Proofpoint Inc v. Finjan Inc

1. Case Identification

• Case #: IPR2016-00970
• Patent #: 8,225,408
• Filed: April 29, 2016
• Petitioner(s): Proofpoint, Inc. and Armorize Technologies, Inc.
• Patent Owner(s): Finjan, Inc.
• Challenged Claims: 1, 3-7, 9, 12-16, and 18-21

2. Patent Overview

• Title: Multi-Lingual Computer-Based Method for Scanning Program Code
• Brief Description: The ’408 patent relates to a computer-based method for protecting against malicious programs by scanning an incoming stream of code. The method involves determining the code’s programming language, dynamically building a language-specific "parse tree" data structure as the code is received, and analyzing the parse tree against rules to detect potential exploits.

3. Grounds for Unpatentability

Ground 1: Obviousness over Chandnani in view of Kolawa - Claims 1, 3-5, 9, 12-16, 18-19 are obvious over Chandnani in view of Kolawa.

• Prior Art Relied Upon: Chandnani (Patent 7,636,945) and Kolawa (Patent 5,860,011).
• Core Argument for this Ground: Petitioner argued that Chandnani taught a multi-lingual scanner for detecting polymorphic viruses by converting a data stream into tokens and analyzing them with language-specific rules, but did not explicitly use a parse tree. Kolawa, from the analogous art of code quality analysis, supplied the missing element by teaching the conventional use of a parse tree to store and analyze tokens for rule-based pattern matching.
  • Prior Art Mapping: Petitioner asserted that Chandnani disclosed all elements of independent claims 1 and 9 except for building a parse tree. Chandnani’s system received a data stream, determined its language, instantiated a scanner with parser rules (“language definition rules”) and analyzer rules (“viral code detection data”), and identified tokens to find exploits. Kolawa was argued to explicitly teach using a conventional lexical analyzer/parser to group tokens into a parse tree for hierarchical analysis based on a set of rules. The combination of Chandnani's scanner with Kolawa's parse tree methodology was alleged to render the independent claims obvious.
  • Motivation to Combine: A Person of Ordinary Skill in the Art (POSITA) would combine Kolawa's parse-tree teachings with Chandnani's scanner because both references addressed rule-based code analysis to find problematic code. Petitioner argued that using a parse tree was a well-known technique to improve code analysis by making it easier to manipulate code and detect complex structural patterns—an important requirement for robust malware detection. The combination was presented as applying a known technique (Kolawa's parse tree) to a similar method (Chandnani's scanner) to yield predictable results.
  • Expectation of Success: A POSITA would have a reasonable expectation of success because implementing a parse tree, a standard data structure for storing tokens, into a token-based scanner was a common and straightforward practice in the art.

Ground 2: Obviousness over Chandnani, Kolawa, and Walls - Claims 1, 3-5, 9, 12-16, 18-19 are obvious over Chandnani in view of Kolawa and Walls.

• Prior Art Relied Upon: Chandnani (Patent 7,636,945), Kolawa (Patent 5,860,011), and Walls (Patent 7,284,274).

• Core Argument for this Ground: This ground was presented as an alternative to Ground 1, specifically to address the "dynamically building" and "dynamically detecting" limitations. Petitioner argued that if the combination of Chandnani and Kolawa was found insufficient to teach these dynamic analysis elements, the addition of Walls would cure the deficiency.

  • Prior Art Mapping: Building on the Chandnani/Kolawa combination, Walls was introduced to explicitly teach a "pipelined approach" for analyzing code. In Walls, distinct components operate in parallel, allowing a parse tree to be built and fed to a downstream analysis stage while upstream portions of the code stream are still being received. This pipelining was argued to directly teach building a parse tree and detecting exploits during a time period that overlaps with the receipt of the incoming code stream, thereby satisfying the "dynamic" limitations of the challenged claims.
  • Motivation to Combine: A POSITA would combine Walls’ pipelining method with the Chandnani/Kolawa scanner to achieve a known benefit: improved performance and throughput. Walls explicitly described the advantage of its pipeline as allowing multiple components to be analyzed simultaneously. Petitioner asserted this was a generic, widely applicable technique for improving data stream processing.
  • Expectation of Success: A POSITA would have a high expectation of success, as pipelining was a well-understood and common software engineering technique that did not present unique technical hurdles when applied to a code analysis system.

• Additional Grounds: Petitioner asserted further obviousness challenges (Grounds 2 and 4) adding Huang (Patent 6,968,539) to the primary combinations. Huang was used to explicitly teach scanning for specific languages recited in dependent claims 6-7 and 20-21, such as HTML and Uniform Resource Identifiers (URIs), arguing a POSITA would have found it obvious to include these well-known web languages in a multi-lingual scanner.

4. Key Claim Construction Positions

Petitioner argued for the following Broadest Reasonable Interpretations (BRIs) as being critical to its unpatentability arguments:

• "parse tree": a "tree data structure that represents program code."
• "dynamically building ... while said receiving receives the incoming stream": "building during a time period that overlaps with the time period during which the incoming stream is being received." This construction supports the argument that processing can begin before the entire code stream is resident on the computer.
• "dynamically detecting ... while said dynamically building builds the parse tree": "detecting during a time period that overlaps with the time period during which the parse tree is being built." This construction supports the contention that analysis and tree-building can be interleaved or pipelined.

5. Relief Requested

• Petitioner requested institution of an inter partes review (IPR) and cancellation of claims 1, 3-7, 9, 12-16, and 18-21 of the ’408 patent as unpatentable under 35 U.S.C. §103.