`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`_____________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`_____________________
`
`Cisco System, Inc.,
`Petitioner,
`
`v.
`
`
` Finjan, Inc.,
`Patent Owner.
`____________
`
`U.S. Patent No. 8,677,494
`Issue Date: March 18, 2014
`Title: Malicious Mobile Code Runtime Monitoring System and Methods
`
`
`_____________________
`
`Inter Partes Review No.: Unassigned
`_____________________
`
`DECLARATION OF PAUL CLARK IN SUPPORT OF PETITION FOR
`INTER PARTES REVIEW OF
`U.S. PATENT NO. 8,677,494
`
`
`
`
`
`
`
`Mail Stop “PATENT BOARD”
`Patent Trial and Appeal Board
`U.S. Patent and Trademark Office
`P.O. Box 1450
`Alexandria, VA 22313-1450
`
`CS-1003
`Cisco Systems, Inc. v. Finjan, Inc.
`
`
`
`TABLE OF CONTENTS
`
`Page
`Introduction ...................................................................................................... 1
`I.
`List of Documents I Considered in Forming My Opinions ............................. 4
`II.
`III. My Background and Qualifications ................................................................. 6
`IV. Person of Ordinary Skill in the Art (POSA) .................................................. 10
`V.
`Relevant Legal Standards .............................................................................. 11
`VI. The ‘494 Patent .............................................................................................. 15
`A.
`Summary ............................................................................................. 15
`B.
`Priority Date of Claims ....................................................................... 19
`VII. State of the Art ............................................................................................... 19
`A. Malicious Code in Executable Programs ............................................ 19
`B.
`Tools to Combat Malicious Code ....................................................... 23
`1. Malicious Code Detection. ........................................................ 24
`2.
`Downstream Malicious Code Defense Methods. ..................... 27
`3.
`Specifications. ........................................................................... 29
`VIII. Claim Construction ........................................................................................ 31
`IX. Overview ........................................................................................................ 31
`X.
`Challenge #1: Claims 10, 11, 14, 15 and 16 are obvious over Shear in
`view Kerchen ................................................................................................. 35
`A.
`Shear in view of Kerchen Teaches Every Element of Claims ............ 35
`1.
`The Shear Reference ................................................................. 35
`
`
`
`
`
`i
`
`
`
`B.
`
`2.
`The Kerchen Reference ............................................................. 43
`The Motivation to Combine Shear with Kerchen ..................... 45
`3.
`Detailed Invalidity Analysis ................................................................ 47
`1.
`Claim 10 .................................................................................... 47
`2.
`Claim 11 .................................................................................... 59
`3.
`Claim 14 .................................................................................... 61
`4.
`Claim 15 .................................................................................... 63
`5.
`Claim 16 .................................................................................... 65
`XI. Challenge 2: Claims 10, 11, 14, 15 and 16 Are Obvious Over
`Crawford 91 in view of Knowledge of a POSA ............................................ 68
`A.
`Crawford 91 in view of Knowledge of a POSA Teaches Every
`Element of Claims ............................................................................... 68
`1.
`THE CRAWFORD 91 REFERENCE ...................................... 68
`Detailed Application of Crawford 91 to the Claims ........................... 69
`1.
`Claim 10 .................................................................................... 69
`2.
`Claim 14 .................................................................................... 78
`3.
`Claim 15 .................................................................................... 79
`4.
`Claim 16 .................................................................................... 81
`
`B.
`
`
`
`
`
`
`
`
`ii
`
`
`
`
`
`I.
`
`Introduction
`1.
`I am over the age of eighteen (18) and otherwise competent to make
`
`this declaration.
`
`2.
`
`I have been retained by Cisco Systems (Petitioner) as an independent
`
`expert consultant in this proceeding before the United States Patent and Trademark
`
`Office. Although I am being compensated at my rate of $590.00 per hour for the
`
`time I spend on this matter, no part of my compensation depends on the outcome
`
`of this proceeding, and I have no other interest in this proceeding. To the best of
`
`my knowledge, I have no financial interest in Cisco Systems.
`
`3.
`
`This Petition for inter partes review involves U.S. Patent No.
`
`8,677,494 (“the ‘494 Patent”) (CS-1001). The ‘494 Patent is entitled “Malicious
`
`Mobile Code Runtime Monitoring System and Methods” and lists Yigal
`
`Mordechai Edery, Nirmrod Itzhak Vered, David R. Kroll, and Shlomo Touboul, as
`
`the inventors.
`
`4.
`
`The ‘494 Patent issued March 18, 2014, from U.S. Patent Application
`
`No 13/290,708 which was filed Nov. 7, 2011. The ‘494 Patent claims the benefit
`
`of U.S. provisional application No. 60/030,639, filed on Nov. 8, 1996. CS-1002.
`
`5.
`
`For the purposes of this inter partes review as discussed later, I have
`
`been instructed to assume that the effective filing date of the Claims of the ‘494
`
`
`
`1
`
`
`
`
`
`Patent challenged by the Petitioner in this inter partes review is no earlier than
`
`November 8, 1996, the filing date of U.S. Provisional Patent Application No.
`
`60/030,639.
`
`6.
`
`I understand that according to USPTO records, the ‘494 Patent is
`
`currently assigned to Finjan, Inc. (“Finjan” or “Patent Owner”).
`
`7.
`
`The ‘494 Patent is directed to malicious code detection. CS-1001, I
`
`am familiar with the technology described in the ‘494 Patent as of the earliest
`
`possible priority date of November 8, 1996.
`
`8.
`
`In preparing this Declaration, I have reviewed the ‘494 Patent (CS-
`
`1001), the file history of the ‘494 Patent (CS-1002), and each of the documents
`
`cited herein, and I have considered these documents in light of the general
`
`knowledge in the art as of November 8, 1996. In formulating my opinions, I have
`
`relied upon my experience in the relevant art. I have also considered the viewpoint
`
`of a person of ordinary skill in the art (“POSA”) in the field, as of November 8,
`
`1996.
`
`9.
`
`I have been asked to provide my technical expertise, analysis, insights
`
`and opinions regarding the ‘494 Patent and relevant references that form the basis
`
`of the grounds of rejection set forth in the accompanying Petition for inter partes
`
`
`
`2
`
`
`
`
`
`review of the ‘494 Patent. As described in detail below, I offer the following
`
`opinion in this Declaration:
`
`
`
`A POSA would have found Claims 10, 11, 14, 15 and 16 of the ‘494
`
`Patent to be obvious over U.S. Patent No. 6,157,721 (“Shear”) in view
`
`of Static Analysis Virus Detection Tools For Unix Systems
`
`(“Kerchen”). Shear in view of Kerchen teaches each element of
`
`Claims 10, 11, 14, 15 and 16 to a POSA and a POSA would have been
`
`motivated to combine the teachings of these references;
`
`
`
`
`
`A POSA would have found Claims 10, 11, 14, 15 and 16 of the ‘494
`
`Patent to be obvious over A Testbed for Malicious Code Detection: A
`
`Synthesis of Static and Dynamic Analysis Techniques (“Crawford
`
`’91”) in view of knowledge of a POSA. Crawford ’91 in view of
`
`knowledge of a POSA teaches each element of Claims 10, 11, 14, 15
`
`and 16 to a POSA and a POSA would have been motivated to
`
`combine the teachings.
`
`
`
`
`
`3
`
`
`
`
`
`II. List of Documents I Considered in Forming My Opinions
`10.
`In formulating my opinions, I have considered and relied on
`
`statements in the documents identified below. These documents include patents,
`
`patent Applications, learned treatises, periodicals, pamphlets and other
`
`publications. I consider each of the references below as a reliable authority for the
`
`statements on which I rely.
`
`
`Exhibit #
`
`Description
`
`U.S. Patent No. 8,677,494 entitled “System and Method of Attaching a
`Downloadable Security Profile to a Downloadable”, issued November
`28, 2000 to Touboul, et al. (“the ‘494 Patent”)
`Select portions of the prosecution history of the ‘494 Patent (“File
`History”)
`Not Used
`U.S. Patent No. 6,157,721 entitled “Systems and Methods Using
`Cryptography to Protect Secure Computing Environments”, issued
`December 5, 2000 to Shear (“Shear”)
`U.S. Patent Application Serial No. 08/388,107, entitled “X,” filed
`February 13, 1995 by Ginter (“Ginter”)
`The prosecution history of U.S. Patent No. 7,613,926 (“’926 Patent
`File History”)
`Software Engineering a Practitioner’s Approach, Roger S. Pressman,
`3rd ed., 1992 (“Pressman”)
`“Network Firewalls,” IEEE Communications Magazine, Steven M.
`Bellovin and William R. Cheswick, September 1994 (“Bellovin”)
`Not Used
`Not Used
`
`4
`
`1001
`
`1002
`
`1003
`1004
`
`1005
`
`1006
`
`1007
`
`1008
`
`1009
`1010
`
`
`
`
`
`
`
`Exhibit #
`
`Description
`
`A Testbed for Malicious Code Detection: A Synthesis of Static and
`Dynamic Analysis Techniques, 14th Department of Energy Computer
`Security Group Conference Proceedings, R. Crawford et al., May 1991
`(“Crawford ‘91”)
`U.S. Patent No. 5,623,600 entitled “Virus Detection and Removal
`Apparatus for Computer Networks,” issued April 22, 1997 to Ji et al.
`(“Ji”)
`Dynamic Detection and Classification of Computer Viruses Using
`General Behavior Patterns, Virus Bulletin Conference, Morton
`Swimmer, September 1995 (“Swimmer”)
`Intentionally Left Blank
`“Microsoft and VeriSign Provide First Technology for Secure
`Downloading of Software Over the Internet,” Microsoft PressPass,
`August 7, 1996 (“MS-96”)
`U.S. Patent No. 6,195,587 entitled “Validity Checking,” issued
`February 27, 2001 to Hruska (“Hruska”)
`Automated Assistance for Detecting Malicious Code, Crawford et al.
`June 18, 1993 (“Automated Tools”)
`Listing of Related Patents
`Static Analysis Virus Detection Tools for Unix Systems, 13th National
`Computer Security Conference, Volume 1, Information Systems
`Security: Standards-the Key to the Future, Kerchen et al., 1990
`(“Kerchen”)
`Identifying and Controlling Undesirable Programs Behaviors, 14th
`National Computer Security Conference, King, October 1991
`(“King”)
`U.S. Provisional Application No. 60/030,639, entitled “System and
`Method for Protecting a Computer and a Network from Hostile
`Downloadables,” filed November 8, 1996, by Touboul et al. (“the ’639
`Provisional”)
`U.S. Application Serial No. 08/964,388 entitled “System and Method
`for Protecting a Computer and a Network from Hostile
`Downloadables,” filed November 6, 1997 by Touboul (“the ‘388
`Application”)
`
`5
`
`1011
`
`1012
`
`1013
`
`1014
`1015
`
`1016
`
`1017
`
`1018
`1019
`
`1020
`
`1021
`
`1022
`
`
`
`
`
`
`
`Exhibit #
`
`1023
`
`1024
`
`1025
`
`1026
`
`1027-
`1030
`1031
`
`
`
`Description
`
`PACL’s An Access Control List Approach to Anti-Virus Security,
`Wichers et al., 13th Nat’l Computer Security Conference, Proceedings,
`October 1-4, 1990 (“Wichers”).
`Java Security: From HotJava to Netscape and Beyond, Dean et al.,
`1996.
`Software Architecture To Support Misuse Intrusion Detection,
`Spafford et al., March 1995
`1996 CERT Advisories, Software Engineering Institute, Carnegie
`Mellon University.
`Intentionally Left Blank
`
`An Intrusion-Detection Model, Dorothy E. Denning, IEEE
`Transactions on Software Engineering, Vol. SE-13, No. 2, February
`1987 (“Denning”)
`
`III. My Background and Qualifications
`11.
`In 1986, I received a Bachelor of Science degree in Mathematics from
`
`the University of California, Irvine. In 1988, I received a Master of Science degree
`
`in Electrical Engineering and Computer Science from the University of Southern
`
`California. In 1994, I received a Doctor of Science degree in Computer Science
`
`from George Washington University.
`
`12. From 1985 to 1989, I worked as a Systems Engineer at Ultrasystems
`
`Defense and Space. At Ultrasystems, I designed and implemented large-scale
`
`simulation and network-based systems for the United States Department of
`
`Defense (“DoD”). A custom high-speed database server I designed and
`6
`
`
`
`
`
`
`
`implemented was used for real-time intelligence collection by the National
`
`Security Agency (“NSA”).
`
`13. From 1989 to September 1990, I worked as a Technical Lead at GTE
`
`Government Systems. While at GTE, I designed and implemented network load
`
`generators for OS/2 LAN Manager to measure network performance load metrics
`
`for the Central Intelligence Agency (“CIA”). I also developed X Windows
`
`interfaces for a large-scale multiuser event driven network database system.
`
`14. From 1990 to 1995, I worked as a Senior Security Engineer at Trusted
`
`Information Systems. While at Trusted Information Systems, I implemented
`
`Privacy Enhanced Mail (“PEM”) as defined in RFC 1113, 1114 and 1115 and was
`
`involved in the design and implementation of the Multipurpose Internet Mail
`
`Extensions (“MIME”) Object Security Services front end to PEM as specified in
`
`the PEM-MIME Internet Draft and subsequent RFC 1848. In connection with this
`
`work, I attended and closely followed security industry conferences, working
`
`groups and publications. I also designed and implemented high assurance security
`
`systems, including trusted operating systems and applications for NSA and the
`
`Defense Advanced Research Projects Agency (“DARPA”) and a secure email
`
`forwarder for the first whitehouse.gov email server. Based upon the TIS PEM
`
`(Trusted Information Systems –PEM), the White House mail forwarder inspected
`
`
`
`7
`
`
`
`
`
`email to ensure it was digitally signed and from an authorized sender. If the
`
`message was properly validated, the signed version was archived on the server and
`
`the de-enhanced email forwarded to the intended recipient. My work at Trusted
`
`Information Systems involved cryptography, multilevel systems, smartcards, and
`
`other cutting edge network and security technologies.
`
`15. From 1995 to 1999, I worked as Chief Scientist at DynCorp Network
`
`Solutions, where I served as senior internal consultant for a variety of projects. For
`
`example, I was architect and Technical Director of the IRS Secure Submission and
`
`Retrieval System that allowed the digitally signed and encrypted submission of tax
`
`data over the Internet. I also created a suite of security products for providing
`
`secure wide area access to database and application servers that was marketed and
`
`sold to the DoD and other parts of the federal government.
`
`16. Since 1999, I have been President and Chief Technology Officer of
`
`Paul C. Clark LLC/SecureMethods, Inc. SecureMethods specializes in the design,
`
`implementation, and deployment of advanced secure network applications for
`
`commercial and government clients, including the DoD. SecureMethods provides a
`
`comprehensive scalable, COTS-based secure architecture, implemented through
`
`the use of the SM Gateway. The SM Gateway is a next-generation security
`
`appliance developed by SecureMethods that is available on UNIX-based platforms
`
`
`
`8
`
`
`
`
`
`using commercial, government, and Type I cryptography, implemented in both
`
`hardware and software. In my capacity as President and Chief Technology Officer
`
`of SecureMethods, I have technical and operational oversight of all projects and
`
`corporate technical operations. I also provide guidance to senior technical
`
`personnel relating to design, implementation, and troubleshooting for a wide range
`
`of systems both internal and external. My work includes network systems and
`
`security, cryptographic applications, certification, key management, authentication,
`
`and integrity strategies for network applications. My firm specializes in complex
`
`software and hardware systems for commercial and DoD clients.
`
`17.
`
`I have also been a member of the Federal Advisory Committee for
`
`Key Management Infrastructure (“KMI”), serving as Chairman of the
`
`Interoperability Working Group for Cryptographic Key Recovery. I have also
`
`served as an adjunct professor in the Computer Science Department at George
`
`Washington University, where I have taught doctoral-level cryptography and
`
`computer security courses. I have also appeared before a Congressional committee
`
`to provide testimony on the “Advanced Technology for Border Control.”
`
`18.
`
`I have co-authored a number of publications in the computer and
`
`security areas, and I am a named inventor on two patents, U.S. Patent Nos.
`
`5,448,045 and 5,892,902.
`
`
`
`9
`
`
`
`
`
`19. My curriculum vitae, which includes a more detailed summary of my
`
`background and experience, is attached as Appendix A.
`
`IV. Person of Ordinary Skill in the Art (POSA)
`20.
`I am familiar with the knowledge and capabilities of one of ordinary
`
`skill in the art. Unless otherwise stated, my testimony below refers to the
`
`knowledge of one of ordinary skill in the art as of November 8, 1996, the earliest
`
`possible effective filing date of the ‘494 Patent.
`
`21.
`
`I have been informed and understand that a Person of Ordinary Skill
`
`in the Art (“POSA”) is a hypothetical person who is presumed to be aware of all
`
`pertinent prior art, thinks along conventional wisdom in the art, and is a person of
`
`ordinary creativity.
`
`22. With respect to the ’494 Patent, a POSA in the November 1996
`
`timeframe would have been familiar with security and network programming.
`
`That person would have a working knowledge of TCP/IP protocols and the World
`
`Wide Web. The experience and education levels may vary between persons of
`
`ordinary skill, with some persons having a Bachelor’s degree in computer science,
`
`computer programming, electrical engineering and four years of experience, and
`
`others holding a Master’s degree in electrical engineering, but having only one to
`
`
`
`10
`
`
`
`
`
`two years of experience, and yet others having no formal education but experience
`
`in computer programming of at least eight years.
`
`23. A POSA may work as part of a multi-disciplinary team and draw upon
`
`not only his or her own skills, but also take advantage of certain specialized skills
`
`of others on the team to solve a given problem.
`
`V. Relevant Legal Standards
`24.
`I am not a lawyer and will not provide any legal opinions. Although I
`
`am not a lawyer, I have been informed and understand that certain legal standards
`
`are to be applied by technical experts in forming opinions regarding the meaning
`
`and validity of patent claims. I have been asked to provide my opinions regarding
`
`whether the claims of the ‘494 Patent are anticipated or would have been obvious
`
`to a person having ordinary skill in the art at the time of the alleged invention, in
`
`light of the prior art.
`
`25.
`
`I have been informed and understand that, to anticipate a claim under
`
`35 U.S.C. § 102, a reference must teach every element of the claim either expressly
`
`or inherently to a person having ordinary skill in the relevant art.
`
`26. Further, I have been informed and understand that a patent claim is
`
`not patentable under 35 U.S.C. § 103 if the differences between the patent claim
`
`and the prior art are such that the claimed subject matter as a whole would have
`
`
`
`11
`
`
`
`
`
`been obvious at the time the claimed invention was made to a person having
`
`ordinary skill in the relevant art. Obviousness, as I have been informed and
`
`understand, is based on the scope and content of the prior art, the differences
`
`between the prior art and the claim, the level of ordinary skill in the art, and, to the
`
`extent that they exist, certain objective indicia of non-obviousness.
`
`27.
`
`I understand that objective indicia can be important evidence
`
`regarding whether a patent is obvious or nonobvious, if it has an appropriate nexus
`
`to the claimed invention, i.e., is a result of the merits of a claimed invention (rather
`
`than the result of design needs or market-pressure advertising or similar activities).
`
`Such indicia include: commercial success of products covered by the patent
`
`claims; a long-felt need for the invention; failed attempts by others to make the
`
`invention; copying of the invention by others in the field; unexpected results
`
`achieved by the invention as compared to the closest prior art; praise of the
`
`invention by the infringer or others in the field; the taking of licenses under the
`
`patent by others; expressions of surprise by experts and those skilled in the art at
`
`the making of the invention; and the patentee proceeded contrary to the accepted
`
`wisdom of the prior art.
`
`28.
`
`I have been informed that whether there are any relevant differences
`
`between the prior art and the claimed invention is to be analyzed from the view of
`
`
`
`12
`
`
`
`
`
`a person of ordinary skill in the relevant art at the time of the invention. As such,
`
`my opinions below as to a person of ordinary skill in the art are as of the time of
`
`the invention, even if not expressly stated as such; for example, even if stated in
`
`the present tense.
`
`29.
`
`In analyzing the relevance of the differences between the claimed
`
`invention and the prior art, I have been informed that I must consider the impact, if
`
`any, of such differences on the obviousness or non-obviousness of the invention as
`
`a whole, not merely some portion of it. The person of ordinary skill faced with a
`
`problem is able to apply his or her experience and ability to solve the problem and
`
`also look to any available prior art to help solve the problem.
`
`30.
`
`I have been informed that a precise teaching in the prior art directed to
`
`the subject matter of the claimed invention is not needed. I have been informed
`
`that one may take into account the inferences and creative steps that a person of
`
`ordinary skill in the art would have employed in reviewing the prior art at the time
`
`of the invention. For example, if the claimed invention combined elements known
`
`in the prior art and the combination yielded results that were predictable to a
`
`person of ordinary skill in the art at the time of the invention, then this evidence
`
`would make it more likely that the claim was obvious. On the other hand, if the
`
`combination of known elements yielded unexpected or unpredictable results, or if
`
`
`
`13
`
`
`
`
`
`the prior art teaches away from combining the known elements, then this evidence
`
`would make it more likely that the claim that successfully combined those
`
`elements was not obvious.
`
`31.
`
`I have been informed and understand that there are recognized,
`
`exemplary, rationales for combining or modifying references to show obviousness
`
`of claimed subject matter. Some of the rationales include the following:
`
`combining prior art elements according to known methods to yield predictable
`
`results; simple substitution of one known element for another to yield predictable
`
`results; use of a known technique to improve a similar device (method or product)
`
`in the same way; applying a known technique to a known device (method or
`
`product) ready for improvement to yield predictable results; choosing from a finite
`
`number of identified, predictable solutions, with a reasonable expectation of
`
`success; known work in one field of endeavor may prompt variations of it for use
`
`in either the same field or a different one based on design incentives or other
`
`market forces if the variations are predictable to one of ordinary skill in the art; and
`
`some teaching, suggestion, or motivation in the prior art that would have led one of
`
`ordinary skill to modify the prior art reference or to combine prior art teachings to
`
`arrive at the claimed invention.
`
`
`
`14
`
`
`
`
`
`VI. The ‘494 Patent
`A.
`Summary
`32. The ’494 Patent generally relates to the protection of computers from
`
`potentially undesirable or suspicious software programs or code, referred to as
`
`“Downloadables,” that are received over a network. CS-1001 Abstract, 1:59-63,
`
`2:22-3:9. According to the ‘494 Patent, a Downloadable is “received information
`
`[that] includes executable code.” CS-1001 3:3-8, 4:5-14, 5:64-6:2, 9:46-52, 15:22-
`
`39. Some examples of Downloadables described in the ‘494 Patent specification
`
`include the following: distributed components; Java applets; JavaScript scripts;
`
`ActiveX controls; and VisualBasic scripts. CS-1001 Abstract, 2:22-30 & 59-64,
`
`9:46-52. The written description of the ‘494 Patent does not include the term
`
`“scanner”, nor does it describe a scanner “for deriving security profile data” as
`
`recited in the claims. However, other patent applications to which the ‘494 Patent
`
`claims priority (e.g., the ’639 Provisional, CS-1021, and the ‘388 Application, CS-
`
`1022) provide the disclosure corresponding to how the Downloadable security
`
`profile (called the “DSP” in the ‘388 Application) is derived – but those
`
`applications only refer to “conventional” techniques for the details. For example,
`
`the ’388 Application explains that a Downloadable is “received from [an] external
`
`computer network” and delivered to a “code scanner” that “uses conventional
`
`
`
`15
`
`
`
`
`
`parsing techniques to decompose the code (including all prefetched components)
`
`of the Downloadable into the DSP data 310.” CS-1022 p. 10 ll. 6-10, p. 12 ll. 11-
`
`17 (emphasis supplied), p. 20 l. 14- p. 21 l. 6, FIG. 7; CS-1021 p. 19, ll. 16-20.
`
`33. Moreover, the ‘388 Application explains that after the Downloadable
`
`is decomposed, the code scanner identifies the operations that the code performed
`
`(such as “read” and “send”). The ‘388 Application also describes that the code
`
`scanner “may search the code for any pattern.” This described functionality of the
`
`code scanner was already known in the prior art. For example, identifying the
`
`operations that computer code performs was a common prior art technique, as
`
`described in Shear and Kerchen, described below.
`
`34. Likewise, the functionality of searching the code by using “pattern
`
`matching” was a common prior art technique used in “static analysis,” as described
`
`in the State of the Art Section. In static analysis, the “binary or source code” was
`
`examined to detect the presence of malicious sections in programs by code pattern
`
`matching – i.e., matching patterns of code from the downloadable program with
`
`code that is known to be harmful. CS-1011 pp. 17-4, 17-5. In other words, the
`
`data for the security profile is generated using “conventional” techniques by a
`
`“code scanner” (which was a known device using commonly used techniques).
`
`
`
`16
`
`
`
`
`
`35. The written description of the ‘494 Patent only uses the term
`
`“suspicious” once in describing that the goal of the present invention is to prevent
`
`a computer from “harmful, undesirable, suspicious, or other ‘malicious’
`
`operations.” CS-1001 2:52-56.
`
`36.
`
` The ‘388 Application uses the term “suspicious” broadly to include
`
`the concepts of “hostile, potentially hostile, undesirable, potentially undesirable,
`
`etc.” CS-1022 p. 7 ll. 12-16. In one embodiment of the ‘388 Application, the DSP
`
`data is “a list of all operations in the Downloadable code which could ever be
`
`deemed potentially hostile.” CS-1022 p. 20 ll. 14-20.
`
`37. The ‘494 Patent has very little discussion of storing a Downloadable
`
`or its DSP in a database as recited in the claims, and does not distinguish the
`
`claimed database from other types of storage means. (“Any suitable explicit or
`
`referencing list, database or other storage structure(s) or storage structure
`
`configuration(s) can also be utilized to implement a suitable user/device based
`
`protection scheme, such as in the above examples, or other desired protection
`
`schema.”) CS-1001 17:10-14.
`
`38. The ’639 Provisional describes that the Downloadable and its DSP
`
`data may be stored, for example, in a database. CS-1021, p. 20, 1. 12-16 (“the non-
`
`hostile Downloadable is stored in known Downloadable’s 307 and its
`
`
`
`17
`
`
`
`
`
`corresponding DSP data is stored in DSP data 310.”) p. 22, 1. 15-21; p. 17, 1. 13-
`
`19 (describing items 307 and 310 as portions of a “security database”); CS-1022 p.
`
`13 ll. 16-19. Neither the ‘639 Provisional nor ‘494 Patent specification purports to
`
`disclose anything inventive relating to the database recited in the claims; instead it
`
`appears to be one of many suitable storage means.
`
`39.
`
`In summary, the ‘494 Patent does not describe the claimed “scanner”
`
`that is for deriving security profile data (i.e., a list of potentially suspicious
`
`operations) associated with a program. Rather the ‘494 Patent relies on the
`
`disclosure of the ‘388 Application. The ‘388 Application, in turn, describes
`
`“conventional parsing techniques” for deriving such data. CS-1021 p. 19, 1. 16-20;
`
`CS-1022 p. 12 ll. 11-17. Based on the relevant ‘494 Patent disclosures, therefore,
`
`the purported novelty of the ‘494 Patent claims cannot be based on the concept of
`
`deriving security profile data nor any specific technique for doing so; the relevant
`
`disclosure describes previously used techniques for deriving this data from a
`
`Downloadable. Nor does the disclosure regarding the database suggest that there is
`
`anything inventive about using a database versus any other storage means. Instead,
`
`the novelty would have to hinge on the fact that the security profile data is derived
`
`for “an incoming Downloadable”. This feature, however, was also well-known and
`
`commonly used to protect computer systems long before the ‘494 Patent.
`
`
`
`18
`
`
`
`
`
`
`
`B.
`40.
`
`Priority Date of Claims
` For the purpose of this inter partes review, I have been instructed to
`
`assume that the effective filing date of each of the Challenged Claims is no earlier
`
`than the filing of the ‘639 provisional, i.e., November 8, 1996.
`
`
`
`VII. State of the Art
`41. The following section describes the state of the art in computer
`
`security systems as of November 1996. These prior art references, and discussions
`
`of what was known to a POSA, provide the factual support for the general
`
`description of the state of the art at the time of the invention, provide motivation to
`
`modify the primary references with the knowledge of a POSA or other references
`
`cited herein, rebut any claims of unpredictability in the art, and rebut any claims of
`
`unexpected results. Accordingly, these references should properly be considered
`
`by the Board.
`
`A. Malicious Code in Executable Programs
`42. By the mid-1990s, it was known that the Internet, or the world wide
`
`web, had become an integral part of the development and progress of computer
`
`technology. Newly created websites were able to easily send and receive files,
`
`formulate and execute queries to databases using search engines, send and receive
`19
`
`
`
`
`
`
`
`audio and video, and distribute data and multimedia resources worldwide. CS-
`
`1015 p. 2.
`
`43. The world wide web was largely based on a client/server architecture,
`
`in which (i) web servers host websites and (ii) web clients running web browser
`
`software interacted with the web servers through downloadable programs that
`
`enabled features and functionality to the web clients. It was well-known, however,
`
`that this web client/server architecture provided an entry point for hostile computer
`
`programs, viruses and bugs, which could infect and disrupt the normal operation of
`
`computer systems. CS-1015 p. 1.
`
`44. Much of the technology that made this malicious functionality
`
`possible consisted of small, easily downloaded programs that, when executed by
`
`the web client, interacted with the web client’s browser to display media content.
`
`These “executable” programs came in a variety of forms. Some were special-
`
`purpose miniature applications, or “applets,” which were written in Java (Java is a
`
`programming language first developed by Sun Microsystems). CS-1024 sec. 1.
`
`Others were developed using ActiveX, a Microsoft technology that programmers
`
`used for similar purposes. CS-1015 p. 1-2.
`
`45. Both Java and ActiveX made extensive use of software modules, or
`
`“objects.” Programmers could either wr
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
