Fortinet Inc v. Croga Innovations Ltd

1. Case Identification

• Case #: IPR2025-00086
• Patent #: 10,601,780
• Filed: October 24, 2024
• Petitioner(s): Fortinet, Inc.
• Patent Owner(s): Croga Innovations Ltd.
• Challenged Claims: 1-20

2. Patent Overview

• Title: Network Security System
• Brief Description: The ’780 patent discloses techniques for providing network security to a computer system that includes a host system and a virtual guest system. The purported novelty is a layered security approach using three distinct methods of isolation: an internal firewall, a host-based firewall, and a network firewall or web proxy.

3. Grounds for Unpatentability

Ground 1: Claims 1-7, 9-17, and 19-20 are obvious over Delco in view of Adams.

• Prior Art Relied Upon: Delco (Patent 8,166,474) and Adams (Application # 2010/0077476).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Delco disclosed all major elements of the claimed three-tiered firewall architecture. Specifically, Delco’s packet filter 74, which separates a virtual machine from the host system, constituted the claimed "internal firewall." Delco’s host-based packet filter application 32 met the limitations of the "host-based firewall." Finally, Delco’s external firewall system 30, which protects the entire local intranet, functioned as the claimed "network firewall." Petitioner asserted that while Delco described its external firewall 30 as a conventional "network appliance," it did not detail its internal structure. Adams was introduced to supply this missing detail, disclosing that a network gateway or "firewall appliance" conventionally includes a processor and memory to perform its functions, thereby teaching the limitation of a device comprising a processor and memory as recited in claim 1.
  • Motivation to Combine: A POSITA would combine the teachings of Delco and Adams because it amounted to implementing a known device (Delco's functional network firewall) with its known, conventional internal components (a processor and memory, as taught by Adams). This combination would be a predictable application of known techniques to yield expected results—a fully functional network firewall appliance.
  • Expectation of Success: A POSITA would have a high expectation of success, as Adams described the standard internal structure of a firewall appliance that performs the exact functions of the network appliance described in Delco.

Ground 2: Claims 8 and 18 are obvious over Delco, Adams, and Dadhia.

• Prior Art Relied Upon: Delco (Patent 8,166,474), Adams (Application # 2010/0077476), and Dadhia (Patent 7,886,351).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground built upon the combination of Delco and Adams by adding Dadhia’s teachings to address the limitations of claims 8 and 18, which require the host-based firewall to implement different policies for different networks. Petitioner argued Dadhia taught a "Network Aware Firewall" that uses a first, more permissive policy (e.g., allowing file sharing) when connected to a trusted private network and a second, more restrictive policy (e.g., blocking file sharing) when connected to an untrusted public network. This teaching was mapped directly onto Delco’s host-based firewall (packet filter 32). The combination rendered obvious a system where the host-based firewall blocks certain communications on an untrusted network while permitting communications from the more isolated virtual system.
  • Motivation to Combine: A POSITA would be motivated to incorporate Dadhia’s network-aware policy switching into the Delco system to improve its security. Delco already disclosed a system capable of changing firewall policies based on the detected network "zone." Modifying this system to implement Dadhia’s specific trusted/untrusted policy model would be a natural and obvious improvement to enhance security in different network environments.
  • Expectation of Success: Success would be expected because Delco’s system already included the core mechanism for detecting network changes and updating firewall policies. Applying Dadhia’s known technique for policy management based on network trust levels would be a straightforward integration, resulting in the predictable outcome of a more context-aware firewall.

4. Arguments Regarding Discretionary Denial

• Petitioner argued that discretionary denial under §314(a) based on Fintiv factors would be inappropriate. The co-pending district court litigation was in its early stages, with major events like claim construction and discovery scheduled after the Board's institution decision. Petitioner asserted that the trial date is proximate to the Board's Final Written Decision (FWD) deadline, weighing neutrally. Furthermore, Petitioner stipulated that if the IPR is instituted, it will not pursue the same invalidity grounds in the parallel litigation for the instituted claims.
• Petitioner also contended that denial under §325(d) was unwarranted because the prior art references (Delco, Adams, and Dadhia) were not considered by the Examiner during prosecution. The art was argued to be non-cumulative, as it directly teaches the "three distinct methods of isolation" that the patent owner relied upon to overcome prior art rejections during prosecution.

5. Relief Requested

• Petitioner requested the institution of an inter partes review and the cancellation of claims 1-20 of the ’780 patent as unpatentable under 35 U.S.C. §103.