Cisco Systems Inc v. Croga Innovations Ltd

1. Case Identification

• Case #: IPR2024-01283
• Patent #: 11,223,601
• Filed: August 13, 2024
• Petitioner(s): Cisco Systems, Inc.
• Challenged Claims: 1-16

2. Patent Overview

• Title: System and Method for Executing an Application in an Isolated Computing Environment
• Brief Description: The ’601 patent describes a system for protecting a host computer from malware by executing a multi-user interactive software application within an authenticated, isolated computing environment (e.g., a sandbox). This environment is segregated from the host's primary "workspace" and resources by an internal firewall to prevent malware received by the application from accessing or affecting the host system.

3. Grounds for Unpatentability

Ground 1: Obviousness over Jeffries, LaBine, and Ishaya - Claims 1-4, 7, 9-12, and 15 are obvious over [Jeffries](https://ai-lab.exparte.com/case/ptab/IPR2024-01283/doc/1005), [LaBine](https://ai-lab.exparte.com/case/ptab/IPR2024-01283/doc/1006), and [Ishaya](https://ai-lab.exparte.com/case/ptab/IPR2024-01283/doc/1007).

• Prior Art Relied Upon: Jeffries (Patent 10,885,189), LaBine (Application # 2009/0292999), and Ishaya (Application # 2014/0282889).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Jeffries taught the core claimed architecture, including a host computer with a non-isolated "workspace" (host OS 102 and its components) and an "isolated computing environment" in the form of containers that use the host OS via namespace isolation. Jeffries also disclosed an "internal isolation firewall" (container manager 118) and a "proxy device" (web proxy 106). Petitioner contended LaBine supplied the "multi-user interactive software application" by teaching a video conferencing application allowing remote users to control a host computer. To meet the authentication limitation, Petitioner asserted Ishaya taught authenticating an isolated container by assigning it a unique identifier like a MAC or IP address upon creation.
  • Motivation to Combine: A POSITA would combine Jeffries and LaBine to improve security by running a known high-risk application (LaBine's conferencing software) within a well-understood secure container (from Jeffries). The POSITA would then incorporate Ishaya's specific authentication method to solve the obvious need for authenticating the container—a security detail Jeffries addressed only generally—thereby increasing the overall system's integrity and trust.
  • Expectation of Success: Petitioner asserted a high expectation of success because combining these elements involved applying known security principles to yield the predictable result of a more secure system for collaborative applications.

Ground 2: Obviousness over Jeffries, LaBine, Ishaya, and Cucinotta - Claims 5-6 and 13-14 are obvious over Jeffries, LaBine, Ishaya, and [Cucinotta](https://ai-lab.exparte.com/case/ptab/IPR2024-01283/doc/1008).

• Prior Art Relied Upon: Jeffries (Patent 10,885,189), LaBine (Application # 2009/0292999), Ishaya (Application # 2014/0282889), and Cucinotta (Application # 2016/0048406).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground built upon the combination in Ground 1 by adding Cucinotta to teach the "host-based firewall" limitations of claims 5, 6, 13, and 14. Cucinotta was cited for its disclosure of a host-based firewall component that inspects all incoming and outgoing network packets for the entire system, including any virtual machines. This firewall was argued to isolate the system and, as required by claim 6, block incoming communications from the network that are sent to the workspace.
  • Motivation to Combine: A POSITA would add Cucinotta's firewall to the base combination as a complementary security layer. While Jeffries' container isolates an application already on the system, Cucinotta's host-based firewall protects the entire system, including the workspace, by filtering malicious traffic before it can infect any component. This provides a more robust, defense-in-depth security posture.
  • Expectation of Success: The combination was argued to be predictable, as implementing host-based firewalls to protect servers and virtualized environments was a standard and well-understood security practice.

Ground 3: Obviousness over Jeffries, LaBine, Ishaya, and Levy - Claims 8 and 16 are obvious over Jeffries, LaBine, Ishaya, and [Levy](https://ai-lab.exparte.com/case/ptab/IPR2024-01283/doc/1009).

• Prior Art Relied Upon: Jeffries (Patent 10,885,189), LaBine (Application # 2009/0292999), Ishaya (Application # 2014/0282889), and Levy (Application # 2007/0136579).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground added Levy to the base combination to teach the limitations of claims 8 and 16, which require the internal firewall to "prompt a user" to allow communication between the isolated environment (second memory space) and the workspace (first memory space). Levy described a system where applications run in isolated virtual machines with "temporary storage," and the user is explicitly enabled to initiate the transfer of an object (e.g., a downloaded file) from that isolated storage to the main system.
  • Motivation to Combine: A POSITA would integrate Levy's user-permission mechanism to enhance usability and reduce "false positives" where a trusted file is permanently locked in an isolated container. This would provide a necessary and predictable feature for user control over data flow, improving upon the more rigid isolation taught by Jeffries alone.
  • Expectation of Success: Success would be expected because Levy's system was designed for conventional windowing systems and provided a straightforward solution to the common problem of safely moving data out of a sandboxed environment.

4. Arguments Regarding Discretionary Denial

• Petitioner argued that discretionary denial under Fintiv would be inappropriate. It asserted that the parallel district court case is in its early stages, with a trial date of October 2025 that is proximate to or after the statutory deadline for a Final Written Decision. Petitioner also stipulated that it will not pursue the same invalidity grounds in the district court if the IPR is instituted.
• Petitioner contended that the petition presented compelling evidence of unpatentability under the Director's Vidal Memo. It argued that the primary reference, Jeffries, teaches the very limitation ("uses the host operating system") that the applicant added during prosecution to overcome a rejection over the Azab reference, which the examiner did not have the benefit of considering.
• Denial under 35 U.S.C. §325(d) was argued to be inappropriate because none of the prior art relied upon in the petition was considered during prosecution, rendering the challenge non-cumulative.

5. Relief Requested

• Petitioner requests institution of an inter partes review and cancellation of claims 1-16 of the ’601 patent as unpatentable.