`Patent No. 10,652,111
`
`
`
`
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`CISCO SYSTEMS, INC.,
`Petitioner,
`
`v.
`
`ORCKIT CORPORATION,
`Patent Owner.
`____________
`
`Case IPR2023-00554
`U.S. Patent No. 10,652,111
`____________
`
`PATENT OWNER’S RESPONSE PURSUANT TO 37 C.F.R. § 42.120
`
`
`
`TABLE OF CONTENTS
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`
`Page
`
`I.
`
`INTRODUCTION ......................................................................................... 1
`
`II.
`
`BACKGROUND ............................................................................................ 6
`
`A.
`
`Procedural History .............................................................................. 6
`
`B.
`
`Patent Owner ....................................................................................... 6
`
`C.
`
`’111 Patent ............................................................................................ 8
`
`1.
`
`Prosecution History ................................................................ 11
`
`D.
`
`Petitioner’s Cited References and Challenged Claims .................. 12
`
`1.
`
`2.
`
`3.
`
`Lin (Ex. 1005) .......................................................................... 13
`
`Shieh (Ex. 1006) ....................................................................... 14
`
`Swenson (Ex. 1007) ................................................................. 15
`
`E.
`
`Level of Ordinary Skill ..................................................................... 16
`
`III. CLAIM CONSTRUCTION ........................................................................16
`
`IV. NO COMBINATION OF THE CITED PRIOR ART
`REFERENCES TEACHES OR SUGGESTS EVERY
`LIMITATION OF THE CLAIMS .............................................................17
`
`A. Claim 1: Petitioner’s First Ground Fails. ....................................... 19
`
`1.
`
`[1.0] Lin and Swenson do not disclose or render
`obvious the claimed controller under either Patent
`Owner’s or Petitioner’s proposed constructions. ................ 19
`
`i
`
`
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`
`a.
`
`b.
`
`c.
`
`Lin does not disclose or render obvious a
`controller configured to perform or capable of
`controlling DPI. .............................................................20
`
`Swenson does not disclose or render obvious a
`controller configured to perform or capable of
`controlling DPI. .............................................................23
`
`A POSA would not have combined Swenson’s
`controller with Lin’s or adapted such a
`combination to practice the claimed controller
`in Lin’s system in any event. ........................................32
`
`2.
`
`[1.5] – [1.6]: Lin does not disclose sending the packet
`to the second entity “responsive to the packet not
`satisfying the criterion” or sending the packet to an
`entity other than the second entity “responsive to the
`packet satisfying the criterion.” ............................................. 39
`
`B.
`
`Claim 1: Petitioner’s Ground 2 fails ................................................ 42
`
`1.
`
`Shieh does not disclose the claimed “packet-
`applicable criterion” responsive to which a packet is
`sent either to a second entity or to another entity that
`is different from the second entity. ........................................ 42
`
`C. Claim 3: The prior art does not disclose sending the packet
`to an entity that is other than the second entity and to the
`controller ............................................................................................. 46
`
`D. Claims 4 and 5: The prior art does not disclose sending the
`packet to an entity that is other than the second entity and
`to the controller .................................................................................. 49
`
`E.
`
`F.
`
`Claim 6: The prior art does not disclose storing the packet
`by the controller in a memory .......................................................... 50
`
`Claim 7: The prior art does not disclose sending “a portion
`of the packet” as claimed .................................................................. 52
`
`ii
`
`
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`
`G. Claim 16: The prior art does not disclose “the packet
`comprises distinct header and payload fields, the header
`comprises one or more flag bits, and wherein the packet-
`applicable criterion is that one or more of the flag bits is
`set”
` ................................................................................................... 54
`
`H. Claim 30: The prior art does not disclose “receiving…one
`or more additional packets” as claimed .......................................... 57
`
`V. CONCLUSION ............................................................................................59
`
`
`
`
`
`
`
`iii
`
`
`
`TABLE OF AUTHORITIES
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`
`Page(s)
`
`Cases
`
`Arendi SARL v. Apple Inc.,
`832 F.3d 1355 (Fed. Cir. 2016) ...........................................................................56
`
`DSS Tech. Mgmt. Inc. v. Apple Inc.,
`885 F.3d 1367 (Fed. Cir. 2018) ...........................................................................55
`
`Forest Lab’ys, LLC v. Sigmapharm Lab’ys, LLC,
`918 F.3d 928 (Fed. Cir. 2019) .............................................................................33
`
`Mformation Tech. v. Research in Motion Ltd.,
`764 F.3d 1392 (Fed. Cir. 2014) .............................................................. 46, 48, 49
`
`Nidec Motor Corp. v. Zhongshan Broad Ocean Motor Co.,
`851 F.3d 1270 (Fed. Cir. 2017) ...........................................................................55
`
`Realtime Data, LLC v. Iancu,
`912 F.3d 1368 (Fed. Cir. 2019) ...........................................................................16
`
`Samsung Elecs. Co., Ltd. v. Elm 3DS Innovations, LLC,
`925 F.3d 1373 (Fed. Cir. 2019) ...........................................................................34
`
`Statutes
`
`35 U.S.C. § 103 ........................................................................................................11
`
`Agency Decisions
`
`Xerox Corp. et al. v. Bytemark, Inc.,
`IPR2022-00624, Paper 12 (PTAB Feb. 10, 2023) ...............................................43
`
`
`
`
`
`iv
`
`
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`
`EXHIBIT LIST
`
`2001 Orckit Corporation v. Cisco Systems, Inc., Case No. 2:22-cv-00276, Dkt.
`No. 46 (E.D. Tex., Jan. 15, 2023), First Amended Docket Control Order
`(“First Amended Docket Control Order”)
`2002 Orckit Corporation v. Cisco Systems, Inc., Case No. 2:22-cv-00276, Dkt.
`No. 28 (E.D. Tex., Nov. 4, 2022), Notice of Compliance (“11-4-2022
`Notice of Compliance”)
`2003 Orckit Corporation v. Cisco Systems, Inc., Case No. 2:22-cv-00276, Dkt.
`No. 47 (E.D. Tex., Jan. 19, 2023), Notice of Compliance (“1-19-2023
`Notice of Compliance”)
`2004 Orckit Corporation v. Cisco Systems, Inc., Case No. 2:22-cv-00276, Dkt.
`No. 55 (E.D. Tex., Mar. 23, 2023), Defendant’s Motion To Stay
`2005 Orckit Corporation v. Cisco Systems, Inc., Case No. 2:22-cv-00276, Dkt.
`No. 56 (E.D. Tex., Mar. 29, 2023), Order Denying Motion to Stay
`2006 United States District Courts National Judicial Caseload Profile For the
`12 Months Ending March 31, 2023 (available at
`https://www.uscourts.gov/sites/default/files/data_tables/fcms_na_distprof
`ile0331.2023.pdf) (“Judicial Caseload Statistics”)
`2007 Orckit Corporation v. Cisco Systems, Inc., Case No. 2:22-cv-00276, Dkt.
`No. 50 (E.D. Tex., Feb. 3, 2023), Notice of Compliance (“2-3-2023
`Notice of Compliance”)
`2008 Reserved
`
`2010
`
`2009 December 11, 2008 Final Rejection (U.S. Appl. No. 11/123,801) (“’801
`Application Final Rejection”)
`July 28, 2008 Claim Amendments (U.S. Appl. No. 11/123,801) (“’801
`Application Pending Claims”)
`2011 Orckit Corporation v. Cisco Systems, Inc., Case No. 2:22-cv-00276, Dkt.
`No. 59 (E.D. Tex., Mar. 30, 2023), Order Granting Motion To Amend
`Invalidity Contentions
`2012 Orckit Corporation v. Cisco Systems, Inc., Case No. 2:22-cv-00276, Dkt.
`No. 61 (E.D. Tex., April 13, 2023), Order Granting Motion To Amend
`Invalidity Contentions
`“About Orckit-Corrigent: Executive Summary,” 2011
`
`2013
`
`v
`
`
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`2014 Orckit Corporation v. Cisco Systems, Inc., Case No. 2:22-cv-00276, (E.D.
`Tex., April 13, 2023), Defendant’s First Amended Invalidity Contentions
`(Cover Pleading)
`2015 Orckit Corporation v. Cisco Systems, Inc., Case No. 2:22-cv-00276, (E.D.
`Tex., April 13, 2023), Defendant’s First Amended Invalidity Contentions
`(Exhibit A - ’904 Patent Charts)
`2016 Orckit Corporation v. Cisco Systems, Inc., Case No. 2:22-cv-00276, (E.D.
`Tex., April 13, 2023), Defendant’s First Amended Invalidity Contentions
`(Exhibit B - ’821 Patent Charts)
`2017 Orckit Corporation v. Cisco Systems, Inc., Case No. 2:22-cv-00276, (E.D.
`Tex., April 13, 2023), Defendant’s First Amended Invalidity Contentions
`(Exhibit C - ’740 Patent Charts)
`2018 Orckit Corporation v. Cisco Systems, Inc., Case No. 2:22-cv-00276, (E.D.
`Tex., April 13, 2023), Defendant’s First Amended Invalidity Contentions
`(Exhibit D - ’111 Patent Charts)
`2019 Orckit Corporation v. Cisco Systems, Inc., Case No. 2:22-cv-00276, (E.D.
`Tex., April 13, 2023), Defendant’s First Amended Invalidity Contentions
`(Exhibit E - Combination Charts)
`2020 Orckit Corporation v. Cisco Systems, Inc., Case No. 2:22-cv-00276, (E.D.
`Tex., April 13, 2023), Defendant’s First Amended Invalidity Contentions
`(SME Contentions)
`2021 United States District Courts National Judicial Caseload Profile For the
`12 Months Ending December 31, 2022 (available at
`https://www.uscourts.gov/sites/default/files/data_tables/fcms_na_distprof
`ile1231.2022.pdf) (“December 22 Judicial Caseload Statistics”)
`2022 Declaration of George Stamatopoulos in support of Patent Owner’s
`Motion for Pro Hac Vic Admission
`2023 Declaration of Michael Ng in support of Patent Owner’s Motion for Pro
`Hac Vice Admission
`2024 Stipulation of Dismissal
`
`2025 Declaration of Miguel Gomez
`
`2026 CV of Miguel Gomez
`
`2027
`
`“DPI & DFI: A Malicious Behavior Detection Method Combining Deep
`Packet Inspection and Deep Flow Inspection” by Guo et al., Procedia
`Engineering 174, 1309-1314 (2017)
`
`
`
`vi
`
`
`
`I.
`
`INTRODUCTION
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`
`Orckit Corporation (“Orckit” or “Patent Owner”) submits this Patent Owner
`
`Response (“POR”) to Cisco Systems, Inc.’s (“Petitioner”) Petition challenging
`
`claims 1-9, 12-24, and 27-31 (the “Challenged Claims”) of U.S. Patent No.
`
`10,652,111 (the “’111 Patent”).
`
`The ’111 Patent is directed to novel methods for implementing deep packet
`
`inspection (“DPI”) in software defined networks (“SDN”). The ’111 patent explains
`
`that protocols used in software defined networks (e.g., the OpenFlow protocol)
`
`allowed the programmability of network nodes (e.g., switches or routers) by a central
`
`controller but failed to provide a mechanism for deep packet inspection, a technique
`
`that was useful among other things for detecting security threats. See Ex. 1001, 1:50-
`
`67. The patent explains further that routing all packets from the network nodes to
`
`the central controller had a number of drawbacks, including “increased end-to-end
`
`traffic delays between the client and the server; overflowing the controller capability
`
`to perform other networking functions; and a single point of failure for the re-routed
`
`traffic.” Id. at 2:1-6. The inventors of the ’111 Patent recognized a need to “provide
`
`a solution that overcomes the deficiencies [of prior art SDN protocols and allowed
`
`for] efficient DPI in SDNs.” Id. at 2:7-9. The claims of the ’111 Patent recite
`
`methods that are directed to such a solution.
`
`
`
`1
`
`
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`Among other elements, the sole challenged independent claim of the ’111
`
`Patent (claim 1) recites: (i) a SDN “controller” that is capable of controlling deep
`
`packet inspection1 and (ii) the use of a criterion (a “packet-applicable criterion”) to
`
`determine whether packets transmitted over a SDN network should be sent to their
`
`destination or to some other entity (e.g., the controller itself) for further inspection.
`
`The remaining Challenged Claims, all of which depend from Claim 1) recite
`
`additional limitations, for example, about the criterion to be used or the specific
`
`entities to which packets should be sent in response to satisfying or not satisfying
`
`the claimed “packet-applicable criterion.”
`
`The inventive crux of these claims was a novel SDN in which: (i) the SDN
`
`controller, unlike prior art SDN controllers (that were typically uninvolved in DPI
`
`but were dedicated to other network functions), was also capable of controlling DPI;
`
`and (ii) a criterion handed down by the controller to the nodes was used to
`
`intelligently determine whether and when to send packets to their destination and
`
`when to divert them for further inspection with DPI. These two elements in tandem
`
`
`
`1 As discussed below, the parties have advanced competing constructions for
`the claimed “controller.” However, Patent Owner’s arguments in this response are
`the same under either construction (i.e., Patent Owner’s construction as “an entity
`capable of controlling deep packet inspection” or Petitioner’s “entity configured to
`perform deep packet inspection on packets”).
`
`
`
`2
`
`
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`were critical in the inventors’ efforts to address the limitations in prior art SDNs
`
`discussed in the patent.
`
`Petitioner has advanced two grounds challenging the patentability of the
`
`Challenged Claims: first, that the Challenged Claims are obvious over Lin in view
`
`of Swenson and, second, that the Challenged Claims are obvious over Shieh in view
`
`of Swenson. With respect to Petitioner’s second ground (Shieh over Swenson), as
`
`the Institution Decision already determined, there is no reasonable basis to conclude
`
`that Shieh and Swenson invalidate any claim because Shieh and Swenson do not
`
`disclose or render obvious the claimed “packet-applicable criterion.” With respect
`
`to Petitioner’s first ground (Lin over Swenson), Patent Owner respectfully submits
`
`new arguments--that were not previously before the Board and are supported by the
`
`declaration of Patent Owner’s expert—which show that the Challenged Claims are
`
`patentable over the Lin/Swenson combination.
`
`As explained in detail below, among other limitations, the Lin and Swenson
`
`combination does not disclose or render obvious a controller that is capable of
`
`controlling deep packet inspection or the use of the claimed packet-applicable
`
`criterion for sending individual packets to an entity other than their original
`
`destination.
`
`
`
`3
`
`
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`In particular, Lin discloses a less sophisticated system in which DPI is
`
`performed at a dedicated security service that is distinct from the controller and
`
`provided by “security vendors.” And, because it teaches performing DPI as part of
`
`a discrete security service, Lin does not disclose or render obvious a controller that
`
`is capable of controlling DPI.
`
`Petitioner attempts to overcome this lack of disclosure in Lin by identifying
`
`references in Swenson to a network controller executing a technique called “deep
`
`flow inspection.” Effectively, Petitioner asserts that (i) deep flow inspection is
`
`coextensive or would otherwise render obvious deep packet inspection; and (ii)
`
`because Swenson teaches deep flow inspection at the controller, it also renders
`
`obvious a controller that is capable of controlling (or configured to perform, under
`
`Petitioner’s proposed construction) deep packet inspection. Petitioner’s assertion is
`
`incorrect if not misleading. As explained below, despite their similar-sounding
`
`names, deep packet inspection and deep flow inspection are different techniques that
`
`perform different functions. Deep packet inspection is a granular and thorough
`
`inspection of traffic at the packet level. Owing to its granularity, it is well-suited
`
`among other things to threat detection and security applications stemming, e.g., from
`
`maliciously sent packets. On the other hand, deep flow inspection—which is
`
`focused on traffic monitoring at the flow level—can be used for obtaining and
`
`
`
`4
`
`
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`analyzing statistic information about data flows, but does not lend itself to inspecting
`
`data at the packet level. Indeed, Swenson discloses using deep flow inspection in
`
`connection with “the analysis of the statistic information of the data flow” to make
`
`forecasts about bandwidth in connection with facilitating user requests for content
`
`in service provider networks. Ex. 1007, Abstract. Moreover, Swenson expressly
`
`omits from its disclosure details about “security functions” so as not to “obscure the
`
`details of [its] system architecture.” Ex. 1007, [0039]. Accordingly, as also
`
`explained below, a POSA would not understand Swenson to disclose DPI at all, let
`
`alone a controller that is either capable of controlling or configured to perform DPI.
`
`In any event, even if Swenson disclosed DPI (it does not) there is no reference or
`
`teaching anywhere in the art that would provide a POSA with a reason to combine
`
`Swenson with Lin. Accordingly, Lin and Swenson do not disclose or render obvious
`
`independent claim 1.
`
`Moreover, for reasons set forth below, the dependent claims recite additional
`
`patentable elements that are not obvious in view of Lin or Shieh and Swenson.
`
`Accordingly, Patent Owner respectfully asks that the Board issue a Final Written
`
`Decision finding all challenged claims patentable over the asserted prior art.
`
`
`
`
`
`
`
`5
`
`
`
`II. BACKGROUND
`
`A.
`
`Procedural History
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`
`This proceeding is one of four IPRs filed by Petitioner against Patent Owner.
`
`The other IPRs are IPR2023-00401 (U.S. Pat. No. 7,545,740), IPR2023-00402 (U.S.
`
`Pat. No. 8,830,821) and IPR2023-00714 (U.S. Pat. No. 6,680,904). Each of the ’740,
`
`’821, ’111 and ’904 Patents was asserted by Patent Owner against Petitioner in
`
`Orckit Corporation v. Cisco Systems, Inc., Case No. 2:22-cv-00276 (E.D. Tex. July
`
`22, 2022) (the “District Court Case”). Patent Owner and Petitioner have agreed to a
`
`jointly stipulated dismissal of the district court litigation without prejudice. Ex. 2024
`
`[Stipulation of Dismissal].
`
`B.
`
`Patent Owner
`
`Orckit Corporation owns the ’111 patent, which originated from significant
`
`research and development by Orckit Communications Ltd. (also known as
`
`Corrigent-Systems Ltd., referred to herein as “Orckit-Corrigent”).
`
`Orckit-Corrigent was founded in 1990 in Israel by Izhak Tamir and Eric
`
`Paneth. Orckit-Corrigent’s products offered networking infrastructure for the
`
`delivery of residential, business, and mobile backhauling services in packet-based
`
`networks.
`
`
`
`6
`
`
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`By the early 2000s, Orckit-Corrigent was a pioneer in telecommunications,
`
`with revenues some years exceeding $500M from sales to various tier 1 global
`
`telecommunications providers. Over the years, Orckit-Corrigent and its subsidiaries
`
`developed and sold products in a variety of telecommunications areas, including
`
`DSL, Packet Transport Networks (PTN), Carrier Ethernet technologies, PWE
`
`(Pseudo-Wire Emulation) technology, and Resilient Packet Ring (RPR) technology,
`
`which was developed and introduced to the market as the IEEE 802.17 Standard,
`
`part of the company’s packet transport technology. In 2007, Orckit-Corrigent
`
`launched its CM4000 PTN line of products, which were purchased and deployed by
`
`telecom providers worldwide, including leading Indian carrier Bharat Sanchar
`
`Nigam Ltd. (BSNL); T-Systems (Deutsche Telekom) in Germany; Tele2, a leading
`
`Pan-European Scandinavian Service Provider; redIT (formerly MetroNet) in
`
`Mexico, and others. At one time, Orckit-Corrigent had offices in Israel, US, India,
`
`Japan, Korea, Germany, Russia, Brazil, Mexico, Thailand, and the Philippines.
`
`Orckit-Corrigent also engaged in extensive research and development
`
`(investing over $200M) and prosecuted an extensive patent portfolio. Many of the
`
`patents in this portfolio were practiced by its products, notably, the CM-4000
`
`product family, which was a series of packet transport network switches (consisting
`
`of, among other products, the CM-4140, CM-4206 and CM-4314T/4314 models),
`
`
`
`7
`
`
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`and the CM-401x portfolio of switches that included the CM-4011, CM-4012 and
`
`CM-4013 products. Ex. 2014 [Orckit-Corrigent Executive Summary].
`
`In 2012, Orckit-Corrigent entered
`
`into debt restructuring/bankruptcy
`
`proceedings in Israel. After a series of transactions that followed the Israel
`
`proceedings, Orckit Corporation acquired a smaller set of Orckit-Corrigent’s
`
`patents, including the ’111 patent.
`
`C.
`
`’111 Patent
`
`The ’111 Patent is titled “Method and System for Deep Packet Inspection in
`
`Software Defined Networks.” Ex. 1001, abstract. DPI is a technique for examining
`
`network communications at the packet level, which can be used to extract data
`
`patterns from a data communication channel. Ex. 1001, 1:21-25. The extracted data
`
`patterns are useful for a variety of purposes, including network security and data
`
`analytics. Id.
`
`A software defined network (SDN) is a networking architecture that provides
`
`for centralized management of the nodes in a network, as opposed to the distributed
`
`architecture utilized by conventional networks. Ex. 1001, 1:30-38. For example, a
`
`SDN may utilize a controller to manage network nodes such as vSwitches. Id. SDN-
`
`based architectures typically decouple the data forwarding (e.g. data plane) from
`
`control decisions (e.g. control plane), such as routing, resources, and other
`
`
`
`8
`
`
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`management functionalities. Ex. 1001, 1:39-49. The decoupling may allow the data
`
`plane and the control plane to operate on different hardware, in different runtime
`
`environments, and/or operate using different models. Id.
`
`The inventors of the ’111 Patent recognized that the OpenFlow protocol used
`
`by prior art did not support DPI of packets through the various networking layers.
`
`Ex. 1001, 1:50-67. This limited the ability of the OpenFlow protocol to support a
`
`number of networking features associated with DPI, including detecting security
`
`threats. Id. The inventors also recognized that “routing all traffic from network nodes
`
`to the central controller introduces some significant drawbacks, such as increased
`
`end-to-end traffic delays between the client and the server; overflowing the
`
`controller capability to perform other networking functions; and a single point of
`
`failure for the re-routed traffic.” Id. at 2:1-6. The inventors thus explain that “it
`
`would be advantageous to provide a solution that overcomes the deficiencies [in
`
`prior art SDNs] and allow[s] efficient DPI in SDNs.” Id. at 2:7-9.The ’111 Patent
`
`proposes methods for DPI in a software defined network. Ex. 1001, 2:27-3:3. In one
`
`exemplary embodiment, a network system 100 as shown in Fig. 1 includes a
`
`controller 111 “configured to perform deep packet inspection on designated packets
`
`from designated flows or TCP sessions… the central controller 111 is further
`
`configured to instruct each of the network nodes 112 which of the packets and/or
`
`
`
`9
`
`
`
`sessions should be directed to the controller 111 for packet inspections:”
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`
`
`
`Ex. 1001, 4:5-11, Fig. 1.
`
`Controller 111 may provide instructions to the network nodes that configure
`
`the network nodes to analyze the headers of incoming packets for DPI. Ex. 1001,
`
`4:23-37. For example, the network node may be instructed to either redirect the
`
`packet to controller 111 or send the packet to the destination server 140. Id.
`
`Alternatively, the controller 111 may instruct the network nodes to mirror a number
`
`
`
`10
`
`
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`of bytes within the packet to be sent to controller 111 to perform DPI. Id. The TCP
`
`packet’s header may include fields such as TCP FLAG SYN, TCP FLAG ACK, TCP
`
`FLAG FIN, TCP FLAG RST, which are analyzed by the network node to execute
`
`the instructions sent by the controller, which may vary depending on the contents of
`
`the TCP packet’s header field. Ex. 1001, 4:23-46.
`
`The ’111 Patent has two independent claims (1 and 32) and 52 dependent
`
`claims, of which only independent claim 1 and a subset of its dependent claims are
`
`at issue in this proceeding. Consistent with the description in the ’111 Patent, the
`
`claims recite a method for transporting packets based on an instruction and a packet-
`
`applicable criterion sent from a controller to a network node (claim 1) for performing
`
`DPI (claim 9).
`
`1.
`
`Prosecution History
`
`The ’111 Patent claims priority to provisional application no. 61/982,358,
`
`filed on April 22, 2014. Ex. 1001 [’111 Patent], 1:8-10. The ’111 Patent was filed
`
`on April 21, 2015 as Appl. No. 15/126,288 (the “’288 Application”). Id.
`
`On September 12, 2018, the Examiner issued a non-final rejection rejecting
`
`the then-pending claims under 35 U.S.C. § 103 over U.S. Pub. No. 2010/0208590
`
`(Dolganow) and U.S. Pub. No. 2014/0052836 (Nguyen), which was made final on
`
`April 15, 2019 following an Applicant response on December 9, 2018. Ex. 1002,
`
`
`
`11
`
`
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`
`170-195, 230-238, 240-263.
`
`In response to the rejections, Applicant on May 7, 2019 amended the claims
`
`to explicitly recite that the controller “is external to the network node,” thus
`
`clarifying that the instruction and packet-applicable criterion are sent by the
`
`controller to the network node over the packet network. Ex. 1002, 148-168.
`
`On July 8, 2019, the Examiner issued a new rejection substituting Nguyen
`
`with U.S. Pub. No. 2016/0219080 (Huang). The Examiner subsequently withdrew
`
`the rejection and allowed the claims following Applicant’s October 2, 2019 response
`
`to the Examiner’s July 8, 2019 Office Action. Ex. 1002, 15-16, 55-64. The
`
`Examiner’s January 7, 2020 Notice of Allowance credited the arguments made by
`
`Applicant’s October 2, 2019 response, including that the prior art failed to disclose
`
`“sending, by the controller to the network node over the packet network, an
`
`instruction and a packet-applicable criterion” because the prior art “only described
`
`receiving packets as part of the regular traffic to be analyzed, and are silent regarding
`
`any receiving from a controller in general, and receiving of ‘the instruction and the
`
`criterion’ in particular.” Ex. 1002, 15-16, 62-64.
`
`The ’288 Application issued as the ’111 Patent on May 12, 2020. Ex. 1001.
`
`D.
`
`Petitioner’s Cited References and Challenged Claims
`
`The Petition asserts the following two grounds:
`
`
`
`12
`
`
`
`Ground
`#1
`
`Claims
`1-9, 12-24, and 27-31
`
`#2
`
`1, 5-9, 12-24, and 27-30
`
`
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`
`Basis
`35 U.S.C. § 103 (AIA)
`over Lin and Swenson
`35 U.S.C. § 103 (AIA)
`over Shieh and Swenson
`
`Paper 1, i-iii. Petitioner alternatively relies on Lin or Shieh as the primary reference,
`
`and Swenson as the secondary reference in both cases.
`
`1.
`
`Lin (Ex. 1005)
`
`U.S. Patent No. 9,264,400 to Lin et al. (“Lin”) is titled “Software Defined
`
`Networking Pipe for Network Traffic Inspection” and describes a software defined
`
`networking (SDN) computer network including an SDN controller and an SDN
`
`switch. Ex. 1005, abstract. The SDN controller inserts flow rules in a flow table of
`
`the SDN switch to create an SDN pipe between a sender component and a security
`
`component. Id.
`
`Specifically, Lin utilizes an SDN Controller 610 (which may be an OpenFlow
`
`Controller) that controls the behavior of the SDN computer network 600 as shown
`
`in Fig. 6:
`
`
`
`13
`
`
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`
`
`
`Ex. 1005, 3:40-52, Fig. 6.
`
`The SDN controller may include a flow policy database 611. Id. The flow
`
`policy database comprises flow policies that are enforced by the controller 610 on
`
`network traffic transmitted over the SDN computer network 600 and may specify
`
`security policies that govern transmission of packets on the network. Id. Flow
`
`policies in database 611 are implemented in terms of flow rules 624 that are stored
`
`in flow tables 621 of the SDN switch 620. Ex. 1005, 4:19-31. “The SDN controller
`
`610 may insert flow rules in the flow tables 621.” Ex. 1005, 6:1-3.
`
`2.
`
`Shieh (Ex. 1006)
`
`U.S. Pat. Pub. No. 2013/0291088 to Shieh et al. (“Shieh”) is titled
`
`“Cooperative Network Security Inspection” and describes a network system
`
`
`
`14
`
`
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`including a security device and a network access device. Ex. 1006, abstract. The
`
`network access device receives a packet from a source node of the network and
`
`determines whether the packet should be routed to a destination node or forwarded
`
`to a security device. Ex. 1006, [0037]. The network access device makes this
`
`determination based on whether a bypass flag in a session table stored on the network
`
`access device is set to a predetermined value or not. Id. If the bypass flag is the
`
`predetermined value, the packet is forwarded to the security device. Id. Otherwise,
`
`the packet is routed to the destination node. Id. The bypass flag may be received
`
`from the security device, such as to indicate that the security device no longer wishes
`
`to receive further packets for security inspection. Ex. 1006, [0030].
`
`3.
`
`Swenson (Ex. 1007)
`
`U.S. Pat. Pub. No. 2013/0322242 to Swenson et al. (“Swenson”) is titled
`
`“Real-Time Network Monitoring and Subscriber Identification with an On-Demand
`
`Appliance” and describes a system and method for selectively monitoring traffic in
`
`a service provider network. Ex. 1007, abstract. A user device 110 accesses a network
`
`via a steering device 130. Ex. 1007, [0026]. A network controller 140 interfaces with
`
`steering device 130 to coordinate the monitoring and categorization of network
`
`traffic. Id. The network controller provides selective real-time network monitoring
`
`and subscriber identification and monitors large flows in the network, collects flow
`
`
`
`15
`
`
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`statistics, and selects flows to be optimized. Ex. 1007, [0039-0040]. The network
`
`controller may monitor and optimize flow based on historical traffic data for the
`
`average of the bandwidth per user at a particular cell tower to estimate the amount
`
`of bandwidth or degree of congestion for the new flow based on the historical record.
`
`Ex. 1007, [0029].
`
`E.
`
`Level of Ordinary Skill
`
`The Institution Decision adopted Petitioner’s level of ordinary skill. DI, 11-
`
`12. For purposes of this Patent Owner Response, Patent Owner does not dispute
`
`Petitioner’s level of ordinary skill.
`
`III. CLAIM CONSTRUCTION
`
`Although
`
`the Petition proposed constructions for “controller” and
`
`“instruction,” the Institution Decision “determine[d] that no terms need to be
`
`construed at this time. See Realtime Data, LLC v. Iancu, 912 F.3d 1368, 1375 (Fed.
`
`Cir. 2019) (“The Board is required to construe ‘only those terms . . . that are in
`
`controversy, and only to the extent necessary to resolve the controversy.’”).
`
`Relevant to this Patent Owner Response, the Court in the District Court Case
`
`preliminarily construed the term “controller” as “an entity that is capable of
`
`controlling deep packet inspection,” and the parties submitted their proposed
`
`constructions on the papers without further argument. Notably, the parties stipulated
`
`
`
`16
`
`
`
`
`Case IPR2023-00554
`Patent 10,652,111
`
`jointly to a dismissal of the District Court Case before the Court issued a decision
`
`on claim construction.
`
`Patent Owner submits that “controller” should be construed consistent with
`
`the preliminary construction in the District Court Case as “an entity that is capable
`
`of controlling deep packet inspection.” Petitioner has proposed that “controller” be
`
`construed as “an entity configured to perform deep packet inspection on packets.”
`
`As explained below, Patent Owner’s arguments are materially the same under either
`
`competing construction; thus, they do not turn on the Board resolving the parties’
`
`dispute concerning the construction of “controller.” Accordingly, t