Fortinet Inc v. Sophos Inc

1. Case Identification

• Case #: IPR2015-00619
• Patent #: 8,607,347
• Filed: January 23, 2015
• Petitioner(s): Fortinet Inc.
• Patent Owner(s): Sophos Inc.
• Challenged Claims: 1, 2, 5, 7, 9, 13, 17, 19, and 21

2. Patent Overview

• Title: Network Stream Scanning Facility
• Brief Description: The ’347 patent discloses a system and method for protecting client machines from malicious content. The system utilizes a network device that receives a content request, performs a "source lookup" against a database of known sources, retrieves the content, performs a "checksum lookup" on that content against a malware database, and then takes action based on the results of one or both lookups.

3. Grounds for Unpatentability

Ground 1: Anticipation - Claims 1, 2, 5, 7, 13, 17 & 19 are anticipated by Touboul.

• Prior Art Relied Upon: Touboul (Patent 6,804,780).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Touboul, which describes a network security system for protecting against malicious downloadable software, discloses every limitation of the challenged claims. Touboul’s system receives a request for downloadable content (network content) at a security system (scanning facility). It performs a URL comparison against a database of trusted/untrusted URLs (source lookup) and also generates a "downloadable ID" by calculating a digital hash of the content, which is then compared against a database of known downloadable IDs (checksum lookup). Based on these comparisons, a logical engine determines whether to block or allow the content.
  • Key Aspects: The central assertion for this ground is that Touboul’s "downloadable ID," described as a digital hash of the content, meets the ’347 patent’s "checksum" limitation under its Broadest Reasonable Interpretation (BRI).

Ground 2: Obviousness over Touboul and Curnyn - Claims 1, 2, 5, 7, 9, 13, 17, 19 & 21 are obvious over Touboul in view of Curnyn.

• Prior Art Relied Upon: Touboul (Patent 6,804,780) and Curnyn (Application # 2008/0077995).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground was presented as an alternative to Ground 1. Petitioner asserted that if Touboul’s "downloadable ID" is not considered a "checksum," Curnyn explicitly teaches calculating "digests, also known as checksums," on network content to identify spam or malware. Curnyn further teaches using blacklists for URL filtering, which Petitioner argued renders claims 9 and 21 obvious.
  • Motivation to Combine: A POSITA would combine these references for several reasons. First, it would have been a simple and predictable substitution of one known element (Curnyn’s explicit checksum) for a similar element (Touboul’s downloadable ID) to achieve the same result. Second, a POSITA would have been motivated to add Curnyn's explicit teaching of URL blacklists to Touboul's URL database to enhance its filtering capabilities by providing an additional, well-known data source for comparison.
  • Expectation of Success: Success was expected because both references operate in the same field of network security and use similar techniques, making the combination a routine modification that would predictably improve Touboul’s system.

Ground 3: Obviousness over Curnyn - Claims 1, 2, 5, 7, 9, 13, 17, 19 & 21 are obvious over Curnyn.

• Prior Art Relied Upon: Curnyn (Application # 2008/0077995).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Curnyn alone renders the claims obvious. Curnyn discloses a Content Security Gateway (CSG) that analyzes streamed content like emails and webpages. It performs URL filtering using whitelists and blacklists (source lookup) and also calculates "message digests," which it explicitly defines as "checksums," to identify unwanted content (checksum lookup). The CSG is located between the subscriber and the internet, receives content requests, and takes action to block or allow content based on its analysis.
  • Motivation to Combine: While Curnyn describes source and checksum lookups for different content types (webpages vs. email), Petitioner argued a POSITA would have been motivated to apply both techniques to all content streams. Curnyn itself suggests that its email processing methods can be applied to web content. Combining these known techniques within Curnyn's system would have been an obvious way to create a more robust, multi-layered defense against malware, a key goal in the field of network security.
  • Expectation of Success: A POSITA would have had a high expectation of success because Curnyn provides all the necessary components and explains that combining multiple filtering techniques improves throughput and security, echoing the purported benefits of the ’347 patent.

4. Key Claim Construction Positions

• "networked": Petitioner proposed a BRI of "part of the scanning facility or connected to the scanning facility through a network." This broad construction was argued to be supported by the specification and was necessary to show that the source and checksum lookup databases in the prior art, which may be integral to the security device, still meet the "networked" limitation.
• "checksum": Petitioner proposed a BRI of an "identifier derived from at least a portion of content." This construction was based on the specification's lack of a specific algorithm and was argued to be consistent with the term's common meaning in computer security. This broad definition was critical for Petitioner's argument that Touboul’s "downloadable ID," a digital hash, constituted a "checksum."

5. Relief Requested

• Petitioner requested institution of an inter partes review and cancellation of claims 1, 2, 5, 7, 9, 13, 17, 19, and 21 of the ’347 patent as unpatentable.