`Filed: May 13, 2016
`
`
`
`Trials@uspto.gov
`571-272-7822
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`PALO ALTO NETWORKS, INC.,
`Petitioner,
`
`v.
`
`FINJAN, INC.,
`Patent Owner.
`____________
`
`Case IPR2016-00159
`Patent 8,677,494 B2
`____________
`
`
`Before JAMES B. ARPIN, ZHENYU YANG, and
`CHARLES J. BOUDREAU, Administrative Patent Judges.
`
`BOUDREAU, Administrative Patent Judge.
`
`DECISION
`Institution of Inter Partes Review
`37 C.F.R. § 42.108
`
`
`
`
`
`
`
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`
`I. INTRODUCTION
`Palo Alto Networks, Inc. (“Petitioner”) filed a Petition for an inter
`partes review of claims 1–18 of U.S. Patent No. 8,677,494 B2 (Ex. 1001,
`“the ’494 patent”). Paper 1 (“Pet.”). Finjan, Inc. (“Patent Owner”) filed a
`Preliminary Response. Paper 6 (“Prelim. Resp.”). We review the Petition
`under 35 U.S.C. § 314.
`For the reasons that follow and on this record, we are persuaded that
`Petitioner demonstrates a reasonable likelihood of prevailing in showing the
`unpatentability of claims 1–6 and 10–15 of the ’494 patent on certain of the
`grounds asserted. Accordingly, we institute an inter partes review as to
`those claims.
`A. Related Proceedings
`According to the parties, Patent Owner previously asserted the ’494
`patent against Petitioner in Finjan, Inc. v. Palo Alto Networks, Inc., 3:14-cv-
`04908 (N.D. Cal. 2014). Pet. 2; Paper 5, 1.
`The ’494 patent also has been asserted in at least four other district
`court actions: Finjan, Inc. v. Sophos, Inc., 3:14-cv-01197 (N.D. Cal. 2014);
`Finjan, Inc. v. Websense, Inc., 5:14-cv-01353 (N.D. Cal. 2014); Finjan, Inc.
`v. Symantec Corp., 3:14-cv-02998 (N.D. Cal. 2014); and Finjan, Inc. v. Blue
`Coat Systems, Inc., 5:15-cv-03295 (N.D. Cal. 2015). Pet. 2; Paper 5, 1. The
`’494 patent also has been the subject of petitions in Case IPR2015-01022,
`filed by Sophos, Inc., and Cases IPR2015-01892 and IPR2015-01897, filed
`by Symantec Corporation. We previously denied the first and third of those
`petitions and granted the second on one asserted ground. Sophos, Inc. v.
`
` 2
`
`
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`Finjan, Inc., Case IPR2015-01022 (PTAB Sept. 24, 2015) (Paper 7);
`Symantec Corp. v. Finjan, Inc., Case IPR2015-01892 (PTAB Mar. 18, 2016)
`(Paper 9); Symantec Corp. v. Finjan, Inc., Case IPR2015-01897 (PTAB Feb.
`26, 2016) (Paper 7).
`B. The ’494 Patent
`The ’494 patent describes protection systems and methods “capable of
`protecting a personal computer (‘PC’) or other persistently or even
`intermittently network accessible devices or processes from harmful,
`undesirable, suspicious or other ‘malicious’ operations that might otherwise
`be effectuated by remotely operable code.” Ex. 1001, 2:51–56. “Remotely
`operable code that is protectable against can include,” for example,
`“downloadable application programs, Trojan horses and program code
`groupings, as well as software ‘components’, such as Java™ applets,
`ActiveX™ controls, JavaScript™/Visual Basic scripts, add-ins, etc., among
`others.” Id. at 2:59–64.
`C. Illustrative Claims
`Of the challenged claims, claims 1 and 10 are independent. Those
`claims are illustrative and are reproduced below:
`1. A computer-based method, comprising the steps of:
`receiving an incoming Downloadable;
`deriving security profile data for the Downloadable, including
`a list of suspicious computer operations that may be attempted by
`the Downloadable; and
`storing the Downloadable security profile data in a database.
`
` 3
`
`
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`
`10. A system for managing Downloadables, comprising:
`a receiver for receiving an incoming Downloadable;
`a Downloadable scanner coupled with said receiver, for
`deriving security profile data for the Downloadable, including a
`list of suspicious computer operations that may be attempted by
`the Downloadable; and
`a database manager coupled with said Downloadable scanner,
`for storing the Downloadable security profile data in a database.
`
`Ex. 1001, 21:19–25, 22:7–16. Each of challenged claims 2–9 depends
`directly from claim 1; and each of challenged claims 11–18 depends directly
`from claim 10. Id. at 21:26–22:6, 22:17–39.
`D. Asserted Grounds of Unpatentability
`Petitioner asserts the following grounds of unpatentability:
`
`Claims
`
`Basis
`
`Reference(s)
`
`1, 3–6, 9, 10, 12–15, and 18 § 102
`
`Touboul1
`
`2 and 11
`
`7 and 16
`
`8 and 17
`
`§ 103 Touboul and Swimmer2
`
`§ 103
`
`§ 103
`
`Touboul and Ji3
`
`Touboul
`
`
`1 International Patent Publication No. WO 98/21683 to Shlomo Touboul,
`published May 22, 1998 (Ex. 1026, “Touboul”).
`2 Morton Swimmer et al., Dynamic Detection and Classification of
`Computer Viruses Using General Behaviour Patterns, VIRUS BULL. CONF.
`75 (Sept. 1995) (Ex. 1006, “Swimmer”).
`3 U.S. Patent No. 5,983,348 to Shuang Ji, issued Nov. 9, 1999 (Ex. 1010,
`“Ji”).
`
` 4
`
`
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`
`Claims
`
`1, 2, 6, 10, 11, and 15
`
`3–5 and 12–14
`
`Basis
`
`§ 103
`
`§ 103
`
`Reference(s)
`
`Swimmer
`
`Swimmer and Martin4
`
`
`
`II. ANALYSIS
`
`A. Claim Construction
`In an inter partes review, the Board interprets a claim term in an
`unexpired patent according to its broadest reasonable construction in light of
`the specification of the patent in which it appears. 37 C.F.R. § 42.100(b); In
`re Cuozzo Speed Techs., LLC, 778 F.3d 1271, 1278–81 (Fed. Cir. 2015),
`cert. granted sub nom. Cuozzo Speed Techs. LLC v. Lee, 136 S. Ct. 890
`(mem.) (2016). Under this standard, we interpret claim terms using “the
`broadest reasonable meaning of the words in their ordinary usage as they
`
`4 David M. Martin, Jr. et al., Blocking Java Applets at the Firewall, PROC.
`1997 SYMP. ON NETWORK & DISTRIBUTED SYS. SEC. (©1997) (Ex. 1047,
`“Martin”). For reasons stated below, we conclude herein that each of the
`challenged claims is entitled to the benefit of a November 6, 1997 priority
`date. See infra Sections II.B.1.a., b. We note that Martin states on its face
`that it is from the proceedings of a symposium held February 10–11, 1997
`(Ex. 1047, 1), but that the record copy of Martin bears a date stamp of June
`5, 1998 (id. at 3), does not indicate a publication date, and merely has a 1997
`copyright date (id. at 1). The Petition relies on a declaration of Dr. Aviel D.
`Rubin, Ph.D., one of the named authors of Martin, who declares that Martin
`was distributed to approximately 400 conference attendees in February
`1997. Pet. 7 (citing Ex. 1002 ¶ 58). Patent Owner does not contest this
`evidence in its Preliminary Response, and we assume, for purposes of this
`Decision only, that Martin was published on the last day of February 1997.
`
` 5
`
`
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`would be understood by one of ordinary skill in the art, taking into account
`whatever enlightenment by way of definitions or otherwise that may be
`afforded by the written description contained in the applicant’s
`specification.” In re Morris, 127 F.3d 1048, 1054 (Fed. Cir. 1997). We
`presume that claim terms have their ordinary and customary meaning. See
`In re Translogic Tech., Inc., 504 F.3d 1249, 1257 (Fed. Cir. 2007) (“The
`ordinary and customary meaning is the meaning that the term would have to
`a person of ordinary skill in the art in question.”) (internal quotation marks
`omitted).
`Petitioner proposes constructions for three claim terms:
`“Downloadable security profile data,” “database,” and “Downloadable.”
`Pet. 19–23. At this time, Patent Owner only challenges Petitioner’s
`proposed construction of the first of these terms. Prelim. Resp. 9–12. We
`address each term in turn.
`1. “Downloadable security profile data”
`Petitioner contends that the broadest reasonable interpretation of the
`term “Downloadable security profile data” is “information related to whether
`executing a downloadable is a security risk.” Pet. 19. According to
`Petitioner, this interpretation is consistent with the use of the term in the
`claims and Specification, as well as with Patent Owner’s positions taken in
`related district court proceedings. Id. at 19–20.
`Patent Owner disagrees, arguing that, “[w]hen read within the context
`of the claims, there is no need to construe the phrase ‘Downloadable security
`profile data.’” Prelim. Resp. 9. According to Patent Owner, “the proper
`
` 6
`
`
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`construction for ‘Downloadable’ is ‘an executable application program
`which is downloaded from a source computer and run on the destinations
`computer,’” and “[t]he remaining part of the term ‘security profile data’
`should follow the plain language given to it in claims 1 and 10.” Id. Patent
`Owner further contends that Petitioner’s proposed construction improperly
`reads limitations out of the claims and is at odds with the teachings of the
`’494 patent. Id. at 10–11. “For example, Petitioner’s interpretation
`improperly reads the ‘security profile’ limitation out of the claim[s] and
`replaces it with the vaguely worded ‘information related to.’” Id. at 10.
`Moreover, according to Patent Owner, “the ’194 Patent, which is
`incorporated by reference into the ’494 Patent, describes deriving (e.g. via
`code scanner, content inspection, decomposing, parsing) ‘Downloadable
`security profile data’ (aka DSP data) from the Downloadable.” Id. (citing
`Ex. 1013, 6:5–10, 8:41–54, Fig. 6A (element 628)). Further, “[a]lthough
`Petitioner argues for a different construction, Petitioner concedes that the
`‘Downloadable security profile data’ include[] data derived from the
`Downloadable in its Petition.” Id. (citing Pet. 20).
`For purposes of this Decision, we agree with Patent Owner that, in
`view of the agreed interpretation of the term “Downloadable” and the
`context provided by the claims, there is no need to separately construe the
`term “Downloadable security profile data.”
`2. “database”
`Petitioner contends that the broadest reasonable interpretation of the
`term “database” is “a collection of interrelated data organized according to a
`
` 7
`
`
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`database schema to serve one or more applications.” Pet. 21. As mentioned
`above, Patent Owner does not challenge this interpretation at this time (see
`Prelim. Resp. 12), and we adopt it for purposes of this Decision.5
`3. “Downloadable”
`Petitioner contends that the broadest reasonable interpretation of the
`term “Downloadable” is “an executable application program, which is
`downloaded from a source computer and run on the destination computer.”
`Pet. 23. As mentioned above, Patent Owner does not challenge this
`interpretation at this time (see Prelim. Resp. 12), and we adopt it for
`purposes of this Decision.
`4. Other Terms
`On this record and for purposes of this Decision, we determine that no
`other claim terms require express interpretation. Wellman, Inc. v. Eastman
`Chem. Co., 642 F.3d 1355, 1361 (Fed. Cir. 2011) (“[C]laim terms need only
`be construed ‘to the extent necessary to resolve the controversy.’” (quoting
`
`
`5 Indeed, as Petitioner points out (Pet. 21), this construction was proposed by
`Patent Owner and applied by us in prior proceedings, and it also has been
`adopted by the U.S. District Court for the Northern District of California in
`litigation involving the ’494 patent (see Finjan, Inc. v. Sophos, Inc., No. 14-
`cv-01197 (Dkt. No. 73 (Claim Construction Order), 3–7) (N.D. Cal. Mar. 2,
`2015) (Ex. 1063, 3–7); Symantec Corp. v. Finjan, Inc., Case IPR2015-
`01892, slip op. at 7–11 (PTAB March 18, 2016) (Paper 9); Sophos, Inc. v.
`Finjan, Inc., Case IPR2015-01022, slip op. at 9–10 (PTAB Sept. 24, 2015)
`(Paper 7)); Sophos, Inc. v. Finjan, Inc., Case IPR2015-00907, slip op. at 8–
`10 (PTAB Sept. 24, 2015) (Paper 8)).
`
` 8
`
`
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`Vivid Techs., Inc. v. Am. Sci. & Eng’g, Inc., 200 F.3d 795, 803 (Fed. Cir.
`1999))).
`B. Discussion of Asserted Grounds
`1. Asserted Grounds Based on Touboul
`Petitioner contends Touboul anticipates claims 1, 3–6, 9, 10, 12–15,
`and 18. Pet. 29–33. In addition, Petitioner argues that the combination of
`Touboul and Swimmer renders claims 2 and 11 obvious; that the
`combination of Touboul and Ji renders claims 7 and 16 obvious; and that
`Touboul renders claims 8 and 17 obvious. Id. at 33–40. As a threshold
`question, we must determine whether Touboul qualifies as prior art to any of
`the challenged claims.
`According to Petitioner, Touboul qualifies as prior art because none of
`the challenged claims is entitled to a priority date earlier than March 30,
`2000. Id. at 5–7, 13–18. Petitioner alleges, in particular, that the challenged
`claims are entitled to the following priority dates:
`Claims
`
`
` Priority Date .
`Claims 1, 3–6, 9, 10, 12–15, 18: March 30, 2000 (“Claimset 1”)
`Claims 2, 11:
`
`
`May 26, 2009 (“Claimset 2”)
`Claims 7, 8, 16, 17:
`
`May 7, 2006 (“Claimset 3”)
`Pet. 13.
`Alternatively, Petitioner argues, even if the claims of Claimset 1 are
`entitled to a priority date of November 6, 1997, Touboul still would qualify
`as prior art with respect to the claims of Claimsets 2 and 3. Id. at 6–7, 14–
`15, 18–19. Based on the record before us, and for the following reasons, we
`
` 9
`
`
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`are not persuaded by Petitioner’s contentions regarding the priority of the
`challenged claims, except as otherwise noted below.
`a. Priority Chain
`The ’494 patent issued from U.S. Patent Application No. 13/290,708
`(“the ’708 application”), filed November 7, 2011. Ex. 1001, [21], [22]. As
`filed, the ’708 application claimed priority from seven earlier applications:
`1) U.S. Patent Application No. 08/964,388 (Ex. 1074, “the ’388
`application”), filed November 6, 1997; issued as U.S. Patent No.
`6,092,194 (Ex. 1013, “the ’194 patent”);
`2) U.S. Patent Application No. 09/539,667 (Ex. 1071, “the ’667
`application”), filed March 30, 2000, as a continuation of the ’388
`application;
`3) U.S. Patent Application No. 09/551,302 (Ex. 1072, “the ’302
`application”), filed April 18, 2000;
`4) U.S. Provisional Patent Application No. 60/205,591 (Ex. 1073, “the
`’591 provisional”), filed May 17, 2000;
`5) U.S. Patent Application No. 09/861,229 (Ex. 1014, “the ’229
`application”), filed May 17, 2001, as a continuation-in-part of the
`’667 and ’302 applications and claiming the benefit of the ’591
`provisional; issued as U.S. Patent No. 7,058,822 B2 (Ex. 1016, “the
`’822 patent”);
`6) U.S. Patent Application No. 11/370,114 (Ex. 1069, “the ’114
`application”), filed March 7, 2006, as a continuation of the ’229
`application; issued as U.S. Patent No. 7,613,926 B2 (Ex. 1015, “the
`’926 patent”); and
`7) U.S. Patent Application No. 12/471,942 (“the ’942 application”), filed
`May 26, 2009, as a continuation of the ’114 application.
`Ex. 3001, 1.
`
`
`10
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`
`On December 6, 2013, during prosecution of the ’708 application,
`Applicants filed a petition to amend the application to include references to
`priority claims from two additional applications, namely, U.S. Patent
`Application No. 08/790,097 (Ex. 1075, “the ’097 application”), filed
`January 29, 1997, of which the ’302 application was a continuation; and
`U.S. Provisional Application No. 60/030,639 (Ex. 1027, “the ’639
`provisional”), filed November 8, 1996, from which each of the ’388 and
`’097 applications had claimed priority. Ex. 3002. The Office granted
`Applicants’ petition on December 24, 2013. Ex. 3003.
`As filed, the ’229 application, which eventually issued as the ’822
`patent, included a claim of priority from and an incorporation by reference
`of the ’302 application, the ’667 application, and the ’591 provisional, but,
`as Petitioner points out (see Pet. 16), did not claim priority from or include
`any reference to the ’520 and ’194 patents or the ’097 and ’388 applications,
`from which those patents respectively issued.
`Petitioner contends that “Patent Owner’s failure to make a priority
`claim to any earlier application constitutes a ‘break’ in the chain back to any
`earlier applications”; that the ’494 patent’s “grandparent ’926 [patent]
`cannot claim priority earlier than the date of the earliest date of an
`application on the face of its parent, the ’822 patent: March 30, 2000”; and
`that “[i]n turn, the ʼ494 [patent]—which depends on the ’926 [patent]’s
`priority—has the same priority date limitation.” Pet. 15–16.
`As Petitioner also points out, however, Patent Owner, in the course of
`a reexamination of the ’822 patent, filed a Petition to Accept Unintentionally
`
`11
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`Delayed Priority Claim Under 37 C.F.R. 1.78, requesting amendment to
`include references to the ’520 and ’194 patents. Reexamination Control No.
`90/013,017, Petition dated March 6, 2014, at 1–3 (Ex. 3004 (“Priority
`Petition”), 1–3); see also Pet. 16. The Office granted the Priority Petition
`and issued a Corrected Filing Receipt including the priority claim to the
`previously omitted applications in July 2014. See Reexamination Control
`No. 90/013,017, Decision mailed July 25, 2014, at 1–3 (Ex. 1017, 1–3);
`Reexamination Control No. 90/013,017, Corrected Filing Receipt dated
`July 24, 2014, at 1 (Ex. 3005, 1). While acknowledging the Office’s
`Decision on the Priority Petition, Petitioner suggests that, because the
`Examiner in the reexamination later concluded that certain claims of the
`’822 patent are entitled to a priority date no earlier than May 17, 2000 (see
`Pet. 16 (citing Ex. 1082 at 7), because “[n]o certificate of correction has
`been published” (id.), and because “[t]he reexamination of the ’822 patent
`“has not completed and is currently on appeal after all petitioned claims in
`the ’822 patent were rejected as invalid” (id.), the Priority Petition is
`ineffectual with respect to the ’494 patent’s entitlement to the benefit of the
`November 6, 1997 filing date of the ’388 application. Petitioner’s
`suggestion is not persuasive. Petitioner cites no authority for the proposition
`that a granted petition to accept an unintentionally delayed priority claim is
`effective only upon issuance of a certificate of correction or reexamination
`certificate, and not upon grant of the petition. In any event, as Patent Owner
`points out in its Preliminary Response, the Board reversed the rejection of all
`appealed claims in the reexamination of the ’822 patent (see Ex. 2007) and a
`
`12
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`reexamination certificate was issued by the Office on February 16, 2016
`(Ex. 2009). Prelim. Resp. 18.
`Notably, however, we are persuaded by Petitioner, on this record, that
`the ’494 patent cannot priority from the ’639 provisional (see Pet. 18–19),
`notwithstanding the Office’s decision (Ex. 3003) granting the Applicants’
`petition to amend the ’708 application to include priority claims to the ’639
`provisional and the ’097 application (Ex. 3002). As Petitioner points out,
`the earliest priority document cited on the face of the ’926 patent through
`which the ’494 claims priority is the ’194 patent (see Pet. 18), and there is no
`indication in the record that the ’926 patent, or the ’114 application, from
`which it issued, was ever the subject of a petition to accept a delayed priority
`claim to either the ’639 provisional or the ’097 application. We also note
`that Patent Owner does not challenge this contention in its Preliminary
`Response. Accordingly, for purposes of this Decision, we conclude that the
`’494 patent is not entitled to the benefit of either the November 8, 1996
`filing date of the ’639 provisional or the January 29, 1997 filing date of the
`’097 application, and cannot claim any earlier priority date than the
`November 6, 1997 filing date of the ’388 application that issued as the ’194
`patent.
`
`b. Support for Claimsets 1–3
`i. Claimset 1
`Apart from the arguments discussed above, Petitioner does not
`challenge the entitlement of claims 1, 3–6, 9, 10, 12–15, and 18 of the ’494
`
`
`13
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`patent (Claimset 1) to the benefit of the November 6, 1997 filing date of the
`’388 application. See Pet. 15–19. Thus, based on the record before us and
`for the reasons stated above, we determine that challenged claims 1, 3–6, 9,
`10, 12–15, and 18 of the ’494 patent are entitled to the benefit of the
`November 6, 1997 filing date of the ’388 application.
`ii. Claimset 2
`Claim 2 depends from claim 1 of the ’494 patent and recites “storing a
`date & time when the Downloadable security profile data was derived, in the
`database.” Ex. 1001, 21:26–28. Claim 11 depends from claim 10, and
`recites a similar limitation. Id. at 22:17–20.
`Petitioner argues that written description support was not provided for
`claims 2 and 11 until the filing of the ’942 application on May 26, 2009,
`because “no pre-’942 application discloses storing a ‘date.’” Pet. 14. Thus,
`Petitioner contends, the earliest priority date for claims 2 and 11 is May 26,
`2009. Id. at 6, 13, 14.
`Patent Owner responds that even if the ’194 patent does not contain in
`ipsissima verba the phrase “date & time,” a person of ordinary skill in the art
`would have understood from the ’194 patent that the inventor had possession
`of the subject matter of claims 2 and 11 at the time the application for that
`patent was filed. Prelim. Resp. 24. Patent Owner points, in particular, to the
`following disclosure in the ’194 patent:
`The event
`log analysis engine 510 determines whether
`notification of the user (e.g., the security system manager or
`[management information systems] director) is warranted. For
`example, the event log analysis engine 510 may warrant user
`
`14
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`
`notification whenever ten (10) suspicious Downloadables have
`been discarded by internal network security system 110 within a
`thirty (30) minute period, thereby flagging a potential imminent
`security threat.
`Ex. 1013, 7:32–39 (cited at Prelim. Resp. 24). Patent Owner contends that a
`person of ordinary skill in the art would understand from this disclosure that
`the inventor was in possession of a system that indicated the relevant dates
`and times for events, including the dates and time that Downloadable
`security profile data were derived, and stored that information in a database.
`Prelim. Resp. 25.
`We are persuaded by Patent Owner’s argument. In order for event log
`analysis engine 510 to determine that ten suspicious Downloadables have
`been discarded within a thirty-minute period, it follows that the date and
`time associated with derivation of the security profile data for each
`Downloadable must be logged.
`Thus, based on the record before us and for the reasons stated above,
`we determine that challenged claims 2 and 11 of the ’494 patent also are
`entitled to the benefit of the November 6, 1997 filing date of the ’388
`application that issued as the ’194 patent.
`iii. Claimset 3
`Claims 7 and 8 directly depend from claim 1 of the ’494 patent and
`recite that “the Downloadable security profile data” include “a URL from
`where the Downloadable originated” and “a digital certificate,” respectively.
`
`
`15
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`Ex. 1001, 21:38–40, 22:1–3. Claims 16 and 17 depend from claim 10, and
`recite similar limitations. Id. at 22:31–35.
`Petitioner argues that written description support was not provided for
`Claimset 3 until the filing of the ’114 application on March 7, 2006.6 In
`particular, according to Petitioner,
`[i]t is not until the ‘114 App[lication] . . . that any suggestion of
`including a certificate or a URL within the security profile data
`is made. (Ex. 1069 at 89-90.) Earlier applications such as the
`one that issued as the ’194 patent (filed Nov. 6, 1997) show
`“Known Certificates 309” stored separately from “DSP Data
`310.” (Ex. 1013 at Fig. 3.).
`Pet. 14–15.
`Patent Owner responds that the ’194 patent explicitly discloses these
`limitations, as both URLs and digital certificates are derived from an
`incoming Downloadable. Prelim. Resp. 25. Patent Owner points, in
`particular, to the following statements in the ’194 patent: “The ID generator
`315 recited a Downloadable (including the URL from which it came)” (id.
`(citing Ex. 1013, 4:41–45)); and “The certificate comparator 345 retrieves
`known certificates 309 that were deemed trustworthy by the security
`administrator and compares the found certificate with the known
`certificates 309 to determine whether the Downloadable was signed by
`a trusted certificate” (id. (citing Ex. 1013, 6:31–35)).
`
`
`6 Petitioner repeatedly misstates the filing date of the ’114 application as
`May 7, 2006. See Pet. 6, 13, 14.
`
`
`16
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`
`We again are persuaded by Patent Owner’s argument. Thus, based on
`the record before us and for the reasons stated above, we determine that
`challenged claims 7, 8, 16, and 17 of the ’494 patent also are entitled to the
`benefit of the November 6, 1997 filing date of the ’388 application that
`issued as the ’194 patent.
`c. Touboul is Not Prior Art Under 35 U.S.C. § 102(b)
`As explained above, on this record, we determine that all of the
`challenged claims are entitled to the benefit of the November 6, 1997 filing
`date of the ’388 application. Touboul was published on May 22, 1998.
`Ex. 1003, [43]. Accordingly, Touboul does not qualify as prior art to the
`challenged claims of the ’494 patent under 35 U.S.C. § 102(b), as asserted
`by Petitioner. Pet. 6.
`d. Conclusion
`On this record, Petitioner has not shown that Touboul is prior art to
`the challenged claims of the ’494 patent. Accordingly, Petitioner has not
`demonstrated a reasonable likelihood of prevailing on its challenge to the
`patentability of claims 1, 3–6, 9, 10, 12–15, and 18 as anticipated by
`Touboul or its challenges to the patentability of claims 2, 7, 8, 11, 16, and 17
`as obvious over Touboul alone or in combination with Swimmer or Ji.
`2. Obviousness over Swimmer
`A patent claim is unpatentable under 35 U.S.C. § 103(a) if the
`differences between the claimed subject matter and the prior art are “such
`that the subject matter as a whole would have been obvious at the time the
`
`
`17
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`invention was made to a person having ordinary skill in the art to which said
`subject matter pertains.” KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 406
`(2007). The question of obviousness is resolved on the basis of underlying
`factual determinations, including: (1) the scope and content of the prior art;
`(2) any differences between the claimed subject matter and the prior art;
`(3) the level of skill in the art7; and (4) objective evidence of
`nonobviousness, i.e., secondary considerations.8 Graham v. John Deere
`Co., 383 U.S. 1, 17–18 (1966).
`Petitioner contends that claims 1, 2, 6, 10, 11, and 15 of the ’494
`patent are unpatentable under 35 U.S.C. § 103(a) over Swimmer. Pet. 40–
`51. We begin our analysis with a brief overview of Swimmer, and we then
`address the parties’ contentions with respect to the challenged claims.
`a. Overview of Swimmer
`Swimmer generally is directed to a system, referred to as the “Virus
`Intrusion Detection Expert System” (“VIDES”), described as “a prototype
`for an automatic analysis system for computer viruses.” Ex. 1006, 1. In
`Swimmer’s system, an emulator is used to monitor the system activity of a
`virtual computer. Id. Sets of rules are used to detect viruses and extract
`details of their behavior. Id. The emulator collects system activity data and
`
`
`7 Petitioner proposes a definition for a person of ordinary skill in the art.
`Pet. 9–10; see Ex. 1018 ¶ 30. Patent Owner does not challenge this
`definition. For purposes of this Decision and to the extent necessary, we
`adopt Petitioner’s definition.
`8 See infra Section II.C.
`
`
`18
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`creates a set of audit record attributes that identify, among other things, disk
`operating system (“DOS”) functions requested by the program, the
`register/memory values used in calls to the DOS functions, and the
`register/memory values returned by the function calls. Id. at 1, 7, 9. The
`emulator provides the resulting audit trail in a canonical format as an activity
`data record for further analysis by a tool referred to as “Advanced Security
`audit trial Analysis on uniX” (“ASAX”). Id. at 9–12. ASAX analyzes the
`activity data collected by the emulator and detects viruses by employing
`rules that model typical virus behavior, using a rule-based language
`(“RUles-baSed Sequence Evaluation Language,” or “RUSSEL”) to identify
`the virus attack. Id. at 2, 4–5, 10–13. Swimmer discloses that ASAX also
`can pipe its output as a Normalized Audit Data Format (“NADF”) file for
`further processing. Id. at 7, 12. Swimmer also states that “VIDES could
`conceivably be used outside the virus lab to detect viruses in a real
`environment” and that “[o]ne possibility is to use it as a type of firewall for
`programs entering a protected network.” Id. at 13.
`b. Discussion
`In support of its argument that claims 1, 2, 6, 10, 11, and 15 are
`unpatentable over Swimmer, Petitioner provides a claim chart and further
`description detailing its mapping of Swimmer’s disclosure onto each
`element of challenged independent claims 1 and 10. Pet. 41–49. Petitioner
`then provides analysis pointing to Swimmer’s teaching of storing
`timestamps among stored security profile data, suggesting the “date & time”
`limitations of dependent claims 2 and 11, and detailing Swimmer’s
`
`19
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`disclosure of each of the types of suspicious computer operations recited in
`dependent claims 6 and 15, including calls made a file system, calls made to
`memory, calls made to a network system, and calls made to an operating
`system. Id. at 49–51. Petitioner relies upon the Declaration of Dr. Aviel D.
`Rubin (Ex. 1002) to support its positions.
`We have considered Petitioner’s explanations and supporting
`evidence in view of Patent Owner’s Preliminary Response (Prelim.
`Resp. 27–40), and we are persuaded that Petitioner demonstrates a
`reasonable likelihood that it would succeed at trial in showing that each of
`claims 1, 2, 6, 10, 11, and 15 is unpatentable over Swimmer. We address
`each of Patent Owner’s arguments in turn.
`Patent Owner argues, first, that Petitioner has not demonstrated that
`Swimmer discloses “receiving an incoming Downloadable,” as recited in
`claims 1 and 10, because, according to Patent Owner, “Swimmer only
`operates on files that are installed and running on the system.” Prelim.
`Resp. 27. According to Patent Owner, “Swimmer requires a virus to be
`installed and running on the user’s machine in order to run the emulation,”
`and “[t]hus, the emulator does not run on an ‘incoming Downloadable’
`(aka a Downloadable intended for a destination computer), but rather a
`Downloadable that has already been installed and running on the target
`machine.” Id. As Patent Owner recognizes (see id. at 29–30), however,
`Petitioner cites Swimmer’s disclosure that “[o]ne possibility is to use [the
`VIDES system] as a type of firewall for programs entering a protected
`network” (Ex. 1006, 13 (emphasis added) (cited at Pet. 41, 43)). Contrary to
`
`20
`
`
`
`
`
`IPR2016-00159
`Patent 8,677,494 B2
`
`Patent Owner’s contention that Swimmer’s disclosure “teaches away” from
`employing this embodiment (see Prelim. Resp. 29–30), Swimmer explicitly
`states that “[a] concept for this is currently under development” (Ex. 1006,
`13) and provides further guidance by stating that “[f]or such a system to be
`accepted, it must not cause false positives,” and “must also be unnoticeable
`unless a virus is found,” as well as that “a virtual 8086 machine will be the
`basis for this” (id.).
`Patent Owner additionally alleges “[t]he problems with Petitioner’s
`‘firewall’ theory are further compounded by Swimmer’s statement that any
`such firewall would be based on a virtual machine embodiment—not the
`emulator embodiment that forms the basis for Petitioner’s invalidity
`theories.” Prelim. Resp. 28. On this