Trials@uspto.

gov 571-272-7822

Paper 17 Entered: January 28, 2014

UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ PALO ALTO NETWORKS, INC., Petitioner, v. JUNIPER NETWORKS, INC., Patent Owner. ____________ Case IPR2013-00466 Patent 7,734,752 B2 ____________ Before MICHAEL R. ZECHER, JAMES A. TARTAL, and MIRIAM L. QUINN, Administrative Patent Judges. TARTAL, Administrative Patent Judge.

DECISION Institution of Inter Partes Review 37 C.F.R. 42.108

Case IPR2013-00466 Patent 7,734,752 B2 Palo Alto Networks, Inc. (Petitioner) filed a Petition (Paper 4, Pet.) requesting inter partes review of claims 1-23 of U.S. Patent No. 7,734,752 B2 (Ex. 1001, the 752 patent). Juniper Networks, Inc. (Patent Owner) timely filed a Patent Owners Preliminary Response (Paper 15, Prelim. Resp.). We have jurisdiction under 35 U.S.C. 314. I. INTRODUCTION The standard for instituting an inter partes review is set forth in 35 U.S.C. 314(a), which provides: THRESHOLD.The Director may not authorize an inter partes review to be instituted unless the Director determines that the information presented in the petition filed under section 311 and any response filed under section 313 shows that there is a reasonable likelihood that the petitioner would prevail with respect to at least 1 of the claims challenged in the petition. For the reasons set forth below, we conclude that the information presented in the Petition establishes that there is a reasonable likelihood that Petitioner will prevail in challenging as unpatentable claims 1-23 of the 752 patent. Accordingly, pursuant to 35 U.S.C. 314, we authorize an inter partes review to be instituted as to claims 1-23 of the 752 patent. A. Related Matters Petitioner states that the 752 patent was asserted against it in a complaint served on September 25, 2012, in Juniper Networks, Inc. v. Palo Alto Networks, Inc., No. 11-1258-SLR (D. Del.) (the Concurrent Litigation). Pet. 10. 2

Case IPR2013-00466 Patent 7,734,752 B2 B. The 752 Patent The application for the 752 patent, filed October 12, 2004, was a continuation-in-part of an application, filed March 28, 2003, that issued as U.S. Patent No. 7,650,634 (the 634 patent). The application that issued as the 634 patent was a continuation-in-part of an application, filed February 8, 2002, which issued as U.S. Patent No. 8,370,936. Petitioner asserts that because claims of the 752 patent are directed to new matter added to the634 patent application, the earliest priority date for the 752 patent is October 12, 2004. Pet. 11-13. Patent Owner has not contended that the 752 patent is entitled to an earlier priority date. Prelim. Resp. 8. The 752 patent, titled Intelligent Integrated Network Security Device for High-Availability Applications, relates to systems and methods for controlling computer network security. Ex. 1001, Abstract, 1:16-18. The method disclosed by the 752 patent includes configuring a primary security system for processing packets by maintaining flow information for a group of devices, designating a secondary security system for processing packets upon a failover event, and sharing flow records from the primary security system with the secondary security system. Id. at 2:17-24. The system disclosed by the 752 patent implements the method, including a first apparatus with a first security device, a first module to maintain flow information associated with packets received from a computer network, and a communication interface operable to permit an exchange of flow records with a second apparatus. Id. at 2:25-30. The first module also may share

Case e IPR2013-00466 Paten nt 7,734,75 52 B2 device-specific c flow info ormation with w the firs st security device. Id d. at 2:3132. Figure 10 of the 7 752 patent, reproduce ed below, d depicts a se ession mod dule.

Figure 10 of the 7 752 patent shows sess sion modu ule 122 that t monitors ated within pack kets being communic c n a networ rk, and may y act, in co onjunction with h security devices, d to facilitate blocking b of f packets a associated w with an attem mpted netw work securi ity intrusio on. Id. at 3 3:16-41. A As illustrate ed in 4

Case IPR2013-00466 Patent 7,734,752 B2 Figure 10, incoming packet interface 205 receives packets, which are then analyzed by flow processing engine 202 to determine whether an attempted security intrusion is in progress. Id. at 8:9-13. Flow table 215 stores information regarding flows associated with received packets, including flow records associated with current Transmission Control Protocol/Internet Protocol (TCP/IP) flows. Id. at 3:65-67; 8:13-16. A TCP/IP flow may include a sequence of data packets communicating information between a source and a destination in one direction. Id. at 3:67-4:2. Flow table 215 includes primary, or active, portion 1002, which may be dedicated to store information related to operation of the given session module as a primary security system, and secondary portion 1004, which may be dedicated to store information related to the operation of the session module as a secondary security system. Id. at 8:16-27. Primary and secondary portions 1002 and 1004, respectively, may be integrated in flow table 215. Id. at 8:27-29. C. Illustrative Claims Claims 1 and 13 are independent claims. Claims 2-12 depend, directly or indirectly, from independent claim 1. Claims 14-23 depend, directly or indirectly, from independent claim 13. Claim 1, reproduced below, is illustrative of the claimed subject matter: 1. A method in a computer network, comprising: processing packets, by a primary security system, the primary security system including a first device-implemented session module to maintain flow information for the primary 5

Case IPR2013-00466 Patent 7,734,752 B2 security system to facilitate processing of the packets, where the first device-implemented session module includes a first flow table having a primary portion that stores information associated with the operation of the first device-implemented session module, when the primary security system is functioning in a primary security system mode, and a secondary portion that stores information associated with the operation of the first device-implemented session module, when the primary security system is functioning in a failover mode; designating a secondary security system for processing packets upon a fail over event, the secondary security system including a second device-implemented session module to maintain flow information for the secondary security system to facilitate processing of the packets, where the second deviceimplemented session module includes a second flow table having a primary portion that stores information associated with the operation of the second device-implemented session module, when the secondary security system is functioning in a primary security system mode, and a secondary portion that stores information associated with the operation of the second device-implemented session module, when the secondary security system is functioning in a failover mode; sharing flow records from the primary security system with the secondary security system; sharing flow records from the secondary security system with the primary security system; using the primary security system to provide fail over support for the secondary security system, based on the information stored in the secondary portion of the first flow table; and using the secondary security system to provide fail over support for the primary security system, based on the information stored in the secondary portion of the second flow table.

Case IPR2013-00466 Patent 7,734,752 B2 D. Asserted Grounds of Unpatentability Petitioner challenges claims 1-23 of the 752 patent based on the alleged grounds of unpatentability set forth in the table below, as further supported by the Declaration of Dr. John Mitchell (Ex. 1005). Reference(s) Liu1 Adelman2 Syvanne Publication3 / Syvanne4 Adelman Adelman and Syvanne Albert5 and Colasurdo6 Basis 102 102 102 103 103 103 Claims Challenged 1-23 1-8, 12-19, and 23 1-3, 5, 8-15, and 18-23 1-23 1-23 1-23

II. CLAIM CONSTRUCTION As a step in our analysis for determining whether to institute trial, we determine the meaning of the claims. Consistent with the statute and legislative history of the Leahy-Smith America Invents Act (AIA), Pub. L. No. 112-29, 125 Stat. 284, 329 (2011), claims of unexpired patents are construed by applying the broadest reasonable interpretation, in light of the specification. 37 C.F.R. 42.100(b); see also Office Patent Trial Practice

U.S. Patent No. 7,197,660 B1, issued March 27, 2007 (Ex. 1008, Liu). U.S. Patent No. 6,078,957, issued June 20, 2000 (Ex. 1009, Adelman). 3 U.S. Patent Application Publication No. 2002/0112189 A1, published August 15, 2002 (Ex. 1011, Syvanne Publication). 4 U.S. Patent No. 7,162,737 B2, issued January 9, 2007 (Ex. 1010, Syvanne). 5 U.S. Patent No. 6,704,278 B1, issued March 9, 2004 (Ex. 1006, Albert). 6 U.S. Patent Application Publication No. 2002/0161839 A1, published October 31, 2002 (Ex. 1007, Colasurdo). 7
2

Case IPR2013-00466 Patent 7,734,752 B2 Guide, 77 Fed. Reg. 48,756, 48,766 (Aug. 14, 2012). Under the broadest reasonable interpretation standard, claim terms are given their ordinary and customary meaning, as would be understood by one of ordinary skill in the art in the context of the entire disclosure. In re Translogic Tech. Inc., 504 F.3d 1249, 1257 (Fed. Cir. 2007). Any special definition for a claim term must be set forth with reasonable clarity, deliberateness, and precision. In re Paulsen, 30 F.3d 1475, 1480 (Fed. Cir. 1994). A. primary portion and secondary portion Independent claims 1 and 13 each require flow tables having a primary portion and a secondary portion. Petitioner argues that the specification of the 752 patent indicates that the primary portion and secondary portion of a flow table must be separate and distinct. Pet. 16. Patent Owner asserts that no construction of any term of the 752 patent is necessary, but further states that it is undisputed that the claimed primary portion and secondary portion refer to portions in a single flow table. Prelim. Resp. 9 (emphasis omitted). Patent Owner disputes that the primary and secondary portions need be separate and distinct, but maintains it is irrelevant to the grounds of unpatentability raised by Petitioner. Id. at 10. In support of its proposed construction, Petitioner directs us to Figure 10 of the 752 patent, shown above, which includes a schematic depiction of a session module with a large box depicting Flow Table 215, within which appears a box for Active Portion (also called Primary Portion) 1002 and a box for Secondary Portion 1004. Pet. 16 (citing Ex. 1001, fig. 10). The specification suggests that portions of the flow table may be 8

Case IPR2013-00466 Patent 7,734,752 B2 dedicated as primary and secondary portions, but does not state that such dedication is required or exclusive. Ex. 1001, 8:16-27. As noted above, the specification further states that the primary and secondary portions may be integrated in the flow table. Id. at 8:27-29. Thus, the mere illustration of two boxes in a schematic diagram in the specification, each representing a particular portion, does not demonstrate that those portions must be separate and distinct from one another. Moreover, an ordinary and customary definition, to one of ordinary skill in the relevant art, of the term portion is a section or quantity within a larger thing; a part of a whole. The American Heritage Dictionary 966 (2d college ed. 1982). Therefore, an ordinary and customary definition of portion also does not support Petitioners proposed construction. Petitioner has not shown that independent claims 1 and 13, in light of the specification, necessarily require that the primary portion and secondary portion of a flow table be separate and distinct or different. Petitioner also has not shown that its alleged grounds of unpatentability turn on whether portions are separate and distinct. Consequently, based on the record before us, the terms primary portion and secondary portion are given their ordinary and customary meaning, as would be understood by one with ordinary skill in the art in light of the 752 patent. For purposes of this Decision, we construe primary portion and secondary portion each as a section or quantity within the flow table that makes up part of the flow table.

Case IPR2013-00466 Patent 7,734,752 B2 B. Remaining Claim Terms or Phrases For purposes of this Decision, all remaining claim terms or phrases recited in claims 1-23 of the 752 patent are given their ordinary and customary meaning, as would be understood by one of ordinary skill in the art. III. ANALYSIS A. Preliminary Issue of Precluding Petitioner from Requesting Review As a threshold issue, Patent Owner argues that the Petition should be denied under the doctrine of assignor estoppel. See Prelim. Resp. 2. Nir Zuk and Yuming Mao are two of the three inventors named on the face of the 752 patent. Patent Owner contends that Mr. Zuk and Mr. Mao are in privity with Petitioner.7 Id. at 2, 6 n. 6. Assignor estoppel is not a basis for denying a petition requesting inter partes review. As explained in a previous Board decision: Under the AIA, a person who is not the owner of a patent may file with the Office a petition to institute an inter partes review of the patent. 35 U.S.C. 311(a) (emphasis added). Consequently, under the statute, an assignor of a patent, who is no longer an owner of the patent at the time of filing, may file a petition requesting inter partes review. This statute presents a clear expression of Congresss broad grant of

This case does not require us to reach the issue of whether Mr. Zuk or Mr. Mao is in privity with Petitioner, as asserted by Patent Owner, because we conclude that, even if Patent Owner established such a relationship, Patent Owner has not shown a sufficient basis to preclude Petitioner from requesting inter partes review. 10

Case IPR2013-00466 Patent 7,734,752 B2 the ability to challenge the patentability of patents through inter partes review. Athena Automation Ltd. v. Husky Injection Molding Sys. Ltd., IPR2013-00290, slip op. at 12-13 (PTAB Oct. 25, 2013),Paper No. 18. Patent Owners reliance on 37 C.F.R. 42.101(c) is misplaced. See Prelim. Resp. 3. That regulation states, in relevant part, that a person may not file a petition if the petitioner or a privy of the petitioner is estopped from challenging the claims on the grounds identified in the petition. The grounds for estoppel, as referenced in 42.101(c), are discussed expressly in 37 C.F.R. 42.73(d), which states: Estoppel. (1) Petitioner other than in derivation proceeding. A petitioner, or the real party in interest or privy of the petitioner, is estopped in the Office from requesting or maintaining a proceeding with respect to a claim for which it has obtained a final written decision on patentability in an inter partes review, post-grant review, or a covered business method patent review, on any ground that the petitioner raised or reasonably could have raised during the trial, except that estoppel shall not apply to a petitioner, or to the real party in interest or privy of the petitioner who has settled under 35 U.S.C. 317 or 327. Patent Owner does not contend that Petitioner, or its privy, has obtained a final written decision on patentability in an inter partes review, post-grant review, or a covered business method patent review, on any ground that the petitioner raised or reasonably could have raised during the trial, as is required for Petitioner to be estopped under 37 C.F.R. 42.101(c). Patent Owner, therefore, has failed to show that estoppel applies pursuant to 11

Case IPR2013-00466 Patent 7,734,752 B2 37 C.F.R. 42.73 and 42.101(c). Furthermore, we are not persuaded that the equitable doctrine of assignor estoppel provides an exception to the statutory mandate that any person who is not the owner of a patent may file a petition for inter partes review. Accordingly, we decline to deny the Petition based on Patent Owners estoppel arguments. Patent Owner further asserts that, even if Petitioner is not barred from requesting inter partes review, the Board should exercise its discretion to deny institution of trial because of the relationship between Petitioner and Mr. Zuk or Mr. Mao. See Prelim. Resp. 5-6. Patent Owner argues that the Boards discretion provides an alternative ground for applying the principles of equitable estoppel. Id. Patent Owner further argues, more generally, that equitable considerations weigh against granting the Petition, including that Patent Owner is denied the opportunity to submit inventor declarations under 37 C.F.R. 1.131 so as to swear behind what might otherwise constitute prior art because Mr. Zuk is adverse to Patent Owner. Id. at 6. To the extent the Board has discretion to consider equitable considerations in determining whether to institute trial, in this case, Patent Owner has not made a showing which warrants exercise of that discretion. For the same reasons discussed above, Patent Owner has not shown that the Board should exercise discretion to apply principles of assignor estoppel to circumvent the express statutory language that permits any person who is not the owner of a patent to request inter partes review. With regard to other equitable considerations, Patent Owners arguments are speculative. Patent Owner does not identify any specific prior art it seeks to swear 12

Case IPR2013-00466 Patent 7,734,752 B2 behind, and makes no showing that it is unable to do so merely because two of a multiple number of inventors listed on the face of the patent may have a relationship with Petitioner. Accordingly, we conclude that Patent Owner has not shown that Petitioner is barred or estopped, or otherwise should be precluded, from requesting inter partes review of the 752 patent. B. Anticipation Based on Liu Petitioner contends that Liu is prior art to the 752 patent and anticipates claims 1-23 under 35 U.S.C. 102. Pet. 21. Petitioner relies upon claim charts, as well as the Declaration of Dr. John Mitchell (Ex. 1005), to explain how Liu anticipates these claims of the 752 patent. Pet. 22-33. Liu, titled High Availability Network Security Systems, relates to network security systems and to redundancy protocols for network security systems. Ex. 1008, 1:1-8. Liu describes a recovery method for a network security system, including providing a backup device with state information for a master device, detecting failure in a cluster of network security devices, and using the state information to recover from the failure. Id. at 2:3-9. State information may include session information and encryption information. Id. at 2:14-15. The master device and the backup device can include a messaging engine for communicating state information between the two devices. Id. at 2:40-42. The method described by Liu includes providing a network device connected to a plurality of network devices that are divided into a first and second group, and configuring the network device 13

Case IPR2013-00466 Patent 7,734,752 B2 to support connections within the first group and backup connections within the second group. Id. at 2:50-55. Patent Owner argues that Petitioner has not established that Liu describes a primary security system and secondary security system, each of which must include a session module and flow table. Prelim. Resp. 13. Liu states that a security device includes, among other things, a Recovery System and a Security System. Ex. 1008, 4:7-10. Patent Owner argues that Petitioner cannot rely on Lius Recovery System as describing elements of the claimed security system. Id. at 13-14. We are not persuaded that Petitioner cannot rely on Lius description of a security device to identify each element claimed merely because that security device includes components separately labeled as a recovery system and a security system. Patent Owner argues that Petitioner has failed to establish that Liu describes a first flow table with a primary portion and a secondary portion. Prelim. Resp. 14. As part of a security device, Liu describes recovery system 202 with memory 208 and controller 206. Ex. 1008, 4:2122. Memory 208 contains redundancy group table 210, master data partition 212, and backup data partition 214. Id. at 4:22-24. The master data partition 212 stores state information for the set of connections for which a given security device is acting as master device. Id. at 4:36-38. Backup data partition 214 stores state information for the set of connections for which the security device is acting as backup. Id. at 4:39-42. According to the 752 patent, a flow table store[s] information regarding flows associated 14

Case IPR2013-00466 Patent 7,734,752 B2 with received packets. Ex. 1001, 8:13-16. Patent Owner argues that Liu does not describe data in a memory organized as a flow table as the 752 patent claims require, but Patent Owner does not show that the claim language requires any such data organization. See Prelim, Resp. 15. Thus, we are not persuaded by Patent Owners argument, on the present record, that because Liu does not label memory 208 a flow table, it is distinguishable from the flow table of the 752 patent claims. Similarly, Patent Owners assertion that Liu fails to disclose primary and secondary portions of a flow table has not persuaded us, on the present record, because Liu describes master data partition 212 and backup data partition 214 as two portions of memory 208. It is well settled that anticipation is not an ipsissimis verbis test. In re Bond, 910 F.2d 831, 832-33 (Fed. Cir. 1990) (citing Akzo N. V. v. U.S. Intl Trade Commn, 808 F.2d 1471, 1479 n.11 (Fed. Cir. 1986)). An anticipatory reference . . . need not duplicate word for word what is in the claims. Standard Havens Prods. v. Gencor Indus., Inc., 953 F.2d 1360, 1369 (Fed. Cir. 1991). Patent Owner presents the same argument against the claimed first flow table to rebut Petitioners position that Liu discloses a second flow table having a primary portion and a secondary portion, as claimed. For the same reasons discussed above, that argument is unpersuasive. See Prelim. Resp. 16. Liu discloses a cluster of security devices, such that, if one device in the group fails, another can take over the processing of the failed device. Ex. 1008, 3:51-55. Thus, we understand Petitioner to contend that Liu describes a first security device, with a first memory operating as a 15

Case IPR2013-00466 Patent 7,734,752 B2 first flow table, as claimed, and a second security device, with a second memory operating as a second flow table, as claimed. Pet. 22-26. Patent Owner also argues that Petitioner has not shown that Liu describes a secondary portion of a flow table that stores information associated with the operation of the [] device-implemented session module, when the [] security system is functioning in a failover mode, as claimed. Prelim. Resp. 16. In particular, Patent Owner argues that Liu describes a backup data partition that acts as a repository for backup state data, but does not describe any use or association of the backup data partition information with post-failover operation. Id. at 17. Patent Owner states that Lius system may be distinguished from the claimed system, where the flow table in each security system synchronizes data with the flow table in the other security system, so that in the event of failure either flow table is ready to handle processing ordinarily performed by the other. Id. We are not persuaded by Patent Owners argument because it is not commensurate with the scope of the claims, which do not require that one flow table is ready to handle processing performed by the other. It is well established that limitations not appearing in the claims cannot be relied upon for patentability. See In re Self, 671 F.2d 1344, 1348 (CCPA 1982). Patent Owner argues that Liu does not disclose providing failover support based on information stored in the secondary portion of a flow table, as claimed. Prelim. Resp. 18. In particular, Patent Owner argues that Petitioner does not explain how failover support is provided by the first security system based on information from a secondary portion of a flow 16

Case IPR2013-00466 Patent 7,734,752 B2 table within its session module. Id. For purposes of this Decision, we find sufficient Petitioners explanation that Liu discloses providing failover support between cluster members based on the state information stored for other members of the cluster. See Pet. 26 (citing Ex. 1008, 5:53-62, fig. 2). With regard to Patent Owners argument that Liu fails to disclose sharing flow records, Patent Owner contends that Petitioner has not shown that the state information and control messages are organized into flow records. Prelim. Resp. 19. Patent Owner does not provide sufficient evidence of the organization required for information to constitute flow records, and proposes no construction for the term flow records. The 752 patent states that Flow records 302 may store policy information (e.g., firewall policy, [intrusion prevention system] policy etc., to apply to the flow)[,] as well as other information that may be used by the security devices such as encryption parameters, address translation parameters, bookkeeping information, and statistics. Ex. 1001, 4:11-16. Thus, we are not persuaded by Patent Owners argument that the information described in Liu as being sharednamely state information and control messages may be distinguished from the flow records, as claimed. Claim 6 With respect to claim 6, Petitioner identifies Lius disclosure of failure detection through control messages as corresponding to detecting an absence of a keep-alive signal, as claimed. Pet. 29. On the present record, we are not persuaded by Patent Owners argument that control messages, as described by Liu, are not keep-alive signals. Prelim. Resp. 20. 17

Case IPR2013-00466 Patent 7,734,752 B2 Alternatively, because dependent claim 6 requires detecting an absence of a keep-alive signal, it may be understood to encompass a negative limitation. Although a negative limitation is permissible, it merely recites what a claim lacks and, therefore, is likely to be broad by its very nature. Consequently, a negative limitation requiring the absence of an element may be adequately described by a cited prior art reference if that reference does not otherwise require the presence of the element recited in the negative limitation. In this case, Patent Owner has not provided sufficient evidence indicating that Lius disclosure of a control message that indicates path status information (success or fail) (Ex. 1008, 5:67-6:3) requires the presence of a keep-alive signal. Claim 8 Claim 8 requires that the the secondary security system is configured substantially identical to the primary security system. Patent Owner does not explain what configured means with respect to the claim, but argues more generally that the Petition and Liu are completely silent as to the configurations of Liu security devices 102 and 104 employed as master and backup. Id. at 21. On the present record, Petitioner has shown that Liu discloses configuring the backup to act in place of the master. Pet. 30 (citing Ex. 1008, 9:53-64; fig. 7). Patent Owner offers no explanation of what substantially identical requires that is not disclosed by Liu, and, as explained by Petitioner, the very notion of a backup described by Liu requires that it be configured in a manner that operates in place of the master. See id. 18

Case IPR2013-00466 Patent 7,734,752 B2 Claim 9 Patent Owner argues that Petitioner has not shown that Liu describes sharing the flow records between the primary security system and the secondary security system at predetermined intervals, as recited by claim 9. Prelim. Resp. 21. We are not persuaded by Patent Owners argument because Patent Owner offers no support for the asserted conclusion that sending and receiving information during run-time, as disclosed by Liu, does not constitute an exchange at predetermined intervals. Indeed, Patent Owner offers no explanation of what predetermined intervals means in the context of the claims to differentiate the term from the intervals associated with sending and receiving state information during run-time, as described by Liu. Pet. 31 (citing Ex. 1008, 8:20-23, fig. 5). Claims 10 and 11 Claim 10 and claim 11, which depends from claim 10, require sharing flow records when a refresh message is received. Petitioner identifies several descriptions in Liu as corresponding to that limitation. Pet. 31. First, Petitioner identifies Lius description of a backup engine that receives updates. Ex. 1008, 5:26-35. Further, Petitioner identifies Lius description of a messaging engine used for communicating state information (id. at 2:38-48), and a security device that notifies group members of its status and receives and stores state information (id. at 6:66-7:1). Liu describes that the security device sends and receives state information and path status information using the control message engine. Id. at 8:20-23. Thus, we understand Petitioner to contend that Lius description of sending and 19

Case IPR2013-00466 Patent 7,734,752 B2 receiving control messages, followed by an exchange of state information, correspond to the claimed sharing of information when a refresh message is received. We are not persuaded by Patent Owners argument that Liu fails to disclose the limitation, absent any explanation distinguishing, for example, control messages as described by Liu and a refresh message, as claimed. Additionally, with respect to claim 11, Patent Owner argues that Liu fails to describe sending a refresh message when a session is set-up or torn down, as claimed. Prelim. Resp. 23. Petitioner establishes that Liu discloses sending and receiving state information using control messages during run-time, and offers expert testimony in support of its contention that sending messages during run-time includes when a session is set-up or torn down. Pet. 32 (citing Ex. 1005 123). Patent Owners argument is not persuasive because Patent Owner does not explain how session, set-up, or torn down must be construed in light of the specification of the 752 patent to support the conclusion that it may be distinguished from the description of Liu. Claims 13-23 With respect to system claims 13-23, Petitioner contends that they are anticipated for essentially the same reasons discussed above in the corresponding method claims. Pet. 33. Petitioner argues that, during prosecution of the 752 patent, Patent Owner stated that claims 13-23 correspond to a system for implementing the methods of claims 1-12, and claims 13-23 correspond to the same subject matter of claims 1-12. Id. 20

Case IPR2013-00466 Patent 7,734,752 B2 Patent Owner argues that Petitioner has failed to state with particularity the asserted grounds of unpatentability for claims 13-23. Prelim. Resp. 23-25. While Patent Owner suggests that at least some of the system claims may not align precisely with the method claims, Patent Owner neither disputes Petitioners assertion that Patent Owner represented during prosecution that the system claims correspond to the subject matter of the method claims, nor disputes that the subject matter of the system claims, in fact, corresponds to the subject matter of the method claims. Additionally, Petitioner has provided expert testimony identifying the grounds on which each system claim corresponds to a method claim. Pet. 33 (citing Ex. 1005 125-139). In summary, having considered all of the information Petitioner has presented based on Liu with respect to claims 1-23, as well as the arguments presented in Patent Owners Preliminary Response, we conclude that, on the present record, Petitioner has shown a reasonable likelihood that claims 1-23 are anticipated by Liu. C. Anticipation and Obviousness Based on Adelman Petitioner contends that claims 1-8, 12-19, and 23 of the 752 patent are anticipated by Adelman (Pet. 33-44), and that claims 1-23 are unpatentable as their subject matter would have been obvious over Adelman under 35 U.S.C. 103 (Pet. 55-58). Adelman, titled Method and Apparatus for a TCP/IP Load Balancing and Failover Process in an Internet Protocol (IP) Network Clustering System, describes a method and apparatus for monitoring packet loss activity in an Internet Protocol network clustering system as a mechanism 21

Case e IPR2013-00466 Paten nt 7,734,75 52 B2 for controlled c failover f of f the TCP/I IP network k cluster sy ystem. Ex. 1009, 2:63-67. Figur re 5 of Ade elman is re eproduced below.

Figure 5 of Adelm man shows a general m memory m map of the p preferred f a cluster member ac cting as a t tunnel serv ver. Id. 3:5 52-53. The e embodiment of clust ter member contains the follow wing: (1) w work assign nment table e 515 containing the message/s session wor rk-unit has sh numbers s and the c cluster mem mber identification assigned to that t work-u unit; (2) ta able 517 co ontaining the application a n state table e for the cl luster mem mber; (3) ta able 519 co ontaining a similar applica ation state table t for th he other me embers of the cluster r; (4) area a 22

Case IPR2013-00466 Patent 7,734,752 B2 521 containing incoming messages; and (5) data handler routines 523 for handling data messages from other members of the cluster. Id. 6:21-29. Petitioner relies upon claim charts, as well as the Declaration of Dr. John Mitchell (Ex. 1005), to show how Adelman anticipates, and renders obvious, claims 1-8, 12-19, and 23 of the 752 patent. Pet. 33-44, 55-58. With respect to the anticipation ground, Petitioner argues that Adelmans table 517 corresponds to the primary portion of a flow table and that Adelmans table 519 corresponds to the secondary portion of a flow table, as claimed. In contrast, with respect to obviousness, Petitioner argues that [t]o the extent that Adelman is deemed to disclose two contiguous state tables rather that a single state table with two separate portions, the challenged claims are obvious because a single state table with two portions would have been a predictable variation of two contiguous state tables, which a person of ordinary skill could have implemented by merely combining them or arranging them into a single table. Pet. 57, citing KSR Intl Co. v. Teleflex, Inc., 550 U.S. 398, 417 (2007; Ex. 1005 228. The evidence presented by Petitioner, however, does not support the position that Adelmans tables 517 and 519 may be deemed to disclose a single state table with two portions. Petitioners declarant explicitly states that Adelman describes a system implemented in two contiguous tables, not a single table with two distinct portions as recited by the 752 [patent] claims. Ex. 1005 228. Consequently, Petitioner has not shown a reasonable likelihood of prevailing on the grounds that claims 1-8, 12-19, and 23 are anticipated by Adelman. 23

Case IPR2013-00466 Patent 7,734,752 B2 With respect to the obviousness ground, Petitioners contention is further supported by Dr. Mitchells declaration, which attests that whether a security system stores information in a single table with two distinct portions, as recited by the 752 patent, or in two contiguous tables, as described in Adelman, is not material to the operation of the purported invention, and is instead a variation, known to one of ordinary skill or based on common sense, that was obvious to try. Ex. 1005 228. Patent Owner challenges Petitioners contention as unsupported by sufficient evidence, but does not show that Petitioners declarant is incorrect. See Prelim. Resp. 5558. Patent Owner also argues that the claims are not obvious over Adelman for the same reasons Patent Owner argued the claims are not anticipated by Adelman. Prelim. Resp. 55. Specifically, Patent Owner argues that Adelman fails to describe flow tables having a primary portion and secondary portion, as claimed. Prelim. Resp. 27-29. This argument, however, does not address whether it would have been obvious to implement a single flow table with primary and secondary portions in place of the contiguous flow tables described by Adelman. Patent Owner further argues that Petitioner has not shown that Adelman describes a secondary portion of a flow table that stores information associated with the operation of the [] device-implemented session module when the [] security system is functioning in failover mode, as claimed. Prelim. Resp. 29. In particular, Patent Owner argues Adelman does not purport to describe the mechanics of session module operation 24

Case IPR2013-00466 Patent 7,734,752 B2 after failover. Id. at 30. According to Petitioner, however, Adelman describes cluster members that maintain state table information for other members expressly for processing in the event of failover. Pet. 36 (citing Ex. 1009, 6:21-32, 12:43-46, fig. 5). Therefore, Patent Owners contention that Adelman must describe mechanics of session module operation beyond that which is claimed is not commensurate with the scope of the claim. See In re Self, 671 F.2d at 1348. Patent Owner argues that Adelman does not disclose providing failover support based on information stored in the secondary portion of a flow table, as claimed. Prelim. Resp. 30-31. In particular, Patent Owner argues that Petitioner does not show that Adelman describes two security systems providing support for each other, but rather that failover support is handled by multiple different cluster members for a given failed device. Id. at 31. Patent Owner, however, has not identified any description in Adelman that requires more than two clusters or precludes two clusters from providing mutual failover support. For purposes of this Decision, we find Petitioners explanation that Adelman discloses failover support between cluster members to be sufficient to identify how Adelman describes this limitation. See Pet. 36, 39 (citing Ex. 1009, 6:21-32, 12:43-46, 8:14-30, 12:66-13:1, fig. 5). With respect to claim 2, Patent Owner argues that Petitioner cites no evidence from Adelman, but instead refers back to other portions of its claim chart. Prelim. Resp. 32. Such an argument ignores the substance of Petitioners evidence. We have considered that evidence and the arguments 25

Case IPR2013-00466 Patent 7,734,752 B2 presented by Petitioner (Pet. 34-40), and we disagree with Patent Owners premise that Petitioner failed to show sufficient evidence regarding how Adelman discloses the claimed limitations recited in claim 2. With respect to claim 7, Patent Owner argues that Petitioner has failed to show that Adelman describes a take-over signal, as claimed. Prelim. Resp. 32-33. Petitioner contends that the reassigning of work from a failed cluster member to a non-failed cluster member corresponds to the recited take-over signal. Pet. 43. Patent Owner does not explain what is required of a take-over signal, as claimed, that distinguishes it from the system described by Adelman. For purposes of this Decision, we are persuaded that Petitioner has shown sufficiently that Adelman describes the limitations recited in claim 7. Pet. 42-43 (citing Ex. 1009, Abs., 8:14-30, 50-54). With respect to claim 8, Patent Owner argues that Petitioner has not shown that the secondary security system is configured substantially identical to the primary security system, as claimed. Prelim. Resp. 33. Patent Owner does not explain what configured means with respect to the claim. On the present record, Petitioner has shown that Adelman describes configuring clusters that serve as backup to takeover for other clusters during a failure. Pet. 34-43. Patent Owner offers no explanation of what substantially identical requires that is not disclosed by Adelman, and, as explained by Petitioner, the very notion of a backup described by Adelman requires that it be configured in a manner that operates in place of the failed cluster. See id.

26

Case IPR2013-00466 Patent 7,734,752 B2 With respect to claim 12, Patent Owner argues that Petitioner has identified Adelmans members leaving or joining a cluster, but not specifically when a condition that caused a failover has cleared, as claimed. Prelim. Resp. 33-34. In particular, Patent Owner argues that the cited portions of Adelman do not disclose the clearing of a condition that caused a failover event. Id. at 34. Patent Owner has not established that the claim requires clearing of a condition, but does not cover resuming processing when a condition has cleared. For purposes of this decision, we find sufficient Petitioners evidence that Adelman describes the limitations recited in claim 12. Pet. 43-44 (citing Ex. 1009, 6:33-39, 6:65-7:1, 8:14-30, 50-54). Patent Owner further argues that Petitioner has made no showing that dependent claims 9-11 and 20-22 would have been obvious over Adelman. Prelim. Resp. 55. Petitioner did not provide claim charts to assert that claims 9-11 and 20-22 were anticipated by Adelman, and provided no analysis to show that the subject matter of those claims would have been obvious over Adelman. Consequently, we agree with Patent Owner that Petitioner has not shown a reasonable likelihood that claims 9-11 and 20-22 would have been obvious over Adelman. Patent Owner also asserts that the grounds of unpatentability based on obviousness over Adelman should be denied because Petitioner did not address objective indicia of non-obviousness. Prelim. Resp. 58-59. In particular, Patent Owner asserts that, in the Concurrent Litigation, it has presented substantial evidence of objective indicia of non-obviousness. 27

Case IPR2013-00466 Patent 7,734,752 B2 Id. at 50. We are not persuaded by Patent Owners arguments, which fail to show that the district court litigation evidence of secondary considerations rebuts or outweighs Petitioners evidence supporting the unpatentability of claims 1-8, 12-19, and 23 over Adelman. The evidence of secondary considerations is not before us at this juncture, and Patent Owner does not establish support or authority for its position that a petition must be denied because it does not disclose or address evidence of secondary considerations not before us, but made available to Petitioner during district court litigation. In summary, having considered all of the information Petitioner has presented based on Adelman with respect to claims 1-23, as well as the arguments presented in Patent Owners Preliminary Response, we conclude that Petitioner has shown a reasonable likelihood that claims 1-8, 12-19, and 23 would have been obvious over Adelman. We further conclude that Petitioner has not shown a reasonable likelihood: (1) that claims 1-8, 12-19, and 23 are anticipated by Adelman; or (2) that claims 9-11 and 20-22 would have been obvious over Adelman. D. Obviousness Based on Albert and Colasurdo Petitioner contends that claims 1-23 are unpatentable for obviousness over Albert and Colasurdo under 35 U.S.C. 103. Pet. 58-60. Petitioner states that during prosecution of the 752 patent, claims were amended to overcome rejections over Albert and Colasurdo. Id. at 59. Petitioner argues that to the extent that [Patent Owner] is contending in the Concurrent Litigation that the subject matter it disclaimed in 28

Case IPR2013-00466 Patent 7,734,752 B2 order to obtain the patent is now encompassed by the 752 [patent] claims, the challenged claims should be determined unpatentable because they should never have been allowed in the first place under [Patent Owners] claim interpretation. Id. Petitioner offers no claim specific analysis to identify the precise grounds for its challenge, as required by 35 U.S.C. 312(a)(3) and 37 C.F.R. 42.104(b)(4). Consequently, Petitioner has not shown a reasonable likelihood that claims 1-23 would have been obvious over Albert and Colasurdo. E. Obviousness Based on the Combination of Adelman and Syvanne Petitioner contends that claims 1-23 would have been obvious over the combination of Adelman and Syvanne. Pet. 55-58. With respect to claims 9-11 and 20-22, Petitioner argues that Syvanne describes claimed elements concerning sharing flow records at predetermined intervals and when a refresh message is received, as well as sending refresh messages when a session is set-up or torn down, that are not described by Adelman. Pet. 56. Petitioner argues that a person of ordinary skill in the art would have been motivated to combine Adelman with Syvanne because both prior art references are directed to a high availability network security cluster where seamless failover is achieved by sharing the state information among the cluster members. Id. Petitioner also states that [n]o technical impediment existed to adding the additional limitations of Syvanne to Adelman. Id. At best, Petitioners argument suggests that Adelman and Syvanne are analogous art. The fact that Adelman and Syvanne are 29

Case IPR2013-00466 Patent 7,734,752 B2 analogous art, however, does not suffice as an articulated reasoning with some rational underpinning to support the legal conclusion of obviousness. See KSR, 550 U.S. at 418. Consequently, Petitioner has not shown a reasonable likelihood that claims 9-11 and 20-22 would have been obvious over Adelman and Syvanne. With respect to claims 1-8, 12-19, and 23, we exercise our discretion and determine that the ground of unpatentability based on obviousness over the combination of Adelman and Syvanne is redundant to the ground of unpatentability based on obviousness over Adelman on which we initiate inter partes review. Accordingly, we do not authorize inter partes review on the ground of unpatentability asserted by Petitioner against claims 1-8, 12-19, and 23 of the 752 patent based on obviousness over the combination of Adelman and Syvanne. See 37 C.F.R. 42.108(a). F. Anticipation Based on Syvanne Publication/Syvanne Petitioner contends that claims 1-3, 5, 8-15, and 18-23 are anticipated by Syvanne Publication/Syvanne. Pet. 33-55. We exercise our discretion and determine that those grounds of unpatentability are redundant to the grounds of unpatentability based on Liu on which we initiate inter partes review. Accordingly, we do not authorize inter partes review on the grounds of unpatentability asserted by Petitioner against claims 1-23 of the 752 patent based on anticipation by Syvanne Publication/Syvanne. See 37 C.F.R. 42.108(a).

30

Case IPR2013-00466 Patent 7,734,752 B2 IV. CONCLUSION

For the foregoing reasons, we conclude that the information presented in the Petition establishes that there is a reasonable likelihood that Petitioner would prevail in showing that claims 1-23 of the 752 patent are unpatentable. However, we have not made a final determination with respect to the patentability of these claims. V. ORDER For the foregoing reasons, it is: ORDERED that pursuant to 35 U.S.C. 314(a), an inter partes review is hereby instituted as to claims 1-23 of the 752 patent based on the following grounds of unpatentability: A. B. Claims 1-23 as anticipated under 35 U.S.C. 102 by Liu; Claims 1-8, 12-19, and 23 as unpatentable for obviousness

under 35 U.S.C. 103 over Adelman; FURTHER ORDERED that no other grounds of unpatentability are authorized for the inter partes review as to claims 1-23 of the 752 patent; FURTHER ORDERED that pursuant to 35 U.S.C. 314(c) and 37 C.F.R. 42.4, notice is hereby given of the institution of a trial. The trial will commence on the entry date of this decision; and FURTHER ORDERED that an initial conference call with the Board is scheduled for 3:30 p.m. on February 12, 2014. The parties are directed to the Office Trial Practice Guide, 77 Fed. Reg. 48,756, 48,765-66 (Aug. 14, 2012) for guidance in preparing for the initial conference call, and should be 31

Case IPR2013-00466 Patent 7,734,752 B2 prepared to discuss any proposed changes to the Scheduling Order entered herewith, and any motions the parties anticipate filing during the trial.

32

Case IPR2013-00466 Patent 7,734,752 B2 PETITIONER: Matthew Kreeger MORRISON & FOERSTER LLP mkreeger@mofo.com Michael J. Schallop Van Pelt, Yi & James LLP Michael.schallop@ip-patent.com

PATENT OWNER: David McPhie Ben Haber Irell & Manella LLP dmcphie@irell.com bhaber@irell.com

33