UNITED STATES PATENT AND TRADEMARK OFFICE
`
`__________________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`__________________________
`
`NETSKOPE, INC.,
`Petitioner,
`v.
`FORTINET, INC.,
`Patent Owner.
`__________________________
`
`PTAB Case No. IPR2023-00175
`Patent No. 9,197,601 B2
`__________________________
`
`DECLARATION OF WENKE LEE, PH.D. IN SUPPORT OF PETITION FOR
`INTER PARTES REVIEW OF U.S. PATENT NO. 9,197,601 B2
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 1 of 465
`
`

`

`
`
`
`I. 
`
`TABLE OF CONTENTS
`
`II. 
`
`INTRODUCTION .......................................................................................... 1 
`A.  Qualifications ....................................................................................... 2 
`1. 
`Education ................................................................................... 2 
`2.  Work Experience ........................................................................ 2 
`3. 
`Publications ................................................................................ 5 
`4. 
`Curriculum Vitae ........................................................................ 5 
`B.  Materials Reviewed .............................................................................. 5 
`C. 
`Level of Ordinary Skill in the Art ........................................................ 7 
`D. 
`Summary of Opinions .......................................................................... 8 
`OVERVIEW OF THE TECHNOLOGY ........................................................ 9 
`A. 
`Priority Date of the Claims ................................................................... 9 
`B. 
`Overview of Relevant Technology When the ’601 Patent Was
`Filed .................................................................................................... 10 
`1. 
`Customizable network and security services ........................... 10 
`2. 
`Unified security solutions and points of presence (PoP) ......... 12 
`3.  Multi-user systems ................................................................... 17 
`4. 
`Parallel and serial processing ................................................... 18 
`The ’601 Patent .................................................................................. 20 
`C. 
`The Challenged Claims ...................................................................... 21 
`D. 
`Claim Construction ............................................................................ 21 
`E. 
`III.  UNPATENTABILITY OF THE ’601 PATENT CLAIMS ......................... 22 
`A. 
`Standards for Invalidity ...................................................................... 22 
`1. 
`Obviousness ............................................................................. 22 
`IV.  SPECIFIC GROUNDS FOR PETITION ..................................................... 24 
`A.  Ground I: Combination of Hudis and Fendick renders claims 1-
`14, 17-21 obvious. .............................................................................. 24 
`1.  Motivations to combine. .......................................................... 29 
`2. 
`Claim 1 ..................................................................................... 31 
`
`
`
`-i-
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 2 of 465
`
`

`

`
`
`B. 
`
`Claim 18 ................................................................................... 66 
`3. 
`Claim 2 ..................................................................................... 69 
`4. 
`Claims 3 and 19 ........................................................................ 70 
`5. 
`Claims 4 and 20 ........................................................................ 74 
`6. 
`Claims 5 and 21 ........................................................................ 75 
`7. 
`Claim 6 ..................................................................................... 76 
`8. 
`Claim 7 ..................................................................................... 78 
`9. 
`10.  Claim 8 ..................................................................................... 79 
`11.  Claim 9 ..................................................................................... 81 
`12.  Claim 10 ................................................................................... 82 
`13.  Claim 11 ................................................................................... 82 
`14.  Claim 12 ................................................................................... 83 
`15.  Claim 13 ................................................................................... 84 
`16.  Claim 14 ................................................................................... 86 
`17.  Claim 15 ................................................................................... 88 
`18.  Claim 16 ................................................................................... 90 
`19.  Claim 17 ................................................................................... 92 
`Ground 2: Gauvin renders claims 1-2, 4-18, 20-21 obvious. ............. 93 
`1. 
`Claim 1 ..................................................................................... 96 
`2. 
`Claim 18 ................................................................................. 135 
`3. 
`Claim 2 ................................................................................... 139 
`4. 
`Claims 3 and 19 ...................................................................... 140 
`5. 
`Claims 4 and 20 ...................................................................... 145 
`6. 
`Claims 5 and 21 ...................................................................... 146 
`7. 
`Claim 6 ................................................................................... 146 
`8. 
`Claim 7 ................................................................................... 149 
`9. 
`Claim 8 ................................................................................... 150 
`10.  Claim 9 ................................................................................... 152 
`11.  Claim 10 ................................................................................. 152 
`
`-ii-
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 3 of 465
`
`

`

`12.  Claim 11 ................................................................................. 153 
`13.  Claim 12 ................................................................................. 155 
`14.  Claim 13 ................................................................................. 156 
`15.  Claim 14 ................................................................................. 159 
`16.  Claim 15 ................................................................................. 162 
`17.  Claim 16 ................................................................................. 164 
`18.  Claim 17 ................................................................................. 167 
`Ground 3: Combination of Gauvin and Narayanaswamy renders
`claims 1-2, 4-18, 20-21 obvious. ...................................................... 170 
`
`C. 
`
`
`
`
`
`
`
`-iii-
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 4 of 465
`
`

`

`
`
`LIST OF APPENDICES
`
`
`Appendix A
`
`Curriculum Vitae
`
`Appendix B
`
`Supplemental Materials
`
`
`
`
`
`
`
`-iv-
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 5 of 465
`
`

`

`
`
`I.
`
`INTRODUCTION
`I, Wenke, Lee, Ph.D, have been retained by Petitioner Netskope, Inc.
`
`1.
`
`(“Petitioner”) to investigate and opine on certain issues relating to United States
`
`Patent No. 9,197,601 (“the ’601 patent”) in its Petition for Inter Partes Review.
`
`The Petition requests that the Patent Trial and Appeal Board (“PTAB” or “Board”)
`
`review and cancel claims 1-21 of the ’601 patent.
`
`2.
`
`The opinions set forth in this declaration are based on my personal
`
`knowledge, my professional judgment, and my analysis of the materials and
`
`information referenced in this declaration and its exhibits and appendices.
`
`3.
`
`I am being compensated at a combined rate of $750/hr for my time in
`
`connection with this matter. I am also reimbursed for reasonable and customary
`
`expenses associated with my work in this case. I receive no other forms of
`
`compensation related to this case. My compensation does not depend on the
`
`outcome of this IPR or the co-pending district court litigation, and I have no other
`
`financial interest in this IPR.
`
`4.
`
`5.
`
`I understand that the ’601 patent has been assigned to Fortinet, Inc.
`
`This declaration is based on the information currently available to me.
`
`To the extent that additional information becomes available, I reserve the right to
`
`continue my investigation and study, which may include a review of documents
`
`-1-
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 6 of 465
`
`

`

`
`
`and information that may be produced, as well as testimony from depositions that
`
`have not yet been taken.
`
`A. Qualifications
`1.
`Education
`I obtained a Bachelor of Science in Computer Science from Sun Yat-
`
`6.
`
`Sen University in China in 1988. In 1990, I obtained my Master of Science in
`
`Computer Science from the City College of New York. In 1999, I obtained my
`
`Ph.D. in Computer Science from Columbia University.
`
`2. Work Experience
`I am currently a Professor of Computer Science at the Georgia
`
`7.
`
`Institute of Technology, focusing on systems and network security, applied
`
`cryptography, and machine learning. Since 2016, I have also been the John P.
`
`Imlay Jr. Chair in the College of Computing at the Georgia Institute of Technology.
`
`8.
`
`Since I obtained my Master of Science in Computer Science in 1990
`
`and to 1994, I was a software engineer at Intergraph Corporation.
`
`9.
`
`From 1994 to 1999, I was a Ph.D. student in Computer Science. My
`
`thesis research focused on machine learning and cybersecurity. While I was a Ph.D.
`
`student, I was a Summer Intern researcher at AT&T Research in 1996 and IBM T.
`
`J. Watson Research Center in 1997.
`
`10. From 1999 to 2001, I was a tenure-track Assistant Professor in the
`
`Department of Computer Science at The North Carolina State University.
`2
`
`
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 7 of 465
`
`

`

`11.
`
`From 2001 to 2005, I was a tenure track Assistant Professor in the
`
`College of Computing at The Georgia Institute of Technology (Georgia Tech). In
`
`2005, I was promoted to Associate Professor with tenure. In 2009, I was elevated
`
`to Full Professor with tenure.
`
`12.
`
`From 2012 to 2015, I was the Director of the Information Security
`
`Center at the Georgia Institute of Technology. From 2015 to 2021, I was the
`
`Executive Director of the Institute for Information Security and Privacy at the
`
`Georgia Institute of Technology.
`
`13.
`
`In 2006, I co-founded Damballa, Inc. to commercialize the botnet and
`
`malware detection technologies developed in my lab. Damballa was sold to Core
`
`Security in 2016.
`
`14.
`
`I have been elevated to Fellow of the Institute of Electrical and
`
`Electronics Engineers (IEEE), the global engineering society. Fellow is the highest
`
`of three grades of membership that are awarded based on merit. In every year,
`
`IEEE limits the number of new Fellows to one tenth of one percent of the
`
`membership.
`
`15.
`
`I have also been elevated to Fellow of the Association for Computing
`
`Machinery (ACM), the global professional society for computer scientists. ACM’s
`
`rules for Fellows are even more restrictive than IEEE’s, limiting the total number
`
`of Fellows in absolute terms to 1% of the membership.
`
`3
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 8 of 465
`
`

`

`
`
`16. Over the course of my career so far, I have been the Principal
`
`Investigator or co-Investigator on 50 approved and funded grants. My expertise
`
`both as a developer and researcher on computer systems and information security,
`
`cybersecurity and machine learning, computerized intrusion detection methods,
`
`applied cryptography, data mining, digital watermarking, and packet watermarking
`
`has been sought out by the Federal Government. For example, I have been the
`
`Principal Investigator on various grants funded by the Defense Advanced Research
`
`Projects Agency (DARPA), the Office of Naval Research (ONR). and the
`
`Department of Homeland Security (DHS).
`
`17. From 2010 to 2011, I served on the Editorial Board of one of the
`
`flagship journals of the IEEE, the IEEE Transactions on Dependable and Secure
`
`Computing (TDSC). From 2005 to 2011, I served on the Editorial Board of an
`
`ACM journal, the ACM Transactions on Information and System Security
`
`(TISSEC). I have also served on more than 90 conference committees and have
`
`served on more than a dozen of committees at the Georgia Institute of Technology.
`
`I have also served as the primary advisor to 8 Postdoctoral Fellows and 25
`
`completed Ph.D.s, and currently serve as the primary advisor on more than ten
`
`further dissertations in progress.
`
`
`
`4
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 9 of 465
`
`

`

`
`
`18. The area of my current research is malware analysis and detection. A
`
`fuller description of my current interests and areas of research can be found in my
`
`CV.
`
`19. As reflected in the succeeding pages of my CV, I have taught courses
`
`directed to Network and Information Security essentially continuously since 1999.
`
`3.
`Publications
`I have published more than a hundred academic papers in top journals
`
`20.
`
`and conference proceedings, and participated in well over a hundred conference
`
`presentations and over a dozen workshop presentations, the vast preponderance of
`
`which relate to Network Security and most of which relate to Intrusion Detection
`
`in particular.
`
`21.
`
`I am a named inventor in ten issued patents.
`
`4.
`Curriculum Vitae
`22. A copy of my curriculum vitae is attached as Appendix A to this
`
`declaration.
`
`B. Materials Reviewed
`23. My opinions expressed in this declaration are based on documents and
`
`materials identified in this declaration, including the ’601 patent, the prior art
`
`references and background materials discussed in this declaration, and the other
`
`references specifically identified in this declaration. I have considered these
`
`
`
`5
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 10 of 465
`
`

`

`
`
`materials in their entirety, even if only portions are discussed here. The following
`
`is an exemplary list of the materials on which I based my opinion.
`
`Exhibit
`
`Description
`
`Ex. 1001
`
`U.S. Patent No. 9,197,601 (“the ‘601 patent”)
`
`Ex. 1003
`
`File History of U.S. Patent No. 9,197,601
`
`Ex. 1004
`
`U.S. Patent No. 8,296,178 (“Hudis”)
`
`Ex. 1005
`
`U.S. Patent No. 7,735,116 (“Gauvin”)
`
`Ex. 1006
`
`U.S. Patent No. 8,000,329 (“Fendick”)
`
`Ex. 1007
`
`Ex. 1008
`
`U.S. Patent Application Publication U.S. 2014/0259093 A1
`
`(“Narayanaswamy”)
`
`Comparison of Narayanaswamy to its provisional application,
`
`(Provisional Application No. 61/773,633)
`
`Ex. 1009
`
`Oxford Dictionary of Computing (6th Ed., 2008)
`
`Ex. 1010
`
`Dictionary of Computer and Internet Terms (11th Ed., 2013)
`
`Ex. 1011
`
`Webster’s New World Computer Dictionary (10th Ed., 2003)
`
`Ex. 1012
`
`E. Tittle, “Unified Threat Management for Dummies,” (2012)
`
`Ex. 1013
`
`FortiGate SOHO and SMB Version 3.0 MR5 (2007)
`
`
`
`
`
`6
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 11 of 465
`
`

`

`
`
`24.
`
`I have also relied on my own experience and expertise in Web
`
`technologies, distributed (client-server) service architectures, computer network
`
`security, and computer networks.
`
`C. Level of Ordinary Skill in the Art
`25.
`I am not an attorney and offer no legal opinions. I have been
`
`informed about certain aspects of the law for purposes of my analyses and opinions.
`
`26.
`
`I understand that in analyzing questions of invalidity and infringement,
`
`the perspective of a person having ordinary skill in the art (“POSITA”) is often
`
`implicated, and the Court may need assistance in determining that level of skill.
`
`27.
`
`I understand that the claims and written description of a patent must
`
`be understood from the perspective of a POSITA. I have been informed that the
`
`following factors may affect the level of skill of a POSITA: (1) the educational
`
`level of the inventor; (2) the type of problems encountered in the art; (3) the prior-
`
`art solutions to those problems; (4) the rapidity with which innovations are made;
`
`(5) the sophistication of the technology; and (6) the educational level of active
`
`workers in the field. A person of ordinary skill in the art is also a person of
`
`ordinary creativity in the art.
`
`28. Based on my experience in computer networking and security, as well
`
`as my reading of the ’601 Patent, it is my opinion that a person of ordinary skill
`
`with respect to the subject matter of the ’601 Patent at the time of the alleged
`
`
`
`7
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 12 of 465
`
`

`

`
`
`priority date of the ’601 Patent in June 2013 would have had at least a bachelor’s
`
`degree in computer science, computer engineering, or electrical engineering and
`
`would have had at least two years of experience working on computer networking
`
`and security and their applications. This definition is flexible, and additional
`
`educational experience could make up for less work experience and vice versa.
`
`29.
`
`I am at least a person of ordinary skill in the art and was so on the date
`
`to which the ’601 Patent claims priority. As shown by my qualifications and my
`
`curriculum vitae attached as Appendix A, I am aware of the knowledge and skill
`
`possessed by a person of ordinary skill in the art at the time of the priority date of
`
`the ’601 Patent. In performing my analysis, I have applied the standard set forth
`
`above.
`
`D.
`30.
`
`Summary of Opinions
`I have reviewed and analyzed the ’601 Patent.
`
`31. Based on my review and analysis, it is my opinion that claims 1-21 of
`
`the ’601 Patent are invalid based on the following grounds:
`
`Ground Basis
`
`Reference(s)
`
`Challenged Claims
`
`1
`
`2
`
`3
`
`
`
`
`
`§ 103
`
`§ 103
`
`§ 103
`
`Hudis and Fendick
`
`Gauvin
`
`1-14, 17-21
`
`1-2, 4-18, 20-21
`
`Gauvin and Narayanaswamy
`
`1-2, 4-18, 20-21
`
`8
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 13 of 465
`
`

`

`
`
`II. OVERVIEW OF THE TECHNOLOGY
`A.
`Priority Date of the Claims
`32.
`I have been informed that a U.S. patent application may claim the
`
`benefit of the filing date of an earlier patent application if the earlier patent
`
`application disclosed each limitation of the invention claimed in the later-filed U.S.
`
`patent application. I have also been informed that priority is determined on a
`
`claim-by-claim basis so that certain claims of a patent may be entitled to the
`
`priority date of an earlier-filed patent application even if other claims of the same
`
`patent are not entitled to that priority date.
`
`33.
`
`I have also been informed that a patented claim is invalid if the
`
`claimed invention was patented, described in a printed publication, or in public use,
`
`on sale, or otherwise available to the public before the effective filing date of the
`
`claimed invention, or the claimed invention was described in an issued patent or a
`
`published patent application that was effectively filed before the effective filing
`
`date of the claimed invention. For the purposes of this declaration, I have
`
`presumed the priority date of the ’601 patent to be June 5, 2013, which is the filing
`
`date of the application that led to the ’601 patent.
`
`
`
`9
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 14 of 465
`
`

`

`
`
`B. Overview of Relevant Technology When the ’601 Patent Was
`Filed
`1.
`Customizable network and security services
` In the early days of the Internet, little traffic was analyzed or filtered.
`
`34.
`
`But things changed in the late 1980s when Internet-borne threats became real—for
`
`example, in 1989 an Internet-based worm infected about 6,000 computers and
`
`caused massive damage. To protect from these emerging threats, companies
`
`rapidly developed network and security services; for example, firewall and
`
`network intrusion detection systems (NIDs) were well under development by
`
`1989.1
`
`35.
`
` Over time, enterprises deployed a slew of network security services.
`
`These services were typically deployed where one network met with another,
`
`known as the perimeter.2 The services could include firewalls, virus detection,
`
`content filtering, and data loss prevention and, at first, each service came as a
`
`separate appliance.3 An important feature of these services was customization—an
`
`administrator could configure exactly which service(s) it wanted and how those
`
`services would control the flow of traffic into and out of the network. Below, for
`
`example, is a screenshot of the user interface of the 1996-Checkpoint Firewall-1
`
`
`
` 1
`
`
`
` Eugene Spafford “The Internet Worm Program: Analysis”, 1988
`2 See, e.g., U.S. Patent No. 8,042,149 at 3:12-16
`3 Unified Threat Management for Dummies, 26-27.
`10
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 15 of 465
`
`

`

`
`
`System showing the various selections an administrator could make for filtering
`
`traffic.4
`
`
`
`36.
`
` As threats and networks evolved, companies added appliances to
`
`protect against those new and evolving issues. Each appliance addressed a specific
`
`threat, so, eventually, companies had separate appliances for malware screening,
`
`content filtering, intrusion detection, etc., as shown below.
`
`
`
` 4
`
`
`
` “FireWall-1 User Interface from 3.0,” PhoneBoy’s Security Theater, archived at
`the
`Internet Archive Wayback Machine on
`January 2, 2014
`at
`https://web.archive.org/web/20140102143305/http://phoneboy.net; see also, e.g.,
`Unified Threat Management for Dummies, 27-28.
`11
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 16 of 465
`
`

`

`While helpful in some respects, this patchwork of separate appliances created
`
`issues with visibility, central management, performance, cost, and maintenance.5
`
`Unified security solutions and points of presence (PoP)
`2.
`To address
`those
`issues, companies developed systems
`
`to
`
`37.
`
`conveniently customize network and security services using a single platform.
`
`(Exs. 1012-1013.) One example of such a system was called Unified Threat
`
`Management (“UTM”). UTM referred to a solution that consolidated a wide range
`
`of network security functions (e.g., data loss prevention, anti-virus). This allowed
`
`an organization the ability to select as many (or as few) technologies as needed and
`
`configure its perimeter security to suit its needs. Typically, a UTM appliance had
`
`5 Unified Threat Management for Dummies, 18-23.
`12
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 17 of 465
`
`

`

`
`
`a single management console though which an administrator could configure the
`
`services.6
`
`38. UTM appliances were so well-known before the challenged patent
`
`that Fortinet even sponsored a “Dummies” book about them:
`
`39. Like UTMs, points-of-presence (PoP) generally related to distributed
`
`connection points between two or more networks, as explained below, and
`
`
`
`
`
` Unified Threat Management for Dummies, 25-64.
`13
`
` 6
`
`
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 18 of 465
`
`

`

`
`
`provided a natural checkpoint for traffic entering or exiting a network. (See. Ex.
`
`1009 (Oxford Dictionary of Computing), at 389 (defining PoP as “[a]n access point
`
`to the Internet….”).) While “PoPs” may sound unfamiliar, the term and concept
`
`have been around since at least the 1980s and have been a component in
`
`distributed networks.7
`
`40.
`
` For example, PoPs have been used by Internet Service Providers
`
`(ISPs) since the 1990s. Typically, a customer of an ISP connects to the Internet
`
`(e.g., visiting a website) from their home network. When the user connects to the
`
`Internet, it connects to an ISP’s PoP that is configured to receive traffic from the
`
`user’s home computer, and the POP directs the traffic to the appropriate Internet
`
`router to forward the traffic to the intended destination. A large ISP can have
`
`multiple PoPs so that—depending on the traffic load and location proximity—
`
`different customers may use different PoPs or even the same customer may use
`
`different PoPs at different times.
`
`41.
`
` PoPs have also been used in distributed enterprise networks for
`
`decades. For example, when a user tries to connect to an enterprise network from
`
`the Internet, its network traffic will go through a PoP for the enterprise network.
`
`That is, the PoP receives traffic from his home computer or his network and
`
`
`
` 7
`
`
`
` See, e.g., D. Chantrain, Solutions for Service Deployment in the Edge of the
`Network, IEEE (2000); U.S. Patent No. 4,972,464
`14
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 19 of 465
`
`

`

`
`
`decides if the traffic is allowed and to which part of the enterprise network. A large
`
`enterprise network may have multiple PoPs and a user may be using different PoPs
`
`depending on workload, location, and the requested services. And as enterprises
`
`started moving data and services to the cloud in the early 2000s, POPs became an
`
`interface between cloud-based resources and the enterprises. Hudis, filed five
`
`years before the challenged patent, disclosed a system that uses PoPs to connect
`
`entities (e.g., enterprise network (125)) and cloud-based resources (115)), as shown
`
`below.
`
`42. Hudis’ prior art architecture resembled the ’601 patent’s where it, too,
`
`used PoPs to connect entities (e.g., data center (122) to 3rd party (112) in ’601
`
`
`
`Figure 1 (below)).
`
`
`
`15
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 20 of 465
`
`

`

`
`
`
`
`43.
`
` A PoP can be located at the interface point between two networks and
`
`is therefore considered to be at the edge, or, the perimeter of a network. A PoP
`
`might consist of communication equipment and technologies, such as modem
`
`banks, routers, and switches necessary for traffic to cross over networks. In
`
`addition to facilitating connections from one network to another, a PoP also
`
`
`
`16
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 21 of 465
`
`

`

`
`
`provides security services such as deciding if an incoming connection should be
`
`allowed and to which service on the network.8
`
`3. Multi-user systems
`44. Since at least the early 2000s’, it was common for large enterprise
`
`networks to be partitioned into multiple subnetworks, one for each of its major
`
`departments or divisions (e.g., the engineering, finance, and administrative
`
`departments). These subnetworks are separated because the departments have
`
`different functions and security needs. For example, a computer in the engineering
`
`department cannot access another computer in the administrative department
`
`directly. Its connection request needs to be checked by the access points and the
`
`security systems of both the engineering and administrative departments.9 Below
`
`is an example of a multi-user system with a distinct subnet for finance users, help
`
`desk users, and engineering users.
`
`
`
` 8
`
` See Freeman, Roger (2005). Fundamentals of Telecommunications. Wiley.
`p. 16. doi:10.1002/0471720941.ch1. ISBN 978-0471710455
`(available
`at
`https://books.google.com/books?id=6_yQ-
`dEGc5wC&q=%22point+of+presence%22#v=snippet&q=%22point%20of%20pre
`sence%22&f=false.)
`9 See, e.g., FortiGate SOHO and SMB Version 3.0 MR5 (2007) p. 15; U.S. Patent
`Application No. 2012/0096158A1.
`
`
`
`17
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 22 of 465
`
`

`

`
`
`
`
`4.
`Parallel and serial processing
`45. Processing network traffic serially, in parallel, or a combination of
`
`both has been well-known since long before the 2000s. Around that time more and
`
`more security appliances were developed to address different potential network
`
`security threats (e.g., viruses, data loss). As the number of appliances grew,
`
`network administrators needed to program their appliances to decide the order in
`
`which network traffic was processed. Right away, administrators adapted two
`
`common orders for processing traffic: in parallel and serially (or a combination of
`
`the two). Indeed, these were really the only ways data could be processed.10
`
`
`
`
`10 G. Anthes, The Power of Parallelism, Computer World (Nov. 19, 2001)
`(available
`at
`https://www.computerworld.com/article/2585457/the-power-of-
`18
`
`
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 23 of 465
`
`

`

`
`
`46. Parallel processing relates to replicating network traffic and having
`
`multiple systems process the traffic at the same time. This is common when speed
`
`is a priority, and the network has sufficient processing resources. Serial processing
`
`relates to executing a task by one system after another, each completing a step(s) of
`
`the task. Serial processing was typically used when speed was not a priority, the
`
`network did not have sufficient processing resources, or when the subsequent
`
`processing depended on the results of the first subsystem processing.
`
`47. For example, at a network access point such as a PoP, the incoming
`
`traffic can be replicated to multiple copies such that multiple systems analyze the
`
`traffic in parallel, one inspecting traffic contents to detect anomalies, and another
`
`inspecting traffic contents using patterns to detect known violations, etc. As
`
`another example, the incoming traffic can be processed by one system to pattern-
`
`match traffic contents and when a suspicious pattern is detected another system
`
`would execute some of the contents in a sandbox to detect security violations.
`
`
`
`
`parallelism.html); G. Pieper and L. Wolfe, Adventures in Parallelism: Celebrating
`30 years of parallel computing at Argonne, Argonne National Laboratory (May 13,
`2013)
`(available
`at
`https://www.anl.gov/article/adventures-in-parallelism-
`celebrating-30-years-of-parallel-computing-at-argonne); Haiguang Lai et al. A
`Parallel Intrusion Detection System for High-Speed Networks. International
`Conference on Applied Cryptography
`and Network Security, 2004
`(https://link.springer.com/chapter/10.1007/978-3-540-24852-1_32#auth-Haiguang-
`Lai).
`
`
`
`19
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 24 of 465
`
`

`

`C.
`48.
`
`The ’601 Patent
`The ’601 Patent issued from U.S. Patent Application No. 13/910,609
`
`(“the ’609 Application”), which was filed on June 5, 2013. The ’601 Patent
`
`concerns “computer networking and security.” (’601 Patent, 1:8-9.) With regard
`
`to Figure 1, the ’601 Patent describes a system that “leverage[es] a variety of
`
`connection types across public and private networks to deliver a virtual perimeter”
`
`for an entity’s computing nodes. (Id., 5:43-47, Fig. 1.)
`
`’601 Patent, FIG. 1
`
`20
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 25 of 465
`
`

`

`
`
`49. The virtual perimeter includes multiple Perimeter Points of Presence
`
`(P/PoPs) 101, 102, and 107 that are “configured to process inbound data from all
`
`entities connected to the one or more P/PoPs as policy compliant outbound data.”
`
`(Id., 6:53-55.) The P/PoPs of the virtual perimeter include “a multitude of systems
`
`and associated sub-systems” for processing the data. (Id., 7:46-51.)
`
`50.
`
`In some embodiments, the virtual perimeter can also be customized by
`
`a user. (Id., 10:21-26.) When customizing the virtual perimeter, a user “can select
`
`and customize the systems and sub-systems for processing inbound and outbound
`
`data, as well as internally communicated data (i.e. akin to a virtual LAN), as well
`
`as the treatment of particular types and classes of data.” (Id.)
`
`D. The Challenged Claims
`51.
`I understand that Petitioner is challenging claims 1-21 in the ’601
`
`Patent.
`
`E. Claim Construction
`52.
`I understand that claim terms generally are construed in accordance
`
`with the ordinary and customary meaning they would have to a POSA at the time
`
`of the invention in light of the claim language, the specification, and the
`
`prosecution history. I understand that dictionaries and other extrinsic evidence
`
`may be considered as well, though such evidence is typically regarded as less
`
`
`
`21
`
`Netskope Exhibit 1002
`
`Fortinet Ex. 2010, Page 26 of 465
`
`

`

`
`
`significant than the intrinsic record in determining the meaning of the claim
`
`language
`
`53. For all terms of the challenged claims of the ’601 patent, I have
`
`interpreted them as they would have been understood by a POSITA at the time of
`
`the priority date of the ’601 patent in 2013.
`
`III. UNPATENTABILITY OF THE ’601 PATENT CLAIMS
`A.
`Standards for Invalidity
`1. Obviousness
`I am informed and understand that a patent cannot be properly granted
`
`54.
`
`for subject matter that would have been obvious to a person of ordinary skill in the
`
`art at the time of the alleged invention, and that a pat