Federal Circuit says Finjan virus-screening method not abstract, is patent eligible

By John M. Rogitz
January 17, 2018

Judge Dyk

Judge Dyk delivered the opinion for the panel.

In Finjan, Inc. v. Blue Coat Systems, Inc., the United States Court of Appeals for the Federal Circuit recently affirmed-in-part, reversed-in-part, and remanded the case to the district court. See Finjan Loses Part of $40M Reasonable Royalty. Notably, however, the Federal Circuit found no error in the district court’s subject matter eligibility determination, meaning the claims of Finjan’s ‘844 patent were patent eligible under 35 U.S.C. 101. Perhaps more remarkable, the claims of the ‘844 patent relate to virus-screening and were determined to be not abstract. Still more remarkable, the author of this Federal Circuit decision was Judge Dyk, who is not know as a zealous advocate for software patent eligibility.

The representative claim of U.S. Patent No. 6,154,844 (the ‘844 patent) was deemed to be claim 1, which reads:

A method comprising:

receiving by an inspector a Downloadable;

generating by the inspector a first Downloadable security profile that identifies suspicious code in the received Downloadable; and

linking by the inspector the first Downloadable security profile to the Downloadable before a web server makes the Downloadable available to web clients.

The Federal Circuit began its analysis by acknowledging that Intellectual Ventures I LLC v. Symantec Corp., 838 F.3d 1307, 1319 (Fed. Cir. 2016) declares “[b]y itself, virus screening is well-known and constitutes an abstract idea.” Intellectual Ventures also found that performing the virus scan on an intermediary computer to ensure that files are scanned before they can reach a user’s computer is a “perfectly conventional” approach and is also abstract.

Notwithstanding, according to the Federal Circuit, the representative claim of the ‘844 patent “does a good deal more.” The results of scanning the “downloadable” are “attached” (Judge Dyk’s term) to the downloadable in the form of a newly generated file, namely, a “security profile that identifies suspicious code in the received Downloadable.”

Adopting the district court’s claim construction that the identify “suspicious code” limitation can only be satisfied if the security profile includes “details about the suspicious code in the received downloadable, such as…‘all potentially hostile or suspicious code operations that may be attempted by the Downloadable,’” the Federal Circuit determined that the security profile must include the information about potentially hostile operations produced by a “behavior-based” virus scan. The Federal Circuit then distinguishes the claim from traditional, “code-matching” virus scans that are limited to recognizing the presence of previously-identified viruses, thereby constituting an improvement in computer functionality.

The Federal Circuit appears to have reached into the specification in making the determination that the claim does more than simply look for the presence of known viruses, because “behavior-based” scans can analyze whether a downloadable performs unwanted operations such as renaming or deleting files (not claimed), thereby being able to protect against previously unknown viruses as well as known viruses that have been cosmetically modified to avoid detection. This allows for “more flexible and nuanced” virus filtering in that a security profile can be reviewed according to whatever rules are associated with the user. This enables tailoring access by applying different security policies to different users or types of users. Security policies can be crafted with highly granular rules and altered in response to evolving threats.

On these bases, the Federal Circuit declared that the claim at issue makes a “non-abstract improvement to computer technology”, not on economic or other tasks for which a computer is used in its ordinary capacity, citing Enfish, LLC. v. Microsoft Corp., 822 F.3d 1327 (Fed Cir. 2016). The informed reader will, however, immediately recognize that many claims declared by the Federal Circuit to be “abstract” have had nothing to do with economic tasks, and that the instant claim does not speed up computing or otherwise do anything more than add novel, improved functions in a way that could just as legitimately have been said of:

  1. Content Extraction v. Wells Fargo (receiving output representing hard copy documents from an automated digitizing unit and storing information about the documents, recognizing portions of the documents corresponding to a first data field, and storing information from the portions into memory locations for the first data field);
  2. Affinity Labs of Texas, LLC v. Amazon.com (a network-based media system with a customized user interface, in which the system delivers streaming content from a network-based resource upon demand to a handheld wireless electronic device having a graphical user interface);
  3. Electric Power Group, LLC v. Alstom S.A. (detecting events on an interconnected electric power grid in real time over a wide area and automatically analyzing the events on the interconnected electric power grid); and
  4. Intellectual Ventures I LLC v. Capital One Financial Corp. (IV) (defining a dynamic document for display of an instance of a management record type through a user interface).

In other words, the “improved function” test for patent-eligibility appears to be as elastic as the “abstract idea” test itself, which has no meaningful limiting principle.

The Federal Circuit distinguished this case from Affinity Labs, and other cases such as Apple, Inc. v. Ameranth, Inc., 842 F.3d 1229 (Fed. Cir. 2016) that found abstract ideas because the claims did “not claim a particular way of programming or designing the software… but instead merely claim the resulting systems.” But the distinction is at best superficial, declaring that in the present instance “the claims recite more than a mere result. Instead, they recite specific steps—generating a security profile that identifies suspicious code and linking it to a downloadable—that accomplish the desired result. Moreover, there is no contention that the only thing disclosed is the result and not an inventive arrangement for accomplishing the result. There is no need to set forth a further inventive concept for implementing the invention.” Again, however, it would not be a stretch to apply such a conclusion to prior cases in which patents were invalidated on this same basis.

The Author

John M. Rogitz

John M. Rogitz is of counsel to Rogitz & Associates and is a registered patent attorney. His patent background includes preparation and prosecution of a large number of patent applications for Fortune 500 high-tech institutions in a wide range of technologies. John has also been active on behalf of his clients in the acquisition of patent portfolios. John writes frequently for various publications on developments in patent law. He also regularly appears as a guest lecturer on intellectual property at DeVry University. Previously, John was engaged in civil litigation at the Watkins Firm, a San Diego-based law firm. Prior to that, John worked as a web developer for Loyola Marymount University. John received his J.D. in 2009 from California Western School of Law.

Warning & Disclaimer: The pages, articles and comments on IPWatchdog.com do not constitute legal advice, nor do they create any attorney-client relationship. The articles published express the personal opinion and views of the author and should not be attributed to the author’s employer, clients or the sponsors of IPWatchdog.com. Read more.

Discuss this

There are currently No Comments comments.