PTAB

IPR2016-01174

Blue Coat Systems Inc v. Finjan Inc

Log In
Key Events
Petition
petition Intelligence

1. Case Identification

2. Patent Overview

  • Title: System and Method for Caching and Distributing Security Information
  • Brief Description: The ’494 patent relates to a computer security method and system for protecting computers from malicious programs. The invention involves receiving an incoming "Downloadable" (e.g., a program from the Internet), deriving "Downloadable security profile data" (DSP) that includes a list of suspicious operations the program might perform, and storing this profile data in a database.

3. Grounds for Unpatentability

Ground 1: Obviousness over Swimmer - Claims 1-2, 6, 10-11, and 15 are obvious over Swimmer under 35 U.S.C. §103.

  • Prior Art Relied Upon: Swimmer (Morton Swimmer et al., “Dynamic Detection and Classification of Computer Viruses Using General Behaviour Patterns,” a Sept. 1995 conference paper).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Swimmer discloses a computer security system called VIDES (Virus Intrusion Detection Expert System) that performs the same functions claimed in the ’494 patent. Swimmer teaches using its system as a "firewall for programs entering a protected network," which satisfies the limitation of "receiving an incoming Downloadable." Swimmer’s system then uses an emulator to monitor the program’s execution and generate a stream of "activity data," which includes system calls and functions the program attempts to invoke. Petitioner contended this "activity data" is equivalent to the claimed "security profile data," as it identifies suspicious operations. Finally, Swimmer teaches storing this activity data as structured "audit records" with defined attributes (e.g., StartTime, EndTime, function number), which Petitioner asserted meets the "storing...in a database" limitation. The arguments for system claims 10, 11, and 15 parallel those for method claims 1, 2, and 6, respectively.
    • Motivation to Combine: As this ground relies on a single reference, the argument was not one of combination but of direct obviousness. Petitioner asserted that all claimed elements were present in Swimmer, or that it would have been obvious to a person of ordinary skill in the art (POSA) to use Swimmer's disclosed system in the claimed manner. For example, applying Swimmer's analysis system at a firewall to inspect incoming programs was an explicitly stated possibility in the reference itself.
    • Expectation of Success: A POSA would have had a high expectation of success because Swimmer describes a functioning prototype system (VIDES) designed for the exact purpose of analyzing program behavior to detect viruses.

Ground 2: Obviousness over Swimmer and Martin - Claims 3-5 and 12-14 are obvious over Swimmer in view of Martin.

  • Prior Art Relied Upon: Swimmer (a Sept. 1995 conference paper) and Martin (David M. Martin, Jr. et al., “Blocking Java Applets at the Firewall,” a Feb. 1997 conference paper).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground addresses dependent claims that specify the "Downloadable" includes an "applet" (claims 3, 12), an "active control" (claims 4, 13), or a "program script" (claims 5, 14). While Swimmer teaches the general analysis of executable programs, it does not explicitly name these specific mobile-code formats. Petitioner argued that Martin remedies this by expressly discussing the security risks posed by and the importance of blocking Java applets, ActiveX controls, and JavaScript programs at a firewall.
    • Motivation to Combine: A POSA implementing the security firewall described in Swimmer would be motivated to incorporate the teachings of Martin. Martin taught that these specific types of mobile code had become increasingly popular and were a major security concern. Therefore, to create an effective and commercially relevant security system, a POSA would logically apply Swimmer's behavioral analysis techniques to the specific, well-known threats identified in Martin.
    • Expectation of Success: A POSA would have a reasonable expectation of success in applying Swimmer’s analysis techniques to the mobile code types discussed in Martin. The combination represented the application of a known auditing technique to different but analogous types of executable code, which is a predictable modification.

4. Key Claim Construction Positions

  • "Downloadable security profile data": Petitioner proposed this term should be construed as "information related to whether executing a downloadable is a security risk." This broad construction was argued to be critical for mapping the "activity data" generated by Swimmer’s VIDES system—which includes lists of functions, system calls, and other behavioral information—onto the claims.
  • "Database": Petitioner proposed construing this term as "a collection of interrelated data organized according to a database schema to serve one or more applications." This construction was important to Petitioner’s argument that the structured "audit records" disclosed in Swimmer, which were organized with specific fields and used by an expert system for analysis, qualified as the claimed "database" and not merely an unstructured log file.

5. Arguments Regarding Discretionary Denial

  • The petition was filed concurrently with a motion for joinder to an already-instituted IPR, IPR2016-00159 ("the PAN IPR"), which challenged the same patent on substantially similar grounds. Petitioner’s implicit argument for institution was that joining an existing proceeding would promote efficiency and avoid inconsistent outcomes, weighing against any discretionary denial under §314(a).

6. Relief Requested

  • Petitioner requests institution of an inter partes review and cancellation of claims 1-6 and 10-15 of the ’494 patent as unpatentable.