Finjan, Inc. v. Juniper Network, Inc.

Filing 590

ORDER RE SHOW CAUSE ORDER (re 459 ). Signed by Judge Alsup on 7/23/2019. (whalc2S, COURT STAFF) (Filed on 7/23/2019)

Download PDF
1 2 3 4 5 6 IN THE UNITED STATES DISTRICT COURT 7 FOR THE NORTHERN DISTRICT OF CALIFORNIA 8 9 United States District Court For the Northern District of California 10 FINJAN, INC., Plaintiff, 11 12 13 14 No. C 17-05659 WHA v. ORDER RE SHOW CAUSE ORDER JUNIPER NETWORKS, INC., Defendant. / 15 16 An order denying plaintiff Finjan, Inc.’s motion for summary judgment of infringement 17 of Claim 1 of United States Patent No. 8,141,154 (“the ’154 patent”) further ordered the parties 18 to show cause as to why the Court should not enter judgment of noninfringement in favor of 19 defendant Juniper Networks, Inc. (Dkt. No. 459 at 12). 20 As background, the ’154 patent is directed toward a system and method “for protecting 21 a client computer from dynamically generated malicious content” and statically generated 22 conventional viruses (’154 patent, Abstract). The basic set up of the ’154 patent’s purported 23 invention involves “[t]hree major components”: (1) gateway computer, (2) client computer, 24 and (3) security computer (id. at 8:45–46). A preferred embodiment describes a gateway 25 computer that intercepts content being sent to the client computer for processing (id. at 26 8:48–51). The gateway computer modifies the content by replacing the call to the original 27 function with a corresponding call to a substitute function, which operates to send the input of 28 the original function to a security computer for inspection (id. at 5:10–12). The gateway computer then transmits “the modified content” to the client computer, which processes the 1 modified content (id. at 5:14–16). When the substitute function is invoked, the client computer 2 transmits the input to the security computer for inspection (id. at 5:16–18). The security 3 computer then inspects the input and transmits “an indicator of whether it is safe for the client 4 computer to invoke the original function with the input” (id. at 5:20–22). The client computer 5 invokes the original function “only if the indicator . . . indicates that such invocation is safe” 6 (id. at 5:22–25). 7 8 Claim 1 of the ’154 patent reads as follows (’154 patent at 17:32–44 (emphasis added)): 1. A system for protecting a computer from dynamically generated malicious content, comprising: 9 United States District Court For the Northern District of California 10 11 a content processor (i) for processing content received over a network, the content including a call to a first function, and the call including an input, and (ii) for invoking a second function with the input, only if a security computer indicates that such invocation is safe; 12 13 a transmitter for transmitting the input to the security computer for inspection, when the first function is invoked; and 14 15 receiver for receiving an indicator from the security computer whether it is safe to invoke the second function with the input. 16 In construing the term “content processor,” the prior order denying Finjan’s summary 17 judgment motion found that a person of ordinary skill in the art would have understood the 18 “content processor” in Claim 1 to process modified content (Dkt. No. 459 at 7). This was 19 based in part on the fact that the specification itself described the “present invention” as 20 “operat[ing] by replacing original function calls with substitute function calls within the 21 content, at a gateway computer, prior to the content being received at the client computer” (id. 22 at 7 (citing ’154 patent at 4:55–60) (emphasis added)). In light of the foregoing construction, 23 that order found that on the then-current record, the accused products did not infringe and 24 accordingly denied Finjan’s motion (id. at 11). 25 In response to the order to show cause, Finjan marshals additional evidence and asserts 26 that the three accused products — SRX Series Gateways, Sky Advanced Threat Prevention, 27 and Advanced Threat Prevention Appliance — infringe under the foregoing construction. 28 Specifically, Finjan argues that each of those three products process “modified content,” 2 1 including: (1) content modified for malicious URL redirection; (2) content modified by 2 encryption; and (3) content modified by buffering and building. 3 Juniper counters that Finjan improperly attempts to “redefin[e] the meaning of 4 ‘modified content’ to include ‘original content’ ” (Dkt. No. 479 at 1). This order agrees. As 5 explained in the order denying Finjan’s motion for summary judgment, the “content processor” 6 processes content that includes (Dkt. No. 459 at 7): 7 8 9 “first function” [that] clearly involves the “substitute function,” which sends the content’s input to the security computer for inspection once invoked. According to the specification, the substitute function exists only after the original content is modified at the gateway computer (see, e.g., ’154 patent at 9:13–28). Accordingly, the claimed “content” necessarily refers to modified content. United States District Court For the Northern District of California 10 Here, Finjan offers theories of infringement that purportedly involve a “content 11 processor” that processes “modified content.” But Finjan’s proffered forms of “modified 12 content” do not fit within the scope of the claim language. True, the aforementioned forms of 13 content may have been modified in some way at some time. But as Juniper points out, none of 14 Finjan’s new theories involves original content modified with a substitute function (which 15 function sends the content to the security computer when invoked) at the gateway computer, as 16 required by the ’154 patent. 17 First, Finjan argues that the three accused products process modified content because 18 “[h]ackers often compromise a web site and manipulate the content hosted on the web server 19 before it is delivered to the user” and that the accused products “process this modified content 20 in order to protect the user from hackers” (Dkt. No. 474 at 1). But this ultimately amounts to 21 the original content initially received by the claimed system. The “modified content” Finjan 22 proposes under this theory does not involve a substitute function as required by Claim 1. 23 Second, Finjan contends that the accused products process content modified through an 24 encryption algorithm (id. at 3, 5, 7). It asserts that the SRX “receives and processes content 25 that has been modified by a remote server through cryptographic protocols, such as ‘Transport 26 Layer Security’ (“TLS”) and ‘Secure Socket Layer’ (“SSL”) (id. at 3). And, Sky ATP and 27 ATP Appliance process content modified through encryption such as SSL, with ATP 28 Appliance including a “specific functionality for the processing of encrypted content,” 3 1 according to Finjan (id. at 5, 7–8). The accused products also process compressed data (e.g., 2 zip file), which Finjan asserts constitutes modified content (id. at 4, 6, 8). But again, these 3 “modifications” occur before the content is sent to the gateway computer. Moreover, the 4 “modifications” do not fall within the meaning of Claim 1, as they do not involve a “substitute 5 function” as disclosed in the specification. 6 Third, Finjan argues that the accused products process modified content because said content has been “buffered” or “chunked.” As to the SRX, Finjan argues that “the 8 AAMW_transport_module (which is what sends the sample to the Sky ATP) is a ‘content 9 processor’ that receives the buffered and chunked, and therefore ‘modified’, content while the 10 United States District Court For the Northern District of California 7 content is being processed by the component of the SRX Gateway that will transfer the content 11 to the security computer” (id. at 4). Sky ATP processes modified content, according to Finjan, 12 because “the data that the SRX Gateway receives is buffered and built into the modified 13 content that is sent to the content processor in Sky ATP” (Dkt. No. 474 at 6). Finjan also 14 contends that ATP Appliance processes modified content because “it receives content together 15 with metadata” (id. at 8). It further points to evidence that the SRX “modifies the content 16 because it intercepts the request, buffers it, replaces the get request with its own, and its own ip 17 address, and processes the response before sending it to” Sky ATP and ATP Appliance for 18 further processing (id. at 6, 9). 19 As Juniper points out, however, under this theory, the content is simply broken into 20 pieces for processing, not “modified” within the meaning of Claim 1. Nor has Finjan shown 21 that the “get request” and “ip address” replacements constitute the “substitute function” 22 involved in the claimed “modified content.” Finjan’s metadata theory similarly fails, as it 23 offers no evidence that modification with metadata constitutes a “substitute function” within 24 the meaning of Claim 1. 25 Moreover, Finjan’s doctrine of equivalents arguments fail to sufficiently raise an issue 26 of fact. It first argues that the accused products “perform the same function performed as a 27 ‘content processor’ because they will process content that was received from the internet that 28 has been modified to be encrypted, harmful or malicious, and allow the use of a security 4 1 computer to determine if it is safe to invoke a function with an input to a function in the 2 content” (id. at 9). Again, this simply amounts to the “original content” under the ’154 patent 3 and thus cannot reasonably be equivalent to the claimed “modified content.” 4 Finjan next asserts that the accused products “use modified content, as the content is 5 modified via the accused products so that the original ‘first function,’ which was to directly 6 contact the given location on the Internet (the input), instead sends the input to a security 7 processor for further processing” (id. at 10). As Juniper points out, however, Finjan fails to 8 point to any real evidence supporting this notion. It merely cites to paragraph 111 of the 9 Mitzenmacher declaration, which in turn simply regurgitates the same conclusory language as United States District Court For the Northern District of California 10 11 in the briefing. Such self-serving evidence fails to raise a triable issue. Finally, Finjan contends that Juniper “sandbagged” Finjan in raising a new claim 12 construction in its opposition brief (Dkt. No. 474 at 11–14). But that does not explain why 13 Finjan failed to offer any support in its reply brief under the adopted construction. Nor is 14 Finjan’s complaint that “it would be procedurally unfair to exclude Finjan from presenting a 15 full infringement case for Claim 1” of the ’154 patent persuasive — the order to show cause 16 was issued precisely to give Finjan the fair opportunity to present evidence of infringement 17 under the adopted construction. And, Finjan took full advantage of this opportunity by filing 18 pages upon pages of briefing, declarations, and exhibits. 19 At bottom, this order finds that Finjan failed to raise a triable issue of fact, even when 20 construing the evidence in the light most favorable to Finjan. Accordingly, summary judgment 21 of noninfringement of Claim 1 of the ’154 patent in favor of Juniper is GRANTED. 22 23 IT IS SO ORDERED. 24 Dated: July 23, 2019. WILLIAM ALSUP UNITED STATES DISTRICT JUDGE 25 26 27 28 5

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.


Why Is My Information Online?