throbber
Trials@uspto.gov
`571-272-7822
`
`
`Paper 9
`Entered: January 14, 2016
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`SYMANTEC CORP.,
`Petitioner,
`
`v.
`
`FINJAN, INC.,
`Patent Owner.
`____________
`
`Case IPR2015-01547
`Patent 8,141,154 B2
`
`____________
`
`
`
`Before THOMAS L. GIANNETTI, RICHARD E. RICE, and
`MIRIAM L. QUINN Administrative Patent Judges.
`
`QUINN, Administrative Patent Judge.
`
`DECISION
`Denying Institution of Inter Partes Review
`37 C.F.R. § 42.108
`
`
`
`
`
`
`
`

`
`IPR2015-01547
`Patent 8,141,154 B2
`
`
`
`Symantec Corp. (“Petitioner”) filed a Petition to institute inter partes
`review of claims 112 of U.S. Patent No. 8,141,154 B2 (“the ’154 patent”)
`pursuant to 35 U.S.C. § 311319. Paper 1 (“Pet.”). Finjan, Inc. (“Patent
`Owner”) timely filed a Preliminary Response. Paper 8 (“Prelim. Resp.”).
`We have jurisdiction under 35 U.S.C. § 314.
`For the reasons that follow, we deny the Petition.
`
`I.
`
`BACKGROUND
`
`A. RELATED MATTERS
`
`Petitioner identifies that the patent-at-issue is the subject matter of a
`district court case filed in the U.S. District Court for the Northern District of
`California (Case No. 3:14-cv-02998-RS). Pet. 1. Petitioner also states that
`petitions for inter partes review have been filed regarding patents at issue in
`the foregoing litigation. Id.
`
`B. ASSERTED GROUNDS
`
`Petitioner contends that claims 112 (“the challenged claims”) are
`unpatentable under 35 U.S.C. § 102 and § 103 based on the following
`specific grounds:
`Reference[s]
`
`Basis
`§ 102
`
`Claims challenged
`15
`
`§ 103
`
`2, 48, 10, and 11
`
`Ross1
`
`Ross
`
`
` 1
`
`
`
` Patent Application Pub. No. US 2007/0113282 (Exhibit 1002) (“Ross”).
`2
`
`

`
`IPR2015-01547
`Patent 8,141,154 B2
`
`
`
`Reference[s]
`
`Ross and Calder2
`
`Calder and Sirer3
`
`Basis
`§ 103
`
`§ 103
`
`Claims challenged
`9 and 12
`
`112
`
`C. THE ’154 PATENT (EX. 1001)
`
`The ’154 patent relates to computer security, and, more particularly,
`to systems and methods for protecting computers against malicious code
`such as computer viruses. Ex. 1001, 1:79; 8:3840. The ’154 patent
`identifies the components of one embodiment of the system as follows: a
`gateway computer, a client computer, and a security computer. Id. at
`8:4547. The gateway computer receives content from a network, such as
`the Internet, over a communication channel. Id. at 8:4748. “Such content
`may be in the form of HTML pages, XML documents, Java applets and
`other such web content that is generally rendered by a web browser.” Id. at
`8:4851. A content modifier modifies original content received by the
`gateway computer and produces modified content that includes a layer of
`protection to combat dynamically generated malicious code. Id. at 9:1316.
`
`
`
` 2
`
` Patent Application Pub. No. US 2002/0066022 A1 (Exhibit 1003)
`(“Calder”).
`3 Sirer et al., Design and Implementation of a Distributed Virtual machine
`for Networked Computers, (1999) (Exhibit 1004) (“Sirer”).
`3
`
`
`
`

`
`IPR2015-01547
`Patent 8,141,154 B2
`
`
`
`D. ILLUSTRATIVE CLAIM
`
`Challenged claims 1, 4, 6, and 10 are independent, and illustrative
`claim 1 is reproduced below.
`1. A system for protecting a computer from dynamically generated
`malicious content, comprising:
`a content processor (i) for processing content received over a network,
`the content including a call to a first function, and the call including an
`input, and (ii) for invoking a second function with the input, only if a
`security computer indicates that such invocation is safe;
`a transmitter for transmitting the input to the security computer for
`inspection, when the first function is invoked; and
`a receiver for receiving an indicator from the security computer
`whether it is safe to invoke the second function with the input.
`
`II. ANALYSIS
`
`A. CLAIM INTERPRETATION
`
`The Board interprets claims using the “broadest reasonable
`construction in light of the specification of the patent in which [they]
`appear[].” 37 C.F.R. § 42.100(b). We presume that claim terms have their
`ordinary and customary meaning. See In re Translogic Tech., Inc., 504 F.3d
`1249, 1257 (Fed. Cir. 2007) (“The ordinary and customary meaning is the
`meaning that the term would have to a person of ordinary skill in the art in
`question.”).
`Petitioner proposed a construction for one term: “dynamically
`generate[d]”. See Pet. 1415. Patent Owner submitted that the term has a
`plain and ordinary meaning understood to a person of ordinary skill in the art
`and that no construction is needed. Prelim. Resp. 79. We do not need to
`construe a proposed term if the construction is not helpful in our
`4
`
`
`
`

`
`IPR2015-01547
`Patent 8,141,154 B2
`
`
`
`determination of whether to institute trial. Because the construction of the
`term “dynamically generate[d]” is not germane to our determination whether
`to institute trial, we will not consider either of the parties’ arguments. No
`term will be construed.
`
`B. GROUNDS BASED ON ROSS, AND ROSS IN COMBINATION WITH
`CALDER
`
`Petitioner asserts three grounds predicated on, at a minimum, Ross
`disclosing the limitation identified in the Petition as limitation “[A].”
`Pet. 12 (identifying overlapping limitations in the four independent claims),
`1820 (describing Petitioner’s contention regarding Ross’s disclosure of
`limitation 1[A] and 4[A]); 2728 (stating Petitioner’s contention that for
`claims 6 and 10, limitations are “substantially similar” with the exception of
`limitations [B2], [E2], and [G]). Limitation [A] in claim 1 recites “a content
`processor (i) for processing content received over a network, the content
`including a call to a first function, and the call including an input . . .” Ex.
`1001, 17:3436. We do not agree with Petitioner that Ross discloses this
`limitation for, at least, the reasons discussed below and outlined by Patent
`Owner in the Preliminary Response. See Prelim. Resp. 1215.
`1. Overview of Ross (Exhibit 1002)
`Ross describes one embodiment where a device receives and
`processes “data content having at least one original function call [and it]
`includes a hook script generator and a script processing engine.” Ex. 1002
`¶ 10. One such device is depicted in Figure 2, reproduced below.
`
`5
`
`
`
`

`
`IPR2015-01547
`Patent 8,141,154 B2
`
`
`
`
`Figure 2 shows a client network device (client 202) and a server
`
`network device (server 204) communicating with each other over
`communication network 208 to exchange information including web
`content. Id. at ¶¶ 16, 23. Figure 2 depicts web browser 224 and detection
`engine 240 at the client, but in other embodiments detection engine 240 may
`be physically located away from client 202. Id. at ¶ 26. Detection
`engine 240 includes script injector 242 to intercept incoming data content
`and introduce the incoming data to script-processing engine 224. Id. “Hook
`script generator 244 creates new functions, including constructor functions,
`which replace the standard JavaScript functions.” Id.
`2. Discussion
`Petitioner contends that Ross’s script-processing engine is the recited
`content processor that receives content over a network. Pet. 18–19 (citing
`
`6
`
`
`
`

`
`IPR2015-01547
`Patent 8,141,154 B2
`
`Ex. 1002 ¶¶ 23, 26, 34, Figs. 2, 46). Petitioner also contends that the
`“content processed by the script processing engine includes a hook script
`having one or more hook functions,” thereby disclosing the recited “first
`function.” Id. at 19 (citing Ex. 1002 ¶¶ 38, 31, 33, 34; and the Davidson
`Declaration Ex. 1010 ¶79). That is, the Petition states that the script
`processing engine receives content over a network and also receives a hook
`script. The claims require, however, that the content received by the content
`processor include a “call to a first function.” And according to Patent
`Owner, with which we agree in this regard, Ross does not disclose that the
`hook function (or “first function”) is in content received over a network.
`Prelim. Resp. 12.
`We are persuaded by Patent Owner’s argument that, in the
`embodiments identified in the Petition, the hook script generator generates
`the hook function, which is loaded separate from data content 602 that is
`received over the network. Prelim. Resp. 14 (pointing out Ross’s disclosure
`of the hook generator embodiments disclosed in Figures 2 and 6). In
`particular, Patent Owner addresses Ross’s disclosure of the method where
`the hook function is loaded into the script processing engine, then data
`content 602 is loaded into the script processing engine, and, finally,
`executing a hook function when the corresponding original function is called
`in data content 602. Id. at 1415 (relying on Ex. 1002 ¶ 38). Neither the
`Petition (see Pet. 1820) nor the Declaration of Mr. Davidson, at the cited
`paragraph 79, explain how Ross’s data content received over a network also
`includes the hook functions alleged to be the recited “first function,” which
`must be included in the content received over a network.
`7
`
`
`
`
`
`

`
`IPR2015-01547
`Patent 8,141,154 B2
`
`
`
`Accordingly, and for at least the above-identified reason, we are not
`persuaded that Petitioner has demonstrated a reasonable likelihood of
`prevailing in its contention that independent claims 1, 4, 6, and 10 are
`unpatentable over Ross, either as anticipated (claims 1 and 4) or obvious
`(claims 6 and 10). Petitioner relies on Calder in combination with Ross to
`challenge as unpatentable dependent claims 9 and 12, but does not assert that
`Calder remedies any of the Ross deficiencies noted above. Consequently,
`we also are not persuaded that Petitioner has demonstrated a reasonable
`likelihood of prevailing in its contention that any of the challenged
`dependent claims are unpatentable over either Ross or the combination of
`Ross and Calder.
`
`C. GROUND BASED CALDER AND SIRER
`
`Petitioner asserts one ground predicated on, at least, Calder.
`1. Overview of Calder (Ex. 1003)
`Calder describes a distributed computing system, which includes a
`pre-processing module that prepares a software package for execution on
`any number of client computers. Ex. 1003 ¶ 77; Fig. 1. Application
`package 115 is a modified software application that is adapted to each client
`computer 140. Id. Calder further describes that application package 115 is
`sent to server 120 after being processed by the pre-processor module. Id. at
`¶ 85. “Application package 115 is electronically transferred from a server
`120, which can be an independently networked computer, across the
`network 130, and into any number of client computers 140.” Id. at ¶ 77.
`Figure 4, reproduced below, depicts a virtualized execution environment.
`
`8
`
`
`
`

`
`IPR2015-01547
`Patent 8,141,154 B2
`
`
`
`
`Figure 4 shows that system resources are controlled by using virtual
`layer 415 to intercept application programming interface (API) routines that
`utilize these resources. Id. at ¶ 86. System calls made by application 405
`are intercepted by an interception module, which is part of virtual layer 415.
`Id. at ¶ 87.
`To create application package 115, binaries are rewritten to remove
`improper sequences. Id. at ¶ 93. Improper functions or sequences are
`defined by a predefined list. Id. at ¶ 95. If no improper sequences are
`identified, the import table of binaries is rewritten to reference the
`interception module. Id. at ¶ 97. An import table lists all of the dynamically
`linked libraries (DLLs) that are used by application 405. Id. at ¶ 98. The
`process of initializing and patching the DLLs involves loading and running
`the DLL for the intercept module, which patches and intercepts all the DLL
`calls before any of the application package’s code is executed. Id. ¶¶ 98,
`104.
`
`9
`
`
`
`

`
`IPR2015-01547
`Patent 8,141,154 B2
`
`In addition to intercepting DLL calls, the interception module
`virtualizes a suite of network request routines in response to application 405
`invoking the routines. Id. at ¶ 122. The interception module also intercepts
`all of the file system requests by application 405. Id. at ¶ 125. In particular,
`Calder describes that in response to an invocation of a routine to open a file,
`the system determines whether the file is an approved file, and, if it is, the
`process proceeds without modifying the call. Id. at ¶ 134. If the file in
`question does not exist or does not contain executable code, the process
`returns to execute the original system request, with the unmodified and
`modified parameter and the handle. Id. at ¶ 135.
`2. Discussion
`Petitioner contends that Calder teaches or suggests the limitations of
`the challenged claims, except for the “remotely located ‘security computer’
`for performing the inspection and evaluation of the hooked functions and
`inputs,” for which Petitioner relies on Sirer. Pet. 39. Patent Owner
`challenges Petitioner’s contentions based on multiple bases. Prelim. Resp.
`2934. In particular, Patent Owner argues that Petitioner has not shown that
`Calder’s system calls are “function calls,” that the system calls identified as
`“first function calls” do not meet the claim language, and that Petitioner has
`not shown that Calder teaches the “second function” limitations. Id. at 31–
`32. We agree with Patent Owner that Petitioner has not met its burden based
`on the issues identified above.
`In particular, Petitioner identifies as “function calls” Calder’s system
`calls or certain interrupt calls. Pet. 44. The original calls in the application
`package are replaced, according to Petitioner, with “calls to a virtual layer
`10
`
`
`
`
`
`

`
`IPR2015-01547
`Patent 8,141,154 B2
`
`
`
`through ‘modified routines’ (i.e., a call to a first function).” Id. Further to
`this point, Petitioner also identifies the original calls as first function calls.
`Id. These are two different embodiments of “calls” alleged to be a “first
`function call.” More importantly, however, there is little credible
`explanation that system calls are “function calls.” The assertion, by
`Petitioner’s declarant, that “intercepting a system call is conceptually
`equivalent to intercepting a function call” is conclusory. See Prelim. Resp.
`29 (referring to the Declaration of Davidson, Ex. 1010 ¶ 125). The Petition
`fails to explain how Calder’s system calls, and all other identified calls,
`teach or suggest “function calls.” The interception of system calls and
`function calls may be “conceptually equivalent,” but this statement says
`nothing about whether “system calls” and “function calls” are also
`equivalent, conceptually or otherwise.
`Further, the Petition is deficient in showing how all the various Calder
`embodiments alleged to teach or suggest function calls equate to the recited
`first and second function calls, and their corresponding inputs, for each
`claim. For example, for claims 1, 4, 6, and 10, the Petition identifies as first
`functions (1) a call to a virtual layer and (2) an original call, such as “the
`invocation of an open/create routine.” Pet. 44. The Petition subsequently
`identifies “the underlying intercepted system call” as the “second function”
`recited in claims 1 and 4, referring to the embodiment of intercepting
`network access requests and determining whether a socket is on the list of
`allowable sockets. Pet. 50. Claims 1 and 4 require, however, the same input
`for the first function and the second function, as the claims recite “the
`content including a call to a first function, and the call including an input,”
`
`11
`
`
`
`

`
`IPR2015-01547
`Patent 8,141,154 B2
`
`
`
`and “a second function with the input.” We discern no attempt in the
`Petition to identify the recited functions with the appropriate inputs recited
`in these claims. Furthermore, we agree with Patent Owner that Petitioner
`fails to explain how Calder invokes “the second function” because it has
`alleged only that the intercepted system call is not performed. Prelim. Resp.
`31.
`
`For claims 6 and 10, a similar problem emerges. The Petition alleges
`that the invoked second function with a modified input variable is the
`“original system call” with “modified parameters.” Pet. 52 (relying on file
`request routines and Figure 14). There is insufficient indication that the
`second function call, i.e., Calder’s “original system call,” is any different
`than the first function call, which was alleged to be also an original call,
`such as the invocation of an open/create routine. Likewise, there is no
`distinction between the “input variable” for the first function, and the
`“modified input variable” for the second function. The Petition either does
`not address the particulars or provides convoluted references to Calder’s
`various embodiments so that Petitioner’s contentions on this matter are
`rendered intractable. In this last regard, given the complexity and breadth of
`the asserted prior art references, we find that the Petition lacks a cogent
`presentation and adequate explanations of how the numerous, cited Calder
`embodiments, presented in piecemeal fashion, tie to the claims. See 37
`C.F.R. §§ 42.22(a)(2) 42.104 (b)(4),(5).
`Accordingly, we are not persuaded that Petitioner has shown
`sufficiently a reasonable likelihood of prevailing in its contention that claims
`1, 4, 6, and 10 are unpatentable as obvious over Calder and Sirer. Petitioner
`
`12
`
`
`
`

`
`IPR2015-01547
`Patent 8,141,154 B2
`
`
`
`does not assert Sirer as making up for the deficiencies noted above.
`Therefore, we determine that Petitioner has not shown a reasonable
`likelihood of prevailing in its contention that claims 2, 3, 5, 79, 11, and 12
`are unpatentable over the Calder-based grounds.
`III. CONCLUSION
`For the foregoing reasons, we do not institute inter partes review of
`the ’154 patent.
`IV. ORDER
`After due consideration of the record before us, it is
`ORDERED that the Petition is denied and no trial is instituted.
`
`13
`
`
`
`

`
`IPR2015-01547
`Patent 8,141,154 B2
`
`
`
`
`PETITIONER:
`Joseph J. Richetti (Lead Counsel)
`Daniel A. Crowe (Back-up Counsel)
`BRYAN CAVE LLP
`joe.richetti@bryancave.com
`dacrowe@bryancave.com
`
`PATENT OWNER:
`
`James Hannah (Lead Counsel)
`Jeffrey H. Price (Back-up Counsel)
`KRAMER LEVIN NAFTALIS & FRANKEL LLP
`jhannah@kramerlevin.com
`jprice@kramerlevin.com
`
`Michael Kim (Back-up Counsel)
`FINJAN INC.
`mkim@finjan.com
`
`
`
`14

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket