UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`
`PALO ALTO NETWORKS, INC.
`Petitioner
`
`v.
`
`FINJAN, INC.
`Patent Owner
`
`
`
`Inter Partes Review No. 2015-019741
`U.S. Patent No. 7,647,633
`
`
`
`PETITIONER’S REPLY
`
`
`
`
`
`
`
`1 Case IPR2016-00480 has been joined with this proceeding.
`
`
`
`

`
`Table of Contents
`
`
`Page
`
`V.
`
`INTRODUCTION .......................................................................................... 1
`I.
`FINJAN IMPROPERLY CONFLATES PAN WITH BLUE COAT ............ 2
`II.
`III. THE BROADEST REASONABLE INTERPRETATION OF CLAIM
`14 IS ITS PLAIN AND ORDINARY MEANING ........................................ 3
`A.
`The claims do not support Finjan’s construction ................................. 4
`B.
`The specification does not support Finjan’s construction .................... 5
`C.
`Extrinsic evidence contradicts Finjan’s proposed construction ........... 7
`IV. FINJAN GROSSLY MISCHARACTERIZES DR. RUBIN’S
`TESTIMONY ................................................................................................. 9
`SHIN, POISON JAVA, AND BROWN WERE PUBLICLY
`ACCESSIBLE .............................................................................................. 12
`A.
`Shin was publicly accessible .............................................................. 12
`B.
`Poison Java was publicly accessible .................................................. 13
`C.
`Brown was publicly accessible .......................................................... 15
`VI. GROUND 1: SHIN RENDERS CLAIMS 14 OBVIOUS ........................... 16
`A.
`Shin renders claim 14 obvious under the broadest reasonable
`interpretation of the claim .................................................................. 16
`1.
`Shin processes “one or more operations of the executable
`code” at the downloadable-information destination ................ 16
`Shin teaches executing “mobile protection code” ................... 17
`2.
`Shin teaches a “mobile code executor” .................................... 18
`3.
`Shin renders claim 14 obvious even under Finjan’s proposed
`construction ........................................................................................ 20
`1.
`Shin does not modify problematic executable code ................ 20
`2.
`Shin does not modify the operation of the executable
`code .......................................................................................... 21
`
`B.
`
`-i-
`
`

`
`Table of Contents
`(continued)
`
`Page
`
`1.
`
`2.
`
`2.
`
`VII. GROUND 4: POISON JAVA IN VIEW OF BROWN RENDERS
`CLAIM 14 OBVIOUS .................................................................................. 22
`A.
`Poison Java + Brown renders claim 14 obvious under the
`broadest reasonable interpretation of the claim ................................. 22
`As with Shin, Finjan’s primary argument turns on the
`construction of claim 14 ........................................................... 22
`Poison Java + Brown processes “one or more operations
`of the executable code” at the downloadable-information
`destination ................................................................................ 22
`Poison Java + Brown teaches executing “mobile
`protection code” ....................................................................... 23
`B. A POSA would have combined Poison Java and Brown................... 24
`C.
`Poison Java + Brown renders claim 14 obvious even under
`Finjan’s proposed construction .......................................................... 25
`1.
`Poison Java + Brown does not modify problematic
`executable code ........................................................................ 25
`Poison Java + Brown does not modify the operation of
`the executable code .................................................................. 26
`VIII. GROUNDS 1 AND 4 RENDER CLAIM 19 OBVIOUS ............................ 27
`IX. FINJAN’S SECONDARY CONSIDERATIONS EVIDENCE
`SHOULD BE GIVEN NO WEIGHT ........................................................... 27
`A.
`Finjan fails to show copying of the challenged claims ...................... 27
`B.
`Finjan fails to establish a nexus between its licensing program
`and the challenged claims .................................................................. 29
`Finjan fails to establish a nexus between commercial success
`and the challenged claims .................................................................. 30
`Finjan fails to establish long-felt need for the claimed invention ...... 30
`D.
`CONCLUSION ............................................................................................. 31
`
`C.
`
`X.
`
`-ii-
`
`

`
`Petitioner’s Reply
`IPR2015-01974
`
`
`PETITIONER’S REVISED EXHIBIT LIST
`
`1002
`1003
`1004
`
`1008
`
`Exhibit
`Description of Document
`No.
`1001 U.S. Patent No. 7,647,633 (“Edery et al.”)
`Declaration of Dr. Aviel D. Rubin in support of Petition for Inter
`Partes Review
`90/013,016, Final Office Action (“633 Reexam”) (May 22, 2015)
`Eva Chen “Poison Java” IEEE Spectrum (1999)
`2015-09-10 Declaration of Gerard P. Grenier in support of the “Poison
`Java” reference
`1005
`1006 Webpage: Workshop and Miscellaneous Publications, Insik Shin
`1007 Webpage: Filewatcher – 7/27/98
`Ian Welch and Robert Stroud “Kava – A Reflective Java Based on
`Bytecode Rewriting” (January 1999)
`Insik Shin and John C. Mitchell “Java Bytecode Modification and
`Applet Security” (1998)
`1009
`Carey Nachenberg “The Evolving Virus Threat”
`1010
`1011 David M. Chess “Security Issues in Mobile Code Systems” (1998)
`R. Braden and J. Postel “Requirements for Internet Gateways” (June
`1987)
`1012
`International Publication No. WO 9821683 (“Touboul”)
`1013
`1014 U.S. Patent No. 6,088,803 (“Tso”)
`1015 U.S. Patent No. 5,889,943 (“Ji”)
`Li Gong et al. “Going Beyond the Sandbox: An Overview of the New
`Security Architecture in the Java Development Kit 1.2” (1997)
`1016
`1017 Webpage: Oracle - Java Security Architect
`Paul Sabanal, Mark Yason, and Mark Vincent “Digging Deep Into the
`Flash Sandboxes” (2012)
`1018
`1019 Webpage: Oracle - Deploying With the Applet Tag
`Yougang Song et al. “BRSS: A Binary Rewriting Security System for
`Mobile Code”
`Yougang Song and Brett D. Fleisch “Utilizing Binary Rewriting for
`Improving End-host Security” IEEE Vol. 18, No. 12 (Dec. 2007)
`Stephen McCamant and Greg Morrisett “Efficient, Verifiable Binary
`Sandboxing for CISC Architecture”
`1022
`1023 Virus Bulletin (March 1991)
`Patent Application 11/159,455 Office Action – Non-Final Rejection
`1024
`
`1020
`
`1021
`
`-iii-
`
`

`
`Petitioner’s Reply
`IPR2015-01974
`
`
`PETITIONER’S REVISED EXHIBIT LIST
`
`Exhibit
`No.
`
`1025
`
`1026
`1027
`
`1033
`
`1034
`
`1035
`
`1036
`
`1037
`
`1038
`
`Description of Document
`Patent Application 11/159,455 – Patent Owner Amendment and
`Response to Office Action Under 37.C.F.R. §1.111
`Patent Application 11/159,455 - Notice of Allowance and Fee(s) due
`(May 26, 2009)
`90/013,016 Reexam Non-Final Office Action (November 19, 2013)
`90/013,016 Reexam Supplemental Amendment to Correct Priority
`Paragraphs Required by 37 CFR §§ 1.78 (August 25, 2014)
`1028
`90/013,016 Reexam Notice of Appeal (June 22, 2015)
`1029
`Patent Application 11/159,455 Data Sheet
`1030
`1031 U.S. Pat. No. 6,804,780 (“Touboul”)
`1032 U.S. Pat. No. 6,480,962 (“Touboul”)
`Plaintiff Finjan, Inc.’s Reply Claim Construction Brief, Finjan, Inc. v.
`Blue Coat Systems, Inc., 13-cv-3999-BLF (July 7, 2014)
`Joint Post-Hearing Claim Construction Chart, Ex. A, Finjan Software,
`Ltd. v. Secure Computing Corporation, et al. 06-cv-369-GMS
`(October 30, 2007)
`Plaintiff Finjan, Inc.’s Opening Claim Construction Brief, Finjan, Inc.
`v. Websense, Inc., 13-cv-4398-BLF (September 23, 2014)
`Order Construing Claims, Finjan, Inc. v. Blue Coat Systems, Inc., 13-
`cv-3999-BLF (October 20, 2014)
`Plaintiff Finjan, Inc.’s Opening Claim Construction Brief, Finjan, Inc.
`v. Proofpoint, Inc. and Armorize Technologies, Inc., 5:13-cv-5808-
`HSG (May 1, 2015)
`Claim Construction Order, Finjan Software, Ltd. v. Secure Computing
`et al. 06-cv-369-GMS (December 11, 2007)
`Plaintiff Finjan, Inc.’s Opening Claim Construction Brief, Finjan, Inc.
`v. Blue Coat Systems, Inc., 13-cv-3999-BLF (June 16, 2014)
`1039
`Provisional Application No. 60/205,591
`1040
`1041 Mark Brown “Using Netscape 3” (1996)
`90/013,016 Reexam Response to Non-Final Office Action (February
`19, 2014)
`Finjan Investor Presentation, Q1 (2013)
`Dr. Frederick Cohen “Computer Viruses: Theory and Experiments”
`(1987)
`
`1042
`1043
`
`1044
`
`-iv-
`
`

`
`Petitioner’s Reply
`IPR2015-01974
`
`
`PETITIONER’S REVISED EXHIBIT LIST
`
`Exhibit
`No.
`
`1055
`
`1056
`
`Description of Document
`Thomas M. Chen and Jean-Marc Robert “The Evolution of Viruses
`and Worms”
`1045
`1046 Virus Bulletin Issue Archive
`Sandeep Kumar and Eugene H. Spafford “A Generic Virus Scanner in
`C++” (September 17, 1992)
`1047
`1048 Morgan B. Adair “Detecting Viruses in the NetWare Environment”
`1049 Virus Bulletin (November 1991)
`1050 Virus Bulletin (December 1991)
`1051 Webpage: McAfee Antivirus product page
`1052 Webpage: Norton Antivirus product page
`1053 Webpage: Information Security StackExchange
`1054 Webpage: W3Schools, JavaScript Tutorial page
`Sarah Gordon and David Chess “Attitude Adjustment: Trojans and
`Malware on the Internet: An Update”
`Andreas Moser et al. “Limits of Static Analysis for Malware
`Detection”
`Ian Goldberg “A Secure Environment for Untrusted Helper
`Applications (Confining the Wily Hacker)” (July 1996)
`1057
`1058 Wayne A. Jansen “Countermeasures for Mobile Agent Security”
`Byron Cook et al. “Proving Program Termination,” Communications
`of the ACM, Vol. 54, No. 5 (May 2011)
`1059
`1060 Webpage: Schneier on Security
`Javier Esparza “Decidability of Model Checking for Infinite-State
`Concurrent Systems”
`Edmund Clarke et al. “Model Checking and State Explosion Problem”
`Drew Dean et al. “Java Security: From HotJava to Netscape and
`Beyond”
`1063
`1064 NSA Defense in Depth
`1065 Dr. Thomas Porter “The Perils of Deep Packed Inspection”
`Mark J. Smith et al. “Protecting a Private Network: The AltaVista
`Firewall”
`Check Point Firewall-I™ White Paper, Version 3.0 (June 1997)
`Emin Gün Sirer et al. “Design and Implementation of a Distributed
`Virtual Machine for Networked Computers”
`
`1061
`1062
`
`1066
`1067
`
`1068
`
`-v-
`
`

`
`Petitioner’s Reply
`IPR2015-01974
`
`
`PETITIONER’S REVISED EXHIBIT LIST
`
`Exhibit
`No.
`
`1069
`
`1070
`
`1071
`
`1072
`
`Description of Document
`Intrusion Detection Systems Group Test (Edition 2) – An NSS Group
`Report
`Dries Vanoverberghe and Frank Piessens “A Caller-Side Inline
`Reference Monitor for an Object-Oriented Intermediate Language”
`Ulfar Erlingsson “The Inlined Reference Monitor Approach to
`Security Policy Enforcement” (2004)
`Ari Luotonen and Kevin Altis “World-Wide Web Proxies” (April
`1994)
`James Gosling and Henry McGilton “The Java™ Language
`Environment: A White Paper” (May 1996)
`1073
`1074 Webpage: “A Simple Guide to HTML”
`David M. Martin Jr. et al. “Blocking Java Applets at the Firewall”
`(1997)
`Eric Perlman and Ian Kallen “Common Internet File Formats”
`“Developing Stored Procedures in Java: An Oracle Technical White
`Paper” (April 1999)
`1077
`Larry L. Peterson et al. “OS Support for General-Purpose Routers”
`1078
`Roel Wieringa “Traceability and Modularity in Software Design”
`1079
`1080 U.S. Patent No. 6,434,499 (“Ulrich”)
`90/013,016 Reexam Renewed Petition to Accept Unintentionally
`Delayed Priority Claim Under 37 C.F.R. § 1.78
`Declaration of Peter Kent in support of the “Brown” reference (Sept.
`13, 2015)
`1082
`1083 U.S. Patent No. 7,058,822 (“Edery”)
`Curriculum Vitae of Dr. Aviel Rubin
`1084
`Provisional Application No. 60/030,639
`1085
`1086 U.S. Patent No. 6,092,194 (“Touboul”)
`1087 U.S. Patent No. 6,167,520 (“Touboul”)
`2014-02-18 Phil Hartstein declaration in 90/013,016 Reexam
`1088
`90/013,016 Reexam Final Rejection (September 8, 2014)
`1089
`1090 Webpage: Finjan Software Company Overview
`Excerpted Markman Hearing Transcript, Finjan, Inc. v. Blue Coat
`Systems, Inc., 13-cv-3999-BLF (August 22, 2014)
`1091
`1092 Affidavit of Christopher Butler of the Internet Archive (“Brown”)
`
`1075
`1076
`
`1081
`
`-vi-
`
`

`
`Petitioner’s Reply
`IPR2015-01974
`
`
`PETITIONER’S REVISED EXHIBIT LIST
`
`Exhibit
`Description of Document
`No.
`1093 Affidavit of David Sherfesee of Alexa Internet
`1094 U.S. Application No. 09/861,229
`1095 Affidavit of Christopher Butler of the Internet Archive (“Shin”)
`1096 October 3, 2016 Conference Call Transcript for IPR2015-01974
`Deposition Transcript of Michael T. Goodrich, Ph.D., IPR2015-01974
`(Oct. 17, 2016)
`1097
`1098 Deposition Transcript of Harry Bims, IPR2015-01974 (Oct. 26, 2016)
`Declaration of Nenad Medvidovic in support of Plaintiff Finjan, Inc.’s
`Opening Claim Construction Brief, Finjan, Inc. v. Blue Coat Sys., Inc.,
`No. 5:13-cv-039999-BLF (June 16, 2014), ECF 65-1.
`Redacted Deposition Transcript of Nenad Medvidovic, Ph.D., Finjan,
`Inc. v. Blue Coat Sys., Inc., No. 5:13-cv-039999-BLF (May 23, 2014).
`1100
`1101 Website: Finjan Software Press Release, Wayback Machine
`
`1099
`
`-vii-
`
`

`
`Petitioner’s Reply
`IPR2015-01974
`
`I.
`
`INTRODUCTION
`This IPR turns on the construction of a single element of claim 14. In its
`
`institution decision, the Board correctly determined that the broadest reasonable
`
`interpretation (BRI) of claim 14 is its plain and ordinary meaning. Nothing in the
`
`specification dictates inserting a negative requirement that the claimed “mobile
`
`protection code” not modify the executable code. In fact, the ’633 includes
`
`embodiments where the mobile protection code does modify the executable code.
`
`Two of Finjan’s own experts acknowledge that fact. Until recently, so did Finjan.
`
`During prior litigation, Finjan advocated for the same plain-and-ordinary
`
`construction it now opposes. Finjan attempts to minimize its prior admissions by
`
`falsely suggesting that Petitioner Palo Alto Networks (“PAN”) also took
`
`inconsistent positions in prior litigation. More specifically, Finjan repeatedly uses
`
`the term “Petitioner” when referring to joinder petitioner Blue Coat to imply—
`
`wrongly—that Blue Coat’s litigation positions are attributable to PAN.
`
`Finjan’s remaining arguments fail as well. First, both Shin (Ground 1) and
`
`the combination of Poison Java and Brown (Ground 4) teach every element of
`
`claim 14, whether or not the Board adopts Finjan’s flawed construction. Second,
`
`unrebutted testimony confirms that all three references were publicly available
`
`before the earliest possible priority date. Third, Finjan’s evidence of alleged
`
`1
`
`

`
`Petitioner’s Reply
`IPR2015-01974
`
`secondary considerations is entitled to no weight because it fails to show any
`
`nexus.
`
`II.
`
`FINJAN IMPROPERLY CONFLATES PAN WITH BLUE COAT
`In its Response, Finjan defines “Petitioner” (singular) to refer to PAN and
`
`joinder party Blue Coat. (Paper 22 at 2.) Finjan then uses “Petitioner” in an attempt
`
`to attribute Blue Coat’s litigation positions to PAN. (Id. at 2, 42, 43.) In particular,
`
`Finjan suggests—without actually arguing—that PAN should be bound by Blue
`
`Coat’s litigation arguments, a result that would violate PAN’s Due Process rights.
`
`See Blonder-Tongue Labs., Inc. v. Univ. of Ill. Found., 402 U.S. 313, 329 (1971).
`
`III. THE BROADEST REASONABLE INTERPRETATION OF CLAIM 14 IS PLAIN AND
`ORDINARY MEANING
`Finjan argues that the BRI of claim 14 is “the plain and ordinary meaning,
`
`wherein the mobile protection code was communicated to the downloadable-
`
`information destination without modifying the executable code.” (Paper 22 at 12–
`
`19 (emphasis added).) This construction was adopted under the Phillips standard,
`
`over Finjan’s objections, in the Finjan v. Blue Coat litigation. (Ex. 1036 at 15.) But
`
`neither intrinsic nor extrinsic evidence supports Finjan’s attempt to import a
`
`negative limitation into the term. Imaginal Systematic, LLC v. Leggett & Platt, 805
`
`F.3d 1102, 1110 (Fed. Cir. 2015); Santarus, Inc. v. Par Pharmaceutical, Inc., 694
`
`F.3d 1344, 1351 (Fed. Cir. 2012). The BRI of “causing mobile protection code to
`
`2
`
`

`
`Petitioner’s Reply
`IPR2015-01974
`
`be executed . . .” is its plain and ordinary meaning. Cuozzo Speed Techs., LLC v.
`
`Lee, 136 S.Ct. 2131, 2146 (2016).
`
`A. The claims do not support Finjan’s construction
`Claim 14 is silent as to whether mobile protection code (MPC) modifies
`
`executable code when it is communicated to the downloadable-information
`
`destination. (See Ex. 1001 at 21:57-22:5; Ex. 1097, (“Goodrich Dep.”) at 22:8–9.)
`
`Finjan acknowledged this fact in prior litigation involving the ’633 patent: “Blue
`
`Coat attempts to read in the requirement that the executable code is not modified
`
`when implementing the MPC. Nowhere in the claim or intrinsic record is this
`
`requirement stated or implied.” (Ex. 1039 at 19; Ex. 1035 at 8.)
`
`Finjan now argues the “downloadable-information including executable
`
`code” received at the information re-communicator must be the same executable
`
`code that is transferred to and executed at the downloadable-information
`
`destination. (Paper 6 at 33; Paper 22 at 14–15.) But the Board properly recognized
`
`that claim 14 “does not require ‘the executable code’ to encompass the entirety or
`
`an intact version of executable code received.” (Paper 7 at 14 (emphasis omitted).)
`
`The BRI of claim 14 is therefore its plain and ordinary meaning, and the Board
`
`should reject Finjan’s proposed negative limitation.
`
`3
`
`

`
`Petitioner’s Reply
`IPR2015-01974
`
`The specification does not support Finjan’s construction
`B.
`Under the BRI standard, it is improper to read limitations into a claim unless
`
`the specification includes an explicit definition of the terms or a disavowal of claim
`
`scope. In re Am. Acad. of Sci. Tech Ctr., 367 F.3d 1359, 1365–67 (Fed. Cir. 2004).
`
`Negative limitations must not be read into the claim unless the specification
`
`“express[es] any manifest exclusion or restriction as it pertains specifically to the
`
`meaning of [the term]” and “describes a reason to exclude the relevant limitation.”
`
`Santaru, 694 F.3d at 1351; Imaginal, No. 2014-1845, slip op. at *13. The ’633
`
`does not disavow or define claim 14’s terms, manifest an exclusion or restriction
`
`that executable code not be modified, or provide a reason to exclude modifying
`
`executable code.
`
`Finjan’s proposed construction reads out multiple embodiments in which
`
`MPC modifies executable code. For example, the ’633 discloses modifying a
`
`Downloadable’s Application Program Interface (API) Import Address Table (IAT)
`
`to redirect the Downloadable’s requests for system resources: “[T]he IAT can be
`
`modified so that any call to an API can be redirected to a function within the MPC
`
`[mobile protection code].” (Ex. 1001 at 17:51–53.) Finjan’s expert acknowledged
`
`that “[t]he downloadable API in this instance is modified.” (Goodrich Dep. at
`
`18:21–22.) The ’633 patent also discloses that executable code can be
`
`“compressed, encrypted or otherwise encoded” (Ex. 1001 at 13:29–30), all of
`
`4
`
`

`
`Petitioner’s Reply
`IPR2015-01974
`
`which are modifications, whether or not they change the operations of the
`
`executable code. (Ex. 2022, (“Rubin Dep.”) at 108:4–11.) Even Finjan’s expert
`
`agreed that compression is modification. (Ex. 1100 at 173:22–174:16.)
`
`Finjan relies primarily on the Finjan v. Blue Coat claim construction order.
`
`(Paper 22 at 12–19.) But that construction was formulated under the Phillips
`
`standard, not BRI. 37 C.F.R. § 42.100(b). The Board is not bound by a district
`
`court’s claim construction. EMC Corp. v. Secure Axcess, LLC, IPR2014-00475,
`
`Paper 30 (PTAB Sept. 8, 2015). Regardless, the Blue Coat court did not identify
`
`any disavowal or definition of claim 14’s terms. (Ex. 1036 at 10.) Rather, it just
`
`concluded that IAT modification did not involve modifying “problematic
`
`executable code.” (Ex. 1036 at 9; Paper 22 at 18.)
`
`C. Extrinsic evidence contradicts Finjan’s proposed construction
`Testimony from Finjan’s own experts contradicts Finjan’s current position.
`
`First, Finjan expert Dr. Harry Bims recently confirmed that the claims cover
`
`MPC that modifies executable code. To support his commercial success opinions,
`
`Dr. Bims relied on infringement charts showing how Proofpoint’s Enterprise
`
`Protection and Targeted Attack Protection allegedly infringe the ’633. (Ex. 2020,
`
`¶¶ 28-29.) The claim chart makes clear that Proofpoint’s MPC modifies the
`
`executable code:
`
`5
`
`

`
`Petitioner’s Reply
`IPR2015-01974
`
`Proofpoint Products also provide options to remove the code
`completely or provide code-level remediation, such as modification
`of the malicious code to make it harmless, before sending to the
`destination computer.
`
`(Ex. 2032 (emphasis added).) Dr. Bims confirmed that re-writing malicious code to
`
`make it harmless is a modification of the executable code. (Ex. 1098 (“Bims
`
`Dep.”) at 23:19-23.) Dr. Bims also confirmed that he (1) applied Finjan’s proposed
`
`constructions for all relevant claim limitations, (2) agreed with the analysis in the
`
`claim chart, (3) adopted that analysis as his own, and (4) concluded that the
`
`evidence in the chart was (in his opinion) sufficient to prove infringement. (Bims
`
`Dep. at 13:20-16:3.)
`
`A second Finjan expert, Dr. Nenad Medvidovic, opined during Blue Coat
`
`litigation that the construction Finjan now proposes for claim 14 would exclude
`
`multiple embodiments that modify the executable code:
`
`Some embodiments include the concatenation of the MPC with the
`executable code for delivery as a single package to the information-
`destination, the encryption of executable code, or compressed
`executable code…. In each of those embodiments, the executable
`code is being modified.
`
`(Ex. 1099 at 8 (citations omitted).) Dr. Medvidovic also testified that MPC can be
`
`transferred with or without modifying the executable code, and that either
`
`6
`
`

`
`Petitioner’s Reply
`IPR2015-01974
`
`embodiment is “completely consistent with the patent, both the specification and
`
`the claims.” (Ex. 1100 at 173:22-175:17.)
`
`IV. FINJAN MISCHARACTERIZES DR. RUBIN’S TESTIMONY
`Finjan incorrectly asserts that Dr. Rubin failed to provide his interpretation
`
`of certain claim elements.2 (Paper 22 at 20–21.) Dr. Rubin explicitly identified
`
`BRIs for two key terms: “mobile protection code” and “information re-
`
`communicator” and stated that he applied plain and ordinary meaning for all other
`
`terms. (Ex. 1002 at ¶¶ 79–84, 34). Dr. Rubin testified at length about his claim
`
`interpretations during deposition. (See, e.g., Rubin Dep. at 105:2–135:21.)
`
`Finjan’s suggestion that Dr. Rubin refused to answer questions about his
`
`claim interpretation during his deposition (Paper 22 at 20–21) is misleading.
`
`Dr. Rubin answered every question asked of him about claims 14 and 19. When
`
`Finjan’s counsel asked Dr. Rubin about claim 13, which is not under review in this
`
`
`2 Finjan also suggests that Dr. Rubin’s declaration should be given no weight
`
`because of an alleged failure to articulate the Graham factors. (Paper 22 at 20–21.)
`
`As a technical expert, Dr. Rubin “need not articulate the Graham factors to offer
`
`testimony on obviousness so long as our findings are guided by those factors.”
`
`Mitek Systems, Inc. v. Rothschild Mobile Imaging Innovations, LLC, IPR2015-
`
`00622, Paper 35 at 38 (PTAB July 20, 2016).
`
`7
`
`

`
`Petitioner’s Reply
`IPR2015-01974
`
`proceeding, PAN’s counsel asked Finjan’s counsel to explain the relevance of the
`
`question. (Rubin Dep. at 89:6–94:12.) After discussing (and resolving) the issue
`
`off the record, Finjan’s counsel proceeded with questions concerning Dr. Rubin’s
`
`interpretation of claim 13, all of which Dr. Rubin answered. (Id.)
`
`Finjan also incorrectly asserts Dr. Rubin failed to consider secondary
`
`considerations. Dr. Rubin testified that he considered a declaration submitted in ex
`
`parte reexamination by Phil Hartstein, Finjan’s president and CEO. (See Ex. 1002
`
`at 133; Ex. 1088; Rubin Dep. at 176:18–209:8.) While Finjan complains that
`
`Dr. Rubin did not review approximately 500 pages of exhibits attached to and
`
`summarized in Mr. Hartstein’s declaration, Dr. Rubin considered the evidence
`
`available to him at the time he prepared his original declaration and correctly
`
`determined that no additional analysis was required because Finjan failed to
`
`demonstrate the required nexus. See, e.g., Apple, Inc. v. Ameranth, Inc.,
`
`CBM2015-00080, Paper 44, at *36–37 (PTAB Aug. 26, 2016); C&D Zodiac, Inc.
`
`v. B/E Aerospace, Inc., IPR2014-00727, Paper 15 at *17 (PTAB Oct. 29, 2014)
`
`(requiring consideration of secondary indicia only when such evidence is present);
`
`Petroleum Geo-Services Inc. v. WesternGeco LLC, IPR2014-01477, Paper 18 at 32
`
`(PTAB Mar. 17, 2015).
`
`8
`
`

`
`Petitioner’s Reply
`IPR2015-01974
`
`V.
`
`SHIN, POISON JAVA, AND BROWN WERE PUBLICLY ACCESSIBLE
`Prior art references are publicly accessible if they were “disseminated or
`
`otherwise made available to the extent that persons interested and ordinarily skilled
`
`in the subject matter or art, exercising reasonable diligence, can locate it.” In re
`
`Wyer, 655 F.2d 221 (CCPA 1981).
`
`Shin was publicly accessible
`A.
`Evidence of Shin’s publication includes: (1) a 1998 publication date on the
`
`author’s website; (2) publication on a different website maintained by the author
`
`no later than April 18, 1998; (3) cataloguing by yet another website with a July 27,
`
`1998 date stamp; (4) citation in the January 1999 Kava paper; and (5) Dr. Rubin’s
`
`testimony that he recalls reading Shin when it was first published. (Paper 1 at 4-5.)
`
`Finjan ignores Dr. Rubin’s testimony and the cumulative nature of this
`
`evidence and points to a case where the only evidence of public accessibility was
`
`publication on a website, without any showing that the reference was actually
`
`viewed or downloaded. See Blue Calypso LLC v. Groupon, Inc., 815 F.3d 1331,
`
`1349–50 (Fed. Cir. 2016). Here, by contrast, unrebutted evidence confirms that
`
`interested members of the public actually accessed Shin before the priority dates.
`
`(See Ex. 1008 (citing Shin in 1999); Rubin Dep. at 75:10-16, 70:21-71:11.).)
`
`9
`
`

`
`Petitioner’s Reply
`IPR2015-01974
`
`Poison Java was publicly accessible
`B.
`Poison Java is an IEEE magazine article with an August 1999 publication
`
`date on its face. (Ex. 1004.) The Board routinely allows petitioners to rely on IEEE
`
`publication dates as evidence of publication. Microsoft Corp. v. Bradium Techs.
`
`LLC, IPR2016-00448, Paper 9 at 13-14 (PTAB July 25, 2016) (“The Board has
`
`accepted the copyright date of an IEEE publication as evidence of its public
`
`availability.”); Ericsson, Inc. v. Intellectual Ventures I LLC, IPR2014-00527, Paper
`
`No. 41 at 12 (PTAB May 18, 2015).
`
`Additionally, IEEE employee Gerard Grenier testified Poison Java was
`
`included in the print version of the IEEE Spectrum magazine published in August
`
`1999. (Ex. 1005; Ex. 2023.) Finjan complains that Mr. Grenier relied on IEEE
`
`business records and practices for his testimony. But IEEE’s routine business
`
`practices are sufficient to establish the date by which Shin became publicly
`
`accessible. Constant v. Advanced Micro-Devices, Inc., 848 F.2d 1560 (Fed.
`
`Cir.), cert. denied, 988 U.S. 892 (1988); In re Hall, 781 F.2d 897 (Fed. Cir. 1986).
`
`And later electronic publication of Poison Java does not change the August 1999
`
`publication date of the original print version.
`
`Finally, Finjan does not dispute Dr. Rubin’s testimony that he received the
`
`August 1999 issue of IEEE Spectrum magazine in the mail and read Poison Java:
`
`10
`
`

`
`Petitioner’s Reply
`IPR2015-01974
`
`“I was subscribed to IEEE Spectrum and read that article [Poison Java] when it
`
`came out.” (Rubin Dep. at 75:19–21.)
`
`C. Brown was publicly accessible
`Brown itself indicates a 1996 copyright date, and it was advertised on the
`
`publisher’s website at least as early as 1997. (Ex. 1041 at 2; Ex. 1092.) A member
`
`of the public could have found and purchased Brown via this website or by calling
`
`the phone number listed on the website for book orders. (See Ex. 1092 at 3.) Peter
`
`Kent, one of the authors of Brown, testified: (1) he received a copy of Brown from
`
`the publisher shortly after it was first published in September 1996; (2) he
`
`compared his copy of Brown to the December 1996 version cited in the Petition
`
`and confirmed that the relevant text was identical; (3) Brown received a Library of
`
`Congress number and ISBN number—index numbers used by the Library of
`
`Congress and on Amazon.com in 1996; and (4) the publisher would not have
`
`printed the December 1996 version if the September 1996 version was not already
`
`selling. (Ex. 2024 at 17:11-18:7, 20:12–22:22, 25:14–26:25, 31:5-32:22.)
`
`Finjan attacks the sufficiency of individual pieces of evidence but offers no
`
`contrary evidence. (Paper 22 at 25-26.) Mr. Kent’s testimony, the publisher’s
`
`website, and Brown itself show that Brown was disseminated or otherwise made
`
`available to interested members of the public before the priority date. In re
`
`Wyer, 655 F.2d 221, 226.
`
`11
`
`

`
`Petitioner’s Reply
`IPR2015-01974
`
`VI. GROUND 1: SHIN RENDERS CLAIM 14 OBVIOUS
`Under the BRI of “causing mobile protection code to be executed by the
`
`mobile code executor at a downloadable-information destination such that one or
`
`more operations of the executable code, if attempted, will be processed by the
`
`mobile protection code,” Shin teaches every limitation of claim 14. Even if the
`
`Board adopts Finjan’s narrower construction, Shin still renders the claim obvious.
`
`A.
`
`Shin renders claim 14 obvious
`Shin processes “one or more operations of the executable
`1.
`code” at the downloadable-information destination
`Finjan does not dispute that Shin teaches processing executable code at a
`
`downloadable-information destination. (Ex. 1009 at 4, 16.) Instead, Finjan
`
`argues—without support—that the executable code processed at the destination is
`
`not the same executable code received at the information re-communicator. (Paper
`
`22 at 29.) But, as the Board noted in its institution decision, claim 14 “does not
`
`require ‘the executable code’ to encompass the entirety or an intact version of the
`
`executable code received” at the re-communicator. (Paper 7 at 14.) To the contrary,
`
`the claim requires only that “one or more operations” of the executable code be
`
`processed at the destination. (Id.; Ex. 1001 at 22:3.)
`
`Shin teaches executing “mobile protection code”
`2.
`Finjan next argues that Shin does not teach “mobile protection code”
`
`because Shin “rewrite[s] the incoming applet so that it cannot perform malicious
`12
`
`

`
`Petitioner’s Reply
`IPR2015-01974
`
`operations.” (Paper 22 at 29–30.) But Shin’s safeguarding code merely substitutes
`
`safe classes and methods for potentially-dangerous classes and methods (Ex. 1009
`
`at 4), and Shin expressly states that its substituted classes and methods were
`
`running (i.e., executed) at a client computer (the downloadable-information
`
`destination): “The safeguarding code was running on a Sun Ultra 1 Model 170
`
`with Netscape Navigator™ Gold 3.01.” (Ex. 1009 at 16 (emphasis added.)
`
`Accordingly, Shin discloses executing MPC.
`
`Finjan incorrectly states that Petitioner relies on the same Shin code for both
`
`the “mobile protection code” and “executable code” limitations of claim 14. (Paper
`
`22 at 30.) To the contrary, Petitioner identified Shin’s “safeguarding code” as MPC
`
`and the incoming applet as including executable code: “Shin discloses executing
`
`safeguarding code (‘mobile protection code’) at an HTTP client …. Shin also
`
`discloses that the safeguarding code processes operations attempted by the applet
`
`(‘executable code’) ….” (Paper 1 at 42–43.) While both the safeguarding code
`
`(MPC) and one or more operations of the applet (executable code) are executed at
`
`the downloadable-information destination, they are not the same thing. (Id.; Ex.
`
`1009 at 4, 16.)
`
`Shin teaches a “mobile code executor”
`3.
`Finjan’s last argument concerning Shin asserts that, because Shin’s authors
`
`used an HTTP client program in place of a browser to test the performance of their
`
`13
`
`

`
`Petitioner’s Reply
`IPR2015-01974
`
`safeguarding code, Shin does not teach or suggest a “mobile code executor.”
`
`(Paper 22 at 31–34.) But the Java Virtual Machine (“JVM”) incorporated in 2000-
`
`era web browsers is a “mobile code exec