Symantec Corporation v. Finjan, Inc.

1. Case Identification

• Case #: IPR2016-00919
• Patent #: 8,141,154
• Filed: April 19, 2016
• Petitioner(s): Symantec Corp.
• Patent Owner(s): Finjan, Inc.
• Challenged Claims: 1-8, 10, and 11

2. Patent Overview

• Title: System and Method for Inspecting Dynamically Generated Executable Code
• Brief Description: The ’154 patent is directed to computer security systems that protect against malicious code. The invention involves intercepting downloadable content, inspecting input variables for function calls to identify potentially malicious behavior, and distributing this run-time security analysis to a remote computer to make it less accessible for reverse engineering by hackers.

3. Grounds for Unpatentability

Ground 1: Claims 1-5 are obvious over Khazan in view of Sirer

• Prior Art Relied Upon: Khazan (Application # 2005/0108562) and Sirer (“Design and Implementation of a Distributed Virtual Machine for Networked Computers” (Dec. 5, 1999)).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner asserted that Khazan teaches a system for detecting malicious code by using static and dynamic analysis, including instrumenting executable content with "wrapper" functions (the claimed "first function") that perform security checks before invoking an original "target" function (the claimed "second function"). Petitioner argued Khazan discloses nearly all elements of claims 1-5 but primarily describes performing this analysis on the local client computer. Sirer was argued to supply the missing element by explicitly teaching the distribution of these same security functions (static analysis, instrumentation, and dynamic analysis) from a client computer to a remote, centralized, and more powerful network server (the claimed "security computer").
  • Motivation to Combine: A Person of Ordinary Skill in the Art (POSA) would combine Khazan's security analysis method with Sirer's distributed architecture to achieve the known benefits described in Sirer. These benefits included offloading intensive processing from the client to a more powerful server, centralizing security policy administration for consistency, and enhancing security through the physical isolation of the analysis components.
  • Expectation of Success: Petitioner argued that a POSA would have a reasonable expectation of success because both references describe modular software components for security analysis. Substituting Khazan's local analysis module with Sirer's well-understood remote analysis architecture was presented as a predictable design choice involving known methods to achieve a predictable result.

Ground 2: Claims 6-8, 10, and 11 are obvious over Khazan in view of Sirer and further in view of Ben-Natan

• Prior Art Relied Upon: Khazan (Application # 2005/0108562), Sirer (“Design and Implementation of a Distributed Virtual Machine for Networked Computers” (Dec. 5, 1999)), and Ben-Natan (Patent 7,437,362).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground builds upon the combination of Khazan and Sirer from Ground 1 to establish the framework for remote security analysis. Petitioner asserted that Ben-Natan provides the specific limitation required by claims 6, 7, 10, and 11: calling the second function with a modified input variable if the original input is deemed unsafe. While Khazan teaches halting execution or running in a safe mode, Ben-Natan was argued to disclose a system that intercepts a function call (e.g., a database query), checks it against a security policy, and, if a violation is found, modifies the input parameters to be compliant before allowing execution to proceed.
  • Motivation to Combine: A POSA, having designed the distributed security system taught by Khazan and Sirer, would be motivated to incorporate Ben-Natan's teachings to provide a more robust response to unsafe inputs. Instead of simply blocking a function, which could disrupt the user experience, modifying the input to allow safe (even if diminished) execution is a known and desirable alternative. The petition presented this as an obvious combination of known techniques to improve the overall system.
  • Expectation of Success: Petitioner contended that success would be predictable. The system of Khazan/Sirer identifies an unsafe input, and Ben-Natan provides a known method for handling such an input. Integrating Ben-Natan’s modification technique into the established remote analysis framework was argued to be a straightforward implementation for a POSA, with the predictable outcome of allowing an application to proceed safely.

4. Key Claim Construction Positions

• "first function" / "second function": Petitioner argued that based on the patent’s specification, a POSA would understand the "first function" to be the "substitute function" (i.e., the wrapper function that performs security checks) and the "second function" to be the "original function" (i.e., the target function being wrapped and analyzed). This construction was central to mapping the prior art's disclosure of wrapper functions to the claims.
• "transmitter" / "receiver": Petitioner proposed that these terms should be given their ordinary meaning as a "circuit or electronic device designed to send/accept electrically encoded data to/from another location." This broad construction, supported by a standard computer dictionary, allows these elements to be met by common hardware like network interface cards, which Petitioner argued were disclosed in the prior art for communicating between the client and the remote security server.

5. Arguments Regarding Discretionary Denial

• Petitioner concurrently filed a Motion for Joinder to IPR2015-01979, which was previously instituted against the same patent using the same prior art. The petition acknowledged it was filed more than one year after Symantec was served with a complaint alleging infringement of the ’154 patent. However, Petitioner argued that the one-year time bar under 35 U.S.C. §315(b) does not apply to a request for joinder, which is governed by §315(c), and therefore the petition should not be discretionarily denied on that basis.

6. Relief Requested

• Petitioner requested that the Board grant its Motion for Joinder, institute an inter partes review, and cancel claims 1-8, 10, and 11 of the ’154 patent as unpatentable.