PTAB

IPR2024-01393

Normshield Inc v. BitSight Technologies Inc

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Method and System for Mapping and Evaluating Network Security
  • Brief Description: The ’524 patent discloses a computer-implemented method for assessing the cyber-security of entities. The method involves mapping an entity's technical assets (like servers and IP addresses), automatically collecting externally observable security data about those assets, deriving observations (such as malicious activity), generating a security rating, and displaying that rating to users.

3. Grounds for Unpatentability

Ground 1: Obviousness over McNab and McGovern - Claims 1-8, 10-16, and 18-20 are obvious over McNab in view of McGovern.

  • Prior Art Relied Upon: McNab ("Network Security Assessment," 2008) and McGovern (Application # 2009/0024663).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that McNab taught the core elements of the independent claims, including mapping technical assets to entities and collecting cyber-security characterizations. McNab described creating an "entity map" by enumerating network hosts and IP addresses using techniques like "Forward DNS Grinding," which uses common naming conventions (e.g., "mail," "ftp") to discover mail, SMTP, and FTP servers and their associated IP addresses. McNab further taught using automated vulnerability scanners like Nessus to collect externally observable security data on the mapped assets. Petitioner asserted that McGovern supplied the remaining claim limitations: deriving observations about the duration of malicious activity (e.g., "average response or patch time after security breach detection") and automatically generating a numerical "cyber-security rating" for display to users in a web-based interface.
    • Motivation to Combine: A Person of Ordinary Skill in the Art (POSITA) would combine McNab with McGovern to create a more comprehensive and user-friendly security assessment tool. Incorporating McGovern's duration analysis was a logical step because the length of a security breach is a critical factor in determining overall network security. Adding McGovern’s numerical scoring and remote user interface would improve usability, allowing administrators to quickly and efficiently assess network risk from any location, which was a known goal in the field.
    • Expectation of Success: A POSITA would have a reasonable expectation of success. Implementing McGovern's duration measurement was simply another test to be performed by a system like McNab's, which was already designed to run multiple security checks. Quantifying the severity levels already reported by Nessus (as described in McNab) into a numerical score (as taught by McGovern) was presented as a trivial implementation task.

Ground 2: Obviousness over Cole, McNab, and McGovern - Claims 1-8, 10-16, and 18-20 are obvious over Cole in view of McNab and McGovern.

  • Prior Art Relied Upon: Cole (Patent 7,257,630), McNab ("Network Security Assessment," 2008), and McGovern (Application # 2009/0024663).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner presented Cole as disclosing a primary system for automated vulnerability testing that met most claim limitations. Cole taught a "highly automated" system that creates an entity map by defining a target network, generating a scan list of its IP addresses, and storing the mappings in a database. Cole's system then performed vulnerability tests using automated scripts and generated a quantitative security score (a "FoundScore") displayed in a graphical report. Petitioner argued that McNab was necessary to supply a specific method for generating the initial list of IP addresses—a step Cole required but did not detail. McNab's "Forward DNS Grinding" technique provided this well-known method. McGovern was added to provide the explicit teaching of measuring the duration of detected malicious activity, a specific metric not disclosed by Cole.
    • Motivation to Combine: A POSITA would incorporate McNab’s well-known and reliable IP address enumeration techniques into Cole's system to make the initial, critical step of asset discovery more robust. A POSITA would be motivated to augment Cole's assessment capabilities with McGovern's duration analysis to provide a more complete security picture, as understanding the persistence of a threat is a key aspect of risk assessment. The combination represented the integration of known, complementary techniques to improve an existing automated security platform.
    • Expectation of Success: A POSITA would have a high expectation of success. Integrating a command-line tool for IP enumeration from McNab into Cole's automated workflow was a straightforward task. Similarly, adding a duration measurement test (from McGovern) into Cole's customizable testing system, which already tracked vulnerabilities and fixes, would not have posed significant technical challenges.

4. Arguments Regarding Discretionary Denial

  • §314(a) (Fintiv): Petitioner argued that discretionary denial under Fintiv would be inappropriate. The parallel district court litigation was in its earliest stages, with no trial date scheduled, no stay requested, and discovery not yet underway. Petitioner contended these factors weigh heavily against denial.
  • §325(d): Petitioner argued that denial would be improper because the primary references were not meaningfully considered during prosecution. Cole and McGovern were never presented to the examiner. While McNab was listed as a cited reference, the examiner cited a different, earlier edition (2004 vs. 2008) and only considered 13 pages. Petitioner argued that its reliance on far more extensive portions of the updated reference meant the core invalidity arguments had not been previously evaluated.

5. Relief Requested

  • Petitioner requests the institution of an inter partes review (IPR) and the cancellation of claims 1-8, 10-16, and 18-20 of the ’524 patent as unpatentable under 35 U.S.C. §103.