claim Language
`
`Exemplary Citations to Disclosure
`
`packets between a source and destination
`computers” (network service protocols). Ex. 1006
`at 1:60-63.
`
`Taylor also discusses programming a variable
`“proto” which “specifies the type of Internet
`Transport Protocol” to be filtered (network service
`protocols). Ex. 1006 at 8:8-10.
`
`Taylor also discloses, “[a]n application proxy does
`not allow direct contact between a ‘trusted’ and
`‘untrusted’ networks. Each of the packets passing
`through this type of firewall is examined at the
`application layer…” (processing application level
`content of network service protocols). Ex. 1006 at
`2:60-63.
`
`Taylor discloses, “applying a proxy filter at the
`application layer to all packets received on a
`specific connection” (processing application level
`content of network service protocols). Ex. 1006 at
`6:40-44.
`Taylor also discloses, “the packet is eventually
`forwarded to proxy 211 to be filtered at the
`application layer level” (processing application
`level content of network service protocols). Ex.
`1006 at 11:46-48. See also Ex. 1006 at Figs. 1-7;
`Ex. 1009 at ¶ 79.
`
`1.(a) redirecting a network
`connection, by a networking
`subsystem implemented
`within a kernel of an
`operating system of a
`firewall device, to a proxy
`module of one or more
`proxy modules within the
`
`Taylor discloses that the “NAT 205, DPF 207, UD-
`SPF, 209, TPF 215, local TCP/IP 213 and OG-DPF
`217 are located in the kernel space of firewall 201”
`(networking subsystem of a firewall device within
`in a kernel). Ex. 1006 at 4:51-53. “Here the kernel
`designated the operating system in a computer…”
`Ex. 1006 at 5:53-55.
`
`
`
`
`
`
`-9-
`
`
`
`
`
`
`
`Claim Language
`
`Exemplary Citations to Disclosure
`
`firewall device that is
`configured to support a
`network service protocol
`associated with the network
`connection;
`
`1.(b) retrieving, by the
`proxy module, one or more
`content processing
`configuration schemes
`associated with a matching
`firewall policy for the
`network service protocol
`and the network connection,
`the one or more content
`processing configuration
`schemes each including a
`plurality of content
`processing configuration
`settings for each of one or
`more network service
`protocols; and
`
`Taylor discloses, “when the port is registered, DPF
`207 transfers attribute information of the packet to
`proxy” (redirecting a network connection, by the
`networking subsystem, to a proxy module of one or
`more proxy modules within the firewall device).
`Ex. 1006 at 6:12-14.
`
`Taylor discloses that, “[p]roxy 211, upon receiving
`the attribute information from DPF 207, determines
`whether to allow the connection. If the connection
`is to be allowed, proxy 211 further determines
`which filter dynamic filter rule to apply”
`(redirecting a network connection, by the
`networking subsystem, to a proxy module of one or
`more proxy modules within the firewall device that
`is configured to support the network service
`protocol). Ex. 1006 at 6:22-25. See also Ex. 1009
`at ¶ 80.
`
`Taylor discloses that a “configuration file…includes
`various filter rules to be applied for specific
`connections. For example, packets received from a
`particular port can be subjected to the filter all rule
`filter, while packets received from another port can
`be subjected to the selective filtering rule”
`(retrieving, by the proxy module, one or more
`content processing configuration schemes
`associated with the matching firewall policy, the
`one or more content processing configuration
`schemes each including a plurality of content
`processing configuration settings for each of one or
`more network service protocols). Ex. 1006 at 6:44-
`50.
`
`Taylor discloses, “filtering rules are also possible
`such as not applying any filtering or applying a
`proxy filter at the application layer to all packets
`
`
`
`
`
`-10-
`
`
`
`
`
`
`
`Claim Language
`
`Exemplary Citations to Disclosure
`
`1.(c) processing, by the
`proxy module, application-
`level content of a packet
`stream associated with the
`network connection by
`
`received on a specific connection” (one or more
`content processing configuration schemes
`associated with the matching firewall policy, the
`one or more content processing configuration
`schemes each including a plurality of content
`processing configuration settings for each of one or
`more network service protocols). Ex. 1006 at 6:39-
`43. See also Ex. 1009 at ¶ 81.
`
`Taylor discloses that “[t]he computer program
`includes a first module located in an application
`layer…configured to examine a number of packets
`received by the computer network from at least one
`outside network…” (processing, by the proxy
`module, application-level content of a packet stream
`associated with the incoming network connection).
`Ex. 1006 at Abstract.
`
`Taylor also discloses, “[a]n application proxy does
`not allow direct contact between a ‘trusted’ and
`‘untrusted’ networks. Each of the packets passing
`through this type of firewall is examined at the
`application layer…” (processing, by the proxy
`module, application-level content of a packet stream
`associated with the incoming network connection).
`Ex. 1006 at 2:60-63.
`
`Taylor discloses, “applying a proxy filter at the
`application layer to all packets received on a
`specific connection” (processing application level
`content of network service protocols). Ex. 1006 at
`6:40-44.
`
`Taylor also discloses, “the packet is eventually
`forwarded to proxy 211 to be filtered at the
`application layer level” (processing, by the proxy
`module, application-level content of a packet stream
`
`
`
`
`
`-11-
`
`
`
`
`
`
`
`Claim Language
`
`Exemplary Citations to Disclosure
`
`1.(c)(i) reassembling the
`application-level content
`from a plurality of packets
`of the packet stream; and
`
`associated with the incoming network connection).
`Ex. 1006 at 11:46-48. See also Ex. 1009 at ¶ 82.
`
`Taylor discloses, “applying a proxy filter at the
`application layer to all packets received on a
`specific connection” (processing application level
`content of network service protocols). Ex. 1006 at
`6:40-44.
`
`Taylor also discloses, “the packet is eventually
`forwarded to proxy 211 to be filtered at the
`application layer level.” Ex. 1006 at 11:46-48.
`
`To be filtered at the application layer level, the
`proxy must reassemble the application level content
`from a plurality of packets of the packet stream.
`See, e.g., Ex. 1009 at ¶ 83-86.
`
`
`
`Regarding limitation 1.(c)(i), Petitioner believes that it is inherent that in
`
`order to process and scan for “application level content”, packets received by the
`
`proxy must necessarily be reassembled. The reassembling of the application level
`
`content would necessarily include extracting and buffering content from a plurality
`
`of packets of the packet stream. See, e.g., Ex. 1009 at ¶ 83. Alternatively, one of
`
`ordinary skill in the art would understand that to process and scan for “application
`
`level content”, packets received by the proxy must necessarily be reassembled by
`
`e.g., extracting and buffering content from a plurality of packets of the packet
`
`stream. See, e.g., Ex. 1009 at ¶ 85. Thus to the extent that the Board does not
`
`
`
`
`
`-12-
`
`
`
`
`
`
`determine that this limitation is disclosed by Taylor, Petitioner submits that it is
`
`taught or suggested by Taylor. See, e.g., Ex. 1009 at ¶ 83-85.
`
`Claim Language
`
`Exemplary Citations to Disclosure
`
`1.(c)(ii) scanning the
`application-level content
`based on the retrieved one
`or more content processing
`configuration schemes.
`
`Taylor discloses that “[t]he computer program
`includes a first module located in an application
`layer…configured to examine a number of packets
`received by the computer network from at least one
`outside network…” (scanning the application-level
`content based on the retrieved one or more content
`processing configuration schemes). Ex. 1006 at
`Abstract.
`
`Taylor also discloses, “[a]n application proxy does
`not allow direct contact between a ‘trusted’ and
`‘untrusted’ networks. Each of the packets passing
`through this type of firewall is examined at the
`application layer…” (scanning the application-level
`content based on the retrieved one or more content
`processing configuration schemes). Ex. 1006 at
`2:60-63.
`
`Taylor discloses, “applying a proxy filter at the
`application layer to all packets received on a
`specific connection” (processing application level
`content of network service protocols). Ex. 1006 at
`6:40-44.
`Taylor also discloses, “the packet is eventually
`forwarded to proxy 211 to be filtered at the
`application layer level” (processing, by the proxy
`module, application-level content of a packet stream
`associated with the incoming network connection).
`Ex. 1006 at 11:46-48.
`
`Taylor discloses that a “configuration file…includes
`various filter rules to be applied for specific
`connections. For example, packets received from a
`
`
`
`
`
`-13-
`
`
`
`
`
`
`
`
`
`Claim Language
`
`Exemplary Citations to Disclosure
`
`particular port can be subjected to the filter all rule
`filter, while packets received from another port can
`be subjected to the selective filtering rule” (content
`processing configuration schemes). Ex. 1006 at
`6:44-50.
`
`In filtering application level content, the proxy must
`scan the application level content. See, e.g., Ex.
`1009 at ¶ 86-88.
`
`Regarding limitation 1.(c)(ii), Petitioner believes that it is inherent that in
`
`order to process and scan for “application level content”, packets received by the
`
`proxy must necessarily be scanned. One cannot filter content without first
`
`determining by scanning the content and comparing the scanned content with a
`
`reference (i.e., configuration scheme). See, e.g., Ex. 1009 at ¶ 86. Alternatively,
`
`one of ordinary skill in the art would understand that to process and scan for
`
`“application level content”, the packets must necessarily be scanned. See, e.g., Ex.
`
`1009 at ¶ 87. Thus to the extent that the Board does not determine that this
`
`limitation is disclosed by Taylor, Petitioner submits that it is taught or suggested
`
`by Taylor. See, e.g., Ex. 1009 at ¶ 86-88.
`
`
`
`Claim Language
`
`Exemplary Citations to Disclosure
`
`6. The method of claim 1,
`further comprising
`
`Taylor discloses, “[t]he most common firewall
`features include: securing internal network 103
`
`
`
`
`
`-14-
`
`
`
`
`
`
`
`Claim Language
`
`Exemplary Citations to Disclosure
`
`authenticating a user
`associated with the network
`connection and rejecting the
`network connection if the
`authentication is
`unsuccessful.
`
`12. The method of claim 1,
`further comprising:
`
`12.(a) receiving, by the
`networking subsystem, a
`second network connection
`associated with a second
`network service protocol
`that is different from the
`network service protocol;
`
`12.(b) identifying, by the
`networking subsystem, a
`second matching firewall
`policy for the second
`network service protocol
`and the second network
`connection;
`
`access with a perimeter defense, controlling all
`connections into and out of internal network 103,
`filtering packets according to previously defined
`rules, “authenticating” or making sure users and
`applications are permitted to access resources,
`logging of activities, and actively notifying the
`appropriate people when suspicious events occur”
`(authenticating a user associated with the incoming
`connection and rejecting the incoming connection if
`the authentication is unsuccessful). Ex. 1006 at
`2:35-44. See also Ex. 1009 at ¶ 89.
`
`See preamble of claim 1.
`
`Taylor discloses that a “connection list, as the name
`implies, includes a list of currently active or soon to
`be active connections and relevant information
`thereof such as the source and destination addresses
`and the port on which the connection is or to be
`established. Each entry in the connection list
`represents TCP or UDP (User Datagram Protocol)
`connection” (receiving, by the networking
`subsystem, a second network connection associated
`with a second network service protocol that is
`different from the network service protocol). Ex.
`1006 at 6:66-7:5. See also Ex. 1009 at ¶ 90.
`
`Taylor discloses that “DPF determines whether the
`received packet is a connection control packet, i.e.,
`a SYN packet” (identifying, by the networking
`subsystem, the network service protocol). Ex. 1006
`at 5:56-58.
`
`SYN packets are a part of the Transport Control
`protocol as explained by Taylor: “a Transport
`Control Protocol (TCP) module of a TCP/IP layer in
`a source computer divides the file into packets” and
`
`
`
`
`
`-15-
`
`
`
`
`
`
`
`Claim Language
`
`Exemplary Citations to Disclosure
`
`“connection control packets include at least one
`connection establishing packet, e.g., a SYN
`packet…” (network service protocol of the
`incoming network connection). Ex. 1006 at 1:43-
`52.
`
`Taylor also discloses, “since there are no SYN
`packets for UDP connections, if a UDP packet has
`previously established a connection and the
`connection exists in the connection list then that
`connection is used for new UDP packets received
`on the same connection” (identifying different
`protocols). Ex. 1006 at 7:9-13. See also Ex. 1009
`at ¶ 91.
`
`See claim limitation 1.(a).
`
`See claim limitation 1.(b).
`
`See claim limitation 1.(c).
`
`12.(c) redirecting the second
`network connection to a
`second proxy module of the
`one or more proxy modules
`that is configured to support
`the second network service
`protocol;
`
`12.(d) retrieving, by the
`second proxy module, the
`one or more content
`processing configuration
`schemes associated with the
`second matching firewall
`policy;
`
`12.(e) processing, by the
`second proxy module,
`application-level content of
`a packet stream associated
`with the second network
`connection by
`
`
`
`
`
`-16-
`
`
`
`
`
`
`
`Claim Language
`
`12.(e)(i) reassembling the
`application-level content
`from a plurality of packets
`of the packet stream; and
`
`12.(e)(ii) scanning the
`application-level content
`based on the retrieved one
`or more content processing
`configuration schemes; and
`
`12.(f) wherein the plurality
`of content processing
`configuration settings for
`the network service protocol
`are different from the
`plurality of content
`processing configuration
`settings for the second
`network service protocol.
`
`17. A firewall system for
`processing application-level
`content of network service
`protocols, the firewall
`system comprising:
`
`Exemplary Citations to Disclosure
`See claim limitation 1.(c)(i).
`
`
`
`
`
`See claim limitation 1.(c)(ii).
`
`
`
`See claim limitations 1.(a) and 1.(c).
`
`See also Ex. 1009 at ¶ 93.
`
`Taylor discloses, “[t]his invention relates to
`providing security in communication networks. In
`particular, the invention relates to firewall
`technology in packet switched networks for
`adaptively providing a plurality of security levels”
`(firewall system). Ex. 1006 at 1:10-14.
`
`Taylor discloses, “[f]irewall 101 includes a
`combination of computer hardware and software
`components configured to protect LAN 103, i.e.,
`preventing unwanted intrusions from outside
`networks 111, 115” (firewall system). Ex. 1006 at
`1:17-19.
`
`Taylor discloses that “[t]he computer program
`includes a first module located in an application
`layer…configured to examine a number of packets
`
`
`
`
`
`-17-
`
`
`
`
`
`
`
`Claim Language
`
`Exemplary Citations to Disclosure
`
`received by the computer network from at least one
`outside network…” (processing application-level
`content). Ex. 1006 at Abstract.
`
`Taylor also discloses, “[a]n application proxy does
`not allow direct contact between a ‘trusted’ and
`‘untrusted’ networks. Each of the packets passing
`through this type of firewall is examined at the
`application layer…” (processing application-level
`content). Ex. 1006 at 2:60-63.
`
`Taylor discloses, “applying a proxy filter at the
`application layer to all packets received on a
`specific connection” (processing application-level
`content). Ex. 1006 at 6:40-44. See also, Ex. 1006
`Fig. 2; Ex. 1009 at ¶ 94.
`
`Taylor discloses, “The computer programs are
`stored in a computer readable storage medium, e.g.,
`hard disks or floppy diskettes. In operation, the
`computer programs are read to a random access
`memory to be executed by a processor. The
`computer readable storage medium, the random
`access memory and the process are preferably
`included in the computer of firewall 201.
`Alternatively, however, the computer readable
`storage medium can be provided by another
`computer or floppy diskettes. Hence, the computer
`programs can be downloaded from a remote
`computer coupled to firewall 201” (non-transitory
`memory). Ex. 1006 at 5:10-20.
`
`Taylor discloses that a “configuration file…includes
`various filter rules to be applied for specific
`connections. For example, packets received from a
`particular port can be subjected to the filter all rule
`filter, while packets received from another port can
`
`17.(a) a non-transitory
`memory having stored
`therein a configuration
`database including a
`plurality of firewall policies