PTAB

IPR2018-01655

Cisco Systems, Inc. v. Centripetal Networks, Inc.

Log In

1. Case Identification

2. Patent Overview

  • Title: Correlating Packets in a Communications Network
  • Brief Description: The ’176 patent describes a computing system for addressing the obfuscation of packet flows caused by Network Address Translation (NAT). The system identifies and correlates packets received and transmitted by a network device by comparing log entries, and based on this correlation, generates rules to identify and filter packets from specific hosts.

3. Grounds for Unpatentability

Ground 1: Obviousness over Ivershen, Rajan, Briggs, and Bloch - Claims 1, 11, and 21 are obvious under 35 U.S.C. §103 over Ivershen in view of Rajan, Briggs, and Bloch.

  • Prior Art Relied Upon: Ivershen (Patent 8,219,675), Rajan (Patent 8,271,645), Briggs (Application # 2008/0320116), and Bloch (Patent 7,849,502).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that the combination of these references teaches all limitations of the independent claims. Ivershen was asserted as the primary reference, disclosing a base system for correlating IP packet flows across a NAT firewall by capturing packets on both sides and using an invariant correlation key (e.g., a checksum). Rajan was argued to teach the claimed "generating...log entries" by disclosing network monitoring systems that create trace logs storing portions of network packets, rather than the entire packet. Briggs and Bloch were asserted to teach the claimed rule generation and provisioning, as they describe systems that analyze network traffic to identify malicious activity (e.g., spam) and, in response, generate and send updated rules to a firewall to block or redirect the malicious traffic based on IP address.
    • Motivation to Combine: A Person of Ordinary Skill in the Art (POSITA) would combine Ivershen with Rajan to achieve the well-known benefits of reducing data storage requirements and processing overhead. A POSITA would further combine this system with the teachings of Briggs and Bloch to add a known and desirable security function: automatically mitigating identified threats. This constitutes improving Ivershen's monitoring system with a logical, security-enhancing feature.
    • Expectation of Success: Petitioner asserted a POSITA would have had a reasonable expectation of success, as the combination involves applying common techniques to a known type of network monitoring system to achieve the predictable result of a more efficient and secure network.

Ground 2: Obviousness over Ivershen, Rajan, Briggs, Bloch, and Matityahu - Claims 2, 12, and 22 are obvious over the combination for Ground 1 in view of Matityahu.

  • Prior Art Relied Upon: Ivershen (Patent 8,219,675), Rajan (Patent 8,271,645), Briggs (Application # 2008/0320116), Bloch (Patent 7,849,502), and Matityahu (Patent 7,499,412).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground builds on Ground 1 to address dependent claims requiring first and second "taps" on the communication paths. Petitioner argued that Ivershen’s packet capture devices are examples of "taps." Matityahu was introduced to supplement this by teaching an improved, programmable network tap that can be provisioned with rules to perform actions like deleting, replacing, or forwarding packets based on signature matching.
    • Motivation to Combine: A POSITA would combine Matityahu’s programmable taps with the Ivershen system to provide more flexible and active functionality. This would allow the system not only to log packets for correlation but also to actively inspect traffic and take immediate action (e.g., drop malicious packets) on the interfaces, providing additional security benefits and greater control.
    • Expectation of Success: The combination was argued to be predictable, as it involves implementing Ivershen's packet capture function using a more advanced but well-understood component (a programmable tap) to gain its known advantages.

Ground 3: Obviousness over Ivershen, Rajan, Briggs, Bloch, and Frahim - Claims 3, 13, and 23 are obvious over the combination for Ground 1 in view of Frahim.

  • Prior Art Relied Upon: Ivershen (Patent 8,219,675), Rajan (Patent 8,271,645), Briggs (Application # 2008/0320116), Bloch (Patent 7,849,502), and Frahim (Cisco ASA, 2006).

  • Core Argument for this Ground:

    • Prior Art Mapping: This ground addresses dependent claims requiring the correlation step to comprise comparing port numbers. While Ivershen prefers not to use port numbers for correlation because they can change during NAT, Frahim was asserted to teach a "static" NAT implementation where the IP address is translated but the port number is not.
    • Motivation to Combine: A POSITA would have been motivated to implement Ivershen's system with a static NAT as taught by Frahim because it makes the source and destination ports "invariant" across the firewall. This would allow the port numbers to be used as a simple and reliable key for correlating packet flows, overcoming the difficulty noted in Ivershen and simplifying the overall correlation process.
    • Expectation of Success: Implementing a known type of NAT (static) within Ivershen's system to simplify a known challenge (packet correlation) was argued to be a predictable modification within the skill of a POSITA.

  • Additional Grounds: Petitioner asserted additional obviousness challenges for claims 6, 16, and 26 based on the core combination further in view of Zhu (Patent 8,422,391) to teach correlating packets using network-interface identifiers. Petitioner also challenged claims 8, 18, and 28 based on the core combination further in view of Meloche (Patent 9,634,911) to teach generating and comparing timestamps for received and transmitted packets.

4. Relief Requested

  • Petitioner requests institution of an inter partes review (IPR) and cancellation of claims 1-3, 6, 8, 11-13, 16, 18, 21-23, 26, and 28 of the ’176 patent as unpatentable.