PTAB

IPR2026-00042

Fortinet Inc v. Netskope Inc

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Network Access Control
  • Brief Description: The ’710 patent relates to a method for network access control using firewall technology to "quarantine" a client device. The method involves restricting the quarantined device's network traffic to specific destinations and protocols, and rendering a web page that offers the user a path to remediation in exchange for regaining unrestricted internet access.

3. Grounds for Unpatentability

Ground 1: Claims 1-20 are obvious over Roskind

  • Prior Art Relied Upon: Roskind (Patent 9,398,037).
  • Core Argument for this Ground: Petitioner argued that Roskind, which was not before the Examiner, taught all elements of the challenged claims. Roskind described a gateway that quarantines an infected computer by blocking unauthorized traffic while allowing access to specific remediation services, such as vendor websites for security patches, and providing a notification webpage to guide the user. Petitioner asserted that Roskind anticipated or, at a minimum, rendered obvious all challenged claims.
    • Prior Art Mapping: Petitioner contended that Roskind’s gateway performed the claimed "quarantine control functions." Specifically, Roskind’s gateway restricted a quarantined device’s traffic to remediation servers on the internet, which were not on the local network segment, meeting the limitation of restricting traffic to addresses "not in or subordinate to the first network segment." Roskind also disclosed restricting this access to certain protocols (e.g., HTTP requests). Finally, Roskind’s "quarantine notification page," which provided links for downloading "anti-contagion software," met the limitation of rendering a web page with an offer to perform an action to restore internet access.
    • Motivation to Combine (for §103 grounds): As an alternative to anticipation, Petitioner argued obviousness. A Person of Ordinary Skill in the Art (POSITA) would have been motivated to implement Roskind’s teachings to solve the known problem of containing and remediating network infections, as all elements worked together for their intended purpose.
    • Expectation of Success (for §103 grounds): A POSITA would have had a reasonable expectation of success in implementing Roskind's system, as it used conventional network security and traffic management techniques.

Ground 2: Claims 1-20 are obvious over Gleichauf

  • Prior Art Relied Upon: Gleichauf (Application # 2003/0191966).
  • Core Argument for this Ground: Petitioner asserted that Gleichauf also taught all elements of the challenged claims. Gleichauf described a network management controller that quarantines an infected computer by disabling most communications but directing the computer to a "remediator website" to resolve the infection.
    • Prior Art Mapping: Petitioner mapped Gleichauf’s network management controller, positioned at a gateway, as the claimed "network access gateway device." This controller selected an infected computer for quarantine and restricted its traffic to only a "remediator website," which a POSITA would understand could be on an external network. Gleichauf’s system disabled other services, which inherently restricted network protocols to only those necessary for remediation (e.g., TCP/IP). Petitioner argued that Gleichauf's disclosure of sending a "signal" containing "remedial measures" would have made it obvious to a POSITA to implement this signal as a web page rendered to the user with instructions for remediation.
    • Motivation to Combine (for §103 grounds): A POSITA would have found it obvious to present Gleichauf's detailed "signal" of remedial information to an end-user in the most effective format, a web page, to facilitate the quarantine and remediation process. This modification would be a simple and logical design choice to improve usability.
    • Expectation of Success (for §103 grounds): A POSITA would have expected success, as creating a web page to convey information from a network controller was a well-understood and common practice.

Ground 3: Claims 1-20 are obvious over Roskind or Gleichauf in view of Short

  • Prior Art Relied Upon: Roskind (Patent 9,398,037) or Gleichauf (Application # 2003/0191966) in view of Short (Patent 6,636,894).
  • Core Argument for this Ground: Petitioner argued that to the extent Roskind or Gleichauf did not explicitly disclose rendering the remediation web page from the network access gateway device, Short supplied this teaching. Short described a gateway device that hosts a local web server to efficiently redirect users to portal pages for authentication and access control.
    • Prior Art Mapping: Short explicitly taught maintaining a portal page on a server "local to the gateway device" to provide users with offers for services and to authorize access to a destination network, such as the internet.
    • Motivation to Combine (for §103 grounds): A POSITA implementing the quarantine systems of Roskind or Gleichauf would be motivated to consult a reference like Short for well-known implementation details. A POSITA would combine Short’s teaching of a locally-hosted web server with the primary references to create a more efficient and faster redirection mechanism for the quarantined user, which was a known benefit taught by Short.
    • Expectation of Success (for §103 grounds): A POSITA would have had a high expectation of success in combining these technologies, as locally-hosted web servers on gateway devices were well-understood and commonly used for network access control.
  • Additional Grounds: Petitioner asserted an additional obviousness challenge against claims 1-2 over Gleichauf in view of Short.

4. Key Claim Construction Positions

  • "subordinate to": Petitioner argued that the claim phrase "one or more network destination addresses that are not in or subordinate to the first network segment" is indefinite because the specification never defined or used the term "subordinate to." However, Petitioner contended that the claims were still unpatentable because, at a minimum, a general internet website (as disclosed in the prior art for remediation) was unambiguously not "in or subordinate to" a local network segment.

5. Key Technical Contentions (Beyond Claim Construction)

  • Priority Date Entitlement: Petitioner contended that the ’710 patent was not entitled to the priority date of its provisional application (the '702 Provisional). It was argued that the provisional failed to disclose the key limitation of "restricting all network traffic...to selected one or more network protocols." Therefore, Petitioner asserted the correct priority date was the filing date of the non-provisional application, March 10, 2005, which made references like Roskind available as prior art.

6. Relief Requested

  • Petitioner requested institution of an inter partes review and cancellation of claims 1-20 of the ’710 patent as unpatentable.