Finjan, Inc. v. Sonicwall, Inc.

Filing 146

Order by Magistrate Judge Virginia K. DeMarchi granting 112 Motion to Compel Further Supplemental Infringement Contentions. Amended infringement contentions due by 5/31/2019. (vkdlc1S, COURT STAFF) (Filed on 5/10/2019)

Download PDF
1 2 3 4 UNITED STATES DISTRICT COURT 5 NORTHERN DISTRICT OF CALIFORNIA 6 SAN JOSE DIVISION 7 FINJAN, INC., 8 Plaintiff, 9 v. 10 SONICWALL, INC., 11 United States District Court Northern District of California Case No.17-cv-04467-BLF (VKD) Defendant. 12 ORDER RE MOTION TO COMPEL FURTHER SUPPLEMENTAL INFRINGEMENT CONTENTIONS Re: Dkt. No. 112 13 Finjan, Inc. (“Finjan”) sues defendant SonicWall, Inc. (“SonicWall”) for patent 14 infringement. SonicWall moves to compel Finjan to provide further supplemental infringement 15 contentions. Dkt. No. 112. This motion was referred to the undersigned judge. Dkt. No. 75. The 16 Court heard oral argument on the motion on March 12, 2019. Dkt. No. 128. Having considered 17 the parties’ briefs and arguments made at the hearing, the Court grants SonicWall’s motion to 18 compel as described below. 19 I. BACKGROUND 20 On April 10, 2018, Finjan served its original disclosure of asserted claims, infringement 21 contentions, and document production pursuant to Patent Local Rules 3-1 and 3-2. The original 22 disclosure asserted infringement of 39 claims across the following ten patents: U.S. Patent Nos. 23 6,154,844 (“the ’844 patent”); 7,058,822 (“the ’822 patent”); 6,804,780 (“the ’780 patent”); 24 7,613,926 (“the ’926 patent”); 7,647,633 (“the ’633 patent”); 8,141,154 (“the ’154 patent”); 25 8,677,494 (“the ’494 patent”); 7,975,305 (“the ’305 patent”); 8,225,408 (“the ’408 patent”); and 26 6,965,968 (“the ’968 patent”). See Dkt. No. 112-2 at 2. After SonicWall objected to deficiencies 27 in the original disclosure, Finjan served a supplemental disclosure on November 9, 2018, in which 28 it added approximately 500 pages of excerpts from recently produced confidential SonicWall 1 documents. Dkt. No. 118 at 2; compare Dkt. No. 112-2 at 1 (stating that Finjan’s original 2 disclosures amounted to “over 1,400 pages of contentions”) with Dkt. No. 118-2 ¶ 10 (“On 3 November 9, 2018, Finjan served supplemental infringement contentions, with charts totaling over 4 1900 pages.”). Finjan’s supplemental disclosure includes a cover pleading that identifies the asserted 5 6 claims, provides a summary of Finjan’s infringement contentions, and describes the documents 7 Finjan has produced in support of its assertions. The cover pleading attaches a list of accused 8 instrumentalities and 31 claim charts. Dkt. No. 112-3. The list of accused instrumentalities 9 includes at least 99 distinct instrumentalities—software and hardware products and services— organized into three product categories: (1) SonicWall Gateways, (2) SonicWall Email Security 11 United States District Court Northern District of California 10 Appliance (ESA) products, and (3) Secure Mobile Access (SMA) Appliance products. Id., Ex. A 12 at 1–2. Finjan separately identifies SonicWall’s Capture Advanced Threat Protection (“Capture 13 ATP”) product as an accused instrumentality, but also includes it within each of the three 14 identified product categories. Id. SonicWall now moves to compel further supplemental infringement contentions as to all 15 16 asserted patents. 17 II. 18 19 20 21 22 23 24 25 26 27 28 LEGAL STANDARD Patent Local Rule 3-1 requires, among other things: [A] party claiming patent infringement shall serve on all parties . . . the “Disclosure of Asserted Claims and Infringement Contentions” [which] shall contain the following information: (a) Each claim of each patent in suit that is allegedly infringed by each opposing party, including for each claim the applicable statutory subsections of 35 U.S.C. § 271 asserted; (b) Separately for each asserted claim, each accused apparatus, product, device, process, method, act, or other instrumentality (“Accused Instrumentality”) of each opposing party of which the party is aware. This identification shall be as specific as possible. Each product, device, and apparatus shall be identified by name or model number, if known. Each method or process shall be identified by name, if known, or by any product, device, or apparatus which, when used, allegedly results in the practice of the claimed method or process; 2 1 4 (c) A chart identifying specifically where and how each limitation of each asserted claim is found within each Accused Instrumentality, including for each limitation that such party contends is governed by 35 U.S.C. § 112(6), the identity of the structure(s), act(s), or material(s) in the Accused Instrumentality that performs the claimed function. ... 5 “The overriding principle of the Patent Local Rules is that they are designed [to] make the 2 3 6 parties more efficient, to streamline the litigation process, and to articulate with specificity the 7 claims and theory of a plaintiff’s infringement claims.” Bender v. Maxim Integrated Prods., No. 8 09-cv-01152-SI, 2010 WL 1135762, at *2 (N.D. Cal. Mar. 22, 2010) (alteration in original; 9 internal citation omitted). Patent Local Rule 3-1 is intended to require the plaintiff “to crystallize its theories of the case early in the litigation and to adhere to those theories once disclosed.” 11 United States District Court Northern District of California 10 Bender v. Advanced Micro Devices, Inc., No. 09-cv-1149-EMC, 2010 WL 363341, at *1 (N.D. 12 Cal. Feb. 1, 2010). It “takes the place of a series of interrogatories that defendants would likely 13 have propounded had the patent local rules not provided for streamlined discovery.” Network 14 Caching Tech., LLC v. Novell, Inc., No. 01-cv-2079-VRW, 2002 WL 32126128, at *4 (N.D. Cal. 15 Aug. 13, 2002). “[A]ll courts agree that the degree of specificity under [Patent] Local Rule 3-1 must be 16 17 sufficient to provide reasonable notice to the defendant why the plaintiff believes it has a 18 ‘reasonable chance of proving infringement.’” Shared Memory Graphics LLC v. Apple, Inc., 812 19 F. Supp. 2d 1022, 1025 (N.D. Cal. 2010) (quoting View Eng’g, Inc. v. Robotic Vision Sys., Inc., 20 208 F.3d 981, 986 (Fed. Cir. 2000)). The local rules do not “require the disclosure of specific 21 evidence nor do they require a plaintiff to prove its infringement case,” but “a patentee must 22 nevertheless disclose what in each accused instrumentality it contends practices each and every 23 limitation of each asserted claim to the extent appropriate information is reasonably available to 24 it.” DCG Sys. v. Checkpoint Techs., LLC, No. 11-cv-03792-PSG, 2012 WL 1309161, at *2 (N.D. 25 Cal. Apr. 16, 2012). 26 III. 27 28 DISCUSSION SonicWall moves to compel further supplemental infringement contentions on three grounds. First, SonicWall says Finjan’s contentions generally fail to identify the accused 3 1 instrumentalities with sufficient specificity. Second, SonicWall says that the infringement 2 contentions generally rely on screenshots without any explanation of how those screenshots 3 disclose where a limitation may be found in an accused instrumentality. Third, SonicWall objects 4 to specific alleged deficiencies in Finjan’s charts for the ’305, ’926, ’408, ’844, ’780, ’154, and 5 ’968 patents. 6 7 8 9 A. Issues Common to All Asserted Patents 1. Finjan’s Identification of Accused Instrumentalities SonicWall argues that Finjan does not adequately identify the instrumentalities that Finjan contends infringe the asserted claims. SonicWall points to three problems: First, SonicWall says that Finjan’s list of accused instrumentalities is insufficiently precise because it includes 11 United States District Court Northern District of California 10 unidentified components, including “all supporting server and/or cloud infrastructure, Capture 12 ATP, feeds, and other components that are utilized by” the specifically identified products. Dkt. 13 No. 112-3, Ex. A at 1–2. Second, SonicWall says Finjan’s claim charts contain open-ended 14 descriptions of the accused instrumentalities, using phrases like “at least the following” and “either 15 alone or when used in conjunction with” that encompass an unknown and undefined set of 16 additional products and systems. Dkt. No. 112 at 6–7. Third, SonicWall says that Finjan relies on 17 confusing alternative infringement “scenarios” that Finjan says infringe “either alone or in 18 combination with Capture ATP,” when Capture ATP is separately listed as part of the accused 19 instrumentalities. Id. at 7. 20 SonicWall’s complaints are well-taken. As currently drafted, Finjan’s contentions do not 21 provide SonicWall reasonable notice of what is actually accused. The use of open-ended language 22 and references to other unidentified components renders Finjan’s disclosure of the accused 23 instrumentalities unacceptably vague. See Finjan Inc. v. Proofpoint Inc., No. 13-cv-05808-HSG, 24 2015 WL 1517920, at *5–6 (N.D. Cal. Apr. 2, 2015) (limiting claims to products expressly named 25 in infringement contentions and striking “including but not limited to” from Finjan’s definition of 26 “Proofpoint Products”); Alacritech Inc. v. CenturyLink, Inc., No. 2:16-cv-00693-JRG-RSP, 2017 27 WL 3007464, at *2–3 (E.D. Tex. July 14, 2017) (rejecting catch-all language identifying accused 28 instrumentalities as, among other things, “any of its other activities, products and/or services that 4 1 use servers or computers to practice and/or support infringing LSO functionality” because such 2 language fails to provide adequate notice of the allegedly infringing devices). 3 At the hearing, Finjan offered to revise its contentions to eliminate “and/or” language from 4 its charts and to clarify that the “all supporting server and/or cloud infrastructure, Capture ATP, 5 feeds, and other components that are utilized by” language is limited to the supporting server 6 and/or cloud infrastructure described in Finjan’s charts. Those revisions are necessary, but not 7 sufficient. Finjan must amend its identification of accused instrumentalities to remove placeholder 8 references to unspecified products, services, or components. In addition, Finjan must specify 9 whether a product or service infringes alone or in combination. For example, if Finjan contends that the Capture ATP product infringes an asserted claim, both alone and in combination with 11 United States District Court Northern District of California 10 some other product or service, its infringement contentions should make that clear. In addition, 12 Finjan must avoid the confusion that arises from defining Capture ATP as both part of and 13 separate from another accused instrumentality. See Finjan, Inc. v. Check Point Software Techs., 14 Inc., No. 18-cv-02621-WHO, 2019 WL 955000, at *4 (N.D. Cal. Feb. 27, 2019) (requiring Finjan 15 to specify infringing combinations.) 16 2. Finjan’s Use of Screenshots 17 SonicWall argues that Finjan’s contentions do not satisfy the requirements of Patent Local 18 Rule 3-1 because they refer extensively to screenshots of images taken from SonicWall marketing 19 materials, with little or no explanation of how the information contained in the screenshots relates 20 to the claim limitations at issue. As an example, SonicWall cites a portion of Finjan’s 21 infringement contentions for the “rule-based content scanner” limitation of claim 1 of the ’305 22 patent, in which Finjan states: 23 24 25 26 27 28 In one scenario, as shown below, the cloud AV scan engine (rulebased content scanner) of the SonicWall Gateways (network interface) scans the content of files transmitted through traffic that is inspected for parsing by a software proxy. The cloud AV scan engine communicates with the database of parser and analyzer rules when it queries the database to compare the content properties of the file being scanned against the content of recognizable computer exploits in order to identify the presence of potential computer exploits within the scanned file. Dkt. No. 111-20 at 18. This text is followed by a screenshot: 5 1 2 3 4 5 6 7 Id. Finjan does not indicate where in the image any of the elements described in the text may be 8 found, and it is by no means self-evident from the image alone. See Digital Reg of Texas, LLC v. 9 Adobe Sys. Inc., No. CV 12–01971–CW, 2013 WL 3361241, at *4 (N.D. Cal. July 3, 2013) (rejecting unexplained reference to screenshots in lieu of explanatory text); Proofpoint, 2015 WL 11 United States District Court Northern District of California 10 1517920, at *6 (same). 12 Patent Local Rule 3-1(c) requires Finjan to provide contentions “that identify what 13 structure, act, or material in each of the [accused instrumentalities] infringes each claim element” 14 by mapping each claim element to specific elements of the accused instrumentalities. Proofpoint, 15 2015 WL 1517920, at *6–7. Finjan correctly observes that there is no prohibition on the use of 16 screenshots in infringement contentions. However, if Finjan wishes to rely on screenshots, it must 17 identify how what is shown in the image maps to the particular claim limitation for which the 18 image is referenced, such as by circling or labeling in a meaningful way the elements of the image 19 that correspond to the limitations at issue. 20 21 22 Finjan must amend its contentions to eliminate the use of unexplained screenshots. B. ’305 Patent The ’305 patent is directed to a computer security system for scanning and diverting 23 incoming content received from the Internet to an Internet application running on a computer. 24 Dkt. No. 1-9. Claims 1 and 6 recite: 25 26 27 28 1. A security system for scanning content within a computer, comprising: a network interface, housed within a computer, for receiving incoming content from the Internet on its destination to an Internet application running on the computer; 6 1 a database of parser and analyzer rules corresponding to computer exploits, stored within the computer, computer exploits being portions of program code that are malicious, wherein the parser and analyzer rules describe computer exploits as patterns of types of tokens, tokens being program code constructs, and types of tokens comprising a punctuation type, an identifier type and a function type; 2 3 4 5 a rule-based content scanner that communicates with said database of parser and analyzer rules, operatively coupled with said network interface, for scanning incoming content received by said network interface to recognize the presence of potential computer exploits therewithin; 6 7 8 a network traffic probe, operatively coupled to said network interface and to said rule-based content scanner, for selectively diverting incoming content from its intended destination to said rule-based content scanner; and 9 10 a rule update manager that communicates with said database of parser and analyzer rules, for updating said database of parser and analyzer rules periodically to incorporate new parser and analyzer rules that are made available. United States District Court Northern District of California 11 12 13 14 6. The system of claim 1 wherein the incoming content received from the Internet by said network interface is HTTP content. 15 Id. at claims 1, 6. SonicWall argues that Finjan does not identify the specific components in the 16 accused instrumentalities that map to certain limitations of claim 6. 17 18 1. “a network interface housed within a computer” SonicWall says that Finjan’s contentions for the accused Capture ATP instrumentality do 19 not identify “the computer” that houses the “network interface,” as recited in claim 6. Finjan’s 20 contentions state that “[t]he computer which houses the network interface resides (either alone or 21 as a distributed computer system) includes the Capture ATP and the Cloud Sandbox computers,” 22 and reference a diagram of Capture ATP. See Dkt. No. 111-22 at 1. Apart from the open-ended 23 nature of this contention, the problem is that Finjan nowhere identifies what “the Capture ATP and 24 Cloud Sandbox computers” are, and no such computers are identified in the referenced diagram. 25 26 27 28 Finjan must amend its contentions to identify where the computer that houses the network interface of claim 6 may be found in the accused Capture ATP instrumentality. 2. “database of parser and analyzer rules” SonicWall says that Finjan’s contentions for the accused Capture ATP instrumentality do 7 1 not identify the “database of parser and analyzer rules,” as recited in claim 6. Additionally, 2 SonicWall contends that the database of parser and analyzer rules must be stored on the same 3 computer that houses the network interface, and it complains that it cannot tell which, if any, 4 component of Capture ATP is “the computer” of claim 6. Dkt. No. 112 at 10. Finjan responds 5 that its contentions state that the database “resides on the Capture ATP system” and more 6 specifically that “in some scenarios . . . the database or rules are stored in the SonicWall Firewall, 7 SonicWall Capture cloud service, and/or the SonicWall GRID Data Center” within the Capture 8 ATP system. Dkt. No. 118 at 9. While Finjan has identified multiple locations where the database may be stored, it has not 10 identified what element of Capture ATP constitutes the database of claim 6. Finjan must identify 11 United States District Court Northern District of California 9 the computer on which the database is stored. In addition, if SonicWall has already produced 12 technical documents, source code, and internal source code architecture documents for Capture 13 ATP, Finjan should be in a position to also identify the database that meets this limitation. DCG 14 Sys., 2012 WL 1309161, at *2 (“[A] patentee must nevertheless disclose what in each accused 15 instrumentality it contends practices each and every limitation of each asserted claim to the extent 16 appropriate information is reasonably available to it.”); Check Point, 2019 WL 955000, at *6 (“It 17 is Finjan’s obligation to identify the particular claim components in each claim, map those 18 components onto the features of the allegedly infringing products, and pinpoint cite source code 19 that practices that component.”); Proofpoint, 2015 WL 1517920, at *6–7 (finding contentions, 20 “largely comprised of generic marketing literature and screenshots” with only “high-level 21 generalities” do not satisfy a patentee’s burden under Patent L.R. 3-1(c)). 22 23 3. “Internet application running on a computer” SonicWall says that Finjan’s contentions for the Gateways, ESA, and Capture ATP 24 instrumentalities do not identify any component that constitutes an “Internet application running 25 on the computer,” as recited in claim 6. Finjan responds that its contentions identify “web 26 browsers, FTP or file download clients, messaging clients and email client applications” as 27 “Internet applications.” Dkt. No. 111-20 at 1; Dkt. No. 111-22 at 1; Dkt. No. 111-24 at 1. In 28 addition, Finjan contends that the accused instrumentalities “include[] both hardware (such as a 8 1 network interface) and software (proxy software) components that can receive content included in 2 files (incoming content from the Internet on its destination to an Internet application running on 3 the computer) for inspection to detect the presence of malware (a security system)[,]” and that they 4 “include a network interface housed within a computer because they include both hardware and 5 software components that scan content included in files transmitted between a source computer 6 (e.g., Internet) and a destination computer (e.g., web client or application) over a computer 7 network.” Dkt. No. 111-20 at 1, 2; Dkt. No. 111-22 at 1, 2; Dkt. No. 111-24 at 1, 2. 8 9 These contentions are not sufficiently specific. Finjan identifies types of internet applications, but they are disclosed as examples only. Finjan does not identify any particular application or applications as the “Internet application running on the computer” that meets this 11 United States District Court Northern District of California 10 limitation of claim 6. To the extent Finjan contends that the SonicWall Gateways or ESA 12 products themselves are the “Internet application running on the computer,” such contention is not 13 clearly stated. 14 Finjan must amend its contentions to identify the Internet application or applications that 15 meet this limitation of claim 6. If SonicWall has already produced technical specifications and 16 source code for the Gateways, ESA, and Capture ATP products, Finjan should be able to identify 17 the application or applications with specificity. 18 4. “rule-based content scanner” 19 SonicWall says that Finjan’s contentions do not identify a “rule-based content scanner” for 20 any accused instrumentality. In particular, SonicWall objects to Finjan’s use of the undefined and 21 unexplained terms “scan engine” and “scanners” as proxies for a specific component of the 22 accused instrumentalities that meets this claim limitation when no such components with those 23 names are identified in any of SonicWall’s products. Dkt. No. 112 at 11–12. In addition, 24 SonicWall complains that Finjan’s contentions merely paraphrase the claim language without 25 identifying the elements of the accused instrumentalities that perform the functions of the rule- 26 based content scanner. Dkt. No. 120 at 7. Finjan responds that it has identified numerous items in 27 the accused instrumentalities, including “AV scan engines, scanners using Yara rules, scanners 28 using SonicWall Signatures, cache lookup, static analysis, sandbox, dynamic analysis, packet 9 1 inspectors, or similar scan engine/analyzers,” that perform the claimed functions of a rule-based 2 content scanner. Dkt. No. 118 at 10. 3 The primary difficulty with Finjan’s contentions here is that while all of these “scanners” 4 may be examples of rule-based content scanners, it not clear whether Finjan contends that such 5 scanners are, in fact, found in the accused instrumentalities, and if so, where they are found. It is 6 not sufficient for Finjan to simply declare that a component that performs the claimed 7 functionality exists in an accused instrumentality; Finjan must identify the infringing element and 8 where it is found. 9 Finjan must amend its contentions to identify which component or components comprise the rule-based content scanner of claim 6. If SonicWall has already produced technical 11 United States District Court Northern District of California 10 specifications and source code for the accused instrumentalities, Finjan should be able to identify 12 the claimed scanner with specificity. 13 5. “rule update manager” 14 SonicWall says that Finjan’s contentions do not identify a “rule update manager” for any 15 accused instrumentality. The parties’ arguments with respect to this limitation are similar to the 16 arguments they made with respect to the “rule-based content scanner” limitation. 17 The Court’s decision is also the same. Finjan must amend its contentions to identify which 18 component or components comprise the rule update manager of claim 6. If SonicWall has already 19 produced technical specifications and source code for the accused instrumentalities, Finjan should 20 be able to identify the claimed rule update manager with specificity. 21 22 6. “patterns of types of tokens” As recited in claim 6, the parser and analyzer rules stored in the database “describe 23 computer exploits as patterns of types of tokens.” SonicWall says that Finjan has not identified 24 any aspect of the accused instrumentalities that constitutes rules describing exploits as “patterns of 25 types of tokens,” but has instead merely identified “tokens” or “token patterns.” Dkt. No. 112 at 26 13 (emphasis original). SonicWall contends that this is an important distinction in view of the 27 prosecution history of the ’305 patent, in which the USPTO accepted Finjan’s argument that its 28 invention was not unpatentable in view of the prior art under 35 U.S.C. §§ 102(e) and 103(a) on 10 1 the basis that “patterns of types of tokens” differs from “tokens.” Dkt. No. 112-17 at 9 2 (“Applicants wish to point out that the phrases ‘tokens’ and ‘patterns of types of tokens’ have 3 different meanings.”). Finjan argued during prosecution that, “[i]n particular, as used in the 4 subject specification, ‘types of tokens’ refers to a categorization of tokens into types. A ‘type’ is a 5 category.” Id. 6 Finjan’s contentions refer almost exclusively to “tokens,” “patterns,” or “token patterns” in 7 the accused instrumentalities. For example, Finjan’s contentions for the SonicWall Gateways 8 instrumentalities state: 9 10 United States District Court Northern District of California 11 12 13 14 15 16 AV databases used by SonicWall Gateways contain parser and analyzer rules because the rules include conditions configured to recognize patterns that correspond to code associated with polymorphic viruses (obfuscated code), worms, Trojans, and malware (computer exploits). . . . The portions of program code used to produce the Polymorphic viruses, worms, Trojans, and malware are tokens because they are generated in accordance with the lexical constructs of a particular programming language so that they can be downloaded / executed at a destination computer, as intended by the code’s author. The AV database includes analyzer rules because it stores token patterns that enable SonicWall Gateways to quickly detect program code associated with Polymorphic viruses, worms, Trojans, and malware when processing the code during file inspection procedures. 17 Dkt. No. 111-20 at 6 (emphases added); see also Dkt. No. 111-24 at 7 (same paragraph for ESA 18 products). Finjan does not point to parser and analyzer rules in the Gateways instrumentalities 19 that it says describe “patterns of types of tokens,” except in summarizing its conclusion that the 20 accused instrumentalities meet the claim limitation. See, e.g., Dkt. No. 111-20 at 7 (“In [this] 21 fashion, the parser and analyzer rules used by SonicWall Gateways describe these computer 22 exploits as patterns of types of tokens based on the different character combinations.”); see also 23 Dkt. No. 111-24 at 9 (same paragraph for ESA products). 24 Finjan objects that SonicWall improperly attempts to argue claim construction issues in 25 support of its motion to compel. Dkt. No. 118 at 13. Finjan also argues that its contentions are 26 sufficiently detailed to put SonicWall on notice of what Finjan contends meets the “patterns of 27 types of tokens” limitation. Id. at 13–14. 28 This dispute presents a closer call. Finjan has disclosed what it contends are tokens and 11 1 patterns of tokens that are recognized by parser and analyzer rules. If Finjan believes that these 2 tokens and patterns of tokens meet the “patterns of types of tokens” limitation, then no amendment 3 is required, and SonicWall will be free to argue, in view of the prosecution history or otherwise, 4 that tokens and patterns of tokens do not meet this limitation and the accused instrumentalities do 5 not infringe on this basis. If, however, Finjan contends that the parser and analyzer rules 6 recognize something other than tokens or patterns of tokens as “patterns of types of tokens,” 7 Finjan must disclose what that something else is. See, e.g., St. Clair Intellectual Prop. 8 Consultants, Inc. v. Matsushita Elec. Indus. Co., Ltd., C.A. Nos. 04-1436-LPS, 06-404-LPS, 08- 9 371-LPS, 2012 WL 1015993, at *5 (D. Del. Mar. 26, 2012) (“When claim construction remains an open issue at the time the parties serve expert reports and infringement contentions, the parties 11 United States District Court Northern District of California 10 have an obligation to prepare for the fact that the court may adopt the other party’s claim 12 construction.”) (internal quotation marks and alterations omitted), aff’d 552 F. App’x 915 (Fed. 13 Cir. 2013) (per curiam). ’926 Patent 14 C. 15 The ’926 patent is directed to a system for detecting malicious information associated with 16 a downloadable application. Asserted claim 22 of the ’926 patent claims a system for managing 17 “Downloadables” as follows: 18 22. A system for managing Downloadables, comprising: 19 a receiver for receiving an incoming Downloadable; 20 a Downloadable identifier for performing a hashing function on the incoming Downloadable to compute an incoming Downloadable ID; 21 22 23 24 25 a database manager for retrieving security profile data for the incoming Downloadable from a database of Downloadable security profiles indexed according to Downloadable IDs, based on the incoming Downloadable ID, the security profile data including a list of suspicious computer operations that may be attempted by the Downloadable; and 27 a transmitter coupled with said receiver, for transmitting the incoming Downloadable and a representation of the retrieved Downloadable security profile data to a destination computer, via a transport protocol transmission. 28 Dkt. No. 1-5 at claim 22. The Court has adopted the parties’ agreed construction of 26 12 1 “Downloadable” as meaning “an executable program, which is downloaded from a source 2 computer and run on the destination computer.” Dkt. No. 132 at 5. The parties dispute the 3 adequacy of Finjan’s contentions for two limitations of claim 22. 4 5 1. “database manager” SonicWall says that Finjan’s contentions do not identify any specific component within the accused instrumentalities that corresponds to the “database manager” that “retriev[es] security 7 profile data for the incoming Downloadable.” Instead, SonicWall says that Finjan relies on 8 “functional claiming” in which it merely parrots the claim language. Dkt. No. 112 at 14–15. 9 SonicWall also objects to Finjan’s frequent reference to various scenarios in which Finjan says the 10 database manager “includes” different SonicWall products or services. Id. Finjan responds that it 11 United States District Court Northern District of California 6 has described in detail how the database manager infringes. See Dkt. No. 118 at 14. Finjan does 12 not address SonicWall’s principle objection, which is that Finjan has not identified which 13 components of the accused instrumentalities constitute the claimed database manager. 14 Finjan’s contentions for this limitation suffer from the same problems as many of its other 15 contentions, as Finjan appears to rely on open-ended language and ambiguous references to 16 screenshots to support its contention that the accused instrumentalities include the claimed 17 database manager. Finjan does not state what component in any instrumentality is the database 18 manager. It must amend its contentions to identify which component or components comprise the 19 database manager of claim 22. If SonicWall has already produced technical specifications and 20 source code for the accused instrumentalities, Finjan should be able to identify the claimed 21 database manager with specificity. 22 23 2. “database of Downloadable security profiles indexed according to Downloadable IDs” SonicWall says that Finjan has effectively identified every database in the accused 24 25 instrumentalities as the “database of Downloadable security profiles indexed according to Downloadable IDs,” and so has not really identified any specific database or databases, thereby 26 concealing its infringement theory from SonicWall. Dkt. No. 112 at 15–16. Finjan responds that 27 its contentions do refer to specific databases and do not encompass databases that may only be 28 13 1 2 used with an accused instrumentality. Dkt. No. 118 at 15. Finjan has identified some specific databases that it contends are the claimed database of 3 Downloadable security profiles indexed according to Downloadable IDs, but its contentions suffer 4 from the problem of reliance on open-ended language discussed above. Finjan must amend its 5 infringement contentions to identify the specific databases that it contends constitute the claimed 6 database of Downloadable security profiles indexed according to Downloadable IDs of claim 22. 7 Finjan’s amended contentions also should disclose the basis for its contention that a particular 8 database includes “Downloadable security profiles indexed according to Downloadable IDs.” If 9 SonicWall has already produced technical specifications and source code for the accused 10 instrumentalities, Finjan should be able to identify the claimed database with specificity. ’408 Patent United States District Court Northern District of California 11 D. 12 The ’408 patent is directed to a method and system for rule-based content scanning that 13 identifies patterns of lexical constructs for a specific language and identifies the presence of 14 potential exploits within an incoming byte stream based on rules for that language. Dkt. No. 1-10. 15 Asserted claim 9 reads: 16 17 18 19 20 21 22 23 24 25 26 27 28 9. A computer system for multi-lingual content scanning, comprising: a non-transitory computer-readable storage medium storing computer-executable program code that is executed by a computer to scan incoming program code; a receiver, stored on the medium and executed by the computer, for receiving an incoming stream of program code; a multi-lingual language detector, stored on the medium and executed by the computer, operatively coupled to said receiver for detecting any specific one of a plurality of programming languages in which the incoming stream is written; a scanner instantiator, stored on the medium and executed by the computer, operatively coupled to said receiver and said multi-lingual language detector for instantiating a scanner for the specific programming language, in response to said determining, the scanner comprising: a rules accessor for accessing parser rules and analyzer rules for the specific programming 14 language, wherein the parser rules define certain patterns in terms of tokens, tokens being lexical constructs for the specific programming language, and wherein the analyzer rules identify certain combinations of tokens and patterns as being indicators of potential exploits, exploits being portions of program code that are malicious; 1 2 3 4 a tokenizer, for identifying individual tokens within the incoming; a parser, for dynamically building while said receiver is receiving the incoming stream, a parse tree whose nodes represent tokens and patterns in accordance with the parser rules accessed by said rules accessor; and 5 6 7 8 an analyzer, for dynamically detecting, while said parser is dynamically building the parse tree, combinations of nodes in the parse tree which are indicators of potential exploits, based on the analyzer rules; and 9 10 United States District Court Northern District of California 11 a notifier, stored on the medium and executed by the computer, operatively coupled to said scanner instantiator for indicating the presence of potential exploits within the incoming stream, based on results of said analyzer. 12 13 14 Id. at claim 9. SonicWall contends that Finjan has not identified the components in the accused 15 instrumentalities that correspond to several limitations in claim 9. 16 17 1. “multi-lingual language detector” SonicWall says that Finjan’s contentions do not identify any specific component in the 18 accused instrumentalities that serves as a “multi-lingual language detector.” Instead, SonicWall 19 argues, Finjan contends that a “multi-lingual language detector” must be present because the 20 accused instrumentalities “include a vocabulary built of programming languages which allow [the 21 accused instrumentality] to classify web content,” “use techniques such as Bayesian analysis and 22 gibberish detection to look inside the header and payload of network traffic to detect any specific 23 one of a plurality of programming language in which the incoming stream is written,” and 24 “inspect[] a number of different file types that are written in a number of different programming 25 languages.” Dkt. No. 111-14 at 48–49. Finjan acknowledges that its contentions refer to the 26 performance of certain functions. See Dkt. No. 118 at 16 (“Finjan explicitly identified what 27 functionality of the Accused Product it contends are the multi-lingual language detectors and 28 states that they inspect the incoming content to determine the language.”). However, Finjan says 15 1 that it also refers to specifically to the technology that is used to meet this limitation. Id. (“Finjan 2 also describes the technology that the multi-lingual language detector uses . . . .”). 3 Again, the problem is that Finjan does not identify what component constitutes the multi- 4 lingual language detector; it only identifies the function it performs and how it performs that 5 function. Finjan must amend its contentions to identify the component or components of the 6 accused instrumentalities that constitute the multi-lingual language detector of claim 9. If 7 SonicWall has already produced technical specifications and source code for the accused 8 instrumentalities, Finjan should be able to identify the claimed multi-lingual language detector 9 with specificity. 10 2. “scanner instantiator” United States District Court Northern District of California 11 The parties’ dispute concerning Finjan’s contentions for the “scanner instantiator” 12 limitation is similar to their dispute concerning Finjan’s contentions for the “multi-lingual 13 language detector.” By its own admission, Finjan attempts to identify the accused scanner 14 instantiator in the accused instrumentalities by describing “its functionality . . . and what it 15 instantiates.” Dkt. No. 118 at 16–17. 16 Finjan must amend its contentions to identify the component or components of the accused 17 instrumentalities that constitute the scanner instantiator of claim 9. If SonicWall has already 18 produced technical specifications and source code for the accused instrumentalities, Finjan should 19 be able to identify the claimed scanner instantiator with specificity. 20 21 3. “a scanner for the specific programming language” SonicWall says that Finjan’s contentions do not actually identify a scanner that is specific 22 to any programming language, as claim 9 requires. Dkt. No. 112 at 17–18. Finjan does not 23 dispute that its disclosure must identify a scanner specific to a programming language. It argues 24 that by describing how the scanners are specific to a programming language, it has sufficiently 25 identified the claimed scanner. Dkt. No. 118 at 7 (quoting Dkt. No. 111-14 at 53, 54–55). This is 26 not sufficient. 27 28 Finjan must amend its contentions to identify the component or components of the accused instrumentalities that constitute the scanner of claim 9. If SonicWall has already produced 16 1 technical specifications and source code for the accused instrumentalities, Finjan should be able to 2 identify the claimed scanner with specificity. 3 4 4. “rules accessor” / “analyzer for dynamically detecting” SonicWall argues that the “scanner” of claim 9 has five sub-components. See Dkt. No. 5 112 at 17–19. In fact, the scanner has only four sub-components: a rules accessor, a tokenizer, a 6 parser, and an analyzer. Dkt. No. 1-10 at claim 9. SonicWall says that Finjan has not identified a 7 scanner that includes these sub-components, nor has it identified components that map to the rules 8 accessor or the analyzer. Dkt. No. 112 at 18–19. Finjan responds that its contentions include 9 details of what the rules accessor and analyzer do, and argues that because Finjan has already identified the scanner of claim 9, SonicWall’s complaint that Finjan has not identified the 11 United States District Court Northern District of California 10 components embodying the rules accessor and the analyzer is mistaken. Dkt. No. 118 at 17–20. 12 The difficulty with Finjan’s arguments is that its contentions are mostly limited to 13 describing the functionality of the rules accessor and the analyzer; it does not identify which 14 components in the accused instrumentalities meet these limitations. Id. The Court is not 15 persuaded that the “nature of the technology” makes it impossible for Finjan to identify the 16 infringing components. See id. at 20. If Finjan has the benefit of SonicWall’s technical 17 specifications and source code for the accused instrumentalities, it should be able to identify the 18 components that meet these limitations with specificity. Finjan must amend its contentions to 19 identify the component or components of the accused instrumentalities that constitute the rules 20 accessor and analyzer of claim 9. 21 5. 22 “notifier” SonicWall says that the “notifier” is a sub-component of the “scanner for the specific 23 language,” and that Finjan does not identify any component in the accused instrumentalities that 24 meets this limitation. Dkt. No. 112 at 19. Finjan correctly observes that the “notifier” is not part 25 of the claimed scanner, but rather a separate claim element. Dkt. No. 118 at 20. SonicWall does 26 not address the “notifier” limitation in its reply. See Dkt. No. 120. 27 Nevertheless, the Court observes that Finjan’s contentions for the “notifier” rely on a 28 description of what the notifier does, not what it is. See Dkt. No. 111-14 at 78–79. As Finjan does 17 1 not identify the component or components of the accused instrumentalities that constitute the 2 notifier, it must amend its contentions to remedy this problem. ’844 Patent 3 E. 4 The ’844 patent is directed to a system and method for attaching to a Downloadable a 5 security profile generated according to a set of rules based on the Downloadable’s content. Dkt. 6 No. 1-2. SonicWall challenges the adequacy of Finjan’s contentions for the “inspector” limitation 7 of asserted claim 1 and the “first content inspection engine” of asserted claim 15, both of which 8 are reproduced below: 9 1. A method comprising: receiving by an inspector a Downloadable; 11 United States District Court Northern District of California 10 generating by the inspector a first Downloadable security profile that identifies suspicious code in the received Downloadable; and 12 13 linking by the inspector the first Downloadable security profile to the Downloadable before a web server makes the Downloadable available to web clients. 14 15 16 15. An inspector system comprising: memory storing a first rule set; and 17 a first content inspection engine for using the first rule set to generate a first Downloadable security profile that identifies suspicious code in a Downloadable, and for linking the first Downloadable security profile to the Downloadable before a web server makes the Downloadable available to web clients. 18 19 20 21 22 Id. at claims 1, 15. SonicWall says that Finjan’s contentions for the “inspector” and “first content inspection 23 engine” limitations do not adequately disclose Finjan’s theories of infringement. Specifically, 24 SonicWall argues that Finjan’s contentions are confusing because they suggest that the accused 25 Gateways instrumentalities are themselves the claimed inspector/first content inspection engine 26 while also identifying many other distinct elements or combinations of elements within and among 27 the Gateways that meet these limitations. Dkt. No. 112 at 19–20. In addition, for some of the 28 purported inspectors in the Gateways, SonicWall argues that Finjan does not disclose how each 18 1 purported “inspector” meets the necessary requirements of that limitation. Id. at 20. Finjan 2 responds by clarifying that it is indeed accusing both the Gateways themselves, as well as 3 elements within the accused instrumentalities. Finjan cites to its contentions about what the 4 inspector and first content inspection engine do and refers to figures incorporated into the 5 contentions. Dkt. No. 118 at 20–21. 6 The Court agrees that Finjan’s contentions for these limitations of claim 1 and claim 15 are confusing. Finjan must amend its contentions to make clear its different theories of infringement 8 (i.e., Gateways as a whole versus individual components versus combinations). In addition, 9 Finjan must amend its contentions to clearly indicate which component or components meet the 10 claimed limitations. For the inspector limitation, Finjan must also disclose how it contends the 11 United States District Court Northern District of California 7 accused product or component meets all necessary requirements of that limitation. If SonicWall 12 has already produced technical specifications and source code for the accused instrumentalities, 13 Finjan should be able to identify the claimed inspector and first content inspection engine with 14 specificity. ’780 Patent 15 F. 16 The ’780 patent is directed to a system and method for protecting a computer and a 17 network from hostile Downloadables. Dkt. No. 1-4. Asserted claim 9 recites as follows: 18 9. A system for generating a Downloadable ID to identify a Downloadable, comprising: 19 a communications engine for obtaining a Downloadable that includes one or more references to software components required to be executed by the Downloadable; and 20 21 an ID generator coupled to the communications engine that fetches at least one software component identified by the one or more references, and for performing a hashing function on the Downloadable and the fetched software components to generate a Downloadable ID. 22 23 24 25 26 Id. at claim 9. SonicWall says that claim 9 requires “an ID generator” that “fetches at least one software 27 component identified by the one or more references” included in the Downloadable and 28 “perform[s] a hashing function on the Downloadable and the fetched software components to 19 1 generate a Downloadable ID.” Dkt. No. 112 at 22. SonicWall argues that Finjan’s contentions do 2 not identify which component in the accused instrumentalities performs these functions. Finjan 3 responds that it has identified the functionality in SonicWall’s products that meet the ID generator 4 limitation. Finjan argues that it should not be required to provide “the exact name for the 5 structure” because the infringing feature is “software related.” Dkt. No. 118 at 22–23. 6 Finjan may not rely on a description of allegedly infringing functionality that closely tracks the claim language without identifying the component or feature that performs the claimed 8 function. There is no exception for software-related inventions, particularly where, as here, it 9 appears that Finjan has access to SonicWall’s technical specifications and source code. See, e.g., 10 Creagri, Inc. v. Pinnaclife, Inc, LLC, No. 11-cv-06635-LHK-PSG, 2012 WL 5389775, at *2 n.6 11 United States District Court Northern District of California 7 (N.D. Cal. Nov. 2, 2012) (“Where the accused instrumentality includes computer software based 12 upon source code made available to the patentee, the patentee must provide ‘pinpoint citations’ to 13 the code identifying the location of each limitation.”); Digital Reg, 2013 WL 3361241, at *3–4 14 (requiring plaintiff to amend its infringement contention in part because it “has had access to 15 [defendant’s] source code [for eight months] and, at this juncture, should be able to amend its 16 [infringement contentions] to clearly articulate how each of [defendant’s] particular products 17 infringe on Plaintiff’s respective patents”); Finjan, Inc. v. Sophos, Inc., No. 14-cv-01197-WHO, 18 2015 WL 5012679, at *3 (N.D. Cal. Aug. 24, 2015) (rejecting Finjan’s argument that it was not 19 required to provide pinpoint source code citations in its amended infringement contentions 20 asserting the ’780, ’154, ’926, ’844, and ’494 patents, among others). Finjan must amend its 21 contentions to identify the component or components that meet the ID generator limitation of 22 claim 9. ’154 Patent 23 G. 24 The ’154 patent is directed to a system and method for inspecting dynamically generated 25 executable code. Dkt. No. 1-7. SonicWall challenges the adequacy of Finjan’s contentions for 26 several limitations of asserted claims 1, 3 and 10. 27 28 1. Claim 1: “first function” / “second function” Asserted claim 1 recites: 20 1 2 3 4 5 6 7 8 9 10 United States District Court Northern District of California 11 1. A system for protecting a computer from dynamically generated malicious content, comprising: a content processor (i) for processing content received over a network, the content including a call to a first function, and the call including an input, and (ii) for invoking a second function with the input, only if a security computer indicates that such invocation is safe; a transmitter for transmitting the input to the security computer for inspection, when the first function is invoked; and a receiver for receiving an indicator from the security computer whether it is safe to invoke the second function with the input. Dkt. No. 1-7 at claim 1. SonicWall argues that claim 1 requires receiving content that includes “a call to a first 12 function . . . the call including an input,” followed by “transmitting the input to the security 13 computer for inspection, when the first function is invoked,” and thereafter “invoking a second 14 function with the input, only if a security computer indicates that such invocation is safe.” Dkt. 15 No. 112 at 23–24. SonicWall’s principle complaint is that Finjan’s contentions do not identify a 16 “first function” or “second function” that meets these limitations of claim 1. Finjan responds that 17 it has disclosed the infringing “first function” in its contentions for the separate “content 18 processor” limitation as follows: 19 20 21 22 An example of first functions in the form of JavaScript functions include eval, unescape and document.write functions. For example, eval functions such as eval(base64_decode…) and eval(gzinflate…) are used to obfuscate or conceal automatic downloads of malware from a suspicious link or URI (e.g. malicious JavaScript, shellcode, drivebydownload, droppers, installers, malicious binary). 23 Dkt. No. 111-26 at 1; see also id. at 2 (“Another example of first function is ‘unescape()’ with a 24 large amount of escaped data is detected. . . . An example of first functions in the form of a 25 ‘document.write()’ function include document.write(unescape([obfuscated code])), where the first 26 function is a document.write().”); id. at 3 (“Other examples of first functions are functions within 27 PDFs for specifying the action to be performed automatically when the document is viewed such 28 as downloading malware from a suspicious link or URL (e.g. OpenAction); Embed or Launch 21 1 SWF functions within a PDF for running an embedded video file; and functions for launching 2 JavaScript within a PDF (e.g. Launch).”). Similarly, Finjan says that it has disclosed the 3 infringing “second function” in its contentions for the separate “content processor” limitation as 4 follows: 5 Examples of second functions include recursive or suspicious scripts for obfuscating malicious links/URIs such as eval, unescape and document.write. In the following example, eval(base64_decode('ZXJyb3JfcmVwb3J0aW5nKDApOw0KJGJvd CA 9IE…)) is a second function that is recursively decoding the obfuscated code “ZXJyb3JfcmVwb3J0aW5nKDApOw0KJGJvdCA9IE…” Indirect calls to eval referencing the local scope of the current function or of unimplemented features (e.g. the document.lastModified property) are further examples of second functions. 6 7 8 9 10 United States District Court Northern District of California 11 Id. at 3. And, additionally: 12 Second functions are typically a subsequent function that causes a download from the same URL such as connecting to or download files from a remote command and control (CnC) server using HTTPSendRequest, InternetReadFile with the input (e.g. URL, IP, file). The content processor will invoke a second function (e.g. HTTPS file download) with the input (e.g. URL) if the security computer indicates that such invocation is safe. These second functions will be invoked by the Accused Products. 13 14 15 16 Second functions include sending results to a protected computer for automatically downloading from an obfuscated remote location and/or launching concealed input using certain combinations of JavaScript, iFrame injections and/or PDF (e.g. OpenAction or Launch). Such examples include JavaScript and OpenAction functions within PDFs for launching or downloading code for exploiting vulnerabilities within Adobe Reader and Adobe Acrobat such as malicious JavaScript, shellcode, drive-by download, droppers, installers and malicious binaries. Examples of such functions include URLDownloadToFile() for dropping malicious binaries; heap spraying functions including memory-related functions using PROCESS_MEMORY_COUNTERS; JavaScript functions in PDF for connecting to the Internet or making a network connection such as app.mailmsg() and app.launchURL(), as well as CONNECT-related and LISTEN-related functions; functions for executing malware via DLL injection such as CreateRemoteThread(); and functions for executing dropped malware, such as NtCreateProcess(). 17 18 19 20 21 22 23 24 25 26 27 28 Id. at 4. As explained above, Finjan’s use of “examples” renders its contentions open-ended and indefinite. However, the examples themselves are sufficiently disclosed with respect to the “first 22 1 function” and “second function.” Finjan should amend its contentions to ensure the contentions 2 are complete and do not rely merely on examples; otherwise, Finjan risks being limited to the 3 examples actually disclosed. It is not clear, however, how Finjan believes the accused instrumentalities meet the further 4 5 requirements of claim 1 of “transmitting the input to the security computer for inspection, when 6 the first function is invoked,” and thereafter “invoking a second function with the input.” Here, 7 Finjan appears to rely on contentions that essentially repeat the claim language. Finjan must 8 amend its contentions to identify the basis for its view that the accused instrumentalities meet 9 these other limitations of claim 1. 10 2. Asserted claim 10 is similar to claim 1 except that it discloses program code that 11 United States District Court Northern District of California Claim 10: “computing device . . . receiv[ing] a modified input variable” 12 additionally requires “receiv[ing]” and “calling a second function” with “a modified input 13 variable” that “is obtained by modifying the input variable if the inspection of the input variable 14 indicates that calling a function with the input variable may not be safe.” Dkt. No. 1-7 at claim 10. 15 SonicWall says that Finjan’s contentions for claim 10 do not adequately specify how the identified 16 program code causes a “computer device” to “receive a modified input variable.” Dkt. No. 112 at 17 24. Finjan responds that it “does not have to explain what modifies the code or how it is modified 18 . . . because that is not what the claim requires” and that it is sufficient that Finjan simply assert 19 that Capture ATP is a computing device that “receive[s] a modified input variable.” Dkt. No. 118 20 at 24. 21 Finjan identifies “modified code/parameters” as the “modified input variable” and 22 describes “[t]he modified input variable being modified by code, parameters, or URLs.” Dkt. No. 23 111-26 at 22. Finjan then cites to two SonicWall documents that generally describe the overall 24 architecture and process of the Sandbox feature. Id. at 23–24. However, SonicWall contends (and 25 Finjan does not dispute) that those documents say nothing about any kind of “modified 26 code/parameters,” or even any “code, parameters, or URLs.” While Finjan is not required to 27 explain how the input variable is modified, it must provide the bases for its existing contention, 28 including accurate citations to evidence. See, e.g., Check Point, 2019 WL 955000, at *5 (“If the 23 1 cited materials contain information necessary to understand Finjan’s infringement theories, Finjan 2 must identify the particular supporting language in those sources and explain how that language 3 fits into Finjan’s theory of infringement.”) (citing Proofpoint, 2015 WL 151720, at *6). 4 Accordingly, Finjan must amend its contentions to identify the evidence on which it relies for this 5 aspect of its contentions. 6 7 8 9 10 United States District Court Northern District of California 11 3. Claim 3: “the input is dynamically generated by said content processor prior to being transmitted by said transmitter” Asserted claim 3 requires that the “input” to the “content processor” of claim 1 be “dynamically generated by said content processor prior to being transmitted by said transmitter.” Dkt. No. 1-7 at claim 3. SonicWall points out that Finjan’s contentions for claim 3 appear to assume that the “content processor” of claim 1 (from which claim 3 depends) is the same as the “security computer” also recited in claim 1. Dkt. No. 112 at 24–25. For this reason, SonicWall 12 argues, Finjan has not provided a coherent theory of infringement for claim 3. Finjan does not 13 respond directly to SonicWall’s argument about the apparent disconnect between Finjan’s 14 contention and the claim language. See Dkt. No. 118 at 24–25. 15 Finjan must amend its contentions to address the ambiguity SonicWall identifies in its 16 contentions for claim 3. 17 18 H. ’968 Patent The ’968 patent is directed to a policy-based cache manager, which contains a memory 19 storing a cache of digital content, policies, a policy index indicating allowable cache content, a 20 content scanner to scan received digital content to derive a content profile, and a content evaluator 21 to determine whether the content is allowable based on the profile. Dkt. No. 1-11. Asserted claim 22 23 24 25 26 27 1 of the ’968 patent and its dependent claims 7 and 11 require a “policy based cache manager,” comprised of, among other things, “a memory storing a cache of digital content, a plurality of policies, and a policy index to the cache contents.” Id. at claims 1, 7, 11. The policy index “include[es] entries that relate cache content and policies by indicating cache content that is known to be allowable relative to a given policy, for each of a plurality of policies.” Id. SonicWall argues that Finjan’s contentions do not identify any component of the accused 28 24 1 instrumentalities that constitutes a “policy index to the cache contents” “including entries that 2 relate cache content and policies by indicating cache content that is known to be allowable relative 3 to a given policy.” Dkt. No. 112 at 25. Finjan’s contentions include the following disclosure: 4 SonicWall Gateways include memory that saves collections of data locally that can be shared throughout a network of users or for further security processing. This data includes web content cached in memory, policies containing layers with one or more rules, and a policy index to the cache contents. This data is indexed by policy identifiers using the policy manager, which performs policy evaluation decisions using various policy constructs which include conditions, properties, rules and actions that relate cache content and policies by indicating cache content that is known to be allowable relative to a given policy, for each of a plurality of policies. When a browser request is received, SonicWall Gateways check the policy to determine if the cached content is known to be allowable. When the objects or collections of data crosses the network, a permission check occurs using the policy manager containing an index of entries that relate cached content and policies by indicating the allowability of certain cached content based on various set of rules against determinations concerning whether or not they have malware. 5 6 7 8 9 10 United States District Court Northern District of California 11 12 13 14 Dkt. No. 111-30 at 6–7. It appears that Finjan has identified allegedly infringing functions 15 performed by the accused instrumentalities and so infers the existence of the claimed policy index. 16 However, the contentions do not identify a component in the accused instrumentalities that 17 constitutes the policy index. Instead, Finjan refers to an undefined “policy manager”—a term that 18 SonicWall says does not appear in the cited documents—which either performs the indexing of 19 cache contents or contains the index itself. Id. at 6–7. Finjan must amend its contentions to identify the component or feature that performs that 20 21 functions that it says the accused instrumentalities perform. If SonicWall has already produced 22 technical specifications and source code for the accused instrumentalities, Finjan should be able to 23 identify the claimed policy-based cache manager that meets the requirements of claims 1, 7, and 24 11. 25 I. 26 Finjan observes that the “infringing functionalities commonly reside in in the source code Source Code 27 or in highly confidential internal technical documentation that is not made publicly available.” 28 Dkt. No. 118 at 4. As noted above, the parties agree that SonicWall has produced to Finjan 25 1 technical documents, including source code accompanied by internal source code architecture 2 documents and file manifests, although it is not clear from the record whether Finjan has access to 3 this material for all accused instrumentalities. In these circumstances, the patent holder generally 4 is expected to cite to such documentation and source code in its infringement contentions. 5 Creagri, 2012 WL 5389775, at *2 n.6 (“Where the accused instrumentality includes computer 6 software based upon source code made available to the patentee, the patentee must provide 7 ‘pinpoint citations’ to the code identifying the location of each limitation.”); Digital Reg, 2013 8 WL 3361241, at *3–4 (requiring plaintiff to amend its infringement contention in part because it 9 “has had access to [defendant’s] source code [for eight months] and, at this juncture, should be able to amend its [infringement contentions] to clearly articulate how each of [defendant’s] 11 United States District Court Northern District of California 10 particular products infringe on Plaintiff’s respective patents”); see also Check Point, 2019 WL 12 955000, at *6–7 (requiring Finjan to amend its infringement contentions with pinpoint source code 13 citations); Sophos, 2015 WL 5012679, at *3 (same). At the hearing, Finjan requested that the Court order SonicWall to produce a corporate 14 15 representative for a Rule 30(b)(6) deposition on SonicWall’s source code prior to any deadline for 16 serving further supplemental contentions. SonicWall objects to such deposition on the ground that 17 it is premature, given Finjan’s failure to disclose its infringement contentions based on the 18 information it already has. The Court is not persuaded that Finjan should be allowed to depose a 19 corporate witness before it has crystallized its infringement theories. Dkt. No. 120 at 2. 20 IV. CONCLUSION 21 For the foregoing reasons, the Court grants SonicWall’s motion to compel further 22 infringement contentions as described above. Finjan shall serve its amended contentions no later 23 than 30 days from the date of this order. 24 25 IT IS SO ORDERED. Dated: May 1, 2019 26 27 VIRGINIA K. DEMARCHI United States Magistrate Judge 28 26

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.


Why Is My Information Online?