Cisco Systems Inc v. Centripetal Networks Inc

1. Case Identification

• Case #: IPR2018-01443
• Patent #: 9,137,205
• Filed: July 27, 2018
• Petitioner(s): Cisco Systems, Inc.
• Patent Owner(s): Centripetal Networks, Inc.
• Challenged Claims: 1, 4, 12-17, 20, 28-33, 36, 44-48, 91-96

2. Patent Overview

• Title: Dynamic Security Policy for Protecting a Secured Network
• Brief Description: The ’205 patent describes systems and methods for network security using "packet security gateways" (PSGs) positioned at network boundaries. These PSGs receive and apply "dynamic security policies" from a central "security policy management server" (SPMS) to filter network traffic.

3. Grounds for Unpatentability

Ground 1: Obviousness over Jungck and Bhatia - Claims 1, 4, 12, 14-17, 20, 28, 30-33, 36, 44, 46-48 are obvious over Jungck in view of Bhatia.

• Prior Art Relied Upon: Jungck (Application # 2009/0262741) and Bhatia (Application # 2007/0118894).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Jungck disclosed the core architecture of the challenged claims, including packet interceptor apparatuses (PSGs) at network boundaries that apply rules to packets under the control of an external management device (SPMS). Petitioner contended that while Jungck taught dynamic rules, Bhatia explicitly taught the specific limitation of an expanding whitelist, which was the key feature added during prosecution to overcome rejections. Bhatia disclosed a system for mitigating Denial of Service (DoS) attacks where a packet filter layer receives and implements dynamically updated whitelists from a server, including receiving policies at successive times that add new network addresses to the list.
  • Motivation to Combine: Petitioner asserted that a person of ordinary skill in the art (POSITA) would combine the references because they address the same problem of network security through packet filtering. A POSITA would have been motivated to implement Bhatia's well-known and effective dynamic whitelist/blacklist techniques into Jungck’s more general packet interceptor architecture to improve its effectiveness against attacks. Petitioner argued that using whitelists and blacklists was a matter of design choice, and Bhatia provided a clear roadmap for implementing such a dynamic policy.
  • Expectation of Success: A POSITA would have had a reasonable expectation of success because combining the teachings involved applying known programming techniques (Bhatia's dynamic lists) to a similar system (Jungck's architecture), which would produce predictable and operable results.

Ground 2: Obviousness over Jungck, Bhatia, and RFC 4253 - Claims 13, 29, and 45 are obvious over Jungck in view of Bhatia and RFC 4253.

• Prior Art Relied Upon: Jungck (Application # 2009/0262741), Bhatia (Application # 2007/0118894), and RFC 4253 (an IETF standard for the Secure Shell (SSH) Transport Layer Protocol).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground built upon the combination in Ground 1 to address dependent claims requiring the PSG to have a management interface with a network layer address and securing access to that interface. Petitioner asserted that Jungck disclosed a management interface for its packet interceptor. RFC 4253, the industry standard for SSH, was cited as teaching how to secure remote login and other network services over an insecure network. Since SSH runs on top of TCP/IP, its implementation inherently requires a network-layer address for the management interface.
  • Motivation to Combine: Petitioner argued a POSITA would be motivated to secure the management interface of the combined Jungck/Bhatia system to prevent unauthorized access and control. As Jungck itself suggested the use of SSH, it would have been obvious to turn to the standard-defining document, RFC 4253, for implementation details. Securing a critical control interface is a fundamental aspect of network security design.
  • Expectation of Success: Implementing a well-defined, standard protocol like SSH as detailed in RFC 4253 on a network device's management interface was a routine and predictable task for a POSITA.

Ground 3: Obviousness over Jungck - Claims 91-96 are obvious over Jungck.

• Prior Art Relied Upon: Jungck (Application # 2009/0262741).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground addressed claims requiring a second PSG at a second network boundary, receiving a second dynamic security policy that differs from the first. Petitioner argued that Jungck alone disclosed these features. Jungck’s third embodiment explicitly taught that its edge servers (PSGs) could be deployed at every major network intersection or point-of-presence (POP) to provide comprehensive coverage. Petitioner's analysis of Jungck's Figure 6 showed a first gateway at a first boundary (POP 116) and a second gateway at a second boundary (POP 114), both receiving policies from a subscribing server (SPMS).
  • Motivation to Combine: The motivation was not to combine separate references but to apply the explicit teachings within Jungck. A POSITA would have understood from Jungck that deploying multiple gateways, each with policies tailored to its specific boundary, was a disclosed and logical method for protecting a network.
  • Expectation of Success: As Jungck explicitly described deploying multiple gateways at different boundaries, a POSITA would have had a very high expectation of success in implementing such a configuration.

4. Key Claim Construction Positions

• "Dynamic Security Policy": Petitioner argued this term should be construed according to its explicit definition in the ’205 patent’s specification: "any rule, message, instruction, file, data structure, or the like that specifies criteria..." Petitioner noted that in related litigation, the Patent Owner proposed a narrower construction ("a non-static set of one or more rules...") that was inconsistent with the patent's express definition.
• "Packet Transformation Function": Petitioner contended this term plainly includes actions such as "forwarding" and "dropping" packets, as explicitly stated in the specification and required by the language of the claims (e.g., claim 1 recites performing a function "other than forwarding or dropping"). Petitioner argued that a construction proposed by the Patent Owner in litigation, which sought to exclude forwarding and dropping, was directly contrary to the intrinsic evidence.

5. Arguments Regarding Discretionary Denial

• Petitioner argued that discretionary denial under §325(d) was not warranted because the U.S. Patent and Trademark Office had not previously considered the specific prior art combinations asserted in the petition. Furthermore, the petition was supported by a new expert declaration providing analysis not previously before the Office. Petitioner also argued that denial under §314(a) was inappropriate because the petition was not abusive and its institution would be an efficient use of Board resources, as the Board had not previously addressed the merits of these specific grounds.

6. Relief Requested

• Petitioner requested the institution of an inter partes review and the cancellation of claims 1, 4, 12-17, 20, 28-33, 36, 44-48, and 91-96 of the ’205 patent as unpatentable.