PTAB

IPR2021-00913

Forescout Technologies Inc v. Fortinet Inc

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Network Access Control System and Method for Devices Connecting to Network Using Remote Access Control Methods
  • Brief Description: The ’299 patent discloses a network access control (NAC) system for managing remote devices connecting to a network. The system purports to enhance traditional NAC by using an "out-of-band" method to automatically perform authentication, assessment, authorization, provisioning, and remediation in a vendor-agnostic manner.

3. Grounds for Unpatentability

Ground 1: Obviousness over Palmer - Claims 11-16 and 18-21 are obvious over Palmer in view of the knowledge of a POSITA.

  • Prior Art Relied Upon: Palmer (Patent 7,882,538).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Palmer discloses every limitation of independent claim 11 and its dependent claims. Palmer teaches an "endpoint defense cache system" that controls network access based on cached security information. Petitioner contended that Palmer’s "intermediate network device" with its "local access module" is the claimed Network Access Control Server (NACS), and its remote "access control server" is the claimed Remote Access Device (RAD). Palmer’s system performs out-of-band control by pre-caching security information from the RAD to the NACS before a user attempts access. Furthermore, Palmer’s use of agents on endpoint devices to collect health and authentication information, which is then used to grant or deny access, maps directly to the method steps of claim 11.
    • Motivation to Combine: This ground relied on a single reference in view of the general knowledge of a Person of Ordinary Skill in the Art (POSITA). The motivation was inherent in applying a POSITA's understanding to the teachings of Palmer.
    • Expectation of Success: Petitioner asserted that a POSITA would have found it obvious to implement the claimed method based on Palmer's detailed disclosure of a functionally identical network security architecture.

Ground 2: Obviousness over Palmer and Gilde - Claims 12, 15, and 18 are obvious over Palmer in view of Gilde.

  • Prior Art Relied Upon: Palmer (Patent 7,882,538) and Gilde (Patent 8,520,512).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner asserted that Palmer teaches the base method of claim 11, while Gilde supplies the specific features required by dependent claims 12, 15, and 18. For claim 12, which recites an Authentication, Authorization, and Accounting (AAA) server, Petitioner argued Gilde explicitly discloses a network access control system employing an AAA server. For claim 15, which adds scanning by a policy based on user and location, Gilde teaches a policy database containing scanning policies that consider user identity, location, and device health. For claim 18, which adds client remediation upon a scanning failure, Gilde discloses redirecting non-compliant devices to a 'friendly' website to resolve vulnerabilities.
    • Motivation to Combine: A POSITA would combine Palmer and Gilde because both references address the same problem of controlling network access for endpoint devices using similar, predictable architectures (a local control appliance and a remote enforcement point/server). Petitioner argued a POSITA would have been motivated to incorporate Gilde's specific, well-known features (like an AAA server and remediation workflows) into Palmer's system to create a more robust and comprehensive NAC solution.
    • Expectation of Success: A POSITA would have had a reasonable expectation of success in combining the references because the systems are architecturally analogous, making the integration of Gilde's discrete functionalities into Palmer's framework predictable and straightforward.

4. Key Claim Construction Positions

  • "out-of-band": Petitioner argued for the patent's explicit definition: "[u]sed to convey something that is not in the direct path of a process." This construction was critical to asserting that Palmer's pre-caching of security information before a network access attempt constitutes "out-of-band" control.
  • "RAD-agnostic": Petitioner relied on the patent's definition: "[t]he state of being unaffected by the manufacturer of" the RAD. This construction supported the argument that Palmer's system, which does not require a specific vendor for its components, met this limitation.

5. Arguments Regarding Discretionary Denial

  • Petitioner argued that discretionary denial under Fintiv would be improper. It contended that the co-pending district court litigation was in a very early stage, with no trial date set and no claim construction performed, creating a strong likelihood that a stay would be granted if the IPR were instituted.
  • Petitioner also argued against denial under §325(d), asserting that the primary references, Palmer and Gilde, were never presented to or considered by the examiner during prosecution. Petitioner maintained that the art is not cumulative of the previously considered references and raises new, substantial questions of patentability.

6. Relief Requested

  • Petitioner requested institution of an inter partes review and cancellation of claims 11-16 and 18-21 of the ’299 patent as unpatentable.