`571-272-7822
`
`
`
`
`
`
`
`
`
` Paper 14
`
`
` Entered: November 15, 2018
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`
`
`
`
`
`ZSCALER INC.,
`Petitioner,
`
`v.
`
`SYMANTEC CORPORATION,
`Patent Owner.
`____________
`
`Case IPR2018-00930
`Patent 8,402,540 B2
`____________
`
`DECISION
`Denying Institution of Inter Partes Review
`35 U.S.C. § 314
`
`
`
`Before JEFFREY S. SMITH, BRYAN F. MOORE, and NEIL T. POWELL,
`Administrative Patent Judges.
`
`MOORE, Administrative Patent Judge.
`
`
`
`
`I. INTRODUCTION
`Zscaler Inc. (“Petitioner”) requests inter partes review of claims 1–18
`of U.S. Patent No. 8,402,540 B2 (“the ’540 patent,” Ex. 1001) pursuant to
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`35 U.S.C. §§ 311 et seq. Paper 1 (“Pet.”). Petitioner relies on the testimony
`of Dr. Markus Jakobsson. Ex. 1003. Symantec Corporation (“Patent
`Owner”) filed a preliminary response. Paper 10 (“Prelim. Resp.”).
`Institution of an inter partes review is authorized by statute when “the
`information presented in the petition . . . and any response . . . shows that
`there is a reasonable likelihood that the petitioner would prevail with respect
`to at least 1 of the claims challenged in the petition.” 35 U.S.C. § 314(a);
`see 37 C.F.R. § 42.108. Upon consideration of the Petition and Preliminary
`Response, we conclude the information presented shows there is not a
`reasonable likelihood that Petitioner would prevail in establishing the
`unpatentability of claims 1–18 of the ’540 patent.
`
`A. Related Matters
`A decision in this proceeding could affect or be affected by the
`following cases pending in the United States District Court for the Northern
`District of California and involving the ’540 patent: Symantec Corp. and
`Symantec Ltd. v. Zscaler, Inc., Case No. 17-cv-04414 (N.D. Cal.); Symantec
`Corp. and Symantec Ltd. v. Zscaler, Inc., Case No. 17-cv-04426 (N.D. Cal.).
`Pet. 2; Paper 3, 2.
`
`B. The ’540 patent
`The ’540 patent relates generally to protecting computer systems from
`viruses, attacks from hackers, spyware, spam, and other malicious activities.
`Ex. 1001, 1:65–2:4. A flow processing facility inspects payloads of network
`traffic packets and provides security and protection to a computer. Abstract.
`Figure 1 of the ’540 patent is reproduced below.
`
`2
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`
`
`
`Figure 1 above shows a networked computing environment 100 for
`data flow processing, including flow processing facility 102 coupled to
`internetwork 104, a network-connected computing facility 112, a plurality of
`server computing facilities 108, and a number of departmental computing
`facilities 110, such as an engineering department, a marketing department,
`and another department. Ex. 1001, 19:28–41. Flow processing facility 102
`receives data flows from the computing facilities via internetwork 104 and
`processes the data flows. Id. at 20:16–20.
`Figure 30 below shows a schematic of an enterprise network. Id. at
`85:50–55.
`
`3
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`
`Figure 30 above shows network participants of network 3000 include
`user1 3004, user2 3008, and server 108, and participant types of network
`3000 include engineering 3010 and sales 3012. Id. at 85:65–86:8.
`Virtualization model 3014 of flow processing facility 102 uniquely identifies
`data flows 444 from each participant and routes the data flow to a virtual
`network 3018 associated with the virtual network. Id. at 86:26–30. Security
`policy 3020 is applied to data flow 444 of virtual network 3018, such as anti-
`virus, anti-span, anti-spyware, and anti-worm. Id. at 86:43–49.
`
`C. Illustrative Claim
`Independent claim 1, reproduced below, is illustrative of the claimed
`subject matter:
`1.
`A method of securing a plurality of virtual networks with
`a virtualized network security system (VNSS), comprising:
`
`4
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`providing a plurality of flow processors, each configured
`as elements of the VNSS for processing a data flow, said data
`flow being transferred between a first port and a second port of
`the VNSS, the data flow comprising subscriber profile data;
`establishing a first security policy for a first virtual
`network based at least in part on the subscriber profile data
`included in the data flow;
`establishing a second security policy for a second virtual
`network based at least in part on the subscriber profile data
`included in the data flow;
`processing the data flow received at said first port for the
`first and second virtual networks through at least one of the
`plurality of flow processors, wherein portions of the data flow
`that are associated with the first virtual network are processed
`according to the first security policy, and wherein portions of the
`data flow that are associated with the second virtual network are
`processed according to the second security policy, said
`processing further comprising:
`making a first determination, in accordance with
`one of the first security policy and the second security
`policy, of abnormalities that are associated with the data
`flow, the first determination based at least in part on the
`subscriber identified by the subscriber profile data; and
`making a second determination, in accordance with
`one of the first security policy and the second security
`policy, based at least in part on the subscriber identified by
`the subscriber profile data, and transferring said data flow
`to said second port.
`
`
`
`Ex. 1001, 119:16–49.
`
`
`5
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`D. Asserted Grounds of Unpatentability
`Petitioner asserts that claims 1–18 are unpatentable based on the
`following grounds:
`
`
`Reference(s)
`Alles1
`Alles and Lin2
`
`Pet. 3–4.
`
`Basis
`§ 103
`§ 103
`
`Claims challenged
`1–5
`6–18
`
`II. DISCUSSION
`
`Relevant Law
`A.
`Obviousness
`1.
`A claim is unpatentable under 35 U.S.C. § 103(a) if the differences
`between the claimed subject matter and the prior art are such that the subject
`matter, as a whole, would have been obvious at the time the invention was
`made to a person having ordinary skill in the art to which said subject matter
`pertains. KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 406 (2007). The
`question of obviousness is resolved on the basis of underlying factual
`determinations including (1) the scope and content of the prior art; (2) any
`differences between the claimed subject matter and the prior art; (3) the level
`of skill in the art; and (4) where in evidence, so-called secondary
`considerations, including commercial success, long-felt but unsolved needs,
`
`
`1 US Patent No. 6,466,976 B1, issued Oct. 15, 2002, filed Dec. 3, 1998
`(“Alles,” Ex. 1005).
`2 US Patent No. 6,633,563 B1, issued Oct. 14, 2003 (“Lin,” Ex. 1007).
`6
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`failure of others, and unexpected results. 3 Graham v. John Deere Co.,
`383 U.S. 1, 17−18 (1966) (“the Graham factors”).
`Level of Skill
`2.
`For an obviousness analysis, prior art references must be “considered
`together with the knowledge of one of ordinary skill in the pertinent art.”
`In re Paulsen, 30 F.3d 1475, 1480 (Fed. Cir. 1994) (quoting In re Samour,
`571 F.2d 559, 562 (CCPA 1978)). Moreover, “it is proper to take into
`account not only specific teachings of the reference but also the inferences
`which one skilled in the art would reasonably be expected to draw
`therefrom.” In re Preda, 401 F.2d 825, 826 (CCPA 1968). That is because
`an obviousness analysis “need not seek out precise teachings directed to the
`specific subject matter of the challenged claim, for a court can take account
`of the inferences and creative steps that a person of ordinary skill in the art
`would employ.” KSR Int'l Co. v. Teleflex Inc., 550 U.S. 398, 418 (Fed. Cir.
`2007); In re Translogic Tech., Inc., 504 F.3d 1249, 1259 (Fed. Cir. 2007).
`Petitioner asserts a person of ordinary skill in the art of the subject
`matter of the ’540 patent would have had a “Bachelor of Science degree in
`computer science, or a similar degree, along with at least 2-3 years of
`experience in designing and developing computer network security
`programs and/or systems [and] . . . [a] higher level of education may
`substitute for a lesser amount of experience, and vice versa.” Pet. 13 (citing
`1003 ¶¶ 20–21). Patent Owner’s proposed level of skill does not differ, in
`any way relevant to determinations made in this decision, from Petitioner’s
`statement nor does Patent Owner argue that there is any significance
`
`3 Patent Owner does not put forth evidence it alleges tends to show
`secondary considerations of non-obviousness in its Preliminary Response.
`7
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`difference between the two articulations of level of skill. Prelim Resp. 7–8.
`Therefore, we adopt Petitioner’s articulation of the level of skill and
`acknowledge that the level of ordinary skill in the art is also reflected by the
`prior art of record. See Okajima v. Bourdeau, 261 F.3d 1350, 1355
`(Fed. Cir. 2001); In re GPAC Inc., 57 F.3d 1573, 1579 (Fed. Cir. 1995); In
`re Oelrich, 579 F.2d 86, 91 (CCPA 1978).
`
`Claim Construction
`B.
`In an inter partes review, we construe claim terms in an unexpired
`patent according to their broadest reasonable construction in light of the
`specification of the patent in which they appear. 37 C.F.R. § 42.100(b).
`Consistent with the broadest reasonable construction, claim terms are
`presumed to have their ordinary and customary meaning as understood by a
`person of ordinary skill in the art in the context of the entire patent
`disclosure. In re Translogic Tech., 504 F.3d at 1257.
`At this juncture of the proceeding, we determine that it is not
`necessary to provide an express interpretation of any term of the claims. See
`Vivid Techs., Inc. v. Am. Sci. & Eng’g, Inc., 200 F.3d 795, 803 (Fed.
`Cir. 1999) (explaining that only claim terms in controversy need to be
`construed, and only to the extent necessary to resolve the controversy).
`
`C. Obviousness Based on Alles and Alles combined with Lin
`Petitioner contends claims 1–5 are unpatentable under 35 U.S.C.
`§ 103(a) as obvious over Alles. Pet. 19–50. Petitioner contends that
`claims 6–18 are unpatentable under 35 U.S.C. § 103(a) as obvious over the
`combination of Alles and Lin. Id. at 50–73.
`
`8
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`1. Alles (Ex. 1005)
`Alles relates to a system and method for providing desired service
`policies to subscribers accessing the Internet. Ex. 1005, 1:8–12. An internet
`service node (ISN) enables the provision of desired service policies to each
`subscriber. Ex. 1005, Abstract. In particular, Alles states that “ISN 150 of
`the present invention may be placed at the edge (i.e., interfacing with
`subscriber equipment) of remote access network [RAN] 190.” Id. at 7:30–
`34.
`
`2. Lin (Ex. 1007)
`Lin relates to a system and method for assigning packet data to one of
`several processors provided in a data switch. Ex. 1007, 1:15–18.
`3. Analysis
`Claim 1 recites “providing a plurality of flow processors, each
`configured as elements of the VNSS for processing a data flow.” Neither
`party provides a claim construction for any the terms in this limitation
`including “plurality of flow processors.” The Specification states that
`In addition to virtualizing aspects of a network security
`deployment, virtualization may be applied across a plurality of
`flow processing facilities 102. In a configuration in which the
`plurality of flow processing facilities 102 are connected
`substantially in parallel (e.g. for increasing performance),
`virtualization may be applied across the plurality of facilities 102
`to facilitate applying common configuration, security policy 414,
`and the like. This may result in the plurality of flow processing
`facilities 102 appearing as a unified network security entity
`rather than individual entities each requiring configuration,
`security policy 414, and the like. As an example, a network
`configuration may include a plurality of flow processing
`facilities 102 providing an interface between an enterprise
`network and the Internet. The plurality of flow processing
`facilities 102 may be configured with virtualization as if they
`
`9
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`were one flow processing facility 102 by directing a common
`configuration (i.e. security policy 414) to each of the facilities
`102.
`
`Ex. 1001, 87:44–61. In other words, the Specification states that connecting
`flow processing facilities in parallel or virtualized as one flow processing
`facility “may result in the plurality of flow processing facilities 102
`appearing as a unified network security entity” and/or at least facilitate
`common configuration of such flow processing facilities. This suggests that
`the inventor intended some significance to the claim term “plurality of flow
`processors, each configured as elements of the VNSS.” We do not construe
`“plurality of flow processors, each configured as elements of the VNSS” to
`require parallel connection or connection as “one” flow processor, but rather
`as having “each configured as elements of the VNSS” as required explicitly
`by the claim is supported by the specification.
`Petitioner states that “The ISNs [of Alles], individual and
`collectively4, provide a plurality of flow processors (ISN(s)), each
`configured as elements of the VNSS (RAN). Ex. 1003 ¶¶ 85-88.” Pet. 24.
`Petitioner does not rely on Lin for the teaching of a “plurality of flow
`processors.” Pet. 53–73. Apparently recognizing the significance of this
`claim term as explained above, Petitioner states that “Alles discloses that
`some RAN 190 deployments include “several ISNs [the alleged flow
`processing facilities]” 150 networked together.” Id., 9:40–41(emphasis
`added); see also id. at 59 (“Alles discloses RAN configurations with ‘several
`ISNs.’”). Petitioner’s declarant’s testimony is identical essentially to the
`
`4 Petitioner does not explain at all what “individually or collectively” means
`and exclusively argues that it relies on “several ISN” not one ISN as the
`plurality of flow processors.
`
`10
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`text of the Petition. Ex. 1003 ¶¶ 85–88. Petitioner also states that “The
`ISNs are part of Alles’ larger RAN. Id., 6:43-51 (‘ISN 150 is provided in
`[RAN] 190’).” Nevertheless, Alles does not state that “several ISNs” are
`“networked together” nor does it state that “several ISNs” are “part of” a
`“larger RAN” as purported by Petitioner. Petitioner’s citation for that
`proposition states only that “[t]he method of FIG. 2 may be implemented in
`several ISNs.” Ex. 1001, 9:40–41. Petitioner does not explain adequately
`where Alles teaches or suggests whether or how the several ISNs would
`work together and whether they would be configured as elements of a single
`RAN [the alleged VNSS]. Additionally, the statement Petitioner relies on to
`tie the RAN to the “several ISNs” is not tied together in the Specification
`with the recitation of “several ISNs” and refers to a singular ISN 150 as
`being provided in RAN 190. See Pet. 24.
`Patent Owner argues that Alles describes consistently a RAN as
`containing a single ISN. Prelim. Resp. 9 (citing Ex. 1005, 2:36–43, Fig. 1).
`Patent Owner states correctly that “[a]t no point does Alles’ description of
`the RAN, or any of the alternative embodiments of the RAN, state that a
`single RAN may be modified to include more than one ISN.” Id. at 10. In
`fact Alles mentions that a benefit of the Alles invention is to have remote
`access application (a RAN) with a single ISN. Ex. 1005, 3:48–52 (“[t]he
`present invention is particularly suitable for remote access applications as an
`ISN can be provided as an edge device, which can control all application
`data flows to provide desired service policies for each using subscriber using
`a single ISN.”) (emphasis added); see Prelim. Resp. 27. Patent Owner
`argues that Alles is more consistent with “several ISNs” each running within
`
`11
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`its own RAN. Prelim. Resp. 29 (citing Ex. 1005, 1:21–42, 2:38–43, 3:61–
`65; Ex. 2001 ¶¶ 70–72).
`We agree with Patent Owner. Petitioner has not shown that Alles
`teaches or suggests “providing a plurality of flow processors, each
`configured as elements of the VNSS for processing a data flow.” We are not
`persuaded by Petitioners citation to a single reference to “several ISNs”
`untethered to any explanation of how/if they are integrated into a RAN or
`RANs or the larger Alles system.
`Petitioner has not shown a reasonable likelihood of prevailing in its
`challenge to claims 1–5 based upon Alles and/or its challenge to claims 6–18
`based upon Alles and Lin. Accordingly, we decline to institute an inter
`partes review of claims 1–5 as obvious over Alles, or claims 6–18 as
`obvious over Alles and Lin.
`
`III. CONCLUSION
`The information presented does not show that there is a reasonable
`likelihood that Petitioner would prevail at trial with respect to at least one
`claim of the ’540 patent, based on any ground presented in the Petition. On
`this record, we deny the Petition for inter partes review of claims 1–18.
`
`IV. ORDER
`
`Accordingly, it is
`ORDERED that that the Petition is denied as to all challenged claims,
`and no trial is instituted.
`
`
`
`
`
`
`
`12
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`PETITIONER:
`
`Jeremy Lang
`Donald Daybell
`Johannes Hsu
`ptabdocketjjl2@orrick.com
`PTABDocketJ1H1@orrick.com
`d2dptabdocket@orrick.com
`
`
`PATENT OWNER:
`
`Chad Walters
`Kurt Pankratz
`Bryan D. Parrish
`chad.walters@bakerbotts.com
`kurt.pankratz@bakerbotts.com
`bryan.parrish@bakerbotts.com
`
`13
`
`