`571.272.7822 Entered: November 14, 2018
`
`
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`ZSCALER, INC.,
`Petitioner,
`v.
`
`SYMANTEC CORPORATION,
`Patent Owner.
`____________
`
`Case IPR2018-00920
`Patent 9,525,696 B2
`____________
`
`
`Before JEFFREY S. SMITH, BRYAN F. MOORE, and NEIL T. POWELL,
`Administrative Patent Judges.
`
`SMITH, Administrative Patent Judge.
`
`
`
`
`
`
`DECISION
`Instituting Inter Partes Review
`35 U.S.C. § 314(a)
`
`
`
`
`
`
`IPR2018-00920
`Patent 9,525,696 B2
`
`
`I. INTRODUCTION
`Petitioner filed a Petition for inter partes review of claims 1–19 of
`U.S. Patent 9,525,696 (Ex. 1001, the ’696 patent”). Paper 1 (“Pet.”). Patent
`Owner filed a Preliminary Response. Paper 9 (“Prelim. Resp.”). Institution
`of an inter partes review is authorized by statute when “the information
`presented in the petition . . . and any response . . . shows that there is a
`reasonable likelihood that the petitioner would prevail with respect to at least
`1 of the claims challenged in the petition.” 35 U.S.C. § 314(a).
`Upon consideration of the Petition and the Preliminary Response, we
`are persuaded Petitioner has demonstrated a reasonable likelihood that it
`would prevail in establishing the unpatentability of at least one claim of the
`’696 patent. Accordingly, we institute an inter partes review on all
`challenged claims and grounds raised in the Petition.
`A. Related Matters
`The ’696 patent, along with several other patents, is the subject of
`Symantec Corporation and Symantec Limited v. Zscaler, Inc., 17-cv-04414
`(N.D. Cal.), transferred from 17-cv-00806 (D. Del.) filed June 22, 2017.
`Pet. 2–3; Paper 5 (Patent Owner’s Mandatory Notice).
`The ’696 patent shares common parent applications with U.S. Patent
`8,402,540 (“the ’540 patent”). The ’540 patent is the subject of IPR2018-
`00930. Pet. 4; Paper 5.
`
`B. The ’696 Patent
`The ’696 patent relates generally to protecting computer systems from
`viruses, attacks from hackers, spyware, spam, and other malicious activities.
`Ex. 1001, 1:59–63. A flow processing facility inspects payloads of network
`traffic packets and provides security and protection to a computer. Abstract.
`2
`
`
`
`
`
`IPR2018-00920
`Patent 9,525,696 B2
`
`Figure 1 of the ’696 patent is reproduced below.
`
`
`
`
`Figure 1 above shows a networked computing environment 100 for
`data flow processing, including flow processing facility 102 coupled to
`internetwork 104, a network-connected computing facility 112, a plurality of
`server computing facilities 108, and a number of departmental computing
`facilities 110, such as an engineering department, a marketing department,
`and another department. Ex. 1001, 19:57–65, 20:7–8. Flow processing
`facility 102 receives data flows from the computing facilities via
`internetwork 104 and processes the data flows. Id. at 20:29–35. A
`virtualization aspect of flow processing facility 102 enables the flow
`processing facility to provide features and functions tailored to users of data
`flows. Id. at 22:16–19. For example, virtualization can present server
`computing facility 108 with different policies and applications than it
`provides to network-connected computing facility 112. Id. at 22:21–25. A
`
`
`
`3
`
`
`
`IPR2018-00920
`Patent 9,525,696 B2
`
`subscriber profile can relate an application to a subscriber. Id. at 37:58–59.
`Figure 30 below shows a schematic of an enterprise network. Id. at
`89:27–28.
`
`
`Figure 30 above shows network participants of network 3000 include
`user1 3004, user2 3008, and server 108, and participant types of network
`3000 include engineering 3010 and sales 3012. Id. at 89:42–45. Each of the
`network participants and participant types has a physical connection to flow
`processing 102. Id. at 89:45–48. Virtualization model 3014 of flow
`processing facility 102 uniquely identifies data flows 444 from each
`participant and routes the data flow to a virtual network 3018 associated
`with the virtual network. Id. at 90:3–9. Security policy 3020 is applied to
`data flow 444 of virtual network 3018, such as anti-virus, anti-span, anti-
`
`
`
`4
`
`
`
`IPR2018-00920
`Patent 9,525,696 B2
`
`spyware, and anti-worm. Id. at 90:19–26.
`C. Illustrative Claim
`Claims 1 and 13 of the challenged claims of the ’969 patent are
`independent. Claim 1 is illustrative of the claimed subject matter:
`1. A flow processing facility for implementing a security
`policy, comprising:
`a plurality of application processing hardware modules, each
`configured with an application for processing data packets;
`a subscriber profile for identifying data packets associated with
`the subscriber profile in a stream of data packets; and
`a network processing module for identifying one or more of the
`plurality of application processing modules for processing the
`identified data packets based on an association of the
`application configured on each application processing module
`with the subscriber profile and for transmitting the identified
`data packets in at least one of series and parallel to the
`identified application processing modules based on the security
`policy.
`Ex. 1001, 123:48–63.
`
`
`
`
`
`
`
`D. References
`Petitioner relies on the following references. Pet. 5–6.
`Ex. 1004 Nortel WO 00/33204
`June 8, 2000
`Ex. 1005 Stone US 5,598,410
`Jan. 28, 1997
`Ex. 1006 Alles US 6,466,976 B1 Oct. 15, 2002
`(filed Dec. 3, 1998)
` US 6,633,563 B1 Oct. 14, 2003
`(filed Mar. 2, 1999)
`
`Ex. 1007 Lin
`
`
`
`
`
`5
`
`
`
`IPR2018-00920
`Patent 9,525,696 B2
`
`
`E. Asserted Grounds of Unpatentability
`Petitioner contends that claims 1–19 of the ’696 patent are
`unpatentable based on the following grounds:
`Reference(s)
`Basis
`Nortel
`§ 103
`Nortel and Stone
`§ 103
`Alles and Lin
`§ 103
`Alles, Lin, and Stone
`§ 103
`
`
`Challenged Claims
`1, 9–13, 16–19
`2–8, 14, 15
`1, 9–13, 16–19
`2–8, 14, 15
`
`II. Analysis
`A. Claim Construction
`“[T]he words of a claim ‘are generally given their ordinary and
`customary meaning’ . . . that the term would have to a person of ordinary
`skill in the art in question at the time of the invention.” Phillips v. AWH
`Corp., 415 F.3d 1303, 1312–13 (Fed. Cir. 2005) (en banc) (citations
`omitted). “[T]he person of ordinary skill in the art is deemed to read the
`claim term not only in the context of the particular claim in which [it]
`appears, but in the context of the entire patent, including the specification.”
`Phillips, 415 F.3d at 1313. For example, a “claim construction that excludes
`[a] preferred embodiment [described in the specification] ‘is rarely, if ever,
`correct and would require highly persuasive evidentiary support.’” Adams
`Respiratory Therapeutics, Inc. v. Perrigo Co., 616 F.3d 1283, 1290 (Fed.
`Cir. 2010) (citation omitted). But “a claim construction must not import
`limitations from the specification into the claims.” Douglas Dynamics, LLC
`v. Buyers Products Co., 717 F.3d 1336, 1342 (Fed. Cir. 2013) (citation
`omitted). Therefore, “it is improper to read limitations from a preferred
`
`
`
`6
`
`
`
`IPR2018-00920
`Patent 9,525,696 B2
`
`embodiment described in the specification–even if it is the only
`embodiment–into the claims absent a clear indication in the intrinsic record
`that the patentee intended the claims to be so limited.” Dealertrack, Inc. v.
`Huber, 674 F.3d 1315, 1327 (Fed. Cir. 2012) (citation omitted).
`For purposes of this decision, we determine no terms need an explicit
`construction to resolve a controversy at this preliminary stage. See Vivid
`Techs., Inc. v. Am. Sci. & Eng’g, Inc., 200 F.3d 795, 803 (Fed. Cir. 1999)
`(only those terms which are in controversy need to be construed and only to
`the extent necessary to resolve the controversy).
`B. Asserted Obviousness over Nortel and the
`Knowledge of a Person of Ordinary Skill: Claims 1, 9–13, 16–19
`1. Nortel (Ex. 1004)
`Nortel relates to a method for providing desired service policies to
`subscribers accessing the Internet. Ex. 1004, 1:4–6. An internet service
`node (ISN) enables providing the desired service policies to each subscriber.
`Ex. 1004, Abstract. The ISN contains multiple processor groups, with each
`subscriber being assigned to a processor group. Id. The assigned processor
`group may be configured with processing rules which provide the service
`policies desired by a subscriber. Id. A content addressable memory with
`masks for individual locations determines the processor group to which
`received data is to be assigned. Id.
`Figure 4 of Nortel illustrates details of an ISN and is reproduced
`below.
`
`
`
`7
`
`
`
`IPR2018-00920
`Patent 9,525,696 B2
`
`
`
`
`
`Figure 4 above shows an ISN including access ports 410-A, 410-B, trunk
`ports 420-A, 420-B, 420-C, switch fabric 440, packet service cards 450-A,
`450-B, router/service management card 460, and configuration manager 470.
`Ex. 1004, 17:17–23.
`Configuration manager 470 provides a user interface to enable
`different service policies to be specified for different subscribers. Id. at
`18:13–15. Switch fabric 440 receives bit groups from access ports 410, and
`forwards the bit groups to packet service cards 450. Id. at 19:7–8. Different
`service policy types are implemented in different packet service cards 450.
`Id. at 19:12–13. Each subscriber may be assigned to a packet service card
`providing the desired service policy types. Id. at 13–14. By assigning the
`data processing for each subscriber to a specific packet service card, each
`packet service card may be configured only with the processing rules
`corresponding to the subscribers assigned to it. Id. at 20:14–18.
`
`
`
`8
`
`
`
`IPR2018-00920
`Patent 9,525,696 B2
`
`
`Figure 5 of Nortel is reproduced below
`
`
`Figure 5 of Nortel above is a block diagram illustrating details of packet
`service card 450. Ex. 1004, 21:14–15. Packet service card 450 includes
`processor groups 550-A through 550-D, processor interface 530, and control
`logic 520. Ex. 1004, 21:15–16. Control logic 520 determines which of the
`processors in a processor group processes a packet. Ex. 1004, 21:19–20.
`Control logic 520 operates in conjunction with configuration manager 470 to
`instantiate, or configure, processor groups 550 with processing rules related
`to assigned subscribers, to ensure processor group 550 performs operations
`specified by the processing rules. Ex. 1004, 21:21–23, 21:30–31. Several
`subscribers may be assigned to each processor group. Ex. 1004, 22:8.
`2. Claims 1, 9–13, 16–19
`Claim 1 recites “a plurality of application processing hardware
`modules, each configured with an application for processing data packets.”
`Claim 13 recites a similar limitation. Petitioner contends this limitation is
`taught by Nortel’s teaching of an ISN including a plurality of packet service
`
`
`
`9
`
`
`
`IPR2018-00920
`Patent 9,525,696 B2
`
`cards, combined with the knowledge of a person of ordinary skill in the art.
`Pet. 21–22 (citing Ex. 1004, Fig. 4, 3:5–7, 17:18–21, 20:19–20). According
`to Petitioner, each packet service card has a plurality of processor groups,
`and each processor group processes data using processing rules, where the
`processing rules corresponding to a subscriber are assigned to a pre-
`specified processor or group of processors. Pet. 22–23 (citing Ex. 1004, Fig.
`5, 3:5–9, 4:20–23, 9:16–19, 19:12–24, 21:14–16, 22:14–15; Ex. 1003 ¶¶ 76–
`80).
`
`Petitioner contends that a person of ordinary skill in the art “would
`have understood Nortel’s processing rules to comprise applications.” Pet.
`25. Specifically, Petitioner contends that Nortel discloses that the
`processing rules on the packet service cards implement policies relating to
`firewalls, security, anti-spoofing, virtual private networks, encryption,
`tunneling, and traffic steering, which, according to Petitioner’s declarant Dr.
`Markus Jakobsson, were well-known in the art to be performed by
`application programs. Pet 24 (citing Ex. 1004, 14:28–15:2; Ex. 1003 ¶ 83;
`Ex. 1012, 6). Petitioner contends that Nortel’s disclosure of an exemplary
`structure shown in Figure 6A, containing multiple processing rules, teaches
`that each processing rule is a software structure containing a classifier and
`an action, with the classifier specifying the data flows and conditions under
`which the associated action needs to be applied. Pet 24–25 (citing Ex. 1004,
`Fig. 6A, 15:4–6; Ex. 1003 ¶¶ 84–85).
`Patent Owner contends that the processing rules shown in Figure 6A
`of Nortel are not applications, because the processing rules contain tuples
`and parameters, not software instructions. Prelim. Resp. 29–32 (citing Ex.
`1004, Fig. 6A, 23:8–12; Ex. 2001 ¶¶ 68–73).
`10
`
`
`
`
`
`IPR2018-00920
`Patent 9,525,696 B2
`
`
`Figure 6A of Nortel is reproduced below.
`
`
`Figure 6A above shows table 600 illustrating exemplary processing rules
`610–660 for providing desired service policies to subscribers. Ex. 1004,
`8:24–25, 23:1. A classifier for a security policy is chosen to include data
`required for identifying flows. Ex. 1004, 23:1–3. Dr. Jakobsson testifies
`that rule 610 shown in Figure 6A of Nortel illustrates that a data flow with
`the classifier specified by the source and destination addresses in the SRC
`and DST columns, and transmitted using the specified service in the SVC
`column, is processed by the corresponding action in the ACTION column,
`which is shown in Figure 6A as an encryption function. Ex. 1003 ¶¶ 84–85
`(citing Ex. 1004, Fig. 6A, 15:4–6, 23:3–6). Dr. Jakobsson testifies that
`security functions were well-known in the art to be provided by software
`applications. Ex. 1003 ¶ 83. Dr. Jakobsson further testifies that Nortel
`discloses each processor group is configured to process data in accordance
`with the processing rules. Ex. 1003 ¶¶ 80, 85.
`
`
`
`11
`
`
`
`IPR2018-00920
`Patent 9,525,696 B2
`
`
`We rely on Nortel’s teaching of a processor group configured with
`processing rules to provide service policies such as security functions, and
`Dr. Jakobsson’s testimony that a person of ordinary skill in the art would
`have understood that security functions are provided by software
`applications, to determine Petitioner has sufficiently established that the
`combination of Nortel and the knowledge of a person of ordinary skill in the
`art teaches “a plurality of application processing hardware modules, each
`configured with an application for processing data packets” as recited in
`claim 1.
`Claim 1 recites “a subscriber profile for identifying data packets
`associated with the subscriber profile in a stream of data packets.” Claim 13
`recites a similar limitation. Petitioner contends this limitation is taught by
`Nortel’s teaching of classifiers to associate incoming data packets with a
`subscriber, combined with the knowledge of a person of ordinary skill in the
`art. Pet. 25–26 (citing Ex. 1003 ¶¶ 87–88). Petitioner, relying on testimony
`of Dr. Jakobsson, contends that the classifiers are stored in a profile using a
`content addressable memory (CAM) having a search field to store data
`identifying a subscriber, and a mask field storing a mask specifying
`individual bit positions to be examined in incoming data. Pet. 26 (citing Ex.
`1003 ¶¶ 89–91).
`Patent Owner contends that Nortel does not teach the claimed
`subscriber profile, because, according to Patent Owner, the classifiers in
`each processing rule are not implemented through CAMs. Prelim. Resp. 20–
`24 (citing Ex. 1004, 17:28–18:4, 26:4–7, 26:10–11, 27:12–22, 31:10–13; Ex.
`2001 ¶¶ 76–77). Patent Owner contends that the classifiers are part of the
`processing rules applied by the packet service cards, which are separate from
`12
`
`
`
`
`
`IPR2018-00920
`Patent 9,525,696 B2
`
`CAMs. Pet. 24–26 (citing Ex. 1004, 20:7–8, 23:2–5; Ex. 2001 ¶¶ 54–58,
`76–78).
`Dr. Jakobsson testifies that Nortel teaches a processing rule includes
`classifiers that identify subscribers. Ex. 1003 ¶ 87 (citing Ex. 1004, 3:23–
`27, 9:9–11, 9:31–10:2, 10:8–10, 11:14–15). Dr. Jakobsson testifies that
`Nortel teaches a classifier includes data to identify subscribers, such as
`source and destination IP addresses. Ex. 1003 ¶ 88 (citing Ex. 1004, 11:20–
`23, 12:22–25, 15:3–7, 16:12–17, 16:21–23, 16:26–30, 19:15–17, 23:30–31).
`Dr. Jakobsson testifies that the data to identify subscribers can be stored in
`CAM, and used to determine whether data in a received IP packet matches
`the stored identifying data. Id. ¶ 89 (citing Ex. 27:12–25, 28:31–32).
`Nortel teaches that the “classifier specifies all the data flows,” and that
`in an “IP environment, each data flow may be uniquely identified by . . .
`source/destination IP addresses . . . .” Ex. 1004, 15:3–7. Nortel teaches that
`“bit groups may be assembled . . . to determine whether subscriber data
`(received in the form of bit groups) matches a classifier.” Ex. 1004, 16:22–
`23. Nortel teaches that “the bit positions of each CAM location specified by
`the corresponding mask are compared with the input bits, and the output
`value . . . for a matched location is provided on output bus 799.” Ex. 1004,
`27:18 –21. As an example, Nortel teaches using the CAM in examining bit
`positions of a received IP packet to determine whether the destination IP
`address of the received packet matches an IP address assigned to a specific
`subscriber. Ex. 1004, 28:5–11.
`We credit Dr. Jakobsson’s testimony and supporting evidence and
`determine that Petitioner has established sufficiently that the combination of
`Nortel and the knowledge of a person of ordinary skill in the art teaches “a
`13
`
`
`
`
`
`IPR2018-00920
`Patent 9,525,696 B2
`
`subscriber profile for identifying data packets associated with the subscriber
`profile in a stream of data packets.”
`Claim 1 recites
`“a network processing module for identifying one or more of
`the plurality of application processing modules for processing
`the identified data packets based on an association of the
`application configured on each application processing module
`with the subscriber profile and for transmitting the identified
`data packets in at least one of series and parallel to the
`identified application processing modules based on the security
`policy.”
`Claim 13 recites a similar limitation. Petitioner contends this limitation is
`taught by Nortel’s teaching of a switch fabric including a CAM, where the
`CAM identifies the subscriber of originating data packets as discussed
`above, and identifies processors for providing the subscriber’s desired
`service policies to the data packets, and the switch fabric forwards the data
`packets to the identified processors. Pet. 27–28 (citing Ex. 1003 ¶¶ 94–95,
`97–102).
`Patent Owner contends that Nortel does not disclose identifying
`application processing modules based on an association of applications
`configured on each application processing module with the subscriber
`profile as claimed. Prelim. Resp. 37–38. In particular, Patent Owner,
`relying on testimony of its declarant Dr. Chatterjee, contends that Nortel
`does not disclose “‘an association of the application configured on each
`application processing module with the subscriber profile as claimed,”
`because the CAM of Nortel only has a search field, a mask field, and an
`output field. Prelim. Resp. 39–40 (citing Ex. 2001 ¶ 91).
`
`
`
`
`14
`
`
`
`IPR2018-00920
`Patent 9,525,696 B2
`
`
`Dr. Jakobsson testifies that the identification in Nortel is based on an
`association of the application configured on each application-processing
`module with the subscriber profile, because each processor identified by the
`output field of the CAM is “capable of providing the desired service policies
`related to the CAM entry.” Ex. 1003 ¶ 95 (citing Ex. 1004, 5:16–29). We
`credit Dr. Jakobsson’s testimony and supporting evidence and determine that
`Petitioner has established sufficiently that the combination of Nortel and the
`knowledge of a person of ordinary skill in the art teaches this limitation.
`Claim 13 recites “a security policy for determining a portion of the
`identified data packets to be processed by each of the applications.”
`Petitioner, relying on testimony of Dr. Jakobsson, contends Nortel teaches
`this limitation in teaching “a security policy (processing rule) for
`determining a portion (those matching the classifier) of the identified data
`packets (data packets identified by classifiers) to be processed by each of the
`applications (processor groups that apply the specified actions).” Pet. 32
`(citing Ex. 1003 ¶¶ 123–126). We credit Dr. Jakobsson’s testimony and
`supporting evidence and determine that Petitioner has established
`sufficiently that the combination of Nortel and the knowledge of a person of
`ordinary skill in the art teaches this limitation.
`Petitioner contends that it would have been obvious to implement
`Nortel’s processing rules as software applications, because a person of
`ordinary skill would have understood the term “application” to include any
`software or instructions, other than the operating system, used to perform
`specific functions on a computer, such as Nortel’s processing rules for
`performing desired security functions to specified data flows. Pet. 35–36
`(citing Ex. 1012, 4; Ex. 1013, 4; Ex. 1014, 4; Ex. 1003 ¶¶ 149–154). Dr.
`15
`
`
`
`
`
`IPR2018-00920
`Patent 9,525,696 B2
`
`Jakobsson testifies that a person of ordinary skill in the art would have
`understood each processing rule in Figure 6A of Nortel comprises software
`instructions to perform specific functions, such as the corresponding
`associated action in the ACTION column for each rule, on data that matches
`the identified source, destination, and service classifiers. Ex. 1003 ¶ 154.
`Dr. Jakobsson testifies that a person of ordinary skill in the art would have
`had a reasonable expectation of success, because using generic computer
`processors with well-known security applications would successfully
`provide the security functionalities of Nortel. Ex. 1003 ¶¶ 154–155.
`We credit Dr. Jakobsson’s testimony and determine the Petition and
`supporting evidence articulates a reason with a rational underpinning that a
`person of ordinary skill in the art would have understood Nortel’s processing
`rules comprise software instructions to perform specific functions, and that a
`person of ordinary skill would have considered the software instructions to
`be applications. We determine that the Petition and supporting evidence
`adequately establishes a reasonable likelihood that the combination of Nortel
`and the knowledge of a person of ordinary skill in the art would have
`rendered claims 1 and 13 obvious.
`Claim 9 recites “wherein transmitting the identified packets in series
`to the applications includes transmitting the identified data packets to be
`processed by a first application before being processed by a second
`application.” Claim 11 recites a similar limitation. Petitioner contends this
`limitation is taught by Nortel’s teaching of forwarding data processed by one
`of the service cards to another packet service card, combined with the
`knowledge of a person of ordinary skill in the art. Pet. 28 (citing Ex. 1004,
`21:1–7; Ex. 1003 ¶¶ 106–107). Petitioner also contends this limitation is
`16
`
`
`
`
`
`IPR2018-00920
`Patent 9,525,696 B2
`
`taught by Nortel’s teaching of applying processing rules in an order to
`ensure predictable and desired service policies, where different processing
`rules are implemented by different applications. Pet. 29–30 (citing Ex.
`1004, 9:16–19, 17:6–8, 20:7–8, 22:22–25; Ex. 1003 ¶ 108).
`We determine that the Petition and supporting evidence adequately
`establishes a reasonable likelihood that the combination of Nortel and the
`knowledge of a person of ordinary skill in the art would have rendered
`claims 9 and 11 obvious.
`Claim 10 recites “the second application is selected from a list
`consisting of an anti-virus application, a URL filter, a content filter, a
`firewall, an intrusion prevention service, and a database protection
`application.” Claim 12 recites a similar limitation. Petitioner contends this
`limitation is taught by Nortel’s teaching of rules for firewall parameters, and
`that a person of ordinary skill in the art would have understood that the
`processing rules are applications. Pet. 30 (citing Ex. 1004, 14:28–15:1; 1003
`¶¶ 111–112).
`We determine that the Petition and supporting evidence adequately
`establishes a reasonable likelihood that the combination of Nortel and the
`knowledge of a person of ordinary skill in the art would have rendered
`claims 10 and 12 obvious.
`Claim 16 recites “wherein the plurality of applications includes a
`monitoring application and a network data processing application, wherein
`the monitoring application includes an intrusion detection application and
`wherein the network data processing application includes at least one of a
`URL filter, a content filter, a firewall, and an intrusion prevention
`application.” Petitioner contends Nortel combined with the knowledge of a
`17
`
`
`
`
`
`IPR2018-00920
`Patent 9,525,696 B2
`
`person of ordinary skill teaches this limitation for the reasons discussed for
`claim 10. Pet. 33. Petitioner also contends Nortel teaches this limitation in
`teaching a virtual private network with encryption and tunneling, which is
`intrusion prevention. Id. (citing Ex. 1004, 14:31–32, Ex. 1003 ¶¶ 128–134).
`We determine that the Petition and supporting evidence adequately
`establishes a reasonable likelihood that the combination of Nortel and the
`knowledge of a person of ordinary skill in the art would have rendered claim
`16 obvious.
`Claim 17 recites “wherein the plurality of applications includes a
`plurality of monitoring applications for monitoring data flows at a plurality
`of protocol layers, wherein the plurality of monitoring applications includes
`at least one intrusion detection application for detecting intrusions at a
`portion of the plurality of protocol layers.” Petitioner contends Nortel
`teaches this limitation in teaching processing rules for monitoring
`application layer protocols such as SMTP and TELNET, and transport layer
`protocols such as TCP and UDP. Pet. 33–34 (citing Ex. 1004, 23:1–29; Ex.
`1014, 8–10; Ex. 1015, 4–5; Ex. 1003 ¶¶ 137–141). Petitioner also contends
`that Nortel teaches this limitation in teaching service policies and processing
`rules that perform intrusion detection, such as rules relating to firewall
`parameters. Pet. 34 (citing Ex. 1004, 14:28–15:1; Ex. 1003 ¶ 142). We
`determine that the Petition and supporting evidence adequately establishes a
`reasonable likelihood that the combination of Nortel and the knowledge of a
`person of ordinary skill in the art would have rendered claim 17 obvious.
`Claim 18 recites “transmitting the identified data packets to be
`processed by a first application before being processed by a second
`application that is selected from a list consisting of an anti-virus application,
`18
`
`
`
`
`
`IPR2018-00920
`Patent 9,525,696 B2
`
`a URL filter, a content filter, a firewall, an intrusion prevention service, and
`a database protection application.” Claim 19 recites a similar limitation.
`Petitioner contends that “transmitting the identified packets to be processed
`by a first application before being processed by a second application” is
`taught by Nortel and the knowledge of a person of ordinary skill for the
`reasons discussed for claim 9. Pet. 34. Petitioner contends an “application
`that is selected from a list consisting of an anti-virus application, a URL
`filter, a content filter, a firewall, an intrusion prevention service, and a
`database protection application” is taught by Nortel and the knowledge of a
`person of ordinary skill for the reasons discussed for claim 10. Pet. 35. We
`determine that the Petition and supporting evidence adequately establishes a
`reasonable likelihood that the combination of Nortel and the knowledge of a
`person of ordinary skill in the art would have rendered claims 18 and 19
`obvious.
`C. Asserted Obviousness over Nortel and Stone: Claims 2–8, 14, and 15
`1. Stone (Ex. 1005)
`Stone discloses a method and apparatus for accelerated packet
`processing. Ex. 1005, Title. A protocol data unit processor transfers
`protocol data units, or data packets, within a communications network. Ex.
`1005, Abstract, 1:31–35. The processor includes a preprocessor to establish
`subsequent processing requirements of a particular data packet. Ex. 1005,
`Abstract. Multiple preprocessors connected in either parallel or series may
`be used to increase the throughput of data packets. Ex. 1005, 11:59–61. In a
`parallel configuration, first and second preprocessors establish subsequent
`processing requirements of a particular received data packet. Ex. 1005,
`12:58–65.
`
`
`
`19
`
`
`
`IPR2018-00920
`Patent 9,525,696 B2
`
`
`2. Claims 2–8, 14, and 15
`Claim 2 recites “transmitting the identified data packets in parallel to
`the applications includes parallel transmitting of the identified data packets
`to each of the identified application processor modules.” Claim 14 recites a
`similar limitation. Petitioner, relying on testimony of Dr. Jakobsson,
`contends this limitation is taught by the switch fabric of Nortel’s internet
`service node transmitting data packets in parallel to the packet service cards
`by applying Stone’s teaching of parallel transmission. Pet. 37–38 (citing Ex.
`1004, 21:1–5, 22:31–32, 23:1–29; Figs. 4 and 6A; Ex. 1005, 12:58–13:18,
`Fig. 4; Ex. 1003 ¶¶ 160–162). Petitioner, relying on testimony of Dr.
`Jakobsson, contends a person of ordinary skill in the art would have applied
`Stone’s parallel data transfer to the switch fabric of Nortel for the benefit of
`increasing the speed of transmitting a subscriber’s data packets to the
`appropriate service cards. Pet. 43–46 (citing Ex. 1005, 11:59–61; Ex. 1003
`¶¶ 192–199). Dr. Jakobsson testifies that a person of ordinary skill in the art
`would have been motivated to transfer data packets in parallel between
`Nortel’s switch fabric and packet service cards in order to increase the
`operating speed and efficiency of the system. Ex. 1003 ¶¶ 190–192 (citing
`Ex. 1012, 8; Ex. 1005 11:59–61).
`We credit Dr. Jakobsson’s testimony and determine the Petition and
`supporting evidence articulates a reason with a rational underpinning that a
`person of ordinary skill in the art would have applied Stone’s teaching of
`transferring data packets in parallel, to transfer data packets in parallel
`between Nortel’s switch fabric and packet service cards, for the benefit of
`increasing speed as taught by Stone. We determine that the Petition and
`supporting evidence adequately establishes a reasonable likelihood that the
`20
`
`
`
`
`
`IPR2018-00920
`Patent 9,525,696 B2
`
`combination of Nortel and Stone would have rendered claims 2 and 14
`obvious.
`Claim 3 recites “parallel transmitting of the identified data packets to
`a plurality of applications configured on one of the identified application
`processing modules.” Claim 15 recites a similar limitation. Petitioner,
`relying on testimony of Dr. Jakobsson, contends it would have been obvious
`to a person of ordinary skill in the art to apply Stone’s parallel data
`transmission to Nortel’s ISN, such that the processor interface in a single
`packet service card transmits data packets in parallel to each of the processor
`groups in cases where a single subscriber’s data packets must be processed
`according to multiple processing rules. Pet. 39–40 (citing Ex. 1003 ¶¶ 166–
`169). We determine that the Petition and supporting evidence adequately
`establishes a reasonable likelihood that the combination of Nortel and Stone
`would have rendered claims 3 and 15 obvious.
`Claim 4 recites “the plurality of applications includes a monitoring
`application and a network data processing application.” Petitioner contends
`Nortel teaches monitoring applications for the reasons discussed in claim 17.
`Pet. 40. Petitioner contends Nortel teaches network data processing
`applications in teaching policies and processing rules relating to priority in
`usage of buffer and bandwidth, traffic steering, and rules for accepting or
`dropping certain types of network traffic. Pet. 40–41 (citing Ex. 1004,