The High Court has ruled against a patent challenge brought by Clearswift against Glasswall which claimed that Glasswall’s technology was not sufficiently innovative to warrant protection.
Clearswift, which introduced MIMEsweeper in 2003 to remove malicious macros from emails, brought the action in the Patents Court of the High Courts of Justice. The case was heard over the course of five days in July by deputy High Court judge David Stone.
It related to a patent taken out by Glasswall (IP) Ltd titled "Resisting the spread of unwanted code and data" (European patent 1891571 B1) which it explained to the court involves parsing attachments, extracting content and regenerating the attachments to known standards to remove malicious code.
Clearswift asked for Glasswall’s patent to be revoked on the basis that it lacked "inventive step over two items of prior art" – namely, a 2005 US patent application for a method of preventing exploits in email messages, referred to as Cohen, and a series of internet bulletin messages from December 2003 called "Avecho Glasswall Anti virus technolog? [sic]", referred to in the case as Avecho.
Counsel for Clearswift argued that Glasswall’s method for screening out malicious code in email attachments was obvious and required insufficient inventive effort to qualify for patent protection.
It said that Glasswall’s patent was "very straightforward indeed" in that it defined acceptable file formats and then compared parts of incoming emails to see if they conformed. If they did not, a correcting system would read and rewrite the file.
Counsel for Glasswall said that the inventive concept in the patent was the parsing of each part of the incoming email to extract the content which is then used to reconstruct substitute parts. Glasswall says these parts conform to file-type standards and therefore cannot contain malicious code.
Judge Stone disagreed with Clearswift’s argument which he said "stretch the words of the [patent] claim beyond their natural meaning… and ignore important language in the claim". He said Glasswall’s claim that it regenerated conforming parts of parsed content data was a core concept that could not be ignored.
Key to this is that the output file in Glasswall’s method is a substitute file, not the file itself, the judge said, which changes it from an unknown quantity to a known quantity, a point which Clearswift’s counsel accepted in cross examination when they conceded that it "probably would remove a lot of nasties".
During cross examination of the expert witness Christopher Mitchell, professor of computer security at Royal Holloway, University of London, Clearswift’s counsel asked, "What I suggest to you, professor, is that here, rather than a two-stage process with a reader with one set of rules and a writer with a different set of rules, we have a single stage of parsing the content data to determine whether it conforms to the predetermined data format, and if it does, proceeding then with the regeneration. That is right, is it not?"
Mitchell disagreed, saying: "I am afraid I still see two-stages here, one of which is parsing and one of which is regenerating."
The judge compared the Glasswall patent to the Cohen patent and agreed with Glasswall that Cohen did not include any analysis of email attachments, only checked for RFC/MIME compliance and did not parse the components to extract the content. While Cohen included the concept of regenerating emails from components, it did not regenerate the components themselves.
"Cohen deals only with emails: it does not teach in relation to attachments: I do not accept Clearswift’s submission that Base 64 encoding is an attachment," Judge Stone said.
The judge also did not agree with Clearswift that the inclusion of a threat filter was an obvious step. "Using the whitelist to let through only files that failed that process was inventive: it has distinct benefits over a whitelisting system that simply lets through all known files from a known sender," the judge said.
Clearswift’s counsel also argued that a series of posts in 2003, referred to as Avecho by the court, provided a recipe for Glasswall’s method, as outlined in its patent, and therefore made the patent obvious.
However, the judge disagreed, saying that Avecho did not outline a method for extracting the content of an attachment, parsing of the content and regeneration of the part. While Avecho outlined stripping macros from Office documents and nasty tags from HTML, that was not the same thing as a full content parse and did not include full regeneration of the part.
The judge rejected Clearswift’s claim and dismissed its application for revocation of Glasswall’s patent. Clearswift was denied leave to appeal and ordered to pay Glasswall’s costs.
The judge was critical of both parties, saying that more time could have been spent in a pretrial review (he noted that, in fact, no such meetings took place) to reach agreement on what constituted ‘common knowledge’ in the field, thus saving time for both the court and the two companies.
Commenting on the outcome of the case, Greg Sim, CEO of Glasswall Solutions said: "Glasswall has a robust, global intellectual property portfolio, for which it is rightly recognised. Our innovation has been developed through substantial investments in research, development and technical expertise."
Clearswift said it welcomed key aspects of the judgement which clarifies key differences between MIMEsweeper and its successors and Glasswall’s technology.
Dr Guy Bunker, senior vice president of products at Clearswift, said: "The judgment describes the manner in which the patent parses, extracts content from and then regenerates both emails and their attachments and we welcome the clarification on the interpretation of the patent and Glasswall’s patented technology in general. The outcome of this case has no impact on our customers or our products."