CENTRIPETAL NETWORKS, INC., v. KEYSIGHT TECHNOLOGIES, INC., et al

Filing 484

OPINION AND ORDER - see order for details. Signed by District Judge Henry C. Morgan, Jr on 9/11/18. (afar)

Download PDF
-iLFD IN THE UNITED STATES DISTRICT COURt FOR THE EASTERN DISTRICT OF VIRGINM Norfolk Division . -le.-k. u s DiSTpict COURT ; '.o^-OuK. CENTRIPETAL NETWORKS, INC., Plaintiff, V. Civil Action No. 2:17cv383 KEYSIGHT TECHNOLOGIES, INC. & IXIA, Defendants. OPINION & ORDER On Friday, August 3, 2018 at 11:00 a.m., the Court conducted a Markman hearing for the purpose of construing twenty-seven (27) disputed terms in the Patents at issue.' Upon consideration of the Parties' briefs and oral arguments, the Court ruled from the bench as to the terms at issue. This Opinion and Order details the Court's claim construction. I. FACTIIAI. BACKGROnND & PROrFDlIRAI. HISTORY On July 20, 2017, Centripetal Networks, Inc. ("Centripetal" or "Plaintiff) filed its original complaint alleging that Keysight Technologies, Inc. ("Keysight") and Ixia (collectively "Defendants") have infringed several of Plaintiffs patents. Plaintiff alleged infringement of four (4) of its patents: U.S. Patent No. 9,264,370 (the "'370 Patent"), U.S. Patent No. 9,137,205 (the "'205 Patent"), U.S. Patent No. 9,560,077 (the "'077 Patent"), and U.S. Patent No. 9,413,722 (the "'722 patent") (collectively "the Asserted Patents"). Doc. 1 ("Compl") 6, 9-15. On September 5, 2017, Defendants filed Motions to Dismiss for failure to State a Claim, a Motion to Dismiss for Improper Venue, and a Motion to Transfer Venue under Section 1404(a). Docs. 20, ' At the beginning ofthe hearing, the parties notified the Court that they had agreed that six (6) ofthe disputed terms no longer neededto be construed. Therefore, this Opinion & Order only addresses the twenty-one (21) remaining terms. 1 23, and 24. On November 15,2017, the Court entered an Order DENYING Defendants' Motion to Dismiss WITHOUT PREJUDICE and an Order DENYING Defendant's Motion to Dismiss for Improper Venue and Motion to Transfer Venue. Docs. 53, 55. On November 15, 2017, the Court also entered an Order for the parties to confer prior to May 10, 2018 to determine whether a Markman hearing is necessary and preliminarily set a Markman hearing for May 24, 2018. Doc. 52. On November 29, 2017, Defendants filed their Answers to Plaintiffs Complaint. Docs. 61,62. On February 12,2018, the Court entered a Stipulated Agreed Order Amending the Court's Markman Order. Doc. 74. On April 9, Plaintiff filed a Motion to Compel Discovery. Doc. 98. On April 16, Plaintiff filed a Motion to Amend/Correct its Complaint. Doc. 100. On April 20, 2018, Plaintiff and Defendants each filed their Claim Construction Briefs. Docs 104, 106. On May 2, 2018, Defendants filed a Motion to Limit the Number of Claims Asserted. Doc. 115. On May 3, 2018, Plaintiff and Defendants each filed Rebuttal Claim Construction Briefs. Docs 117, 119. On May 3, 2018, Defendants also filed a Motion to Strike the Declaration of Dr. Nenad Medvidovic, which was offered in support of Plaintiffs Claim Construction Brief Doc. 120. On May 7, 2018, the Markman hearing was reset for July 3, 2018. On May 14, 2018, Defendants filed a Cross-Motion to Compel discovery. Doc. 128. On May 25,2018, Defendants filed a Motion for Summary Judgment of Invalidity. Doc. 145. On June 1, 2018, the Court set a hearing on Plaintiffs Motions to Compel and to Amend/Correct Complaint and Defendants' Cross-Motion to Compel, Motion to Limit the Number of Claims Asserted, Motion for Summary Judgment, and Motion to Strike the Testimony of Dr. Nedad Medvidovic for June 12, 2018. The Court also entered an Order to Expedite Briefing on Defendants' Motion for Summary Judgment so that Plaintiff's response was due on June 7,2018, and Defendant's Reply was due on June 11, 2018. Doc. 163. At the hearing on June 12, 2018, the Court GRANTED Defendants' Motion to Limit the Number of Claims Asserted. Doc. 198. The Court also GRANTED Plaintiffs Motion to Amend/Correct its Complaint. Id. The Court GRANTED Defendant's Motion to Compel Discovery, IN PART, and the Court RESERVED RULING on Plaintiff's Motion to Compel Discovery, and ORDERED the parties to meet and confer regarding the issues raised in their Motions to Compel. Id. The Court also RESERVED RULING on Defendant's Motion for Summary Judgment and Defendants' Motion to Strike the Declaration of Dr. Nenad Medvidovic. Id. In light of the Plaintiffs Amended Complaint, the Court continued the Markman hearing until August 3,2018. On June 13, 2018, Plaintiff filed its Amended Complaint, which alleged that Defendant infringed two (2) additional patents: U.S. Patent No. 9,917,856 ("the '856 patent") and U.S. Patent No. 9,565,213 ("the 213 patent"). Doc. 192. The Amended Complaint also added claims alleging that Defendants willfully infringed each of the Asserted Patents. Id. On June 18, 2018, the Court entered a Stipulated Order requiring the parties to supplement their Markman briefings by July 20, 2018. On June 28, 2018, Defendants filed their Answers to Plaintiff's Amended Complaint. Docs. 206, 207. On July 12, 2018, Plaintiff filed a Motion to Compel. Doc. 213. Defendants filed a brief in opposition to Plaintiffs Motion to Compel on July 13, 2018. Doc. 222. On July 16, Plaintiff filed a Motion for Protective Order. Doc. 224. On July 19, Plaintiff replied in support of its Motion to Compel. Doc. 235. On July 20, 2018, Plaintiff and Defendants filed their Supplemental Claim Construction Briefs and an Amended Joint Claim Construction and Prehearing Statement. Docs. 240, 241, 244. A hearing on Plaintiffs' Motion to Compel and Motion for Protective Order is set for August 3,2018 at the Markman hearing. II. Claims Asspi^TED A. The '205 Patent The '205 Patent was issued on September 15,2015 for an invention entitled "Method and Systems for Protecting a Secured Network." See Am. Compl. T| 10. The '205 Patent discloses various methods by which a device is programmed to perform protective functions on incoming packets. ^ Am. Compl., Ex. B ('"205 Patent") 1:31-3:32. The '205 Patent contains ninety-six (96) claims, eight (8) of which are independent (Claims 1, 17, 33, 49, 63, 77, 91, and 93). Disputed claim terms are contained in Claims 17 and 33. These claims are reproduced below, with disputed terms underlined where they appear. • Claim 17; A system, comprising: A security policy management server; and One or more packet security gateways associated with the security policy management server, wherein each packet security gateway of the one or more packet security gateways comprises computer hardware and logic configured to cause the packet security gateway to: Receive a plurality of dvnamic securitv policies from the security policy management server; Receive at least one rule specifying a set of network addresses for which associated packets should be forwarded and at least one rule specifying that all packets associated with network addresses outside the set of network addresses for which packets should be forwarded should be dropped; Receive, at a first time, a dvnamic securitv policy specifying a first set of network addresses for which packets should be forwarded; Receive, at a second time, a dvnamic security policv specifying a second set of network addresses for which packets should be forwarded; Receive, at a third time, a dvnamic security policy specifying a third set of network addresses for which packets should be forwarded, the second time being after the first time, the third time being after the second time, the second set of network addresses including more network addresses than the first set of network addresses, and the third set of network addresses including more network addresses than the second set of network addresses; Receive packets associated with a network protected by the packet security gateway; and Perform, on a packet by packet basis, at least one of multiple packet transformation fimctions specified by the plurality of dvnamic security policies on the packets associated with the network protected by the security gateway, wherein each of the one or more packet security gateways is configured to perform the at least one of the multiple packet transformation functions specified by the plurality of dvnamic security policies on the packets by performing at least one packet transformation other than forwarding or dropping the packets. Claim 33: One or more non-transitory computer-readable media having instructions stored thereon, that when executed, cause each packet security gateway of one or more packet security gateways associated with a security policy management server to; Receive a plurality of dynamic security policies form the security policy management server; Receive at least one rule specifying a set of network addresses for which associated packets should be forwarded and at least one rule specifying that all packets associated with network addresses outside the set of network addresses for which packets should be forwarded should be dropped; Receive, at a first time, a dvnamic security policv specifying a first set of network addresses for which packets should be forwarded; Receive, at a second time, a dvnamic security policy specifying a second set of network addresses for which packets should be forwarded; Receive, a third time, a dynamic security policy specifying a third set of network addresses for which packets should be forwarded, the second time being after the first time, the third time being after the second time, the second set of network addresses including more network addresses than the first set of network addresses, and the third set of network addresses including more network addresses than the second set of network addresses; Receive packets associated with a network protected by the packet security gateway; and Perform, on a packet by packet basis, at least one of multiple packet transformation functions specified by the plurality of dynamic security policies on the packets associated with the network protected by the packet security gateway, wherein each of the one or more packet security gateways is configured to perform the at least one of the multiple packet transformation functions specified by the plurality of dynamic security policies on the packets by performing at least one packet transformation function other than forwarding or dropping the packets. B. The '077 Patent The '077 Patent was issued on January 31, 2017 and claims an invention entitled "Method and Systems for Protecting a Secured Network." Am. Compl. K11. The '077 Patent, like the '205 Patent, discloses various methods by which a device wdthin a secured network is programmed to perform protective functions on incoming packets. Sm Am. Compl., Ex. C ("'077 Patent") at 1:41-3:47. The '077 Patent has twenty (20) claims, five (5) of which are independent (Claims 1, 7, 13, 19, and 20). Disputed terms are contained in claims 7 and 13. These claims are reproduced below, with disputed terms underlined where they appear. • Claim 7: A system comprising: At least one processor; and A memory storing instructions that when executed by the at least one processor cause the system to: Provision, each device of a plurality of devices, with one or more rules generated based on a boundary of a network protected bv the plurality of devices with one or more networks other than the network protected bv the plurality of devices at which the device is configured to be located: and Configure, each device of the plurality of devices, to: Receive packets via a communication interface that does not have a network-layer address; Responsive to a determination by die device that a portion of the packets received from or destined for a host located in the network protected by the plurality of devices corresponds to criteria specified by one or more rules, drop the portion of the packets; and Modifying a svyitchine matrix of a local area network (LAN') switch associated with the devise such that the LAN switch is configured to drop the portion of the packets responsive to the determination by the device. • Claim 13: One or more non-transitory computer-readable media comprising instructions that when executed by a computing system cause the computing system to: Provision, each device of a pluralitv of devices, with one or more rules generated based on a boundarv of a network protected bv the oluralitv of devices with one or more networks other than the network protected bv the pluralitv of devices at which the device is configured to be located: and Configure, each device ofthe plurality of devices, to: Receive packets via a communication interface that does not have a network-layer address; Responsive to a determination by the device that a portion of the packets received from or destined for a host located in the network protected by the plurality of devices corresponds to criteria specified by the one or more rules, drop the portion of the packets; and Modify a switching matrix of a local area network (LAN) swdtch associated with the device such that the LAN switch is configured to drop the portion of the packets responsive to the determination by the device. B. The '370 Patent The '370 Patent was issued on February 16, 2016 and is entitled "Correlating Packets in Communications Networks." Am. Compl. ^ 9. The '370 Patent relates to correlating packets received by communications networks. The '370 Patent contains two-hundred and five (205) claims, eighteen (18) of which are independent (Claims 1, 22,43, 64, 76, 88, 100, 111, 122, 133, 142, 151, 160, 169, 178, 187, 194, and 201). Disputed claim terms are contained in Claims 61 and 43.^ These claims are reproduced below, with disputed terms underlined where they appear. • Claim 61: The one or more non-transitory computer-readable media of claim 43, wherein the host located in the second network is associated with a malicious entity, and wherein the instructions, when executed by the computing system, cause the computing system to generate data configured to cause the first network to drop packets transmitted by the host located in the first network. Claim 43 One or more non-transitory computer-readable media comprising instructions that when executed by a computing system cause the computing system to: provision a device in a communication link interfacing a network device and a first network with one or more rules configured to identify a plurality of packets received by the network device from a host located in the first network; provision a device in a communication link interfacing the network device and a second network with one or more rules configured to identify a plurality of packets transmitted by the network device to a host located in a second network; provision the device in the communication link interfacing the network device and the first network and the device in the communication link interfacing the network device and the second network with one or more rules specifying a set of network addresses and configured to cause the computing svstem to log packets destined for one or more network addresses in the set of network addresses; configure the device in the communication link interfacing the network device with the first network to: identify the plurality of packets received bv the network device: generate a plurality of log entries corresponding to the plurality of packets received by the network device; and communicate, to the computing system, the plurality of log entries corresponding to the plurality of packets received by the network device: ^The parties have agreed that claim 61 isrepresentative ofthe claims contained in the '370 patent, however claim 61 depends on independent claim 43. Several of the disputed terms are contained in Claim 43, therefore, I have reproduced claim 43 in addition to claim 61. 8 configure the device in the communication link interfacing the network device with the second network to: identify the plurality of packets transmitted bv the network device: generate a plurality of log entries corresponding to the plurality of packets transmitted by the network device: and commimicate, to the computing system, the plurality of log entries corresponding to the plurality of packets transmitted by the network device: correlate, based on the plurality of log entries corresponding to the plurality of packets received by the network device and the plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of packets transmitted by the network device with the plurality of packets received by the network device: and responsive to correlating the plurality of packets transmitted by the network device with the plurality of packets received by the network device: generate data identifying the host located in the first network; and communicate, to a device located in the first network, the data identifying the host located in the first network. D. The *722 Patent The '722 Patent was issued on August 9, 2016 for an invention entitled "Rule-Based Network-Threat Detection." Sm Am. Compl. f 12. Specifically, the '722 Patent discloses a manner by which a "packet-filtering device" is enabled to perform muUiple threat-detection functions, such as receiving and identifying "a packet" that corresponds to specified network-threat indicators, and preventing a packet that so corresponds from continuing forward to its destination. Id at 1:46-63. The '722 Patent contains twenty-five (25) claims, one (1) of which is independent (Claim 1). All disputed claim terms are contained in Claims 1 and 25 of the patent. These claims are reproduced below, with disputed terms underlined where they appear.^ • Claim 1: A method comprising: Receiving, by a packet-filtering device, a plurality of packet-filtering rules configured to cause the packet-filtering device to identify packets corresponding to at least one of a plurality of network-threat indicators: Receiving, by the packet-filtering device, a plurality of packets, wherein the plurality of packets comprises a first packet and a second packet; Responsive to a determination bv the packet-filtering device that the first packet satisfies one or more criteria, specified bv a packet-filterine rule of the pluralitv of packet-filtering rules, that correspond to one or more network-threat indicators of the pluralitv of network-threat indicators: Applying, by the packet-filtering device and to the first packet, an operator specified by the packet filtering rule and configured to cause the packet-filtering device to allow the first packet to continue toward a destination of the first packet; Communicating, bv the nacket-filtering device, information fi-om the packet- filtering rule that identifies the one or more network-threat indicators, and data indicative that the first packet was allowed to continue toward the destination of the first packet: Causing, by the packet-filtering device and in an interface, display of the information in at least one portion of the interface corresponding to the packetfiltering rule and the one or more network-threat indicators: Receiving, by the packet-filtering device, an instruction generated in response to a user invoking an element in the at least one portion of the interface corresponding to the packet-filtering rule and the one or more network-threat indicators: and Responsive to receiving the instruction: Modifying, bv the packet-filtering device, at least one operator specified bv the packet-filtering rule to reconfigure the packet-filtering device to prevent ' Double underlines are used todenote overlap, i.e. where a word isconstrued individually, as well as part ofa phrase. 10 packets corresponding to the one or more criteria from continuing toward their respective destinations: and Responsive to a determination by the packet-fihering device that the second packet corresponds to the one or more criteria: Preventing, by the packet-filtering device, data indicative that the second packet was prevented from continuing toward the destination of the second packet; and Causing, by the packet-filtering device and in the interface, display of the data indicative that the second packet was prevented from continuing toward the destination of the second packet. • Claim 25: The method of claim 1, wherein: Receiving a plurality of packet-filtering rules comprises receiving the plurality of packet-filtering rules from one or more computing devices that provide packet-filtering rules to a plurality of different packet-filtering devices. E. The *213 Patent The '213 Patent was issued on February 7, 2017 for an invention entitled "Method and Systems for Protecting a Secured Network." Am. Compl. H 13. Similar to both the '205 and '077 patents, the '213 patent discloses various methods by which a device within a secured network is programmed to perform protective functions on incoming packets. See Am. Compl., Ex. E ("213 Patent") at 1:31-3:37. The '213 Patent has sixteen (16) claims, of which two are independent (Claims 1 and 10). S^ '213 Patent. Disputed terms are contained in claims 1 and 3 of the '213 Patent. These claims are reproduced below, with disputed terms underlined where they appear. • Claim 1: A method comprising: Receiving, by each of a plurality of packet security gateways associated with a security policy management server and from the security policy management server, a dynamic security policv that comprises at least one rule specifying application-layer packet-header 11 information and a packet transformation function comprising a packet digest logging flmction to be performed on packets comprising the application-layer packet-header information; Receiving, by a packet security gateway of the plurality of packet security gateways, packets associated with a network protected by the packet security gateway; Identifying, by the packet security gateway, from amongst the packets associated with the network protected by the packet security gateway, and on a packet-by-packet basis, one or more packets comprising the application-layer packet-header information; Performing, by the packet security gateway and on a packet-by-packet basis, the packet transformation function on each of the one or more packets comprising the application- layer packet-header information, wherein the performing the packet transformation function comprises Identifying a subset of information specified by the packet digest logging function for each of the one or more packets comprising the application-layer packetheader information; Generating, for each of the one or more packets comprising the application-layer packet-header information, a record comprising the subset of information specified by the packet digest logging function; and Reformatting, for each of the one or more packets comprising the application- layer packet-header information, the subset of information specified by the packet digest logging function in accordance with a logging system standard; and 12 Routing, by the packet security gateway and on a packet-by-packet basis, to a monitoring device each of the one or more packets corresponding to the application-layer packetheader information in response to the performing the packet transformation function. • Claim 3: The method of claim 1, wherein at least one rule indicates performing a deny packet transformation function on the packets comprising the application-layer packetheader information, and wherein performing the packet transformation function on comprises dropping, by the packet security gateway, the each of the one or more packets comprising the application-layer packet-header information. F. The *856 Patent The '856 Patent was issued on March 13, 2018 for an invention entitled "Rule-based Network-Threat Detection for Encrypted Conununications." Am. Compl. ^ 14. Aspects of the '856 Patent relate to "rule-based network-threat detection for encrypted communications." See Am. Compl., Ex. F (the '"856 Patent") 1:31-1:32. The '856 Patent has twenty-five (25) claims, three (3) of which are independent (Claims 1, 24 and 25). Id. at 25:13-30:31. Disputed terms are contained in claims 18^*, 24, and 25. These claims are reproduced below, with disputed terms underlined where they appear. • Claim 1: A method comprising: Receiving, by a packet-filtering system comprising a hardware processor and a memory and configured to filter packets in accordance with a plurality of packet-filtering rules, data indicating a plurality of network-threat indicators, wherein at least one of the plurality of the network-threat indicators comprises a domain name identified as a network threat; Identifying packets comprising unencrypted data; '* The parties have agreed that claim 18 isrepresentative ofthe claims contained in the '856patent, however claim 18 depends on independent claim 1. One of the disputed terms is contained in Claim I, therefore, I have reproduced claim 1 in addition to claims 18,24, and 25. 13 Identifying packets comprising encrypted data; Determining, by the packet-filtering system and based on a portion of the unencrypted data corresponding to one or more network-threat indicators, packets comprising encrypted data that corresponds to the one or more network-threat indicators; Filtering, by a the packet filtering system and based on at least one of a uniform resource identifier (URI) specified by the plurality of packet-filtering rules, data indicating a protocol version specified by the plurality of packet-filtering rules, data indicating a method specified by the plurality of packet-filtering rules, data indicating a request specified by the plurality of packet-filtering rules, or data indicating a command specified by the plurality of packet-filtering rules: Packets comprising the portion of the unencrypted data that corresponds to one or more network-threat indicators of the plurality of network-threat indicators; and The determined packets comprising the encrypted data that corresponds to the one or more network-threat indicators; and Routing, by the packet filtering system, filtered packets to a proxy system based on a determination that the filtered packets comprise data that corresponds to the one or more network-threat indicators. Claim 18: The method of claim 1, wherein: The packets comprising unencrypted data comprise one or more packets comprising one or more handshake messages configured to establish an encrypted communication session between a client and a server, the method further comprising: Determining that one or more handshake messages comprise the domain name identified as the network threat. Claim 24: A packet-filtering system comprising; At least one hardware processor; and Memory storing instructions that when executed by the at least one hardware processor cause the packet-filtering system to: Receive data indicating a plurality of network-threat indicators, wherein at least one of the plurality of network-threat indicators comprise a domain name identified as a network threat; Identify packets comprising unencrypted data; 14 Identify packets comprising encrypted data; Determine, based on a portion of the unencrypted data corresponding to one or more network-threat indicators of the plurality of network-threat indicators, packets comprising encrypted data that corresponds to the one or more networkthreat indicators; Filter, based on at least one of a uniform resource identifier (URI) specified by a plurality of packet filtering rules, data indicating a protocol version specified by the plurality of packet-filtering rules, data indicating a method specified by the plurality of packet-filtering rules, or data indicating a request specified by the plurality of packet-filtering rules, or data indicating a command specified by the plurality of packet filtering rules: Packets comprising the portion of the unencrypted data corresponding to one or more network-threat indicators of the plurality of network-threat indicators; and The determined packets comprising the encrypted data that corresponds to the one or more network-threat indicators; and Route by the packet-filtering system, filtered packets to a proxy system based on a determination that the filtered packets comprise data that corresponds to the one or more network-threat indicators. Claim 25: One or more non-transitory computer-readable media comprising instructions that when executed by at least one hardware processor of a packet-filtering system cause the packet-filtering system to: Receive data indicating a plurality of network-threat indicators, wherein at least one of the plurality of network-threat indicators comprise a domain name identified as a network threat; Identify packets comprising unencrypted data; Identify packets comprising encrypted data; Determine, based on a portion of the unencrypted data corresponding to one or more network-threat indicators of the plurality of network-threat indicators, packets comprising encrypted data that corresponds to the one or more networkthreat indicators; 15 Filter, based on at least one of a uniform resource identifier (URI) specified by a plurality of packet filtering rules, data indicating a protocol version specified by the plurality of packet-filtering rules, data indicating a method specified by the plurality of packet-filtering rules, or data indicating a request specified by the plurality of packet-filtering rules, or data indicating a command specified by the plurality of packet filtering rules: Packets comprising the portion of the unencrypted data corresponding to one or more network-threat indicators of the plurality of network-threat indicators; and The determined packets comprising the encrypted data that corresponds to the one or more network-threat indicators; and Route by the packet-filtering system, filtered packets to a proxv svstem based on a determination that the filtered packets comprise data that corresponds to the one or more network-threat indicators. 111. Leqai PrinC^FI^es of CQN$trvcT10N A. General Principles The purpose of a Markman hearing is to assist the Court in construing the meaning of the patent(s) at issue. Markman v. Westview Instruments. Inc.. 517 U.S. 370, 371 (1996); Markman V. Westview Instruments. Inc.. 52 F.3d 967 (Fed. Cir. 1995), afFd. 517 U.S. 370 (1996). Patents consist of "claims," and the construction of those claims "is a question of law, to be determined by the court." Markman. 517 U.S. at 371; Markman. 52 F.3d at 970-71. A court need only construe, however, claims "that are in controversy, and only to the extent necessary to resolve the controversy." Vivid Techs.. Inc. v. Am. Science Eng'g. Inc.. 200 F.3d 795, 803 (Fed. Cir. 1999) (citations omitted). To be clear, "[c]Iaim construction is a matter of resolution of disputed meanings and technical scope, to clarify and when necessary to explain what the patentee covered by the claims, for use in the determination of infiingement. It is not an obligatory 16 exercise in redundancy." NTP. Inc. v. Research in Motion. Ltd.. 418 F.3d 1282, 1311 (Fed. Cir. 2005) (citing U.S. Surgical Corp. v. Ethicon. Inc.. 103 F.3d 1554, 1568 (Fed. Cir. 1997)). Claim construction begins with the words of the claims. Vitronics Corp. v. Conceptromc. Inc.. 90 F.3d 1576, 1582 (Fed. Cir. 1996) ("First, we look to the words of the claims themselves .. . ."). Words in a claim are generally given their ordinary meaning as understood by a person of ordinary skill in the art (a "POSITA"). M- This "person of ordinary skill in the art is deemed to read the claim term not only in the particular claim in which the disputed term appears but also in the context of the entire patent, including the specification." Phillips v. AWH Corp.. 415 F.3d 1303, 1313 (Fed. Cir, 2005) (en banc). "In some cases, ... the ordinary meaning of claim language as understood by a person of skill in the art may be readily apparent even to lay judges, and claim construction in such cases involves little more than application of the widely accepted meaning of commonly understood words." Id. at 1314. Often, however, "determining the ordinary and customary meaning of the claim requires examination of terms that have a particular meaning in a field of art. Because the meaning of a claim term as understood by persons of skill in the art is often not immediatelyapparent, and because patentees frequently use terms idiosyncratically, the court looks to those sources available to the public that show what a person of skill in the art would have understood disputed claims language to mean." Id. Further, the claims themselves can provide substantial guidance as to the meaning of particular claim terms. Id First, "the context in which a term is used within a claim can be highly instructive." Id In addition, other claims of the patent in question, both asserted and not asserted, can also be useful because claim terms are "normally used consistently throughout the patent" and therefore "can often illuminate the meaning of the same term in other claims." Id 17 The claims should not be read alone, however, but rather should be considered within the context of the specification of which they are a part. Markman. 52 F.3d at 978. As the Federal Circuit stated in Vitronics and restated in Phillips, "the specification is always highly relevant to the claim construction analysis. Usually, it is dispositive; it is the single best guide to the meaning of a disputed term." Phillips. 415 F.3d at 1315. The Court, however, must not read in limitations from the specification without clear intent to do so. Thomer v. Sony Comp. Entmt. Am. LLC. 669 F.3d 1362, 1366 (Fed. Cir. 2012). Furthermore, a patentee is free to be his or her own lexicographer, and thus if the patentee defines a term in the specification differently than its ordinary meaning, the patentee's definition controls. Phillips. 415 F.3d at 1316. In addition to consulting the specification, a court may also consider the patent's prosecution history, if in evidence, because it provides information regarding how the United States Patent and Trademark Office and the inventor understood the patent. See Jd. at 1317. It also enables the Court to determine if the inventor limited the invention during the course of prosecution. Id "[Wjhere an applicant whose claim is rejected on reference to a prior patent... voluntarily restricts himself by an amendment of his claim to a specific structure, having thus narrowed his claim in order to obtain a patent, he may not by construction ... give the claim the larger scope which it might have had without the amendments." LT.S. Rubber Co. v. Essex Rubber Co.. 272 U.S. 429, 444 (1926). Thus, consulting prior art reference in the prosecution history is permissible. Vitronics. 90 F.3d at 1583. These elements of the patent itself—the claims, the specification, and its prosecution history—constitute intrinsic evidence of claim construction. In addition to such intrinsic evidence, a court may consider extrinsic evidence to determine the meaning of disputed claims. Phillips. 415 F.3d at 1317. Such extrinsic evidence "consists of all evidence external to the 18 patent and prosecution history, including expert and inventor testimony, dictionaries, and learned treatises." Phillips. 415 F.3d at 1317 (citing Markman. 52 F.3d at 980). However, the Court should not rely on extrinsic evidence when the intrinsic evidence removes all ambiguity. Vitronics. 90 F.3d at 1583. Such extrinsic evidence generally is held as less reliable than the intrinsic evidence and "is unlikely to result in a reliable interpretation of patent claim scope unless considered in the context of intrinsic evidence." Id at 1317-18. With respect to expert evidence, for example, "[c]onclusory, unsupported assertions by experts as to the definition of a claim term are not useful to a court. . . [and] a court should discount any expert testimony that is clearly at odds with the claim construction mandated by the claims themselves, the written description, and the prosecution history, in other words, with the written record of the patent." Id. at 1318. With respect to general usage dictionaries, the Federal Circuit noted that "[djictionaries or comparable sources are often useful to assist in understanding the commonly understood meaning of words and have been used ... in claim construction," and further noted that "a dictionary defmition has the value of being an unbiased source 'accessible to the public in advance of litigation."' Id at 1322 (citing Vitronics. 90 F.3d at 1585). However, the Federal Circuit cautions that (1) '"a general-usage dictionary cannot overcome art-specific evidence of the meaning' of a claim term;" that (2) "the use of the dictionary may extend patent protection beyond what should properly be afforded by the inventor's patent;" and that (3) "[t]here is no guarantee that a term is used in the same way in a treatise as it would be by the patentee." Phillips. 415 F.3d 1322 (quoting Vanderlande Indus. Nederland BV v. Int'l Trade Comm'n. 366 F.3d 1311, 1321 (Fed. Cir. 2004)),^ Indeed, "different dictionary definitions may contain ' In Phillips, the Federal Circuit thus expressly discounted the approach taken in Texas Digital Systems. Inc. v. Telesenix. Inc.. 308 F. 3d 1193 (Fed. Cir. 2002), in which the court placed greater emphasis on dictionary 19 somewhat different sets of definitions for the same words. A claim should not rise or fall based upon the preferences of a particular dictionary editor... uninformed by the specification, to rely on one dictionary rather than another." Id B. The "Canons of Claim Construction" The Federal Circuit has recognized certain guideposts, or "canons of construction," to assist a district court in determining the meaning of disputed claim terms and phrases. These are merely guideposts, however, and are not immutable rules;^ 1. Doctrine of Claim Differentiation: Ordinarily, each claim in a patent has a different scope. See, e.g.. Versa Corp. v. Ae-Bae Int't Ltd.. 392 F.3d 1325, 1330 (Fed. Cir. 2004). Ordinarily, a dependent claim has a narrower scope than the claim from which it depends. See, e.g.. Phillips. 415 F.3d at 1315. Ordinarily, an independent claim has a broader scope than a claim that depends from it. See, e.g.. Free Motion Fitness. Inc. v. Cvbex IntM. Inc.. 423 F.3d 1343, 1351 (Fed. Cir. 2005). 2. Ordinarily, claims are not limited to the preferred embodiment disclosed in the specification. See, e.g.. Phillips. 415 F.3d at 1323. 3. Ordinarily, different words in a patent have different meanings. See, e.g.. Innova/Pure Water. Inc. v. Safari Water Filtration Svs.. Inc.. 381 F.3d 1111, 1119-20 (Fed. Cir. 2004). 4. Ordinarily, the same word in a patent has the same meaning. See, e.g.. Phillips. 4I5F.3datl314. 5. Ordinarily, the meaning should align with the purpose of the patented invention. See, e.g.. Innovad Inc. v. Microsoft Corp.. 260 F.3d 1326, 1332-33 (Fed. Cir. 2001). definitions of claim terms. Phillips. 415 F.3d at 1319-24 ("Although the concern expressed by the court in Texas Digital was valid, the methodology it adopted placed too much reliance on extrinsic sources such as dictionaries, treatises, and encyclopedias and too little on intrinsic sources, in particular the specification and prosecution history."). The Federal Circuit reaffirmed the approach in Vitronics. Markman. and Innova as the proper approach for district courts to follow in claim construction, but acknowledged that there was "no magic formula" for claim construction, and that a court is not "barred from considering any particular sources... as long as those sources are not used to contradict claim meaning that is unambiguous in light of the intrinsic evidence." Phillips. 415 F.3d at 1324. ' This list is derived from the one provided in the Federal Judicial Center, Patent Law and Practice §5.I.A.3.d (5th ed. 2006). 20 6. Ordinarily, general descriptive terms are given their ftill meaning. See, e.g.. Innova/Pure Water. Inc.. 381 F.3dat 1118. 7. If possible, claims should be construed so as to preserve their validity. See, e.g.. Energizer Holdings. Inc. v. Int'l Trade Comm'n. 435 F.3d 1366, 1370-71 (Fed. Cir. 2006). 8. Ordinarily, absent broadening language, numerical ranges are construed exactly as written. See, e.g.. Jeneric/Pentron. Inc. v. Dillon Co.. 205 F.3d 1377, 1381 (Fed. Cir. 2000). 9. Ordinarily, absent recitation of order, steps of a method are not construed to have a particular order. See, e.g.. Combined Svs.. Inc. v. Def. Tech. Corp. of Am.. 350 F.3d 1207, 1211-12 (Fed. Cir. 2003). 10. Absent highly persuasive evidentiary support, a construction should literally read on the preferred embodiment. See, e.g.. Cvtologix Corp. v. Ventana Med. Svs.. Inc.. 424 F.3d 1168,1175 (Fed. Cir. 2005). IV. Disputed Terms A. *205 Patent 1. "packet-transformation functions specified by the plurality of dynamic security policies"^ After the Court heard argument of counsel, the parties agreed that the proper construction of this term is ''function specified by the dynamic security policy where the dynamic security policy is subject to change.'* 2. "rule/rules"® After considering the claim language and the Parties' arguments, the Court RULED that the proper construction of this term is "a condition or set of conditions that when satisfied cause a specific function to occur." ^This phrase combines two previously disputed terms: "packet transformation function/functions" and "dynamic security policy." *Doc. 106 at8;Doc. 106 at22; Doc. 117 at6;Doc. 119 at 18. Affecting claims 17 and 33. 21 Plaintiff contended that its construction of the term "rule/rules" is consistent with how the term is utilized withinthe specifications of the patent. Doc. 106at 8 (citing e.g. '205 Patent, Col. 20:23-27 ("at least one rule specifying that all packets associated with network addresses outside of the set of network addresses"); 21:38-42 ("at least one rule specifying the method comprising routing..Additionally, Plaintiff alleged that a person of skill in the art would understand the term "rule" to have the type of "if/then" purpose. Id Defendants argued that a "rule" within the context of the asserted claims contains two aspects: criteria and function. Doc. 104 at 23. Defendants contended that Plaintiffs construction addresses the first aspect "criteria" by indicating that a rule is a set of "conditions" but misses the "function" aspect. Id. However, Defendants reproduced Figure 3 from the '205 Patent and contended that the Figure shows that each of the rules specify not only the criteria for the packets, but also specifly] the "function" to be performed on the packets. Id. The Court examined the Plaintiff's construction of the term "rule/rules," and determined that the construction did not seem to be inconsistent with the way that a rule operates within the specification. However, in light of the fact that Figure 3 of the '205 Patent contains the word "fimction," and Plaintiff could provide no meaningful distinction between the words "function" and "action," the Court adopted Plaintiffs construction and changed the word "action" to "function" in order for the construction to be consistent with the language of the specification. B. The *077 Patent 1. "rule/rules"' In construing the term "rule/rules" both parties agreed that the term "rule/rules" in the '077 Patent has the same meaning as it does in the '205 Patent, therefore, the Court RULED that ' Doc. 106 at9; Doc. 104 at28; Doc. 117 at 7; Doc. 119 at 28. Affecting claims 7 and 13. 22 the proper construction of this term is condition or set of conditions that when satisfied cause a specific function to occur." 2. '^switching matrix of local area network (LAN) switch"'" After considering the claim language and the Parties' arguments, the Court RULED that the proper construction of this term is "a switching matrix contained within a local area network switch that is configured to direct traffic in a local area network (LAN)>" Plaintiff contended that a person of skill in the art would understand the term "matrix" to mean "a component that is directing traffic from one device to another in the network." Doc. 106 at 10 (citing Medvidovic Decl. 1] 19). At the hearing, Plaintiff argued that Defendants' proposed construction, which defined the term "matrix" as a "structure," may confuse the jury into thinking that a "matrix" is a separate structure than the local area network switch. Defendants agreed that a matrix is not a separate structure than the local area network switch, but averred that the term "matrix" needs to be defined. ^ Doc. 104 at 29. Additionally, Defendants argued that Plaintiffs construction departs from the words of the claims because the phrase "may be configured" indicates that the configuration of the matrix in such a manner is "a mere option." Id Defendants alleged that the patent examiner rejected such a broad construction. Id Plaintiff also contended that Defendants' construction contained a limitation that the switching matrix only direct traffic "received from one or more devices on a local area network to one or more devices on the local area network" when a switching matrix can also switch packets received from other sources. Doc. 106 at 10; Doc. 104 at 28; Doc. 117 at 8; Doc. 119 at 28. Affecting claims 17 and 33. 23 The Court agreed that the language in the claims supports Defendants' contention that that the "switciiing matrix of a local area network (LAN) switch...is configured to drop the portion of the packets." '077 Patent, Claims 7 and 13. Therefore, the Court rejected Plaintiffs argument that a "switching matrix" mav be configured to do something else. The Court also agreed with Plaintiff's argument that embodiment of the invention described within the specification indicated that a "switching matrix" could switch packets received from networks external to the local area network. Therefore, the Court adopted a construction that contained language from both Plaintiff and Defendants' proposed constructions. C. The '370 Patent 1. "network device"" After considering the claim language and the Parties' arguments, the Court RULED that the proper construction of this term is "a computing device in a network that is capable of transmitting and receiving packets." Plaintiff argued that its construction best demonstrates how the term "network device" is construed within the various claims and specifications of the '370 patent. Doc. 106 at 13. Plaintiff alleged that in each usage of the term "network device" the language indicates that a "network device" is capable of "transmitting and receiving packets of data." Id (citing '370 Patent, Claims 22-26, 33,43-47,54, 187-188,191,194, 198, 201-202, 205 ("plurality of packets received by the network device" and then a "plurality of packets are transmitted by the network device"); '370 Patent, Col. 13:36-14:9 (specification describes a network device as a device that receives and transmits packets). " Doc. 106 at 13; Doc. 104 at 19; Doc. 117 at 12; Doc. 119 at 16. Affecting claim 61 (and incorporated by reference, claim 43). 24 Defendants contended that a "network device" as used within the patent, always performs the function of "interfac[ing] hosts." Defendants cited language in the specification that defines the function of a "network device" as "one or more devices...that interface host 108, -tlO, and 112 with network 106. Similarly, network device(s)...may include one or more devices that interface hosts 114, 116, and 118 with network 106." Doc. 104 at 19 (citing '370 Patent, Col. 2:44-52; '370 Patent, Fig, 1). Defendant also claimed that Plaintiffs construction collapses the distinction between "device in a communication link" and the "network device." Doc. 104 at 1920. The Court examined language from the specification which indicated that "tap device 126 may have access to a communication path that interfaces network device(s) 122 and host 114." '370 Patent, Col. 3:42-44. From this language, the Court determined that the "communication path" may interface network device(s) and hosts. Therefore, the Court determined that the "network device" is not limited to interfacing hosts, and may also interface "communication paths." Therefore, the Court adopted Plaintiffs construction of the term "networkdevice." 2. "host"" At the hearing, the parties agreed that the proper construction of the term "host" is ''computing or network devices, such as servers, desktop computers, laptop computers, tablet computers, mobile devices, smartpiiones, routers, gateways, switches, or access points." Doc. 106 at 14; Doc. 104 at 20; Doc. 117 at 13; Doc. 119 at 17. Affecting claim 61 (and incorporated by reference, claim 43). 25 3. "rule/rules"'^ In construing the term "rule/rules"both parties agreed that the term "rule/rules" in the '370 Patent has the same meaning as it does in the '077 and '205 Patents, therefore, the Court RULED that the proper construction of this term is "a condition or set of conditions that when satisfied cause a specific function to occur.** 4. "logentries""* After considering the claim language and the Parties' arguments, the Court RULED that the proper construction of this term is "notations of identifying information for packets." Plaintiff argued that no construction of the term "log entries" is necessary. Plaintiff also contended that Defendants' construction, requiring that the log entries be "unique" for "each packet," unnecessarily adds requirements to the term "log entries" that are not supported by the intrinsic language of the patent. Doc. 106 at 17. Defendants assert that their construction of the term "log entries" is consistent with the specifications of the patent, and that the term "log entries" is too abstract for a jury to understand its meaning within the scope of the patent. Doc. 104 at 17 (citing Eon Corp. IP Holdings v. Silver Soring Networks. 815 F.3d 1314, 1320 (2016) (fmding that district court erred by instructing the jury to give the terms "portable" and "mobile" their plain and ordinary meaning because the term had more than one ordinary meaning and reliance on the ordinary meaning did not resolve the parties' dispute). The Court RULED that the term "log entries" needed to be construed. The Court agreed that the portion of Defendants' proposed construction which indicates that the log entries are " Doc. 106 at 14; Doc. 104 at 14; Doc. 117 at 15; Doc. 119 at 11. Affecting claim 61 (and incorporated by reference, claim 43). '•* Doc. 106 at 16; Doc. 104 at 16; Doc. 117 at 15; Doc. 119 at 13. AflFecting claim 61 (and incorporated by reference, claim 43). 26 "notations" was consistent with the patent language. However, the Court struck the language to which Plaintiff objected, because the intrinsic language of the patent did not require that the entries be "unique" or that the entries be tied to "each" packet. 5. "correlate/correlating"'^ After considering the claim language and the Parties' arguments, the Court RULED that the proper construction of this term is "packet correlator may compare data in one or more log entries with data in one or more other log entries to identify the host." The parties agreed that the fimction of "correlating" is performed by a "packet correlator" but their constructions differ in regard to what the act of "correlating" does. Plaintiff argued that a "packet correlator" does correlating and "applies programming instructions" in order to determine whether a portion of data in one log entry corresponds to a portion of data in another log entry. Doc. 106 at 18. Plaintiff contended that Defendants construction imported a limitation that the correlator "log entries to the same single packet," which is not required by the '370 Patent. Id Defendants contended that their construction of the term "correlate" to include determining "whether log entries in different files correspond to the same packet" is consistent with the specification. Doc. 104 at 15. Defendants cited a portion of Claim 22 in support of their construction, which states that the claimed correlation is "based on a plurality of log entries corresponding to the plurality of packets transmitted by the network device." Id Defendants asserted that Plaintiffs construction is improper because the claims do not limit "correlating" to making a determination based on a "portion" of data in a log entry. Doc. 119 at 13. Doc. 106 at 17; Doc. 104 at 15; Doc. 117 at 16; Doc. 119 at 12. AfTecting claim 61 (and incorporated by reference, claim 43). 27 The Court agreed that Defendants' proposed construction seemed add language to the patent. There is no language in the '370 Patent that supports Defendants' contention that the packet correlator examines "log entries in separate files," nor is the term "files" recited anywhere in the language of the patent. Therefore, the Court adopted portions of Plaintiffs proposed construction, but added language from the specification that Plaintiff cited in order to construe the term "correlate/correlating" in a manner that more closely aligned with the language intrinsic to '370 Patent. 6. ''device in a communication link"'^ After the hearing began, the parties advised the Court that they no longer disputed this term, and that the term would have its plain and ordinary meaning. 7. "configured to cause thesystem/computing system to log packets"'^ Defendants' Construction Plaintiffs Construction programming instructions that cause the no construction needed/plain meaning system to generate a log file containing packet data After considering the claim language and the Parties' arguments, the Court RULED that no construction of this term is necessary. Plaintiff argued that its construction both "gives meaning to [the] term consistent with what the patentee intended to be covered...and its plain and ordinary meaning." Doc. 106 at 22. In support of its construction, Plaintiff cited a portion of the patent's specifications which recites language that "rule(s) 140, which may configure tap device(s) 124 and 125 to identify packets meeting criteria specified y rule(s) 140 and to communicate data associated with the identified Doc. 106 at 18; Doc. 104 at 18; Doc. 117 at 18; Doc. 119 at 15. AfTecting claim 61 (and incorporated by reference, claim 43). Doc. 106 at 21; Doc. 104 at 19; Doc. 117 at 21; Doc. 119 at 18. Affecting claim 61 (and incorporated by reference, claim 43). 28 packets...utilize the data to generate one or more log entries corresponding to the identified packets in log(s) 142." Id (citing '370 Patent, Col. 3:13-20). Defendants argued that no construction of the term "configured to cause the system/computing system to log packets" was necessary and that the term should have its plain and ordinary meaning. Further, Defendant argued that Plaintiffs use of the terminology "generat[ing] a log file" is not consistent with the language of the patent or the specifications because the specifications do not indicate that a "log file" is created. Doc. 104 at 21. Defendants also contend that the patent does not recite any "programming instructions." Id. The Court agreed with Defendant that no construction of the term is necessary. D.The '722 Patent 1. "packet-filtering rules" After considering the claim language and the Parties' arguments, the Court RULED that the proper construction of this term is ''condition or set of conditions that when satisfied cause the specific function of packet-filtering to occur." Because the Court previously RULED that the construction of the term "rules" is "condition or set of conditions that when satisfied cause a specific function to occur," the Court construed the term "packet-filtering rules" by using the previous construction and adding the words "packet-filtering." 2. "interface"" After considering the claim language and the Parties' arguments, the Court RULED that the proper construction of this term is "a display visible to the user that allows a user to provide input." Doc. 106 at 24; Doc. 104 at 5; Doc. 117 at 24; Doc. 119 at 4. Affecting claims I and 25. Doc. 106 at 26; Doc. 104 at 11; Doc. 117 at 23; Doc. 119 at 9. Affecting claims I and 23. 29 Plaintiff asserted that the term "interface" requires no construction, because the term "interface" is well understood by one of skill in the art and its meaning is clear within the context of the claims asserted. Doc. 106 at 26. Additionally, Plaintiff contended that Defendants' proposed construction inappropriately requires that the interface be "visible to the user," which imposes a limitation inconsistent with the language in the patent specifications. M, Defendants claim that construing the term "interface" to mean "a display visible to the user that allows the user to provide input" is consistent with the language of the specifications. Doc. 104 at 11. Defendants' cited language in claim I that states: "causing, by the packetfiltering device and an interface, display of the information." Id Defendant did not contest that the term "interface" has a different meaning in the language of some of the specifications, but argued that the term "interface" has the meaning that of a "display visible to the user" within the context of Claim 1 of the '722 patent. Doc. 119 at 9 (citing PowerOne. Inc. v. Artesvn Techs.. Inc.. 599 F.3d 1343, 1348 (Fed. Cir. 2010) ("The terms, as construed by the court, must 'ensure that the jury fully understands the court's claim construction rulings and what the patentee covered by the claims")). The Court RULED that the term "interface" needed to be construed. After examining the language in claim 1, the Court agreed with Defendants' argument that the use of the term "interface" within claim 1 of the '722 Patent is consistent with the construction that it proposes. 3. "operator"^" After considering the claim language and the Parties' arguments, the Court RULED that the proper construction of this term is "an instruction that modifies or reconfigures the packet filtering device to either prevent or allow a packet to continue to a destination." ^ Doc. 106 at 27; Doc. 104 at 7; Doc. 117 at 25; Doc. 119 at7. Affecting claims 1and 25. 30 Defendants agreed with Plaintiff that the "operator" functions to block or allow packets. Doc. 104 at 7. However, Defendants objected to Plaintiffs use of the word "adjustable" as redundant, because claim 1 expressly requires "modifying...at least one operator." Doc. 104 at 7-8; *722 Patent, Claim 1. Plaintiff contended that Defendants' argument regarding their use of the word "adjustable" is unwarranted because the fact that an "operator" is adjustable is supported by the claims and the contents of the specification. W. at 25 (citing '722 Patent, Claim 1 ("modifying, by the packet-filtering device, at least one operator..."); '722 Patent, Col. 2:5-10 ("The interface may comprise an element that when invoked by a user of the user device causes the user device to instruct the packet-filtering device to reconfigure the operator")). The Court agreed with Defendants that the word "adjustable" does not appear within the language of the patent. Therefore, the Court struck the word "adjustable" from Plaintiffs construction, and added the words "modifies" and "reconfigures" to Plaintiffs construction in order for the language in Plaintiffs proposed construction to be consistent with the language of the patent. 4. ^'communicating, by the packet-filtering device, information from the packetfiltering rule that identifies the one or more network-threat indicators, and data indicative that the first packet was allowed to continue toward the destination of the first packet**^' After considering the claim language and the Parties' arguments, the Court RULED that the proper construction of this term is "communicating, by the packet-filtering device, information from the packet-filtering rule that identifies and records the one or more network-threat indicators, and data indicative that the first packet was allowed to continue toward the destination of the first packet." Doc. 106 at 28; Doc. 104 at 10; Doc. 117 at 27; Doc. 119 at 8. Affecting claims 1 and 25. 31 Plaintiff alleged that its construction clarifies that the term "communicating" means "the causing of a packet-filtering device to generate and communicate a record of data regarding the first packet." Doc. 106 at 29 (emphasis added). Defendants claimed that no construction of this term is necessary, and that Plaintiff's construction appears to be a "rewrite" that uses language not found in the patent. Doc. 104 at 10. At the hearing, Plaintiff clarified that its main issue with using the language in the claim without any construction is that the language of the claim does not describe the functionality that the packet-filtering device "records" as well as "identifies" data. In support of its argument. Plaintiff cited language from the specifications of the '722 patent, which indicates that a "packet-filtering device may...generate [i.e. record] log data." '722 Patent, Col. 6:13-24. The Court determined that the phrase "communicating, by the packet filtering device..." in large part did not need construction. However, the Court also agreed that the language of the specification cited by Plaintiff supported a construction that demonstrated the packet-filtering device's capability to "record" data. Therefore, the Court added the language "and records" to the term, in order for the construction of the term to better align with the language cited by Plaintiff. 5. "user"^^ After considering the claim language and the Parties' arguments, the Court RULED that the proper construction of this term is "human." Defendant argued that the term user should be construed as "person (e.g., administrator)" because the language in the claims and specification confirms that a "user" is a human. Doc. 104 at 8 (citing '722 patent, claim 1). Doc. 104at 8; Doc. 117at 29; Doc. 119 at 7. Affectingclaims I and 25. 32 Plaintiff argued that the teachings of the specification indicate that the term "user" is not limited to a "person" but is recited as "anything that specifies a time interval, modifies an option, or operates a device." Doc. 117 at 29. Therefore, Plaintiff claimed that either "a person" or "a process" can perform the functions of a "user" within the scope of the patent. The Court reviewed the language cited in the specification, and RULED that the term "user" had the meaning "person" in the specifications. See e.g. '722 Patent, Col. 7:52-53 ("graphical depiction may comprise a line chart depicting, for a user-specified time interval"); 9:33-35 ("Interface 600 may include one or more block options that when invoked by a user of a host 110 (e.g., the administrator of network 102)"). Therefore, the Court adopted Defendants' proposed construction of the term. E. The *213 Patent At the hearing, the parties indicated that there are no disputed terms within the '213 patent. F. The *856 Patent 1. "proxy system"^^ After considering the claim language and the Parties' arguments, the Court RULED that the proper construction of this term is "a proxy system which intervenes to prevent threats in communications between devices." Defendants argued that the term "proxy system" should be construed while Plaintiff argues that the term should be given its "plain meaning." Doc. 240 at 8. Defendants contended that the term "proxy system" requires construction because an ordinary jury is not likely to understand the meaning that a person of ordinary skill in the art would apply to the term. Id at " Doc. 240 at 5; Doc. 241 at 6. Affecting claims 18,24, and 25. 33 5. Defendants alleged that the patent uses the term to refer to a collection of proxy devices that establish connections between devices in trusted and untrusted networks and relay communications between those devices. Id at 6. Plaintiff argued that Defendants' proposed construction is likely to confuse rather than clarify the term. Doc. 241 at 4 (citing ActiveVideo Networks. Inc. v. Verizon Communications. Inc.. 801 F. Supp.2d 465,485 (E.D. Va. 2011). Plaintiff also proposed that the ordinary meaning of "proxy system" is an "intermediary system." Doc. 241 at 6. Plaintiff argued that its proposed meaning is supported by the intrinsic record, and that there are no limits within the specifications that require the term "proxy system" to connect only "trusted environments to untrusted environments." Id at 9. For example, Plaintiff argues that the language of the patent specification indicates that a proxy system can be used to connect a host within same network and with different hosts. Id (citing '856 Patent, Col. 8:6-9). At the hearing. Defendant argued that its construction appropriately addressed the purpose of "proxy system" within the invention claimed in the '870 patent, which is aimed at threat-detection. The Court RULED that the term "proxy system" should be construed because the meaning of the term is not readily apparent to a lay person. The Court also agreed that the language of the '870 Patent did not limit the function of a "proxy system" solely to connecting trusted environments with untrusted environments. Therefore, the Court adopted a construction that addressed both Plaintiff and Defendants' arguments. The Court's construction aligns with the purpose of a proxy system to act as an "intermediary" or "intervene" for the purpose of "threat detection" between devices. 34 V. Conclusion For the reasons stated on the record and elaborated in this Opinion and Order, the Court construed the disputed terms as follows: Disputed Term The Court's Construction function specified by the dynamic security policy packet-transformation functions specified by the plurality of dynamic where the dynamic security policy is subject to change security policies rule/rules a condition or set of conditions that when satisfied cause a specific function to occur switching matrix of local area network (LAN) switch a switching matrix contained within a local area network switch that is configured to direct traffic in a local area network (LAN) network device a computing device in a network that is capable of host computing or network devices, such as servers, desktop computers, laptop computers, tablet computers, mobile devices, smartphones, routers, gateways, switches, or access points notations of identifying information for packets packet correlator may compare data in one or more log entries with data in one or more other log entries to identify the host transmitting and receiving packets log entries correlate/correlating packet-filtering rules condition or set of conditions that when satisfied cause the specific function of packet-filtering to occur interface operator a display visible to the user that allows a user to provide input an instruction that modifies or reconfigures the packet filtering device to either prevent or allow a packet to continue to a destination communicating, by the packetfiltering device, information from the packet-filtering rule that communicating, by the packet-filtering device, information fi-om the packet-filtering rule that identifies the one or more network- indicators, and data indicative that the first packet threat indicators, and data indicative that the first packet was first packet identifies and records the one or more network-threat was allowed to continue toward the destination of the allowed to continue toward the destination of the first packet user human 35 proxy system a proxy system which intervenes to prevent threats in communications between devices The Clerk is REQUESTED to deliver a copy of this Order to all counsel of record. It is so ORDERED. /s/ Henry Coke Morgan, Jr. Senior United States District Judue HENRY COKE MORGAN, JR. SENIOR UNITED STATES DISTRICT Norfolk, VA August- // . 2018 36

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.


Why Is My Information Online?