PTAB

IPR2026-00025

Fortinet Inc v. Netskope Inc

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: System and Method for Providing Access Control
  • Brief Description: The ’639 patent describes systems and methods for provisioning network access and controlling bandwidth on a per-user basis rather than a per-port basis. The technology uses a control device to inspect network packets, identify users, and apply user-specific rules, such as bandwidth limits or firewall policies, based on the user's identity.

3. Grounds for Unpatentability

Ground 1: Anticipation and Obviousness over Richmond - Claims 1-8, 10-15, 17-20, 22-25 are anticipated under 35 U.S.C. §102 or, alternatively, obvious under 35 U.S.C. §103 over Richmond.

  • Prior Art Relied Upon: Richmond (Application # 2003/0152067).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Richmond disclosed every limitation of the challenged claims. Richmond teaches a "network entry device" (a control device) that controls network access based on user identity. This device receives packets and processes them in stages, first discriminating the client (e.g., authentication) and then applying a "user specific rule stage." Richmond's device extracts user-identifying information, such as MAC or IP addresses, from packet headers and associates the packet with user-specific "packet rules" based on the user's pre-defined "role." These rules function as the claimed "user specific traffic control rules" (e.g., rate limiting to regulate bandwidth) and "user specific firewall rules" (e.g., dropping packets to deny access to certain applications). The rules are governed by "service abstractions," which function as the claimed "class of service rule."
    • Motivation to Combine (for §103 grounds): As an alternative to anticipation, Petitioner argued that any minor differences between Richmond and the claims would have been obvious modifications. For example, if Richmond did not explicitly teach storing rules in separate tables (as recited in claim 4), a POSITA would find it obvious to do so for efficiency using a standard relational database, which Richmond discloses.
    • Expectation of Success (for §103 grounds): A POSITA would have a high expectation of success in making any minor modifications, as they would involve applying conventional networking and database principles to Richmond’s disclosed system.

Ground 2: Obviousness over Richmond in view of Wood - Claims 9, 16, 26, and 27 are obvious over Richmond in view of Wood.

  • Prior Art Relied Upon: Richmond (Application # 2003/0152067) and Wood (WO 01/11452A2).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground specifically targets claims requiring the redirection of an unauthenticated user to a login webpage. Petitioner asserted that Richmond teaches authenticating a user to apply user-specific rules but does not specify the precise mechanism. Wood, in the same technical field, explicitly remedies this by teaching a "gatekeeper" that redirects an unauthenticated user's browser to a login component that provides an HTML-based login page for entering credentials.
    • Motivation to Combine: A POSITA implementing Richmond’s system would need to select an authentication method. A POSITA would combine Wood's well-known and user-friendly web-based authentication with Richmond's system for granular, post-authentication access control. The motivation is to use a simple, familiar, and easy-to-implement method (Wood's login page) to perform the authentication step required to enable Richmond's core functionality.
    • Expectation of Success: The combination would yield predictable results, as the two systems address discrete functions (authentication vs. post-authentication traffic control). Integrating a standard HTTP redirect into Richmond’s system upon detecting an unauthenticated user would be a straightforward task for a POSITA.

Ground 3: Obviousness over Richmond in view of Teraslinna - Claim 21 is obvious over Richmond in view of Teraslinna.

  • Prior Art Relied Upon: Richmond (Application # 2003/0152067) and Teraslinna (Patent 5,623,492).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground targets claim 21, which recites a "traffic conditioning module" comprising an "interface master queue" for controlling traffic flow. Petitioner argued that while Richmond discloses applying rate-limiting rules, it does not detail a specific implementation. Teraslinna, which addresses bandwidth management in packet-switched networks, discloses a "traffic flow processor" that uses a "queue" to hold incoming packets for "traffic shaping," thereby controlling the rate of packet flow to comply with a bandwidth limitation.
    • Motivation to Combine: A POSITA implementing the rate-limiting function described in Richmond would naturally look to known traffic-shaping techniques. A POSITA would combine Teraslinna's queuing method with Richmond's system to provide a concrete, cost-efficient mechanism for enforcing the user-specific bandwidth rules taught by Richmond. The systems are highly analogous, with Teraslinna’s "traffic flow processor" performing the same role as Richmond's "network entry device."
    • Expectation of Success: Adding Teraslinna's queue and associated algorithm to the processing logic of Richmond's port modules would be a straightforward integration of a known element to achieve a predictable function, providing a high expectation of success.

4. Key Claim Construction Positions

  • "global stage" (claims 3, 12, 19): Petitioner noted that in co-pending litigation, the Patent Owner contended this term means "a global stage, distinct from the client discrimination stage and distinct from the user specific stage." Petitioner argued that Richmond meets this construction because its system discloses applying interface-specific or default rules (e.g., firewall rules applied to all traffic on a port before user identification) that constitute a distinct "global stage" separate from the subsequent user-specific rule processing.

5. Relief Requested

  • Petitioner requests institution of an inter partes review and cancellation of claims 1-27 of the ’639 patent as unpatentable.