Palo Alto Networks Inc v. Centripetal Networks Inc

1. Case Identification

• Case #: PGR2021-00108
• Patent #: 10,931,797
• Filed: August 3, 2021
• Petitioner(s): Palo Alto Networks, Inc.
• Patent Owner(s): Centripetal Networks, Inc.
• Challenged Claims: 1-20

2. Patent Overview

• Title: Correlating Packets Transmitted Through a Network Device
• Brief Description: The ’797 patent discloses systems and methods for correlating network packets by using a computing system to determine log entries for packets received by a network device and log entries for packets transmitted by that device, and then comparing the logs to find a match.

3. Grounds for Unpatentability

Ground 1: Obviousness over Paxton and Sutton - Claims 1-2, 7-8, 10, 12-13, and 17-18 are obvious over Paxton in view of Sutton.

• Prior Art Relied Upon: Paxton (Application # 2014/0280778) and Sutton (Patent 8,413,238).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Paxton taught the core limitations of the independent claims, including a method to identify and correlate network packets as they cross a boundary that performs Network Address Translation (NAT). Paxton’s system achieved this by recording log entries (e.g., payload hashes, timestamps, IP addresses) on both sides of the boundary and then matching these records. This mapping covered the claimed steps of determining first and second pluralities of log entries and correlating them based on a comparison.
  • Motivation to Combine: Petitioner contended that while Paxton disclosed how to correlate packets to trace malicious activity, it did not detail the subsequent remedial actions. Sutton, which taught a distributed security system, filled this gap by disclosing actions taken after detecting malicious communications (e.g., with "darknet" addresses), such as generating rules to filter or block the traffic and notifying administrators. A person of ordinary skill in the art (POSITA) would combine Sutton's automated security responses with Paxton's correlation engine to create a more robust and complete network security system.
  • Expectation of Success: A POSITA would have a reasonable expectation of success because both Paxton and Sutton described modular systems implemented on well-known network devices like servers and gateways. Integrating Sutton’s techniques for rule generation and threat response into Paxton’s correlation framework was presented as a predictable combination of known elements to improve network security.

Ground 2: Obviousness over Paxton, Sutton, and Ivershen - Claims 3-6, 14-16, and 19-20 are obvious over Paxton and Sutton in view of Ivershen.

• Prior Art Relied Upon: Paxton (Application # 2014/0280778), Sutton (Patent 8,413,238), and Ivershen (Patent 8,219,675).

• Core Argument for this Ground:

  • Prior Art Mapping: This ground built upon the combination of Paxton and Sutton to address dependent claims requiring correlation based on additional, specific packet data. Petitioner argued that to the extent Paxton did not explicitly disclose comparing port numbers (claims 3, 14, 19), network-interface identifiers (claims 4, 15, 20), or precise timestamps (claims 5-6, 16), Ivershen supplied these missing elements. Ivershen described correlating IP flows across a NAT firewall using various data points, including port information from NAT translation tables and by comparing flow start timestamps within a narrow time window.
  • Motivation to Combine: Petitioner asserted that since both Paxton and Ivershen aimed to solve the same problem—correlating packets across a NAT using information that remains invariant—a POSITA would be motivated to incorporate Ivershen’s use of additional correlation parameters into Paxton’s system. Using more data points like port numbers and flow durations, as taught by Ivershen, would predictably increase the confidence and accuracy of Paxton's correlation results.
  • Expectation of Success: The integration was argued to be straightforward. Paxton’s system already maintained a database of hashes, timestamps, and IP addresses. Adding other packet information taught by Ivershen, such as port numbers, would involve routine data processing techniques well within the skill of a POSITA.

• Additional Grounds: Petitioner asserted obviousness challenges for claim 9 over Paxton, Sutton, and Deschenes (Application # 2013/0262655) to add the capability of correlating encrypted packets, and for claim 11 over Paxton, Sutton, and Roese (Application # 2006/0048142) to add receiving user input to define generated rules. Petitioner also asserted that claims 1-20 are invalid under 35 U.S.C. §112 for indefiniteness, and for failure to meet the written description and enablement requirements.

4. Key Claim Construction Positions

• For the purposes of its prior art arguments, Petitioner proposed interpreting the claim term "determining... log entries." Petitioner argued this term is indefinite but, for the sake of analysis, should be construed as "generating... log entries" to conform with the patent's specification, which repeatedly describes the generation of logs, not their "determination." This construction was central to both the obviousness and indefiniteness arguments.

5. Key Technical Contentions (Beyond Claim Construction)

• Indefiniteness of "determining": Petitioner argued that independent claims 1, 12, and 17 were fatally indefinite because the phrase "determining... a first plurality of log entries" lacks a clear meaning. The claims failed to specify what is being "determined" (e.g., decided or ascertained) about the log entries, and this phrasing was an unexplained departure from the term "generating" used in all related family patents.
• Indefiniteness from Circular Logic: Petitioner contended that dependent claims 2, 13, and 18, which recite "provisioning... rules based on the determined correlation... to identify the first... plurality of packets," contained circular and illogical process steps. The claims required using a correlation result to generate rules to find the very same packets that had to have been identified and analyzed before the correlation could be made. This circular logic was alleged to be unsupported by the specification and would render the claims' scope unascertainable.

6. Arguments Regarding Discretionary Denial

• Petitioner argued against discretionary denial of the Post-Grant Review (PGR) under both §325(d) and §324(a) (Fintiv factors).
• §325(d): The petition asserted that the primary prior art references (Paxton, Sutton, Deschenes) and the proposed combinations were never presented to or considered by the Examiner during prosecution. While Ivershen and Roese were listed in an Information Disclosure Statement, they were never applied in a rejection, making the arguments substantially new.
• §324(a) / Fintiv: In view of a co-pending district court case, Petitioner argued that the PTAB should institute review. The key factors weighing against denial included: Petitioner had filed a motion to stay the district court case; the court had not set a trial date and was awaiting a ruling on the stay; and there had been no substantive orders, discovery, or claim construction in the parallel litigation. Further, the PGR presented distinct issues, such as the §112 invalidity grounds, that would streamline and simplify the district court case if it were to proceed.

7. Relief Requested

• Petitioner requested institution of a PGR and cancellation of claims 1-20 of the ’797 patent as unpatentable.