Trials@uspto.gov
`571-272-7822
`
`
`
`
`Paper 26
`
`Date: March 31, 2020
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`CISCO SYSTEMS, INC.,
`Petitioner,
`
`v.
`
`CENTRIPETAL NETWORKS, INC.,
`Patent Owner.
`____________
`
`IPR2018-01513
`Patent 9,560,077 B2
`____________
`
`
`Before BRIAN J. McNAMARA, J. JOHN LEE, and
`JOHN P. PINKERTON, Administrative Patent Judges.
`
`LEE, Administrative Patent Judge.
`
`
`
`
`JUDGMENT
`Final Written Decision
`Determining All Challenged Claims Unpatentable
`35 U.S.C. § 318(a)
`
`
`
`
`
`
`
`
`
`
`571-272-7822
`
`
`
`
`Paper 26
`
`Date: March 31, 2020
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`CISCO SYSTEMS, INC.,
`Petitioner,
`
`v.
`
`CENTRIPETAL NETWORKS, INC.,
`Patent Owner.
`____________
`
`IPR2018-01513
`Patent 9,560,077 B2
`____________
`
`
`Before BRIAN J. McNAMARA, J. JOHN LEE, and
`JOHN P. PINKERTON, Administrative Patent Judges.
`
`LEE, Administrative Patent Judge.
`
`
`
`
`JUDGMENT
`Final Written Decision
`Determining All Challenged Claims Unpatentable
`35 U.S.C. § 318(a)
`
`
`
`
`
`
`
`
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`
`INTRODUCTION
`
`Cisco Systems, Inc. (“Petitioner”) filed a Petition (Paper 2, “Pet.”)
`
`requesting an inter partes review of claims 1–20 (“the challenged claims”)
`
`of U.S. Patent No. 9,560,077 B2 (Ex. 1001, “the ’077 Patent”). An inter
`
`partes review of all challenged claims was instituted on April 2, 2019.
`
`Paper 7 (“Inst. Dec.”). After institution, Centripetal Networks, Inc. (“Patent
`
`Owner”) filed a Patent Owner Response (Paper 13, “PO Resp.”), Petitioner
`
`filed a Reply (Paper 16, “Pet. Reply”), and Patent Owner filed a Sur-reply
`
`(Paper 20, “PO Sur-reply”). An oral hearing was held on January 9, 2020.
`
`Paper 24 (“Tr.”).
`
`We have jurisdiction under 35 U.S.C. § 6. This Final Written
`
`Decision is issued pursuant to 35 U.S.C. § 318(a). As explained below,
`
`Petitioner has shown by a preponderance of the evidence that all challenged
`
`claims of the ’077 Patent are unpatentable.
`
`A.
`
`Related Cases
`
`The parties identify as related to the present case Centripetal
`
`Networks, Inc. v. Cisco Systems, Inc., Case No. 2:18-cv-00094-MSD-LRL
`
`(E.D. Va.). Pet. 1; Paper 3, 1.
`
`B.
`
`The ’077 Patent
`
`The ’077 Patent relates to protecting networks using packet security
`
`gateways (PSGs) armed with dynamic security policies. Ex. 1001, 1:48–61.
`
`Figure 1 of the ’077 Patent is reproduced below:
`
`2
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`
`
`
`Figure 1 illustrates network environment 100 in which aspects of the
`
`claimed invention of the ’077 Patent are implemented, with networks 102,
`
`104, 106, 108, and 110 interfacing with each other. Id. at 4:27–30, 4:38–40.
`
`For example, one or more Internet Service Providers (ISPs) in network
`
`environment 100 may interface one or more networks via the Internet. Id. at
`
`4:40–45. PSG 112 is located at the boundary between Network A 102 and
`
`Network E 110. Id. at 5:11–15. Network A 102 may be, for example, a
`
`Local Area Network (LAN) associated with an organization or other entity.
`
`Id. at 4:30–37. Each PSG receives a dynamic security policy from security
`
`policy management (SPM) server 120. Id. at 5:29–31.
`
`
`
`PSG 112 may include a packet filter that examines information
`
`associated with data packets received by the PSG via its network interfaces
`
`3
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`with network A and network E. Id. at 5:66–6:10, Fig. 2. The packet filter
`
`may be configured with a dynamic security policy that includes one or more
`
`rules, each of which may specify criteria and an action to be taken on data
`
`packets meeting the criteria. Id. at 6:11–31. Such actions may include
`
`forwarding or dropping the packets. Id. at 6:19–27. In addition, PSG 112
`
`may be configured in a “network layer transparent manner,” i.e., without a
`
`network layer address, to be insulated against attacks launched at the
`
`network layer. Id. at 6:32–46.
`
`C. Challenged Claims
`
`Petitioner challenges all of the claims of the ’077 Patent. Claims 1, 7,
`
`13, 19, and 20 are the independent claims. Claim 1 is illustrative and is
`
`reproduced below:
`
`1.
`
`A method comprising:
`
`provisioning, each device of a plurality of devices, with one or
`more rules generated based on a boundary of a network protected
`by the plurality of devices with one or more networks other than
`the network protected by the plurality of devices at which the
`device is configured to be located; and
`
`configuring, each device of the plurality of devices, to:
`
`receive packets via a communication interface that does
`not have a network-layer address;
`
`responsive to a determination by the device that a portion
`of the packets received from or destined for a host located
`in the network protected by the plurality of devices
`corresponds to criteria specified by the one or more rules,
`drop the portion of the packets; and
`
`modify a switching matrix of a local area network (LAN)
`switch associated with the device such that the LAN
`
`4
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`
`switch is configured to drop the portion of the packets
`responsive to the determination by the device.
`
`D.
`
`Asserted Grounds of Unpatentability and Asserted Prior Art
`
`Trial was instituted on the following grounds of unpatentability
`
`asserted in the Petition:
`
`Claim(s) Challenged
`
`35 U.S.C. §
`
`Reference(s)/Basis
`
`1–4, 6–10, 12–16, 18, 20 103(a)1
`
`Jungck2
`
`5, 11, 17, 19
`
`103(a)
`
`Jungck, RFC 20033
`
`Inst. Dec. 26; see Pet. 20. In addition, Petitioner relies on two declarations
`
`by its proffered expert witness, Dr. Kevin Jeffay (Ex. 1004; Ex. 1012).
`
`Likewise, Patent Owner relies on a declaration by its proffered expert
`
`witness, Dr. Michael Goodrich (Ex. 2004).
`
`A.
`
`Level of Ordinary Skill in the Art
`
`ANALYSIS
`
`Based principally on the testimony of Dr. Jeffay, Petitioner asserts
`
`that a person of ordinary skill in the art would have had a bachelor’s degree
`
`
`
`1 The Leahy-Smith America Invents Act (“AIA”), Pub. L. No. 112-29, 125
`Stat. 284, 287–88 (2011), amended 35 U.S.C. § 103. Because the
`application from which the ’077 patent issued is a continuation of an
`application filed before March 16, 2013, the effective date of the relevant
`amendment, the pre-AIA version of § 103 applies.
`
`2 U.S. Patent Appl. Pub. No. 2009/0262741 A1, published Oct. 22, 2009
`(Ex. 1008, “Jungck”).
`
`3 C. Perkins, IP Encapsulation within IP, Oct. 1996 (Ex. 1009, “RFC
`2003”).
`
`5
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`in computer science, computer engineering or an equivalent, as well as four
`
`years of industry experience. Pet. 21 (citing Ex. 1004 ¶¶ 23–25). In
`
`addition, Petitioner indicates a person of ordinary skill would have had “a
`
`working knowledge of packet-switched networking, firewalls, security
`
`policies, communication protocols and layers, and the use of customized
`
`rules to address cyber-attacks.” Id.
`
`In its Response, Patent Owner does not dispute Petitioner’s
`
`formulation of the level of skill in the art.4 Based on the complete trial
`
`record, we find Dr. Jeffay’s testimony credible and persuasive (Ex. 1004
`
`¶¶ 23–25), and we adopt Petitioner’s formulation as a result.
`
`B.
`
`Claim Construction
`
`In this case, we give claim terms their broadest reasonable
`
`construction in light of the specification of the patent in which they appear.
`
`37 C.F.R. § 42.100(b) (2018); see Cuozzo Speed Techs., LLC v. Lee, 136 S.
`
`Ct. 2131, 2144–46 (2016). In the Decision on Institution, we construed
`
`several terms as follows:
`
`Claim Term/Phrase
`
`Construction
`
`rule / rules
`
`a condition or set of conditions that
`when satisfied cause a specific function
`to occur
`
`
`
`4 Dr. Goodrich testified to a slightly different description of the level of skill
`in the art (Ex. 2004 ¶¶ 50–51), but Patent Owner did not argue during trial
`that Dr. Goodrich’s description should be adopted instead of Dr. Jeffay’s
`description and waived any such argument as a result. See In re NuVasive,
`Inc., 842 F.3d 1376, 1380–81 (Fed. Cir. 2016). Moreover, Dr. Goodrich
`testified that his opinions would be unchanged under Dr. Jeffay’s description
`of the level of ordinary skill. Ex. 2004 ¶ 51.
`
`6
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`
`Claim Term/Phrase
`
`Construction
`
`provisioning, each device of a
`plurality of devices, with one or
`more rules generated based on a
`boundary of a network
`protected by the plurality of
`devices with one or more
`networks other than the network
`protected by the plurality of
`devices at which the device is
`configured to be located
`
`layer-2 virtual local area
`network (VLAN)
`
`network-layer address
`
`LAN switch
`
`switching matrix of a local area
`network (LAN) switch
`
`communicating one or more rules to
`each device of a plurality of devices,
`where the rule(s) are generated based on
`the location of the device at a boundary
`between a network protected by the
`plurality of devices and one or more
`other networks
`
`logical grouping of devices on one or
`more local area networks (LANs) that
`allows layer-2 communication to occur
`between them
`
`an address that identifies a device for
`communication on the network layer,
`such as an IP address
`
`a network device configured to send and
`receive data between computers on a
`local area network
`
`a switching matrix contained within a
`LAN switch that is configured to direct
`traffic in a LAN
`
`Inst. Dec. 10. Neither party disputed any of these preliminary claim
`
`constructions, and both parties adopted these constructions during trial. See
`
`PO Resp. 8–10; Pet. Reply 1. We do not discern any evidence in the full
`
`record after trial indicating that these constructions are incorrect or should be
`
`modified. Thus, we apply these constructions in this Decision.
`
`No other claim terms in the ’077 Patent require express construction
`
`for purposes of this Decision. See Nidec Motor Corp. v. Zhongshan Broad
`
`Ocean Motor Co., 868 F.3d 1013, 1017 (Fed. Cir. 2017) (holding that only
`
`7
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`claim terms in controversy require express construction, and only to the
`
`extent necessary to resolve the controversy). The parties raise additional
`
`issues involving claim interpretation in the context of applying the asserted
`
`prior art; such issues are discussed below in our obviousness analysis, to the
`
`extent necessary.
`
`C.
`
`Alleged Unpatentability Under § 103(a)
`
`A claim is unpatentable under § 103 if the differences between the
`
`claimed subject matter and the prior art are “such that the subject matter as a
`
`whole would have been obvious at the time the invention was made to a
`
`person having ordinary skill in the art to which said subject matter pertains.”
`
`KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 406 (2007). The question of
`
`obviousness is resolved on the basis of underlying factual determinations,
`
`including: (1) the scope and content of the prior art; (2) any differences
`
`between the claimed subject matter and the prior art; (3) the level of skill in
`
`the art; and (4) objective evidence of non-obviousness, i.e., secondary
`
`considerations. Graham v. John Deere Co., 383 U.S. 1, 17–18 (1966).
`
`Additionally, the obviousness inquiry typically requires an analysis of
`
`“whether there was an apparent reason to combine the known elements in
`
`the fashion claimed by the patent at issue.” KSR, 550 U.S. at 418 (citing
`
`In re Kahn, 441 F.3d 977, 988 (Fed. Cir. 2006) (requiring “articulated
`
`reasoning with some rational underpinning to support the legal conclusion of
`
`obviousness”)); see In re Warsaw Orthopedic, Inc., 832 F.3d 1327, 1333
`
`(Fed. Cir. 2016) (citing DyStar Textilfarben GmbH & Co. Deutschland KG
`
`v. C. H. Patrick Co., 464 F.3d 1356, 1360 (Fed. Cir. 2006)).
`
`As noted above, Petitioner contends that claims 1–4, 6–10, 12–16, 18,
`
`and 20 are unpatentable as obvious over Jungck. Pet. 20. Further, Petitioner
`
`8
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`contends that claims 5, 7, 11, and 19 are unpatentable as obvious over the
`
`combination of Jungck and RFC 2003. Id.
`
`1.
`
`Overview of Jungck
`
`Jungck is a published patent application relating to improvements to a
`
`network’s infrastructure, including a “packet interceptor/processor apparatus
`
`[that] is coupled with the network so as to be able to intercept and process
`
`packets flowing over the network.” Ex. 1008, code (57). “The apparatus
`
`applies one or more rules to the intercepted packets which execute one or
`
`more functions on a dynamically specified portion of the packet and take
`
`one or more actions with the packets.” Id. Such actions may include
`
`releasing the packet unmodified, deleting the packet, or forwarding the
`
`packet for subsequent processing. Id.
`
`Figure 1 of Jungck is reproduced below:
`
`
`
`9
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`Figure 1 depicts exemplary network 100 for use with the embodiments
`
`disclosed in Jungck. Id. ¶ 31. Network 100 may be the Internet, another type
`
`of public network, or a private network. Id. For example, the network may
`
`be a LAN or a wide area network (WAN). Id. ¶ 32. As shown in Figure 1, a
`
`client device (e.g., client 106) may be connected to network 100 via a point-
`
`of-presence (POP, e.g., POP 116), which is a “connecting point which
`
`separates the client . . . from the network.” Id. ¶ 41. A POP may comprise,
`
`for example, one or more routers, and may be provided by an ISP. Id.
`
`Jungck discloses a number of embodiments. The “[t]hird”
`
`embodiment is depicted in Figure 6, which is reproduced below:
`
`Figure 6 depicts enhanced network 100, which is connected to clients 102,
`
`104, 106, and 612 via service providers 118 and 120. Id. ¶ 107. More
`
`specifically, each client is connected via a POP—for example, client 104 is
`
`
`
`10
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`connected via POP2A of service provider 118. Id. Service provider 118
`
`also has edge server 602A, which may be “integrated with a router” and is
`
`“able to intercept all network traffic flowing between [POPs 116, including
`
`POP2A] and the network 100.” Id. Once network traffic is intercepted,
`
`edge server 602A can, for example, detect packets “whose origin address
`
`could not have come from the downstream network . . . to which it is
`
`connected” and prevent those packets from reaching network 100. Id. ¶ 111.
`
`
`
`The “fourth embodiment” of Jungck is depicted in Figure 7, which is
`
`reproduced below:
`
`Figure 7 depicts “edge adapter/packet interceptor system 700,” featuring
`
`packet interceptor adapter 720 coupled with router 702. Id. ¶¶ 126–127.
`
`Router 702 may be located within an ISP located at the edge of network 100,
`
`which may be the Internet or a private intranet/extranet as described above
`
`
`
`11
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`(e.g., Figure 1), and additionally may be an optical based network or an
`
`electrical network. Id. ¶ 127.
`
`
`
`Jungck’s “[f]ifth” embodiment includes exemplary device 900
`
`coupled with optical based network 100 (such as the Internet). Id. ¶ 265.
`
`Device 900 is positioned to “intercept and process packets communicated
`
`between the upstream network portion 100A and the downstream network
`
`portion 100B.” Id. ¶ 266. Processing elements within device 900 may
`
`perform “ingress and egress filtering,” whereby device 900 is “programmed
`
`with the range of network addresses in [downstream network portion 100B]”
`
`such that device 900 is able to detect and filter out packets arriving from
`
`downstream network portion 100B that do not have a network address
`
`within that range. Id. ¶ 269.
`
`2.
`
`Overview of RFC 2003
`
`
`
`RFC 2003 is a specification of an Internet protocol (IP) standard,
`
`specifically “a method by which an IP datagram may be encapsulated
`
`(carried as payload) within an IP datagram.” Ex. 1009, 1. This
`
`encapsulation enables altering the normal routing for a datagram by
`
`delivering it to an intermediate destination not specified by the IP header of
`
`the datagram. Id. This is performed by inserting an outer IP header before
`
`the original IP header whereby the outer IP header specifies that
`
`intermediate destination’s address. See id. at 3.
`
`3.
`
`Independent Claim 1
`
`a. Motivation to Combine the Jungck Embodiments
`
`The Petition relies on the teachings of multiple embodiments of
`
`Jungck to support its arguments with respect to each element of claim 1. See
`
`12
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`Pet. 33–46. Thus, we first address whether Petitioner articulated a sufficient
`
`rationale supporting its contention that a person of ordinary skill would have
`
`been motivated to combine the teachings of Jungck’s embodiments.
`
`Petitioner contends that a person of ordinary skill would have had
`
`reason to combine the embodiments because they are all applicable to the
`
`same network environment and architecture, and are directed to similar
`
`functions, as explained by Dr. Jeffay. Pet. 32 (citing Ex. 1008 ¶¶ 25, 31,
`
`111, 126, 182–183, 263–264, 282; Ex. 1004 ¶¶ 140–143). For example, as
`
`Dr. Jeffay noted (Ex. 1004 ¶ 140), Jungck expressly denotes Figure 1 as
`
`showing an exemplary network environment applicable to all of Jungck’s
`
`embodiments. See Ex. 1008 ¶ 31, Fig. 1; Pet. 22–23. Dr. Jeffay also
`
`identified specific features and objectives (e.g., packet filtering, packet
`
`interception at an edge device, prevention of distributed denial of service
`
`(DDoS) attacks, ingress filtering) that Jungck indicates are common or
`
`related to each of the embodiments in Petitioner’s asserted combination,
`
`noting that all of the embodiments are, of course, disclosed in the same
`
`reference and that Jungck does not discourage their combination. See
`
`Ex. 1004 ¶¶ 140–141; see also Ex. 1012 ¶¶ 18, 19, 28–32 (providing
`
`additional evidentiary support in Jungck).
`
`Relying on Dr. Jeffay’s testimony, Petitioner further asserts that
`
`combining the teachings of each of the Jungck embodiments would have
`
`“produce[d] predictable and operable results,” and involved “simple
`
`substitutions, and applying known programming techniques to improve
`
`similar systems” that a skilled artisan would have understood how to
`
`implement to accomplish certain design objectives. Id. at 32–33 (citing
`
`Ex. 1004 ¶¶ 140–143). Dr. Jeffay identified particular reasons and contexts
`
`13
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`in which an ordinary artisan would have looked to the embodiments, such as
`
`adding additional edge devices without additional latency (fourth
`
`embodiment) and addressing higher traffic volume when dealing with the
`
`“Optical Internet.” See Ex. 1004 ¶¶ 141–142; Ex. 1012 ¶¶ 28–34.
`
`We agree with Petitioner’s reasoning, and we find Dr. Jeffay’s
`
`supporting testimony to be credible and persuasive. Patent Owner’s
`
`arguments are unpersuasive, as we explain below.
`
`Patent Owner first argues that Petitioner sets forth a “multiplicity of
`
`ambiguous grounds” and “dozens of distinct challenges” that require the
`
`Board to speculate as to the combination of teachings Petitioner seeks to rely
`
`on. PO Resp. 27–29. We disagree. For each limitation of claim 1, the
`
`Petition sets forth the specific teachings from each embodiment of Jungck
`
`that it contends should be combined, and with adequate particularity. See
`
`generally Pet. 33–46. We also disagree that Petitioner’s arguments and
`
`Dr. Jeffay’s testimony are insufficient under TQ Delta, LLC v. Cisco
`
`Systems, Inc., 942 F.3d 1352, 1361–62 (Fed. Cir. 2019). PO Sur-reply 13–
`
`14. In TQ Delta, the Federal Circuit held that an expert’s unsupported
`
`testimony alone was inadequate to supply the necessary link between a
`
`technical problem described in one reference, and the purported solution in
`
`another reference. 942 F.3d at 1361–62. Here, as discussed above, Dr.
`
`Jeffay’s testimony is supported by specific disclosures of Jungck regarding
`
`the common problems addressed by each of the relevant embodiments, and
`
`similarities between the specific devices in each embodiment. See Ex. 1004
`
`¶¶ 140–143; Ex. 1012 ¶¶ 18, 19, 28–34.
`
`Next, Patent Owner contends that Jungck’s third embodiment is
`
`incompatible with the fourth and fifth embodiments because their network
`
`14
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`topologies are incompatible. PO Resp. 29–31, 33–35. According to Patent
`
`Owner, the relevant device of the third embodiment is depicted “in a manner
`
`such that the network 100 is always to one side thereby allegedly isolating
`
`the respective [ISP] networks 118 and 120.” Id. at 29–30 (citing Ex. 2004
`
`¶ 75; Ex. 1008, Fig. 6). In contrast, Patent Owner alleges the fourth and fifth
`
`embodiments are depicted such that network 100 is on both sides of the
`
`relevant device. Id. at 30–31, 33–35 (citing Ex. 2004 ¶¶ 80, 86; Ex. 1008,
`
`Figs. 7, 9).
`
`In essence, Patent Owner argues that a person of ordinary skill would
`
`not have bodily incorporated edge server 602 of the third embodiment
`
`together with packet interceptor adapter 720 of the fourth embodiment, or
`
`device 900 of the fifth embodiment, due to these alleged differences in
`
`depicted network topology. But that does not reflect the proper test for
`
`obviousness.
`
`The test for obviousness is not whether the features of a
`secondary reference may be bodily incorporated into the
`structure of the primary reference; nor is it that the claimed
`invention must be expressly suggested in any one or all of the
`references. Rather, the test is what the combined teachings of
`the references would have suggested to those of ordinary skill in
`the art.
`
`In re Keller, 642 F.2d 413, 425 (CCPA 1981). Thus, Petitioner need not
`
`show that these embodiments are able to be combined in their entirety, or
`
`that every feature of each embodiment is compatible. More importantly,
`
`Petitioner need not show that a skilled artisan would have been motivated to
`
`combine every feature of these embodiments. Patent Owner’s assertion that
`
`Jungck never expressly discloses that the devices of these embodiments are
`
`interchangeable or should be combined is inapposite for the same reason.
`
`15
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`See PO Resp. 32, 35–36.5 Indeed, as Petitioner notes (Pet. Reply 20–21),
`
`Patent Owner and Dr. Goodrich effectively acknowledge that Jungck teaches
`
`the devices of the third and fourth embodiments may be used together by
`
`admitting that Jungck teaches they may be “used in conjunction with” each
`
`other. See PO Resp. 32 (quoting Ex. 2004 ¶ 73) (emphasis omitted).
`
`Moreover, Petitioner does not rely on the network topology of either
`
`the fourth or fifth embodiment; thus, whether those topologies are
`
`compatible with the third embodiment is irrelevant unless, for example, the
`
`relevant teachings of the fourth or fifth embodiments require or depend on
`
`those topologies. See id. Patent Owner has not shown that is the case.
`
`Further, we agree with Petitioner that, in view of the similarity in the
`
`functions performed by all three embodiments, the differences in the
`
`corresponding topologies relative to network 100 shown in Jungck’s figures
`
`do not negate the reason to combine the respective teachings to a person of
`
`ordinary skill. Pet. Reply 20, 22; Ex. 1012 ¶¶ 22–26, 33. Jungck states edge
`
`server 602 of the third embodiment operates similarly to edge servers 402
`
`and 502 of the first and second embodiments. Ex. 1008 ¶ 108. In its
`
`discussion of the fourth embodiment, Jungck states the following:
`
`As can be seen from the above embodiments, edge devices
`generally perform the basic functions of intercepting packets
`from the general flow of network traffic, processing the
`intercepted packets and potentially releasing the original packets
`and/or reinserting new or modified packets back into the general
`flow of network traffic.
`
`
`
`5 We note that Jungck states that “any device which intercepts and processes
`packets can utilize the packet interceptor adaptor 720” of Jungck’s fourth
`embodiment. Ex. 1008 ¶ 180; Pet. 43.
`
`16
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`Id. ¶ 125. Thus, we find that Jungck teaches that each of its embodiments,
`
`in general, operate in a similar manner and perform similar functions. See
`
`Pet. 32 (citing Ex. 1008 ¶¶ 25, 31, 111, 126, 182, 183, 263, 264, 282;
`
`Ex. 1004 ¶¶ 140–142); Pet. Reply 20, 22 (citing Ex. 1008 ¶¶ 108, 113, 120–
`
`125, 127, 130, 131, 268, 269, 271; Ex. 1012 ¶¶ 28, 32).
`
`Patent Owner next contends that Jungck “expressly distinguishes” the
`
`third and fourth embodiments by describing how the fourth embodiment
`
`“can allegedly remedy the disadvantages typically caused by the
`
`implementation of Jungck’s [third embodiment] through the use [of] an edge
`
`adapter/packet interceptor system 700.” PO Resp. 31–32 (citing Ex. 1008
`
`¶¶ 124, 126; Ex. 2004 ¶ 83). The cited evidence, however, does not support
`
`this argument.
`
`The cited portions of Jungck make no mention of the third
`
`embodiment, much less expressly distinguish it or describe disadvantages of
`
`its implementation. See Ex. 1008 ¶¶ 124, 126. Rather, Jungck describes
`
`certain general technical challenges that the fourth embodiment is designed
`
`to address, such as latency. See id. Patent Owner does not identify evidence
`
`indicating whether those challenges apply to the third embodiment, nor does
`
`Patent Owner explain why that would be the case. See PO Resp. 31–32.
`
`In the testimony cited by Patent Owner, Dr. Goodrich only testified
`
`that the respective devices of the third and fourth embodiments are “separate
`
`and distinct” and that they “are not meant to be interchangeable.” Ex. 2004
`
`¶ 83. This evidence, too, fails to explain whether, or why, the technical
`
`challenges that the fourth embodiment addresses would indicate that a
`
`skilled artisan would not have combined its teachings with those of the third
`
`embodiment. In fact, we are persuaded that a person of ordinary skill would
`
`17
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`have had reason to combine the teachings of these embodiments to achieve
`
`the advantages of the fourth embodiment with respect to those challenges—
`
`i.e., to “decouple the interception of packets from the processing of those
`
`intercepted packets and provide a generic packet interception and pre-
`
`processing engine which can be utilized in parallel by multiple edge
`
`devices.” Id. ¶ 126; see Pet. 32 (quoting Jungck as indicating that the fourth
`
`embodiment, thus, enables avoiding “introducing additional network latency
`
`or potential failure points to the packet flow with the addition of each such
`
`edge/packet interception device”).
`
`Finally, Patent Owner contends Jungck teaches away from combining
`
`the fourth and fifth embodiments “because of the cost and latency issues
`
`described by Jungck for doing so.” PO Resp. 36. Specifically, Patent
`
`Owner relies on the testimony of Dr. Goodrich, who testified that an
`
`ordinary artisan would understand that “placing the packet interceptor
`
`adapters of [the fourth embodiment] in series, as is done with components of
`
`the device 900 in [the fifth embodiment] would increase network latency and
`
`potentially degrade ‘wire speed’ performance.” Ex. 2004 ¶ 89. Again,
`
`however, Patent Owner’s argument fails because bodily incorporation of the
`
`fifth embodiment—including placing devices in series—with the fourth
`
`embodiment is not required to prove obviousness. See Keller, 642 F.2d at
`
`425. Critically, Petitioner does not rely on Jungck’s disclosure of placing
`
`devices in series in the fifth embodiment as teaching any element of any
`
`challenged claim.
`
`Moreover, even considering the “in series” aspect of the fifth
`
`embodiment, we find credible and persuasive Dr. Jeffay’s testimony that
`
`such a practice—i.e., “pipelining”—was known to actually improve
`
`18
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`throughput and wire speed performance in some applications. Ex. 1012
`
`¶ 34. We further credit Dr. Jeffay’s testimony that a person of ordinary skill
`
`would have known how to balance the benefits and drawbacks (e.g., latency)
`
`of pipelining and other configurations to combine the relevant teachings of
`
`Jungck, rather than be deterred from combining them at all. Id. His
`
`testimony is supported by Jungck, which discloses that coupling devices
`
`serially could “enhance the ability to sub-divide the processing task[s],
`
`lowering the burden on any one network processor 906C, 906D only at the
`
`cost of the latency added to the packet stream by the additional network
`
`processors.” Ex. 1008 ¶ 278.
`
`For all of the reasons explained above, we conclude that the record
`
`evidence after trial supports Petitioner’s position, and we find that a person
`
`of ordinary skill would have been motivated to combine the teachings of
`
`Jungck’s embodiments in the manner set forth in the Petition.
`
`b.
`
`The “provisioning” limitation
`
`Claim 1 first recites “provisioning, each device of a plurality of
`
`devices, with one or more rules generated based on a boundary of a network
`
`protected by the plurality of devices with one or more networks other than
`
`the network protected by the plurality of devices at which the device is
`
`configured to be located.” According to Petitioner, Jungck teaches this
`
`“provisioning” limitation of claim 1 in its description of edge servers.
`
`Pet. 33–37. Specifically, Petitioner contends that Jungck discloses multiple
`
`edge servers (i.e., the recited “plurality of devices”) protecting a network
`
`(e.g., network 100 in Figure 6) from malicious traffic originating from other
`
`networks (e.g., the downstream networks of POPs 114 or 116) by being
`
`located at the boundary between them and filtering the traffic. Id. at 34, 36;
`
`19
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`see Ex. 1008, Fig. 6. Jungck explains that the edge server can “monitor the
`
`data transmission being generated by clients 102, 104, 106, 602 for
`
`malicious program code,” and “can eradicate it or prevent it from reaching
`
`the network 100,” thereby protecting the network. Ex. 1008 ¶ 111; see
`
`Ex. 1004 ¶¶ 148–151.
`
`For instance, Petitioner asserts that Jungck discloses an edge server
`
`capable of detecting data packets with origin addresses that do not match the
`
`downstream network to which it is connected, and blocking those packets
`
`from reaching the protected network. Pet. 36–37 (citing Ex. 1008 ¶ 111).
`
`Additionally, Petitioner also cites Jungck’s discussion of ingress filtering in
`
`its fifth embodiment, which similarly describes a device programmed to
`
`filter out data with invalid source network addresses. Id. (citing Ex. 1008
`
`¶ 269). Thus, Petitioner argues, Jungck teaches an edge server that applies
`
`rules based on the particular boundary where the edge server is located, i.e.,
`
`the boundary with a particular downstream network. Id. Petitioner also
`
`cites Jungck’s disclosure of a “rules processor” that interfaces with external
`
`devices that define and communicate rule sets to the packet interceptor
`
`adapter, for example, to intercept particular types of packets. See id. at 36;
`
`Ex. 1008 ¶ 157.
`
`Considering the complete trial record, we are persuaded by
`
`Petitioner’s arguments and find that Jungck teaches the “provisioning”
`
`limitation based on the reasoning outlined above. Patent Owner’s arguments
`
`to the contrary are unpersuasive. According to Patent Owner, Jungck does
`
`not teach the “provisioning” limitation because (a) Jungck does not disclose
`
`“a network protected by the plurality of devices”; (b) Jungck’s edge servers
`
`do not disclose “a plurality of devices” located at a “boundary” of a
`
`20
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`protected network; and (c) Jungck’s edge servers are not provided “one or
`
`more rules generated based on” such a boundary. PO Resp. 11–20; PO Sur-
`
`reply 1–10. We address each of these arguments in more detail below.
`
`i.
`
`Protected Network
`
`Patent Owner first attempts to distinguish between the claimed
`
`invention’s “protected” network and Jungck’s teachings, contending that
`
`“[t]o the extent that the techniques of Jungck ‘protect’ anything, they protect
`
`individual application servers . . . not networks.” PO Resp. 11. In
`
`particular, Patent Owner alleges that Jungck fails to teach defenses against a
`
`particular type of DDoS attack targeting entire networks, instead addressing
`
`only DDoS attacks against individual servers. See id. at 11–13. This
`
`argument, however, is not commensurate in scope with the claim, and Patent
`
`Owner has not identified sufficient evidence to support the narrow
`
`limitations it seeks to impose.
`
`As an initial matter, the claim is not limited to particular types of
`
`attacks. See Pet. Reply 3. The claim does not recite DDoS attacks, much
`
`less specific types of such attacks, nor does the claim recite attacks that
`
`“overload the network infrastructure” rather than target “indivi
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
