Trials@uspto.gov
`571-272-7822
`
`Paper9
`Entered: January 14, 2016
`>
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`SYMANTEC CORP.,
`Petitioner,
`
`v.
`
`FINJAN,INC.,
`Patent Owner.
`
`Case IPR2015-01547
`Patent 8,141,154 B2
`
`Before THOMASL. GIANNETTI, RICHARD E.RICE,and
`MIRIAM L. QUINN Administrative Patent Judges.
`
`QUINN,Administrative Patent Judge.
`
`DECISION
`DenyingInstitution of Inter Partes Review
`37 CFR. § 42.108
`
`
`571-272-7822
`
`Paper9
`Entered: January 14, 2016
`>
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`SYMANTEC CORP.,
`Petitioner,
`
`v.
`
`FINJAN,INC.,
`Patent Owner.
`
`Case IPR2015-01547
`Patent 8,141,154 B2
`
`Before THOMASL. GIANNETTI, RICHARD E.RICE,and
`MIRIAM L. QUINN Administrative Patent Judges.
`
`QUINN,Administrative Patent Judge.
`
`DECISION
`DenyingInstitution of Inter Partes Review
`37 CFR. § 42.108
`
`
`
`IPR2015-01547
`Patent 8,141,154 B2
`
`Symantec Corp.(‘Petitioner’) filed a Petition to institute inter partes
`
`review of claims 1~12 of U.S. Patent No. 8,141,154 B2 (“the ’154 patent”)
`
`pursuant to 35 U.S.C. § 311-319. Paper 1 (‘‘Pet.”). Finjan, Inc. (“Patent
`
`Owner”) timely filed a Preliminary Response. Paper 8 (“Prelim. Resp.”).
`
`We havejurisdiction under 35 U.S.C. § 314.
`
`For the reasonsthat follow, we denythe Petition.
`
`I.
`
`BACKGROUND
`
`A. RELATED MATTERS
`
`Petitioner identifies that the patent-at-issue is the subject matter of a
`
`district court case filed in the U.S. District Court for the Northern District of
`
`California (Case No. 3:14-cv-02998-RS). Pet. 1. Petitioner also states that
`
`petitions for inter partes review have beenfiled regarding patents at issue in
`
`the foregoinglitigation. Id.
`
`B. ASSERTED GROUNDS
`
`Petitioner contendsthat claims 1-12 (“the challenged claims”) are
`unpatentable under 35 U.S.C. § 102 and § 103 based onthe following
`specific grounds:
`
`Reference[s]
`Basis Claimschallenged |
`
`Ros! ft Ss
`
`
`
`
`' Patent Application Pub. No. US 2007/0113282 (Exhibit 1002) (“Ross”).
`2
`
`
`
`IPR2015-01547
`Patent 8,141,154 B2
`
`
`
`
`
`Reference[s]
`Basis Claimschallenged
`Ross and Calder’
`§ 103
`9 and 12
`
`
`
`CalderandSirer*
`
`§ 103
`
`C. THE ’154 PATENT (Ex. 1001)
`
`The °154 patent relates to computer security, and, more particularly,
`
`to systems and methodsfor protecting computers against malicious code
`
`such as computer viruses. Ex. 1001, 1:7—9; 8:38-40. The ’154 patent
`
`identifies the components of one embodimentof the system as follows: a
`
`gateway computer, a client computer, and a security computer.
`
`/d. at
`
`8:45-47. The gateway computerreceives content from a network, such as
`
`the Internet, over a communication channel.
`
`/d. at 8:47—-48. “Such content
`
`may be in the form of HTML pages, XML documents, Java applets and
`
`other such webcontentthat is generally rendered by a web browser.” /d. at
`
`8:48-51. A content modifier modifies original content received by the
`
`gateway computer and produces modified content that includes a layer of
`
`protection to combat dynamically generated malicious code. Jd. at 9:13-16.
`
`_
`
`* Patent Application Pub. No. US 2002/0066022 Al (Exhibit 1003)
`(“Calder’’).
`* Sirer et al., Design and Implementation ofa Distributed Virtual machine
`for Networked Computers, (1999) (Exhibit 1004) (“‘Sirer’).
`3
`
`
`
`IPR2015-01547
`Patent 8,141,154 B2
`
`D. ILLUSTRATIVE CLAIM
`
`Challenged claims 1, 4, 6, and 10 are independent,andillustrative
`
`claim 1 is reproduced below.
`
`1. A system for protecting a computer from dynamically generated
`malicious content, comprising:
`a content processor(i) for processing content received over a network,
`the content includinga call to a first function, and the call including an
`input, and(ii) for invoking a second function with the input, only ifa
`security computer indicates that such invocationis safe;
`a transmitter for transmitting the input to the security computer for
`inspection, whenthefirst function is invoked; and
`a receiver for receiving an indicator from the security computer
`whetherit is safe to invoke the second function with the input.
`
`Il.
`
`ANALYSIS
`
`A. CLAIM INTERPRETATION
`
`The Boardinterprets claims using the “broadest reasonable
`
`construction in light of the specification of the patent in which [they]
`
`appear[].”. 37 C.F.R. § 42.100(b). We presumethat claim terms havetheir
`
`ordinary and customary meaning. See Jn re Translogic Tech., Inc., 504 F.3d
`
`1249, 1257 (Fed. Cir. 2007) (“The ordinary and customary meaningis the
`
`meaning that the term would have to a person of ordinary skill in the art in
`
`question.”’).
`
`Petitioner proposed a construction for one term: “dynamically
`
`generate[d]”. See Pet. 14-15. Patent Owner submitted that the term has a
`
`plain and ordinary meaning understood to a person of ordinary skill in theart
`
`and that no construction is needed. Prelim. Resp. 7-9. We do not need to
`
`construe a proposed term if the construction is not helpful in our
`
`4
`
`
`
`IPR2015-01547
`Patent 8,141,154 B2
`
`determination of whetherto institute trial. Because the construction of the
`
`term “dynamically generate[d]” is not germaneto our determination whether
`
`to institute trial, we will not consider either of the parties’ arguments. No
`
`term will be construed.
`
`B. GROUNDS BASED ON ROSS, AND ROSS IN COMBINATION WITH
`CALDER
`
`Petitioner asserts three groundspredicated on, at a minimum, Ross
`
`disclosing the limitation identified in the Petition as limitation “[A].”
`
`Pet. 12 (identifying overlapping limitations in the four independentclaims),
`
`18-20 (describing Petitioner’s contention regarding Ross’s disclosure of
`
`limitation 1[A] and 4[A]); 27-28 (stating Petitioner’s contention that for
`
`claims 6 and 10, limitations are “substantially similar” with the exception of
`
`limitations [B2], [E2], and [G]). Limitation [A] in claim 1 recites “a content
`
`processor(i) for processing content received over a network, the content
`
`including a call to a first function, and the call including an input...” Ex.
`
`1001, 17:34-36. We do not agree with Petitioner that Ross discloses this
`
`limitation for, at least, the reasons discussed below and outlined by Patent
`
`Ownerin the Preliminary Response. See Prelim. Resp. 12-15.
`
`I. Overview ofRoss (Exhibit 1002)
`
`Ross describes one embodiment where a device receives and
`
`processes “data content havingat least one original function call [and it]
`
`includes a hook script generator and a script processing engine.” Ex. 1002
`
`q 10. One such device is depicted in Figure 2, reproduced below.
`
`
`
`IPR2015-01547
`Patent 8,141,154 B2
`
`A
`
`()
`
` :
`
`240
`DETECTION ENGINE
`242
`SCRIPT INJECTOR
`BROWSERPLUG-IN
`
`244
`
`HOOK SCRIPT GENERATOR
`
`
`
`202
`
`CLIENT
`SERVER
`
`
`220
` 250
`DISPLAY
`
`
`
`
`
`
`
`
`
`230
`TRANSCEIVER
`232
`PROCESSOR
`234
`PROCESSOR
`MEMORY
`
`|
`
`224
`SCRIPT
`PROCESSING
`ENGINE (WEB
`BROWSER
`
`
`
`252
`PROCESSOR
`
`254
`PROCESSOR
`MEMORY
`
`
`
`
`|
`
`KEYBOARD
`
`
`246
`COMMUNICATION OBJECT
`
`FIG 2
`
`Figure 2 showsa client network device (client 202) and a server
`
`network device (server 204) communicating with each other over
`
`communication network 208 to exchange information including web
`
`content. Jd. at J] 16, 23. Figure 2 depicts web browser 224 and detection
`
`engine 240at the client, but in other embodiments detection engine 240 may
`
`be physically located away from client 202. Jd. at 26. Detection
`engine 240 includesscript injector 242 to intercept incoming data content
`and introduce the incoming datato script-processing engine 224. Id. “Hook
`
`script generator 244 creates new functions, including constructor functions,
`
`whichreplace the standard JavaScript functions.” /d.
`
`2. Discussion
`
`Petitioner contends that Ross’s script-processing engineis the recited
`
`content processorthat receives content over a network. Pet. 18-19 (citing
`
`6
`
`
`
`IPR2015-01547
`Patent 8,141,154 B2
`
`Ex. 1002 [ff 23, 26, 34, Figs. 2, 4-6). Petitioner also contends that the
`
`“content processed by the script processing engine includes a hook script
`
`having one or more hook functions,” thereby disclosing the recited “first
`
`function.” Jd. at 19 (citing Ex. 1002 Jf 38, 31, 33, 34; and the Davidson
`
`Declaration Ex. 1010 979). That is, the Petition states that the script
`processing engine receives content over a network and also receives a hook
`script. The claims require, however, that the content received by the content
`
`processor includea “call to a first function.” And according to Patent
`
`Owner, with which weagree in this regard, Ross doesnot disclose that the
`
`hook function (or “first function’) is in content received over a network.
`Prelim. Resp. 12.
`|
`Weare persuaded by Patent Owner’s argumentthat, in the
`
`embodimentsidentified in the Petition, the hook script generator generates
`
`the hook function, which is loaded separatefrom data content 602 thatis
`received over the network. Prelim. Resp. 14 (pointing out Ross’s disclosure
`of the hook generator embodiments disclosed in Figures 2 and 6). In
`
`particular, Patent Owneraddresses Ross’s disclosure of the method where
`
`the hook function is loadedinto the script processing engine, then data
`content 602 is loaded into the script processing engine, and,finally,
`
`executing a hook function whenthe corresponding original function is called
`
`in data content 602. Jd. at 14-15 (relying on Ex. 1002 4 38). Neither the
`
`Petition (see Pet. 18—20) nor the Declaration of Mr. Davidson, at the cited
`paragraph 79, explain how Ross’s data content received over a networkalso
`
`includes the hook functionsalleged to be the recited “first function,” which
`
`must be included in the content received over a network.
`
`7
`
`
`
`IPR2015-01547
`Patent 8,141,154 B2
`
`Accordingly, and forat least the above-identified reason, we are not
`
`persuaded that Petitioner has demonstrated a reasonable likelihood of
`
`prevailing in its contention that independentclaims 1, 4, 6, and 10 are
`
`unpatentable over Ross,either as anticipated (claims 1 and 4) or obvious
`
`(claims 6 and 10). Petitioner relies on Calder in combination with Ross to
`challenge as unpatentable dependentclaims 9 and 12, but doesnotassert that
`Calder remedies any of the Ross deficiencies noted above. Consequently,
`
`wealso are not persuaded that Petitioner has demonstrated a reasonable
`
`likelihood of prevailing in its contention that any of the challenged
`
`dependent claims are unpatentable over either Ross or the combination of
`
`Ross and Calder.
`
`C. GROUND BASED CALDER AND SIRER
`
`Petitioner asserts one ground predicated on,at least, Calder.
`
`1. Overview of Calder (Ex. 1003)
`Calder describes a distributed computing system, which includes a
`pre-processing module that prepares a software package for execution on
`
`any numberof client computers. Ex. 1003 J 77; Fig. 1. Application
`
`package 115 is a modified software application that is adapted to each client
`
`computer 140. /d. Calder further describes that application package 115 is
`
`sent to server 120 after being processed by the pre-processor module.
`
`/d. at
`
`4 85. “Application package 115 is electronically transferred from a server
`
`120, which can be an independently networked computer, across the
`
`network 130, and into any numberofclient computers 140.” Jd. at 9 77.
`
`Figure 4, reproduced below,depicts a virtualized execution environment.
`
`
`
`IPR2015-01547
`Patent 8,141,154 B2
`
`SECURE EXECUTION
`
`PREPROCESSED
`APPLICATION
`
`/ 405
`
`/. ato
`APPLICATION
`MANAGER
`
`41s
`
`INTERCEPTED|~“9
`SYSTEM CALLS
`
`-
`
`(RESOURCES, FILES, DATA, NAMES
`
`425
`430
`2435
`yi
`as
`te
`RESOURCE
`
`ALLOCATION|VIRTUALIZED|VIRTUALIZED VIRTUALIZED VIRTUALIZED Aerie
`
`AND REGISTRY|FILESYSTEM
`
`DEALLDCATION
`ENVIRONMENT
`NETWORK
`INTERFACES
`nnsSYSTEM
`
`INTERFACE
`
`SYSTEM
`DLL's
`
`340
`RESOURCE
`ALLOCATION
`AND
`DEALLOCATION
`
`350
`
`2 360
`
`370
`
`» 380
`
`4 390 .
`
`REGISTRY
`
`FILE
`SYSTEM
`
`OTHER
`ENVIRONMENT
`
`en
`
`N
`
`ORK
`
`GRAPHICS
`INTERFACES
`
`Figure 4 showsthat system resources are controlled by using virtual
`
`layer 415 to intercept application programming interface (API) routines that
`
`utilize these resources. Jd. at { 86. System calls made by application 405
`
`are intercepted by an interception module, whichis part of virtual layer 415.
`
`Id. at ¥ 87.
`To create application package 115, binaries are rewritten to remove
`improper sequences. Jd. at { 93. Improper functions or sequences are
`
`defined by a predefinedlist. /d. at ] 95. If no improper sequencesare
`
`identified, the import table of binaries is rewritten to reference the
`
`interception module.
`
`/d. at 97. An import table lists all of the dynamically
`
`linked libraries (DLLs) that are used by application 405. Jd. at § 98. The
`
`processofinitializing and patching the DLLs involves loading and running
`
`the DLL for the intercept module, which patches and intercepts all the DLL
`
`calls before any of the application package’s codeis executed. Id. JJ 98,
`
`104.
`
`
`
`IPR2015-01547
`Patent 8,141,154 B2
`
`In addition to intercepting DLLcalls, the interception module
`
`virtualizes a suite of network request routines in response to application 405
`
`invoking the routines. Jd. at ¢ 122. The interception module also intercepts
`
`all of the file system requests by application 405. Jd. at § 125. In particular,
`Calder describes that in responseto an invocation of a routine to openafile,
`the system determines whetherthefile is an approvedfile, and,if it is, the
`process proceeds without modifying the call. Jd. at § 134. If the file in
`
`question doesnot exist or does not contain executable code, the process
`returns to execute the original system request, with the unmodified and —
`modified parameter and the handle. /d. at J 135.
`|
`2. Discussion
`
`Petitioner contends that Calder teaches or suggests the limitations of
`
`the challenged claims, except for the “remotely located ‘security computer’
`
`for performing the inspection and evaluation of the hooked functions and
`
`inputs,” for which Petitioner relies on Sirer. Pet. 39. Patent Owner
`
`challenges Petitioner’s contentions based on multiple bases. Prelim. Resp.
`
`29-34. In particular, Patent Ownerarguesthat Petitioner has not shownthat
`
`Calder’s system calls are “function calls,” that the system calls identified as
`
`“first function calls” do not meet the claim language, and that Petitioner has
`
`not shownthat Calder teaches the “second function”limitations. Jd. at 31—
`
`32. We agree with Patent Ownerthat Petitioner has not met its burden based
`
`on the issues identified above.
`
`In particular, Petitioner identifies as “function calls” Calder’s system
`calls or certain interrupt calls. Pet. 44. The original calls in the application
`packageare replaced, accordingto Petitioner, with “calls to a virtual layer
`
`10
`
`
`
`IPR2015-01547
`Patent 8,141,154 B2
`
`through ‘modified routines’ (i.e., a call to a first function).” Jd. Further to
`
`this point, Petitioner also identifies the original calls as first function calls.
`
`Id. These are two different embodimentsof “calls” alleged to be a “first
`
`function call.” More importantly, however, there is little credible
`
`explanation that system calls are “function calls.” The assertion, by
`
`Petitioner’s declarant, that “intercepting a system call is conceptually
`
`equivalent to intercepting a function call” is conclusory. See Prelim. Resp.
`
`29 (referring to the Declaration of Davidson, Ex. 1010 4 125). The Petition
`
`fails to explain how Calder’s system calls, and all other identified calls,
`
`teach or suggest “function calls.” The interception of system calls and
`function calls may be “conceptually equivalent,” but this statement says
`
`~
`
`nothing about whether“system calls” and “function calls” are also
`
`equivalent, conceptually or otherwise.
`
`Further, the Petition is deficient in showing howall the various Calder
`
`embodiments alleged to teach or suggest function calls equate to the recited
`
`first and second function calls, and their corresponding inputs, for each
`
`claim. For example, for claims 1, 4, 6, and 10, the Petition identifies as first
`functions (1) a call to a virtual layer and (2) an original call, such as “the
`invocation of an open/create routine.” Pet. 44. The Petition subsequently
`
`identifies “the underlying intercepted system call” as the “second function”
`
`recited in claims 1 and 4, referring to the embodimentofintercepting
`
`network access requests and determining whethera socketis on thelist of
`
`allowable sockets. Pet. 50. Claims 1 and 4 require, however, the same input
`for the first function and the second function, as the claimsrecite “the
`
`content including a call to a first function, and the call including an input,”
`
`11
`
`
`
`IPR2015-01547
`Patent 8,141,154 B2
`
`and “a second function with the input.” We discern no attempt in the
`Petition to identify the recited functions with the appropriate inputs recited
`
`in these claims. Furthermore, we agree with Patent Ownerthat Petitioner
`
`fails to explain how Calder invokes “the second function” because it has
`
`alleged only that the intercepted system call is not performed. Prelim. Resp.
`
`31.
`
`. For claims 6 and 10, a similar problem emerges. ThePetition alleges
`that the invoked second function with a modified input variable is the
`“original system call” with “modified parameters.” Pet. 52 (relying onfile
`
`request routines and Figure 14). Thereis insufficient indication that the
`
`second functioncall, i.e., Calder’s “original system call,” is any different
`
`than the first function call, which was alleged to be also an originalcall,
`
`such as the invocation of an open/create routine. Likewise, there is no
`
`distinction between the “input variable”for the first function, and the
`
`“modified input variable” for the second function. The Petition either does
`
`not address the particulars or provides convoluted references to Calder’s
`
`various embodimentsso that Petitioner’s contentions on this matter are
`
`rendered intractable. In this last regard, given the complexity and breadth of
`
`the asserted prior art references, we find that the Petition lacks a cogent
`
`presentation and adequate explanations of how the numerous,cited Calder
`
`embodiments, presented in piecemeal fashion,tie to the claims. See 37
`
`C.F.R. §§ 42.22(a)(2) 42.104 (b)(4),(5).
`
`Accordingly, we are not persuaded that Petitioner has shown
`
`sufficiently a reasonable likelihood of prevailing in its contention that claims
`
`1, 4, 6, and 10 are unpatentable as obvious over Calder and Sirer. Petitioner
`
`12
`
`
`
`IPR2015-01547
`Patent 8,141,154 B2
`
`does not assert Sirer as making up for the deficiencies noted above.
`
`Therefore, we determine that Petitioner has not shown a reasonable
`
`likelihood of prevailing in its contention that claims 2, 3, 5, 7-9, 11, and 12
`
`are unpatentable over the Calder-based grounds.
`
`Il.
`
`CONCLUSION
`
`Forthe foregoing reasons, we do notinstitute inter partes review of
`the °154 patent.
`
`IV. ORDER
`
`After due consideration of the record before us,it is
`
`ORDEREDthat the Petition is denied and notrial is instituted.
`
`
`
`IPR2015-01547
`Patent 8,141,154 B2
`
`PETITIONER:
`
`Joseph J. Richetti (Lead Counsel)
`Daniel A. Crowe (Back-up Counsel)
`BRYAN CAVE LLP
`joe.richetti@bryancave.com
`dacrowe@bryancave.com
`
`PATENT OWNER:
`
`James Hannah (Lead Counsel)
`Jeffrey H. Price (Back-up Counsel)
`KRAMERLEVIN NAFTALIS & FRANKEL LLP
`jhannah@kramerlevin.com
`jprice@kramerlevin.com
`
`Michael Kim (Back-up Counsel)
`FINJAN INC.
`mkim@finjan.com
`
`14
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
