10087342 (P.T.A.B. Oct. 19, 2015)

Arista Networks, Inc.v.Cisco Systems, Inc.

Patent Trial and Appeal BoardOct 19, 2015

10087342 (P.T.A.B. Oct. 19, 2015)

Trials@uspto.gov Paper 9 571-272-7822 Entered: October 19, 2015 UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ ARISTA NETWORKS, INC., Petitioner, v. CISCO SYSTEMS, INC., Patent Owner. ____________ Case IPR2015-00976 Patent 7,023,853 B1 ____________ Before BRYAN F. MOORE, MATTHEW R. CLEMENTS, and PETER P. CHEN, Administrative Patent Judges. MOORE, Administrative Patent Judge. DECISION Denying Institution of Inter Partes Review 37 C.F.R. § 42.108 I. INTRODUCTION Petitioner, Arista Networks, Inc., filed a Petition for inter partes review of claims 46–52, 54, 56, and 59–63 of U.S. Patent No. 7,023,853 B1 (Ex. 1001, “the ’853 patent”). Paper 6 (“Pet.”). Patent Owner, Cisco Systems, Inc., filed a Preliminary Response. Paper 8 (“Prelim. Resp.”). IPR2015-00976 Patent 7,023,853 B1 2 Institution of an inter partes review is authorized by statute when “the information presented in the petition . . . and any response . . . shows that there is a reasonable likelihood that the petitioner would prevail with respect to at least 1 of the claims challenged in the petition.” 35 U.S.C. § 314(a); see 37 C.F.R. § 42.108. Upon consideration of the Petition and the Preliminary Response, we conclude the information presented does not show there is a reasonable likelihood that Petitioner would prevail in establishing the unpatentability of any of claims 46–52, 54, 56, and 59–63 of the ’853 patent. A. Related Matters The parties state that the ’853 patent is the subject of Cisco Systems, Inc. v. Arista Networks, Inc., No. 4:14-cv-05343-JSW (N.D. Cal.), filed December 5, 2014, and ITC Inv. No. 337-TA-945 (Network Devices, Related Software and Components Thereof (II)), filed December 19, 2014). Pet. 1; Paper 5 (Patent Owner’s Mandatory Notice). The ’853 patent is also the subject of IPR2015-001050. Petitioner has also filed petitions requesting inter partes review of other patents owned by Patent Owner: IPR2015- 00973 (U.S. Patent No. 6,377,577), IPR2015-00974 (U.S. 7,224,668), IPR2015-00975 (U.S. Patent No. 8,051,211), IPR2015-00976 (U.S. Patent No. 7,023,853), IPR2015-00978 (U.S. Patent No. 7,340,597), and IPR2015- 01049 (U.S. Patent No. 6,377,577). B. The ’853 Patent The ’853 patent is titled, “Access Control List Processing in Hardware,” and relates generally to a method for performing access control list processing in hardware using an associative memory. Ex. 1001, Abstract. Data packets transmitted between network devices can be IPR2015-00976 Patent 7,023,853 B1 3 restricted using a technique known as “access control.” Id. at 1:14–20. One access control technique is to use access control lists or “ACLs” to determine whether to permit or deny transmission of a packet to a particular destination. Id. at 1:23–25 (“[T]he ACL describes which selected source devices are permitted (and which denied) to send packets to which selected destination devices.”). The Specification provides an example of a known ACL format, where each ACL includes “access control specifiers.” These specifiers contain information to match with incoming packets, and then based on a match, specify a particular access result (e.g., whether transmission of a packet is “specifically permitted or specifically denied”). Id. at 1:27–37. Figure 1 of the ’853 patent is reproduced below. IPR2015-00976 Patent 7,023,853 B1 4 Figure 1 is a block diagram of a system for performing access control in accordance with the ’853 patent. As shown in Figure 1, packet 130 arrives at one of the system’s packet interfaces 101. Id. at 3:47–48. Routing element 110 then selects one or more of the output interfaces to which the packet should be forwarded. Id. at 3:50–53. Prior to forwarding, access control element 120 determines whether to allow transmission of the packet. Id. at 3:53–57. Figure 2 of the ’853 patent is reproduced below. Figure 2 is a block diagram of an access control element which contains access control patterns. When packet 130 arrives at access control element 120, a packet label 200 is created based on information derived from the IPR2015-00976 Patent 7,023,853 B1 5 packet header 133 of packet 130. Id. at 4:19–22. The packet label goes to access control memory 210, which attempts to match information from the packet label to access control specifiers in memory 211. Id. at 4:54–60. To perform this matching process, packet label 200 is compared to label match mask 212 and label match pattern 213 of each access control specifier 211. Id. at 4:56–58. The “access control patterns” are maintained in the memory. Thereafter, “matchable information” from the packet label is compared to the access control patterns to determine if there is a match. Id. at 4:58–63. If a match is found with a particular access control pattern, priority encoder 200 selects the corresponding access control specifier 211 with the highest priority and provides an indicator of that access control specifier 211 to output port 202. Id. at 4:5–56, 5:10–14. The indicator specifies an access control result, which specifies if the packet should be transmitted. Id. C. Illustrative Claim Claims 46 and 63 of the challenged claims of the ’853 patent are independent. Claims 46 and 63 are illustrative of the claimed subject matter: 46. A system comprising: means for maintaining a set of access control patterns in at least one associative memory; means for receiving a packet label responsive to a packet, said packet label being sufficient to perform access control processing for said packet; means for matching matchable information, said matchable information being responsive to said packet label, with said set of access control patterns in parallel; means for generating a set of matches in response thereto, each said match having priority information associated therewith; IPR2015-00976 Patent 7,023,853 B1 6 means for selecting at least one of said matches in response to said priority information, and generating an access result in response to said at least one selected match; and means for making a routing decision in response to said access result. 63. A method of processing a packet comprising: selecting an output interface to which to forward the packet; determining forwarding permission for the packet, wherein the determining comprises matching one or more characteristics of said packet with one or more access specifiers in at least one access control element; processing said packet based on said forwarding permission; wherein, the selecting step is performed in parallel with the determining step. D. Asserted Grounds of Unpatentability Petitioner contends that claims 46–52, 54, 56, and 59–63 of the ’853 patent are unpatentable based on the following specific grounds (Pet. 9–60): IPR2015-00976 Patent 7,023,853 B1 7 References Basis Challenged Claim(s) Hendel 1 35 U.S.C. § 102 46–52, 54, 56, 59, and 63 Hendel and Muller 2 35 U.S.C. § 103 54, 56, and 60–62 Hendel and Elliot 3 35 U.S.C. § 103 56 II. DISCUSSION A. Claim Construction In an inter partes review, we construe claim terms in an unexpired patent according to their broadest reasonable construction in light of the specification of the patent in which they appear. 37 C.F.R. § 42.100(b); see also In re Cuozzo Speed Techs., LLC, 793 F.3d 1268, 1278–79 (Fed. Cir. 2015). Consistent with the broadest reasonable construction, claim terms are presumed to have their ordinary and customary meaning as understood by a person of ordinary skill in the art in the context of the entire patent disclosure. In re Translogic Tech., Inc., 504 F.3d 1249, 1257 (Fed. Cir. 2007). An inventor may provide a meaning for a term that is different from its ordinary meaning by defining the term in the specification with reasonable clarity, deliberateness, and precision. In re Paulsen, 30 F.3d 1475, 1480 (Fed. Cir. 1994). 1 U.S. Patent No. 6,081,522, filed June 30, 1997, issued June 27, 2000 (Ex. 1007, “Hendel”). 2 U.S. Patent No. 5,938,736, filed June 30, 1997, issued Aug. 17, 1999 (Ex. 1008, “Muller”). 3 U.S. Patent No. 5,867,495, filed Nov. 18, 1996, issued Feb. 2, 1999 (Ex. 1019, “Elliot”). IPR2015-00976 Patent 7,023,853 B1 8 1. Construction of Means plus Function Limitations Several terms of the claims for which inter partes review is sought recite claim terms in means-plus-function format, and thus § 112 ¶ 6 of the pre-AIA Patent Act applies. 4 Petitioner recognizes that issues relating to the sufficiency of a claim under Section 112 is outside the scope of an inter partes review. Pet. 10. Nonetheless, Petitioner asserts, without citation, that “it is appropriate for the PTAB to analyze the prior art for the presence of structures corresponding to the best available disclosure of the ’853 Patent, notwithstanding that such disclosure may be insufficient to support the claims.” Id. This is an incorrect statement of the standard the Board uses. As explained in BlackBerry Corporation v. MobileMedia Ideas, LLC, Case IPR2013-00036, , slip op. at 19–20 (PTAB Mar. 7, 2014) (Paper 65), the specification must provide the necessary structure under § 112, sixth paragraph. When the specification of the challenged patent lacks sufficient disclosure of structure under 35 U.S.C. § 112, sixth paragraph, the scope of the claims cannot be determined without speculation and, consequently, the differences between the claimed invention and the prior art cannot be ascertained. Id. Thus, the disclosure we rely on from the specification, and not the “best available” disclosure, must be sufficient to determine the scope of the claim. [I]f one employs means-plus-function language in a claim, one must set forth in the specification an adequate disclosure showing what is meant by that language. If an applicant fails to set forth an adequate disclosure, the applicant has in effect 4 The ’853 Patent’s filing date is before the effective date set for the AIA’s changes to § 112. America Invents Act, sec. 4(e), 125 Stat. 284, 297 (2011). IPR2015-00976 Patent 7,023,853 B1 9 failed to particularly point out and distinctly claim the invention as required by the second paragraph of section 112. In re Donaldson Co., 16 F.3d 1189, 1195 (Fed. Cir. 1994) (en banc). “The specification must be read as a whole to determine the structure capable of performing the claimed function.” Budde v. Harley–Davidson, Inc., 250 F.3d 1369, 1379 (Fed. Cir. 2001). A structure disclosed in the specification qualifies as “‘corresponding’ structure only if the specification or prosecution history clearly links or associates that structure to the function recited in the claim.” B. Braun Med. v. Abbott Labs., 124 F.3d 1419, 1424 (Fed. Cir. 1997) (emphasis added). This duty to link or associate structure to function is the quid pro quo for the convenience of employing § 112 ¶ 6. See O.I. Corp. v. Tekmar Co., 115 F.3d 1576, 1583 (Fed. Cir. 1997). While corresponding structure need not include all things necessary to enable the claimed invention to work, it must include all structure that actually performs the recited function. See Cardiac Pacemakers, Inc. v. St. Jude Med., Inc., 296 F.3d 1106, 1119 (Fed. Cir. 2002). 2. “means for maintaining a set of access control patterns in at least one associative memory” Claim 46 recites the function of “means for maintaining a set of access control patterns in at least one associative memory.” Petitioner states that the “best available” (yet not sufficient) corresponding structure is access control memory 210 in access control element 120. Pet. 10 (citing Ex. 1001, Fig. 1, Fig. 2, 4:54–56.) Patent Owner states the corresponding structure is one or more content-addressable memory units and a general-purpose processor, program and data memory, and mass storage, executing operating system software. Prelim Resp. 17 (citing Ex. 1001, Fig. 1 “CPU,” 5:21–25, 1:33–37.) Patent Owner suggests that the algorithm running on the general IPR2015-00976 Patent 7,023,853 B1 10 purpose computer is “performing at least the step of recording and keeping up a set of access control patterns in at least one associative memory.” Id. (citing Ex. 1001, Fig. 2, 4:54–63, 5:33–46, 5:55–6:20.) Petitioner argues that “[t]he general purpose processor identified by Cisco does not, in the ’853 Patent, perform the function of ‘maintaining a set of access control patterns.’” Pet. 11. Petitioner further argues that “in the ’853 Patent, the CPU is a higher-level processor element that performs secondary software access control processing, ancillary to the access control of the invention, as directed by the access control result.” Id. (citing Ex. 1001, 5:17–18, 5:21–30.) We find that the Specification notes at col. 1, lines 33 to 37, as cited by Patent Owner, that the invention is implemented on a router, implementing operating system software, such as the IOS operating system. However, the Specification also suggests that an object of the invention is to avoid “the drawback that comparing at least some incoming packets against the ACL (access control list) must be performed using software.” Id. at 2:11–14. The Specification further states that “embodiments of the invention can be implemented using circuits adapted to particular process steps and data structures described herein.” Id. at 3:36–39. The Specification discloses a “higher level processor” that includes a general-purpose processor. Id. at 5:21–30. According to the Specification, after access control is performed “the packet 130 [may be] forwarded to a ‘higher-level’ processor for further treatment.” Id. at 5:16–17. “The higher- level processor includes a general-purpose processor, program and data memory, and mass storage, executing operating system and application software for software (rather than hardware) examination of the packet IPR2015-00976 Patent 7,023,853 B1 11 130.” Id. at 5:21–25 (emphasis added). Therefore, the Specification suggests that, if a packet is not forwarded to a “higher-level” processor, “examination of the packet” is done in hardware not in software. The corresponding structure need not be explicitly identified but must disclose to a person of ordinary skill in the art what structure is identified in the specification. See Atmel Corp. v. Info. Storage Devices, Inc., 198 F.3d 1374, 1380 (Fed. Cir. 1999). It is unclear from the Specification whether the CPU, shown in Figure 2 as part of access control element 120, is the “higher-level processor” which is described at Ex. 1001, 5:21–25, or some other processor running IOS described at Ex. 1001, 1:33–37. It is also unclear which part of the access control element 120 is composed of “circuits adapted to particular process steps and data structures” as described at 3:36–39. Here, the patent is at best unclear whether the claimed function is implemented in software executed on a general purpose CPU or in hardware as a collection of circuits. See Blackboard, Inc. v. Desire2Learn Inc., 574 F.3d 1371, 1385 (Fed. Cir. 2009) (“That ordinarily skilled artisans could carry out the recited function in a variety of ways is precisely why claims written in ‘means-plus-function’ form must disclose the particular structure that is used to perform the recited function.”). We also find that it is equally unclear whether the following means- plus-function limitations in claim 46, which appear to involve access control element 120, are implemented in hardware or in software structure (or some combination of both): means for matching matchable information, said matchable information being responsive to said packet label, with said set of access control patterns in parallel; means for making a routing decision in response to said access result; means for permitting or denying access for IPR2015-00976 Patent 7,023,853 B1 12 said packet; and means for receiving a packet label responsible to a packet, said packet label being sufficient to perform access control processing for said packet. Because the Specification of the challenged patent lacks sufficient disclosure of structure under 35 U.S.C. § 112, sixth paragraph, the scope of independent claim 46, and claims 47–52, 54, 56, and 59–62 that depend therefrom, cannot be determined without speculation and, consequently, the differences between the claimed invention and the prior art cannot be ascertained. Thus, we decline to institute an inter partes review as to any ground challenging claims 46–52, 54, 56, and 59–62. B. Asserted Anticipation by Hendel Petitioner contends that claim 63 is unpatentable under 35 U.S.C. § 102 as anticipated by Hendel. Pet. 32–52. Petitioner relies on the testimony of Dr. H. Johnathan Chao. Ex. 1003. 1. Hendel (Ex. 1007) Hendel describes a system and method for forwarding packets using multi-layer information in a multilayer network element that includes a switching element comprising forwarding logic. Ex. 1007, 1:5–8, Figs. 1–3. Hendel describes its approach using the OSI layer model for network communications. Id. at 2:5–39. In particular, Hendel describes forwarding logic 42 performing packet header analysis in both Layer 2 (“L2”) (i.e., “L2 Logic 62” (concerning link layer packet information)) and Layer 3 (“L3)”) (i.e., “L3 Logic 64” (concerning network layer packet information)). Id. at 10:12–33, Fig. 4. Each of these compares L2 and L3 information for the packet, respectively, to information stored in forwarding memory 40, which is a content addressable memory (“CAM”). Id. at 8:55–61. Hendel IPR2015-00976 Patent 7,023,853 B1 13 performs additional packet analysis in class logic 60. Id. at 11:49–60. Merge logic 66 receives information relating to both layers, as well as information from class logic 60, and determines what to do with the packet. Id. at 10:47–52; see also Ex. 1003 ¶¶ 109–10. Hendel discusses using its techniques for packet filtering (Ex. 1007, 9:21–25, 13:4–6), as well as for network firewall applications. Id. at 14:8–12. It discusses that merge logic 66 may, in some circumstances, instruct that packets be discarded where their proposed destination is inappropriate. Id. at 10:51–52. Hendel also discusses techniques for finding the best match for a particular search criteria among the various entries stored in the CAM. Id. at 12:51–55. 2. Analysis Petitioner contends that Hendel discloses all the limitations of independent claim 63. Pet. 50–52. Petitioner asserts Hendel discloses processing a packet by selecting an output interface to which to forward the packet, determining forwarding permission for the packet wherein the determining comprises matching one or more characteristics of a packet with one or more access control specifiers in at least one access control element, and processing the packet based on the forwarding permission where the selecting step is performed in parallel with the determining step. Pet. 50–52, citing Ex. 1003 ¶¶ 129–136. Claim 63 recites determining a forwarding permission for the packet, “wherein the determining comprises matching one or more characteristics of said packet with one or more access control specifiers in at least one access control element.” Ex. 1001, 12:21–38. Petitioner asserts Hendel discloses that “a packet may be directed to its destination or filtered; such results IPR2015-00976 Patent 7,023,853 B1 14 comprise ‘forwarding permission’ for those packets permitted to be passed to their destinations.” Pet. 50 (citing Ex. 1003 ¶ 131–134; Ex. 1007, 13:4– 8.) Patent Owner argues “Hendel’s packet forwarding is not the same as determining forwarding permissions (e.g., whether a packet is restricted from being transmitted from a selected source device to a selected destination device.)” Prelim. Resp. 34. Patent Owner also argues “Hendel’s minimal references to ‘filtering’ or ‘discarding’ packets does not concern access control,” that Hendel’s “packets are only filtered or discarded as part of the packet forwarding process when there is a problem with the packet,” and thus, “Hendel refers to such filtering or discarding occurring when packets are ‘ill-formed’ or have ‘no appropriate destination[s]’ or ‘unsupported’ headers.” Prelim Resp. 27 (citing Ex. 1007, 8:39–40, 10:51– 52, 13:9–11.) We agree. Petitioner has not shown that Hendel’s filtering decision is determined based on “matching one or more characteristics of said packet with one or more access control specifiers.” Petitioner simply states that the packet is “filtered.” Petitioner’s Declarant relies on the following text from Hendel: “In a preferred embodiment, the merge logic 66 directs the input port 50i to take one of the following actions on a packet: filter the packet; forward the packet at layer 2; forward the packet at layer 2; forward the packet as a layer 3 flow; process the packet as a layer 3 route; and forward the packet as multicast router.”) Ex. 1003 ¶ 132 (citing Ex. 1007, 13:4–8.) This citation does not specify, however, that a characteristic of the packet was matched to anything in order to make the filtering decision, only that the decision was the result of “merge logic.” IPR2015-00976 Patent 7,023,853 B1 15 Petitioner’s Declarant also relies on the following text from Hendel: “After the forwarding logic 52 has determined what to do with the packet, it passes that information to the input port 50i. If the input port 50i does not filter the packet, then it [takes actions to forward the packet].” Ex. 1003 ¶ 132 (citing Ex. 1007, 9:21–25.) However, this statement does not even say that forwarding logic tells input port 50i to filter the packet, and certainly does not explain how forwarding logic 52 would make a filtering decision. Finally, Petitioner’s declarant relies on Hendel’s discussion of sending the packet to a firewall for further processing if no match occurs (Ex. 1003 ¶ 132 (citing Ex. 1007, 9:21–25)), but the claim does not recite what happens if there is not a match. The specification confirms that a successful match is contemplated by the claims. Ex. 1001, 7:1–12, 27–39 (determining an input [or output] permission by “determining all of the successful matches”). Neither Petitioner, nor Petitioner’s Declarant, has tied the matching in Hendel to a decision whether or not to forward a packet. For the reasons stated above, we determine Petitioner has not shown sufficiently that Hendel discloses all of the limitations of independent claim 63. Accordingly, the information presented does not show a reasonable likelihood that Petitioner would prevail in showing that claim 63 is anticipated by Hendel. III. CONCLUSION The information presented does not show that there is a reasonable likelihood that Petitioner would prevail at trial with respect to at least one claim of the ’853 patent, based on any grounds presented in the Petition. On this record, we deny the Petition for inter partes review of claims 46–52, 54, 56, and 59–63. IPR2015-00976 Patent 7,023,853 B1 16 ORDER Accordingly, it is ORDERED that that the petition is DENIED as to all challenged claims, and no trial is instituted. IPR2015-00976 Patent 7,023,853 B1 17 PETITIONER: Walter Renner Kevin E. Greene David Goren FISH & RICHARDSON P.C. IPR40963-0004IP1@fr.com axf@fr.com PATENT OWNER: Lori A. Gordon Robert G. Sterne Jon E. Wright Byron L. Pickard STERNE, KESSLER, GOLDSTEIN & FOX P.L.L.C. lgordon-PTAB@skgf.com rsterne-PTAB@skgf.com jwright-PTAB@skgf.com bpickard-PTAB@skgf.com

Arista Networks, Inc. v. Cisco Systems, Inc.