palo alto ipr decision

8/13/2019 Palo Alto IPR Decision

1/33

[email protected] Paper 17

571-272-7822 Entered: January 28, 2014

UNITED STATES PATENT AND TRADEMARK OFFICE

____________

BEFORE THE PATENT TRIAL AND APPEAL BOARD

____________

PALO ALTO NETWORKS, INC.,

Petitioner,

v.

JUNIPER NETWORKS, INC.,

Patent Owner.

____________

Case IPR2013-00466

Patent 7,734,752 B2

____________

Before MICHAEL R. ZECHER, JAMES A. TARTAL, and

MIRIAM L. QUINN,Administrative Patent Judges.

TARTAL,Administrative Patent Judge.

DECISION

Institution ofInter PartesReview

37C.F.R. 42.108


2/33

Case IPR2013-00466

Patent 7,734,752 B2

2

Palo Alto Networks, Inc. (Petitioner) filed a Petition (Paper 4,

Pet.) requesting inter partesreview of claims 1-23 of U.S. Patent No.

7,734,752 B2 (Ex. 1001, the 752 patent). Juniper Networks, Inc. (PatentOwner) timely filed a Patent Owners Preliminary Response (Paper 15,

Prelim. Resp.). We have jurisdiction under 35 U.S.C. 314.

I. INTRODUCTION

The standard for instituting an inter partesreview is set forth in

35 U.S.C. 314(a), which provides:

THRESHOLD.The Director may not authorize an interpartes review to be instituted unless the Director determines

that the information presented in the petition filed under section

311 and any response filed under section 313 shows that there

is a reasonable likelihood that the petitioner would prevail with

respect to at least 1 of the claims challenged in the petition.

For the reasons set forth below, we conclude that the information

presented in the Petition establishes that there is a reasonable likelihood that

Petitioner will prevail in challenging as unpatentable claims 1-23 of the 752

patent. Accordingly, pursuant to 35 U.S.C. 314, we authorize an inter

partesreview to be instituted as to claims 1-23 of the 752 patent.

A. Related MattersPetitioner states that the 752 patent was asserted against it in a

complaint served on September 25, 2012, inJuniper Networks, Inc. v. PaloAlto Networks, Inc., No. 11-1258-SLR (D. Del.) (the Concurrent

Litigation). Pet. 10.


3/33

Case IPR2013-00466

Patent 7,734,752 B2

3

B. The 752 PatentThe application for the 752 patent, filed October 12, 2004, was a

continuation-in-part of an application, filed March 28, 2003, that issued as

U.S. Patent No. 7,650,634 (the 634 patent). The application that issued

as the 634 patent was a continuation-in-part of an application, filed

February 8, 2002, which issued as U.S. Patent No. 8,370,936. Petitioner

asserts that because claims of the 752 patent are directed to new matter

added to the634 patent application, the earliest priority date for the 752

patent is October 12, 2004. Pet. 11-13. Patent Owner has not contended

that the 752 patent is entitled to an earlier priority date. Prelim. Resp. 8.

The 752 patent, titled Intelligent Integrated Network Security

Device for High-Availability Applications, relates to systems and methods

for controlling computer network security. Ex. 1001, Abstract, 1:16-18.

The method disclosed by the 752 patent includes configuring a primary

security system for processing packets by maintaining flow information for a

group of devices, designating a secondary security system for processing

packets upon a failover event, and sharing flow records from the primary

security system with the secondary security system. Id. at 2:17-24. The

system disclosed by the 752 patent implements the method, including a first

apparatus with a first security device, a first module to maintain flow

information associated with packets received from a computer network, and

a communication interface operable to permit an exchange of flow records

with a second apparatus. Id. at 2:25-30. The first module also may share


4/33

Cas

Pate

devi

32.

mod

pacwith

atte

IPR2013

nt 7,734,7

ce-specifi

Figure 1ule.

Figure 1

ets beingsecurity d

pted net

-00466

52 B2

flow info

0 of the

0 of the

ommunicevices, to

ork secur

rmation

52 patent,

52 patent

ated withifacilitate

ty intrusi

4

ith the fir

reproduc

shows ses

a networlocking o

n. Id. at

t security

d below,

ion modu

k, and mapackets a

:16-41.

device. I

epicts a s

le 122 tha

act, in cssociated

s illustrat

. at 2:31-

ssion

monitors

njunctionith an

d in


5/33

Case IPR2013-00466

Patent 7,734,752 B2

5

Figure 10, incoming packet interface 205 receives packets, which are then

analyzed by flow processing engine 202 to determine whether an attempted

security intrusion is in progress. Id. at 8:9-13. Flow table 215 storesinformation regarding flows associated with received packets, including

flow records associated with current Transmission Control Protocol/Internet

Protocol (TCP/IP) flows. Id. at 3:65-67; 8:13-16. A TCP/IP flow may

include a sequence of data packets communicating information between a

source and a destination in one direction. Id. at 3:67-4:2. Flow table 215

includes primary, or active, portion 1002, which may be dedicated to store

information related to operation of the given session module as a primary

security system, and secondary portion 1004, which may be dedicated to

store information related to the operation of the session module as a

secondary security system. Id. at 8:16-27. Primary and secondary portions

1002 and 1004, respectively, may be integrated in flow table 215. Id. at

8:27-29.

C.Illustrative ClaimsClaims 1 and 13 are independent claims. Claims 2-12 depend,

directly or indirectly, from independent claim 1. Claims 14-23 depend,

directly or indirectly, from independent claim 13.

Claim 1, reproduced below, is illustrative of the claimed subject

matter:

1. A method in a computer network, comprising:

processing packets, by a primary security system, the

primary security system including a first device-implemented

session module to maintain flow information for the primary


6/33

Case IPR2013-00466

Patent 7,734,752 B2

6

security system to facilitate processing of the packets, where the

first device-implemented session module includes a first flow

table having a primary portion that stores information

associated with the operation of the first device-implementedsession module, when the primary security system is

functioning in a primary security system mode, and a secondary

portion that stores information associated with the operation of

the first device-implemented session module, when the primary

security system is functioning in a failover mode;

designating a secondary security system for processing

packets upon a fail over event, the secondary security system

including a second device-implemented session module to

maintain flow information for the secondary security system to

facilitate processing of the packets, where the second device-implemented session module includes a second flow table

having a primary portion that stores information associated with

the operation of the second device-implemented session

module, when the secondary security system is functioning in a

primary security system mode, and a secondary portion that

stores information associated with the operation of the second

device-implemented session module, when the secondary

security system is functioning in a failover mode;

sharing flow records from the primary security systemwith the secondary security system;

sharing flow records from the secondary security system

with the primary security system;

using the primary security system to provide fail over

support for the secondary security system, based on the

information stored in the secondary portion of the first flow

table; and

using the secondary security system to provide fail over

support for the primary security system, based on the

information stored in the secondary portion of the second flowtable.


7/33

Case IPR2013-00466

Patent 7,734,752 B2

7

D.Asserted Grounds of UnpatentabilityPetitioner challenges claims 1-23 of the 752 patent based on the

alleged grounds of unpatentability set forth in the table below, as further

supported by the Declaration of Dr. John Mitchell (Ex. 1005).

Reference(s) Basis Claims Challenged

Liu1 102 1-23

Adelman2 102 1-8, 12-19, and 23

Syvanne Publication3/ Syvanne

4 102 1-3, 5, 8-15, and 18-23

Adelman 103 1-23

Adelman and Syvanne 103 1-23

Albert5and Colasurdo6 103 1-23

II. CLAIM CONSTRUCTION

As a step in our analysis for determining whether to institute trial, we

determine the meaning of the claims. Consistent with the statute and

legislative history of the Leahy-Smith America Invents Act (AIA), Pub. L.

No. 112-29, 125 Stat. 284, 329 (2011), claims of unexpired patents are

construed by applying the broadest reasonable interpretation, in light of the

specification. 37 C.F.R. 42.100(b); see alsoOffice Patent Trial Practice

1U.S. Patent No. 7,197,660 B1, issued March 27, 2007 (Ex. 1008, Liu).

2U.S. Patent No. 6,078,957, issued June 20, 2000 (Ex. 1009, Adelman).

3U.S. Patent Application Publication No. 2002/0112189 A1, published

August 15, 2002 (Ex. 1011, Syvanne Publication).

4U.S. Patent No. 7,162,737 B2, issued January 9, 2007 (Ex. 1010,Syvanne).5U.S. Patent No. 6,704,278 B1, issued March 9, 2004 (Ex. 1006, Albert).

6U.S. Patent Application Publication No. 2002/0161839 A1, published

October 31, 2002 (Ex. 1007, Colasurdo).


8/33

Case IPR2013-00466

Patent 7,734,752 B2

8

Guide, 77 Fed. Reg. 48,756, 48,766 (Aug. 14, 2012). Under the broadest

reasonable interpretation standard, claim terms are given their ordinary and

customary meaning, as would be understood by one of ordinary skill in theart in the context of the entire disclosure. In re Translogic Tech. Inc., 504

F.3d 1249, 1257 (Fed. Cir. 2007). Any special definition for a claim term

must be set forth with reasonable clarity, deliberateness, and precision. In re

Paulsen, 30 F.3d 1475, 1480 (Fed. Cir. 1994).

A. primary portion and secondary portionIndependent claims 1 and 13 each require flow tables having a

primary portion and a secondary portion. Petitioner argues that the

specification of the 752 patent indicates that the primary portion and

secondary portion of a flow table must be separate and distinct. Pet. 16.

Patent Owner asserts that no construction of any term of the 752 patent is

necessary, but further states that it is undisputed that the claimed primary

portion and secondary portion refer to portions in a single flow table.Prelim. Resp. 9 (emphasis omitted). Patent Owner disputes that the primary

and secondary portions need be separate and distinct, but maintains it is

irrelevant to the grounds of unpatentability raised by Petitioner. Id. at 10.

In support of its proposed construction, Petitioner directs us to

Figure 10 of the 752 patent, shown above, which includes a schematic

depiction of a session module with a large box depicting Flow Table 215,

within which appears a box for Active Portion (also called Primary Portion)

1002 and a box for Secondary Portion 1004. Pet. 16 (citing Ex. 1001,

fig. 10). The specification suggests that portions of the flow table may be


9/33

Case IPR2013-00466

Patent 7,734,752 B2

9

dedicated as primary and secondary portions, but does not state that such

dedication is required or exclusive. Ex. 1001, 8:16-27. As noted above, the

specification further states that the primary and secondary portions may beintegrated in the flow table. Id. at 8:27-29. Thus, the mere illustration of

two boxes in a schematic diagram in the specification, each representing a

particular portion, does not demonstrate that those portions must be separate

and distinct from one another. Moreover, an ordinary and customary

definition, to one of ordinary skill in the relevant art, of the term portion is

a section or quantity within a larger thing; a part of a whole. The

American Heritage Dictionary 966 (2d college ed. 1982). Therefore, an

ordinary and customary definition of portion also does not support

Petitioners proposed construction.

Petitioner has not shown that independent claims 1 and 13, in light of

the specification, necessarily require that the primary portion and

secondary portion of a flow table be separate and distinct or different.

Petitioner also has not shown that its alleged grounds of unpatentability turn

on whether portions are separate and distinct. Consequently, based on the

record before us, the terms primary portion and secondary portion are

given their ordinary and customary meaning, as would be understood by one

with ordinary skill in the art in light of the 752 patent. For purposes of this

Decision, we construe primary portion and secondary portion each as a

section or quantity within the flow table that makes up part of the flowtable.


10/33

Case IPR2013-00466

Patent 7,734,752 B2

10

B.Remaining Claim Terms or PhrasesFor purposes of this Decision, all remaining claim terms or phrases

recited in claims 1-23 of the 752 patent are given their ordinary and

customary meaning, as would be understood by one of ordinary skill in the

art.

III. ANALYSIS

A. Preliminary Issue of Precluding Petitioner from Requesting ReviewAs a threshold issue, Patent Owner argues that the Petition should be

denied under the doctrine of assignor estoppel. SeePrelim. Resp. 2. Nir

Zuk and Yuming Mao are two of the three inventors named on the face of

the 752 patent. Patent Owner contends that Mr. Zuk and Mr. Mao are in

privity with Petitioner.7Id. at 2, 6 n. 6.

Assignor estoppel is not a basis for denying a petition requesting inter

partesreview. As explained in a previous Board decision:

Under the AIA, a person who is not the owner of apatentmay file with the Office a petition to institute an inter

partes review of the patent. 35 U.S.C. 311(a) (emphasis

added). Consequently, under the statute, an assignor of a

patent, who is no longer an owner of the patent at the time of

filing, may file a petition requesting inter partesreview. This

statute presents a clear expression of Congresss broad grant of

7 This case does not require us to reach the issue of whether Mr. Zuk orMr. Mao is in privity with Petitioner, as asserted by Patent Owner, because

we conclude that, even if Patent Owner established such a relationship,

Patent Owner has not shown a sufficient basis to preclude Petitioner from

requesting inter partesreview.


11/33

Case IPR2013-00466

Patent 7,734,752 B2

11

the ability to challenge the patentability of patents through inter

partesreview.

Athena Automation Ltd. v. Husky Injection Molding Sys. Ltd.,IPR2013-00290, slip op. at 12-13 (PTAB Oct. 25, 2013),Paper No.

18.

Patent Owners reliance on 37 C.F.R. 42.101(c) is misplaced. See

Prelim. Resp. 3. That regulation states, in relevant part, that a person may

not file a petition if the petitioner or a privy of the petitioner is estopped

from challenging the claims on the grounds identified in the petition. The

grounds for estoppel, as referenced in 42.101(c), are discussed expressly in

37 C.F.R. 42.73(d), which states:

Estoppel. (1) Petitioner other than in derivation proceeding. A

petitioner, or the real party in interest or privy of the petitioner,

is estopped in the Office from requesting or maintaining a

proceeding with respect to a claim for which it has obtained a

final written decision on patentability in an inter partes review,

post-grant review, or a covered business method patent review,

on any ground that the petitioner raised or reasonably couldhave raised during the trial, except that estoppel shall not apply

to a petitioner, or to the real party in interest or privy of the

petitioner who has settled under 35 U.S.C. 317 or 327.

Patent Owner does not contend that Petitioner, or its privy, has obtained a

final written decision on patentability in an inter partes review, post-grant

review, or a covered business method patent review, on any ground that the

petitioner raised or reasonably could have raised during the trial, as isrequired for Petitioner to be estopped under 37 C.F.R. 42.101(c). Patent

Owner, therefore, has failed to show that estoppel applies pursuant to


12/33

Case IPR2013-00466

Patent 7,734,752 B2

12

37 C.F.R. 42.73 and 42.101(c). Furthermore, we are not persuaded that

the equitable doctrine of assignor estoppel provides an exception to the

statutory mandate that any person who is not the owner of a patent may file apetition for inter partesreview. Accordingly, we decline to deny the

Petition based on Patent Owners estoppel arguments.

Patent Owner further asserts that, even if Petitioner is not barred from

requesting inter partesreview, the Board should exercise its discretion to

deny institution of trial because of the relationship between Petitioner and

Mr. Zuk or Mr. Mao. SeePrelim. Resp. 5-6. Patent Owner argues that the

Boards discretion provides an alternative ground for applying the principles

of equitable estoppel. Id. Patent Owner further argues, more generally, that

equitable considerations weigh against granting the Petition, including that

Patent Owner is denied the opportunity to submit inventor declarations

under 37 C.F.R. 1.131 so as to swear behind what might otherwise

constitute prior art because Mr. Zuk is adverse to Patent Owner. Id. at 6.

To the extent the Board has discretion to consider equitable

considerations in determining whether to institute trial, in this case, Patent

Owner has not made a showing which warrants exercise of that discretion.

For the same reasons discussed above, Patent Owner has not shown that the

Board should exercise discretion to apply principles of assignor estoppel to

circumvent the express statutory language that permits any person who is

not the owner of a patent to request inter partesreview. With regard toother equitable considerations, Patent Owners arguments are speculative.

Patent Owner does not identify any specific prior art it seeks to swear


13/33

Case IPR2013-00466

Patent 7,734,752 B2

13

behind, and makes no showing that it is unable to do so merely because two

of a multiple number of inventors listed on the face of the patent may have a

relationship with Petitioner. Accordingly, we conclude that Patent Ownerhas not shown that Petitioner is barred or estopped, or otherwise should be

precluded, from requesting inter partesreview of the 752 patent.

B.Anticipation Based on LiuPetitioner contends that Liu is prior art to the 752 patent and

anticipates claims 1-23 under 35 U.S.C. 102. Pet. 21. Petitioner relies

upon claim charts, as well as the Declaration of Dr. John Mitchell (Ex.

1005), to explain how Liu anticipates these claims of the 752 patent. Pet.

22-33.

Liu, titled High Availability Network Security Systems, relates to

network security systems and to redundancy protocols for network security

systems. Ex. 1008, 1:1-8. Liu describes a recovery method for a network

security system, including providing a backup device with state informationfor a master device, detecting failure in a cluster of network security devices,

and using the state information to recover from the failure. Id. at 2:3-9.

State information may include session information and encryption

information. Id. at 2:14-15. The master device and the backup device can

include a messaging engine for communicating state information between

the two devices. Id. at 2:40-42. The method described by Liu includes

providing a network device connected to a plurality of network devices that

are divided into a first and second group, and configuring the network device


14/33

Case IPR2013-00466

Patent 7,734,752 B2

14

to support connections within the first group and backup connections within

the second group. Id. at 2:50-55.

Patent Owner argues that Petitioner has not established that Liudescribes a primary security system and secondary security system, each

of which must include a session module and flow table. Prelim. Resp.

13. Liu states that a security device includes, among other things, a

Recovery System and a Security System. Ex. 1008, 4:7-10. Patent

Owner argues that Petitioner cannot rely on Lius Recovery System as

describing elements of the claimed security system. Id. at 13-14. We are

not persuaded that Petitioner cannot rely on Lius description of a security

device to identify each element claimed merely because that security device

includes components separately labeled as a recovery system and a security

system.

Patent Owner argues that Petitioner has failed to establish that Liu

describes a first flow table with a primary portion and a secondary

portion. Prelim. Resp. 14. As part of a security device, Liu describes

recovery system 202 with memory 208 and controller 206. Ex. 1008, 4:21-

22. Memory 208 contains redundancy group table 210, master data

partition 212, and backup data partition 214. Id. at 4:22-24. The master data

partition 212 stores state information for the set of connections for which a

given security device is acting as master device. Id. at 4:36-38. Backup

data partition 214 stores state information for the set of connections forwhich the security device is acting as backup. Id. at 4:39-42. According to

the 752 patent, a flow table store[s] information regarding flows associated


15/33

Case IPR2013-00466

Patent 7,734,752 B2

15

with received packets. Ex. 1001, 8:13-16. Patent Owner argues that Liu

does not describe data in a memory organized as a flow table as the 752

patent claims require, but Patent Owner does not show that the claimlanguage requires any such data organization. SeePrelim, Resp. 15. Thus,

we are not persuaded by Patent Owners argument, on the present record,

that because Liu does not label memory 208 a flow table, it is

distinguishable from the flow table of the 752 patent claims. Similarly,

Patent Owners assertion that Liu fails to disclose primary and secondary

portions of a flow table has not persuaded us, on the present record, because

Liu describes master data partition 212 and backup data partition 214 as two

portions of memory 208. It is well settled that anticipation is not an

ipsissimis verbis test. In re Bond, 910 F.2d 831, 832-33 (Fed. Cir. 1990)

(citingAkzo N. V. v. U.S. Intl Trade Commn, 808 F.2d 1471, 1479 n.11

(Fed. Cir. 1986)). An anticipatory reference . . . need not duplicate word

for word what is in the claims. Standard Havens Prods. v. Gencor Indus.,

Inc., 953 F.2d 1360, 1369 (Fed. Cir. 1991).

Patent Owner presents the same argument against the claimed first

flow table to rebut Petitioners position that Liu discloses a second flow

table having a primary portion and a secondary portion, as claimed.

For the same reasons discussed above, that argument is unpersuasive. See

Prelim. Resp. 16. Liu discloses a cluster of security devices, such that, if

one device in the group fails, another can take over the processing of thefailed device. Ex. 1008, 3:51-55. Thus, we understand Petitioner to contend

that Liu describes a first security device, with a first memory operating as a


16/33

Case IPR2013-00466

Patent 7,734,752 B2

16

first flow table, as claimed, and a second security device, with a second

memory operating as a second flow table, as claimed. Pet. 22-26.

Patent Owner also argues that Petitioner has not shown that Liudescribes a secondary portion of a flow table that stores information

associated with the operation of the [] device-implemented session module,

when the [] security system is functioning in a failover mode, as claimed.

Prelim. Resp. 16. In particular, Patent Owner argues that Liu describes a

backup data partition that acts as a repository for backup state data, but does

not describe any use or association of the backup data partition

information with post-failover operation. Id. at 17. Patent Owner states

that Lius system may be distinguished from the claimed system, where the

flow table in each security system synchronizes data with the flow table in

the other security system, so that in the event of failure either flow table is

ready to handle processing ordinarily performed by the other. Id. We are

not persuaded by Patent Owners argument because it is not commensurate

with the scope of the claims, which do not require that one flow table is

ready to handle processing performed by the other. It is well established

that limitations not appearing in the claims cannot be relied upon for

patentability. See In re Self, 671 F.2d 1344, 1348 (CCPA 1982).

Patent Owner argues that Liu does not disclose providing failover

support based on information stored in the secondary portion of a flow table,

as claimed. Prelim. Resp. 18. In particular, Patent Owner argues thatPetitioner does not explain how failover support is provided by the first

security system based on information from a secondary portion of a flow


17/33

Case IPR2013-00466

Patent 7,734,752 B2

17

table within its session module. Id. For purposes of this Decision, we find

sufficient Petitioners explanation that Liu discloses providing failover

support between cluster members based on the state information stored forother members of the cluster. SeePet. 26 (citing Ex. 1008, 5:53-62, fig. 2).

With regard to Patent Owners argument that Liu fails to disclose

sharing flow records, Patent Owner contends that Petitioner has not shown

that the state information and control messages are organized into

flow records. Prelim. Resp. 19. Patent Owner does not provide sufficient

evidence of the organization required for information to constitute flow

records, and proposes no construction for the term flow records. The

752 patent states that Flow records 302 may store policy information (e.g.,

firewall policy, [intrusion prevention system] policy etc., to apply to the

flow)[,] as well as other information that may be used by the security

devices such as encryption parameters, address translation parameters,

bookkeeping information, and statistics. Ex. 1001, 4:11-16. Thus, we are

not persuaded by Patent Owners argument that the information described in

Liu as being sharednamely state information and control messages

may be distinguished from the flow records, as claimed.

Claim 6

With respect to claim 6, Petitioner identifies Lius disclosure of

failure detection through control messages as corresponding to detecting an

absence of a keep-alive signal, as claimed. Pet. 29. On the present record,

we are not persuaded by Patent Owners argument that control messages, as

described by Liu, are not keep-alive signals. Prelim. Resp. 20.


18/33

Case IPR2013-00466

Patent 7,734,752 B2

18

Alternatively, because dependent claim 6 requires detecting an

absenceof a keep-alive signal, it may be understood to encompass a

negative limitation. Although a negative limitation is permissible, it merelyrecites what a claim lacks and, therefore, is likely to be broad by its very

nature. Consequently, a negative limitation requiring the absenceof an

element may be adequately described by a cited prior art reference if that

reference does not otherwise require the presence of the element recited in

the negative limitation. In this case, Patent Owner has not provided

sufficient evidence indicating that Lius disclosure of a control message that

indicates path status information (success or fail) (Ex. 1008, 5:67-6:3)

requires the presence of a keep-alive signal.

Claim 8

Claim 8 requires that the the secondary security system is configured

substantially identical to the primary security system. Patent Owner does

not explain what configured means with respect to the claim, but argues

more generally that the Petition and Liu are completely silent as to the

configurations of Liu security devices 102 and 104 employed as master and

backup. Id. at 21. On the present record, Petitioner has shown that Liu

discloses configuring the backup to act in place of the master. Pet. 30 (citing

Ex. 1008, 9:53-64; fig. 7). Patent Owner offers no explanation of what

substantially identical requires that is not disclosed by Liu, and, as

explained by Petitioner, the very notion of a backup described by Liu

requires that it be configured in a manner that operates in place of the

master. See id.


19/33

Case IPR2013-00466

Patent 7,734,752 B2

19

Claim 9

Patent Owner argues that Petitioner has not shown that Liu describes

sharing the flow records between the primary security system and thesecondary security system at predetermined intervals, as recited by claim 9.

Prelim. Resp. 21. We are not persuaded by Patent Owners argument

because Patent Owner offers no support for the asserted conclusion that

sending and receiving information during run-time, as disclosed by Liu,

does not constitute an exchange at predetermined intervals. Indeed, Patent

Owner offers no explanation of what predetermined intervals means in the

context of the claims to differentiate the term from the intervals associated

with sending and receiving state information during run-time, as described

by Liu. Pet. 31 (citing Ex. 1008, 8:20-23, fig. 5).

Claims 10 and 11

Claim 10 and claim 11, which depends from claim 10, require sharing

flow records when a refresh message is received. Petitioner identifies

several descriptions in Liu as corresponding to that limitation. Pet. 31.

First, Petitioner identifies Lius description of a backup engine that receives

updates. Ex. 1008, 5:26-35. Further, Petitioner identifies Lius description

of a messaging engine used for communicating state information (id. at

2:38-48), and a security device that notifies group members of its status and

receives and stores state information (id. at 6:66-7:1). Liu describes that the

security device sends and receives state information and path status

information using the control message engine. Id. at 8:20-23. Thus, we

understand Petitioner to contend that Lius description of sending and


20/33

Case IPR2013-00466

Patent 7,734,752 B2

20

receiving control messages, followed by an exchange of state information,

correspond to the claimed sharing of information when a refresh message is

received. We are not persuaded by Patent Owners argument that Liu failsto disclose the limitation, absent any explanation distinguishing, for

example, control messages as described by Liu and a refresh message, as

claimed.

Additionally, with respect to claim 11, Patent Owner argues that Liu

fails to describe sending a refresh message when a session is set-up or torn

down, as claimed. Prelim. Resp. 23. Petitioner establishes that Liu

discloses sending and receiving state information using control messages

during run-time, and offers expert testimony in support of its contention that

sending messages during run-time includes when a session is set-up or torn

down. Pet. 32 (citing Ex. 1005 123). Patent Owners argument is not

persuasive because Patent Owner does not explain how session, set-up,

or torn down must be construed in light of the specification of the 752

patent to support the conclusion that it may be distinguished from the

description of Liu.

Claims 13-23

With respect to system claims 13-23, Petitioner contends that they are

anticipated for essentially the same reasons discussed above in the

corresponding method claims. Pet. 33. Petitioner argues that, during

prosecution of the 752 patent, Patent Owner stated that claims 13-23

correspond to a system for implementing the methods of claims 1-12, and

claims 13-23 correspond to the same subject matter of claims 1-12. Id.


21/33

Case IPR2013-00466

Patent 7,734,752 B2

21

Patent Owner argues that Petitioner has failed to state with particularity the

asserted grounds of unpatentability for claims 13-23. Prelim. Resp. 23-25.

While Patent Owner suggests that at least some of the system claims maynot align precisely with the method claims, Patent Owner neither disputes

Petitioners assertion that Patent Owner represented during prosecution that

the system claims correspond to the subject matter of the method claims, nor

disputes that the subject matter of the system claims, in fact, corresponds to

the subject matter of the method claims. Additionally, Petitioner has

provided expert testimony identifying the grounds on which each system

claim corresponds to a method claim. Pet. 33 (citing Ex. 1005 125-139).

In summary, having considered all of the information Petitioner has

presented based on Liu with respect to claims 1-23, as well as the arguments

presented in Patent Owners Preliminary Response, we conclude that, on the

present record, Petitioner has shown a reasonable likelihood that claims 1-23

are anticipated by Liu.

C.Anticipation and Obviousness Based on AdelmanPetitioner contends that claims 1-8, 12-19, and 23 of the 752 patent

are anticipated by Adelman (Pet. 33-44), and that claims 1-23 are

unpatentable as their subject matter would have been obvious over Adelman

under 35 U.S.C. 103 (Pet. 55-58).

Adelman, titled Method and Apparatus for a TCP/IP Load Balancing

and Failover Process in an Internet Protocol (IP) Network Clustering

System, describes a method and apparatus for monitoring packet loss

activity in an Internet Protocol network clustering system as a mechanism


22/33

Cas

Pate

for

2:63

emb

clus

cont

me

the

simi

IPR2013

nt 7,734,7

ontrolled

-67. Figu

Figure

odiment o

er membe

aining the

ber identi

pplicatio

lar applica

-00466

52 B2

ailover o

e 5 of Ad

of Adelm

f a cluster

r contains

message/s

fication as

state tabl

tion state

the TCP/I

lman is r

an shows

member a

the follo

ession wo

signed to t

for the cl

able for t

22

P network

produced

general

ting as a

ing: (1)

k-unit ha

hat work-

uster me

e other m

cluster sy

below.

emory m

unnel ser

ork assig

h number

nit; (2) ta

ber; (3) ta

mbers of

stem. Ex.

ap of the

er. Id. 3:

ment tabl

s and the c

ble 517 c

ble 519 c

the cluste

1009,

referred

2-53. Th

515

luster

ntaining

ntaining

; (4) area

a


23/33

Case IPR2013-00466

Patent 7,734,752 B2

23

521 containing incoming messages; and (5) data handler routines 523 for

handling data messages from other members of the cluster. Id. 6:21-29.

Petitioner relies upon claim charts, as well as the Declaration of Dr.John Mitchell (Ex. 1005), to show how Adelman anticipates, and renders

obvious, claims 1-8, 12-19, and 23 of the 752 patent. Pet. 33-44, 55-58.

With respect to the anticipation ground, Petitioner argues that Adelmans

table 517 corresponds to the primary portion of a flow table and that

Adelmans table 519 corresponds to the secondary portion of a flow table,

as claimed. In contrast, with respect to obviousness, Petitioner argues that

[t]o the extent that Adelman is deemed to disclose two contiguous state

tables rather that a single state table with two separate portions, the

challenged claims are obvious because a single state table with two portions

would have been a predictable variation of two contiguous state tables,

which a person of ordinary skill could have implemented by merely

combining them or arranging them into a single table. Pet. 57, citing KSR

Intl Co. v. Teleflex, Inc., 550 U.S. 398, 417 (2007; Ex. 1005 228. The

evidence presented by Petitioner, however, does not support the position that

Adelmans tables 517 and 519 may be deemed to disclose a single state

table with two portions. Petitioners declarant explicitly states that

Adelman describes a system implemented in two contiguous tables, not a

single table with two distinct portions as recited by the 752 [patent]

claims. Ex. 1005 228. Consequently, Petitioner has not shown areasonable likelihood of prevailing on the grounds that claims 1-8, 12-19,

and 23 are anticipated by Adelman.


24/33

Case IPR2013-00466

Patent 7,734,752 B2

24

With respect to the obviousness ground, Petitioners contention is

further supported by Dr. Mitchells declaration, which attests that whether a

security system stores information in a single table with two distinctportions, as recited by the 752 patent, or in two contiguous tables, as

described in Adelman, is not material to the operation of the purported

invention, and is instead a variation, known to one of ordinary skill or based

on common sense, that was obvious to try. Ex. 1005 228. Patent Owner

challenges Petitioners contention as unsupported by sufficient evidence, but

does not show that Petitioners declarant is incorrect. SeePrelim. Resp. 55-

58.

Patent Owner also argues that the claims are not obvious over

Adelman for the same reasons Patent Owner argued the claims are not

anticipated by Adelman. Prelim. Resp. 55. Specifically, Patent Owner

argues that Adelman fails to describe flow tables having a primary portion

and secondary portion, as claimed. Prelim. Resp. 27-29. This argument,

however, does not address whetherit would have been obvious to implement

a single flow table with primary and secondary portions in place of the

contiguous flow tables described by Adelman.

Patent Owner further argues that Petitioner has not shown that

Adelman describes a secondary portion of a flow table that stores

information associated with the operation of the [] device-implemented

session module when the [] security system is functioning in failover mode,as claimed. Prelim. Resp. 29. In particular, Patent Owner argues Adelman

does not purport to describe the mechanics of session module operation


25/33

Case IPR2013-00466

Patent 7,734,752 B2

25

after failover. Id. at 30. According to Petitioner, however, Adelman

describes cluster members that maintain state table information for other

members expressly for processing in the event of failover. Pet. 36 (citingEx. 1009, 6:21-32, 12:43-46, fig. 5). Therefore, Patent Owners contention

that Adelman must describe mechanics of session module operation beyond

that which is claimed is not commensurate with the scope of the claim. See

In re Self, 671 F.2d at 1348.

Patent Owner argues that Adelman does not disclose providing

failover support based on information stored in the secondary portion of a

flow table, as claimed. Prelim. Resp. 30-31. In particular, Patent Owner

argues that Petitioner does not show that Adelman describes two security

systems providing support for each other, but rather that failover support

is handled by multiple different cluster members for a given failed device.

Id. at 31. Patent Owner, however, has not identified any description in

Adelman that requires more than two clusters or precludes two clusters from

providing mutual failover support. For purposes of this Decision, we find

Petitioners explanation that Adelman discloses failover support between

cluster members to be sufficient to identify how Adelman describes this

limitation. SeePet. 36, 39 (citing Ex. 1009, 6:21-32, 12:43-46, 8:14-30,

12:66-13:1, fig. 5).

With respect to claim 2, Patent Owner argues that Petitioner cites no

evidence from Adelman, but instead refers back to other portions of its claimchart. Prelim. Resp. 32. Such an argument ignores the substance of

Petitioners evidence. We have considered that evidence and the arguments


26/33

Case IPR2013-00466

Patent 7,734,752 B2

26

presented by Petitioner (Pet. 34-40), and we disagree with Patent Owners

premise that Petitioner failed to show sufficient evidence regarding how

Adelman discloses the claimed limitations recited in claim 2.With respect to claim 7, Patent Owner argues that Petitioner has failed

to show that Adelman describes a take-over signal, as claimed. Prelim.

Resp. 32-33. Petitioner contends that the reassigning of work from a failed

cluster member to a non-failed cluster member corresponds to the recited

take-over signal. Pet. 43. Patent Owner does not explain what is required

of a take-over signal, as claimed, that distinguishes it from the system

described by Adelman. For purposes of this Decision, we are persuaded that

Petitioner has shown sufficiently that Adelman describes the limitations

recited in claim 7. Pet. 42-43 (citing Ex. 1009, Abs., 8:14-30, 50-54).

With respect to claim 8, Patent Owner argues that Petitioner has not

shown that the secondary security system is configured substantially

identical to the primary security system, as claimed. Prelim. Resp. 33.

Patent Owner does not explain what configured means with respect to the

claim. On the present record, Petitioner has shown that Adelman describes

configuring clusters that serve as backup to takeover for other clusters

during a failure. Pet. 34-43. Patent Owner offers no explanation of what

substantially identical requires that is not disclosed by Adelman, and, as

explained by Petitioner, the very notion of a backup described by Adelman

requires that it be configured in a manner that operates in place of the failedcluster. See id.


27/33

Case IPR2013-00466

Patent 7,734,752 B2

27

With respect to claim 12, Patent Owner argues that Petitioner has

identified Adelmans members leaving or joining a cluster, but not

specifically when a condition that caused a failover has cleared, asclaimed. Prelim. Resp. 33-34. In particular, Patent Owner argues that the

cited portions of Adelman do not disclose the clearing of a condition that

caused a failover event. Id. at 34. Patent Owner has not established that the

claim requires clearing of a condition, but does not cover resuming

processing when a condition has cleared. For purposes of this decision, we

find sufficient Petitioners evidence that Adelman describes the limitations

recited in claim 12. Pet. 43-44 (citing Ex. 1009, 6:33-39, 6:65-7:1, 8:14-30,

50-54).

Patent Owner further argues that Petitioner has made no showing that

dependent claims 9-11 and 20-22 would have been obvious over Adelman.

Prelim. Resp. 55. Petitioner did not provide claim charts to assert that

claims 9-11 and 20-22 were anticipated by Adelman, and provided no

analysis to show that the subject matter of those claims would have been

obvious over Adelman. Consequently, we agree with Patent Owner that

Petitioner has not shown a reasonable likelihood that claims 9-11 and 20-22

would have been obvious over Adelman.

Patent Owner also asserts that the grounds of unpatentability based on

obviousness over Adelman should be denied because Petitioner did not

address objective indicia of non-obviousness. Prelim. Resp. 58-59. Inparticular, Patent Owner asserts that, in the Concurrent Litigation, it has

presented substantial evidence of objective indicia of non-obviousness.


28/33

Case IPR2013-00466

Patent 7,734,752 B2

28

Id. at 50. We are not persuaded by Patent Owners arguments, which fail to

show that the district court litigation evidence of secondary considerations

rebuts or outweighs Petitioners evidence supporting the unpatentability ofclaims 1-8, 12-19, and 23 over Adelman. The evidence of secondary

considerations is not before us at this juncture, and Patent Owner does not

establish support or authority for its position that a petition must be denied

because it does not disclose or address evidence of secondary considerations

not before us, but made available to Petitioner during district court litigation.

In summary, having considered all of the information Petitioner has

presented based on Adelman with respect to claims 1-23, as well as the

arguments presented in Patent Owners Preliminary Response, we conclude

that Petitioner has shown a reasonable likelihood that claims 1-8, 12-19, and

23 would have been obvious over Adelman. We further conclude that

Petitioner has not shown a reasonable likelihood: (1) that claims 1-8, 12-19,

and 23 are anticipated by Adelman; or (2) that claims 9-11 and 20-22 would

have been obvious over Adelman.

D.Obviousness Based on Albert and ColasurdoPetitioner contends that claims 1-23 are unpatentable for obviousness

over Albert and Colasurdo under 35 U.S.C. 103. Pet. 58-60. Petitioner

states that during prosecution of the 752 patent, claims were amended to

overcome rejections over Albert and Colasurdo. Id. at 59. Petitioner argues

that

to the extent that [Patent Owner] is contending in the

Concurrent Litigation that the subject matter it disclaimed in


29/33

Case IPR2013-00466

Patent 7,734,752 B2

29

order to obtain the patent is now encompassed by the 752

[patent] claims, the challenged claims should be determined

unpatentable because they should never have been allowed in

the first place under [Patent Owners] claim interpretation.

Id. Petitioner offers no claim specific analysis to identify the precise

grounds for its challenge, as required by 35 U.S.C. 312(a)(3) and 37

C.F.R. 42.104(b)(4). Consequently, Petitioner has not shown a reasonable

likelihood that claims 1-23 would have been obvious over Albert and

Colasurdo.

E. Obviousness Based on the Combination of Adelman and SyvannePetitioner contends that claims 1-23 would have been obvious over

the combination of Adelman and Syvanne. Pet. 55-58. With respect to

claims 9-11 and 20-22, Petitioner argues that Syvanne describes claimed

elements concerning sharing flow records at predetermined intervals and

when a refresh message is received, as well as sending refresh messages

when a session is set-up or torn down, that are not described by Adelman.

Pet. 56. Petitioner argues that a person of ordinary skill in the art would

have been motivated to combine Adelman with Syvanne because both prior

art references are directed to a high availability network security cluster

where seamless failover is achieved by sharing the state information among

the cluster members. Id. Petitioner also states that [n]o technical

impediment existed to adding the additional limitations of Syvanne toAdelman. Id. At best, Petitioners argument suggests that Adelman and

Syvanne are analogous art. The fact that Adelman and Syvanne are


30/33

Case IPR2013-00466

Patent 7,734,752 B2

30

analogous art, however, does not suffice as an articulated reasoning with

some rational underpinning to support the legal conclusion of obviousness.

See KSR, 550 U.S. at 418. Consequently, Petitioner has not shown areasonable likelihood that claims 9-11 and 20-22 would have been obvious

over Adelman and Syvanne.

With respect to claims 1-8, 12-19, and 23, we exercise our discretion

and determine that the ground of unpatentability based on obviousness over

the combination of Adelman and Syvanne is redundant to the ground of

unpatentability based on obviousness over Adelman on which we initiate

inter partesreview. Accordingly, we do not authorize inter partesreview

on the ground of unpatentability asserted by Petitioner against claims 1-8,

12-19, and 23 of the 752 patent based on obviousness over the combination

of Adelman and Syvanne. See 37 C.F.R. 42.108(a).

F.Anticipation Based on Syvanne Publication/SyvannePetitioner contends that claims 1-3, 5, 8-15, and 18-23 are anticipated

by Syvanne Publication/Syvanne. Pet. 33-55. We exercise our discretion

and determine that those grounds of unpatentability are redundant to the

grounds of unpatentability based on Liu on which we initiate inter partes

review. Accordingly, we do not authorize inter partesreview on the

grounds of unpatentability asserted by Petitioner against claims 1-23 of the

752 patent based on anticipation by Syvanne Publication/Syvanne. See 37

C.F.R. 42.108(a).


31/33

Case IPR2013-00466

Patent 7,734,752 B2

31

IV. CONCLUSION

For the foregoing reasons, we conclude that the information presented

in the Petition establishes that there is a reasonable likelihood that Petitioner

would prevail in showing that claims 1-23 of the 752 patent are

unpatentable. However, we have not made a final determination with

respect to the patentability of these claims.

V. ORDER

For the foregoing reasons, it is:

ORDERED that pursuant to 35 U.S.C. 314(a), an inter partes

review is hereby instituted as to claims 1-23 of the 752 patent based on the

following grounds of unpatentability:

A. Claims 1-23 as anticipated under 35 U.S.C. 102 by Liu;

B. Claims 1-8, 12-19, and 23 as unpatentable for obviousness

under 35 U.S.C. 103 over Adelman;

FURTHER ORDERED that no other grounds of unpatentability are

authorized for the inter partesreview as to claims 1-23 of the 752 patent;

FURTHER ORDERED that pursuant to 35 U.S.C. 314(c) and

37 C.F.R. 42.4, notice is hereby given of the institution of a trial. The trial

will commence on the entry date of this decision; and

FURTHER ORDERED that an initial conference call with the Board

is scheduled for 3:30 p.m. on February 12, 2014. The parties are directed to

the Office Trial Practice Guide, 77 Fed. Reg. 48,756, 48,765-66 (Aug. 14,

2012) for guidance in preparing for the initial conference call, and should be


32/33

Case IPR2013-00466

Patent 7,734,752 B2

32

prepared to discuss any proposed changes to the Scheduling Order entered

herewith, and any motions the parties anticipate filing during the trial.


33/33

Case IPR2013-00466

Patent 7,734,752 B2

33

PETITIONER:

Matthew Kreeger

MORRISON & FOERSTER LLP

[email protected]

Michael J. Schallop

Van Pelt, Yi & James LLP

[email protected]

PATENT OWNER:

David McPhie

Ben Haber

Irell & Manella [email protected]

[email protected]

palo alto ipr decision

Documents