PTAB

IPR2025-01468

Citrix Systems Inc v. KMizra LLC

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Network Protection Method and System
  • Brief Description: The ’705 patent describes methods for defending computer networks against threats by analyzing the security state of a host attempting to connect. If the host is deemed to have an insecure condition, it is quarantined with limited network access, allowing for remediation.

3. Grounds for Unpatentability

Ground 1: Obviousness over Gleichauf, Ovadia, and Lewis - Claims 1-19 are obvious over Gleichauf in view of Ovadia and Lewis.

  • Prior Art Relied Upon: Gleichauf (Patent 9,436,820), Ovadia (Patent 7,747,862), and Lewis (Patent 7,533,407).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner asserted that Gleichauf taught the foundational system of controlling a device’s network access based on its security posture, including quarantining non-compliant devices. Gleichauf’s system used a policy server to analyze "posture credentials" from a device to detect insecure conditions like missing antivirus software. Petitioner argued Ovadia taught using a hardware-based Trusted Platform Module (TPM) to generate secure, digitally signed attestations of a device's configuration, which verifies the integrity of the reported security state. Finally, Lewis was cited for its teaching of redirecting a quarantined device’s web requests to a quarantine server that serves a "quarantine notification page" to inform the user of the device's status and required corrective actions.
    • Motivation to Combine: A POSITA would combine Gleichauf with Ovadia to improve the security and reliability of Gleichauf’s software-based posture credentials. Using Ovadia’s TPM-based digital signatures for attestation would create a standardized, hardware-rooted, and tamper-resistant method for verifying a device's security state, which is a known technique to improve a similar system. A POSITA would further incorporate Lewis to enhance the user experience of the quarantine process. Instead of Gleichauf’s basic notification message, implementing Lewis’s technique of serving a full webpage provides more detailed information and remediation instructions in a user-friendly manner, which was a common and predictable improvement for such systems.
    • Expectation of Success: A POSITA would have had a reasonable expectation of success, as the combination involved applying known security techniques to improve an existing system. Integrating a TPM for secure attestation and using webpage redirection for quarantine notifications were well-understood practices in the field of network security.

Ground 2: Obviousness over Freund, Ball, and Danforth - Claims 1-19 are obvious over Freund in view of Ball and Danforth.

  • Prior Art Relied Upon: Freund (Application # 2003/0055962), Ball (Application # 2006/0005009), and Danforth (Patent 7,571,460).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Freund disclosed a system where a router enforces security policies on a local network by issuing challenges to connected computers. If a computer fails the challenge (e.g., outdated antivirus), the router quarantines it by redirecting its traffic to a "sandbox server" for remediation. Petitioner asserted that Ball supplemented Freund by teaching the use of a hardware-based TPM to provide reliable, verifiable attestations of a computer's security attributes, addressing the vulnerability of Freund's software-only client security module. Danforth was cited for teaching a more advanced quarantine method, where DNS queries from a quarantined device are intercepted to provide whitelisted access only to specific remediation servers, while blocking or redirecting all other requests.
    • Motivation to Combine: A POSITA would have been motivated to modify Freund’s software-based system with Ball's hardware-based TPM to create a more secure and tamper-proof solution, as hardware-rooted security was a known advantage over software-only approaches. A POSITA would then incorporate Danforth’s DNS interception and whitelisting techniques to improve upon Freund's simpler traffic redirection. This would create a more granular and secure quarantine environment, ensuring the quarantined device can only communicate with approved remediation hosts, thereby preventing potential malware from spreading while still allowing for cleanup. This addresses a known problem with predictable results.
    • Expectation of Success: There was a reasonable expectation of success in combining these references. Modifying a software-based security system with a hardware TPM was a known path to enhance security. Likewise, using DNS-level filtering to manage quarantined devices was a well-understood technique for improving network access control systems.

4. Key Claim Construction Positions

  • "trusted computing base" (claims 1, 12, 19): Petitioner adopted the construction from a prior related IPR, defining the term as "a piece of hardware or software that has been designed to be part of a mechanism that provides security to a computer system."
  • "trusted platform module" (claims 1, 12, 19): Petitioner adopted the construction defining the term as "a secure cryptoprocessor that implements a Trusted Platform Module specification from the Trusted Computing Group." Petitioner noted that while the Board previously found no express construction necessary, it adopted these positions to the extent a dispute arises.

5. Relief Requested

  • Petitioner requests institution of an inter partes review and cancellation of claims 1-19 of the ’705 patent as unpatentable.