11370114 (P.T.A.B. Dec. 4, 2015)

Sophos Inc.v.Finjan, Inc.

Patent Trial and Appeal BoardDec 4, 2015

11370114 (P.T.A.B. Dec. 4, 2015)

Trials@uspto.gov Paper 8 571-272-7822 Entered: September 24, 2015 UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ SOPHOS, INC., Petitioner, v. FINJAN, INC., Patent Owner. ____________ Case IPR2015-00907 Patent 7,613,926 B2 ____________ Before JAMES B. ARPIN, ZHENYU YANG, and CHARLES J. BOUDREAU, Administrative Patent Judges. ARPIN, Administrative Patent Judge. DECISION Denying Institution of Inter Partes Review 37 C.F.R. § 42.108 IPR2015-00907 Patent 7,613,926 B2 2 I. INTRODUCTION Sophos, Inc. (“Petitioner”) filed a Petition (Paper 1, “Pet.”) requesting inter partes review pursuant to 35 U.S.C. § 311 of claims 15, 18, 19, and 22 of Patent No. US 7,613,926 B2 to Edery et al. (Ex. 1001, “the ’926 patent”). Pet. 4. Finjan, Inc. (“Patent Owner”) filed a Preliminary Response. Paper 7 (“Prelim. Resp.”). We review the Petition under 35 U.S.C. § 314, which provides that an inter partes review may not be instituted “unless . . . there is a reasonable likelihood that the petitioner would prevail with respect to at least 1 of the claims challenged in the petition.” 35 U.S.C. § 314(a). For the reasons that follow and on this record, we are not persuaded that Petitioner demonstrates a reasonable likelihood of prevailing in showing the unpatentability of any of the challenged claims on the asserted grounds. Accordingly, we deny Petitioner’s request to institute an inter partes review. A. The ’926 Patent The ’926 patent issued November 3, 2009, from U.S. Patent Application No. 11/370,114, filed March 7, 2006. The ’926 patent also claims priority from six earlier applications, of which the earliest-filed is U.S. Patent Application No. 08/964,388, filed November 6, 1997. Ex. 1001, [60], [63], col. 1, ll. 8–32. The ’926 patent is directed to systems and methods to protect personal computers and other network accessible devices from “harmful, undesirable, suspicious or other ‘malicious’ operations that might otherwise be effectuated by remotely operable code.” Ex. 1001 col. 2, ll. 27–31. The protection paradigm involves hashing an incoming Downloadable to derive an identifier, referred to as a “Downloadable ID,” which is used to reference security profile data for the incoming Downloadable in a database indexed IPR2015-00907 Patent 7,613,926 B2 3 according to Downloadable IDs. Id. at col. 2, l. 27–col. 4, l. 49; Fig. 1b and 1c. The Downloadable security profile data for each Downloadable includes “a list of suspicious computer operations that may be attempted by the Downloadable.” Id. at col. 21, ll. 66–67. Thus, security profile data for a Downloadable is derived from that Downloadable. Patent Owner contends that security profile data are different from “security policies, for example, which include policies specific to particular users and generic policies that determine whether to allow or block an incoming Downloadable.” Paper 7, 4 (citing Ex. 1001, col. 4, ll. 27–37). The Downloadable and representation of the Downloadable security profile data are sent to a destination computer. Ex. 1001, col. 22, ll. 1–4. Because previously generated profiles can be retrieved efficiently, the systems and methods allow accurate security decisions to be made without the need to generate profiles for all incoming Downloadables, and it is not necessary for the Downloadable to be scanned by the device for malicious operations because the Downloadable security profile already lists malicious operations. See Ex. 1001, col. 10, ll. 44–50. B. Related Proceedings The ’926 patent is the subject of a district court action between the parties, Finjan, Inc. v. Sophos, Inc., 3:14-cv-01197 (N.D. Cal.), and also has been asserted in two other district court actions, Finjan, Inc. v. Symantec Corp., 3:14-cv-02998 (N.D. Cal.), and Finjan, Inc. v. Palo Alto Networks, Inc., 3:14-cv-04908 (N.D. Cal.). Pet. 1–2; Paper 6, 1. Petitioner also has filed a petition seeking inter partes review of a related patent, Patent No. US IPR2015-00907 Patent 7,613,926 B2 4 8,677,494 B2 to Edery et al. Sophos, Inc. v. Finjan, Inc., Case IPR2015- 01022, Paper 1. C. Illustrative Claim Petitioner challenges claims 15, 18, 19, and 22 of the ’926 patent. Claims 15 (method) and 22 (system) are independent. Each of claims 18 and 19 depends directly from independent claim 15. Claim 15 is illustrative and is reproduced below: 15. A computer-based method, comprising the steps of: receiving an incoming Downloadable; performing a hashing function on the incoming Downloadable to compute an incoming Downloadable ID; retrieving security profile data for the incoming Downloadable from a database of Downloadable security profiles indexed according to Downloadable IDs, based on the incoming Downloadable ID, the security profile data including a list of suspicious computer operations that may be attempted by the Downloadable; and transmitting the incoming Downloadable and a representation of the retrieved Downloadable security profile data to a destination computer, via a transport protocol transmission. Ex. 1001, col. 21, l. 58–col. 22, l. 4 (emphases added). Disputed limitations are emphasized. IPR2015-00907 Patent 7,613,926 B2 5 D. Applied References and Declaration Petitioner relies on the following references and declaration in support of its asserted grounds of unpatentability: Exhibit References and Declaration Date 1003 Declaration of Charles H. Sauer NA 1004 Patent No. US 5,983,348 to Ji (“Ji”) Sept. 10, 1997 1005 Patent No. US 6,263,442 B1 to Mueller et al. (“Mueller”) May 30, 1996 1025 Donald E. Knuth, The Art of Computer Programming, Vol. 3, Sorting and Searching (Addison Wesley Publishing Co., Inc. 1973) (“Knuth”) 1973 1027 Jan Hruska, Computer Viruses and Anti-Virus Warfare (Ellis Horwood Ltd, 2nd rev. ed. 1992) (“Hruska”) 1992 As noted above, the ’926 patent claims the benefit of the November 6, 1997 filing date of U.S. Patent Application No. 08/964,388. Ex. 1001, col. 1, ll. 22–24; Paper 7, 59–60. Petitioner argues, however, that the ’926 patent is entitled only to priority from U.S. Provisional Patent Application No. 60/205,591, filed May 17, 2000. Paper 1, 8. Nevertheless, because each of the applied references has an effective date prior to November 6, 1997, we agree with Patent Owner that we need not determine whether the ’926 patent is entitled to a priority date later than its earliest claimed priority date for purposes of this Decision. Paper 7, 59. IPR2015-00907 Patent 7,613,926 B2 6 E. Asserted Grounds of Unpatentability Petitioner challenges the patentability of each of claims 15, 18, 19, and 22 on the following grounds:1 References Basis Claims Challenged Ji, Knuth, and Hruska 35 U.S.C. § 103(a) 15, 18, 19, and 22 Mueller, Knuth, and Hruska, alone or in combination with Ji 35 U.S.C. § 103(a) 15, 18, 19, and 22 1 Petitioner asserts that “[u]sing hash function to index entries in a database must have been well-known in the art because if it was not, the Challenged Claims would not be described or enabled under 35 U.S.C. § 112.” Pet. 20 (citing Ex. 1003 ¶ 75). Nevertheless, no challenge under 35 U.S.C. § 112 is permitted in a petition for inter partes review. 35 U.S.C. § 311(b); see Prelim. Resp. 24 n.1. IPR2015-00907 Patent 7,613,926 B2 7 II. DISCUSSION A. Claim Interpretation In an inter partes review proceeding, claims of an unexpired patent are given their broadest reasonable interpretation in light of the specification of the patent in which they appear. 37 C.F.R. § 42.100(b); Office Patent Trial Practice Guide, 77 Fed. Reg. 48,756, 48,766 (Aug. 14, 2012); see also In re Cuozzo Speed Techs., LLC, 793 F.3d 1268, 1278 (Fed. Cir. 2015) (“We conclude that Congress implicitly approved the broadest reasonable interpretation standard in enacting the AIA.”). Under this standard, we presume that claim terms have their ordinary and customary meaning. See In re Translogic Tech., Inc., 504 F.3d 1249, 1257 (Fed. Cir. 2007) (“The ordinary and customary meaning is the meaning that the term would have to a person of ordinary skill in the art in question.”) (internal quotation marks omitted). A patentee, however, may rebut this presumption by acting as his own lexicographer, providing a definition of the term in the specification with “reasonable clarity, deliberateness, and precision.” In re Paulsen, 30 F.3d 1475, 1480 (Fed. Cir. 1994). Petitioner proposes interpretations for various claim terms: “database,” “Downloadable,” “Downloadable security profile data,” “a representation of the retrieved Downloadable security profile data,” “receiver,” “Downloadable identifier,” “database manager,” and “transmitter coupled with said receiver.” Pet. 24–28. Patent Owner responds to each of Petitioner’s proposed interpretations, offering interpretations for each term. Prelim. Resp. 7–15. IPR2015-00907 Patent 7,613,926 B2 8 1. “database”(Claims 15 and 22) The term “database” is recited in claims 15 and 22 of the ’926 patent. Relying on the definition provided in The IEEE Standard Dictionary of Electrical and Electronics Terms (Ex. 1036), Petitioner argues that the term “database” means “a collection of logically related data stored together in one or more computerized files and indexed by one or more indices.” Pet. 24 (citing Ex. 1036, 3). Nevertheless, the IEEE definition does not state that the collection of data is “indexed by one or more indices,” and Petitioner does not explain adequately the source of this addition to the IEEE definition. Id. Petitioner also argues that, although the district court in the related action construed “database” in the ’926 patent to mean “a collection of interrelated data organized according to a database schema to serve one or more applications” (Ex. 1033, 3), the district court’s construction is too narrow to be the broadest reasonable interpretation because the ’926 patent uses the term “database” in a broad manner throughout the Specification, including allegedly comparing a database to a reference list. Pet. 25 (citing Ex. 1001, col. 16, ll. 51–55); see Facebook, Inc. v. Pragmatus AV, LLC, 582 Fed. Appx. 864, 869 (Fed. Cir. 2014) (nonprecedential) (“The broadest reasonable interpretation of a claim term may be the same as or broader than the construction of a term under the Phillips standard. But it cannot be narrower.”). Patent Owner contends that the proper construction of “database” is instead “a collection of interrelated data organized according to a database schema to serve one or more applications.” Prelim. Resp. 7. As Patent Owner points out (id.), this construction has been adopted by the district court in the related action between the parties (Ex. 1033, 7). Patent Owner IPR2015-00907 Patent 7,613,926 B2 9 contends that “[t]his construction stays true to the claim language and most naturally aligns with the patent’s description of the invention as well as the well-accepted definition of the term.” Prelim. Resp. 7 (citing IBM DICTIONARY OF COMPUTING, 165 (10th ed. 1993) (Ex. 2001, 3)). Moreover, in response to Petitioner’s argument that the district court’s construction is too narrow, Patent Owner contends that the portion of the Specification, upon which Petitioner relies, actually differentiates “a referencing list” from “a database” by referring to them separately. Id. at 7–8 (citing Ex. 1001, col. 16, ll. 51–55 (stating that a “referencing list, database or other storage structure(s) . . .” can be used to implement a protection scheme; emphasis added). Further, Patent Owner contends that the district court recognized this distinction in its construction of this term. Id. at 8 (quoting Ex. 1033, 5). We agree with Patent Owner that the district court’s construction in the related action between the parties represents the broadest reasonable interpretation of “database” in light of the claim language and the Specification of the ’926 patent. See Translogic Tech., 504 F.3d at 1257; see also Power Integrations, Inc. v. Lee, ___ F.3d ____, 2015 WL 4757642, at *6 (Fed. Cir. Aug. 12, 2015) (“The fact that the board is not generally bound by a previous judicial interpretation of a disputed claim term does not mean . . . that it has no obligation to acknowledge that interpretation or to assess whether it is consistent with the broadest reasonable construction of the term.”). As explained in the Claim Construction Order, the ’926 patent does not define the term “database” (Ex. 1033, 5), there is no evidence that Patent Owner disavowed the full scope of that term either in the Specification or during prosecution (id.), and Patent Owner’s definition appears to reflect IPR2015-00907 Patent 7,613,926 B2 10 both the context of the Specification, as well as an accepted definition of the term. Ex. 1033, 5, 7; see Ex. 1036, 3; Ex. 2001, 3. Accordingly, on this record and for purposes of this Decision, we determine that the broadest reasonable interpretation of the term “database” to be “a collection of interrelated data organized according to a database schema to serve one or more applications.” 2. “Downloadable” (Claims 15, 18, and 22) The term “Downloadable” is recited in challenged claims 15, 18, and 22. According to Petitioner, under the broadest reasonable interpretation, the term “Downloadable” means “information received over a network that can include executable code (e.g. Java applets, JavaScript and Visual Basic scripts, ActiveX controls, Visual Basic, and other add-ins).” Pet. 25 (citing Ex. 1001, col. 2, ll. 46–51); see Ex. 1003 ¶ 90; see also Ex. 1001, col. 1, l. 66–col. 2, l. 3, col. 2, ll. 35–40 (providing other examples of Downloadables). In response, Patent Owner contends that the proper construction of the term “Downloadable” is “an executable application program which is downloaded from a source computer and run on the destination computer.” Prelim. Resp. 8–9. Patent Owner points out that this is the definition provided in Patent Nos. US 6,804,780 B2 (Ex. 1012) and US 6,092,194 (Ex. 1013), from which the ’926 patent claims priority and which the ’926 patent incorporates by reference. Id. at 9 (citing Ex. 1001, col. 1, ll. 17–27; Ex. 1012, col. 1, ll. 50–53; Ex. 1013, col. 1, ll. 44–46). Moreover, it is also the definition agreed to by Patent Owner and Petitioner in the related action. Id. (citing Ex. 2002, 2). IPR2015-00907 Patent 7,613,926 B2 11 Although the broadest reasonable interpretation may differ from a construction agreed upon by the parties to a district court action, where claim construction is determined according to the different standard set forth in Phillips v. AWH Corp., 415 F.3d 1303 (Fed. Cir. 2005) (en banc); on this record, we see no rationale for Petitioner’s alternative interpretation of this term. Power Integration, 2015 WL 4757642, at *6. Further, as noted above, the broadest reasonable interpretation of a claim term may be the same as or broader than the construction of that term under the Phillips standard, but not narrower. Facebook, 582 Fed. Appx. at 869. To the extent that Petitioner seeks to incorporate specific examples of “executable code” into the interpretation of this term, those examples narrow the interpretation of this term. Moreover, as Patent Owner notes, its proposed interpretation is broad enough to encompass those examples. Prelim. Resp. 10. We agree with and adopt the interpretation of the term “Downloadables” to which the parties agreed in the district court action, as the broadest reasonable interpretation of “Downloadable” consistent with the Specification. Accordingly, on this record and for purposes of this Decision, we construe the term “Downloadable” to mean “an executable application program which is automatically downloaded from a source computer and run on a destination computer.” 3. “Downloadable security profile data” (Claims 15 and 22) The term “Downloadable security profile data” is recited in claims 15 and 22 of the ’926 patent. Petitioner argues that the broadest reasonable interpretation of this term is “security information relating to the Downloadable.” Pet. 26. According to Petitioner, this term must be construed broadly to encompass the specific examples included in claim 15 IPR2015-00907 Patent 7,613,926 B2 12 and in other, unchallenged claims; and this construction is consistent with the Specification of the ’926 patent. Id. (citing Ex. 1001, col. 3, ll. 6–11, col. 20, l. 67–col. 21, l. 3 (claim 1), col. 21, ll. 14–22 (claims 5–7), Fig. 9); see Ex. 1003 ¶¶ 91–93. Patent Owner contends that the term needs no express construction and that the plain meaning within the context of claims 15 and 22 should apply. Prelim. Resp. 11–13. Although the term “Downloadable” is interpreted above, and claim 15 and 22 provide specific language explaining what “Downloadable security profile data” includes, the phrase “security profile data” is not defined in the Specification, and neither party proposes an accepted definition for that phrase. See Pet. 26; Prelim. Resp. 11–13. Further, we find Petitioner’s proposed interpretation, “security information relating to the Downloadable,” to be overly broad, substantially circular, and generally unhelpful. As noted above, we presume that claim terms have their ordinary and customary meaning. See Translogic Tech., 504 F.3d at 1257. Looking at the individual words comprising the phrase, we note that “security” means “something that gives or assures safety, tranquility, certainty, etc.; protection; safeguard”; “profile” means “a graph, diagram, piece of writing, etc. presenting or summarizing data relevant to a person or thing”; and “data” means “information.” WEBSTER’S NEW WORLD DICTIONARY OF AMERICAN ENGLISH, 352, 1074, 1214 (3rd ed. 1988) (Ex. 3001). In addition, as noted by Petitioner, other claims of the patent at issue, both challenged and unchallenged, can be valuable sources of enlightenment as to the meaning of a claim term. See Vitronics Corp. v. Conceptronic, Inc., 90 F.3d 1576, 1582 (Fed. Cir. 1996). Consistent with the Specification and the IPR2015-00907 Patent 7,613,926 B2 13 challenged and unchallenged claims of the ’926 patent, “Downloadable security profile data” includes “a list of suspicious computer operations that may be attempted by the Downloadable” (Ex. 1001, claims 15 and 22) and may include “calls made to an operating system, a file system, a network system, and to memory” (id., claim 5); “a URL from where the Downloadable originated” (id., claim 6); and “a digital certificate” (id., claim 7). See Ex. 1001, col. 2, ll. 51–64. Accordingly, on this record and for purposes of this Decision, the broadest reasonable interpretation of the term “Downloadable security profile data” is “a presentation or summary of information regarding the protection or safeguarding of an executable application program which is automatically downloaded from a source computer and run on a destination computer.” 4. Other Claim Terms For purposes of this Decision, no other claim terms require express interpretation. Wellman, Inc. v. Eastman Chem. Co., 642 F.3d 1355, 1361 (Fed. Cir. 2011) (“claim terms need only be construed ‘to the extent necessary to resolve the controversy’” (quoting Vivid Techs., Inc. v. Am. Sci. & Eng’g, Inc., 200 F.3d 795, 803 (Fed. Cir. 1999))). B. Asserted Grounds of Unpatentability 1. Overview Petitioner argues that claims 15, 18, 19, and 22 of the ’926 patent are rendered obvious by the combinations of references described above. See supra Sec. I.E. A patent claim is unpatentable under 35 U.S.C. § 103(a) if the differences between the claimed subject matter and the prior art are “such that the subject matter[,] as a whole[,] would have been obvious at the IPR2015-00907 Patent 7,613,926 B2 14 time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.” KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 406 (2007). The question of obviousness is resolved on the basis of underlying factual determinations, including: (1) the scope and content of the prior art; (2) any differences between the claimed subject matter and the prior art; (3) the level of skill in the art2; and (4) objective evidence of nonobviousness, i.e., secondary considerations. Graham v. John Deere Co., 383 U.S. 1, 17–18 (1966). On this record and for the reasons set forth below, we are not persuaded that Petitioner demonstrates a reasonable likelihood of prevailing in the challenges to claims 15, 18, 19, and 22 of the ’926 patent. 2. Obviousness over Ji, Knuth, and Hruska Petitioner contends that the combination of the teachings of Ji, Knuth, and Hruska would have rendered obvious the subject matter of claims 15, 18, 19, and 22 of the ’926 patent. Pet. 29–40. For the reasons that follow, we are not persuaded that Petitioner has established a reasonable likelihood that it would prevail on this ground with respect to any of the challenged claims. a. Ji Ji describes methods and scanners for detecting and preventing execution of instructions in an application program provided from a computer network, in particular, methods and “network scanner for security checking of application programs (e.g. Java applets or Active X controls) 2 Petitioner proposes a definition for a person of ordinary skill in the art. Pet. 16; see Ex. 1003 ¶ 69. Patent Owner does not challenge this definition. For purposes of this Decision and to the extent necessary, we adopt Petitioner’s definition. IPR2015-00907 Patent 7,613,926 B2 15 received over the Internet or an Intranet [that] has both static (pre-run time) and dynamic (run time) scanning.” Ex. 1004, Abstract. Ji teaches creating a sandboxed package including mobile protection code, the downloadable- information and the security policies, where the sandboxed package is communicated subsequently to the intended client destination. Id. at col. 3, ll. 32–44, col. 4, l. 66–col. 5, l. 43, col. 6, ll. 38–42, col. 7, ll. 8–28; Pet. 30 (citing Ex. 1003 ¶ 106). Ji’s Figure 1 is reproduced below: Figure 1 depicts a block diagram illustrating client machine 14 connected to the Internet 10 via proxy server machine 20. Ex. 1004, col. 4, ll. 55–60. Proxy server machine 20 receives software from the Internet 10 IPR2015-00907 Patent 7,613,926 B2 16 and transmits that software to client machine 14 via web browser 22, so that the software is installed on client machine 14. Id. at col. 4, ll. 60–63. Client machine 14 also includes local resources 30, e.g., files stored on a disk drive. Id. During prosecution of the ’926 patent, the Examiner relied on Ji as an anticipatory reference disclosing all of the limitations of originally filed claims, including original claims 141 and 143, which, after amendment, issued as challenged claims 15 and 22. Pet. 7–8; Ex. 1002, 127. During prosecution, however, the Examiner determined that at least two claims, original claims 142 and 144, contained allowable subject matter and would be allowable if rewritten in independent form to include the limitations of their base claims, claims 141 and 143. Ex. 1002, 132. Claim 142 recited “[t]he computer-based method of claim 141 further comprising performing a hashing function on the incoming Downloadable to compute the incoming Downloadable ID”; and claim 144 recited “[t]he system of claim 143 further comprising a Downloadable identifier for performing a hashing function on the incoming Downloadable to compute the incoming Downloadable to compute the incoming Downloadable ID.” Id. at 97 (emphases added). Applicants overcame the anticipation rejections of claims 141 and 143 over Ji by amending claims 141 (claim 15) and 143 (claim 22) to include the limitations of claims 142 and 144, respectively. Id. at 148–49. b. Knuth Knuth is a treatise on computer programming. Ex. 1025, 5–6; Pet. 31 (citing Ex. 1003 ¶ 109). In Knuth’s Section 6.4, Knuth provides a history and explanation of the use of hashing functions in computer programming in IPR2015-00907 Patent 7,613,926 B2 17 1973. Ex. 1025, 39–75; see Pet. 31 (citing Ex. 1003 ¶ 110). Petitioner argues that Knuth teaches that the use of hashing functions was well-known in computer programming and computer security applications. Pet. 32 (citing Ex. 1003 ¶ 110). c. Hruska Hruska provides a framework for describing the principles of network security, particularly, virus protection. Ex. 1027, 12–13. Hruska analyzes the state of anti-virus principles in 1992 and teaches the use of various computer programming techniques for protecting computers, including the use of hashing functions to index entries in a database and the use of hashing functions for virus protection. Pet. 32 (citing Ex. 1003 ¶¶ 111–12). d. Discussion Relying, in part, on the analysis performed by the Examiner during prosecution, Petitioner argues that Ji teaches or suggests all of the limitations of challenged claims 15 and 22, except for the limitations relating to performance of the hashing function. Pet. 32–37 (claim 15), 39–40 (claim 22) (citing Ex. 1002, 127–130). Further, Petitioner argues that Ji teaches the additional limitations of claims 18 and 19. Id. at 37–39. Petitioner acknowledges, however, that “Ji does not explicitly disclose using a hash of the Downloadable as an index.” Id. at 31 (citing Ex. 1003 ¶¶ 107–108). Petitioner argues, however, that the combination of the teachings of Ji with those of Knuth and Hruska teach or suggest “performing a hashing function on the incoming Downloadable to compute an incoming Downloadable ID,” as recited in claims 15 and 22 of the ’926 patent. Id. at 33–34, 39. Regarding the “performance” step of claim 15, Petitioner argues that “Knuth and Hruska disclose[] using a hash function to index entries in a IPR2015-00907 Patent 7,613,926 B2 18 database, which comprises the performance of a hashing function on the incoming data to compute an ID for the incoming data.” Pet. 33. Although the Specification of the ’926 patent does not include a definition of a hashing function, Hruska defines a “hash function” as “[a] function which maps a set of variable size data into objects of a single size. Widely used for fast searching.” Ex. 1027, 138. Patent Owner does not propose an alternative definition for “hashing function” for purposes of this Decision. Initially, we note that Petitioner argues that hashing the Downloadables to create the index entries in a database “comprises” hashing the incoming Downloadable to compute a Downloadable ID for the incoming data. Specifically, Petitioner states that “it would have been obvious to a POSITA to utilize a hash function as disclosed in Knuth and Hruska on an applet to form an index, and to use that index to retrieve the predefined security policies applicable to the applet from a database of predefined security policies.” Pet. 34 (citing Pet. 16–21; Ex. 1003 ¶ 135). We agree with Patent Owner, however, that Petitioner fails to show where Knuth and Hruska teach or suggest performing a hashing function on a Downloadable to obtain a Downloadable ID (Prelim. Resp. 21–25 (citing Ex. 1025, 39; Ex. 1027, 83–84, 89)) for later use in “retrieving security profile data for the incoming Downloadable from a database of Downloadable security profiles indexed according to Downloadable IDs” (id. at 25–28). Nevertheless, as Petitioner notes, Knuth teaches “search methods based on comparing the given argument K to the keys in the table, or using its digits to govern a branching process.” Id. at 23 (quoting Ex. 1025, 39); see Pet. 33. According to Petitioner, another possibility, which would avoid “rummaging” through a table of data, would be to do “some IPR2015-00907 Patent 7,613,926 B2 19 arithmetical calculation on K, computing a function f(K) which is the location of K and the associated data in the table.” Prelim. Resp. 23 (quoting Ex. 1025, 39); see Pet. 33. Petitioner explains that “K is the claimed ‘Downloadable,’ f(K) is a hashing function, and the result from the hashing function, f(K), is the claimed ‘Downloadable ID’.” Pet. 33; see Ex. 1003 ¶¶ 131–35. Further, Petitioner argues that a person of ordinary skill in the art “would have been motivated to perform the hashing function on an entire applet[, i.e., a Downloadable,] because Ji discloses that a security policy may be imposed based on the entire applet.” Pet. 35 (citing Ex. 1004, col. 3, ll. 7–56, col. 4, ll. 51–54; Ex. 1003 ¶¶ 126–35). As Patent Owner notes, however, Knuth states that “K” is an argument for a search algorithm, not an incoming Downloadable. Prelim. Resp. 23 (citing Ex. 1025, 39 (“the given argument K”)). Patent Owner further contends that “the function, f(K), does not compute a Downloadable ID. f(K) is simply a function in a program’s search algorithm for finding argument K’s location in the table.” Id. (citing Ex. 1025, 39 (“computing a function f(K) which is the location of K and the associated data in the table.”)). Moreover, even assuming, as Petitioner argues, that a person of ordinary skill in the art “would have been motivated to perform the hashing function on an entire applet” (Pet. 35), Petitioner fails to demonstrate sufficiently that this teaches or suggests computation of a Downloadable ID or retrieval of Downloadable security profile data based on a Downloadable ID. Prelim. Resp. 27–28. In view of Patent Owner’s arguments and our interpretations of the relevant claim terms, we are not persuaded by Petitioner that the combination of the teachings of Ji, Knuth, and Hruska teaches or suggests performing a hashing function on a Downloadable to IPR2015-00907 Patent 7,613,926 B2 20 compute a Downloadable ID or retrieving Downloadable security profile data from a database of Downloadable security profiles based on the computed Downloadable ID, as recited in claim 15 and 22 of the ’926 patent. In addition, Petitioner argues that Ji teaches or suggests the step of “transmitting the incoming Downloadable and a representation of the retrieved Downloadable security profile data to a destination computer, via a transport protocol transmission,” as recited in claims 15 and 22 of the ’926 patent. Ex. 1001, col. 22, ll. 1–4, 32–35 (emphasis added). Relying, in part, on the Examiner’s determination during prosecution (Pet. 36 (citing Ex. 1002, 127–130)), Petitioner argues that Ji teaches a “‘monitoring package’ that includes ‘security policy functions’ and is combined with the ‘instrumented’ applet in a single Java archive, which is transmitted from the server [20] to the browser [22] running on the client machine [14]” (id. (citing Ex. 1004, Abstract, col. 3, ll. 7–56, col. 4, l. 66–col. 5, l. 27, col. 6, ll. 38–51, Fig. 1)). Nevertheless, as Patent Owner notes, Ji discloses “instrumenting” suspicious operations in the received applet, e.g., “the incoming Downloadable,” before transmission of the instrumented applet with the “monitoring package.” Prelim. Resp. 32–33 (citing Ex. 1005, col. 6, ll. 38– 42 (“[t]he pre and post-filter and monitoring package security policy functions are combined with the instrumented applet code in a single JAR (Java archive)”)); see also Pet. 36 (“Ji discloses ‘instrumenting’ the suspicious operations in the received applet (claimed ‘Downloadable’).” (citations omitted)). Patent Owner contends that “Ji’s instrumented applet is the output of Ji’s applet scanner, which statically scans applets to identify IPR2015-00907 Patent 7,613,926 B2 21 problematic instructions and then instruments the identified problematic instructions, by ‘altering the applet byte code sequence’ by inserting pre- and post-filters or by replacing the problematic instructions with another instruction.” Prelim. Resp. 33 (quoting Ex. 1004, col. 5, ll. 16–18). Because applet code is altered or replaced in the “instrumenting” process, we are not persuaded that Ji’s transmission of an “instrumented” applet teaches or suggests the transmission of “the incoming Downloadable,” as recited in claims 15 and 22 of the ’926 patent. On this record, Petitioner has not identified sufficient evidence that the combination of the teachings of Ji, Knuth, and Hruska teaches or suggests all of the limitations recited in independent claims 15 and 22 and, in particular, either “performing a hashing function on the incoming Downloadable to compute an incoming Downloadable ID” or “transmitting the incoming Downloadable and a representation of the retrieved Downloadable security profile data to a destination computer,” or both. Consequently, we are not persuaded that Petitioner demonstrates a reasonable likelihood that it would prevail at trial in showing that the subject matter of either of those claims or of dependent claims 18 or 19 would have been rendered obvious over the asserted combination of these references. 3. Obviousness over Mueller, Knuth, and Hruska, alone or in combination with Ji Petitioner contends that the combination of the teachings of Mueller, Knuth, and Hruska, alone or in combination with Ji, would have rendered obvious the subject matter of claims 15, 18, 19, and 22 of the ’926 patent. Pet. 40–52; see Pet. 46 (“To the extent Mueller does not disclose this element, Ji discloses this element.”); Prelim. Resp. 40. For substantially the same reasons as set forth in our discussion of the first asserted ground in IPR2015-00907 Patent 7,613,926 B2 22 Section II.B.2, supra, we are not persuaded that Petitioner demonstrates a reasonable likelihood that it would prevail on this ground with respect to any of the challenged claims. a. Mueller Mueller describes systems and methods for securing a program’s execution in a network environment. Ex. 1005, Abstract; Ex. 1003 ¶ 178. The systems and methods taught by Mueller describe reviewing information and requests received by a computing device and determining whether to permit the information or requests to proceed by analyzing the information and requests. Ex. 1005, Abstract, col. 2, ll. 7–10, Table 1; Ex. 1003 ¶ 178. Mueller discloses signing a servlet using a “digital signature” on one server and transferring the “signed” servlet to another server where the “digital signature” verifies the source of the signed servlet “particularly by digital signature,” referring to a JarFile.hash, on the other server. Ex. 1005, col. 3, l. 62–col. 4, l. 45, Table 1. Mueller then takes this information and requests and packages it together prior to sending it to another client device for use. Ex. 1005, Abstract, col. 1, ll. 34–44 and 52–56, col. 3, ll. 58–66, col. 4, ll. 63–65; Ex. 1003 ¶ 178. b. Discussion As discussed above in Section II.B.2, Petitioner argues that Knuth (Ex. 1025) teaches that hashing is a very well-known concept in software and network security and that Hruska (Ex. 1027) teaches applying the hashing concept to these fields. See Pet. 41 (citing Ex. 1003 ¶¶ 109–112, 179). Petitioner argues that a person of ordinary skill in the art would have had reason to combine the teachings of Mueller with those of Knuth and IPR2015-00907 Patent 7,613,926 B2 23 Hruska to provide such claim limitations that may not be taught by Mueller alone. See Pet. 41. Among other limitations, Petitioner argues that “a hashing functionality specific to provide a security analysis of downloaded information” would be taught or suggested by Knuth and Hruska. Id. at 41– 46; Ex. 1025, 39–75; Ex. 1027, 138; Ex. 1003 ¶ 180. In particular, Petitioner argues that Knuth discloses that performing hashing functions to create a unique identifier as required by [the “hashing function” step] was well known in the art, and Hruska further describes the use of hashing for this purpose in for this purpose in the software security field at least as early as 1992. Pet. 41 (citing Ex. 1025. 39; Ex. 1027, 83–84, 89; Ex. 1003 ¶ 180). Consequently, Petitioner asserts that the subject matter of claims 15, 18, 19, and 22 would have been rendered obvious over Mueller, Knuth, and Hruska. Id. (citing Ex. 1003 ¶¶ 176–246). With respect to the “hashing function” step, Petitioner argues that Mueller teaches creation of sig.ID, as referenced in Table I, which teaches creating the recited Downloadable ID of claims 15 and 22. Pet. 42–43 (citing Ex. 1005, Table 1; Ex. 1003 ¶ 194). According to Petitioner, Mueller describes how the incoming Downloadable, the SignedJarFile, i.e., the servlet, undergoes a hashing function, which includes extracting information from the SignedJarFile. Ex. 1005 at Table 1; Ex. 1003 at ¶ 194. After extracting the information from SignedJarFile, Mueller describes computing a hash from the SignedJarFile’s extracted information (here, JarFile.hash). Ex. 1005 at Table 1; Ex. 1003 at ¶ 194. This hash is then compared against a previously determined hash value to determine the veracity of the signature in the SignedJarFile, i.e., the servlet (Downloadable). Ex. 1005 at Table 1; Ex. 1003 at ¶ 194. Once the signature is determined to IPR2015-00907 Patent 7,613,926 B2 24 be valid (the signature is referenced as sig), Mueller then discloses comparing the sig.ID against a list of trusted signatures. Ex. 1005 at Table 1; Ex. 1003 at ¶ 194. Through this disclosure, it is evident that the sig.ID is the Downloadable ID of the SignedJarFile, i.e., the servlet (the Downloadable). Ex. 1003 at ¶ 194. Pet. 43 (emphases added). As Patent Owner points out, however, Petitioner acknowledges that Mueller’s hashing function is not used to compute the value that Petitioner equates with the Downloadable ID, namely, Mueller’s sig.ID. Prelim. Resp. 40–41 (quoting Pet. 43 (“Through this disclosure, it is evident that the sig.ID is the Downloadable ID of the SignedJarFile, i.e., the servlet (the Downloadable).” (emphasis added))). Instead, referring to Mueller’s Figure 3, the sig.ID is received with the servlet over the network. Id. at 41. Referring to Mueller’s Table I, the “signature is detached from .class file; and if servlet has only one .class file, then signed JAR file is just that .class file, plus the necessary signature info.” The sig.ID then is compared to a list of trusted signatures. Ex. 1005, Table I. If the signature is listed, the file then is loaded on the server. Id. As Patent Owner further contends, “the sig.ID identifies the source of the servlet—not the servlet itself.” Prelim. Resp. 42 (citing Ex. 1005, col. 3, l. 55–col. 4, l. 5 (“the server’s security manager identifies the network source of the servlet and implements a security policy based on the servlet’s network source.”)). Consequently, after considering Petitioner’s and Patent Owner’s arguments and evidence, we are not persuaded that Petitioner demonstrates a reasonable likelihood that it would prevail in showing that Mueller’s sig.ID teaches a Downloadable ID or performing a hashing function on the incoming servlet, i.e., a Downloadable, to compute an incoming Downloadable ID. IPR2015-00907 Patent 7,613,926 B2 25 Alternatively, Petitioner argues that, even if Mueller does not disclose “performing a hashing function on the incoming Downloadable to compute an incoming Downloadable ID,” a person of ordinary skill in the art would have reason to perform the “hashing function” in the recited manner, in view of the teachings of Knuth and Hruska. Pet. 43–44. Nevertheless, as Patent Owner contends (Prelim. Resp. 42–43) and for the reasons discussed above, Petitioner fails to show where Knuth and Hruska teach or suggest performing a hashing function on a Downloadable to obtain a Downloadable ID (id. at 21–25 (citing Ex. 1025, 39; Ex. 1027, 83–84, 89)) for later use in “retrieving security profile data for the incoming Downloadable from a database of Downloadable security profiles indexed according to Downloadable IDs” (id. at 25–28). See supra pgs. 17–20. Petitioner additionally argues that Mueller teaches or suggests the step of “transmitting the incoming Downloadable and a representation of the retrieved Downloadable security profile data to a destination computer, via a transport protocol transmission,” as recited in claims 15 and 22 of the ’926 patent. Ex. 1001, col. 22, ll. 1–4, 32–35(emphasis added). Petitioner argues that Mueller teaches A first server is configured to permit execution of a program from a second server based on a configurable security characteristic of the program. The first server receives the program transferred from the second server. Subsequently, the program is checked for the configurable security characteristic. The program is executed on the first server if permitted by the configurable security characteristic. Pet. 46 (citing Ex. 1005, col. 1, l. 66–col. 2, l. 2 (emphasis added). Nevertheless, as Patent Owner notes, Mueller only teaches transmitting the program from the second server to the first server. Prelim. IPR2015-00907 Patent 7,613,926 B2 26 Resp. 47–48. The program then is “checked for the configurable security characteristic” at the first server. Id. at 48 (citing Ex. 1005, Fig. 3). Petitioner, however, fails to show that Mueller teaches transmitting “a representation of the Downloadable security profile” with the program from the second server to the first server. Pet. 46–47; Prelim. Resp. 47. Petitioner relies on Dr. Sauer’s testimony that “Mueller discloses that the transmission of the programs (which include the Downloadable and a representation of the Downloadable security profile set forth in the chart above) between servers would be transmitted over a transport protocol transmission,” as demonstrating that Mueller teaches transmission of “a representation of the Downloadable security profile” with Mueller’s program. Pet. 47 (citing Ex. 1003 ¶ 219). Dr. Sauer’s testimony is conclusory and unsupported, and, thus, unpersuasive. 37 C.F.R. § 42.65(a). We are not persuaded that Mueller’s transmission of a program from a second server to a first server teaches or suggests the transmission of “the incoming Downloadable and a representation of the Downloadable security profile,” as recited in claims 15 and 22 of the ’926 patent. To the extent that Mueller does not teach the “transmitting” step, Petitioner argues in the alternative that Ji teaches this limitation. Pet. 46–48. Nevertheless, as Patent Owner contends (Prelim. Resp. 49) and for the reasons discussed above, we are not persuaded that Ji’s transmission of an “instrumented” applet teaches or suggests the transmission of “the incoming Downloadable,” as recited in claims 15 and 22 of the ’926 patent. See supra pgs. 20–21. On this record, Petitioner has not identified sufficient evidence that Mueller, Knuth, and Hruska, alone or in combination with Ji, teach or IPR2015-00907 Patent 7,613,926 B2 27 suggest all of the limitations recited in independent claims 15 and 22 and, in particular, either “performing a hashing function on the incoming Downloadable to compute an incoming Downloadable ID” or “transmitting the incoming Downloadable and a representation of the retrieved Downloadable security profile data to a destination computer,” or both. Consequently, we are not persuaded that Petitioner demonstrates a reasonable likelihood that it would prevail at trial in showing that the subject matter of either of those claims or of dependent claims 18 or 19 would have been rendered obvious over the asserted combination of these references. III. CONCLUSION On this record, we are not persuaded that Petitioner demonstrates a reasonable likelihood that it would prevail in showing the unpatentability of any of claims 15, 18, 19, and 22 of the ’926 patent on the grounds asserted in the Petition. Consequently, the Petition is denied as to each of the asserted grounds. IV. ORDER Accordingly, it is: ORDERED that the Petitioner is denied, and no inter partes review is instituted as to any of claims 15, 18, 19, and 22 of the ’926 patent. IPR2015-00907 Patent 7,613,926 B2 28 For PETITIONER: James M. Heintz Jeff R. Cole Ryan W. Cobb DLA PIPER (US) LLP Sophos-Finjan-926IPR@dlapiper.com For PATENT OWNER: James Hannah Michael H. Lee Paul J. Andre KRAMER LEVIN NAFTALIS & FRANKEL LLP jhannah@kramerlevin.com mhlee@kramerlevin.com pandre@kramerlevin.com

Sophos Inc. v. Finjan, Inc.