PTAB

IPR2019-00561

Trend Micro Inc v. Cupp Computing As

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: System and Method for Providing Network and Computer Firewall Protection with Dynamic Address Isolation to a Device
  • Brief Description: The ’272 patent discloses a computer security system that provides firewall protection by using a network address translation (NAT) engine to dynamically translate application addresses to public addresses. This process is intended to isolate applications on a computer from an external network while providing both network-level and application-level security.

3. Grounds for Unpatentability

Ground 1: Obviousness of Claim 7 over Sikdar in view of Wright

  • Prior Art Relied Upon: Sikdar (WO 2006/069041) and Wright (Application # 2005/0055578).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Sikdar disclosed the core elements of claim 7. Sikdar’s “Reconfigurable Semantic Processor” (RSP) was described as a firewall capable of handling both network-level security (e.g., Denial of Service filtering) and application-level security (e.g., identifying viruses in email attachments). Sikdar’s RSP was also disclosed as performing NAT and Port Address Translation (PAT) operations, thereby functioning as a network address translation engine that dynamically isolates internal devices. While Sikdar disclosed that data packets contain application-layer information, Wright was cited for its explicit disclosure of including an "application identifier" in data packets at the application layer of the OSI model.
    • Motivation to Combine: A Person of Ordinary Skill in the Art (POSITA) would combine Wright's teaching of explicit application identifiers with Sikdar's system to enhance its disclosed application-specific security. Sikdar teaches distinguishing between different application protocols (e.g., SMTP for email, HTML for web) for threat analysis. Using an explicit identifier as taught by Wright would be a known and logical way to make this distinction more reliable and robust, thereby improving the firewall's effectiveness.
    • Expectation of Success: Incorporating application identifiers into data packets was a well-known technique in 2007. A POSITA would have had a reasonable expectation of success in applying this known technique to Sikdar's firewall system to predictably improve its application-aware filtering capabilities.

Ground 2: Obviousness of Claims 1 and 16 over Sikdar in view of AAPA

  • Prior Art Relied Upon: Sikdar (WO 2006/069041) and Applicant Admitted Prior Art (AAPA) from Figure 18 of the ’272 patent.
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner asserted that Sikdar disclosed a computer (e.g., a laptop) with applications, a network interface, and a NAT engine (the RSP). The key missing element argued to be obvious was a specific driver for routing packets to the NAT engine. The AAPA (from the ’272 patent’s own specification) disclosed an "intermediate driver" that automatically forwards data packets from network interfaces to a software-based firewall.
    • Motivation to Combine: A POSITA would have been motivated to implement a driver, as shown in the AAPA, within Sikdar’s system for the simple and necessary purpose of directing data traffic. To perform the NAT and firewall functions disclosed in Sikdar, incoming and outgoing packets must be sent to the RSP software module. Using a driver to manage this packet flow is a fundamental and common-sense implementation detail in computer networking, as confirmed by the AAPA's own disclosure.
    • Expectation of Success: Drivers were a ubiquitous and well-understood technology for routing data within a computer’s network stack. A POSITA would have readily configured a driver to forward packets to Sikdar’s RSP with a high expectation of success, viewing it as a standard implementation choice.

Ground 3: Obviousness of Claims 1 and 16 over AAPA in view of Sikdar

  • Prior Art Relied Upon: AAPA (from Figure 18 of the ’272 patent) and Sikdar (WO 2006/069041).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground reversed the primary and secondary references from Ground 2. The AAPA was presented as the base system, disclosing a computer with applications, network interfaces, drivers, and a software-based firewall, but lacking a NAT engine. Sikdar was cited for its extensive teaching of integrating NAT/PAT functionality directly with a firewall to protect the identity of internal machines and reduce the number of required public IP addresses.
    • Motivation to Combine: A POSITA would combine Sikdar's NAT/PAT functionality with the AAPA's software-based firewall to gain the well-known security and network management benefits of address translation. The ’272 patent itself acknowledged prior art firewalls that included NAT. A POSITA would therefore have been motivated to add this conventional feature, as taught by Sikdar, to the basic firewall architecture shown in the AAPA to create a more robust and secure system.
    • Expectation of Success: Integrating NAT with a firewall was a common, well-established practice by 2007. A POSITA would have recognized that Sikdar's NAT functionality could be readily implemented in the software of the AAPA's firewall with a predictable outcome and a high expectation of success.

4. Relief Requested

  • Petitioner requests institution of an inter partes review and cancellation of claims 1, 7, and 16 of the ’272 patent as unpatentable.