90013017 (P.T.A.B. Dec. 30, 2015)

Ex Parte 7058822 et al

Patent Trial and Appeal BoardDec 30, 2015

90013017 (P.T.A.B. Dec. 30, 2015)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 90/013,017 10/07/2013 115222 7590 12/30/2015 Bey & Cotropia PLLC (Finjan Inc,) Dawn-Marie Bey 213 Bayly Court Richmond, VA 23229 FIRST NAMED INVENTOR 7058822 UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. FINREXM0006 6388 EXAMINER BASEHOAR, ADAM L ART UNIT PAPER NUMBER 3992 MAILDATE DELIVERY MODE 12/30/2015 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte FINJAN, INC. Appellant Appeal2015-006304 Reexamination Control 90/013,017 Patent 7 ,058,822 B2 Technology Center 3900 Before STEPHEN C. SIU, JEREMY J. CURCURI, and IRVINE. BRANCH, Administrative Patent Judges. Opinion for the board filed by Administrative Patent Judge CURCURI. Opinion dissenting-in-part filed by Administrative Patent Judge BRANCH. CURCURI, Administrative Patent Judge. DECISION ON APPEAL Patent 7,058,822 B2 (Edery et al.) is under reexamination. Appellant appeals under 35 U.S.C. Â§Â§ 134(b) and 306 from the Examiner's rejection of claims 1-8, 16-27, and 36-40. Final Act. 2. We have jurisdiction under 35 U.S.C. Â§Â§ 134(b) and 306, and we heard oral argument in the appeal on November 3, 2015. Claims 4---6, 8, 16-27, 37, and 40 are rejected under 35 U.S.C. Â§ 102(e) as anticipated by Ji (5,983,348; issued Nov. 9. 1999). Ans. 3-17. Appeal2015-006304 Reexamination Control 90/013,017 Patent 7 ,058,822 B2 Claim 7 is rejected under 35 U.S.C. Â§ 103(a) as obvious over Ji. Final Act. 9-10. Claims 1-3 are rejected under 35 U.S.C. Â§ 103(a) as obvious over Ji and Liu ( 6,058,482; issued May 2, 2000). Ans. 17-22. Claims 4--8, 16-27, 37, and 40 are rejected under 35 U.S.C. Â§ 103(a) as obvious over Ji and Liu. Ans. 22-27. Claims 4--8, 16-27, 37, and 40 are rejected under 35 U.S.C. Â§ 103(a) as obvious over Ji and Golan (5,974,549; issued Oct. 26, 1999). Ans. 27-33. Claims 36, 38, and 39 are rejected under 35 U.S.C. Â§ 305 as enlarging the scope of the claims. Final Act. 19-20. We affirm-in-part. STATEMENT OF THE CASE Appellant's invention relates to "protecting network-connectable devices from undesirable downloadable operation." Edery, col. 1, 11. 28-29. Claim 4 is illustrative: 4. A processor-based method, comprising: receiving downloadable-information; determining whether the downloadable-information includes executable code; and causing mobile protection code to be communicated to at least one information-destination of the downloadable- information, if the downloadable-information is determined to include executable code, wherein the causing mobile protection code to be communicated comprises forming a sandboxed package including the mobile protection code and the downloadable- 2 Appeal2015-006304 Reexamination Control 90/013,017 Patent 7 ,058,822 B2 information, and causing the sandboxed package to be communicated to the at least one information-destination. ANALYSIS THE ANTICIPATION REJECTION OF CLAIMS 4---6, 8, 16-27, 37, AND 40 BY JI The Examiner finds Ji discloses all limitations of claim 4. Ans. 3-5. The Examiner finds "[b ]y disclosing that applets are scanned while non- applets are not scanned, Ji at least implicitly discloses the step of determining whether the downloadable-information includes executable code." Ans. 3 (citing Ji, col. 3, 11. 23-25; col. 4, 1. 66-col. 5, 1. 4). The Examiner finds Ji's JAR file corresponds to the recited sandboxed package. Ans. 4--5 (citing Ji, col. 6, 11. 38--42; col. 7, 11. 13-28; col. 8, 11. 4--10). Appellant presents the following principal arguments: 1. Ji does not disclose the recited (claim 4) "determining whether the downloadable-information includes executable code" because "Ji then scans only downloaded applets to look for malicious applet instructions; not to determine ifthe downloaded applet contains executable code." App. Br. 16; see also App. Br. 17 ("[T]here are numerous ways that Ji can distinguish downloaded applets from non-applets without determining whether the downloadable-information includes executable code. For example, Ji could simply search for applet tags. A file with an applet tag is not a determination that the file contains executable code."). [O]ne of skill in the art would understand that an applet tag is not a determination that the file contains executable code because an applet tag does not mean executable code exists within the Downloadable, nor does the lack of an applet tag mean that executable code does not exist within the 3 Appeal2015-006304 Reexamination Control 90/013,017 Patent 7 ,058,822 B2 Downloadable. Furthermore, Ji only operates on applets and does not scan non-applets. Declaration of Dr. Nenad Medvidovic i-f 22; see also id. at i-fi-123-24. 11. Ji's JAR file containing the instrumented applet and monitoring package does not disclose the recited (claim 4) "sandboxed package." See App. Br. 19-20; Declaration of Dr. Nenad Medvidovic i-f 27. In response, the Examiner further explains It is not relevant to patentability whether Ji "passively assumes" or skeptically analyzes; the claim broadly requires determining. Since Ji' s system takes a first action for downloadable- information including executable code (i.e., scanning Java applets assumed to be executable code) and takes a different action for other downloadable-information (i.e., not scanning non-applet downloadable information), Ji's system "determines whether the downloadable-information includes executable code". Ans. 37-38. In response, the Examiner further explains Ji's JAR file corresponds to the recited sandboxed package. See Ans. 40-43. Appellant has shown error in the Examiner's finding that Ji discloses the recited (claim 4) "determining whether the downloadable-information includes executable code." Ji (col. 3, 11. 23-25) discloses: "At this point the applets are statically scanned at the server by the scanner looking for particular instructions which may be problematic in a security context." Ji (col. 4, 1. 66-col. 5, 1. 4) discloses: Upon receipt of a particular Java applet, the HTTP proxy server 32, which is software running on server machine 20 and which has associated scanner software 26, then scans the applet and 4 Appeal2015-006304 Reexamination Control 90/013,017 Patent 7 ,058,822 B2 instruments it using an instrumenter 28 which is part of the scanner software 26. (Downloaded non-applets are not scanned.) In order to disclose determining whether the downloadable- information includes executable code, Ji must disclose distinguishing between two alternative possibilities: executable code is included in the downloadable-information, and executable code is not included in the downloadable-information. To the extent Ji's scanner does detect applets (for example, via applet tags), Ji does determine some cases where executable code is included in the downloadable-information (the applet tag reasonably indicates the existence of executable applet code). Nonetheless, we agree with Appellant that the lack of an applet tag does not determine that executable code is not included in the downloadable-information. See Declaration of Dr. Nenad Medvidovic ,-r 22. Thus; at best; Ji determines; in some cases; when executable code is included in the downloadable-information, but does not adequately determine when executable code is not included in the downloadable information. Therefore, Ji does not disclose the recited determining. Appellant has also shown error in the Examiner's finding that Ji discloses the recited (claim 4) "forming a sandboxed package including the mobile protection code and the downloadable-information." The error in this finding hinges on the meaning of the term "sandbox." Ji (col. 6, 11. 38--42) discloses: "The pre and post filter and monitoring package security policy functions[] are combined with the instrumented applet code in a single JAR (Java archive) file format at the server 32, and downloaded to the web browser 22 in client machine 14." Ji (col. 7, 11. 13- 5 Appeal2015-006304 Reexamination Control 90/013,017 Patent 7 ,058,822 B2 28) discloses prefetching dependency class files and instrumenting them once. Ji (col. 8, 11. 4--10) discloses creating a new JAR file from the instrumented class files and the monitoring package, and transfer thereof to the client machine. Appellant's Specification discloses: "The sandboxed package can also include a corresponding Downloadable and can provide for initiating the Downloadable in a protective 'sandbox'." Edery, col. 3, 11. 15-18. Appellant's Specification discloses: "An MPC and applicable policies can also, for example, precede each executable, such that each executable will be separately sandboxed in the same or a different manner according to MPC/policy configuration (see above) upon inflation and installation." Edery, col. 13, 11. 62---66. The term "sandbox" may be defined in the computer context as: n. 1. Java Virtual Machine security area for downloaded (remote or untrt1sted) applets, an area in \'l1hich such applets are confined and prevented from accessing system resources. Confinement to the sandbox prevents downloaded applets from carrying out potentially dangerous operations, maliciously or otherwise. They have to "play" inside the sandbox, and any attempt to "escape" is thwarted by the Java Security Manager. MICROSOFT COMPUTER DICTIONARY 463 (5th ed. 2002). Thus, we conclude that the broadest reasonable interpretation of "sandbox" requires an area in which executable code is initiated, confined, and prevented from accessing system resources. This interpretation is both consistent with Appellant's Specification and with a plain meaning of the term in the computer context. Thus, the recited (claim 4) "forming a sandboxed package including the mobile protection code and the 6 Appeal2015-006304 Reexamination Control 90/013,017 Patent 7 ,058,822 B2 downloadable-information" requires the downloadable-information to be inside an area in which executable code is initiated, confined, and prevented from accessing system resources. Ji's JAR file does include the instrumented class files and the monitoring package. See Ji, col. 8, 11. 4--10. However, Ji's JAR file is an archive file and not a sandboxed package because the JAR file does not cause Ji's applet to be inside an area, in which the applet's executable code is initiated, confined, and prevented from accessing system resources. With regard to Ji' s instrumentation, Ji instruments instructions. See Ji, Abstract. Thus, although Ji may have particular instructions that are instrumented, the instrumentation is also not a sandboxed package because the instrumentation also does not cause Ji 's applet to be inside an area in which the applet's executable code is initiated, confined, and prevented from accessing system resources. Therefore, Ji does not disclose the recited forming a sandboxed package. We, therefore, do not sustain the Examiner's rejection of claim 4, or of claims 5, 6, and 8, which depend from claim 4. Similarly, we also do not sustain the Examiner's rejection of independent claim 16, which recites "wherein the causing is accomplished by forming a sandboxed package including the mobile protection code and the downloadable-information, and causing the sandboxed package to be delivered to the downloadable-information destination," or of claims 17-27, which depend from claim 16. Similarly, we also do not sustain the Examiner's rejection of independent claim 37, which recites "determining whether the 7 Appeal2015-006304 Reexamination Control 90/013,017 Patent 7 ,058,822 B2 downloadable-information includes executable code," and further recites "forming a sandbox package including the MPC and the downloadable- information." Similarly, we also do not sustain the Examiner's rejection of independent claim 40, which recites "determining by a content inspection engine associated with the server whether the downloadable-information includes executable code," and further recites "forming by a packaging engine a sandboxed package including the mobile protection code and the downloadable-information." THE OBVIOUSNESS REJECTION OF CLAIM 7 OVER JI The Examiner finds Ji teaches all limitations of claim 7. Final Act. 9- 10. Claim 7 depends from claim 4. Thus, we do not sustain the Examiner's rejection of claim 7 for reasons discussed above with respect to claim 4. THE OBVIOUSNESS REJECTION OF CLAIMS 1-3 OVER JI AND LIU The Examiner finds Ji and Liu teach all limitations of claims 1-3. Ans. 17-22; see also Ans. 46-55. The Examiner finds Liu's detecting applet tags discloses the recited (claim 1) "determining whether the downloadable- information includes executable code." Ans. 19-20 (citing Liu, col. 3, 11. 7- 18; col. 4, 1. 62---col. 5, 1. 6; col. 6, 11. 19-57). Appellant presents the following principal arguments: 1. Liu does not teach the recited (claim 1) "determining whether the downloadable-information includes executable code" because Liu generates web pages with modified class names. See App. Br. 22-27. 8 Appeal2015-006304 Reexamination Control 90/013,017 Patent 7 ,058,822 B2 11. There is no motivation to combine Ji and Liu to arrive at the claimed invention. See App. Br. 27-29. Appellant has shown error in the Examiner's finding that Liu discloses the recited (claim 1) "determining whether the downloadable- information includes executable code." Our analysis of Liu is similar to our analysis of Ji. To the extent Liu does detect applet tags, the lack of an applet tag does not determine that executable code is not included in the downloadable-information. Thus, at best, Liu determines, in some cases, when executable code is included in the downloadable-information, but does not adequately determine when executable code is not included in the downloadable information. Therefore, Liu does not disclose the recited determining whether the downloadable- information includes executable code. We, therefore, do not sustain the Examiner's rejection of claim 1, or of claims 2 and 3, which depend from claim 1. THE OBVIOUSNESS REJECTION OF CLAIMS 4--8, 16-27, 37, AND 40 OVER JI AND LIU The Examiner finds Ji and Liu teach all limitations of claims 4--8, 16- 27, 37, and 40. Ans. 22-27; see also Ans. 55-57. The Examiner finds Liu's Java architecture including the Java sandbox discloses the recited sandboxed package. Ans. 22-23 (citing Liu, col. 2, 11. 19--41 ). Appellant presents the following principal arguments: 1. Ji does not disclose the recited (claim 4) "determining whether the downloadable-information includes executable code." App. Br. 31. 9 Appeal2015-006304 Reexamination Control 90/013,017 Patent 7 ,058,822 B2 11. Liu does not disclose the recited (claim 4) "forming a sandboxed package including the mobile protection code and the downloadable-information" because Liu's Java sandbox is part of the JVM within the client browser. See App. Br. 31-32; see also Declaration of Dr. Nenad Medvidovic i-f 39. 111. There is no motivation to combine Ji and Liu to arrive at the claimed invention. See App. Br. 32. Appellant has shown error in the Examiner's finding that Ji teaches the recited (claim 4) "determining whether the downloadable-information includes executable code" for reasons given above when addressing the anticipation rejection based on Ji. Appellant has also show error in the Examiner's finding that Liu teaches the recited (claim 4) "forming a sand boxed package including the mobile protection code and the downloadable-information." Liu (col. 2, 11. 19--41) discloses the Java sandbox and Java bytecode verifier. For reasons given above when addressing the anticipation rejection based on Ji, the recited (claim 4) "forming a sandboxed package including the mobile protection code and the downloadable-information" requires the downloadable-information to be inside an area in which executable code is initiated, confined, and prevented from accessing system resources. Liu's Java sandbox is part of the JVM within the client browser. Further, Liu's Java sandbox is an area in which executable code is initiated, confined, and prevented from accessing system resources. However, Liu's Java sandbox is not formed as a package including the downloadable- information because the Java sandbox is part of the JVM within the client 10 Appeal2015-006304 Reexamination Control 90/013,017 Patent 7 ,058,822 B2 browser. See Liu, col. 2, 11. 19--41. Therefore, Liu does not disclose the recited forming a sandboxed package. We, therefore, do not sustain the Examiner's rejection of claim 4, or of claims 5, 6, and 8, which depend from claim 4. Similarly, we also do not sustain the Examiner's rejection of independent claim 16, which recites "wherein the causing is accomplished by forming a sandboxed package including the mobile protection code and the downloadable-information, and causing the sandboxed package to be delivered to the downloadable-information destination," or of claims 17-27, which depend from claim 16. Similarly, we also do not sustain the Examiner's rejection of independent claim 37, which recites "determining whether the downloadable-information includes executable code," and further recites "forming a sandbox package including the MPC and the downloadable- information." Similarly, we also do not sustain the Examiner's rejection of independent claim 40, which recites "determining by a content inspection engine associated with the server whether the downloadable-information includes executable code," and further recites "forming by a packaging engine a sandboxed package including the mobile protection code and the downloadable-information." 11 Appeal2015-006304 Reexamination Control 90/013,017 Patent 7 ,058,822 B2 THE OBVIOUSNESS REJECTION OF CLAIMS 4--8, 16-27, 37, AND 40 OVER JI AND GOLAN The Examiner finds Ji and Golan teach all limitations of claims 4--8, 16-27, 37, and 40. Ans. 27-33; see also Ans. 57-59. The Examiner finds Golan's security monitor discloses the recited (claim 4) "determining whether the downloadable-information includes executable code." Ans. 27 (citing Golan, col. 4, 11. 51---61). The Examiner finds Golan's security monitor's secure sandbox discloses the recited sandboxed package. Ans. 28 (citing Golan, col. 4, 1. 62---col. 5, 1. 14). Appellant presents the following principal arguments: 1. Golan does not disclose the recited (claim 4) "determining whether the downloadable-information includes executable code" because Golan monitors the behavior of already downloaded and executing code to intercept and redirect API calls. App. Br. 35-36. 11. "Golan's security monitor is also not a sandboxed package because the claimed package is structured so that the mobile protection code is executed prior to executing the downloadable, as illustrated in elements 340 - 343 of FIGS. 3 and 4 of the present specification." App. Br. 36. 111. There is no motivation to combine Ji and Golan to arrive at the claimed invention. See App. Br. 36-37. Appellant has shown error in the Examiner's finding that Golan teaches the recited (claim 4) "determining whether the downloadable-information includes executable code." Our analysis of Golan is similar to our analysis of Ji and Liu. Golan (col. 4, 11. 58---61) discloses: "The security monitor detects when a downloaded software component attempts to commit an action that breaches 12 Appeal2015-006304 Reexamination Control 90/013,017 Patent 7 ,058,822 B2 security and functions to halt the component's execution and issue a warning to the user." To the extent Golan does detect actions that breach security; the lack of such an action does not determine that executable code is not included in the downloadable-information. Thus, at best, Golan determines, in some cases, when executable code is included in the downloadable- information, but does not adequately determine when executable code is not included in the downloadable information. Therefore, Golan does not disclose the recited determining whether the downloadable-information includes executable code. Appellant has also shown error in the Examiner's finding that Golan teaches the recited (claim 4) "forming a sand boxed package including the mobile protection code and the downloadable-information." Golan (col. 4, 1. 62---col. 5, 1. 14) discloses the secure sandbox and security monitor, with the security monitor filtering the APL For reasons given above when addressing the anticipation rejection based on Ji, the recited (claim 4) "forming a sandboxed package including the mobile protection code and the downloadable-information" requires the downloadable-information to be inside an area in which executable code is initiated, confined, and prevented from accessing system resources. Golan's sandbox is an area in which executable code is initiated, confined, and prevented from accessing system resources. However, Golan's sandbox is not formed as a package including the downloadable- information. See Golan, Fig. 1. Therefore, Golan does not disclose the recited forming a sandboxed package. 13 Appeal2015-006304 Reexamination Control 90/013,017 Patent 7 ,058,822 B2 We, therefore, do not sustain the Examiner's rejection of claim 4, or of claims 5, 6, and 8, which depend from claim 4. Similarly, we also do not sustain the Examiner's rejection of independent claim 16, which recites "wherein the causing is accomplished by forming a sandboxed package including the mobile protection code and the downloadable-information, and causing the sandboxed package to be delivered to the downloadable-information destination," or of claims 17-27, which depend from claim 16. Similarly, we also do not sustain the Examiner's rejection of independent claim 37, which recites "determining whether the downloadable-information includes executable code," and further recites "forming a sandbox package including the MPC and the downloadable- information." Similarly, we also do not sustain the Examiner's rejection of independent claim 40, which recites "determining by a content inspection engine associated with the server whether the downloadable-information includes executable code," and further recites "forming by a packaging engine a sandboxed package including the mobile protection code and the downloadable-information." THE REJECTION OF CLAIMS 36, 38, AND 39 AS ENLARGING THE SCOPE OF THE CLAIMS The Examiner rejected claims 36, 38, and 39 as enlarging the scope of the claims. Final Act. 19-20. 14 Appeal2015-006304 Reexamination Control 90/013,017 Patent 7 ,058,822 B2 Appellant does not present any arguments regarding this rejection. See App. Br. 39--43; Reply Br. 24. We, therefore, sustain the Examiner's rejection of claims 36, 38, and 39. DECISION The Examiner's decision rejecting claims 1-8, 16-27, 37, and 40 is reversed. The Examiner's decision rejecting claims 36, 38, and 39 is affirmed. Extensions of time for taking any subsequent action in connection with this appeal are governed by 37 C.F.R. Â§ 1.550(c). See 37 C.F.R. Â§ 41.50(Â±). AFFIRMED-IN-PART ACP 15 UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte FINJAN, INC. Appellant Appeal2015-006304 Reexamination Control 90/013,017 Patent 7 ,058,822 B2 Technology Center 3900 Before STEPHEN C. SIU, JEREMY J. CURCURI, and IRVINE. BRANCH, Administrative Patent Judges. BRANCH, Administrative Patent Judge, dissenting-in-part. I agree with and join the majority's decision that the Examiner's rejection of claims 36, 38, and 39 should be affirmed. I also agree with the majority's ultimate decision that the Examiner's rejection of claims 4--8, 16- 27, 37, and 40 should be reversed, although I do not fully agree with the majority's reasoning. Specifically, as I explain hereinafter, I do not agree with the majority's reasoning with respect to the "determining whether" limitation of certain claims at issue. While I otherwise agree with the majority's reasoning because of the "sandbox" limitations, our disagreement over "determining whether" compels me to dissent as to the majority's decision that the Examiner's rejection of claims 1-3 must be reversed. I Appeal2015-006304 Reexamination Control 90/013,017 Patent 7 ,058,822 B2 would, instead, affirm the Examiner's decision that claims 1-3 are obvious over Ji and Liu. The majority finds that "[i]n order to disclose determining whether the downloadable-information includes executable code, Ji must disclose distinguishing between two alternative possibilities: executable code is included in the downloadable-information, and executable code is not included in the downloadable-information." I disagree. Instead, for either obviousness or anticipation with respect to the limitation at issue, a prior art reference "determin[ing] some cases where executable code is included in the downloadable-information," as the majority finds to be the case, is sufficient for "determine whether" downloadable-information includes executable code. Accordingly, I respectfully dissent-in-part. Appellant: Bey & Cotropia PLLC (Finjan Inc.) Dawn-Marie Bey 213 Bayly Court Richmond VA 23229 Third-party requestor: Ryan W. Cobb, DLA PIPER LLP (US) 401 B Street Suite 1700 San Diego, CA 92101 17