PTAB

IPR2021-00701

F5 Networks Inc v. Proven Networks LLC

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: System and Methodology for Policy Enforcement
  • Brief Description: The ’786 patent discloses methods for enforcing security policies on client devices requesting network access. The system checks a client for conformance with security policies and, if non-conforming, quarantines the client in an isolated sub-network (e.g., a VLAN) for remediation before granting full network access.

3. Grounds for Unpatentability

Ground 1: Claims 1, 3, 6, 10, 11, 13, 14, and 16-18 are obvious over Herrmann in view of Krantz.

  • Prior Art Relied Upon: Herrmann (Application # 2004/0107360) and Krantz (Application # 2004/0111520).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Herrmann taught a system for enforcing security policies using Extensible Authentication Protocol (EAP) where non-conforming clients are isolated in a "sandbox" area. This isolation was accomplished by restricting access to a limited group of IP addresses (IP filtering). Krantz taught that Virtual Local Area Networks (VLANs) were a well-known method for partitioning a network to improve security, including for restricting and limiting access for unauthorized clients. The combination of these references, Petitioner asserted, disclosed all limitations of the independent claims, including determining policy conformance, examining a client token (Herrmann's "policy MD5 hash"), and restricting access for non-conforming clients to a partitioned network.
    • Motivation to Combine (for 35 U.S.C. §103 grounds): Petitioner contended that a person of ordinary skill in the art (POSITA) would combine these references as a simple substitution of one known network isolation technique for another. A POSITA would be motivated to replace Herrmann's IP filtering with Krantz's VLANs to improve network security, scalability, and management. Krantz was cited as teaching that VLANs were a known alternative to IP filtering for restricting network access.
    • Expectation of Success (for §103 grounds): A POSITA would have had a high expectation of success because applying VLANs—a standard network segregation technology—to Herrmann's policy enforcement framework would yield the predictable result of a more robustly isolated quarantine network.

Ground 2: Claims 4 and 15 are obvious over Herrmann, Krantz, and Yip.

  • Prior Art Relied Upon: Herrmann (Application # 2004/0107360), Krantz (Application # 2004/0111520), and Yip (Patent 6,914,905).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground built upon the combination of Herrmann and Krantz to address the additional limitation of directing a non-conforming client to an isolated VLAN by issuing a "predetermined address." Petitioner argued that Yip taught defining VLAN membership based on layer-3 network information, specifically by assigning clients to VLANs based on their IP address subnet. The combination, therefore, taught directing a client to the isolated "sandbox" VLAN by assigning it an IP address from a predetermined range corresponding to that VLAN's subnet.
    • Motivation to Combine (for §103 grounds): A POSITA would have been motivated to incorporate Yip's teachings to implement the VLAN-based network partitioning of Krantz. Using IP subnets to define VLANs, as taught by Yip, was a known, advantageous method that allowed for greater user mobility and reduced overhead compared to other methods like layer-2 tagging. This provided a clear reason to use a client's assigned IP address to control its VLAN placement.

Ground 3: Claim 12 is obvious over Herrmann, Krantz, and Freund.

  • Prior Art Relied Upon: Herrmann (Application # 2004/0107360), Krantz (Application # 2004/0111520), and Freund (Application # 2003/0055962).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground added Freund to the Herrmann/Krantz combination to address the limitation that the isolated sub-network directs a client to a web server, which in turn directs the client to a "predetermined web-site" for remediation. Petitioner asserted that the base combination taught a sandbox server for remediation. Freund explicitly taught redirecting a non-compliant client to a sandbox server that displays a specific error page at a predetermined URL (e.g., http://linksys.zonelabs.com/8087.html) based on the nature of the non-compliance.
    • Motivation to Combine (for §103 grounds): The motivation was exceptionally strong, as Herrmann explicitly incorporated the application that published as Freund by reference for the specific purpose of providing a "[f]urther description of a 'sandbox' web server for assisting users in remedying non-compliance." This direct citation, Petitioner argued, would have compelled a POSITA to consult Freund to implement the sandbox web server functionality in Herrmann's system.

4. Key Claim Construction Positions

  • Petitioner asserted that no terms required construction but, for convenience, provided its proposed constructions from a parallel district court litigation. Key proposed constructions included:
    • extensible authentication protocol (EAP): "a standardized authentication protocol defined by RFC 2284 and/or RFC 3748"
    • Web server: "A server that uses HTTP to serve up HTML documents and any associated files and scripts when requested by a client, such as a Web browser"

5. Arguments Regarding Discretionary Denial

  • Petitioner argued that the Board should not exercise its discretion to deny the petition under §325(d). The core of this argument was that the primary prior art references, Herrmann and Krantz, were never considered by the Examiner during the original prosecution of the ’786 patent. Petitioner asserted that these new references presented substantially different questions of patentability than those previously before the U.S. Patent and Trademark Office.

6. Relief Requested

  • Petitioner requested the institution of an inter partes review and the cancellation of claims 1, 3, 4, 6, and 10-18 of the ’786 patent as unpatentable.