Defining “Downloadable”: Federal Circuit Minimizes Impact of “Incorporation by Reference” in Child Patents Related to Anti-Virus Software

November 7, 2022

By: Jessica L. Copeland

It is often questioned how someone’s career path, which began with asserting and defending patents in litigation, transforms to a career focused on cybersecurity and data privacy, as mine has in the last two decades of practicing law. The Finjan case is a great example of the necessary overlap between patent work and cybersecurity - two highly technical areas of the law.

A recent Federal Circuit case, Finjan LLC v. ESET LLC et al., involved a district court construction of the term “Downloadable.” In 2017, Finjan held multiple patents claiming systems and methods for detecting computer viruses in a "downloadable" security profile. At the time, anti-virus software was utilized as a cybersecurity tool. While that technology is not outdated, several advanced methods of cybersecurity controls, beyond anti-virus, are considered industry standard, such as EDR and SIEM. However, technology advancements tend to outpace the progression of civil litigation, therefore this recent decision relates to earlier iterations of cybersecurity tools.

For background, Finjan asserted five of those patents against ESET, all of which are derived from a common parent patent. Each of the patents within the family used extensive incorporation by reference, such that every patent provided a different definition of the term “downloadable.” For background, the accused infringer, ESET was founded in 1992 in present-day Slovakia to develop and commercialize anti-virus software, called NOD. Before Finjan was even founded, ESET’s NOD anti-virus program used heuristic algorithms[1] to conduct behavioral analysis of files in search of potentially malicious software.

In 1997, when Finjan first filed its patent application, the application defined “downloadables” as applets or other small downloadable programs. As technology advanced and downloadables became larger, the later patent applications in the family tree did not define “downloadables” as small programs. 

After assessing how a skilled artisan, reading the asserted Finjan patents, would have understood the term downloadable, the district court concluded that a “downloadable” is “a small executable or interpretable application program which is downloaded from a source computer and run on a destination computer.”

Finjan challenged the district court’s narrow construction of “downloadable” as limited to small downloadables. Finjan argued the first incorporated patent should not restrict the meaning of the disputed term to the remaining patent family. Accordingly, Finjan sought to correct the district court construction restricting downloadables to small programs.

On appeal, the Federal Circuit agreed with Finjan, stating “the use of a restrictive term in an earlier application does not reinstate that term in a later patent that purposely deletes the term, even if the earlier patent is incorporated by reference.” The Court further noted that the later patents, not containing a size requirement, can refer to application programs of all sizes, including, but not limited to "small" programs. As such, the Court found “[T]hese two definitions can exist in harmony within the patent family.”

The Federal Circuit reversed the district court construction and determined that “downloadable” should be defined as "an executable or interpretable application program, which is downloaded from a source computer and run on a destination computer." The Federal Circuit remanded the case for further proceedings consistent with the Federal Circuit’s construction of the term “downloadable.”

The Finjan case highlights the need for consistent use and understanding of the scope of cybersecurity and data privacy terms in an evolving, technologically advanced sector. Certainly, the patent holder was fortunate that the Federal Circuit did not restrict the definition of downloadable to only include “small downloadables” but that was a risk avoided, and one to keep in mind when drafting patent applications in this fast-pace cybersecurity arena.

Bond attorneys regularly assist and advise clients on an array of intellectual property, data privacy and cybersecurity matters and are skilled in navigating terms of art in the cybersecurity and data privacy field. If you have any questions about the information presented in this memo, please contact Jessica Copeland or any attorney in Bond's cybersecurity and data privacy practice.

[1] Heuristic algorithms are procedures designed to solve a problem faster, more efficiently than traditional methods by sacrificing accuracy, precision, or completeness for speed.