PTAB

IPR2021-01428

Cisco Systems Inc v. SecurityProfiling LLC

Log In
Key Events
Petition

1. Case Identification

2. Patent Overview

  • Title: Management of Security of Computing and Network Devices
  • Brief Description: The ’063 patent relates to a network security system centered around a security server. The server collects operating system and configuration data from network devices, uses packet analysis to identify network traffic attempting to exploit known vulnerabilities, and then selectively deploys diverse mitigation actions, such as firewall blocking and intrusion prevention measures, to protect the identified vulnerable devices.

3. Grounds for Unpatentability

Ground 1: Claims 1 and 5 are obvious over Willebeek-LeMair.

  • Prior Art Relied Upon: Willebeek-LeMair (Patent 7,359,962) (“W-L”).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that W-L, as a single reference, discloses every element of the challenged claims. W-L describes an integrated network defense system that combines firewall, intrusion detection system (IDS), and vulnerability assessment functionalities. The system uses "threat information" and "detection signatures" (second vulnerability information) from a central database, which are tailored using enterprise-specific data (e.g., operating system configurations) to create customized signatures for the protected network (first vulnerability information). W-L's system identifies an occurrence by inspecting incoming packets with network monitors (its IDS and firewalling functionalities). It then performs a packet analysis by comparing packet features against the tailored signatures to determine if a specific, accurately identified vulnerability on a network device is susceptible to attack. Upon detection, W-L selectively utilizes a diversity of mitigation actions, including a "block action" performed by its "firewalling functionality" and a "terminate action" performed by its "intrusion detector functionality." Petitioner contended these actions directly map to the claimed firewall-based and intrusion prevention system-based mitigation types.

Ground 2: Claims 1 and 5 are obvious over Gupta in view of Graham.

  • Prior Art Relied Upon: Gupta (Application # 2003/0004689) and Graham (Patent 7,237,264).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Gupta discloses a comprehensive security system that identifies actual vulnerabilities on target platforms by categorizing devices based on configuration, including operating systems. Gupta’s system generates an "attack file" containing this vulnerability information, which is used by network sensors to detect occurrences (attacks in network traffic) that may exploit these known vulnerabilities. For mitigation, Gupta discloses providing a user with multiple response options, including terminating TCP connections, which Petitioner mapped to the claimed intrusion prevention system-based mitigation. Graham was asserted to supply the claimed firewall-based mitigation. Graham teaches a system that correlates threat data with target fingerprints to determine actual vulnerability and discloses taking "precautionary measures" such as "commanding the firewall" to "block incoming data transmissions from the suspect node."
    • Motivation to Combine: Petitioner argued a person of ordinary skill in the art (POSITA) would combine the teachings of Gupta and Graham. A POSITA would have been motivated to implement the well-known firewall-based blocking taught by Graham within Gupta's system for identifying and responding to vulnerabilities. This combination represents the application of a known technique (firewall blocking for a known threat) to a known system (Gupta's vulnerability identification framework) to achieve the predictable result of providing an additional, effective mitigation option.
    • Expectation of Success: A POSITA would have had a reasonable expectation of success in combining the references, as both address network security, and integrating a known firewall function into a security management system was a common and well-understood practice.

4. Arguments Regarding Discretionary Denial

  • Petitioner argued that discretionary denial under 35 U.S.C. §325(d) would be inappropriate. The primary references for Ground 2, Gupta and Graham, were never considered during the original prosecution. For Ground 1, while W-L was cited by the Examiner, it was not used as the basis for any rejection. Petitioner contended that the Examiner committed a material error by overlooking the direct and relevant teachings of W-L regarding the very limitations that were added to overcome prosecution hurdles, specifically the identification of vulnerabilities and the selective use of diverse mitigation actions including a firewall.
  • Petitioner further argued against discretionary denial under the Fintiv factors. The parallel district court litigation was in its very early stages, with minimal investment by either party. The petition was filed expeditiously, just over four months after the complaint and well before the one-year statutory bar. Critically, the district court's trial date was estimated to occur after the statutory deadline for a Final Written Decision (FWD) in the IPR, weighing heavily against denial. Petitioner also cited the strong merits of its unpatentability arguments as a factor favoring institution.

5. Relief Requested

  • Petitioner requests the institution of an inter partes review and the cancellation of claims 1 and 5 of Patent 10,609,063 as unpatentable.