Blue Coat Systems LLC v. Finjan Inc

1. Case Identification

• Case #: IPR2017-00995
• Patent #: 9,189,621
• Filed: March 1, 2017
• Petitioner(s): Blue Coat Systems LLC
• Patent Owner(s): Finjan, Inc.
• Challenged Claims: 1, 6-10

2. Patent Overview

• Title: Malicious Mobile Code Runtime Monitoring System and Methods
• Brief Description: The ’621 patent describes systems for protecting computers from malicious operations initiated by a downloaded executable application program (a "downloadable"). The system monitors and interrupts operating system calls from the downloadable, compares information about the downloadable against a security policy, and performs a responsive action based on the comparison.

3. Grounds for Unpatentability

Ground 1: Obviousness over Jaeger - Claims 1 and 10 are obvious over Jaeger.

• Prior Art Relied Upon: Jaeger ("Building Systems that Flexibly Control Downloadable Executable Content," a July 1996 publication).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Jaeger, which discloses an architecture for flexibly controlling downloaded executable content, teaches all limitations of independent claims 1 and 10. Jaeger’s system uses "interpreters" that function as the claimed "plurality of operating system probes" to monitor access to system resources like the file system and network services. Jaeger’s "authorize" operation functions as the claimed "interrupter" and "comparator" by checking content access rights against a security policy (access control rules) prior to executing an operation. Finally, Jaeger’s system performs a responsive action, such as executing the request if authorized or blocking it if not, which constitutes the claimed "response engine."
  • Motivation to Combine (for §103 grounds): As this ground is based on a single reference, Petitioner contended that Jaeger itself provides a complete system, and it would have been obvious for a person of ordinary skill in the art (POSITA) to implement Jaeger's described architecture using standard processors and memory, thereby arriving at the claimed invention.
  • Expectation of Success (for §103 grounds): A POSITA would have had a reasonable expectation of success in implementing Jaeger's system, as its components were based on known access control models and computer science principles common in 1996.

Ground 2: Obviousness over Jaeger and TBAV - Claim 6 is obvious over Jaeger in view of TBAV.

• Prior Art Relied Upon: Jaeger (a 1996 publication) and TBAV (the 1995 user manual for the ThunderBYTE antivirus scanner).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground incorporates the arguments for Ground 1, asserting that Jaeger teaches all limitations of base claim 1. Dependent claim 6 adds the limitation that the responsive action includes "storing results of the comparison in an event log." Petitioner argued that while Jaeger suggests logging process actions, TBAV explicitly teaches this feature. TBAV, a popular mid-1990s antivirus program, described a "TbLog" utility designed to create log files in response to security alerts, recording the time, machine name, and a message about the event.
  • Motivation to Combine (for §103 grounds): A POSITA would combine Jaeger's security architecture with TBAV's logging functionality to improve system monitoring and administration. Storing the results of Jaeger's security comparisons in an event log, as taught by TBAV, would be a logical and desirable enhancement for tracking suspicious downloadable behavior and diagnosing security breaches, a well-known practice in the field of computer security.
  • Expectation of Success (for §103 grounds): A POSITA would have a high expectation of success, as recording security events in a log file was a routine and well-established practice for antivirus and security software at the time.

Ground 3: Obviousness over Jaeger and Arnold - Claims 7-9 are obvious over Jaeger in view of Arnold.

• Prior Art Relied Upon: Jaeger (a 1996 publication) and Arnold (Patent 5,440,723).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground also builds on the assertion that Jaeger teaches all limitations of claim 1. It addresses dependent claims 7, 8, and 9, which specify different responsive actions. Arnold, which discloses a system for detecting anomalous computer behavior like viruses, was cited for teaching these conventional response actions.
    • Claim 7 (informing the user): Arnold taught that commercial virus scanners were successful in "alerting users to the presence of viruses" and that a "distress signal is appropriate to alert the user" of a dangerous situation.
    • Claim 8 (storing info in a database): Arnold taught extracting an identifying "signature" from detected malicious code and adding it to a "signature database" to help the scanner prevent subsequent infections.
    • Claim 9 (discarding the downloadable): Arnold taught performing a "cleanup" process that involved "killing active worm processes" and "deleting worm executables and auxiliary files from storage media."
  • Motivation to Combine (for §103 grounds): A POSITA would have been motivated to add the responsive actions taught by Arnold to Jaeger’s system to create a more robust and complete security product. When Jaeger's system detected a policy violation, it would have been an obvious and desirable improvement to implement standard malware responses: alerting the user (claim 7), cataloging the threat for future detection (claim 8), and removing the threat from the system (claim 9).
  • Expectation of Success (for §103 grounds): A POSITA would have expected success in implementing these combinations, as user alerts, signature databases, and file deletion were all standard, routine features in security software of the era.

4. Key Claim Construction Positions

• Petitioner argued that because the ’621 patent had expired, its claims should be given their ordinary and accustomed meaning as understood by a POSITA.
• "downloadable": Petitioner proposed that this term should be construed as "an executable application program, which is downloaded from a source computer and run on a destination computer." This construction was based on the definition provided in a related patent from which the ’621 patent claims priority.

5. Relief Requested

• Petitioner requested institution of an inter partes review and cancellation of claims 1 and 6-10 of the ’621 patent as unpatentable.