PTAB

IPR2021-00912

Forescout Technologies Inc v. Fortinet Inc

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Network Access Control System and Method for Devices Connecting to Network Using Remote Access Control Methods
  • Brief Description: The ’299 patent discloses a network access control (NAC) system for managing remotely connected devices. The system leverages an out-of-band architecture to automatically perform authentication, assessment, authorization, provisioning, and remediation for devices attempting to access a network.

3. Grounds for Unpatentability

Ground 1: Obviousness over Palmer - Claims 1 and 3-8 are obvious over Palmer in view of the knowledge of a POSITA.

  • Prior Art Relied Upon: Palmer (Patent 7,882,538).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Palmer teaches an endpoint defense cache system that discloses every element of the challenged claims. Palmer’s system controls network access using an "intermediate network device" (the claimed Network Access Control Server or NACS) that communicates with a remote "access control server" (the claimed Remote Access Device or RAD). Petitioner asserted that Palmer’s disclosure of pre-caching security information from the remote server to the local intermediate device before a user attempts access constitutes the claimed "out-of-band" control. Palmer further teaches managing connections based on identity, endpoint compliance (health checks), and usage policies, as well as using agents on endpoint devices to collect information and enforce policies.
    • Motivation to Combine (for §103 grounds): The ground asserted that Palmer, supplemented by the ordinary knowledge of a Person of Ordinary Skill in the Art (POSITA), renders the claims obvious. A POSITA would have understood that Palmer's components and architecture inherently perform the functions recited in the claims, such as using device-specific access rights as a network access filter (NAF) and monitoring post-connection status by receiving updated health information from agents.
    • Expectation of Success (for §103 grounds): Petitioner contended success was expected because Palmer provides a complete blueprint for the claimed system, and any modifications would involve applying conventional networking and security principles.

Ground 2: Obviousness over Palmer and Gilde - Claims 3, 7, and 10 are obvious over Palmer in view of Gilde.

  • Prior Art Relied Upon: Palmer (Patent 7,882,538) and Gilde (Patent 8,520,512).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground relied on Palmer as the primary reference disclosing the base NAC system architecture. Petitioner argued that Gilde, which discloses a customizable network quarantining system, supplies specific features recited in the dependent claims. For claim 3, Gilde explicitly taught using a VPN concentrator as an "enforcement point," which functions as the RAD in Palmer’s system. For claim 7, Gilde disclosed using scan policies based on user identity and location received from a remote enforcement point (the RAD) to manage access. For claim 10, Gilde taught generating security threat analysis reports and providing automatic remediation options for non-compliant devices, fulfilling the claimed usage policy enforcement limitations.
    • Motivation to Combine (for §103 grounds): A POSITA would combine Palmer and Gilde because both references address the same fundamental problem of controlling endpoint device access to a network using similar architectures (a central control appliance and remote enforcement points). Petitioner argued a POSITA would look to Gilde's specific implementations of VPN concentrators, scan policies, and automated remediation to improve the functionality of Palmer's base system.
    • Expectation of Success (for §103 grounds): Success was expected because the combination involved integrating known, complementary features from Gilde into the analogous components of Palmer’s system to enhance its security capabilities, representing a predictable design choice.

4. Key Claim Construction Positions

  • "out-of-band": Petitioner argued for the patent's explicit definition: "[u]sed to convey something that is not in the direct path of a process." This was contrasted with the Patent Owner's proposed construction of "not in a data path of said network access," which Petitioner contended was improperly broader.
  • "RAD-agnostic": Petitioner asserted the correct construction is the patent's definition: "[t]he state of being unaffected by the manufacturer of" the RAD. Petitioner argued the Patent Owner's proposed construction, "supports RADs from multiple vendors," was an oversimplification that ignored the "unaffected by" requirement.

5. Arguments Regarding Discretionary Denial

  • Petitioner argued that discretionary denial under Fintiv would be inappropriate and that the factors strongly favor institution. The co-pending district court litigation was in its early stages, with no trial date set and no claim construction yet performed. The petition raised prior art (Palmer and Gilde) that was never considered during prosecution, meaning the inter partes review (IPR) would not be duplicative of the examiner's work or the court’s anticipated efforts. Petitioner asserted that these factors, combined with the strong merits of the petition, weighed heavily in favor of institution.

6. Relief Requested

  • Petitioner requests institution of IPR and cancellation of claims 1, 3-8, and 10 of the ’299 patent as unpatentable under 35 U.S.C. §103.