PTAB

IPR2016-00211

McAfee Inc v. Cap Co Ltd

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Methods for Blocking Harmful Information Online
  • Brief Description: The ’249 patent discloses a system for protecting a client computer by automatically downloading, installing, and executing an antivirus module from a server. The module provides real-time protection by inspecting file input/output (I/O) or network packet I/O to block harmful information before it can cause damage.

3. Grounds for Unpatentability

Ground 1: Obviousness over Hodges and Butt - Claims 16-18, 20, 28-31, and 33 are obvious over Hodges in view of Butt.

  • Prior Art Relied Upon: Hodges (Patent 6,035,423) and Butt (Patent 6,728,964).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Hodges taught a client-server system for automatically transmitting updated antivirus software, which was then automatically executed on the client computer. Hodges disclosed that such software could perform "on-access scanning" of files. Petitioner contended that Butt taught a specific and improved method for implementing this on-access scanning by using a dynamic linked library (DLL) to "hook" file I/O routines (e.g., OpenFile()). This interception allowed a virus scan engine to analyze a file before it was executed. Butt further disclosed the subsequent steps of treating a harmful file (e.g., by cleaning it) or, if the file could not be treated, aborting its execution by denying access or removing the infected file.
    • Motivation to Combine: A person of ordinary skill in the art (POSITA) would combine Hodges's automated delivery mechanism with Butt's more detailed real-time file interception method to create a more robust and effective antivirus product. Butt provided a known and predictable way to implement the on-access scanning functionality that Hodges described at a higher level.
    • Expectation of Success: Petitioner asserted that because both references described systems intended for the Windows operating system and addressed complementary aspects of antivirus protection (delivery versus real-time detection), their combination would have been straightforward and yielded predictable results.

Ground 2: Obviousness over Hodges, Butt, and Kephart - Claims 19 and 32 are obvious over Hodges and Butt in view of Kephart.

  • Prior Art Relied Upon: Hodges (Patent 6,035,423), Butt (Patent 6,728,964), and Kephart ("Blueprint for a Computer Immune System," a 1997 conference paper).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground built upon the Hodges and Butt combination to address the limitation of transmitting an untreatable file to a server for analysis. While Hodges and Butt taught detecting and treating known viruses, Petitioner argued Kephart disclosed an "immune system" for computers that handled unknown and therefore untreatable viruses. Kephart taught that when a novel virus was heuristically identified, a sample (which could include the infected file) was sent to a central administrative computer for analysis to develop a cure.
    • Motivation to Combine: Kephart addressed a known shortcoming in the art: how to handle new threats for which no signature or treatment existed. A POSITA would be motivated to add Kephart's functionality to the base antivirus system of Hodges and Butt to create a more comprehensive solution capable of adapting to new malware.
    • Expectation of Success: Adding a feature to handle exceptional cases, such as untreatable files, was a logical and predictable enhancement to an antivirus architecture.

Ground 3: Obviousness over Hodges, Butt, and Freund - Claims 21-23 and 34-36 are obvious over Hodges and Butt in view of Freund.

  • Prior Art Relied Upon: Hodges (Patent 6,035,423), Butt (Patent 6,728,964), and Freund (Patent 5,987,611).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground added Freund to the base combination to address claim limitations requiring the inspection of network packet I/O. Petitioner argued the Hodges/Butt combination provided robust file-level protection, while Freund taught a client-side monitor that intercepted and inspected all TCP/IP network communications for harmful content or policy violations. Freund explicitly disclosed tracking and aborting internal processes, including those using socket I/O routines, that were associated with malicious network traffic.
    • Motivation to Combine: A POSITA would understand that comprehensive security requires protecting against all threat vectors, including those originating from the network. Combining Freund's network-level inspection with the file-level scanning of Hodges and Butt was a logical step to create a complete security product. Petitioner noted that Freund itself suggested combining its network monitoring with on-access file activity monitoring for virus checking.
    • Expectation of Success: Integrating network and file-level security modules was a well-understood design choice in the field that would predictably increase the scope of protection.

4. Key Claim Construction Positions

  • "harmful information blocking code module": Petitioner proposed this term means "an executable program that blocks harmful information." This construction was based on repeated descriptions in the ’249 patent’s specification referring to the invention as a "program" and on claim language requiring the module to "execute" or "run," actions that can only be performed by an executable program.
  • "automatically runs": Petitioner proposed this term means "runs without user installation, start-up, or other involvement." This construction was argued to be consistent with the patent's stated objective of overcoming the "labor-intensive" task of manual software installation, thereby providing a seamless and automated security process for the end-user.

5. Relief Requested

  • Petitioner requests institution of an inter partes review and cancellation of claims 16-23 and 28-36 as unpatentable.