Firewalls, Routers, Network Security

IP or just generic tech? Palo Alto argues Centripetal patent claims are overly broad

Signage with logo at the Silicon Valley headquarters of computer security and firewall company Palo Alto Networks, Santa Clara, California, August 17, 2017. Palo Alto Networks patched nine flaws in PAN-OS. (Photo via Smith Collection/Gado/Getty Images).

Palo Alto Networks asked a Virginia judge to dismiss a patent lawsuit filed against them by Centripetal Networks, questioning the broad nature of the covered technologies and processes and saying the company has not put forth any plausible evidence that their products are being copied.

In an April 30 court filing, lawyers for Palo Alto Networks claim Centripetal’s initial 146-page complaint “makes no genuine attempt to tie a complete asserted claim to any particular accused product.” The suit cites 12 specific patents, most dealing with filtering network traffic, and points to seven Palo Alto products that violate those patents. But Palo Alto's legal team claims the charges amount to “disorganized assertions interspersed with claim language that provide no indication of how the features of the accused products allegedly satisfy the elements of the asserted claims.”

Further, Palo Alto Networks argues that at least three of the asserted patents appear to cover broad, commonly used networking and firewall processes that should be ruled ineligible by the court. Citing a number of prior court decisions, lawyers asserted that filtering and sorting data based on rules, the claim at the heart of many of the asserted patent violations – is “an age-old idea that the Federal Circuit has repeatedly held to be impermissibly abstract.”

“Enhancing security using rule-based filtering is a longstanding process that is not unique to computer networks – and has long occurred at the boundaries of protected areas,” the motion claims.

Without those underlying patents, they argue that Centripetal’s case fails to cite “anything inventive – such as new components, or a technological improvement…that might transform the claims into patent eligible subject matter.”

Centripetal’s lawyers allege that intellectual property from 12 of the company’s patents were taken and used in numerous Palo Alto Networks security products, including its next-generation firewall, its network security management tool Panorama, its artificial intelligence security operations platform Cortex, its analysis software MineMeld and its DNS security service. Many of the patents described by Centripetal deal with specific methods for filtering network traffic data and rule-based network threat detection.

Tyson Benson, an intellectual property attorney with a decade of experience in tech patent law, told SC Media that most patent suits dealing with software-based claims tend to start where this one has, with the defendant citing a failure to state a claim.

A Supreme Court ruling in 2014, Alice v. CLS Bank, significantly narrowed the eligibility of software-based products to obtain patents. Just as you can’t patent established, commonly used inventions like automobiles or sewing machines, the courts have also found that companies can’t patent certain common, abstract ideas or mathematical concepts carried out by software, unless it is also supplemented by other additional, inventive components or concepts that make it unique.

“[The equation] E = mc2  is not patentable, that’s a phenomenon, that’s an abstract idea,” said Benson. “That is Palo Alto’s argument: they’re saying…the claims [here] are so broad that these are any generic, off-the-shelf, firewall-type system that monitors packets and applies a rule…whether to throw that packet away or allow it to continue on to its destination.”

Several internal policy and guideline changes at the U.S. Patent and Trademark Office in recent years have made it easier to obtain such software-related patents, but Benson said the courts are not bound by the same rules or criteria the agency uses to determine eligibility and can invalidate a patent if they feel it is overly broad or encompasses mental processes that a human would otherwise be capable of achieving without the product.

Some cybersecurity observers raised similar questions after Centripetal initially filed the lawsuit. Adrian Sanabria, senior research engineer with SC Media sister brand SW Labs, said that he did have concerns that some of the technologies and processes cited in Centripetal’s complaint “describe basic IDS/IPS functionality that has been around for 20-plus years.”

These patents appear “overly vague and would apply to nearly every network security vendor in the industry,” said Sanabria, who leads SW Lab's evaluations of open source and commercial cybersecurity products.

Centripetal’s complaint also leans heavily on claims that a series of meetings in previous years between the two companies over a threat intelligence partnership and investment that never panned out involved discussion of the patented technologies. That includes a meeting with the creator and lead developer of Minemeld, one of the products covered under the lawsuit.

But Palo Alto’s lawyers said the information exchanged between the two companies amounted to public information on Centripetal’s website or from promotional materials, and that the exchanges cited by the company took place a year or more before the asserted patents were issued.

“In sum, none of Centripetal’s allegations [related to the meetings] shows it is plausible that [Palo Alto Networks] had pre-suit knowledge of the Asserted Patents – at most, they show merely that it is ‘conceivable,’” the company’s lawyers wrote.

Derek B. Johnson

Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.