`
`
`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`_____________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`_____________________
`
`Cisco Systems, Inc.,
`Petitioner,
`
`v.
`
`Finjan, Inc.,
`Patent Owner.
`____________
`
`U.S. Patent No. 7,647,633
`
`_____________________
`
`Case No. IPR2018-00391
`_____________________
`
`PETITIONER’S REPLY TO PATENT OWNER’S RESPONSE
`
`
`
`
`
`
`
`
`Mail Stop “PATENT BOARD”
`Patent Trial and Appeal Board
`U.S. Patent and Trademark Office
`P.O. Box 1450
`Alexandria, VA 22313-1450
`
`DM2\9480887.5
`
`

`

`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`TABLE OF CONTENTS
`
`
`
`I.
`II.
`
`III.
`
`
`
`Page
`INTRODUCTION ........................................................................................... 1
`Petitioner Has Not Waived Any Challenge To The ID, But Finjan Has
`Waived An Argument From Its POPR That It Did Not Include In Its
`POR .................................................................................................................. 1
`Finjan Does Not Submit Evidence Sufficient to Rebut Petitioner’s
`Showing of Invalidity of the Challenged Claims ............................................ 2
`Finjan’s Claim Construction Arguments Are Overly Restrictive
`and Unnecessary .................................................................................... 3
`1.
`Downloadable-information ......................................................... 3
`2.
`Information re-communicator/monitor ....................................... 4
`3.
`determining….whether the downloadable-information
`includes executable code ............................................................. 5
`Finjan’s Arguments That Hanson Does Not Include “Receiving
`Downloadable-Information” Lack Merit .............................................. 8
`1.
`Finjan Attacks Disclosure Of Hanson That The Petition
`Did Not Use ................................................................................ 8
`Finjan Does Not Apply Its Proposed Construction of
`“Downloadable-Information” ..................................................... 9
`Finjan’s Arguments That Claim 14 Is Valid Over Ground 1
`Fails .....................................................................................................10
`1.
`The Petition Properly Sets Forth a Single Reference
`Obviousness Challenge to Claim 14 .........................................10
`Hanson Discloses Each Limitation Recited In Claim 14..........10
`2.
`Factual Issues Identified by the Board In The Institution
`Decision ...............................................................................................17
`
`2.
`
`
`
`
`
`
`
`
`
`
`i
`
`

`

`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`
`
`Finjan’s Evidence of Secondary Considerations Is Not
`Sufficient .............................................................................................24
`CONCLUSION ............................................................................................ 26
`
`ii
`
`
`
`I.
`
`
`
`
`

`

`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`
`
`TABLE OF AUTHORITIES
`
`Page(s)
`
`Cases
`Beckman Instruments v. LKB Produkter AB, 892 F.2d 1547 (Fed. Cir.
`1989) ................................................................................................................... 14
`In re Donohue, 766 F.2d 531(Fed. Cir. 1985) ......................................................... 14
`Edmund Optics, Inc. v. Semrock, Inc. IPR2014-00599 ........................................... 14
`Symbol Techs. Inc. v. Opticon Inc., 935 F.2d 1569 (Fed. Cir. 1991) ...................... 14
`In re GPAC Inc., 57 F.3d 1573 (Fed. Cir. 1995) ..................................................... 24
`Palo Alto Networks, Inc. v. Finjan, Inc., Case IPR2015-01979, Paper
`22, 58–66 ....................................................................................................... 25-26
`Symantec Corp. v. Finjan, Inc., IPR2015-01892, Paper 27, 53-62 ......................... 25
`Other Authorities
`37 C.F.R 42.104(B)(2) ............................................................................................ 10
`
`
`
`
`iii
`
`

`

`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`
`
`Petitioner’s Exhibit List
`
` Exhibit #
`1001
`1002
`
`1003
`1004
`1005
`1006
`
`1007
`1008
`1009
`
`1010
`
`1011
`1012
`1013
`1014
`
`1015
`1016
`1017
`1018
`
`1019
`1020
`
`Description
`U.S. Patent No. 7,647,633 (“the ’633 Patent”)
`Select portions of prosecution history of the ’633 Patent (“File
`History”)
`Declaration of Petitioner’s Expert Dr. Paul Clark (“Clark”)
`PCT Published Application WO 98/31124 (“Hanson”)
`U.S. Patent No. 6,577,920 (“Hypponen”)
`Rx PC The Anti-Virus Handbook, Endrijonas. Windcrest/McGraw-Hill
`in 1993. (“Rx PC”)
`PCT Published Application WO 98/21683 (“Touboul 98”)
`PCT Published Application WO 99/35583 (“Touboul 99”)
`Hardening COTS Software with Generic Software Wrappers., 1999
`IEEE Symposium on Security and Privacy Proceedings, T. Fraser et
`al., May 1999 (“Fraser”)
`User’s Guide: WebScanX for Windows 3.1x, Windows 95, and
`Windows NT, McAfee Associates, Inc., Aug. 1997 (“WebScanX”)
`UK Patent Application GB 2 322 035 A (“Nash”)
`U.S. Patent No. 6,772,346 (“Chess”)
`Related Patents
`Select portions of the prosecution history of U.S. Reexamination
`application No. 90/013,652, (“the ’652 reexam”)
`U.S. Patent application ser. No. 08/964,388 (“the ’388 application”)
`U.S. Patent application ser. No. 09/861,229 (“the ’229 application”)
`U.S. Provisional application No. 60/205,591 (“the ’591 provisional”)
`Select portions of the prosecution history of U.S. Reexamination
`application No. 90/013,016 (“the ’016 reexam”)
`U.S. Provisional application No. 60/030,639 (“the ’639 Provisional”)
`U.S. Patent No. 6,092,194 (“the ’194 Patent”)
`
`iv
`
`
`
`
`
`
`
`
`

`

`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
` Exhibit #
`1021
`1022
`1023
`1024
`1025
`1026
`
`1027
`1028
`1029
`
`Description
`Declaration of Justus L. Getty
`U.S. Patent Application ser. No. 09/551,302 (“the ’302 application”)
`U.S. Patent Application ser. No. 08/790,097 (“the ’097 application”)
`Rebuttal Declaration of Petitioner’s Expert Dr. Paul Clark
`PCT Published Application WO 00/08793 (“Senator”)
`Plaintiff Finjan, Inc.’s Reply Claim Construction Brief, Finjan Inc. v.
`Juniper Networks, Inc. Case #3:17-cv-05659-WHA
`Deposition Transcript of Dr. Paul Clark
`Deposition Transcript of Dr. Medvidovic
`Web Security & Commerce, O’Reilly &Associates, Inc., Garfinkel and
`Spafford, June 1997. (“Spafford”)
`
`v
`
`
`
`
`
`
`
`
`

`

`
`
`
`
`I.
`
`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`INTRODUCTION
`Nothing in Patent Owner’s Response (POR) refutes the strong grounds set
`
`forth in the Petition.
`
`The POR is largely based on proposed claim constructions that Finjan did
`
`not raise in its Patent Owner Preliminary Response (POPR), and that appear
`
`crafted for the sole purpose of attempting to avoid the cited prior art.
`
`In this Reply, Petitioner also addresses concerns that were raised by the
`
`Board in the Institution Decision (ID), but not addressed in the POR.
`
`II.
`
`Petitioner Has Not Waived Any Challenge To The ID, But Finjan Has
`Waived An Argument From Its POPR That It Did Not Include In Its
`POR
`Finjan argues that because Petitioner did not seek or file a preliminary reply
`
`to the POPR or seek a rehearing, Petitioner cannot respond to the ID, i.e.,
`
`Petitioner is limited to responding only to the POR. POR 17-18. Rather, the
`
`August 2018 Trial Practice Guide (TPG) Update specifically allows “petitioner, in
`
`its reply brief, to address issues discussed in the ID.” TPG p. 14 (emphasis
`
`added).
`
`On the other hand, Finjan has waived any argument that it made in the
`
`POPR but did not reassert in the POR. The Scheduling Order states, “The patent
`
`owner is cautioned that any arguments for patentability not raised in the response
`
`1
`
`
`

`

`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`
`will be deemed waived.” Paper 8, June 5, 2018. Finjan argued in its POPR that
`
`Hanson alone or in combination with Hypponen fails to disclose the limitation of
`
`“whether the downloadable-information includes executable code” as discussed at
`
`pp. 3, 32-36 of the POPR, and Finjan proposed a construction for that term.
`
`However, Finjan did not raise this argument in the POR, likely because it
`
`contradicted the litigation positions Finjan subsequently took (as explained below).
`
`As a result, the Finjan has waived this argument.
`
`III. Finjan Does Not Submit Evidence Sufficient to Rebut Petitioner’s
`Showing of Invalidity of the Challenged Claims
`Finjan’s arguments in its POR can be categorized as follows:
`
`1.
`
`For all Challenged Claims, Finjan proposes for the first time a
`
`definition of downloadable-information as information which is downloaded from
`
`“a source computer.” (POR 10). Finjan asserts that Hanson does not disclose
`
`receiving…downloadable-information when (i) Finjan addresses disclosure in
`
`Hanson on which Petitioner did not rely and (ii) for the disclosure on which
`
`Petitioner did rely, Finjan does not apply its proposed definition.
`
`2.
`
`For Claims 2, 3, 8, 11-14, Finjan proposes for the first time a
`
`definition of information re-communicator/monitor that includes receiving
`
`downloadable information “from an external network” (POR 11) and asserts that
`
`Hanson does not disclose an information re-communicator/monitor when this
`
`overly-narrow definition is applied.
`
`
`
`2
`
`

`

`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`
`
`3.
`
`For Claim 14, Finjan asserts that the Petitioner failed to prove the
`
`negative – that Hanson does not modify the executable code of the received
`
`downloadable-information – and further, that Hanson’s disclosure is “wrong.”
`
`
`
`Finjan’s Claim Construction Arguments Are Overly Restrictive
`and Unnecessary
`1.
`Downloadable-information
`The intrinsic record broadly discloses downloadable-information. Faced
`
`with the ID, Finjan argues for a narrow definition of downloadable-information –
`
`requiring that it be “from a source computer.”
`
`None of the challenged claims refer to or otherwise limit the origin of the
`
`downloadable-information and the ‘633 Patent broadly describes downloadable-
`
`information as received information that may or may not include executable code,
`
`and does not limit this definition to information downloaded from any particular
`
`source, let alone a source computer. CS-1001 5:34-39; 9:18-24.
`
`Moreover, none of the embodiments illustrated in the ‘633 Patent identify a
`
`source for the downloadable. For example, FIG. 3 shows the “received information”
`
`being received at the firewall from an undefined source.
`
`With respect to the other part of Finjan’s proposed construction – “which
`
`may or may not include executable code” – other claim terms recite limitations
`
`regarding whether the downloadable includes executable code, and thus a
`
`
`
`
`3
`
`

`

`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`
`definition of downloadable-information that is narrower than “received
`
`information” is unnecessary.
`
`Finally, as with the ID, it remains unnecessary for the Board to construe the
`
`term because the cited prior art discloses downloadable-information under any
`
`reasonable interpretation.
`
`2.
`Information re-communicator/monitor
`Finjan did not request construction of information re-communicator/monitor
`
`in its POPR. Finjan now attempts to inject into the term the limitation that the
`
`downloadable-information be received “from an external network”, which is not
`
`supported by the claims, is inconsistent with the broad use of the terms in the
`
`specification, and is found in some (but not all) embodiments in the specification.
`
`The specification of the ’633 Patent defines an information re-
`
`communicator/monitor broadly as a “server” (CS-1001 2:60-63) and includes
`
`“firewalls, resources, gateways, email relays or other information re-
`
`communicating devices.” Id. at 2:40-43. Indeed, the specification describes
`
`embodiments where the re-communicator does not receive information from an
`
`external network. For example, the specification describes that the user-device of
`
`the embodiment illustrated in Fig. 1c, which receives information from an internal
`
`network, can be a re-communicator. Id. 7:43-62.
`
`
`
`
`4
`
`

`

`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`
`
`In the ID, the Board did not import an “external network” limitation into its
`
`construction of the similar “means for receiving downloadable-information” term.
`
`ID at 9.
`
`As with the ID, it is unnecessary for the Board to construe the term here
`
`because the cited prior art discloses information re-communicator/monitor under
`
`any reasonable interpretation.
`
`3.
`
`determining….whether the downloadable-information
`includes executable code
`This is the issue that Finjan waived. In its March 2018 POPR, Finjan
`
`proposed that the Board adopt a construction of determining….whether the
`
`downloadable-information includes executable code as “distinguishing between
`
`two alternative possibilities: executable code is included in the downloadable-
`
`information and executable code is not included in the downloadable-information.”
`
`POPR 3.
`
`However, a few months later in its August 2018 claim construction briefing
`
`in in its district litigation against Juniper Networks, Finjan stated that the same
`
`POPR construction that it urges this Board to adopt “improperly limit[ed] the
`
`scope of the claims”. CS-1026 at 12. Instead, Finjan asserted that the proper claim
`
`construction was the plain and ordinary meaning because “[defendant] cannot
`
`overcome the high burden of limiting the scope of the claims to ‘two alternatives
`
`
`
`
`5
`
`

`

`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`
`possibilities’ based on the prosecution history, especially where [defendant] relies
`
`on selective quotes taken out of context.” Id.
`
`Finjan urged the district court to reject the “two alternative possibilities”
`
`construction (including the “or not” requirement) even under the narrower Philips
`
`standard used in the district court, stating, “The intrinsic record of the ‘633 Patent,
`
`however, confirms that Finjan’s construction of plain and ordinary meaning is
`
`correct…. In other words, the determination need not simply distinguish between
`
`two alternative possibilities, but can indicate whether the Downloadable is likely to
`
`be executable because of its file type of other indicators.” CS-1026 at 12.1
`
`Although Petitioner believes the claim term should be given its plain and
`
`ordinary meaning, the Petition shows how this limitation is disclosed in the cited
`
`art under either claim construction. First, using the plain and ordinary meaning,
`
`the Petition explains at pages 36-38 and 48-51 that Hanson alone discloses the step
`
`of determining, by the bastion server (computer), whether data packets
`
`(downloadable-information) includes executable code in two aspects. The Petition
`
`shows how and why a POSA would have understood that Hanson’s disclosure of
`
`applying “JAVA Checks,” “ActiveX Checks” or other security program includes a
`
`determination of whether the data packet is or includes a Java applet, ActiveX
`
`
`1 The Juniper Court has not issued an order resolving this dispute.
`
`
`
`
`6
`
`

`

`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`
`program or other executable program – a form of file type analysis – under the
`
`plain and ordinary meaning of the term. Pet. 48-51.
`
`Then, the Petition also describes at pages 51-54 how the combination of
`
`Hanson and Hypponen would disclose the claim term if it is construed to include
`
`the “two alternative possibilities” limitation now proposed by Finjan (but opposed
`
`by Finjan in the Juniper litigation). Specifically, the Petition at page 52-53
`
`describes how the method described in Hypponen includes examining the file
`
`name extensions to determine whether a software program includes executable
`
`code, or scanning the file for small executable programs. These are the same
`
`conventional methods described in the ‘633 Patent that satisfy the “two alternative
`
`possibilities” requirement, i.e., file type detector and content analysis. CS-1001
`
`14:58-60; 16:16-19. Hypponen expressly discloses the step of “scanning said
`
`[downloadable] file to determine whether or not the file contains a macro,” which
`
`is an express disclosure of the “two alternative possibilities” limitation. CS-1005
`
`2:35-36 (emphasis added). Thus, it is not necessary for the Board to construe the
`
`term here, as the cited prior art discloses determining….whether the downloadable-
`
`information includes executable code under any reasonable interpretation.
`
`
`
`
`7
`
`

`

`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`
`
`
`
`Finjan’s Arguments That Hanson Does Not Include “Receiving
`Downloadable-Information” Lack Merit
`Finjan Attacks Disclosure Of Hanson That The Petition Did
`1.
`Not Use
`The Petition’s invalidity analysis relied on Hanson’s disclosure of data
`
`packet coming from the servers and going to the client. Pet. 39.
`
`The Petition establishes that the data packets coming from the servers and
`
`going to the clients are shown in the embodiment of Hanson’s Figure 7. Pet. 45-
`
`46.
`
`The Petition at pages 46-47 then quotes from the Hanson reference,
`
`including a quote that establishes that the “[t]he reply packet may also be
`
`an unsolicited data packet” destined for the client and reproduces Figure 7. Pet.
`
`46-47.
`
`Thus, the Petition establishes that Hanson protects against executables in
`
`received data packets and relies on Figure 7 to show that receiving…
`
`downloadable-information is met by bastion server receiving the reply (or
`
`unsolicited) packets from the server and destined for the client.
`
`In contrast, Finjan’s first argument that Hanson does not include receiving
`
`downloadable-information is directed to packets going in the opposite direction
`
`from the Petition’s analysis—a request for resources to the server from the client:
`
`“Indeed, requests for server resources are not Downloadables, or downloadable-
`
`
`
`
`8
`
`

`

`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`
`information, because requests are not ‘data that can be downloaded and that may
`
`or may not include executable code.’” POR 23 (emphasis in original). The Board
`
`should reject Finjan’s re-writing of Petitioner’s Ground 1.
`
`2.
`
` Finjan Does Not Apply Its Proposed Construction of
`“Downloadable-Information”
`Finjan’s second argument fails to even apply its proposed construction of
`
`“downloadable-information.” Specifically, when Finjan does address the
`
`disclosure relied on by Petitioner – i.e., that receiving… downloadable-information
`
`is met by bastion server receiving the reply (or unsolicited) packets from the server
`
`– Finjan argues the “bastion server is on the server-side of the external network
`
`that separates the server and the client … [and therefore] reply data packets
`
`received at the bastion from a server are not downloadable-information.” POR 24.
`
`However, Finjan’s proposed construction of downloadable-information
`
`requires only that the information be “downloaded from a source computer”,
`
`without regard to whether that source computer be in “an external network”. Yet,
`
`Finjan’s analysis adds a further and unsupported limitation to its proposed
`
`construction. Hanson discloses that downloadable-information (reply or
`
`unsolicited packets) is received from server 20 which is a “source computer”, and
`
`thus meets Finjan’s proposed claim construction.
`
`In addition, Finjan’s argument that Hanson’s outgoing data packets cannot
`
`include downloadable-information is refuted by the fact that the received packets
`
`9
`
`
`

`

`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`
`in Hanson contain Java applets and ActiveX controls (CS-1004 pp. 12-13), which
`
`are the same examples of “downloadable-information” that the ‘633 Patent
`
`discloses. CS-1001 2:28-33.
`
`Finjan’s Arguments That Claim 14 Is Valid Over Ground 1 Fails
`
`Finjan asserts several arguments that Claim 14 is valid, but none find
`
`support in the record.
`
`1.
`
`The Petition Properly Sets Forth a Single Reference
`Obviousness Challenge to Claim 14
`Finjan asserts that the Petition does not include an allegation that Hanson
`
`needs to be modified to invalidate Claim 14. POR 15. Ground 1 includes that
`
`Claim 14 is invalid as being obvious over Hanson, alone, or in view of Hypponen
`
`and the Petition includes an analysis that identifies where each element of Claim
`
`14 is found in Hanson, pursuant to 37 C.F.R 42.104(b)(2). This establishes that
`
`Claim 14 is at least obvious over Hanson alone. Ground 1 is thus fully supported
`
`as a single reference obviousness rejection.
`
`2. Hanson Discloses Each Limitation Recited In Claim 14
`Finjan asserts two arguments why Hanson does not disclose each limitation
`
`in Claim 14. Specifically, Finjan asserts: (1) Petitioner did not show that Hanson
`
`does not modify the executable code, and (2) Hanson is not enabled, and to the
`
`extent that Hanson is comprehensible, Hanson teaches modifying the executable
`
`code.
`
`
`
`
`10
`
`

`

`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`
`
`a. Hanson expressly discloses that the downloaded executable
`code is not modified.
`Finjan does not argue that Hanson affirmatively discloses modifying the
`
`executable code in the received downloadable-information before the
`
`downloadable-information is sent to the destination. Instead, Finjan asks that
`
`Petitioner prove the negative, i.e., prove that Hanson discloses that executable code
`
`in the downloadable-information is not modified before being sent to the
`
`destination. Even if that is the test (which it is not), Hanson is clear that the
`
`executable code in the received downloadable-information is the same executable
`
`code that is sent to the destination and run at the client (e.g., that “the”
`
`downloadable is run “simultaneously” with the security program), and so by
`
`definition it is not modified (or it would not be the same).
`
`The Petition at pages 55-56 describes that Hanson discloses that the security
`
`program for a Java applet is sent to the destination with the applet to “protect
`
`against destructive or illegal operations if the data packet includes a Java applet”
`
`and expressly describes that the security program is “run simultaneously” with the
`
`received applet to prevent destructive operations of the applet. CS-1004 p. 12 ll. 8-
`
`18.
`
`Hanson does not describe that a “modified” applet is run, instead, it
`
`discloses that “the applet intended for the recipient is run,” i.e., the applet received
`
`at the Bastion server and recommunicated (unmodified) to the client. Id.
`
`11
`
`
`

`

`
`
`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`Likewise, with respect to ActiveX programs, the Petition at page 56
`
`describes that “Hanson similarly describes a ‘security.ocx’ program is transmitted
`
`to the client to stop destructive and illegal operations if the data packet is or
`
`includes and ActiveX program.” Specifically, Hanson discloses that the security
`
`program is attached to “an ActiveX program destined for a client or server”,
`
`and confirms that it is this received program (without modification) that is run at
`
`the destination. CS-1004 p. 13, ll. 3-12.
`
`Again, the Hanson disclosure quoted above does not say that a “modified”
`
`ActiveX program is run. Likewise, it discloses that if “the” ActiveX program
`
`attempts an operation that is destructive to the host client or server, the
`
`“security.ocx” stops execution and warns the client or server user that the ActiveX
`
`program attempted an illegal operation destined for a client or server.
`
`Moreover, Hanson’s disclosure of protective mechanisms – i.e., that illegal
`
`operations are overridden or execution of the downloadable program is stopped –
`
`are the same mechanisms described by the ‘633 patent to “intercept” undesirable
`
`operations. CS-1001 3:14-16, 17:28-42. Thus, like the mobile protection code in
`
`the ‘633 Patent, Hanson allows the original, unmodified executable program to run
`
`with the understanding that the security program then monitors the operation of
`
`the unmodified executable program, and stops or overrides the operation if it is
`
`
`
`
`12
`
`

`

`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`
`destructive. There is no need for the code of the executable program to be
`
`modified.
`
`During his deposition, Dr. Clark identified Claim 10 of Hanson for support
`
`that the executable code is not modified. CS-1027 p. 64:15-65:4 Claim 10 recites
`
`tagging a security program onto the received specific program, and performing the
`
`security check program simultaneously with the specific received program:
`
`10. The method of Claim 1, further comprising:
`tagging a security program onto the received data packet, if a specific
`program exists within the received data packet; and
`performing the security check program simultaneously with the
`specific program of the received data packet at said second server.
`CS-1004 p. 15.
`
`Thus, because Hanson’s Claim 10 expressly discloses performing the
`
`“security check program” simultaneously with “the specific program of the
`
`received data packet” (as opposed to a “modified” specific program”), Hanson
`
`discloses that the specific program of the recited data packet is not modified before
`
`it is sent to the destination address. Thus, the security programs described in
`
`Hanson meet the limitation that “the claimed executable code is not modified prior
`
`to being processed by the mobile protection code at the destination.”
`
`b. Finjan Did Not Overcome The Presumption That Hanson
`Is Enabled For The Purposes Of Claim 14
`
`
`
`
`13
`
`

`

`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`
`
`Finjan bears the burden of proving non-enablement of Hanson. Edmund
`
`Optics, Inc. v. Semrock, Inc. IPR2014-00599 (Paper 72, pp. 27-29.)
`
`A reference contains an “enabling disclosure” if the public was in possession
`
`of the claimed invention before the date of invention. “Such possession is effected
`
`if one of ordinary skill in the art could have combined the publication’s description
`
`of the invention with his [or her] own knowledge to make the claimed invention.”
`
`In re Donohue, 766 F.2d 531(Fed. Cir. 1985). It is not necessary for the reference
`
`to teach one of ordinary skill how to practice the invention, i.e., how to make or
`
`use the article disclosed. If the reference teaches every claimed element of the
`
`article, secondary evidence, such as other patents or publications, can be cited to
`
`show public possession of the method of making and/or using. In re Donohue, 766
`
`F.2d at 533.
`
`“Even if a reference discloses an inoperative device, it is prior art for all that
`
`it teaches.” Beckman Instruments v. LKB Produkter AB, 892 F.2d 1547, 1551,
`
`(Fed. Cir. 1989). Therefore, “a non-enabling reference may qualify as prior art for
`
`the purpose of determining obviousness.” Symbol Techs. Inc. v. Opticon Inc., 935
`
`F.2d 1569, 1578 (Fed. Cir. 1991).
`
`During the cross-examination of Dr. Medvidovic, it became obvious that Dr.
`
`Medvidovic did not dispute the disclosure of Hanson, rather he considered it to be
`
`“wrong”:
`
`
`
`
`14
`
`

`

`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`
`
`Q Hansen describes two-way data communication using data packets;
`isn’t that correct?
`A It does.
`Q Okay. The data packets can include programs; isn't that correct?
`A That's where I would vociferously disagree with Hansen. I think
`Hansen is completely wrong about how it characterizes data
`packets. Data packets can contain small portions of programs. They
`certainly cannot contain entire – unless they're super tiny programs.
`Q I mean, Hansen does say the data packets either are or can include
`programs; isn't that correct?
`A Hansen certainly says that, but it's wrong.
`Q Okay. The programs can include Java applets; isn't that correct?
`A Sure.
`Q Okay. The programs can include ActiveX controls; right?
`A Or they can be ActiveX controls. Sure.
`CS-1028 58:24-59-19.
`
`Because, Dr. Medvidovic believes Hanson is “wrong”, he describes a
`
`process that is divorced from the disclosure of Hanson to show that tagging a
`
`security program to a Java applet could “modify” the executable code of the applet.
`
`POR 30-34. However, the example he provided does not show that the Java applet
`
`needs to be “modified”. To the contrary the example provided shows that a POSA
`
`knew how to write an applet that would call a program (such as security.class) to
`
`implement the method described in Hanson. A POSA understood that applets
`
`routinely called security.class programs in order to implement security measures,
`
`
`
`
`15
`
`

`

`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`
`and that a POSA understood that there was not requirement to “modify” an applet
`
`to carry out the teachings of Hanson. CS-1024 ¶¶2-5. And Dr. Mevidovic
`
`provided no example of an ActiveX controls that would be modified before
`
`execution at the downloadable destination.
`
`Moreover, Hanson describes “tagging” or “attaching” sufficient for a POSA
`
`to package the security code and downloaded executable for delivery to the
`
`downloadable-destination without modifying the code of the executable.
`
`A POSA understood that tagging means simply associating the security.class
`
`program with the applet. CS-1027 69:2-14. Indeed, Hanson suggests that
`
`attachment techniques were well known to a POSA, when it states “[i]t can be
`
`appreciated to those of ordinary skill in the art that the attachment of security
`
`programs … can be extended to provide various levels of security and protection
`
`against various types of data being transmitted.” CS-1004 p. 13.
`
`In fact, the ‘633 Patent describes one well-known method for attaching
`
`mobile protection code to downloadable-information is “concatenation,” and
`
`expressly discloses that concatenation can be used for Java applets and ActiveX
`
`controls. CS-1001, 11:13-18.
`
` Finjan’s Dr. Medvidovic admitted that “concatenation” is a well-known
`
`technique to transfer two things such as the security program and the executable
`
`code as a pair when sending packets. See CS-1028, 55:18-56:8 (confirming
`
`
`
`
`16
`
`

`

`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`
`concatenation is “well-known in the art” and “[t[here are many different ways you
`
`can do that”).
`
`Petitioner’s Dr. Clark also confirmed that concatenation is a conventional
`
`method. For example, it was well known in the art to package downloadables
`
`(whether having executable code or not) with executable code for enforcing some
`
`policy applicable to the downloadable, such as by concatenating enforcement code
`
`with the downloadable and provides the example of PCT application
`
`PCT/US99/17647 to Senator et al (Exhibit CS-1025). CS-1024 ¶6.
`
`As a result, a POSA fully understood how to attach or tag the mobile
`
`protection code to the Java applet and ActiveX control without modification of the
`
`executable code of the applet or ActiveX control and, thus, no further explanation
`
`was required in Hanson to enable this feature.
`
`While the POR includes additional arguments regarding Hanson’s disclosure
`
`of “simultaneously” and “providing a system”, they are based on Finjan’s
`
`disagreement with Hanson’s disclosure, which cannot overcome what is expressly
`
`disclosed.
`
`Factual Issues Identified by the Board In The Institution Decision
`
`In the Institution, the Board identified two factual issues as “problematic”
`
`for Claims 1-4, 8, 11-13.
`
`
`
`
`17
`
`

`

`Petitioner’s Reply to Patent Owner’s Response IPR2018-00391
`
`
`
`First, the Board stated that it is not persuaded that Hanson alone teaches
`
`“whether the downloadable-information includes executable code”, when it
`
`construes the term to include the “two alterative possibilities” limitation (discussed
`
`above). As an initial matter, as discussed above (§§ II, III.A.3), Finjan did not
`
`reassert this argument in the POR and thus has waived this issue. The likely
`
`reason that Finjan abandoned this position is that it would be inconsistent (and
`
`perhaps fatal) to its litigation positions, as discussed above, given that