PALO ALTO NETWORKS, INC. v. FINJAN, INC. [OPINION - NONPRECEDENTIAL] , No. 17-2543 (Fed. Cir. 2019)

Annotate this Case

Download PDF

NOTE: This disposition is nonprecedential. United States Court of Appeals for the Federal Circuit ______________________ PALO ALTO NETWORKS, INC., Appellant v. FINJAN, INC., Cross-Appellant ______________________ 2017-2543, 2017-2623 ______________________ Appeals from the United States Patent and Trademark Office, Patent Trial and Appeal Board in Nos. IPR201600159, IPR2016-01174. -------------------------------------------------FINJAN, INC., Appellant v. ANDREI IANCU, UNDER SECRETARY OF COMMERCE FOR INTELLECTUAL PROPERTY AND DIRECTOR OF THE UNITED STATES PATENT AND TRADEMARK OFFICE, Intervenor ______________________ 2 PALO ALTO NETWORKS, INC. v. FINJAN, INC. 2017-2047 ______________________ Appeal from the United States Patent and Trademark Office, Patent Trial and Appeal Board in Nos. IPR201501892, IPR2016-00890. ______________________ Decided: July 2, 2019 ______________________ ORION ARMON, Cooley LLP, Broomfield, CO, argued for appellant Palo Alto Networks, Inc. PAUL J. ANDRE, Kramer Levin Naftalis & Frankel LLP, Menlo Park, CA, argued for cross-appellant and appellant Finjan, Inc. Also represented by JAMES R. HANNAH. ROBERT MCBRIDE, Office of the Solicitor, United States Patent and Trademark Office, Alexandria, VA, argued for intervenor. Also represented by THOMAS W. KRAUSE, MAITRANG DUC DANG, FARHEENA YASMEEN RASHEED. ______________________ Before WALLACH, LINN, and HUGHES, Circuit Judges. HUGHES, Circuit Judge. This decision arises from the consolidated appeals of three inter partes reviews of a computer security patent. Symantec Corp., Blue Coat Systems LLC, and Palo Alto Networks, Inc., petitioned for inter partes review of U.S. Patent No. 8,677,494 B2. The Patent Trial and Appeal Board instituted partial review of the challenged claims. The Board found claims 3–5 and 10–15 to be not unpatentable but determined that claims 1, 2, and 6 of the ’494 patent are unpatentable as obvious over Swimmer. Palo Alto Networks appeals the Board’s decision on the ’494 patent’s priority date and the patentability of claims 10, 11, and 15. PALO ALTO NETWORKS, INC. v. FINJAN, INC. 3 Finjan, Inc. cross-appeals the Board’s finding that claims 1, 2, and 6 are unpatentable. For the following reasons, we affirm the Board’s final decision. I A. Finjan, Inc., owns the ’494 patent, which expired on January 29, 2017, and is directed to “protection systems and methods capable of protecting a personal computer [] or other” devices from “‘malicious’ operations.” ’494 patent col. 2 ll. 51–56. The ’494 patent addresses issues in virus detection. Internet browsers allow individuals to attach executable programs to their websites, some of which may contain malicious code that runs automatically upon opening a website. Early antivirus software systems had trouble processing these programs, called Downloadables. The ’494 patent describes a method to detect viruses within Downloadables using a two phased approach comprised of an inspection phase and a determination phase. Independent claims 1 and 10 of the ’494 patent are representative for purposes of this appeal and are reproduced below. 1. A computer-based method, comprising the steps of: receiving an incoming Downloadable; deriving security profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable; and storing the Downloadable security profile data in a database. ’494 patent col. 21 ll. 19–25 (emphasis added). 10. A system of managing Downloadables, comprising: 4 PALO ALTO NETWORKS, INC. v. FINJAN, INC. a receiver for receiving an incoming Downloadable; a Downloadable scanner coupled with said receiver, for deriving security profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable; and a database manager coupled with said Downloadable scanner, for storing the Downloadable security profile data in a database. Id. col. 22 ll. 7–16 (emphasis added). Only the inspection phase is relevant to this appeal. It entails three steps. First, the computer receives a Downloadable from an external network. Second, the system analyzes the executable code of the Downloadable to generate Downloadable security profile (DSP) data. The Downloadable scanner in claim 10 is a code scanner that generates the DSP data by decomposing the code using conventional parsing techniques. The code scanner identifies suspicious computer operations in the Downloadable code and lists them as DSP data. Finally, the DSP data for the Downloadable is stored in a database. B. On March 6, 2014, Finjan filed a Petition to Accept an Unintentionally Delayed Priority Claim pursuant to 37 C.F.R. § 1.78 to fix a break in the ’494 patent’s priority chain. Finjan sought to include U.S. Patent Nos. 6,092,194 (Touboul) and 6,167,502 as parent applications in U.S. Patent No. 7,058,822, which is a parent of the ’494 patent. On February 16, 2016, the Patent Office issued a reexamination certificate amending the specification of the ’822 patent. Because the ’494 patent is a continuation of the ’822 patent, this certificate effectively amended the specification of the ’494 patent to incorporate Touboul by reference and change its priority date to 1997. PALO ALTO NETWORKS, INC. v. FINJAN, INC. 5 On September 10, 2015, Symantec filed a petition for inter partes review of the ’494 patent. 1 The Board instituted a trial with respect to claims 1, 2, 5, 6, 10, 11, 14, and 15 on the grounds that those claims are obvious over a paper presented at the September 1995 Virus Bulletin Conference entitled “Dynamic Detection and Classification of Computer Viruses Using General Behavior Patterns” (Swimmer). On November 6, 2015, Palo Alto Networks, Inc. (PAN), filed a petition for inter partes review (IPR2016-00159). PAN asserted that claims 1–8 and 10–17 are obvious over various combinations of prior art references, including Swimmer and Touboul, and that Touboul anticipates claims 1, 3–6, 19, 12–15, and 18. The Board instituted review of claims 1, 2, 6, 10, 11, and 15 over Swimmer. The Board declined to institute on any of the grounds that relied on Touboul because it determined that the ’494 patent’s priority date predated Touboul. Swimmer teaches a dynamic generalized antivirus system that generates and analyzes an audit trail of operations attempted by the Downloadable. The system does this by using an emulator to simulate executing the Downloadable. While the emulator executes the Downloadable, the Swimmer system creates a log entry in the audit trail whenever the Downloadable attempts to invoke certain operating system functions. Touboul discloses searching Downloadables for malicious code. Like the ’494 patent, Touboul generates DSP data. Compare J.A. 1337 with ’494 patent col. 21 ll. 21–23. In the preferred embodiment, Touboul teaches that the DSP data is derived using a “code scanner[, which] uses The Board subsequently joined this petition (IPR2015-01892) with Blue Coat Systems’ petition (IPR2016-0890) for inter partes review. 1 PALO ALTO NETWORKS, INC. v. FINJAN, INC. 6 conventional parsing techniques to decompose the code . . . of the Downloadable.” J.A. 1335. The DSP data is generated “as a list of all operations in the Downloadable code which could ever be deemed potentially hostile and a list of all files to be accessed by the Downloadable code.” Id. C. The Board issued separate written decisions making similar findings on unpatentability. In both decisions, the Board found claims 1, 2, and 6 unpatentable as obvious over Swimmer. It observed that Swimmer teaches the relevant limitations of claim 1. For example, Swimmer’s collection of system activity data and conversion into an audit trail for assessment by an analysis tool discloses the generation and storage of DSP data claimed by the ’494 patent. In IPR2016-00159, the Board determined that PAN failed to show that claims 3–5 and 10–15 are unpatentable. 2 In particular, the Board noted that Swimmer does not render claims 10, 11, and 15 obvious because it does not teach using a Downloadable scanner or a database manager as recited in those claims. PAN now appeals the Board’s determinations that PAN failed to establish that claims 10, 11, and 15 are unpatentable and that the ’494 patent was entitled to a 1997 priority date. Finjan cross-appeals, challenging the Board’s decision on claims 1, 2, and 6. 3 We have jurisdiction under 28 U.S.C. § 1295(a)(4)(A). In IPR2015-01892, the Board determined that the petitioners had not shown that claims 5, 10, 11, 14, and 15 are unpatentable over Swimmer. 2 After the appeals were filed, Symantec Corp. and Blue Coats withdrew as parties. The U.S. Patent and Trademark Office has intervened to defend the Board’s decision in IPR2015-01892 under 35 U.S.C. § 143. 3 PALO ALTO NETWORKS, INC. v. FINJAN, INC. 7 II We review the Board’s legal conclusions de novo and its factual findings for substantial evidence. Dynamic Drinkware, LLC v. Nat’l Graphics, Inc., 800 F.3d 1375, 1378 (Fed. Cir. 2015). “A finding is supported by substantial evidence if a reasonable mind might accept the evidence to support the finding.” Id. A. We first address the ’494 patent’s priority date. PAN argues that that the Board erred in retroactively applying the 1997 priority date to the ’494 patent. We hold that PAN cannot appeal this determination because it is only relevant to the Board’s decision not to institute inter partes review. The 1997 priority date is not relevant to the grounds on which the Board instituted; it only affects whether Touboul qualifies as prior art. The Board, however, declined to institute review on any grounds relying on Touboul. When the Board declines to institute on a ground for unpatentability, issues collateral to only that non-instituted ground cannot be challenged on appeal because the decision not to institute is not reviewable. See 35 U.S.C. § 314(d); Cuozzo Speed Techs., LLC v. Lee, 136 S. Ct. 2131, 2139 (2016). Because the Board did not institute on any ground relying on Touboul, PAN’s challenge to the priority date determination amounts to a challenge of the Board’s institution decision and is therefore not reviewable. PAN alternatively contends that we should remand to the Board because the Board failed to institute review on all the grounds raised in the petition, as required by SAS Institute, Inc. v. Iancu, 138 S. Ct. 1348 (2018). Because PAN raised this argument for the first time during oral arguments, Oral Arg. at 7:40–8:00, http://oralarguments.cafc.uscourts.gov/default.aspx?fl=2017-2543.mp3, we find that it has waived any request for SAS-based relief. PALO ALTO NETWORKS, INC. v. FINJAN, INC. 8 See Mylan Pharm. Inc. v. Research Corp. Techs., Inc., 914 F.3d 1366, 1376 (Fed. Cir. 2019). We thus reject PAN’s suggestion that we should remand. B. We next address the Board’s determination that PAN failed to show that claims 10, 11, and 15 are obvious over Swimmer. PAN argues that Swimmer discloses both the code scanner and the database manager limitations. We disagree as substantial evidence supports the Board’s determination that Swimmer does not disclose the code scanner limitation. 4 A patent claim is obvious under 35 U.S.C. § 103 “if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.” 35 U.S.C. § 103(a). Obviousness is a question of law based on underlying factual findings, which include the scope and content of the prior art. Rapoport v. Dement, 254 F.3d 1053, 1057–58 (Fed. Cir. 2001). “In an IPR, the petitioner has the burden from the onset to show with particularity why the patent it challenges is unpatentable.” Harmonic Inc. v. Avid Tech., Inc., 815 F.3d 1356, 1363 (Fed. Cir. 2016). “To satisfy its burden of proving obviousness, a petitioner cannot employ mere conclusory statements. The petitioner must instead articulate specific reasoning, based on evidence of record, to support the legal conclusion of obviousness.” In re Magnum Oil Because substantial evidence supports the Board’s determination that Swimmer does not disclose a code scanner, we do not address whether Swimmer teaches using a database manager. 4 PALO ALTO NETWORKS, INC. v. FINJAN, INC. 9 Tools Int'l, Ltd., 829 F.3d 1364, 1380 (Fed. Cir. 2016). We agree with the Board that PAN failed to meet its burden. Although the Board noted that Swimmer does not teach away from using scanners generally, the Board concluded that the emulator in [Swimmer’s] auditing system . . . corresponds to the recited Downloadable scanner . . . . The fact that Swimmer’s emulator might serve the recited function of “deriving security profile data for the Downloadable” . . . does not establish that a person of ordinary skill in the art would understand it to teach or suggest a “scanner.” J.A. 3587–88. The record supports this interpretation. Although PAN emphasizes the Board’s finding that Swimmer’s emulator serves the same function as the claimed scanner, we reject the notion that this finding is dispositive. PAN’s argument depends on interpreting the “code scanner” limitation as a functional, rather than structural, limitation. But the fact that a claim uses functional language is not sufficient to convert the limitation into a functional limitation. See Greenberg v. Ethicon Endo-Surgery, Inc., 91 F.3d 1580, 1583 (Fed. Cir. 1996) (noting that objects like a screw driver have functional names but would refer to a structure when invoked). Instead, “[w]ords of limitation that can connote with equal force a structural characteristic of the product or a process of manufacture are commonly and by default interpreted in their structural sense.” 3M Innovative Properties Co. v. Avery Dennison Corp., 350 F.3d 1365, 1371 (Fed. Cir. 2003). As a result, the Board’s finding that the “code scanner” and emulator perform the same function does not show that they are structural equivalents. Other than functional equivalency, the record contains no evidence that the “code scanner” and emulator are structurally equivalent. Thus, we find substantial evidence supporting the Board’s 10 PALO ALTO NETWORKS, INC. v. FINJAN, INC. determination that PAN failed to show that Swimmer teaches a code scanner. C. Finally, we turn to Finjan’s cross-appeal of the Board’s decision finding claims 1, 2, and 6 of the ’494 patent obvious over Swimmer. Finjan argues that the Board erroneously construed the claim terms “list of suspicious computer operations” and “storing the Downloadable security profile data in a database.” We disagree. We construe the terms according to the principles set forth in Phillips v. AWH Corp., 415 F.3d 1303 (Fed. Cir. 2005) (en banc). In re Rambus, Inc., 753 F.3d 1253, 1255 (Fed. Cir. 2014). Under Phillips, we give words their ordinary and customary meaning as they would be understood by a person of ordinary skill in the art at the time of the invention and in light of the entire patent. Phillips, 415 F.3d at 1312–13. “Claim construction begins with the words of the claim, which ‘must be read in view of the specification, of which they are a part.’” Wi-Lan, Inc. v. Apple, Inc., 811 F.3d 455, 462 (Fed. Cir. 2016) (quoting Phillips, 415 F.3d 1312–15). 1 First, we address the Board’s construction of “list of suspicious computer operations.” The Board construed it to mean “list of all operations that could ever be deemed potentially hostile.” J.A. 12. Finjan contends that this construction is overly broad and ignores the word “suspicious.” Finjan argues that the proper construction is “a list of computer operations deemed suspicious,” i.e., that the system finds operations suspicious before adding them to the list. J.A. 8. We reject this construction. Finjan relies on a description of a preferred embodiment in Touboul, which was incorporated by reference into the ’494 patent. Touboul discloses that after the code scanner identifies a command in the Downloadable’s code, it PALO ALTO NETWORKS, INC. v. FINJAN, INC. 11 determines “whether the command is one of the operations identified” as suspicious. J.A. 1337. As an example, Touboul points to a list of suspicious operations articulated elsewhere in the patent. Finjan’s construction is too narrow in light of Touboul. Touboul explains that DSP data “includes the list of all potentially hostile or suspicious computer operations that may be attempted by a specific Downloadable.” J.A. 1335. Touboul further emphasizes that the suspicious operations in the DSP can include all operations that “could ever be deemed potentially hostile.” Id. Given this disclosure, we agree with the Board that the scope of the DSP extends beyond operations that are known to be potentially hostile and includes operations that are not currently, but may in the future become, hostile. Thus, the DSP includes operations that have not yet been deemed hostile when the list is generated. Because Finjan’s construction excludes operations not already known to be potentially hostile, it conflicts with the specification and must be rejected. And because the Board’s construction encompasses operations that could be deemed potentially hostile in the future, we agree that the Board’s construction is the proper construction of the term under Phillips. 2 Second, we address the Board’s construction of “storing the Downloadable security profile data in a database.” Finjan argued in its Patent Owner’s Response that this phrase should be construed to limit “storing” as only occurring after the DSP is derived. The Board disagreed and determined that the phrase is properly construed as “placing the derived DSP data into the database.” J.A. 17. The Board explained that the storing step of claim 1 was separate from the step where the DSP is fully derived and could begin before the derivation step was complete. We agree with the Board’s determination and adopt its construction. PALO ALTO NETWORKS, INC. v. FINJAN, INC. 12 Finjan argues that the claim’s syntax supports the construction it argued before the Board. According to Finjan, the use of the definite article “the” in “storing the Downloadable security profile data” references “‘the’ DSP data derived in the previous step.” Resp. Br. 34; see also WiLan, Inc. v. Apple, Inc., 811 F.3d 455, 462 (Fed. Cir. 2017) (noting that, when a definite article is used in a claim, “[s]ubsequent use of the definite article[] ‘the’ . . . in a claim refers back to the same term recited earlier in the claim”). Thus, they argue that the system cannot begin storing the DSP data until the derivation step is completed. We are not persuaded by this argument. While we agree with Finjan that “the Downloadable security profile data” in the storing step refers to the data generated in the “deriving” step, we disagree that this requires the DSP to be fully derived before the storing step can begin. The effect of the definite article on the step is simply that all of the DSP data generated in the deriving step must be stored in order for the storing step to be completed. It does not dictate when the process of storing can begin. Thus, while the storing step cannot be completed before the deriving step is completed, the claim does not prohibit the storing process from starting before the DSP data is fully derived. As such, we agree with the Board’s claim construction of “storing the Downloadable security profile data in a database.” 5 III Because we affirm the Board’s construction of the terms “list of suspicious computer operations” and “storing the Downloadable security profile data in a database,” we need not address the validity of the ’494 patent under Finjan’s proposed construction. 5 PALO ALTO NETWORKS, INC. v. FINJAN, INC. 13 Because the priority date is not material to any grounds that the Board instituted on, it is not reviewable. We also find substantial evidence in the record that a “code scanner” is not structurally equivalent to an “emulator.” Thus, we affirm the Board’s decision that PAN failed to establish that claims 10, 11, and 15 of the ’494 patent are unpatentable. Finally, we agree with the Board’s construction of “list of suspicious computer operations” and “storing the Downloadable security profile data.” Therefore, we affirm the Board’s finding that claims 1, 2, and 6 of the ’494 patent are unpatentable as obvious. AFFIRMED No costs.

Some case metadata and case summaries were written with the help of AI, which can produce inaccuracies. You should read the full case before relying on it for legal research purposes.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.