Finjan, Inc. v. Blue Coat Systems, Inc., Case No. 2016-2520 (Fed. Cir. January 10, 2018)

In Finjan, Inc. v. Blue Coat Systems, Inc., the Federal Circuit held that a claim "directed to a method of providing computer security by scanning a downloadable and attaching the results of that scan to the downloadable itself in the form of a 'security profile'" was patent-eligible under 35 U.S.C. § 101.

The court delineated the two-step framework of Alice that requires 1) a determination as to whether the claims are "directed to" a patent-ineligible concept, and, if they are, then 2) a determination as to whether the additional elements of the claims transform the nature of the claim into a patent-eligible application.

The court noted that "[i]n cases involving software innovations, [the step one] inquiry often turns on whether the claims focus on the specific asserted improvement in computer capabilities . . . or, instead on a process that qualifies as an 'abstract idea' for which computers are invoked merely as a tool."

The representative claim recited:

1. A method comprising:

receiving by an inspector a Downloadable;

generating by the inspector a first Downloadable security profile that identifies suspicious code in the received Downloadable; and

linking by the inspector the first Downloadable security profile to the Downloadable before a web server makes the Downloadable available to web clients

Relying on the district court's claim construction of the limitation "identif[y] suspicious code," the court reiterated that the foregoing limitation can only be satisfied if the security profile includes "details about the suspicious code in the received downloadable."

Further, the court determined that the foregoing feature indicated that the claims were directed to "behavioral-based" virus scanning rather than traditional "code-matching" virus scanning, and posited that "the claimed method does a good deal more" than as compared to traditional virus scanning techniques.  In turn, the court determined that "behavioral-based" virus scanning constituted an improvement in computer functionality.

In support, the court noted that "behavioral-based" virus scanning permits the identification of and protection against previously unknown viruses as well as "obfuscated code" (cosmetically altered viruses).  Further, the court indicated that the method of claim 1 "employs a new kind of file that enables a computer security system to do things it could not do before."  For example, the court noted that the security profile permits user devices to determine whether to access a downloadable (executable application) in a more granular manner by utilizing information included in the security profile and information associated with a local security policy.

The court distinguished the present case from cases that held that a "result, even an innovative result, is not itself patentable."  In support, the court noted that the claims recite specific steps that accomplish a desired result.  The court did not proceed to step-two of Alice based on the determination that the claims were not directed to an abstract idea under step one.