NOTE: This disposition is nonprecedential.
United States Court of Appeals
for the Federal Circuit
______________________
PALO ALTO NETWORKS, INC.,
Appellant
v.
FINJAN, INC.,
Cross-Appellant
______________________
2017-2543, 2017-2623
______________________
Appeals from the United States Patent and Trademark
Office, Patent Trial and Appeal Board in Nos. IPR2016-
00159, IPR2016-01174.
--------------------------------------------------
FINJAN, INC.,
Appellant
v.
ANDREI IANCU, UNDER SECRETARY OF
COMMERCE FOR INTELLECTUAL PROPERTY
AND DIRECTOR OF THE UNITED STATES
PATENT AND TRADEMARK OFFICE,
Intervenor
______________________
2 PALO ALTO NETWORKS, INC. v. FINJAN, INC.
2017-2047
______________________
Appeal from the United States Patent and Trademark
Office, Patent Trial and Appeal Board in Nos. IPR2015-
01892, IPR2016-00890.
______________________
Decided: July 2, 2019
______________________
ORION ARMON, Cooley LLP, Broomfield, CO, argued for
appellant Palo Alto Networks, Inc.
PAUL J. ANDRE, Kramer Levin Naftalis & Frankel LLP,
Menlo Park, CA, argued for cross-appellant and appellant
Finjan, Inc. Also represented by JAMES R. HANNAH.
ROBERT MCBRIDE, Office of the Solicitor, United States
Patent and Trademark Office, Alexandria, VA, argued for
intervenor. Also represented by THOMAS W. KRAUSE, MAI-
TRANG DUC DANG, FARHEENA YASMEEN RASHEED.
______________________
Before WALLACH, LINN, and HUGHES, Circuit Judges.
HUGHES, Circuit Judge.
This decision arises from the consolidated appeals of
three inter partes reviews of a computer security patent.
Symantec Corp., Blue Coat Systems LLC, and Palo Alto
Networks, Inc., petitioned for inter partes review of U.S.
Patent No. 8,677,494 B2. The Patent Trial and Appeal
Board instituted partial review of the challenged claims.
The Board found claims 3–5 and 10–15 to be not unpatent-
able but determined that claims 1, 2, and 6 of the ’494 pa-
tent are unpatentable as obvious over Swimmer. Palo Alto
Networks appeals the Board’s decision on the ’494 patent’s
priority date and the patentability of claims 10, 11, and 15.
PALO ALTO NETWORKS, INC. v. FINJAN, INC. 3
Finjan, Inc. cross-appeals the Board’s finding that claims
1, 2, and 6 are unpatentable. For the following reasons, we
affirm the Board’s final decision.
I
A.
Finjan, Inc., owns the ’494 patent, which expired on
January 29, 2017, and is directed to “protection systems
and methods capable of protecting a personal computer []
or other” devices from “‘malicious’ operations.” ’494 patent
col. 2 ll. 51–56. The ’494 patent addresses issues in virus
detection. Internet browsers allow individuals to attach
executable programs to their websites, some of which may
contain malicious code that runs automatically upon open-
ing a website. Early antivirus software systems had trou-
ble processing these programs, called Downloadables. The
’494 patent describes a method to detect viruses within
Downloadables using a two phased approach comprised of
an inspection phase and a determination phase.
Independent claims 1 and 10 of the ’494 patent are rep-
resentative for purposes of this appeal and are reproduced
below.
1. A computer-based method, comprising the steps
of:
receiving an incoming Downloadable;
deriving security profile data for the Downloadable,
including a list of suspicious computer operations
that may be attempted by the Downloadable; and
storing the Downloadable security profile data in a
database.
’494 patent col. 21 ll. 19–25 (emphasis added).
10. A system of managing Downloadables, compris-
ing:
4 PALO ALTO NETWORKS, INC. v. FINJAN, INC.
a receiver for receiving an incoming Downloadable;
a Downloadable scanner coupled with said re-
ceiver, for deriving security profile data for the
Downloadable, including a list of suspicious com-
puter operations that may be attempted by the
Downloadable; and
a database manager coupled with said Down-
loadable scanner, for storing the Downloadable se-
curity profile data in a database.
Id. col. 22 ll. 7–16 (emphasis added).
Only the inspection phase is relevant to this appeal. It
entails three steps. First, the computer receives a Down-
loadable from an external network. Second, the system an-
alyzes the executable code of the Downloadable to generate
Downloadable security profile (DSP) data. The Down-
loadable scanner in claim 10 is a code scanner that gener-
ates the DSP data by decomposing the code using
conventional parsing techniques. The code scanner identi-
fies suspicious computer operations in the Downloadable
code and lists them as DSP data. Finally, the DSP data for
the Downloadable is stored in a database.
B.
On March 6, 2014, Finjan filed a Petition to Accept an
Unintentionally Delayed Priority Claim pursuant to 37
C.F.R. § 1.78 to fix a break in the ’494 patent’s priority
chain. Finjan sought to include U.S. Patent Nos. 6,092,194
(Touboul) and 6,167,502 as parent applications in U.S. Pa-
tent No. 7,058,822, which is a parent of the ’494 patent. On
February 16, 2016, the Patent Office issued a reexamina-
tion certificate amending the specification of the ’822 pa-
tent. Because the ’494 patent is a continuation of the ’822
patent, this certificate effectively amended the specifica-
tion of the ’494 patent to incorporate Touboul by reference
and change its priority date to 1997.
PALO ALTO NETWORKS, INC. v. FINJAN, INC. 5
On September 10, 2015, Symantec filed a petition for
inter partes review of the ’494 patent. 1 The Board insti-
tuted a trial with respect to claims 1, 2, 5, 6, 10, 11, 14, and
15 on the grounds that those claims are obvious over a pa-
per presented at the September 1995 Virus Bulletin Con-
ference entitled “Dynamic Detection and Classification of
Computer Viruses Using General Behavior Patterns”
(Swimmer).
On November 6, 2015, Palo Alto Networks, Inc. (PAN),
filed a petition for inter partes review (IPR2016-00159).
PAN asserted that claims 1–8 and 10–17 are obvious over
various combinations of prior art references, including
Swimmer and Touboul, and that Touboul anticipates
claims 1, 3–6, 19, 12–15, and 18. The Board instituted re-
view of claims 1, 2, 6, 10, 11, and 15 over Swimmer. The
Board declined to institute on any of the grounds that re-
lied on Touboul because it determined that the ’494 pa-
tent’s priority date predated Touboul.
Swimmer teaches a dynamic generalized antivirus sys-
tem that generates and analyzes an audit trail of opera-
tions attempted by the Downloadable. The system does
this by using an emulator to simulate executing the Down-
loadable. While the emulator executes the Downloadable,
the Swimmer system creates a log entry in the audit trail
whenever the Downloadable attempts to invoke certain op-
erating system functions.
Touboul discloses searching Downloadables for mali-
cious code. Like the ’494 patent, Touboul generates DSP
data. Compare J.A. 1337 with ’494 patent col. 21 ll. 21–23.
In the preferred embodiment, Touboul teaches that the
DSP data is derived using a “code scanner[, which] uses
1 The Board subsequently joined this petition
(IPR2015-01892) with Blue Coat Systems’ petition
(IPR2016-0890) for inter partes review.
6 PALO ALTO NETWORKS, INC. v. FINJAN, INC.
conventional parsing techniques to decompose the code . . .
of the Downloadable.” J.A. 1335. The DSP data is gener-
ated “as a list of all operations in the Downloadable code
which could ever be deemed potentially hostile and a list of
all files to be accessed by the Downloadable code.” Id.
C.
The Board issued separate written decisions making
similar findings on unpatentability. In both decisions, the
Board found claims 1, 2, and 6 unpatentable as obvious
over Swimmer. It observed that Swimmer teaches the rel-
evant limitations of claim 1. For example, Swimmer’s col-
lection of system activity data and conversion into an audit
trail for assessment by an analysis tool discloses the gen-
eration and storage of DSP data claimed by the ’494 patent.
In IPR2016-00159, the Board determined that PAN failed
to show that claims 3–5 and 10–15 are unpatentable. 2 In
particular, the Board noted that Swimmer does not render
claims 10, 11, and 15 obvious because it does not teach us-
ing a Downloadable scanner or a database manager as re-
cited in those claims.
PAN now appeals the Board’s determinations that
PAN failed to establish that claims 10, 11, and 15 are un-
patentable and that the ’494 patent was entitled to a 1997
priority date. Finjan cross-appeals, challenging the
Board’s decision on claims 1, 2, and 6. 3 We have jurisdic-
tion under 28 U.S.C. § 1295(a)(4)(A).
2 In IPR2015-01892, the Board determined that the
petitioners had not shown that claims 5, 10, 11, 14, and 15
are unpatentable over Swimmer.
3 After the appeals were filed, Symantec Corp. and
Blue Coats withdrew as parties. The U.S. Patent and
Trademark Office has intervened to defend the Board’s de-
cision in IPR2015-01892 under 35 U.S.C. § 143.
PALO ALTO NETWORKS, INC. v. FINJAN, INC. 7
II
We review the Board’s legal conclusions de novo and its
factual findings for substantial evidence. Dynamic Drink-
ware, LLC v. Nat’l Graphics, Inc., 800 F.3d 1375, 1378
(Fed. Cir. 2015). “A finding is supported by substantial ev-
idence if a reasonable mind might accept the evidence to
support the finding.” Id.
A.
We first address the ’494 patent’s priority date. PAN
argues that that the Board erred in retroactively applying
the 1997 priority date to the ’494 patent. We hold that PAN
cannot appeal this determination because it is only rele-
vant to the Board’s decision not to institute inter partes re-
view.
The 1997 priority date is not relevant to the grounds on
which the Board instituted; it only affects whether Touboul
qualifies as prior art. The Board, however, declined to in-
stitute review on any grounds relying on Touboul. When
the Board declines to institute on a ground for unpatenta-
bility, issues collateral to only that non-instituted ground
cannot be challenged on appeal because the decision not to
institute is not reviewable. See 35 U.S.C. § 314(d); Cuozzo
Speed Techs., LLC v. Lee, 136 S. Ct. 2131, 2139 (2016). Be-
cause the Board did not institute on any ground relying on
Touboul, PAN’s challenge to the priority date determina-
tion amounts to a challenge of the Board’s institution deci-
sion and is therefore not reviewable.
PAN alternatively contends that we should remand to
the Board because the Board failed to institute review on
all the grounds raised in the petition, as required by SAS
Institute, Inc. v. Iancu, 138 S. Ct. 1348 (2018). Because
PAN raised this argument for the first time during oral ar-
guments, Oral Arg. at 7:40–8:00, http://oralargu-
ments.cafc.uscourts.gov/default.aspx?fl=2017-2543.mp3,
we find that it has waived any request for SAS-based relief.
8 PALO ALTO NETWORKS, INC. v. FINJAN, INC.
See Mylan Pharm. Inc. v. Research Corp. Techs., Inc., 914
F.3d 1366, 1376 (Fed. Cir. 2019). We thus reject PAN’s
suggestion that we should remand.
B.
We next address the Board’s determination that PAN
failed to show that claims 10, 11, and 15 are obvious over
Swimmer. PAN argues that Swimmer discloses both the
code scanner and the database manager limitations. We
disagree as substantial evidence supports the Board’s de-
termination that Swimmer does not disclose the code scan-
ner limitation. 4
A patent claim is obvious under 35 U.S.C. § 103 “if
the differences between the subject matter sought to be pa-
tented and the prior art are such that the subject matter as
a whole would have been obvious at the time the invention
was made to a person having ordinary skill in the art to
which said subject matter pertains.” 35 U.S.C. § 103(a).
Obviousness is a question of law based on underlying fac-
tual findings, which include the scope and content of the
prior art. Rapoport v. Dement, 254 F.3d 1053, 1057–58
(Fed. Cir. 2001).
“In an IPR, the petitioner has the burden from the on-
set to show with particularity why the patent it challenges
is unpatentable.” Harmonic Inc. v. Avid Tech., Inc., 815
F.3d 1356, 1363 (Fed. Cir. 2016). “To satisfy its burden of
proving obviousness, a petitioner cannot employ mere con-
clusory statements. The petitioner must instead articulate
specific reasoning, based on evidence of record, to support
the legal conclusion of obviousness.” In re Magnum Oil
4 Because substantial evidence supports the Board’s
determination that Swimmer does not disclose a code scan-
ner, we do not address whether Swimmer teaches using a
database manager.
PALO ALTO NETWORKS, INC. v. FINJAN, INC. 9
Tools Int'l, Ltd., 829 F.3d 1364, 1380 (Fed. Cir. 2016). We
agree with the Board that PAN failed to meet its burden.
Although the Board noted that Swimmer does not
teach away from using scanners generally, the Board con-
cluded that the
emulator in [Swimmer’s] auditing system . . . cor-
responds to the recited Downloadable scanner . . . .
The fact that Swimmer’s emulator might serve the
recited function of “deriving security profile data
for the Downloadable” . . . does not establish that a
person of ordinary skill in the art would under-
stand it to teach or suggest a “scanner.”
J.A. 3587–88. The record supports this interpretation. Alt-
hough PAN emphasizes the Board’s finding that Swim-
mer’s emulator serves the same function as the claimed
scanner, we reject the notion that this finding is disposi-
tive.
PAN’s argument depends on interpreting the “code
scanner” limitation as a functional, rather than structural,
limitation. But the fact that a claim uses functional lan-
guage is not sufficient to convert the limitation into a func-
tional limitation. See Greenberg v. Ethicon Endo-Surgery,
Inc., 91 F.3d 1580, 1583 (Fed. Cir. 1996) (noting that ob-
jects like a screw driver have functional names but would
refer to a structure when invoked). Instead, “[w]ords of
limitation that can connote with equal force a structural
characteristic of the product or a process of manufacture
are commonly and by default interpreted in their struc-
tural sense.” 3M Innovative Properties Co. v. Avery Den-
nison Corp., 350 F.3d 1365, 1371 (Fed. Cir. 2003). As a
result, the Board’s finding that the “code scanner” and em-
ulator perform the same function does not show that they
are structural equivalents. Other than functional equiva-
lency, the record contains no evidence that the “code scan-
ner” and emulator are structurally equivalent. Thus, we
find substantial evidence supporting the Board’s
10 PALO ALTO NETWORKS, INC. v. FINJAN, INC.
determination that PAN failed to show that Swimmer
teaches a code scanner.
C.
Finally, we turn to Finjan’s cross-appeal of the Board’s
decision finding claims 1, 2, and 6 of the ’494 patent obvious
over Swimmer. Finjan argues that the Board erroneously
construed the claim terms “list of suspicious computer op-
erations” and “storing the Downloadable security profile
data in a database.” We disagree.
We construe the terms according to the principles set
forth in Phillips v. AWH Corp., 415 F.3d 1303 (Fed. Cir.
2005) (en banc). In re Rambus, Inc., 753 F.3d 1253, 1255
(Fed. Cir. 2014). Under Phillips, we give words their ordi-
nary and customary meaning as they would be understood
by a person of ordinary skill in the art at the time of the
invention and in light of the entire patent. Phillips, 415
F.3d at 1312–13. “Claim construction begins with the
words of the claim, which ‘must be read in view of the spec-
ification, of which they are a part.’” Wi-Lan, Inc. v. Apple,
Inc., 811 F.3d 455, 462 (Fed. Cir. 2016) (quoting Phillips,
415 F.3d 1312–15).
1
First, we address the Board’s construction of “list of
suspicious computer operations.” The Board construed it to
mean “list of all operations that could ever be deemed po-
tentially hostile.” J.A. 12. Finjan contends that this con-
struction is overly broad and ignores the word “suspicious.”
Finjan argues that the proper construction is “a list of com-
puter operations deemed suspicious,” i.e., that the system
finds operations suspicious before adding them to the list.
J.A. 8. We reject this construction.
Finjan relies on a description of a preferred embodi-
ment in Touboul, which was incorporated by reference into
the ’494 patent. Touboul discloses that after the code scan-
ner identifies a command in the Downloadable’s code, it
PALO ALTO NETWORKS, INC. v. FINJAN, INC. 11
determines “whether the command is one of the operations
identified” as suspicious. J.A. 1337. As an example, Tou-
boul points to a list of suspicious operations articulated
elsewhere in the patent.
Finjan’s construction is too narrow in light of Touboul.
Touboul explains that DSP data “includes the list of all po-
tentially hostile or suspicious computer operations that
may be attempted by a specific Downloadable.” J.A. 1335.
Touboul further emphasizes that the suspicious operations
in the DSP can include all operations that “could ever be
deemed potentially hostile.” Id. Given this disclosure, we
agree with the Board that the scope of the DSP extends be-
yond operations that are known to be potentially hostile
and includes operations that are not currently, but may in
the future become, hostile.
Thus, the DSP includes operations that have not yet
been deemed hostile when the list is generated. Because
Finjan’s construction excludes operations not already
known to be potentially hostile, it conflicts with the speci-
fication and must be rejected. And because the Board’s
construction encompasses operations that could be deemed
potentially hostile in the future, we agree that the Board’s
construction is the proper construction of the term under
Phillips.
2
Second, we address the Board’s construction of “storing
the Downloadable security profile data in a database.” Fin-
jan argued in its Patent Owner’s Response that this phrase
should be construed to limit “storing” as only occurring af-
ter the DSP is derived. The Board disagreed and deter-
mined that the phrase is properly construed as “placing the
derived DSP data into the database.” J.A. 17. The Board
explained that the storing step of claim 1 was separate
from the step where the DSP is fully derived and could
begin before the derivation step was complete. We agree
with the Board’s determination and adopt its construction.
12 PALO ALTO NETWORKS, INC. v. FINJAN, INC.
Finjan argues that the claim’s syntax supports the con-
struction it argued before the Board. According to Finjan,
the use of the definite article “the” in “storing the Down-
loadable security profile data” references “‘the’ DSP data
derived in the previous step.” Resp. Br. 34; see also Wi-
Lan, Inc. v. Apple, Inc., 811 F.3d 455, 462 (Fed. Cir. 2017)
(noting that, when a definite article is used in a claim,
“[s]ubsequent use of the definite article[] ‘the’ . . . in a claim
refers back to the same term recited earlier in the claim”).
Thus, they argue that the system cannot begin storing the
DSP data until the derivation step is completed. We are
not persuaded by this argument.
While we agree with Finjan that “the Downloadable se-
curity profile data” in the storing step refers to the data
generated in the “deriving” step, we disagree that this re-
quires the DSP to be fully derived before the storing step
can begin. The effect of the definite article on the step is
simply that all of the DSP data generated in the deriving
step must be stored in order for the storing step to be com-
pleted. It does not dictate when the process of storing can
begin. Thus, while the storing step cannot be completed
before the deriving step is completed, the claim does not
prohibit the storing process from starting before the DSP
data is fully derived. As such, we agree with the Board’s
claim construction of “storing the Downloadable security
profile data in a database.” 5
III
5 Because we affirm the Board’s construction of the
terms “list of suspicious computer operations” and “storing
the Downloadable security profile data in a database,” we
need not address the validity of the ’494 patent under Fin-
jan’s proposed construction.
PALO ALTO NETWORKS, INC. v. FINJAN, INC. 13
Because the priority date is not material to any
grounds that the Board instituted on, it is not reviewable.
We also find substantial evidence in the record that a “code
scanner” is not structurally equivalent to an “emulator.”
Thus, we affirm the Board’s decision that PAN failed to es-
tablish that claims 10, 11, and 15 of the ’494 patent are
unpatentable. Finally, we agree with the Board’s construc-
tion of “list of suspicious computer operations” and “storing
the Downloadable security profile data.” Therefore, we af-
firm the Board’s finding that claims 1, 2, and 6 of the ’494
patent are unpatentable as obvious.
AFFIRMED
No costs.