Zscaler Inc v. Symantec Corp

1. Case Identification

• Case #: IPR No. Unassigned
• Patent #: 8,316,429
• Filed: April 10, 2018
• Petitioner(s): Zscaler, Inc.
• Patent Owner(s): Symantec Corporation
• Challenged Claims: 1-9 and 13-17

2. Patent Overview

• Title: Methods and Systems for Obtaining URL Filtering Information
• Brief Description: The ’429 patent relates to a proxy server system designed to police computer network communications. The technology addresses the challenge of inspecting encrypted traffic by extracting information from an Internet host's digital certificate, categorizing the host based on this information, and then determining whether to grant access or decrypt the communication for further examination based on predefined security policies.

3. Grounds for Unpatentability

Ground 1: Claims 1-9 and 13-17 are obvious over Levow in view of Toneguzzo.

• Prior Art Relied Upon: Levow (Application # 2006/0248575) and Toneguzzo (Application # 2003/0182573).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that the combination of Levow and Toneguzzo rendered the challenged claims obvious. Levow was asserted to disclose the core framework of the invention: a proxy server functioning as a "man-in-the-middle" that intercepts secure (SSL) communications and selectively decides whether to decrypt them for inspection or pass them through undecrypted. In Levow, this decision is based on whether the destination server is on a pre-defined "ignore list" (e.g., for trusted banking sites). Petitioner contended that Toneguzzo supplied the missing element by teaching a method of content filtering based on information extracted directly from a digital certificate, such as a URL, content rating, or issuer name. Therefore, the combination taught a proxy that intercepts an SSL handshake, extracts categorizing information from the responding host's digital certificate (per Toneguzzo), and uses that information to make the selective decryption decision (per Levow's framework). This combination was argued to meet the limitations of independent claims 1 and 13, with dependent claims adding conventional features also found in the prior art.
  • Motivation to Combine: Petitioner presented several motivations for a person of ordinary skill in the art (POSITA) to combine the teachings. The primary motivation was to simplify Levow's system and make it more robust. Levow’s method of identifying hosts on its "ignore list" could require either a standard DNS lookup (for a URL request) or a reverse DNS lookup (for an IP address request), adding complexity. A POSITA would combine Toneguzzo's teaching to use the URL extracted directly from the host's digital certificate, which is available during the SSL handshake regardless of the initial request format. This would create a single, simplified, and consistent method for categorizing the host. A second motivation was to improve security; by using verified information from the digital certificate (like the issuer name), the system gains greater assurance that it is correctly categorizing the intended, authenticated host before deciding to bypass decryption.
  • Expectation of Success: Petitioner argued that a POSITA would have had a reasonable expectation of success in combining the references. The combination involved applying a known filtering technique (Toneguzzo's certificate-based analysis) to a known proxy architecture (Levow's selective decryption system). Both references already contemplated that the host's digital certificate would be available and inspected during the SSL handshake. Using the certificate's contents to inform the policy decision taught by Levow was a predictable, straightforward design choice that would have yielded the claimed invention with no undue experimentation.

4. Key Claim Construction Positions

• "proxy" (claims 1 and 13): Petitioner asserted this term should be construed according to its express definition provided in the ’429 patent specification. This definition describes a device that enforces rules on network traffic by intercepting the traffic, parsing and analyzing messages, and modifying the traffic based on a collection of "if-then" rules.
• "uniform resource locator (URL) information" (claim 13): Petitioner proposed that the broadest reasonable construction of this term, based on the specification, includes either a full path URL (e.g., http://www.hostname.com) or a truncated URL (e.g., www.hostname.com or the hostname alone). This construction was argued to be critical for mapping the prior art to the limitations of claim 13.

5. Relief Requested

• Petitioner requests institution of an inter partes review and cancellation of claims 1-9 and 13-17 of Patent 8,316,429 as unpatentable.