PTAB
IPR2016-00480
Blue Coat Systems Inc v. Finjan Inc
Key Events
Petition
Table of Contents
petition Intelligence
1. Case Identification
- Case #: IPR2016-00480
- Patent #: 7,647,633
- Filed: January 20, 2016
- Petitioner(s): Blue Coat Systems, Inc.
- Patent Owner(s): Finjan, Inc.
- Challenged Claims: 1-4, 6-8, 13, 14, 19, 28, and 34
2. Patent Overview
- Title: System and Method for Protecting a Computer from Malicious Downloadables
- Brief Description: The ’633 patent discloses systems and methods for protecting computers from malicious downloadable information, such as Java applets. The technology involves receiving downloadable information, determining if it contains executable code, and if so, transmitting a "mobile protection code" (MPC) to the information's destination to monitor and control the code's execution, sometimes within a "sandboxed package."
3. Grounds for Unpatentability
Ground 1: Obviousness over Shin - Claims 1-4, 6-8, 13, 14, and 19 are obvious over Shin
- Prior Art Relied Upon: Shin (a 1998 article titled "Java Bytecode Modification and Applet Security").
- Core Argument for this Ground:
- Prior Art Mapping: Petitioner argued that Shin, a single reference, discloses all elements of the challenged claims. Shin describes an HTTP proxy server that receives downloadable information (Java applets) from a web server. The proxy server determines whether the information includes executable code by scanning for
<applet>tags or magic byte sequences specific to Java class files. Upon a positive determination, the server inserts "safeguarding code" into the applet's bytecode before transmitting the modified applet to the client computer. Petitioner contended this "safeguarding code," which monitors and restricts the applet's behavior at runtime, is the claimed "mobile protection code." This mapping was applied to independent claims 1 (method), 8 (system), 13 (means-plus-function), and 14 (computer program product), as well as their respective dependent claims. For example, Shin’s proxy server was argued to be the claimed "information re-communicator" and "network server" (claims 2, 3, 19). - Motivation to Combine (for §103 grounds): As a single-reference ground, this did not require a motivation to combine separate references. The argument was that Shin itself taught the complete claimed invention.
- Expectation of Success (for §103 grounds): Not applicable for a single-reference ground. Petitioner argued that implementing Shin's teachings was straightforward for a person of ordinary skill in the art (POSITA) at the time.
- Prior Art Mapping: Petitioner argued that Shin, a single reference, discloses all elements of the challenged claims. Shin describes an HTTP proxy server that receives downloadable information (Java applets) from a web server. The proxy server determines whether the information includes executable code by scanning for
Ground 2: Anticipation by Poison Java - Claim 28 is anticipated by Poison Java
- Prior Art Relied Upon: Poison Java (an August 1999 article in IEEE Spectrum).
- Core Argument for this Ground:
- Prior Art Mapping: Petitioner asserted that the "AppletTrap" system described in Poison Java meets every limitation of claim 28. Poison Java discloses a proxy server that, upon identifying a potentially malicious applet ("Downloadable"), wraps it with "monitoring code" ("MPC") and attaches a security policy. This combination forms a "sandboxed package" that is then transmitted to and received by the client computer (the "Downloadable-destination"). At the client, the monitoring code intercepts operations attempted by the applet, extracts information about the attempted action, and compares it with the attached security policy to ascertain its permissibility. Petitioner argued this directly maps to claim 28's limitations of receiving a sandboxed package containing an MPC, a Downloadable, and policies; causing the MPC to receive attempted operations; and initiating a protection policy corresponding to the attempted operation.
Ground 3: Obviousness over Poison Java in view of Shin - Claim 1 is obvious over Poison Java and Shin
Prior Art Relied Upon: Poison Java (a 1999 article) and Shin (a 1998 article).
Core Argument for this Ground:
- Prior Art Mapping: Petitioner argued that Poison Java's AppletTrap system discloses most elements of claim 1, including receiving downloadable information at a proxy server and wrapping it with monitoring code (MPC) before transmission to a client. However, Poison Java does not explicitly detail the method for determining whether the downloadable information contains executable code. Shin was argued to supply this missing element by teaching specific, well-known techniques for identifying Java applets at a firewall or proxy server, such as scanning for
<applet>tags, file names ending in.class, or magic byte sequences. - Motivation to Combine (for §103 grounds): A POSITA would combine Shin's applet filtering techniques with Poison Java's system for a simple reason: the AppletTrap system needed an effective way to distinguish applets from other types of downloadable information to function as described (i.e., to "weed[] out unwanted applets"). Shin provided a known, predictable solution to this exact problem.
- Expectation of Success (for §103 grounds): A POSITA would have had a high expectation of success because both references operate in the same technical context (proxy-based security for mobile code). Implementing Shin's described filtering methods into the front-end of the AppletTrap system was presented as a straightforward application of known techniques to achieve a predictable result.
- Prior Art Mapping: Petitioner argued that Poison Java's AppletTrap system discloses most elements of claim 1, including receiving downloadable information at a proxy server and wrapping it with monitoring code (MPC) before transmission to a client. However, Poison Java does not explicitly detail the method for determining whether the downloadable information contains executable code. Shin was argued to supply this missing element by teaching specific, well-known techniques for identifying Java applets at a firewall or proxy server, such as scanning for
Additional Grounds: Petitioner asserted an additional obviousness challenge against claims 14, 19, and 34 over Poison Java in view of Brown (a 1996 guide to the Netscape Navigator 3 browser), arguing Brown supplied teachings on running Java applets in a web browser (a "mobile code executor").
4. Key Claim Construction Positions
- "mobile protection code" ("MPC"): Petitioner argued for a construction of "code that, at runtime, monitors or intercepts actually or potentially malicious code." This construction was central to the invalidity arguments, as it allowed the "monitoring code" from Poison Java and the "safeguarding code" from Shin to be equated with the claimed MPC. The "at runtime" limitation was asserted to be consistent with the patent's specification.
- "information re-communicator": Petitioner proposed this term be construed as "server." This construction supported mapping the HTTP proxy servers described in both Shin and Poison Java to this claim element.
5. Relief Requested
- Petitioner requested institution of an inter partes review and cancellation of claims 1-4, 6-8, 13, 14, 19, 28, and 34 of the ’633 patent as unpatentable.
Analysis metadata