Netskope: A review of its 2nd Patent (CASB)
Disclaimer:
I am neither an employee, nor a customer nor a partner of Netskope. Am simply trying to translate the 2nd patent of Netskope (US9398102)— specifically the claims section of the patent into a more readable form — free of legal language.
Netskope — an Intro:
It is a Santa Clara, CA based software company that offers a class of software security platform which eventually has become to be known as CASB — or Cloud Access Security Broker. The term CASB believed to be coined by Gartner in 2020, is a cloud based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies. (ref. Wikipedia). CASB falls under an umbrella term called SASE — or Secure Access Service Edge. NG-SWG (next generation Secure Web, FWaaS (firewall as a service), RBI (remote browser isolation) are some of the components that fall under SASE.
Intro:
The goal of this article is to summarize the main aspects of Netskope’s second patent which was issued on 19 July 2016. This patent captures the key functionality of a CASB. It describes the methodology of how a client device trying to access a hosted service may be made enterprise safe. Client device can be computer(s) or mobile device(s) issued by the enterprise or that is personally owned by an employee. Hosted service could be either business related or recreational. Business related can further be classified into that containing either business IP (intellectual property) sensitive (e.g., SalesForce, Oracle) or non-IP sensitive info (e.g., general Google search, Yahoo Finance etc.,).
The patent is 22 pages long. The claims section of a patent is the heart of a patent, this is where the inventors present what they consider to be their invention. This is the section that will be read numerous times and finely dissected during prosecution (filing) and litigation (lawsuit). We will go directly to the claims section of the patent, remove all the technical verbiage and present the key information in a tabular & pictorial fashion.
There will not be any explanation on how Netskope is implementing the patent. Only the 1st independent claim and those that depend on it will be presented. This is an attempt to keep the presentation simple. Future articles may cover the 2nd & 3rd independent claims and their dependent claims.
Review of the Claims:
Before we start the review, it would be good to understand the scenario pictorially. Figure 1 of the patent is helpful for this aspect (this is actually figure 2 in the patent).
As can be seen, the rectangle in the center with the label ‘Network Security System 120’ is where all the action takes place. It is the ‘broker’ in a CASB (Cloud Access Security Broker). As depicted in the figure and stated in the claims section, the first stop for the communications leaving the client (154) is the Security System.
The detailed version of the schematic used in the patent is shown below. There is quite a detailed description of this figure in the patent.
The Claims Section:
The Claims section has three parent (independent) claims, 15 child (independent) claims and 7 grand-child (2nd level independent claims)
As mentioned earlier, in this article we will only review Parent Claim #1 and the 16 Child Claims associated with it. By ‘review’ we mean providing a pictorial and tabular representation.
The details of the child (dependent) claims that depend on Claim#1 are listed in the table below:
Final Summary:
The focus of this article is on the Claims section of Netskope’s second patent (US9398102)for a CASB. This patent has 3 parent (independent) claims and each of them have 5 to 16 child (dependent) claims. This article focused on Claim#1 (both the independent and dependent claims). A pictorial and tabular version was provided, removing all the legal verbiage. This claim#1 covers the basic functionality of a CASB.
Acknowledgment:
I would like to thank Peter Thimm for a detailed refresher on how Divisional & Continuations work at USPTO. Without this I would have been left scratching my head trying to understand why a patent covering the first part of CASB was issued at a later date (6 months after the 1st patent which covers finer details in the implementation of CASB).