`
`Filed on behalf of Unified Patents Inc.
`By: Scott A. McKeown, Reg. No. 42,866
`Victor Cheung, Reg. No. 66,229
`OBLON, MCCLELLAND, MAIER & NEUSTADT, L.L.P.
`1940 Duke Street
`Alexandria, VA 22314
`Tel: (703) 413-3000
`Email: cpdocketmckeown@oblon.com
`
`Roshan S. Mansinghani, Reg. No. 62,429
`Jonathan Stroud, Reg. No. 72,518
`Unified Patents Inc.
`1875 Connecticut Ave. NW, Floor 10
`Washington, D.C., 20009
`Tel: (214) 945-0200
`Email: roshan@unifiedpatents.com
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`Unified Patents Inc.,
`Petitioner
`
`v.
`
`Catonian IP Management LLC
`Patent Owner
`
`IPR2017-_____
`U.S. Patent No. 8,799,468
`____________
`
`PETITION FOR INTER PARTES REVIEW
`OF CLAIMS 1-5, 9, 11-13, 19, 23-27, AND 32-34
`OF U.S. PATENT NO. 8,799,468 UNDER 35 U.S.C. §§311-319
`
` 
`
`
`EXHIBIT 2002
`
`

`

`
`
`TABLE OF CONTENTS
`
`I. 
`
`INTRODUCTION ......................................................................................... 1 
`
`II.  MANDATORY NOTICES ........................................................................... 1 
`
`A. 
`
`B. 
`
`C. 
`
`D. 
`
`E. 
`
`Real Party-in-Interest ............................................................................ 1 
`
`The Patent Owner .................................................................................. 2 
`
`Related Matters ...................................................................................... 2 
`
`Identification of Lead and Back-Up Counsel........................................ 2 
`
`Service Information ............................................................................... 3 
`
`III.  PAYMENT OF FEES ................................................................................... 3 
`
`IV.  REQUIREMENTS FOR INTER PARTES REVIEW ................................ 4 
`
`A.  Grounds for Standing ............................................................................ 4 
`
`B. 
`
`Identification of Challenge Under 37 C.F.R. §42.104(b) ..................... 4 
`
`1.  The Specific Art on which the Challenge is Based .......................... 4 
`
`2.  The Specific Grounds on which the Challenge is Based ................. 5 
`
`V.  DECLARATION EVIDENCE ..................................................................... 6 
`
`VI.  U.S. PATENT 8,799,468 ................................................................................ 6 
`
`A. 
`
`B. 
`
`C. 
`
`Summary ............................................................................................... 6 
`
`Prosecution History ............................................................................. 10 
`
`Background of the Technology ........................................................... 11 
`
`VII.  PERSON OF ORDINARY SKILL IN THE ART .................................... 12 
`
`VIII.  CLAIM CONSTRUCTION (37 C.F.R. §42.104(b)(3)) ............................ 13 
`
`A. 
`
`B. 
`
`“service provider network” ................................................................. 13 
`
`“controller instructions” ...................................................................... 14 
`
` 
`
`
`EXHIBIT 2002
`
`

`

`
`
`C. 
`
`“gateway unit” ..................................................................................... 16 
`
`IX.  GROUNDS OF UNPATENTABILITY ..................................................... 17 
`
`A.  Ground 1: Freund Renders Claims 1-5, 9, 12, 19, 23-27, and 33
`Obvious ............................................................................................... 18 
`
`1.  Freund ............................................................................................. 18 
`
`B. 
`
`Ground 2: Spusta Renders Claims 1-3, 11, 13, 23-25, 32, and
`34 Obvious .......................................................................................... 67 
`
`1.  Spusta ............................................................................................. 68 
`
`X.  CONCLUSION ..........................................................................................106 
`
` 
`
`
`
`
`
`
`
` 
`
`
`EXHIBIT 2002
`
`

`

`
`
`EXHIBIT LIST
`
`Exhibit Description
`
`1001
`
`U.S. Patent No. 8,799,468 to Burke, II et al.
`
`Andrew S. Tanenbaum, “Computer Networks,” Prentice-Hall, Inc.
`3rd ed., 1996, pp. 4-8, 50-56, 408-413
`
`Declaration of Norman Hutchinson, Ph.D.
`
`U.S. Patent No. 5,987,611 to Freund
`
`U.S. Patent Application No. US 2002/0032870 to Spusta et al.
`
`Norbert Pohlmann et al., “Firewall Architecture for the Enterprise,”
`Wiley Publishing, Inc. 2002, pp. 114-135, 149-155, 174-181, 308-
`315
`
`Webster’s New World Dictionary of American English (3rd ed.,
`1988)
`
`Prosecution History of Application No. 13/369,174, resulting in
`U.S. Patent No. 8,799,468
`
`U.S. Patent No. 5,987,606 to Cirasole et al.
`
`Declaration of  Scott Bennett, Ph.D.
`
`U.S. Patent No. 8,122,128 to Burke, II et al.
`
`U.S. Provisional Patent Application No. 60/523,057
`
`U.S. Provisional Patent Application No. 60/538,370
`
`U.S. Provisional Patent Application No. 60/563,064
`
`1002
`
`1003
`
`1004
`
`1005
`
`1006
`
`1007
`
`1008
`
`1009
`
`1010
`
`1011
`
`1012
`
`1013
`
`1014
`
`
`
`i
`
`
`EXHIBIT 2002
`
`

`

`
`
`I.
`
`INTRODUCTION
`
`Pursuant to 35 U.S.C. §§311-319, Unified Patents Inc., (“Unified” or
`
`“Petitioner”) petitions the PTAB to institute inter partes review of claims 1-5, 9,
`
`11-13, 19, 23-27, and 32-34 of U.S. Patent No. 8,799,468 to Burke, II et al. (“the
`
`’468 Patent,” EX1001).
`
`The ’468 Patent claims that regulating network access by using a centralized
`
`controller is new. It is not. Regulating network access has been around since the
`
`advent of networks themselves, and virtually every different architecture for doing
`
`so has been used, including using a centralized controller. None of the devices
`
`claimed in the ’468 Patent are new, nor is their combined presence in the same
`
`network system new, nor is their specific usage to regulate network access new. As
`
`the prior art discussed in this Petition shows, the challenged claims recite nothing
`
`more than well-known, network-access regulation using a well-known architecture.
`
`
`
`II. MANDATORY NOTICES
`
`Pursuant to 37 C.F.R. §42.8(a)(1), Petitioner provides the following
`
`mandatory disclosures:
`
`A. Real Party-in-Interest
`
`Pursuant to 37 C.F.R. §42.8(b)(1), Petitioner certifies that Unified is the real
`
`party-in-interest.
`
`
`
`1
`
`EXHIBIT 2002
`
`

`

`
`
`B.
`
`The Patent Owner
`
`The ’468 Patent is assigned to Catonian IP Management, LLC (“Catonian”).
`
`C. Related Matters
`
`The ’468 Patent has been asserted in the following now-closed litigations,
`
`none of which involve Unified:
`
`1.
`
`Catonian IP Management, LLC v. Charter Communications, Inc. et
`
`al., Case No. 2:17-cv-00191 (E.D. Tex. March 10, 2017); and
`
`2.
`
`Catonian IP Management, LLC v. Cequel Communications, LLC et
`
`al., Case No. 2:17-cv-00190 (E.D. Tex. March 10, 2017).
`
`D.
`
`Identification of Lead and Back-Up Counsel
`
`Pursuant to 37 C.F.R. §42.8(b)(3), Petitioner provides the following
`
`designation of counsel: lead counsel is Scott A. McKeown (Reg. No. 42,866),
`
`primary back-up counsel is Roshan S. Mansinghani (Reg. No. 62,429), and other
`
`back-up counsel are Victor Cheung (Reg. No. 66,229) and Jonathan Stroud (Reg.
`
`No. 72,518).
`
`
`
`
`
`
`
`
`
`
`
`2
`
`EXHIBIT 2002
`
`

`

`
`
`E.
`
`Service Information
`
`Pursuant to 37 C.F.R. §42.8(b)(4), papers concerning this matter should be
`
`served on the following:
`
`
`
`Address: Scott A. McKeown
`Oblon LLP
`1940 Duke Street
`Alexandria, VA 22314
`cpdocketmckeown@oblon.com
`Email:
`Telephone: 703-413-3000
`Fax:
`703-413-2220
`
`
`Jonathan Stroud, Chief Patent Counsel
`Address:
`Unified Patents Inc.
`
`
`1875 Connecticut Ave. NW, Floor 10
`
`
`Washington, D.C. 20009
`
`
`jonathan@unifiedpatents.com
`Email:
`Telephone: 202-805-8931
`Fax:
`650-887-0349
`
`
`Petitioner consents to service via email to cpdocketmckeown@oblon.com and
`
`roshan@unifiedpatents.com.
`
`
`
`III. PAYMENT OF FEES
`
`The undersigned authorizes the Office to charge the required fees and any
`
`additional fees that might be due to Deposit Account No. 15-0030.
`
`
`
`
`
`
`
`3
`
`EXHIBIT 2002
`
`

`

`
`
`IV. REQUIREMENTS FOR INTER PARTES REVIEW
`
`As set forth below and pursuant to 37 C.F.R. §42.104, each requirement for
`
`inter partes review of the ’468 Patent is satisfied.
`
`A. Grounds for Standing
`
`Petitioner certifies pursuant to 37 C.F.R. §42.104(a) that the ’468 Patent is
`
`available for inter partes review and that Petitioner is not barred or estopped from
`
`requesting inter partes review challenging the patent claims on the grounds
`
`identified herein.
`
`B.
`
`Identification of Challenge Under 37 C.F.R. §42.104(b)
`
`Petitioner requests inter partes review and cancellation of ’468 Patent claims
`
`1-5, 9, 11-13, 19, 23-27, and 32-34 as being obvious under 35 U.S.C. §103. The
`
`’468 Patent is a continuation of Application No. 10/989,023, now U.S. Patent No.
`
`8,122,128 (EX1011), filed on November 16, 2004 and also claims priority to three
`
`provisional applications (EX1012-EX1014), the earliest filed on November 18,
`
`2003. (EX1001).
`
`1.
`
`The Specific Art on which the Challenge is Based
`
`Petitioner relies upon the following patent and published application, neither
`
`of which was considered by the examiner during the ’468 Patent’s prosecution:
`
`EX1004 – Issued on November 16, 1999, U.S. Patent No. 5,987,611
`
`(“Freund”) is prior art under 35 U.S.C. §102(b).
`
`
`
`4
`
`EXHIBIT 2002
`
`

`

`
`
`EX1005 – Published on March 14, 2002, U.S. Patent Application
`
`Publication No. US 2002/0032870 (“Spusta”) is prior art under 35 U.S.C. §102(b).
`
`2.
`
`The Specific Grounds on which the Challenge is Based
`
`Petitioner respectfully requests cancellation of claims 1-5, 9, 11-13, 19, 23-
`
`27, and 32-34 based on the following grounds:1
`
`                                                            
`1 Grounds 1 and 2 are each single reference obviousness rejections under 35 U.S.C.
`
`§103(a). As discussed in below, Freund and Spusta teach all the features in the
`
`respective claims of the ’468 Patent. Depending on claim interpretation, one might
`
`argue that some features are not explicitly disclosed as being present in the same
`
`individual embodiment(s). (See Net MoneyIn, Inc. v. Verisign, Inc., 545 F.3d 1359,
`
`1368-71 (Fed. Cir. 2008).) For example, components in both Figs. 3A and 3B of
`
`Freund are relied on in Ground 1, but the configurations in those figures are
`
`described as being modifications of one another. (EX1004, 21:57-59). Based on
`
`Freund’s own disclosure, a person of ordinary skill in the art (“POSA”) would
`
`have understood that Figs. 3A and 3B are obvious variants of each other, despite
`
`being “alternative” embodiments. Therefore, Freund and Spusta, individually,
`
`teach all features claimed by the ’468 Patent, which would have been obvious to a
`
`POSA when considering either Freund or Spusta as a whole, respectively, as
`
`discussed in the grounds of unpatentability below.
`
`
`
`5
`
`EXHIBIT 2002
`
`

`

`
`
`#
`
`1
`
`2
`
`Claims
`
`35 U.S.C. §
`
` Prior Art
`
`1-5, 9, 12, 19,
`23-27, 33
`
`1-3, 11, 13,
`23-25, 32, 34
`
`103(a)
`
` Freund
`
`103(a)
`
` Spusta
`
`
`
`
`V. DECLARATION EVIDENCE
`
`
`
`This Petition is supported by the declaration of Professor Norman
`
`Hutchinson, Ph.D., a Computer Science professor at the University of British
`
`Columbia with over twenty-five years of experience in distributed systems, having
`
`written and lectured extensively on this topic. See EX1003. Dr. Hutchinson
`
`performed a thorough analysis of the skill level of a POSA, EX1003, ¶¶18-21, the
`
`content and state of the prior art, id., ¶¶31-51, claim construction, id., ¶¶52-70, and
`
`the teachings and suggestions that a POSA would have understood based on the
`
`prior art, id., ¶¶71-198, including a thorough element-by-element analysis of the
`
`asserted prior art.
`
`
`
`VI. U.S. PATENT 8,799,468
`
`A.
`
`Summary
`
`The ’468 Patent is concerned with a concept that was already old as of 2003:
`
`regulating Internet access. It simply seeks to prevent users from accessing content
`
`
`
`6
`
`EXHIBIT 2002
`
`

`

`
`
`(such as Internet sites) by using a centralized controller. (EX1001, Abstract ). The
`
`controller (the “internet control point” or “ICP) sends instructions to various
`
`gateway units (“communication gateways” or “CGs”) to provide access restrictions
`
`on users at subscriber terminals associated those gateway units. When the user
`
`requests access to a web site, the request is evaluated by the gateway unit, and
`
`access is granted or denied based on the instructions from the controller. (EX1001,
`
`2:23-38, 3:34-4:48).
`
`As shown in the flow chart of Fig. 5 below, the alleged invention of the ’468
`
`Patent can be distilled into as little as four steps, most of which describe trivial
`
`steps of requesting and sending data:
`
`
`
`7
`
`EXHIBIT 2002
`
`

`

`
`
` 
`Similarly, claim 1 of the ’468 Patent is directed to these broad functions:
`
`“generat[ing] controller instructions,” “transmit[ting] the controller instructions,”
`
`receiv[ing] the controller instructions,” “receiv[ing] user-entered content requests,”
`
`“selectively transmit[ting] the content requests … in accordance with the controller
`
`instructions,” and “transfer[ring] received content data.” (EX1001, 18:30-54.) The
`
`remainder of the claim describes the system’s architecture that performs the above
`
`
`
`8
`
`EXHIBIT 2002
`
`

`

`c network
`functionns, but thesse, too, desscribe basi
`
`
`
`
`
`
`
`es).
`interface, processoors, networrk interfac
`
`
`
`
`
`
`
`
`
`AAnnotated
`
`
`
`Fig. 1 off the ’4688 Patent,
`
`
`
`
`
`elements aand functioons (i.e., a
`
`
`
`
`
`user
`
`
`
`below, shhows this
`
`basic sy
`
`stem
`
`
`
`structurre, in whicch users arre connectted to commmunicatioon gatewayys (in orannge),
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`and an
`
`
`
`
`
`
`
`
`
`
`
`internet ccontrol pooint (in reed) commuunicates wwith the ccommunicaation
`
`
`
`
`
`
`
`n yellow). network (ingatewayys over a n
`
`
`
`
`
`
`
`TTo ensure
`
`
`
`each gatewway unit hhas up-to--date accesss instructtions, bothh the
`
`
`
`
`
`
`
`
`
`
`
`
`
`controlller and thee gateway uunits have databasess that storee access innstructions,, and
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the conttroller sendds new dattabase entrries to the
`
`
`
`
`
`
`
`
`
`gateway uunits. (EX11001, 6:15--18).
`
`
`
`
`
`
`
`9
`
`EXHIBIT 2002
`
`

`

`
`
`Database entries may include, for example, blocked or permitted URLs or IP
`
`addresses. (EX1001, 16:15-50). See also EX1003, ¶¶22-25.
`
`As seen above, the alleged invention of the ’468 Patent is no more than a
`
`collection of network-connected computing elements, in which one computing
`
`element instructs another computing element to regulate access to certain content.
`
`But, the regulation of access through issuing instructions is an old and well-known
`
`technique. As will be discussed throughout this Petition, others in the field had
`
`already used the alleged invention of the ’468 Patent well prior to the date in
`
`question.
`
`B.
`
`Prosecution History
`
`Issued on August 5, 2014, the ’468 Patent had a short prosecution history,
`
`with the examiner considering less than a dozen references. (EX1008; EX1001, p.
`
`1). The examiner issued a restriction requirement and a single office action that
`
`rejected the claims on double patenting, anticipation, and obviousness grounds.
`
`(See EX1008, pp. 141-144 and 164-180). In responding to the prior art rejections,
`
`the applicants distinguished over the primary reference, Gregg, by arguing: “it is
`
`submitted that Gregg does not teach the recited ‘controller node,’ ‘controller
`
`instructions,’ and ‘gateway units,’ and the relationships between them, i.e., the
`
`‘controller node’ generating the ‘controller instructions,’ and transmitting the
`
`‘controller instructions’ to the ‘gateway units,’ for the ‘gateway units’ to use to
`
`
`
`10
`
`EXHIBIT 2002
`
`

`

`
`
`‘selectively transmit content requests to the service provider network.’” (EX1008,
`
`p. 205). On June 3, 2014, the examiner allowed the claims, stating only generally
`
`that the prior art did not teach or render obvious every element recited in the
`
`independent claims. (See EX1008, pp. 221-227).
`
`Therefore, one can infer that the examiner believed the alleged point of
`
`novelty was in the particular claimed network architecture (i.e., gateway units and
`
`a controller) and their interactions (i.e., the controller sends instructions to the
`
`gateway units for regulating network access). The prior art references discussed
`
`below, which were not before the examiner, show that this architecture and the
`
`interactions between the various components were well known, rendering each of
`
`the challenged claims unpatentable.
`
`C. Background of the Technology
`
`Regulating user access in a networked computer system was well-known
`
`and well-published prior to 2003. For example, several books were published prior
`
`to 2003 that explain, in great detail, the need for network security and how to
`
`implement such security protocols. (EX1003, ¶¶31-47).
`
`Additionally, prior to 2003, a POSA would have understood that regulating
`
`access to information on the Internet could take a number of available forms based
`
`on the needs of the engineer designing the system. U.S. Patent No. 5,987,606,
`
`issued on November 16, 1999 to Cirasole et al. (“Cirasole”), for example,
`
`
`
`11
`
`EXHIBIT 2002
`
`

`

`
`
`describes a number of the possible variants for regulating access to the Internet,
`
`otherwise known as content filtering. (EX1009). These include exclusive
`
`filtering, or black-listing, which prevents access to all sites on a predetermined list
`
`of Internet sites and inclusive filtering, or white-listing, which allows access only
`
`to a predetermined list of Internet sites. (EX1009, 1:44-48; EX1003, ¶34).
`
`Cirasole also describes that there are a number of locations in the network
`
`where the filtering can be performed: (1) on the local (client) machine (EX1009,
`
`1:58-2:12); (2) on a local server, just like the ’468 Patent (EX1009, 2:13-35); and
`
`(3) on the server that stores the content (EX1009, 2:36-45). Cirasole makes it
`
`clear that these various options were all well within the skill set of a POSA before
`
`2003, and that such a person would have readily pursued any one of those
`
`architectures depending on their specific design goals. (EX1009, 1:15-2:49;
`
`EX1003, ¶35). Thus, content filtering and the various architectures to perform this
`
`functionality–including the ’468 Patent’s architecture–were well known before
`
`2003. (EX1003, ¶¶31-47).
`
`
`
`VII. PERSON OF ORDINARY SKILL IN THE ART
`
`The level of ordinary skill in the art is evidenced by the prior art. See In re
`
`GPAC Inc., 57 F.3d 1573, 1579 (Fed. Cir. 1995) (determining that the Board did
`
`not err in adopting the approach that the level of skill in the art was best
`
`
`
`12
`
`EXHIBIT 2002
`
`

`

`
`
`determined by references of record). The prior art discussed herein, and in the
`
`declaration of Dr. Hutchinson, demonstrates that a POSA, at the time the ’468
`
`Patent was filed, would have had a bachelor’s degree in Computer Science, or
`
`related discipline, and two years of relevant experience and knowledge of
`
`regulating network access and designing such systems, TCP/IP-based networking
`
`as practiced in the Internet, routers, web proxies, web caches, and web servers, and
`
`distributed systems and their advantages and management. (EX1003, ¶21).
`
`
`
`VIII. CLAIM CONSTRUCTION (37 C.F.R. §42.104(b)(3))
`
`The ’468 Patent has not expired, and thus, its claims should be interpreted
`
`according to their broadest reasonable interpretation (“BRI”) in view of the
`
`specification in which they appear. 37 C.F.R. §42.100(b). Petitioner adopts the
`
`plain meaning for all claims terms, unless otherwise discussed below.
`
`A.
`
`“service provider network”
`
`All challenged claims recite this term. “Service provider network,” as used
`
`in the ’468 Patent, should be interpreted as “a network over which content is
`
`delivered.”
`
`The term “service provider network” does not appear in the specification.
`
`The specification, however, discusses “service providers,” explaining that “service
`
`providers [are] for delivering content” and that “[s]ervice providers include…
`
`
`
`13
`
`EXHIBIT 2002
`
`

`

`
`
`telephone line carriers, enterprise data centers, and cable television providers.”
`
`(EX1001, 1:24-37).
`
`For example, the specification discusses service providers delivering content
`
`over the Internet, and as such, the Internet serves as one example of a service
`
`provider network, as would a LAN. (EX1001, 1:42-2:2; 3:43-46; 4:54-63; 6:54-
`
`62).
`
`Accordingly, a POSA would have understood the BRI of “service provider
`
`network” to be “a network over which content is delivered.” (EX1003, ¶¶53-55).
`
`B.
`
`“controller instructions”
`
`All challenged claims recite this term. “Controller instructions,” as used in
`
`the ’468 Patent, should be interpreted as “information that is sent by the controller
`
`that is used to direct the actions of a network unit.”
`
`The specification does not describe any form of controller instructions, nor
`
`does it provide any explicit examples of controller instructions as they would have
`
`been implemented in practice. Instead, controller instructions are only described
`
`according to their purposes (i.e., what the network units do according to the
`
`instructions). (EX1001, 10:7-13; 10:59-63). In the ’468 Patent, the “instructions”
`
`are from a controller (e.g., an ICP), typically to another network unit (e.g., gateway
`
`units or SPA (Service Preference Architecture)-controlled network elements).
`
`(EX1001, 3:37-50; 5:19-23). Functionally, the “instructions” are information
`
`
`
`14
`
`EXHIBIT 2002
`
`

`

`
`
`primarily used by gateway units to allow or deny access to a network server.
`
`(EX1001, 9:55-61). For example, the instructions sent from the controller may
`
`include lists of URLs or IP addresses that should be blocked from subscriber
`
`access. (See EX1001, 8:54-59, 14:39-41, 15:53-18:21).
`
`In this way, the controller instructions may include entries (e.g., URLs and
`
`IP addresses) for a rule list to be followed by the gateway units:
`
`In step 400, a gateway unit associated with a user receives
`controller instructions from the network. Next, at step 402, the
`gateway unit receives a network access request from a user, via a
`subscriber terminal. At step 404, the gateway unit selectively
`transmits the network access requests over the network in
`accordance with the controller instructions.
`
`…
`
`CGs 58, under ICP 50 control, may provide a network-based Digital
`Rights Management (DRM) service. The DRM service denies
`subscribers the capability to send or to receive data from or to “pirate”
`URLs or IP addresses that are known to contain unlicensed
`copyrighted material. In implementing this denial, CG 58 deletes
`the “pirate” URL or IP address and substitutes the URL or IP
`address of a site that offers licensed copyrighted materials for
`legal, authorized sale. The list of “pirate” URLs or IP addresses that
`are known to contain unlicensed copyrighted material may be
`regularly updated, similar to the manner in which virus definitions are
`regularly updated.
`
`
`
`15
`
`EXHIBIT 2002
`
`

`

`
`
`…
`
`Upon registration of a CG 58 as “active,” ICP 50 may update the list
`in CG 58 of DRM URL or IP address substitutions.
`
`(EX1001, 7:55-8:18, emphasis added). 
`
`Accordingly, a POSA would have understood that the BRI of “controller
`
`instructions” is “information that is sent by the controller that is used to direct the
`
`actions of a network unit.” And, as discussed above, the controller instructions
`
`may include URLs or IP addresses or a database or list of URLs or IP addresses.
`
`(EX1003, ¶¶56-64).
`
`C.
`
`“gateway unit”
`
`All challenged claims recite this term. “Gateway unit,” as used in the ’468
`
`Patent, should be interpreted as “a network component that regulates access to a
`
`network.”
`
`The specification refers to gateway units as “Communication Gateways
`
`(CGs)” (EX1001, 3:39-40) and describes that they perform “packet inspection
`
`processing… to determine which data can be allowed to flow through CGs 58 to
`
`and from subscriber terminals.” (EX1001, 5:26-33).
`
`The ’468 Patent describes that the gateway unit may be separate from, or
`
`integrated with, the subscriber terminal:
`
`
`
`16
`
`EXHIBIT 2002
`
`

`

`
`
`A subscriber terminal 601, 602, … 60n may be connected to each
`respective CG 58, or in an alternative embodiment not shown, may be
`combined with each respective CG 58 to form “converged” CGs 58.
`
`(EX1001, 4:67-5:3).
`
`The specification further explains that the gateway units can be implemented
`
`in a wide variety of forms, including: a server, a modem, a router, a “module that
`
`combines TV, video, internet and voice access,” a set top device, “or other fixed or
`
`mobile computing, playback, recording, display or communications device,” even
`
`a phone or VCR. (EX1001, 6:54-62).
`
`Accordingly, a POSA would have understood that the BRI of the term
`
`“gateway unit” in the context of the ’468 Patent is “a network component that
`
`regulates access to a network.” (EX1003, ¶¶65-70).
`
`
`
`IX. GROUNDS OF UNPATENTABILITY
`
`Pursuant to 37 C.F.R. §42.104(b)(4) and (5), this section demonstrates on an
`
`element-by-element basis that claims 1-5, 9, 11-13, 19, 23-27, and 32-34 of the
`
`’468 Patent are unpatentable as being obvious in view of Freund and Spusta. For
`
`ease of reference, this analysis includes letters for the individual claim elements
`
`(e.g., “1[a]”). This analysis is based on and supported by Dr. Hutchinson’s
`
`analysis of the ’468 Patent and the prior art cited herein. (See EX1003).
`
`
`
`17
`
`EXHIBIT 2002
`
`

`

`
`
`A. Ground 1: Freund Renders Claims 1-5, 9, 12, 19, 23-27, and 33
`Obvious
`
`1.
`
`Freund
`
`Freund describes a “system and methods for client-based monitoring and
`
`filtering of access, which operates in conjunction with a centralized enforcement
`
`supervisor.” (EX1004, 3:51-54). Freund’s system includes a centralized
`
`controller which maintains the access rules for the client based filter, client
`
`applications which filter access, and one or more access management applications
`
`that set access rules for the entire LAN for one or more workgroups or individual
`
`users.
`
`Freund’s architecture is virtually indistinguishable from the ’468 Patent’s
`
`architecture. The central controller sends the rules appropriate for a user or
`
`workstation to the client-based monitor that allows or denies user access to
`
`network servers per the instructions received from the central controller. The
`
`instructions can also direct the access monitor to generate notifications when
`
`access to particular network servers is attempted or re-direct an access from one
`
`network server to another. (EX1004, 28:45-47; 30:52-57; Abstract; EX1003, ¶48).
`
`One embodiment of Freund’s overall architecture is shown in annotated Fig.
`
`3A (below, left). Highlighted are the client computers with monitors (i.e., the
`
`claimed “gateway units”) in orange, the supervisor node (i.e., the claimed
`
`“controller”) in red, and the Internet (i.e., the network to which access is to be
`
`
`
`18
`
`EXHIBIT 2002
`
`

`

`
`
`controllled) in yelllow. (EX11003, ¶¶49, 73-74, 777). A side--by-side coomparison
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`with
`
`
`
`the archhitecture oof the ’4668 Patent ((below, ri
`
`
`
`
`
`
`
`
`
`
`
`kable ght) demoonstrates thhe remark
`
`
`
`
`
`similarity betweenn the two ssystems.
`
`
`
`
`
`
`
`a.
`
`
`
`FFreund
`
`
`
`
`
`Thee ’468 Pateent
`
`
`
`
`
`
`Claim 1[[preamblee]: “A systtem for reggulating aaccess to a
`
`
`
`service pprovider nnetwork, thhe system
`
`comprisinng,”
`
`
`
`
`
`AA “servicee providerr network”” is “a nnetwork ovver whichh services
`
`
`
`
`
`
`
`
`
`
`
`
`
`are
`
`
`
`provideed,” and thee Internet
`
`
`
`
`
`is one suchh example disclosed
`
`
`
`
`
`in the ’4668 Patent.
`
`(See
`
`
`
`supra SSection VIIII(A)).
`
`
`
`
`
`FFreund disscloses a
`
`
`
`“system
`
`
`
`and metthods for
`
`
`
`regulatingg access
`
`and
`
`
`
`
`
`
`
`computer maintainning securrity of individual c
`
`
`
`
`
`systems aand local
`
`
`
`area netwworks
`
`
`
`
`
`
`
`
`
`ANs), ks or WA(LANs)) connecteed to largeer open neetworks (WWide Areaa Network
`
`
`
`
`
`
`
`
`
`
`
`includinng the Interrnet.” (EXX1004, 1:244-29; EX1
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Inn additionn to providding a sysstem for re
`egulating
`
`003, ¶79).
`
`
`
`access to
`
`
`
`a larger oopen
`
`
`
`networkk, Freund
`
`
`
`
`
`also disclooses applying its techhniques too the open
`
`
`
`
`
`19
`
`
`
`network iitself
`
`EXHIBIT 2002
`
`

`

`
`
`by explaining that the system “can alternately be implemented for establishing a
`
`monitoring and filtering system for Internet Service Providers (ISPs) or similar
`
`organizations.” (EX1004, 21:50-52; EX1003, ¶80; see infra Sections IX(A)(1)(b)
`
`and (d)).
`
`b.
`
`Claim 1[a]: “a controller node coupled to the service
`provider network,”
`
`Freund discloses a controller node coupled to the service provider network.
`
`In annotated Fig. 3A below, Freund describes a “centralized enforcement
`
`supervisor” (EX1004, Abstract) on a server or client (13:65-14:5) (hereinafter
`
`referred to as a “supervisor node”) which, in conjunction with clients, performs
`
`monitoring and filtering. A POSA would have understood that the supervisor node
`
`is the claimed controller node because it performs the role of determining which
`
`users are permitted to contact which network resources. Additionally, in Freund,
`
`the supervisor node, shown in red below, is connected to a service provider
`
`network (the Internet) at a local area network (LAN). (EX1003, ¶83).
`
`
`
`20
`
`EXHIBIT 2002
`
`

`

`
`
`
`
`
`
`maintainss the
`
`
`
`FFreund expplains thatt the “centtral supervvisor appliication …
`
`
`
`
`
`
`
`
`
`
`
`access
`
`rules for
`
`
`
`the clientt based fiilter and vverifies thhe existencce and prroper
`
`
`
`
`
`
`
`
`
`
`
`
`
`plication.” d filter applient-basedoperatioon of the c
`
`
`
`
`
`
`
`(EX1004,
`
`
`
`3:64-67, ssee also 122:54-
`
`
`
`
`
`65). AAccordinglyy, a POSAA would hhave underrstood thaat not onlyy does Freeund
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`disclosee a controoller node
`
`
`
`coupled
`
`
`
`
`
`
`
`to the seervice provvider netwwork, but
`
`that
`
`
`
`Freund’s central
`
`
`
`supervisorr applicatioon, the suupervisor nnode, perfoorms the ssame
`
`
`
`
`
`
`
`
`
`
`
`
`
`controller functionns as the c
`
`
`
`
`
`node as cclaimed. ((EX1003,
`
`
`
`
`
`21
`
`
`
`¶84). Frreund’s serrvice
`
`
`
`EXHIBIT 2002
`
`

`

`
`
`provider network and the supervisor being coupled to and communicating over this
`
`network are described in greater detail with respect to claim 1[c].
`
`c.
`
`Claim 1[b]: “the controller node comprising a first
`processor configured to generate controller instructions,
`and”
`
`Freund discloses that the supervisor node includes a first processor
`
`configured to generate controller instructions because Freund discloses that, in
`
`some instances, the supervisor node can be implemented using a client with a
`
`supervisor component (“The network 320 is connected to a server 321 (or another
`
`client) having a supervisor or verifier component”) and that clients include
`
`processors. (EX1004, 13:65-14:5, 14:52-64, 7:33-43). Annotated Fig. 1 shows
`
`this processor:
`
`
`
`22
`
`EXHIBIT 2002
`
`

`

`
`
`
`
`
`
`st processoor in
`
`
`
`Moreovver, even
`
`
`
`though Frreund doees not expplicitly dissclose servvers incluuding
`
`
`
`
`
`
`
`
`
`
`
`
`
`clude a firOSA to incus to a PObeen obviould have bprocessors, it wou
`
`
`
`
`
`
`
`
`
`
`
`
`
`onnected trk 320 is cothe networase where te, in the cathe servver because
`
`
`
`
`
`
`
`
`
`
`
`
`
`the servver would bbenefit fromm being coomprised oof a systemm such as s
`
`
`
`
`
`
`
`
`
`
`
`o a server
`
`321,
`
`
`
`ystem 1000 like
`
`
`
`23
`
`EXHIBIT 2002
`
`

`

`
`
`a client, with well-known computing components such as a processor for carrying
`
`out Freund’s management functions. (EX1003, ¶86).
`
`Freund discloses that the supervisor node’s processor is configured to
`
`generate controller instructions as claimed. As discussed, controller instructions
`
`are “information sent by the controller that is used to direct the actions of a
`
`network unit.” In Freund, such “instructions” are implemented in the form of
`
`“rules” distributed from the controller node/supervisor node: “[t]he system should
`
`preferably support centrally-maintained access rules.”
`
` (EX1004, 8:48-49;
`
`EX1003, ¶¶87-89; see supra Section VIII(B)).
`
`Examples of Freund’s rules are shown in the annotated excerpt of Fig. 7A,
`
`below. For example, the rules may restrict access to particular websites, may deny
`
`access to particular files and services, may be configured to apply to certain users,
`
`and may be paired with actions to be performed when those rules are violated, such
`
`as redirecting traffic.
`
`
`
`24
`
`EXHIBIT 2002
`
`

`

`
`
`
`
`
`
`FFreund expplains that
`
`
`
`
`
`the accesss rules cann include ““total timee a user caan be
`
`
`
`
`
`
`
`
`
`
`
`connectted to the IInternet,” ““a list of appplicationss … that a user can oor cann