[00:00:00] Speaker 02: Our final argument for this morning is number 231730, centripetal networks against Palo Alto networks. [00:00:13] Speaker 01: Mr. Hanna, welcome back. [00:00:13] Speaker 01: Yes, thank you again, Your Honors. [00:00:14] Speaker 01: May it please the court? [00:00:16] Speaker 01: So the primary issue in this case is also claim construction. [00:00:20] Speaker 01: We do have some other issues to discuss, but the primary one is the lack of claim construction by the board of the term a malicious host tracker service. [00:00:31] Speaker 01: And I think it helps, in the other case we were talking about how we do this recovery from an attack. [00:00:37] Speaker 01: This patent is really about a fundamental shift in cyber security. [00:00:43] Speaker 01: So traditional cyber security, [00:00:45] Speaker 01: would focus on the what. [00:00:47] Speaker 01: What we mean by that in our briefing is if you get a bad file or something that's malicious that looks like it's gonna do something bad to infect your computer, you block that file. [00:00:59] Speaker 01: What Centripetal recognized is that you're gonna get a ton of bad files. [00:01:05] Speaker 01: The way the internet is growing, the way the attacks are being submitted to everyone, it's impossible to constantly block the what. [00:01:14] Speaker 01: So you decided, let's come up with a solution that blocks the who, identifies who is the bad actor that's actually sending these files. [00:01:25] Speaker 01: Who are these malicious hosts? [00:01:27] Speaker 01: And by doing that, by blocking the who, you're able to block threats that you may never ever see coming before they ever infect your network. [00:01:38] Speaker 01: And what the board did here in this case [00:01:42] Speaker 01: is they did not give any patentable weight to the Who. [00:01:47] Speaker 01: to the malicious host tracking service. [00:01:50] Speaker 05: When you talk about the who in the claim, what is your best word for telling who? [00:01:57] Speaker 05: It's the word host. [00:01:58] Speaker 01: The malicious host, correct. [00:02:01] Speaker 05: So this claim says that there's malicious traffic information received from a malicious host tracker service. [00:02:09] Speaker 05: And you want us to understand that the term malicious tracker information means the who. [00:02:16] Speaker 05: Because the thing that's sending it has the word host in it. [00:02:23] Speaker 01: I think that we're on the same page, but I think you left out the word host. [00:02:27] Speaker 05: I think I said it. [00:02:28] Speaker 05: It says a malicious host tracker service is going to send malicious traffic information. [00:02:37] Speaker 05: And you want us to interpret malicious traffic information to say who [00:02:43] Speaker 05: just because the information's coming from something that's called a malicious host tracker service, right? [00:02:50] Speaker 05: Do I have your opinion? [00:02:52] Speaker 01: I think so, Your Honor. [00:02:53] Speaker 01: Just the argument is that the malicious host tracker information, or the service, that has to provide information about the host, the malicious host. [00:03:03] Speaker 01: That's the natural reading of the claim. [00:03:05] Speaker 05: Why doesn't the claim then say, you know, sending malicious host [00:03:11] Speaker 05: information or identifying hosts of malicious traffic information. [00:03:17] Speaker 05: Why doesn't it say that if that's what's meant? [00:03:20] Speaker 05: It's a pretty broad claim. [00:03:22] Speaker 05: It just says sending malicious traffic information. [00:03:27] Speaker 01: But it also, but it does specify where that's received from. [00:03:31] Speaker 01: It's received from a host tracker service. [00:03:33] Speaker 05: And, and the, and the specific- They're saying it is necessarily so, as always, that a malicious host tracker, tracker service can only send identification of who? [00:03:46] Speaker 01: Of the host. [00:03:47] Speaker 01: Absolutely, Your Honor. [00:03:48] Speaker 01: That it has to contain identifying information of the host. [00:03:52] Speaker 01: That's the whole point of this, is that it will- What does your specification say that? [00:03:57] Speaker 01: So the specification, it's throughout our briefing, but it specifically points out that they have these services in which they will identify various hosts that are going to be sending a variety of malicious... Just a weird malicious host tracker service, but that's in the spec, right? [00:04:19] Speaker 01: I believe so, yes, John. [00:04:20] Speaker 01: I think it's pointed out in our briefing as well. [00:04:23] Speaker 05: Is there any place where it says, a malicious host tracker service can only send an identification of host? [00:04:30] Speaker 01: I don't think I know if it says the word only. [00:04:33] Speaker 01: But the lip, but. [00:04:35] Speaker 02: I'm sorry. [00:04:36] Speaker 02: Isn't that absolutely crucial? [00:04:38] Speaker 02: I think it's cash. [00:04:39] Speaker 02: A service may be called that if it does a particular thing, but it may do other things as well. [00:04:48] Speaker 01: But that's the point is the board needed to construe this term so we even know what the bounds are. [00:04:54] Speaker 01: We never even got a construction of malicious host tracker information at all. [00:04:59] Speaker 01: So this goes to more of a fundamental principle that the board knew that this is a point of dispute, as we can all see. [00:05:10] Speaker 01: And the board sidestepped its obligation to define what a malicious host tracker service is. [00:05:17] Speaker 04: Don't you think that [00:05:18] Speaker 04: Don't you think they had an implicit construction at least? [00:05:21] Speaker 01: No, I don't because if you look at it on page 10, this is appendix page 10, they said... Didn't they say plain and ordinary meaning? [00:05:32] Speaker 05: I can't remember. [00:05:33] Speaker 05: There's a lot of cases today. [00:05:35] Speaker 05: Do you remind me exactly what they said? [00:05:37] Speaker 01: No, so what they said was there's no reason to identify host. [00:05:41] Speaker 01: The malicious host tracker service does not have to identify host. [00:05:45] Speaker 01: That's what they said. [00:05:45] Speaker 01: They didn't say plain and ordinary meaning. [00:05:48] Speaker 02: doesn't have to identify hosts, or it doesn't, for this claim, have to send host identifying information. [00:05:54] Speaker 02: Those are two different things. [00:05:56] Speaker 01: It says they do not have to identify hosts. [00:05:58] Speaker 02: Where does it say that? [00:05:59] Speaker 01: In the appendix at page 10. [00:06:02] Speaker 01: And then they go on to argue that. [00:06:11] Speaker 02: I'm sorry. [00:06:11] Speaker 02: This seems important to me. [00:06:13] Speaker 02: So can you point me to the sentence that you're relying on? [00:06:28] Speaker 01: I think I have my notes on the other one, Your Honor. [00:06:33] Speaker 01: Yes, on pages 9 through 10, appendix 9 through 10. [00:06:37] Speaker 01: So what they said specifically is, on the bottom of 9, they said that what our argument was that we imposed limitations on the claimed malicious traffic information provided from a malicious host traffic service. [00:06:51] Speaker 01: And then on page 10, they said that petitioner urges us to reject their argument. [00:06:57] Speaker 01: And then it said that it's going to not construe the term. [00:07:03] Speaker 01: And then we get to... I'm sorry, not construe which term? [00:07:06] Speaker 01: Malicious host tracker service, the host part. [00:07:09] Speaker 02: I guess I'm having trouble finding here where the board says anything other than the malicious traffic information, which is the thing that is being sent, doesn't have to be information about the identity of a malicious [00:07:27] Speaker 02: traffic host. [00:07:29] Speaker 01: Exactly. [00:07:30] Speaker 01: That's our point, Your Honor. [00:07:31] Speaker 01: The point is they defined the malicious traffic information. [00:07:37] Speaker 01: They did not define what a malicious host tracker service is or what's required from that. [00:07:42] Speaker 05: But in identifying what the malicious host traffic information is, it addressed your argument that that information should be limited based on what was sending it. [00:07:54] Speaker 01: So Your Honor, they didn't say the host traffic information. [00:07:58] Speaker 01: They said there's two separate elements here. [00:08:00] Speaker 01: Malicious traffic information, right? [00:08:03] Speaker 01: And then we said, we need a definition. [00:08:05] Speaker 01: They gave us a definition of that. [00:08:08] Speaker 01: We said, OK, what is the malicious host tractor service that's providing that? [00:08:13] Speaker 02: I guess I took it to the board with saying, it doesn't matter. [00:08:19] Speaker 02: what the malicious host tracker service is, except that we will assume that as you suggest, it must track malicious hosts. [00:08:37] Speaker 02: The only thing that matters is what the malicious traffic information is. [00:08:42] Speaker 02: And that's not limited to the identity of the malicious host. [00:08:48] Speaker 01: So if you're all right, I think there's a couple things there. [00:08:53] Speaker 01: They never clarified whether the malicious traffic information has to identify hosts or not. [00:09:03] Speaker 02: They did. [00:09:03] Speaker 02: They rejected it on pages 9 and 10. [00:09:06] Speaker 01: What they said was the malicious traffic information [00:09:11] Speaker 01: right, it's not going to be limited to hosts. [00:09:15] Speaker 02: So that's a claim construction. [00:09:16] Speaker 01: Right, right, for malicious traffic information. [00:09:18] Speaker 03: But the malicious host tracker service... It cares what host tracker service means if it can send both host information and other malicious traffic information. [00:09:28] Speaker 03: That's what the board is saying, and you're saying somehow that host tracker can only send host information. [00:09:36] Speaker 03: But that's not what that term [00:09:38] Speaker 03: And its plain meaning means when you say malicious traffic information, if you admit it always sent malicious host information, you would have said malicious host, not malicious traffic. [00:09:51] Speaker 01: So I think the problem, Your Honor, is that they still need to provide context in terms of the malicious... No, they don't. [00:09:58] Speaker 03: Is there any dispute, really, that a malicious host tracker service could send both host information and other malicious traffic information? [00:10:08] Speaker 01: I think there is a dispute. [00:10:09] Speaker 01: I think that you need to identify hosts as part of that information from a host tracker service. [00:10:14] Speaker 01: And this is the problem. [00:10:17] Speaker 03: That's completely inconsistent with the plain language of malicious traffic information. [00:10:23] Speaker 03: malicious host tracker service is confined to using only sending host information. [00:10:31] Speaker 03: It's talking about a malicious host, and a tracker service attracts that host. [00:10:36] Speaker 03: You could probably figure out it's a malicious host by both the identity of the host and also the type of information it sends. [00:10:43] Speaker 03: That seems a much more natural reading in the reading the board can network than what you're proposing. [00:10:49] Speaker 01: So that's looking at an isolation, respectfully, Your Honor. [00:10:51] Speaker 01: Let's look at isolation. [00:10:52] Speaker 03: I'm looking at the plain language. [00:10:54] Speaker 03: That's what we start with, right? [00:10:55] Speaker 01: Right, right. [00:10:55] Speaker 01: And the plain language always says, malicious traffic information received from a malicious host tracker service. [00:11:02] Speaker 01: That's what it always says when it talks about the malicious traffic information. [00:11:05] Speaker 03: That doesn't help you. [00:11:07] Speaker 03: Because you're saying that a malicious host tracker service is only going to send host information. [00:11:14] Speaker 01: That's what a malicious host tracker service does. [00:11:17] Speaker 01: That's the point of the malicious host tracker service. [00:11:20] Speaker 01: And that's why they needed to construe that so we actually know what the bounds are. [00:11:25] Speaker 01: And the problem is, they said that they were gonna do it. [00:11:28] Speaker 01: On page 10, or appendix page 10 and 11, they said, we're going to, in one instance, we're saying that malicious information doesn't have to contain host information. [00:11:40] Speaker 01: They said, okay, [00:11:42] Speaker 01: Even then, we're going to apply the patent owner's construction. [00:11:46] Speaker 01: And they never did so. [00:11:47] Speaker 01: They have one line saying that they're going to do it, and then you look at 25 through 30 of the appendix, and they never identify anywhere that has host information identified. [00:11:58] Speaker 01: And that's one of the cruxes of this patent, is identifying the hosts so that you have the protection. [00:12:07] Speaker 01: And the board erred in that. [00:12:10] Speaker 01: But there's a separate ground. [00:12:13] Speaker 01: Let's look at the fact that the board applied the claims wrong. [00:12:18] Speaker 01: We pointed this out in our brief. [00:12:20] Speaker 01: The claims require this malicious traffic information, however your honors want to construe it, is received by a server. [00:12:29] Speaker 01: In their decision, they said the junk reference receives it at the gateway. [00:12:36] Speaker 01: That's not what the claims say. [00:12:38] Speaker 01: That's an independent round for reversal. [00:12:40] Speaker 01: They got the facts wrong. [00:12:42] Speaker 01: The way that you apply the, that is exactly what they said. [00:12:46] Speaker 01: And even the petitioner pointed that out in its briefing that the board could have been more clear. [00:12:52] Speaker 01: Well, the board didn't get it right. [00:12:53] Speaker 01: They said that the malicious traffic information, this is what the board said, malicious traffic information goes to the gateway. [00:13:01] Speaker 01: The claims say the malicious traffic information goes to the server. [00:13:07] Speaker 01: They got it wrong. [00:13:08] Speaker 01: That's an independent ground for reversal. [00:13:12] Speaker 01: And finally is the... I'll just say the spoofed information. [00:13:19] Speaker 01: They pointed to spoofed IP addresses. [00:13:21] Speaker 01: We laid this out in our briefing. [00:13:23] Speaker 01: They said that that's the malicious traffic information. [00:13:26] Speaker 01: That hides where the origin is from rather than identified. [00:13:32] Speaker 01: I'll reserve the rest of my time. [00:13:33] Speaker 02: Thank you. [00:13:46] Speaker 02: Mr. Howard, your Honor. [00:13:48] Speaker 00: Thank you, Your Honors. [00:13:49] Speaker 00: It may please the Court. [00:13:51] Speaker 00: As in the last appeal, we think we can, when the Court can affirm, on claim construction or on the basis of the factual findings that the Board made in this IPR on this record or on the basis of collateral stopper, any of those three. [00:14:08] Speaker 00: But since most of the argument this morning has been about claim construction, I'd like to start there. [00:14:15] Speaker 00: As Your Honor's questions have indicated, the claims do not limit the nature of the malicious traffic information that is transferred from the malicious host tracker. [00:14:26] Speaker 00: And that was critical to their argument that you did not disclose. [00:14:31] Speaker 00: And that is what the board rejected on [00:14:34] Speaker 00: page 10 of the appendix. [00:14:37] Speaker 00: It says, claim one does not recite the specifics of the malicious traffic information that the SPMS receives from the host tracker service. [00:14:48] Speaker 00: That's what they needed to show, that there's some limitation on the nature of the information that is sent to the SPMS and there's nothing in the claim to support that. [00:14:59] Speaker 00: And then they said, thus we agree with petitioner [00:15:03] Speaker 00: that the independent claims are not limited to the packet identification features that Padden owner asserts. [00:15:11] Speaker 00: So all that the board was rejecting about the proposed construction that Centripetal had offered was that the service identifies that is not required and provides identifying information that is not required [00:15:32] Speaker 00: about information about network hosts that have been determined to be associated with malicious network traffic. [00:15:39] Speaker 00: All that the board did was resolve the specific claim construction dispute that the parties had joined before them. [00:15:48] Speaker 00: That was all they needed to do. [00:15:51] Speaker 00: And that claim construction was moreover supported by the specification, not undermined by it. [00:15:58] Speaker 00: It's supported in particular by two different [00:16:01] Speaker 00: features in our columns in the specification at columns 11 to 12 and this is cited by the board at page 10. [00:16:13] Speaker 00: It notes that the specification discloses the type of information that might be the basis of filtering rules and that quote associated network addresses was just one example of the list. [00:16:28] Speaker 00: but also on column 15, which is the column that was just cited by centripetal, there as well on column 15, it says that the malicious host tracker service may aggregate information associated with malicious network traffic and updates received from malicious host tracker service may include one or more network addresses. [00:16:56] Speaker 00: It's may. [00:16:56] Speaker 00: Of course, there's no question, Judge Hughes, as Your Honor's question indicated, that IP addresses may be one of the types of information that will be shared. [00:17:09] Speaker 00: But it's not the only kind of information that might be shared. [00:17:12] Speaker 00: In fact, counsel's last comment about spoofed addresses, I think, proves the point. [00:17:18] Speaker 00: If the spoofed address is what has been associated with malicious traffic, then what one wants to know [00:17:24] Speaker 00: is the spoofed address, not the actual address of the actual host, because that's not known. [00:17:31] Speaker 00: The spoofed address is what's going to be used. [00:17:33] Speaker 00: And so the system does not limit to the actual identifying information about the host. [00:17:40] Speaker 00: It's rather [00:17:41] Speaker 00: broad enough to encompass whatever that useful type of malicious trafficking information might be. [00:17:48] Speaker 02: Can I ask, what was the component of, is it junk? [00:17:53] Speaker 02: Junk? [00:17:53] Speaker 02: Junk. [00:17:54] Speaker 02: Junk. [00:17:55] Speaker 02: That was, that you mapped the malicious host traffic service onto. [00:18:03] Speaker 00: Well, Your Honor, it could be the third-party virus watch service that the Secretary describes. [00:18:12] Speaker 00: So the external device is the SPMS. [00:18:18] Speaker 00: The SPMS is what updates the rules and supplies the rules [00:18:24] Speaker 00: to the package security gateway. [00:18:28] Speaker 00: That's the edge server. [00:18:29] Speaker 00: The edge server is the gateway that applies the rules. [00:18:32] Speaker 00: The SPMS that updates the rules and supplies the rules is the external device. [00:18:39] Speaker 02: And the board was clear in finding... I'm sorry, which component of... Did you map this [00:18:51] Speaker 00: malicious host malicious traffic host host server a malicious host tracker service to this would be to such a third an external third-party service such as and you expressly disclosed a virus watch service but our expert explained that those were well-known and [00:19:15] Speaker 00: to provide such information as IP addresses. [00:19:19] Speaker 02: And this goes then to the point that... This is all just... I just wanted to talk about the thing that was at issue. [00:19:27] Speaker 02: Put aside the malicious traffic information. [00:19:30] Speaker 02: I want to completely forget about that right now, okay? [00:19:33] Speaker 02: What did you establish [00:19:37] Speaker 02: And did the other side contest that the thing you said in your mapping was the malicious host tracker service did, among other things, track malicious hosts? [00:19:52] Speaker 00: Your honor. [00:19:53] Speaker 00: Well, track the hosts of malicious trap. [00:19:56] Speaker 00: I don't think that they dispute that if it doesn't have to be identifying, but rather be information associated with malicious hosts, that Nuke discloses that. [00:20:09] Speaker 00: So if we take out that identifying limitation, that I don't think they're contesting yet on the board's construction. [00:20:17] Speaker 02: The only dispute is what the information is that constitutes the malicious traffic information that is being sent by this hostage. [00:20:27] Speaker 00: Yes, Your Honor. [00:20:28] Speaker 00: But if it is easier simply to affirm on the basis of the fact that the board specifically found on the record in this case, and in another case that is now final and therefore binding under collateral stopple, that YUNC discloses, among other things, the provision of IP addresses associated with malicious hosts and updating that list as a form of updated rules. [00:20:56] Speaker 00: So that's specifically found by the board on Appendix 27. [00:21:03] Speaker 00: And where's the thing in Yuke that does that? [00:21:05] Speaker 00: Is that the Edge server? [00:21:07] Speaker 00: The Edge server applies the rule. [00:21:12] Speaker 00: The external device is what actually updates the rules, receiving information from this third-party service. [00:21:22] Speaker 00: And that's clear. [00:21:23] Speaker 00: The board goes through [00:21:25] Speaker 00: it's mapping when it describes Junk at pages 15 to 16. [00:21:34] Speaker 00: And it goes through figure six, which, and I think one of the confusing things here is that figure six and figure seven use slightly different terminology, even though in some ways figure seven is just drilling down and giving more detail about figure six. [00:21:50] Speaker 00: So figure six uses the [00:21:53] Speaker 00: term edge server as the security gateway. [00:21:59] Speaker 00: This is applying the rules. [00:22:00] Speaker 00: And it draws a line to the external world that would be the source of identifying the malicious code. [00:22:10] Speaker 00: In greater detail in figure seven, that edge server is also in blue. [00:22:17] Speaker 00: It's the packet interceptor adapter, and it has a number of subcomponents to that. [00:22:24] Speaker 00: And the SPMS, which is what's gathering this information and turning it into rules, is what's in purple there. [00:22:34] Speaker 00: These are the edge external devices. [00:22:39] Speaker 00: And in one place, on page 29, St. [00:22:43] Speaker 00: Trimple notes that the board says that the edge server receives this information from the malicious host tracker information. [00:22:56] Speaker 00: And it does, but it does via the SPMS, the external devices, which are what, take that information and turn it into rules. [00:23:07] Speaker 00: That is clear from other findings that the board makes. [00:23:11] Speaker 00: They were just skipping over a step there. [00:23:15] Speaker 00: On Appendix 24, the board says Moot discloses Edge Server 602 receives management policies from a device external to the protected network in the same manner that they claimed PSG [00:23:33] Speaker 00: is associated with the SPMS of the recited preamble. [00:23:38] Speaker 00: So we know that that's the relationship. [00:23:40] Speaker 00: The edge server is the PSG. [00:23:43] Speaker 00: The external device is the SPMS. [00:23:51] Speaker 00: There are also other instances where they say that. [00:23:55] Speaker 00: They say, for example, on appendix 16, the rules are defined and modified dynamically by an external device. [00:24:03] Speaker 00: So it's the external device interface. [00:24:06] Speaker 00: That's the SPMS. [00:24:07] Speaker 00: That's what's updating the rules and then supplying them to the Edge server. [00:24:11] Speaker 00: Again, on page 29, they simply sort of skipped that step. [00:24:15] Speaker 00: And that's, I think, maybe because figure six [00:24:19] Speaker 00: describes it without that step in between. [00:24:22] Speaker 00: We know that step exists because figure seven makes that clear. [00:24:27] Speaker 00: If I could, about the support [00:24:29] Speaker 00: for the actual finding that the board made that among the types of malicious traffic information that are communicated and ultimately made into rules and applied by the ad server are internet IP addresses associated with malicious hosts. [00:24:46] Speaker 00: That's on appendix 26 to 27, where it says, as petitioner points out, so it's agreeing with us, [00:24:57] Speaker 00: YUNK discloses receiving the rules and taking actions based on comparing the packets to predefined values, e.g., checking a received packet's source IP address against a list of blocked addresses and responding accordingly. [00:25:16] Speaker 00: So addresses, blocked addresses, are an example of the rules that the board understands YUNK [00:25:23] Speaker 00: NUKE discloses the edge server applying. [00:25:28] Speaker 00: And it cites for that proposition petition 40 to 41. [00:25:32] Speaker 00: In a petition 40 to 41, we go into great detail how that occurs, and cite in addition to other things, our experts disclosure, Matt Acetti, at paragraphs 265 to 269. [00:25:50] Speaker 00: And among the other things that [00:25:53] Speaker 00: are disclosed at Petition 40-41 and explained further by Mr. Matticelli is that Yuke on Paragraphs 176-177 and that's at Appendix 2737 expressly discloses about checking the source IP address of the packet against a blocked list of IP addresses. [00:26:19] Speaker 00: So of course Yuke isn't [00:26:21] Speaker 00: ignorant of the idea that one of the ways that one can identify malicious hosts and block them is through IP addresses. [00:26:32] Speaker 00: And further, Young discloses, and this is at paragraph 111, at appendix 2728, [00:26:38] Speaker 00: that the Edge servers can obtain information, and we know that it goes here through the intermediary of the SPMS, these external devices, from a virus watch service. [00:26:50] Speaker 00: Maticelli, and this is Appendix 1365-66, [00:26:55] Speaker 00: explains that it would have been obvious for one who's knowledgeable of the art that UNIX external devices would automatically update rules such as blocked IP addresses with additional blocked IP addresses provided by this third-party service because, of course, it was well known that once the malicious host knows that it's been identified, it changes its IP address. [00:27:21] Speaker 00: And that list of IP addresses has to be constantly updated. [00:27:26] Speaker 00: So the board makes a specific finding that Yonk discloses to one knowledgeable in the ARC that among the types of malicious traffic information that the malicious host tracker would provide are IP addresses associated with suspicious hosts and that those would be blocked. [00:27:48] Speaker 00: They also make a specific finding that [00:27:53] Speaker 00: that those would be updated automatically. [00:27:57] Speaker 00: Appendix 32, speaking specifically of lists of blocked IP addresses, it notes the fact that the set of rules is updated, and then Appendix 34, that the SPMS discloses that the resetting of the rules is performed automatically. [00:28:15] Speaker 00: All of these findings, in fact, are made, and all are supported. [00:28:20] Speaker 00: But you don't have to decide based upon the record and findings here, because in an earlier proceeding, the board found, and it was not appealed, and this court affirmed the board's findings, that YUNC discloses what claim 14 of the 205 patent expressly required. [00:28:42] Speaker 00: What it required was receiving from a subscription service that aggregates information associated with malicious network traffic [00:28:50] Speaker 00: a list of network addresses known to be associated with malicious network traffic. [00:28:55] Speaker 00: That was what was required by the Claim 14 or 205 patent, and that is what was held to be disclosed by Jung. [00:29:03] Speaker 00: So there's no question that network addresses known to be associated with malicious host is the kind of identifying information that they say needs to be disclosed. [00:29:13] Speaker 00: And it was found to be disclosed there [00:29:15] Speaker 00: We have on page 41 of our red brief the mapping to what centripetal says is required. [00:29:21] Speaker 00: It's word-for-word So on any of those grounds your honors you can affirm. [00:29:26] Speaker 01: Thank you so much Thank you I want to touch on this point that council kept saying that The board skipped this step with all due respect the board can't skip a step [00:29:46] Speaker 01: On claim one, on appendix 96, it says, the claim requires that the security policy management server receives malicious traffic information from a malicious host tracker service. [00:30:03] Speaker 01: In the board's mapping on appendix 27, they said, we find that junk discloses a packet security gateway [00:30:12] Speaker 01: that receives malicious traffic information from a malicious host tracking service. [00:30:18] Speaker 01: The finding is inconsistent with the claims. [00:30:24] Speaker 01: The claims say that the malicious host traffic information goes to a server. [00:30:28] Speaker 01: They found that the prior art sends it to the gateway. [00:30:32] Speaker 01: And it's not just in one spot. [00:30:34] Speaker 01: That's Appendix 27 and then 29. [00:30:37] Speaker 01: They double down on it. [00:30:38] Speaker 01: Halfway down through the page, it again says that Junk discloses that the virus service provides information to the packet security gateway, which they've identified as the edge server. [00:30:53] Speaker 01: It's the wrong mapping. [00:30:56] Speaker 01: And so for that basis alone, the factual determinations by the board are inconsistent with the claims, and this decision must be reversed because it does not map to the claims. [00:31:11] Speaker 02: Thank you. [00:31:12] Speaker 02: Thanks. [00:31:12] Speaker 02: All counsel, the case is submitted. [00:31:16] Speaker 02: That completes our business for today. [00:31:18] Speaker 02: Court's adjourned.