US 10193917

Patent Analysis: US 10193917 B2

Date of Analysis: April 26, 2026

Here is a concise summary of United States Patent 10,193,917, including details from the patent document and recent legal proceedings.

---

Patent Details

• Title: Rule-based network-threat detection
• Assignee: Centripetal Networks, LLC
• Inventors: David K. Ahn, Keith A. George, Peter P. Geremia, Pierre Mallett, III, Sean Moore, Robert T. Perry, Jonathan R. Rogers
• Filing Date: November 30, 2017
• Issue Date: January 29, 2019
• Abstract: A packet-filtering device may receive packet-filtering rules configured to cause the packet-filtering device to identify packets corresponding to network-threat indicators. The packet-filtering device may receive packets and, for each packet, may determine that the packet corresponds to criteria specified by a packet-filtering rule. The criteria may correspond to one or more of the network-threat indicators. The packet-filtering device may apply an operator specified by the packet-filtering rule. The operator may be configured to cause the packet-filtering device to either prevent the packet from continuing toward its destination or allow the packet to continue toward its destination. The packet-filtering device may generate a log entry comprising information from the packet-filtering rule that identifies the one or more network-threat indicators and indicating whether the packet-filtering device prevented the packet from continuing toward its destination or allowed the packet to continue toward its destination.

Plain-Language Overview of Independent Claims

This patent has two independent claims, which form the core of the invention.

• Independent Claim 1: This claim describes a method for a packet-filtering device to handle network traffic. The device receives a set of filtering rules that are based on known network threats. When a data packet arrives, the device checks if it matches the criteria of any of these rules. If there is a match, the device takes a pre-defined action—either allowing the packet to proceed or blocking it. Crucially, the device then creates a log entry. This log not only records the action taken (allow/block) but also includes specific information from the rule itself that identifies the threat, such as a "Threat ID." This allows for more detailed and useful logging than just noting that a packet was blocked or allowed based on a generic rule. The system then sends this detailed log information to a user's device, where it is displayed in an interface. This interface also includes an option for the user to change the rule's action, for example, to start blocking a threat that was previously only being monitored (allowed).

• Independent Claim 11: This claim describes the packet-filtering device itself, as a physical apparatus. It outlines a system with a communication interface to receive data packets, a memory to store the threat-based filtering rules, and one or more processors. The processors are configured to perform the actions described in Claim 1: receive packets, match them against the stored rules, apply the rule's action (allow or block), and generate a detailed log entry that includes the threat identifier from the rule. This claim focuses on the components of the device that enable the rule-based threat detection and logging method.

Litigation Status

As of April 23, 2026, US Patent 10,193,917 has been the subject of a legal challenge. In the case of Centripetal Networks, LLC v. Keysight Technologies, Inc., the U.S. Court of Appeals for the Federal Circuit (CAFC) reviewed a decision from the Patent Trial and Appeal Board (PTAB). The CAFC affirmed the PTAB's finding that claims 1–3, 5–13, and 15–20 of this patent are unpatentable due to obviousness over prior art. The court also reversed the PTAB's decision on claims 4 and 14, finding them to be obvious as well. This recent court decision significantly impacts the enforceability of this patent.