`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`__________________________________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`__________________________________________
`
`
`
`Wombat Security Technologies, Inc.,
`Petitioner,
`
`v.
`
`PhishMe, Inc.,
`Patent Owner.
`
`____________________________
`
`U.S. PATENT NO. 9,591,017
`PGR2017-00047
`____________________________
`
`
`
`PETITION FOR POST-GRANT REVIEW OF U.S. PATENT 9,591,017
`
`Mail Stop Patent Board
`Patent Trial and Appeal Board
`U.S. Patent and Trademark Office
`P.O. Box 1450
`Alexandria, VA 22313-1450
`
`
`
`
`
`
`
`

`

`
`I.
`
`II.
`
`TABLE OF CONTENTS
`
`INTRODUCTION ......................................................................................... 1
`
`REQUIREMENTS AND MANDATORY NOTICES .................................. 3
`
`A.
`
`B.
`
`C.
`
`D.
`
`E.
`
`Standing ............................................................................................... 3
`
`Real Party-in-Interest .......................................................................... 3
`
`Related Matters .................................................................................... 3
`
`1.
`
`2.
`
`3.
`
`Lawsuits .................................................................................... 3
`
`Post-grant Petitions ................................................................... 4
`
`Patent Family ............................................................................ 4
`
`Lead and Backup Counsel and Service Information ........................... 6
`
`Payment of Fees .................................................................................. 6
`
`III. OVERVIEW OF THE ‘017 PATENT .......................................................... 6
`
`A.
`
`B.
`
`C.
`
`Simulated Phishing Methods Described in the Specification ............. 6
`
`Person Having Ordinary Skill in the Art ............................................. 9
`
`Eligibility for PGR ............................................................................ 10
`
`1.
`
`2.
`
`3.
`
`4.
`
`First Post-AIA Limitation ....................................................... 11
`
`Second Post-AIA Limitation................................................... 14
`
`Related Applications ............................................................... 17
`
`Conclusion .............................................................................. 17
`
`IV. OVERVIEW OF THE CHALLENGE AND THE RELIEF
`REQUESTED .............................................................................................. 17
`
`V.
`
`CLAIM CONSTRUCTION ........................................................................ 19
`
`VI. DETAILED EXPLANATION FOR THE GROUNDS FOR
`UNPATENTABILITY ................................................................................ 23
`
`i
`
`

`

`A. Grounds 1 and 2: Failure to Satisfy the Written Description
`Requirement of § 112(a) ................................................................... 23
`
`1.
`
`2.
`
`Ground 1: Claims 1-6, 8, 11-16 and 18 Should Be
`Canceled Because Specification Does Not Disclose a
`Plug-in That Provides Graphically Displayed
`Confirmatory Feedback .......................................................... 24
`
`Ground 2 - The Specification Does Not Disclose a Plug-
`in That Sends the Identified Email for Analysis or
`Detection After it is Determined Not to be a Known
`Simulated Phishing Attack ...................................................... 27
`
`B.
`
`C.
`
`Ground 3: Claims 21-26 and 28 are Indefinite ................................. 28
`
`Obviousness Grounds 4, 5 and 6 ....................................................... 32
`
`1.
`
`2.
`
`3.
`
`Summary of Relied Upon Prior Art ........................................ 33
`
`Independent Claims ................................................................ 44
`
`Dependent Claims ................................................................... 74
`
`D. Ground 7: The Challenged Claims are Ineligible under § 101 ......... 79
`
`VII. CONCLUSION ............................................................................................ 85
`
`
`
`
`
`
`
`ii
`
`

`

`
`
`TABLE OF AUTHORITIES
`
`Cases
`Alice Corp. v. CLS Bank Int’l, 134 S. Ct. 2347 (2014) ........................................... 80
`
`Allergan, Inc. v. Sandoz Inc., 796 F.3d 1293 (Fed. Cir. 2015) ................................ 23
`
`Ariad Pharm., Inc. v. Eli Lilly and Co., 598 F.3d 1336 (Fed. Cir.
`2010) .................................................................................................... 9, 12, 23, 24
`
`Aristocrat Techs. Austl. Pty Ltd. v. Int'l Game Tech., 521 F.3d 1328
`(Fed. Cir. 2008) ..................................................................................................... 29
`
`Atmel Corp. v. Info. Storage Devices, Inc., 198 F.3d 1374 (Fed. Cir. 1999) .......... 32
`
`Creston Elec., Inc. v. Intuitive Building Controls, Inc., IPR2015-01460,
`Paper 14 (PTAB January 14, 2016) ...................................................................... 40
`
`Cuozzo Speed Techs. LLC v. Lee, 136 S. Ct. 2131 (2016) ...................................... 19
`
`Digitech Image Techs., LLC v. Elecs. For Imaging, Inc., 758 F.3d 1344
`(Fed. Cir. 2014) ..................................................................................................... 81
`
`EON Corp. v. AT&T Mobility LLC, 785 F.3d 616 (Fed. Cir. 2015) ................. 29, 30
`
`Ex Parte Edgar, Appeal 2016-002223, 2017 WL 2493843 (PTAB June 7,
`2017) ..................................................................................................................... 22
`
`FairWarning IP, LLC v. Iatric Sys., Inc., 839 F.3d 1089 (Fed. Cir. 2016) ............. 83
`
`Helsinn Healthcare S.A. v. Teva Pharm. USA, Inc., 855 F.3d 1356 (Fed.
`Cir. 2017) .............................................................................................................. 33
`
`I/P Engine, Inc. v. AOL Inc., 576 Fed. Appx. 982 (Fed. Cir. 2014) ........................ 80
`
`In re Distefano, 808 F.3d 845 (Fed. Cir. 2015) ....................................................... 54
`
`In re Gosteli, 872 F.2d 1008 (Fed. Cir. 1989) ........................................................... 9
`
`iii
`
`

`

`In re Gulack, 703 F.2d 1381 (Fed. Cir. 1983) ......................................................... 54
`
`In re Hall, 781 F.2d 897 (Fed. Cir. 1986) ................................................................ 43
`
`In re TLI Commc’ns LLC Patent Litig., 823 F.3d 607 (Fed. Cir. 2016) ........... 81, 85
`
`In re Translogic Tech. Inc., 504 F.3d 1249 (Fed. Cir. 2007) .................................. 20
`
`Intellectual Ventures I LLC v. Symantec Corp., 838 F.3d 1307 (Fed. Cir.
`2016) ..................................................................................................................... 80
`
`Internet Patents Corp. v. Active Network, Inc., 790 F.3d 1343 (Fed.
`Cir. 2015) .............................................................................................................. 85
`
`IpLearn, LLC v. K12 Inc., 76 F.Supp.3d 525 (D. Del. 2014) .................................. 82
`
`KSR Int’l Co. v. Teleflex Inc., 127 S. Ct. 1727 (2007) ..................................... 56, 67
`
`Lockwood v. American Airlines, 107 F.3d 1565 (Fed. Cir. 1997) .................... 23, 24
`
`Minton v. National Ass’n of Securities Dealers, Inc., 336 F.3d 1373 (Fed.
`Cir. 2003) .............................................................................................................. 33
`
`Multimedia Plus, Inc. v. Playerlync, LLC, 198 F.Supp.3d 264 (S.D.N.Y.
`2016) , aff’d 2017 WL 3498637 (Fed. Cir. Aug. 16, 2017) ................................. 82
`
`Mylan Pharm Inc. v. Yeda Res. & Dev. Co., PGR2016-00010, Paper 9 at
`10 (PTAB Aug. 15, 2016) ..................................................................................... 10
`
`Nike, Inc. v. Adidas AG, 812 F.3d 1326 (Fed. Cir. 2016) ........................................ 67
`
`Noah Sys., Inc. v. Intuit Inc., 675 F.3d 1302 (Fed. Cir. 2012) ................................. 28
`
`PowerOasis, Inc. v. T-Mobile USA, Inc., 522 F.3d 1299 (Fed. Cir. 2008) ............. 10
`
`Robert Bosch, LLC v. Snap-On Inc., 769 F.3d 1094 (Fed. Cir. 2014) ............. 21, 28
`
`Sogue Holdings (Bermuda) Ltd. v. Keyscan, Inc., 2010 WL 2292316
`(N.D. Cal. June 7, 2010) ....................................................................................... 22
`
`Synopsis, Inc. v. Mentor Graphics Corp., 839 F.3d 1138 (Fed. Cir. 2016) ............ 83
`
`iv
`
`

`

`Turbocare Div. of Demag Delaval Turbomachinery Corp. v. General
`Electric Co., 264 F.3d 1111 (Fed. Cir. 2001) ................................................ 23, 24
`
`Williamson v. Citrix Online, LLC, 792 F.3d 1339 (Fed.
`Cir. 2015) ...................................................................................................... passim
`
`Statutes
`35 U.S.C. § 101 ............................................................................................... passim
`
`35 U.S.C. § 102 ............................................................................................... passim
`
`35 U.S.C. § 103 ............................................................................................... passim
`
`35 U.S.C. § 112(a) ........................................................................................... passim
`
`Regulations
`37 C.F.R. § 42.200(b) .............................................................................................. 19
`
`
`
`
`
`
`
`
`
`
`v
`
`

`

`
`
`Exhibit No.
`
`TABLE OF EXHIBITS
`
`Description
`
`1001
`
`1002
`
`1003
`
`1004
`
`1005
`
`1006
`
`1007
`
`1008
`
`1009
`
`1010
`
`1011
`
`1012
`
`1013
`
`1014
`
`U.S. Patent 9,591,017
`
`Complaint for Patent Infringement, PhishMe Inc. v. Wombat
`Security Technologies, Inc., June 16, 2017
`
`Complaint for Patent Infringement, PhishMe Inc. v. Wombat
`Security Technologies, Inc., June 1, 2016
`
`First Amended Complaint for Patent Infringement, PhishMe Inc.
`v. Wombat Security Technologies, Inc., July 19, 2016
`
`Second Amended Complaint for Patent Infringement, PhishMe
`Inc. v. Wombat Security Technologies, Inc., September 6, 2016
`
`Consolidation Order, PhishMe Inc. v. Wombat Security
`Technologies, Inc., Case No. 16-403-LPS-CJB and 17-769-LPS-
`CJB, June 28, 2017
`
`Decision Denying Institution of Post-Grant Review, PGR2017-
`00009, Patent No. 9,398,038, Paper 7, June 8, 2017
`
`Petitioner’s Request for Rehearing, PGR2017-00009, Patent No.
`9,398,038, Paper 8, June 20, 2017
`
`Decision Denying Request for Rehearing, PGR2017-00009,
`Patent No. 9,398,038, Paper 9, July 20, 2017
`
`Declaration of Aviel Rubin, Ph.D.
`
`Application Serial No. 13/765,538, filed February 8, 2013
`
`Application Serial No. 13/785,252, filed March 5, 2013
`
`Redline comparison between Application Serial No. 13/785,252
`and Application Serial No. 13/765,538
`
`Cisco IronPort Email Security Plug-in 7.1 Administrator Guide,
`Cisco Systems, Inc., December 6, 2010
`
`vi
`
`

`

`Exhibit No.
`
`Description
`
`1015
`
`1016
`
`1017
`
`1018
`
`1019
`
`1020
`
`1021
`
`1022
`
`1023
`
`1024
`
`1025
`
`1026
`
`1027
`
`Keno Albrecht, “Mastering Spam: A Multifaceted Approach with
`the Spamato Spam Filter System,” Swiss Federal Institute of
`Technology Zurich, 2006
`
`Fahmida Y. Rashid, “PhishGuru,” PC Mag,
`www.pcmag.com/article2/0,2817,2404750,00.asp, May 25, 2012
`
`Declaration of Kurt Wescoe
`
`Declaration of Ralph Massaro
`
`“Leading Computer Science University Takes Multi-Pronged
`Approach to Combat Phishing; Deploys Wombat Security’s
`Highly Effective Suite of Training and Filtering Products,” March
`10, 2011
`
`“A Multi-Pronged Approach To Combat Phishing,” Wombat
`Security Technology, March 2011
`
`File History of U.S. Patent 9,591,017 (Serial No. 15/138,188)
`from PAIR (without foreign references)
`
`P. Kumaraguru et al., “Lessons From a Real World Evaluation of
`Anti-Phishing Training,” eCrime Researchers Summit, 15-16
`October 2008
`
`P. Kumaraguru, “PhishGuru: A System for Educating Users about
`Semantic Attacks,” Ph.D. Thesis, Carnegie Mellon University,
`April 14, 2009
`
`Declaration of Alan Himler
`
`Declaration of Elizabeth Whittington
`
`Ex parte Schulhauser, Appeal 2013-007847 (PTAB April 28,
`2016)
`
`Redline comparison of claim 11 of U.S. Patent 9,591,017 to claim
`1 of U.S. Patent 9,591,017
`
`vii
`
`

`

`Exhibit No.
`
`Description
`
`1028
`
`1029
`
`1030
`
`1031
`
`1032
`
`Declaration of Steve Hicks
`
`U.S. Pub. No. 2012/0124671 A1 to Fritzson et al.
`
`Application Serial No. 13/763,486, filed February 8, 2013
`
`Application Serial No. 13/763,515, filed February 8, 2013
`
`Redline comparison of claim 21 of U.S. Patent 9,591,017 to claim
`1 of U.S. Patent 9,591,017
`
`viii
`
`

`

`I.
`
`INTRODUCTION
`
`Wombat Security Technologies, Inc. (“Wombat”) requests post-grant review
`
`(PGR) of claims 1-6, 8, 11-16, 18, 21-26 and 28 (“Challenged Claims”) of U.S.
`
`Patent No. 9,591,017 (“the ’017 Patent,” Ex. 1001). The ’017 Patent is assigned to
`
`PhishMe, Inc. (“PhishMe”).
`
`The ’017 Patent relates to simulated phishing campaigns to educate email
`
`recipients about the dangers of phishing attacks. A phishing attack is “a message,
`
`commonly in the form of an e-mail,” from an attacker “directing the individual
`
`[i.e., the recipient] to perform an action, such as opening an e-mail attachment or
`
`following … an embedded link” to a fraudulent, phishing webpage. Ex. 1001, col.
`
`1:30-35. If the recipient opens the attachment or follows the link of an actual
`
`phishing email, harmful results can occur, such as installation of malicious
`
`software on the recipient’s computer. Id., col. 1:38-50.
`
`To “make individuals more knowledgeable about phishing attacks,” the ‘017
`
`Patent proposes an “education process” by which “individuals are subjected to
`
`simulated phishing attacks, which are designed to resemble actual phishing
`
`attacks.” Id., col. 1:59-63. For those email recipients who fall victim to the
`
`simulated attack, training is provided. Id., col. 2:1-2. For those who identify a
`
`known simulated phishing email as a possible phishing attack, feedback is
`
`provided. Id., col 2:4-9.
`
`
`
`

`

`Simulated phishing campaigns existed many years prior to the priority date
`
`for the ‘017 Patent. Researchers at Carnegie Mellon University (CMU) published
`
`about them at least by 2008. Exs. 1022-1023. They called their system
`
`“PhishGuru” and Wombat commercialized it. Ex. 1023 at 66. Wombat’s Anti-
`
`Phishing System, of which PhishGuru was a part, qualifies as prior art and
`
`discloses most of the limitations of the Challenged Claims. It does not disclose an
`
`email client plug-in through which the email recipient can report a received email
`
`as a phishing attack, but such plug-ins were commonplace in the prior art. The
`
`Challenged Claims of the ‘017 Patent, therefore, are obvious.
`
`Additionally, the Challenged Claims are invalid under 35 U.S.C. § 112(a)
`
`for failing to satisfy the written description requirement and the system claims are
`
`indefinite under § 112(b) because they include mean-plus-function claim elements
`
`without reciting sufficient corresponding structure in the specification. Finally, the
`
`Challenged Claims are directed to an abstract education process and are ineligible
`
`under § 101.
`
`Wombat petitions for cancellation of the Challenged Claims under 35 U.S.C.
`
`§§ 101, 103 and § 112.1 This petition is supported by an expert declaration from
`
`Prof. Aviel Rubin of Johns Hopkins University. Ex. 1010.
`
`1 The AIA versions of 35 U.S.C. §§ 102, 103 and 112 apply to the ‘017 Patent. All
`
`references herein to §§ 102, 103 and 112 are to their AIA versions.
`
`2
`
`

`

`II. REQUIREMENTS AND MANDATORY NOTICES
`A.
`Standing
`Wombat certifies that (a) before the date on which this petition is being
`
`filed, neither Wombat nor any real party-in-interest filed a civil action challenging
`
`the validity of a claim of the ’017 Patent; and (b) neither Wombat nor any real
`
`party-in-interest or privy of Wombat is estopped from challenging the claims on
`
`the grounds described herein.
`
`B. Real Party-in-Interest
`The real party-in-interest is Wombat Security Technologies, Inc. Wombat
`
`Security Technologies UK Ltd., a subsidiary of Wombat, can also be considered a
`
`real party-in-interest.
`
`C. Related Matters
`1.
`Lawsuits
`
`PhishMe sued Wombat in the United States District Court of Delaware on
`
`June 16, 2017, styled PhishMe, Inc. v. Wombat Security Technologies, Inc., No.
`
`1:17-cv-00769-LPS-CJB (“the Second Lawsuit”) for infringement of the ‘017
`
`Patent and a related patent, Patent 9,674,221 (“the ‘221 Patent”). Ex. 1002.
`
`On May 31, 2016, PhishMe sued Wombat in the same court, Case No. 1:16-
`
`cv-00403-LPS (“the First Lawsuit”), asserting, U.S. Patent 9,356,948 (“the ‘948
`
`Patent”) a predecessor of the ‘017 and ‘221 Patents. Ex. 1003. On July 19, 2016,
`
`PhishMe amended its complaint in the First Lawsuit to add another predecessor
`
`3
`
`

`

`patent, U.S. Patent 9,398,038 (“the ‘038 Patent”). Ex. 1004. On September 6,
`
`2016, PhishMe dropped the ‘948 Patent from the First Lawsuit. Ex. 1005.
`
`On June 28, 2017, the district court consolidated the First and Second
`
`Lawsuits. Ex. 1006. As of the date of this petition, the court has not ruled on
`
`claim construction or validity regarding any of the patents.
`
`2.
`
`Post-grant Petitions
`
`Wombat requested post-grant review and inter partes review of the ‘038
`
`Patent. The Board denied Wombat’s request for PGR, Ex. 1007, and its request for
`
`rehearing. Ex. 1008-1009. Wombat filed an IPR petition for the ‘038 Patent on
`
`July 18, 2017. The case numbers for the PGR and IPR petitions are PGR2017-
`
`00009 and IPR2017-01813 respectively.
`
`3.
`
`Patent Family
`
`The ‘017 Patent claims priority to several predecessor patents and a couple
`
`applications claim priority to it as shown in the chart below.
`
`4
`
`

`

`Serial No. 13/763,538
`
`Filed Feb. 8, 2013 Now US. Patent 9,253,207
`
`CONTINUATION
`
` Now US. Patent 8,719,940
`
`Serial No. 13/785,252
`F'l dM .5 2013
`1e
`ar
`,
`
`CONTINUATION-IN- ’ ART
`
`Subject of 1st
`Lawsuit
`
`Serial No. 13/918,702
`
`FiledJune 14) 2013 I Subject ofpriorPGR and
`
`.
`
`.
`
`IPR Petltlons CONTINUATION-IN ' ART
`
`Now US. Patent 9,398,038
`
`Serial No. 13/958,480
`
`Filed Aug. 2, 2013
`
`Now US. Patent 9.356,948
`
`CONTINUATION
`
`Serial No. 14/620,245
`
` Now US. Patent 9.325,730
`
`Filed Feb. 12, 2015
`
`CONTINUATION
`
`Subject of 2nd
`Lawsuit
`
`Subject of this PGR Petition
`
`Serial No. 15/138,188
`
`Filed Apr. 25, 2016
`
`I
`
`Now US. Patent 9.591,017
`
`Now US. Patent 9,674,221
`
`Serial No. 15/418,709
`
`Filed Jan. 28, 2017
`
`Relationship unknown
`
`Serial No. 15/583,970
`
`Filed May 1, 2017 Unpublished
`
`5
`
`
`
`

`

`D. Lead and Backup Counsel and Service Information
`
`
`Lead Counsel
`
`
`
`
`Backup Counsel
`
`Mark G. Knedeisen
`Reg. No. 42,747
`mark.knedeisen@klgates.com
`T: 412-355-6342
`Patrick J. McElhinny
`Reg. No. 46,320
`patrick.mcelhinny@klgates.com
`T: 412-355-6334
`Laurén S. Murray
`Reg. No. 67,462
`lauren.murray@klgates.com
`T: 412-355-7471
`
`
`
`All listed counsel are with K&L Gates, LLP, 210 Sixth Avenue, Pittsburgh,
`
`PA 15222. A power of attorney designating the above-identified counsel is being
`
`filed with this petition. Wombat consents to electronic service by email.
`
`Payment of Fees
`
`E.
`Wombat authorizes the Office to charge the required fees for PGR of
`
`twenty-one (21) claims, and any additionally required fees, to Deposit Account No.
`
`02-1818.
`
`III. OVERVIEW OF THE ‘017 PATENT
`A.
`Simulated Phishing Methods Described in the Specification
`The ’017 Patent describes a manner to educate individuals about phishing
`
`attack risks by sending simulated, non-malicious phishing emails to the individuals
`
`and tracking the individuals’ responses. In Figure 1 of the ’017 Patent (below), a
`
`6
`
`

`

`“network device 14” sends simulated phishing emails that “resemble real phishing
`
`attacks” to computing devices 16-20 of the intended recipients (referred to in the
`
`’017 Patent as “users” and “individuals”). Ex. 1001, col. 3:48-53. The simulated
`
`phishing emails include information that can be used later to identify them as
`
`simulated phishing emails, such as a “sender identifier,” a “recipient identifier,” a
`
`subject or time of transmission of the message, or “message headers.” Id., col.
`
`7:45-48. A database 24 stores data (e.g., a log) about the sent simulated phishing
`
`emails. Id., col. 3:60-61; Figs. 1-2.
`
`The individuals’ computers 16, 18, 20 can have an email client “plug-in” so
`
`that when an individual receives a suspected phishing email, the individual can
`
`
`
`7
`
`

`

`activate a “graphical user interface element” of the plug-in to report the received
`
`email as a potential phishing attack. Id., col. 7:17-22. Accordingly, a “network
`
`device” sends the simulated phishing emails, and a recipient thereof (i.e., a “user”
`
`or “individual”) can report a received email as a potential phishing email using the
`
`email client plug-in on the recipient’s computer.
`
`When the individual reports a received email, either the network device 14
`
`or the email client plug-in determines whether the identified email is a known
`
`simulated phishing email. Id., col. 4:39-42 (network device); col. 4:59-col. 5:7
`
`(plug-in); col. 7:42-60 (both). If the identified email is determined to be a known
`
`simulated phishing email, the system provides feedback to the individual
`
`confirming that the email was a simulated phishing email. Id., col. 2:4-9; col.
`
`4:19-26; col. 7:61-col.8:2. The ’017 Patent does not identify the device or
`
`component that provides the feedback, stating only in passive voice that the
`
`confirmatory feedback “may be provided …in the form of an email message, or an
`
`out-of-band message, such as an SMS message or other message.” Id., col. 4:22-
`
`26; col. 7:65-col.8:2.
`
`The network device 14 records in a database 26 the individuals’ responses to
`
`the simulated phishing emails, i.e., whether they reported the email, ignored it, or
`
`fell for it. Id., col. 3:61-63; col. 5:42-56; col. 7: 61-64; Figs. 1, 3. The network
`
`device 14 uses the response data to calculate trustworthiness scores for the
`
`8
`
`

`

`individuals that are indicative of the individuals’ abilities to identify potential
`
`phishing emails. Id., col. 5:57-col.7:5. If the identified email is determined not to
`
`be a known simulated phish, “a computer security expert” or “computer software
`
`configured to detect phishing attacks” can analyze the email to determine if it is a
`
`real phishing attack. Id., col. 2:22-28.
`
`The ‘017 Patent also incorporates two “Related Applications”―Serial Nos.
`
`13/763,486 and 13/763,515 (Exs. 1030-1031)―at col. 1:14-17.
`
`Person Having Ordinary Skill in the Art
`
`B.
`The skill level of a “person having ordinary skill in the art” (“PHOSITA”) to
`
`which the ’017 Patent pertains would have a bachelor’s degree or the equivalent in
`
`computer science (or a related academic field) and at least two to three years of
`
`additional experience in the computer security field, or equivalent work
`
`experience, and would have familiarity with phishing email attacks and spam and
`
`phishing email filters. Ex. 1010, ¶ 44.
`
`“Any person skilled in the art” for the written description and enablement
`
`standards of § 112(a) has the same skill level as a PHOSITA for the obviousness
`
`assessment. See In re Gosteli, 872 F.2d 1008, 1012 (Fed. Cir. 1989); Ariad
`
`Pharm., Inc. v. Eli Lilly and Co., 598 F.3d 1336, 1351 (Fed. Cir. 2010) (en banc).
`
`The relevant time for assessing the validity of the claims of the ’017 Patent
`
`is prior to June 14, 2013 for the reasons described below. All references below to
`
`9
`
`

`

`the knowledge of a PHOSITA pertain to his/her knowledge prior to June 14, 2013
`
`unless otherwise indicated.
`
`C. Eligibility for PGR
`The standard for PGR eligibility is more likely than not that the patent has at
`
`least one claim having an effective filing date on or after March 16, 2013. Mylan
`
`Pharm Inc. v. Yeda Res. & Dev. Co., PGR2016-00010, Paper 9 at 10 (PTAB Aug.
`
`15, 2016). The chart above shows that the lineage of the ‘017 patent includes two
`
`applications filed prior to March 16, 2013―Serial No. 13/763,538 (“the ‘538
`
`Application,” Ex. 1011) and Serial No. 13/785,252 (“the ‘252 Application,” Ex.
`
`1012). Their specifications are virtually identical. Ex. 1013 (redline comparison).
`
`The ‘017 Patent is eligible for PGR because it has at least one claim that is
`
`not entitled to the filing dates of either the ‘538 or ‘252 Applications. Indeed, each
`
`independent claim of the ‘017 Patent includes subject matter that is not disclosed in
`
`either of these pre-March-16-2013 applications. Thus, the claims are not entitled
`
`to a priority date prior to March 16, 2013. PowerOasis, Inc. v. T-Mobile USA, Inc.,
`
`522 F.3d 1299, 1306 (Fed. Cir. 2008) (subject matter disclosed for first time in a
`
`continuation-in-part does not receive benefit of the parent’s filing date).
`
`Presumably for that reason, the Office examined the ‘017 Patent under the first-to-
`
`file AIA provisions, Ex. 1021 at 15, and PhishMe did not object.
`
`The new subject matter in every independent claim is twofold.
`
`10
`
`

`

`1.
`
`First Post-AIA Limitation
`
`The ‘252 or ‘538 Applications do not support the following imitation recited
`
`in claims 1 and 11: “providing a plug-in for an email client at the remote
`
`computing device, the plug-in configurable for executing instructions for … when
`
`the identified email is determined to be a known simulated phishing attack …,
`
`providing a graphically displayed feedback to the individual confirming that the
`
`identified email was a simulated phishing attack….” Claim 21 recites a similar
`
`limitation.
`
`The ‘252 or ‘538 Applications fail to disclose the subject matter of these
`
`limitations because the ‘252 and ‘538 Applications do disclose neither (1)
`
`“graphically displayed” confirmatory feedback when the individual correctly
`
`identifies a simulated phishing email nor (2) a plug-in (for method claims 1-20) or
`
`a remote computing device (for claims 21-30) that provides confirmatory feedback.
`
`Neither the ‘252 nor ‘538 Applications disclose the graphically displayed
`
`confirmatory feedback limitation in haec verba. Ex. 1007 at 11 (“the exact words
`
`used in the feedback limitation may not appear in the ‘252 Application
`
`…”). These applications make general references to “education” and “training”
`
`in two paragraphs,2 but that minimal disclosure insufficiently shows that the
`
`2 The content and numbering of the two paragraphs in the ‘252 and ‘538
`
`Application are the same. Ex. 1013.
`
`11
`
`

`

`inventors possessed the confirmatory feedback limitations. See Ariad, 598 F.3d at
`
`1351 (“the hallmark of written description is disclosure”).
`
`• Paragraph [0005] states that: “In an education process, individuals are
`
`subjected to simulated phishing attacks, which are designed to
`
`resemble actual phishing attacks. In response to a simulated attack, an
`
`individual typically either falls victim to it, ignores the attack,
`
`consciously chooses to not react or additionally reports the attack
`
`too…. For those that fall victim to an attack, training is provided to
`
`decrease the likelihood that they will be deceived by a future
`
`simulated and/or real phishing attack.” (emphasis added); and
`
`• Paragraph [0018] states that “simulated phishing attacks are designed
`
`to resemble real phishing attacks in order to train the users of
`
`computing devices 16, 18 and 20 to better recognize and thwart a real
`
`phishing attack.” (emphasis added).
`
`Neither of these paragraphs demonstrates to a PHOSITA that the inventors
`
`possessed the claimed limitation of a plug-in or a remote computing device
`
`providing “graphically displayed” confirmatory feedback. Both paragraphs are
`
`insufficient because the training could be provided in response to the individual
`
`falling for (or being deceived by) a simulated attack, instead of correctly spotting
`
`one. Ex. 1010, ¶¶ 54-59. Indeed, ¶ [0005] refers exclusively to training provided
`
`12
`
`

`

`to those who fall victim to the simulated attack. Ex. 1007 at 12 (¶ [0005] does not
`
`disclose the claimed confirmatory feedback). Moreover, neither paragraph
`
`mentions that the feedback is provided by an email client plug-in, as required by
`
`claims 1-20, or by a remote computing device, as required by claims 21-
`
`30. Because of this omission, a PHOSITA would conclude that the inventors did
`
`not possess that the plug-in or remote computing device would provide the
`
`confirmatory feedback at the time that the ‘252 and ‘538 Applications were filed.
`
`Ex. 1010, ¶¶ 55-59.
`
`The ‘252 and ‘538 Applications refer to the email client plug-in (Exs. 1012-
`
`1013 at ¶¶ [0022], [0029]), but never mention that the feedback is provided by the
`
`plug-in. And it is not inherent or implicit that the training described in ¶¶ [0005]
`
`and [0018] is provided by a plug-in or the remote computing device since it could
`
`be provided on another computer device. Ex. 1010, ¶¶ 56-58. Indeed, a
`
`PHOSITA would understand the specification as indicating that an external device
`
`provides the feedback, not the plug-in. Id. at ¶ 71.
`
`The insufficient disclosure of the ‘252 and ‘538 Applications with respect to
`
`this limitation extends to the ‘017 Patent itself as described in Ground 1 below at
`
`pp. 24-26, which is incorporated herein by reference.
`
`
`
`
`
`13
`
`

`

`2.
`
`Second Post-AIA Limitation
`
`The ‘252 and ‘538 Application also do not support the limitation recited in
`
`claims 1 and 11 as: “providing a plug-in for an email client at the remote
`
`computing device, the plug-in configurable for executing instructions for … when
`
`the identified email is determined not to be a known simulated phishing attack …,
`
`causing the plugin to send the identified email for analysis or detection of whether
`
`or not the identified email is a phishing attack….” Claim 21 includes a
`
`corresponding limitation.
`
`These limitations require the plug-in to send the identified email for analysis
`
`or detection after it is determined not to be a known simulated phishing attack, but
`
`the ‘252 and ‘538 Applications do not disclose this limitation. Instead, the two
`
`applications disclose that, after the plug-in determines that the identified email is
`
`not a known simulated phishing email, the computing device 18 “could query
`
`network device 14 to determine the trustworthiness level of the individual who
`
`flagged the message….” Ex. 1011-1012 at ¶ [0022]. This teaching does not
`
`disclose sending the identified email for analysis or detection, and a PHOSITA
`
`would not understand from it that the inventors possessed that the plug-in would
`
`send the email for analysis or detection in response to determining that the
`
`identified email is not a known simulated phishing attack. Ex. 1010, ¶¶ 60-62.
`
`14
`
`

`

`In response to receiving the trustworthiness level, the plug-in still does not
`
`send the email for analysis or detection according to the ‘252 and ‘538
`
`Applications. Instead, “computing device 18 could alert network device 14, a
`
`network security appliance…, and/or a security event responder … that a potential
`
`malicious message was able to thwart security measures and that additional
`
`security measures should be taken to ensure that such messages (e.g., messages
`
`from same sender as flagged message) are blocked in the future.” Exs. 1011-1012
`
`at ¶ [0022]. Thus, the two applications disclose blocking the sender of the non-
`
`known-simulated phishing email. This does not require sending the email
`
`anywhere. Instead, just the email’s header, including the sender information, could
`
`be sent to the network security application so that the appliance could update its
`
`filters to block the sender. Ex. 1010, ¶ 63. Consequently, a PHOSITA would not
`
`immediately discern, visualize or recognize that the inventors possessed systems
`
`and methods where the plug-in or remote computing device sends the user-
`
`reported, non-known simulated phishing email for analysis or detection.
`
`The ‘252 and ‘538 Applications disclose the plug-in sending the email to the
`
`network device for analysis or detection, but only in response to the user reporting
`
`an email, Exs. 1011-1012 at ¶ [0029], not in response to the plug-in determining
`
`that the user-reported email is a non-known simulated phishing email. The
`
`network device determines whether the email is a known simulated phishing email
`
`15
`
`

`

`specification only after the plug-in sends the email. Id. at ¶ [0030]. Thus, this
`
`disclosure insufficiently demonstrate