Netskope Inc v. Bitglass Inc

1. Case Identification

• Case #: IPR2021-01046
• Patent #: 10,757,090
• Filed: June 7, 2021
• Petitioner(s): Netskope, Inc.
• Patent Owner(s): Bitglass, Inc.
• Challenged Claims: 17-21, 24

2. Patent Overview

• Title: Data Security Using Proxy Servers
• Brief Description: The ’090 patent relates to systems and methods for data security, with the challenged claims directed to a system for improving secure access to application programs using a federated single-sign-on (SSO) architecture. The claimed system involves communications between five primary entities: a user device, an application server, an identity provider (IdP), a proxy server (acting as an IdP proxy), and a separate application proxy server.

3. Grounds for Unpatentability

Ground 1: Obviousness over Guccione and Woelfel - Claims 17-21 are obvious over Guccione in view of Woelfel.

• Prior Art Relied Upon: Guccione (Application # 2015/0319156) and Woelfel (Application # 2012/0278872).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Guccione disclosed a federated authentication system with nearly all elements of independent claim 17, including a user device (UE), service provider (SP), identity provider (IdP), and a "user IdP proxy" that functions as the claimed proxy server. However, Guccione did not explicitly disclose the claimed "application proxy server." Petitioner asserted that Woelfel supplied this missing element by teaching an enhanced reverse proxy (the "PRS-RP") specifically designed for federated authentication environments to mediate access to cloud applications. For dependent claim 21, requiring the use of Security Assertion Markup Language (SAML), Petitioner argued that Guccione’s use of OpenID and Woelfel’s use of SAML represented the two primary, interchangeable protocols for federated authentication, making the substitution obvious.
  • Motivation to Combine: A Person of Ordinary Skill in the Art (POSA) would combine Woelfel’s reverse proxy with Guccione's system to achieve the well-known benefits of a reverse proxy, such as load balancing, centralized access control, and allowing application servers to be reconfigured without impacting end-users. Petitioner contended that the two proxies (Guccione’s IdP proxy and Woelfel’s application proxy) served distinct functions and their combination would have been a predictable design choice.
  • Expectation of Success: Petitioner asserted a POSA would have a reasonable expectation of success in the combination due to the widespread use of multiple proxy servers in networked systems and the architectural similarities between the federated authentication models described in both references.

Ground 2: Obviousness over Guccione, Woelfel, and Song - Claim 24 is obvious over Guccione in view of Woelfel and Song.

• Prior Art Relied Upon: Guccione (Application # 2015/0319156), Woelfel (Application # 2012/0278872), and Song (WO 2005/069823).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground built upon the Guccione/Woelfel combination to address the additional limitations of claim 24, which recited an "access logger" and a "report generator" at the proxy server. Petitioner argued that neither Guccione nor Woelfel taught these features. Song was introduced to disclose a system for centralized auditing where a proxy server logs network requests by building an audit object from message headers. This audit object is eventually persisted to storage, which Petitioner equated to the claimed report generation.
  • Motivation to Combine: A POSA would be motivated to add Song's logging and reporting capabilities to the proxy server in the combined Guccione/Woelfel system because such features were well-known and increasingly desirable for managing complex networks. Song explicitly taught that this functionality could be performed by a proxy server, making it a natural and logical enhancement.
  • Expectation of Success: Petitioner claimed success would be expected because Song's method of building an audit object via HTTP headers was a standard technique compatible with the OpenID and SAML protocols used in Guccione and Woelfel.

Ground 3: Obviousness over Gemmill and Woelfel - Claims 17-21 are obvious over Gemmill in view of Woelfel.

• Prior Art Relied Upon: Gemmill (a 2008 journal article on cross-domain authorization) and Woelfel (Application # 2012/0278872).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground presented an alternative to Ground 1, substituting the Gemmill reference for Guccione as the primary prior art. Petitioner argued Gemmill disclosed a federated identity management system ("myVocs") that included a user agent (browser), a service provider (SP), an enterprise IdP, and a "myVocs proxy" that acts as an IdP proxy, mapping to most elements of claim 17. As with Guccione, Gemmill allegedly lacked an application proxy server, which was again supplied by Woelfel's PRS-RP.
  • Motivation to Combine: The motivation was the same as in Ground 1: a POSA would combine Woelfel’s reverse proxy with Gemmill's federated system to gain the conventional benefits of an application proxy.
  • Expectation of Success: The expectation of success was argued to be particularly high because both Gemmill (which uses Shibboleth) and Woelfel explicitly taught systems based on the SAML protocol, ensuring straightforward technical integration.
• Additional Grounds: Petitioner asserted an additional obviousness challenge for claim 24 based on the combination of Gemmill, Woelfel, and Song, relying on similar logging and reporting modification theories.

4. Arguments Regarding Discretionary Denial

• Petitioner argued against discretionary denial under 35 U.S.C. §325(d), asserting that none of the prior art references relied upon in the petition were considered by the Examiner during the original prosecution of the ’090 patent. The petition contended that the asserted grounds were new, non-cumulative, and addressed specific claim limitations that the Examiner had previously found to be absent from the prior art of record.

5. Relief Requested

• Petitioner requests institution of IPR and cancellation of claims 17-21 and 24 of the ’090 patent as unpatentable.