Fortinet Inc v. Netskope Inc

1. Case Identification

• Case #: IPR2026-00026
• Patent #: 8,327,426
• Filed: October 7, 2025
• Petitioner(s): Fortinet, Inc.
• Patent Owner(s): Netskope, Inc.
• Challenged Claims: 1-13

2. Patent Overview

• Title: Using a Proxy for Single Sign-On
• Brief Description: The ’426 patent describes methods for authenticating a user with multiple, distinct identity services in a federated architecture. The system uses a first identity service to intercept a user's request for an external service, authenticate the user, and then facilitate a single sign-on (SSO) transaction with a second, trusted identity service on the user's behalf, often acting as a proxy.

3. Grounds for Unpatentability

Ground 1 & 2: Claims 1-4, 6-11, 13 Anticipated by Hinton and Claims 1-13 are Obvious over Hinton Alone

• Prior Art Relied Upon: Hinton (Application # 2006/0021019).
• Core Argument for these Grounds:
  • Prior Art Mapping: Petitioner argued that Hinton discloses all limitations of the challenged claims. Hinton describes a federated provisioning system where a user authenticates with a first enterprise domain ("Enterprise A") via a Point-of-Contact ("POC") server. This POC server is analogous to the ’426 patent’s first identity service. When the user requests a resource in a second domain ("Enterprise B"), Enterprise A's POC intercepts the request, authenticates the user, and generates a "federation single-sign-on token" for Enterprise B. Enterprise B's POC, analogous to the second identity service, receives this token and establishes a session for the user. Petitioner asserted that Hinton's POC/TP (Trust Proxy) components perform the claimed steps of receiving an intercepted request, authenticating the principal, and supplying an authentication message (the token) for another identity service. For obviousness, Petitioner contended that any minor distinctions, such as formatting a token to serve as both a new request and response, would have been simple and predictable modifications for a Person of Ordinary Skill in the Art (POSITA).
  • Motivation to Combine (for §103 ground): The motivation for any minor modifications to Hinton's system stemmed from implementing well-known authentication protocols. For example, a POSITA would have found it obvious to format a token to contain both request and response information to streamline the SSO process, as this was a known technique for efficient server communication.
  • Expectation of Success (for §103 ground): A POSITA would have had a high expectation of success in implementing these minor variations in Hinton's disclosed federated architecture, as they involved applying conventional security and messaging formats to an existing system.

Ground 3: Claims 1-13 are Obvious over Hinton in view of Burch

• Prior Art Relied Upon: Hinton (Application # 2006/0021019) and Burch (Application # 2007/0234408).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground built upon Hinton by adding the teachings of Burch to address claim limitations requiring multiple authentication interactions or additional security layers (e.g., claims 5 and 12). Petitioner argued that Hinton discloses a basic SSO framework, while Burch teaches enhancing security for legacy systems, such as online banking, by implementing multi-factor authentication (MFA). Burch describes redirecting a user to a separate identity service to provide secondary credentials based on a defined security policy. The combination, Petitioner asserted, renders obvious claims requiring a "second authentication" or an "interactive challenge and response dialogue," as a POSITA would have looked to a reference like Burch to add such enhanced security to Hinton's system.
  • Motivation to Combine (for §103 ground): A POSITA would combine Hinton and Burch to improve the security of Hinton’s federated SSO system. Hinton recognizes that different domains may have different authentication requirements, and Burch explicitly provides a method for adding stronger, multi-factor authentication to existing systems for sensitive applications. The desire to provide enhanced, policy-based security for certain federated partners provided a clear motivation to integrate Burch's MFA teachings into Hinton's architecture.
  • Expectation of Success (for §103 ground): Petitioner argued there was a strong expectation of success because Burch is specifically directed to augmenting existing (legacy) systems with MFA. A POSITA would have reasonably expected that Burch's methods could be successfully applied to the existing federated system disclosed in Hinton using standard programming techniques.

4. Relief Requested

• Petitioner requests institution of an inter partes review and cancellation of claims 1-13 of the ’426 patent as unpatentable.