Finjan, Inc. v. Blue Coat Systems, Inc.: A Refreshing Affirmation of Patent Eligibility

As highlighted in a previous post, Section 101 (Alice) rejections have been increasingly applied according to constantly evolving guidelines that make it difficult to avoid or overcome allegations that a claim is directed to an abstract idea. As evidenced by the examples provided in the above-linked post and even in a recent post about an ex parte appeal by Facebook, appealing Alice rejections can be very challenging, as the Board is likely to affirm an Examiner’s findings in a large majority of cases.

However, a new, precedential decision out of the U.S. Court of Appeals for the Federal Circuit may provide more ammo for supporting an applicant’s appeal of an Alice rejection. In the decision, the subject matter eligibility of US 6,154,844 (owned by Plaintiff-Appellee, Finjan, Inc.) was evaluated, using claim 1 as a representative for all of the claims of the patent. Claim 1 of the ‘844 patent is reproduced below:

1.       A method comprising:
receiving by an inspector a Downloadable;
generating by the inspector a first Downloadable security profile that identifies suspicious code in the received Downloadable; and
linking by the inspector the first Downloadable security profile to the Downloadable before a web server makes the Downloadable available to web clients.

In a refreshing departure from many recent decisions relating to Section 101, the Federal Circuit found this claim (and thus the entirety of the ‘844 patent) to be patent eligible, stating that the claimed method does “a good deal more” than the “perfectly conventional” approaches of virus screening and performing a virus scan on an intermediary computer. The Federal Circuit provides the following explanation to support the differentiation between the claimed method and so-called conventional virus scanning approaches:

Claim 1 of the ’844 patent scans a downloadable and attaches the virus scan results to the downloadable in the form of a newly generated file: a “security profile that identifies suspicious code in the received Downloadable.” The district court’s claim construction decision emphasizes that this “identif[y] suspicious code” limitation can only be satisfied if the security profile includes “details about the suspicious code in the received downloadable, such as . . . ‘all potentially hostile or suspicious code operations that may be attempted by the Downloadable.’” Finjan, Inc. v. Blue Coat Sys., Inc., No. 13-CV-03999-BLF, 2014 WL 5361976, at *9 (N.D. Cal. Oct. 20, 2014). The security profile must include the information about potentially hostile operations produced by a “behavior-based” virus scan. This operation is distinguished from traditional, “code-matching” virus scans that are limited to recognizing the presence of previously-identified viruses, typically by comparing the code in a downloadable to a database of known suspicious code.

The Federal Circuit also found the claim to constitute an improvement in computer functionality, stating:

The “behavior-based” approach to virus scanning was pioneered by Finjan and is disclosed in the ’844 patent’s specification. In contrast to traditional “code-matching” systems, which simply look for the presence of known viruses, “behavior-based” scans can analyze a downloadable’s code and determine whether it performs potentially dangerous or unwanted operations—such as renaming or deleting files. Because security profiles communicate the granular information about potentially suspicious code made available by behavior-based scans, they can be used to protect against previously unknown viruses as well as “obfuscated code”—known viruses that have been cosmetically modified to avoid detection by code-matching virus scans. The security profile approach also enables more flexible and nuanced virus filtering. After an inspector generates a security profile for a downloadable, a user’s computer can determine whether to access that downloadable by reviewing its security profile according to the rules in whatever “security policy” is associated with the user. Administrators can easily tailor access by applying different security policies to different users or types of users. And having the security profile include information about particular potential threats enables administrators to craft security policies with highly granular rules and to alter those security policies in response to evolving threats.

The Federal Circuit cites Enfish as supporting the above findings, noting that the method of claim 1 “employs a new kind of file that enables a computer security system to do things it could not do before.” In responding to the arguments of Defendant-Appellant Blue Coat Systems, Inc., which cited cases such as Apple, Inc. v. Ameranth, Inc. that invalidated claims relating to computer systems, the Federal Circuit maintains that the claims of the ‘844 patent are different in that they recite more than a mere result. Instead, the Federal Circuit states, the claims of the ‘844 patent “recite specific steps—generating a security profile that identifies suspicious code and linking it to a downloadable—that accomplish the desired result.”

The Finjan decision supports the takeaways from our prior posts—notably the importance of ensuring that your claims (and arguments) are written to clearly provide a technical solution to a technical problem. Particularly in the Finjan decision, the technical problem of securing downloadable files is immediately apparent in the words of the claim, and it is easily relatable given that everyday computer users are typically very familiar with the risks of downloading files from the Internet.

Out of curiosity, we again referenced the machine learning algorithm that predicts whether claims are eligible under Section 101. Claim 1 of the ‘844 patent, as quoted above, scored as only being 49% likely to be considered patent eligible. It will be interesting to see how scores will change once the algorithm accounts for the findings of the Finjan decision.