Cisco Systems Inc v. Centripetal Networks Inc

1. Case Identification

• Case #: IPR2018-01512
• Patent #: 9,565,213
• Filed: August 20, 2018
• Petitioner(s): Cisco Systems, Inc.
• Patent Owner(s): Centripetal Networks, Inc.
• Challenged Claims: 1-16

2. Patent Overview

• Title: System and Method for Protecting a Secure Network by Filtering Network Communications
• Brief Description: The ’213 patent discloses methods and systems for protecting a secure network using a plurality of packet security gateways (PSGs) located at network boundaries. The PSGs receive dynamic security policies from a central security policy management server to identify and perform transformation functions, including a "packet digest logging function," on network packets.

3. Grounds for Unpatentability

Ground 1: Obviousness over ACNS and Kjendal - Claims 1-9 are obvious over ACNS in view of Kjendal.

• Prior Art Relied Upon: ACNS (Cisco ACNS Software Configuration Guide for Centrally Managed Deployments, Release 5.5) and Kjendal (Patent 9,172,627).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that ACNS, a guide for a Cisco networking system, teaches the core architecture of the challenged claims. Specifically, ACNS’s Content Distribution Manager (CDM) functions as the claimed security policy management server, providing dynamic policies to multiple Content Engines (CEs) that function as the claimed packet security gateways. Petitioner asserted that these policies contain rules specifying application-layer packet-header information (e.g., HTTP request methods or header fields) to trigger packet transformation functions like accepting, denying, or logging packets. The ACNS system identifies subsets of information from packet headers, generates log records, and reformats them into standard logging formats (e.g., “squid,” syslog), allegedly meeting most limitations of claim 1. Kjendal was introduced to supply the limitation of routing selected packets to a separate monitoring device, which Petitioner contended was not explicitly taught by ACNS.
  • Motivation to Combine: Petitioner argued that a person of ordinary skill in the art (POSITA) would combine Kjendal’s well-known packet mirroring capabilities with a related Cisco product like ACNS to enhance its functionality. Since ACNS already discussed the need for enterprise monitoring and logging, incorporating Kjendal’s specific teachings on routing packets to a network logger would have been a straightforward and logical improvement to achieve more robust security analysis.
  • Expectation of Success: A POSITA would have a high expectation of success because Kjendal’s mirroring technology was designed for standard routable protocols like TCP/IP, which are fundamental to the ACNS system. The integration was presented as combining known solutions to yield predictable and beneficial results.

Ground 2: Obviousness over ACNS, Diffserv, and Kjendal - Claims 10-16 are obvious over ACNS in view of Diffserv and Kjendal.

• Prior Art Relied Upon: ACNS, Diffserv (IETF RFC 2475, "An Architecture for Differentiated Services"), and Kjendal (Patent 9,172,627).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground addresses independent claim 10 and its dependents, which differ from claim 1 by reciting more general "packet-identification criteria" that comprise a Differentiated Service Code Point (DSCP) selector. Petitioner argued that ACNS again provides the base system and, critically, already teaches the use of DSCP for implementing Quality of Service (QoS) policies. The Diffserv reference, a foundational IETF standard, was introduced to explicitly teach the architecture for using the DSCP field to classify packets according to defined rules. Petitioner contended that while ACNS implemented DSCP, Diffserv provided the well-known, standardized details for using it as a filtering criterion. Kjendal's teaching of routing packets to a monitoring device served the same purpose as in Ground 1.
  • Motivation to Combine: A POSITA reviewing the ACNS system, which already uses DSCP for QoS, would be naturally motivated to consult the Diffserv standard to enhance its packet filtering capabilities. Combining ACNS with the explicit teachings of Diffserv would be an obvious design choice to leverage the existing DSCP field for more granular, network-layer policy enforcement, rather than being limited to application-layer criteria.
  • Expectation of Success: The combination was asserted to be predictable and obvious. Since ACNS already contains the necessary DSCP fields and QoS framework, applying the standard classification rules described in Diffserv would be a routine implementation for a skilled network engineer.

4. Key Claim Construction Positions

• The petition argued for constructions of several key terms, frequently adopting the Patent Owner's proposed constructions from co-pending litigation to demonstrate the claims' invalidity even under that framework.
• "Packet Transformation Function": Petitioner argued this term should be interpreted broadly as "an action taken upon a packet." This construction includes fundamental actions like forwarding or dropping packets, which are explicitly described in the ’213 patent's specification and recited in dependent claims. Petitioner noted this contradicts the Patent Owner's narrower litigation construction that attempted to exclude these common functions.
• "Dynamic Security Policy": Petitioner contended this term should be understood, consistent with the patent's specification, as any rule, message, or instruction that specifies criteria for identifying packets and a corresponding transformation function. Petitioner emphasized that the "dynamic" nature simply means the policy can be updated.

5. Arguments Regarding Discretionary Denial

• Petitioner argued that discretionary denial under 35 U.S.C. §325(d) was not warranted because the petition presented new prior art combinations (ACNS, Kjendal, Diffserv) and arguments that were not previously considered by the USPTO during the patent’s prosecution.
• It was further argued that denial would be inappropriate because the grounds were distinct from those in a previously filed IPR on the same patent (IPR2018-01386) and were supported by a new expert declaration, thereby presenting substantive issues of first impression for the Board.

6. Relief Requested

• Petitioner requested the institution of an inter partes review and the cancellation of claims 1-16 of the ’213 patent as unpatentable under 35 U.S.C. §103.