UNITED STATES PATENT AND TRADEMARK OFFICE
`
`__________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`___________________
`
`SOPHOS, INC.,
`
`Petitioner,
`
`v.
`
`FINJAN, INC.,
`
`Patent Owner.
`
`____________________
`
`Case IPR2015-01022
`
`Patent 8,677,494
`
`__________________________________________________________
`
`PATENT OWNER’S PRELIMINARY RESPONSE
`UNDER 37 C.F.R. § 42.107
`
`
`
`
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01022 (U.S. Patent No. 8,677,494)
`TABLE OF CONTENTS
`
`I.
`
`II.
`
`INTRODUCTION ........................................................................................... 1
`
`THE ‘494 PATENT ......................................................................................... 4
`
`A. Overview ............................................................................................... 4
`
`B.
`
`C.
`
`D.
`
`The Prior Art ......................................................................................... 6
`
`Challenged Claims ................................................................................ 8
`
`Prosecution History ............................................................................... 8
`
`III. CLAIM CONSTRUCTION ............................................................................ 8
`
`A.
`
`B.
`
`C.
`
`D.
`
`“Downloadable” (claims 1, 10, 14, and 14): ......................................... 8
`
`“suspicious computer operations” (claims 1, 10, 14, and 18) ............... 9
`
`“database” (claims 1, 10, 14, and 18) .................................................. 12
`
`“program script” (claim 14) ................................................................ 14
`
`IV. THE ASSERTED REFERENCES ................................................................ 16
`
`A.
`
`TBAV (Ex. 1006) ................................................................................ 16
`
`1.
`
`TBAV IS NOT PRIOR ART UNDER 35 U.S.C. § 102(a) ...... 18
`
`B.
`
`C.
`
`Ji (Ex. 1009) ........................................................................................ 19
`
`Chen (Ex. 1010) .................................................................................. 20
`
`D. Arnold (Ex. 1008)................................................................................ 21
`
`V.
`
`SPECIFIC REASONS WHY THE CITED REFERENCES DO NOT
`INVALIDATE THE CLAIMS, AND WHY INTER PARTES REVIEW
`SHOULD NOT BE INSTITUTED ............................................................... 21
`
`A. Ground 1: TBAV in view of Ji does not render the Challenged Claims
`obvious under 35 U.S.C. § 103(a) ....................................................... 21
`
`- ii -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01022 (U.S. Patent No. 8,677,494)
`TBAV in view of Ji fails to disclose: “receiving an incoming
`Downloadable” .......................................................................... 21
`
`TBAV in view of Ji fails to disclose: “deriving security profile
`data for the Downloadable, including a list of suspicious
`computer operations that may be attempted by the
`Downloadable” .......................................................................... 23
`
`TBAV in view of Ji fail to disclose: “storing the Downloadable
`security profile data in a database.” .......................................... 27
`
`The Proposed Combination of TBAV with Ji is a Product of
`Hindsight Bias. .......................................................................... 32
`
`1.
`
`2.
`
`3.
`
`4.
`
`B. Ground 2: TBAV in view of Ji and Chen does not render the
`Challenged Claims obvious under 35 U.S.C. § 103(a) ....................... 34
`
`1.
`
`2.
`
`TBAV in view of Ji and Chen fail to disclose: “wherein the
`Downloadable includes program script” ................................... 34
`
`The Proposed Combination of TBAV and Ji with Chen is a
`Product of Hindsight Bias. ........................................................ 36
`
`C. Ground 3: Arnold in view of Chen and Ji does not render the
`Challenged Claims obvious under 35 U.S.C. § 103(a) ....................... 37
`
`1.
`
`2.
`
`3.
`
`4.
`
`5.
`
`Arnold fails to disclose: “receiving an incoming
`Downloadable” .......................................................................... 37
`
`Arnold in view of Chen and Ji fail to disclose: “deriving
`security profile data for the Downloadable, including a list of
`suspicious computer operations that may be attempted by the
`Downloadable” .......................................................................... 38
`
`Arnold in view of Chen and Ji fail to disclose: “storing the
`Downloadable security profile data in a database.” .................. 43
`
`Arnold in view of Chen and Ji does not disclose: “wherein the
`Downloadable includes program script .................................... 46
`
`The Proposed Combination of Arnold with Ji is a Product of
`Hindsight Bias. .......................................................................... 47
`
`- iii -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01022 (U.S. Patent No. 8,677,494)
`D. Ground 4: Chen in view of Arnold and Ji does not render the
`Challenged Claims obvious under 35 U.S.C. § 103(a) ....................... 49
`
`1.
`
`2.
`
`3.
`
`4.
`
`5.
`
`6.
`
`Chen fails to disclose: “receiving an incoming Downloadable”
` ................................................................................................... 49
`
`Chen in view of Arnold and Ji fail to disclose: “deriving
`security profile data for the Downloadable, including a list of
`suspicious computer operations that may be attempted by the
`Downloadable” .......................................................................... 50
`
`Chen in view of Arnold and Ji fail to disclose: “storing the
`Downloadable security profile data in a database.” .................. 51
`
`The Proposed Combination of Chen with Arnold is a Product of
`Hindsight Bias. .......................................................................... 53
`
`Chen in view of Arnold and Ji does not disclose: “wherein the
`Downloadable includes program script .................................... 54
`
`The Proposed Combination of Chen with Ji is a Product of
`Hindsight Bias. .......................................................................... 54
`
`VI. PETITIONER’S OBVIOUSNESS ARGUMENTS FAIL AS A MATTER
`OF LAW BECAUSE IT DID NOT CONDUCT A COMPLETE
`OBVIOUSNESS ANALYSIS ....................................................................... 55
`
`VII. THE PROPOSED GROUNDS ARE CUMULATIVE ................................. 59
`
`VIII. TBAV IS NOT PRIOR ART UNDER 35 U.S.C. § 102(a)........................... 59
`
`IX. CONCLUSION .............................................................................................. 60
`
`
`
`
`
`
`- iv -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01022 (U.S. Patent No. 8,677,494)
`TABLE OF AUTHORITIES
`
` Page(s)
`
`Cases
`Al-Site Corp. v. VSI Int'l,
`174 F.3d 1308 (Fed. Cir. 1999) .......................................................................... 34
`
`Apple Inc. v. Int'l Trade Comm'n,
`725 F.3d 1356 (Fed. Cir. 2013) .......................................................................... 56
`
`In re Baxter Int’l,
`678 F.3d 1357 (Fed. Cir. 2012) .......................................................................... 12
`
`In re Cortright,
`165 F.3d 1353 (Fed. Cir. 1999) .......................................................................... 28
`
`Digital-Vending Services International, LLC v. The University of
`Phoenix, Inc.,
`No. 11-1216 (Fed. Cir. Mar. 7, 2012) ............................................................. 4, 10
`
`Estee Lauder Inc. v. L’Oreal, SA,
`129 F.3d 588 (Fed. Cir. 1997) ............................................................................ 25
`
`Graham v. John Deere Co. of Kansas City,
`383 U.S. 1 (1966) .......................................................................................... 42, 56
`
`Insite Vision, Inc. v. Sandoz, Inc.,
`783 F.3d 853 (Fed. Cir. 2015) ...................................................................... 29, 33
`
`Interactive Gift Express, Inc. v. Compuserve, Inc.,
`256 F.3d 1323 (Fed. Cir. 2001) ............................................................................ 9
`
`KSR v. Teleflex,
`550 U.S. 398 (2007) .....................................................................................passim
`
`Leo Pharmaceutical v. Rea,
`726 F.3d 1346 (Fed. Cir. 2013) .................................................................... 57, 58
`
`Microsoft Corp. v. Proxyconn, Inc.,
`Nos. 2014-1542, 2014-1543, 2015 WL 3747257 (Fed. Cir. 2015) .................... 12
`
`- v -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01022 (U.S. Patent No. 8,677,494)
`
`In re NTP, Inc.,
`654 F.3d 1279 (Fed. Cir. 2011) .......................................................................... 28
`
`Ortho-McNeil Pharm., Inc. v. Mylan Labs, Inc.,
`520 F.3d 1358 (Fed. Cir. 2008) .......................................................................... 57
`
`Plantronics, Inc. v. Aliph, Inc.,
`724 F.3d 1343 (Fed. Cir. 2013) .................................................................... 56, 57
`
`Rambus Inc. v. Teresa Stanek Rea,
`731 F.3d 1248 (Fed. Cir. 2013) .......................................................................... 57
`
`In re Ratti,
`270 F.2d 810, 123 USPQ 349 (CCPA 1959) ................................................ 34, 48
`
`In re Royka,
`490 F.2d 981 (CCPA 1974) ................................................................................ 26
`
`Ruiz v. A.B. Chance Co.,
`234 F.3d 654 (Fed. Cir. 2000) ............................................................................ 56
`
`In re Wilson,
`424 F.2d 1382 ......................................................................................... 22, 27, 45
`
`In re Wyer,
`655 F.2d 221 (CCPA 1981) .......................................................................... 18, 60
`
`Statutes
`35 U.S.C. § 103(a) ............................................................................................passim
`
`35 U.S.C. § 102(a) ....................................................................................... 17, 18, 59
`
`Other Authorities
`
`37 C.F.R. § 42.6(e) ................................................................................................... 63
`
`37 C.F.R. §§ 42.20(c), 42.22(a)(2), and 42.104(b)(4) ....................................... 25, 39
`
`37 C.F.R. § 42.22(a)(2) .....................................................................................passim
`
`37 C.F.R. § 42.24 ................................................................................................. 3, 24
`
`37 C.F.R. § 42.65(a) ........................................................................................... 29, 36
`
`- vi -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01022 (U.S. Patent No. 8,677,494)
`37 C.F.R. § 42.104(b) .............................................................................. 2, 22, 35, 43
`
`37 C.F.R. § 42.104(b)(4) .................................................................................... 30, 50
`
`37 C.F.R. § 42.108(c) ................................................................................................. 1
`
`77 Fed. Reg. 48756 .................................................................................................. 29
`
`
`
`- vii -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01022 (U.S. Patent No. 8,677,494)
`
`I.
`
`INTRODUCTION
`
`On April 8, 2015, Sophos Inc. (“Petitioner”) submitted a Petition to institute
`
`inter partes review (“IPR”) of U.S. Patent No. 8,677,494 (“the ‘494 Patent”),
`
`challenging claims 1, 10, 14, and 18. Finjan Inc. (“Patent Owner”) requests that
`
`the Board not institute inter partes review because Petitioner has not demonstrated
`
`a reasonable likelihood that it would prevail in showing unpatentability of any of
`
`the challenged claims on the grounds asserted in its Petition, as required under 37
`
`C.F.R. § 42.108(c).
`
`The ‘494 Patent generally discloses systems and methods for protecting user
`
`computers from the suspicious operations that may be attempted by
`
`Downloadables. The claims require, inter alia, “receiving an incoming
`
`Downloadable,” “deriving security profile data for the Downloadable” and “storing
`
`the Downloadable security profile data in a database.” Ex. 1001 at 19–25. The
`
`Downloadable security profile (“DSP”) data that is generated and stored in the
`
`database also must include “a list of suspicious computer operations that may be
`
`attempted by the Downloadable.” (Id.).
`
`The various references cited in Grounds A–D of the Petition do not disclose
`
`this approach to protect against malware because they do not derive security
`
`profile data for a Downloadable, a list of suspicious computer operations, or store
`
`Downloadable security profile data in a database. In contrast, the references cited
`
`- 1 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01022 (U.S. Patent No. 8,677,494)
`in the Petition are generally directed to identifying viruses that infect files of a
`
`computer system, (e.g., by running virus scans on the computer system) rather than
`
`determining the suspicious operations that a Downloadable intends to perform and
`
`then further including a list of these specific operations within a security profile
`
`that is generated for that Downloadable and then further storing the claimed
`
`security profile in a database. (See Ex. 1006 at 161). The TBAV reference explains
`
`that a virus is a computer program that appends itself to the end of the program it
`
`infects. (Id.). Petitioner repeatedly conflates virus signatures for viruses that
`
`infect files with the claimed Downloadable security profile data derived from the
`
`Downloadable. In addition to these fundamental differences between Finjan’s
`
`approach to protecting computers form malicious and those proposed in the
`
`Petition’s cited references, Finjan notes a number of substantive and procedural
`
`reasons that the Board should decline to institute inter partes review.
`
`First, the Board should decline to institute inter partes review of the
`
`challenged claims because Petitioner has failed to “specify where each element of
`
`the claim is found in the prior art patents or printed publications relied upon.” (37
`
`C.F.R. § 42.104(b)). For example, the Petition completely neglects to specify
`
`where any of the cited references disclose the feature of “deriving security profile
`
`data for the Downloadable, including a list of suspicious computer operations that
`
`may be attempted by the Downloadable,” which is recited in each challenged
`
`- 2 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01022 (U.S. Patent No. 8,677,494)
`claim. Petitioner appears to hope that the Board will simply ignore this claim
`
`element, which as noted above, is at the heart of what distinguishes Finjan’s
`
`approach with those of the prior art cited in the Petition.
`
`Second, every one of Petitioner’s assertions of obviousness based on
`
`combinations of the various references is inadequate as a matter of law. Each of
`
`Petitioner’s statements regarding the motivation to combine one or more references
`
`is based on the references generally being directed to similar subject matter. See,
`
`e.g., Petition at 27 (“TBAV and Ji are both directed to virus scanning software that
`
`can scan incoming downloaded files. Thus, at a minimum, it would have been
`
`obvious to one of ordinary skill in the art to apply the teachings of a receiver in Ji
`
`to the system of TBAV. (Ex. 1002 at ¶ 96)”). Each proposed Ground is, therefore,
`
`deficient as a matter of law because Petitioner improperly provides “mere
`
`conclusory statements” that the combinations are obvious rather than “articulating
`
`rational underpinning to support the legal conclusion of obviousness.” See KSR v.
`
`Teleflex, 550 U.S. 398, 418 (2007).
`
`Third, Petitioner impermissibly attempts to circumvent the page limits
`
`dictated under 37 C.F.R. § 42.24 by using claim charts to incorporate by reference
`
`broad passages of the references and by placing attorney argument in the claim
`
`charts in lieu of quotations of the evidence. These techniques are improper
`
`because Petitioner cannot impose on the Board “to re-construct Petitioner’s
`
`- 3 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01022 (U.S. Patent No. 8,677,494)
`arguments and generally play archaeologist with the record.” IPR2014-00475,
`
`Paper No. 10 at 14–16.
`
`Although there are a variety of reasons why the ‘494 Patent is valid over
`
`Petitioner’s asserted prior art references, this Preliminary Response focuses on
`
`only limited reasons why inter partes review should not be instituted. See
`
`Travelocity.com L.P. et al. v. Conos Technologies, LLC, CBM2014-00082, Paper
`
`12 at 10 (“[N]othing may be gleaned from the Patent Owner’s challenge or failure
`
`to challenge the grounds of unpatentability for any particular reason.”). The
`
`deficiencies of the Petition noted herein, however, are sufficient for the Board to
`
`find that Petitioner has not met its burden to demonstrate a reasonable likelihood
`
`that it would prevail in showing unpatentability of any of the challenged claims.
`
`II. THE ‘494 PATENT
`A. Overview
`Patent Owner’s ’494 Patent claims priority to a number of patents and patent
`
`applications, including U.S. Patents Nos. 6,804,780 (Ex. 1014), 6,092,194
`
`(Ex. 1015), and 6,480,962 (Ex. 1016), with an earliest claimed priority date of
`
`November 8, 1996. (Ex. 1001 at 1:8–55). The ‘494 Patent incorporates each of
`
`these patents by reference.
`
`The systems and methods of the ‘494 Patent protect personal computers
`
`(PCs) and other network accessible devices from “harmful, undesirable, suspicious
`
`- 4 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01022 (U.S. Patent No. 8,677,494)
`or other ‘malicious’ operations that might otherwise be effectuated by remotely
`
`operable code.” (Ex. 1001 at 2:51–56). The protection paradigm involves deriving
`
`security profile data for an incoming Downloadable. (Ex. 1001 at 21:21; Ex. 1015
`
`at 5:38–45; 9:20–22).
`
`The Downloadable security profile (“DSP”) data for each Downloadable
`
`includes a “list of all potentially hostile or suspicious computer operations that may
`
`be attempted by a specific Downloadable.” (Ex. 1015. at 5:45–48). Additional
`
`information about the Downloadable can also be stored in the database, such as the
`
`date and time the profile was derived and URL from which the downloadable
`
`originated. (Ex. 1001 at 21:26–28; id. at 21:38–40). The DSP data can be derived
`
`in number of different ways, including by disassembling the machine code of the
`
`Downloadable. (Ex. 1015 at 9:20–24).
`
`DSP data for a Downloadable is therefore derived from a particular
`
`Downloadable and is related to the Downloadable itself unlike, for example, a
`
`virus signature, which identifies a particular virus that can infect executable file.
`
`See Ex. 1008 at 9:16–19 (“A ‘good’ viral signature is one which is statistically
`
`unlikely to generate false positives when run on uninfected, legitimate programs,
`
`but will always identify the virus if it is present.”). Security policies, which
`
`include policies specific to particular users and generic policies, can be compared
`
`- 5 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01022 (U.S. Patent No. 8,677,494)
`with the DSP data for an incoming Downloadable to determine whether to allow or
`
`block the incoming Downloadable. (Ex. 1015 at 4:18–24).
`
`The derived DSP data is stored in a database. (Ex. 1001 at 21:24–25; Ex.
`
`1015 at 4:14–19; 9:52–55). Because DSP data stored in this manner can be
`
`efficiently retrieved when a known Downloadable is encountered, the invention
`
`claimed in the ‘494 Patent allows accurate security decisions to be made without
`
`the need to generate profiles for all incoming Downloadables; additionally, there is
`
`no need for the Downloadable to be scanned for malicious operations at the
`
`destination device since the DSP data already lists malicious operations that may
`
`be attempted by the Downloadable, unlike the TBAV, Chen, and Arnold references,
`
`which all merely scan files already resident on a destination device. (See Ex. 1001
`
`at 11:1–7).
`
`The Prior Art
`
`B.
`In stark contrast to the invention claimed in the ‘494 Patent, the prior art
`
`discloses methods for identifying viruses that infect files rather than deriving
`
`security profile data for incoming Downloadables. See Ex. 1006 at 1 (“[TBAV] is
`
`a comprehensive tool kit designed to protect against, and recover from, computer
`
`viruses.”); id. at 161 (“A virus, which is simply another computer program, adds
`
`itself to the end of the program it infects.”); Ex. 1008 at 2:26–29 (“[A] need has
`
`arisen to develop methods for automatically recognizing and eradicating previously
`
`- 6 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01022 (U.S. Patent No. 8,677,494)
`unknown or unanalyzed viruses on individual computers and computer
`
`networks.”); Ex. 1009 at 9:1–2 (describing that a temporarily stored file is
`
`analyzed to determine if it contains a virus); and Ex. 1010 at Abstract (“The
`
`detection and removal of viruses from macros is disclosed.”).
`
`The cited references disclose two main methods of identifying viruses—
`
`signature scanning and heuristic scanning—neither of which corresponds to
`
`Finjan’s approach as claimed in the ‘494 Patent. Signature scanning checks “for
`
`the appearance of [virus] signatures in a file” to find out of a program has been
`
`infected. (Ex. 1006 at 47). A virus signature is a “unique sequence of
`
`instructions” rather than either security profile data for a Downloadable or a list of
`
`suspicious operations that may be performed by the Downloadable. (Id.).
`
`Heuristic scanning, on the other hand, is used to detect unknown viruses by
`
`detecting “suspicious instruction sequences” in a file. (Id. at 154). The actual
`
`virus detection is executed by assigning every suspicious instruction a heuristic
`
`flag that denotes a score; the score is then compared to a predefined limit. (Id. at
`
`155). The heuristic scanning processes disclosed in the cited references do not
`
`derive security profiles for Downloadables, let alone security profiles for
`
`Downloadables that include a list of suspicious computer operations that may be
`
`performed by the Downloadable.
`
`- 7 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01022 (U.S. Patent No. 8,677,494)
`
`C. Challenged Claims
`Petitioner challenges four claims of the ‘494 Patent, namely independent
`
`method claim 1, independent system claim 10, and claims 14 and 18, which
`
`depend from claim 10. Claim 1 is reproduced below:
`
`1. A computer-based method, comprising the steps of:
`
`receiving an incoming Downloadable;
`
`deriving security profile data for the Downloadable, including a
`list of suspicious computer operations that may be attempted by the
`Downloadable; and
`
`storing the Downloadable security profile data in a database.
`
`(Ex. 1001 at 21:19–25). System claim 10 further recites the components
`
`“receiver,” “Downloadable scanner,” and “database manager.” (Id. at 22:7–16).
`
`Claim 14 recites “wherein the Downloadable includes program script.” (Id. at
`
`22:26–27). Claim 18 recites “wherein said Downloadable scanner comprises a
`
`disassembler for disassembling the incoming Downloadable.” (Id. at 22:37–39).
`
`D.
`
`Prosecution History
`
`The ‘494 Patent issued March 18, 2014, from U.S. Patent Application
`
`Serial No. 13/290,708, filed November 7, 2011.
`
`III. CLAIM CONSTRUCTION
`A.
`“Downloadable” (claims 1, 10, 14, and 14):
`The proper construction of the term “Downloadable” in the context of the
`
`’494 patent is “an executable application program, which is downloaded from a
`
`- 8 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01022 (U.S. Patent No. 8,677,494)
`source computer and run on the destination computer.” This is the exact definition
`
`provided in U.S. Patent Nos. 6,804,780 (Ex. 1014) and 6,092,194 (Ex. 1015),
`
`which the ’494 patent is a continuation of, claims priority to, and incorporates by
`
`reference. (Ex. 1001 at 1:27–39; Ex. 1014 at 1:50–53; Ex. 1015 at 1:44–46). In
`
`fact, Petitioner already agreed to this definition in the concurrent litigation with
`
`Patent Owner (Finjan). (Ex. 2001 at 2).
`
`Petitioner provides no explanation for modifying the previously agreed upon
`
`construction and, indeed, states that its proposed construction is consistent with the
`
`‘494 Patent. (See Petition at 12–13). To the extent that Petitioner inserts the
`
`phrase “can be” to obscure the fact that Downloadables are programs that are
`
`intended to be run on destination computers, Finjan disagrees.
`
` “suspicious computer operations” (claims 1, 10, 14, and 18)
`
`B.
`The term “suspicious computer operations” needs no construction and the
`
`plain and ordinary meaning within the context of the claims should apply. See,
`
`e.g., Interactive Gift Express, Inc. v. Compuserve, Inc., 256 F.3d 1323, 1331 (Fed.
`
`Cir. 2001) (“If the claim language is clear on its face, then our consideration of the
`
`rest of the intrinsic evidence is restricted to determining if a deviation from the
`
`clear language of the claims is specified.”). This term “suspicious computer
`
`operations” appears in all of the challenged claims with its scope clearly set forth
`
`in the claims. For example, independent claims 1 and 10 recite claims recite “a list
`
`- 9 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01022 (U.S. Patent No. 8,677,494)
`of suspicious computer operations that may be attempted by the Downloadable”
`
`and that this “list” is included in the claimed “security profile data”1 that is derived
`
`for the Downloadable. See, e.g., claim 1(b) (reciting “deriving security profile data
`
`for the Downloadable, including a list of suspicious computer operations that may
`
`be attempted by the Downloadable”)
`
`Petitioner proposes that the term “suspicious computer operations” should
`
`mean “computer instructions that are deemed to be potentially hostile.” Petitioner
`
`provides no reason to replace the common, well-understood term “computer
`
`operations” with “instructions.” In fact, none of Petitioner's citations to the ‘494
`
`Patent or to Finjan’s ‘639 Provisional Application, mention the term “instruction.”
`
`Rather, the true motivation for Petitioner’s construction is because its proposed
`
`grounds rely upon the references’ various disclosures of suspicious instructions to
`
`meet the claimed “suspicious computer operations.” See, e.g., Petition at 24, 40,
`
`and 46. Thus, Petitioner’s construction serves no purpose at all except, to
`
`1 Notably, Petitioner improperly treats the term “security profile data for the
`
`Downloadable” as if it does not exist, and only asserts that the prior art teaches “a
`
`list of suspicious computer operations” and thus contrary to the well-established
`
`rule that ”claims are interpreted with an eye toward giving effect to all terms in the
`
`claim.” Digital-Vending Services International, LLC v. The University of Phoenix,
`
`Inc., No. 11-1216 (Fed. Cir. Mar. 7, 2012)
`
`- 10 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01022 (U.S. Patent No. 8,677,494)
`improperly replace the inventor’s chosen words in favor of words recited in its
`
`proposed prior art.
`
`Petitioner’s proposed construction should also be rejected because computer
`
`instructions are not “computer operations that may be attempted by the
`
`Downloadable.” An instruction is a low-level programmatical construct, while an
`
`operation is a high-level command that the program actually performs. This
`
`distinction is reinforced by the claim language, which recites “computer operations
`
`that may be attempted by the Downloadable” as well as the specification, which
`
`differentiates between “remotely operable code” and the “harmful, undesirable,
`
`suspicious or other ‘malicious’ operations that might otherwise be effectuated by
`
`remotely operable code.” (Ex. 1001 at 2:54–64). Likewise, the ‘194 Patent
`
`describes the difference between machine code and the suspicious operations:
`
`Method 628 begins in step 705 with the code scanner 325
`disassembling the machine code of the Downloadable. The code
`scanner 325 in step 710 resolves a respective command in the
`machine code, and in step 715 determines whether the resolved
`command is suspicious (e.g., whether the command is one of the
`operations identified in the list described above with reference to FIG.
`3).
`
`(Ex. 1015 at 9:22–29).
`
`- 11 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01022 (U.S. Patent No. 8,677,494)
`“database” (claims 1, 10, 14, and 18)
`
`C.
`Finjan submits that the proper construction of “database” is “a collection of
`
`interrelated data organized according to a database schema to serve one or more
`
`applications.” This construction stays true to the claim language and most
`
`naturally aligns with the patent’s description of the invention as well as the well-
`
`accepted definition of the term. (Ex. 2002 at 3). In fact, the district court in the
`
`concurrent litigation with Petitioner indicated that Patent Owner’s construction
`
`follows the context of the patent and the well-understood accepted definition for
`
`database: “[b]ecause Finjan’s definition appears to reflect both the context of the
`
`patent as well as a well-accepted definition of the term.” (Ex. 2003 at 7).
`
`Petitioner proposes to construe the term “database” as “any structured store
`
`of data” under the BRI. (Petition at 13). However, the Federal Circuit has held
`
`that “even with a more lenient standard of proof, the PTO ideally should not arrive
`
`at a different conclusion.” In re Baxter Int’l, 678 F.3d 1357, 1365 (Fed. Cir.
`
`2012). The goal of Petitioner's construction is to broaden the term database
`
`beyond the specification so that it reads upon the techniques described in the cited
`
`prior art (e.g. a log file). To the contrary, the Federal Circuit dictates that the
`
`broadest reasonable interpretation requires consideration of specification. See
`
`Microsoft Corp. v. Proxyconn, Inc., Nos. 2014-1542, 2014-1543, 2015 WL
`
`3747257, at *3 (Fed. Cir. 2015)( “[A] construction that is ‘unreasonably broad’ and
`
`- 12 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01022 (U.S. Patent No. 8,677,494)
`which does not ‘reasonably reflect the plain language and disclosure’ will not pass
`
`muster.”). FIG. 3 of the ‘194 Patent clearly illustrates that the security database
`
`240 that stores DSP data 310 is completely different than a log file (i.e. Event Log
`
`245), which would be captured under Petitioner’s overbroad construction:
`
`
`
`Furthermore, the portion of the ‘494 Patent cited by Petitioner only
`
`reinforces Finjan’s proposed construction by referring to referencing list separately
`
`from a database. Ex. 1001 at 17:10-13 (stating that a “referencing list, database or
`
`other storage structure(s)…” can be used to implement a protection scheme). The
`
`district court in the concurrent litigation has also rejected equating a database with
`
`a log file:
`
`The fact that a database is listed along with more simple files does not
`mean that the database includes or is equated with these types of
`files. In fact, one could argue that this list serves to further
`differentiate a database from simpler files.
`
`(Ex. 2003 at 5, n.1)(emphasis added).
`
`- 13 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01022 (U.S. Patent No. 8,677,494)
`Because there is no support for Petitioner’s broader construction of
`
`“database” in the ‘494 patent, the PTAB should adopt Patent Owner’s construction
`
`as following the ‘494 patent, adopted well-understood definition, and the law.
`
`“program script” (claim 14)
`
`D.
`Finjan submits that the term “program script” means “a program written in a
`
`scripting language (e.g. JavaScript™/Visual Basic scripts).” This construction is
`
`consistent with the ‘494 Patent, which lists examples of remotely operable code,
`
`including “downloadable application programs, Trojan horses and program code
`
`groupings, as well as software ‘components,’ such as JavaTM applets, Active XTM
`
`controls, JavaScriptTM/Visual Basic scripts, add-ins, etc., among others.” (Ex.
`
`1001 at 2:59–64). This passage identifies JavaScriptTM/Visual Basic scripts
`
`separately from other software components, such as JavaTM applets, Active XTM
`
`controls, and add-ins. (Id.).
`
`Petitioner proposes that under the BRI, this claim feature should mean “a set
`
`of instructions that can be executed by a computer through an inter