PTAB

IPR2022-00035

Cisco Systems Inc v. SecurityProfiling LLC

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Management of Security of Computing and Network Devices
  • Brief Description: The ’066 patent relates to managing the security of network devices by collecting device configuration data, determining if network traffic is attempting to exploit a known vulnerability, and selecting remediation techniques based on the identified vulnerability.

3. Grounds for Unpatentability

Ground 1: Claim 1 is obvious over Willebeek-LeMair.

  • Prior Art Relied Upon: Willebeek-LeMair (Patent 7,359,962), or "W-L".
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that W-L, a single reference, discloses all limitations of claim 1. W-L describes an integrated network security system combining a firewall, an intrusion detection system (IDS), and a vulnerability scanner. Petitioner asserted that W-L's "threat aggregation functionality," which stores threat information and detection signatures, corresponds to the claimed "second data storage" containing "second vulnerability information." W-L’s "security management agent" then generates tailored detection signatures (the "first vulnerability information") by using network discovery data to identify specific device configurations (e.g., Microsoft operating systems). These tailored signatures are then supplied to the IDS and firewall functionalities. Petitioner contended that W-L teaches identifying an "occurrence" when the system inspects incoming network packets. If a packet's features match a tailored signature, the system determines that a device is susceptible to an actual vulnerability. In response, W-L utilizes diverse mitigation actions, including a "block action" by its firewalling functionality and a "terminate action" by its IDS functionality, which Petitioner argued meets the final limitations of the claim.
    • Motivation to Combine: As a single-reference ground, the argument focused on a Person of Ordinary Skill in The Art (POSITA) finding it obvious to implement the integrated system disclosed in W-L. Petitioner argued W-L teaches all the necessary components and their interaction, rendering the claimed combination obvious.
    • Expectation of Success: Petitioner argued a POSITA would have had a high expectation of success because W-L explicitly describes combining these known security functions into a single, unified system to achieve more effective network defense.

Ground 2: Claim 1 is obvious over Gupta in view of Graham.

  • Prior Art Relied Upon: Gupta (Application # 2003/0004689) and Graham (Patent 7,237,264).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Gupta taught most limitations of claim 1 and Graham supplied the remaining elements. Gupta discloses a security system that identifies actual device vulnerabilities by generating a tailored "attack file" ("first vulnerability information") for a target platform based on its specific configuration (e.g., vendor, device, operating system). This attack file is generated from a broader, hierarchical database of computer attacks and countermeasures ("second vulnerability information"). Gupta's system then uses sensors to detect occurrences in network traffic (e.g., signature matches) that could exploit the identified vulnerabilities. While Gupta teaches mitigation actions like terminating TCP connections, Petitioner relied on Graham to explicitly teach using a firewall as a mitigation type. Graham describes taking precautionary measures against attacks on vulnerable systems, including "commanding the firewall" to "block incoming data transmissions."
    • Motivation to Combine: A POSITA would combine Gupta and Graham because Gupta teaches a system for identifying specific vulnerabilities and Graham teaches an effective, well-known corrective action (firewall blocking) for such vulnerabilities. Petitioner asserted that combining Graham's firewall technique with Gupta's vulnerability identification and response system was merely applying a known technique to a similar system to achieve the predictable result of enhanced security.
    • Expectation of Success: A POSITA would have reasonably expected success in adding a firewall-based mitigation action from Graham to Gupta's system, as firewalls were a conventional and well-understood tool for network security.

4. Arguments Regarding Discretionary Denial

  • §325(d) - Same or Substantially the Same Art or Arguments: Petitioner argued that discretionary denial under 35 U.S.C. § 325(d) was inappropriate because the Examiner made a material error during prosecution.
    • Regarding W-L, although it was cited in an Information Disclosure Statement (IDS), it was never applied in a rejection. Petitioner contended the Examiner overlooked W-L's direct relevance and incorrectly concluded in the Notice of Allowance that the prior art failed to teach the key combination of identifying an occurrence, determining a corresponding vulnerability, and using diverse mitigation actions including a firewall, all of which W-L allegedly teaches.
    • Regarding Gupta, it was cited in one of a dozen IDS filings submitted on the same day, totaling over 700 references. Petitioner argued this meant the Examiner's review was likely "merely cursory" and not a substantive consideration of its teachings. Graham was not cited at all.
  • §314(a) - Fintiv Factors: Petitioner argued the Fintiv factors weighed strongly against discretionary denial. The parallel district court litigation was in its "very early stages," with no trial date set and minimal investment in the merits of the invalidity case. Petitioner further noted it filed the IPR petition expeditiously and stipulated that it would not pursue the same invalidity grounds in the district court if the IPR is instituted, thereby mitigating concerns about overlapping issues and preserving judicial resources.

5. Relief Requested

  • Petitioner requests institution of an inter partes review and cancellation of claim 1 of the ’066 patent as unpatentable under 35 U.S.C. § 103.