Netskope Inc v. Fortinet Inc

1. Case Identification

• Case #: IPR2023-00459
• Patent #: 10,084,825
• Filed: January 31, 2023
• Petitioner(s): Netskope, Inc.
• Patent Owner(s): Fortinet, Inc.
• Challenged Claims: 1-7, 10-31

2. Patent Overview

• Title: Cooperative Security Fabric
• Brief Description: The ’825 patent describes a method for coordinating security operations among multiple network security appliances in a private network, termed a "cooperative security fabric" (CSF). The system uses flags carried in network packets to inform downstream appliances about security operations already performed by upstream appliances, thereby avoiding redundant processing.

3. Grounds for Unpatentability

Ground 1: Claims 1-5, 12, 15-16, 21-22, and 27 are obvious over Chandra.

• Prior Art Relied Upon: Chandra (Application # 2007/0204018).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Chandra disclosed all limitations of the challenged claims. Chandra taught a system where network security appliances (a transmitting Customer Edge (CE) and a receiving CE) coordinate to obviate redundant security actions. The receiving CE (the "first network security appliance") received network traffic and determined if it came from the transmitting CE (the "second network security appliance") by checking for a "CE label" (the "flag"). Based on the label, which indicated the security actions performed by the transmitting CE, the receiving CE determined its own local operations, including skipping redundant actions already performed. This coordination between appliances, Petitioner asserted, constituted a "cooperative security fabric."
  • Key Aspects: Petitioner contended that Chandra’s system of using labels to track and skip previously performed security actions is functionally identical to the method claimed in the ’825 patent.

Ground 2: Claims 6-7, 17-18, 23-24, and 28-29 are obvious over Chandra in view of Buruganahalli.

• Prior Art Relied Upon: Chandra (Application # 2007/0204018) and Buruganahalli (Application # 2014/0282843).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground built upon the Chandra reference by adding Buruganahalli's teachings for the additional limitations in claims like 6 and 7, which require updating a flag and removing it. Chandra provided the base system of coordinated security appliances. Buruganahalli disclosed a similar system where network devices use a "metadata tag" to track performed actions. Crucially, Buruganahalli taught that a downstream device could update the tag to reflect its own processing before forwarding the packet. It also taught removing the tag before traffic exits the trusted group of devices for security and compatibility reasons.
  • Motivation to Combine: Petitioner argued a person of ordinary skill in the art (POSITA) would combine Buruganahalli's efficient tag-updating method with Chandra's system. In a multi-device path, updating a single tag, as taught by Buruganahalli, would be more efficient and reduce packet overhead compared to each device in Chandra’s system adding a new label. A POSITA would also be motivated to incorporate Buruganahalli’s teaching on removing the tag to protect the proprietary labeling mechanism and ensure compatibility with external devices.
  • Expectation of Success: As both references addressed the same problem of coordinating security devices to reduce redundancy, a POSITA would have had a reasonable expectation of success in combining their complementary features.

Ground 5: Claims 1-5, 10-12, 15-16, 21-22, and 27 are obvious over Keohane.

• Prior Art Relied Upon: Keohane (Application # 2008/0134332).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner asserted that Keohane independently disclosed a multi-level security system where different security elements (e.g., a firewall, a mail gateway) coordinate actions to avoid redundancy, thus forming a CSF. In Keohane, an upstream device (e.g., firewall) performed a security action (like a trusted source check) and added a digital signature (the "flag") to the packet header indicating that action was completed. A downstream device (e.g., mail gateway) examined this signature to determine what actions had been performed and what actions it needed to perform (e.g., a virus scan), thereby skipping redundant checks. This process of using signatures to coordinate and avoid redundant work was argued to map directly onto the limitations of the challenged claims.
• Additional Grounds: Petitioner asserted additional obviousness challenges based on combinations including Chandra in view of Kumar (adding signature-based authentication); Chandra in view of Chandra-2 (adding specific, well-known security operations like logging); Keohane in view of Buruganahalli (adding tag updating); Keohane in view of Kumar (strengthening the signature-based authentication teaching); and Keohane in view of Chandra-2 (adding specific security operations). These grounds relied on similar rationales of combining known techniques to improve the base systems of Chandra or Keohane.

4. Arguments Regarding Discretionary Denial

• Petitioner argued that discretionary denial under 35 U.S.C. §325(d) was inappropriate because the petition presented prior art and invalidity arguments that were not before the examiner during the original, limited prosecution. Petitioner contended that the asserted grounds, relying on references like Chandra, Keohane, and Buruganahalli, better reflected the state of the art at the time of the invention and revealed fatal defects in the challenged claims that the examiner did not consider.

5. Relief Requested

• Petitioner requests institution of an inter partes review and cancellation of claims 1-7 and 10-31 of Patent 10,084,825 as unpatentable under 35 U.S.C. §103.