Zscaler Inc v. Symantec Corp

1. Case Identification

• Case #: IPR 2017-01763
• Patent #: 7,735,116
• Filed: July 11, 2017
• Petitioner(s): Zscaler, Inc.
• Patent Owner(s): Symantec Corp.
• Challenged Claims: 1-9, 13-19

2. Patent Overview

• Title: System and Method for Unified Threat Management with a Relational Rules Methodology
• Brief Description: The ’116 patent describes a Unified Threat Management (UTM) system that purports to improve on prior art by implementing a "security hierarchy" on a security gateway. This hierarchy organizes security functions into distinct, interdependent levels, from lowest to highest, allowing each higher-level security feature to build upon the functions of the levels below it.

3. Grounds for Unpatentability

Ground 1: Obviousness of Claims 1-4 over WatchGuard ILS and WatchGuard Reference Guide

• Prior Art Relied Upon: WatchGuard Intelligent Layered Security Architecture (Nov. 2005) (“WatchGuard ILS”) and WatchGuard System Manager Reference Guide v8.2 (Oct. 2005) (“WatchGuard Reference Guide”).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that WatchGuard ILS, a whitepaper describing WatchGuard's Firebox UTM appliances, discloses the core limitations of independent claim 1. It describes an "Intelligent Layered Security (ILS) architecture" with multiple security layers (e.g., Data Integrity, Stateful Firewall, Content Security) that constitute the claimed "security hierarchy." This architecture is implemented on a security gateway that evaluates incoming packets at a first level (the Data Integrity layer) and drops them if non-compliant. While WatchGuard ILS mentions "comprehensive log messages," it lacks detail. The WatchGuard Reference Guide, a manual for the same Firebox appliance, fills this gap by describing traffic logs with "FWAllow" or "FWDeny" headers, which provide the claimed "indication of its compliance" with a test.
  • Motivation to Combine: A person of ordinary skill in the art (POSITA) would combine these references because they are contemporaneous documents from the same company for the same product. Petitioner asserted that the ILS whitepaper's high-level mention of "comprehensive log messages" would naturally direct a POSITA to the product’s detailed reference guide to understand the feature's implementation.
  • Expectation of Success: A POSITA would have a high expectation of success, as the combination merely involves consulting different technical documents for a single, commercially available product to obtain a complete understanding of its operation.

Ground 2: Obviousness of Claims 5-9 over WatchGuard ILS and WatchGuard Configuration Guide

• Prior Art Relied Upon: WatchGuard ILS (Nov. 2005) and WatchGuard System Manager Fireware Configuration Guide v8.2 (Nov. 2005) (“WatchGuard Configuration Guide”).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground addresses claims directed to dynamically defining attack defense rules. Petitioner asserted that WatchGuard ILS discloses identifying attacks (e.g., DoS, DDoS, port scans) at a specific level of its security hierarchy and determining a plurality of "indicator parameters" (e.g., source/destination IP, network protocol). The WatchGuard Configuration Guide then discloses how to "dynamically defin[e] an attack defense processing rule" for these same attacks. The guide shows a "Default Packet Handling" dialog box where a user can configure thresholds (e.g., packets per second for a DoS flood attack) that, when exceeded, trigger a defensive rule to block the malicious traffic.
  • Motivation to Combine: The motivation is identical to Ground 1. The Configuration Guide provides the specific implementation and user-configuration details for the high-level attack defense features described in the ILS architectural whitepaper. A POSITA seeking to implement the defenses mentioned in WatchGuard ILS would consult the corresponding configuration manual.
  • Expectation of Success: Success would be expected, as it involves using a product’s configuration manual to understand and implement the features described in its architectural overview.

Ground 3: Obviousness of Claims 13-19 over WatchGuard Configuration Guide

• Prior Art Relied Upon: WatchGuard Configuration Guide (Nov. 2005).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground argues that the WatchGuard Configuration Guide alone renders claims 13-19 obvious. These claims relate to analytically breaking down an access control rule into portions corresponding to different levels of a security hierarchy. Petitioner argued the guide's disclosure of creating an HTTP proxy policy meets these limitations. The creation of such a policy involves two distinct portions: (1) a packet filtering function that defines the source/destination addresses (a lower-level function corresponding to the OSI network level), and (2) a proxy action that performs content filtering on specific URLs (a higher-level function corresponding to the OSI application level). This two-part policy, with functions at different OSI layers, was argued to embody the claimed "security hierarchy" and the process of creating it constituted "analytically breaking down the access control rule." The transport protocol level was identified as an intermediate security level.

4. Key Claim Construction Positions

• "security hierarchy": Petitioner argued that the broadest reasonable interpretation (BRI) of this term is "a relationship between security functions from a lowest level to a highest level." This construction was based on language the applicant added during prosecution and was critical for mapping the layered architectures of the WatchGuard prior art to the claims.
• Claim 7: Petitioner identified an error in claim 7, which depends from claim 5 but recites a "common parameter value" for which claim 5 provides no antecedent basis. Claim 6, however, does recite this term. Petitioner requested that the Board, for the purpose of the IPR, construe claim 7 as if it depended from claim 6 to resolve the indefiniteness issue.

5. Relief Requested

• Petitioner requests institution of an inter partes review and cancellation of claims 1-9 and 13-19 of Patent 7,735,116 as unpatentable under 35 U.S.C. §103.