McAfee Inc v. Cap Co Ltd

1. Case Identification

• Case #: IPR2016-00216
• Patent #: RE42,196
• Filed: November 18, 2015
• Petitioner(s): McAfee, Inc.
• Patent Owner(s): CAP Co., Ltd.
• Challenged Claims: 2, 7, 32-35

2. Patent Overview

• Title: System and method for blocking harmful information online, and computer readable medium therefor
• Brief Description: The ’196 patent describes a system for protecting a client computer by automatically downloading, installing, and executing an antivirus module from a web server. The module is designed to block harmful information, such as computer viruses, in real time by inspecting file input/output (I/O) operations for files to be executed.

3. Grounds for Unpatentability

Ground 1: Obviousness over Hodges and Butt - Claims 7 and 32-34 are obvious over Hodges in view of Butt.

• Prior Art Relied Upon: Hodges (Patent 6,035,423) and Butt (Patent 6,728,964).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that the combination of Hodges and Butt disclosed all limitations of the challenged claims. Hodges taught a system for automatically updating antivirus applications on a client computer by downloading updated programs and signature files from a central web server. Butt taught a method for real-time virus detection by using a dynamic linked library (DLL) to "hook" or intercept an operating system's file I/O routines, scan files for viruses before they are executed, and then either treat the file, deny access, or allow execution.
  • Motivation to Combine: A POSITA would combine these references because they were in the same field of endeavor and addressed the same problem: the need to block harmful information before it could damage a client computer. Hodges provided the mechanism for keeping antivirus software up-to-date automatically over a network, while Butt provided an effective real-time method for on-access scanning. Combining Hodges's automated delivery with Butt's real-time interception and scanning was a predictable solution to provide the most current protection against new viruses.
  • Expectation of Success: Petitioner contended that a POSITA would have had a reasonable expectation of success. The combination represented a transition from providing antivirus protection via physical media to providing it over networks, which was an obvious path for the industry. Both references described their methods in the context of the Windows operating system, suggesting their teachings were compatible and would yield predictable results.

Ground 2: Obviousness over Hodges, Butt, and Kephart - Claims 2 and 35 are obvious over Hodges and Butt in view of Kephart.

• Prior Art Relied Upon: Hodges (Patent 6,035,423), Butt (Patent 6,728,964), and Kephart ("Blueprint for a Computer Immune System," Oct. 1997).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground built upon the combination of Hodges and Butt by adding the teachings of Kephart to address the limitations of claims 2 and 35. These claims require transmitting a file to a web server if it is determined to be harmful and cannot be treated. Petitioner asserted that Kephart disclosed an "immune system" for computers that, upon detecting a potential new virus, would capture a sample, which could include the infected file, and transmit it to a central computer for analysis.
  • Motivation to Combine: A POSITA would combine Kephart's teachings with the Hodges/Butt system to solve another known problem identified in the ’196 patent: how to handle previously unknown and untreatable viruses. While Hodges and Butt provided methods for detecting and treating known viruses, Kephart supplied the missing mechanism for developing new treatments by sending untreatable samples to a central server. This combination would accelerate the development of cures for new threats, enhancing the overall goal of antivirus protection.
  • Expectation of Success: The combination involved adding a known solution (Kephart's analysis system) for a known problem (new viruses) to the antivirus framework disclosed by Hodges and Butt. Petitioner argued this was an obvious improvement that would yield the predictable result of a more robust and responsive antivirus system.

4. Key Claim Construction Positions

• “harmful information blocking code module”: Petitioner proposed this term be construed as "an executable program that blocks harmful information." This construction was argued to be necessary because the ’196 patent repeatedly describes the invention in the context of a "program" and requires the module to be "automatically running," a function only an executable program can perform. This construction was central to distinguishing the invention from prior art that might disclose the transfer of non-executable data files.
• “by hooking up file I/O routines”: Petitioner proposed this term be construed as "by executing additional or alternate routine(s) upon a call to the operating system's file I/O routines." This construction was based on the well-understood meaning of "hooking" in operating system programming. It was critical to Petitioner's obviousness argument, as it directly mapped to the interceptor function described in the Butt patent, which used file system hooks for real-time virus scanning.

5. Relief Requested

• Petitioner requests institution of an inter partes review (IPR) and cancellation of claims 2, 7, and 32-35 of Patent RE42,196 as unpatentable under 35 U.S.C. §103.