Paper No. 8
`Filed: May 13, 2016
`
`
`
`Trials@uspto.gov
`571-272-7822
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`PALO ALTO NETWORKS, INC.,
`Petitioner,
`
`v.
`
`FINJAN, INC.,
`Patent Owner.
`____________
`
`Case IPR2016-00159
`Patent 8,677,494 B2
`____________
`
`
`Before JAMES B. ARPIN, ZHENYU YANG, and
`CHARLES J. BOUDREAU, Administrative Patent Judges.
`
`BOUDREAU, Administrative Patent Judge.
`
`DECISION
`Institution of Inter Partes Review
`37 C.F.R. § 42.108
`
`
`
`
`
`
`
`
`
`
`
`Filed: May 13, 2016
`
`
`
`Trials@uspto.gov
`571-272-7822
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`PALO ALTO NETWORKS, INC.,
`Petitioner,
`
`v.
`
`FINJAN, INC.,
`Patent Owner.
`____________
`
`Case IPR2016-00159
`Patent 8,677,494 B2
`____________
`
`
`Before JAMES B. ARPIN, ZHENYU YANG, and
`CHARLES J. BOUDREAU, Administrative Patent Judges.
`
`BOUDREAU, Administrative Patent Judge.
`
`DECISION
`Institution of Inter Partes Review
`37 C.F.R. § 42.108
`
`
`
`
`
`
`
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`
`I. INTRODUCTION
`Palo Alto Networks, Inc. (“Petitioner”) filed a Petition for an inter
`partes review of claims 1–18 of U.S. Patent No. 8,677,494 B2 (Ex. 1001,
`“the ’494 patent”). Paper 1 (“Pet.”). Finjan, Inc. (“Patent Owner”) filed a
`Preliminary Response. Paper 6 (“Prelim. Resp.”). We review the Petition
`under 35 U.S.C. § 314.
`For the reasons that follow and on this record, we are persuaded that
`Petitioner demonstrates a reasonable likelihood of prevailing in showing the
`unpatentability of claims 1–6 and 10–15 of the ’494 patent on certain of the
`grounds asserted. Accordingly, we institute an inter partes review as to
`those claims.
`A. Related Proceedings
`According to the parties, Patent Owner previously asserted the ’494
`patent against Petitioner in Finjan, Inc. v. Palo Alto Networks, Inc., 3:14-cv-
`04908 (N.D. Cal. 2014). Pet. 2; Paper 5, 1.
`The ’494 patent also has been asserted in at least four other district
`court actions: Finjan, Inc. v. Sophos, Inc., 3:14-cv-01197 (N.D. Cal. 2014);
`Finjan, Inc. v. Websense, Inc., 5:14-cv-01353 (N.D. Cal. 2014); Finjan, Inc.
`v. Symantec Corp., 3:14-cv-02998 (N.D. Cal. 2014); and Finjan, Inc. v. Blue
`Coat Systems, Inc., 5:15-cv-03295 (N.D. Cal. 2015). Pet. 2; Paper 5, 1. The
`’494 patent also has been the subject of petitions in Case IPR2015-01022,
`filed by Sophos, Inc., and Cases IPR2015-01892 and IPR2015-01897, filed
`by Symantec Corporation. We previously denied the first and third of those
`petitions and granted the second on one asserted ground. Sophos, Inc. v.
`
` 2
`
`
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`Finjan, Inc., Case IPR2015-01022 (PTAB Sept. 24, 2015) (Paper 7);
`Symantec Corp. v. Finjan, Inc., Case IPR2015-01892 (PTAB Mar. 18, 2016)
`(Paper 9); Symantec Corp. v. Finjan, Inc., Case IPR2015-01897 (PTAB Feb.
`26, 2016) (Paper 7).
`B. The ’494 Patent
`The ’494 patent describes protection systems and methods “capable of
`protecting a personal computer (‘PC’) or other persistently or even
`intermittently network accessible devices or processes from harmful,
`undesirable, suspicious or other ‘malicious’ operations that might otherwise
`be effectuated by remotely operable code.” Ex. 1001, 2:51–56. “Remotely
`operable code that is protectable against can include,” for example,
`“downloadable application programs, Trojan horses and program code
`groupings, as well as software ‘components’, such as Java™ applets,
`ActiveX™ controls, JavaScript™/Visual Basic scripts, add-ins, etc., among
`others.” Id. at 2:59–64.
`C. Illustrative Claims
`Of the challenged claims, claims 1 and 10 are independent. Those
`claims are illustrative and are reproduced below:
`1. A computer-based method, comprising the steps of:
`receiving an incoming Downloadable;
`deriving security profile data for the Downloadable, including
`a list of suspicious computer operations that may be attempted by
`the Downloadable; and
`storing the Downloadable security profile data in a database.
`
` 3
`
`
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`
`10. A system for managing Downloadables, comprising:
`a receiver for receiving an incoming Downloadable;
`a Downloadable scanner coupled with said receiver, for
`deriving security profile data for the Downloadable, including a
`list of suspicious computer operations that may be attempted by
`the Downloadable; and
`a database manager coupled with said Downloadable scanner,
`for storing the Downloadable security profile data in a database.
`
`Ex. 1001, 21:19–25, 22:7–16. Each of challenged claims 2–9 depends
`directly from claim 1; and each of challenged claims 11–18 depends directly
`from claim 10. Id. at 21:26–22:6, 22:17–39.
`D. Asserted Grounds of Unpatentability
`Petitioner asserts the following grounds of unpatentability:
`
`Claims
`
`Basis
`
`Reference(s)
`
`1, 3–6, 9, 10, 12–15, and 18 § 102
`
`Touboul1
`
`2 and 11
`
`7 and 16
`
`8 and 17
`
`§ 103 Touboul and Swimmer2
`
`§ 103
`
`§ 103
`
`Touboul and Ji3
`
`Touboul
`
`
`1 International Patent Publication No. WO 98/21683 to Shlomo Touboul,
`published May 22, 1998 (Ex. 1026, “Touboul”).
`2 Morton Swimmer et al., Dynamic Detection and Classification of
`Computer Viruses Using General Behaviour Patterns, VIRUS BULL. CONF.
`75 (Sept. 1995) (Ex. 1006, “Swimmer”).
`3 U.S. Patent No. 5,983,348 to Shuang Ji, issued Nov. 9, 1999 (Ex. 1010,
`“Ji”).
`
` 4
`
`
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`
`Claims
`
`1, 2, 6, 10, 11, and 15
`
`3–5 and 12–14
`
`Basis
`
`§ 103
`
`§ 103
`
`Reference(s)
`
`Swimmer
`
`Swimmer and Martin4
`
`
`
`II. ANALYSIS
`
`A. Claim Construction
`In an inter partes review, the Board interprets a claim term in an
`unexpired patent according to its broadest reasonable construction in light of
`the specification of the patent in which it appears. 37 C.F.R. § 42.100(b); In
`re Cuozzo Speed Techs., LLC, 778 F.3d 1271, 1278–81 (Fed. Cir. 2015),
`cert. granted sub nom. Cuozzo Speed Techs. LLC v. Lee, 136 S. Ct. 890
`(mem.) (2016). Under this standard, we interpret claim terms using “the
`broadest reasonable meaning of the words in their ordinary usage as they
`
`4 David M. Martin, Jr. et al., Blocking Java Applets at the Firewall, PROC.
`1997 SYMP. ON NETWORK & DISTRIBUTED SYS. SEC. (©1997) (Ex. 1047,
`“Martin”). For reasons stated below, we conclude herein that each of the
`challenged claims is entitled to the benefit of a November 6, 1997 priority
`date. See infra Sections II.B.1.a., b. We note that Martin states on its face
`that it is from the proceedings of a symposium held February 10–11, 1997
`(Ex. 1047, 1), but that the record copy of Martin bears a date stamp of June
`5, 1998 (id. at 3), does not indicate a publication date, and merely has a 1997
`copyright date (id. at 1). The Petition relies on a declaration of Dr. Aviel D.
`Rubin, Ph.D., one of the named authors of Martin, who declares that Martin
`was distributed to approximately 400 conference attendees in February
`1997. Pet. 7 (citing Ex. 1002 ¶ 58). Patent Owner does not contest this
`evidence in its Preliminary Response, and we assume, for purposes of this
`Decision only, that Martin was published on the last day of February 1997.
`
` 5
`
`
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`would be understood by one of ordinary skill in the art, taking into account
`whatever enlightenment by way of definitions or otherwise that may be
`afforded by the written description contained in the applicant’s
`specification.” In re Morris, 127 F.3d 1048, 1054 (Fed. Cir. 1997). We
`presume that claim terms have their ordinary and customary meaning. See
`In re Translogic Tech., Inc., 504 F.3d 1249, 1257 (Fed. Cir. 2007) (“The
`ordinary and customary meaning is the meaning that the term would have to
`a person of ordinary skill in the art in question.”) (internal quotation marks
`omitted).
`Petitioner proposes constructions for three claim terms:
`“Downloadable security profile data,” “database,” and “Downloadable.”
`Pet. 19–23. At this time, Patent Owner only challenges Petitioner’s
`proposed construction of the first of these terms. Prelim. Resp. 9–12. We
`address each term in turn.
`1. “Downloadable security profile data”
`Petitioner contends that the broadest reasonable interpretation of the
`term “Downloadable security profile data” is “information related to whether
`executing a downloadable is a security risk.” Pet. 19. According to
`Petitioner, this interpretation is consistent with the use of the term in the
`claims and Specification, as well as with Patent Owner’s positions taken in
`related district court proceedings. Id. at 19–20.
`Patent Owner disagrees, arguing that, “[w]hen read within the context
`of the claims, there is no need to construe the phrase ‘Downloadable security
`profile data.’” Prelim. Resp. 9. According to Patent Owner, “the proper
`
` 6
`
`
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`construction for ‘Downloadable’ is ‘an executable application program
`which is downloaded from a source computer and run on the destinations
`computer,’” and “[t]he remaining part of the term ‘security profile data’
`should follow the plain language given to it in claims 1 and 10.” Id. Patent
`Owner further contends that Petitioner’s proposed construction improperly
`reads limitations out of the claims and is at odds with the teachings of the
`’494 patent. Id. at 10–11. “For example, Petitioner’s interpretation
`improperly reads the ‘security profile’ limitation out of the claim[s] and
`replaces it with the vaguely worded ‘information related to.’” Id. at 10.
`Moreover, according to Patent Owner, “the ’194 Patent, which is
`incorporated by reference into the ’494 Patent, describes deriving (e.g. via
`code scanner, content inspection, decomposing, parsing) ‘Downloadable
`security profile data’ (aka DSP data) from the Downloadable.” Id. (citing
`Ex. 1013, 6:5–10, 8:41–54, Fig. 6A (element 628)). Further, “[a]lthough
`Petitioner argues for a different construction, Petitioner concedes that the
`‘Downloadable security profile data’ include[] data derived from the
`Downloadable in its Petition.” Id. (citing Pet. 20).
`For purposes of this Decision, we agree with Patent Owner that, in
`view of the agreed interpretation of the term “Downloadable” and the
`context provided by the claims, there is no need to separately construe the
`term “Downloadable security profile data.”
`2. “database”
`Petitioner contends that the broadest reasonable interpretation of the
`term “database” is “a collection of interrelated data organized according to a
`
` 7
`
`
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`database schema to serve one or more applications.” Pet. 21. As mentioned
`above, Patent Owner does not challenge this interpretation at this time (see
`Prelim. Resp. 12), and we adopt it for purposes of this Decision.5
`3. “Downloadable”
`Petitioner contends that the broadest reasonable interpretation of the
`term “Downloadable” is “an executable application program, which is
`downloaded from a source computer and run on the destination computer.”
`Pet. 23. As mentioned above, Patent Owner does not challenge this
`interpretation at this time (see Prelim. Resp. 12), and we adopt it for
`purposes of this Decision.
`4. Other Terms
`On this record and for purposes of this Decision, we determine that no
`other claim terms require express interpretation. Wellman, Inc. v. Eastman
`Chem. Co., 642 F.3d 1355, 1361 (Fed. Cir. 2011) (“[C]laim terms need only
`be construed ‘to the extent necessary to resolve the controversy.’” (quoting
`
`
`5 Indeed, as Petitioner points out (Pet. 21), this construction was proposed by
`Patent Owner and applied by us in prior proceedings, and it also has been
`adopted by the U.S. District Court for the Northern District of California in
`litigation involving the ’494 patent (see Finjan, Inc. v. Sophos, Inc., No. 14-
`cv-01197 (Dkt. No. 73 (Claim Construction Order), 3–7) (N.D. Cal. Mar. 2,
`2015) (Ex. 1063, 3–7); Symantec Corp. v. Finjan, Inc., Case IPR2015-
`01892, slip op. at 7–11 (PTAB March 18, 2016) (Paper 9); Sophos, Inc. v.
`Finjan, Inc., Case IPR2015-01022, slip op. at 9–10 (PTAB Sept. 24, 2015)
`(Paper 7)); Sophos, Inc. v. Finjan, Inc., Case IPR2015-00907, slip op. at 8–
`10 (PTAB Sept. 24, 2015) (Paper 8)).
`
` 8
`
`
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`Vivid Techs., Inc. v. Am. Sci. & Eng’g, Inc., 200 F.3d 795, 803 (Fed. Cir.
`1999))).
`B. Discussion of Asserted Grounds
`1. Asserted Grounds Based on Touboul
`Petitioner contends Touboul anticipates claims 1, 3–6, 9, 10, 12–15,
`and 18. Pet. 29–33. In addition, Petitioner argues that the combination of
`Touboul and Swimmer renders claims 2 and 11 obvious; that the
`combination of Touboul and Ji renders claims 7 and 16 obvious; and that
`Touboul renders claims 8 and 17 obvious. Id. at 33–40. As a threshold
`question, we must determine whether Touboul qualifies as prior art to any of
`the challenged claims.
`According to Petitioner, Touboul qualifies as prior art because none of
`the challenged claims is entitled to a priority date earlier than March 30,
`2000. Id. at 5–7, 13–18. Petitioner alleges, in particular, that the challenged
`claims are entitled to the following priority dates:
`Claims
`
`
` Priority Date .
`Claims 1, 3–6, 9, 10, 12–15, 18: March 30, 2000 (“Claimset 1”)
`Claims 2, 11:
`
`
`May 26, 2009 (“Claimset 2”)
`Claims 7, 8, 16, 17:
`
`May 7, 2006 (“Claimset 3”)
`Pet. 13.
`Alternatively, Petitioner argues, even if the claims of Claimset 1 are
`entitled to a priority date of November 6, 1997, Touboul still would qualify
`as prior art with respect to the claims of Claimsets 2 and 3. Id. at 6–7, 14–
`15, 18–19. Based on the record before us, and for the following reasons, we
`
` 9
`
`
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`are not persuaded by Petitioner’s contentions regarding the priority of the
`challenged claims, except as otherwise noted below.
`a. Priority Chain
`The ’494 patent issued from U.S. Patent Application No. 13/290,708
`(“the ’708 application”), filed November 7, 2011. Ex. 1001, [21], [22]. As
`filed, the ’708 application claimed priority from seven earlier applications:
`1) U.S. Patent Application No. 08/964,388 (Ex. 1074, “the ’388
`application”), filed November 6, 1997; issued as U.S. Patent No.
`6,092,194 (Ex. 1013, “the ’194 patent”);
`2) U.S. Patent Application No. 09/539,667 (Ex. 1071, “the ’667
`application”), filed March 30, 2000, as a continuation of the ’388
`application;
`3) U.S. Patent Application No. 09/551,302 (Ex. 1072, “the ’302
`application”), filed April 18, 2000;
`4) U.S. Provisional Patent Application No. 60/205,591 (Ex. 1073, “the
`’591 provisional”), filed May 17, 2000;
`5) U.S. Patent Application No. 09/861,229 (Ex. 1014, “the ’229
`application”), filed May 17, 2001, as a continuation-in-part of the
`’667 and ’302 applications and claiming the benefit of the ’591
`provisional; issued as U.S. Patent No. 7,058,822 B2 (Ex. 1016, “the
`’822 patent”);
`6) U.S. Patent Application No. 11/370,114 (Ex. 1069, “the ’114
`application”), filed March 7, 2006, as a continuation of the ’229
`application; issued as U.S. Patent No. 7,613,926 B2 (Ex. 1015, “the
`’926 patent”); and
`7) U.S. Patent Application No. 12/471,942 (“the ’942 application”), filed
`May 26, 2009, as a continuation of the ’114 application.
`Ex. 3001, 1.
`
`
`10
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`
`On December 6, 2013, during prosecution of the ’708 application,
`Applicants filed a petition to amend the application to include references to
`priority claims from two additional applications, namely, U.S. Patent
`Application No. 08/790,097 (Ex. 1075, “the ’097 application”), filed
`January 29, 1997, of which the ’302 application was a continuation; and
`U.S. Provisional Application No. 60/030,639 (Ex. 1027, “the ’639
`provisional”), filed November 8, 1996, from which each of the ’388 and
`’097 applications had claimed priority. Ex. 3002. The Office granted
`Applicants’ petition on December 24, 2013. Ex. 3003.
`As filed, the ’229 application, which eventually issued as the ’822
`patent, included a claim of priority from and an incorporation by reference
`of the ’302 application, the ’667 application, and the ’591 provisional, but,
`as Petitioner points out (see Pet. 16), did not claim priority from or include
`any reference to the ’520 and ’194 patents or the ’097 and ’388 applications,
`from which those patents respectively issued.
`Petitioner contends that “Patent Owner’s failure to make a priority
`claim to any earlier application constitutes a ‘break’ in the chain back to any
`earlier applications”; that the ’494 patent’s “grandparent ’926 [patent]
`cannot claim priority earlier than the date of the earliest date of an
`application on the face of its parent, the ’822 patent: March 30, 2000”; and
`that “[i]n turn, the ʼ494 [patent]—which depends on the ’926 [patent]’s
`priority—has the same priority date limitation.” Pet. 15–16.
`As Petitioner also points out, however, Patent Owner, in the course of
`a reexamination of the ’822 patent, filed a Petition to Accept Unintentionally
`
`11
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`Delayed Priority Claim Under 37 C.F.R. 1.78, requesting amendment to
`include references to the ’520 and ’194 patents. Reexamination Control No.
`90/013,017, Petition dated March 6, 2014, at 1–3 (Ex. 3004 (“Priority
`Petition”), 1–3); see also Pet. 16. The Office granted the Priority Petition
`and issued a Corrected Filing Receipt including the priority claim to the
`previously omitted applications in July 2014. See Reexamination Control
`No. 90/013,017, Decision mailed July 25, 2014, at 1–3 (Ex. 1017, 1–3);
`Reexamination Control No. 90/013,017, Corrected Filing Receipt dated
`July 24, 2014, at 1 (Ex. 3005, 1). While acknowledging the Office’s
`Decision on the Priority Petition, Petitioner suggests that, because the
`Examiner in the reexamination later concluded that certain claims of the
`’822 patent are entitled to a priority date no earlier than May 17, 2000 (see
`Pet. 16 (citing Ex. 1082 at 7), because “[n]o certificate of correction has
`been published” (id.), and because “[t]he reexamination of the ’822 patent
`“has not completed and is currently on appeal after all petitioned claims in
`the ’822 patent were rejected as invalid” (id.), the Priority Petition is
`ineffectual with respect to the ’494 patent’s entitlement to the benefit of the
`November 6, 1997 filing date of the ’388 application. Petitioner’s
`suggestion is not persuasive. Petitioner cites no authority for the proposition
`that a granted petition to accept an unintentionally delayed priority claim is
`effective only upon issuance of a certificate of correction or reexamination
`certificate, and not upon grant of the petition. In any event, as Patent Owner
`points out in its Preliminary Response, the Board reversed the rejection of all
`appealed claims in the reexamination of the ’822 patent (see Ex. 2007) and a
`
`12
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`reexamination certificate was issued by the Office on February 16, 2016
`(Ex. 2009). Prelim. Resp. 18.
`Notably, however, we are persuaded by Petitioner, on this record, that
`the ’494 patent cannot priority from the ’639 provisional (see Pet. 18–19),
`notwithstanding the Office’s decision (Ex. 3003) granting the Applicants’
`petition to amend the ’708 application to include priority claims to the ’639
`provisional and the ’097 application (Ex. 3002). As Petitioner points out,
`the earliest priority document cited on the face of the ’926 patent through
`which the ’494 claims priority is the ’194 patent (see Pet. 18), and there is no
`indication in the record that the ’926 patent, or the ’114 application, from
`which it issued, was ever the subject of a petition to accept a delayed priority
`claim to either the ’639 provisional or the ’097 application. We also note
`that Patent Owner does not challenge this contention in its Preliminary
`Response. Accordingly, for purposes of this Decision, we conclude that the
`’494 patent is not entitled to the benefit of either the November 8, 1996
`filing date of the ’639 provisional or the January 29, 1997 filing date of the
`’097 application, and cannot claim any earlier priority date than the
`November 6, 1997 filing date of the ’388 application that issued as the ’194
`patent.
`
`b. Support for Claimsets 1–3
`i. Claimset 1
`Apart from the arguments discussed above, Petitioner does not
`challenge the entitlement of claims 1, 3–6, 9, 10, 12–15, and 18 of the ’494
`
`
`13
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`patent (Claimset 1) to the benefit of the November 6, 1997 filing date of the
`’388 application. See Pet. 15–19. Thus, based on the record before us and
`for the reasons stated above, we determine that challenged claims 1, 3–6, 9,
`10, 12–15, and 18 of the ’494 patent are entitled to the benefit of the
`November 6, 1997 filing date of the ’388 application.
`ii. Claimset 2
`Claim 2 depends from claim 1 of the ’494 patent and recites “storing a
`date & time when the Downloadable security profile data was derived, in the
`database.” Ex. 1001, 21:26–28. Claim 11 depends from claim 10, and
`recites a similar limitation. Id. at 22:17–20.
`Petitioner argues that written description support was not provided for
`claims 2 and 11 until the filing of the ’942 application on May 26, 2009,
`because “no pre-’942 application discloses storing a ‘date.’” Pet. 14. Thus,
`Petitioner contends, the earliest priority date for claims 2 and 11 is May 26,
`2009. Id. at 6, 13, 14.
`Patent Owner responds that even if the ’194 patent does not contain in
`ipsissima verba the phrase “date & time,” a person of ordinary skill in the art
`would have understood from the ’194 patent that the inventor had possession
`of the subject matter of claims 2 and 11 at the time the application for that
`patent was filed. Prelim. Resp. 24. Patent Owner points, in particular, to the
`following disclosure in the ’194 patent:
`The event
`log analysis engine 510 determines whether
`notification of the user (e.g., the security system manager or
`[management information systems] director) is warranted. For
`example, the event log analysis engine 510 may warrant user
`
`14
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`
`notification whenever ten (10) suspicious Downloadables have
`been discarded by internal network security system 110 within a
`thirty (30) minute period, thereby flagging a potential imminent
`security threat.
`Ex. 1013, 7:32–39 (cited at Prelim. Resp. 24). Patent Owner contends that a
`person of ordinary skill in the art would understand from this disclosure that
`the inventor was in possession of a system that indicated the relevant dates
`and times for events, including the dates and time that Downloadable
`security profile data were derived, and stored that information in a database.
`Prelim. Resp. 25.
`We are persuaded by Patent Owner’s argument. In order for event log
`analysis engine 510 to determine that ten suspicious Downloadables have
`been discarded within a thirty-minute period, it follows that the date and
`time associated with derivation of the security profile data for each
`Downloadable must be logged.
`Thus, based on the record before us and for the reasons stated above,
`we determine that challenged claims 2 and 11 of the ’494 patent also are
`entitled to the benefit of the November 6, 1997 filing date of the ’388
`application that issued as the ’194 patent.
`iii. Claimset 3
`Claims 7 and 8 directly depend from claim 1 of the ’494 patent and
`recite that “the Downloadable security profile data” include “a URL from
`where the Downloadable originated” and “a digital certificate,” respectively.
`
`
`15
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`Ex. 1001, 21:38–40, 22:1–3. Claims 16 and 17 depend from claim 10, and
`recite similar limitations. Id. at 22:31–35.
`Petitioner argues that written description support was not provided for
`Claimset 3 until the filing of the ’114 application on March 7, 2006.6 In
`particular, according to Petitioner,
`[i]t is not until the ‘114 App[lication] . . . that any suggestion of
`including a certificate or a URL within the security profile data
`is made. (Ex. 1069 at 89-90.) Earlier applications such as the
`one that issued as the ’194 patent (filed Nov. 6, 1997) show
`“Known Certificates 309” stored separately from “DSP Data
`310.” (Ex. 1013 at Fig. 3.).
`Pet. 14–15.
`Patent Owner responds that the ’194 patent explicitly discloses these
`limitations, as both URLs and digital certificates are derived from an
`incoming Downloadable. Prelim. Resp. 25. Patent Owner points, in
`particular, to the following statements in the ’194 patent: “The ID generator
`315 recited a Downloadable (including the URL from which it came)” (id.
`(citing Ex. 1013, 4:41–45)); and “The certificate comparator 345 retrieves
`known certificates 309 that were deemed trustworthy by the security
`administrator and compares the found certificate with the known
`certificates 309 to determine whether the Downloadable was signed by
`a trusted certificate” (id. (citing Ex. 1013, 6:31–35)).
`
`
`6 Petitioner repeatedly misstates the filing date of the ’114 application as
`May 7, 2006. See Pet. 6, 13, 14.
`
`
`16
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`
`We again are persuaded by Patent Owner’s argument. Thus, based on
`the record before us and for the reasons stated above, we determine that
`challenged claims 7, 8, 16, and 17 of the ’494 patent also are entitled to the
`benefit of the November 6, 1997 filing date of the ’388 application that
`issued as the ’194 patent.
`c. Touboul is Not Prior Art Under 35 U.S.C. § 102(b)
`As explained above, on this record, we determine that all of the
`challenged claims are entitled to the benefit of the November 6, 1997 filing
`date of the ’388 application. Touboul was published on May 22, 1998.
`Ex. 1003, [43]. Accordingly, Touboul does not qualify as prior art to the
`challenged claims of the ’494 patent under 35 U.S.C. § 102(b), as asserted
`by Petitioner. Pet. 6.
`d. Conclusion
`On this record, Petitioner has not shown that Touboul is prior art to
`the challenged claims of the ’494 patent. Accordingly, Petitioner has not
`demonstrated a reasonable likelihood of prevailing on its challenge to the
`patentability of claims 1, 3–6, 9, 10, 12–15, and 18 as anticipated by
`Touboul or its challenges to the patentability of claims 2, 7, 8, 11, 16, and 17
`as obvious over Touboul alone or in combination with Swimmer or Ji.
`2. Obviousness over Swimmer
`A patent claim is unpatentable under 35 U.S.C. § 103(a) if the
`differences between the claimed subject matter and the prior art are “such
`that the subject matter as a whole would have been obvious at the time the
`
`
`17
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`invention was made to a person having ordinary skill in the art to which said
`subject matter pertains.” KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 406
`(2007). The question of obviousness is resolved on the basis of underlying
`factual determinations, including: (1) the scope and content of the prior art;
`(2) any differences between the claimed subject matter and the prior art;
`(3) the level of skill in the art7; and (4) objective evidence of
`nonobviousness, i.e., secondary considerations.8 Graham v. John Deere
`Co., 383 U.S. 1, 17–18 (1966).
`Petitioner contends that claims 1, 2, 6, 10, 11, and 15 of the ’494
`patent are unpatentable under 35 U.S.C. § 103(a) over Swimmer. Pet. 40–
`51. We begin our analysis with a brief overview of Swimmer, and we then
`address the parties’ contentions with respect to the challenged claims.
`a. Overview of Swimmer
`Swimmer generally is directed to a system, referred to as the “Virus
`Intrusion Detection Expert System” (“VIDES”), described as “a prototype
`for an automatic analysis system for computer viruses.” Ex. 1006, 1. In
`Swimmer’s system, an emulator is used to monitor the system activity of a
`virtual computer. Id. Sets of rules are used to detect viruses and extract
`details of their behavior. Id. The emulator collects system activity data and
`
`
`7 Petitioner proposes a definition for a person of ordinary skill in the art.
`Pet. 9–10; see Ex. 1018 ¶ 30. Patent Owner does not challenge this
`definition. For purposes of this Decision and to the extent necessary, we
`adopt Petitioner’s definition.
`8 See infra Section II.C.
`
`
`18
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`creates a set of audit record attributes that identify, among other things, disk
`operating system (“DOS”) functions requested by the program, the
`register/memory values used in calls to the DOS functions, and the
`register/memory values returned by the function calls. Id. at 1, 7, 9. The
`emulator provides the resulting audit trail in a canonical format as an activity
`data record for further analysis by a tool referred to as “Advanced Security
`audit trial Analysis on uniX” (“ASAX”). Id. at 9–12. ASAX analyzes the
`activity data collected by the emulator and detects viruses by employing
`rules that model typical virus behavior, using a rule-based language
`(“RUles-baSed Sequence Evaluation Language,” or “RUSSEL”) to identify
`the virus attack. Id. at 2, 4–5, 10–13. Swimmer discloses that ASAX also
`can pipe its output as a Normalized Audit Data Format (“NADF”) file for
`further processing. Id. at 7, 12. Swimmer also states that “VIDES could
`conceivably be used outside the virus lab to detect viruses in a real
`environment” and that “[o]ne possibility is to use it as a type of firewall for
`programs entering a protected network.” Id. at 13.
`b. Discussion
`In support of its argument that claims 1, 2, 6, 10, 11, and 15 are
`unpatentable over Swimmer, Petitioner provides a claim chart and further
`description detailing its mapping of Swimmer’s disclosure onto each
`element of challenged independent claims 1 and 10. Pet. 41–49. Petitioner
`then provides analysis pointing to Swimmer’s teaching of storing
`timestamps among stored security profile data, suggesting the “date & time”
`limitations of dependent claims 2 and 11, and detailing Swimmer’s
`
`19
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`disclosure of each of the types of suspicious computer operations recited in
`dependent claims 6 and 15, including calls made a file system, calls made to
`memory, calls made to a network system, and calls made to an operating
`system. Id. at 49–51. Petitioner relies upon the Declaration of Dr. Aviel D.
`Rubin (Ex. 1002) to support its positions.
`We have considered Petitioner’s explanations and supporting
`evidence in view of Patent Owner’s Preliminary Response (Prelim.
`Resp. 27–40), and we are persuaded that Petitioner demonstrates a
`reasonable likelihood that it would succeed at trial in showing that each of
`claims 1, 2, 6, 10, 11, and 15 is unpatentable over Swimmer. We address
`each of Patent Owner’s arguments in turn.
`Patent Owner argues, first, that Petitioner has not demonstrated that
`Swimmer discloses “receiving an incoming Downloadable,” as recited in
`claims 1 and 10, because, according to Patent Owner, “Swimmer only
`operates on files that are installed and running on the system.” Prelim.
`Resp. 27. According to Patent Owner, “Swimmer requires a virus to be
`installed and running on the user’s machine in order to run the emulation,”
`and “[t]hus, the emulator does not run on an ‘incoming Downloadable’
`(aka a Downloadable intended for a destination computer), but rather a
`Downloadable that has already been installed and running on the target
`machine.” Id. As Patent Owner recognizes (see id. at 29–30), however,
`Petitioner cites Swimmer’s disclosure that “[o]ne possibility is to use [the
`VIDES system] as a type of firewall for programs entering a protected
`network” (Ex. 1006, 13 (emphasis added) (cited at Pet. 41, 43)). Contrary to
`
`20
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`Patent Owner’s contention that Swimmer’s disclosure “teaches away” from
`employing this embodiment (see Prelim. Resp. 29–30), Swimmer explicitly
`states that “[a] concept for this is currently under development” (Ex. 1006,
`13) and provides further guidance by stating that “[f]or such a system to be
`accepted, it must not cause false positives,” and “must also be unnoticeable
`unless a virus is found,” as well as that “a virtual 8086 machine will be the
`basis for this” (id.).
`Patent Owner additionally alleges “[t]he problems with Petitioner’s
`‘firewall’ theory are further compounded by Swimmer’s statement that any
`such firewall would be based on a virtual machine embodiment—not the
`emulator embodiment that forms the basis for Petitioner’s invalidity
`theories.” Prelim. Resp. 28. On this
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
