Keysight Technologies Inc v. Centripetal Networks Inc

1. Case Identification

• Case #: IPR2022-01097
• Patent #: 10,193,917
• Filed: June 2, 2022
• Petitioner(s): Keysight Technologies, Inc.
• Patent Owner(s): Centripetal Networks, Inc.
• Challenged Claims: 1-20

2. Patent Overview

• Title: System and Method for Packet Filtering
• Brief Description: The ’917 patent discloses a packet-filtering device for network security that receives and applies filtering rules to network traffic. These rules identify packets corresponding to network-threat indicators and apply an operator (e.g., BLOCK or ALLOW), with the system logging packet and flow data for display and analysis on a user interface.

3. Grounds for Unpatentability

Ground 1: Claims 1-5, 11-15, and 20 are obvious over Sourcefire.

• Prior Art Relied Upon: Sourcefire (Sourcefire 3D System User Guide Version 4.10).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Sourcefire, a user guide for a commercial Intrusion Prevention System (IPS), disclosed all elements of the independent claims. Sourcefire’s “3D Sensor” was described as a packet-filtering device that receives packets, applies intrusion rules based on specified criteria, and takes corresponding actions such as dropping (preventing) or alerting on (allowing) packets. Sourcefire was also said to generate packet log entries for "intrusion events," which could be consolidated into flow logs, communicated to, and displayed on a user interface where rule operators could be modified.
  • Key Aspects: Petitioner heavily relied on the doctrine of collateral estoppel, arguing that claims of a related patent (’722 patent) with nearly identical limitations were previously found unpatentable over the same Sourcefire reference in IPR2018-01760, a Final Written Decision (FWD) that was affirmed by the Federal Circuit.

Ground 2: Claims 6-10 and 16-19 are obvious over Sourcefire in view of Macaulay.

• Prior Art Relied Upon: Sourcefire (Sourcefire 3D System User Guide Version 4.10) and Macaulay (Application # 2015/0207809).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground addressed dependent claims requiring packet flow analysis data to include "one or more scores." Petitioner asserted that while Sourcefire’s system provides a base packet-filtering framework with basic "priority levels," it lacks a dynamic scoring mechanism. Macaulay allegedly supplied this limitation by disclosing a system for refining cyber threat intelligence that calculates dynamic "reputation scores" for traffic attributes. These scores are based on factors such as the number of logged events, traffic volume, and the source of the threat intelligence. Petitioner argued that adding Macaulay's scoring logic to Sourcefire's event logging and display system would result in the claimed invention.
  • Motivation to Combine: A Person of Ordinary Skill in the Art (POSITA) would combine the references to improve upon Sourcefire's rudimentary, static "priority levels" with Macaulay's more sophisticated and dynamic "reputation scores." This combination would provide a more accurate, granular, and responsive method for prioritizing and reacting to network threats, a well-known goal in the field of network security.
  • Expectation of Success: Petitioner argued a POSITA would have a high expectation of success in this combination. Implementing a scoring system based on existing data points like packet counts, timestamps, and threat identifiers was described as a straightforward application of known data processing techniques to Sourcefire's existing security framework, presenting only predictable design choices.

4. Key Claim Construction Positions

• Petitioner submitted that no express claim construction was required for the Board to find the challenged claims unpatentable.
• However, Petitioner argued that the claims are obvious even under constructions adopted in related proceedings for the parent ’722 patent, including:
  • "network-threat indicator": Construed by the Board in a prior IPR as "an indicator that represents the identity of a resource associated with a network threat."
  • "operator": Construed by a district court in a related litigation as "an instruction that modifies or reconfigures the packet filtering device to either prevent or allow a packet to continue to a destination."

5. Arguments Regarding Discretionary Denial

• Petitioner argued against discretionary denial under Fintiv, asserting that the parallel district court and ITC litigations were in their earliest stages with minimal investment and no trial date scheduled. To mitigate overlap, Petitioner stipulated that if IPR is instituted, it would not pursue in the parallel litigation any invalidity ground that was raised or could have reasonably been raised in the petition.
• Petitioner also argued against denial under 35 U.S.C. §325(d), contending that the key prior art (Sourcefire and Macaulay) and the invalidity arguments were not previously presented to or considered by the Examiner during prosecution. The petition highlighted that the ’917 patent issued after a brief examination with no rejections, and that the applicant was aware of the Sourcefire reference from the prior IPR on the ’722 patent but did not cite it to the Examiner.

6. Relief Requested

• Petitioner requests institution of an inter partes review and cancellation of claims 1-20 of Patent 10,193,917 as unpatentable.