`Case 4:18-cv-07229—YGR Document 132-7 Filed 11/05/20 Page 1 of 57
`
`EXHIBIT F
`
`EXHIBIT F
`
`
`
`Case 4:18-cv-07229-YGR Document 132-7 Filed 11/05/20 Page 2 of 57
`Case 4:18-cv-O7229-YGR Document 132-7 Filed 11/05/20 Page 2 of 57
`
`Attorney Docket No. FINREXMOOlZ
`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`In re Ex Parte Reexamination of
`
`US. Patent No. 7,975,305 to Rubin, et al.
`
`Technology Center:
`
`3992
`
`Application No.: 90/013,660
`
`Group Art Unit:
`
`3992
`
`Filed: December 11, 2015
`
`Confirmation No.:
`
`5600
`
`Patent Owner: Finj an, Inc.
`
`CRU Examiner:
`
`Majid A. Banankhah
`
`For US. Patent No. 7,975,305 — METHOD AND SYSTEM FOR ADAPTIVE RULE-BASED
`CONTENT SCANNERS FOR DESKTOP COMPUTERS.
`
`Submitted Electronically
`
`Mail Stop Ex Parte Reexam
`Attn: Central Reexamination Unit
`
`Commissioner for Patents
`
`United States Patent & Trademark Office
`PO. Box 1450
`
`Alexandria, VA 22313-1450
`
`RESPONSE TO FINAL OFFICE ACTION
`
`Dear Sir:
`
`In response to the pending Office Action dated August 24, 2016, please consider the
`
`following remarks. Prior to taking action responsive hereto, the Patent Owner respectfully
`
`requests an interview with the Examiner pursuant to the Interview Request and Proposed Agenda
`
`filed and faxed on October 21, 2016.
`
`FINJAN-QUALYS 404967
`
`
`
`Case 4:18-cv-07229-YGR Document 132-7 Filed 11/05/20 Page 3 of 57
`Case 4:18-cv-O7229-YGR Document 132-7 Filed 11/05/20 Page 3 of 57
`
`Attorney Docket No. FINREXMOOIZ
`
`l.
`
`OVERVIEW
`
`Patent Owner respectfully requests the Examiner withdraw the Final Office Action
`
`(FOA) as improper and confirm patentability of the rejected claims based on a number of errors.
`
`First, in the FDA, the Examiner interprets key elements of the claims in a manner
`
`inconsistent with the law. For example, the Examiner improperly cites to extrinsic evidence
`
`regarding a non-claim term, “parsing,” in order to define the claim term “parser rules” as “rules
`
`related to the process of analyzing a string of symbol in computer language [sic].” FOA, pgs.
`
`48—49. Yet, in US. Patent No. 7,975,305 (“the ‘305 Patent”) and the claims, parser rules
`
`“describe computer exploits as patterns of types of tokens. ” The Examiner’ s definition is thus
`
`inconsistent with the specification and legally improper. See Microsoft Corp. v. Proxyconn, Inc.
`
`7
`
`789 F. 3d 1292 (Fed. Cir. 2015) (“Even under the broadest reasonable interpretation, the Board's
`
`construction cannot be divorced from the specification and the record evidence and must be
`
`consistent with the one that those skilled in the art would reach”) (citations omitted). Here, the
`
`Examiner legally erred by using extrinsic evidence for a definition to “parsing,” which is not a
`
`term used in the claims — i.e., “parser rules,” nor supported in the ‘305 Patent where parser rules
`
`describe computer exploits as patterns of types of tokens.
`
`Second, the Examiner interprets key elements of the claims in a manner inconsistent with
`
`the specification of ‘305 Patent and the reasons for allowance distinguishing over prior art.
`
`Specifically, the allowance of application no. 11/009,437 (now the ‘305 Patent) in December of
`
`2010 is directly tied to at least the following pivotal claim language:
`
`computer exploits being portions ofprogram code that are malicious, wherein the
`parser and analyzer rules describe computer exploits as patterns of types of tokens,
`tokens being program code constructs, and types of tokens comprising a
`punctuation type, and identifier type and a function type
`
`See Notice of Allowance, Pages 3-4. Indeed, the Notice of Allowance, with accompany reasons
`
`for allowance, was responsive to Patent Owner’s detailed arguments filed in September of 2010
`
`wherein Patent Owner stated: “a point of novelty of the claimed invention is describing and
`
`recognizing computer exploits from patterns of types of tokens, which is not a known concept.”
`
`See Response to Non-Final Rejection, September 15, 2010, Pages 7-8 (emphasis in original).
`
`One of ordinary skill would recognize at least this same point of novelty distinguishes the claims
`
`of the ‘305 Patent over the cited prior art and, in particularly, is clearly absent from Wells, Sandu
`
`FINJAN-QUALYS 404968
`
`
`
`Case 4:18-cv-07229-YGR Document 132-7 Filed 11/05/20 Page 4 of 57
`Case 4:18-cv-O7229—YGR Document 132-7 Filed 11/05/20 Page 4 of 57
`
`Attorney Docket No. FINREXMOOIZ
`
`and any combination thereof. See Declaration of Nenad Medvidovic (“Medvidovic Dec”) ‘H 20;
`
`see also ‘305 Patent at Col. 1, l. 64 - Col. 2, l. 27.
`
`Patent Owner respectfully submits that the Examiner continues to misinterpret both the
`
`claim elements and the cited references, Wells and Sandu, from the vantage of one of ordinary
`
`skill. For example, one of ordinary skill would not equate the content pattern recognition
`
`language (CPRL) of Wells with the potentially malicious “program code” recited in the ‘305
`
`Patent claims. This is a critical and fundamental error as explained by one of at least ordinary
`
`skilliDr. Medvidovic. See Medvidovic Decl. ilil 29-30, 32, 33. Importantly, Wells’ CPRL
`
`cannot be program code that includes a computer exploit because the CPRL in Wells is shown as
`
`part of the scanner, which scans program code for exploits, and not the program code itself. That
`
`is, the CPRL cannot be both the scanner and what is being scanned “program code” rendering
`
`the FDA erroneous in asserting obviousness over the ‘305 Patent. Id. ilil 26-40.
`
`Additionally, Sandu’s signature generation and matching process does not disclose or
`
`suggest the claimed “parser and analyzer rules ” which “describe computer exploits as patterns
`
`of types of tokens.” Medvidovic Decl. ilil 46-51. The claimed “parser rules” cannot be equated
`
`with the Examiner’s cited portions of Sandu which more accurately overlap with the pre-parser
`
`rule steps taken by the Tokenizer/Normalizer/Decoder of the ‘305 Patent. See ‘305 Patent, Col.
`
`9, 1. 5 - Col. 10, 1. 44. Further, Sandu is completely devoid of any description of scanning or
`
`rules to teach or suggest the claimed “parser and analyzer rules. Sandu’s singular action is a
`
`static comparison of a generated script signature to known malware signatures, without
`
`identifying any exploits therewithin. Medvidovic Dec. 1147, row 26. In contrast, the ‘305
`
`Patent states that:
`
`The present invention enables behavior analysis of content. As distinct from prior
`art approaches that search for byte patterns [like Sandu], the approach of the present
`invention is to analyze incoming content of its programmatic behavior. Behaviour
`analysis is an automated process that parses and diagnoses software program, t_o
`determine if such program can carry out an exploit.
`
`‘305 Patent at Col. 1, l. 64 — Col. 2, 1. 3 (emphasis added). This feature ofthe ‘305 Patent, which
`
`is explicitly recited in the claims appears to be ignored by the Examiner in evaluating the claims
`
`over the cited prior art.
`
`Third, the Examiner cannot simply summarily dismiss the underlying factual basis of a
`
`37 CPR. § 1.132 Declaration Without giving some consideration to it. Indeed, Dr. Medvidovic
`
`FINJAN-QUALYS 404969
`
`
`
`Case 4:18-cv-07229-YGR Document 132-7 Filed 11/05/20 Page 5 of 57
`Case 4:18-cv-07229—YGR Document 132-7 Filed 11/05/20 Page 5 of 57
`
`Attorney Docket No. FINREXMOOIZ
`
`is a renowned expert in the field of computer science and security. His opinions and underlying
`
`factual bases, which are presented from the perspective of one of ordinary skill and distinguish
`
`the claims over the prior art, are offered as a rebuttal to an obviousness rejection and must be
`
`considered. Importantly, Dr. Medvidovic opinions cite to specific teachings underlying the prior
`
`art and the ‘305 Patent. See, e. g, Medvidovic Dec. 1132 — 1151 (Tables pointing to specific
`
`teachings of the cited prior art and ‘305 Patent in support and as the underlying basis to his
`
`opinions). Also, contrary to the Examiner’s implication that Dr. Medvidovic did not “present
`
`evidence,” his discussion of the meaning of the term “exploit” as understood by one of skill in
`
`the art and in the context of the ‘305 Patent—precisely the type of evidence the Examiner
`
`purports to seek—was completely ignored. See, e. g., Medvidovic Decl, 111] 20—22. The
`
`Examiner commits reversible error by ignoring and not considering the underlying basis to Dr.
`
`Medvidovic’s opinions concerning the cited prior art and ‘305 Patent. Ashland Oil, Inc. v. Delia
`
`Resins & Refiactories, Inc., 776 F.2d 281, 294 (Fed. Cir. 1985), Ex Parte Malone (BPAI 2009).
`
`Fourth, the Examiner improperly disregards Finj an’s objective evidence of
`
`nonobviousness, in contravention of the clearly laid out requirements for a proper obviousness
`
`analysis. See, e.g., Wbip, LLC v. Kohler Co., 2015-1038 (Fed. Cir. July 19, 2016). It would seem
`
`that the Examiner has fallen victim to the hindsight bias trap “develop[ing] a hunch that the
`
`claimed invention was obvious, and then construct[ing] a selective version of the facts that
`
`confirms that hunch. " In re Cyclobenzaprine Hydrochloride Extended-Release Capsule Patent
`
`Litig, 676 F.3d 1063, 1079 (Fed. Cir. 2012). The evidence presented in Mr. Kim’s declaration
`
`supports a strong nexus between the exact claims at issue in this reexamination and the licenses.
`
`See Kim Dec., 1111 6, 7, Exhibits A and B. Importantly, in Exhibits A and B, the ‘305 Patent was
`
`expressly identified and noticed and a claim chart provided to licensees mapping infringement to
`
`an accused product, which eventually led to licenses for the ‘305 Patent.
`
`Id.
`
`1111 6, 7. Such
`
`objective evidence weighs heavily in favor of non-obviousness. This nexus cannot be ignored by
`
`the Examiner in determining the patentability of the ‘305 Patent over the cited art of record and
`
`to do so is improper.
`
`For these and further reasons discussed below, the undersigned respectfully submits that
`
`this Ex Parie Reexamination proceeding is now in condition for confirming the patentability of
`
`all of the original claims of the ‘305 Patent.
`
`FINJAN-QUALYS 404970
`
`
`
`Case 4:18-cv-07229-YGR Document 132-7 Filed 11/05/20 Page 6 of 57
`Case 4:18-cv-O7229-YGR Document 132-7 Filed 11/05/20 Page 6 of 57
`
`Attorney Docket No. FINREXMOOIZ
`
`1i.
`
`ARGUMENTS
`
`A,
`
`The Underlying Basis Supporting Dr. Medvidovic’s Opinion Cannot Be
`
`Ignored
`
`Initially, the undersigned wishes to address the Examiner’s misinterpretation and defacio
`
`dismissal of Dr. Medvidovic’ 5 Declaration. The Examiner asserts:
`
`the evidence and arguments presented by Medvidovic fail to comply with 37 CFR
`1.111(b) because they amount to a general allegation that the claims define a
`patentable invention without specifically point out how the language of the claims
`patentably distinguishes them from the references.
`
`Final Office Action (“FOA”), pg. 61(D). This assertion is simply false. The Declaration
`
`presents paragraph after paragraph and chart after chart which describe the differences between
`
`the ‘305 Patent claim language and the applied art to Sandu and Wells from the perspective of
`
`one of ordinary skill. See, e. g, Medvidovic Dec. W 21—23, 27—50, including the right-hand
`
`column of all charts presented therein. Specifically, Dr. Medvidovic ties his opinions with
`
`particularity to the underlying teachings in Sandu and Wells and the specification and claims of
`
`the ‘305 Patent. This type of analysis is precisely what a declaration pursuant to 37 C.F.R §
`
`1.132 is intended to convey and, importantly, is exactly what Dr. Medvidovic does convey in his
`
`Declaration.
`
`Moreover, the Examiner’s own statement “[w]hile an opinion as to a legal conclusion is
`
`not entitled to any weight, the underlying basis for the opinion may be persuasive” supports
`
`precisely this use of Dr. Medvidovic’s Declaration. Id. (citing In re Chilowsky, 306 F.2d 908
`
`(CCPA 1962)(emphasis added)). Accordingly, whether or not Dr. Medvidovic provided an
`
`opinion that the ‘305 Patent is not obvious, that opinion does not somehow render all of Dr.
`
`Medvidovic’s supporting facts and underlying bases moot. The Examiner commits error to
`
`baldly summarize and label the numerous factual assertions in Dr. Medvidovic’s Declaration as
`
`“general allegations.” And regardless of how the Examiner wishes to categorize Dr.
`
`Medvidovic’s statements, it is reversible error to dismiss them out of hand.
`
`Indeed, the Federal Circuit held that "[o]pinion testimony rendered by experts must be
`
`given consideration, and while not controlling, generally is entitled to some weight.” Ashland
`
`Oil, Inc. v. Della Resins & Refractories, Inc, 776 F.2d 281, 294 (Fed. Cir. 1985). Similarly, the
`
`BPAI (predecessor to the PTAB) has been clear on this issue:
`
`FINJAN-QUALYS 404971
`
`
`
`Case 4:18-cv-07229-YGR Document 132-7 Filed 11/05/20 Page 7 of 57
`Case 4:18-cv-07229-YGR Document 132-7 Filed 11/05/20 Page 7 of 57
`
`Attorney Docket No. FINREXMOOlZ
`
`After a prima facie case of obviousness has been made and rebuttal evidence
`submitted, all the evidence must be considered anew.” In re Eli Lilly & Co., 902
`F.2d 943, 945 (Fed. Cir, 1990) (citing In re Piasecla', 745 F.2d 1468, 1472 (Fed.
`Cir. 1984)), Plasecki, 745 F.2d at 1472 (“Prima facie obviousness is a legal
`conclusion, not a fact. Facts established by rebuttal evidence must be evaluated
`along with the facts on which the earlier conclusion was reached, not against the
`conclusion itself. (internal cites omitted)), see also MPEP § 716.01(d).
`
`Ex Parte Malone (BPAI 2009), pg. 4. And the BPAI goes on to hold:
`
`The Examiner's response to Nykerk Declaration is largely dismissive. In fact, even
`though Appellants’ Briefs place extensive reliance on the Nykerk Declaration to
`overcome the primafacie case, the Examiner's Answer never addresses it in any
`detail. This is improper. Whether the claimed invention would have been obvious
`cannot be determined without considering evidence attempting to rebut the prima
`facie case. Manifestly, the Examiner's consideration and treatment of the Nykerk
`declaration is improper, since the Examiner has not reweighed the entire merits of
`the matter. Rather, he has dismissed the evidence of nonobviousness in a cursory
`manner. Since the Examiner did not properly consider the submitted evidence, the
`rejection cannot be sustained.
`
`Id. at 4-5 (emphasis added). In the FOA, the Examiner commits legal error by ignoring Dr.
`
`Medvidovic’s Declaration and, in particular, ignoring specific and numerous underlying facts
`
`including charts in his Declaration tied directly to teachings in the cited art of record and the
`
`‘305 Patent. For example, in 1111 32-51, Dr. Medvidovic provides detailed tables tying his
`
`opinions to specific teachings in Wells and Sandu and explains how they do not teach the claims
`
`on an element by element basis thereby laying out his underlying basis for his opinions.
`
`Moreover, Dr. Medvidovic provides a detailed overview of the features of the ‘305 Patent and
`
`the differences between the ‘305 Patent and Wells and Sandu citing specifically to teachings in
`
`the references themselves. Medvidovic Dec. 1111 19-51. With respect to Dr. Medvidovic’s
`
`Declaration, the Examiner gave no weight to these important facts supporting Dr. Medvidovic’ s
`
`opinions, nor addressed them in the FOA, which renders the present rejection improper.
`
`B.
`
`The Examiner’s Interpretation of the Claim Term “parser rules” is
`Incorrect and Contrary to the Law
`
`“[C]1aims subject to reexamination will ‘be given their broadest reasonable interpretation
`
`consistent with the specification.’” In re Yamamoto, 740 F.2d 1569 (Fed. Cir. 1984) (emphasis
`
`added); MPEP § 225 8(I)(G). Under BRI, “claims should always be read in light of the
`
`specification and teachings in the underlying patent”. In re Suitco Surface, Inc., 603 F.3d 1255,
`
`1260 (Fed. Cir. 2010). “Moreover, when the specification is clear about the scope and content of
`
`FINJAN-QUALYS 404972
`
`
`
`Case 4:18-cv-07229-YGR Document 132-7 Filed 11/05/20 Page 8 of 57
`Case 4:18-cv-O7229—YGR Document 132-7 Filed 11/05/20 Page 8 of 57
`
`Attorney Docket No. FINREXMOOIZ
`
`a claim term, there is no need to turn to extrinsic evidence for claim interpretation.” MPEP
`
`2111.01(III) (citing 3M1nnovative Props. Co. v. Tredegar Corp, 725 F.3d 1315, 1326—28, (Fed.
`
`Cir. 2013). Here, the Examiner’s interpretation of the claim term “parser rules” is improper
`
`because it ignores the specification and teachings of the patent, relies on extrinsic evidence
`
`despite the specification being clear about its meaning, and is inconsistent with the specification.
`
`The Federal Circuit most recently rej ected just such an improper claim interpretation by the
`
`Office in PPC Broadband, Inc. v. Corning Optical Commc ’ns RF, LLC, 815 F.3d 747 (Fed. Circ.
`
`2016):
`
`The Board seems to have arrived at its construction by referencing the dictionaries
`cited by the parties and simply selecting the broadest definition therein. And it
`does appear that among the many definitions contained in the dictionaries of
`record “in the immediate vicinity of, near” is the broadest. While such an
`approach may result in the broadest definition, it does not necessarily result in the
`broadest reasonable definition in light of the specification. The Board’s approach
`in this case fails to account for how the claims themselves and the specification
`inform the ordinarily skilled artisan as to precisely which ordinary definition the
`patentee was using.
`
`On remand, the PTAB reversed its decision, concluding in view of the Federal Circuit’s claim
`
`interpretation “that Corning has not demonstrated by a preponderance of the evidence that claims
`
`10—25 of the ’060 patent are unpatentable under § 103(a) over the combination of Matthews and
`
`Tatsuzuki.” Final Opinion, IPR2013-00342 (Oct. 12, 2016). Patent Owner submits that the
`
`Examiner’s interpretation of “parser rules” is similarly incorrect.
`
`The ‘305 Patent discloses “parser rules” or “parsing rules” as “patterns of tokens that
`
`form syntactical constructs of program code” that “identify groups of tokens as a single pattern.”
`
`‘305 Patent at 2:22—24, 10:53—54. These descriptions are fully consistent with the claim
`
`language, which recites “parser and analyzer rules [that] describe computer exploits as patterns
`
`of types of tokens.” See id. at claim 1. Patentee alerted the Examiner of these descriptions
`
`throughout the Response to the Non Final Office Action. See, e. g, Response to NFOA, pg. 4
`
`(“patterns of tokens that form syntactical constructs of program code, referred to as parsing
`
`rules”); id. (“(2) identify groups of tokens as a single pattern (e. g. parser rules that group tokens
`
`into phrases)”); id. at 14 (“The claimed “parser rules” operate on tokens to identify groups of
`
`tokens as a single pattern or as claimed to “describe computer exploits as patterns of types of
`
`tokens. ”).
`
`FINJAN-QUALYS 404973
`
`
`
`Case 4:18-cv-07229-YGR Document 132-7 Filed 11/05/20 Page 9 of 57
`Case 4:18-cv-O7229—YGR Document 132-7 Filed 11/05/20 Page 9 of 57
`
`Attorney Docket No. FINREXMOOlZ
`
`Ignoring the intrinsic record evidence, the Examiner first sought out extrinsic evidence in
`
`the form of a non-cited definition of a non-claim term, “parsing or syntactic analysis” and then
`
`applied that extrinsically based definition to arrive at a construction for the term “parser rule”:
`
`Examiner notes that in the specification of the ‘305 patent, parsing is referred to its
`[sic] ordinary meaning in the compiler art e. g., “Parsing or syntactic analysis is
`the process of analyzing a string of symbols, either in natural language or in
`computer languages, conforming to the rules of a formal grammar.” The term
`“parser rules” constitute rules related to the process of analyzing a string of symbol
`in computer language [sic].
`
`FOA at 48—49 (emphasis in original). The Examiner improperly implies this definition of
`
`“parsing or syntactic analysis” comes from the specification of the ‘305 patent, which is simply
`
`untrue. According to a Google Scholar search, this unattributed quotation appeared first in
`
`Montecchi, et al., Searching in Cooperative Patent Classification: Comparison between keyword
`
`and concept-based search, Advanced Engineering Informatics 27.3 (2013): 335-345, not Patent
`
`Owner’s specification. In any case, the Examiner’s use of this extrinsic evidence is erroneous as
`
`a matter of law because it ignores the intrinsic evidence and contradicts the claim language.
`
`Vitronz'cs Corp. v. Conceptrom'c, Inc, 90 F. 3d 1576, 1585 (“However, as we have recently re-
`
`emphasized, extrinsic evidence in general, and expert testimony in particular, may be used only
`
`to help the court come to the proper understanding of the claims, it may not be used to vary or
`
`contradict the claim language. Nor may it contradict the import of other parts of the
`
`specification”).
`
`As a result of the Examiner’s legally incorrect claim interpretation, the Examiner arrived
`
`at a meaning that is inconsistent with the specification and the understanding of a person skilled
`
`in the art. The ‘305 patent never describes parser rules as “rules related to the process of
`
`analyzing a string of symbol in computer language” as suggested by the Examiner. Indeed, the
`
`Examiner’s interpretation is more closely related to the “rule files for a language describe
`
`character encodings, sequences of characters that form lexical constructs of the language,
`
`referred to as tokens” than the “patterns oftokens that form syntactical constructs of program
`
`code, referred to as parsing rules” described in the ‘305 Patent.
`
`‘305 Patent at 2:20—24. The
`
`Examiner’s interpretation is also inconsistent with the claim language, which requires that
`
`“parser... rules describe computer exploits as patterns of types of tokens.” See id. at claim 1.
`
`FINJAN-QUALYS 404974
`
`
`
`Case 4:18-cv-07229-YGR Document 132-7 Filed 11/05/20 Page 10 of 57
`Case 4:18-cv-07229—YGR Document 132-7 Filed 11/05/20 Page 10 of 57
`
`Attorney Docket No. FINREXMOOIZ
`
`Thus, the Examiner’ s interpretation is inconsistent with the ‘305 Patent rendering the FDA
`
`improper.
`
`C.
`
`The Examiner Fails to Support a Prima Facie Case of Obviousness
`
`Here, in reexamination, the Examiner has failed to demonstrate a primafacie case of
`
`Obviousness. In re: NaturalAlternatives, LLC, Dckt. 2015-1911 (Fed. Cir. August 31, 2016),
`
`Kennamelal, Inc. v. Inger-sol Cutting Tool Co., 780 F.3d 1376, 1384 (Fed. Cir. 2015) (noting
`
`that the Patent Office “bears the initial burden of showing a prima facie case of Obviousness”).
`
`To support a primafacie case of Obviousness under the seminal Supreme Court decision in
`
`Graham v. John Deere 383 US. 1 (1966), the Examiner must first make the following factual
`
`inquiries: (i) the scope and content of the prior art, (ii) the differences between the prior art and
`
`the claims at issue, (iii) the level of ordinary skill in the field of the invention, and (iv) relevant
`
`secondary considerations. KSR Int’l Co. v. Teleflex, Inc, 550 US. 398, 406 (2007), Graham, 383
`
`US. at 17—18. Based on these inquiries, claims are only determined to be legally obvious “if the
`
`differences between the subject matter sought to be patented and the prior art are such that the
`
`subject matter as a whole would have been obvious at the time the invention was made to a
`
`person having ordinary skill in the art to which said subject matter pertains.” 35 U.S.C. § 103(a).
`
`Furthermore, as stated in the Manual of Patent Examination Procedure (MPEP) § 2143(A):
`
`In order to reject a claim based on this rationale, Office personnel must resolve
`the Graham factual inquiries. Then, Office personnel must articulate the following:
`
`o
`
`0
`
`0
`
`o
`
`(1) a finding that the prior art included each element claimed, although not
`necessarily in a single prior art reference, with the only difference between
`the claimed invention and the prior art being the lack of actual combination
`of the elements in a single prior art reference,
`
`(2) a finding that one of ordinary skill in the art could have combined the
`elements as claimed by known methods, and that in combination, each
`element merely performs the same function as it does separately,
`
`(3) a finding that one of ordinary skill in the art would have recognized that
`the results of the combination were predictable; and
`
`(4) whatever additional findings based on the Graham factual inquiries may
`be necessary, in view of the facts of the case under consideration, to explain
`a conclusion of Obviousness.
`
`In the FOA, the Examiner does not articulate Graham factor (1) and has effectively dismissed
`
`and ignored evidence from the perspective of one of ordinary skill in the art which clearly rebuts
`
`any findings under Graham factors (2) and (3).
`
`FINJAN-QUALYS 404975
`
`
`
`Case 4:18-cv-07229-YGR Document 132-7 Filed 11/05/20 Page 11 of 57
`Case 4:18-cv-O7229—YGR Document 132-7 Filed 11/05/20 Page 11 of 57
`
`Attorney Docket No. FINREXMOOIZ
`
`1. Wells does not Disclose at Least “Tokens,” “Types of Tokens ” “Patterns of
`Types of Tokens”
`
`i.
`
`Predicates are not “Tokens”
`
`Patent Owner has made every attempt to follow the Examiner’ s rejection and arguments
`
`and it remains quite clear that the Examiner is maintaining his position that the predicates of
`
`Wells, which are the “basic roots or components ofa CPRL” (Wells, Col. 4, 11. 57-58), can be
`77 (L
`
`equated with the claimed “tokens
`
`that form syntactical constructs of program code.” ‘305
`
`Patent, Col. 2, l, 23. As explained by Dr. Medvidovic, Predicates cannot be equated with
`
`“tokens.” Medvidovic Dec. 111] 29-30, 36-37.
`
`In equating Wells’ predicates with the “tokens” described and claimed in the ‘305 Patent,
`
`the Examiner exhibits a fundamental misunderstanding of the meaning of the term “token.” As
`
`defined in the ‘305 patent, “tokens” are “sequences of characters that form lexical constructs of
`
`the language.” ‘305 Patent at 2:21—22. This definition is consistent with the way the term is
`
`used in the claims. See, e. g., id. at claim 1 (“tokens being program code constructs”).
`
`In stark
`
`contrast, Wells discloses that a predicate is an element of the CPRL language that “is compiled
`
`into a byte stream that controls a logic” of a processor by performing functions associated with
`
`the predicate. Response to NFOA, pg. 8 (citing Wells at 5:8—11). That is, Wells’ predicates are
`
`not “lexical constructs of the [CPRL] language,” but rather “basic roots or components of a
`
`CPRL” that indicate how incoming network traffic is to be processed.” Wells at 4:55—58, 5:8—
`
`11.
`
`Moreover, on the bottom of page 53 of the FOA, the Examiner appears to argue that
`
`because predicates could be interpreted as program code constructs of the CPRL that this
`
`somehow makes them read on the claimed “tokens”—it does not. The claimed “tokens” are
`
`unique to the “program code” that is being scanned for “computer exploits.” The CPRL is never
`
`scanned for “computer exploits,” as the CPRL is, in effect, performing the scanning. The
`
`Examiner’s statement on page 54 that “[t]he PO however does not make any argument as to why
`
`a function that is part of a program code (programming code) is not scanned in Wells or cannot
`
`be scanned for that matter” is not well-received. First, the burden is on the Examiner to present a
`
`primafacie case of unpatentability. Second, this statement is simply not true. Finj an has clearly
`
`and unequivocally argued that the CPRL is not scanned. See Medvidovic Dec. in at least W 29,
`
`36, 37. Simply put, on of ordinary skill would not equate CPRL as “program code” that contains
`
`10
`
`FINJAN-QUALYS 404976
`
`
`
`Case 4:18-cv-07229-YGR Document 132-7 Filed 11/05/20 Page 12 of 57
`Case 4:18-cv-O7229—YGR Document 132-7 Filed 11/05/20 Page 12 of 57
`
`Attorney Docket No. FINREXMOOIZ
`
`in the claims of the “305 Patent—as would be required under the Examiner’ s obviousness
`
`theory—because the CPRL is used to examined the incoming program code for potential
`
`computer exploits and is not the incoming program code itself. Medvidovic Dec. 111] 29—30.
`
`ii.
`
`The Examiner Improperly Conflates Tokens and Parser Rules
`
`From pages 48-521 of the Final Office Action (“FOA”), initially it seems that the
`
`Examiner argues, inter alla, that predicates = parser rules. See FOA, Page 49, ill (“Wells
`
`clearly discloses a ‘parser rule’ when discloses an ‘A’ predicate that parses the buffer holding the
`
`content and tests for the presence of a particular string passed as an argument to the predicate”)
`
`(emphasis in original). But then on page 50, the Examiner contradicts his definition for parser
`
`rule and argues, “Wells’ teaches parser rules is used for determining type and form of predicates,
`
`and not the same as predicate, since based on the parser rule the type of predicate is determined
`
`as explained.” See FOA, Page 50, 2““1 11 (emphasis in original). Notably, the Examiner offers no
`
`citation from Wells to support this latter assertion. And Finj an fails to see how these disparate
`
`statements by the Examiner can be reconciled. Is a predicate a parser rule, or is a parser rule used
`
`to determine the type of predicate?
`
`Confusing the issue, the Examiner also states, “[m]oreover, to compile signatures into
`
`instructions for detecting malware, Wells teaches parser rules to verify the logical elements 16. g,
`
`predicates) making up the signature. See FOA, Page 50, 3rd 11 (emphasis in original). The
`
`Examiner’s statement “[a]ccordingly, much like the ‘305 patent, Wells teaches parser rules for
`
`compiling and determining the validity of the CPRL signatures” (FOA, Page 50, 113) is not even
`
`remotely close to being an accurate comparison. The “305 Patent, and specifically the claims at
`
`issue, are most certainly not directed to “compiling and determining the validity of the CPRL
`
`signatures.” The ‘305 Patent scans incoming content for the presence of potential computer
`
`exploits, i.e., “patterns of types of tokens, tokens being program code constructs,
`
`.” CPRL
`
`signatures are not incoming content and CPRL signatures are not scanned for computer exploits.
`
`On the contrary, CPRL signatures actually facilitate the scanning of network traffic content, they
`
`aren’t the content being scanned. See Wells, Col. 6, l. 53-Col. 7, l, 37. The Examiner admits as
`
`much when he equates CPRL = analyzer rules. See FOA, Page 49, ill (“Wells also discloses
`
`1 Pages 3-47 of the FDA are a duplicate of the rejection in the NFOA.
`
`ll
`
`FINJAN-QUALYS 404977
`
`
`
`Case 4:18-cv-07229-YGR Document 132-7 Filed 11/05/20 Page 13 of 57
`Case 4:18-cv-O7229—YGR Document 132-7 Filed 11/05/20 Page 13 of 57
`
`Attorney Docket No. FINREXMOOIZ
`
`that that the malicious content, e. g., “computer exploit’ is detected using content pattern
`
`recognition language (CPRL) (e.g., analyzer rules)”).
`
`Thus, the Examiner essentially argues that (1) individual predicates, such as the ‘A’
`
`predicate, qualify as “parser rules,” (2) some unspecified set of “rules” for choosing between
`
`available types of predicates qualify as “parser rules,” and (3) some unspecified set of “rules” to
`
`verify predicates making up a CPRL signature qualify as “parser rules.” However, the
`
`identification of individual predicates as “parser rules” irreconcilably conflicts with the
`
`Examiner’ s identification of predicates as “tokens,” and the Examiner never even attempts
`
`explain how these alleged “parser rules” “describe computer exploits as patterns of types of
`
`tokens,” as explicitly recited in the claims of the ‘305 Patent.
`
`Not until page 51, does the Examiner attempt to address where Wells discloses the
`n {I
`
`claimed “tokens,
`
`types of tokens ” and “patterns of types of tokens ” of the “program code”
`
`that is to be scanned using the aforementioned CPRL. But the Examiner appears to confiate
`
`parser rules and tokens arguing, “Wells’ teaches CPRL based signatures and parser rules which
`
`emplov the use of various predicates. These predicates represent tokens, which as the ‘305
`
`claims specify are ‘program code constructs.’” See FOA, Page 51, 111 (emphasis in original). And
`
`as discussed previously, the Examiner also states: “Wells clearly discloses a ‘parser rule’ when
`
`discloses an ‘A’ predicate that parses the buffer holding the content and tests for the presence of
`
`a particular string passed as an argument to the predicate.” See FOA, Page 49, 111 (emphasis in
`
`original). The predicates cannot be both the claimed parser rules and the claimed tokens.
`
`As claimed, part of the scanning of the incoming content is the application ofparser rules
`
`thereto in order to identify the exploits, exploits being described both as portions ofprogram
`
`code that are malicious and as patterns of types of tokens. Under the Examiner’s interpretation,
`
`the predicates (e. g., parser