Cisco Systems Inc v. Finjan Inc

1. Case Identification

• Case #: Unassigned
• Patent #: 6,154,844
• Filed: September 22, 2017
• Petitioner(s): Cisco Systems, Inc.
• Patent Owner(s): Finjan, Inc.
• Challenged Claims: 1, 4, 5, 7, 8, 11, 15, 16, 21, and 43

2. Patent Overview

• Title: System and Method for Attaching a Downloadable Security Profile to a Downloadable
• Brief Description: The ’844 patent discloses systems and methods for generating a "Downloadable Security Profile" (DSP) by inspecting a downloadable file for suspicious code, and then attaching this profile to the downloadable before it is distributed to an end-user for security screening.

3. Grounds for Unpatentability

Ground 1: Claims 1, 4, 5, 7, 8, 11, 15, 16, 21, and 43 are obvious over [Shear](https://ai-lab.exparte.com/case/ptab/IPR2017-02158/doc/1004) in view of [Spafford](https://ai-lab.exparte.com/case/ptab/IPR2017-02158/doc/1006) and [Kerchen](https://ai-lab.exparte.com/case/ptab/IPR2017-02158/doc/1019).

• Prior Art Relied Upon: Shear (Patent 6,157,721), Spafford (Web Security & Commerce, June 1997), and Kerchen (Static Analysis Virus Detection Tools for Unix Systems, 1990).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that the combination of these references teaches every element of the challenged claims. Shear was asserted to teach the core method of independent claim 1: a "verifying authority" (equivalent to the claimed "inspector") receives a "load module" (a "Downloadable"), analyzes it using "computer-based software testing techniques," generates a "specification" (the claimed "security profile") that describes the module's operations, and links this specification to the module before distribution. Spafford was argued to provide the broader context of web security, teaching that downloadable technologies like Java and ActiveX created "added dangers" and should be "looked at with suspicion." Spafford further identified specific operations like "read" and "write" that should be restricted, providing a rationale for including such operations in Shear's specification. Kerchen was cited to supply the specific, "conventional" static analysis techniques that Shear generally referred to, such as detecting duplicate system "trap instructions" (e.g., service calls for read/write) to identify suspicious code.
  • Motivation to Combine (for §103 grounds): Petitioner asserted that a person of ordinary skill in the art (POSA) would combine these references because they all address the same fundamental problem of protecting computer systems from malicious code in downloaded executables within a standard client/server architecture. A POSITA would naturally implement the general analysis framework of Shear using the specific, well-known static analysis tools described in Kerchen. Furthermore, a POSITA would be motivated to use the resulting security profile from Shear to enforce the user-level security policies described in Spafford, creating a comprehensive and flexible security solution.
  • Expectation of Success (for §103 grounds): A POSITA would have had a reasonable expectation of success in combining the references because the proposed combination merely applies well-known analysis techniques (Kerchen) and security policies (Spafford) to a known security framework (Shear) to achieve the predictable result of enhanced computer security.

4. Key Claim Construction Positions

• "Identifies Suspicious Code in the Received Downloadable": Petitioner argued against a narrow construction that would require the security profile to list only suspicious operations. Citing the transitional phrase "comprising," Petitioner contended that the limitation is met by generating a profile that lists operations known to be potentially suspicious (e.g., "read," "write"), even if they are not explicitly labeled as such. This interpretation is supported by the ’844 patent’s own specification, which lists these common operations as examples of suspicious code.
• "Means-Plus-Function Limitations" (Claim 43): Petitioner argued that claim 43 is a means-plus-function claim corresponding to the method of claim 1. Petitioner identified the corresponding structures in the ’844 patent's specification for the "means for receiving," "means for generating," and "means for linking" limitations. However, Petitioner contended that the specific construction was not material because the prior art disclosed general-purpose computers programmed to perform these functions, thereby satisfying the limitations under any reasonable construction.

5. Key Technical Contentions (Beyond Claim Construction)

• Reliance on "Conventional" Art: A central contention was that the ’844 patent fails to disclose any novel technical mechanism for generating the security profile, instead relying on incorporated references that describe the analysis techniques as "conventional." Petitioner argued that the patent's core concept—creating a specification of a program's behaviors to address the well-known "undecidable problem" of malware detection—was a common practice in the prior art. Therefore, the patent allegedly claims the routine application of old concepts without contributing any inventive technology.

6. Relief Requested

• Petitioner requests institution of an inter partes review (IPR) and cancellation of claims 1, 4, 5, 7, 8, 11, 15, 16, 21, and 43 of the ’844 patent as unpatentable.