“[A] person of ordinary skill would have understood that in both the ‘713 patent and Sourcefire, the relevant data is located in the first packet of the message . . . [and] would have been sufficiently motivated by Sourcefire to design intrusion rules with the ssl_version keyword.”
On January 23, the Patent Trial and Appeal Board (PTAB) issued a final written decision in IPR2018-01437 holding all claims (1-20) of U.S. Patent No. 9,160,713 B2 (the ‘713 patent) unpatentable. The ‘713 patent, owned by Centripetal Networks, Inc. (CN), was challenged in an inter partes review (IPR) by Cisco System, Inc. (Cisco).
Packet Filtering Rules
The ‘713 patent relates to filtering network data transfers. When multiple data packets are received by a system, “[a] determination may be made that a portion of the packets have packet header field values corresponding to a packet filtering rule.” The specification discloses an embodiment in which a determination is made as to whether one or more of the received packets have header field values corresponding to the specified protocol of the packet filtering rule. This determination either allows the packets to continue on or blocks the packets from continuing to their destinations. According to the specification network address, port number or protocol type can also be applied in packet filtering rules.
Broadest Reasonable Construction
The PTAB began its analysis of the ‘713 patent by reviewing claim construction, noting that the claim terms would be given their broadest reasonable construction in light of the specification of the patent, via the standard for petitions filed before November 13, 2018. The PTAB agreed with Cisco that ‘713 patent’s construction of “packet” to mean “IP packet” is too narrow and inconsistent with the specification. First, according to the PTAB, the intrinsic evidence cited by the CN does not support the proposed construction, because the specification does not disclose a definition of “packet” nor seek to exclude certain types of packets. Additionally, the PTAB found that CN failed to explain why the limitation of comprising a network address in the dependent claims requires a “packet” to only include an “IP packet.” The PTAB was unpersuaded by CN’s argument that because the HTTPS packets are received by a computing system, the packets would naturally be IP packets. This disagreement hinged on the PTAB’s view that CN did not thoroughly explain why a person of ordinary skill would have understood an application packet not to have been received by a computing system when the IP packet containing that application packet is received by the system.
Prior Art Standard
Next, CN argued that Sourcefire did not qualify as prior art because it is not in a printed publication, but the PTAB disagreed. In determining whether a prior art reference constitutes a printed publication, the touchstone is public accessibility, explained the PTAB. Cisco argued that Sourcefire was publicly available before the priority date of the ‘713 patent because 1) it was disseminated through a CD-ROM disk to hundreds of customers who purchased Sourcefire 3D System products, and 2) it was available on Sourcefire’s support website. Citing Medtronic, Inc. v. Barry, the PTAB reasoned that although distributing materials to a group of experts is not enough for public accessibility, other recipients of the distributed materials must be taken into account if the recipients were not expected to hold the materials in strict confidence. Therefore, according to the PTAB, because the Sourcefire 3D system was publicly marketed and sold and distributed to over 500 interested customers without an expectation of confidentiality, the materials were publicly accessible and thus prior art to the ‘713 patent. The PTAB was unwavering regarding CN’s arguments that the Sourcefire website did not make the reference adequately available, or that the cost of the Sourcefire 3D System was too high, preventing skilled artisans from accessing the content.
The PTAB reviewed the ‘713 patent for obviousness as a bar to patentability. The PTAB began by citing KSR Int’l Co. v. Teleflex Inc.:
“A claim is unpatentable under §103 if the differences between the claimed subject matter and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill to which said subject matter pertains . . . [The inquiry also requires an analysis of] whether there was an apparent reason to combine the known elements in the fashion claimed by the patent at issue.”
In Sourcefire, explained the PTAB, custom “intrusion rules” can be created by users to examine packets and manage the rules across all the 3D sensors in the system, through a centralized defense center. The intrusion rules dictate whether the packet (and thus network traffic) passes, is ignored, or is dropped. Cisco argued that Sourcefire teaches a computing system with packet-filtering rules as recited in the first step of claim 1, and further teaches a pass or drop system that allows packets to continue on to their destination or be dropped, as recited in the second and third steps of claim 1. Additionally, Cisco argued that Sourcefire teaches that a pass or drop rule can be triggered by a packet’s header indicating a particular TLS version. The PTAB found that even where Sourcefire discloses obtaining TLS information from reconstructed messages opposed to packets (as argued by CN), Sourcefire still teaches a determination that a packet comprises TLS version information, and reconstructed messages consist of packets. Therefore, the PTAB held that a person of ordinary skill in the art would have understood that in both the ‘713 patent and Sourcefire, the relevant data is located in the first packet of the message.
The PTAB also found that in not requiring inspection of application header values, claim 1 broadly encompasses any method of making the recited determination. Furthermore, the PTAB held that even after an encrypted session is established, Sourcefire teaches that each subsequent TLS-encrypted message in the session (and, this, the first packet of each such message) can be assessed by the intrusion rules. Regarding CN’s argument that a motivation is needed to “modify” Sourcefire to teach the recited blocking of patents, the PTAB found that no such modification would have been required because Sourcefire explains the use of the ssl_version keyword in designing rules based on TLS information, in addition to teaching the drop rules triggering packets to be dropped. Therefore, according to PTAB, a person of ordinary skill would have been sufficiently motivated by Sourcefire to design intrusion rules with the ssl_version keyword.
Regarding claims 2-4, the PTAB disagreed with CN’s argument that “Sourcefire explicitly discloses applying the TLS-version value packet-filtering rules recited in the independent claims to a first portion of packets and not a second portion of packets” or “that a person of ordinary skill would have written such a rule.” This argument falls flat, held the PTAB, because explicit disclosure is not required for obviousness. No argument was made by CN in response to Cisco’s challenge of claims 5-7. Independent claim 8 recites a system comprising a processor and a memory storing instructions that perform substantially similar steps as recited in claim 1, with claims 9-14 depending from claim 8 with limitations similar to those of claims 2-7. Independent claim 15 recites non-transitory computer readable media comprising instructions substantially similar to the steps of claim 1, with dependent claims 16-20 reciting similar limitations as those of claims 2-7. Therefore, the PTAB agreed with Cisco that the preponderance of the evidence suggested that Sourcefire teaches each of the limitations in claims 8-20.
The PTAB agreed that secondary considerations, such as long-felt but unmet need and failure of others, are material to an obviousness analysis. However, the PTAB held that insufficient analysis was presented to demonstrate that the RuleGATE product praised by the “EG Paper” was evidence of long-felt and unmet need coextensive with any claim of the ‘713 patent. Nor does CN provide sufficient explanation as to how “cyber threat intelligence” is related to the challenged claims, or how the “packet-by-packet” nature of the claimed method addresses the threat of exfiltrations as stated. The PTAB also found little indication of industry praise or commercial success and licensing sufficient to establish the requisite nexus with the ‘713 patent. Therefore, with no secondary considerations, the PTAB held that each of the challenged claims would have been obvious over Sourcefire.
More From the PTAB
Of the latest eight final written decisions from the PTAB, all challenged claims were found unpatentable in seven:
IPR2018-00912, Zscaler Inc. v. Symantec – Final Written Decision issued 1-27-20 finding all challenged claims unpatentable.
IPR2018-01558, The Chemours Company v. Daikin Industries, Ltd. – Final Written Decision 1-23-20 Determining All Challenged Claims Unpatentable.
IPR2018-01252, Apple v. Qualcomm – Final Written Decision 1-22-20 Determining No Challenged Claims Unpatentable.