Finjan, Inc. v. Sonicwall, Inc.
Filing
146
Order by Magistrate Judge Virginia K. DeMarchi granting 112 Motion to Compel Further Supplemental Infringement Contentions. Amended infringement contentions due by 5/31/2019. (vkdlc1S, COURT STAFF) (Filed on 5/10/2019)
1
2
3
4
UNITED STATES DISTRICT COURT
5
NORTHERN DISTRICT OF CALIFORNIA
6
SAN JOSE DIVISION
7
FINJAN, INC.,
8
Plaintiff,
9
v.
10
SONICWALL, INC.,
11
United States District Court
Northern District of California
Case No.17-cv-04467-BLF (VKD)
Defendant.
12
ORDER RE MOTION TO COMPEL
FURTHER SUPPLEMENTAL
INFRINGEMENT CONTENTIONS
Re: Dkt. No. 112
13
Finjan, Inc. (“Finjan”) sues defendant SonicWall, Inc. (“SonicWall”) for patent
14
infringement. SonicWall moves to compel Finjan to provide further supplemental infringement
15
contentions. Dkt. No. 112. This motion was referred to the undersigned judge. Dkt. No. 75. The
16
Court heard oral argument on the motion on March 12, 2019. Dkt. No. 128. Having considered
17
the parties’ briefs and arguments made at the hearing, the Court grants SonicWall’s motion to
18
compel as described below.
19
I.
BACKGROUND
20
On April 10, 2018, Finjan served its original disclosure of asserted claims, infringement
21
contentions, and document production pursuant to Patent Local Rules 3-1 and 3-2. The original
22
disclosure asserted infringement of 39 claims across the following ten patents: U.S. Patent Nos.
23
6,154,844 (“the ’844 patent”); 7,058,822 (“the ’822 patent”); 6,804,780 (“the ’780 patent”);
24
7,613,926 (“the ’926 patent”); 7,647,633 (“the ’633 patent”); 8,141,154 (“the ’154 patent”);
25
8,677,494 (“the ’494 patent”); 7,975,305 (“the ’305 patent”); 8,225,408 (“the ’408 patent”); and
26
6,965,968 (“the ’968 patent”). See Dkt. No. 112-2 at 2. After SonicWall objected to deficiencies
27
in the original disclosure, Finjan served a supplemental disclosure on November 9, 2018, in which
28
it added approximately 500 pages of excerpts from recently produced confidential SonicWall
1
documents. Dkt. No. 118 at 2; compare Dkt. No. 112-2 at 1 (stating that Finjan’s original
2
disclosures amounted to “over 1,400 pages of contentions”) with Dkt. No. 118-2 ¶ 10 (“On
3
November 9, 2018, Finjan served supplemental infringement contentions, with charts totaling over
4
1900 pages.”).
Finjan’s supplemental disclosure includes a cover pleading that identifies the asserted
5
6
claims, provides a summary of Finjan’s infringement contentions, and describes the documents
7
Finjan has produced in support of its assertions. The cover pleading attaches a list of accused
8
instrumentalities and 31 claim charts. Dkt. No. 112-3. The list of accused instrumentalities
9
includes at least 99 distinct instrumentalities—software and hardware products and services—
organized into three product categories: (1) SonicWall Gateways, (2) SonicWall Email Security
11
United States District Court
Northern District of California
10
Appliance (ESA) products, and (3) Secure Mobile Access (SMA) Appliance products. Id., Ex. A
12
at 1–2. Finjan separately identifies SonicWall’s Capture Advanced Threat Protection (“Capture
13
ATP”) product as an accused instrumentality, but also includes it within each of the three
14
identified product categories. Id.
SonicWall now moves to compel further supplemental infringement contentions as to all
15
16
asserted patents.
17
II.
18
19
20
21
22
23
24
25
26
27
28
LEGAL STANDARD
Patent Local Rule 3-1 requires, among other things:
[A] party claiming patent infringement shall serve on all parties . . .
the “Disclosure of Asserted Claims and Infringement Contentions”
[which] shall contain the following information:
(a) Each claim of each patent in suit that is allegedly
infringed by each opposing party, including for each claim
the applicable statutory subsections of 35 U.S.C. § 271
asserted;
(b) Separately for each asserted claim, each accused
apparatus, product, device, process, method, act, or other
instrumentality (“Accused Instrumentality”) of each
opposing party of which the party is aware. This
identification shall be as specific as possible. Each product,
device, and apparatus shall be identified by name or model
number, if known. Each method or process shall be
identified by name, if known, or by any product, device, or
apparatus which, when used, allegedly results in the practice
of the claimed method or process;
2
1
4
(c) A chart identifying specifically where and how each
limitation of each asserted claim is found within each
Accused Instrumentality, including for each limitation that
such party contends is governed by 35 U.S.C. § 112(6), the
identity of the structure(s), act(s), or material(s) in the
Accused Instrumentality that performs the claimed function.
...
5
“The overriding principle of the Patent Local Rules is that they are designed [to] make the
2
3
6
parties more efficient, to streamline the litigation process, and to articulate with specificity the
7
claims and theory of a plaintiff’s infringement claims.” Bender v. Maxim Integrated Prods., No.
8
09-cv-01152-SI, 2010 WL 1135762, at *2 (N.D. Cal. Mar. 22, 2010) (alteration in original;
9
internal citation omitted). Patent Local Rule 3-1 is intended to require the plaintiff “to crystallize
its theories of the case early in the litigation and to adhere to those theories once disclosed.”
11
United States District Court
Northern District of California
10
Bender v. Advanced Micro Devices, Inc., No. 09-cv-1149-EMC, 2010 WL 363341, at *1 (N.D.
12
Cal. Feb. 1, 2010). It “takes the place of a series of interrogatories that defendants would likely
13
have propounded had the patent local rules not provided for streamlined discovery.” Network
14
Caching Tech., LLC v. Novell, Inc., No. 01-cv-2079-VRW, 2002 WL 32126128, at *4 (N.D. Cal.
15
Aug. 13, 2002).
“[A]ll courts agree that the degree of specificity under [Patent] Local Rule 3-1 must be
16
17
sufficient to provide reasonable notice to the defendant why the plaintiff believes it has a
18
‘reasonable chance of proving infringement.’” Shared Memory Graphics LLC v. Apple, Inc., 812
19
F. Supp. 2d 1022, 1025 (N.D. Cal. 2010) (quoting View Eng’g, Inc. v. Robotic Vision Sys., Inc.,
20
208 F.3d 981, 986 (Fed. Cir. 2000)). The local rules do not “require the disclosure of specific
21
evidence nor do they require a plaintiff to prove its infringement case,” but “a patentee must
22
nevertheless disclose what in each accused instrumentality it contends practices each and every
23
limitation of each asserted claim to the extent appropriate information is reasonably available to
24
it.” DCG Sys. v. Checkpoint Techs., LLC, No. 11-cv-03792-PSG, 2012 WL 1309161, at *2 (N.D.
25
Cal. Apr. 16, 2012).
26
III.
27
28
DISCUSSION
SonicWall moves to compel further supplemental infringement contentions on three
grounds. First, SonicWall says Finjan’s contentions generally fail to identify the accused
3
1
instrumentalities with sufficient specificity. Second, SonicWall says that the infringement
2
contentions generally rely on screenshots without any explanation of how those screenshots
3
disclose where a limitation may be found in an accused instrumentality. Third, SonicWall objects
4
to specific alleged deficiencies in Finjan’s charts for the ’305, ’926, ’408, ’844, ’780, ’154, and
5
’968 patents.
6
7
8
9
A.
Issues Common to All Asserted Patents
1.
Finjan’s Identification of Accused Instrumentalities
SonicWall argues that Finjan does not adequately identify the instrumentalities that Finjan
contends infringe the asserted claims. SonicWall points to three problems: First, SonicWall says
that Finjan’s list of accused instrumentalities is insufficiently precise because it includes
11
United States District Court
Northern District of California
10
unidentified components, including “all supporting server and/or cloud infrastructure, Capture
12
ATP, feeds, and other components that are utilized by” the specifically identified products. Dkt.
13
No. 112-3, Ex. A at 1–2. Second, SonicWall says Finjan’s claim charts contain open-ended
14
descriptions of the accused instrumentalities, using phrases like “at least the following” and “either
15
alone or when used in conjunction with” that encompass an unknown and undefined set of
16
additional products and systems. Dkt. No. 112 at 6–7. Third, SonicWall says that Finjan relies on
17
confusing alternative infringement “scenarios” that Finjan says infringe “either alone or in
18
combination with Capture ATP,” when Capture ATP is separately listed as part of the accused
19
instrumentalities. Id. at 7.
20
SonicWall’s complaints are well-taken. As currently drafted, Finjan’s contentions do not
21
provide SonicWall reasonable notice of what is actually accused. The use of open-ended language
22
and references to other unidentified components renders Finjan’s disclosure of the accused
23
instrumentalities unacceptably vague. See Finjan Inc. v. Proofpoint Inc., No. 13-cv-05808-HSG,
24
2015 WL 1517920, at *5–6 (N.D. Cal. Apr. 2, 2015) (limiting claims to products expressly named
25
in infringement contentions and striking “including but not limited to” from Finjan’s definition of
26
“Proofpoint Products”); Alacritech Inc. v. CenturyLink, Inc., No. 2:16-cv-00693-JRG-RSP, 2017
27
WL 3007464, at *2–3 (E.D. Tex. July 14, 2017) (rejecting catch-all language identifying accused
28
instrumentalities as, among other things, “any of its other activities, products and/or services that
4
1
use servers or computers to practice and/or support infringing LSO functionality” because such
2
language fails to provide adequate notice of the allegedly infringing devices).
3
At the hearing, Finjan offered to revise its contentions to eliminate “and/or” language from
4
its charts and to clarify that the “all supporting server and/or cloud infrastructure, Capture ATP,
5
feeds, and other components that are utilized by” language is limited to the supporting server
6
and/or cloud infrastructure described in Finjan’s charts. Those revisions are necessary, but not
7
sufficient. Finjan must amend its identification of accused instrumentalities to remove placeholder
8
references to unspecified products, services, or components. In addition, Finjan must specify
9
whether a product or service infringes alone or in combination. For example, if Finjan contends
that the Capture ATP product infringes an asserted claim, both alone and in combination with
11
United States District Court
Northern District of California
10
some other product or service, its infringement contentions should make that clear. In addition,
12
Finjan must avoid the confusion that arises from defining Capture ATP as both part of and
13
separate from another accused instrumentality. See Finjan, Inc. v. Check Point Software Techs.,
14
Inc., No. 18-cv-02621-WHO, 2019 WL 955000, at *4 (N.D. Cal. Feb. 27, 2019) (requiring Finjan
15
to specify infringing combinations.)
16
2.
Finjan’s Use of Screenshots
17
SonicWall argues that Finjan’s contentions do not satisfy the requirements of Patent Local
18
Rule 3-1 because they refer extensively to screenshots of images taken from SonicWall marketing
19
materials, with little or no explanation of how the information contained in the screenshots relates
20
to the claim limitations at issue. As an example, SonicWall cites a portion of Finjan’s
21
infringement contentions for the “rule-based content scanner” limitation of claim 1 of the ’305
22
patent, in which Finjan states:
23
24
25
26
27
28
In one scenario, as shown below, the cloud AV scan engine (rulebased content scanner) of the SonicWall Gateways (network
interface) scans the content of files transmitted through traffic that is
inspected for parsing by a software proxy. The cloud AV scan
engine communicates with the database of parser and analyzer rules
when it queries the database to compare the content properties of the
file being scanned against the content of recognizable computer
exploits in order to identify the presence of potential computer
exploits within the scanned file.
Dkt. No. 111-20 at 18. This text is followed by a screenshot:
5
1
2
3
4
5
6
7
Id. Finjan does not indicate where in the image any of the elements described in the text may be
8
found, and it is by no means self-evident from the image alone. See Digital Reg of Texas, LLC v.
9
Adobe Sys. Inc., No. CV 12–01971–CW, 2013 WL 3361241, at *4 (N.D. Cal. July 3, 2013)
(rejecting unexplained reference to screenshots in lieu of explanatory text); Proofpoint, 2015 WL
11
United States District Court
Northern District of California
10
1517920, at *6 (same).
12
Patent Local Rule 3-1(c) requires Finjan to provide contentions “that identify what
13
structure, act, or material in each of the [accused instrumentalities] infringes each claim element”
14
by mapping each claim element to specific elements of the accused instrumentalities. Proofpoint,
15
2015 WL 1517920, at *6–7. Finjan correctly observes that there is no prohibition on the use of
16
screenshots in infringement contentions. However, if Finjan wishes to rely on screenshots, it must
17
identify how what is shown in the image maps to the particular claim limitation for which the
18
image is referenced, such as by circling or labeling in a meaningful way the elements of the image
19
that correspond to the limitations at issue.
20
21
22
Finjan must amend its contentions to eliminate the use of unexplained screenshots.
B.
’305 Patent
The ’305 patent is directed to a computer security system for scanning and diverting
23
incoming content received from the Internet to an Internet application running on a computer.
24
Dkt. No. 1-9. Claims 1 and 6 recite:
25
26
27
28
1. A security system for scanning content within a computer,
comprising:
a network interface, housed within a computer, for receiving
incoming content from the Internet on its destination to an
Internet application running on the computer;
6
1
a database of parser and analyzer rules corresponding to
computer exploits, stored within the computer, computer
exploits being portions of program code that are malicious,
wherein the parser and analyzer rules describe computer
exploits as patterns of types of tokens, tokens being program
code constructs, and types of tokens comprising a
punctuation type, an identifier type and a function type;
2
3
4
5
a rule-based content scanner that communicates with said
database of parser and analyzer rules, operatively coupled
with said network interface, for scanning incoming content
received by said network interface to recognize the presence
of potential computer exploits therewithin;
6
7
8
a network traffic probe, operatively coupled to said network
interface and to said rule-based content scanner, for
selectively diverting incoming content from its intended
destination to said rule-based content scanner; and
9
10
a rule update manager that communicates with said database
of parser and analyzer rules, for updating said database of
parser and analyzer rules periodically to incorporate new
parser and analyzer rules that are made available.
United States District Court
Northern District of California
11
12
13
14
6. The system of claim 1 wherein the incoming content received
from the Internet by said network interface is HTTP content.
15
Id. at claims 1, 6. SonicWall argues that Finjan does not identify the specific components in the
16
accused instrumentalities that map to certain limitations of claim 6.
17
18
1.
“a network interface housed within a computer”
SonicWall says that Finjan’s contentions for the accused Capture ATP instrumentality do
19
not identify “the computer” that houses the “network interface,” as recited in claim 6. Finjan’s
20
contentions state that “[t]he computer which houses the network interface resides (either alone or
21
as a distributed computer system) includes the Capture ATP and the Cloud Sandbox computers,”
22
and reference a diagram of Capture ATP. See Dkt. No. 111-22 at 1. Apart from the open-ended
23
nature of this contention, the problem is that Finjan nowhere identifies what “the Capture ATP and
24
Cloud Sandbox computers” are, and no such computers are identified in the referenced diagram.
25
26
27
28
Finjan must amend its contentions to identify where the computer that houses the network
interface of claim 6 may be found in the accused Capture ATP instrumentality.
2.
“database of parser and analyzer rules”
SonicWall says that Finjan’s contentions for the accused Capture ATP instrumentality do
7
1
not identify the “database of parser and analyzer rules,” as recited in claim 6. Additionally,
2
SonicWall contends that the database of parser and analyzer rules must be stored on the same
3
computer that houses the network interface, and it complains that it cannot tell which, if any,
4
component of Capture ATP is “the computer” of claim 6. Dkt. No. 112 at 10. Finjan responds
5
that its contentions state that the database “resides on the Capture ATP system” and more
6
specifically that “in some scenarios . . . the database or rules are stored in the SonicWall Firewall,
7
SonicWall Capture cloud service, and/or the SonicWall GRID Data Center” within the Capture
8
ATP system. Dkt. No. 118 at 9.
While Finjan has identified multiple locations where the database may be stored, it has not
10
identified what element of Capture ATP constitutes the database of claim 6. Finjan must identify
11
United States District Court
Northern District of California
9
the computer on which the database is stored. In addition, if SonicWall has already produced
12
technical documents, source code, and internal source code architecture documents for Capture
13
ATP, Finjan should be in a position to also identify the database that meets this limitation. DCG
14
Sys., 2012 WL 1309161, at *2 (“[A] patentee must nevertheless disclose what in each accused
15
instrumentality it contends practices each and every limitation of each asserted claim to the extent
16
appropriate information is reasonably available to it.”); Check Point, 2019 WL 955000, at *6 (“It
17
is Finjan’s obligation to identify the particular claim components in each claim, map those
18
components onto the features of the allegedly infringing products, and pinpoint cite source code
19
that practices that component.”); Proofpoint, 2015 WL 1517920, at *6–7 (finding contentions,
20
“largely comprised of generic marketing literature and screenshots” with only “high-level
21
generalities” do not satisfy a patentee’s burden under Patent L.R. 3-1(c)).
22
23
3.
“Internet application running on a computer”
SonicWall says that Finjan’s contentions for the Gateways, ESA, and Capture ATP
24
instrumentalities do not identify any component that constitutes an “Internet application running
25
on the computer,” as recited in claim 6. Finjan responds that its contentions identify “web
26
browsers, FTP or file download clients, messaging clients and email client applications” as
27
“Internet applications.” Dkt. No. 111-20 at 1; Dkt. No. 111-22 at 1; Dkt. No. 111-24 at 1. In
28
addition, Finjan contends that the accused instrumentalities “include[] both hardware (such as a
8
1
network interface) and software (proxy software) components that can receive content included in
2
files (incoming content from the Internet on its destination to an Internet application running on
3
the computer) for inspection to detect the presence of malware (a security system)[,]” and that they
4
“include a network interface housed within a computer because they include both hardware and
5
software components that scan content included in files transmitted between a source computer
6
(e.g., Internet) and a destination computer (e.g., web client or application) over a computer
7
network.” Dkt. No. 111-20 at 1, 2; Dkt. No. 111-22 at 1, 2; Dkt. No. 111-24 at 1, 2.
8
9
These contentions are not sufficiently specific. Finjan identifies types of internet
applications, but they are disclosed as examples only. Finjan does not identify any particular
application or applications as the “Internet application running on the computer” that meets this
11
United States District Court
Northern District of California
10
limitation of claim 6. To the extent Finjan contends that the SonicWall Gateways or ESA
12
products themselves are the “Internet application running on the computer,” such contention is not
13
clearly stated.
14
Finjan must amend its contentions to identify the Internet application or applications that
15
meet this limitation of claim 6. If SonicWall has already produced technical specifications and
16
source code for the Gateways, ESA, and Capture ATP products, Finjan should be able to identify
17
the application or applications with specificity.
18
4.
“rule-based content scanner”
19
SonicWall says that Finjan’s contentions do not identify a “rule-based content scanner” for
20
any accused instrumentality. In particular, SonicWall objects to Finjan’s use of the undefined and
21
unexplained terms “scan engine” and “scanners” as proxies for a specific component of the
22
accused instrumentalities that meets this claim limitation when no such components with those
23
names are identified in any of SonicWall’s products. Dkt. No. 112 at 11–12. In addition,
24
SonicWall complains that Finjan’s contentions merely paraphrase the claim language without
25
identifying the elements of the accused instrumentalities that perform the functions of the rule-
26
based content scanner. Dkt. No. 120 at 7. Finjan responds that it has identified numerous items in
27
the accused instrumentalities, including “AV scan engines, scanners using Yara rules, scanners
28
using SonicWall Signatures, cache lookup, static analysis, sandbox, dynamic analysis, packet
9
1
inspectors, or similar scan engine/analyzers,” that perform the claimed functions of a rule-based
2
content scanner. Dkt. No. 118 at 10.
3
The primary difficulty with Finjan’s contentions here is that while all of these “scanners”
4
may be examples of rule-based content scanners, it not clear whether Finjan contends that such
5
scanners are, in fact, found in the accused instrumentalities, and if so, where they are found. It is
6
not sufficient for Finjan to simply declare that a component that performs the claimed
7
functionality exists in an accused instrumentality; Finjan must identify the infringing element and
8
where it is found.
9
Finjan must amend its contentions to identify which component or components comprise
the rule-based content scanner of claim 6. If SonicWall has already produced technical
11
United States District Court
Northern District of California
10
specifications and source code for the accused instrumentalities, Finjan should be able to identify
12
the claimed scanner with specificity.
13
5.
“rule update manager”
14
SonicWall says that Finjan’s contentions do not identify a “rule update manager” for any
15
accused instrumentality. The parties’ arguments with respect to this limitation are similar to the
16
arguments they made with respect to the “rule-based content scanner” limitation.
17
The Court’s decision is also the same. Finjan must amend its contentions to identify which
18
component or components comprise the rule update manager of claim 6. If SonicWall has already
19
produced technical specifications and source code for the accused instrumentalities, Finjan should
20
be able to identify the claimed rule update manager with specificity.
21
22
6.
“patterns of types of tokens”
As recited in claim 6, the parser and analyzer rules stored in the database “describe
23
computer exploits as patterns of types of tokens.” SonicWall says that Finjan has not identified
24
any aspect of the accused instrumentalities that constitutes rules describing exploits as “patterns of
25
types of tokens,” but has instead merely identified “tokens” or “token patterns.” Dkt. No. 112 at
26
13 (emphasis original). SonicWall contends that this is an important distinction in view of the
27
prosecution history of the ’305 patent, in which the USPTO accepted Finjan’s argument that its
28
invention was not unpatentable in view of the prior art under 35 U.S.C. §§ 102(e) and 103(a) on
10
1
the basis that “patterns of types of tokens” differs from “tokens.” Dkt. No. 112-17 at 9
2
(“Applicants wish to point out that the phrases ‘tokens’ and ‘patterns of types of tokens’ have
3
different meanings.”). Finjan argued during prosecution that, “[i]n particular, as used in the
4
subject specification, ‘types of tokens’ refers to a categorization of tokens into types. A ‘type’ is a
5
category.” Id.
6
Finjan’s contentions refer almost exclusively to “tokens,” “patterns,” or “token patterns” in
7
the accused instrumentalities. For example, Finjan’s contentions for the SonicWall Gateways
8
instrumentalities state:
9
10
United States District Court
Northern District of California
11
12
13
14
15
16
AV databases used by SonicWall Gateways contain parser and
analyzer rules because the rules include conditions configured to
recognize patterns that correspond to code associated with
polymorphic viruses (obfuscated code), worms, Trojans, and
malware (computer exploits). . . . The portions of program code
used to produce the Polymorphic viruses, worms, Trojans, and
malware are tokens because they are generated in accordance with
the lexical constructs of a particular programming language so that
they can be downloaded / executed at a destination computer, as
intended by the code’s author. The AV database includes analyzer
rules because it stores token patterns that enable SonicWall
Gateways to quickly detect program code associated with
Polymorphic viruses, worms, Trojans, and malware when
processing the code during file inspection procedures.
17
Dkt. No. 111-20 at 6 (emphases added); see also Dkt. No. 111-24 at 7 (same paragraph for ESA
18
products). Finjan does not point to parser and analyzer rules in the Gateways instrumentalities
19
that it says describe “patterns of types of tokens,” except in summarizing its conclusion that the
20
accused instrumentalities meet the claim limitation. See, e.g., Dkt. No. 111-20 at 7 (“In [this]
21
fashion, the parser and analyzer rules used by SonicWall Gateways describe these computer
22
exploits as patterns of types of tokens based on the different character combinations.”); see also
23
Dkt. No. 111-24 at 9 (same paragraph for ESA products).
24
Finjan objects that SonicWall improperly attempts to argue claim construction issues in
25
support of its motion to compel. Dkt. No. 118 at 13. Finjan also argues that its contentions are
26
sufficiently detailed to put SonicWall on notice of what Finjan contends meets the “patterns of
27
types of tokens” limitation. Id. at 13–14.
28
This dispute presents a closer call. Finjan has disclosed what it contends are tokens and
11
1
patterns of tokens that are recognized by parser and analyzer rules. If Finjan believes that these
2
tokens and patterns of tokens meet the “patterns of types of tokens” limitation, then no amendment
3
is required, and SonicWall will be free to argue, in view of the prosecution history or otherwise,
4
that tokens and patterns of tokens do not meet this limitation and the accused instrumentalities do
5
not infringe on this basis. If, however, Finjan contends that the parser and analyzer rules
6
recognize something other than tokens or patterns of tokens as “patterns of types of tokens,”
7
Finjan must disclose what that something else is. See, e.g., St. Clair Intellectual Prop.
8
Consultants, Inc. v. Matsushita Elec. Indus. Co., Ltd., C.A. Nos. 04-1436-LPS, 06-404-LPS, 08-
9
371-LPS, 2012 WL 1015993, at *5 (D. Del. Mar. 26, 2012) (“When claim construction remains an
open issue at the time the parties serve expert reports and infringement contentions, the parties
11
United States District Court
Northern District of California
10
have an obligation to prepare for the fact that the court may adopt the other party’s claim
12
construction.”) (internal quotation marks and alterations omitted), aff’d 552 F. App’x 915 (Fed.
13
Cir. 2013) (per curiam).
’926 Patent
14
C.
15
The ’926 patent is directed to a system for detecting malicious information associated with
16
a downloadable application. Asserted claim 22 of the ’926 patent claims a system for managing
17
“Downloadables” as follows:
18
22. A system for managing Downloadables, comprising:
19
a receiver for receiving an incoming Downloadable;
20
a Downloadable identifier for performing a hashing function
on the incoming Downloadable to compute an incoming
Downloadable ID;
21
22
23
24
25
a database manager for retrieving security profile data for the
incoming Downloadable from a database of Downloadable
security profiles indexed according to Downloadable IDs,
based on the incoming Downloadable ID, the security profile
data including a list of suspicious computer operations that
may be attempted by the Downloadable; and
27
a transmitter coupled with said receiver, for transmitting the
incoming Downloadable and a representation of the retrieved
Downloadable security profile data to a destination
computer, via a transport protocol transmission.
28
Dkt. No. 1-5 at claim 22. The Court has adopted the parties’ agreed construction of
26
12
1
“Downloadable” as meaning “an executable program, which is downloaded from a source
2
computer and run on the destination computer.” Dkt. No. 132 at 5. The parties dispute the
3
adequacy of Finjan’s contentions for two limitations of claim 22.
4
5
1.
“database manager”
SonicWall says that Finjan’s contentions do not identify any specific component within the
accused instrumentalities that corresponds to the “database manager” that “retriev[es] security
7
profile data for the incoming Downloadable.” Instead, SonicWall says that Finjan relies on
8
“functional claiming” in which it merely parrots the claim language. Dkt. No. 112 at 14–15.
9
SonicWall also objects to Finjan’s frequent reference to various scenarios in which Finjan says the
10
database manager “includes” different SonicWall products or services. Id. Finjan responds that it
11
United States District Court
Northern District of California
6
has described in detail how the database manager infringes. See Dkt. No. 118 at 14. Finjan does
12
not address SonicWall’s principle objection, which is that Finjan has not identified which
13
components of the accused instrumentalities constitute the claimed database manager.
14
Finjan’s contentions for this limitation suffer from the same problems as many of its other
15
contentions, as Finjan appears to rely on open-ended language and ambiguous references to
16
screenshots to support its contention that the accused instrumentalities include the claimed
17
database manager. Finjan does not state what component in any instrumentality is the database
18
manager. It must amend its contentions to identify which component or components comprise the
19
database manager of claim 22. If SonicWall has already produced technical specifications and
20
source code for the accused instrumentalities, Finjan should be able to identify the claimed
21
database manager with specificity.
22
23
2.
“database of Downloadable security profiles indexed according to
Downloadable IDs”
SonicWall says that Finjan has effectively identified every database in the accused
24
25
instrumentalities as the “database of Downloadable security profiles indexed according to
Downloadable IDs,” and so has not really identified any specific database or databases, thereby
26
concealing its infringement theory from SonicWall. Dkt. No. 112 at 15–16. Finjan responds that
27
its contentions do refer to specific databases and do not encompass databases that may only be
28
13
1
2
used with an accused instrumentality. Dkt. No. 118 at 15.
Finjan has identified some specific databases that it contends are the claimed database of
3
Downloadable security profiles indexed according to Downloadable IDs, but its contentions suffer
4
from the problem of reliance on open-ended language discussed above. Finjan must amend its
5
infringement contentions to identify the specific databases that it contends constitute the claimed
6
database of Downloadable security profiles indexed according to Downloadable IDs of claim 22.
7
Finjan’s amended contentions also should disclose the basis for its contention that a particular
8
database includes “Downloadable security profiles indexed according to Downloadable IDs.” If
9
SonicWall has already produced technical specifications and source code for the accused
10
instrumentalities, Finjan should be able to identify the claimed database with specificity.
’408 Patent
United States District Court
Northern District of California
11
D.
12
The ’408 patent is directed to a method and system for rule-based content scanning that
13
identifies patterns of lexical constructs for a specific language and identifies the presence of
14
potential exploits within an incoming byte stream based on rules for that language. Dkt. No. 1-10.
15
Asserted claim 9 reads:
16
17
18
19
20
21
22
23
24
25
26
27
28
9. A computer system for multi-lingual content scanning,
comprising:
a non-transitory computer-readable storage medium storing
computer-executable program code that is executed by a
computer to scan incoming program code;
a receiver, stored on the medium and executed by the
computer, for receiving an incoming stream of program
code;
a multi-lingual language detector, stored on the medium and
executed by the computer, operatively coupled to said
receiver for detecting any specific one of a plurality of
programming languages in which the incoming stream is
written;
a scanner instantiator, stored on the medium and executed by
the computer, operatively coupled to said receiver and said
multi-lingual language detector for instantiating a scanner for
the specific programming language, in response to said
determining, the scanner comprising:
a rules accessor for accessing parser rules and
analyzer rules for the specific programming
14
language, wherein the parser rules define certain
patterns in terms of tokens, tokens being lexical
constructs for the specific programming language,
and wherein the analyzer rules identify certain
combinations of tokens and patterns as being
indicators of potential exploits, exploits being
portions of program code that are malicious;
1
2
3
4
a tokenizer, for identifying individual tokens within
the incoming;
a parser, for dynamically building while said receiver
is receiving the incoming stream, a parse tree whose
nodes represent tokens and patterns in accordance
with the parser rules accessed by said rules accessor;
and
5
6
7
8
an analyzer, for dynamically detecting, while said
parser is dynamically building the parse tree,
combinations of nodes in the parse tree which are
indicators of potential exploits, based on the analyzer
rules; and
9
10
United States District Court
Northern District of California
11
a notifier, stored on the medium and executed by the
computer, operatively coupled to said scanner instantiator for
indicating the presence of potential exploits within the
incoming stream, based on results of said analyzer.
12
13
14
Id. at claim 9. SonicWall contends that Finjan has not identified the components in the accused
15
instrumentalities that correspond to several limitations in claim 9.
16
17
1.
“multi-lingual language detector”
SonicWall says that Finjan’s contentions do not identify any specific component in the
18
accused instrumentalities that serves as a “multi-lingual language detector.” Instead, SonicWall
19
argues, Finjan contends that a “multi-lingual language detector” must be present because the
20
accused instrumentalities “include a vocabulary built of programming languages which allow [the
21
accused instrumentality] to classify web content,” “use techniques such as Bayesian analysis and
22
gibberish detection to look inside the header and payload of network traffic to detect any specific
23
one of a plurality of programming language in which the incoming stream is written,” and
24
“inspect[] a number of different file types that are written in a number of different programming
25
languages.” Dkt. No. 111-14 at 48–49. Finjan acknowledges that its contentions refer to the
26
performance of certain functions. See Dkt. No. 118 at 16 (“Finjan explicitly identified what
27
functionality of the Accused Product it contends are the multi-lingual language detectors and
28
states that they inspect the incoming content to determine the language.”). However, Finjan says
15
1
that it also refers to specifically to the technology that is used to meet this limitation. Id. (“Finjan
2
also describes the technology that the multi-lingual language detector uses . . . .”).
3
Again, the problem is that Finjan does not identify what component constitutes the multi-
4
lingual language detector; it only identifies the function it performs and how it performs that
5
function. Finjan must amend its contentions to identify the component or components of the
6
accused instrumentalities that constitute the multi-lingual language detector of claim 9. If
7
SonicWall has already produced technical specifications and source code for the accused
8
instrumentalities, Finjan should be able to identify the claimed multi-lingual language detector
9
with specificity.
10
2.
“scanner instantiator”
United States District Court
Northern District of California
11
The parties’ dispute concerning Finjan’s contentions for the “scanner instantiator”
12
limitation is similar to their dispute concerning Finjan’s contentions for the “multi-lingual
13
language detector.” By its own admission, Finjan attempts to identify the accused scanner
14
instantiator in the accused instrumentalities by describing “its functionality . . . and what it
15
instantiates.” Dkt. No. 118 at 16–17.
16
Finjan must amend its contentions to identify the component or components of the accused
17
instrumentalities that constitute the scanner instantiator of claim 9. If SonicWall has already
18
produced technical specifications and source code for the accused instrumentalities, Finjan should
19
be able to identify the claimed scanner instantiator with specificity.
20
21
3.
“a scanner for the specific programming language”
SonicWall says that Finjan’s contentions do not actually identify a scanner that is specific
22
to any programming language, as claim 9 requires. Dkt. No. 112 at 17–18. Finjan does not
23
dispute that its disclosure must identify a scanner specific to a programming language. It argues
24
that by describing how the scanners are specific to a programming language, it has sufficiently
25
identified the claimed scanner. Dkt. No. 118 at 7 (quoting Dkt. No. 111-14 at 53, 54–55). This is
26
not sufficient.
27
28
Finjan must amend its contentions to identify the component or components of the accused
instrumentalities that constitute the scanner of claim 9. If SonicWall has already produced
16
1
technical specifications and source code for the accused instrumentalities, Finjan should be able to
2
identify the claimed scanner with specificity.
3
4
4.
“rules accessor” / “analyzer for dynamically detecting”
SonicWall argues that the “scanner” of claim 9 has five sub-components. See Dkt. No.
5
112 at 17–19. In fact, the scanner has only four sub-components: a rules accessor, a tokenizer, a
6
parser, and an analyzer. Dkt. No. 1-10 at claim 9. SonicWall says that Finjan has not identified a
7
scanner that includes these sub-components, nor has it identified components that map to the rules
8
accessor or the analyzer. Dkt. No. 112 at 18–19. Finjan responds that its contentions include
9
details of what the rules accessor and analyzer do, and argues that because Finjan has already
identified the scanner of claim 9, SonicWall’s complaint that Finjan has not identified the
11
United States District Court
Northern District of California
10
components embodying the rules accessor and the analyzer is mistaken. Dkt. No. 118 at 17–20.
12
The difficulty with Finjan’s arguments is that its contentions are mostly limited to
13
describing the functionality of the rules accessor and the analyzer; it does not identify which
14
components in the accused instrumentalities meet these limitations. Id. The Court is not
15
persuaded that the “nature of the technology” makes it impossible for Finjan to identify the
16
infringing components. See id. at 20. If Finjan has the benefit of SonicWall’s technical
17
specifications and source code for the accused instrumentalities, it should be able to identify the
18
components that meet these limitations with specificity. Finjan must amend its contentions to
19
identify the component or components of the accused instrumentalities that constitute the rules
20
accessor and analyzer of claim 9.
21
5.
22
“notifier”
SonicWall says that the “notifier” is a sub-component of the “scanner for the specific
23
language,” and that Finjan does not identify any component in the accused instrumentalities that
24
meets this limitation. Dkt. No. 112 at 19. Finjan correctly observes that the “notifier” is not part
25
of the claimed scanner, but rather a separate claim element. Dkt. No. 118 at 20. SonicWall does
26
not address the “notifier” limitation in its reply. See Dkt. No. 120.
27
Nevertheless, the Court observes that Finjan’s contentions for the “notifier” rely on a
28
description of what the notifier does, not what it is. See Dkt. No. 111-14 at 78–79. As Finjan does
17
1
not identify the component or components of the accused instrumentalities that constitute the
2
notifier, it must amend its contentions to remedy this problem.
’844 Patent
3
E.
4
The ’844 patent is directed to a system and method for attaching to a Downloadable a
5
security profile generated according to a set of rules based on the Downloadable’s content. Dkt.
6
No. 1-2. SonicWall challenges the adequacy of Finjan’s contentions for the “inspector” limitation
7
of asserted claim 1 and the “first content inspection engine” of asserted claim 15, both of which
8
are reproduced below:
9
1. A method comprising:
receiving by an inspector a Downloadable;
11
United States District Court
Northern District of California
10
generating by the inspector a first Downloadable security
profile that identifies suspicious code in the received
Downloadable; and
12
13
linking by the inspector the first Downloadable security
profile to the Downloadable before a web server makes the
Downloadable available to web clients.
14
15
16
15. An inspector system comprising:
memory storing a first rule set; and
17
a first content inspection engine for using the first rule set to
generate a first Downloadable security profile that identifies
suspicious code in a Downloadable, and for linking the first
Downloadable security profile to the Downloadable before a
web server makes the Downloadable available to web
clients.
18
19
20
21
22
Id. at claims 1, 15.
SonicWall says that Finjan’s contentions for the “inspector” and “first content inspection
23
engine” limitations do not adequately disclose Finjan’s theories of infringement. Specifically,
24
SonicWall argues that Finjan’s contentions are confusing because they suggest that the accused
25
Gateways instrumentalities are themselves the claimed inspector/first content inspection engine
26
while also identifying many other distinct elements or combinations of elements within and among
27
the Gateways that meet these limitations. Dkt. No. 112 at 19–20. In addition, for some of the
28
purported inspectors in the Gateways, SonicWall argues that Finjan does not disclose how each
18
1
purported “inspector” meets the necessary requirements of that limitation. Id. at 20. Finjan
2
responds by clarifying that it is indeed accusing both the Gateways themselves, as well as
3
elements within the accused instrumentalities. Finjan cites to its contentions about what the
4
inspector and first content inspection engine do and refers to figures incorporated into the
5
contentions. Dkt. No. 118 at 20–21.
6
The Court agrees that Finjan’s contentions for these limitations of claim 1 and claim 15 are
confusing. Finjan must amend its contentions to make clear its different theories of infringement
8
(i.e., Gateways as a whole versus individual components versus combinations). In addition,
9
Finjan must amend its contentions to clearly indicate which component or components meet the
10
claimed limitations. For the inspector limitation, Finjan must also disclose how it contends the
11
United States District Court
Northern District of California
7
accused product or component meets all necessary requirements of that limitation. If SonicWall
12
has already produced technical specifications and source code for the accused instrumentalities,
13
Finjan should be able to identify the claimed inspector and first content inspection engine with
14
specificity.
’780 Patent
15
F.
16
The ’780 patent is directed to a system and method for protecting a computer and a
17
network from hostile Downloadables. Dkt. No. 1-4. Asserted claim 9 recites as follows:
18
9. A system for generating a Downloadable ID to identify a
Downloadable, comprising:
19
a communications engine for obtaining a Downloadable that
includes one or more references to software components
required to be executed by the Downloadable; and
20
21
an ID generator coupled to the communications engine that
fetches at least one software component identified by the one
or more references, and for performing a hashing function on
the Downloadable and the fetched software components to
generate a Downloadable ID.
22
23
24
25
26
Id. at claim 9.
SonicWall says that claim 9 requires “an ID generator” that “fetches at least one software
27
component identified by the one or more references” included in the Downloadable and
28
“perform[s] a hashing function on the Downloadable and the fetched software components to
19
1
generate a Downloadable ID.” Dkt. No. 112 at 22. SonicWall argues that Finjan’s contentions do
2
not identify which component in the accused instrumentalities performs these functions. Finjan
3
responds that it has identified the functionality in SonicWall’s products that meet the ID generator
4
limitation. Finjan argues that it should not be required to provide “the exact name for the
5
structure” because the infringing feature is “software related.” Dkt. No. 118 at 22–23.
6
Finjan may not rely on a description of allegedly infringing functionality that closely tracks
the claim language without identifying the component or feature that performs the claimed
8
function. There is no exception for software-related inventions, particularly where, as here, it
9
appears that Finjan has access to SonicWall’s technical specifications and source code. See, e.g.,
10
Creagri, Inc. v. Pinnaclife, Inc, LLC, No. 11-cv-06635-LHK-PSG, 2012 WL 5389775, at *2 n.6
11
United States District Court
Northern District of California
7
(N.D. Cal. Nov. 2, 2012) (“Where the accused instrumentality includes computer software based
12
upon source code made available to the patentee, the patentee must provide ‘pinpoint citations’ to
13
the code identifying the location of each limitation.”); Digital Reg, 2013 WL 3361241, at *3–4
14
(requiring plaintiff to amend its infringement contention in part because it “has had access to
15
[defendant’s] source code [for eight months] and, at this juncture, should be able to amend its
16
[infringement contentions] to clearly articulate how each of [defendant’s] particular products
17
infringe on Plaintiff’s respective patents”); Finjan, Inc. v. Sophos, Inc., No. 14-cv-01197-WHO,
18
2015 WL 5012679, at *3 (N.D. Cal. Aug. 24, 2015) (rejecting Finjan’s argument that it was not
19
required to provide pinpoint source code citations in its amended infringement contentions
20
asserting the ’780, ’154, ’926, ’844, and ’494 patents, among others). Finjan must amend its
21
contentions to identify the component or components that meet the ID generator limitation of
22
claim 9.
’154 Patent
23
G.
24
The ’154 patent is directed to a system and method for inspecting dynamically generated
25
executable code. Dkt. No. 1-7. SonicWall challenges the adequacy of Finjan’s contentions for
26
several limitations of asserted claims 1, 3 and 10.
27
28
1.
Claim 1: “first function” / “second function”
Asserted claim 1 recites:
20
1
2
3
4
5
6
7
8
9
10
United States District Court
Northern District of California
11
1. A system for protecting a computer from dynamically generated
malicious content, comprising:
a content processor (i) for processing content received over a
network, the content including a call to a first function, and
the call including an input, and (ii) for invoking a second
function with the input, only if a security computer indicates
that such invocation is safe;
a transmitter for transmitting the input to the security
computer for inspection, when the first function is invoked;
and
a receiver for receiving an indicator from the security
computer whether it is safe to invoke the second function
with the input.
Dkt. No. 1-7 at claim 1.
SonicWall argues that claim 1 requires receiving content that includes “a call to a first
12
function . . . the call including an input,” followed by “transmitting the input to the security
13
computer for inspection, when the first function is invoked,” and thereafter “invoking a second
14
function with the input, only if a security computer indicates that such invocation is safe.” Dkt.
15
No. 112 at 23–24. SonicWall’s principle complaint is that Finjan’s contentions do not identify a
16
“first function” or “second function” that meets these limitations of claim 1. Finjan responds that
17
it has disclosed the infringing “first function” in its contentions for the separate “content
18
processor” limitation as follows:
19
20
21
22
An example of first functions in the form of JavaScript functions
include eval, unescape and document.write functions. For example,
eval functions such as eval(base64_decode…) and eval(gzinflate…)
are used to obfuscate or conceal automatic downloads of malware
from a suspicious link or URI (e.g. malicious JavaScript, shellcode,
drivebydownload, droppers, installers, malicious binary).
23
Dkt. No. 111-26 at 1; see also id. at 2 (“Another example of first function is ‘unescape()’ with a
24
large amount of escaped data is detected. . . . An example of first functions in the form of a
25
‘document.write()’ function include document.write(unescape([obfuscated code])), where the first
26
function is a document.write().”); id. at 3 (“Other examples of first functions are functions within
27
PDFs for specifying the action to be performed automatically when the document is viewed such
28
as downloading malware from a suspicious link or URL (e.g. OpenAction); Embed or Launch
21
1
SWF functions within a PDF for running an embedded video file; and functions for launching
2
JavaScript within a PDF (e.g. Launch).”). Similarly, Finjan says that it has disclosed the
3
infringing “second function” in its contentions for the separate “content processor” limitation as
4
follows:
5
Examples of second functions include recursive or suspicious scripts
for obfuscating malicious links/URIs such as eval, unescape and
document.write. In the following example,
eval(base64_decode('ZXJyb3JfcmVwb3J0aW5nKDApOw0KJGJvd
CA 9IE…)) is a second function that is recursively decoding the
obfuscated code
“ZXJyb3JfcmVwb3J0aW5nKDApOw0KJGJvdCA9IE…” Indirect
calls to eval referencing the local scope of the current function or of
unimplemented features (e.g. the document.lastModified property)
are further examples of second functions.
6
7
8
9
10
United States District Court
Northern District of California
11
Id. at 3. And, additionally:
12
Second functions are typically a subsequent function that causes a
download from the same URL such as connecting to or download
files from a remote command and control (CnC) server using
HTTPSendRequest, InternetReadFile with the input (e.g. URL, IP,
file). The content processor will invoke a second function (e.g.
HTTPS file download) with the input (e.g. URL) if the security
computer indicates that such invocation is safe. These second
functions will be invoked by the Accused Products.
13
14
15
16
Second functions include sending results to a protected computer for
automatically downloading from an obfuscated remote location
and/or launching concealed input using certain combinations of
JavaScript, iFrame injections and/or PDF (e.g. OpenAction or
Launch). Such examples include JavaScript and OpenAction
functions within PDFs for launching or downloading code for
exploiting vulnerabilities within Adobe Reader and Adobe Acrobat
such as malicious JavaScript, shellcode, drive-by download,
droppers, installers and malicious binaries. Examples of such
functions include URLDownloadToFile() for dropping malicious
binaries; heap spraying functions including memory-related
functions using PROCESS_MEMORY_COUNTERS; JavaScript
functions in PDF for connecting to the Internet or making a network
connection such as app.mailmsg() and app.launchURL(), as well as
CONNECT-related and LISTEN-related functions; functions for
executing malware via DLL injection such as
CreateRemoteThread(); and functions for executing dropped
malware, such as NtCreateProcess().
17
18
19
20
21
22
23
24
25
26
27
28
Id. at 4.
As explained above, Finjan’s use of “examples” renders its contentions open-ended and
indefinite. However, the examples themselves are sufficiently disclosed with respect to the “first
22
1
function” and “second function.” Finjan should amend its contentions to ensure the contentions
2
are complete and do not rely merely on examples; otherwise, Finjan risks being limited to the
3
examples actually disclosed.
It is not clear, however, how Finjan believes the accused instrumentalities meet the further
4
5
requirements of claim 1 of “transmitting the input to the security computer for inspection, when
6
the first function is invoked,” and thereafter “invoking a second function with the input.” Here,
7
Finjan appears to rely on contentions that essentially repeat the claim language. Finjan must
8
amend its contentions to identify the basis for its view that the accused instrumentalities meet
9
these other limitations of claim 1.
10
2.
Asserted claim 10 is similar to claim 1 except that it discloses program code that
11
United States District Court
Northern District of California
Claim 10: “computing device . . . receiv[ing] a modified input variable”
12
additionally requires “receiv[ing]” and “calling a second function” with “a modified input
13
variable” that “is obtained by modifying the input variable if the inspection of the input variable
14
indicates that calling a function with the input variable may not be safe.” Dkt. No. 1-7 at claim 10.
15
SonicWall says that Finjan’s contentions for claim 10 do not adequately specify how the identified
16
program code causes a “computer device” to “receive a modified input variable.” Dkt. No. 112 at
17
24. Finjan responds that it “does not have to explain what modifies the code or how it is modified
18
. . . because that is not what the claim requires” and that it is sufficient that Finjan simply assert
19
that Capture ATP is a computing device that “receive[s] a modified input variable.” Dkt. No. 118
20
at 24.
21
Finjan identifies “modified code/parameters” as the “modified input variable” and
22
describes “[t]he modified input variable being modified by code, parameters, or URLs.” Dkt. No.
23
111-26 at 22. Finjan then cites to two SonicWall documents that generally describe the overall
24
architecture and process of the Sandbox feature. Id. at 23–24. However, SonicWall contends (and
25
Finjan does not dispute) that those documents say nothing about any kind of “modified
26
code/parameters,” or even any “code, parameters, or URLs.” While Finjan is not required to
27
explain how the input variable is modified, it must provide the bases for its existing contention,
28
including accurate citations to evidence. See, e.g., Check Point, 2019 WL 955000, at *5 (“If the
23
1
cited materials contain information necessary to understand Finjan’s infringement theories, Finjan
2
must identify the particular supporting language in those sources and explain how that language
3
fits into Finjan’s theory of infringement.”) (citing Proofpoint, 2015 WL 151720, at *6).
4
Accordingly, Finjan must amend its contentions to identify the evidence on which it relies for this
5
aspect of its contentions.
6
7
8
9
10
United States District Court
Northern District of California
11
3.
Claim 3: “the input is dynamically generated by said content processor
prior to being transmitted by said transmitter”
Asserted claim 3 requires that the “input” to the “content processor” of claim 1 be
“dynamically generated by said content processor prior to being transmitted by said transmitter.”
Dkt. No. 1-7 at claim 3. SonicWall points out that Finjan’s contentions for claim 3 appear to
assume that the “content processor” of claim 1 (from which claim 3 depends) is the same as the
“security computer” also recited in claim 1. Dkt. No. 112 at 24–25. For this reason, SonicWall
12
argues, Finjan has not provided a coherent theory of infringement for claim 3. Finjan does not
13
respond directly to SonicWall’s argument about the apparent disconnect between Finjan’s
14
contention and the claim language. See Dkt. No. 118 at 24–25.
15
Finjan must amend its contentions to address the ambiguity SonicWall identifies in its
16
contentions for claim 3.
17
18
H.
’968 Patent
The ’968 patent is directed to a policy-based cache manager, which contains a memory
19
storing a cache of digital content, policies, a policy index indicating allowable cache content, a
20
content scanner to scan received digital content to derive a content profile, and a content evaluator
21
to determine whether the content is allowable based on the profile. Dkt. No. 1-11. Asserted claim
22
23
24
25
26
27
1 of the ’968 patent and its dependent claims 7 and 11 require a “policy based cache manager,”
comprised of, among other things, “a memory storing a cache of digital content, a plurality of
policies, and a policy index to the cache contents.” Id. at claims 1, 7, 11. The policy index
“include[es] entries that relate cache content and policies by indicating cache content that is
known to be allowable relative to a given policy, for each of a plurality of policies.” Id.
SonicWall argues that Finjan’s contentions do not identify any component of the accused
28
24
1
instrumentalities that constitutes a “policy index to the cache contents” “including entries that
2
relate cache content and policies by indicating cache content that is known to be allowable relative
3
to a given policy.” Dkt. No. 112 at 25. Finjan’s contentions include the following disclosure:
4
SonicWall Gateways include memory that saves collections of data
locally that can be shared throughout a network of users or for
further security processing. This data includes web content cached
in memory, policies containing layers with one or more rules, and a
policy index to the cache contents. This data is indexed by policy
identifiers using the policy manager, which performs policy
evaluation decisions using various policy constructs which include
conditions, properties, rules and actions that relate cache content and
policies by indicating cache content that is known to be allowable
relative to a given policy, for each of a plurality of policies. When a
browser request is received, SonicWall Gateways check the policy
to determine if the cached content is known to be allowable. When
the objects or collections of data crosses the network, a permission
check occurs using the policy manager containing an index of
entries that relate cached content and policies by indicating the
allowability of certain cached content based on various set of rules
against determinations concerning whether or not they have
malware.
5
6
7
8
9
10
United States District Court
Northern District of California
11
12
13
14
Dkt. No. 111-30 at 6–7. It appears that Finjan has identified allegedly infringing functions
15
performed by the accused instrumentalities and so infers the existence of the claimed policy index.
16
However, the contentions do not identify a component in the accused instrumentalities that
17
constitutes the policy index. Instead, Finjan refers to an undefined “policy manager”—a term that
18
SonicWall says does not appear in the cited documents—which either performs the indexing of
19
cache contents or contains the index itself. Id. at 6–7.
Finjan must amend its contentions to identify the component or feature that performs that
20
21
functions that it says the accused instrumentalities perform. If SonicWall has already produced
22
technical specifications and source code for the accused instrumentalities, Finjan should be able to
23
identify the claimed policy-based cache manager that meets the requirements of claims 1, 7, and
24
11.
25
I.
26
Finjan observes that the “infringing functionalities commonly reside in in the source code
Source Code
27
or in highly confidential internal technical documentation that is not made publicly available.”
28
Dkt. No. 118 at 4. As noted above, the parties agree that SonicWall has produced to Finjan
25
1
technical documents, including source code accompanied by internal source code architecture
2
documents and file manifests, although it is not clear from the record whether Finjan has access to
3
this material for all accused instrumentalities. In these circumstances, the patent holder generally
4
is expected to cite to such documentation and source code in its infringement contentions.
5
Creagri, 2012 WL 5389775, at *2 n.6 (“Where the accused instrumentality includes computer
6
software based upon source code made available to the patentee, the patentee must provide
7
‘pinpoint citations’ to the code identifying the location of each limitation.”); Digital Reg, 2013
8
WL 3361241, at *3–4 (requiring plaintiff to amend its infringement contention in part because it
9
“has had access to [defendant’s] source code [for eight months] and, at this juncture, should be
able to amend its [infringement contentions] to clearly articulate how each of [defendant’s]
11
United States District Court
Northern District of California
10
particular products infringe on Plaintiff’s respective patents”); see also Check Point, 2019 WL
12
955000, at *6–7 (requiring Finjan to amend its infringement contentions with pinpoint source code
13
citations); Sophos, 2015 WL 5012679, at *3 (same).
At the hearing, Finjan requested that the Court order SonicWall to produce a corporate
14
15
representative for a Rule 30(b)(6) deposition on SonicWall’s source code prior to any deadline for
16
serving further supplemental contentions. SonicWall objects to such deposition on the ground that
17
it is premature, given Finjan’s failure to disclose its infringement contentions based on the
18
information it already has. The Court is not persuaded that Finjan should be allowed to depose a
19
corporate witness before it has crystallized its infringement theories. Dkt. No. 120 at 2.
20
IV.
CONCLUSION
21
For the foregoing reasons, the Court grants SonicWall’s motion to compel further
22
infringement contentions as described above. Finjan shall serve its amended contentions no later
23
than 30 days from the date of this order.
24
25
IT IS SO ORDERED.
Dated: May 1, 2019
26
27
VIRGINIA K. DEMARCHI
United States Magistrate Judge
28
26
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?