`571-272-7822
`
`
`
`Paper 9
`Entered: August 13, 2015
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`_____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`FORTINET, INC.,
`Petitioner,
`
`v.
`
`SOPHOS INC.,
`Patent Owner.
`____________
`
`Case IPR2015-00619
`Patent 8,607,347 B2
`____________
`
`
`
`Before BRYAN F. MOORE, PETER P. CHEN, and
`MICHELLE N. WORMMEESTER, Administrative Patent Judges.
`
`CHEN, Administrative Patent Judge.
`
`
`
`DECISION
`Institution of Inter Partes Review
`37 C.F.R. § 42.108
`
`
`
`
`
`
`
`IPR2015-00619
`Patent 8,607,347 B2
`
`
`
`
`
`I. INTRODUCTION
`A. Background
`Fortinet, Inc. (“Petitioner”) filed a Petition (Paper 3, “Pet.”)
`requesting an inter partes review of claims 1, 2, 5, 7, 9, 13, 17, 19, and 21 of
`U.S. Patent No. 8,607,347 B2 (Ex. 1001, “the ’347 patent”). Sophos Inc.
`(“Patent Owner”) did not file a Preliminary Response. We have jurisdiction
`under 35 U.S.C. § 314(a), which provides that an inter partes review may
`not be instituted “unless . . . there is a reasonable likelihood that the
`petitioner would prevail with respect to at least 1 of the claims challenged in
`the petition.”
`Upon consideration of the Petition, and for the reasons explained
`below, we determine that Petitioner has shown that there is a reasonable
`likelihood that it would prevail with respect to at least one of the challenged
`claims. We institute an inter partes review of claims 1, 2, 5, 7, 9, 13, 17, 19,
`and 21 of the ’347 patent.
`
`B. Related Proceedings
`The parties identify the following case involving the ’347 patent:
`Fortinet, Inc. v. Sophos Inc., Case No. 3:13-cv-005831-EMC (N.D. Cal.).
`Pet. 4; Paper 5. Patent Owner further identifies two pending requests for
`inter partes review involving patents commonly owned with the ’347 patent:
`IPR2015-00617 and IPR2015-00618. Paper 5.
`
`C. The ’347 Patent
`The ’347 patent is titled “Network Stream Scanning Facility,” and
`describes a content request and retrieval system and method to protect client
`machines from potentially malicious content. Ex. 1001, Abstract. In
`
`2
`
`
`
`
`IPR2015-00619
`Patent 8,607,347 B2
`
`
`particular, the ’347 patent discloses a system and method to “provide
`improved throughput capabilities related to malware scanning of a file or
`stream of data within the constraints of a network environment.” Id. at
`1:33–39. Figure 2 of the ’347 patent is reproduced below.
`
`
`
`
`Figure 2 is a block diagram of the system disclosed in the ’347 patent and
`depicts content requesting computing facility 202 (for example, a user acting
`on a client machine), content 204, network 208 (for example, the Internet, an
`intranet, a LAN, a WAN, or a cell phone network), network device 210 (for
`example, a server, router, application device, switch, bridge, hub, or
`repeater) with on-device analysis tools 220, network stream scanning facility
`212, and source lookup database 214 and checksum lookup database 218
`associated with network stream scanning facility. Ex. 1001, 18:11–20, 47–
`48, 52–56.
`
`3
`
`
`
`
`IPR2015-00619
`Patent 8,607,347 B2
`
`
`
`Content requesting computing facility 202 may request content 204.
`Network device 210 may utilize network stream scanning facility 212 to
`protect against malware threats in content 204, such as by using a
`combination of on-device analysis tools 220 and off-device source lookup
`database 214 and checksum lookup database 218. Id. at 18:20–28.
`
`
`
`Figure 4 of the ’347 patent is reproduced below.
`
`
`
`
`
`Figure 4 is a process flow diagram of the method disclosed by the ’347
`patent. Ex. 1001, 2:49–50. At step 404, the content requesting computing
`facility (computer) sends a request to the network device. Id. at 21:8–10.
`The request includes a source from which the network device is to retrieve
`content from the network. Id. At step 408, the network device performs a
`lookup of the source against a database of known sources. Id. at 21:10–14.
`
`4
`
`
`
`
`IPR2015-00619
`Patent 8,607,347 B2
`
`
`The database may include, for example, a “white list” of known trustworthy
`URLs, or a “black list” of known untrustworthy URLs. Id. at 21:29–35.
`
`
`
`At step 410, the network device retrieves the requested content and at
`step 412, the network device calculates a checksum of the content. Id. at
`21:13–15. At step 414, the network device performs a lookup of the
`checksum against a database of checksums for known malware. Id. at
`21:15–20. At step 418, the network device takes action based on at least one
`of the source database lookup and the checksum lookup. Id. at 21:20–25.
`
`D. The Challenged Claims
` Petitioner challenges claims 1, 2, 5, 7, 9, 13, 17, 19, and 21 of the
`’347 patent. Independent claim 1 is illustrative of the claimed subject matter
`and is reproduced below:
`1. A method of scanning data comprising:
`
`receiving a request for network content at a scanning facility, the
`request received from a content requesting computing facility
`remote from the scanning facility, and the request including a
`source from which to retrieve the network content;
`
`performing a source lookup for the request at the scanning facility,
`wherein the source lookup requests data concerning the source of
`the request from a networked source lookup database, and wherein
`the networked source lookup database responds with a
`characterization of the source;
`
`
`
`
`
`
`
`retrieving the network content to the scanning facility;
`
`calculating a checksum of the network content;
`
`performing a checksum lookup on the checksum, wherein the
`checksum lookup is from a networked checksum lookup database
`that stores checksums for known malware content; and
`
`5
`
`
`
`
`IPR2015-00619
`Patent 8,607,347 B2
`
`
`
`
`
`
`
`
`when the network content is not identified as malware based upon
`the checksum lookup, taking an action to protect the content
`requesting computing facility from malware based on the
`characterization of the source from the networked source lookup
`database.
`
`Ex. 1001, 23:2–24.
`E. Asserted Grounds of Unpatentability
`Petitioner contends that the challenged claims are unpatentable under
`35 U.S.C § 102 or § 103 based on the following grounds. Pet. 6–7, 20–60.
`
`
`Reference(s)
`Touboul1
`Touboul and Curnyn2
`Curnyn
`
`
`Basis
`§ 102
`§ 103
`§ 103
`
`Claims Challenged
`1, 2, 5, 7, 13, 17, and 19
`1, 2 ,5, 7, 9, 13, 17, 19, and 21
`1, 2 ,5, 7, 9, 13, 17, 19, and 21
`
`II. ANALYSIS
`A. Claim Construction
`We construe claims in an unexpired patent by applying the broadest
`reasonable interpretation in light of the specification. See 37 C.F.R.
`§ 42.100(b); In re Cuozzo Speed Techs., LLC, No. 2014-1301, 2015 WL
`4097949, *7–8 (Fed. Cir. July 8, 2015). Under the broadest reasonable
`construction standard, claim terms are given their ordinary and customary
`meaning, as would be understood by one of ordinary skill in the art in the
`context of the entire disclosure. See In re Translogic Tech., Inc., 504 F.3d
`1249, 1257 (Fed. Cir. 2007). On the other hand, a “claim term will not
`
`
`1 U.S. Patent No. 6,804,780 B1, issued Oct. 12, 2004 (Ex. 1004)
`(“Touboul”).
`2 U.S. 2008/0077995 (Ex. 1005) (“Curnyn”).
`6
`
`
`
`
`
`
`IPR2015-00619
`Patent 8,607,347 B2
`
`
`receive its ordinary meaning if the patentee acted as his own lexicographer”
`and clearly set forth a definition of the claim term in the specification. CCS
`Fitness, Inc. v. Brunswick Corp., 288 F.3d 1359, 1366 (Fed. Cir. 2002).
`We address one term in the challenged claims. Other terms in the
`challenged claims need no express construction at this time.
`1. “checksum”
`Claim 1 recites “calculating a checksum of the network content.” Ex.
`1001, 23:15. Petitioner contends that this limitation means “identifier
`derived from at least a portion of content.” Pet. 16. The specification states
`that “a checksum of at least a portion of the retrieved network content may
`then be calculated” (Ex. 1001, Abstract, 1:52–54 and 21:15–17); “step 6
`may generate a checksum for a portion of the file” (id. at 19:57); and “in
`embodiments, the checksum lookup database may include checksums from
`previously identified network content, checksums generated from the same
`length of data as the portion of the retrieved network content, and the like”
`(id. at 2:23–27, 21:55–57).
`Petitioner also cites to the Hinchliffe reference,3 which discloses that
`in a malware detection system, an access clearance request “includes the file
`name of the computer file being accesses, [and] a checksum derived from
`that file in an effort to uniquely identify it (e.g. an MD5 checksum) . . . the
`computer file is uniquely identified by its filename and checksum value.”
`Ex. 1009, 5:5–6, 13–14. Hinchliffe further discloses that a checksum value
`is calculated in accordance with one of several different possible checksum
`algorithms, such as the MD5 algorithm.” Id. at 6:14–16.
`
`
`3 U.S. Patent No. 7,310,817 B2 (Ex. 1009) (“Hinchliffe”).
`7
`
`
`
`
`IPR2015-00619
`Patent 8,607,347 B2
`
`
`
`
`
`Based on the record before us, we determine that for the broadest
`reasonable construction in light of the Specification, the recited term
`“checksum” means “a value derived from and identifying at least a portion
`of network content.”
`B. Challenge to Claims 1, 2, 5, 7, 13, 17, and 19 as Anticipated by Touboul
`Petitioner argues that Touboul anticipates claims 1, 2, 5, 7, 13, 17, and
`19 of the ’347 patent. Pet. 20–36. Petitioner relies on a Declaration by Dr.
`Vijay Madisetti (Ex. 1003). See id. We are persuaded that Petitioner’s
`analysis and supporting evidence have established a reasonable likelihood of
`Petitioner prevailing in showing the unpatentability of claims 1, 2, 5, 7, 13,
`17, and 19.
`1. Touboul (Ex. 1004)
`Touboul is titled, “System and Method for Protecting a Computer and
`a Network from Hostile Downloadables,” and describes systems and
`methods for protecting computer networks from malicious downloadable
`software retrieved from an external source. Ex. 1004, Abstract; 1:31–34,
`1:51–55. Touboul defines a “Downloadable” as an executable application
`program, downloaded from a source computer and run on a destination
`computer, and describes computer viruses attached to or configured as a
`downloadable. Id. at 1:48–53. Figure 2 of Touboul is reproduced below.
`
`8
`
`
`
`
`IPR2015-00619
`Patent 8,607,347 B2
`
`
`
`
`
`
`
`Figure 2 is a block diagram showing external computer network 105, such as
`the Internet, and internal network security system 110, which examines
`downloadables received from external computer network 105. Ex. 1004,
`2:49–50, 3:9–11, 3:18–20. Internal network security system 110 includes
`data storage device 230 that stores security database 240, “which has
`security information for determining whether a received downloadable is to
`be deemed suspicious.” Id. at 3:32–33, 3:57–59. Security program 255
`controls examination of incoming downloadables. Id. at 3:67–4:1. Figure 3
`of Touboul is reproduced below.
`
`9
`
`
`
`
`IPR2015-00619
`Patent 8,607,347 B2
`
`
`
`
`
`
`
`
`Figure 3 is a block diagram of security database 240 and security program
`255. Id. at 4:4–5. Security program 255 includes ID generator 315, policy
`finder 317, and first comparator 320. ID generator 315 receives a
`downloadable (including the URL from which it came and the UserID of the
`intended recipient) from external computer network 105, and generates a
`Downloadable ID by performing a digital hashing function identifying each
`downloadable. Id. at 4:50–56, 2:12–16, 7:63–66, 9:65–67. ID generator 315
`forwards the downloadable and Downloadable ID to policy finder 317,
`which selects security policy 305 to be applied to the downloadable. First
`comparator 320 receives from policy finder 317 the downloadable,
`Downloadable ID, and security policy 305, and determines if the
`downloadable is blocked or allowed. Id. at 5:1–6, 5:12–16, 5:26–30.
`
`
`10
`
`
`
`
`IPR2015-00619
`Patent 8,607,347 B2
`
`
`
`
`
`2. Claims 1, 2, 5, 7, 13, 17, and 19
`Petitioner contends that Touboul discloses each and every element of
`claims 1, 2, 5, 7, 13, 17, and 19. See Pet. 23–33. For the limitation reciting
`calculation of a checksum, Petitioner asserts Touboul’s downloadable ID is a
`checksum because it is a digital hash identifier of the downloadable content
`from the external network. Pet. 24. We agree that the downloadable ID of
`Touboul meets the recited checksum of independent claims 1 and 13 as we
`have construed the term for purposes of this decision, namely, “a value
`derived from and identifying at least a portion of network content.” We
`further agree with Petitioner that Touboul’s security database is a checksum
`database as recited in claims 1 and 13. Pet. 24.
`We are persuaded by the remainder of Petitioner’s contentions on
`anticipation by Touboul, and determine for purposes of this decision that
`Petitioner has established a reasonable likelihood of prevailing in
`establishing the unpatentability of claims 1, 2, 5, 7, 13, 17, and 19 of the
`’347 patent as anticipated by Touboul.
`
`C. Challenge to Claims 1, 2, 5, 7, 9, 13, 17, 19, and 21 as Obvious over
`Touboul and Curnyn
`
`
`
`Petitioner argues that claims 1, 2, 5, 7, 9, 13, 17, 19, and 21 of the
`’347 patent would have been obvious over Touboul and Curnyn.
`See Pet. 36–42. We discussed Touboul above.
`1. Curnyn (Ex.1005)
`Curnyn is titled, “Network-Based Security Platform,” and describes a
`network-based security system for controlling the delivery of user-requested
`content, such as emails and webpages. Ex. 1005 ¶ 18. Curnyn explains that
`
`11
`
`
`
`
`
`
`IPR2015-00619
`Patent 8,607,347 B2
`
`
`“regulation of subscriber content may take the form of selective filtering,
`whereby the subscriber is simply prevented from accessing certain content.”
`Id. ¶ 30. Curnyn discloses a number of techniques for content filtering,
`including URL filtering, whitelists and blacklists, and content checksums.
`Id. ¶¶ 57–60, 78. In particular, as to checksums, Curnyn explains that
`“digests, also known as checksums, are calculated on each piece of content
`and define a unique identifier or fingerprint for that piece of content. These
`digests are collected on content traversing networks and used to identify
`commonly occurring pieces of content for use in anti-spam services.” Id. ¶
`60. Curnyn further explains that its system can “calculate a fingerprint or
`digest (e.g. MD5) of the content which uniquely identifies this piece of
`content,” (id. ¶ 147), and that these digests or checksums are part of the
`preferred embodiment of the invention:
`A preferred embodiment of the present invention includes a
`further function which then stores information on these
`computed digests in a real time embedded database, along with
`information associated with each digest such as the network
`source of the content to which the digest belongs, the type of
`content, the number of times the content has been detected in
`the network over a period of time by the invention etc.
`
`Id. ¶ 148.
`
`
`2. Claims 1, 2, 5, 7, 9, 13, 17, 19, and 21
`Petitioner argues that the combination of Touboul and Curnyn
`discloses all the limitations recited in the challenged claims. See Pet. 36–42.
`For example, Petitioner contends that Touboul discloses “calculating a
`checksum of the network content.” Pet. 36–37. As discussed above, we are
`
`12
`
`
`
`
`
`
`IPR2015-00619
`Patent 8,607,347 B2
`
`
`persuaded that Touboul discloses all the limitations recited in claims 1, 2, 5,
`7, 13, 17, and 19.
`Alternatively, Petitioner contends that “to the extent . . . the
`Downloadable ID in Touboul is not a ‘checksum,’ it nevertheless would
`have been obvious to a person of ordinary skill in the art at the time of the
`invention to replace the Downloadable ID with a checksum in light of”
`Curnyn. Pet. 37. As described above, Curnyn explicitly discloses
`checksums. We are persuaded that Curnyn teaches the recited checksum, as
`we have construed herein as “a value derived from and identifying at least a
`portion of network content.” Pet. 37–38; Ex. 1005 ¶¶ 60, 102, 148.
`Petitioner provides articulated reasoning with rational underpinning
`for the reasons to combine Touboul and Curnyn, under several of the
`rationales set forth in KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 418
`(2007), contending that:
`A person of ordinary skill in the art at the time of the invention
`would have found it obvious to use the checksums disclosed in
`Curnyn in place of the Downloadable IDs disclosed in Touboul
`for a number of reasons. . . . First, a person of skill in the art
`would have recognized that the combination was a simple
`substitution of one known prior art element for another,
`according to known methods, to yield predictable results. . . .
`
`Second, a person of ordinary skill in the art at the time of the
`that use of Curnyn’s
`invention would have understood
`checksums in Touboul’s security system would have been
`nothing more than a use of a known technique to improve
`similar methods or systems in the same way. . . .
`
`Third, a person of ordinary skill in the art at the time of the
`invention would have . . . found the technique obvious to try in
`the system of Touboul. . . .
`
`13
`
`
`
`
`IPR2015-00619
`Patent 8,607,347 B2
`
`
`
`Finally, a person of ordinary skill in the art at the time of the
`invention would have been motivated to use the checksums
`disclosed in Curnyn in the system of Touboul.
`
`
`
`
`Pet. 38–40 (citing to Ex. 1003 ¶¶ 96–99).
`We have reviewed Petitioner’s analysis and supporting evidence
`regarding this proposed ground of obviousness for claims 1, 2, 5, 7, 13, 17,
`and 19 and, based on the record before us at this stage, we are satisfied that
`Petitioner’s articulated reasoning is supported by sufficient rational
`underpinnings. See KSR, 550 F.3d at 418 (an apparent reason to combine
`known elements in the fashion claimed by the patent at issue should be made
`explicit).
`Dependent claims 9 and 21 recite that the source lookup database of
`independent claims 1 and 13 “includes a black list of URLs that are
`unacceptable to access.” Ex. 1001, 23:44–46, 24:41–43. We are persuaded
`by Petitioner’s assertion that although Touboul does not “expressly disclose
`that the URL rule base includes a black list,” it would have been obvious to
`“modify Touboul such that the disclosed URL rule base includes a black list
`database of URLs that are unacceptable to access, in light of Curnyn.” Pet.
`41; Ex. 1005 ¶¶ 40, 58, 59, 203. Petitioner further provides articulated
`reasoning with rational underpinning for the reasons to combine Touboul
`and Curnyn for claims 9 and 21. Pet. 41–42.
`On the present record, we determine that Petitioner has shown
`adequately that the combination of Touboul and Curnyn teaches or suggests
`the limitations of claims 1, 2, 5, 7, 9, 13, 17, 19, and 21, and has provided
`articulated reasoning with rational underpinning for combining the
`references. We determine for purposes of this decision that Petitioner has
`
`14
`
`
`
`
`IPR2015-00619
`Patent 8,607,347 B2
`
`
`established a reasonable likelihood of prevailing in establishing the
`unpatentability of 1, 2, 5, 7, 9, 13, 17, 19, and 21 of the ’347 patent as
`obvious based on the combination of Touboul and Curnyn.
`
`
`
`D. Remaining Ground Challenging the Claims of the ’347 Patent
`Pursuant to 35 U.S.C. § 316(b), rules for inter partes proceedings
`were promulgated to take into account the “regulation on the economy, the
`integrity of the patent system, the efficient administration of the Office, and
`the ability of the Office to timely complete proceedings.” The promulgated
`rules provide that they are to “be construed to secure the just, speedy, and
`inexpensive resolution of every proceeding.” 37 C.F.R. § 42.1(b). As a
`result, and in determining whether to institute an inter partes review of a
`patent, the Board, in its discretion, may “deny some or all grounds for
`unpatentability for some or all of the challenged claims.” 37 C.F.R.
`§ 42.108(b).
`Regarding the one asserted and non-instituted ground, we have
`reviewed Petitioner’s assertions for non-redundancy based on Touboul not
`disclosing a checksum, or on the combination of Touboul and Curnyn not
`being obvious to a person of ordinary skill in the art. Pet. 42. As set forth
`above, we are, however, instituting trial on the grounds based on Touboul
`and on the combination of Touboul and Curnyn. Therefore, based on the
`record before us, we exercise our discretion and decline to institute review of
`any claim of the ’347 patent based on the remaining challenge in the
`Petition. See 37 C.F.R. § 42.108(a).
`
`
`15
`
`
`
`
`
`
`IPR2015-00619
`Patent 8,607,347 B2
`
`
`
`III. CONCLUSION
`For the foregoing reasons, we are persuaded the information presented
`shows a reasonable likelihood that Petitioner would prevail in establishing
`unpatentability of claims 1, 2, 5, 7, 13, 17, and 19 of the ’347 patent as
`anticipated by Touboul, and claims 1, 2 ,5, 7, 9, 13, 17, 19, and 21 as
`obvious over Touboul and Curnyn. At this preliminary stage, the Board has
`not made a final determination with respect to the patentability of the
`challenged claims or any underlying factual and legal issues.
`
`
`IV. ORDER
`
`Accordingly, it is
`ORDERED that pursuant to 35 U.S.C. § 314, an inter partes review is
`hereby instituted as to the following claims and grounds:
`1. Claims 1, 2, 5, 7, 13, 17, and 19 of the ’347 patent as unpatentable
`under 35 U.S.C. § 102 as anticipated by Touboul;
`2. Claims 1, 2, 5, 7, 9, 13, 17, 19, and 21 of the ’347 patent as
`unpatentable under 35 U.S.C. § 103 as obvious over Touboul and
`Curnyn; and
`FURTHER ORDERED that no other grounds of unpatentability are
`authorized for the inter partes review as to any claim of the ’347 patent; and
`FURTHER ORDERED that pursuant to 35 U.S.C. § 314(c) and 37
`C.F.R. § 42.4, notice is hereby given of the institution of a trial; the trial will
`commence on the entry date of this decision.
`
`
`16
`
`
`
`
`
`
`
`
`
`
`IPR2015-00619
`Patent 8,607,347 B2
`
`PETITIONER:
`Jason Liu
`Robert Kang
`QUINN EMANUEL URQUHART & SULLIVAN
`jasonliu@quinnemanuel.com
`robertkang@quinnemanuel.com
`
`PATENT OWNER:
`Gianni Minutoli
`James M. Heintz
`Nicholas Panno
`DLA PIPER LLP (US)
`gianni.minutoli@dlapiper.com
`SophosFortinetIPR@dlapiper.com
`nicholas.panno@dlapiper.com
`
`
`
`
`17