Trials@uspto.gov
`571-272-7822
`
`
`
`
`Paper 7
`
` Entered: April 2, 2019
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`CISCO SYSTEMS, INC.,
`Petitioner,
`
`v.
`
`CENTRIPETAL NETWORKS, INC.,
`Patent Owner.
`____________
`
`Case IPR2018-01513
`Patent 9,560,077 B2
`____________
`
`
`Before BRIAN J. McNAMARA, J. JOHN LEE, and
`JOHN P. PINKERTON, Administrative Patent Judges.
`
`LEE, Administrative Patent Judge.
`
`
`
`
`DECISION
`Institution of Inter Partes Review
`35 U.S.C. § 314
`
`
`
`
`
`
`
`
`
`
`571-272-7822
`
`
`
`
`Paper 7
`
` Entered: April 2, 2019
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`CISCO SYSTEMS, INC.,
`Petitioner,
`
`v.
`
`CENTRIPETAL NETWORKS, INC.,
`Patent Owner.
`____________
`
`Case IPR2018-01513
`Patent 9,560,077 B2
`____________
`
`
`Before BRIAN J. McNAMARA, J. JOHN LEE, and
`JOHN P. PINKERTON, Administrative Patent Judges.
`
`LEE, Administrative Patent Judge.
`
`
`
`
`DECISION
`Institution of Inter Partes Review
`35 U.S.C. § 314
`
`
`
`
`
`
`
`
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`
`INTRODUCTION
`Cisco Systems, Inc. (“Petitioner”) filed a Petition (Paper 2, “Pet.”)
`requesting an inter partes review of claims 1–20 (“the challenged claims”)
`of U.S. Patent No. 9,560,077 B2 (Ex. 1001, “the ’077 Patent”). Centripetal
`Networks, Inc. (“Patent Owner”) timely filed a Preliminary Response
`(Paper 6, “Prelim. Resp.”).
`We have authority to institute an inter partes review only if the
`information presented in the Petition shows “there is a reasonable likelihood
`that the petitioner would prevail with respect to at least 1 of the claims
`challenged in the petition.” 35 U.S.C. § 314(a). An inter partes review may
`not be instituted on fewer than all claims challenged in the Petition. SAS
`Inst., Inc. v. Iancu, 138 S. Ct. 1348, 1359–60 (2018).
`Upon consideration of the Petition and Preliminary Response, we
`determine that the information presented shows there is a reasonable
`likelihood that Petitioner would prevail in establishing the unpatentability of
`each of the challenged claims. Accordingly, we institute an inter partes
`review of the challenged claims of the ’077 Patent.
`
`A.
`
`Related Cases
`The parties identify as related to the present case Centripetal
`Networks, Inc. v. Cisco Systems, Inc., Case No. 2:18-cv-00094-MSD-LRL
`(E.D. Va). Pet. 1; Paper 3, 1.
`
`B.
`
`The ’077 Patent
`The ’077 Patent relates to protecting networks using packet security
`gateways (PSGs) armed with dynamic security policies. Ex. 1001, 1:48–61.
`Figure 1 of the ’077 Patent is reproduced below:
`
`2
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`
`
`
`Figure 1 illustrates network environment 100 in which aspects of the
`claimed invention of the ’077 Patent are implemented, with networks 102,
`104, 106, 108, and 110 interfacing with each other. Id. at 4:27–30, 4:38–40.
`For example, one or more Internet Service Providers (ISPs) in network
`environment 100 may interface one or more networks via the Internet. Id. at
`4:40–45. PSG 112 is located at the boundary between Network A 102 and
`Network E 110. Id. at 5:11–15. Network A 102 may be, for example, a
`Local Area Network (LAN) associated with an organization or other entity.
`Id. at 4:30–37. Each PSG receives a dynamic security policy from security
`policy management (SPM) server 120. Id. at 5:29–31.
`
`PSG 112 may include a packet filter that examines information
`associated with data packets received by the PSG via its network interfaces
`
`3
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`with network A and network E. Id. at 5:66–6:10, Fig. 2. The packet filter
`may be configured with a dynamic security policy that includes one or more
`rules, each of which may specify criteria and an action to be taken on data
`packets meeting the criteria. Id. at 6:11–31. Such actions may include
`forwarding or dropping the packets. Id. at 6:19–27. In addition, PSG 112
`may be configured in a “network layer transparent manner,” i.e., without a
`network layer address, to be insulated against attacks launched at the
`network layer. Id. at 6:32–46.
`
`C.
`
`Challenged Claims
`Petitioner challenges all of the claims of the ’077 Patent. Claims 1, 7,
`13, 19, and 20 are the independent claims. Claim 1 is illustrative and is
`reproduced below:
`A method comprising:
`1.
`provisioning, each device of a plurality of devices, with one or
`more rules generated based on a boundary of a network protected
`by the plurality of devices with one or more networks other than
`the network protected by the plurality of devices at which the
`device is configured to be located; and
`configuring, each device of the plurality of devices, to:
`receive packets via a communication interface that does
`not have a network-layer address;
`responsive to a determination by the device that a portion
`of the packets received from or destined for a host located
`in the network protected by the plurality of devices
`corresponds to criteria specified by the one or more rules,
`drop the portion of the packets; and
`modify a switching matrix of a local area network (LAN)
`switch associated with the device such that the LAN
`
`4
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`
`switch is configured to drop the portion of the packets
`responsive to the determination by the device.
`
`D.
`
`Asserted Ground of Unpatentability and Asserted Prior Art
`Petitioner asserts that claims 1–4, 6–10, 12–16, 18, and 20 are
`unpatentable as obvious under 35 U.S.C. § 103(a) in view of Jungck.1
`Pet. 20. Further, Petitioner contends claims 5, 11, 17, and 19 are
`unpatentable as obvious under 35 U.S.C. § 103(a) in view of the
`combination of Jungck and RFC 2003.2 Id. In addition, Petitioner relies on
`the Declaration of Kevin Jeffay, Ph.D. (Ex. 1004), in support of both
`asserted grounds of unpatentability.
`
`ANALYSIS
`
`A.
`
`Claim Construction
`For petitions filed before November 13, 2018, claim terms in an
`unexpired patent are given their broadest reasonable construction in light of
`the specification of the patent in which they appear. 37 C.F.R. § 42.100(b);
`see Cuozzo Speed Techs., LLC v. Lee, 136 S. Ct. 2131, 2144–46 (2016). The
`parties propose constructions for several claim terms.
`
`
`1 U.S. Patent Application Pub. No. 2009/0262741 A1, published Oct. 22,
`2009 (Ex. 1008, “Jungck”).
`2 C. Perkins, IP Encapsulation within IP, Oct. 1996 (Ex. 1009, “RFC
`2003”). At this stage of the case, Patent Owner has not disputed
`Petitioner’s assertion that RFC 2003 qualifies as prior art. For purposes of
`this Decision, we determine Petitioner has made a sufficient showing that
`RFC 2003 is prior art to the ’077 Patent.
`
`5
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`
`1.
`
`rule / rules
`
`Petitioner’s Proposal
`
`Patent Owner’s Proposal
`
`a part of a dynamic security policy
`that may specify criteria and one or
`more packet transformation
`functions that should be performed
`for packets associated with the
`specified criteria
`
`a condition or set of conditions that
`when satisfied cause a specific
`function to occur
`
`Pet. 17; Prelim. Resp. 7.
`The ’077 Patent was issued from an application that was a
`continuation of an earlier application that became U.S. Patent No. 9,137,205
`B2 (“the ’205 Patent”). See Ex. 1001, at [63]. The ’205 Patent is the subject
`of another petition for inter partes review, IPR2018-01444, in which trial
`was instituted on February 12, 2019. See Cisco Sys., Inc. v. Centripetal
`Networks, Inc., Case IPR2018-01444, Paper 7 (PTAB Feb. 12, 2019) (“1444
`DI”). In that case, the parties—the same parties in the present case—
`advanced the same claim construction positions and arguments for the term
`“rule” or “rules” as in this case. See id. at 9–10; Pet. 17; Prelim. Resp. 7. In
`the 1444 DI, we concluded that Patent Owner’s proposed construction was
`supported by the intrinsic evidence and adopted it as a result. The relevant
`disclosures in the Specification of the ’077 Patent are the same as those of
`the ’205 Patent. Thus, at this stage, we also adopt Patent Owner’s proposed
`construction in this case for the same reasons as in the 1444 DI.
`
`6
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`
`2.
`
`provisioning, each device of a plurality of devices, with one or
`more rules generated based on a boundary of a network
`protected by the plurality of devices with one or more networks
`other than the network protected by the plurality of devices at
`which the device is configured to be located
`
`Petitioner’s Proposal
`
`Patent Owner’s Proposal
`
`plain meaning
`
`change a device from one state to
`another based on one or more rules
`derived from the boundary of a
`different network
`
`Pet. 17–18; Prelim. Resp. 7–8.
`Patent Owner notes that its proposed construction for this claim
`phrase was proposed in related litigation. Prelim. Resp. 7–8. In its
`Preliminary Response, however, Patent Owner does not provide adequate
`explanation or evidentiary support for its proposal. Indeed, the only
`evidence cited is one paragraph from the Specification, but that paragraph
`does not appear to discuss the “state” of any device, and Patent Owner does
`not explain how the cited disclosure supports its construction. See id. (citing
`Ex. 1001, 16:61–17:9).
`The Specification describes an SPM server “configured to
`communicate one or more dynamic security policies it maintains to [PSGs]
`on a periodic basis” to “ensure that each of [the PSGs] protect each of their
`respective [network] boundaries . . . in a uniform manner.” Ex. 1001,
`16:64–17:4. Based on this intrinsic evidence, we construe this claim phrase
`for purposes of this Decision as “communicating one or more rules to each
`device of a plurality of devices, where the rule(s) are generated based on the
`location of the device at a boundary between a network protected by the
`plurality of devices and one or more other networks.”
`
`7
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`
`3.
`
`layer-2 virtual local area network (VLAN)
`
`Petitioner’s Proposal
`
`Patent Owner’s Proposal
`
`logical subset of the computers on a
`local area network (LAN) that
`communicate only with the
`computers on the same subnetwork
`using a layer-2 protocol
`
`logical grouping of devices on one
`or more local area networks (LANs)
`that allows layer-2 communication
`to occur between them
`
`Pet. 19; Prelim. Resp. 9–10.
`Patent Owner argues Petitioner’s proposed construction is incorrect
`because it “narrowly requires that devices within the VLAN communicate
`only with other devices within the same subnetwork.” Prelim. Resp. 9.
`Petitioner supports its proposed construction of this term with the testimony
`of Dr. Jeffay. Pet. 19 (citing Ex. 1004 ¶¶ 135–136). Dr. Jeffay, however,
`testified to a slightly different construction: “logical subset of the computers
`on a local area network (LAN) that can only communicate with the
`computers in the same subset when only using a layer-2 protocol.” Ex. 1004
`¶ 136 (emphasis added).
`The Specification describes using a layer-2 VLAN such that after the
`packets are assigned to the VLAN, “[t]he packets may then be switched to
`another device on the same VLAN.” Ex. 1001, 10:37–45. This is consistent
`with the dictionary definition presented by Patent Owner. See Ex. 2002, 555
`(defining “VLAN” as a “logical grouping of hosts on one or more [LANs]
`that allows communication to occur between hosts as if they were on the
`same physical LAN”).
`On the record presently available, we agree with Patent Owner’s
`proposed construction and construe “layer-2 virtual local area network
`(VLAN)” as “logical grouping of devices on one or more local area
`
`8
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`networks (LANs) that allows layer-2 communication to occur between
`them,” for purposes of this Decision.
`
`Remaining Claim Terms
`4.
`The parties agree that (1) the term “network-layer address” should be
`construed as “an address that identifies a device for communication on the
`network layer, such as an IP address,” and (2) the term “LAN switch” should
`be construed as “a network device configured to send and receive data
`between computers on a local area network.” Pet. 18–19; Prelim. Resp. 8.
`For purposes of this Decision, we adopt these claim constructions.
`In addition, Petitioner proposes to apply the construction of
`“switching matrix of a local area network (LAN) switch” proposed by Patent
`Owner in related litigation. Pet. 19. Patent Owner does not dispute this
`construction, but notes that the district court in the related litigation has since
`adopted a slightly different construction. Prelim. Resp. 9. At this stage, we
`agree with Patent Owner that the differences between them do not affect the
`issues raised in this case. See id. Thus, for purposes of this Decision, we
`adopt the district court’s construction: “a switching matrix contained within
`a [LAN switch] that is configured to direct traffic in a local area network
`(LAN).” See Ex. 2001, 23.
`
`Preliminary Claim Constructions
`5.
`As explained above, for purposes of this Decision, we construe claim
`terms of the ’077 Patent as follows:
`
`9
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`
`Claim Term/Phrase
`
`rule / rules
`
`provisioning, each device of a
`plurality of devices, with one or
`more rules generated based on a
`boundary of a network protected
`by the plurality of devices with
`one or more networks other than
`the network protected by the
`plurality of devices at which the
`device is configured to be located
`
`layer-2 virtual local area network
`(VLAN)
`
`network-layer address
`
`LAN switch
`
`switching matrix of a local area
`network (LAN) switch
`
`Construction
`
`a condition or set of conditions that
`when satisfied cause a specific
`function to occur
`
`communicating one or more rules to
`each device of a plurality of devices,
`where the rule(s) are generated based
`on the location of the device at a
`boundary between a network protected
`by the plurality of devices and one or
`more other networks
`
`logical grouping of devices on one or
`more local area networks (LANs) that
`allows layer-2 communication to
`occur between them
`
`an address that identifies a device for
`communication on the network layer,
`such as an IP address
`
`a network device configured to send
`and receive data between computers
`on a local area network
`
`a switching matrix contained within a
`LAN switch that is configured to
`direct traffic in a LAN
`
`No other claim terms in the ’077 Patent require express construction
`for purposes of this Decision. See Vivid Techs., Inc. v. Am. Sci. & Eng'g,
`Inc., 200 F.3d 795, 803 (Fed. Cir. 1999).
`
`10
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`B.
`
`Alleged Unpatentability Under § 103(a)
`A claim is unpatentable under § 103 if the differences between the
`claimed subject matter and the prior art are “such that the subject matter as a
`whole would have been obvious at the time the invention was made to a
`person having ordinary skill in the art to which said subject matter pertains.”
`KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 406 (2007). The question of
`obviousness is resolved on the basis of underlying factual determinations,
`including: (1) the scope and content of the prior art; (2) any differences
`between the claimed subject matter and the prior art; (3) the level of skill in
`the art; and (4) objective evidence of nonobviousness, i.e., secondary
`considerations. Graham v. John Deere Co., 383 U.S. 1, 17–18 (1966).
`Additionally, the obviousness inquiry typically requires an analysis of
`“whether there was an apparent reason to combine the known elements in
`the fashion claimed by the patent at issue.” KSR, 550 U.S. at 418 (citing
`In re Kahn, 441 F.3d 977, 988 (Fed. Cir. 2006) (requiring “articulated
`reasoning with some rational underpinning to support the legal conclusion of
`obviousness”)); see In re Warsaw Orthopedic, Inc., 832 F.3d 1327, 1333
`(Fed. Cir. 2016) (citing DyStar Textilfarben GmbH & Co. Deutschland KG
`v. C. H. Patrick Co., 464 F.3d 1356, 1360 (Fed. Cir. 2006)).
`
`Level of Ordinary Skill
`1.
`Petitioner asserts that a person of ordinary skill in the art would have
`had a bachelor’s degree in computer science, computer engineering or an
`equivalent, as well as four years of industry experience. Pet. 21 (citing
`Ex. 1004 ¶¶ 23–25). In addition, Petitioner indicates a person of ordinary
`skill would have had “a working knowledge of packet-switched networking,
`
`11
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`firewalls, security policies, communication protocols and layers, and the use
`of customized rules to address cyber attacks.” Id.
`At this stage of the case, Patent Owner does not dispute Petitioner’s
`formulation of the level of skill in the art. Based on the information
`presented in the Petition and Dr. Jeffay’s testimony, we adopt Petitioner’s
`formulation for purposes of this Decision.
`
`Secondary Considerations of Non-Obviousness
`2.
`Neither party presented any evidence or argument regarding
`secondary considerations of non-obviousness at this stage of the case. Thus,
`we do not consider any such considerations in our analysis for this Decision.
`
`Overview of Jungck
`3.
`Jungck is a published patent application relating to improvements to a
`network’s infrastructure, including a “packet interceptor/processor apparatus
`[that] is coupled with the network so as to be able to intercept and process
`packets flowing over the network.” Ex. 1008, at [57]. “The apparatus
`applies one or more rules to the intercepted packets which execute one or
`more functions on a dynamically specified portion of the packet and take
`one or more actions with the packets.” Id. Such actions may include
`releasing the packet unmodified, deleting the packet, or forwarding the
`packet for subsequent processing. Id.
`Figure 1 of Jungck is reproduced below:
`
`12
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`
`
`
`Figure 1 depicts exemplary network 100 for use with the embodiments
`disclosed in Jungck. Id. ¶ [0031]. Network 100 may be the Internet, another
`type of public network, or a private network. Id. For example, the network
`may be a local area network (LAN) or a wide area network (WAN). Id.
`¶ [0032]. As shown in Figure 1, a client device (e.g., client 106) may be
`connected to network 100 via a point-of-presence (e.g., POP 116), which is a
`“connecting point which separates the client . . . from the network.” Id.
`¶ [0041]. A POP may comprise, for example, one or more routers, and may
`be provided by an internet service provider (ISP). Id.
`Jungck discloses a number of embodiments. The “[t]hird”
`embodiment is depicted in Figure 6, which is reproduced below:
`
`13
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`
`
`Figure 6 depicts enhanced network 100, which is connected to clients 102,
`104, 106, and 612 via service providers 118 and 120. Id. ¶ [0107]. More
`specifically, each client is connected via a POP—for example, client 104 is
`connected via POP2A of service provider 118. Id. Service provider 118
`also has edge server 602A, which may be “integrated with a router” and is
`“able to intercept all network traffic flowing between [POPs 116, including
`POP2A] and the network 100.” Id. Once intercepted, edge server 602A can,
`for example, detect packets “whose origin address could not have come from
`the downstream network . . . to which it is connected” and prevent those
`packets from reaching network 100. Id. ¶ [0111].
`
`The “fourth embodiment” of Jungck is depicted in Figure 7, which is
`reproduced below:
`
`14
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`
`
`
`Figure 7 depicts “edge adapter/packet interceptor system 700,” featuring
`packet interceptor adapter 720 coupled with router 702. Id. ¶¶ [0126]–
`[0127]. Router 702 may be located within an ISP located at the edge of a
`network 100, which may be the Internet or a private intranet/extranet as
`described above (e.g., Figure 1), and additionally may be an optical based
`network or an electrical network. Id. ¶ [0127].
`
`Jungck’s “[f]ifth” embodiment includes exemplary device 900
`coupled with optical based network 100 (such as the Internet). Id. ¶ [0265].
`Device 900 is positioned to “intercept and process packets communicated
`between the upstream network portion 100A and the downstream network
`portion 100B.” Id. ¶ [0266]. Processing elements within device 900 may
`perform “ingress and egress filtering,” whereby device 900 is “programmed
`with the range of network addresses in [downstream network portion 100B]”
`such that device 900 is able to detect and filter out packets arriving from
`
`15
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`downstream network portion 100B that do not have a network address
`within that range. Id. ¶ [0269].
`
`Overview of RFC 2003
`4.
`RFC 2003 is a specification of an Internet protocol (IP) standard,
`
`specifically “a method by which an IP datagram may be encapsulated
`(carried as payload) within an IP datagram.” Ex. 1009, 1. This
`encapsulation enables altering the normal routing for a datagram by
`delivering it to an intermediate destination not specified by the IP header of
`the datagram. Id. This is performed by inserting an outer IP header before
`the original IP header whereby the outer IP header specifies that
`intermediate destination’s address. See id. at 3.
`
`Independent Claim 1
`5.
`Petitioner contends claim 1 of the ’077 Patent is obvious in view of
`Jungck. According to Petitioner, Jungck teaches the “provisioning”
`limitation of claim 1 in its description of edge servers. Pet. 33–37.
`Specifically, Petitioner contends that Jungck discloses multiple edge servers
`(i.e., the recited “plurality of devices”) protecting a network (e.g., network
`100 in Figure 6) from malicious traffic originating from other networks (e.g.,
`the downstream networks of POPs 114 or 116) by being located at the
`boundary between them and filtering the data. Id. at 34, 36; see Ex. 1008,
`Fig. 6. Petitioner asserts Jungck discloses that an edge server can detect data
`packets with origin addresses that do not match the downstream network to
`which it is connected, and block those packets from reaching the protected
`network. Pet. 36–37 (citing Ex. 1008 ¶ [0111]). Additionally, Petitioner
`also cites Jungck’s discussion of ingress filtering in its fifth embodiment. Id.
`
`16
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`(citing Ex. 1008 ¶ [0269]). Thus, Petitioner argues, Jungck teaches that the
`edge server applies rules that are based on the particular boundary where the
`edge server is located, i.e., the boundary with a particular downstream
`network. Id. Petitioner cites Jungck’s disclosure of a “rules processor” that
`interfaces with external devices that define and communicate rule sets to the
`packet interceptor adapter, for example, to intercept particular types of
`packets. See id. at 36; Ex. 1008 ¶ [0157].
`With respect to the limitation of configuring each device to receive
`packets “via a communication interface that does not have a network-layer
`address,” Petitioner relies on Jungck’s disclosure that the device of its fourth
`embodiment may be “selectively transparent to the network” such that the
`device’s “addressability may be disabled to make the device invisible to
`other network devices.” Ex. 1008 ¶ [0126]; see Pet. 38. Petitioner also cites
`Jungck’s disclosure that an edge server “effective needs no address because
`it intercepts the necessary network traffic,” and clients “do not need to know
`of the existence of the edge server.” Ex. 1008 ¶ [0098]; see Pet. 38.
`Petitioner next contends Jungck teaches dropping packets responsive
`to a determination that a portion of packets “correspond to criteria” specified
`by the provisioned rule(s), as recited in claim 1, in its description of an
`“ingress filter.” Pet. 38–40. More specifically, Jungck describes how an
`edge server “detects a data packet whose origin address could not have come
`from the downstream network . . . to which it is connected,” in which case
`the edge server determines the packet “must be a forgery” and can “eradicate
`it or prevent it from reaching the network 100.” Ex. 1008 ¶ [0111].
`According to Petitioner, these disclosures teach the edge server determining
`that packets correspond to criteria (i.e., origin address) and, responsive to
`
`17
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`that determination, dropping those packets to prevent them from reaching
`the protected network. Pet. 39–40.
`Finally, for the “switching matrix” limitation, Petitioner notes that
`Jungck teaches the use of network switches and a switch “fabric” to manage
`network traffic. Id. at 42 (citing Ex. 1008 ¶¶ [0150], [0199]). Further,
`Petitioner relies on Jungck’s disclosures that an edge server can be
`“integrated with a router” and a router “is often included as part of a network
`switch.” Ex. 1008 ¶¶ [0033], [0092]; Pet. 42–43. Thus, Petitioner argues,
`Jungck teaches that a network switch, like a LAN switch, may be configured
`to drop packets determined by the edge server to trigger a rule because, as
`discussed above, Jungck discloses that the edge server (i.e., part of the
`network switch) can drop such packets. Pet. 43 (citing Ex. 1004 ¶ [0177]).
`Additionally, Petitioner cites Jungck’s disclosures regarding packet
`interceptor adapter 720, including that the adapter is shown as part of router
`702 (Ex. 1008, Fig. 7) and that “any device which intercepts and processes
`packets can utilize the packet interceptor adaptor 720” (id. ¶ [0180]).
`Pet. 43–44. Router 702 also includes buffer 714, routing table 728, and
`routing logic 730, which Petitioner contends also teach the recited switching
`matrix. Id. at 43–46 (citing Ex. 1004 ¶¶ [0178]–[0180]).
`Although some of Jungck’s teachings identified by Petitioner are from
`different embodiments of Jungck, Petitioner contends a person of ordinary
`skill would have had reason to combine them because they are all applicable
`to the same network environment and architecture, and are directed to
`similar functions. Pet. 32 (citing Ex. 1008 ¶¶ [0025], [0031], [0111], [0126],
`[0182]–[0183], [0263]–[0264], [0282]; Ex. 1004 ¶¶ 140–141). Relying on
`Dr. Jeffay’s testimony, Petitioner further asserts that combining the
`
`18
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`teachings of each of the Jungck embodiments would have “produce[d]
`predictable and operable results,” and involved “simple substitutions, and
`applying known programming techniques to improve similar systems” that a
`skilled artisan would have understood how to implement to accomplish
`certain design objectives. Id. at 32–33 (citing Ex. 1004 ¶¶ 141–143).
`On this record, we find Petitioner’s arguments and evidence discussed
`above make a sufficient showing at this stage that Jungck teaches each
`limitation of claim 1, as set forth in the Petition, and we find Patent Owner’s
`counterarguments unpersuasive. Patent Owner first argues that Jungck’s
`edge servers do not teach the recited plurality of devices because they are
`“not gateways,” and Jungck purportedly “distinguishes” them from gateway
`servers. Prelim. Resp. 31–32. Claim 1, however, does not recite “gateways”
`or “gateway servers,” instead reciting merely a “plurality of devices.”
`Next, Patent Owner contends Jungck’s edge servers do not teach the
`recited devices because they are “not located at a protected network.” Id. at
`32; see also id. at 34–37 (similar argument regarding Jungck’s fourth and
`fifth embodiments). According to Patent Owner, the edge servers are
`located “within ISPs on the client side of the network 100.” Id. at 33.
`Again, however, Patent Owner’s arguments are not commensurate with the
`scope of the claim. Claim 1 does not recite that the devices are located at
`the protected network but rather at the “boundary” between the protected
`network and one or more networks. As shown in Figure 6, for example,
`Jungck teaches edge server 602A located between network 100 (as well as
`connected servers 108 and 110) and the downstream network of POPs 116
`(including connected clients 102 and 104). Ex. 1008, Fig. 6.
`
`19
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`
`Patent Owner also asserts that Jungck does not teach the switching
`matrix limitations of claim 1. Prelim. Resp. 38–39. According to Patent
`Owner, applying the teachings of Jungck to place an edge server into a LAN
`switch would change the principle of operation of Jungck because the
`disclosed edge servers “are designed to be placed in heavy traffic access
`points such as at the edge of [ISPs].” Id. (citing Ex. 1008 ¶ [0107], Fig. 6).
`The evidence does not, however, support Patent Owner’s argument. The
`cited portions of Jungck do not indicate that Jungck’s edge servers are
`limited to “heavy traffic access points” or “the edge of [ISPs].” Although
`Jungck discusses edge servers in that context, Jungck explicitly states that
`“the disclosed embodiments are not limited to the Internet and are applicable
`to other types of public networks as well as private networks, and
`combinations thereof, and all such networks are contemplated.” Ex. 1008
`¶ [0031]. For example, Jungck discloses that system 700, including router
`702 and packet interceptor adapter 720, may be associated with “a private
`intranet or extranet.” Id. Ex. ¶ [0127].
`Lastly, Patent Owner argues that Petitioner failed to adequately
`demonstrate that a skilled artisan would have combined the teachings of
`Jungck’s multiple embodiments. Prelim. Resp. 17–27. These arguments are
`substantially similar to those advanced in IPR2018-01444, which also
`concerned combinations of teachings from multiple embodiments in Jungck,
`and are unpersuasive for similar reasons. See 1444 DI, at 15–18. We note,
`for example, that Jungck’s Figure 1 shows a common network environment
`applicable to all of Jungck’s embodiments. See Ex. 1008 ¶ [0031]; Fig. 1.
`Additionally, we note that Jungck states, for example, that “any device
`which intercepts and processes packets can utilize the packet interceptor
`
`20
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`adaptor 720” of Jungck’s fourth embodiment, as discussed above. Ex. 1008
`¶ [0180]. Contrary to Patent Owner’s assertions, we determine that the
`Petition sets forth an adequate showing with sufficient specificity that a
`skilled artisan would have had reason to combine the teachings of Jungck’s
`embodiments, for purposes of this Decision.
`In sum, for the reasons set forth above, we conclude that Petitioner
`has demonstrated a reasonable likelihood of prevailing on its asserted
`ground of unpatentability that claim 1 of the ’077 Patent is obvious in view
`of the teachings of Jungck.
`
`Independent Claims 7 and 13
`6.
`Claim 7 recites essentially the same limitations as claim 1, but is
`directed to a system rather than a method. Likewise, claim 13 recites the
`same limitations as claim 1, but is directed instead to non-transitory
`computer-readable media comprising instructions that, when executed,
`perform the recited steps. Petitioner relies on the same arguments and
`evidence for these claims as for claim 1, and further explains how Jungck
`teaches the recited structural elements (e.g., the “processor” and “memory”
`of claim 7). Pet. 34–46. Patent Owner does not raise any arguments with
`respect to these claims other than those for claim 1.
`For the same reasons as explained above for claim 1, we conclude that
`Petitioner has demonstrated a reasonable likelihood of prevailing on its
`asserted ground of unpatentability that claims 7 and 13 of the ’077 Patent are
`obvious in view of the teachings of Jungck.
`
`21
`
`
`
`IPR2018-01513
`Patent 9,560,077 B2
`
`
`Dependent Claims 2–4, 6, 8–10, 12, 14–16, and 18
`7.
`The Petition sets forth detailed arguments and supporting evidence
`with respect to dependent claims 2–4, 6, 8–10, 12, 14–16, and 18. Pet. 46–
`56. For example, Petitioner relies on Jungck’s disclosures regarding packet
`filtering based on source address to detect and block “forgery” packets as
`teaching the “spoofed source addresses” limitations of claims 2, 8, and 14.
`Pet. 46–48 (citing Ex. 1008 ¶¶ [0111], [0271]; Ex. 1004 ¶¶ 183–184). For
`the “malicious network traffic” and “subscription service” limitations of
`claims 3, 9, and 15, Petitioner relies on Jungck’s teachings regarding
`protecting against “malicious program code” identified by “a third party
`such as a virus watch service.” Pet. 48–52 (citing 1008 ¶¶ [0111], [0153],
`[0157], [0176], [0269]; Ex. 1004 ¶¶ 191–199). With respect to the
`limitations of claims 4, 10, and 16 requiring provisioning one or more rules
`via a communication interface of the device having a network-layer address,
`Petitioner relies on Jungck’s disclosures regarding, for example,
`management interface 722 depicted in Figure 7 and external interface 838
`depicted in Figure 8. Pet. 53–56 (citing 1008 ¶¶ [0153], [0157], [0160],
`[0175], Figs. 7, 8; Ex. 1004 ¶¶ 200–211).
`Claims 6, 12, and 18 depend from claims 1, 7, and 13 respectively,
`and furthe
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
