ESET, LLC v. Finjan, Inc.

1. Case Identification

• Case #: IPR2017-01738
• Patent #: 7,975,305
• Filed: July 4, 2017
• Petitioner(s): ESET, LLC and ESET spol s.r.o
• Patent Owner(s): FINJAN, Inc.
• Challenged Claims: 1-25

2. Patent Overview

• Title: Method and System for Adaptive Rule-Based Content Scanners for Desktop Computers
• Brief Description: The ’305 patent discloses anti-virus software that analyzes executable program code downloaded from the internet. The system uses a rule-based lexical analysis, which considers grammar and punctuation, to detect malicious behavior, distinguishing it from traditional scanners that rely on simple byte-sequence "virus signatures."

3. Grounds for Unpatentability

Ground 1: Anticipation over Chandnani - Claims 1-25 are anticipated by Chandnani under 35 U.S.C. §102(e).

• Prior Art Relied Upon: Chandnani (Patent 7,636,945).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Chandnani discloses every limitation of the challenged claims. Chandnani teaches a system for detecting polymorphic script language viruses using "data driven lexical analysis." This system includes "language definition rules" (corresponding to the claimed "parser rules") and "viral code detection data" (corresponding to "analyzer rules") stored in databases ("Script Language Rule Base" and "Code Detection Database"). Petitioner asserted that Chandnani's method of tokenizing a data stream and analyzing "language constructs"—including identifiers, delimiters, and keywords—directly teaches the ’305 patent's core limitation of using rules that describe exploits as patterns of specific token types (punctuation, identifier, and function). Chandnani also discloses a rule update manager through a "learning component" that fortifies the rule base, anticipating the claimed update functionality.
  • Key Aspects: Petitioner contended that Chandnani's system for lexical analysis of script viruses, which breaks down code into constituent constructs for pattern matching, is functionally identical to the adaptive rule-based scanning system described in the ’305 patent.

Ground 2: Obviousness over Freund in view of Chandnani - Claims 1-25 are obvious over Freund in view of Chandnani under 35 U.S.C. §103.

• Prior Art Relied Upon: Freund (Patent 5,987,611) and Chandnani (Patent 7,636,945).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued Freund teaches a base system for regulating internet access by filtering and scanning incoming content. Freund's system uses a "content driver" to parse content (e.g., HTML files) and checks it against a "rules database" or "knowledgebase" to identify malicious "syntax elements" like Java applets or VBScript. Freund discloses all major components of the claimed system, including a network interface, a rule-based content scanner, a rules database, a network traffic probe (the "Client Monitor" that intercepts and diverts content), and a rule update manager. Petitioner asserted that the specific limitation added during prosecution to secure the ’305 patent—that parser and analyzer rules describe exploits as patterns of tokens comprising a "punctuation type, an identifier type and a function type"—is taught by Chandnani.
  • Motivation to Combine: A Person of Ordinary Skill in the Art (POSITA) seeking to improve the malicious code detection of Freund's system would have been motivated to incorporate the more sophisticated lexical analysis techniques of Chandnani. Because Freund already taught parsing content to detect malicious syntax elements, it would have been a predictable and obvious improvement to refine this parsing to explicitly identify specific token types (punctuation, identifiers, functions) as taught by Chandnani to enhance detection accuracy. The combination was presented as the application of a known technique (Chandnani's detailed lexical analysis) to a similar system (Freund's security scanner) to achieve a predictable result.
  • Expectation of Success: A POSITA would have had a high expectation of success in combining the references. Both Freund and Chandnani operate in the same field of network security by parsing incoming data streams. Integrating Chandnani's token-based rules into Freund's rule-based scanning framework was argued to be a straightforward implementation for anyone skilled in the art of compiler design and network security.

4. Key Claim Construction Positions

• "function type" token: This term was central to the petition, as the addition of "types of tokens comprising a punctuation type, an identifier type and a function type" was the basis for overcoming a rejection during prosecution. Petitioner argued that the ’305 patent specification does not explicitly define "function type" but implies it is a subset of an "IDENT token" (an identifier for a variable or function name). Alternatively, it could correspond to a "keyword type" token. Petitioner asserted that regardless of the construction, Chandnani teaches both interpretations: it discloses parsing identity tokens that function as function names and parsing keyword tokens. This construction was critical to arguing that both prior art references disclosed this allegedly novel feature.
• "parser rules" / "analyzer rules": Petitioner proposed that "parser rules" are rules that identify patterns of tokens, and "analyzer rules" provide a generic syntax pattern of tokens indicating a potential exploit. This construction aligned the patent's terminology with the functional descriptions in the prior art, where Chandnani's "language definition rules" and "viral code detection data" and Freund's "rules knowledgebase" were argued to perform these exact functions.

5. Relief Requested

• Petitioner requested institution of an inter partes review and cancellation of claims 1-25 of the ’305 patent as unpatentable.