Proofpoint Inc v. Finjan Inc

1. Case Identification

• Case #: IPR2016-00967
• Patent #: 8,225,408
• Filed: April 29, 2016
• Petitioner(s): Proofpoint, Inc. and Armorize Technologies, Inc.
• Patent Owner(s): Finjan, Inc.
• Challenged Claims: 1, 9, 22, 23, 29, and 35

2. Patent Overview

• Title: Multi-Lingual Computer Processor-Based Method for Scanning Program Code
• Brief Description: The ’408 patent describes a method and system for protecting computers against malicious software by scanning an incoming stream of code. The system uses programming language-specific rules to identify tokens, dynamically build a "parse tree" data structure, and detect patterns within the tree that indicate potential exploits.

3. Grounds for Unpatentability

Ground 1: Claims 1, 9, 22, 23, 29, and 35 are obvious over Chandnani in view of Kolawa

• Prior Art Relied Upon: Chandnani (Patent 7,636,945) and Kolawa (Patent 5,860,011).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Chandnani taught all elements of the challenged claims except for the explicit use of a parse tree to store and analyze programming code. Chandnani disclosed a multi-lingual system for detecting polymorphic script viruses by receiving a data stream, using a lexical analyzer to generate tokens based on language-specific rules, and applying pattern-matching rules to detect exploits. Kolawa, which addressed the analogous field of source code quality analysis, explicitly taught using a conventional lexical analyzer to scan code, group instructions into tokens, and represent the resulting grammatical phrases in a parse tree for rule-based analysis. Petitioner contended that implementing Chandnani’s token analysis using Kolawa’s well-known parse tree structure rendered the claims obvious.
  • Motivation to Combine: A Person of Ordinary Skill in the Art (POSA) would combine Chandnani and Kolawa because Chandnani’s system required an organizational method for storing and analyzing tokens, and parse trees were a well-known, conventional, and highly effective solution for this exact purpose, as taught by Kolawa. The fields of malware detection (Chandnani) and code quality analysis (Kolawa) were closely related, often employing similar static analysis techniques. Combining the two was merely applying a known technique (Kolawa’s parse tree) to a known system (Chandnani’s scanner) to yield predictable results.
  • Expectation of Success: A POSA would have a high expectation of success because using a parse tree to store and analyze tokens was a fundamental and common technique in the art. Kolawa described its lexical analyzer/parser that builds a parse tree as "conventional in the art," indicating that its integration into a token-based system like Chandnani's would be straightforward and predictable.

Ground 2: Claims 1, 9, 22, 23, 29, and 35 are obvious over Chandnani in view of Kolawa and Walls

• Prior Art Relied Upon: Chandnani (Patent 7,636,945), Kolawa (Patent 5,860,011), and Walls (Patent 7,284,274).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground was presented as an alternative to Ground 1, specifically addressing the "dynamically building" and "dynamically detecting" limitations common to all challenged claims. Petitioner asserted that the combination of Chandnani and Kolawa already taught these limitations. However, if the Board found otherwise, the addition of Walls would explicitly teach them. Walls disclosed a "pipelined approach" for analyzing code vulnerabilities where distinct components operate in parallel. This approach involved building a parse tree to feed a first pipeline stage while upstream portions of the code stream had not yet been received, thus explicitly teaching building a parse tree while simultaneously receiving the incoming stream.
  • Motivation to Combine: A POSA would be motivated to incorporate the teachings of Walls into the Chandnani/Kolawa system to gain the known benefits of a pipelined architecture. Walls explicitly described the advantage of its approach as allowing "multiple components [to] be analyzed simultaneously," increasing throughput and efficiency. Applying this generic and widely applicable pipelining technique to the security scanning system of Chandnani and Kolawa would have been a common-sense design choice to improve performance.
  • Expectation of Success: Success was highly expected because pipelining was a generic, widely applicable technique that presented no significant technical hurdles. Combining Walls’ parallel processing method with the malware detection system of Chandnani and the parse-tree structure of Kolawa was a predictable combination of known prior art elements to achieve a known benefit (improved performance).

4. Key Claim Construction Positions

• "Dynamically building ... while said receiving receives the incoming stream": Petitioner proposed this term means "building during a time period that overlaps with the time period during which the incoming stream is being received." This construction was based on the specification's disclosure of interleaved steps and the patentee's prosecution history statements that the invention analyzes scripts "on-the-fly" before the entire script is resident on the computer.
• "Dynamically detecting ... while said dynamically building builds the parse tree": Petitioner proposed this term means "detecting during a time period that overlaps with the time period during which the parse tree is being built." This construction was argued to be consistent with the specification, which shows the analyzer being called to check for exploits (detecting) before the next node of the parse tree is created (building).

5. Relief Requested

• Petitioner requests the institution of an inter partes review and the cancellation of claims 1, 9, 22, 23, 29, and 35 of the ’408 patent as unpatentable.