Paper No.____
`Filed: January 20, 2016
`
`
`Petition for Inter Partes Review of
`Patent No. 7,647,633
`
`
`Filed on behalf of: Blue Coat Systems, Inc.
`By: Michael T. Rosato
`
`Andrew S. Brown
`WILSON SONSINI GOODRICH & ROSATI
`
`
`701 Fifth Avenue, Suite 5100
`
`Seattle, WA 98104-7036
`
`Tel.: 206-883-2529
`
`Fax: 206-883-2699
`Email: mrosato@wsgr.com
`
`
`Email: asbrown@wsgr.com
`
`
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`_____________________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`_____________________________
`
`
`
`BLUE COAT SYSTEMS, INC.,
`Petitioner,
`
`v.
`
`FINJAN, INC.,
`Patent Owner.
`_____________________________
`
`IPR2016-00480
`
`Patent No. 7,647,633
`
`_____________________________
`
`PETITION FOR INTER PARTES REVIEW
`PURSUANT TO 37 C.F.R. § 42.100 et seq.
`
`

`
`Petition for Inter Partes Review of
`Patent No. 7,647,633
`
`
`TABLE OF CONTENTS
`
`Page
`
`I.
`
`INTRODUCTION ....................................................................................... 1
`
`II. MANDATORY NOTICES UNDER 37 C.F.R. § 42.8(A)(1) ....................... 1
`
`A.
`
`B.
`
`C.
`
`D.
`
`E.
`
`Real Party-In-Interest Under 37 C.F.R. § 42.8(b)(1) .......................... 1
`
`Related Matters Under 37 C.F.R. § 42.8(b)(2) ................................... 2
`
`Lead and Back-Up Counsel under 37 C.F.R. § 42.8(b)(3) .................. 3
`
`Service Information ........................................................................... 3
`
`Power of Attorney .............................................................................. 3
`
`III.
`
`PAYMENT OF FEES - 37 C.F.R. § 42.103 ................................................. 4
`
`IV. REQUIREMENTS FOR INTER PARTES REVIEW UNDER 37
`C.F.R. §§ 42.104 AND 42.108 ..................................................................... 4
`
`A. Grounds for Standing Under 37 C.F.R. § 42.104(a) ........................... 4
`
`B.
`
`Identification of Challenge Under 37 C.F.R. § 42.104(b) and
`Statement of Precise Relief Requested ............................................... 4
`
`C.
`
`Status of the Cited References as Prior Art ........................................ 5
`
`1.
`
`2.
`
`3.
`
`Poison Java is prior art ............................................................. 5
`
`Shin is prior art ........................................................................ 5
`
`Brown is prior art ..................................................................... 6
`
`D.
`
`Threshold Requirement for Inter Partes Review 37 C.F.R. §
`42.108(c)............................................................................................ 7
`
`V.
`
`BACKGROUND OF TECHNOLOGY RELATED TO THE ’633
`PATENT ...................................................................................................... 7
`
`VI. SUMMARY OF THE ’633 PATENT ........................................................ 11
`
`A.
`
`B.
`
`The ’633 Patent ................................................................................ 11
`
`The Prosecution History of the ’633 Patent ...................................... 11
`
`
`
`-i-
`
`
`
`

`
`Petition for Inter Partes Review of
`Patent No. 7,647,633
`
`
`C.
`
`D.
`
`The Ex Parte Reexamination History of the ’633 Patent .................. 12
`
`Priority Dates of the Petitioned Claims ............................................ 13
`
`1.
`
`2.
`
`3.
`
`The Priority Claims to the ’667 and ’302 Applications
`and Their Parent Applications Are Improper .......................... 14
`
`Claimset 1 – Claims 1, 2, 3, 8, 13–14, 19, 28, and 34 lack
`written description support until May 17, 2000 ...................... 15
`
`Claimset 2 – Claims 4, 6, and 7 lack written description
`support until May 17, 2001 .................................................... 16
`
`VII. CLAIM CONSTRUCTION UNDER 37 C.F.R. § 42.104(B)(3) ................ 16
`
`A.
`
`B.
`
`C.
`
`D.
`
`E.
`
`F.
`
`The Petitioned Claims of the ʼ633 Patent ......................................... 16
`
`“mobile protection code (“MPC”)” (all claims) ............................... 18
`
`“information re-communicator” (claims 2, 14, and 19) .................... 20
`
`“means for receiving downloadable-information” (claim 13) ........... 20
`
`“means for determining whether the downloadable-information
`includes executable code” (claim 13) ............................................... 21
`
`“means for causing mobile protection code to be communicated
`to at least one information-destination of the downloadable-
`information, if the downloadable information is determined to
`include executable code” (claim 13) ................................................ 22
`
`VIII. PERSON HAVING ORDINARY SKILL IN THE ART............................ 23
`
`IX. THE PRIOR ART ...................................................................................... 24
`
`A. Overview of Poison Java.................................................................. 24
`
`B.
`
`C.
`
`D.
`
`Overview of Shin ............................................................................. 25
`
`Overview of Brown ......................................................................... 25
`
`Poison Java, Shin, and Brown Are Analogous Art ........................... 26
`
`X.
`
`THE PETITIONED CLAIMS OF THE ’633 PATENT ARE
`UNPATENTABLE .................................................................................... 26
`
`A. Ground 1 – Shin Renders Claims 1–4, 6–8, 13, 14, and 19
`Obvious under 35 U.S.C. § 103(a) ................................................... 26
`
`
`
`-ii-
`
`
`
`

`
`Petition for Inter Partes Review of
`Patent No. 7,647,633
`
`
`1.
`
`2.
`
`3.
`
`4.
`
`5.
`
`6.
`
`7.
`
`8.
`
`9.
`
`Independent Claim 1 .............................................................. 26
`
`Dependent Claim 2: “The method of claim 1, wherein the
`receiving includes monitoring received information of an
`information re-communicator.” .............................................. 29
`
`Dependent Claim 3: “The method of claim 2, wherein the
`information re-communicator is a network server.” ............... 30
`
`Dependent Claim 4: “The method of claim 1, wherein the
`determining comprises analyzing the downloadable-
`information for an included type indicator indicating an
`executable file type.” ............................................................. 30
`
`Dependent Claim 6: “The method of claim 1, wherein the
`determining comprises analyzing the downloadable-
`information for an included file type indicator and an
`information pattern corresponding to one or more
`information patterns that tend to be included within
`executable code.” ................................................................... 30
`
`Dependent Claim 7: “executable code characteristics” ........... 31
`
`Independent Claim 8 .............................................................. 32
`
`Independent Claim 13 ............................................................ 34
`
`Independent Claim 14 ............................................................ 36
`
`10. Dependent Claim 19: “The method of claim 14, wherein
`the re-communicator is at least one of a firewall and a
`network server.” ..................................................................... 42
`
`B.
`
`C.
`
`Ground 2 – Poison Java Anticipates Claim 28 under 35 U.S.C.
`§ 102(a) ........................................................................................... 42
`
`Ground 3 – Poison Java in view of Shin Renders Claim 1
`Obvious under 35 U.S.C. § 103(a) ................................................... 45
`
`1.
`
`Independent Claim 1 .............................................................. 45
`
`D. Ground 4 – Poison Java in view of Brown Renders Claims 14,
`19, and 34 Obvious under 35 U.S.C. § 103(a) ................................. 48
`
`1.
`
`Independent Claim 14 ............................................................ 48
`
`
`
`-iii-
`
`
`
`

`
`Petition for Inter Partes Review of
`Patent No. 7,647,633
`
`
`2.
`
`Dependent Claims 19: “The method of claim 14, wherein
`the re-communicator is at least one of a firewall and a
`network server.” ..................................................................... 52
`
`3.
`
`Independent Claim 34 ............................................................ 52
`
`E.
`
`Secondary Considerations of Non-Obviousness ............................... 54
`
`1.
`
`2.
`
`3.
`
`4.
`
`Licensing ............................................................................... 55
`
`Alleged Copying .................................................................... 56
`
`Alleged Commercial Success ................................................. 56
`
`Alleged Industry Praise .......................................................... 56
`
`XI. CONCLUSION ......................................................................................... 57
`
`
`
`
`
`-iv-
`
`
`
`

`
`Petition for Inter Partes Review of
`Patent No. 7,647,633
`
`
`List of Exhibits
`
`
`
`
`
`Description of Document
`
`1002
`1003
`1004
`
`1008
`
`Exhibit
`No.
`1001 U.S. Patent No. 7,647,633 (“Edery et al.”)
`Declaration of Dr. Aviel D. Rubin in support of Petition for Inter
`Partes Review (“Rubin”)
`90/013,016, Final Office Action (“633 Reexam”) (May 22, 2015)
`Eva Chen “Poison Java” IEEE Spectrum (1999)
`2015-09-10 Declaration of Gerard P. Grenier in support of the “Poison
`Java” reference
`1005
`1006 Webpage: Workshop and Miscellaneous Publications, Insik Shin
`1007 Webpage: Filewatcher – 7/27/98
`Ian Welch and Robert Stroud “Kava – A Reflective Java Based on
`Bytecode Rewriting” (January 1999)
`Insik Shin and John C. Mitchell “Java Bytecode Modification and
`Applet Security” (1998)
`1009
`Carey Nachenberg “The Evolving Virus Threat”
`1010
`1011 David M. Chess “Security Issues in Mobile Code Systems” (1998)
`R. Braden and J. Postel “Requirements for Internet Gateways” (June
`1987)
`1012
`International Publication No. WO 98/21683 to (“Touboul”)
`1013
`1014 U.S. Patent No. 6,088,803 (“Tso”)
`1015 U.S. Patent No. 5,889,943 (“Ji”)
`Li Gong et al. “Going Beyond the Sandbox: An Overview of the New
`Security Architecture in the Java Development Kit 1.2” (1997)
`1016
`1017 Webpage: Oracle - Java Security Architect
`Paul Sabanal, Mark Yason, and Mark Vincent “Digging Deep Into the
`Flash Sandboxes” (2012)
`1018
`1019 Webpage: Oracle - Deploying With the Applet Tag
`Yougang Song et al. “BRSS: A Binary Rewriting Security System for
`Mobile Code”
`Yougang Song and Brett D. Fleisch “Utilizing Binary Rewriting for
`Improving End-host Security” IEEE Vol. 18, No. 12 (Dec. 2007)
`Stephen McCamant and Greg Morrisett “Efficient, Verifiable Binary
`Sandboxing for CISC Architecture”
`1022
`1023 Virus Bulletin (March 1991)
`
`1020
`
`1021
`
`-v-
`
`
`
`

`
`Petition for Inter Partes Review of
`Patent No. 7,647,633
`
`
`Exhibit
`No.
`
`Description of Document
`
`1024
`
`1025
`
`1026
`1027
`
`1033
`
`1034
`
`1035
`
`1036
`
`Patent Application 11/159,455 Office Action – Non-Final Rejection
`(February 25, 2009)
`Patent Application 11/159,455 – Patent Owner Amendment and
`Response to Office Action Under 37.C.F.R. §1.111 (May 26, 2009)
`Patent Application 11/159,455 - Notice of Allowance and Fee(s) due
`(May 26, 2009)
`90/013,016 Reexam Non-Final Office Action (November 19, 2013)
`90/013,016 Reexam Supplemental Amendment to Correct Priority
`Paragraphs Required by 37 CFR §§ 1.78 (August 25, 2014)
`1028
`90/013,016 Reexam Notice of Appeal (June 22, 2015)
`1029
`Patent Application 11/159,455 Data Sheet
`1030
`1031 U.S. Pat. No. 6,804,780 (“Touboul”)
`1032 U.S. Pat. No. 6,480,962 (“Touboul”)
`Plaintiff Finjan, Inc.’s Reply Claim Construction Brief, Finjan, Inc. v.
`Blue Coat Systems, Inc., 13-cv-3999-BLF (July 7, 2014)
`Joint Post-Hearing Claim Construction Chart, Ex. A, Finjan Software,
`Ltd. v. Secure Computing Corporation, et al. 06-cv-369-GMS
`(October 30, 2007)
`Plaintiff Finjan, Inc.’s Opening Claim Construction Brief, Finjan, Inc.
`v. Websense, Inc., 13-cv-4398-BLF (September 23, 2014)
`Order Construing Claims, Finjan, Inc. v. Blue Coat Systems, Inc., 13-
`cv-3999-BLF (October 20, 2014)
`Plaintiff Finjan, Inc.’s Opening Claim Construction Brief, Finjan, Inc.
`v. Proofpoint, Inc. and Armorize Technologies, Inc., 3:13-cv-5808-
`HSG (May 1, 2015)
`Claim Construction Order, Finjan Software, Ltd. v. Secure Computing
`et al. 06-cv-369-GMS (December 11, 2007)
`Plaintiff Finjan, Inc.’s Opening Claim Construction Brief, Finjan, Inc.
`v. Blue Coat Systems, Inc., 13-cv-3999-BLF (June 16, 2014)
`1039
`Provisional Application No. 60/205,591 (May 17, 2000)
`1040
`1041 Mark Brown “Using Netscape 3” (1996)
`90/013,016 Reexam Response to Non-Final Office Action (February
`19, 2014)
`Finjan Investor Presentation, Q1 (2013)
`Dr. Frederick Cohen “Computer Viruses: Theory and Experiments”
`(1987)
`
`1037
`
`1038
`
`1042
`1043
`
`1044
`
`
`
`-vi-
`
`
`
`

`
`Petition for Inter Partes Review of
`Patent No. 7,647,633
`
`
`Exhibit
`No.
`
`Description of Document
`
`1047
`
`1048
`
`1055
`
`1056
`
`Thomas M. Chen and Jean-Marc Robert “The Evolution of Viruses
`and Worms”
`1045
`1046 Virus Bulletin Issue Archive (2015)
`Sandeep Kumar and Eugene H. Spafford “A Generic Virus Scanner in
`C++,” (September 17, 1992)
`Morgan B. Adair “Detecting Viruses in the NetWare Environment”
`(March 1, 1992)
`1049 Virus Bulletin (November 1991)
`1050 Virus Bulletin, (December 1991)
`1051 Webpage: McAfee Antivirus product page
`1052 Webpage: Norton Antivirus product page
`1053 Webpage: Information Security Stack Exchange
`1054 Webpage: W3Schools, JavaScript Tutorial page
`Sarah Gordon and David Chess “Attitude Adjustment: Trojans and
`Malware on the Internet - An Update”
`Andreas Moser et al. “Limits of Static Analysis for Malware
`Detection”
`Ian Goldberg et al. “A Secure Environment for Untrusted Helper
`Applications (Confining the Wily Hacker)” (July 1996)
`1057
`1058 Wayne A. Jansen “Countermeasures for Mobile Agent Security”
`Byron Cook et al. “Proving Program Termination,” Communications
`of the ACM, Vol. 54, No. 5 (May 2011)
`1059
`1060 Webpage: Schneier on Security
`Javier Esparza “Decidability of Model Checking for Infinite-State
`Concurrent Systems”
`Edmund Clarke et al. “Model Checking and State Explosion Problem”
`Drew Dean et al. “Java Security: From HotJava to Netscape and
`Beyond”
`1063
`1064 NSA Defense in Depth
`1065 Dr. Thomas Porter “The Perils of Deep Packed Inspection”
`J. Mark Smith et al. “Protecting a Private Network: The AltaVista
`Firewall” (1997)
`Check Point Firewall-ITM White Paper, Version 3.0 (June 1997)
`Emin Gün Sirer et al. “Design and Implementation of a Distributed
`Virtual Machine for Networked Computers” (December 1999)
`
`1061
`1062
`
`1066
`1067
`
`1068
`
`
`
`-vii-
`
`
`
`

`
`Petition for Inter Partes Review of
`Patent No. 7,647,633
`
`
`Exhibit
`No.
`
`Description of Document
`
`1069
`
`1070
`
`1071
`
`Intrusion Detection Systems Group Test (Edition 2) – An NSS Group
`Report
`Dries Vanoverberghe and Frank Piessens “A Caller-Side Inline
`Reference Monitor for an Object-Oriented Intermediate Language”
`(2008)
`Ulfar Erlingsson “The Inlined Reference Monitor Approach to
`Security Policy Enforcement” (January 2004)
`Ari Luotonen and Kevin Altis “World-Wide Web Proxies” (April
`1994)
`James Gosling and Henry McGilton “The JavaTM Language
`Environment: A White Paper” (May 1996)
`1073
`1074 Webpage: “A Simple Guide to HTML”
`David M. Martin Jr. et al. “Blocking Java Applets at the Firewall”
`(1997)
`Eric Perlman and Ian Kallen “Common Internet File Formats”
`“Developing Stored Procedures in Java: An Oracle Technical White
`Paper” (April 1999)
`1077
`Larry L. Peterson et al. “OS Support for General-Purpose Routers”
`1078
`Roel Wieringa “Traceability and Modularity in Software Design”
`1079
`1080 U.S. Patent No. 6,434,499 (“Ulrich”)
`90/013,016 Reexam Renewed Petition to Accept Unintentionally
`Delayed Priority Claim Under 37 C.F.R. § 1.78 (August 25, 2014)
`2015-09-13 Declaration of Peter Kent in support of the “Brown”
`reference
`1082
`1083 U.S. Patent No. 7,058,822 (“Edery”)
`Curriculum Vitae of Dr. Aviel Rubin
`1084
`Provisional Application No. 60/030,639
`1085
`1086 U.S. Patent No. 6,092,194 (“Touboul”)
`1087 U.S. Patent No. 6,167,520 (“Touboul”)
`2014-02-18 Phil Hartstein declaration in 90/013,016 Reexam
`1088
`90/013,017 Reexam Final Rejection (September 8, 2014)
`1089
`1090 Webpage: Finjan Software Company Overview (October 9, 2004)
`Excerpted Markman Hearing Transcript, Finjan, Inc. v. Blue Coat
`Systems, Inc., 13-cv-3999-BLF (August 22, 2014)
`Affidavit of Christopher Butler of the Internet Archive (“Brown”)
`(September 30, 2015)
`
`1072
`
`1075
`1076
`
`1081
`
`1091
`
`1092
`
`
`
`-viii-
`
`
`
`

`
`Petition for Inter Partes Review of
`Patent No. 7,647,633
`
`
`Description of Document
`
`Exhibit
`No.
`1093 Affidavit of David Sherfesee of Alexa Internet (May 8, 2007)
`1094 U.S. Application No. 09/861,229 (May 17, 2001)
`1095 Affidavit of Christopher Butler of the Internet Archive (“Shin”)
`Finjan, Inc. v. Blue Coat Systems, Inc., No. 3:13-cv-03999
`1096
`Finjan, Inc. v. Blue Coat Systems, Inc., No. 5:15-cv-03295
`1097
`
`
`
`-ix-
`
`
`
`

`
`Petition for Inter Partes Review of
`Patent No. 7,647,633
`
`I.
`
`INTRODUCTION
`
`Blue Coat Systems, Inc. (“Petitioner” or “Blue Coat”) petitions for inter
`
`partes review under 35 U.S.C. §§ 311-319 and 37 C.F.R. § 42 of claims 1–4, 6–8,
`
`13, 14, 19, 28, and 34 (“the Petitioned Claims”) of U.S. Patent No. 7,647,633 (“the
`
`’633 patent”; Ex. 1001). The ’633 patent is directed at protecting computers from
`
`potentially malicious programs in the form of “Downloadables,” such as Java
`
`applets, ActiveX controls, JavaScript script, or other executable code that a user
`
`might download onto her computer from the Internet. The ’633 patent claims
`
`determining whether “downloadable-information” includes potentially malicious
`
`executable code and, if so, causing “mobile protection code” to be communicated
`
`to the downloadable-information’s destination. Some claims recite forming a
`
`sandboxed package that includes the downloadable-information, the mobile
`
`protection code, and pre-determined protection policies. The ’633 patent further
`
`claims the transmission of this sandboxed package to the Downloadable’s
`
`destination, where it may be executed in a sandbox. As explained in greater detail
`
`below, prior art such as Poison Java and Shin anticipate and/or render the claims
`
`obvious.
`
`A previous petition for inter partes review, Palo Alto Networks, Inc. v.
`
`Finjan, Inc., IPR2015-01974, has been filed by Palo Alto Networks, Inc. A motion
`
`for joinder to that petition has been filed concurrent with this Petition.
`
`II. MANDATORY NOTICES UNDER 37 C.F.R. § 42.8(A)(1)
`
`A. Real Party-In-Interest Under 37 C.F.R. § 42.8(b)(1)
`
`
`
`-1-
`
`
`
`

`
`Petition for Inter Partes Review of
`Patent No. 7,647,633
`
`
`Blue Coat Systems, Inc. is the real party-in-interest.
`
`B. Related Matters Under 37 C.F.R. § 42.8(b)(2)
`
`Finjan, Inc. (“Patent Owner” or “PO”) asserted the ’633 patent against
`
`Petitioner in Finjan, Inc. v. Blue Coat Sys., Inc., No. 5:13-cv-03999-BLF (N.D.
`
`Cal.), (the “Blue Coat Litigation”), filed July 8, 2013. Finjan also asserted the ’633
`
`patent in the following litigations: Finjan, Inc. v. FireEye, Inc., No. 13-cv-03133-
`
`SBA (N.D. Cal.) (“the FireEye Litigation”); Finjan, Inc. v. Palo Alto Networks,
`
`Inc., No. 3-14-cv-04908 (N.D. Cal.) (“the Palo Alto Networks Litigation”); Finjan,
`
`Inc. v. Websense, Inc., No. 5:13-cv-04398 (N.D. Cal.) (“the Websense I
`
`Litigation”); Finjan, Inc. v. Proofpoint, Inc., No. 13-cv-05808-HSG (N.D. Cal.)
`
`(“the Proofpoint Litigation”); and Finjan, Inc. v. Websense, Inc., No. 5-15-cv-
`
`01353 (N. D. Cal.) (“the Websense II Litigation”).
`
`The ’633 patent is undergoing ex parte reexamination Control No.
`
`90/013,016 (“the ’633 reexam”). All issued claims of the ’633 patent subject to
`
`reexamination— claims 1–7 and 28–33—stand rejected. (Ex. 1003 at 3, 22). The
`
`reexamination is on appeal to the Patent Trial and Appeal Board. The ’633 patent
`
`is currently the subject of an inter partes review petition by Palo Alto Networks,
`
`Inc. (“Palo Alto Networks”): Palo Alto Networks, Inc. v. Finjan, Inc., IPR2015-
`
`01974 (“the Palo Alto Networks IPR”). A motion for joinder with the Palo Alto
`
`Networks IPR has been filed concurrent with this petition.
`
`
`
`-2-
`
`
`
`

`
`Petition for Inter Partes Review of
`Patent No. 7,647,633
`
`
`Petitioner also filed two petitions (IPR2016-00478 and IPR2016-00179) for
`
`inter partes review of U.S. Patent No. 6,965,968, which is also assigned to Patent
`
`Owner.
`
`C. Lead and Back-Up Counsel under 37 C.F.R. § 42.8(b)(3)
`
`Lead Counsel
`
`Back-Up Counsel
`
`Michael T. Rosato
`
`Andrew S. Brown
`
`USPTO Reg. No. 52,182
`
`USPTO Reg. No. 74,177
`
`WILSON SONSINI GOODRICH &
`
`WILSON SONSINI GOODRICH &
`
`ROSATI
`
`ROSATI
`
`701 Fifth Avenue
`
`701 Fifth Avenue
`
`Suite 5100
`
`Suite 5100
`
`Seattle, WA 98104-7036
`
`Seattle, WA 98104-7036
`
`Tel.: 206-883-2529
`
`Tel.: 206-883-2584
`
`Fax: 206-883-2699
`
`Fax: 206-883-2699
`
`Email: mrosato@wsgr.com
`
`Email: asbrown@wsgr.com
`
`
`D.
`
`Service Information
`
`Pursuant to 37 C.F.R. § 42.8(b)(4), service information for lead and back-up
`
`counsel is provided above. Blue Coat consents to service by e-mail at the addresses
`
`provided above.
`
`E.
`
`Power of Attorney
`
`Filed concurrently with this petition per 37 C.F.R. § 42.10(b).
`
`
`
`-3-
`
`
`
`

`
`Petition for Inter Partes Review of
`Patent No. 7,647,633
`
`III. PAYMENT OF FEES - 37 C.F.R. § 42.103
`
`This Petition is accompanied by a payment of $23,000. 37 C.F.R. § 42.15.
`
`This Petition meets the fee requirements of 35 U.S.C. § 312(a)(1).
`
`IV. REQUIREMENTS FOR INTER PARTES REVIEW UNDER 37 C.F.R.
`§§ 42.104 AND 42.108
`
`A. Grounds for Standing Under 37 C.F.R. § 42.104(a)
`
`The undersigned and Blue Coat certify that the ’633 patent is available for
`
`inter partes review and Petitioner is not barred or estopped from requesting an
`
`inter partes review of the challenged claims of the ’633 patent. Petitioner has not
`
`filed a civil action challenging the validity of any claim of the ’633 patent. A
`
`complaint alleging infringement of the ’633 patent was served on Petitioner more
`
`than a year before the date of this Petition; however, a motion to joinder has been
`
`filed to join the Palo Alto Networks IPR not later than 1 month after institution in
`
`accordance with 37 U.S.C. § 315(c). The ’633 patent issued more than nine
`
`months prior to the date of this Petition.
`
`B.
`
`Identification of Challenge Under 37 C.F.R. § 42.104(b) and
`Statement of Precise Relief Requested
`
`Petitioner requests IPR of claims 1–4, 6–8, 13, 14, 19, 28, and 34 of the ’633
`
`patent and that each claim be found unpatentable on the following grounds:
`
`Ground ’633 Claim(s)
`
`Basis for Challenge
`Obvious over Insik Shin & John C. Mitchell, “Java
`
`1.
`
`
`
`1–4, 6–8, 13,
`
`14, and 19
`
`Bytecode Modification and Applet Security,” under 35
`
`U.S.C. § 103(a)
`
`-4-
`
`
`
`

`
`Petition for Inter Partes Review of
`Patent No. 7,647,633
`
`
`2.
`
`28
`
`Anticipated by Poison Java under 35 U.S.C. § 102(a)
`
`Obvious over Poison Java in view of Insik Shin & John
`
`3.
`
`1
`
`C. Mitchell, “Java Bytecode Modification and Applet
`
`Security,” under 35 U.S.C. § 103(a)
`
`4.
`
`14, 19, and 34 Obvious over Poison Java in view of Mark W. Brown et
`
`al. “Special Edition Using Netscape 3,” (Que Corp.
`
`1996) under 35 U.S.C. § 103(a)
`
`
`Additional support for each ground appears in the Declaration of Dr. Aviel
`
`Rubin (Ex. 1002, “Rubin”), an expert in the field.
`
`C.
`
`Status of the Cited References as Prior Art
`
`1.
`
`Poison Java is prior art
`
`Poison Java is prior art under 35 U.S.C. § 102(a) or (b) because it was
`
`published by August 31, 1999, in IEEE Spectrum (Ex. 1005), before the May 17,
`
`2000 priority date of Claimset 1 and more than one year before the May 17, 2001
`
`priority date of Claimset 2. (§ VI.D.)
`
`2.
`
`Shin is prior art
`
`Shin is prior art under 35 U.S.C. § 102(b) because it was available to the
`
`public more than one year before May 17, 2000, which is the earliest possible
`
`priority date of the Petitioned Claims. (See § VI.D.) Evidence showing Shin’s
`
`public availability includes a 1998 publication date on the author’s website. (Ex.
`
`1006, listed under “Technical Reports.”) Shin was also publicly available at
`
`another website belonging to the author (Insik Shin) no later than April 18, 1998,
`
`
`
`-5-
`
`
`
`

`
`Petition for Inter Partes Review of
`Patent No. 7,647,633
`
`as confirmed by the Internet Archive (Archive.org). (Ex. 1095 at 1, 3-25.) The
`
`Internet Archive’s Web page repository is supplied by Alexa Internet. The
`
`Affidavit of David Sherfesee confirms that the contents of the Archive are from the
`
`publicly available Internet, and that the time/date information associated with the
`
`Archive’s contents is accurate. (Ex. 1093 at 1-5.) Shin was also catalogued by
`
`www.filewatcher.com with a date stamp of July 27, 1998. (Ex. 1007 at 1.) And
`
`Shin was cited with a publication date of 1998 in a paper titled “Kava – A
`
`Reflective Java Based on Bytecode Rewriting” published in January 1999, and
`
`presented at a conference in Denver, Colorado, in November 1999. (See Ex. 1008
`
`at 1, 3, and 14.) Kava conclusively demonstrates that Shin was published and
`
`publicly available to persons of ordinary skill in the art in this country no later than
`
`Kava’s publication date of January 1999—more than one year before May 17,
`
`2000. (Id.)
`
`3.
`
`Brown is prior art
`
`Brown is prior art under 35 U.S.C. § 102(b) because it was published in
`
`1996, which is more than one year before May 17, 2000, the earliest possible
`
`priority date of the Petitioned Claims—as confirmed in the attached declarations
`
`by one of the book’s authors and the Internet Archive. (Ex. 1082; 1092.) The
`
`Internet Archive’s web page repository is supplied by Alexa Internet. The
`
`Affidavit of David Sherfesee confirms that the contents of the Archive are from the
`
`publicly available Internet and that the time/date information associated with
`
`Archive content is accurate. (Ex. 1093.)
`
`
`
`-6-
`
`
`
`

`
`Petition for Inter Partes Review of
`Patent No. 7,647,633
`
`
`D. Threshold Requirement for Inter Partes Review 37 C.F.R. §
`42.108(c)
`
`Inter partes review of the Petitioned Claims should be instituted because this
`
`Petition establishes a reasonable likelihood that Petitioner will prevail with respect
`
`to each of the claims challenged. 35 U.S.C. § 314(a).
`
`V. BACKGROUND OF TECHNOLOGY RELATED TO THE ’633
`PATENT
`
`Since at least 1988, antivirus software has served as a barrier between
`
`computer processors and malware, which can steal data, destroy data, and disrupt
`
`operations. (Ex. 1002 at ¶¶ 40-41.) Antivirus software was developed in an era
`
`when malware was passed between computers via floppy disks and other types of
`
`removable data storage media. (Ex. 1002 at ¶ 46.) By the mid-1990s, however, the
`
`widespread adoption of email and Internet browsing made it possible to transmit
`
`malware directly between computers. (Ex. 1002 at ¶¶ 46-47; Ex. 1010 at 1-8.)
`
`This increased the exposure—and the risk of harm—to users’ computers by
`
`malicious software or malware. (Ex. 1002 at ¶¶ 46-47; Ex. 1010 at 1-8.)
`
`The exposure and risk of harm increased even more with the advent of
`
`mobile code in the mid-to-late 1990s. Mobile code, such as Java applets, is
`
`downloaded and executed by the computer (e.g., when loading a webpage in an
`
`Internet browser) without any explicit actions by the user. (Ex. 1002 at ¶ 48; Ex.
`
`1011 at 2.) So when, for example, a Java applet automatically executes, any
`
`instructions within the code are automatically executed as well. (Ex. 1002 at ¶ 48;
`
`Ex. 1011 at 2.) These instructions may include malicious or dangerous “system
`
`
`
`-7-
`
`
`
`

`
`Petition for Inter Partes Review of
`Patent No. 7,647,633
`
`calls,” asking the computer processor’s operating system to do things like write to
`
`a file, read from memory, or execute a program. (Ex. 1002 at ¶ 53.)
`
`The increase in connectivity and web browsing, together with the advent of
`
`mobile code in the mid-1990s, exacerbated risks posed by malware and drove the
`
`adoption of a layered approach to computer security. (Ex. 1002 at ¶¶ 49, 63.) In a
`
`layered approach, different layers of a computer network detect and block
`
`malware. (Ex. 1002 at ¶ 63.) If malware slips through one layer, the next layer
`
`may be able to catch it. (Ex. 1002 at ¶¶ 63-64.) Typical layers of protection
`
`include antivirus software that runs on client computers (described above), a
`
`gateway server or firewall that prevents malware and suspicious files from
`
`reaching the client computers, sandboxing techniques that allow client computers
`
`to execute mobile code without allowing the mobile code to make potentially
`
`dangerous system calls, and instrumentation techniques that involved rewriting
`
`potentially malicious or dangerous code. (Ex. 1002 at ¶¶ 49, 52-54, 59, 64-69, and
`
`71.)
`
`Malware-scanning gateways, which can be implemented as firewalls or
`
`servers, are as old as the Internet Protocol, which is the principal protocol for
`
`relaying information via the Internet. (Ex. 1002 at ¶ 65; Ex. 1012 at 1-2; see also
`
`Ex. 1013; Ex. 1014; Ex. 1015.) A malware-scanning gateway sits at the edge of an
`
`intranet, such as a corporate network, and scans traffic entering and leaving the
`
`intranet for malware. (Ex. 1002 at ¶¶ 65-66; see also Ex. 1013; Ex. 1014; Ex.
`
`1015.) By placing malware scanners at all ingress points on the corporate network,
`
`
`
`-8-
`
`
`
`

`
`Petition for Inter Partes Review of
`Patent No. 7,647,633
`
`a network administrator can scan received data streams for threats without unduly
`
`affecting traffic within the intranet. (Ex. 1002 at ¶¶ 66, 68.) Gateway scanning
`
`also makes it easier to enforce security policies across the intranet—instead of
`
`maintaining virus scanners at every computer, the network administrator can focus
`
`on maintaining just a few malware-scanning gateways. (Ex. 1002 at ¶ 69.)
`
`Sandboxing was developed in the mid-1990s to mitigate risks associated
`
`with executing untrusted mobile code. (Ex. 1002 at ¶ 53.) (The Java programming
`
`language was designed for sandbox operations from the beginning. (Ex. 1016 at 2,
`
`§ 1.1; Ex. 1017 at 1.)) A sandbox is an execution environment with software-
`
`imposed restrictions that prevent mobile code from damaging the computer that is
`
`executing the mobile code. (Ex. 1002 at ¶ 53.) Executing the mobile code in a
`
`restricted environment makes it possible to identify and evaluate system calls
`
`before allowing them to reach system resources. (Id.) The sandbox denies access
`
`to dangerous system calls, which reduces the danger that the mobile code may
`
`cause the computer to perform an undesired action. (Id.)
`
`There are many techniques for sandboxing mobile code. (Ex. 1002 at ¶ 53;
`
`Ex. 1018 at Abstract, and 6-50, §§ 4-5.) For example, Java applets are executed in
`
`a sandbox by a Java Virtual Machine (JVM), a software simulated processor. (Ex.
`
`1002 at ¶ 54; Ex. 1016 at 2, § 1.1; Ex. 1017 at 1.) When the JVM executes an
`
`applet, it enforces rules to prevent the applet from performing malicious
`
`operations. (Ex. 1002 at ¶ 55; Ex. 1016 at 2, § 1.1; Ex. 1017 at 1.)
`
`
`
`-9-
`
`
`
`

`
`Petition for Inter Partes Review of
`Patent No. 7,647,633
`
`
`Another method for adding a layer of protection known at that time by those
`
`of ordinary skill in the art was code “rewriting” or “instrumentation.” (Ex. 1002 at
`
`¶ 71; Ex. 1020 at 2; Ex. 1021.) Code rewriting or instrumentation involves
`
`inserting extra protection code into the mobile code, e.g., at a server that receives
`
`the mobile code for transmission to a client computer. (Ex. 1002 at ¶ 71; Ex. 1020
`
`at 2; Ex. 1021.) Instrumentation is performed after mobile code is filtered or
`
`scanned but before it is executed in the sandbox. (Ex. 1002 at ¶ 71.)
`
`Instrumentation often involves taking advantage of the fact that mobile code
`
`is usually divided into functions for better organization, code-reuse, and
`
`readability. (Ex. 1002 at ¶¶ 72-73.) Mobile code can be rewritten to provide an
`
`additional layer of security by inserting code right at the very beginning of a
`
`function body. (Id. at ¶¶ 71, 73.) Every time that function is called, the newly
`
`inserted code is executed first. (Id. at ¶ 73.) In some cases, the newly inserted
`
`code provides an additional sandbox layer—that is, it creates a restricted
`
`environment and prevents a function from causing harm, e.g., by terminating
`
`functions with duplicative or harmful system calls. (Id. at ¶ 74; Ex. 1022 at 1-5.)
`
`Antivirus software, malware-scanning gateways, sandboxing, and
`
`instrumentation (code rewriting) have bee