palo alto ipr decision
TRANSCRIPT
-
8/13/2019 Palo Alto IPR Decision
1/33
[email protected] Paper 17
571-272-7822 Entered: January 28, 2014
UNITED STATES PATENT AND TRADEMARK OFFICE
____________
BEFORE THE PATENT TRIAL AND APPEAL BOARD
____________
PALO ALTO NETWORKS, INC.,
Petitioner,
v.
JUNIPER NETWORKS, INC.,
Patent Owner.
____________
Case IPR2013-00466
Patent 7,734,752 B2
____________
Before MICHAEL R. ZECHER, JAMES A. TARTAL, and
MIRIAM L. QUINN,Administrative Patent Judges.
TARTAL,Administrative Patent Judge.
DECISION
Institution ofInter PartesReview
37C.F.R. 42.108
-
8/13/2019 Palo Alto IPR Decision
2/33
Case IPR2013-00466
Patent 7,734,752 B2
2
Palo Alto Networks, Inc. (Petitioner) filed a Petition (Paper 4,
Pet.) requesting inter partesreview of claims 1-23 of U.S. Patent No.
7,734,752 B2 (Ex. 1001, the 752 patent). Juniper Networks, Inc. (PatentOwner) timely filed a Patent Owners Preliminary Response (Paper 15,
Prelim. Resp.). We have jurisdiction under 35 U.S.C. 314.
I. INTRODUCTION
The standard for instituting an inter partesreview is set forth in
35 U.S.C. 314(a), which provides:
THRESHOLD.The Director may not authorize an interpartes review to be instituted unless the Director determines
that the information presented in the petition filed under section
311 and any response filed under section 313 shows that there
is a reasonable likelihood that the petitioner would prevail with
respect to at least 1 of the claims challenged in the petition.
For the reasons set forth below, we conclude that the information
presented in the Petition establishes that there is a reasonable likelihood that
Petitioner will prevail in challenging as unpatentable claims 1-23 of the 752
patent. Accordingly, pursuant to 35 U.S.C. 314, we authorize an inter
partesreview to be instituted as to claims 1-23 of the 752 patent.
A. Related MattersPetitioner states that the 752 patent was asserted against it in a
complaint served on September 25, 2012, inJuniper Networks, Inc. v. PaloAlto Networks, Inc., No. 11-1258-SLR (D. Del.) (the Concurrent
Litigation). Pet. 10.
-
8/13/2019 Palo Alto IPR Decision
3/33
Case IPR2013-00466
Patent 7,734,752 B2
3
B. The 752 PatentThe application for the 752 patent, filed October 12, 2004, was a
continuation-in-part of an application, filed March 28, 2003, that issued as
U.S. Patent No. 7,650,634 (the 634 patent). The application that issued
as the 634 patent was a continuation-in-part of an application, filed
February 8, 2002, which issued as U.S. Patent No. 8,370,936. Petitioner
asserts that because claims of the 752 patent are directed to new matter
added to the634 patent application, the earliest priority date for the 752
patent is October 12, 2004. Pet. 11-13. Patent Owner has not contended
that the 752 patent is entitled to an earlier priority date. Prelim. Resp. 8.
The 752 patent, titled Intelligent Integrated Network Security
Device for High-Availability Applications, relates to systems and methods
for controlling computer network security. Ex. 1001, Abstract, 1:16-18.
The method disclosed by the 752 patent includes configuring a primary
security system for processing packets by maintaining flow information for a
group of devices, designating a secondary security system for processing
packets upon a failover event, and sharing flow records from the primary
security system with the secondary security system. Id. at 2:17-24. The
system disclosed by the 752 patent implements the method, including a first
apparatus with a first security device, a first module to maintain flow
information associated with packets received from a computer network, and
a communication interface operable to permit an exchange of flow records
with a second apparatus. Id. at 2:25-30. The first module also may share
-
8/13/2019 Palo Alto IPR Decision
4/33
Cas
Pate
devi
32.
mod
pacwith
atte
IPR2013
nt 7,734,7
ce-specifi
Figure 1ule.
Figure 1
ets beingsecurity d
pted net
-00466
52 B2
flow info
0 of the
0 of the
ommunicevices, to
ork secur
rmation
52 patent,
52 patent
ated withifacilitate
ty intrusi
4
ith the fir
reproduc
shows ses
a networlocking o
n. Id. at
t security
d below,
ion modu
k, and mapackets a
:16-41.
device. I
epicts a s
le 122 tha
act, in cssociated
s illustrat
. at 2:31-
ssion
monitors
njunctionith an
d in
-
8/13/2019 Palo Alto IPR Decision
5/33
Case IPR2013-00466
Patent 7,734,752 B2
5
Figure 10, incoming packet interface 205 receives packets, which are then
analyzed by flow processing engine 202 to determine whether an attempted
security intrusion is in progress. Id. at 8:9-13. Flow table 215 storesinformation regarding flows associated with received packets, including
flow records associated with current Transmission Control Protocol/Internet
Protocol (TCP/IP) flows. Id. at 3:65-67; 8:13-16. A TCP/IP flow may
include a sequence of data packets communicating information between a
source and a destination in one direction. Id. at 3:67-4:2. Flow table 215
includes primary, or active, portion 1002, which may be dedicated to store
information related to operation of the given session module as a primary
security system, and secondary portion 1004, which may be dedicated to
store information related to the operation of the session module as a
secondary security system. Id. at 8:16-27. Primary and secondary portions
1002 and 1004, respectively, may be integrated in flow table 215. Id. at
8:27-29.
C.Illustrative ClaimsClaims 1 and 13 are independent claims. Claims 2-12 depend,
directly or indirectly, from independent claim 1. Claims 14-23 depend,
directly or indirectly, from independent claim 13.
Claim 1, reproduced below, is illustrative of the claimed subject
matter:
1. A method in a computer network, comprising:
processing packets, by a primary security system, the
primary security system including a first device-implemented
session module to maintain flow information for the primary
-
8/13/2019 Palo Alto IPR Decision
6/33
Case IPR2013-00466
Patent 7,734,752 B2
6
security system to facilitate processing of the packets, where the
first device-implemented session module includes a first flow
table having a primary portion that stores information
associated with the operation of the first device-implementedsession module, when the primary security system is
functioning in a primary security system mode, and a secondary
portion that stores information associated with the operation of
the first device-implemented session module, when the primary
security system is functioning in a failover mode;
designating a secondary security system for processing
packets upon a fail over event, the secondary security system
including a second device-implemented session module to
maintain flow information for the secondary security system to
facilitate processing of the packets, where the second device-implemented session module includes a second flow table
having a primary portion that stores information associated with
the operation of the second device-implemented session
module, when the secondary security system is functioning in a
primary security system mode, and a secondary portion that
stores information associated with the operation of the second
device-implemented session module, when the secondary
security system is functioning in a failover mode;
sharing flow records from the primary security systemwith the secondary security system;
sharing flow records from the secondary security system
with the primary security system;
using the primary security system to provide fail over
support for the secondary security system, based on the
information stored in the secondary portion of the first flow
table; and
using the secondary security system to provide fail over
support for the primary security system, based on the
information stored in the secondary portion of the second flowtable.
-
8/13/2019 Palo Alto IPR Decision
7/33
Case IPR2013-00466
Patent 7,734,752 B2
7
D.Asserted Grounds of UnpatentabilityPetitioner challenges claims 1-23 of the 752 patent based on the
alleged grounds of unpatentability set forth in the table below, as further
supported by the Declaration of Dr. John Mitchell (Ex. 1005).
Reference(s) Basis Claims Challenged
Liu1 102 1-23
Adelman2 102 1-8, 12-19, and 23
Syvanne Publication3/ Syvanne
4 102 1-3, 5, 8-15, and 18-23
Adelman 103 1-23
Adelman and Syvanne 103 1-23
Albert5and Colasurdo6 103 1-23
II. CLAIM CONSTRUCTION
As a step in our analysis for determining whether to institute trial, we
determine the meaning of the claims. Consistent with the statute and
legislative history of the Leahy-Smith America Invents Act (AIA), Pub. L.
No. 112-29, 125 Stat. 284, 329 (2011), claims of unexpired patents are
construed by applying the broadest reasonable interpretation, in light of the
specification. 37 C.F.R. 42.100(b); see alsoOffice Patent Trial Practice
1U.S. Patent No. 7,197,660 B1, issued March 27, 2007 (Ex. 1008, Liu).
2U.S. Patent No. 6,078,957, issued June 20, 2000 (Ex. 1009, Adelman).
3U.S. Patent Application Publication No. 2002/0112189 A1, published
August 15, 2002 (Ex. 1011, Syvanne Publication).
4U.S. Patent No. 7,162,737 B2, issued January 9, 2007 (Ex. 1010,Syvanne).5U.S. Patent No. 6,704,278 B1, issued March 9, 2004 (Ex. 1006, Albert).
6U.S. Patent Application Publication No. 2002/0161839 A1, published
October 31, 2002 (Ex. 1007, Colasurdo).
-
8/13/2019 Palo Alto IPR Decision
8/33
Case IPR2013-00466
Patent 7,734,752 B2
8
Guide, 77 Fed. Reg. 48,756, 48,766 (Aug. 14, 2012). Under the broadest
reasonable interpretation standard, claim terms are given their ordinary and
customary meaning, as would be understood by one of ordinary skill in theart in the context of the entire disclosure. In re Translogic Tech. Inc., 504
F.3d 1249, 1257 (Fed. Cir. 2007). Any special definition for a claim term
must be set forth with reasonable clarity, deliberateness, and precision. In re
Paulsen, 30 F.3d 1475, 1480 (Fed. Cir. 1994).
A. primary portion and secondary portionIndependent claims 1 and 13 each require flow tables having a
primary portion and a secondary portion. Petitioner argues that the
specification of the 752 patent indicates that the primary portion and
secondary portion of a flow table must be separate and distinct. Pet. 16.
Patent Owner asserts that no construction of any term of the 752 patent is
necessary, but further states that it is undisputed that the claimed primary
portion and secondary portion refer to portions in a single flow table.Prelim. Resp. 9 (emphasis omitted). Patent Owner disputes that the primary
and secondary portions need be separate and distinct, but maintains it is
irrelevant to the grounds of unpatentability raised by Petitioner. Id. at 10.
In support of its proposed construction, Petitioner directs us to
Figure 10 of the 752 patent, shown above, which includes a schematic
depiction of a session module with a large box depicting Flow Table 215,
within which appears a box for Active Portion (also called Primary Portion)
1002 and a box for Secondary Portion 1004. Pet. 16 (citing Ex. 1001,
fig. 10). The specification suggests that portions of the flow table may be
-
8/13/2019 Palo Alto IPR Decision
9/33
Case IPR2013-00466
Patent 7,734,752 B2
9
dedicated as primary and secondary portions, but does not state that such
dedication is required or exclusive. Ex. 1001, 8:16-27. As noted above, the
specification further states that the primary and secondary portions may beintegrated in the flow table. Id. at 8:27-29. Thus, the mere illustration of
two boxes in a schematic diagram in the specification, each representing a
particular portion, does not demonstrate that those portions must be separate
and distinct from one another. Moreover, an ordinary and customary
definition, to one of ordinary skill in the relevant art, of the term portion is
a section or quantity within a larger thing; a part of a whole. The
American Heritage Dictionary 966 (2d college ed. 1982). Therefore, an
ordinary and customary definition of portion also does not support
Petitioners proposed construction.
Petitioner has not shown that independent claims 1 and 13, in light of
the specification, necessarily require that the primary portion and
secondary portion of a flow table be separate and distinct or different.
Petitioner also has not shown that its alleged grounds of unpatentability turn
on whether portions are separate and distinct. Consequently, based on the
record before us, the terms primary portion and secondary portion are
given their ordinary and customary meaning, as would be understood by one
with ordinary skill in the art in light of the 752 patent. For purposes of this
Decision, we construe primary portion and secondary portion each as a
section or quantity within the flow table that makes up part of the flowtable.
-
8/13/2019 Palo Alto IPR Decision
10/33
Case IPR2013-00466
Patent 7,734,752 B2
10
B.Remaining Claim Terms or PhrasesFor purposes of this Decision, all remaining claim terms or phrases
recited in claims 1-23 of the 752 patent are given their ordinary and
customary meaning, as would be understood by one of ordinary skill in the
art.
III. ANALYSIS
A. Preliminary Issue of Precluding Petitioner from Requesting ReviewAs a threshold issue, Patent Owner argues that the Petition should be
denied under the doctrine of assignor estoppel. SeePrelim. Resp. 2. Nir
Zuk and Yuming Mao are two of the three inventors named on the face of
the 752 patent. Patent Owner contends that Mr. Zuk and Mr. Mao are in
privity with Petitioner.7Id. at 2, 6 n. 6.
Assignor estoppel is not a basis for denying a petition requesting inter
partesreview. As explained in a previous Board decision:
Under the AIA, a person who is not the owner of apatentmay file with the Office a petition to institute an inter
partes review of the patent. 35 U.S.C. 311(a) (emphasis
added). Consequently, under the statute, an assignor of a
patent, who is no longer an owner of the patent at the time of
filing, may file a petition requesting inter partesreview. This
statute presents a clear expression of Congresss broad grant of
7 This case does not require us to reach the issue of whether Mr. Zuk orMr. Mao is in privity with Petitioner, as asserted by Patent Owner, because
we conclude that, even if Patent Owner established such a relationship,
Patent Owner has not shown a sufficient basis to preclude Petitioner from
requesting inter partesreview.
-
8/13/2019 Palo Alto IPR Decision
11/33
Case IPR2013-00466
Patent 7,734,752 B2
11
the ability to challenge the patentability of patents through inter
partesreview.
Athena Automation Ltd. v. Husky Injection Molding Sys. Ltd.,IPR2013-00290, slip op. at 12-13 (PTAB Oct. 25, 2013),Paper No.
18.
Patent Owners reliance on 37 C.F.R. 42.101(c) is misplaced. See
Prelim. Resp. 3. That regulation states, in relevant part, that a person may
not file a petition if the petitioner or a privy of the petitioner is estopped
from challenging the claims on the grounds identified in the petition. The
grounds for estoppel, as referenced in 42.101(c), are discussed expressly in
37 C.F.R. 42.73(d), which states:
Estoppel. (1) Petitioner other than in derivation proceeding. A
petitioner, or the real party in interest or privy of the petitioner,
is estopped in the Office from requesting or maintaining a
proceeding with respect to a claim for which it has obtained a
final written decision on patentability in an inter partes review,
post-grant review, or a covered business method patent review,
on any ground that the petitioner raised or reasonably couldhave raised during the trial, except that estoppel shall not apply
to a petitioner, or to the real party in interest or privy of the
petitioner who has settled under 35 U.S.C. 317 or 327.
Patent Owner does not contend that Petitioner, or its privy, has obtained a
final written decision on patentability in an inter partes review, post-grant
review, or a covered business method patent review, on any ground that the
petitioner raised or reasonably could have raised during the trial, as isrequired for Petitioner to be estopped under 37 C.F.R. 42.101(c). Patent
Owner, therefore, has failed to show that estoppel applies pursuant to
-
8/13/2019 Palo Alto IPR Decision
12/33
Case IPR2013-00466
Patent 7,734,752 B2
12
37 C.F.R. 42.73 and 42.101(c). Furthermore, we are not persuaded that
the equitable doctrine of assignor estoppel provides an exception to the
statutory mandate that any person who is not the owner of a patent may file apetition for inter partesreview. Accordingly, we decline to deny the
Petition based on Patent Owners estoppel arguments.
Patent Owner further asserts that, even if Petitioner is not barred from
requesting inter partesreview, the Board should exercise its discretion to
deny institution of trial because of the relationship between Petitioner and
Mr. Zuk or Mr. Mao. SeePrelim. Resp. 5-6. Patent Owner argues that the
Boards discretion provides an alternative ground for applying the principles
of equitable estoppel. Id. Patent Owner further argues, more generally, that
equitable considerations weigh against granting the Petition, including that
Patent Owner is denied the opportunity to submit inventor declarations
under 37 C.F.R. 1.131 so as to swear behind what might otherwise
constitute prior art because Mr. Zuk is adverse to Patent Owner. Id. at 6.
To the extent the Board has discretion to consider equitable
considerations in determining whether to institute trial, in this case, Patent
Owner has not made a showing which warrants exercise of that discretion.
For the same reasons discussed above, Patent Owner has not shown that the
Board should exercise discretion to apply principles of assignor estoppel to
circumvent the express statutory language that permits any person who is
not the owner of a patent to request inter partesreview. With regard toother equitable considerations, Patent Owners arguments are speculative.
Patent Owner does not identify any specific prior art it seeks to swear
-
8/13/2019 Palo Alto IPR Decision
13/33
Case IPR2013-00466
Patent 7,734,752 B2
13
behind, and makes no showing that it is unable to do so merely because two
of a multiple number of inventors listed on the face of the patent may have a
relationship with Petitioner. Accordingly, we conclude that Patent Ownerhas not shown that Petitioner is barred or estopped, or otherwise should be
precluded, from requesting inter partesreview of the 752 patent.
B.Anticipation Based on LiuPetitioner contends that Liu is prior art to the 752 patent and
anticipates claims 1-23 under 35 U.S.C. 102. Pet. 21. Petitioner relies
upon claim charts, as well as the Declaration of Dr. John Mitchell (Ex.
1005), to explain how Liu anticipates these claims of the 752 patent. Pet.
22-33.
Liu, titled High Availability Network Security Systems, relates to
network security systems and to redundancy protocols for network security
systems. Ex. 1008, 1:1-8. Liu describes a recovery method for a network
security system, including providing a backup device with state informationfor a master device, detecting failure in a cluster of network security devices,
and using the state information to recover from the failure. Id. at 2:3-9.
State information may include session information and encryption
information. Id. at 2:14-15. The master device and the backup device can
include a messaging engine for communicating state information between
the two devices. Id. at 2:40-42. The method described by Liu includes
providing a network device connected to a plurality of network devices that
are divided into a first and second group, and configuring the network device
-
8/13/2019 Palo Alto IPR Decision
14/33
Case IPR2013-00466
Patent 7,734,752 B2
14
to support connections within the first group and backup connections within
the second group. Id. at 2:50-55.
Patent Owner argues that Petitioner has not established that Liudescribes a primary security system and secondary security system, each
of which must include a session module and flow table. Prelim. Resp.
13. Liu states that a security device includes, among other things, a
Recovery System and a Security System. Ex. 1008, 4:7-10. Patent
Owner argues that Petitioner cannot rely on Lius Recovery System as
describing elements of the claimed security system. Id. at 13-14. We are
not persuaded that Petitioner cannot rely on Lius description of a security
device to identify each element claimed merely because that security device
includes components separately labeled as a recovery system and a security
system.
Patent Owner argues that Petitioner has failed to establish that Liu
describes a first flow table with a primary portion and a secondary
portion. Prelim. Resp. 14. As part of a security device, Liu describes
recovery system 202 with memory 208 and controller 206. Ex. 1008, 4:21-
22. Memory 208 contains redundancy group table 210, master data
partition 212, and backup data partition 214. Id. at 4:22-24. The master data
partition 212 stores state information for the set of connections for which a
given security device is acting as master device. Id. at 4:36-38. Backup
data partition 214 stores state information for the set of connections forwhich the security device is acting as backup. Id. at 4:39-42. According to
the 752 patent, a flow table store[s] information regarding flows associated
-
8/13/2019 Palo Alto IPR Decision
15/33
Case IPR2013-00466
Patent 7,734,752 B2
15
with received packets. Ex. 1001, 8:13-16. Patent Owner argues that Liu
does not describe data in a memory organized as a flow table as the 752
patent claims require, but Patent Owner does not show that the claimlanguage requires any such data organization. SeePrelim, Resp. 15. Thus,
we are not persuaded by Patent Owners argument, on the present record,
that because Liu does not label memory 208 a flow table, it is
distinguishable from the flow table of the 752 patent claims. Similarly,
Patent Owners assertion that Liu fails to disclose primary and secondary
portions of a flow table has not persuaded us, on the present record, because
Liu describes master data partition 212 and backup data partition 214 as two
portions of memory 208. It is well settled that anticipation is not an
ipsissimis verbis test. In re Bond, 910 F.2d 831, 832-33 (Fed. Cir. 1990)
(citingAkzo N. V. v. U.S. Intl Trade Commn, 808 F.2d 1471, 1479 n.11
(Fed. Cir. 1986)). An anticipatory reference . . . need not duplicate word
for word what is in the claims. Standard Havens Prods. v. Gencor Indus.,
Inc., 953 F.2d 1360, 1369 (Fed. Cir. 1991).
Patent Owner presents the same argument against the claimed first
flow table to rebut Petitioners position that Liu discloses a second flow
table having a primary portion and a secondary portion, as claimed.
For the same reasons discussed above, that argument is unpersuasive. See
Prelim. Resp. 16. Liu discloses a cluster of security devices, such that, if
one device in the group fails, another can take over the processing of thefailed device. Ex. 1008, 3:51-55. Thus, we understand Petitioner to contend
that Liu describes a first security device, with a first memory operating as a
-
8/13/2019 Palo Alto IPR Decision
16/33
Case IPR2013-00466
Patent 7,734,752 B2
16
first flow table, as claimed, and a second security device, with a second
memory operating as a second flow table, as claimed. Pet. 22-26.
Patent Owner also argues that Petitioner has not shown that Liudescribes a secondary portion of a flow table that stores information
associated with the operation of the [] device-implemented session module,
when the [] security system is functioning in a failover mode, as claimed.
Prelim. Resp. 16. In particular, Patent Owner argues that Liu describes a
backup data partition that acts as a repository for backup state data, but does
not describe any use or association of the backup data partition
information with post-failover operation. Id. at 17. Patent Owner states
that Lius system may be distinguished from the claimed system, where the
flow table in each security system synchronizes data with the flow table in
the other security system, so that in the event of failure either flow table is
ready to handle processing ordinarily performed by the other. Id. We are
not persuaded by Patent Owners argument because it is not commensurate
with the scope of the claims, which do not require that one flow table is
ready to handle processing performed by the other. It is well established
that limitations not appearing in the claims cannot be relied upon for
patentability. See In re Self, 671 F.2d 1344, 1348 (CCPA 1982).
Patent Owner argues that Liu does not disclose providing failover
support based on information stored in the secondary portion of a flow table,
as claimed. Prelim. Resp. 18. In particular, Patent Owner argues thatPetitioner does not explain how failover support is provided by the first
security system based on information from a secondary portion of a flow
-
8/13/2019 Palo Alto IPR Decision
17/33
Case IPR2013-00466
Patent 7,734,752 B2
17
table within its session module. Id. For purposes of this Decision, we find
sufficient Petitioners explanation that Liu discloses providing failover
support between cluster members based on the state information stored forother members of the cluster. SeePet. 26 (citing Ex. 1008, 5:53-62, fig. 2).
With regard to Patent Owners argument that Liu fails to disclose
sharing flow records, Patent Owner contends that Petitioner has not shown
that the state information and control messages are organized into
flow records. Prelim. Resp. 19. Patent Owner does not provide sufficient
evidence of the organization required for information to constitute flow
records, and proposes no construction for the term flow records. The
752 patent states that Flow records 302 may store policy information (e.g.,
firewall policy, [intrusion prevention system] policy etc., to apply to the
flow)[,] as well as other information that may be used by the security
devices such as encryption parameters, address translation parameters,
bookkeeping information, and statistics. Ex. 1001, 4:11-16. Thus, we are
not persuaded by Patent Owners argument that the information described in
Liu as being sharednamely state information and control messages
may be distinguished from the flow records, as claimed.
Claim 6
With respect to claim 6, Petitioner identifies Lius disclosure of
failure detection through control messages as corresponding to detecting an
absence of a keep-alive signal, as claimed. Pet. 29. On the present record,
we are not persuaded by Patent Owners argument that control messages, as
described by Liu, are not keep-alive signals. Prelim. Resp. 20.
-
8/13/2019 Palo Alto IPR Decision
18/33
Case IPR2013-00466
Patent 7,734,752 B2
18
Alternatively, because dependent claim 6 requires detecting an
absenceof a keep-alive signal, it may be understood to encompass a
negative limitation. Although a negative limitation is permissible, it merelyrecites what a claim lacks and, therefore, is likely to be broad by its very
nature. Consequently, a negative limitation requiring the absenceof an
element may be adequately described by a cited prior art reference if that
reference does not otherwise require the presence of the element recited in
the negative limitation. In this case, Patent Owner has not provided
sufficient evidence indicating that Lius disclosure of a control message that
indicates path status information (success or fail) (Ex. 1008, 5:67-6:3)
requires the presence of a keep-alive signal.
Claim 8
Claim 8 requires that the the secondary security system is configured
substantially identical to the primary security system. Patent Owner does
not explain what configured means with respect to the claim, but argues
more generally that the Petition and Liu are completely silent as to the
configurations of Liu security devices 102 and 104 employed as master and
backup. Id. at 21. On the present record, Petitioner has shown that Liu
discloses configuring the backup to act in place of the master. Pet. 30 (citing
Ex. 1008, 9:53-64; fig. 7). Patent Owner offers no explanation of what
substantially identical requires that is not disclosed by Liu, and, as
explained by Petitioner, the very notion of a backup described by Liu
requires that it be configured in a manner that operates in place of the
master. See id.
-
8/13/2019 Palo Alto IPR Decision
19/33
Case IPR2013-00466
Patent 7,734,752 B2
19
Claim 9
Patent Owner argues that Petitioner has not shown that Liu describes
sharing the flow records between the primary security system and thesecondary security system at predetermined intervals, as recited by claim 9.
Prelim. Resp. 21. We are not persuaded by Patent Owners argument
because Patent Owner offers no support for the asserted conclusion that
sending and receiving information during run-time, as disclosed by Liu,
does not constitute an exchange at predetermined intervals. Indeed, Patent
Owner offers no explanation of what predetermined intervals means in the
context of the claims to differentiate the term from the intervals associated
with sending and receiving state information during run-time, as described
by Liu. Pet. 31 (citing Ex. 1008, 8:20-23, fig. 5).
Claims 10 and 11
Claim 10 and claim 11, which depends from claim 10, require sharing
flow records when a refresh message is received. Petitioner identifies
several descriptions in Liu as corresponding to that limitation. Pet. 31.
First, Petitioner identifies Lius description of a backup engine that receives
updates. Ex. 1008, 5:26-35. Further, Petitioner identifies Lius description
of a messaging engine used for communicating state information (id. at
2:38-48), and a security device that notifies group members of its status and
receives and stores state information (id. at 6:66-7:1). Liu describes that the
security device sends and receives state information and path status
information using the control message engine. Id. at 8:20-23. Thus, we
understand Petitioner to contend that Lius description of sending and
-
8/13/2019 Palo Alto IPR Decision
20/33
Case IPR2013-00466
Patent 7,734,752 B2
20
receiving control messages, followed by an exchange of state information,
correspond to the claimed sharing of information when a refresh message is
received. We are not persuaded by Patent Owners argument that Liu failsto disclose the limitation, absent any explanation distinguishing, for
example, control messages as described by Liu and a refresh message, as
claimed.
Additionally, with respect to claim 11, Patent Owner argues that Liu
fails to describe sending a refresh message when a session is set-up or torn
down, as claimed. Prelim. Resp. 23. Petitioner establishes that Liu
discloses sending and receiving state information using control messages
during run-time, and offers expert testimony in support of its contention that
sending messages during run-time includes when a session is set-up or torn
down. Pet. 32 (citing Ex. 1005 123). Patent Owners argument is not
persuasive because Patent Owner does not explain how session, set-up,
or torn down must be construed in light of the specification of the 752
patent to support the conclusion that it may be distinguished from the
description of Liu.
Claims 13-23
With respect to system claims 13-23, Petitioner contends that they are
anticipated for essentially the same reasons discussed above in the
corresponding method claims. Pet. 33. Petitioner argues that, during
prosecution of the 752 patent, Patent Owner stated that claims 13-23
correspond to a system for implementing the methods of claims 1-12, and
claims 13-23 correspond to the same subject matter of claims 1-12. Id.
-
8/13/2019 Palo Alto IPR Decision
21/33
Case IPR2013-00466
Patent 7,734,752 B2
21
Patent Owner argues that Petitioner has failed to state with particularity the
asserted grounds of unpatentability for claims 13-23. Prelim. Resp. 23-25.
While Patent Owner suggests that at least some of the system claims maynot align precisely with the method claims, Patent Owner neither disputes
Petitioners assertion that Patent Owner represented during prosecution that
the system claims correspond to the subject matter of the method claims, nor
disputes that the subject matter of the system claims, in fact, corresponds to
the subject matter of the method claims. Additionally, Petitioner has
provided expert testimony identifying the grounds on which each system
claim corresponds to a method claim. Pet. 33 (citing Ex. 1005 125-139).
In summary, having considered all of the information Petitioner has
presented based on Liu with respect to claims 1-23, as well as the arguments
presented in Patent Owners Preliminary Response, we conclude that, on the
present record, Petitioner has shown a reasonable likelihood that claims 1-23
are anticipated by Liu.
C.Anticipation and Obviousness Based on AdelmanPetitioner contends that claims 1-8, 12-19, and 23 of the 752 patent
are anticipated by Adelman (Pet. 33-44), and that claims 1-23 are
unpatentable as their subject matter would have been obvious over Adelman
under 35 U.S.C. 103 (Pet. 55-58).
Adelman, titled Method and Apparatus for a TCP/IP Load Balancing
and Failover Process in an Internet Protocol (IP) Network Clustering
System, describes a method and apparatus for monitoring packet loss
activity in an Internet Protocol network clustering system as a mechanism
-
8/13/2019 Palo Alto IPR Decision
22/33
Cas
Pate
for
2:63
emb
clus
cont
me
the
simi
IPR2013
nt 7,734,7
ontrolled
-67. Figu
Figure
odiment o
er membe
aining the
ber identi
pplicatio
lar applica
-00466
52 B2
ailover o
e 5 of Ad
of Adelm
f a cluster
r contains
message/s
fication as
state tabl
tion state
the TCP/I
lman is r
an shows
member a
the follo
ession wo
signed to t
for the cl
able for t
22
P network
produced
general
ting as a
ing: (1)
k-unit ha
hat work-
uster me
e other m
cluster sy
below.
emory m
unnel ser
ork assig
h number
nit; (2) ta
ber; (3) ta
mbers of
stem. Ex.
ap of the
er. Id. 3:
ment tabl
s and the c
ble 517 c
ble 519 c
the cluste
1009,
referred
2-53. Th
515
luster
ntaining
ntaining
; (4) area
a
-
8/13/2019 Palo Alto IPR Decision
23/33
Case IPR2013-00466
Patent 7,734,752 B2
23
521 containing incoming messages; and (5) data handler routines 523 for
handling data messages from other members of the cluster. Id. 6:21-29.
Petitioner relies upon claim charts, as well as the Declaration of Dr.John Mitchell (Ex. 1005), to show how Adelman anticipates, and renders
obvious, claims 1-8, 12-19, and 23 of the 752 patent. Pet. 33-44, 55-58.
With respect to the anticipation ground, Petitioner argues that Adelmans
table 517 corresponds to the primary portion of a flow table and that
Adelmans table 519 corresponds to the secondary portion of a flow table,
as claimed. In contrast, with respect to obviousness, Petitioner argues that
[t]o the extent that Adelman is deemed to disclose two contiguous state
tables rather that a single state table with two separate portions, the
challenged claims are obvious because a single state table with two portions
would have been a predictable variation of two contiguous state tables,
which a person of ordinary skill could have implemented by merely
combining them or arranging them into a single table. Pet. 57, citing KSR
Intl Co. v. Teleflex, Inc., 550 U.S. 398, 417 (2007; Ex. 1005 228. The
evidence presented by Petitioner, however, does not support the position that
Adelmans tables 517 and 519 may be deemed to disclose a single state
table with two portions. Petitioners declarant explicitly states that
Adelman describes a system implemented in two contiguous tables, not a
single table with two distinct portions as recited by the 752 [patent]
claims. Ex. 1005 228. Consequently, Petitioner has not shown areasonable likelihood of prevailing on the grounds that claims 1-8, 12-19,
and 23 are anticipated by Adelman.
-
8/13/2019 Palo Alto IPR Decision
24/33
Case IPR2013-00466
Patent 7,734,752 B2
24
With respect to the obviousness ground, Petitioners contention is
further supported by Dr. Mitchells declaration, which attests that whether a
security system stores information in a single table with two distinctportions, as recited by the 752 patent, or in two contiguous tables, as
described in Adelman, is not material to the operation of the purported
invention, and is instead a variation, known to one of ordinary skill or based
on common sense, that was obvious to try. Ex. 1005 228. Patent Owner
challenges Petitioners contention as unsupported by sufficient evidence, but
does not show that Petitioners declarant is incorrect. SeePrelim. Resp. 55-
58.
Patent Owner also argues that the claims are not obvious over
Adelman for the same reasons Patent Owner argued the claims are not
anticipated by Adelman. Prelim. Resp. 55. Specifically, Patent Owner
argues that Adelman fails to describe flow tables having a primary portion
and secondary portion, as claimed. Prelim. Resp. 27-29. This argument,
however, does not address whetherit would have been obvious to implement
a single flow table with primary and secondary portions in place of the
contiguous flow tables described by Adelman.
Patent Owner further argues that Petitioner has not shown that
Adelman describes a secondary portion of a flow table that stores
information associated with the operation of the [] device-implemented
session module when the [] security system is functioning in failover mode,as claimed. Prelim. Resp. 29. In particular, Patent Owner argues Adelman
does not purport to describe the mechanics of session module operation
-
8/13/2019 Palo Alto IPR Decision
25/33
Case IPR2013-00466
Patent 7,734,752 B2
25
after failover. Id. at 30. According to Petitioner, however, Adelman
describes cluster members that maintain state table information for other
members expressly for processing in the event of failover. Pet. 36 (citingEx. 1009, 6:21-32, 12:43-46, fig. 5). Therefore, Patent Owners contention
that Adelman must describe mechanics of session module operation beyond
that which is claimed is not commensurate with the scope of the claim. See
In re Self, 671 F.2d at 1348.
Patent Owner argues that Adelman does not disclose providing
failover support based on information stored in the secondary portion of a
flow table, as claimed. Prelim. Resp. 30-31. In particular, Patent Owner
argues that Petitioner does not show that Adelman describes two security
systems providing support for each other, but rather that failover support
is handled by multiple different cluster members for a given failed device.
Id. at 31. Patent Owner, however, has not identified any description in
Adelman that requires more than two clusters or precludes two clusters from
providing mutual failover support. For purposes of this Decision, we find
Petitioners explanation that Adelman discloses failover support between
cluster members to be sufficient to identify how Adelman describes this
limitation. SeePet. 36, 39 (citing Ex. 1009, 6:21-32, 12:43-46, 8:14-30,
12:66-13:1, fig. 5).
With respect to claim 2, Patent Owner argues that Petitioner cites no
evidence from Adelman, but instead refers back to other portions of its claimchart. Prelim. Resp. 32. Such an argument ignores the substance of
Petitioners evidence. We have considered that evidence and the arguments
-
8/13/2019 Palo Alto IPR Decision
26/33
Case IPR2013-00466
Patent 7,734,752 B2
26
presented by Petitioner (Pet. 34-40), and we disagree with Patent Owners
premise that Petitioner failed to show sufficient evidence regarding how
Adelman discloses the claimed limitations recited in claim 2.With respect to claim 7, Patent Owner argues that Petitioner has failed
to show that Adelman describes a take-over signal, as claimed. Prelim.
Resp. 32-33. Petitioner contends that the reassigning of work from a failed
cluster member to a non-failed cluster member corresponds to the recited
take-over signal. Pet. 43. Patent Owner does not explain what is required
of a take-over signal, as claimed, that distinguishes it from the system
described by Adelman. For purposes of this Decision, we are persuaded that
Petitioner has shown sufficiently that Adelman describes the limitations
recited in claim 7. Pet. 42-43 (citing Ex. 1009, Abs., 8:14-30, 50-54).
With respect to claim 8, Patent Owner argues that Petitioner has not
shown that the secondary security system is configured substantially
identical to the primary security system, as claimed. Prelim. Resp. 33.
Patent Owner does not explain what configured means with respect to the
claim. On the present record, Petitioner has shown that Adelman describes
configuring clusters that serve as backup to takeover for other clusters
during a failure. Pet. 34-43. Patent Owner offers no explanation of what
substantially identical requires that is not disclosed by Adelman, and, as
explained by Petitioner, the very notion of a backup described by Adelman
requires that it be configured in a manner that operates in place of the failedcluster. See id.
-
8/13/2019 Palo Alto IPR Decision
27/33
Case IPR2013-00466
Patent 7,734,752 B2
27
With respect to claim 12, Patent Owner argues that Petitioner has
identified Adelmans members leaving or joining a cluster, but not
specifically when a condition that caused a failover has cleared, asclaimed. Prelim. Resp. 33-34. In particular, Patent Owner argues that the
cited portions of Adelman do not disclose the clearing of a condition that
caused a failover event. Id. at 34. Patent Owner has not established that the
claim requires clearing of a condition, but does not cover resuming
processing when a condition has cleared. For purposes of this decision, we
find sufficient Petitioners evidence that Adelman describes the limitations
recited in claim 12. Pet. 43-44 (citing Ex. 1009, 6:33-39, 6:65-7:1, 8:14-30,
50-54).
Patent Owner further argues that Petitioner has made no showing that
dependent claims 9-11 and 20-22 would have been obvious over Adelman.
Prelim. Resp. 55. Petitioner did not provide claim charts to assert that
claims 9-11 and 20-22 were anticipated by Adelman, and provided no
analysis to show that the subject matter of those claims would have been
obvious over Adelman. Consequently, we agree with Patent Owner that
Petitioner has not shown a reasonable likelihood that claims 9-11 and 20-22
would have been obvious over Adelman.
Patent Owner also asserts that the grounds of unpatentability based on
obviousness over Adelman should be denied because Petitioner did not
address objective indicia of non-obviousness. Prelim. Resp. 58-59. Inparticular, Patent Owner asserts that, in the Concurrent Litigation, it has
presented substantial evidence of objective indicia of non-obviousness.
-
8/13/2019 Palo Alto IPR Decision
28/33
Case IPR2013-00466
Patent 7,734,752 B2
28
Id. at 50. We are not persuaded by Patent Owners arguments, which fail to
show that the district court litigation evidence of secondary considerations
rebuts or outweighs Petitioners evidence supporting the unpatentability ofclaims 1-8, 12-19, and 23 over Adelman. The evidence of secondary
considerations is not before us at this juncture, and Patent Owner does not
establish support or authority for its position that a petition must be denied
because it does not disclose or address evidence of secondary considerations
not before us, but made available to Petitioner during district court litigation.
In summary, having considered all of the information Petitioner has
presented based on Adelman with respect to claims 1-23, as well as the
arguments presented in Patent Owners Preliminary Response, we conclude
that Petitioner has shown a reasonable likelihood that claims 1-8, 12-19, and
23 would have been obvious over Adelman. We further conclude that
Petitioner has not shown a reasonable likelihood: (1) that claims 1-8, 12-19,
and 23 are anticipated by Adelman; or (2) that claims 9-11 and 20-22 would
have been obvious over Adelman.
D.Obviousness Based on Albert and ColasurdoPetitioner contends that claims 1-23 are unpatentable for obviousness
over Albert and Colasurdo under 35 U.S.C. 103. Pet. 58-60. Petitioner
states that during prosecution of the 752 patent, claims were amended to
overcome rejections over Albert and Colasurdo. Id. at 59. Petitioner argues
that
to the extent that [Patent Owner] is contending in the
Concurrent Litigation that the subject matter it disclaimed in
-
8/13/2019 Palo Alto IPR Decision
29/33
Case IPR2013-00466
Patent 7,734,752 B2
29
order to obtain the patent is now encompassed by the 752
[patent] claims, the challenged claims should be determined
unpatentable because they should never have been allowed in
the first place under [Patent Owners] claim interpretation.
Id. Petitioner offers no claim specific analysis to identify the precise
grounds for its challenge, as required by 35 U.S.C. 312(a)(3) and 37
C.F.R. 42.104(b)(4). Consequently, Petitioner has not shown a reasonable
likelihood that claims 1-23 would have been obvious over Albert and
Colasurdo.
E. Obviousness Based on the Combination of Adelman and SyvannePetitioner contends that claims 1-23 would have been obvious over
the combination of Adelman and Syvanne. Pet. 55-58. With respect to
claims 9-11 and 20-22, Petitioner argues that Syvanne describes claimed
elements concerning sharing flow records at predetermined intervals and
when a refresh message is received, as well as sending refresh messages
when a session is set-up or torn down, that are not described by Adelman.
Pet. 56. Petitioner argues that a person of ordinary skill in the art would
have been motivated to combine Adelman with Syvanne because both prior
art references are directed to a high availability network security cluster
where seamless failover is achieved by sharing the state information among
the cluster members. Id. Petitioner also states that [n]o technical
impediment existed to adding the additional limitations of Syvanne toAdelman. Id. At best, Petitioners argument suggests that Adelman and
Syvanne are analogous art. The fact that Adelman and Syvanne are
-
8/13/2019 Palo Alto IPR Decision
30/33
Case IPR2013-00466
Patent 7,734,752 B2
30
analogous art, however, does not suffice as an articulated reasoning with
some rational underpinning to support the legal conclusion of obviousness.
See KSR, 550 U.S. at 418. Consequently, Petitioner has not shown areasonable likelihood that claims 9-11 and 20-22 would have been obvious
over Adelman and Syvanne.
With respect to claims 1-8, 12-19, and 23, we exercise our discretion
and determine that the ground of unpatentability based on obviousness over
the combination of Adelman and Syvanne is redundant to the ground of
unpatentability based on obviousness over Adelman on which we initiate
inter partesreview. Accordingly, we do not authorize inter partesreview
on the ground of unpatentability asserted by Petitioner against claims 1-8,
12-19, and 23 of the 752 patent based on obviousness over the combination
of Adelman and Syvanne. See 37 C.F.R. 42.108(a).
F.Anticipation Based on Syvanne Publication/SyvannePetitioner contends that claims 1-3, 5, 8-15, and 18-23 are anticipated
by Syvanne Publication/Syvanne. Pet. 33-55. We exercise our discretion
and determine that those grounds of unpatentability are redundant to the
grounds of unpatentability based on Liu on which we initiate inter partes
review. Accordingly, we do not authorize inter partesreview on the
grounds of unpatentability asserted by Petitioner against claims 1-23 of the
752 patent based on anticipation by Syvanne Publication/Syvanne. See 37
C.F.R. 42.108(a).
-
8/13/2019 Palo Alto IPR Decision
31/33
Case IPR2013-00466
Patent 7,734,752 B2
31
IV. CONCLUSION
For the foregoing reasons, we conclude that the information presented
in the Petition establishes that there is a reasonable likelihood that Petitioner
would prevail in showing that claims 1-23 of the 752 patent are
unpatentable. However, we have not made a final determination with
respect to the patentability of these claims.
V. ORDER
For the foregoing reasons, it is:
ORDERED that pursuant to 35 U.S.C. 314(a), an inter partes
review is hereby instituted as to claims 1-23 of the 752 patent based on the
following grounds of unpatentability:
A. Claims 1-23 as anticipated under 35 U.S.C. 102 by Liu;
B. Claims 1-8, 12-19, and 23 as unpatentable for obviousness
under 35 U.S.C. 103 over Adelman;
FURTHER ORDERED that no other grounds of unpatentability are
authorized for the inter partesreview as to claims 1-23 of the 752 patent;
FURTHER ORDERED that pursuant to 35 U.S.C. 314(c) and
37 C.F.R. 42.4, notice is hereby given of the institution of a trial. The trial
will commence on the entry date of this decision; and
FURTHER ORDERED that an initial conference call with the Board
is scheduled for 3:30 p.m. on February 12, 2014. The parties are directed to
the Office Trial Practice Guide, 77 Fed. Reg. 48,756, 48,765-66 (Aug. 14,
2012) for guidance in preparing for the initial conference call, and should be
-
8/13/2019 Palo Alto IPR Decision
32/33
Case IPR2013-00466
Patent 7,734,752 B2
32
prepared to discuss any proposed changes to the Scheduling Order entered
herewith, and any motions the parties anticipate filing during the trial.
-
8/13/2019 Palo Alto IPR Decision
33/33
Case IPR2013-00466
Patent 7,734,752 B2
33
PETITIONER:
Matthew Kreeger
MORRISON & FOERSTER LLP
Michael J. Schallop
Van Pelt, Yi & James LLP
PATENT OWNER:
David McPhie
Ben Haber
Irell & Manella [email protected]