PTAB

IPR2018-01506

Cisco Systems Inc v. Centripetal Networks Inc

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: System and Method for Protecting a Secure Network
  • Brief Description: The ’205 patent discloses methods and systems for network security. The system uses multiple Packet Security Gateways (PSGs) located at network boundaries to receive and enforce a dynamic security policy, which is communicated from a central Security Policy Management Server (SPMS).

3. Grounds for Unpatentability

Ground 1: Obviousness over Jungck, Ingate, and RFC 2003 - Claims 49, 61-63, 75-77, and 89-90 are obvious over Jungck in view of Ingate and RFC 2003.

  • Prior Art Relied Upon: Jungck (Application # 2009/0262741), Ingate (Firewall/SIParator® SIP Security Best Practice, Sep. 2, 2008), and RFC 2003 (IETF Request for Comment, Oct. 1996).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Jungck teaches the core architecture of the challenged claims, including packet interceptor devices (PSGs) located at network boundaries that receive dynamically modifiable rules from an external management device (an SPMS). Ingate was asserted to supply the specific limitation of using Session Initiation Protocol (SIP) Uniform Resource Identifiers (URIs) as a filtering criterion, a known best practice for securing Voice-over-IP (VoIP) networks. The combined teachings allegedly disclose a system where PSGs receive dynamic security policies with rules specifying both network addresses and SIP URIs.
    • Motivation to Combine: A POSITA would combine Jungck’s general-purpose, rule-based packet filtering system with Ingate’s specific teachings on SIP-based security to improve the security of VoIP applications, which Jungck explicitly contemplates. To implement the packet re-routing function taught by Jungck, a POSITA would have looked to industry standards like RFC 2003, which teaches using IP encapsulation as a preferred and well-understood method for re-routing packets to an intermediate destination without losing the original header information.
    • Expectation of Success: The combination involved applying known security techniques (SIP filtering) to a known architecture (programmable gateways) and using a standard protocol (IP encapsulation) for a predictable improvement in network security.

Ground 2: Obviousness over Jungck, Ingate, RFC 2003, and Ahn - Claims 50-51, 56, 64-65, 70, 78-79, and 84 are obvious over the combination of Jungck, Ingate, RFC 2003, and Ahn.

  • Prior Art Relied Upon: Jungck (Application # 2009/0262741), Ingate (Firewall/SIParator® SIP Security Best Practice, Sep. 2, 2008), RFC 2003 (IETF Request for Comment, Oct. 1996), and Ahn (Application # 2011/0055916).

  • Core Argument for this Ground:

    • Prior Art Mapping: This ground incorporated the arguments from Ground 1 and added Ahn to address claims requiring at least two PSGs configured in series. Petitioner contended that Ahn explicitly teaches distributing rules across multiple firewalls arranged in a serial "pipeline" to improve packet filtering efficiency. This mapping addresses limitations requiring a first gateway to forward a portion of packets to a second gateway, which then applies a subsequent rule set. Ahn was also cited for its express teaching of rules based on a "5-tuple" (source/destination IP, source/destination port, protocol), which allegedly renders claims reciting this limitation obvious.
    • Motivation to Combine: A POSITA would combine the pipelined, multi-firewall architecture of Ahn with the core system of Jungck/Ingate to achieve improved performance and throughput in packet analysis. This modification was argued to be a predictable design choice, as serial processing was a well-known technique for load distribution, and Ahn itself suggests combining its techniques with other firewall technologies.
    • Expectation of Success: Implementing a known serial processing architecture (Ahn) to improve the performance of a rule-based filtering system (Jungck/Ingate) would have been a routine and predictable modification for a POSITA.

  • Additional Grounds: Petitioner asserted additional obviousness challenges based on the core combination of Jungck, Ingate, and RFC 2003, further combined with Ke (Patent 7,095,716) for claims related to packet queuing, and with RFC 2474 for claims related to Differentiated Service Code Point (DSCP) selectors. These grounds relied on similar theories of combining known techniques to achieve predictable results.

4. Key Claim Construction Positions

  • "Dynamic Security Policy": Petitioner argued this term should be construed according to its explicit definition in the ’205 patent specification: "any rule, message, instruction, file, data structure, or the like that specifies criteria corresponding to one or more packets and identifies a packet transformation function to be performed." Petitioner contended the claims were obvious even under the Patent Owner's narrower proposed construction from litigation ("a non-static set of...rules").
  • "Packet Transformation Function": Petitioner argued this term should be construed broadly as "an action taken on a packet," including forwarding, dropping, or routing, consistent with the specification. This construction was presented in direct opposition to the Patent Owner’s litigation position, which sought to exclude "forwarding" and "dropping," a position Petitioner argued was contradicted by the patent's own claims and specification.

5. Arguments Regarding Discretionary Denial

  • Petitioner argued that discretionary denial under §325(d) or §314(a) was not warranted. The petition asserted that it presented different prior art combinations (specifically, Jungck as a primary reference) and challenged different claim groups than those addressed in prior petitions or during original prosecution. Petitioner contended that instituting the IPR would therefore be an efficient use of Board resources and not be redundant or abusive.

6. Relief Requested

  • Petitioner requested institution of an inter partes review and cancellation of claims 49-51, 54, 56-57, 61-65, 68, 70-71, 75-79, 82, 84-85, and 89-90 of the ’205 patent as unpatentable.