IPR2015-01856
McAfee Inc v. Cap Co Ltd
1. Case Identification
- Case #: IPR2015-01856
- Patent #: 8,544,078
- Filed: September 2, 2015
- Petitioner(s): McAfee, Inc.
- Patent Owner(s): CAP Co., Ltd.
- Challenged Claims: 7-11, 13-15, 21, and 23-25
2. Patent Overview
- Title: Flexible Network Security System and Method for Permitting Trusted Process
- Brief Description: The ’078 patent discloses a method and system for a flexible firewall that controls network access on an application-specific basis. It maintains a list of permitted programs and automatically manages port access for those programs, simplifying security for users who may not know specific port numbers.
3. Grounds for Unpatentability
Ground 1: Claims 7-11, 13-15, 21, and 23-25 are obvious over Yadav in view of Freund.
- Prior Art Relied Upon: Yadav (Patent 7,174,566) and Freund (Patent 5,987,611).
- Core Argument for this Ground:
Prior Art Mapping: Petitioner argued that Yadav and Freund collectively disclose every limitation of the challenged claims.
- Yadav taught an "integrated network intrusion detection" system that functions as a "dynamic firewall." This system used an Application Rule Enforcer (ARE) to check application-specific network policies when a program requested network access. If the policy permitted the request, the ARE notified a Network Traffic Enforcer (NTE) to open a communication channel, adding its parameters (including port information) to an "authorization list." The NTE then monitored inbound traffic, blocking any communications not corresponding to an entry on the authorization list. Petitioner contended Yadav's policy repositories map to the claimed
internal permitted program storageand its "authorization list" maps to theinternal permitted port storage. Yadav further disclosed identifying applications by their full path and hash value. - Freund provided more explicit detail for a firewall that automatically managed internet access based on a list of approved programs. Freund taught a "Client Monitor" that maintained a database of applications permitted to access the internet. When an application requested access, the Client Monitor intercepted the request, compared the application's properties (name, version, checksum) against the database, and either permitted or blocked it. Petitioner asserted that Freund’s database of applications is a clear disclosure of the claimed
list of programsstored in aninternal permitted program storage. Freund also taught extracting program information, including executable name and checksums, to populate and enforce these rules.
- Yadav taught an "integrated network intrusion detection" system that functions as a "dynamic firewall." This system used an Application Rule Enforcer (ARE) to check application-specific network policies when a program requested network access. If the policy permitted the request, the ARE notified a Network Traffic Enforcer (NTE) to open a communication channel, adding its parameters (including port information) to an "authorization list." The NTE then monitored inbound traffic, blocking any communications not corresponding to an entry on the authorization list. Petitioner contended Yadav's policy repositories map to the claimed
Motivation to Combine: A Person of Ordinary Skill in the Art (POSITA) would combine Yadav and Freund for several reasons. Both references addressed the well-known problem of simplifying firewall management by shifting from port-based to application-based rules. They also employed compatible Windows-based architectures and used similar implementation details, such as Winsock hooking, to intercept network requests. A POSITA implementing Yadav's higher-level dynamic firewall concept would have looked to a detailed, practical implementation like Freund for specific methods of creating and managing application rule lists and databases.
Expectation of Success: A POSITA would have had a high expectation of success. Combining Freund’s detailed database management for application rules with Yadav's dynamic firewall architecture was a combination of known elements to achieve a predictable result: a more robust and user-friendly application-specific firewall.
Key Aspects: Petitioner's argument centered on the idea that the ’078 patent merely combined well-understood components of application-specific firewalls. Yadav provided the dynamic framework of checking application policies and updating an authorization list, while Freund provided the explicit mechanism of a user-configurable database of permitted programs identified by name and checksum.
4. Key Claim Construction Positions
Petitioner proposed constructions for several key terms under the "broadest reasonable interpretation" standard, arguing these constructions were critical to mapping the prior art.
internal permitted program storage: Proposed as "internal storage of information identifying programs permitted by the firewall." This construction allowed Petitioner to map Yadav’s policy repositories and Freund’s application database to this limitation.internal permitted port storage: Proposed as "internal storage of information identifying permitted ports." This allowed mapping of Yadav’s "authorization list," which contained parameters for open communication channels, including port numbers.server port: Proposed as "a port for listening to accept a new inbound communication." This construction was used to argue that Yadav’s interception of "listen" requests constituted the extraction of server port information.a port of a packet of inbound traffic: Proposed as "the destination port of a packet of inbound traffic," aligning the claim language with the function of a firewall checking inbound data packets.
5. Relief Requested
- Petitioner requested the institution of an inter partes review (IPR) and the cancellation of claims 7-11, 13-15, 21, and 23-25 of Patent 8,544,078 as unpatentable under 35 U.S.C. §103.