Case: 19-2074 Document: 56 Page: 1 Filed: 12/30/2020
NOTE: This disposition is nonprecedential.
United States Court of Appeals for the Federal Circuit ______________________
FINJAN, INC., Appellant
v.
CISCO SYSTEMS, INC., Cross-Appellant ______________________
2019-2074, 2019-2146 ______________________
Appeals from the United States Patent and Trademark Office, Patent Trial and Appeal Board in No. IPR2018- 00391. ______________________
Decided: December 30, 2020 ______________________
JAMES R. HANNAH, Kramer Levin Naftalis & Frankel LLP, Menlo Park, CA, for appellant. Also represented by PAUL J. ANDRE; JEFFREY PRICE, New York, NY.
PATRICK D. MCPHERSON, Duane Morris LLP, Washing- ton, DC, for cross-appellant. Also represented by PATRICK C. MULDOON; MATTHEW CHRISTOPHER GAUDET, Atlanta, GA; JOSEPH POWERS, Philadelphia, PA. ______________________ Case: 19-2074 Document: 56 Page: 2 Filed: 12/30/2020
Before LOURIE, REYNA, and WALLACH, Circuit Judges. WALLACH, Circuit Judge. Cisco Systems, Inc. (“Cisco”) sought inter partes review (“IPR”) of claims 1–4, 8, and 11–14 (“the Challenged Claims”) of Finjan, Inc.’s (“Finjan”) U.S. Patent No. 7,647,633 (“the ’633 patent”). The U.S. Patent and Trademark Office’s Patent Trial and Appeal Board (“PTAB”) issued a final written decision concluding that Cisco “ha[d] shown by a preponderance of the evidence that claims 1–4, 8, and 11–13 of the ’633 patent are unpatenta- ble” as obvious, but “ha[d] not shown by a preponderance of the evidence that [independent] claim 14 of the ’633 pa- tent is unpatentable” as obvious. Cisco Sys., Inc. v. Finjan, Inc., No. IPR2018-00391, 2019 WL 2237141, at *1 (P.T.A.B. May 23, 2019). Finjan appeals and Cisco cross-appeals. We have ju- risdiction pursuant to 28 U.S.C. § 1295(a)(4)(A). We affirm. BACKGROUND I. The ’633 Patent Entitled “Malicious Mobile Code Runtime Monitoring System and Methods,” the ’633 patent “relates generally to computer networks, and more particularly” to “a system and methods for protecting network-connectable devices from undesirable downloadable operation.” ’633 patent col. 1 ll. 30–33. The ’633 patent “provides protection sys- tems and methods capable of protecting . . . network acces- sible devices or processes,” such as personal computers, “from harmful, undesirable, suspicious or other ‘malicious’ operations that might otherwise be effectuated by remotely operable code,” such as computer viruses. Id. col. 2 ll. 20– 25; see id. col. 1 ll. 40–44 (noting that “the Internet and other public networks have . . . become a major source of potentially system-fatal or otherwise damaging computer code commonly referred to as ‘viruses’”). The ’633 patent discloses “embodiments” that first “determin[e], within one Case: 19-2074 Document: 56 Page: 3 Filed: 12/30/2020
FINJAN, INC. v. CISCO SYSTEMS, INC. 3
or more network ‘servers’ . . . whether received information includes executable code”—referred to as a “Down- loadable”—then, based on that determination, “deliver[] static, configurable, and/or extensible remotely operable protection [code or] policies” to the location of the Down- loadable, and “caus[e] the mobile protection code to be exe- cuted within a Downloadable-destination in a manner that enables various Downloadable operations to be detected, intercepted or further responded to via protection opera- tions.” Id. col. 2 ll. 39–55; see id. col. 1 ll. 60–66 (providing that “[d]ownloadable information” may include “distribut- able components (e.g.[,] Java™ applets and JavaScript scripts, ActiveX™ controls, Visual Basic, add-ins and/or others)” and “application programs, Trojan horses, multi- ple compressed programs such as zip or meta files, among others”), col. 2 ll. 28–33 (similar). Independent claims 1 and 14, and claims 2 and 3 of the ’633 patent, are illustrative. Independent claim 1 recites: A computer processor-based method, comprising: receiving, by a computer, downloadable-in- formation; determining, by the computer, whether the downloadable-information includes execut- able code; and based upon the determination, transmit- ting from the computer mobile protection code to at least one information-destination of the downloadable-information, if the downloadable-information is determined to include executable code. Id. col. 20 ll. 54–62. Claim 2 depends from independent claim 1, and provides that “receiving includes monitoring received information of an information re-communicator.” Id. col. 20 ll. 63–65. Claim 3, which depends from claim 2, Case: 19-2074 Document: 56 Page: 4 Filed: 12/30/2020
provides that claim 2’s “information re-communicator is a network server.” Id. col. 20 ll. 66–67. Independent claim 14 recites: A computer program product, comprising a com- puter usable medium having a computer readable program code therein, the computer readable pro- gram code adapted to be executed for computer se- curity, the method comprising: providing a system, wherein the system comprises distinct software modules, and wherein the distinct software modules com- prise an information re-communicator and a mobile code executor; receiving, at the information re-communi- cator, downloadable-information including executable code; and causing mobile protection code to be exe- cuted by the mobile code executor at a downloadable-information destination such that one or more operations of the ex- ecutable code at the destination, if at- tempted, will be processed by the mobile protection code. Id. col. 21 l. 58–col. 22 l. 5. II. The Prior Art A. Hanson Entitled “Reverse Proxy Server,” WIPO Pub. No. WO 98/31124 (“Hanson”) is an international application published under the Patent Cooperation Treaty, and “re- lates to client/server computer communications over an in- ternetwork system and, more particularly, to improved access of firewall protected servers.” J.A. 833; see J.A. 831– Case: 19-2074 Document: 56 Page: 5 Filed: 12/30/2020
FINJAN, INC. v. CISCO SYSTEMS, INC. 5
52 (Hanson). 1 Hanson discloses “a method and system for securely accessing servers” over a network by providing “secure bi-directional data packet communication between” an external “client . . . and [internal] servers,” with the servers “protected by a firewall . . . and bastion server.” J.A. 835–36. The bastion server “includes a processor and memory like typical servers, but also includes an internal [IP] address file . . . and a rules file . . . stored in memory.” J.A. 836. 2 Hanson teaches that its bastion server uses its address and rule files to limit “external access to [the internal serv- ers] through the firewall,” J.A. 837, specifically, by check- ing both outgoing and incoming “data packet[s]” against its internal address file and rules file, J.A. 838. Data packets are routed through the bastion server. J.A. 838. Incoming data packets are addressed to an internal server name. J.A. 838. The bastion server receives the data packet and, first, “determines whether a match exists between the server name and an internal address located in the inter- nal address file.” J.A. 838. “If no match is found, the bas- tion” server notifies the client that the “packet cannot be delivered.” J.A. 838. If the address is found, the bastion server then “check[s]” “the received packet . . . against [the] rules contained within the rules file.” J.A. 838. If the data packet “fails to pass” any of the rules, the bastion server notifies the client and does not deliver the packet. J.A. 838. “[I]f the received packet passes all the rules contained within the rules file, a connection is made between the cli- ent and the [addressed internal] server” and the packet is delivered. J.A. 838. “The rule checks include certain 1 Hanson defines “internetwork” as “the joining of multiple computer networks, both similar and dissimilar, by means of gateways or routers that facilitate data trans- fer and conversion from various networks.” J.A. 833. 2 A “bastion server” is “a special-purpose computer on a network . . . specifically designed and configured to protect against unauthorized access.” J.A. 775. Case: 19-2074 Document: 56 Page: 6 Filed: 12/30/2020
security [check] programs that operate upon received data packets and, particularly, data packets that are or include programs.” J.A. 838; see J.A. 842–43 (providing that these programs may be “J[ava™] applets” or “ActiveX[™] pro- grams which are intended to be run on the destination cli- ent or server”). Hanson explains that the “security check program” does this by “tagging” or “attaching itself to the [executable code] being sent in the data packet,” such that, when the executable code is “run at the destination client or server,” the security check program “runs simultane- ously” and “performs [the necessary] security operations.” J.A. 842, 845. Outgoing packets undergo a similar check through the bastion server. J.A. 840. B. Hyppönen Entitled “Computer Virus Screening,” U.S. Patent No. 6,577,920 (“Hyppönen”) “relates to the screening of computer data for viruses and more particularly to the screening of computer data for macro viruses.” J.A. 857; see J.A. 854–61 (Hyppönen). Hyppönen defines “macros” as “small executable programs written in a simple high level language” that provide, for example, “customized menu bars” or “document templates” in word processing programs. J.A. 857. Hyppönen discloses a “method of screening a software file for viral infection” using three databases—one “of known macro virus signatures, a second . . . of known and certified commercial macro signatures, and a third . . . of known and certified local macro signatures.” J.A. 854. Hyppönen teaches that a software file may be “scanned to determine whether or not [it] contains a macro.” J.A. 854. “If [it does] contain[] a macro,” then the method determines “a signature for the macro” such that it may be “screened against the signatures contained in [the three] databases” of known signatures. J.A. 854. If the macro is a known virus, the file system event is suspended and the user alerted. J.A. 859. If the macro is a known legitimate Case: 19-2074 Document: 56 Page: 7 Filed: 12/30/2020
FINJAN, INC. v. CISCO SYSTEMS, INC. 7
program, it is allowed to proceed. J.A. 859. If the macro is unknown and unverifiable, the file system event is sus- pended and “a report is sent to the network manager” with “a copy of the [unknown] macro.” J.A. 859. The databases may be updated as more macros are encountered or become available. J.A. 857. Hyppönen suggests that its system may be modified “to screen files for viruses other than macro viruses.” J.A. 859. DISCUSSION Finjan argues that the PTAB made a series of claim construction errors, and that, under the proper construc- tion, claims 1–4, 8, and 11–13 of the ’633 patent are not obvious over Hanson and Hyppönen. Appellant’s Br. 20– 36. On cross-appeal, Cisco argues that the PTAB’s conclu- sion that independent claim 14 of the ’633 patent is not ob- vious over Hanson and Hyppönen is unsupported by substantial evidence. Cross-appellant’s Br. 40. We ad- dress each argument in turn. I. Standard of Review “We review the PTAB’s factual findings for substantial evidence and its legal conclusions de novo.” Redline Detec- tion, LLC v. Star Envirotech, Inc., 811 F.3d 435, 449 (Fed. Cir. 2015) (citation omitted). “Substantial evidence is something less than the weight of the evidence but more than a mere scintilla of evidence,” meaning that “[i]t is such relevant evidence as a reasonable mind might accept as ad- equate to support a conclusion.” In re NuVasive, Inc., 842 F.3d 1376, 1379–80 (Fed. Cir. 2016) (internal quotation marks and citations omitted). “If two inconsistent conclu- sions may reasonably be drawn from the evidence in rec- ord, the PTAB’s decision to favor one conclusion over the other is the epitome of a decision that must be sustained upon review for substantial evidence.” Elbit Sys. of Am., LLC v. Thales Visionix, Inc., 881 F.3d 1354, 1356 (Fed. Cir. 2018) (internal quotation marks, brackets, and cita- tion omitted). Case: 19-2074 Document: 56 Page: 8 Filed: 12/30/2020
II. Claim Construction A. Legal Standard “[C]laim construction must begin with the words of the claims themselves.” Amgen Inc. v. Hoechst Marion Rous- sel, Inc., 457 F.3d 1293, 1301 (Fed. Cir. 2006) (citation omitted). “[W]ords of a claim are generally given their or- dinary and customary meaning,” i.e., “the meaning that the term would have to a person of ordinary skill in the art [(‘PHOSITA’)] in question at the time of the invention[.]” Phillips v. AWH Corp., 415 F.3d 1303, 1312–13 (Fed. Cir. 2005) (en banc) (internal quotation marks and citation omitted). 3 “The words used in the claims are interpreted in light of the intrinsic evidence of record, including the written description, the drawings, and the prosecution his- tory[.]” Teleflex, Inc. v. Ficosa N. Am. Corp., 299 F.3d 1313, 1324 (Fed. Cir. 2002) (citation omitted). The PHOSITA “is deemed to read [a] claim term not only in the context of the particular claim in which [it] appears, but in the context of the entire patent, including the specification.” Phillips, 415 F.3d at 1313. 4 Prosecution history may also be looked
3 Because the ’633 patent expired between conclu- sion of the IPR and this appeal, see Appellant’s Br. 20 (not- ing that the ’633 patent expired in November 2019); see generally Cross-appellant’s Br. (discussing neither expira- tion of the ’633 patent nor the appropriate claim construc- tion standard), we construe the Challenged Claims in accordance with the standard set forth in Phillips, 415 F.3d at 1312–13, rather than the broadest reasonable interpre- tation (“BRI”) as applied by the PTAB, Cisco, 2019 WL 2237141, at *2; see In re Rambus, Inc., 753 F.3d 1253, 1256 (Fed. Cir. 2014) (providing that, once a patent has expired, “we apply the Phillips claim construction standards”). 4 The “specification includes both the written de- scription and the claims of the patent.” Cisco Sys., Inc. v. TQ Delta, LLC, 928 F.3d 1359, 1362 (Fed. Cir. 2019) (inter- nal quotation marks and citation omitted). Case: 19-2074 Document: 56 Page: 9 Filed: 12/30/2020
FINJAN, INC. v. CISCO SYSTEMS, INC. 9
to in order to supply additional evidence of a claim term’s intended meaning. See Home Diagnostics, Inc. v. Lifescan, Inc., 381 F.3d 1352, 1356 (Fed. Cir. 2004). 5 “A patent’s specification, together with its prosecution history, consti- tutes intrinsic evidence to which the PTAB gives priority when it construes claims.” Knowles Elecs. LLC v. Cirrus Logic, Inc., 883 F.3d 1358, 1361−62 (Fed. Cir. 2018) (cita- tion omitted). We review the PTAB’s assessment of the in- trinsic evidence de novo and extrinsic evidence for substantial evidence. See id. at 1362. B. The PTAB Properly Construed the Term “Information Re-Communicator” The PTAB concluded that the “information re-commu- nicator” as recited in claims 2 and 3 “is not limited to re- ceiving downloadable-information from an external network.” Cisco, 2019 WL 2237141, at *4. Finjan argues that, by not requiring that the received downloadable in- formation come “from an external network,” the PTAB’s construction is “overbroad and inconsistent with the speci- fication and [expert] testimony.” Appellant’s Br. 33–34. 6 We disagree with Finjan. The PTAB properly construed the term “information re-communicator.” Consistent with claim construction principles, we look first to the language of the claims, 5 A patent’s prosecution history “consists of the com- plete record of the proceedings before the [US]PTO,” providing “evidence of how the [US]PTO and the inventor understood the patent.” Phillips, 415 F.3d at 1317 (citation omitted). 6 Finjan refers to the recited “information re-commu- nicator” as the “information re-communicator/monitor.” See, e.g., Appellant’s Br. 34. Finjan does not raise any ar- guments specific to the term “monitor.” See generally Ap- pellant’s Br. Consistent with the PTAB, we discuss this term as the “information re-communicator.” See, e.g., Cisco, 2019 WL 2237141, at *4. Case: 19-2074 Document: 56 Page: 10 Filed: 12/30/2020
followed by the language of the specification and prosecu- tion history. See Phillips, 415 F.3d at 1315–17. Independ- ent claim 1 recites “[a] computer processor based method” in which “a computer” “receiv[es] . . . downloadable infor- mation.” ’633 patent col. 20 ll. 54–56. Dependent claims 2 and 3 further provide that this “receiving” may be done by an “information re-communicator” within the computer, id. col. 20 ll. 63–65, and the “information re-communicator” may be a “network server,” id. col. 20 ll. 66–67. The claim language does not, however, specify from where the “down- loadable information” is “receiv[ed].” See id. col. 20 ll. 64– 67. This indicates that the “information re-communicator” is not limited to receiving “downloadable information” from an external network. See Phillips, 415 F.3d at 1314 (“[T]he claims themselves provide substantial guidance as to the meaning of particular claim terms.”). Accordingly, the PTAB properly concluded that the “claims are silent as to the source of the ‘downloadable-information,’” and, as such, the plain meaning of the claim language” does not require that source be “an external network.” Cisco, 2019 WL 2237141, at *4. We next turn to the specification. See Phillips, 415 F.3d at 1315 (“[C]laims must be read in view of the specifi- cation, of which they are a part.” (internal quotation marks and citation omitted)). The specification repeatedly de- scribes the “re-communicator” as a “server” or “firewall.” See, e.g., ’633 patent, Abstract (disclosing embodiments with “a server, firewall or other suitable ‘re-communica- tor’”); id. col. 5 ll. 34–36 (“Embodiments provide, within one or more ‘servers’ (e.g.[,] firewalls, resources, gateways, email relays or other information re-communicating de- vices)[.]”). The specification provides that “re-communica- tors” include “one or more network servers, firewalls or other network connectable information re-communicating devices.” Id. col. 2 ll. 58–62. Thus, based on the specifica- tion, “information re-communicators” are devices that re- communicate received information, regardless of whether Case: 19-2074 Document: 56 Page: 11 Filed: 12/30/2020
FINJAN, INC. v. CISCO SYSTEMS, INC. 11
that information comes from an external network or other source. The specification does not narrow the term “infor- mation re-communicator,” and instead, supports the con- clusion that the “information re-communicator” is not limited to receiving “downloadable information” from an external network. Accordingly, the PTAB properly con- cluded that the specification “does not restrict” the “infor- mation re-communicator” to “processing the downloadable- information solely” from “external networks.” Cisco, 2019 WL 2237141, at *4. 7 Finjan’s primary counterargument is unpersuasive. Finjan “does not disagree” that “(1) the claims are silent as to the source of the downloadable-information and (2) the [s]pecification describes consistently a server or a firewall as a re-communicator.” Appellant’s Br. 33 (internal quota- tion marks and citation omitted). Finjan nonetheless urges us to adopt an additional limitation to the term because, based on expert testimony, “a P[H]OS[IT]A would under- stand . . . ‘information re-communicator’” to require it. Id.; see id. at 34 (citing J.A. 2302 (Finjan’s expert testimony), 2369 (Cisco’s expert deposition)). This argument is without merit. First, while “extrinsic evidence,” such as expert tes- timony, “can shed useful light on the relevant art,” “it is less significant than the intrinsic record[.]” Phillips, 415 F.3d at 1317. Finjan agrees that the claims are silent as to whether “downloadable-information” must come from an external network and that the specification does not re- quire it. Appellant’s Br. 33. Where, as here, “an analysis of the intrinsic evidence alone will resolve any ambiguity in [the] disputed claim term,” it is “improper to rely on ex- trinsic evidence,” such as expert testimony, to introduce 7 Neither party argues that the prosecution history illuminates the meaning of “information re-communica- tor.” Accordingly, we do not consider it here. See Vitronics Corp. v. Conceptronic, Inc., 90 F.3d 1576, 1582 (Fed. Cir. 1996) (providing that we will consider the prosecution history “if in evidence”). Case: 19-2074 Document: 56 Page: 12 Filed: 12/30/2020
ambiguity. Vitronics, 90 F.3d at 1583; see Phillips, 415 F.3d at 1318 (“[A] court should discount any expert testi- mony that is clearly at odds with the claim construction mandated by the claims themselves, the written descrip- tion, and the prosecution history[.]”). Second, Finjan’s proffered expert testimony does not persuasively support its argument that the term “infor- mation re-communicator” must be narrowed to receiving “downloadable-information from” only “an external net- work.” Appellant’s Br. 33. Finjan’s expert testimony is premised on exemplary embodiments of the ’633 patent. J.A. 2302–04. Finjan’s expert explains that the ’633 pa- tent’s “information re-communicator” receives “down- loadable-information from an external network” because “the ’633 patent describes” an exemplary embodiment with “a network that includes subsystems . . . , which are sepa- rated via [an] external network . . . from resource serv- ers[.]” J.A. 2302–03 (citing ’633 patent col. 5 l. 63–col. 6 l. 33, Figs. 1a, 1b, 1c); see ’633 patent col. 5 ll. 57–62 (ex- plaining that “F[igs]. 1a through 1c illustrate a computer network system . . . according to an embodiment of the in- vention. F[ig]. 1a broadly illustrates [a] system . . . , while F[igs]. 1b and 1c illustrate exemplary protectable subsys- tem implementations[.]”), col. 5 l. 63–col. 6 l. 33 (describing Figs. 1a, 1b, and 1c). That is, Finjan’s expert seeks to im- properly read “limitations from the specification . . . into the patent claims.” Bell Atl. Network Servs., Inc. v. Covad Commc’ns Grp., Inc., 262 F.3d 1258, 1270 (Fed. Cir. 2001). Finjan also asserts that Cisco’s expert “agreed that the claimed ‘information re-communicator . . .’ must receive downloadable information over an external network.” Ap- pellant’s Br. at 18; see id. at 34 (similar). Finjan is incor- rect. Cisco’s expert declined to “construe any terms,” but noted, when asked “[w]hat problem the ’633 patent” tries to “solve,” that he “underst[oo]d from reading the patent that the re[-]communicator receives the downloadable in- formation from the external network,” with Case: 19-2074 Document: 56 Page: 13 Filed: 12/30/2020
FINJAN, INC. v. CISCO SYSTEMS, INC. 13
“downloadables” only “usually” “downloaded from an exter- nal network.” J.A. 2368–69 (without citation or specific ref- erence). Even if we were to interpret this statement as requiring “an external network” as Finjan urges, “[w]here the patent documents are unambiguous, expert testimony regarding the meaning of a claim is entitled to no weight.” Texas Digital Sys., Inc. v. Telegenix, Inc., 308 F.3d 1193, 1212 (Fed. Cir. 2002); Vitronics, 90 F.3d at 1584 (“[E]xpert testimony . . . often only indicates what a particular expert believes a term means[.]”). The PTAB, therefore, properly construed the term “information re-communicator” as “not limited to receiving downloadable-information from an ex- ternal network.” Cisco, 2019 WL 2237141, at *4; see In re CSB-Sys. Int’l, Inc., 832 F.3d 1335, 1341 (Fed. Cir. 2016) (“In many cases, the claim construction will be the same under the Phillips and BRI standards.”). 8 II. Obviousness A. Legal Standard A patent claim is invalid “if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a 8 Finjan’s argument that Hanson “does not disclose an ‘information re-communicator,’” is predicated on us adopting Finjan’s construction of “information re-commu- nicator.” Appellant’s Br. 36 (arguing that Hanson “does not disclose an ‘information re-communicator . . .’ under the proper construction”). Because we do not adopt Fin- jan’s construction, we need not address Finjan’s conditional argument. See Knowles Elecs. LLC v. Iancu, 886 F.3d 1369, 1373 n.3 (Fed. Cir. 2018) (“Because we conclude that the PTAB did not err in its construction of the disputed limitation, we need not address the appellant’s conditional arguments as to the PTAB’s unpatentability determina- tions.” (internal quotation marks, brackets, and citation omitted)). Case: 19-2074 Document: 56 Page: 14 Filed: 12/30/2020
[PHOSITA].” 35 U.S.C. § 103(a) (2006). 9 Obviousness “is a question of law based on underlying findings of fact.” See In re Gartside, 203 F.3d 1305, 1316 (Fed. Cir. 2000). Those underlying findings of fact include: (1) “the scope and con- tent of the prior art,” (2) “differences between the prior art and the claims at issue,” (3) “the level of ordinary skill in the pertinent art,” and (4) the presence of objective indicia of nonobviousness such “as commercial success, long felt but unsolved needs, failure of others,” and unexpected re- sults. Graham v. John Deere Co. of Kan. City, 383 U.S. 1, 17 (1966); see United States v. Adams, 383 U.S. 39, 50–52 (1966). In assessing the prior art, the PTAB also “con- sider[s] whether a PHOSITA would have been motivated to combine the prior art to achieve the claimed invention and whether there would have been a reasonable expecta- tion of success in doing so.” In re Warsaw Orthopedic, Inc., 832 F.3d 1327, 1333 (Fed. Cir. 2016) (internal quotation marks, brackets, and citation omitted). “What a prior art reference teaches and whether a [PHOSITA] would have been motivated to combine references are questions of fact.” Apple Inc. v. Samsung Elecs. Co., Ltd., 839 F.3d 1034, 1051 (Fed. Cir. 2016) (en banc). B. Substantial Evidence Supports the PTAB’s Finding that Hanson Discloses “Downloadable-Information” as Recited in Independent Claim 1 The PTAB concluded that it “need not construe the term” “downloadable-information,” because even if it
9 Congress amended § 103 when it enacted the Leahy-Smith America Invents Act (“AIA”). Pub. L. No. 112-29, § 3(c), 125 Stat. 284, 287 (2011). However, be- cause the application that led to the ’633 patent never con- tained (1) a claim having an effective filing date on or after March 16, 2013, or (2) a reference under 35 U.S.C. §§ 120, 121, or 365(c) to any patent or application that ever con- tained such a claim, the pre-AIA § 103 applies. See AIA, § 3(n)(1), 125 Stat. at 293; ’633 patent, Cover Page. Case: 19-2074 Document: 56 Page: 15 Filed: 12/30/2020
FINJAN, INC. v. CISCO SYSTEMS, INC. 15
adopted Finjan’s proposed construction, Cisco “ha[d] shown that prior art teaches the limitation.” Cisco, 2019 WL 2237141, at *5; see id. (noting that Finjan defined the term “downloadable-information” as “information which is downloaded from a source computer which may or may not include executable code” (quoting J.A. 305 (Patent Owner’s Response)). The PTAB then found that “Hanson’s bastion server receives ‘downloadable-information’” and, therefore, Hanson teaches “receiving . . . downloadable-information” as recited in independent claim 1. Id. at *13. Finjan ar- gues that the PTAB’s construction of “downloadable-infor- mation” was “premised on a very clear misinterpretation of Finjan’s argument.” Appellant’s Br. 29. Finjan asserts that the PTAB’s “failure to address Finjan’s actual argu- ment means that” the PTAB’s finding that Hanson teaches “receiving . . . downloadable-information” is unsupported by substantial evidence. Id. at 31. We disagree with Fin- jan. Substantial evidence supports the PTAB’s finding that Hanson teaches “receiving . . . downloadable-information.” Independent claim 1 recites a “computer processor-based method,” in which “a computer” first “receiv[es] . . . down- loadable-information,” then “determin[es] . . . whether the downloadable-information includes executable code,” and last, “if the downloadable-information is determined to in- clude executable code,” “transmit[s] . . . [a] mobile protec- tion code to [an] information-destination of the downloadable-information.” ’633 patent col. 20 ll. 54–62. “Downloadable-information” is “information which is downloaded from a source computer which may or may not include executable code.” Cisco, 2019 WL 2237141, at *5 (quoting J.A. 305); see Appellant’s Br. 27–28 (offering the same definition); J.A. 305 (same). Hanson discloses, in relevant part, that its bastion server—a computer, J.A. 836; see J.A. 775—receives both incoming (“received”) and outgoing (“reply”) data packets for and from a client and checks these data packets against Case: 19-2074 Document: 56 Page: 16 Filed: 12/30/2020
address and rules files, J.A. 838. Hanson explains that, for received packets, its bastion server runs “rule checks” that “include certain security [check] programs that operate upon received data packets and, particularly, data packets that are or include programs.” J.A. 838. These programs may be, for example, “J[ava™] applets” or “ActiveX[™] pro- grams which are intended to be run on the destination cli- ent or server.” J.A. 842–43. The bastion server performs “[s]imilar” checks on “outgoing” or “reply data packet[s].” J.A. 840. Both Java™ applets and ActiveX™ programs are “downloadable” information. J.A. 842–43; see ’633 patent col. 1 ll. 60–63, col. 2 ll. 28–33. Hanson, therefore, teaches “a computer,” specifically its bastion server, that “re- ceive[s] . . . downloadable-information,” such as Java™ ap- plets and ActiveX™ programs, in both incoming and outgoing data packets. ’633 patent col. 20 ll. 54–62; J.A. 842–43. Accordingly, substantial evidence supports the PTAB’s finding that Hanson discloses “the transmit- ting step” of independent claim 1, “a computer” that “re- ceive[s] . . . downloadable-information.” Cisco, 2019 WL 2237141, at *12–13; see NuVasive, 842 F.3d at 1380 (“[Substantial evidence] is such relevant evidence as a rea- sonable mind might accept as adequate to support a con- clusion.” (internal quotation marks and citations omitted)). Finjan’s counterarguments are unpersuasive. First, to the extent Finjan tries to alter its proposed construction of “downloadable-information” on appeal, see Appellant’s Br. 27 (arguing that the PTAB’s “construction of ‘down- loadable-information’ is overbroad”), its argument is waived, see Conoco, Inc. v. Energy & Envtl. Int’l, L.C., 460 F.3d 1349, 1358–59 (Fed. Cir. 2006) (“[A] party may not in- troduce new claim construction arguments on appeal or al- ter the scope of the claim construction positions it took below.”). To the extent Finjan argues that the PTAB mis- understood its proposed claim construction, Appellant’s Br. 31 (suggesting that the PTAB was “confused”), 32 (sug- gesting that the PTAB “set up a strawman”), its argument Case: 19-2074 Document: 56 Page: 17 Filed: 12/30/2020
FINJAN, INC. v. CISCO SYSTEMS, INC. 17
is without merit. Finjan argued, and continues to argue, that “downloadable-information” is “information which is downloaded from a source computer which may or may not include executable code.” Appellant’s Br. 27–28; see J.A. 305 (same). The PTAB adopted this construction ver- batim. Cisco, 2019 WL 2237141, at *5. Any issue Finjan takes with the PTAB’s understanding of what the prior art teaches in light of its claim construction is a substantial evidence challenge—“[w]hat is disclosed by a prior art ref- erence is a question of fact.” Mettler-Toledo, Inc. v. B-Tek Scales, LLC, 671 F.3d 1291, 1297 (Fed. Cir. 2012); see Ap- pellant’s Br. 27 (arguing that the PTAB “ignored . . . evi- dence” about the definition of downloadable information, when it concluded Hanson “does not disclose ‘receiving downloadable information’”). Second, Finjan argues that the PTAB’s finding that Hanson teaches “downloadable-information” is unsup- ported by substantial evidence because the PTAB “con- fused Finjan’s arguments regarding” what Hanson discloses. Appellant’s Br. 31. The PTAB stated that Finjan “characterizes [Hanson’s] reply data packets as a request for server resources.” Cisco, 2019 WL 2237141, at *13 (cit- ing J.A. 318 (Patent Owner’s Response)). Finjan asserts that it actually argued that Hanson’s incoming, request data packets are “requests for server resources and, conse- quently, are not data that can be downloaded,” Appellant’s Br. 30 (citing J.A. 318), while Hanson’s outgoing, reply data packets are “outgoing” and therefore “are not . . . down- loaded,” id. at 31 (citing J.A. 319). Finjan asserts that the PTAB’s “failure to address Finjan’s actual argument means that there is not even a scintilla of evidence supporting the [PTAB’s] finding.” Id. at 31 (internal quotation marks and citation omitted). Finjan is mistaken. The PTAB did in- deed consider Finjan’s argument—it simply found it unper- suasive. See Cisco, 2019 WL 2237141, at *13 (explaining that, while Finjan had argued that “Hanson’s bastion server does not receive ‘downloadable-information’ Case: 19-2074 Document: 56 Page: 18 Filed: 12/30/2020
because . . . requests are not data that can be downloaded,” this argument failed because “Hanson’s bastion server re- ceives data packets . . . that may include executable pro- grams,” and executable programs are examples of “downloadable information”); see also id. (explaining that Finjan’s arguments concerning Hanson’s reply data pack- ets also failed because Hanson “describes the outgoing re- ply data packets in the same vein as describing the incoming data packet,” “plac[ing] emphasis” on “secure two-way data communication,” not on differences between incoming and outgoing packets). Further, that the PTAB may have misstated that Finjan characterized Hanson’s “reply data packets” as “a request,” does not alter the PTAB’s finding that “Hanson’s bastion server receives data packets . . . that may include executable programs,” both incoming and outgoing, or undermine the substantial evi- dence that supports that conclusion. Id.; see In re Watts, 354 F.3d 1362, 1369 (Fed. Cir. 2004) (“[T]he harmless error rule applies to appeals from the [PTAB].”); Munoz v. Strahm Farms, Inc., 69 F.3d 501, 504 (Fed. Cir. 1995) (“The correction of an error must yield a different result in order for that error to have been harmful and thus prejudice a substantial right of a party.”). Accordingly, the PTAB’s finding that Hanson teaches “downloadable information” is supported by substantial evidence. 10
10Finjan also argues “Hanson in view of Hyppönen does not disclose” “determining . . . whether the down- loadable-information includes executable code.” Appel- lant’s Br. 23; see ’633 patent col. 20 ll. 56–57 (independent claim 1). While Finjan raised this argument in its prelim- inary response, J.A. 237–38, it abandoned it in its Patent Owner’s Response, J.A. 287–343; see Appellant’s Reply & Resp. 7 (arguing that it was sufficient to raise the argu- ment in its sur-reply below (citing J.A. 508–11)). Finjan was on notice that such an omission would result in waiver. J.A. 268 (PTAB Scheduling Order) (“The patent owner is cautioned that any arguments for patentability not raised Case: 19-2074 Document: 56 Page: 19 Filed: 12/30/2020
FINJAN, INC. v. CISCO SYSTEMS, INC. 19
C. Substantial Evidence Supports the PTAB’s Finding that Hanson Does Not Disclose “Executable Code” as Recited in Independent Claim 14 The PTAB concluded that Cisco “ha[d] not shown by a preponderance of the evidence that [independent] claim 14 would have been obvious over Hanson.” Cisco, 2019 WL 2237141, at *17. The PTAB explained that Cisco had failed to establish that Hanson discloses “causing mobile protec- tion code to be executed . . . at a downloadable-information destination such that one or more operations of the execut- able code . . . , if attempted, will be processed by the mobile protection code,” ’633 patent col. 22 ll. 1–5, because Cisco had failed to show that Hanson teaches, as the ’633 patent requires, that its “executable code” be “not modified” when processed by its “bastion server,” Cisco, 2019 WL 2237141, at *17. Cisco argues that the PTAB’s finding is unsup- ported by substantial evidence because Hanson “does not require [its] executable code to be modified,” Cross-appel- lant’s Br. 41, and substantial evidence does not support the conclusion Hanson’s executable code is “modified,” id. at 45. We disagree with Cisco. Substantial evidence supports the PTAB’s finding that Hanson does not disclose “executable code” as recited in in- dependent claim 14. Independent claim 14 recites “causing mobile protection code to be executed . . . at a down- loadable-information destination such that one or more op- erations of the executable code . . . , if attempted, will be processed by the mobile protection code.” ’633 patent col. 22 ll. 1–5. The PTAB concluded, and the parties do not contest, that this limitation requires that “the executable
in the response will be deemed waived.”). The argument is, accordingly, waived. See NuVasive, 842 F.3d at 1380– 81 (providing that an argument raised in a preliminary re- sponse, but omitted in the patent owner’s response, despite the PTAB’s “warn[ing] . . . that this would result in waiver,” is “abandoned” and deemed “waived”). Case: 19-2074 Document: 56 Page: 20 Filed: 12/30/2020
code whose operations are processed by the mobile protec- tion code at the destination is the same as the executable code received, i.e., it undergoes no modification.” Cisco, 2019 WL 2237141, at *15; see Cross-appellant’s Br. 40; Ap- pellant’s Reply & Resp. 16. Cisco argued that a PHOSITA would have understood Hanson alone to teach this limita- tion, J.A. 126 (Petition), 435–38 (Petitioner’s Reply); it has not, however, proven that to be true, Cisco, 2019 WL 2237141, at *17. Hanson provides that its “bastion server” has “security check program[s]” that “execute if the bastion receives” executable code “as or in a data packet.” J.A. 842; see J.A. 845. These security check programs “ensure[] that the data within the data packet . . . is not destructive for the intended recipient.” J.A. 842. The “security check pro- gram” does this by “tagging” or “attaching itself to the [ex- ecutable code] being sent in the data packet,” such that, when the executable code is “run at the destination client or server,” the security check program “runs simultane- ously” and “performs [the necessary] security operations[.]” J.A. 842; see J.A. 845. Cisco’s expert stated that Hanson’s “tagging” or “attaching” were “well[-]known” “concatena- tion methods, in which two items may be interleaved or sent together in a packet or series of packets.” J.A. 1554– 55. In contrast, Finjan’s expert stated that a PHOSITA would have understood Hanson’s “attaching” or “tagging” to result in “modification” of the executable code.” J.A. 2314; see J.A. 2317. Finjan’s expert explained that in Hanson’s specific “attaching” process, a security check pro- gram is “inserted” into “the data packet carrying” the exe- cutable code, modifying it such that, when the executable code is run, the security check program “alter[s] [the] oper- ations” of the executable code and “override[s]” any de- structive operations. J.A. 2314–15 (citing J.A. 844); see J.A. 1761–62 (Cisco’s expert deposition) (explaining that “concatenation” is “a logical term” meaning two packets “go together,” that is, “are transferred as a pair,” and “[t]here are many different ways you can do that”). The PTAB cred- ited Finjan’s expert and found that Cisco had not Case: 19-2074 Document: 56 Page: 21 Filed: 12/30/2020
FINJAN, INC. v. CISCO SYSTEMS, INC. 21
established that Hanson discloses running executable code that was “not modified.” Cisco, 2019 WL 2237141, at *17. The PTAB “was within its discretion to weigh the credibil- ity of expert testimony.” Shoes by Firebug LLC v. Stride Rite Children’s Grp., LLC, 962 F.3d 1362, 1372 (Fed. Cir. 2020). Accordingly, substantial evidence supports the PTAB’s finding that Hanson does not teach processing “not modified” executable code. See Celgene Corp. v. Peter, 931 F.3d 1342, 1352 (Fed. Cir. 2019) (“[S]ubstantial evidence supports the [PTAB’s] assessment and weighing of this ev- idence, and we decline to reweigh the evidence on appeal.”). Cisco’s primary counterargument is unpersuasive. Cisco argues that the PTAB erred because it “held Cisco to a higher standard” than other petitioners, requiring “Cisco . . . prove [a] negative—that [Hanson’s] executable [code] was not modified[,] even though Hanson does not disclose any modification[.]” Cross-appellant’s Br. 40. This argument is without merit. The PTAB required that Cisco prove what it pled—that Hanson teaches what independ- ent claim 14 recites, “executable code” that “is not modi- fied.” Cisco, 2019 WL 2237141, at *15. The PTAB did not err by requiring that Cisco “have the burden of proving . . . unpatentability by a preponderance of the evidence.” 35 U.S.C. § 316(e); see Novo Nordisk A/S v. Caraco Pharm. Labs., Ltd., 719 F.3d 1346, 1352 (Fed. Cir. 2013) (“[A] party challenging [a patent’s] validity bears the burden of prov- ing the factual elements of invalidity[.]”). Cisco argues that, because Hanson’s plain language “does not require the executable code to be modified,” it discloses running ex- ecutable code that is “not modified.” Appellant’s Br. 41. This is insufficient. “Mere speculation is not substantial evidence.” OSI Pharm., LLC v. Apotex Inc., 939 F.3d 1375, 1382 (Fed. Cir. 2019) (internal quotation marks and cita- tion omitted). Accordingly, the PTAB’s conclusion that Cisco failed to establish that independent claim 14 of the ’633 patent would have been obvious over Hanson, is sup- ported by substantial evidence. Case: 19-2074 Document: 56 Page: 22 Filed: 12/30/2020
CONCLUSION We have considered the parties’ remaining arguments and find them unpersuasive. 11 Accordingly, the Final 11 Finjan also proposes a construction of “mobile pro- tection code” as recited in independent claim 1. Appellant’s Br. 20. Finjan did not, however, raise this argument before the PTAB. J.A. 305–06 (Patent Owner’s Response). It is therefore waived. See Conoco, 460 F.3d at 1358. Finjan argues we should nonetheless consider its new construc- tion, asserting that “the circumstances . . . warrant deviat- ing from th[e] [general] principle” of waiver. Appellant’s Br. 22. Finjan has not, however, shown any “exceptional circumstances” to warrant consideration of its untimely ar- gument. In re Baxter Int’l, Inc., 678 F.3d 1357, 1362 (Fed. Cir. 2012). First, Finjan asserts that Cisco “would not be preju- diced” because Cisco “advocated” for the same “construc- tion” in parallel district court proceedings. Appellant’s Br. 21. Finjan’s assertion is, at best, inaccurate. J.A. 2957 (Cisco’s Responsive Supplemental Claim Construction Brief) (arguing, before the district court, that construction of “mobile protection code” was “unnecessary,” but stipulat- ing to Finjan’s construction “in th[at] case to eliminate the dispute”). Further, whatever construction Cisco subse- quently stipulated to in other proceedings, Finjan must have “timely present[ed] [its] arguments to the [PTAB].” Baxter, 678 F.3d at 1362. Second, Finjan argues that we should consider its waived claim construction because, in effect, we owe no def- erence to the PTAB. Appellant’s Br. 22–23; see id. at 22 (noting our de novo standard of review for claim construc- tion), 22–23 (noting that, because the ’633 patent expired between the PTAB’s decision and our review, our analysis shifts from BRI to Phillips), 23 (noting the “strange circum- stances” of the PTAB’s decision—specifically, that the PTAB changed its mind about the efficacy of Finjan’s argu- ments between institution and its final written decision). Case: 19-2074 Document: 56 Page: 23 Filed: 12/30/2020
FINJAN, INC. v. CISCO SYSTEMS, INC. 23
Written Decision of the U.S. Patent and Trademark Of- fice’s Patent Trial and Appeal Board, is AFFIRMED COSTS Each party to bear its own costs.
This argument is without merit. “No matter how inde- pendent an appellate court’s review of an issue may be, it is still no more than that—a review.” Sage Prod., Inc. v. Devon Indus., Inc., 126 F.3d 1420, 1426 (Fed. Cir. 1997). A de novo standard of review is not an exceptional circum- stance, Conoco, 460 F.3d at 1358 (“[L]egal issues in patent infringement suits are not immune to the doctrine of waiver on appeal[.]”), neither is a tribunal’s change in its appraisal of the merits following full consideration of the evidence, see Trivascular, Inc. v. Samuels, 812 F.3d 1056, 1068 (Fed. Cir. 2016) (“[T]he [PTAB] is not bound by any findings made in its Institution Decision. . . . The [PTAB] is free to change its view of the merits after further devel- opment of the record, and should do so if convinced its ini- tial inclinations were wrong.” (emphasis original)). Accordingly, we decline to consider Finjan’s waived claim construction argument.