`571-272-7822
`
`
`Paper 7
`Entered: June 5, 2018
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`CISCO SYSTEMS, INC.,
`Petitioner,
`
`v.
`
`FINJAN, INC.,
`Patent Owner.
`____________
`
`Case IPR2018-00391
`Patent 7,647,633 B2
`
`____________
`
`
`
`Before, THOMAS L. GIANNETTI, MIRIAM L. QUINN, and
`PATRICK M. BOUCHER, Administrative Patent Judges.
`
`QUINN, Administrative Patent Judge.
`
`
`
`
`
`
`
`
`
`DECISION
`Institution of Inter Partes Review
`35 U.S.C. § 314(a)
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`
`Cisco Systems, Inc. (“Petitioner”) filed a Petition to institute inter
`
`partes review of claims 14, 8, 11, 13, and 14 of U.S. Patent No. 7,647,633
`
`B2 (“the ’633 patent”) pursuant to 35 U.S.C. § 311319. Paper 1 (“Pet.”).
`
`Finjan, Inc. (“Patent Owner”) timely filed a Preliminary Response. Paper 6
`
`(“Prelim. Resp.”). We have jurisdiction under 35 U.S.C. § 314.
`
`For the reasons that follow, we institute inter partes review.
`
`I.
`
`BACKGROUND
`
`A. RELATED MATTERS
`
`The parties identify a multitude of district court cases (N.D. Cal.) in
`
`which the ʼ633 patent is involved. Pet. 5; see also Paper 4. The ’633 patent
`
`has also been the subject of various proceedings at the USPTO, including
`
`Palo Alto Networks, Inc. v. Finjan, Inc., Case IPR2015-01974 (PTAB), in
`
`which the Board issued a Final Written Decision concerning claims 14 and
`
`19 of the ’633 patent. Paper 4; Ex. 2002. The ’633 patent also has been the
`
`subject of an ex parte reexamination (Control No. 90/013,016). Ex. 2001.
`
`B. THE ’633 PATENT (EX. 1001)
`
`The ’633 patent relates to a system and a method for protecting
`
`network-connectable devices from undesirable downloadable operation. Ex.
`
`1001, 1:3033. The patent describes that “Downloadable information
`
`comprising program code can include distributable components (e.g. JavaTM
`
`applets and JavaScript scripts, ActiveXTM controls, Visual Basic, add-ins
`
`and/or others).” Id. at 1:6063. Protecting against only some distributable
`
`components does not protect against application programs, Trojan horses, or
`
`zip or meta files, which are other types of “Downloadable information.” Id.
`
`2
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`at 1:632:2. The ’633 patent “enables more reliable protection.” Id. at
`
`2:2728. According to the Summary of the Invention,
`
`In one aspect, embodiments of the invention provide for
`determining, within one or more network “servers” (e.g.
`firewalls, resources, gateways, email relays or other
`devices/processes that are capable of receiving-and-transferring
`a Downloadable) whether received information includes
`executable code (and is a “Downloadable”). Embodiments also
`provide for delivering static, configurable and/or extensible
`remotely operable protection policies to a Downloadable-
`destination, more typically as a sandboxed package including
`the mobile protection code, downloadable policies and one or
`more received Downloadables. Further client-based or remote
`protection code/policies can also be utilized in a distributed
`manner. Embodiments also provide for causing the mobile
`protection code to be executed within a Downloadable-
`destination in a manner that enables various Downloadable
`operations to be detected, intercepted or further responded to
`via protection operations. Additional server/information-
`destination device security or other protection is also enabled,
`among still further aspects.
`
`Id. at 2:3957.
`
`C. ILLUSTRATIVE CLAIMS
`
`Challenged claims 1, 8, 13, and 14 of the ’633 patent are independent.
`
`Illustrative claims 1 and 14 are reproduced below.
`
`1. A computer processor-based method, comprising:
`receiving, by a computer, downloadable-information;
`determining, by the computer, whether the
`downloadable-information includes executable code; and
`based upon the determination, transmitting from the
`computer mobile protection code to at least one information-
`destination of the downloadable-information, if the
`downloadable-information is determined to include executable
`code.
`
`3
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`
`
`14. A computer program product, comprising a
`computer usable medium having a computer readable program
`code therein, the computer readable program code adapted to be
`executed for computer security, the method comprising:
`providing a system, wherein the system comprises
`distinct software modules, and wherein the distinct software
`modules comprise an information re-communicator and a
`mobile code executor;
`receiving, at the information re-communicator,
`downloadable-information including executable code; and
`causing mobile protection code to be executed by the
`mobile code executor at a downloadable-information
`destination such that one or more operations of the executable
`code at the destination, if attempted, will be processed by the
`mobile protection code.
`
`Id. at 20:5462; 21:58–22:5.
`
`
`D. ASSERTED REFERENCES AND GROUNDS OF UNPATENTABILITY
`
`Petitioner asserts three grounds of unpatentability based on the
`
`following references:
`
`1) Hanson: PCT Published Application WO 98/31124, published on
`
`July 16, 1998 (Exhibit 1004);
`
`2) Hypponen: U.S. Patent No. 6,577,920 B1, issued on June 10, 2003
`
`(Exhibit 1005); and
`
`3) Touboul: PCT Published Application WO 98/21683 (Exhibit
`
`1007).
`
`The grounds identified in the Petition are as listed below (Pet. 32).
`
`
`
`4
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`
`Claim(s)
`
`Basis
`
`References
`
`14, 8, 11, 13, 14 § 103
`12
`§ 103
`
`
`
`Hanson and Hypponen
`Hanson, Hypponen, and
`Touboul
`
`Petitioner further relies on the Declaration of Paul Clark, Ph.D., in
`
`support of the asserted grounds. Ex. 1003 (“Clark Declaration”).
`
`
`
`II. ANALYSIS
`
`A. CLAIM CONSTRUCTION
`
`In an inter partes review, claim terms in an unexpired patent are
`
`interpreted according to their broadest reasonable construction in light of the
`
`specification of the patent in which they appear. 37 C.F.R. § 42.100(b).
`
`With regard to terms drafted in means-plus-function language, “[a]pplication
`
`of § 112, ¶ 6 requires identification of the structure in the specification
`
`which performs the recited function.” Micro Chemical, Inc., v. Great Plains
`
`Chemical Co., Inc., 194 F.3d 1250, 1257 (Fed. Cir. 1999); see also 37
`
`C.F.R. § 42.104(b)(3). Further, the statute does not permit “incorporation of
`
`structure from the written description beyond that necessary to perform the
`
`claimed function.” Id. at 1258.
`
`1. Means-Plus-Function Terms
`
`Petitioner proposes construction for various terms written in means-
`
`plus-function format, recited in claim 13. Pet. 2022. Patent Owner
`
`addresses those means-plus-function terms. Prelim. Resp. 1113. The
`
`differences between the parties’ proposed constructions are noted below
`
`with regard to the alleged structures:
`
`5
`
`
`
`Patent Owner’s
`proposed structure
`Re-communicating
`device
`
`Detection engine
`
`Re-communicating
`device
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`Term
`
`Means for receiving
`downloadable-
`information
`Means for determining
`whether the
`downloadable-
`information includes
`executable code
`
`Means for causing
`mobile code to be
`communicated to at
`least one information-
`destination of the
`downloadable-
`information, if the
`downloadable-
`information is
`determined to include
`executable code
`
`
`Petitioner’s proposed
`structure
`Server or firewall
`
`Server programmed to
`perform file type
`detection or content
`detection on the
`downloadable-
`information and
`equivalents
`Protection engine
`programmed to package
`the mobile protection
`code with the
`downloadable-
`information for transfer
`to the information
`destination of the
`downloadable-
`information and
`equivalents
`
`The ’633 patent specification discloses that “[e]mbodiments provide,
`
`within one or more ‘servers’ (e.g. firewalls, resources, gateways, email
`
`relays or other information re-communicating devices), for receiving
`
`downloadable-information and detecting whether the downloadable-
`
`information includes one or more instances of executable code (e.g. as with
`
`a Trojan horse, zip/meta file etc.).” Ex. 1001, 5:3439 (emphasis added).
`
`Thus, we agree with Patent Owner that the function of “receiving
`
`downloadable-information” is linked to a “re-communicating device,” which
`
`may be a server or firewall (id. at 9:1012; Firewall 302 of Fig. 3).
`
`Accordingly, Patent Owner’s proposal for the corresponding structure for
`
`6
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`the “means for receiving downloadable-information” is adopted for purposes
`
`of this Decision.
`
`The above-quoted passage of the Specification also links a re-
`
`communicating device, such as a server or firewall, to the function of
`
`determining whether the downloadable-information includes executable
`
`code. Ex. 1001, 5:3439. Petitioner’s proposal acknowledges that a server
`
`is part of the structure linked to the “means for determining,” but adds a
`
`“programmed” limitation that does not track the function directly. Patent
`
`Owner proposes that a “detection engine” is a more appropriate structure
`
`because the ’633 patent Specification describes detection engine 402 as
`
`including code detector 421, “which receives a potential-Downloadable and
`
`determines . . . whether the potential-Downloadable includes executable
`
`code.” Prelim. Resp. 11 (citing, e.g., Ex. 1001, 12:826). Patent Owner’s
`
`proposal is incomplete, as it focuses on the embodiment shown in Figure 4,
`
`but does not address the embodiment shown in Figure 3. See Callicrate v.
`
`Wadsworth Mfg., Inc., 427 F.3d 1361, 1369 (Fed. Cir. 2005) (determining
`
`that the proper claim construction must account for all structures in the
`
`specification corresponding to the claimed function).
`
`We now turn to Figure 3 and corresponding disclosures regarding the
`
`“means for determining” and “means for causing” limitations. Figure 3
`
`depicts a protection engine linked to the recited “determining” function:
`
`“[p]rotection engine 310 further analyzes the potential-Downloadable and
`
`determines whether the potential Downloadable includes executable code. If
`
`not, protection engine 310 enables the not executable potential-
`
`Downloadable 331 to be delivered to its destination in an unaffected
`
`manner.” Ex. 1001, 9:5257. Accordingly, the structure linked to the
`
`7
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`“determining” function encompasses alternative embodiments: protection
`
`engine 310 in server 301 (Figure 3) or detection engine 402, included in
`
`protection engine 400 (Figure 4). The broader of these alternative
`
`embodiments is the protection engine.
`
`Notably, the protection engine is also linked to the remaining means-
`
`plus-function term: “means for causing mobile protection code to be
`
`communicated to at least one information-destination of the downloadable-
`
`information.” For example, the Specification states that “[i]n conjunction
`
`with determining that the potential-Downloadable is a detected-
`
`Downloadable, protection engine 310 also causes mobile protection code or
`
`‘MPC’ 341 to be communicated to the Downloadable-destination of the
`
`Downloadable.” Id. at 9:5963.
`
`Therefore, the Specification provides, at a minimum, two sets of
`
`alternative structures for the means for determining and for the means for
`
`causing MPC to be communicated. The first set of structures tracks the
`
`embodiment shown in Figure 3, which describes a protection engine within a
`
`server or firewall, where the protection engine performs both recited
`
`functions, i.e., determining and causing MPC to be communicated. Ex.
`
`1001, 8: 6066, 9:5257, 9:5963. The second set of structures tracks the
`
`embodiment shown in Figure 4, which describes: (1) a detection engine,
`
`within the protection engine, for determining whether the potential-
`
`Downloadable includes executable code (id. at 12:812); and (2) a transfer
`
`engine, within the protection engine, for causing results from the linking
`
`engine, i.e. the MPC (id. at 13:4254), to be transferred to a destination user
`
`device/process (id. at 14:2427).
`
`8
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`
`Consequently, for purposes of this Decision we adopt the following
`
`structures for the means-plus-function terms recited in claim 13:
`
`Term
`
`means for receiving
`downloadable-information
`means for determining whether
`the downloadable-information
`includes executable code
`
`means for causing mobile code
`to be communicated to at least
`one information-destination of
`the downloadable-information,
`if the downloadable-
`information is determined to
`include executable code
`
`Board’s Preliminary Claim
`Construction (Structure)
`Re-communicating device,
`such as a server or firewall
`Protection engine (Fig 3) in a
`re-communicating device,
`such as a server or firewall; or
`
`Detection engine (Fig. 4)
`within a protection engine in a
`re-communicating device,
`such as a server or firewall
`Protection engine (Fig 3) in a
`re-communicating device,
`such as a server or firewall; or
`
`Transfer engine (Fig. 4)
`within the protection engine
`in a re-communicating device,
`such as a server or firewall
`
`
`
`2. Prior Board Claim Constructions
`
`Patent Owner points out that the Board has construed two claim terms
`
`in prior proceedings. Prelim. Resp. 910. In particular, a panel of the Board
`
`issued a Decision on Appeal in connection with the reexamination (Control
`
`No. 90/013,016) of the ’633 patent. Ex. 2001. That Decision states: “In
`
`order to disclose determining whether the downloadable-information
`
`includes executable code, [the prior art] must disclose distinguishing
`
`between two alternative possibilities: executable code is included in the
`
`downloadable-information, and executable code is not included in the
`
`9
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`downloadable-information.” Id. at 5.1 Petitioner does not address this prior
`
`Board Decision in its Petition.
`
`Patent Owner also points out that the Board issued a Final Written
`
`Decision in IPR2015-01974 in which we construed the term “executable
`
`code” of the ’633 patent, in the context of the surrounding claim language
`
`and the Specification, to mean that the “the executable code whose
`
`operations are processed by the mobile protection code at the destination is
`
`the same as the executable code received, i.e., it undergoes no modification.”
`
`Ex. 2002, 18. The Final Written Decision has been appealed to the Federal
`
`Circuit, and is currently pending disposition. Petitioner mentions the “no
`
`modification” requirement, while contending that the prior art meets the
`
`claim language, but does not argue the meaning of the claim language
`
`further. Pet. 57 n.5.
`
`Neither party urges that we revisit either of these prior Board
`
`determinations. Accordingly, we adopt these claim interpretations for
`
`purposes of this Decision.
`
`B. PETITIONER’S OVERALL CONTENTIONS
`
`As stated above, claims 1 and 14 are illustrative of the claimed subject
`
`matter. Our discussion of Petitioner’s contentions thus focuses on these two
`
`claims, especially in light of Patent Owner’s arguments, which also focus on
`
`these claims.
`
`1. Claim 1
`
`Petitioner argues that Hanson discloses all the claim limitations
`
`recited in claim 1, except for the limitation “determining, by the computer,
`
`
`1 See Ex. 1001, 9:5257, Fig. 3.
`
`10
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`whether the downloadable-information includes executable code.” Pet.
`
`4854. For this limitation, Petitioner argues two alternatives. First, Hanson
`
`alone discloses the “determining” limitation because Hanson discloses
`
`applying “JAVA Checks,” “Active X Checks,” or other security programs to
`
`data packets that are JAVA applets, Active X programs, or other types of
`
`data. Id. at 5051 (citing Ex. 1004, 1213). Second, Petitioner argues that
`
`it would have been obvious to a person of ordinary skill in the art “to modify
`
`the bastion server of Hanson to determine whether executable code other
`
`than JAVA applets and Active X programs was in the data packet, using
`
`conventional prior art techniques in order to extend the capabilities as
`
`envisioned by Hanson.” Id. at 5152 (citing the Clark Declaration, Ex. 1003
`
`¶ 108).
`
`As evidence of the known techniques in the prior art, Petitioner points
`
`to Hypponen as describing “that in conventional computer virus detection
`
`software, the first step was to determine which files contained executable
`
`code.” Id. at 52 (citing Ex. 1003 ¶ 109; Ex. 1005, 1:2629). Hypponen
`
`applies virus detection principles to detect first whether a file contained a
`
`Microsoft Office macro (i.e., examining for .dot or .doc file extension or
`
`scanning the file for embedded macros), which Hypponen describes as small
`
`executable programs. Id. at 53 (citing Ex. 1005, 1:4648, 5:2329; Ex.
`
`1003 ¶ 110). Petitioner posits that a person of ordinary skill in the art
`
`would have been motivated to determine whether the data
`packet (file) contains executable code (as taught by Hypponen)
`in order to efficiently focus resources on the recognized threat
`posed by executable files, rather than performing Hanson’s
`additional checks on all data packets and further to expedite the
`delivery of those data packets not containing programs to the
`
`11
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`
`intended recipient without the attendant delay associated with
`malicious code protection.
`
`Id. at 5354 (citing Ex. 1003 ¶ 111).
`
`2. Claim 14
`
`Petitioner argues that Hanson teaches all the limitations of claim 14.
`
`Pet. 7380. In particular, with respect to the “executable code” limitation,
`
`Petitioner contends that Hanson’s bastion server receives executable code
`
`because Hanson teaches that received data packets include JAVA applets
`
`and Active X programs (and other programs). Id. at 7677 (citing Ex. 1004,
`
`8, 10, 12, 13). Further, Petitioner points out that Hanson’s bastion server
`
`attaches security programs (mobile protection code) to the data packets and
`
`transmits the security programs and the data packets containing JAVA
`
`applets and Active X programs to a client computer with a Java virtual
`
`machine (mobile code executor) at the client. Id. at 78 (citing Ex. 1003
`
`¶ 72).
`
`The “attachment” in Hanson, according to Petitioner, and the
`
`transmission of the security programs along with the data packets, cause the
`
`security programs to be executed by the client computer. Id. at 7879. In a
`
`footnote clarification provided in connection with another claim, Petitioner
`
`argues that a person of ordinary skill in the art would have understood that
`
`the security program is attached (“tagged”) to the data packets as a separate
`
`object that does not modify the data packets. Id. at 57 (citing Ex. 1003
`
`¶ 118).
`
`12
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`
`C. PATENT OWNER’S ARGUMENTS
`
`Patent Owner argues that Petitioner has failed to demonstrate a
`
`reasonable likelihood of prevailing in showing that claims 1, 8, and 13 are
`
`unpatentable because Hanson, either alone, or in combination with
`
`Hypponen, fails to disclose the “determining” step. Prelim. Resp. 3236. In
`
`particular, Patent Owner argues that, in accordance with the Board’s claim
`
`construction of that claim phrase, Hanson must also determine whether
`
`executable code is not included in the downloadable information, and
`
`Hanson does not meet this part of the claim construction. Id. at 3435.
`
`Patent Owner also argues that Hanson does not teach detecting executable
`
`code, but only describes “what happens after some executable is identified.”
`
`Id. at 33. Patent Owner also argues that Hypponen suffers from the same
`
`deficiencies, in that Hypponen only detects whether a file includes a macro,
`
`and further fails to determine whether executable code is not included in the
`
`executable code. Id. at 3536.
`
`With regard to claim 14, Patent Owner argues that the “executable
`
`code,” according to our prior claim construction, cannot be modified, yet
`
`Petitioner did not provide sufficient explanation as to how “tagging” a data
`
`packet occurs without modification of the alleged executable code contained
`
`in the data packet. Id. at 3738.
`
`Patent Owner also argues that the Petition should be denied in an
`
`exercise of the Board’s discretionary powers under 35 U.S.C. §§ 314(a) and
`
`325(d). Id. at 1430.
`
`13
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`
`D. DETERMINATION OF REASONABLE LIKELIHOOD THRESHOLD
`
`Having considered the information presented in the Petition and in the
`
`Preliminary Response, we are persuaded that Petitioner, on the present
`
`record, has demonstrated a reasonable likelihood of prevailing on its
`
`assertion that claim 14 is unpatentable over Hanson.
`
`1. Claim 14
`
`We are persuaded at this juncture by Petitioner’s arguments and
`
`evidence that Hanson teaches the limitations of independent claim 14. In
`
`particular, with respect to the “executable code,” the testimony of Dr. Clark
`
`explains that attachment or tagging does not modify the data packets, which
`
`include the alleged executable code because the security program is a
`
`separate object. Ex. 1003 ¶ 118 (cited in Pet. 57 n.5). Although there is no
`
`further explanation of how the tagging or attachment would be performed
`
`according to the state of the art and knowledge of a person of ordinary skill
`
`in the art, we are persuaded that the sworn assertion by Dr. Clark is
`
`sufficient, at this juncture, to demonstrate that the “executable code” is not
`
`modified. We also are satisfied, at this stage of the proceeding, that Dr.
`
`Clark’s testimony is consistent with the ordinary meaning of “tagging,”
`
`which at least suggests the security code and data packets are kept separate.
`
`We will make the factual determination on this issue, however, under the
`
`preponderance of the evidence at the conclusion of all briefing and on a full
`
`record. Nevertheless, on the record before us, Petitioner has made a
`
`sufficient showing under a reasonable likelihood threshold of institution that
`
`Hanson renders obvious claim 14 of the ’633 patent. Pet. 7380.
`
`14
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`
`2. Claims 1–4, 8, 1113
`
`With regard to claims 14, 8, 1113, there are two factual issues that
`
`are problematic in Petitioner’s case. First, we are not persuaded that Hanson
`
`alone teaches determining whether the downloadable-information includes
`
`executable code. Hanson is completely silent with regard to detection of
`
`Java applets, Active X components, or any other executable code.
`
`Hanson teaches that the bastion server checks all data packets using a
`
`set of rules, included in a rules file. Ex. 1004, 11:119, 11:113:21, Fig. 3. 2
`
`However, none of these rules is for detecting, in the data packets, executable
`
`code, whether Java applets, Active X programs, or otherwise. Hanson does
`
`not describe in any detail what techniques, if any, are used in determining
`
`whether a data packet includes executable code. The fact that Hanson
`
`performs “JAVA Checks” and “Active X Checks” does not fill this gap.
`
`These checks merely indicate that certain security or test files execute if
`
`there are Java applets or Active X programs in the data packet. But Hanson
`
`does not disclose the detection of such applets or programs.
`
`Additionally, Petitioner’s arguments are not sufficient to show the
`
`determination whether the downloadable-information includes executable
`
`code, in accordance with the construction of this term we have adopted for
`
`purposes of institution, discussed supra Section II.A.2. Petitioner has failed
`
`to explain how detecting a Java applet or Active X program in a data packet
`
`also teaches that executable code is not included in the data packet. As the
`
`Board has stated previously, with respect to applet detection, detecting an
`
`applet determines some cases where executable code is included because an
`
`
`2 Cites to Hanson refer to the page numbers provided in the footer by
`Petitioner.
`
`15
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`applet tag reasonably indicates the existence of executable applet code, but
`
`the absence of an applet tag does not determine that executable code is not
`
`included in the downloadable-information. Ex. 2002, 5. The same logic
`
`applies to Hanson, because, even if Hanson disclosed detection of Java
`
`applets and Active X programs, which it does not, Hanson’s data packets
`
`may still include executable code.
`
`We note that Petitioner argues that Hanson teaches protecting against
`
`other types of executable programs. Pet. 51 (citing Ex. 1004, 13:1316).
`
`Hanson, however, discloses protection against various types of data, without
`
`qualification. Hanson is silent regarding detection of executable code.
`
`Hanson’s description of examination of data packets also does not teach,
`
`alone, the particular “determining whether” that the claims require. See
`
`supra, Section II.A. Furthermore, the Clark Declaration on this issue,
`
`paragraphs 106 to 107, is repeated verbatim in the Petition and, thus, offers
`
`no further explanation as to how Hanson’s generic statements regarding
`
`protection against various types of data would have been understood by a
`
`person of ordinary skill in the art as teaching the determination of whether
`
`the data packet is or includes executable code. See In re Magnum Oil Tools
`
`Int’l, Ltd., 829 F.3d 1364, 1381 (Fed. Cir. 2016) (holding that because
`
`petitioner “bears the burden of proof,” the Board “must base its decision on
`
`arguments that were advanced by [petitioner]”); 35 U.S.C. § 312(a)(3); 37
`
`C.F.R. §§ 42.22(a)(2), 42.104(b)(4)–(5).
`
`The second problem with Petitioner’s arguments concerning claims
`
`14, 8, 1113 involves the asserted motivation to combine. The “factual
`
`inquiry” into the reasons for “combin[ing] references must be thorough and
`
`searching, and the need for specificity pervades . . . .” In re Nuvasive, Inc.,
`
`16
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`842 F.3d 1376, 1381–82 (Fed. Cir. 2016) (internal quotations and citations
`
`omitted). A determination of obviousness cannot be reached where the
`
`record lacks “explanation as to how or why the references would be
`
`combined to produce the claimed invention.” Trivascular, Inc. v. Samuels,
`
`812 F.3d 1056, 1066 (Fed. Cir. 2016); see Nuvasive, 842 F.3d at 1382–85;
`
`Magnum Oil, 829 F.3d at 1380–81. The record, at this juncture, lacks
`
`specificity and persuasive factual support for the alleged reasons to combine.
`
`Hypponen is directed to screening for viruses in macros when an
`
`application issues file access requests to a local hard disk drive, such as
`
`requests for opening a template in Microsoft Word. Ex. 1005, 1:68,
`
`1:4648, 1: 5053, 4:3953. Hanson, in contrast, performs the rule checks
`
`at the bastion server, where all data packets flowing between internal server
`
`20 and client 15 are checked for compliance with various rules as discussed
`
`above. See Ex. 1004 11:113:13, Fig. 3. Petitioner argues that it would
`
`have been obvious to modify Hanson’s bastion server to include the
`
`technique disclosed in Hypponen, namely examining whether the file has a
`
`specific extension (.doc or .dot) or scanning the file for embedded macros.
`
`Pet. 53. On the present record, we find insufficient explanation of the
`
`alleged modification, i.e., modifying a server to implement techniques
`
`known for detecting macros invoked by an application at the client
`
`computer.
`
`Furthermore, Petitioner’s reason to combine focuses on an alleged
`
`efficiency that is not persuasive on the present record. For instance,
`
`Petitioner argues that Hanson, modified, checks first if the data packet
`
`includes executable code, such that the JAVA Checks or Active X Checks
`
`would be performed only if the data packets include executable code. Id.
`
`17
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`Otherwise, Petitioner argues, the data packets “not containing programs”
`
`would be expedited to the intended recipient “without the attendant delay
`
`associated with malicious code protection.” Id. at 5354 (citing Ex. 1003
`
`¶ 111). But Hanson checks all data packets, and teaches performing the
`
`JAVA Check only if packets contain Java applets and performing Active X
`
`Checks if packets contain Active X programs. Thus, Hanson is already
`
`efficient in performing the additional “Checks” on packets containing Java
`
`applets and Active X programs.
`
`Petitioner’s proposed modification of Hanson appears to be the
`
`opposite of efficient. To achieve the claimed invention, Hanson would need
`
`to determine whether each data packet includes executable code and then
`
`cause the mobile protection code to be executed to process the operations of
`
`the executable code. Petitioner’s efficiency theory is not persuasive on the
`
`present record because Hanson, as modified, would attempt to detect and
`
`apply “Checks” to additional categories of packets. Petitioner’s theory also
`
`leaves us wondering which mobile protection code would be executed to
`
`process the operations of the additional categories of packets. See Personal
`
`Web Techs., LLC v. Apple, Inc., 848 F.3d 987, 994 (Fed. Cir. 2017) (holding
`
`obviousness determination to be improper where the record lacked a “clear,
`
`evidence-supported account” of “how the combination” would work). It is
`
`unclear and unexplained what “Checks”3 Hanson would include in the rules
`
`file and what security programs Hanson would attach to packets not
`
`containing Java applets or Active X programs, but containing executable
`
`code.
`
`
`3 Hanson describes specific class files for Java Checks and a security.ocx
`program for Active X Checks. Ex. 1004, 12:813:12.
`
`18
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`
`Accordingly, as to claims 14, 8, 1113, we have doubts that
`
`Petitioner has shown a reasonable likelihood of prevailing in its contentions
`
`of unpatentability.
`
`E. DISCRETIONARY AUTHORITY UNDER 35 U.S.C. §§ 314(A) AND
`325(D)
`
`Patent Owner has presented arguments concerning the exercise of the
`
`Board’s discretion to deny institution. Prelim. Resp. 1430. We do not
`
`exercise that discretion here. The Petition neither constitutes a “follow-on”
`
`Petition nor includes prior art or arguments previously presented to the
`
`Office. All of Patent Owner’s arguments in this regard have been
`
`considered, but are not persuasive.
`
`III. CONCLUSION
`
`Petitioner has demonstrated a reasonable likelihood of prevailing in
`
`the contention that the claim 14 is unpatentable as obvious over Hanson.
`
`Accordingly, we institute inter partes review of claims 1, 4, 8, 1114 of U.S.
`
`Patent No. 7,647,633. See SAS Inst., Inc. v. Iancu, 138 S. Ct. 1348, 1355
`
`(2018).
`
`IV. ORDER
`
`It is ORDERED that the Petition is granted and that inter partes
`
`review is instituted for all claims challenged and on all asserted grounds as
`
`follows:
`
`Claim(s)
`
`Basis
`
`References
`
`14, 8, 11, 13, 14 § 103
`12
`§ 103
`
`Hanson and Hypponen
`Hanson, Hypponen, and
`Touboul
`
`19
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`
`
`
`FURTHER ORDERED that pursuant to 35 U.S.C. § 314(a), inter
`
`partes review of the ’633 patent is hereby instituted with trial commencing
`
`on the entry date of this decision, and pursuant to 35 U.S.C. § 314(c) and 37
`
`C.F.R. § 42.4, notice is hereby given of the institution of trial.
`
`20
`
`
`
`IPR2018-00391
`Patent 7,647,633 B2
`
`PETITIONER:
`
`Patrick D. McPherson (Lead Counsel)
`Patrick Muldoon
`Joseph A. Powers
`DUNE MORRIS LLP
`PDMcPherson@duanemorris.com
`PCMuldoon@duanemorris.com
`JAPowers@duanemorris.com
`
`
`PATENT OWNER:
`
`James Hannah
`Jeffrey H. Price
`Michael Lee
`KRAMER LEVIN NAFTALS & FRANKEL LLP
`jhannah@kramerlevin.com
`jprice@kramerlevin.com
`mhlee@karamerlevin.com
`
`
`
`
`21
`
`