PTAB

IPR2024-01421

Palo Alto Networks Inc v. Croga Innovations Ltd

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Isolation of Collaboration Software on a Host Computer System
  • Brief Description: The ’601 patent describes a computer security system that isolates multi-user collaboration software (e.g., WebEx) to protect a host computer from malware. The system uses a "workspace" for trusted applications and a separate "isolated computing environment" for untrusted applications, with an "internal isolation firewall" preventing communication between the two environments.

3. Grounds for Unpatentability

Ground 1: Obviousness over Walsh, AAPA, and Innes - Claims 1-4, 7, 9-12, and 15 are obvious over Walsh in view of Applicant Admitted Prior Art (AAPA) and Innes.

  • Prior Art Relied Upon: Walsh (Patent 8,640,187), AAPA (admissions regarding WebEx in the ’601 patent), and Innes (Patent 9,154,488).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Walsh taught the core architecture of the invention, disclosing a system that separates a trusted “user execution environment” (the claimed “workspace”) from an “isolated execution environment” for untrusted content using a secure operating system like Linux. This separation functions as the claimed “internal isolation firewall.” Petitioner asserted that the ’601 patent’s admission that collaboration software like WebEx was commercially available (AAPA) supplied the “multi-user interactive software application,” which would run in Walsh’s isolated environment. Finally, Petitioner contended that Innes disclosed using a proxy device and authentication server to secure access to network resources, which met the limitations for authenticating the isolated environment and sending data via a proxy.
    • Motivation to Combine: Petitioner argued a person of ordinary skill in the art (POSITA) would combine these references to improve security. Walsh described a client-server network model but lacked implementation details; a POSITA would thus look to known solutions like Innes to add a standard proxy-based authentication layer for secure network access. A POSITA would also be motivated to run a known collaboration tool like WebEx (AAPA) within Walsh’s secure isolated environment to protect the host system from potential malware introduced during a collaboration session.
    • Expectation of Success: A POSITA would have a reasonable expectation of success, as the combination involved implementing a standard network proxy (Innes) and a well-known software application (WebEx) with a known computer isolation system (Walsh), using each element for its intended purpose.

Ground 2: Obviousness over Austin, AAPA, and Bloch - Claims 1-4, 7, 9-12, and 15 are obvious over Austin in view of AAPA and Bloch.

  • Prior Art Relied Upon: Austin (Application # 2016/0306964), AAPA (admissions regarding WebEx), and Bloch (Patent 7,849,502).

  • Core Argument for this Ground:

    • Prior Art Mapping: Petitioner argued that Austin disclosed a similar isolation architecture based on a Microsoft Windows environment. Austin taught isolating untrusted tasks in a "sandbox" that uses a temporary secondary user account (the claimed "isolated computing environment"), separating it from the primary user account (the "workspace"). Austin’s "security module" that enforces this separation served as the "internal isolation firewall." As in the first ground, AAPA supplied the multi-user collaboration software. Petitioner asserted that Bloch taught a proxy appliance that provides integrated user authentication and filters network traffic for malware, meeting the claims’ proxy and authentication requirements.
    • Motivation to Combine: Petitioner contended that because Austin’s system was designed to protect against network-based threats like untrusted websites, a POSITA would be motivated to enhance its security by incorporating a dedicated network-level protection mechanism. Bloch’s proxy appliance, which authenticates users and filters malicious traffic, provided a known and logical solution to further secure the network connections of Austin’s system.
    • Expectation of Success: Petitioner argued for a high expectation of success because Austin already contemplated remote authentication for user accounts. Integrating Bloch’s authentication server and proxy appliance would be a straightforward application of known network security principles to improve Austin’s existing host-based isolation.

  • Additional Grounds: Petitioner asserted additional obviousness challenges based on variations of the two primary combinations. One set of grounds added Netfilter (a Linux firewall framework) to the Walsh combination and Walker (a Windows firewall) to the Austin combination to explicitly teach a host-based firewall. Another set of grounds added Franco (which prompts users for authorization to access restricted resources) to both the Walsh and Austin combinations to teach an internal firewall that prompts a user to allow communication between the isolated and trusted environments.

4. Arguments Regarding Discretionary Denial

  • Petitioner argued that the Board should not discretionarily deny the petition. Under 35 U.S.C. §325(d) and the Advanced Bionics framework, Petitioner asserted that institution is favored because none of the relied-upon prior art was previously considered by the USPTO during prosecution.
  • Regarding co-pending litigation and IPRs (General Plastic and Fintiv factors), Petitioner argued that a parallel IPR filed by another party (Cisco) should not preclude institution because this petition relies on different prior art and was filed before the patent owner’s response in the Cisco case, avoiding road-mapping concerns.
  • Petitioner further argued that the parallel district court case is in its early stages with an unreliable trial date. To mitigate Fintiv concerns, Petitioner stipulated that, if review is instituted, it will not pursue at trial any invalidity grounds that were raised or reasonably could have been raised in this petition.

5. Relief Requested

  • Petitioner requests institution of an inter partes review and cancellation of claims 1-16 of the ’601 patent as unpatentable.