PTAB

IPR2018-00391

Cisco Systems Inc v. Finjan Inc

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Malicious Mobile Code Runtime Monitoring System and Method
  • Brief Description: The ’633 patent relates to a system for protecting network-connected devices from malicious downloadable code. The system uses a computer, such as a server, to intercept downloadable information, determine if it contains executable code, and if so, transmit "mobile protection code" with the executable to the destination for runtime monitoring and prevention of malicious operations.

3. Grounds for Unpatentability

Ground 1: Claims 1-4, 8, 11, 13, and 14 are obvious over Hanson in view of Hypponen.

  • Prior Art Relied Upon: Hanson (International Publication No. WO 98/31124) and Hypponen (Patent 6,577,920).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Hanson discloses the core architecture and method of the challenged claims. Hanson describes a "bastion server" that intercepts data packets, determines if they contain executable programs like JAVA applets or ActiveX programs, and if so, attaches a corresponding security program (e.g., "security.class," "security.ocx") to the packet before forwarding it to the destination client. This attached security program runs simultaneously with the executable at the destination to prevent malicious behavior. Petitioner asserted this maps directly to the ’633 patent’s method of receiving downloadable information, determining if it includes executable code, and transmitting mobile protection code based on that determination. To the extent Hanson does not explicitly detail the method for determining the presence of executable code beyond specific types like JAVA, Hypponen was argued to supply this teaching. Hypponen discloses conventional methods for virus protection, including identifying executable code by examining file name extensions (e.g., .exe, .com) or by scanning the file for embedded macros.
    • Motivation to Combine: A Person of Ordinary Skill in the Art (POSA) would combine Hypponen's well-known executable-detection techniques with Hanson's security architecture to create a more robust and flexible system. Hanson already teaches applying specific security programs based on the type of executable found and contemplates extending its protection to various data types. A POSA would have found it obvious to use Hypponen’s conventional methods (file extension or content scanning) to implement and expand upon Hanson’s determination step, thereby allowing the system to efficiently identify a wider range of executable files and apply tailored protection.
    • Expectation of Success: A POSA would have had a high expectation of success, as the combination merely applies routine and well-understood virus detection techniques to improve the functionality of an existing network security architecture.

Ground 2: Claim 12 is obvious over Hanson in view of Hypponen and further in view of Touboul 98.

  • Prior Art Relied Upon: Hanson (WO 98/31124), Hypponen (Patent 6,577,920), and Touboul 98 (International Publication No. WO 98/21683).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground builds on the combination of Hanson and Hypponen to address the specific limitations of claim 12, which recites that the content inspection engine comprises a "parser" and a "content analyzer." Petitioner argued that while the Hanson/Hypponen combination teaches a content inspection engine for identifying executable code, Touboul 98 explicitly discloses the claimed sub-components. Touboul 98, which is owned by the Patent Owner, describes a security system with a code scanner that uses "conventional parsing techniques" to decompose a downloadable's code and perform a "full-content inspection" to generate a security profile. This profile is then analyzed to determine if the downloadable is safe.
    • Motivation to Combine: A POSA would be motivated to integrate the specific parser and content analyzer taught by Touboul 98 into the Hanson/Hypponen system as a known and effective implementation of a content inspection engine. Parsing and subsequent content examination was an accepted, conventional method for determining the nature of data packets. This would allow the bastion server of Hanson to more efficiently and thoroughly determine what type of executable code is present in order to apply a tailored security measure, a clear design goal for a security-conscious POSA.
    • Expectation of Success: A POSA would have been confident of success given the widespread and long-standing use of parsing techniques for code analysis in computer security systems.

4. Key Claim Construction Positions

  • Petitioner argued that no special constructions were required except for the means-plus-function terms in claim 13, which are governed by 35 U.S.C. §112, ¶6.
    • "means for receiving downloadable-information": The recited function is "receiving downloadable-information." The corresponding structure disclosed in the ’633 patent is a server or firewall and their equivalents.
    • "means for determining whether the downloadable-information includes executable code": The recited function is "determining whether the downloadable-information includes executable code." The corresponding structure is a server programmed to perform file type detection or content detection, including a code detector with a file type and/or content detector, and equivalents.
    • "means for causing mobile protection code to be communicated...": The recited function is "causing mobile protection code to be communicated...if the downloadable-information is determined to include executable code." The corresponding structure is a protection engine programmed to package the mobile protection code with the downloadable for transfer, and equivalents.

5. Arguments Regarding Discretionary Denial

  • Petitioner argued that discretionary denial under 35 U.S.C. §§ 314 and 325 would be improper. Petitioner asserted that this was the first and only IPR petition filed by Cisco against the ’633 patent. Furthermore, the prior art and arguments presented—specifically those based on Hanson, Hypponen, and Touboul 98—were new and had not been previously considered by the USPTO during the initial prosecution, subsequent reexaminations, or in prior IPRs filed by other parties. Petitioner contended the new art was not cumulative to previously considered references and that its arguments regarding the "determining" limitation had not been previously addressed by the Office.

6. Relief Requested

  • Petitioner requests institution of an inter partes review and cancellation of claims 1-4, 8, and 11-14 of the ’633 patent as unpatentable.