Appeals from the United States Patent and Trademark Office,
Patent Trial and Appeal Board in No. IPR2015-00978.
Ann Degnan, Fish & Richardson, PC, Washington, DC, and
Matthew D. Powers, Tensegrity Law Group LLP, Redwood Shores,
CA, argued for appellant. Also represented by Michael J.
McKeon, Adam Shartzer, Linhong Zhang, Fish & Richardson,
PC, Washington, DC; Robert Lewis Gerrity, William P. Nelson,
Tensegrity Law Group LLP, Redwood Shores, CA.
C. O'Quinn, Kirkland & Ellis LLP, Washington, DC,
argued for cross-appellant. Also represented by Calvin
Alexander Shank, Jason M. Wilcox, William H. Burgess; Jon
Wright, Daniel S. Block, Lori A. Gordon, Sterne Kessler
Goldstein & Fox, PLLC, Washington, DC.
Prost, Chief Judge, Schall and Chen, Circuit Judges.
Networks, Inc. ("Arista") petitioned for an
inter partes review ("IPR") of certain
claims of U.S. Patent No. 7, 340, 597 ("the '597
patent"), which is owned by Cisco Systems, Inc.
("Cisco"). After instituting an IPR, the Patent
Trial and Appeal Board ("Board") upheld some of
those challenged claims as patentable but invalidated others.
Both Arista and Cisco appeal various aspects of the
Board's decision. Having considered the parties'
arguments, we reverse and remand as to Arista's appeal,
and we affirm Cisco's cross-appeal.
networks are made up of various network devices (e.g.,
computers, servers, routers, and switches) that are connected
to each other. Within a network, devices can easily access
information and services provided by other devices in the
network. This convenience of access has drawbacks, however,
as it increases the risk of an external attack on one or more
network devices. For example, if an external attacker
compromises one network device, the security of all connected
network devices is threatened. As explained below, the patent
at issue in this case relates to securing network devices
from such attacks by using a logging module to communicate
any configuration changes to a device.
'597 patent, titled "Method and Apparatus for
Securing a Communications Device using a Logging
Module," relates generally to ensuring network device
security by using a logging module with restricted
configurability to detect and communicate changes to a
network device's configuration. '597 patent col. 2
ll. 35-37, 45-47, col. 3 ll. 43-49.
'597 patent includes four independent claims. Claim 1 and
dependent claim 29 are illustrative. Claim 1 states:
1. An apparatus comprising:
a communications device comprising:
a subsystem; and
a logging module, coupled to said subsystem, and configured
to detect a change to a configuration of said subsystem of
said communications device, and communicate information
regarding said change to said configuration of said subsystem
of said communications device.
Id. at claim 1. Claim 29 states:
29. The communications device of claim 1, wherein the logging
module is configured to communicate the change to the
configuration of the subsystem by broadcasting the change to
the configuration of the subsystem.
Id. at claim 29.
embodiment, a network communications device includes a
"logging module" that monitors and reports
configuration changes. Id. at col. 3 ll. 43-48, col.
6 ll. 7- 10. When the logging module detects a configuration
change, it can indicate that change in various ways, for
example, by way of "an indicator lamp, a message to a
display, a message to another network device, broadcast
message to specially-configured security devices, or other
such mechanisms." Id. at col. 7 ll. 25-30.
embodiments, the logging module communicates a configuration
change by "broadcast[ing] the change in the
configuration of communications interface . . . to one or
more security monitors on the network." Id. at
col. 7 ll. 39-41; see also id. at col. 8 ll. 52-54.
Such broadcasting occurs by way of a multicast address.
Id. at col. 11 ll. 45-50. To monitor these
broadcasts, in some embodiments, a given security monitor
must "subscribe to this multicast address."
Id. at col. 11 ll. 50-51, col. 13 ll. 57-67
(describing the process of configuring a security monitor,
including "subscribing to a logging module's
multicast address in order to receive broadcasts from the
named inventor of the '597 patent is Dr. David Cheriton,
who at the time of the invention was employed by Cisco as a
technical advisor and chief product architect. Dr. Cheriton
assigned "the entire right, title and interest
throughout the world in [his] invention" to Cisco,
requesting that the U.S. Patent and Trademark Office
("PTO") "issue all patents granted for said
invention" to Cisco. J.A. 598; see also
'597 patent (listing Cisco as the assignee). In the same
assignment document, Dr. Cheri-ton agreed "generally to
do everything possible to aid said assignee, their
successors, assigns and nominees, at their request and
expense, in obtaining and enforcing patents for said
invention in all countries." J.A. 598. Cisco compensated
Dr. Cheriton for his employment and, according to Cisco,
provided additional compensation for the assignment of
inventions he developed during his tenure at Cisco.
thereafter, Dr. Cheriton and at least thirteen other Cisco
employees left Cisco to found Arista. Dr. Cheriton served as
Arista's Chief Scientist for several years. He also
served as a director of Arista and was one of its largest
shareholders. He resigned from Arista in March 2014.
response to Arista's IPR petition, which Arista filed on
April 1, 2015, the Board instituted review of certain claims
of the '597 patent. In its Final Written Decision, the
Board upheld claims 29, 63, 64, 73, and 86 as patent-able,
but invalidated claims 1, 14, 39-42, 71, 72, 84, and 85 as
anticipated or obvious. Arista Networks, Inc. v. Cisco
Sys., Inc., IPR2015-00978, Paper 32 at 26 (P.T.A.B.
Sept. 28, 2016) ("Final Written
Decision"). In doing so, the Board declined to
apply the doctrine of assignor estoppel, which in Cisco's
view should have prevented Arista from challenging the
timely appealed with respect to the claims upheld by the
Board, and Cisco timely cross-appealed regarding the
invalidated claims. We have ...