McAfee Inc v. Cap Co Ltd

1. Case Identification

• Case #: IPR2015-01855
• Patent #: RE42,196
• Filed: September 2, 2015
• Petitioner(s): McAfee, Inc.
• Patent Owner(s): CAP Co., Ltd.
• Challenged Claims: 1, 3, 5, 8, 10, and 12

2. Patent Overview

• Title: System and method for blocking harmful information online
• Brief Description: The ’196 patent discloses a method for protecting a client computer by automatically downloading, installing, and executing an antivirus module from a web server. This module is designed to block harmful information, such as computer viruses, in real time by inspecting file input/output (I/O) operations for files that are about to be executed.

3. Grounds for Unpatentability

Ground 1: Obviousness over Hodges and Butt - Claims 1, 3, and 12 are obvious over Hodges in view of Butt.

• Prior Art Relied Upon: Hodges (Patent 6,035,423) and Butt (Patent 6,728,964).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Hodges taught the core framework of the challenged claims, including a client-server system for automatically transmitting and executing updated antivirus programs to a client computer. Hodges disclosed that such programs could perform "on-access scanning" to block harmful information in real time. Petitioner asserted that to the extent Hodges did not explicitly teach the specific mechanism for on-access scanning, Butt supplied this missing element. Butt disclosed a real-time antivirus method that worked by "hooking" file I/O routines to intercept file access, scan the file for viruses, and then either treat the file, allow execution, or abort execution by denying access.
  • Motivation to Combine: A Person of Ordinary Skill in the Art (POSITA) would combine these references to improve the well-known antivirus system of Hodges. Hodges taught the benefit of on-access scanning, and Butt provided a specific, known, and predictable method for implementing it through file I/O hooking. Combining Butt’s specific implementation with Hodges's automatic update system was an obvious path to creating a more effective and up-to-date antivirus product.
  • Expectation of Success: A POSITA would have a reasonable expectation of success, as the combination involved applying Butt’s known method for file interception to Hodges’s known antivirus framework, both of which operated in the same technical environment (e.g., Windows operating systems).

Ground 2: Obviousness over Hodges, Butt, and Szőr - Claim 5 is obvious over Hodges and Butt in view of Szőr.

• Prior Art Relied Upon: Hodges (Patent 6,035,423), Butt (Patent 6,728,964), and Szőr (“Memory Scanning Under Windows NT,” Virus Bulletin International Conference, Sept. 1999).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground built upon the combination of Hodges and Butt to address the additional limitation of claim 5, which required checking "current processes running on the client system" for harmfulness. Petitioner argued that Szőr explicitly taught memory scanning techniques to detect "stealth" viruses that hide within the memory space of currently running processes. Szőr disclosed scanning the virtual address space of all running processes to find and terminate malicious code.
  • Motivation to Combine: The motivation was exceptionally strong, as Szőr itself expressly advocated for its combination with on-access scanners like those in Hodges and Butt. Szőr explained that memory scanning was necessary because an on-access file scanner alone could not stop an already-active virus process from re-infecting files. A POSITA would therefore be directly motivated by Szőr to integrate memory scanning into the Hodges/Butt system to create a more comprehensive security solution.
  • Expectation of Success: Success was predictable because Szőr provided a clear technical roadmap for implementing memory scanning alongside existing on-access scanning technologies.

Ground 3: Obviousness over Hodges, Butt, and Levergood - Claims 8 and 10 are obvious over Hodges and Butt in view of Levergood.

• Prior Art Relied Upon: Hodges (Patent 6,035,423), Butt (Patent 6,728,964), and Levergood (Patent 5,708,780).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground addressed claims 8 and 10, which added limitations reciting a multi-server architecture (a "first web server" and a "second web server"). While Hodges disclosed a two-server system, Petitioner argued that Levergood provided clear teachings of a client being redirected from one server to another. Levergood disclosed a directory server (the "second server") providing a client with a target URL to connect to a separate merchant server (the "first server"). This architecture directly mapped onto the claimed multi-server connection process.
  • Motivation to Combine: A POSITA implementing Hodges's online antivirus update service would naturally look to common, established web architectures for managing network traffic and services. Levergood provided a finite, predictable, and efficient solution for directing clients between servers. A POSITA would combine Levergood's redirection architecture with the Hodges/Butt antivirus system to build a scalable and robust online update service.
  • Expectation of Success: Integrating a standard server redirection method with an online software delivery system was a routine design choice with a high expectation of success.

4. Key Claim Construction Positions

• "file to be executed": Petitioner proposed this term means "file about to be executed." This construction was argued to be consistent with the prosecution history, where the patentee distinguished prior art by claiming to target only files "at the present time." Petitioner contended this construction is broader than a potential litigation position tying the execution to the exact moment of the initial server connection.
• "by hooking up file I/O routines": Petitioner proposed this term means "by executing additional or alternate routine(s) upon a call to the operating system's file I/O routines." This construction was based on the well-understood meaning of "hooking" in the context of operating systems at the time, where a program intercepts system calls to add or alter functionality, as detailed in the Butt reference.

5. Relief Requested

• Petitioner requested the institution of an inter partes review and the cancellation of claims 1, 3, 5, 8, 10, and 12 of the ’196 patent as unpatentable.