PTAB

IPR2018-01386

Cisco Systems Inc v. Centripetal Networks Inc

Log In
Key Events
Petition

1. Case Identification

2. Patent Overview

  • Title: Dynamic Network Security Policy Enforcement
  • Brief Description: The ’213 patent describes methods and systems for protecting a computer network using a plurality of packet security gateways (PSGs) located at network boundaries. The PSGs receive dynamic security policies from a central security policy management server (SPM Server) to identify and perform actions on specific network packets, including generating and formatting packet digest logs.

3. Grounds for Unpatentability

Ground 1: Claims 1-9 are obvious over Narayanaswamy, Kapoor, Johnson, and Kjendal.

  • Prior Art Relied Upon: Narayanaswamy (Application # 2009/0328219), Kapoor (Application # 2008/0229415), Johnson (Application # 2004/0123220), and Kjendal (Patent 9,172,627).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that the combination of references teaches all limitations of independent claim 1 and its dependents. Narayanaswamy was asserted to teach the core architecture: a central server provisioning dynamic security policies to multiple gateway devices that inspect packets based on application-layer information. Kapoor was cited for its teachings on using HTTP-specific packet information for logging and routing packets to monitoring devices. Critically, Petitioner contended that Johnson, which was not considered during prosecution, explicitly discloses the “packet digest logging function” that the Examiner previously found missing from the art. Johnson teaches generating packet digests from application-layer data (e.g., a URL) for logging purposes. Finally, Kjendal was argued to provide further detail on mirroring or routing copies of identified packets to a monitoring device, a concept also present in Kapoor.
    • Motivation to Combine: A POSITA would combine these references because they all address the same field of network security via packet inspection and provide complementary teachings. Petitioner argued Johnson teaches a specific implementation of a known technique (packet digesting) that is generally referenced in Narayanaswamy and Kapoor. Similarly, Kjendal provides detailed instructions for mirroring traffic, a function generally described by Kapoor. Combining these known techniques to improve network security would have been a predictable and logical step.
    • Expectation of Success: A POSITA would have a reasonable expectation of success in combining these software-based network security functions, as they represent the integration of known, compatible techniques to achieve an improved, multi-faceted security system.

Ground 2: Claims 10-16 are obvious over Narayanaswamy, Kapoor, Johnson, Kjendal, and the Diffserv Specification.

  • Prior Art Relied Upon: Narayanaswamy (Application # 2009/0328219), Kapoor (Application # 2008/0229415), Johnson (Application # 2004/0123220), Kjendal (Patent 9,172,627), and the Diffserv Specification (RFC 2475).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground addresses independent claim 10 and its dependents, which largely parallel claims 1-9 but specify that the packet-identification criteria includes a "Differentiated Service Code Point (DSCP) selector." Petitioner asserted that the base combination of Narayanaswamy, Kapoor, Johnson, and Kjendal teaches the overall system, as argued in Ground 1. The addition of the Diffserv Specification, a well-known industry standard for implementing Quality of Service (QoS), was argued to explicitly teach using the DSCP field in packet headers to classify and prioritize network traffic. The Diffserv Specification describes "classifiers" that select packets based on the DSCP value, directly teaching the key limitation of claim 10.
    • Motivation to Combine: Petitioner contended that because Narayanaswamy and Kjendal both expressly refer to QoS implementations, a POSITA seeking to implement such features would have been motivated to consult the predominant industry standard, the Diffserv Specification. Integrating the standard DSCP-based classification taught by Diffserv into the security gateway architecture of Narayanaswamy was presented as an obvious design choice to enhance network traffic management.
    • Expectation of Success: A POSITA would expect success in adding a standardized, widely adopted protocol like Diffserv for QoS to the base network security architecture, as it was designed for such software implementation and interoperability.

4. Key Claim Construction Positions

  • "Packet Transformation Function": Petitioner argued this term should be construed simply as "an action taken upon a packet." This construction is based on descriptions in the specification and the explicit language of dependent claims that recite forwarding and dropping as types of transformation functions. This position counters the Patent Owner's narrower construction from related litigation, which attempted to exclude forwarding and dropping.
  • "Dynamic Security Policy": Petitioner noted that while the ’213 patent provides an explicit definition, the Patent Owner proposed a different construction in litigation ("a non-static set of...rules"). Petitioner asserted that the challenged claims are unpatentable under either construction but adopted the Patent Owner's agreed-upon constructions for other terms like "SPM Server" and "PSG" for the purposes of the petition.

5. Arguments Regarding Discretionary Denial

  • Petitioner argued that discretionary denial under §325(d) was not warranted because the core grounds relied on references and combinations that were not before the Examiner during prosecution. Specifically, the Examiner never considered Johnson, Kjendal, or the Diffserv Specification. Petitioner emphasized that Johnson's disclosure of a "packet digest logging function" directly remedies the deficiency the Examiner relied upon for allowing the claims, suggesting the patent would not have issued had the Examiner been aware of this reference.

6. Relief Requested

  • Petitioner requests the institution of an inter partes review and the cancellation of claims 1-16 of the ’213 patent as unpatentable.