UNITED STATES PATENT AND TRADEMARK OFFICE
`
`__________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`___________________
`
`PALO ALTO NETWORKS, INC.
`
`Petitioner
`
`v.
`
`FINJAN, INC.,
`
`Patent Owner
`
`____________________
`
`Case IPR2016-00151
`Patent No. 8,141,154
`
`__________________________________________________________
`
`PATENT OWNER’S PRELIMINARY RESPONSE
`UNDER 37 C.F.R. § 42.107
`
`
`
`
`
`
`
`

`
`Patent Owner’s Preliminary Response
`IPR2016-00151 (U.S. Patent No. 8,141,154)
`TABLE OF CONTENTS
`
`Page
`
`I.
`
`II.
`
`INTRODUCTION ........................................................................................... 1
`
`THE ‘154 PATENT ......................................................................................... 5
`
`A. Overview ............................................................................................... 5
`
`B.
`
`Challenged Claims ................................................................................ 6
`
`III. CLAIM CONSTRUCTION ............................................................................ 8
`
`A.
`
`“dynamically generated” (claims 1, 3, 5, 6, 8, and 11) ......................... 8
`
`IV. SPECIFIC REASONS WHY THE CITED REFERENCES DO NOT
`INVALIDATE THE CLAIMS, AND WHY INTER PARTES REVIEW
`SHOULD NOT BE INSTITUTED ............................................................... 10
`
`A.
`
`B.
`
`The Petition Should be Denied Under 35 U.S.C. § 325(d) ................. 10
`
`Ground 1: Ross Does Not Render Claims 1–8, 10 and 11 Obvious
`Under 35 U.S.C. § 103(a) .................................................................... 12
`
`1.
`
`2.
`
`3.
`
`4.
`
`Ross does not disclose “a system for protecting a computer
`from dynamically generated malicious content” (claims 1 and
`6) ............................................................................................... 13
`
`Ross does not disclose “a content processor (i) for processing
`content received over a network, the content including a call to
`a first function, and the call including an input” (claims 1, 4, 6,
`and 10) ....................................................................................... 15
`
`Ross does not disclose “calling a second function with a
`modified input variable” (claims 6 and 10) .............................. 19
`
`Ross does not disclose “wherein the input is dynamically
`generated by said content processor prior to being transmitted
`by said transmitter” (claims 3, 5, 8, and 11) ............................. 21
`
`C.
`
`Ground 2: Ross in view of Calder Does Not Render Claims 9 and 12
`Obvious Under 35 U.S.C. § 103(a) ..................................................... 23
`
`i
`
`

`
`Patent Owner’s Preliminary Response
`IPR2016-00151 (U.S. Patent No. 8,141,154)
`Ross in view of Calder fails to show or suggest “wherein the
`input variable includes a call to an additional function, and
`wherein the modified input variable includes a call to a
`modified additional function instead of the call to the additional
`function” .................................................................................... 23
`
`The Petition Contains Insufficient Motivation to Combine Ross
`and Calder ................................................................................. 27
`
`1.
`
`2.
`
`V.
`
`PETITIONER’S OBVIOUSNESS ARGUMENTS FAIL AS A MATTER
`OF LAW BECAUSE IT DID NOT CONDUCT A COMPLETE
`OBVIOUSNESS ANALYSIS ....................................................................... 29
`
`VI. CONCLUSION .............................................................................................. 32
`
`
`
`
`
`- ii -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2016-00151 (U.S. Patent No. 8,141,154)
`TABLE OF AUTHORITIES
`
` Page(s)
`
`Cases
`Apple Inc. v. Int'l Trade Comm'n,
`725 F.3d 1356 (Fed. Cir. 2013) .......................................................................... 29
`
`Aventis Pharms. Inc. v. Amino Chems. Ltd.,
`715 F.3d 1363 (Fed. Cir. 2003) .......................................................................... 10
`
`GN Resound A/S v. Oticon A/S,
`Case No. IPR2015-00103 (P.T.A.B. June 18, 2015) .......................................... 25
`
`Insite Vision, Inc. v. Sandoz, Inc.,
`783 F.3d 853 (Fed. Cir. 2015) ............................................................................ 29
`
`Kinetic Techs., Inc., v. Skyworks Solutions, Inc.,
`Case No. IPR2014-00530 (P.T.A.B. Sept. 29, 2014) ............................. 20, 27, 28
`
`KSR Int’l Co. v. Teleflex, Inc.,
`550 U.S. 398 (2007) ................................................................................ 27, 28, 29
`
`Leo Pharm. Prods., Ltd. v. Rea,
`726 F.3d 1346 (Fed. Cir. 2013) .................................................................... 31, 32
`
`LG Elecs., Inc. v. ATI Techs., ULC,
`Case No. IPR2015-00327 (P.T.A.B. Sept. 2, 2015) ........................................... 11
`
`Mintz v. Dietz & Watson, Inc.,
`679 F.3d 1372 (Fed. Cir. 2012) .......................................................................... 28
`
`Novatek, Inc. v. Sollami Co.,
`559 Fed. Appx. 1011 (Fed. Cir. 2014) ................................................................ 13
`
`Ortho-McNeil Pharm., Inc. v. Mylan Labs, Inc.,
`520 F.3d 1358 (Fed. Cir. 2008) .......................................................................... 31
`
`Plantronics, Inc. v. Aliph, Inc.,
`724 F.3d 1343 (Fed. Cir. 2013) .................................................................... 30, 31
`
`Rambus Inc. v. Rea,
`731 F.3d 1248 (Fed. Cir. 2013) .......................................................................... 31
`
`- i -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2016-00151 (U.S. Patent No. 8,141,154)
`
`Ruiz v. A.B. Chance Co.,
`234 F.3d 654 (Fed. Cir. 2000) ............................................................................ 30
`
`Symantec Corp. v. Finjan, Inc.,
`Case No. IPR2015-01547 ............................................................................... 1, 34
`
`Thorner v. Sony Computer Entm’t Am. LLC,
`669 F.3d 1362 (Fed. Cir. 2012) ............................................................................ 9
`
`Travelocity.com L.P. v. Conos Techs., LLC,
`Case No. CBM2014-00082................................................................................... 4
`
`Statutes
`
`35 U.S.C. § 103(a) ....................................................................................... 12, 23, 30
`
`35 U.S.C. § 108(a) ................................................................................................... 11
`
`35 U.S.C. § 314(a) ................................................................................................... 11
`
`35 U.S.C. § 325(d) ................................................................................... 2, 10, 11, 12
`
`Other Authorities
`
`37 C.F.R. § 42.6(e) ................................................................................................... 35
`
`37 C.F.R. § 42.22(a)(2) ............................................................................................ 25
`
`37 C.F.R. § 42.65(a) ..................................................................................... 20, 22, 27
`
`37 C.F.R. § 42.71(d) .................................................................................................. 2
`
`37 C.F.R. § 42.104(b) ........................................................................................ 15, 21
`
`37 C.F.R. § 42.108(c) ................................................................................................. 1
`
`157 Cong. Rec. S1360-S1394 (March 8, 2011) ....................................................... 11
`
`77 Fed. Reg. 48756 at 48763 (Aug. 14, 2012) ................................................... 22, 27
`
`- ii -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2016-00151 (U.S. Patent No. 8,141,154)
`
`I.
`
`INTRODUCTION
`
`On November 5, 2015, Palo Alto Networks, Inc. (“Petitioner”) submitted a
`
`Petition to institute inter partes review (“IPR”) of U.S. Patent No. 8,141,154 (“the
`
`‘154 Patent”), challenging claims 1–12. Finjan Inc. (“Patent Owner”) requests that
`
`the Board not institute inter partes review because Petitioner has not demonstrated
`
`a reasonable likelihood that it would prevail in showing unpatentability of any of
`
`the challenged claims on the grounds asserted in its Petition, as required under 37
`
`C.F.R. § 42.108(c).
`
`The instant Petition was filed with a Motion for Joinder seeking to join the
`
`“pending inter partes review” of the ‘154 Patent filed by Symantec Corp. in
`
`Symantec Corp. v. Finjan, Inc., Case No. IPR2015-01547, Paper 1 (P.T.A.B. July
`
`3, 2015) (Ex. 2004, “the Symantec Petition”). See Motion for Joinder, Palo Alto
`
`Networks, Inc., v. Finjan, Inc., IPR2016-00151, Paper 3 (P.T.A.B. Nov. 5, 2015)
`
`(“the Motion for Joinder”). The Board denied institution of the Symantec Petition
`
`on January 14, 2016. Symantec Corp. v. Finjan, Inc., Case No. IPR2015-01547,
`
`Paper 9 (P.T.A.B. Jan. 14, 2016) (Ex. 2005, “the Symantec Institution Decision”).
`
`Accordingly, Petitioner’s Motion for Joinder should be denied as moot as there is
`
`no inter partes review proceeding to join.1
`
`1 On February 16, 2016, Symantec filed a cursory Request for Rehearing that does
`
`not explain its position, contradicts the evidence, and certainly does not
`
`- 1 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2016-00151 (U.S. Patent No. 8,141,154)
`Additionally in light of the Symantec Institution Decision, the Board should
`
`deny institution of this Petition under 35 U.S.C. § 325(d), which grants the Board
`
`the discretion to reject an IPR petition because “the same or substantially the same
`
`prior art or arguments previously were presented to the Office.” See 35 U.S.C.
`
`§ 325(d) (“[T]he Director may take into account whether, and reject the petition or
`
`request because, the same or substantially the same prior art or arguments
`
`previously were presented to the Office.”). Critically, Petitioner already conceded,
`
`in its Motion for Joinder, that the instant Petition presents “the same art and
`
`substantially the same arguments” as the Symantec Petition. Motion for Joinder at
`
`1 (“Joinder is appropriate in this case as both Petitions use the same art and
`
`substantially the same arguments to invalidate the claims of U.S. Patent No.
`
`8,141,154 (“the ’154 patent”)). Thus, Petitioner’s admission alone demonstrates
`
`that denial of the instant Petition is appropriate under 35 U.S.C. § 325(d).
`
`Moreover, as Petitioner admittedly relies on “the same art and substantially
`
`the same arguments,” it should come as no surprise that the instant Petition is
`
`demonstrate that the Board exercised a clear error of judgment. In fact, Symantec
`
`changes its position completely from its Petition which is prohibited by the Rules.
`
`37 C.F.R. § 42.71(d) (“The request must specifically identify all matters the party
`
`believes the Board misapprehended or overlooked, and the place where each
`
`matter was previously addressed in a motion, an opposition, or a reply.”).
`
`- 2 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2016-00151 (U.S. Patent No. 8,141,154)
`deficient for at least the same or substantially the same reasons that the Board
`
`denied the Symantec Petition. Indeed, the instant Petition again relies on the same
`
`Ross reference to disclose each of the challenged independent claims, which
`
`require, inter alia, (1) processing content received over a network, the content
`
`including a call to a first function, and the call including an input, and either (2)
`
`invoking a second function with the input, only if a security computer indicates
`
`that such invocation is safe or (3) calling a second function with a modified input
`
`variable. It may be appreciated that these claims recite an approach to computer
`
`security that involves the evaluation of a function input found in a call to a first
`
`function in content received over a network and the invocation of a second
`
`function with the original function input or a modified version of the function
`
`input.
`
`Notably, the Board already decided that Ross fails to disclose “a content
`
`processor (i) for processing content received over a network, the content including
`
`a call to a first function, and the call including an input” and found it sufficient to
`
`deny institution of trial based this reason alone. Ex. 2005 at 5-8.
`
`Furthermore, trial should not be instituted because Petitioner has failed to
`
`meet its burden to demonstrate that the cited references disclose:
`
` invoking a second function with the input, only if a security computer
`indicates that such invocation is safe (independent claims 1 and 4) or
`
`- 3 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2016-00151 (U.S. Patent No. 8,141,154)
`
` calling a second function with the modified input variable
`(independent claims 6 and 10).
`
`Additionally, Petitioner has not met its burden to show that the cited
`
`references show or suggest at least the following features of the challenged
`
`dependent claims:
`
` wherein the input is dynamically generated by said content processor
`prior to being transmitted by said transmitter (claims 3 and 5) and
` wherein the input variable includes a call to an additional function,
`and wherein the modified input variable includes a call to a modified
`additional function instead of the call to the additional function
`(claims 9 and 12).
`
`Although there are a variety of reasons why the ‘154 Patent is valid over
`
`Petitioner’s asserted prior art references, this Preliminary Response focuses on
`
`only limited reasons why inter partes review should not be instituted. See
`
`Travelocity.com L.P. v. Conos Techs., LLC, Case No. CBM2014-00082, Paper 12
`
`at 10 (P.T.A.B. Oct. 16, 2014) (“[N]othing may be gleaned from the Patent
`
`Owner’s challenge or failure to challenge the grounds of unpatentability for any
`
`particular reason.”).2 The deficiencies of the Petition noted herein, however, are
`
`
`2 Patent Owner specifically reserves its right to dispute that Palo Alto Networks,
`
`Inc., has correctly named all real-parties-in-interest in the event that sufficient
`
`- 4 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2016-00151 (U.S. Patent No. 8,141,154)
`more than sufficient for the Board to find that Petitioner has not met its burden to
`
`demonstrate a reasonable likelihood that it would prevail in showing
`
`unpatentability of any of the challenged claims.
`
`II. THE ‘154 PATENT
`
`A. Overview
`
`Patent Owner’s ‘154 Patent was filed June 14, 2010, and claims priority to
`
`U.S. Patent No. 7,757,289, filed December 12, 2005. The systems and methods of
`
`the ‘154 Patent are generally directed to systems and methods for protecting a
`
`computer from dynamically generated malicious content.
`
`In particular, the ‘154 Patent protects against malicious function inputs that
`
`obfuscate their true nature. For example, the systems and methods of the ‘154
`
`Patent protect computers by transmitting a potentially malicious function input to a
`
`security computer and receiving an indicator regarding the safety of the input. If
`
`the input is deemed safe, a second function is invoked with the input. In one
`
`implementation, the call to the first function can be a call to a substitute function
`
`that is found in the content received over the network (e.g. “Substitute_document.
`
`write(‘<h1>hello</h1>’):”
`
`
`factual bases supporting such a challenge surface during the pendency of this
`
`proceeding.
`
`- 5 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2016-00151 (U.S. Patent No. 8,141,154)
`
`
`
`‘154 Patent at 10:41–59. In other implementations, the first function can be a non-
`
`substitute function found in the content received over the network upon invocation
`
`of which the input is sent to the security computer for inspection. Using this
`
`method, the security computer can inspect function inputs that are dynamically
`
`generated and, therefore, may not be identifiable or scannable using traditional
`
`scanning techniques. Notably, each independent claim of the ‘154 Patent recites
`
`that the call to the first function be found in the content received over a network, a
`
`feature that is disclosed nowhere in the references cited in the Petition.
`
`B. Challenged Claims
`
`Petitioner challenges independent claims 1–12 of the ‘154 Patent, of which
`
`claims 1, 4, 6, and 10 are independent. Claim 1 is reproduced below:
`
`1. A system for protecting a computer from dynamically generated
`malicious content, comprising:
`
`- 6 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2016-00151 (U.S. Patent No. 8,141,154)
`a content processor (i) for processing content received over a
`
`network, the content including a call to a first function, and the call
`including an input, and (ii) for invoking a second function with the
`input, only if a security computer indicates that such invocation is
`safe;
`a transmitter for transmitting the input to the security computer
`
`for inspection, when the first function is invoked; and
`
`a receiver for receiving an indicator from the security computer
`whether it is safe to invoke the second function with the input.
`
`Independent claim 4 a recites non-transitory computer-readable storage medium
`
`storing program code for causing a computing device to carry out the processing,
`
`transmitting, receiving, and resuming features of claim 1. Claims 3 and 5 depend,
`
`respectively from claims 1 and 4 and recite that the input is dynamically generated
`
`by the content processor prior to being transmitted by the transmitter. Independent
`
`claim 6 recites:
`
`6. A system for protecting a computer from dynamically generated
`malicious content, comprising:
`
`a content processor (i) for processing content received over a
`network, the content including a call to a first function, and the first
`function including an input variable, and (ii) for calling a second
`function with a modified input variable;
`
`a transmitter for transmitting the input variable to a security
`computer for inspection, when the first function is called; and
`
`- 7 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2016-00151 (U.S. Patent No. 8,141,154)
`a receiver for receiving the modified input variable from the
`
`security computer,
`
`wherein the modified input variable is obtained by modifying
`the input variable if the security computer determines that calling a
`function with the input variable may not be safe.
`Independent claim 10 claims a non-transitory computer-readable storage medium
`
`storing program code for causing a computing device to carry out the processing,
`
`calling, transmitting, receiving, and obtaining features of claim 6. Claims 8 and 11
`
`depend, respectively from claims 6 and 10 and recite that the input is dynamically
`
`generated by the content processor prior to being transmitted by the transmitter.
`
`Claims 9 and 12 depend, respectively from claims 6 and 10 and recite that input
`
`variable includes a call to an additional function, and wherein the modified input
`
`variable includes a call to a modified additional function instead of the call to the
`
`additional function.
`
`III. CLAIM CONSTRUCTION
`
`A.
`
`“dynamically generated” (claims 1, 3, 5, 6, 8, and 11)
`
`The plain and ordinary meaning should be applied to the term “dynamically
`
`generated” because a person of ordinary skill in the art understands the meaning of
`
`this term. Despite the fact that this term does not require construction and is easily
`
`understood by one of ordinary skill in the art, Petitioner seeks a construction that
`
`rewrites the claims to include an additional limitation of “generated at run-time”
`
`- 8 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2016-00151 (U.S. Patent No. 8,141,154)
`that does not exist in the claims. See Thorner v. Sony Computer Entm’t Am. LLC,
`
`669 F.3d 1362, 1367 (Fed. Cir. 2012) (“The patentee is free to choose a broad term
`
`and expect to obtain the full scope of its plain and ordinary meaning….”).
`
`To support Petitioner’s “generated at run-time” argument, Petitioner argues
`
`that the dependent claims require generating input while the content processor is
`
`processing the content and invoking the functions.” Petition at 8 (arguing the
`
`“dependent claims make clear that the input is generated while the content
`
`processor is processing the content and invoking the functions.”) But the
`
`principles of claim differentiation dictate that Petitioner’s attempt to conflate claim
`
`limitations is improper.
`
` Petitioner’s proposed construction is also incorrect because “dynamically
`
`generated” is distinguishable from “runtime” at least because “dynamically
`
`generated” content can encompass content that is not static or in other words
`
`content that is subject to change. Indeed, the ‘154 Patent distinguishes the prior art
`
`on the basis of “dynamically generated” content versus “static” content. See, e.g.,
`
`‘154 Patent at 4:9–14 (“[R]eactive client level content…inspection can only
`
`protect against static malicious content, and cannot protect against dynamically
`
`generated malicious content.”). Accordingly, not all “run-time” content is
`
`dynamically generated, and not all dynamically generated content is generated at
`
`run-time. Petitioner’s attempt to rewrite plain claim language should be rejected
`
`- 9 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2016-00151 (U.S. Patent No. 8,141,154)
`because claims are assumed to mean what was written and should not be rewritten
`
`to state something else. See Aventis Pharms. Inc. v. Amino Chems. Ltd., 715 F.3d
`
`1363, 1373 (Fed. Cir. 2003) (“Courts are required therefore to ‘look to the words
`
`of the claims themselves . . . to define the scope of the patented invention.’”)
`
`(citations omitted).
`
`Notably the Board did not construe this term in Case No. IPR2015-01547
`
`finding any construction “not germane to [its] determination whether to institute
`
`trial.” Symantec Institution Decision at 4–5.
`
`IV. SPECIFIC REASONS WHY THE CITED REFERENCES DO NOT
`INVALIDATE THE CLAIMS, AND WHY INTER PARTES REVIEW
`SHOULD NOT BE INSTITUTED
`A. The Petition Should be Denied Under 35 U.S.C. § 325(d)
`
`As explicitly acknowledged in Petitioner’s Motion for Joinder filed
`
`concurrently with the Petition, this Petition “use[s] the same art and substantially
`
`the same arguments to invalidate the claims of U.S. Patent No. 8,141,154 (“the
`
`’154 patent”) as the Symantec Petition. Given that the Board denied institution of
`
`the Symantec Petition, this acknowledgment is reason enough for the board to
`
`dispense with this Petition under 35 U.S.C. § 325(d), which provides, in relevant
`
`part:
`
`In determining whether to institute or order a proceeding under this
`chapter, chapter 30, or chapter 31, the Director may take into account
`whether, and reject the petition or request because, the same or
`
`- 10 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2016-00151 (U.S. Patent No. 8,141,154)
`substantially the same prior art or arguments previously were
`presented to the Office.
`
`Id. (emphasis added).
`
`Denying institution on this Petition would comport with the legislative
`
`history behind 35 U.S.C. § 325(d), which explains that the statute is meant to
`
`prevent multiple attacks to the same patent based on cumulative or substantially
`
`similar bases:
`
`This will prevent parties from mounting attacks on patents that
`raise issues that are substantially the same as issues that were
`already before the Office with respect to the patent. The Patent
`Office has indicated that it currently is forced to accept many requests
`for ex parte and inter partes reexamination that raise challenges that
`are cumulative to or substantially overlap with issues previously
`considered by the Office with respect to the patent.
`157 Cong. Rec. S1360-S1394 at S1376 (March 8, 2011) (remarks of Senator Jon
`
`Kyl) (emphasis added); see also Decision Denying Request for Rehearing, LG
`
`Elecs., Inc. v. ATI Techs., ULC, Case No. IPR2015-00327, Paper 15 (P.T.A.B.
`
`Sept. 2, 2015) (upholding its decision to deny institution of a Petition for inter
`
`partes review based on 35 U.S.C. §§ 314(a), 325(d), and 108(a) even though that
`
`Petition and another petition filed against the same patent cited different primary
`
`prior art references and were filed on the same day).
`
`- 11 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2016-00151 (U.S. Patent No. 8,141,154)
`Accordingly, Patent Owner requests that the Board use its discretion and
`
`decline to institute trial on this Petition under 35 U.S.C. § 325(d).
`
`B. Ground 1: Ross Does Not Render Claims 1–8, 10 and 11 Obvious
`Under 35 U.S.C. § 103(a)
`
`Ross discloses systems and methods for detecting and disabling malicious
`
`script code. Ex. 1003 (“Ross”) at Title. Ross identified a need to supplement
`
`traditional code scanning techniques in response to attackers obfuscating their code
`
`so that the signatures of their scripts avoid simple signature-based detection. Id. at
`
`¶ [0007]. The particular approach employed by Ross involves receiving data
`
`content that includes an original function call, generating hook script having a
`
`hook function that supersedes an original function, processing the hook script and
`
`the data content, and executing the hook function when the original function is
`
`called. Id. at ¶ [0010]. The hook function is then directed to a decision service
`
`that determines whether the suspected malicious code should be allowed or
`
`prohibited. Id. at ¶ [0027]. Critically, unlike the inventions claimed in the ‘154
`
`Patent, Ross does not teach processing content received over a network, the
`
`content including a call to a first function, at least because there is no call to the
`
`identified first function in content received over a network, and transmitting the
`
`input to a security computer to determine if it is safe to invoke.
`
`An additional distinction between challenged claims 1–12 of the ‘154 Patent
`
`and the Ross reference is that the ‘154 Patent involves evaluating a function input.
`
`- 12 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2016-00151 (U.S. Patent No. 8,141,154)
`See, e.g., independent claims 1, 4, 6, and 10 (reciting transmission of the function
`
`input to a security computer for inspection). The benefits of this approach are
`
`manifold. For example, only the input needs be evaluated, which saves valuable
`
`processing time in comparison with evaluating the entire function. Additionally, a
`
`security computer “may use cache memory to save results of inspection, so as to
`
`obviate the need to analyze the same input more than once.” ‘154 Patent at 13:18–
`
`20. Thus, when a second function (e.g. the second functions recited in independent
`
`claims 1, 4, 6, and 10) attempts to utilize the previously analyzed input, the
`
`security computer can indicate whether it is safe to invoke the second function with
`
`the input without analyzing the input again. In contrast, Ross merely determines
`
`whether an original function is malicious code. See Ross at ¶ [0037].
`
`1.
`
`Ross does not disclose “a system for protecting a computer
`from dynamically generated malicious content” (claims 1
`and 6)
`
`The preamble of claims 1 and 6, which recite the salutary phrase “protecting
`
`a computer from dynamically generated malicious content,” is not limiting because
`
`it is not “necessary to give life, meaning, and vitality to the claim.” See Novatek,
`
`Inc. v. Sollami Co., 559 Fed. Appx. 1011, 1015 (Fed. Cir. 2014) (citations
`
`omitted). However, in the event that the Board finds that the preamble is limiting,
`
`Patent Owner addresses the failure of Ross to disclose the subject matter of the
`
`preamble. Indeed, discussion of the claim preamble illustrates some of the key
`
`- 13 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2016-00151 (U.S. Patent No. 8,141,154)
`deficiencies of the Ross reference with respect to the claims of the ‘154 Patent. In
`
`particular, while Petitioner contends that Ross’s detection engine and components
`
`“teach or suggest a system for protection a [sic] computer from dynamically
`
`generated malicious content,” the passages in Ross that are cited to support this
`
`conclusion do not stand for that premise and in fact never mention these terms.
`
`Petition at 14.
`
`Petitioner attempts to support its conclusion that Ross discloses the subject
`
`matter of the claim preamble by referencing Ross’s disclosure of a hook-based
`
`detection engine “that is ‘configured to catch actual script method calls regardless
`
`of the formatting of the code text.’” Petition at 14 (citing Ross at ¶ [0025]). When
`
`read in context, it is clear that Ross is responding a technique that hackers had
`
`employed to avoid signature-based malicious code detection:
`
`To avoid detection, some attackers obfuscate their scripts so that
`the signatures do not match the resulting code. Another method of
`obfuscation includes string concatenation of the string fragments
`“ADO”, “DB.”, and “Stream” that may be concatenated into the string
`“ADODB.Stream”. Alternatively, some attackers have used a
`Microsoft Script Encoder (screnc.exe) tool to pass the entire script
`through a text-encoding cipher that replaces the original text of the
`script file.
`Id. at ¶ [0007]. Accordingly, Ross’s systems and methods are used to “catch the
`
`actual method calls” despite these actual method calls being obfuscated by an
`
`- 14 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2016-00151 (U.S. Patent No. 8,141,154)
`attacker to avoid their being detected by a simple signature scan. Ross, however, is
`
`silent on the dynamic generation of code.
`
`Accordingly, in the event that the Board finds the preamble of independent
`
`claim 1 to be limiting, Petitioner has not met its burden to show that Ross renders
`
`obvious claims 1 or 6 of the ‘154 Patent. Claims 2, 3, and 7–9 depend from
`
`independent claims 1 and 6 and are, therefore, not obvious over Ross for at least
`
`the same reasons.
`
`2.
`
`Ross does not disclose “a content processor (i) for
`processing content received over a network, the content
`including a call to a first function, and the call including an
`input” (claims 1, 4, 6, and 10)
`
`Critically, and fatal to Petitioner’s Grounds 1 and 2, Petitioner has not met
`
`its burden to show that Ross discloses “a call to a first function” in “content
`
`received over a network” as affirmatively recited in challenged claims 1, 4, 6, and
`
`10. Thus, the Petition fails to “specify where each element of the claim is found in
`
`the prior art patents or printed publications relied upon.” 37 C.F.R. § 42.104(b)(4).
`
`Institution on Grounds 1 and 2 should be denied on this basis alone. In particular,
`
`Petitioner has not met its burden to show that Ross renders obvious claims 1, 4, 6,
`
`and 10 of the ‘154 Patent because Ross’s hook script, which Petitioner alleges to
`
`include “a call to a first function” is not in “content received over a network.”
`
`Petitioner equates Ross’ hook script with content that includes a call to a
`
`first function. Petition at 16–17. However, this interpretation of Ross cannot be
`
`- 15 -
`
`

`
`Patent Owner’s Preliminary Response
`IPR2016-00151 (U.S. Patent No. 8,141,154)
`correct. First, Petitioner also equates HTTP data content with the data content
`
`received over the network and therefore improperly conflates these two separate
`
`teachings of Ross. Second, Ross’s hook script is not content received over a
`
`network. Indeed, Ross specifically distinguishes between web content is received
`
`over a network and the hook script that is generated locally at the “hook script
`
`generator:”
`
`As a structure, data (HTTP) content 602, such as downloaded
`from a web page, is received by a script injector/filter (browser plug-
`in) 604 which is an exemplary embodiment of script filter 242 (FIG.
`2). Data content 602 may include a script program with one or more
`original functions for execution on the receiving client. A hook script
`generator 606 may receive some portion or all of data content 602
`and supply a generated script code including one or more hook
`functions configured to replace corresponding original functions.
`
`Ross at ¶ [0034].
`
`This distinction is no triviality. In Ross’s system, the client device running
`
`its “script processing engine” must be equipped with both a