You are on page 1of 31

Trials@uspto.

gov 571-272-7822

Paper 16 Entered: December 19, 2013

UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ PALO ALTO NETWORKS, INC., Petitioner, v. JUNIPER NETWORKS, INC., Patent Owner. ____________ Case IPR2013-00369 Patent 7,107,612 B1 ____________ Before MICHAEL R. ZECHER, JAMES A. TARTAL, and MIRIAM L. QUINN, Administrative Patent Judges. TARTAL, Administrative Patent Judge.

DECISION Institution of Inter Partes Review 37 C.F.R. 42.108

Case IPR2013-00369 Patent 7,107,612 B1 Palo Alto Networks, Inc. (Petitioner) filed a Petition (Paper 3, Pet.) requesting inter partes review of claims 1-13 and 22-27 of U.S. Patent No. 7,107,612 B1 (Ex. 1001, the 612 patent). Juniper Networks, Inc. (Patent Owner) timely filed a Patent Owners Preliminary Response (Paper 14, Prelim. Resp.). We have jurisdiction under 35 U.S.C. 314. I. INTRODUCTION The standard for instituting an inter partes review is set forth in 35 U.S.C. 314(a), which provides: THRESHOLD.The Director may not authorize an inter partes review to be instituted unless the Director determines that the information presented in the petition filed under section 311 and any response filed under section 313 shows that there is a reasonable likelihood that the petitioner would prevail with respect to at least 1 of the claims challenged in the petition. For the reasons set forth below, we conclude that the information presented in the Petition establishes that there is a reasonable likelihood that Petitioner will prevail in challenging as unpatentable claims 1-13 and 22-27 of the 612 patent. Accordingly, pursuant to 35 U.S.C. 314, we authorize inter partes review to be instituted as to claims 1-13 and 22-27 of the 612 patent. A. Related Matters Petitioner states that the 612 patent was asserted against it in a complaint served on September 25, 2012, in Juniper Networks, Inc. v. Palo

Case IPR2013-00369 Patent 7,107,612 B1 Alto Networks, Inc., No. 11-1258-SLR (D. Del.) (the Concurrent Litigation). Pet. 10. B. The 612 Patent The application for the 612 patent, filed July 19, 2004, was a continuation of an application, filed March 15, 2000, that issued as U.S. Patent No. 6,772,347 (the 347 patent). The application that issued as the 347 patent was a continuation-in-part of an application, filed April 1, 1999, that issued as U.S. Patent No. 6,701,432 (the 432 patent). Petitioner asserts that because claims of the 612 patent are directed to new matter added to the continuation-in-part application for the 347 patent, the earliest priority date for the 612 patent is March 15, 2000. Pet. 1. Patent Owner has not contended that the 612 patent is entitled to an earlier priority date. Prelim. Resp. 4. The 612 patent, titled Method, Apparatus and Computer Program Product for a Network Firewall, relates to methods and network devices for providing network security, and describes an improved firewall that includes both conventional fixed rules and dynamic rule generation. Ex. 1001, Abstract, 1:16-19. The 612 patent states a firewall is a device that can be coupled inline between a public network and a private network for screening packets received from the public network. Id. at 1:59-61. A packet is the fundamental unit of transfer in a packet switch communication system. Id. at 1:25-26. A packet switch communication system includes a network of one or more routers connecting a plurality of users. Id. at 1:23-24. In a 3

Case IPR2013-00369 Patent 7,107,612 B1 conventional system, a firewall engine processes the packets to enforce an access control policy by screening the packets in accordance with one or more sets of rules. Id. at 2:16-19. As explained in the 612 patent: As known in the art, a rule is a control policy for filtering incoming and outgoing packets. Rules specify actions to be applied as against certain packets. When a packet is received for processing through a rule search, the packets IP header, TCP header, or UDP header may require inspecting. A rule will generally include, at a minimum, source/destination IP addresses, UDP/TCP source/destination ports and transport layer protocol. Additional criteria may be used by the rules as well. Id. at 2:38-46. The firewall of the 612 patent includes a first engine using a fixed set of rules for initially sorting incoming packets into packets that are allowed and denied. Id. at 3:19-21. The initially denied packets then are sorted further by a second engine into allowed packets and denied packets using dynamically generated rules. Id. at 3:21-25. This second engine is a dynamic filter that generates rules using criteria, such as port number and IP address, which are extracted from incoming packets for applications, such as RealAudio, Netmeeting (which uses the H3232 protocol), and network file system (NFS). Id. at 6:6-11.

Case IPR2013-00369 Patent 7,107,612 B1 C. Illustrative Claims Claims 1, 13, 22, and 27 are independent claims. Claims 2-12 depend, directly or indirectly, from independent claim 1. Claims 23-26 depend directly from independent claim 22. Claims 1 and 13 are illustrative of the method and the network device claims at issue, and are reproduced below: 1. A method, comprising: establishing a set of rules for controlling access to and from a network device for incoming and outgoing data units; receiving, at the network device, a first sequence of data units; and adding one or more first rules to the set of rules based on data extracted from the received first sequence of data units. 13. A network device, comprising: an access control engine configured to establish a set of rules for controlling access to and from the network device for incoming and outgoing data units; and a dynamic filter configured to add one or more first rules to the set of rules based on data extracted from a first sequence of data units received at the network device. D. Asserted Grounds of Unpatentability Petitioner challenges claims 1-13 and 22-27 of the 612 patent based on the alleged grounds of unpatentability set forth in the table below, as further supported by the Declaration of Dr. John Mitchell (Ex. 1004).

Case IPR2013-00369 Patent 7,107,612 B1 Reference(s) Julkunen1 Schneider2 Brenton3 Julkunen and Brenton Julkunen, Brenton, and IETF NAT4 Schneider and Brenton or IETF NAT Basis 102 102 102 103 103 103 Claims Challenged 1-3, 8-13, and 22-27 1-4, 6, 8-13, and 22-27 1-4, 6, 10, 12, 13, 22-24, and 26 4 and 6 5 and 7 4-7

II. CLAIM CONSTRUCTION As a step in our analysis for determining whether to institute trial, we determine the meaning of the claims. Consistent with the statute and legislative history of the Leahy-Smith America Invents Act (AIA), Pub. L. 112-29, 125 Stat. 284, 329 (2011), claims of unexpired patents are construed by applying the broadest reasonable interpretation, in light of the specification. 37 C.F.R. 42.100(b); see also Office Patent Trial Practice Guide, 77 Fed. Reg. 48,756, 48,766 (Aug. 14, 2012). Under the broadest reasonable construction standard, claim terms are given their ordinary and

Heikki Julkunen and C. Edward Chow, Enhanced Network Security with Dynamic Packet Filter (Department of Computer Science, University of Colorado at Colorado Springs) (April 1997) (Ex. 1006, Julkunen).
2

U.S. Patent No. 6,178,505 B1, issued Jan. 23, 2001 (Ex. 1007, Schneider).
3

Brenton, Chris, Mastering Network Security, (1998) (Ex. 1008, Brenton).


4

Holdrege, Matt, and Srisuresh, Pyda, Protocol Complications with the IP Network Address Translator (NAT), (Feb. 1999) (Ex. 1010, IETF NAT). 6

Case IPR2013-00369 Patent 7,107,612 B1 customary meaning, as would be understood by one of ordinary skill in the art in the context of the entire disclosure. In re Translogic Tech. Inc., 504 F.3d 1249, 1257 (Fed. Cir. 2007). Any special definition for a claim term must be set forth with reasonable clarity, deliberateness, and precision. In re Paulsen, 30 F.3d 1475, 1480 (Fed. Cir. 1994). A. rules Each of the challenged claims recites a set of rules. As noted by Petitioner, the specification of the 612 patent states a rule is a control policy for filtering incoming and outgoing packets. Pet. 15 (citing Ex. 1001, 2:38-39). Petitioner offers no specific construction of the term rules. Instead, Petitioner asserts both that a lookup table is not a rule, and that, in the Concurrent Litigation, Patent Owner appears to contend that rules include application-specific rules. Pet. 15-16. Petitioner and Patent Owner agree that rules must exist across multiple sessions. Pet. 16; Prelim. Resp. 4. Patent Owner contends that further construction is not needed for the term rules. Prelim. Resp. 4-5. The construction of the term rules does not turn on whether a particular thing, like a lookup table, is, or is not, a set of rules, but rather on what the term, itself, means. Moreover, notwithstanding their agreement, the parties have identified no support in the specification for defining rules to include a requirement that they exist across multiple sessions. Indeed, the specification makes no reference to multiple sessions. Consequently, the term rules, in light of the express definition provided by the 7

Case IPR2013-00369 Patent 7,107,612 B1 specification, means control policies for filtering incoming and outgoing packets. Ex. 1001, 2:38-39. B. access control engine Claims 13 and 27 recite an access control engine configured to establish a set of rules for controlling access to and from the network device for incoming and outgoing data units. The specification does not use the term access control engine apart from the claims. Petitioner contends that access control engine should be interpreted as firewall engine or ACL engine. Pet. 17-18. Petitioners asserted rationale for such a construction, which we find insufficient, is that firewall engine or ACL engine is an admitted element of a prior art firewall. Pet. 18 (citing Ex. 1001, 2:7-19, 59-61, Fig. 2a). Patent Owner offers no construction of access control engine. An ordinary and customary definition, to one of ordinary skill in the relevant art, of the term access control is the prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner. THE IEEE STANDARD DICTIONARY OF ELECTRICAL
AND ELECTRONICS TERMS

5 (6th ed. 1996). An ordinary and customary

definition in the relevant art of the term engine is a dedicated processor, architecture, or system component that is used for a single and special purpose. Id. at 360. Consequently, the term access control engine means a dedicated processor, architecture, or system component that is used for the prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner. For purposes of this decision, 8

Case IPR2013-00369 Patent 7,107,612 B1 we adopt the aforementioned claim construction, because it is consistent with the ordinary and customary meaning of access control engine, as would be understood by one with ordinary skill in the art in light of the 612 patent. C. dynamic filter Claim 13 requires a dynamic filter configured to add one or more first rules to the set of rules based on data extracted from a first sequence of data units received at the network device. Claim 27 requires, in relevant part, a dynamic filter configured to modify the set of rules, filter second data units, modify the first modified set of rules, and filter third data units. Petitioner does not offer a specific construction of the term dynamic filter. Instead, Petitioner contends that in the Concurrent Litigation, Patent Owner construes implicitly dynamic filter to mean software that performs the function recited in the claim. Pet. 19. Patent Owner offers no construction of dynamic filter. Although the specification does not define expressly the term dynamic filter, it states that a dynamic filter processes packets, conducts a search through a set of dynamically generated rules, generates rules, and controls the passage of packets through the firewall to allow entry to a private network. Ex. 1001, 6:1-27. The specification further states that use of the dynamic filter advantageously allows the use of dynamicallygenerated rules, without increasing the processing time for those IP packets, which are initially allowed [] by the ACL engine [] based on the fixed rule set. Id. at 6:32-38. 9

Case IPR2013-00369 Patent 7,107,612 B1 The specification does not use the terms dynamic or filter contrary to their ordinary and customary meanings. An ordinary and customary definition, to one of ordinary skill in the relevant art, of the term dynamic is [p]ertaining to an event or process that occurs during computer program execution. THE IEEE STANDARD DICTIONARY OF ELECTRICAL AND ELECTRONICS TERMS 325 (6th ed. 1996). An ordinary and customary definition, to one of ordinary skill in the relevant art, of the term filter is a device or program that separates data, signals, or material in accordance with specified criteria. Id. at 408. Consequently, the term dynamic filter means a device or program that separates data in accordance with specified criteria through a process that occurs during computer program execution. For purposes of this decision, we adopt the aforementioned claim construction because it is consistent with the ordinary and customary meaning of dynamic filter, as would be understood by one with ordinary skill in the art in light of the 612 patent. D. Remaining Claim Terms or Phrases For purposes of this decision, all remaining claim terms or phrases recited in claims 1-13 and 22-27 of the 612 patent are given their ordinary and customary meaning, as would be understood by one of ordinary skill in the art.

10

Case IPR2013-00369 Patent 7,107,612 B1 III. ANALYSIS A. Petitioner is Not Precluded from Requesting Inter Partes Review As a threshold issue, Patent Owner argues that the Petition should be denied because it violates the doctrine of assignor estoppel and contradicts the oath that [Palo Alto Networks, Inc.] co-Founder Yuming Mao submitted to the PTO attesting to the validity of the 612 patent. See Prelim. Resp. 45. Mr. Yuming Mao is one of three inventors named on the face of the 612 patent. The Board has determined previously, and we agree, that assignor estoppel is not a basis for denying a petition requesting inter partes review: Under the AIA, a person who is not the owner of a patent may file with the Office a petition to institute an inter partes review of the patent. 35 U.S.C. 311(a) (emphasis added). Consequently, under the statute, an assignor of a patent, who is no longer an owner of the patent at the time of filing, may file a petition requesting inter partes review. This statute presents a clear expression of Congresss broad grant of the ability to challenge the patentability of patents through inter partes review. Athena Automation Ltd. v. Husky Injection Molding Systems Ltd., IPR2013-00290, slip op. at 12-13 (PTAB Oct. 25, 2013), Paper No. 18. Patent Owners reliance on 37 C.F.R. 42.101(c), which provides in relevant part that a person may not file a petition if the petitioner or a privy of the petitioner is estopped from challenging the claims on the grounds identified in the petition, is misplaced. See Prelim. Resp. 47. The grounds 11

Case IPR2013-00369 Patent 7,107,612 B1 for estoppel, as referenced in 42.101(c), are discussed expressly in 37 C.F.R. 42.73(d), which states: Estoppel. (1) Petitioner other than in derivation proceeding. A petitioner, or the real party in interest or privy of the petitioner, is estopped in the Office from requesting or maintaining a proceeding with respect to a claim for which it has obtained a final written decision on patentability in an inter partes review, post-grant review, or a covered business method patent review, on any ground that the petitioner raised or reasonably could have raised during the trial, except that estoppel shall not apply to a petitioner, or to the real party in interest or privy of the petitioner who has settled under 35 U.S.C. 317 or 327. Patent Owner does not contend that Petitioner, or the real party in interest or privy of the Petitioner, has obtained a final written decision on patentability in an inter partes review, post-grant review, or a covered business method patent review, on any ground that the petitioner raised or reasonably could have raised during the trial, as is required for Petitioner to be estopped under 37 C.F.R. 42.101(c). Patent Owner, therefore, has failed to show that estoppel applies pursuant to 37 C.F.R. 42.73 and 42.101(c). Furthermore, we are not persuaded that the equitable doctrine of assignor estoppel provides an exception to the statutory mandate that any person who is not the owner of a patent may file a petition for inter partes review. Accordingly, we decline to deny the Petition based on Patent Owners estoppel arguments. Patent Owner further asserts that even if Petitioner is not barred from requesting inter partes review, the Board should exercise its discretion to deny institution of trial because of the relationship between Mr. Mao and 12

Case IPR2013-00369 Patent 7,107,612 B1 Petitioner.5 See Prelim. Resp. 48-49. Patent Owner argues that the Boards discretion provides an alternative ground for applying the principles of equitable estoppel. Id. Patent Owner further argues, more generally, that equitable considerations weigh against granting the Petition, including that Patent Owner is denied the opportunity to submit inventor declarations under 37 C.F.R. [] 1.131 to identify the circumstances of conception and reduction to practice so as to swear behind what might otherwise constitute prior art, because Mr. Mao is adverse to Patent Owner. Prelim. Resp. at 4849. To the extent the Board has discretion to consider equitable considerations in determining whether to institute trial, in this case, Patent Owner has not made a showing that warrants exercise of that discretion. For the same reasons discussed above, Patent Owner has not shown that the Board should exercise discretion to apply principles of assignor estoppel to circumvent the express statutory language that permits any person who is not the owner of a patent to request inter partes review. With regard to other equitable considerations, Patent Owners arguments are, at best, speculative. Patent Owner does not identify any specific prior art it seeks to swear behind, and makes no showing that it is unable to do so merely because one of a multiple number of inventors on the face of the patent may

This case does not require us to reach the issue of whether Mr. Mao is in privity with Petitioner, as asserted by Patent Owner (Prelim. Resp. 52-58), because we conclude that even if Patent Owner established such a relationship, Patent Owner has not shown a sufficient basis to preclude Petitioner from requesting inter partes review. 13

Case IPR2013-00369 Patent 7,107,612 B1 have a relationship with Petitioner. Accordingly, we conclude that Patent Owner has not shown that Petitioner is barred or estopped, or otherwise should be precluded, from petitioning to institute inter partes review of the 612 patent. B. Anticipation Based on Julkunen Petitioner contends that Julkunen is prior art to the 612 patent and anticipates claims 1-3, 8-13, and 22-27 under 35 U.S.C. 102. Pet. 21. Petitioner relies upon claim charts, as well as the Declaration of Dr. John Mitchell (Ex. 1004), to explain how Julkunen anticipates these claims of the 612 patent. Pet. 21-30. Julkunen is a report that presents the study, design and implementation of a firewall, in particular a major component of a firewall: the dynamic packet filter. Ex. 1006, p. 1 (Abstract).6 According to Petitioner, Julkunen discloses the modification of a standard Linux firewall that uses administrator-programmed rules with what Julkunen calls a dynamic packet filter (DPF). Pet. 21 (citing Ex. 1006, 3-4; 12-14). Julkunen explains that a dynamic packet filter checks on the fly the outgoing IP packets from a computer and then allows incoming packets to get through the packet filter if the packets are from the same computer as the outgoing packets were sent to. Ex. 1006, p. 1 (Abstract). Petitioner also asserts that Julkunen describes dynamically generating rules based on
6

In this decision, citations to Julkunen refer to the page numbers as they appear on the original document, not to the page numbers labeled by Petitioner for Exhibit 1006. 14

Case IPR2013-00369 Patent 7,107,612 B1 information extracted from the Network File System (NFS) data packets, and that dynamically generated rules operate across multiple sessions. Pet. 22 (citing Ex. 1006, 39-43). 1. Whether Julkunen is Prior Art Petitioner states that Julkunen was published in April, 1997. Pet. 21. Patent Owner contests the prior art status of Julkunen and contends that Petitioner has failed to present any evidence that Julkunen qualifies as a printed publication that was publicly available before the critical date. Prelim. Resp. 7-11. Patent Owner cites Synopsys, Inc. v. Mentor Graphics Corp., for the proposition that absent evidence of publication or public accessibility of a reference, a petition for inter partes review, with respect to grounds based on that reference, should be denied. Prelim. Resp. 10-11 (citing IPR201200042, slip op. at 35-36 (PTAB Feb. 22, 2013), Paper No. 16). Indeed, the determination of whether a given reference qualifies as a prior art printed publication involves a case-by-case inquiry into the facts and circumstances surrounding the references disclosure to members of the public. In re Klopfenstein, 380 F.3d 1345, 1350 (Fed. Cir. 2004). Unlike the reference at issue in Synopsys, which was a companys product brochure that lacked any date on its face, Julkunen is a dated report with a Bibliographic Data Sheet, a Performing Organization Rept. No., and a Performing Organization Name listed as the Department of Computer Science at the University of Colorado at Colorado Springs. Ex. 1006, 73. The Bibliographic Data Sheet also identifies the Report Date as 15

Case IPR2013-00369 Patent 7,107,612 B1 April, 1997. Id. We are not convinced that institution of inter partes review based on Julkunen should be denied in this instance based on Patent Owners assertions that Julkunen merely includes the words April 1997 on its first page, and that a space labeled Availability Statement on the Bibliographic Data Sheet page of Julkunen is blank. See Prelim. Resp. 910; see also Ex. 1006, cover page and 73. On this record, we are persuaded that Petitioner has made a threshold showing that Julkunen is a printed publication within the meaning of 35 U.S.C. 102. As a consequence, for purposes of this decision, Julkunen is available as prior art for Petitioner to demonstrate a reasonable likelihood that the challenged claims are unpatentable. 2. Whether Petitioner Has Shown a Reasonable Likelihood that Claims 1-3, 8-13, and 22-27 are Anticipated by Julkunen Patent Owner contends that review should not be instituted based on the alleged anticipation by Julkunen. In addition to disputing the status of Julkunen as prior art, Patent Owner argues that Julkunen does not disclose rules that exist across multiple sessions, as required in all independent claims. Prelim. Resp. 7. Contrary to Patent Owners argument, none of the challenged claims recites across multiple sessions. As discussed above, even though Petitioner and Patent Owner agree that rules must exist across multiple sessions, neither party has offered support for the contention that such a requirement, which does not appear on the face of the claims and is not discussed in the specification, should be read into the claims. Therefore, we find Patent Owners argument not persuasive, because it is not 16

Case IPR2013-00369 Patent 7,107,612 B1 commensurate with the scope of the claims, as they are construed for purposes of this decision. Patent Owner also contends that Petitioner fails to allege that the purported rules in Julkunen are based on a sequence of data units or multiple data units. Prelim. Resp. 15-16. Again, Patent Owners argument is not persuasive, because it is not commensurate with the scope of the claims. The claims recite either adding or modifying rules based on data extracted from either the received first sequence of data units (claim 1), a first sequence of data units (claim 13), or first data units (claims 22 and 27). Thus, based on the record before us, the 612 patent requires that rules must be based on data extracted from data units, not that rules must be based on a sequence of data units or multiple data units, as Patent Owner contends. With respect to claims 8, 21, and 27, Patent Owner contends that Petitioner fails to support the assertion that Julkunen discloses further action upon second data units, because Petitioner supports that assertion by citing to the same disclosure relied upon for the first sequence of data units. Prelim. Resp. 16-17. We are not persuaded by Patent Owners argument. Claim 21 is not challenged in the Petition. Claims 8 and 27 require modifying rules based on data extracted from a second sequence of data units, or from second data units, respectively. There is no indication that the disclosure of Julkunen relied upon by Petitioner suggests that the disclosed dynamic packet filter acts only on a set of first data units. To the contrary, Petitioner references Julkunens disclosure of adding rules to a set 17

Case IPR2013-00369 Patent 7,107,612 B1 of packet filtering rules, and modifying that set of rules based on data received from another set of NFS packets. See Pet. 27 (citing Ex. 1006, 35 and 42-43). Based on the record before us, Petitioners citation to Julkunen amounts to sufficient evidence showing a reasonable likelihood that claims 8 and 27 are anticipated by Julkunen. With respect to claims 12 and 26, Patent Owner contends that Petitioner fails to identify any disclosure in Julkunen that satisfies the requirement that the data extracted from the received first sequence of data units comprises a port number and a network address associated with a source of the data units. Prelim. Resp. 16-17. In discussing claim 12, Petitioner references citations to Julkunen that disclose modifying added rules using source and destination network address and port information extracted from received FTP and NFS packets. Pet. 28 (citing to Ex. 1006, 35 and 43, and referring to the support provided for claim 1 at pages 24-25). Based on the record before us, Petitioners citation to Julkunen amounts to sufficient evidence showing a reasonable likelihood that claims 12 and 26 are anticipated by Julkunen. With respect to claim 13, Patent Owner contends that because Petitioner offered no construction of the terms access control engine or dynamic filter, Petitioner offers no explanation for how Julkunen discloses these claim limitations under any construction. Prelim. Resp. 17. We disagree, as Petitioner need not propose an express construction for a claim term to identify how a related claim limitation is disclosed by a particular reference. In this case, we interpret access control engine to 18

Case IPR2013-00369 Patent 7,107,612 B1 mean a dedicated processor, architecture, or system component that is used for the prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner. We are persuaded that, with respect to claim 13, Petitioner identifies the disclosure in Julkunen of a firewall, which constitutes an access control engine consistent with our construction of that term. Pet. 29 (citing Ex. 1006, 3 and 13). Similarly, we interpret dynamic filter to mean a device or program that separates data in accordance with specified criteria through a process that occurs during computer program execution. We are further persuaded that, with respect to claim 13, Petitioner identifies the disclosure in Julkunen of a dynamic packet filter consistent with our construction of a dynamic filter. Pet. 29 (citing Ex. 1006, p. 16). Based on the record before us, Petitioners citation to Julkunen provides sufficient evidence to show a reasonable likelihood that claim 13 is anticipated by Julkunen. In summary, having considered all of the information Petitioner has presented based on Julkunen with respect to claims 1-3, 8-13, and 22-27, we conclude that Petitioner has shown a reasonable likelihood that these claims are anticipated by Julkunen. C. Anticipation Based on Brenton Petitioner contends that Brenton is prior art to the 612 patent and anticipates claims 1-4, 6, 10, 12, 13, 22-24, and 26 under 35 U.S.C. 102(a) and (b). In particular, Petitioner relies upon claim charts, as well as the Declaration of Dr. John Mitchell (Ex. 1004), to explain how Brenton anticipates these claims of the 612 patent. Pet. 43-52. 19

Case IPR2013-00369 Patent 7,107,612 B1 According to Petitioner, Brenton, a 672-page book describing a wide range of computer network security technologies, discloses a dynamic packet filter that extends the capabilities of a static packet filter by maintaining a connection table or state table. Pet. 43 (citing Ex. 1008, 141182). 7 According to Petitioner, the dynamic filter creates a state table to store information regarding a connection allowed by the static filter. Pet. 43-44. Petitioner appears to equate the state table to additional rules of the dynamic filter that enable filtering beyond the capabilities of the static filter, for example, by selectively filtering UDP packets that may have been denied initially by a static filter. Pet. 44 (citing Ex. 1008, 163). 1. Whether Brenton is Prior Art Petitioner states that Brenton was published in 1998. Pet. 43. Patent Owner contends that Petitioner has failed to present any competent evidence that Brenton qualifies as a printed publication that was publicly available before the critical date. Prelim. Resp. 25-28. Exhibit 1008 includes a title page indicating a copyright of 1999 and a Library of Congress Card Number 98-87201. Ex. 1008. Petitioner also provided an undated copy of the corresponding Library of Congress Catalog of Record, which indicates a Published/Created date of 1998. Ex. 1009. Patent Owner suggests that the copyright date of 1999 draws into question the asserted publication date of 1998. Prelim. Resp. 27. Patent Owner also
7

In this decision, citations to Brenton refer to the page numbers as they appear on the original document, not to the page numbers labeled by Petitioner for Exhibit 1008. 20

Case IPR2013-00369 Patent 7,107,612 B1 maintains that the United States Court of Appeals for the Federal Circuit found evidence similar to that offered by Petitioner to be insufficient for purposes of establishing public accessibility of a paper in a database. Prelim. Resp. 26 (citing In re Lister, 583 F.3d 1307, 1316-17 (Fed. Cir. 2009)). The case cited by Patent Owner, however, addressed a paper submitted by a patent applicant to the Copyright Office, not a published book with a Library of Congress Card Number such as Brenton. See In re Lister, 583 F.3d at 1309-10. On this record, we are persuaded that Petitioner has made a threshold showing that Brenton is a printed publication within the meaning of 35 U.S.C. 102. As a consequence, for purposes of this decision, Brenton is available as prior art for Petitioner to demonstrate a reasonable likelihood that the challenged claims are unpatentable. 2. Whether Petitioner Has Shown a Reasonable Likelihood that Brenton Anticipates Claims 1-4, 6, 10, 12, 13, 22-24, and 26 Petitioner has not provided a complete copy of Mastering Network Security, a book by Chris Brenton. Instead, as set forth as Exhibit 1008, the reference identified as Brenton consists of the book cover, a title page, pages of the third chapter titled Understanding How Network Systems Communicate, and pages of the fifth chapter titled Firewalls. Ex. 1008. Patent Owner contends that by failing to submit a complete copy, Petitioner has rendered impossible any full and complete consideration of the reference itself. Prelim. Resp. 29. Patent Owner does not suggest that it

21

Case IPR2013-00369 Patent 7,107,612 B1 was unable to obtain a complete copy of the reference or further explain how its preliminary response was hindered by an incomplete copy. We conclude that on the record before us, material omitted by Petitioner from Exhibit 1008 is not relevant to our determination of whether Petitioner has presented information that establishes a reasonable likelihood that it would prevail with respect to the claims challenged in the petition. To the extent Patent Owner contends it has an objection to the evidence presented as Exhibit 1008 based on the Federal Rules of Evidence, the Board rules provide the specific manner and timing of properly making an objection to evidence during trial. Patent Owner further argues that Petitioners arguments based on Brenton are improper because they rely on unrelated portions of the reference, rather than the disclosure of one complete system. Prelim. Resp. 28-29. In particular, Patent Owner identifies citations by Petitioner to seven specific pages from a span of 33 pages of Brenton. Prelim. Resp. 28 n.7. Patent Owner is correct in recognizing that, to anticipate a claim, a reference must not only disclose all elements of the claim within the four corners of the document, but must also disclose those elements arranged as in the claim. Prelim. Resp. 29 (emphasis omitted) (quoting Net MoneyIn, Inc. v. VeriSign, Inc., 545 F.3d 1359, 1369 (Fed. Cir. 2008)). Patent Owner, however, has not shown, by merely identifying the applicable law and the number of pages cited, that Petitioner has cobbled together improperly something allegedly resembling the 612 patent claims. See Prelim. Resp. 28. For example, Patent Owner contends 22

Case IPR2013-00369 Patent 7,107,612 B1 Petitioner has cited to unrelated portions of Brenton, yet all of the citations identified by Patent Owner are from the fifth chapter of Brenton and relate directly to firewalls. See Prelim. Resp. 28 n.7. Patent Owner also does not articulate how the disclosure of Brenton fails to represent adequately the arrangement of the claimed elements, as required by each challenged claim. Accordingly, on this record, we are not convinced that review based on Brenton should be denied on the premise that Petitioner relied on unrelated portions of Brenton. Patent Owner also argues that Petitioner has not demonstrated that Brenton discloses adding rules to the set of rules, or modifying the set of rules, as required by all of the challenged claims. Prelim. Resp. 32-33. In particular, Patent Owner suggests that adding and modifying must be performed not on any set of rules, but on the antecedent set of rules identified earlier in the claim. Prelim. Resp. 32. Patent Owners argument is premised on its interpretation of Brenton that the set of rules is limited to the access control policy enforced by a static packet filter. Prelim. Resp. 32. Such an interpretation is not consistent with the 612 patent, which makes clear that a step involving dynamically generated rules, i.e., added or modified rules, may be included after processing by the static filter to further sort packets. Ex. 1001, 3:17-27. Therefore, we are persuaded that the information presented by Petitioner amounts to sufficient evidence showing a reasonable likelihood that Brenton discloses adding or modifying the set of rules, as claimed. See Pet. 46 (citing to Ex. 1008, 150, 157, 160, 163).

23

Case IPR2013-00369 Patent 7,107,612 B1 Patent Owner also argues that Petitioner has not shown that Brenton discloses rules that exist across multiple sessions, or that rules are added or modified based on multiple data units. Prelim. Resp. 29-32, 33-34. Patent Owners arguments are not persuasive for the same reasons discussed above with respect to Patent Owners assertion of the same arguments with respect to JulkunenPatent Owners arguments are not commensurate with the scope of the claims, as they are construed for purposes of this decision. See III.B.2, above. Patent Owner further argues that Brenton does not disclose specific limitations of other challenged claims, without identifying these claims. Prelim. Resp. 34. Instead, Patent Owner argues that Petitioners analysis is deficient for the same reasons Patent Owner asserted with respect to Julkunen. The claims challenged as anticipated by Brenton, however, do not mirror the claims challenged as anticipated by Julkunen. Patent Owner has not adequately set forth its argument, and we will not speculate as to what Patent Owner intends by vague statements purporting to incorporate arguments against grounds of unpatentability based on a different reference for different claims. In summary, having considered all of the information Petitioner has presented based on Brenton with respect to claims 1-4, 6, 10, 12, 13, 22-24, and 26, we conclude that Petitioner has shown a reasonable likelihood that these claims are anticipated by Brenton.

24

Case IPR2013-00369 Patent 7,107,612 B1 D. Obviousness Based on: (1) Julkunen and Brenton; and (2) Julkunen, Brenton, and IETF NAT Petitioner contends that claims 4-7 are unpatentable under 35 U.S.C. 103(a) over Julkunen in combination with IETF NAT, Brenton, or the knowledge of a person of ordinary skill in the art. Pet. 52-57. Petitioner relies upon claim charts, as well as the Declaration of Dr. John Mitchell (Ex. 1004), to explain how these cited prior art references teach claims 4-7 of the 612 patent. Id. Claims 4-7 depend, directly or indirectly, on claim 1 and are generally further directed to adding network address translation (NAT) to the method of claim 1. Petitioner admits that Julkunen does not disclose NAT, and instead, asserts that Brenton discloses address translation as a standard feature implemented in most firewall products. Pet. 53 (citing Ex. 1008, 174). Petitioner alleges that with NAT, the firewall described in Julkunen would have replaced the network addresses and port numbers in the packet headers associated with a location within a private network with a network address and a port number associated with the firewall. Pet. 48-49, 53 (citing Ex. 1008, 174). IETF NAT is an internet-draft memo, titled Protocol Complications with the IP Network Address Translator (NAT), posted by the Internet Engineering Task Force. Ex. 1010. Petitioner asserts that IETF NAT discloses how to apply NAT to packets with address information embedded in their payload as claimed. Pet. 54-55 (citing Ex. 1010, 2).

25

Case IPR2013-00369 Patent 7,107,612 B1 Patent Owner contends that Petitioner has failed to sufficiently identify the precise grounds of unpatentability upon which Petitioner challenges claims 4-7, as required by 37 C.F.R. 42.104(b). Prelim. Resp. 34-36. We disagree. The claim charts provided by Petitioner make clear the combination of references asserted by Petitioner. See Pet. 52-57. We understand Petitioner to argue that Claims 4 and 6 are unpatentable as obvious over the combination of Julkunen and Brenton, and that claims 5 and 7 are unpatentable as obvious over the combination of Julkunen, Brenton, and IETF NAT. See Pet. 52-57. Patent Owner also argues that the asserted combination based on Julkunen fails for the same reasons Patent Owner raised with respect to the asserted anticipation by Julkunen of claim 1. Prelim. Resp. 36-37. As we concluded Patent Owners arguments were not persuasive with respect to claim 1, on the record before us, the same arguments are likewise unpersuasive with respect to the obviousness grounds based on Julkunen. We also have considered Patent Owners arguments against the asserted combination based on Julkunen, including the contention that Petitioner offered no rationale for the asserted combination. See Prelim. Resp. 37-40. To the contrary, for the obviousness grounds based on Julkunen with respect to claims 4-7 (see Pet. 52-57), we understand Petitioner to contend that those claims require only the combination of familiar elements according to known methods to yield predictable results. See KSR Intl Co. v. Teleflex, Inc., 550 U.S. 398, 416 (2007).

26

Case IPR2013-00369 Patent 7,107,612 B1 In addition, Patent Owner argues that to the extent Julkunen suggests the use of proxying for address hiding, it actually teaches away from the use of NAT for that purpose. Prelim. Resp. 38-39. Patent Owner also contends that one skilled in the art would not have sought to combine Brenton with Julkunen because Brenton suggests that a dynamic packet filter cannot make filtering decisions based on payload. Id. at 38. We are not persuaded by Patent Owners teaching away arguments, based on the record before us, because Patent Owner has not sufficiently addressed the combination of prior art references as a whole. See In re Keller, 642 F.2d 413, 425 (CCPA 1981) (The test for obviousness is not . . . that the claimed invention must be expressly suggested in any one or all of the references. Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art.). Moreover, Patent Owner does not direct us to an explicit disclosure in Julkunen that criticizes, discredits, or otherwise discourages using a NAT with the firewall disclosed in Julkunen, namely, as a substitute for the proxying services. See In re Fulton, 391 F.3d 1195, 1201 (Fed. Cir. 2004) (The prior arts mere disclosure of more than one alternative does not constitute a teaching away from any of these alternatives because such disclosure does not criticize, discredit, or otherwise discourage the solution claimed in the . . . application.). Patent Owner also asserts that review of claims 4-7 on obviousness grounds should be denied because Petitioner did not address objective indicia of non-obviousness. Prelim. Resp. 40-41. In particular, Patent 27

Case IPR2013-00369 Patent 7,107,612 B1 Owner asserts that in the Concurrent Litigation it has presented substantial evidence of objective indicia of non-obviousness. Id. at 40. We are not persuaded by Patent Owners arguments. Patent Owner does not argue here that the previously presented evidence of secondary considerations rebuts or outweighs the evidence presented by Petitioner supporting the unpatentability of claims 4-7 over Julkunen, Brenton, and IETF NAT. Moreover, the existence of previously presented evidence of secondary considerations, evidence not before us at this juncture, neither bars the institution of a trial nor constitutes an additional burden that the Petitioner must overcome in demonstrating a reasonable likelihood that it would prevail in demonstrating the unpatentability of claims 4-7 of the 612 patent. Cf. In re Rinehart, 531 F.2d 1048, 1052 (CCPA 1976) (Facts established by rebuttal evidence must be evaluated along with the facts on which the earlier conclusion was reached, not against the conclusion itself.). In summary, having considered all of the information Petitioner has presented based on a combination of Julkunen, Brenton, and IETF NAT with respect to claims 4-7, we conclude that Petitioner has shown a reasonable likelihood that claims 4 and 6 would have been obvious over Julkunen and Brenton, and that claims 5 and 7 would have been obvious over Julkunen, Brenton, and IETF NAT. E. Anticipation and Obviousness Based on Schneider Petitioner contends that claims 1-4, 6, 8-13, and 22-27 are unpatentable as anticipated by Schneider, and that claims 4-7 are unpatentable for obviousness over Schneider in combination with Brenton or 28

Case IPR2013-00369 Patent 7,107,612 B1 IETF NAT. Pet. 30-42, 57-60. We exercise our discretion and determine that those grounds of unpatentability are redundant to the grounds of unpatentability on which we initiate inter partes review. Accordingly, we do not authorize inter partes review on the remaining grounds of unpatentability asserted by Petitioner against claims 1-13 and 22-27 of the 612 patent. See 37 C.F.R. 42.108(a). IV. CONCLUSION

For the foregoing reasons, we conclude that the information presented in the Petition establishes that there is a reasonable likelihood that Petitioner would prevail in showing that claims 1-13 and 22-27 are unpatentable. However, we have not made a final determination with respect to the patentability of these claims. V. ORDER For the foregoing reasons, it is: ORDERED that pursuant to 35 U.S.C. 314(a), inter partes review is hereby instituted as to claims 1-13 and 22-27 of the 612 patent based on the following grounds of unpatentability: A. Claims 1-3, 8-13, and 22-27 as anticipated under 35 U.S.C.

102 by Julkunen; B. Claims 1-4, 6, 10, 12, 13, 22-24, and 26 as anticipated under 35

U.S.C. 102 by Brenton; C. Claims 4 and 6 as unpatentable for obviousness under 35

U.S.C. 103 over the combination of Julkunen and Brenton; and, 29

Case IPR2013-00369 Patent 7,107,612 B1 D. Claims 5 and 7 as unpatentable for obviousness under 35

U.S.C. 103 over the combination of Julkunen, Brenton, and IETF NAT; FURTHER ORDERED that no other grounds of unpatentability are authorized for the inter partes review as to claims 1-13 and 22-27 of the 612 patent; FURTHER ORDERED that pursuant to 35 U.S.C. 314(c) and 37 C.F.R. 42.4, notice is hereby given of the institution of a trial. The trial will commence on the entry date of this decision; and FURTHER ORDERED that an initial conference call with the Board is scheduled for 3:30 p.m. on January 9, 2014. The parties are directed to the Office Trial Practice Guide, 77 Fed. Reg. 48,756, 48,765-66 (Aug. 14, 2012) for guidance in preparing for the initial conference call, and should be prepared to discuss any proposed changes to the Scheduling Order entered herewith, and any motions the parties anticipate filing during the trial.

30

Case IPR2013-00369 Patent 7,107,612 B1 PETITIONER: Matthew Kreeger Brian Ho MORRISON & FOERSTER LLP mkreeger@mofo.com bho@mofo.com Michael J. Schallop Van Pelt, Yi & James LLP Michael.schallop@ip-patent.com

PATENT OWNER: David McPhie Ben Haber Irell & Manella LLP dmcphie@irell.com bhaber@irell.com

31