Ex Parte 7647633 et alDownload PDFPatent Trial and Appeal BoardJun 29, 201690013016 (P.T.A.B. Jun. 29, 2016) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 90/013,016 10/07/2013 7647633 FINREXM0005 9521 115222 7590 06/29/2016 Bey & Cotropia PLLC (Finjan Inc.) Dawn-Marie Bey 213 Bayly Court Richmond, VA 23229 EXAMINER BASEHOAR, ADAM L ART UNIT PAPER NUMBER 3992 MAIL DATE DELIVERY MODE 06/29/2016 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) MOD PTOL-90A (Rev.06/08) APPLICATION NO./ CONTROL NO. FILING DATE FIRST NAMED INVENTOR / PATENT IN REEXAMINATION ATTORNEY DOCKET NO. EXAMINER ART UNIT PAPER NUMBER DELIVERY MODE Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. UNITED STATES DEPARTMENT OF COMMERCE U.S. Patent and Trademark Office Address : COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov UNITED STATES PATENT AND TRADEMARK OFFICE _____________________________________________________________________________________ UNITED STATES PATENT AND TRADEMARK OFFICE ________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ________________ Ex parte FINJAN, INC. Appellant ________________ Appeal 2016-004279 Reexamination Control 90/013,016 Patent 7,647,633 B2 Technology Center 3900 ________________ Before STEPHEN C. SIU, JEREMY J. CURCURI, and IRVIN E. BRANCH, Administrative Patent Judges. Opinion for the board filed by Administrative Patent Judge CURCURI. Opinion dissenting-in-part filed by Administrative Patent Judge BRANCH. CURCURI, Administrative Patent Judge. DECISION ON APPEAL U.S. Patent 7,647,633 B2 (Jan. 12, 2010; Edery et al., hereinafter “Edery”) is under reexamination. Appellant appeals under 35 U.S.C. §§ 134(b) and 306 from the Examiner’s rejection of claims 1–7, 28–33, and 42–52. Final Act. 21. We have jurisdiction under 35 U.S.C. §§ 134(b) and 306. We heard the appeal on June 22, 2016. Claims 1–3, 28–33, and 44 are rejected under 35 U.S.C. § 102(e) as anticipated by Ji (US 5,983,348; Nov. 9. 1999). Final Act. 7–8. Appeal 2016-004279 Reexamination Control 90/013,016 Patent 7,647,633 B2 2 Claims 4–7, 48, and 49 are rejected under 35 U.S.C. § 102(b) as anticipated by Ji. Final Act. 8–10. Claims 1–3 and 44 are rejected under 35 U.S.C. § 102(e) as anticipated by Liu (US 6,058,482; May 2, 2000). Final Act. 10–12. Claims 4 and 7 are rejected under 35 U.S.C. § 102(b) as anticipated by Liu. Final Act. 12–13. Claims 28–33 are rejected under 35 U.S.C. § 103(a) as obvious over Ji and Golan (US 5,974,549; Oct. 26, 1999). Final Act. 13–15. Claim 42 is rejected under 35 U.S.C. § 103(a) as obvious over Ji and Liu. Final Act. 15–17. Claims 43, 45–47, and 50–52 are rejected under 35 U.S.C. § 305 as enlarging the scope of the claims. Final Act. 18–21. We affirm-in-part. STATEMENT OF THE CASE Appellant’s invention relates to “protecting network-connectable devices from undesirable downloadable operation.” Edery, col. 1, ll. 31–33. Claims 1 and 28 are illustrative: 1. A computer processor-based method, comprising: receiving, by a computer, downloadable-information; determining, by the computer, whether the downloadable-information includes executable code; and based upon the determination, transmitting from the computer mobile protection code to at least one information- destination of the downloadable-information, if the downloadable-information is determined to include executable code. 28. A processor-based method, comprising: Appeal 2016-004279 Reexamination Control 90/013,016 Patent 7,647,633 B2 3 receiving a sandboxed package that includes mobile protection code (“MPC”) and a Downloadable and one or more protection policies at a computer at a Downloadable- destination; causing, by the MPC on the computer, one or more operations attempted by the Downloadable to be received by the MPC; receiving, by the MPC on the computer, an attempted operation of the Downloadable; and initiating, by the MPC on the computer, a protection policy corresponding to the attempted operation. ANALYSIS THE ANTICIPATION REJECTION OF CLAIMS 1–3, 28–33, AND 44 BY JI The Examiner finds Ji discloses all limitations of claims 1–3, 28–33, and 44. Final Act. 7–8. Claims 1–3 and 44 Appellant presents the following principal argument: Ji does not disclose the recited (claim 1) “determining, by the computer, whether the downloadable-information includes executable code.” See App. Br. 13–17; see also Reply Br. 7–8. [O]ne of skill in the art would understand that an applet tag is not a determination that the file contains executable code because an applet tag does not mean executable code exists within the Downloadable, nor does the lack of an applet tag mean that executable code does not exist within the Downloadable. Furthermore, Ji only operates on applets and does not scan non-applets. Declaration of Dr. Nenad Medvidovic (hereinafter “Medvidovic Decl.”) ¶ 20; see also id. ¶ 21. Appeal 2016-004279 Reexamination Control 90/013,016 Patent 7,647,633 B2 4 In response, the Examiner explains: [B]y Ji scanning every Java applet and only Java applets for malicious instructions, Ji anticipates the claim language at issue. Since Ji’s system takes a first action for downloadable- information including executable code (i.e., scanning Java applets presumed to be executable code) and takes a different action for other downloadable-information (i.e., not scanning non-applet downloadable-information), Ji’s system determines “whether the downloadable-information includes executable code.” Ans. 6. In response, the Examiner further explains: “Ji’s teaching of searching for and identifying ‘particular instructions’ (i.e., operations to be executed) that are to be executed at a client device meets the claimed limitation of ‘determining, by the computer, whether downloadable- information includes executable code.’” Ans. 7. Appellant has shown error in the Examiner’s finding that Ji discloses the recited (claim 1) “determining, by the computer, whether the downloadable-information includes executable code.” Ji (col. 3, ll. 23–25) discloses: “At this point the applets are statically scanned at the server by the scanner looking for particular instructions which may be problematic in a security context.” Ji (col. 4, l. 66–col. 5, l. 4) discloses: Upon receipt of a particular Java applet, the HTTP proxy server 32, which is software running on server machine 20 and which has associated scanner software 26, then scans the applet and instruments it using an instrumenter 28 which is part of the scanner software 26. (Downloaded non-applets are not scanned.) Appeal 2016-004279 Reexamination Control 90/013,016 Patent 7,647,633 B2 5 In order to disclose determining whether the downloadable- information includes executable code, Ji must disclose distinguishing between two alternative possibilities: executable code is included in the downloadable-information, and executable code is not included in the downloadable-information. To the extent Ji’s scanner does detect applets (for example, via applet tags), Ji does determine some cases where executable code is included in the downloadable-information (the applet tag reasonably indicates the existence of executable applet code). Nonetheless, we agree with Appellant that the lack of an applet tag does not determine that executable code is not included in the downloadable-information. See Medvidovic Decl. ¶ 20. Thus, at best, Ji determines, in some cases, when executable code is included in the downloadable-information, but does not adequately determine when executable code is not included in the downloadable information. Therefore, Ji does not disclose the recited determining. We, therefore, do not sustain the Examiner’s rejection of claim 1, or of claims 2 and 3, which depend from claim 1. Similarly, we also do not sustain the Examiner’s rejection of independent claim 44, which recites “determining, by the computer, whether the downloadable-information includes executable code.” Claims 28–33 Appellant presents the following principal argument: Ji does not disclose the recited (claim 28) “receiving a sandboxed package that includes mobile protection code (‘MPC’) and a Downloadable Appeal 2016-004279 Reexamination Control 90/013,016 Patent 7,647,633 B2 6 and one or more protection policies at a computer at a Downloadable- destination.” See App. Br. 17–20; see also Reply Br. 8–10. A JAR archive file is a collection of compressed Java class files. http://d1.acm.org/citation.cfm?id=301676 (1999) (“Java class files are often distributed as jar files, which are collections of individually compressed class files (and possibility other files).”). In contrast, the sandboxed package provides several functions, including initiating a Downloadable in a protective “sandbox.” 633 Patent 3:5-21. Sandboxing is not mentioned in Ji. Nor does Ji describe that the JAR file it sends implements a sandbox. Medvidovic Decl. ¶ 26. In response, the Examiner further explains Ji’s JAR file corresponds to the recited sandboxed package. See Ans. 8–10. Appellant has shown error in the Examiner’s finding that Ji discloses the recited (claim 28) “receiving a sandboxed package that includes mobile protection code (‘MPC’) and a Downloadable and one or more protection policies at a computer at a Downloadable-destination.” The error in this finding hinges on the meaning of the term “sandbox.” Ji (col. 6, ll. 38–42) discloses: “The pre and post filter and monitoring package security policy functions[] are combined with the instrumented applet code in a single JAR (Java archive) file format at the server 32, and downloaded to the web browser 22 in client machine 14.” Ji (col. 7, ll. 13– 28) discloses prefetching dependency class files and instrumenting them once. Ji (col. 8, ll. 4–10) discloses creating a new JAR file from the instrumented class files and the monitoring package, and transfer thereof to the client machine. Appeal 2016-004279 Reexamination Control 90/013,016 Patent 7,647,633 B2 7 Appellant’s Specification discloses: “The sandboxed package can also include a corresponding Downloadable and can provide for initiating the Downloadable in a protective ‘sandbox’.” Edery, col. 3, ll. 16–18. Appellant’s Specification discloses: “An MPC and applicable policies can also, for example, precede each executable, such that each executable will be separately sandboxed in the same or a different manner according to MPC/policy configuration (see above) upon inflation and installation.” Edery, col. 13, ll. 50–54. The term “sandbox” may be defined in the computer context as: n. 1. Java Virtual Machine security area for downloaded (remote or untrusted) applets, an area in which such applets are confined and prevented from accessing system resources. Confinement to the sandbox prevents downloaded applets from carrying out potentially dangerous operations, maliciously or otherwise. They have to “play” inside the sandbox, and any attempt to “escape” is thwarted by the Java Security Manager. MICROSOFT COMPUTER DICTIONARY 463 (5th ed. 2002). Thus, we conclude that the broadest reasonable interpretation of “sandbox” requires an area in which executable code is initiated, confined, and prevented from accessing system resources. This interpretation is both consistent with Appellant’s Specification and with a plain meaning of the term in the computer context. Thus, the recited (claim 28) “receiving a sandboxed package that includes mobile protection code (‘MPC’) and a Downloadable and one or more protection policies at a computer at a Downloadable-destination” requires the Downloadable to be inside an area in which executable code is initiated, confined, and prevented from accessing system resources. Appeal 2016-004279 Reexamination Control 90/013,016 Patent 7,647,633 B2 8 Ji’s JAR file does include the instrumented class files and the monitoring package. See Ji, col. 8, ll. 4–10. However, Ji’s JAR file is an archive file and not a sandboxed package because the JAR file does not cause Ji’s applet to be inside an area, in which the applet’s executable code is initiated, confined, and prevented from accessing system resources. With regard to Ji’s instrumentation, Ji instruments instructions. See Ji, Abstract. Thus, although Ji may have particular instructions that are instrumented, the instrumentation is also not a sandboxed package because the instrumentation also does not cause Ji’s applet to be inside an area in which the applet’s executable code is initiated, confined, and prevented from accessing system resources. Therefore, Ji does not disclose the recited receiving a sandboxed package. We, therefore, do not sustain the Examiner’s rejection of claim 28, or of claims 29–33, which depend from claim 28. THE ANTICIPATION REJECTION OF CLAIMS 4–7, 48, AND 49 BY JI The Examiner finds Ji discloses all limitations of claims 4–7, 48, and 49. Final Act. 8–10; see also Ans. 16–21. Claims 4–7 depend from claim 1. Thus, we do not sustain the Examiner’s rejection of claims 4–7 for reasons discussed above with respect to claim 1. Independent claim 48 recites (claim 48) “a content inspection engine communicatively coupled to the information monitor for determining, by the computer, whether the downloadable-information includes executable code.” Thus, we do not sustain the Examiner’s rejection of claim 48 for reasons Appeal 2016-004279 Reexamination Control 90/013,016 Patent 7,647,633 B2 9 discussed above with respect to claim 1. We also do not sustain the Examiner’s rejection of claim 49, which depends from claim 48. THE ANTICIPATION REJECTION OF CLAIMS 1–3 AND 44 BY LIU The Examiner finds Liu discloses all limitations of claims 1–3 and 44. Final Act. 10–12; see also Ans. 21–24. The Examiner finds Liu’s detecting applet tags discloses the recited (claim 1) “determining, by the computer, whether the downloadable-information includes executable code.” Final Act. 10. Appellant presents the following principal argument: Liu does not teach the recited (claim 1) “determining, by the computer, whether the downloadable-information includes executable code” because Liu generates web pages with modified class names. See App. Br. 29–33; see also Reply Br. 13–14. Appellant has shown error in the Examiner’s finding that Liu discloses the recited (claim 1) “determining, by the computer, whether the downloadable-information includes executable code.” Our analysis of Liu is similar to our analysis of Ji. To the extent Liu does detect applet tags, the lack of an applet tag does not determine that executable code is not included in the downloadable-information. Thus, at best, Liu determines, in some cases, when executable code is included in the downloadable-information, but does not adequately determine when executable code is not included in the downloadable information. Therefore, Liu does not disclose the recited determining whether the downloadable- information includes executable code. Appeal 2016-004279 Reexamination Control 90/013,016 Patent 7,647,633 B2 10 We, therefore, do not sustain the Examiner’s rejection of claim 1, or of claims 2 and 3, which depend from claim 1. Similarly, we also do not sustain the Examiner’s rejection of independent claim 44, which recites “determining, by the computer, whether the downloadable-information includes executable code.” THE ANTICIPATION REJECTION OF CLAIMS 4–7 BY LIU The Examiner finds Liu discloses all limitations of claims 4–7. Final Act. 12–13; see also Ans. 24–25. Claims 4–7 depend from claim 1. Thus, we do not sustain the Examiner’s rejection of claims 4–7 for reasons discussed above with respect to claim 1. THE OBVIOUSNESS REJECTION OF CLAIMS 28–33 OVER JI AND GOLAN The Examiner finds Ji and Golan teach all limitations of claims 28– 33. Final Act. 13–15; see also Ans. 26–32. The Examiner finds Golan’s security monitor’s secure sandbox discloses the recited sandboxed package. Final Act. 13–14. Appellant presents the following principal arguments: i. “Golan’s security monitor is also not a sandboxed package because the claimed package is structured so that the mobile protection code is executed prior to executing the downloadable, as illustrated in elements 340 - 343 of FIGS. 3 and 4 of the present specification.” App. Br. 36; see also Reply Br. 16. Appeal 2016-004279 Reexamination Control 90/013,016 Patent 7,647,633 B2 11 ii. There is no motivation to combine Ji and Golan to arrive at the claimed invention. See App. Br. 36–37. Appellant has shown error in the Examiner’s finding that Golan teaches the recited (claim 28) “receiving a sandboxed package that includes mobile protection code (‘MPC’) and a Downloadable and one or more protection policies at a computer at a Downloadable-destination.” Golan (col. 4, l. 62–col. 5, l. 14) discloses the secure sandbox and security monitor, with the security monitor filtering the API. For reasons given above when addressing the anticipation rejection based on Ji, the recited (claim 28) “receiving a sandboxed package that includes mobile protection code (‘MPC’) and a Downloadable and one or more protection policies at a computer at a Downloadable-destination” requires the Downloadable to be inside an area in which executable code is initiated, confined, and prevented from accessing system resources. Golan’s sandbox is an area in which executable code is initiated, confined, and prevented from accessing system resources. However, Golan’s sandbox is not formed as a package including the Downloadable. See Golan, Fig. 1. Therefore, Golan does not disclose the recited receiving a sandboxed package. We, therefore, do not sustain the Examiner’s rejection of claim 28, or of claims 29–33, which depend from claim 28. THE OBVIOUSNESS REJECTION OF CLAIM 42 OVER JI AND LIU The Examiner finds Ji and Liu teach all limitations of claim 42. Final Act. 15–17; see also Ans. 33–37. For the recited (claim 42) “determining, Appeal 2016-004279 Reexamination Control 90/013,016 Patent 7,647,633 B2 12 by the computer, whether each of the multiple instances of downloadable- information includes executable code,” the Examiner relies on Ji’s applet scanning. Final Act. 15. Because independent claim 42 recites (claim 42) “determining, by the computer, whether each of the multiple instances of downloadable- information includes executable code,” we do not sustain the Examiner’s rejection of claim 42 for reasons discussed above with respect to claim 1. THE REJECTION OF CLAIMS 43, 45–47, AND 50–52 AS ENLARGING THE SCOPE OF THE CLAIMS The Examiner rejected claims 43, 45–47, and 50–52 under 35 U.S.C. § 305 as enlarging the scope of the claims. Final Act. 18–21; see also Ans. 37–39. Appellant argues that claims 43, 45–47, and 50–52 contain subject matter of the same or narrower scope than the original patented claims. See App. Br. 45–49; see also Reply Br. 19–23. We agree with and adopt as our own the Examiner’s findings with respect to claims 43, 45–47, and 50–52 in the Final Action at pages 18–21. We also agree with and adopt as our own the Examiner’s further explanation with respect to claims 43, 45–47, and 50–52 in the Examiner’s Answer at pages 37–39. We, therefore, sustain the Examiner’s rejection under 35 U.S.C. § 305 of claims 43, 45–47, and 50–52. Appeal 2016-004279 Reexamination Control 90/013,016 Patent 7,647,633 B2 13 DECISION The Examiner’s decision rejecting claims 1–7, 28–33, 42, 44, 48, and 49 is reversed. The Examiner’s decision rejecting claims 43, 45–47, and 50–52 is affirmed. Extensions of time for taking any subsequent action in connection with this appeal are governed by 37 C.F.R. § 1.550(c). See 37 C.F.R. § 41.50(f). AFFIRMED-IN-PART CC: Third Party Requester: DLA PIPER LLP (US) 401 CONGRESS AVENUE, SUITE 2500 AUSTIN, TX 78701 Appeal 2016-004279 Reexamination Control 90/013,016 Patent 7,647,633 B2 14 UNITED STATES PATENT AND TRADEMARK OFFICE ________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ________________ Ex parte FINJAN, INC. Appellant ________________ Appeal 2016-004279 Reexamination Control 90/013,016 Patent 7,647,633 B2 Technology Center 3900 ________________ Before STEPHEN C. SIU, JEREMY J. CURCURI, and IRVIN E. BRANCH, Administrative Patent Judges. BRANCH, Administrative Patent Judge, dissenting-in-part. I agree with and join the majority’s decision that the Examiner’s rejection of claims 43, 45–47, and 50–52 should be affirmed. I also agree with and join the majority’s decision that the Examiner’s rejection of claims 28–33 should be reversed. I do not agree with the majority’s decision that the Examiner’s rejection of claims 1–7, 42, 44, 48, and 49 should be reversed. Specifically, as I explain hereinafter, I do not agree with the majority’s reasoning with respect to the “determining, by the computer, whether” limitation of certain claims at issue. Appeal 2016-004279 Reexamination Control 90/013,016 Patent 7,647,633 B2 15 The majority finds that “[i]n order to disclose determining whether the downloadable-information includes executable code, Ji must disclose distinguishing between two alternative possibilities: executable code is included in the downloadable-information, and executable code is not included in the downloadable-information.” I disagree. Instead, for either obviousness or anticipation with respect to the limitation at issue, a prior art reference “determin[ing] some cases where executable code is included in the downloadable-information,” as the majority finds to be the case, is sufficient for “determining, by the computer, whether” downloadable- information includes executable code. Accordingly, I respectfully dissent-in-part. Copy with citationCopy as parenthetical citation
