UNITED STATES PATENT AND TRADEMARK OFFICE
`
`__________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`___________________
`
`SYMANTEC CORP.
`
`Petitioner
`
`v.
`
`FINJAN, INC.,
`
`Patent Owner
`
`____________________
`
`Case IPR2015-01547
`
`Patent No. 8,141,154
`
`__________________________________________________________
`
`PATENT OWNER’S PRELIMINARY RESPONSE
`UNDER 37 C.F.R. § 42.107
`
`
`
`
`
`
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01547 (U.S. Patent No. 8,141,154)
`TABLE OF CONTENTS
`
`I.
`
`INTRODUCTION ......................................................................................... 1
`
`II. THE ‘154 PATENT ....................................................................................... 4
`
`A. Overview ............................................................................................... 4
`
`B. Challenged Claims ............................................................................... 6
`
`III. CLAIM CONSTRUCTION .......................................................................... 7
`
`A.
`
`“dynamically generated” (claims 1, 10, 14, and 14): ........................ 7
`
`IV. SPECIFIC REASONS WHY THE CITED REFERENCES DO NOT
`INVALIDATE THE CLAIMS, AND WHY INTER PARTES REVIEW
`SHOULD NOT BE INSTITUTED ............................................................... 9
`
`A. Ground 1: Ross Does Not Anticipate Claims 1–5 Under 35 U.S.C.
`§ 102(e) .................................................................................................. 9
`
`1.
`
`2.
`
`3.
`
`4.
`
`Ross does not disclose “a system for protecting a computer
`from dynamically generated malicious content” (claim 1) ....... 10
`
`Ross does not disclose “a content processor (i) for processing
`content received over a network, the content including a call to
`a first function, and the call including an input” (claims 1 and 4)
` ................................................................................................... 12
`
`Ross does not disclose “invoking a second function with the
`input, only if a security computer indicates that such invocation
`is safe” (claims 1 and 4) ............................................................ 15
`
`Ross does not disclose “wherein the input is dynamically
`generated by said content processor prior to being transmitted
`by said transmitter” (claims 3 and 5) ........................................ 16
`
`B. Ground 2: Ross Does Not Render Claims 2, 4-8, 10, and 11
`Obvious Under 35 U.S.C. § 103(a) ................................................... 19
`
`1.
`
`Ross does not disclose “a content processor (i) for processing
`content received over a network, the content including a call to
`
`i
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01547 (U.S. Patent No. 8,141,154)
`a first function, and the call including an input” (claims 4, 6,
`and 10) ....................................................................................... 19
`
`2.
`
`Ross does not disclose “calling a second function with a
`modified input variable” (claims 6 and 10) .............................. 19
`
`C. Ground 3: Ross in view of Calder Does Not Render Claims 9 and
`12 Obvious Under 35 U.S.C. § 103(a) .............................................. 20
`
`1.
`
`Ross in view of Calder fails to show or suggest “wherein the
`input variable includes a call to an additional function, and
`wherein the modified input variable includes a call to a
`modified additional function instead of the call to the additional
`function” .................................................................................... 20
`
`D. Ground 4: Calder in view of Sirer Does Not Render Claims 1–12
`Obvious Under 35 U.S.C. § 103(a) ................................................... 28
`
`1.
`
`2.
`
`3.
`
`4.
`
`5.
`
`Calder in view of Sirer does not disclose “a content processor
`(i) for processing content received over a network, the content
`including a call to a first function, and the call including an
`input” (claims 1, 4, 6, and 10) ................................................... 29
`
`Calder in view of Sirer does not disclose a content processor
`“(ii) for invoking a second function with the input, only if a
`security computer indicates that such invocation is safe” (claims
`1 and 4) ...................................................................................... 31
`
`Calder in view of Sirer does not disclose “calling a second
`function with a modified input variable” (claims 6 and 10) ..... 32
`
`Calder in view of Sirer does not disclose “wherein the input is
`dynamically generated by said content processor prior to being
`transmitted by said transmitter” (claims 3, 5, 8, and 11) .......... 32
`
`Calder in view of Sirer does not disclose “wherein the input
`variable includes a call to an additional function, and wherein
`the modified input variable includes a call to a modified
`additional function instead of the call to the additional function”
`(claims 9 and 12) ....................................................................... 33
`
`- ii -
`
`

`
`V.
`
`Patent Owner’s Preliminary Response
`IPR2015-01547 (U.S. Patent No. 8,141,154)
`PETITIONER’S OBVIOUSNESS ARGUMENTS FAIL AS A
`MATTER OF LAW BECAUSE IT DID NOT CONDUCT A
`COMPLETE OBVIOUSNESS ANALYSIS ............................................. 34
`
`VI. THE PROPOSED GROUNDS ARE CUMULATIVE............................. 37
`
`VII. THE PRIORITY DATE FOR THE CHALLENGED CLAIMS IS NOT
`PROPERLY BEFORE THE BOARD ....................................................... 38
`
`VIII. CONCLUSION ............................................................................................ 39
`
`
`
`
`- iii -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01547 (U.S. Patent No. 8,141,154)
`TABLE OF AUTHORITIES
`
` Page(s)
`
`Cases
`Apple Inc. v. Int'l Trade Comm'n,
`725 F.3d 1356 (Fed. Cir. 2013) .......................................................................... 34
`
`Aventis Pharms. v. Amino Chems. Ltd.,
`715 F.3d 1363 (Fed. Cir. 2013) ............................................................................ 8
`
`KSR Int’l Co. v. Teleflex, Inc.,
`550 U.S. 398 (2007) ...................................................................................... 26, 34
`
`Leo Pharmaceutical v. Rea,
`726 F.3d 1346 (Fed. Cir. 2013) .................................................................... 35, 37
`
`Novatek, Inc. v. Sollami Co.,
`559 Fed. Appx. 1011 (Fed. Cir. 2014) ................................................................ 10
`
`Ortho-McNeil Pharm., Inc. v. Mylan Labs, Inc.,
`520 F.3d 1358 (Fed. Cir. 2008) .......................................................................... 35
`
`Plantronics, Inc. v. Aliph, Inc.,
`724 F.3d 1343 (Fed. Cir. 2013) .................................................................... 35, 36
`
`Rambus Inc. v. Teresa Stanek Rea,
`731 F.3d 1248 (Fed. Cir. 2013) .......................................................................... 36
`
`Ruiz v. A.B. Chance Co.,
`234 F.3d 654 (Fed. Cir. 2000) ............................................................................ 34
`
`Thorner v. Sony Computer Entm’t Am. LLC,
`669 F.3d (Fed. Cir. 2012) ................................................................................. 4, 8
`
`Statutes
`
`35 U.S.C. § 102 ........................................................................................................ 38
`
`35 U.S.C. § 102(e) ..................................................................................................... 9
`
`35 U.S.C. § 103(a) ................................................................................. 19, 20, 28, 29
`
`- i -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01547 (U.S. Patent No. 8,141,154)
`
`Other Authorities
`
`37 C.F.R. §§ 42.12(a) ................................................................................................. 2
`
`37 C.F.R. § 42.6(e) ................................................................................................... 41
`
`37 C.F.R. § 42.65(a) ............................................................................... 23, 25, 30, 33
`
`37 C.F.R. § 42.104(b) .................................................................................. 12, 16, 32
`
`37 C.F.R. § 42.108(c) ................................................................................................. 1
`
`77 Fed. Reg. 48756 ................................................................................ 23, 24, 25, 33
`
`
`
`- ii -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01547 (U.S. Patent No. 8,141,154)
`
`I.
`
`INTRODUCTION
`
`On July 3, 2015, Symantec Corp. (“Petitioner”) submitted a Petition to
`
`institute inter partes review (“IPR”) of U.S. Patent No. 8,141,154 (“the ‘154
`
`Patent”), challenging claims 1–12. Finjan Inc. (“Patent Owner”) requests that the
`
`Board not institute inter partes review because Petitioner has not demonstrated a
`
`reasonable likelihood that it would prevail in showing unpatentability of any of the
`
`challenged claims on the grounds asserted in its Petition, as required under 37
`
`C.F.R. § 42.108(c).
`
`Finjan, Inc., and its predecessor entities have invested over 65 million
`
`dollars in research and development of its lauded behavior-based cyber security
`
`technology, culminating in 23 issued U.S. patents, and continues to invest in
`
`intellectual property and develop new cyber security products. Finjan’s patented,
`
`core, behavior-based cyber security technologies that displaced the earlier
`
`signature-based antivirus technologies can be found in many of the products and
`
`services offered today. Finjan has made its patent portfolio available for licensing
`
`at fair and reasonable values. Indeed, companies such as Microsoft, McAfee/Intel,
`
`M86, Trustwave, Websense, Webroot, and others have entered into global licenses
`
`to Finjan’s portfolio.
`
`With respect to the ’154 patent at issue here, Petitioner relies on prior art
`
`deficient in support of any grounds of unpatentability. Because there is no
`
`- 1 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01547 (U.S. Patent No. 8,141,154)
`reasonable basis of unpatentability, Finjan reserves its right to seek any recovery
`
`from Petitioner for any abuse or improper use of the IPR proceedings under 37
`
`C.F.R. §§ 42.12(a).
`
`The ‘154 Patent generally discloses systems and methods for inspecting
`
`dynamically generated code. The claims require, inter alia, (1) processing content
`
`received over a network, the content including a call to a first function, and the call
`
`including an input, and either (2) invoking a second function with the input, only if
`
`a security computer indicates that such invocation is safe or (3) calling a second
`
`function with a modified input variable. It may be appreciated that these claims
`
`recite an approach to computer security that involves the evaluation of a function
`
`input found in a call to a first function in content received over a network and the
`
`invocation of a second function with the original function input or a modified
`
`version of the function input.
`
`The references cited in Grounds A–D of the Petition do not disclose this
`
`approach to computer security. In addition to further deficiencies, Petitioner has
`
`failed to meet its burden to demonstrate that the cited references disclose:
`
` processing content received over a network, the content including a
`call to a first function, and the call including an input (all independent
`claims); and
` invoking a second function with the input, only if a security computer
`indicates that such invocation is safe (independent claims 1 and 4) or
`
`- 2 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01547 (U.S. Patent No. 8,141,154)
`
` calling a second function with the modified input variable
`(independent claims 6 and 10).
`Additionally, Petitioner has not met its burden to show that the cited
`
`references show or suggest at least the following features of the challenged
`
`dependent claims:
`
` wherein the input is dynamically generated by said content processor
`prior to being transmitted by said transmitter (claims 3 and 5) and
` wherein the input variable includes a call to an additional function,
`and wherein the modified input variable includes a call to a modified
`additional function instead of the call to the additional function
`(claims 9 and 12).
`
`Petitioner attempts to draw attention away from the deficiencies of the cited
`
`references by misleadingly equating the “hook functions” found in Ross and the
`
`“call to the interception module” found in Calder with the recited “call to a first
`
`function.” However, Petitioner has not met its burden to show that these features
`
`of Ross and Calder meet the language recited in the challenged claims. The
`
`references are similarly silent with respect to dynamically generated function
`
`inputs and input variables that include calls to a function. The Sirer reference is
`
`not relied upon as teaching any of these features of the challenged claims.
`
`Although there are a variety of reasons why the ‘154 Patent is valid over
`
`Petitioner’s asserted prior art references, this Preliminary Response focuses on
`
`only limited reasons why inter partes review should not be instituted. See
`
`- 3 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01547 (U.S. Patent No. 8,141,154)
`Travelocity.com L.P. et al. v. Conos Technologies, LLC, CBM2014-00082, Paper
`
`12 at 10 (“[N]othing may be gleaned from the Patent Owner’s challenge or failure
`
`to challenge the grounds of unpatentability for any particular reason.”). The
`
`deficiencies of the Petition noted herein, however, are more than sufficient for the
`
`Board to find that Petitioner has not met its burden to demonstrate a reasonable
`
`likelihood that it would prevail in showing unpatentability of any of the challenged
`
`claims.
`
`II. THE ‘154 PATENT
`A. Overview
`Patent Owner’s ‘154 Patent was filed June 14, 2010, and claims priority to
`
`U.S. Patent No. 7,757,289, filed December 12, 2005. The systems and methods of
`
`the ‘154 Patent are generally directed to systems and methods for protecting a
`
`computer from dynamically generated malicious content.
`
`In particular, the ‘154 Patent protects against malicious function inputs that
`
`obfuscate their true nature. For example, the systems and methods of the ‘154
`
`Patent protect computers by transmitting a potentially malicious function input to a
`
`security computer and receiving an indicator regarding the safety of the input. If
`
`the input is deemed safe, a second function is invoked with the input. In one
`
`implementation, the call to the first function can be a call to a substitute function
`
`- 4 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01547 (U.S. Patent No. 8,141,154)
`that is found in the content received over the network (e.g. “Substitute_document.
`
`write(‘<h1>hello</h1>’):”
`
`
`
`‘154 Patent at 10:41–59. In other implementations, the first function can be a non-
`
`substitute function found in the content received over the network upon invocation
`
`of which the input is sent to the security computer for inspection. Using this
`
`method, the security computer can inspect function inputs that are dynamically
`
`generated and, therefore, may not be identifiable or scannable using traditional
`
`scanning techniques. Notably, each independent claim of the ‘154 Patent recites
`
`that the call to the first function be found in the content received over a network, a
`
`feature that is disclosed nowhere in the references cited in the Petition.
`
`- 5 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01547 (U.S. Patent No. 8,141,154)
`
`B. Challenged Claims
`Petitioner challenges independent claims 1–12 of the ‘154 Patent, of which
`
`claims 1, 4, 6, and 10 are independent. Claim 1 is reproduced below:
`
`1. A system for protecting a computer from dynamically generated
`malicious content, comprising:
`
`a content processor (i) for processing content received over a
`network, the content including a call to a first function, and the call
`including an input, and (ii) for invoking a second function with the
`input, only if a security computer indicates that such invocation is
`safe;
`a transmitter for transmitting the input to the security computer
`
`for inspection, when the first function is invoked; and
`
`a receiver for receiving an indicator from the security computer
`whether it is safe to invoke the second function with the input.
`
`Independent claim 4 a recites non-transitory computer-readable storage medium
`
`storing program code for causing a computing device to carry out the processing,
`
`transmitting, receiving, and resuming features of claim 1. Claims 3 and 5 depend,
`
`respectively from claims 1 and 4 and recite that the input is dynamically generated
`
`by the content processor prior to being transmitted by the transmitter. Independent
`
`claim 6 recites:
`
`6. A system for protecting a computer from dynamically generated
`malicious content, comprising:
`
`a content processor (i) for processing content received over a
`network, the content including a call to a first function, and the first
`- 6 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01547 (U.S. Patent No. 8,141,154)
`function including an input variable, and (ii) for calling a second
`function with a modified input variable;
`
`a transmitter for transmitting the input variable to a security
`computer for inspection, when the first function is called; and
`
`a receiver for receiving the modified input variable from the
`security computer,
`
`wherein the modified input variable is obtained by modifying
`the input variable if the security computer determines that calling a
`function with the input variable may not be safe.
`
`Independent claim 10 claims a non-transitory computer-readable storage medium
`
`storing program code for causing a computing device to carry out the processing,
`
`calling, transmitting, receiving, and obtaining features of claim 6. Claims 8 and 11
`
`depend, respectively from claims 6 and 10 and recite that the input is dynamically
`
`generated by the content processor prior to being transmitted by the transmitter.
`
`Claims 9 and 12 depend, respectively from claims 6 and 10 and recite that input
`
`variable includes a call to an additional function, and wherein the modified input
`
`variable includes a call to a modified additional function instead of the call to the
`
`additional function.
`
`III. CLAIM CONSTRUCTION
`A.
`“dynamically generated” (claims 1, 10, 14, and 14):
`
`Patent owner submits that plain and ordinary meaning should be applied to
`
`the term “dynamically generated” because a person of ordinary skill in the art
`
`- 7 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01547 (U.S. Patent No. 8,141,154)
`understands the meaning of this term. Despite the fact that this term does not
`
`require construction and is easily understood by one of ordinary skill in the art,
`
`Petitioner seeks a construction that conflates the term “run-time” with
`
`“dynamically” and in doing so, rewrites the claims to include an additional
`
`limitation of “generated at run-time” that does not exist in the claims. See Thorner
`
`v. Sony Computer Entm’t Am. LLC, 669 F.3d at 1367 (Fed. Cir. 2012) (“The
`
`patentee is free to choose a broad term and expect to obtain the full scope of its
`
`plain and ordinary meaning…”).
`
`Petitioner’s proposed construction is incorrect because “dynamically
`
`generated” is distinguishable from “runtime” at least because it encompasses non-
`
`static content, not just “run-time” content. Indeed, the ‘154 Patent distinguishes
`
`the prior art on the basis of “dynamically generated” content versus “static”
`
`content. See, e.g., ‘154 Patent at 4:9–14 (“[R]eactive client level
`
`content…inspection can only protect against static malicious content, and cannot
`
`protect against dynamically generated malicious content.”). Accordingly, not all
`
`“run-time” content is dynamically generated, and not all dynamically generated
`
`content is generated at run-time. Petitioner’s attempt to rewrite plain claim
`
`language should be rejected because claims are assumed to mean what was written
`
`and should not be rewritten to state something else. See Aventis Pharms. v. Amino
`
`Chems. Ltd., 715 F.3d at 1363, 1373 (“Courts are required therefore to ‘look to the
`
`- 8 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01547 (U.S. Patent No. 8,141,154)
`words of the claims themselves . . . to define the scope of the patented
`
`invention.’”).
`
`IV. SPECIFIC REASONS WHY THE CITED REFERENCES DO NOT
`INVALIDATE THE CLAIMS, AND WHY INTER PARTES REVIEW
`SHOULD NOT BE INSTITUTED
`A. Ground 1: Ross Does Not Anticipate Claims 1–5 Under 35 U.S.C.
`§ 102(e)
`
`Ross discloses systems and methods for detecting and disabling malicious
`
`script code. Symantec 1002 (“Ross”) at Title. Ross identified a need to
`
`supplement traditional code scanning techniques in response to attackers
`
`obfuscating their code so that the signatures of their scripts avoid simple signature-
`
`based detection. Id. at ¶ [0007]. The particular approach employed by Ross
`
`involves receiving data content that includes an original function call, generating
`
`hook script having a hook function that supersedes an original function, processing
`
`the hook script and the data content, and executing the hook function when the
`
`original function is called. Id. at ¶ [0010]. The hook function is then directed to a
`
`decision service that determines whether the suspected malicious code should be
`
`allowed or prohibited. Id. at ¶ [0027]. Critically, unlike the inventions claimed in
`
`the ‘154 Patent, Ross does not teach processing content received over a network,
`
`the content including a call to a first function, at least because there is no call to the
`
`identified first function in content received over a network, and transmitting the
`
`input to a security computer to determine if it is safe to invoke.
`- 9 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01547 (U.S. Patent No. 8,141,154)
`An additional distinction between challenged claims 1–12 of the ‘154 Patent
`
`and the Ross reference is that the ‘154 Patent involves evaluating a function input.
`
`See, e.g., independent claims 1, 4, 6, and 10 (reciting transmission of the function
`
`input to a security computer for inspection). The benefits of this approach are
`
`manifold. For example, only the input needs be evaluated, which saves valuable
`
`processing time in comparison with evaluating the entire function. Additionally, a
`
`security computer “may use cache memory to save results of inspection, so as to
`
`obviate the need to analyze the same input more than once.” ‘154 Patent at 13:18–
`
`20. Thus, when a second function (e.g. the second functions recited in independent
`
`claims 1, 4, 6, and 10) attempts to utilize the previously analyzed input, the
`
`security computer can indicate whether it is safe to invoke the second function with
`
`the input without analyzing the input again. In contrast, Ross merely determines
`
`whether an original function is malicious code. See Ross at ¶ [0037].
`
`1.
`
`Ross does not disclose “a system for protecting a computer
`from dynamically generated malicious content” (claim 1)
`
`The preamble of claims 1 and 6, which recite the salutary phrase “protecting
`
`a computer from dynamically generated malicious content,” is not limiting because
`
`it is not “necessary to give life, meaning, and vitality to the claim.” See Novatek,
`
`Inc. v. Sollami Co., 559 Fed. Appx. 1011, 1015 (Fed. Cir. 2014) (citations
`
`omitted). However, in the event that the Board finds that the preamble is limiting,
`
`Patent Owner addresses the failure of Ross to disclose the subject matter of the
`
`- 10 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01547 (U.S. Patent No. 8,141,154)
`preamble. Indeed, discussion of the claim preamble illustrates some of the key
`
`deficiencies of the Ross reference with respect to the claims of the ‘154 Patent. In
`
`particular, while Petitioner contends that Ross’s “systems provide protection from
`
`dynamically generated malicious code,” the passages in Ross that are cited to
`
`support this conclusion do not stand for that premise and in fact never mention
`
`these terms. Petition at 17.
`
`Petitioner attempts to support its conclusion that Ross discloses the subject
`
`matter of the claim preamble by referencing Ross’s disclosure of a hook-based
`
`detection engine that “may catch the actual method calls regardless of the
`
`formatting of the code text, thus providing a far greater ability to detect script-
`
`based attacks than traditional security systems and methods.” Ross at ¶ [0009].
`
`When read in context, it is clear that Ross is responding a technique that hackers
`
`had employed to avoid signature-based malicious code detection:
`
`To avoid detection, some attackers obfuscate their scripts so that
`the signatures do not match the resulting code. Another method of
`obfuscation includes string concatenation of the string fragments
`“ADO”, “DB.”, and “Stream” that may be concatenated into the string
`“ADODB.Stream”. Alternatively, some attackers have used a
`Microsoft Script Encoder (screnc.exe) tool to pass the entire script
`through a text-encoding cipher that replaces the original text of the
`script file.
`
`- 11 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01547 (U.S. Patent No. 8,141,154)
`Id. at ¶ [0007]. Accordingly, Ross’s systems and methods are used to “catch the
`
`actual method calls” despite these actual method calls being obfuscated by an
`
`attacker to avoid their being detected by a simple signature scan. Ross, however, is
`
`silent on the dynamic generation of code.
`
`Accordingly, in the event that the Board finds the preamble of independent
`
`claim 1 to be limiting, Petitioner has not met its burden to show that Ross
`
`anticipates claim 1 of the ‘154 Patent. Claims 2 and 3 depend from independent
`
`claims 1 and 4 and are, therefore, not anticipated by Ross for at least the same
`
`reasons.
`
`2.
`
`Ross does not disclose “a content processor (i) for processing
`content received over a network, the content including a call to
`a first function, and the call including an input” (claims 1 and 4)
`
`Critically, and fatal to Petitioner’s Grounds 1–3, Petitioner has not met its
`
`burden to show that Ross discloses “a call to a first function” in “content received
`
`over a network” as affirmatively recited in challenged claims 1, 4, 6, and 10. Thus,
`
`the Petition fails to “specify where each element of the claim is found in the prior
`
`art patents or printed publications relied upon.” 37 C.F.R. § 42.104(b). Institution
`
`on Grounds 1–3 should be denied on this basis alone.
`
`Petitioner has not met its burden to show that Ross anticipates claims 1 and
`
`4 of the ‘154 Patent because Ross’s hook script, which Petitioner alleges to include
`
`“a call to a first function” is not in content received over a network. Petitioner
`
`- 12 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01547 (U.S. Patent No. 8,141,154)
`equates Ross’ hook script with content that includes a call to a first function.
`
`Petition at 19. However, the hook script is not received over a network. Instead
`
`Ross discloses that web content is received over a network. Petition at 18 (citing
`
`Ross at ¶ [0023]). As explained in Ross, “web content comprising text, image,
`
`audio, and/or video data” received at client 202 from server 204 over
`
`communications network 208, such as the Internet. Ross at ¶ [0023]. This web
`
`content is equated with the data content that the script processing engine is
`
`configured to “receive and process” which is separate than the hook script.
`
`Petition at 19. As such, Petitioner has failed to identify any content that includes a
`
`call to a first function as required by the claims.
`
`Reference to Ross confirms this distinction between data content, or web
`
`content received over a network, and a hook script generated a “hook script
`
`generator”:
`
`As a structure, data (HTTP) content 602, such as downloaded
`from a web page, is received by a script injector/filter (browser plug-
`in) 604 which is an exemplary embodiment of script filter 242 (FIG.
`2). Data content 602 may include a script program with one or more
`original functions for execution on the receiving client. A hook script
`generator 606 may receive some portion or all of data content 602
`and supply a generated script code including one or more hook
`functions configured to replace corresponding original functions.
`
`- 13 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01547 (U.S. Patent No. 8,141,154)
`Ross at ¶ [0034]. Reference to FIGs. 2 and 6 of Ross is also illuminating in
`
`deconvolving Petitioner’s misleading statements. These drawings illustrate that
`
`the hook script generator (244 in FIG. 2 and 606 in FIG. 6) generate a hook script
`
`while content (i.e. content from web server 260 in FIG. 2 or data content 602 in
`
`FIG. 6) is received over the network (i.e. network 208 in FIG. 2).
`
`
`
`
`
`Petitioner’s only reference to the term “call” in its analysis of these claim
`
`elements only reinforces that the “call” to the “first function” (equated with Ross’s
`
`hook function) is in the hook script, not in the content received over the network,
`
`i.e., Ross’s “data content 602,” which is loaded separately from the hook script:
`
`FIG. 6 shows a method of processing data content 602 comprising
`the operations of generating a hook script having at least one hook
`function …configured to supersede a corresponding original function,
`loading the hook script into a script processing engine configured
`
`- 14 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01547 (U.S. Patent No. 8,141,154)
`to call and execute one or more hook and original functions, loading
`data content 602 having at least one original function into the
`script processing engine.
`
`Ross at ¶ [0038] (emphasis added) (cited in Petition at 19).
`
`At least because Ross’s hook script, which Petitioner alleges to include “a
`
`call to a first function” is not in content received over a network, Petitioner has not
`
`met its burden to show that Ross anticipates claims 1 and 4 of the ‘154 Patent.
`
`Claims 2, 3, and 5 depend from independent claims 1 and 4 and are, therefore, not
`
`anticipated by Ross for at least the same reasons.
`
`3.
`
`Ross does not disclose “invoking a second function with the
`input, only if a security computer indicates that such invocation
`is safe” (claims 1 and 4)
`
`As discussed above, Petitioner equates Ross’s hook functions with the
`
`claimed first function despite the hook functions not being included in content
`
`received over a network. When the challenged independent claims are read as a
`
`whole, the deficiencies of the Petition are appreciable in stark relief: rather than
`
`alleging that Ross teaches “processing content received over a network that
`
`includes a call to a first function, the call including an input,” and “invoking a
`
`second function with the input if a security computer indicates that such invocation
`
`is safe,” the Petition only identifies a single function call in content received over
`
`the network (i.e. an original function) execution of which is allowed if it is not
`
`malicious. See Ross at ¶ [0037] (decision service 624 passes decision information
`
`- 15 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2015-01547 (U.S. Patent No. 8,141,154)
`to web browser 618 to disable the execution of an original function if it is deemed
`
`to be malicious or allowing the execution of the original function if it is not
`
`determined to be malicious).
`
`Accordingly, Petitioner has not demonstrated that Ross anticipates
`
`independent claims 1 and 4 because there is no disclosure of the invocation of a
`
`second function if the input is determined to be safe. Claims 2, 3, and 5 depend
`
`from independent claims 1 and 4 and are, therefore, not anticipated by Ross for at
`
`least the same reasons.
`
`4.
`
`Ross does not disclose “wherein the input is dynamically
`generated by said content processor prior to being transmitted
`by said transmitter” (claims 3 and 5)
`
`Petitioner fails to allege where Ross discloses that the function input is
`
`dynamically generated by said content processor prior to being transmitted by said
`
`transmitter and has, therefore, failed to “specify where each element of the claim is
`
`found in the prior art patents or printed publications relied upon.” 37 C.F.R.
`
`§ 42.104(b). Indeed, as discussed above in § V.A.1, supra, Ross is completely
`
`silent regarding dynamically generated malicious content, including dynamically
`
`generated inputs. In order to cure