Trials@uspto.gov
`571-272-7822
`
`
`Paper 33
`Entered: May 23, 2019
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`CISCO SYSTEMS, INC.,
`Petitioner,
`
`v.
`
`FINJAN, INC.,
`Patent Owner.
`____________
`
`Case IPR2018-00391
`Patent 7,647,633 B2
`____________
`
`
`
`Before THOMAS L. GIANNETTI, MIRIAM L. QUINN, and
`PATRICK M. BOUCHER, Administrative Patent Judges.
`
`QUINN, Administrative Patent Judge.
`
`
`
`FINAL WRITTEN DECISION
`35 U.S.C. § 318
`
`
`
`
`
`
`571-272-7822
`
`
`Paper 33
`Entered: May 23, 2019
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`CISCO SYSTEMS, INC.,
`Petitioner,
`
`v.
`
`FINJAN, INC.,
`Patent Owner.
`____________
`
`Case IPR2018-00391
`Patent 7,647,633 B2
`____________
`
`
`
`Before THOMAS L. GIANNETTI, MIRIAM L. QUINN, and
`PATRICK M. BOUCHER, Administrative Patent Judges.
`
`QUINN, Administrative Patent Judge.
`
`
`
`FINAL WRITTEN DECISION
`35 U.S.C. § 318
`
`
`
`
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`
`I.
`INTRODUCTION
`We instituted inter partes review pursuant to 35 U.S.C. § 314 to
`review claims 14, 8, and 1114 of U.S. Patent No. 7,647,633 B2 (“the ’633
`patent”), owned by Finjan, Inc. We have jurisdiction under 35 U.S.C. § 6.
`This Final Written Decision is entered pursuant to 35 U.S.C. § 318(a) and 37
`C.F.R. § 42.73. For the reasons discussed below, Petitioner has shown by a
`preponderance of the evidence that claims 14, 8, and 1113 of the ’633
`patent are unpatentable. Petitioner, however, has not shown by a
`preponderance of the evidence that claim 14 of the ’633 patent is
`unpatentable.
`
`II.
`
`BACKGROUND
`
`A. RELATED MATTERS
`The parties identify several district court cases (N.D. Cal.) involving
`the ʼ633 patent. Pet. 5; see also Paper 4. The ’633 patent also has been the
`subject of various proceedings at the USPTO, including Palo Alto Networks,
`Inc. v. Finjan, Inc., Case IPR2015-01974 (PTAB), in which the Board issued
`a Final Written Decision concerning claims 14 and 19 of the ’633 patent.
`Paper 4; Ex. 2002. The ’633 patent also has been the subject of an ex parte
`reexamination (Control No. 90/013,016). Ex. 2001.
`
`B. THE ’633 PATENT (EX. 1001)
`The ’633 patent relates to a system and a method for protecting
`network-connectable devices from undesirable downloadable operations.
`Ex. 1001, 1:3033. The patent describes that “[d]ownloadable information
`comprising program code can include distributable components (e.g.
`
`2
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`JAVATM applets and JAVAScript scripts, ActiveXTM controls, Visual Basic,
`add-ins and/or others).” Id. at 1:6063. Protecting against only some
`distributable components does not protect against application programs,
`Trojan horses, or zip or meta files, which are other types of “Downloadable
`information.” Id. at 1:632:2. The ’633 patent “enables more reliable
`protection.” Id. at 2:2728. According to the Summary of the Invention,
`In one aspect, embodiments of the invention provide for
`determining, within one or more network “servers” (e.g.
`firewalls,
`resources, gateways, email
`relays or other
`devices/processes that are capable of receiving-and-transferring
`a Downloadable) whether received
`information
`includes
`executable code (and is a “Downloadable”). Embodiments also
`provide for delivering static, configurable and/or extensible
`remotely operable protection policies to a Downloadable-
`destination, more typically as a sandboxed package including
`the mobile protection code, downloadable policies and one or
`more received Downloadables. Further client-based or remote
`protection code/policies can also be utilized in a distributed
`manner. Embodiments also provide for causing the mobile
`protection code to be executed within a Downloadable-
`destination in a manner that enables various Downloadable
`operations to be detected, intercepted or further responded to
`via protection operations.
` Additional server/information-
`destination device security or other protection is also enabled,
`among still further aspects.
`
`Id. at 2:3957.
`
`C. ILLUSTRATIVE CLAIMS
`Challenged claims 1, 8, 13, and 14 of the ’633 patent are independent.
`Illustrative claims 1 and 14 are reproduced below.
`1. A computer processor-based method, comprising:
`receiving, by a computer, downloadable-information;
`determining, by the computer, whether the
`
`3
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`
`downloadable-information includes executable code; and
`based upon the determination, transmitting from the
`computer mobile protection code to at least one information-
`destination of the downloadable-information, if the
`downloadable-information is determined to include executable
`code.
`
`14. A computer program product, comprising a
`computer usable medium having a computer readable program
`code therein, the computer readable program code adapted to be
`executed for computer security, the method comprising:
`providing a system, wherein the system comprises
`distinct software modules, and wherein the distinct software
`modules comprise an information re-communicator and a
`mobile code executor;
`receiving, at the information re-communicator,
`downloadable-information including executable code; and
`causing mobile protection code to be executed by the
`mobile code executor at a downloadable-information
`destination such that one or more operations of the executable
`code at the destination, if attempted, will be processed by the
`mobile protection code.
`
`Id. at 20:5462, 21:58–22:5. We refer to the three steps of claim 1
`as the “receiving step,” the “determining step,” and the “transmitting
`step,” respectively.
`
`D. PROCEDURAL HISTORY
`Petitioner, Cisco Systems, Inc., filed a Petition for inter partes review
`challenging claims 14, 8, and 1114 of the ’633 patent. Paper 1 (“Pet.”).
`Patent Owner, Finjan, Inc., filed a Preliminary Response. Paper 6 (“Prelim.
`Resp.”). On June 5, 2018, we determined that Petitioner had shown a
`reasonable likelihood of prevailing on its unpatentability challenge as at
`least one claim, and we instituted trial. Paper 7 (“Dec. on Inst.”).
`
`4
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`
`During trial, Patent Owner filed a Patent Owner Response (Paper 12
`(“PO Resp.”)) and Petitioner filed a Reply (Paper 16 (“Reply”)). Patent
`Owner requested authorization to file a Sur-reply, which we granted. Paper
`18; Paper 22 (“Sur-reply”). Both parties filed Motions to Exclude and
`corresponding responsive papers. Papers 19, 23, 24, 2729. We heard oral
`argument on March 6, 2019, a transcript of which is filed in the record.
`Paper 32 (“Tr.”).
`
`E. EVIDENCE OF RECORD
`Petitioner relies upon the following references as evidence of prior art:
`1) Hanson: PCT Published Application WO 98/31124, published on
`July 16, 1998 (Exhibit 1004);
`2) Hyppӧnen: U.S. Patent No. 6,577,920 B1, issued on June 10, 2003
`(Exhibit 1005); and
`3) Touboul: PCT Published Application WO 98/21683 (Exhibit
`1007).
`In addition, Petitioner supports its contentions with the Declaration of
`Paul Clark, Ph.D. Ex. 1003 (“Clark Declaration”). With its Patent Owner
`Response, Patent Owner provides a Declaration of Nenad Medvidovic,
`Ph. D. Ex. 2008 (“Medvidovic Declaration”).
`
`F. GROUNDS OF UNPATENTABILITY
`The following grounds of unpatentability are at issue (Pet. 32):
`Claim(s)
`Basis
`References
`14, 8, 11, 13, 14 § 103
`Hanson and Hyppӧnen
`12
`§ 103
`Hanson, Hyppӧnen, and
`Touboul
`
`
`
`5
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`
`III. ANALYSIS
`
`A. CLAIM CONSTRUCTION
`The Board interprets claim terms of an unexpired patent using the
`“broadest reasonable construction in light of the specification of the patent.”
`37 C.F.R. § 42.100(b) (2018);1 see Cuozzo Speed Techs., LLC v. Lee, 136 S.
`Ct. 2131, 2144–46 (2016). We presume a claim term carries its “ordinary
`and customary meaning,” which is the meaning “the term would have to a
`person of ordinary skill in the art” at the time of the invention. In re
`Translogic Tech., Inc., 504 F.3d 1249, 1257 (Fed. Cir. 2007) (citation
`omitted).
`With regard to terms drafted in means-plus-function language,
`“[a]pplication of § 112, ¶ 6 requires identification of the structure in the
`specification which performs the recited function.” Micro Chemical, Inc., v.
`Great Plains Chemical Co., Inc., 194 F.3d 1250, 1257 (Fed. Cir. 1999); see
`also 37 C.F.R. § 42.104(b)(3). Further, the statute does not permit
`“incorporation of structure from the written description beyond that
`necessary to perform the claimed function.” Id. at 1258.
`1. Means-Plus-Function Terms
`Claim 13 recites limitations written in means-plus-function format. In
`our Decision on Institution, we reviewed the parties’ proposed constructions
`for these terms. Dec. on Inst. 59; Pet. 2022; Prelim. Resp. 1113. We
`
`
`1 A recent amendment to this rule does not apply here because the Petition
`was filed before November 13, 2018. See Changes to the Claim
`Construction Standard for Interpreting Claims in Trial Proceedings Before
`the Patent Trial and Appeal Board, 83 Fed. Reg. 51,340 (Oct. 11, 2018)
`(amending 37 C.F.R. § 42.100(b) effective November 13, 2018).
`
`6
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`preliminarily determined for each term the structure corresponding to the
`recited function as follows:
`Term
`
`means for receiving
`downloadable-information
`means for determining whether
`the downloadable-information
`includes executable code
`
`means for causing mobile code
`to be communicated to at least
`one information-destination of
`the downloadable-information,
`if the downloadable-
`information is determined to
`include executable code
`
`Board’s Preliminary Claim
`Construction (Structure)
`Re-communicating device,
`such as a server or firewall
`Protection engine (Fig 3) in a
`re-communicating device,
`such as a server or firewall; or
`
`Detection engine (Fig. 4)
`within a protection engine in a
`re-communicating device,
`such as a server or firewall
`Protection engine (Fig 3) in a
`re-communicating device,
`such as a server or firewall; or
`
`Transfer engine (Fig. 4)
`within the protection engine
`in a re-communicating device,
`such as a server or firewall
`
`
`Dec. on Inst. 59. Neither party raises any disputes concerning the proper
`scope of these terms. Accordingly, we adopt our preliminary claim
`construction as indicated above and for the reasons stated in our Decision on
`Institution. Id.
`2. Prior Board Claim Constructions
`In our Decision on Institution, we noted that the Board has previously
`had occasion to analyze two claim terms recited in the ’633 patent. First, we
`noted that a panel of the Board issued a Decision on Appeal in connection
`with the reexamination (Control No. 90/013,016) of the ’633 patent.
`Ex. 2001. Regarding the “determining whether” phrase, the Decision on
`
`7
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`Appeal states: “In order to disclose determining whether the downloadable-
`information includes executable code, [the prior art] must disclose
`distinguishing between two alternative possibilities: executable code is
`included in the downloadable-information, and executable code is not
`included in the downloadable-information.” Id. at 5.2 Petitioner does not
`address this prior Board Decision in its Petition. Patent Owner does not
`further address the construction of this term in its Response. Petitioner, in
`its Reply and during oral argument, asserts that “the claim term should be
`given its plain and ordinary meaning,” but otherwise does not propose any
`particular construction for the term. Reply 6; Tr. 17:1320:22 (arguing also
`that the Board does not need to construe the term because the prior art shows
`the limitation under any reasonable construction of the term). Because
`resolution of the scope of the phrase “determining whether” is not necessary
`to our determination, we do not discuss this term further. See Nidec Motor
`Corp. v. Zhongshan Broad Ocean Motor Co., 868 F.3d 1013, 1017 (Fed.
`Cir. 2017); Vivid Techs., Inc. v. Am. Sci. & Eng’g, Inc., 200 F.3d 795, 803
`(Fed. Cir. 1999) (“[O]nly those terms need be construed that are in
`controversy, and only to the extent necessary to resolve the controversy.”)
`Second, our Decision on Institution noted that we issued a Final
`Written Decision in IPR2015-01974 (Paper 49, March 15, 2017) in which
`we construed “executable code” in the phrase recited in claims 14 and 19 of
`the ’633 patent, in the context of the surrounding claim language and the
`Specification, to mean that the “the executable code whose operations are
`processed by the mobile protection code at the destination is the same as the
`executable code received, i.e., it undergoes no modification.” Ex. 2002, 18
`
`2 See Ex. 1001, 9:5257, Fig. 3.
`
`8
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`(emphasis added). Petitioner mentions the “no modification” requirement
`while contending that the prior art meets the claim language, but does not
`argue the meaning of the claim language further. Pet. 57 n.5. Neither party
`urges that we revisit the construction of the “executable code” phrase of
`claim 14 (“causing mobile protection code to be executed . . . at the
`downloadable-information destination such that one or more operations of
`the executable code at the destination, if attempted, will be processed by
`mobile protection code”). Accordingly, we adopt our prior determination
`here.
`3. “information re-communicator” and “information monitor”
`Patent Owner proposes construction for these terms as follows (PO
`Resp. 11, 14):
`Term
`Information re-communicator
`
`Patent Owner’s Proposal
`A computing device that receives
`downloadable-information from an
`external network and then sends it on
`to its destination
`A component of an information re-
`communicator that monitors
`downloadable-information from an
`external network
`
`Information monitor
`
`
`
`The particular dispute concerning these terms focuses on whether the
`downloadable-information must be received from an external network.
`Asserting the terms so require, Patent Owner argues that Hanson does not
`disclose the limitation because Petitioner relies on “downloadable-
`information” that is received from an internal company network. PO Resp.
`2526 (relying on Medvidovic Decl. ¶ 71). Petitioner responds that the
`recited re-communicator is a server. Reply 4 (citing Ex. 1001, 2:6063).
`
`9
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`Petitioner also argues that the Specification describes an embodiment in
`which a “user-device” could be configured as a firewall or server and
`therefore would receive information from an internal network. Id. (citing
`Ex. 1001, 7:4362).
`We agree with Petitioner that the “information re-communicator” is
`not limited to receiving downloadable-information from an external
`network. First, the claims are silent as to the source of the “downloadable-
`information.” Therefore, from the plain meaning of the claim language,
`there is no requirement that the “re-communicator” receive downloadable-
`information from an external network. Second, the Specification describes
`consistently a server or a firewall as a “re-communicator.” These
`descriptions are general, and do not restrict the server or firewall to
`processing the downloadable-information solely to that coming from an
`“external network.” For instance, the Abstract states that a “protection
`engine embodiment provides, within a server, firewall or other suitable ‘re-
`communicator,’ for monitoring information received by the communicator.”
`Ex. 1001, Abst. As another example, Figure 9 depicts, at step 901, “Monitor
`re-communicator (e.g., server) operation.” Id. at Fig. 9. And significantly,
`in the Summary of the Invention, the Specification identifies a “server” as
`synonymous with “re-communicator” without limitation: “one or more
`network servers, firewalls or other network connectable information re-
`communicating devices (as are referred to herein summarily [as] one or
`more ‘servers’ or ‘re-communicators’).” Id. at 2:5862; see also id. at
`5:3436 (“Embodiments provide, within one or more ‘servers’ (e.g.,
`firewalls, resources, gateways, email relays or other information re-
`communicating devices)”), 7:25 (“system 104a . . . can include a
`
`10
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`protection-initiating host ‘server’ or ‘re-communicator’ (e.g., ISP server
`140a), 7:5052 (“(i.e., as a ‘re-communicator’ or ‘server’)”), 18:3335 (“a
`protection engine monitors the receipt, by a server or other re-communicator
`of information, and receives such information intended for a protected
`information-destination (i.e., a potential Downloadable)”).
`The broad description of the “re-communicating” devices as, for
`example, servers, leads us to the conclusion that the “information re-
`communicators” of claims 2, 9, 10, and 14 are generally devices or processes
`that “re-communicate” the received information, much like a server,
`firewall, gateway, or other device that transfers the received information.
`See, e.g., id. at 7:811 (“IPS server 140a includes one or more email,
`Internet or other servers 141a, or other devices or processes capable of
`transferring or otherwise ‘re-communicating’ downloadable information to
`user devices 145.”). Thus, we conclude that the term “information re-
`communicator” is not limited to receiving “downloadable-information” from
`an external network. Because the “information monitor” term (claim 8),
`likewise, is recited as “receiving downloadable-information by a computer”
`without requiring any specific network source, this term also is not limited to
`an external network.
`4. “downloadable-information”
`Patent Owner contends that the term “downloadable-information”
`means “information which is downloaded from a source computer which
`may or may not include executable code.” PO Resp. 10. Patent Owner
`relies on the Medvidovic Declaration in support of its construction. Id.
`(citing Medvidovic Decl. ¶ 45). Patent Owner argues that Dr. Clark
`
`11
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`provided support for its contention during cross-examination by giving the
`following testimony:
`Q. So how do you interpret the term “downloadable
`information”?
`
`A. As it says in paragraph 32 and as we discussed earlier, it
`explains that downloadable information includes data that
`can be downloaded and that may or may not include
`executable code.
`
`Q. What does the term “download” mean?
`
`A. Generally to retrieve something from a server.
`
`Id. (quoting Ex. 1027, 44:2045:6) (emphasis by Patent Owner). The
`dispute centers on whether the downloadable-information is limited only to
`data that is capable of being downloaded. See PO Resp. 23 (arguing that
`Hanson’s “request for server resources” are not “data that can be
`downloaded and that may or may not include executable code”).
`Petitioner, in response, focuses on whether the claim term requires a
`source computer. Reply 3. But, more importantly, Petitioner argues that we
`need not construe the term because the asserted prior art teaches
`“downloadable-information” under any reasonable interpretation. Id. at 4.
`We agree with Petitioner that we need not construe the term because, as
`discussed below, Petitioner has shown that prior art teaches the limitation,
`even under Patent Owner’s interpretation.
`
`B. PRINCIPLES OF LAW AND LEVEL OF ORDINARY SKILL IN THE ART
`A claim is unpatentable under 35 U.S.C. § 103(a) if the differences
`between the claimed subject matter and the prior art are such that the subject
`matter, as a whole, would have been obvious at the time the invention was
`
`12
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`made to a person having ordinary skill in the art to which said subject matter
`pertains. KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 406 (2007). The
`question of obviousness is resolved on the basis of underlying factual
`determinations including (1) the scope and content of the prior art; (2) any
`differences between the claimed subject matter and the prior art; (3) the level
`of skill in the art; and, (4) where in evidence, so-called secondary
`considerations, including commercial success, long-felt but unsolved needs,
`failure of others, and unexpected results. Graham v. John Deere Co.,
`383 U.S. 1, 1718 (1966) (“the Graham factors”).
`As to the level of ordinary skill in the art, Petitioner provides
`testimony from Dr. Clark that a person of ordinary skill in the art would
`have had a working knowledge of downloading information from the World
`Wide Web, the vulnerability of downloadable-information to contain
`malicious operations, and methods for preventing the execution of malicious
`operations. Clark Decl. ¶ 21. Dr. Clark opines that a person of ordinary
`skill in the art would have gained the requisite knowledge and experience
`through education, such as a Bachelor’s degree in computer science,
`computer programming, electrical engineering, and four years of experience
`in programming, or by obtaining a Master’s degree in electrical engineering,
`but having only one to two years of programming experience. Id. Dr. Clark
`also opines that a person of ordinary skill in the art may have had no formal
`education, but may have gained the requisite level of knowledge through
`eight years of computer programming experience. Id. Patent Owner’s
`expert, Dr. Medvidovic, acknowledges the opinion of Dr. Clark and states
`his opinions “would be the same if rendered from the perspective of a person
`of ordinary skill in the art set out by Dr. Clark.” Medvidovic Decl. ¶ 38.
`
`13
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`Accordingly, we adopt the level of ordinary skill in the art articulated by Dr.
`Clark.
`
`C. OVERVIEW OF HANSON AND HYPPӦNEN
`For all independent claims, Petitioner relies on Hanson or Hanson and
`Hyppӧnen as teaching all the recited limitations. An overview of these
`references follows.
`1. Hanson
`Hanson is an international application published under the Patent
`Cooperation Treaty as WO 98/31124 (published July 16, 1998). Ex. 1004,
`(11), (43). Hanson is directed to client/server computer communication over
`an internetwork system and to improved access of firewall protected servers.
`Id. at 1, 35. Hanson notes the problem of growing Internet use with respect
`to security, particularly for “internal company computers being
`compromised by an external entity.” Id. at 2:59. Hanson describes that
`security of internal computers is provided by a firewall, which is a filter that
`blocks communication in both directions: “input to the internal network of
`the company and output to the Internet.” Id. at 2:914. Hanson also
`describes further security provided by a proxy server, which behaves as a
`relay between an internal network and the Internet for communication
`requests initiated inside the company’s network. Id. at 2:1517. Proxy
`servers trust all internal computers and assume that communication from an
`internal computer (to the proxy server) will not compromise security of other
`internal computers. Id. at 2:1820. Hanson, however, recognizes that
`communications received from computers on the Internet at large are a
`
`14
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`security threat, especially for a company that selectively wants to share
`internal company resources on the Internet. Id. at 2:2024.
`Hanson aims to provide secure two-way data communication over the
`Internet without having to open the firewall or installing a new network open
`to the Internet. Id. at 2:323:6. Figure 2, reproduced below, illustrates the
`components of Hanson’s system.
`
`
`
`Figure 2 depicts a network system for secured communication
`between a requester or client 15 and servers 20, protected by firewall 22. Id.
`at 4:1618. Figure 2 also illustrates bastion server 18, which includes
`internal address file 26 and rules file 24 stored in memory. Hanson
`describes that when client 15 sends a data packet identifying any server 20,
`behind firewall 22, as the destination, the data packet is delivered first to
`
`15
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`bastion server 18. Id. at 5:216. The address of server 20 is resolved at
`bastion server 18 because internal address file 26 contains the server names
`of servers 20. Id. at 6:910. If an internal address matching the desired
`server is found in internal address file 26, the received packet “is checked
`against rules contained within the rules file.” Id. at 6, 1617. Rules file 24
`“provides a predetermined set of rules for maintaining secured
`communication of data packets passing in both directions through bastion
`server 18.” Id. at 5:810. “The rule checks include certain security[]
`programs that operate upon received data packets and, particularly data
`packets that are or include programs.” Id. at 6:2223. In particular, Hanson
`describes the rules with respect to Table 3, reproduced below.
`
`
`Table 3 illustrates an example set of rules for checking data packets
`passing through bastion server 18. Id. at 9:23. Hanson explains that the
`bastion server checks data packets against known viruses and data errors by
`checking against the files “viruses.dat” and “ps_error.dat.” Id. at 1014.
`
`16
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`The rules file also includes “JAVA Checks” and “Active X Checks.” Id. at
`Table 3, 10:88, 11:36. Hanson describes the “JAVA Checks” code line of
`Table 3 as indicating the JAVA class files that execute “if the bastion
`receives a JAVA applet as or in a data packet.” Id. at 10:89. In particular,
`Hanson describes that each of the class files indicated performs “specific
`checks of received JAVA applets.” Id. at 10:910. For the “security.class”
`program, Hanson states that this program “performs security operations
`similar to that performed by a complete, secure JAVA virtual machine.” Id.
`at 1314. The program performs “protective illegal operation overrides by
`attaching itself to the applet being sent in the data packet.” Id. at 10:1416.
`“When the applet intended for the recipient is run at the destination client or
`server, ‘security.class’ is run simultaneously.” Id. at 10:1617. With regard
`to the “Active X Checks” code line of Table 3, Hanson explains that
`“security.ocx,” similar to the description of JAVA Checks, “attaches to an
`Active X program destined for a client or server.” Id. at 11:67. “This
`program is run at the destination client or server and behaves similar to a
`common virus checking program.” Id. at 11:78. It monitors the execution
`of the Active X program that is running on the destination client or server so
`that if the Active X program attempts a destructive operation, the
`“security.ocx” program stops execution and warns the client or server user
`that the Active X program attempted an illegal operation. Id. at 11:812.
`2. Hyppӧnen
`Hyppӧnen, titled “Computer Virus Screening,” is directed to
`screening of computer data for viruses, and more particularly, macro viruses.
`Ex. 1005, [54], 1:68. Hyppӧnen describes the evolution of computer
`viruses from the 1980s and mid-1990s as consisting of a piece of executable
`
`17
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`code that attached itself to a bona fide computer program. Id. at 1:1116.
`To detect computer programs infected by viruses, a computer software “in
`general relied as a first step upon identifying those data files which contain
`executable code, e.g., .exe, .com, .bat.” Id. at 1:2629. The second step,
`once identified, was to search the files for signatures of known viruses. Id.
`at 1:2933. With the growing use of Microsoft Office, new viruses
`emerged, particularly those that infect macro files. Id. at 1:4156. Macro
`files are used, for example, in templates, to provide customized tool bars,
`and are embedded in files with the extension “.dot” or in Microsoft Office
`files, or “.doc” files. Id. at 1:4653.
`Hyppӧnen’s system “effectively block[s] the transfer and/or
`processing of files which contain a previously unidentified (either to the
`local user or to the software produced) macro virus.” Id. at 2:4044.
`Hyppӧnen provides a file system driver that detects a file system event,
`which involves writing, reading or copying of a file.” Id. at 4:3739,
`5:2327. The file system driver enables file system events to proceed
`normally, or prevents file system events and issues appropriate alert
`messages to the file system. Id. at 4:4449. After detecting a file system
`event, Hyppӧnen determines if the file involved includes a macro by
`examining the file name extension (e.g., to identify “.dot” or “.doc” files)
`“and/or scanning the file for embedded macros.” Id. at 5:2532. Hyppӧnen
`determines a signature for the found macro(s) and checks its database(s) to
`ascertain whether the macro has a known virus or is an unknown macro that
`warrants further scrutiny. Id. at 5:2962. If the signature obtained
`corresponds to a known virus, the file system event is suspended. Id. at
`
`18
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`5:3339. If the signature obtained is of a known, benevolent macro, the file
`system is allowed to proceed. Id. at 5:4349. If no virus is found, and the
`macro is unknown and unverifiable, Hyppӧnen suspends the event. Id. at
`5:5361.
`Hyppӧnen explains that its file system driver may be arranged to
`screen files for viruses other than macro viruses. Id. at 6:67. Hyppӧnen
`further describes the file system event as receiving all file access traffic, not
`just that of a hard disk. Id. at 6:911. For example, the file system drive
`may also process floppy disk data transfers, network data transfer, and
`CDROM data transfers. Id. at 6:1116.
`
`D. ANALYSIS OF INDEPENDENT CLAIMS 1, 8, AND 13
`The parties extensively focus their arguments on the determining step
`of claim 1. Claim 1 recites “determining, by the computer, whether the
`downloadable-information includes executable code.” Claim 8 recites a
`content inspection engine as performing the determining step recited in
`claim 1. And claim 13 recites a means for determining, where the function
`is the determining step recited in claim 1. Although not the first-recited
`limitation in the claims, we begin our analysis with the determining step,
`given the prominent role of this limitation in this proceeding. The Petition
`relies on Hanson alone or in combination with Hyppӧnen as disclosing the
`determining step. Pet. 4854. We find that Petitioner did not prove that
`Hanson alone teaches the determining step. We find, however, that
`Petitioner has proven by a preponderance of the evidence that Hyppӧnen
`teaches the determining step and that it would have been obvious to combine
`
`19
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`Hyppӧnen’s teachings with Hanson. We discuss our reasons for these
`findings under the separate headings below.
`1. Whether Hanson Alone Teaches the Determining Step
`With regard to Hanson, alone, Petitioner states that two disclosures
`regarding the bastion server are relevant to the determining step. Id. at
`4849. The first disclosure pertains to Hanson’s rule check. Id. According
`to Petitioner, the rule checks operate “on data packets that are or include
`programs.” Id. We are not persuaded that this teaches that Hanson
`determines whether the downloadable-information includes executable code.
`Hanson describes that the rule checks are performed on data packets that
`may include programs, but does not describe detecting programs in “data
`packets.” Moreover, the fact that a reply packet may pass the checks against
`send rules does not teach the determining step either. All data packets in
`Hanson pass through the bastion server and are checked against the rules
`file, regardless of whether they include programs.
`The second disclosure of Hanson that Petitioner relies on is the JAVA
`Checks and Active X Checks in the rules file. Id. at 5051. We are not
`persuaded that Hanson’s disclosures of JAVA Checks and Active X Checks
`teach the determining step. These checks indicate that certain security files
`attach to a data packet if there are JAVA applets or Active X programs in the
`data packet. But Hanson says nothing about detecting applets, Active X
`components, or any other purported “executable code.” Petitioner’s expert,
`Dr. Clark, opines that a person of ordinary skill in the art “would have
`understood that Hanson’s disclosure of applying ‘JAVA Checks,’ and
`‘Active X Checks’ or other security program includes a determination of
`whether the data packet is or includes a JAVA applet, Active X program or
`
`20
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`other executable program.” Clark Decl. ¶ 107. This is a conclusory
`statement—there is no reasoning provided for why or how, if Hanson
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
