PTAB

IPR2025-01436

Google LLC v. Kmizra LLC

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Network Contagion Isolation and Inoculation
  • Brief Description: The ’705 patent describes methods for protecting a computer network from insecure "host" devices. The system detects when a potentially insecure host connects, verifies its security state using a trusted computing base, and if non-compliant, quarantines the host by redirecting its network requests (e.g., DNS, web) to a dedicated quarantine server that provides remediation instructions.

3. Grounds for Unpatentability

Ground 1: Obviousness of Claims 1-19 over Freund, Ball, Pujare, and Lewis

  • Prior Art Relied Upon: Freund (Application # 2003/0055962), Ball (Application # 2006/0005009), Pujare (Application # 2002/0083183), and Lewis (Patent 7,533,407).
  • Core Argument for this Ground:

    • Prior Art Mapping: Petitioner argued that the combination of references taught every element of the challenged claims. Freund was asserted to disclose the foundational system for network protection: detecting a non-compliant host, quarantining it by redirecting web and DNS requests to a "sandbox server" (the claimed quarantine server), serving a notification page, and allowing limited communication with a remediation host to resolve the security issue. Freund's system used a software-based "client monitoring protocol" as its trusted computing base (TCB) to challenge the host and verify its compliance.

    • To meet the claim limitations requiring a "trusted platform module" (TPM) and a "valid digitally signed attestation of cleanliness," Petitioner relied on Ball. Ball taught using a hardware-based TPM conforming to the Trusted Computing Group (TCG) specification to securely measure and attest to a host's security status. The attestation is digitally signed using keys stored in the TPM, ensuring its integrity. Petitioner contended that implementing Freund's TCB using Ball's well-known, standardized TPM hardware would have been an obvious improvement.

    • To address limitations regarding attestations for software "patch level," Petitioner cited Pujare, which taught using versioning tables to track software patches and upgrades, demonstrating that checking software versions (as in Freund) was equivalent to checking patch levels.

    • The key limitation added during prosecution—providing the quarantine server's IP address in response to a DNS query from a non-compliant host—was allegedly taught by Freund and, alternatively, by Lewis. Petitioner argued Freund disclosed redirecting DNS queries to its sandbox server. Lewis was presented as teaching an alternative, obvious method of achieving the same result by having a "hi-jack" DNS server directly provide the quarantine server's IP address, rather than relying on a router.

    • Motivation to Combine: Petitioner asserted a person of ordinary skill in the art (POSITA) would combine Freund and Ball to improve the security and reliability of Freund's system. Substituting Ball's hardware-based TPM for Freund's software-based security module was a predictable design choice to add a hardware root of trust and conform to industry standards, enhancing the trustworthiness of the security attestations. A POSITA would combine Freund with Lewis as a simple substitution of one known DNS redirection technique for another to achieve the same goal of isolating a non-compliant device.

    • Expectation of Success: A POSITA would have had a reasonable expectation of success because the combination involved applying known technologies for their intended purposes. Integrating a standard TPM (Ball) into a network security framework (Freund) was a straightforward implementation of a well-understood security component to yield the predictable benefit of enhanced, hardware-verified trust.

4. Key Claim Construction Positions

  • "trusted computing base" (TCB): Petitioner proposed this term be construed as "hardware or software within the first host that provides security to the host." This construction is broad enough to encompass both Freund’s software-based security module and the hardware-based TPM taught by Ball, which is central to the obviousness combination.
  • "quarantine server": Petitioner proposed the construction "server to which a quarantined host's network traffic is redirected." This aligns Freund's "sandbox server" with the claimed element, allowing Freund to serve as the primary reference for the overall quarantine and redirection framework.
  • "a remediation host configured to provide data usable to remedy the insecure condition": Petitioner argued this is a means-plus-function term and identified corresponding structure in the ’705 patent. This position asserts that the prior art, particularly Freund's disclosure of servers providing anti-virus updates, discloses equivalent structure for performing the claimed function.

5. Arguments Regarding Discretionary Denial

  • Petitioner argued against discretionary denial, asserting that validity is unsettled following a prior inter partes review (IPR) by a different party (Cisco). That IPR resulted in a Final Written Decision (FWD) upholding the claims, but the decision was vacated by the Federal Circuit for legal error. The parties settled on remand, leaving the patent's validity unresolved and creating no settled expectations for the Patent Owner. Petitioner also argued that the instant petition corrects a material error made by the USPTO during original prosecution and that the parallel district court litigation is in a sufficiently early stage to favor institution.

6. Relief Requested

  • Petitioner requests institution of an IPR and cancellation of claims 1-19 of the ’705 patent as unpatentable under 35 U.S.C. §103.