Cisco Systems Inc v. Centripetal Networks Inc

1. Case Identification

• Case #: IPR2018-01444
• Patent #: 9,137,205
• Filed: July 27, 2018
• Petitioner(s): Cisco Systems, Inc.
• Patent Owner(s): Centripetal Networks, Inc.
• Challenged Claims: 1-3, 5-11, 17-19, 21-27, 33-35, and 37-43

2. Patent Overview

• Title: Dynamic Network Security
• Brief Description: The ’205 patent discloses methods and systems for protecting a secured network using one or more packet security gateways (PSGs) located at network boundaries. The PSGs receive dynamic security policies from a central security policy management server (SPMS) and perform packet transformation functions on network traffic according to rules within those policies.

3. Grounds for Unpatentability

Ground 1: Obviousness over Jungck and Bhatia

• Legal Basis: Claims 1, 5, 7, 9, 17, 21, 23, 25, 33, 37, 39, and 41 are obvious over Jungck in view of Bhatia.
• Prior Art Relied Upon: Jungck (Application # 2009/0262741) and Bhatia (Application # 2007/0118894).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Jungck taught the core architecture of the challenged claims, including a packet interceptor/processor apparatus (a PSG) that applies rules to packets received from an external management device (an SPMS). Jungck disclosed various packet transformation functions like modifying, dropping, or forwarding packets based on these rules. However, the key limitations added during prosecution—receiving updated security policies at first, second, and third times to create an expanding set of allowed network addresses—were allegedly taught by Bhatia. Bhatia disclosed dynamically updating whitelists to combat Denial of Service (DoS) attacks, where authenticated IP addresses are added to the whitelist over time, creating an expanding set of allowed addresses that is communicated to packet filtering devices.
  • Motivation to Combine: A POSITA would combine these references because they addressed the same problem of packet filtering to prevent network attacks. Petitioner asserted that Bhatia’s dynamic whitelist was an obvious and interchangeable alternative to Jungck’s use of blacklists. A POSITA would have been motivated to incorporate Bhatia's more sophisticated, dynamic whitelist technique into Jungck's system to improve its effectiveness in combating attacks with dynamic policies.
  • Expectation of Success: A POSITA would have had a reasonable expectation of success, as combining Bhatia's software-based dynamic whitelist policies with Jungck's programmable packet filtering hardware was a predictable integration of known network security techniques.

Ground 2: Obviousness over Jungck, Bhatia, and Ahn

• Legal Basis: Claims 2-3, 10, 18-19, 26, 34-35, and 42 are obvious over Jungck in view of Bhatia and Ahn.

• Prior Art Relied Upon: Jungck (Application # 2009/0262741), Bhatia (Application # 2007/0118894), and Ahn (Application # 2011/0055916).

• Core Argument for this Ground:

  • Prior Art Mapping: This ground incorporated the arguments for the Jungck/Bhatia combination from Ground 1 and added Ahn to teach the limitations of claims requiring at least two PSGs configured in series. Ahn explicitly disclosed using multiple firewall processors arranged in a "pipeline" or serial configuration to improve packet filtering efficiency. In Ahn's system, a first firewall processed packets against a first rule subset and forwarded the allowed packets to a second firewall, which processed them against a second rule subset. This directly mapped to the claimed limitations of a first gateway forwarding packets to a second gateway.
  • Motivation to Combine: A POSITA would combine Ahn with Jungck/Bhatia to improve the performance and efficiency of the packet filtering system. Serial rule processing was a well-known technique for increasing throughput. Jungck itself acknowledged the load-distribution benefits of serializing processing tasks. A POSITA would therefore have been motivated to apply the pipelined approach taught by Ahn to the gateways in Jungck to improve packet filtering efficiency.
  • Expectation of Success: The combination would have yielded predictable results, as modifying Jungck's gateways to operate in the serial configuration taught by Ahn was a routine design choice for improving network device performance.

• Additional Grounds: Petitioner asserted additional obviousness challenges based on the Jungck/Bhatia combination in view of other prior art. These grounds argued for adding: queuing to manage traffic bottlenecks and provide different service levels (in view of Ke, Patent 7,095,716); SIP URI-based filtering and packet encapsulation for rerouting (in view of Ingate and RFC 2003); and rules based on Differentiated Service Code Point (DSCP) selectors for quality of service (in view of RFC 2474).

4. Key Claim Construction Positions

• "Dynamic Security Policy": Petitioner argued this term should be construed according to its explicit definition in the specification: "any rule, message, instruction, file, data structure, or the like that specifies criteria corresponding to one or more packets and identifies a packet transformation function to be performed."
• "Packet Transformation Function": Petitioner contended this term meant "an action taken on a packet," including forwarding, dropping, accepting, queueing, or routing. This construction was argued to be supported by the specification and the language of claim 9. Petitioner noted that Patent Owner had previously proposed a construction in litigation that improperly excluded "forwarding" and "dropping."

5. Arguments Regarding Discretionary Denial

• Petitioner argued that discretionary denial under §325(d) or §314(a) was not warranted. The petition asserted that the primary prior art reference, Jungck, was not considered during the original prosecution of the ’205 patent. Furthermore, the specific combinations of prior art presented in the petition were argued to be new and not redundant to any arguments previously considered by the USPTO. Petitioner also contended that instituting the IPR would be an efficient use of the Board's resources.

6. Relief Requested

• Petitioner requested the institution of an inter partes review and cancellation of claims 1-3, 5-11, 17-19, 21-27, 33-35, and 37-43 of the ’205 patent as unpatentable.