PTAB

IPR2025-01115

Netskope Inc v. KMizra LLC

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Network Quarantine And Remediation
  • Brief Description: The ’705 patent discloses a method for protecting a computer network by analyzing the security state of a host attempting to connect. If the host's security state is deemed inadequate (an "insecure condition"), it is quarantined with limited network access and directed to remediation resources.

3. Grounds for Unpatentability

Ground 1: Claims 1-3, 5-13, and 15-19 are obvious over Gleichauf in view of Ovadia and Lewis.

  • Prior Art Relied Upon: Gleichauf (Patent 9,436,820), Ovadia (Patent 7,747,862), and Lewis (Patent 7,533,407).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner asserted that the primary reference, Gleichauf, taught the core method of the ’705 patent. Gleichauf disclosed a network security system that controls a device’s access based on its security posture. When a policy server detected an insecure condition (e.g., outdated anti-virus software), the device was quarantined, restricting its communication to approved resources like a remediation server. Ovadia was introduced for its teachings on enhancing security using a hardware-based Trusted Platform Module (TPM) to create and verify digitally signed attestations of a device's configuration. Lewis was cited for its specific method of handling quarantined devices, namely by redirecting a non-compliant device’s Domain Name Service (DNS) query to a quarantine server that serves a notification webpage. Petitioner argued that combining these references rendered every limitation of the challenged claims obvious. For example, Gleichauf taught detecting an insecure condition and quarantining the host, while Ovadia taught using a TPM (a "trusted platform module") to generate a digitally signed attestation of cleanliness. Lewis provided the specific mechanism for serving a quarantine notification page via DNS redirection.
    • Motivation to Combine: Petitioner argued a POSITA would combine Gleichauf and Ovadia to improve the security and reliability of Gleichauf’s system using industry-standard techniques. Implementing Ovadia’s TPM-based attestation would enhance security against tampering, standardize the format of posture credentials for easier processing, and leverage the robust security of a hardware-based trust mechanism. A POSITA would further combine this with Lewis to provide a more elegant and user-friendly notification system. Lewis’s method of intercepting a DNS query and redirecting a user’s browser to a quarantine webpage was a known and efficient technique that avoided the need for special client-side software, improving upon Gleichauf’s more general notification disclosure.
    • Expectation of Success: Petitioner contended a POSITA would have a high expectation of success. Ovadia explicitly taught that its TPM technology could be integrated into existing platforms. The system components described in Gleichauf (posture agent, policy server) had direct analogs in Ovadia’s architecture (authentication agent, authentication server), making the integration straightforward. Furthermore, incorporating Lewis's DNS redirection was a well-understood network technique that would involve nominal changes to Gleichauf’s policy server, which already possessed the capability to redirect network traffic.

4. Key Claim Construction Positions

  • "trusted computing base": Petitioner argued this term should be construed as "a piece of hardware or software that has been designed to be part of a mechanism that provides security to a computer system." This construction was based on an express definition provided by the patent owner during prosecution of the ’705 patent to distinguish over prior art.
  • "trusted platform module": Petitioner argued this term should be construed as "a secure cryptoprocessor that implements the Trusted Platform Module specification from the Trusted Computing Group." This construction was also based on arguments made during prosecution, where the patent owner characterized it as a term of art referring to a specific industry standard to overcome a rejection. These constructions were asserted to be critical for mapping the teachings of Ovadia, which explicitly disclosed a TPM compliant with the Trusted Computing Group specification.

5. Arguments Regarding Discretionary Denial

  • Petitioner argued that discretionary denial would be inappropriate. The petition acknowledged that the ’705 patent was the subject of a prior IPR (IPR2021-00593) that resulted in a Final Written Decision (FWD) of not unpatentable, but noted that the Federal Circuit vacated that decision due to legal error in the Board’s motivation-to-combine analysis. This petition, while relying on the same prior art combination, asserted it provided "further detailed analysis and evidence regarding motivations to combine" that were not part of the prior proceedings. Additionally, regarding potential denial under §325(d) for the Lewis reference (which was cited during prosecution), Petitioner argued that the Examiner cited Lewis only for its teaching of a quarantine notification page, a point the applicant conceded. Petitioner relied on Lewis for the same undisputed point, asserting this should not bar institution.

6. Relief Requested

  • Petitioner requested the institution of an inter partes review and cancellation of claims 1-3, 5-13, and 15-19 of the ’705 patent as unpatentable under 35 U.S.C. §103.