Trials@uspto.gov
`571-272-7822
`
`
`
`
`
`
`
`
`
` Paper 14
`
`
` Entered: November 15, 2018
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`
`
`
`
`
`ZSCALER INC.,
`Petitioner,
`
`v.
`
`SYMANTEC CORPORATION,
`Patent Owner.
`____________
`
`Case IPR2018-00930
`Patent 8,402,540 B2
`____________
`
`DECISION
`Denying Institution of Inter Partes Review
`35 U.S.C. § 314
`
`
`
`Before JEFFREY S. SMITH, BRYAN F. MOORE, and NEIL T. POWELL,
`Administrative Patent Judges.
`
`MOORE, Administrative Patent Judge.
`
`
`
`
`I. INTRODUCTION
`Zscaler Inc. (“Petitioner”) requests inter partes review of claims 1–18
`of U.S. Patent No. 8,402,540 B2 (“the ’540 patent,” Ex. 1001) pursuant to
`
`
`571-272-7822
`
`
`
`
`
`
`
`
`
` Paper 14
`
`
` Entered: November 15, 2018
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`
`
`
`
`
`ZSCALER INC.,
`Petitioner,
`
`v.
`
`SYMANTEC CORPORATION,
`Patent Owner.
`____________
`
`Case IPR2018-00930
`Patent 8,402,540 B2
`____________
`
`DECISION
`Denying Institution of Inter Partes Review
`35 U.S.C. § 314
`
`
`
`Before JEFFREY S. SMITH, BRYAN F. MOORE, and NEIL T. POWELL,
`Administrative Patent Judges.
`
`MOORE, Administrative Patent Judge.
`
`
`
`
`I. INTRODUCTION
`Zscaler Inc. (“Petitioner”) requests inter partes review of claims 1–18
`of U.S. Patent No. 8,402,540 B2 (“the ’540 patent,” Ex. 1001) pursuant to
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`35 U.S.C. §§ 311 et seq. Paper 1 (“Pet.”). Petitioner relies on the testimony
`of Dr. Markus Jakobsson. Ex. 1003. Symantec Corporation (“Patent
`Owner”) filed a preliminary response. Paper 10 (“Prelim. Resp.”).
`Institution of an inter partes review is authorized by statute when “the
`information presented in the petition . . . and any response . . . shows that
`there is a reasonable likelihood that the petitioner would prevail with respect
`to at least 1 of the claims challenged in the petition.” 35 U.S.C. § 314(a);
`see 37 C.F.R. § 42.108. Upon consideration of the Petition and Preliminary
`Response, we conclude the information presented shows there is not a
`reasonable likelihood that Petitioner would prevail in establishing the
`unpatentability of claims 1–18 of the ’540 patent.
`
`A. Related Matters
`A decision in this proceeding could affect or be affected by the
`following cases pending in the United States District Court for the Northern
`District of California and involving the ’540 patent: Symantec Corp. and
`Symantec Ltd. v. Zscaler, Inc., Case No. 17-cv-04414 (N.D. Cal.); Symantec
`Corp. and Symantec Ltd. v. Zscaler, Inc., Case No. 17-cv-04426 (N.D. Cal.).
`Pet. 2; Paper 3, 2.
`
`B. The ’540 patent
`The ’540 patent relates generally to protecting computer systems from
`viruses, attacks from hackers, spyware, spam, and other malicious activities.
`Ex. 1001, 1:65–2:4. A flow processing facility inspects payloads of network
`traffic packets and provides security and protection to a computer. Abstract.
`Figure 1 of the ’540 patent is reproduced below.
`
`2
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`
`
`
`Figure 1 above shows a networked computing environment 100 for
`data flow processing, including flow processing facility 102 coupled to
`internetwork 104, a network-connected computing facility 112, a plurality of
`server computing facilities 108, and a number of departmental computing
`facilities 110, such as an engineering department, a marketing department,
`and another department. Ex. 1001, 19:28–41. Flow processing facility 102
`receives data flows from the computing facilities via internetwork 104 and
`processes the data flows. Id. at 20:16–20.
`Figure 30 below shows a schematic of an enterprise network. Id. at
`85:50–55.
`
`3
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`
`Figure 30 above shows network participants of network 3000 include
`user1 3004, user2 3008, and server 108, and participant types of network
`3000 include engineering 3010 and sales 3012. Id. at 85:65–86:8.
`Virtualization model 3014 of flow processing facility 102 uniquely identifies
`data flows 444 from each participant and routes the data flow to a virtual
`network 3018 associated with the virtual network. Id. at 86:26–30. Security
`policy 3020 is applied to data flow 444 of virtual network 3018, such as anti-
`virus, anti-span, anti-spyware, and anti-worm. Id. at 86:43–49.
`
`C. Illustrative Claim
`Independent claim 1, reproduced below, is illustrative of the claimed
`subject matter:
`1.
`A method of securing a plurality of virtual networks with
`a virtualized network security system (VNSS), comprising:
`
`4
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`providing a plurality of flow processors, each configured
`as elements of the VNSS for processing a data flow, said data
`flow being transferred between a first port and a second port of
`the VNSS, the data flow comprising subscriber profile data;
`establishing a first security policy for a first virtual
`network based at least in part on the subscriber profile data
`included in the data flow;
`establishing a second security policy for a second virtual
`network based at least in part on the subscriber profile data
`included in the data flow;
`processing the data flow received at said first port for the
`first and second virtual networks through at least one of the
`plurality of flow processors, wherein portions of the data flow
`that are associated with the first virtual network are processed
`according to the first security policy, and wherein portions of the
`data flow that are associated with the second virtual network are
`processed according to the second security policy, said
`processing further comprising:
`making a first determination, in accordance with
`one of the first security policy and the second security
`policy, of abnormalities that are associated with the data
`flow, the first determination based at least in part on the
`subscriber identified by the subscriber profile data; and
`making a second determination, in accordance with
`one of the first security policy and the second security
`policy, based at least in part on the subscriber identified by
`the subscriber profile data, and transferring said data flow
`to said second port.
`
`
`
`Ex. 1001, 119:16–49.
`
`
`5
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`D. Asserted Grounds of Unpatentability
`Petitioner asserts that claims 1–18 are unpatentable based on the
`following grounds:
`
`
`Reference(s)
`Alles1
`Alles and Lin2
`
`Pet. 3–4.
`
`Basis
`§ 103
`§ 103
`
`Claims challenged
`1–5
`6–18
`
`II. DISCUSSION
`
`Relevant Law
`A.
`Obviousness
`1.
`A claim is unpatentable under 35 U.S.C. § 103(a) if the differences
`between the claimed subject matter and the prior art are such that the subject
`matter, as a whole, would have been obvious at the time the invention was
`made to a person having ordinary skill in the art to which said subject matter
`pertains. KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 406 (2007). The
`question of obviousness is resolved on the basis of underlying factual
`determinations including (1) the scope and content of the prior art; (2) any
`differences between the claimed subject matter and the prior art; (3) the level
`of skill in the art; and (4) where in evidence, so-called secondary
`considerations, including commercial success, long-felt but unsolved needs,
`
`
`1 US Patent No. 6,466,976 B1, issued Oct. 15, 2002, filed Dec. 3, 1998
`(“Alles,” Ex. 1005).
`2 US Patent No. 6,633,563 B1, issued Oct. 14, 2003 (“Lin,” Ex. 1007).
`6
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`failure of others, and unexpected results. 3 Graham v. John Deere Co.,
`383 U.S. 1, 17−18 (1966) (“the Graham factors”).
`Level of Skill
`2.
`For an obviousness analysis, prior art references must be “considered
`together with the knowledge of one of ordinary skill in the pertinent art.”
`In re Paulsen, 30 F.3d 1475, 1480 (Fed. Cir. 1994) (quoting In re Samour,
`571 F.2d 559, 562 (CCPA 1978)). Moreover, “it is proper to take into
`account not only specific teachings of the reference but also the inferences
`which one skilled in the art would reasonably be expected to draw
`therefrom.” In re Preda, 401 F.2d 825, 826 (CCPA 1968). That is because
`an obviousness analysis “need not seek out precise teachings directed to the
`specific subject matter of the challenged claim, for a court can take account
`of the inferences and creative steps that a person of ordinary skill in the art
`would employ.” KSR Int'l Co. v. Teleflex Inc., 550 U.S. 398, 418 (Fed. Cir.
`2007); In re Translogic Tech., Inc., 504 F.3d 1249, 1259 (Fed. Cir. 2007).
`Petitioner asserts a person of ordinary skill in the art of the subject
`matter of the ’540 patent would have had a “Bachelor of Science degree in
`computer science, or a similar degree, along with at least 2-3 years of
`experience in designing and developing computer network security
`programs and/or systems [and] . . . [a] higher level of education may
`substitute for a lesser amount of experience, and vice versa.” Pet. 13 (citing
`1003 ¶¶ 20–21). Patent Owner’s proposed level of skill does not differ, in
`any way relevant to determinations made in this decision, from Petitioner’s
`statement nor does Patent Owner argue that there is any significance
`
`3 Patent Owner does not put forth evidence it alleges tends to show
`secondary considerations of non-obviousness in its Preliminary Response.
`7
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`difference between the two articulations of level of skill. Prelim Resp. 7–8.
`Therefore, we adopt Petitioner’s articulation of the level of skill and
`acknowledge that the level of ordinary skill in the art is also reflected by the
`prior art of record. See Okajima v. Bourdeau, 261 F.3d 1350, 1355
`(Fed. Cir. 2001); In re GPAC Inc., 57 F.3d 1573, 1579 (Fed. Cir. 1995); In
`re Oelrich, 579 F.2d 86, 91 (CCPA 1978).
`
`Claim Construction
`B.
`In an inter partes review, we construe claim terms in an unexpired
`patent according to their broadest reasonable construction in light of the
`specification of the patent in which they appear. 37 C.F.R. § 42.100(b).
`Consistent with the broadest reasonable construction, claim terms are
`presumed to have their ordinary and customary meaning as understood by a
`person of ordinary skill in the art in the context of the entire patent
`disclosure. In re Translogic Tech., 504 F.3d at 1257.
`At this juncture of the proceeding, we determine that it is not
`necessary to provide an express interpretation of any term of the claims. See
`Vivid Techs., Inc. v. Am. Sci. & Eng’g, Inc., 200 F.3d 795, 803 (Fed.
`Cir. 1999) (explaining that only claim terms in controversy need to be
`construed, and only to the extent necessary to resolve the controversy).
`
`C. Obviousness Based on Alles and Alles combined with Lin
`Petitioner contends claims 1–5 are unpatentable under 35 U.S.C.
`§ 103(a) as obvious over Alles. Pet. 19–50. Petitioner contends that
`claims 6–18 are unpatentable under 35 U.S.C. § 103(a) as obvious over the
`combination of Alles and Lin. Id. at 50–73.
`
`8
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`1. Alles (Ex. 1005)
`Alles relates to a system and method for providing desired service
`policies to subscribers accessing the Internet. Ex. 1005, 1:8–12. An internet
`service node (ISN) enables the provision of desired service policies to each
`subscriber. Ex. 1005, Abstract. In particular, Alles states that “ISN 150 of
`the present invention may be placed at the edge (i.e., interfacing with
`subscriber equipment) of remote access network [RAN] 190.” Id. at 7:30–
`34.
`
`2. Lin (Ex. 1007)
`Lin relates to a system and method for assigning packet data to one of
`several processors provided in a data switch. Ex. 1007, 1:15–18.
`3. Analysis
`Claim 1 recites “providing a plurality of flow processors, each
`configured as elements of the VNSS for processing a data flow.” Neither
`party provides a claim construction for any the terms in this limitation
`including “plurality of flow processors.” The Specification states that
`In addition to virtualizing aspects of a network security
`deployment, virtualization may be applied across a plurality of
`flow processing facilities 102. In a configuration in which the
`plurality of flow processing facilities 102 are connected
`substantially in parallel (e.g. for increasing performance),
`virtualization may be applied across the plurality of facilities 102
`to facilitate applying common configuration, security policy 414,
`and the like. This may result in the plurality of flow processing
`facilities 102 appearing as a unified network security entity
`rather than individual entities each requiring configuration,
`security policy 414, and the like. As an example, a network
`configuration may include a plurality of flow processing
`facilities 102 providing an interface between an enterprise
`network and the Internet. The plurality of flow processing
`facilities 102 may be configured with virtualization as if they
`
`9
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`were one flow processing facility 102 by directing a common
`configuration (i.e. security policy 414) to each of the facilities
`102.
`
`Ex. 1001, 87:44–61. In other words, the Specification states that connecting
`flow processing facilities in parallel or virtualized as one flow processing
`facility “may result in the plurality of flow processing facilities 102
`appearing as a unified network security entity” and/or at least facilitate
`common configuration of such flow processing facilities. This suggests that
`the inventor intended some significance to the claim term “plurality of flow
`processors, each configured as elements of the VNSS.” We do not construe
`“plurality of flow processors, each configured as elements of the VNSS” to
`require parallel connection or connection as “one” flow processor, but rather
`as having “each configured as elements of the VNSS” as required explicitly
`by the claim is supported by the specification.
`Petitioner states that “The ISNs [of Alles], individual and
`collectively4, provide a plurality of flow processors (ISN(s)), each
`configured as elements of the VNSS (RAN). Ex. 1003 ¶¶ 85-88.” Pet. 24.
`Petitioner does not rely on Lin for the teaching of a “plurality of flow
`processors.” Pet. 53–73. Apparently recognizing the significance of this
`claim term as explained above, Petitioner states that “Alles discloses that
`some RAN 190 deployments include “several ISNs [the alleged flow
`processing facilities]” 150 networked together.” Id., 9:40–41(emphasis
`added); see also id. at 59 (“Alles discloses RAN configurations with ‘several
`ISNs.’”). Petitioner’s declarant’s testimony is identical essentially to the
`
`4 Petitioner does not explain at all what “individually or collectively” means
`and exclusively argues that it relies on “several ISN” not one ISN as the
`plurality of flow processors.
`
`10
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`text of the Petition. Ex. 1003 ¶¶ 85–88. Petitioner also states that “The
`ISNs are part of Alles’ larger RAN. Id., 6:43-51 (‘ISN 150 is provided in
`[RAN] 190’).” Nevertheless, Alles does not state that “several ISNs” are
`“networked together” nor does it state that “several ISNs” are “part of” a
`“larger RAN” as purported by Petitioner. Petitioner’s citation for that
`proposition states only that “[t]he method of FIG. 2 may be implemented in
`several ISNs.” Ex. 1001, 9:40–41. Petitioner does not explain adequately
`where Alles teaches or suggests whether or how the several ISNs would
`work together and whether they would be configured as elements of a single
`RAN [the alleged VNSS]. Additionally, the statement Petitioner relies on to
`tie the RAN to the “several ISNs” is not tied together in the Specification
`with the recitation of “several ISNs” and refers to a singular ISN 150 as
`being provided in RAN 190. See Pet. 24.
`Patent Owner argues that Alles describes consistently a RAN as
`containing a single ISN. Prelim. Resp. 9 (citing Ex. 1005, 2:36–43, Fig. 1).
`Patent Owner states correctly that “[a]t no point does Alles’ description of
`the RAN, or any of the alternative embodiments of the RAN, state that a
`single RAN may be modified to include more than one ISN.” Id. at 10. In
`fact Alles mentions that a benefit of the Alles invention is to have remote
`access application (a RAN) with a single ISN. Ex. 1005, 3:48–52 (“[t]he
`present invention is particularly suitable for remote access applications as an
`ISN can be provided as an edge device, which can control all application
`data flows to provide desired service policies for each using subscriber using
`a single ISN.”) (emphasis added); see Prelim. Resp. 27. Patent Owner
`argues that Alles is more consistent with “several ISNs” each running within
`
`11
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`its own RAN. Prelim. Resp. 29 (citing Ex. 1005, 1:21–42, 2:38–43, 3:61–
`65; Ex. 2001 ¶¶ 70–72).
`We agree with Patent Owner. Petitioner has not shown that Alles
`teaches or suggests “providing a plurality of flow processors, each
`configured as elements of the VNSS for processing a data flow.” We are not
`persuaded by Petitioners citation to a single reference to “several ISNs”
`untethered to any explanation of how/if they are integrated into a RAN or
`RANs or the larger Alles system.
`Petitioner has not shown a reasonable likelihood of prevailing in its
`challenge to claims 1–5 based upon Alles and/or its challenge to claims 6–18
`based upon Alles and Lin. Accordingly, we decline to institute an inter
`partes review of claims 1–5 as obvious over Alles, or claims 6–18 as
`obvious over Alles and Lin.
`
`III. CONCLUSION
`The information presented does not show that there is a reasonable
`likelihood that Petitioner would prevail at trial with respect to at least one
`claim of the ’540 patent, based on any ground presented in the Petition. On
`this record, we deny the Petition for inter partes review of claims 1–18.
`
`IV. ORDER
`
`Accordingly, it is
`ORDERED that that the Petition is denied as to all challenged claims,
`and no trial is instituted.
`
`
`
`
`
`
`
`12
`
`
`
`IPR2018-00930
`Patent 8,402,540 B2
`
`PETITIONER:
`
`Jeremy Lang
`Donald Daybell
`Johannes Hsu
`ptabdocketjjl2@orrick.com
`PTABDocketJ1H1@orrick.com
`d2dptabdocket@orrick.com
`
`
`PATENT OWNER:
`
`Chad Walters
`Kurt Pankratz
`Bryan D. Parrish
`chad.walters@bakerbotts.com
`kurt.pankratz@bakerbotts.com
`bryan.parrish@bakerbotts.com
`
`13
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
