PTAB

IPR2025-00884

Amazon Web Services Inc v. Croga Innovations Ltd

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Network Security Using Virtualization and Multiple Firewalls
  • Brief Description: The ’780 patent relates to a system and method for providing network security to a computer connected to the internet. The claimed invention purports to protect against malware by using a multi-layered defense architecture that combines virtual machines with three types of firewalls: a network firewall, a host-based firewall, and an internal firewall separating the host system from the virtual system.

3. Grounds for Unpatentability

Ground 1: Claims 1, 3, 7, 10, 11, 13, 17, and 20 are obvious over Nazario in view of Ghosh.

  • Prior Art Relied Upon: Nazario (a 2004 book titled DEFENSE AND DETECTION STRATEGIES AGAINST INTERNET WORMS) and Ghosh (Application # 2010/0122343).
  • Core Argument for this Ground:

    • Prior Art Mapping: Petitioner argued that the combination of Nazario and Ghosh taught all limitations of the challenged claims. Nazario was asserted to teach a comprehensive, multi-layered security strategy to protect networked computers from internet worms. This strategy included using network-based firewalls (or web proxies) as a first line of defense, complemented by host-based firewalls for failover protection. Crucially, Nazario also disclosed using "virtual hosts" (virtual machines) to run applications in an isolated environment, thereby containing any damage from malware and preventing it from compromising the entire computer.

    • Petitioner contended that while Nazario taught the what (a layered system with a virtual host), Ghosh taught the how (the specific implementation of a secure virtual machine). Ghosh described using virtualization technologies, specifically a "virtual machine monitor" or "hypervisor," to create a "guest OS" that is strongly isolated from the "host OS." Petitioner argued this hypervisor, by its function of separating and restricting interactions between the host and virtual systems, is precisely what the ’780 patent claims as an "internal firewall." The combination thus disclosed the three required firewalls in a system with a host and virtual machine. Nazario was also argued to teach the limitations of dependent claims, including segregated memory spaces ("partitioned memory" for claim 3) and network firewalls that prevent unauthorized communication (claim 7). Method claims 11, 13, 17, and 20 were argued to be obvious for the same reasons as their corresponding system claims 1, 3, 7, and 10.

    • Motivation to Combine: Petitioner argued a person of ordinary skill in the art (POSITA) would combine the references to implement the general multi-layered security framework of Nazario using the specific, well-understood virtualization technology of Ghosh. Ghosh's disclosure of a hypervisor for creating "strong isolation" provided a clear, known method to implement Nazario's concept of a damage-containing "virtual host." The combination would predictably improve overall system security against malware, a goal common to both references.

    • Expectation of Success: An expectation of success existed because the combination involved applying a known virtualization technique (Ghosh) to a known security architecture (Nazario). Since both references described using virtualization technology for the same purpose—isolating systems to prevent the spread of malware—a POSITA would have found it a straightforward and predictable integration.

4. Key Technical Contentions (Beyond Claim Construction)

  • Petitioner's core technical contention, underpinning its obviousness argument, was that a hypervisor or "virtual machine monitor" as disclosed by Ghosh inherently functions as the claimed "internal firewall." By creating and managing the virtual machine, the hypervisor necessarily separates and restricts interactions between the host and guest operating systems, thus performing the specific firewalling function required by the claims to isolate the two systems.

5. Arguments Regarding Discretionary Denial

  • Petitioner presented substantial arguments that discretionary denial would be inappropriate under both 35 U.S.C. §314(a) (Fintiv factors) and 35 U.S.C. §325(d).
  • Fintiv Factors: Petitioner argued the factors weighed in favor of institution. Key arguments included that the parallel district court litigation schedule was highly uncertain due to recent judicial reassignments (Factor 2), the court had not yet issued any substantive orders or invested significant resources (Factor 3), and the petition presented a strong case on the merits using prior art not previously considered by any forum (Factor 6). Petitioner specifically noted that its grounds addressed the deficiency (a lack of an "internal firewall" disclosure) that led to denial in a prior IPR filed by another party on the same patent.
  • §325(d) Factors: Petitioner argued denial under §325(d) was unwarranted because the challenges were not cumulative or redundant to prosecution. The primary references, Nazario and Ghosh, were never presented to or considered by the examiner, and therefore the arguments in the petition were not the "same or substantially the same" as those previously before the USPTO.

6. Relief Requested

  • Petitioner requested the institution of an inter partes review and the cancellation of claims 1, 3, 7, 10, 11, 13, 17, and 20 of the ’780 patent as unpatentable.